v0.7.0

What's Changed

• Deploy release 0.6.1 to production by @r4v5 in #789
• openoversight 0.6.2 by @redshiftzero in #791
• August release of staging to production by @McEileen in #806
• OpenOversight 0.6.3 by @abandoned-prototype in #854
• OpenOversight 0.6.4 by @abandoned-prototype in #859
• OpenOversight 0.6.5.1 by @abandoned-prototype in #874
• OpenOversight 0.6.6 by @abandoned-prototype in #883
• OpenOversight v0.6.7 by @abandoned-prototype in #905
• Backport from orca collective - Step 1 by @abandoned-prototype in #900
• Format codebase as part of backport by @abandoned-prototype in #901
• Backport from orca collective - Step 2 by @abandoned-prototype in #902
• New server, deployment, CI/CD pipeline by @abandoned-prototype in #907
• Backport from Orca Collective - Step 3 by @abandoned-prototype in #908
• Restrict unit assignment select to relevant department by @pjsier in #898
• Backport/follow up by @abandoned-prototype in #910
• Use HTTP constants instead of stray ints or strings by @michplunkett in #911
• Move pull request template to .github folder by @michplunkett in #912
• Support absolute imports in prod image. by @abandoned-prototype in #916
• Fix dockerfile by removing outdated source. by @abandoned-prototype in #918
• Fix prod yml issue which breaks flask commands. by @abandoned-prototype in #917
• Restructure utils.py to its own package by @michplunkett in #915
• Upgrade Flask packages by @abandoned-prototype in #920
• Packages/test performance by @abandoned-prototype in #921
• Upgrade more packages. by @abandoned-prototype in #923
• Fix issue with new version of Flask-Migrate. by @abandoned-prototype in #924
• Update make dev-associated commands by @michplunkett in #925
• Modify the PR template and add an Issue template by @michplunkett in #926
• Delete Circle CI configuration by @michplunkett in #939
• Delete Travis CI information by @michplunkett in #938
• Add Coveralls GitHub Action by @michplunkett in #940
• Update dev-requirements packages by @michplunkett in #942
• Update requirements packages by @michplunkett in #943
• Remove Travis widget in README by @michplunkett in #945
• Build with Python 🐍 v3.10.x by @michplunkett in #952
• Build with Python 🐍 v3.11.x by @michplunkett in #953
• Address Change Password copy by @michplunkett in #949
• Move to the latest version of 🐍 by @michplunkett in #961
• Update requirements.txt by @michplunkett in #958
• Add Gmail client and update email functions by @michplunkett in #944
• Update Dockerfile to use 🐍 v3.11.x by @michplunkett in #962
• Make Config optimizations and HTTPMethod consts by @michplunkett in #956
• Move models to its own package by @michplunkett in #963
• Add context as parameter to EmailClient by @michplunkett in #964
• Address FLASK_ENV warning by @michplunkett in #967
• Add filter by photo ability in officer query by @michplunkett in #965
• Add HTML formatting to pre-commit by @michplunkett in #966
• Add HTML linting to pre-commit by @michplunkett in #968
• Center and size officer profile pictures by @michplunkett in #974
• Add password change confirmation email by @michplunkett in #971
• Update data-migration documentation by @michplunkett in #975
• Rename star_date and descrip by @michplunkett in #977
• Rename migration files by @abandoned-prototype in #979
• Change timestamp datatypes to timestamptz by @michplunkett in #978
• Add license to package.json by @michplunkett in #986
• Add additional /timezone test by @michplunkett in #989
• Add state to departments table by @michplunkett in #981
• Remove unused image files by @michplunkett in #990
• Update pre-commit packages and add flynt by @michplunkett in #991
• Add state field to DepartmentForm by @michplunkett in #988
• Add New Contributor note to issue template by @michplunkett in #993
• Sort Departments and add stats and cacheing by @michplunkett in #995
• Add gzip compression for HTML, JS, and CSS files by @michplunkett in #999
• Add 'Federal Agency' to list of accepted states by @michplunkett in #998
• Delete create_db.py by @michplunkett in #1000
• Delete setup.py by @michplunkett in #1001
• Add created_at and created_by columns by @michplunkett in #1002
• Fix adding duplicate officers to incidents by @sea-kelp in #1006
• Hotfix: Address missing constraint issue by @michplunkett in #1007
• Create generic DB_CACHE functions for db.Model classes by @michplunkett in #1011
• Edit login user functions to return the User by @michplunkett in #1013
• Remove Makefile command for .env file by @michplunkett in #1014
• Add typing to login_ functions by @michplunkett in #1016
• Address database creation warnings by @michplunkett in #1015
• Remove deprecated package and attribute references by @michplunkett in #1020
• Add mypy to pre-commit by @michplunkett in #1021
• Update Sphinx to use .md files by @michplunkett in #1019
• Add cacheing for Department CSVs by @michplunkett in #1017
• Pluralize REST routes by @michplunkett in #1018
• Address bug in S3 uploading logic by @michplunkett in #1022
• Order department listings and add display_name by @michplunkett in #1026
• OpenOversight v0.7.0 by @michplunkett in #1028

New Contributors

• @pjsier made their first contribution in #898
• @sea-kelp made their first contribution in #1006

Full Changelog: v0.6.7...v0.7.0

OpenOversight v0.6.7

• Fixing deployment to staging and production
• Improvements and bug fixes to the advanced csv import command #891
• Admins can manually approve users in addition of using the email-based approval process

OpenOversight 0.6.6

Features

• Support markdown for incident descriptions #867

Bug fixes

• Fix two small bugs in officer search #872
• Remove character limit of url field in link model #879

OpenOversight 0.6.5.1

We added the CSRF checks but missed a few places where we needed to submit them in the forms. As a result, image upload and tagging were not functional in 0.6.5.

OpenOversight 0.6.5

This release contains security updates:

Tenable reported multiple vulnerabilities in OpenOversight version 0.6.4. As the codebase for OpenOversight grew, it appears coverage for CSRF protection was not fully added in. 🤕

A remote, unauthenticated attacker was able to submit bad data for image identification tasks, delete, enable, disable, and approve users, and delete incidents as well as links, notes, and descriptions on individual police officers by exploiting cross-site request forgery vulnerabilities.

Additionally, a remote, authenticated attacker with administrator privileges in OpenOversight could inject malicious JavaScript when creating a new officer rank, which would then run when another administrator attempted to delete this rank, provided it was associated with an officer.

OpenOversight 0.6.4

Features

• Improved handling of Gender field in officers table. See #833

Bug fixes

• Browse officer speedup #858

OpenOversight 0.6.3

Features

• SEO Improvements #800 (adding Open Graph, Twitter Card and Google Search Breadcrumbs on officer profiles to support rich preview)
• Adding some type-hints, stubs and type-checking via mypy #831
• new csv-upload functionality that allows for more control over the result but requires more careful preparation of the csv files #767
• Images assigned to an officer can be "featured" to be selected as the main profile image #779
• Adding an unit-view of officers #783
• Various UI improvements

Bug fixes

• Stable order necessary for correct pagination #828
• Fixing server error when officer has no assignment #794
• many more

OpenOversight 0.6.2

Bug fixes:

• Fix regression disabling email sending (resolved by #790)

OpenOversight 0.6.1

Bug fixes:

• OO 0.6.0 introduced a bug where newly created users could not actually validate their emails, instead getting trapped in a loop where all their requests were redirected to the unconfirmed user page. This has been fixed.
  Clicking the originally generated authorization token url from the email should work now, but a server admin could also resend the verify-user messages in bulk for any unverified users.
• Officers with no assignments will now render correctly instead of throwing errors.
• The assignments CSV download will now be properly limited by department, instead of returning all assignments across departments.

New features:

• There's now a sitemap at /sitemap.xml.

• Some improvements have been made to the process of bulk-adding officers:

  • Add a flag --update-by-name to the bulk_add_officers management command, which allows officers to be updated by name (without star_no or unique_internal_identifier) within a department.
  • Add a flag --update-static-fields to bulk_add_officers, which allows normally-static fields like race, employment date, etc. to be updated.
  • Unconditionally relaxes a check on static fields in bulk_add_officers, so that if a static field is None, and an imported CSV contains data for it, it will be updated, regardless of whether --update-static-fields is passed. This allows for resolution of datasets to happen in OO, instead of needing to be done manually ahead of time.
  • Add a flag --no-create to bulk_add_officers, which causes bulk_add_officers to never create new officers, only update existing ones. Any unknown officers in the imported CSV will simply be ignored.

• Add add_department and add_job_title admin commands.

OpenOversight 0.6.0

Merge branch 'develop' into main