ESS 1.1 Patch Releases

Release 1.1.6

2021-09-10

Defects

  • frontdoor-ingress now refers to the correct port on the ess-ldp service

  • Removed cluster auto-scaler Kustomization from bases as it’s not used and was causing text replacement issues

Release 1.1.5

2021-09-09

Defects

  • Pods with names beginning with the letter “q” are now accessible

Release 1.1.4

2021-08-06

Improvements

  • Fix several typographical errors in the release notes.

Release 1.1.3

2021-08-06

Improvements

  • Breaking change: The ess-openid server now requires backend IdPs to use https://{hostname}/callback as a redirect URI.

  • Breaking change: openid-mongodb has been renamed to ess-openid in the Kubernetes configuration to bring it into line with the other components.

  • Breaking change: the kafka channel configuration name has changed from inrupt-reactive-channel to pod. All related configuration should be adjusted, e.g. mp.messaging.incoming.pod.bootstrap.servers or MP_MESSAGING_INCOMING_POD_BOOTSTRAP_SERVERS.

  • The quad-pattern fragments parts of ESS that are in alpha are now more easily identified with the label sub-role: fragments.

  • Read requests will now include a link header referencing the root of a user’s Pod.

  • A .well-known/solid resource is now available for each Pod.

  • The cluster-autoscaler and metrics server configurations have been updated to more modern versions and have been enabled in the AWS overlay.

  • The registration endpoint has been reimplemented and is now hosted on a separate registration service. This makes a significant improvement to the performance of provisioning a Pod. The endpoint interface is similar but the URL is now https://registration.<DOMAIN>/provision. Furthermore, the issuer parameter has been removed and is now taken from the JWT token. This service is also much more configurable, allowing an operator to fully customize the default Pod structure.

  • Improved handling of Pod deletion and deprovisioning.

Defects

  • Improved handling of empty path segments when path delimiters are URL-encoded.

  • The fluentd-auditor service now provides a working TLS listener, and audit logs can be sent to it as expected.

  • The size limits on content routed to back-end services is now enforced.

Security

  • The Prefer header has been removed from the ACP and WAC access control checks. Not only is the Prefer header not required for Solid, but this allowed an agent with read access to a resource to perform write operations.

Release 1.1.2

2021-05-24

Features

  • Read only mode can now be turned on or off (default is off) via configuration. Read only mode prevents any write operation across all the Pods managed by the server.

  • The database schema was modified to reduce the number of tables, sequences, and indexes. Database schema version is now V4.

Improvements

  • Static pages are now served by more Kubernetes pods to increase resilience.

  • The logging component now uses Elasticsearch version 7.10.

  • The MicroProfile REST client is now used for HTTP interactions with remote resources.

Defects

  • Users are now prevented from creating resources with empty path segments, such as /container////resource.

Release 1.1.1

2021-04-27

Features

  • Aligned ShEx (R) shape support with the April 2021 updates of the shex.jsonld context resource.

Defects

  • The index builder is now able to index Pods containing special characters. Previously, 400 Bad Requests were returned from Elasticsearch when trying to index a Pod that contained non-ASCII characters.

  • Access token validation has been moved to a worker thread in order to avoid thread exhaustion on the main Vert.x event loop