Skip to content
CHANGES.md 54.6 KiB
Newer Older
Bengfort's avatar
Bengfort committed
# 0.96.2 (2024-04-15)

-   Do not delete study types when removing unnecessary recruitment
    attributes. This bug could result in data loss for both studies
    (`StudySession.type`) and subjects (`Subject.study_type_disinterest`).
    Please check your backups to see if any study types have been deleted!
-   Fix admin search for StudyGroup


Bengfort's avatar
Bengfort committed
# 0.96.1 (2024-03-11)

-   Fix expiration of consents given by parents when a subject turns 16.
    This was not handled correctly since 0.79.0 (2022-07-19).
    Fortunately, the information can be fully recovered. Also, since the
    bug was introduced less than 2 years ago, no consent are actually
    affected.
-   Display study maintenance link for all users
-   Fix validation of MultiPolygons for geo filters
-   Fix a type in the german translation


Bengfort's avatar
Bengfort committed
# 0.96.0 (2024-01-29)
Bengfort's avatar
Bengfort committed

## breaking changes

-   Calendar feeds no longer contain contact information of subjects.
    The endpoints `/execution/resources/<id>/` and
    `/execution/<id>/calendar/feed/` have been removed completely.

Bengfort's avatar
Bengfort committed
## bug fixes

-   Fix showing "deprecated" label for consent documents in subject
    management
-   Fix loading static files on Windows

Bengfort's avatar
Bengfort committed
## new features

-   We developed a reusable Django app to automatically create signed
    timestamps for uploaded files. This allows to proof that the file
    has not been manipulated after the fact. Starting with this release,
    that app is installed (but not configured) in the Castellum Docker
    image by default. See
Bengfort's avatar
Bengfort committed
    https://git.mpib-berlin.mpg.de/castellum/django-storage-timestamps/
    for details.
Bengfort's avatar
Bengfort committed
-   The participation status system has been overhauled and expanded
    -   The new status "completed" allows to free up subjects from
        exclusive studies
    -   Dropped out subjects are now freed up for exclusive studies
    -   Dropped out subjects are now excluded in excluded studies
        (because they may still have learning effects, even if the data
        is not used)
    -   Dropped out subjects are no longer considered for included
    -   The view to change participation status in execution has been
        revised and is now integrated in the navigation
Bengfort's avatar
Bengfort committed
-   Allow to add more then one document for study consent.
Bengfort's avatar
Bengfort committed

## other changes

-   The `AttributeDescription` model has been renamed to `Attribute`


Bengfort's avatar
Bengfort committed
# 0.95.2 (2023-11-22)

-   Allow to run Castellum without gdal
-   Add missing migration dependency
-   Add some missing margins


Bengfort's avatar
Bengfort committed
# 0.95.1 (2023-10-11)

-   Fix support for Python 3.8


Bengfort's avatar
Bengfort committed
# 0.95.0 (2023-10-09)

Starting with this release the release schedule will change:

-   Minor releases will be published roughly every three months instead
    of every three weeks
-   Beta releases might be published to offer previews on new features
-   Bug fix releases will be published on demand

## breaking changes

-   Study import/export has been removed.

## bug fixes

-   Work around an issue where the data protection dashboard was not
    filtered under some circumstances (see
    https://code.djangoproject.com/ticket/33482)

## new features

-   The front page now contains a link to the documentation. The URL can
    be customized using `CASTELLUM_DOCUMENTATION_LINK`.


Bengfort's avatar
Bengfort committed
# 0.94.0 (2023-09-12)
Bengfort's avatar
Bengfort committed

## breaking changes

-   The docker image now uses the uwsgi user instead of root to tighten
    security. This also means that you can no longer install packages.
    If you need to do that, it is recommended to build a custom image
    instead.
-   The default value of `CASTELLUM_ENABLE_STUDY_EXPORT` changed to
    `False`. We are thinking about removing that feature completly
    because the study API provides a better solution in many cases.
    Please get in touch if you think you have a valid use case.

## bug fixes

-   Fixed some bugs/unexpected behavior concerning test mails (e.g. for
    appointment reminders).

## new features

-   Study management now provides an "Overview by status" that allows to
    keep track of studies and explains possible next steps.
-   Pseudonym domains in study management now also display the number of
    pseudonyms that have been accessed. This allows you to identify
    domains that have not been used.

## other changes

-   `CASTELLUM_APPOINTMENT_MAIL_BODY` was extended to explain the impact
    of no-shows.


Bengfort's avatar
Bengfort committed
# 0.93.1 (2023-08-23)

-   Fix crash in filter trials (regression from 0.93.0)
-   Do not send recruitment mail reminders to subjects who are no longer
    suitable for the study.


Bengfort's avatar
Bengfort committed
# 0.93.0 (2023-08-22)

## breaking changes

-   The working directory in the docker image has changed from /code/ to
    /app/
Bengfort's avatar
Bengfort committed
-   To protect study conductors, subjects who get reported are now
Bengfort's avatar
Bengfort committed
    blocked immedately. If the reviewers discard the report, the subject
    is un-blocked.

## bug fixes

-   The number of recruitable subjects on the subject management page no
    longer includes subjects who are deceased or blocked.

## new features

-   Studies can now select "included studies". Only participants from
    included studies will be considered in the recruitment for the
    study.

## other changes

-   Castellum now uses the browser's default warning message when the
    user might lose unsaved changes.


Bengfort's avatar
Bengfort committed
# 0.92.0 (2023-08-01)

## bug fixes

-   adapt the `create_demo_users` script to the changes to the "subject
    manager" group from 0.90.

## new features

-   allow to pre-fill the study creation form via URL parameters
-   there can now be up to two appointment reminders and study
    coordinators can choose how many days before the appointment these
    reminders should be sent. The new settings
    `CASTELLUM_APPOINTMENT_DEFAULT_FIRST_REMINDER_DAYS`
    `CASTELLUM_APPOINTMENT_DEFAULT_SECOND_REMINDER_DAYS`
    can be used to set defaults. `CASTELLUM_APPOINTMENT_REMINDER_PERIOD`
    is deprecated but still required for the migration.
-   subject search can now be excluded from the monitoring log with the
    new setting `CASTELLUM_MONITORING_INCLUDE_SEARCH`

## other changes

-   study approvers no longer need to be members of the study they want
    to approve
-   appointment change notifications are sent regardless of when the
    appointment will take place (previously it was only sent for
    appointments in the upcoming two working days, which was confusing)


Bengfort's avatar
Bengfort committed
# 0.91.1 (2023-06-27)

## bug fixes

-   fix a 500 error related to the race condition fix.


Bengfort's avatar
Bengfort committed
# 0.91.0 (2023-06-26)

## bug fixes

-   django-axes uses the package django-ipware to detect client IP
    addresses. This dependency turned from required to optional in
    django-axes 6.0. The new docker images contain django-ipware, so
    detection should work correctly again.
-   Fixed a race condition in mail recruitment where two recruitment
    requests could run at the same time, resulting in duplicate mails
    send to subjects.

## performance

-   The CSS generated from `BOOTSTRAP_THEME_COLORS` is now cached for
    24h, so changes might not show up immediately.
-   The default uwsgi config now sets long `Expires` headers for static
    files to benefit from cache busting.

## other changes

-   The admin UI no longer contains all models by default. You can still
    including all models by using the `CASTELLUM_ADVANCED_ADMIN_UI`
    setting.


Bengfort's avatar
Bengfort committed
# 0.90.2 (2023-05-30)

-   Downgrade fullcalendar to avoid a bug in the latest version


Bengfort's avatar
Bengfort committed
# 0.90.1 (2023-05-30)

## bug fixes

-   remove outdated link to blocking subjects from subject management
    overview
-   improve aria-label for pagination

## other changes

-   for the docker image, alpine linux has been updated to 3.17


Bengfort's avatar
Bengfort committed
# 0.90.0 (2023-05-09)

## security

-   To limit the impact of study manager privilege escalations, the
    "subject manager" study group is no longer created by default. If it
    is not required for your usecase, we recommend to remove it there,
    too.

## breaking changes

-   The "{name}" placeholder is now required in recruitment mails.
-   Some configuration options for uwsgi were moved from the Dockerfile
    to uwsgi.ini.

## other changes

-   The front page icon for today's appointments has been changed.


Bengfort's avatar
Bengfort committed
# 0.89.1 (2023-04-18)

-   Add missing timezone data to docker image


Bengfort's avatar
Bengfort committed
# 0.89.0 (2023-04-18)
Bengfort's avatar
Bengfort committed

## breaking changes

-   Django was updated to 4.2. This also means that the minimal
    supported version of Python is now 3.8 and the minimal supported
    version of PostgreSQL is now 12.
-   The "waiting for consent" maintenance view has been removed. It was
    supposed to help find subjects that have neither given nor denied
    recruitment consent. This is not actually an issue so there is no
    reason to have that view.
-   Header and messages are no longer included when printing a page.

Bengfort's avatar
Bengfort committed
## new features

-   The reception tile on the start page as well as the "Receptionist"
    user group that had been removed in 0.80.0 have been restored with
    minor changes.

Bengfort's avatar
Bengfort committed
# 0.88.1 (2023-03-28)

## bug fixes

Bengfort's avatar
Bengfort committed
-   Use correct encoding when using `X-Sendfile` if the filesystem uses
Bengfort's avatar
Bengfort committed
    a different encoding then the system default.
-   Fix some unstyled components when using `BOOTSTRAP_THEME_COLORS`.
-   Properly close JSON Schema files after parsing them.


Bengfort's avatar
Bengfort committed
# 0.88.0 (2023-03-07)

## breaking changes

-   the default `STATIC_ROOT` has been changed from
    `castellum/collected_static/` to `static/`
-   Due to changes in the fullcalendar library, the script
    `.misc/extract_fullcalendar_css.sh` must now be executed on every
    update for non-docker installations.
Bengfort's avatar
Bengfort committed

## UI changes

-   The study form has been restructured to explicitly show which fields
    are meant to be shared with subjects.
-   After a subject has been created, there is a grace period in which
    we assume that they have been contacted for recruitment consent.
    During this grace period the recruitment consent acts as a legal
    basis, even though it doesn't exist yet. The subject detail UI no
    longer lists recruitment consent as an available legal basis in that
    case.


Bengfort's avatar
Bengfort committed
# 0.87.0 (2023-02-16)

## breaking changes

-   Entering a Principal investigator for a study is now optional.

## new features

-   Allow to hide study metadata fields via the
    `CASTELLUM_ENABLE_STUDY_METADATA` setting
-   Allow to enter a URL for studies
-   The help text for study names has been rephrased to highlight which
    kind of name is expected.


Bengfort's avatar
Bengfort committed
# 0.86.1 (2023-02-06)

-   Fix downloading uploaded files with non-ASCII characters in the
    filename when using `X-Sendfile`.
-   No longer pass through the `X-Sendfile` header with the default
    uwsgi configuration.


Bengfort's avatar
Bengfort committed
# 0.86.0 (2023-01-25)

## new features

-   The feature to block subjects for inappropriate behavior has been
    overhauled. All users who are in contact with subjects can now
    report a subject for inappropriate behavior. But only users with the
    new permission `subjects.view_report` can actually block the
    subject. Reporting subjects is only available if
    `CASTELLUM_REPORT_NOTIFICATION_TO` has been set.
-   The docker image will now use a settings file located in
    `/code/django_settings.py` by default.

## bug fixes

-   Fix crash when deleting recruitment data if subject does not have
Bengfort's avatar
Bengfort committed
    `CASTELLUM_DATE_OF_BIRTH_ATTRIBUTE_ID`
Bengfort's avatar
Bengfort committed

Bengfort's avatar
Bengfort committed
# 0.85.1 (2023-01-09)

## bug fixes

-   fix error when accessing uploaded files for subjects


Bengfort's avatar
Bengfort committed
# 0.85.0 (2022-12-13)
Bengfort's avatar
Bengfort committed

## new features

-   The repository now contains a detailed guide for manual deployment
    (thanks to Stefan Fürtinger)
-   It is now possible to disable the appointment reminders for
    individual sessions.
-   Legal representatives of legal representatives are now handled
    correctly.


Bengfort's avatar
Bengfort committed
# 0.84.0 (2022-11-22)
Bengfort's avatar
Bengfort committed

## new features

-   Allow to upload signed study consents


Bengfort's avatar
Bengfort committed
# 0.83.0 (2022-11-01)
Bengfort's avatar
Bengfort committed

## breaking changes

-   In the docker image, the `/log/` and `/media/` volumes have been
Bengfort's avatar
Bengfort committed
    moved to `/code/log/` and `/code/media/` respectively. This is to
Bengfort's avatar
Bengfort committed
    avoid conflicts as `/media/` is used as a mountpoint for removable
    media in many linux distributions.

## new features

-   The new setting `CASTELLUM_SITE_LOGO` can be used to add a logo to
    the header.
-   The new setting `BOOTSTRAP_THEME_COLORS` can be used to change the
    primary color.
-   The Admin UI to manage users has been improved. Among other things,
    it is now possible to add a description to each user, e.g. to
    reference their organisational unit.


Bengfort's avatar
Bengfort committed
# 0.82.1 (2022-10-11)

## bug fixes

-   Add missing translations
-   Handle exceptions when trying to send mails
-   Do not notify about all to be deleted subjects every time


Bengfort's avatar
Bengfort committed
# 0.82.0 (2022-09-20)
Bengfort's avatar
Bengfort committed

## breaking changes

-   The server-side validation of uploaded files was buggy and therefore
    removed.
-   It is no longer possible to document that additional suitability
    documents exist.

## bug fixes

-   The order of consent documents has been fixed

## new features

-   The new setting `CASTELLUM_SITE_TITLE` allows to change the site
    title
-   The way privacy levels are displayed has been redesigned. It should
    now be easier to tell if other users are able to access a subject or
    not.
-   Study type disinterest has been rephrased to also cover permanently
    unsuitable subjects.


Bengfort's avatar
Bengfort committed
# 0.81.0 (2022-08-30)
Bengfort's avatar
Bengfort committed

## breaking changes

-   Starting with this release, we will slightly change our release
    schedule. Feature releases will be less frequent. However, we still
    expect there to be a release every 3 weeks for dependency updates.
-   The docker image is now based on alpine linux 3.16
-   The temporary mechanism to honor recruitment consent grace periods
    introduced in 0.79.0 has been removed again.
-   The option `CASTELLUM_COVERLETTER_TEMPLATE` has been removed
-   The option for study reviewers to display a complete overview of the
    study has been removed. All actions concerning members and their
    permissions are instead logged to the monitoring log.
-   Date inputs now have a minimum value of 1900-01-01. This is to
    prevent typos.

## bug fixes

-   Fixed dates in the "waiting for consent" maintenance view

## new features

-   It is now possible to find subjects by their pseudonyms from general
    domains
-   Users are informed more prominently if a subject's data is
    incomplete.
-   Recruiters can now exclude a subject from a study even if they do
    not have the required privacy level.
-   The help texts for legal bases now provides a brief summary for each
    referenced legal article
-   The command `geocode_all` now returns an error if nominatim is not
    configured.
-   The development documentation has been restructured.
-   The docker image now includes a default uwsgi.ini
-   Study members are now included in the study export. We expect to do
    a bigger overhaul of the study export in the near future, so don't
    expect this to be stable.


Bengfort's avatar
Bengfort committed
# 0.80.1 (2022-08-22)

## bug fixes

-   Fix background color of execution tags (was white on white)


Bengfort's avatar
Bengfort committed
# 0.80.0 (2022-08-09)
Bengfort's avatar
Bengfort committed

## breaking changes

-   Subject notes have been removed. They have been deprecated since
    0.53.0.
-   The option to create a study as an "anonymous invitation" has been
    removed. Existing anonymous invitation will be deleted. If you want
    to keep them, you can remove the `is_anonymous_invitation` flag via
    the admin UI before doing the update.
Bengfort's avatar
Bengfort committed
-   The reception tile on the start page as well as the "Receptionist"
    user group have been removed.

## bug fixes

-   It is no longer possible to create subjects, subject creation
    requests, or contact creation requests via the admin UI because that
    could lead to inconsistent data.
-   The technical creation date of a consent document is no longer
    displayed because it does not necessarily correspond to the date
    when the real-world document was introduced.

## new features

-   Bootstrap has been updated to 5.2, so the UI got a slight refresh.
-   The recruitment list can now be filtered by "assigned to me".
-   When a subject that requested deletion is deleted, the date of the
    request is now included in the monitoring log.


Bengfort's avatar
Bengfort committed
# 0.79.0 (2022-07-19)
Bengfort's avatar
Bengfort committed

This release removes many rarely used features and brings a major
overhaul of the recruitment consent feature.

## breaking changes

-   The official contact email for this project has changed to
    <castellum@mpib-berlin.mpg.de>.
-   Exclusion criteria have been merged into recruitment texts. A
    study's exclusion criteria will automatically be appended to the
    recruitment text on migration. The contents of
    `CASTELLUM_GENERAL_EXCLUSION_CRITERIA` should similarily be appended
    to `CASTELLUM_GENERAL_RECRUITMENT_TEXT`.
-   `CASTELLUM_RECRUITMENT_SOFT_LIMIT` is no longer used.
-   The option to announce study status changes has been removed.
    Consequently, the settings `CASTELLUM_STUDY_STATUS_NOTIFICATION_TO`,
    `CASTELLUM_STUDY_STATUS_NOTIFICATION_SUBJECT`,
    `CASTELLUM_STUDY_STATUS_NOTIFICATION_BODY`, and
    `CASTELLUM_STUDY_STATUS_NOTIFICATION_BODY_EN` are no longer used.
-   The option to set a preferred contact method for subjects has been
    removed.
-   The option to import and export attribute descriptions has been
    removed.
-   The option to set privacy levels for attributes has been removed.
-   The script `create_attribute_descriptions` has been replaced by
    `loaddata attribute_descriptions`.
-   It is no longer possible to mark recruitment consent as "waiting for
    confirmation". Previously, castellum treated such a consent as a
    legal basis for a grace period (see
    `CASTELLUM_CONSENT_REVIEW_PERIOD`). Castellum now still uses
    `CASTELLUM_CONSENT_REVIEW_PERIOD` when a subject is newly created.
    It also provides a temporary mechanism to honor grace periods that
    were in effect during migration. You need to define organizational
    processes for the case when you are waiting for an updated consent
    while an old one is still in effect.

## new features

-   Recruitment consents have been redesigned from the ground up
    -   It is now possible to upload signed consent documents.
    -   It is now possible to explicitly select the consent document for
        a recruitment consent.
    -   It is now possible to manually select a name for a consent
        document (other than "Version X").
    -   It is no longer necessary to confirm the consent in a second
        step.
-   A subject's reliability is displayed less prominently


Bengfort's avatar
Bengfort committed
# 0.78.0 (2022-06-28)
Bengfort's avatar
Bengfort committed

## breaking changes

-   It is no longer possible to mark consent documents as invalid. They
    should be removed instead.

## bug fixes

-   When duplicating a study, the colors for execution tags are now
    copied correctly.
-   When duplicating a study, the study consent is no longer duplicated.
Bengfort's avatar
Bengfort committed
    This was also never really useful because the study consent is
    always specific to that study.
Bengfort's avatar
Bengfort committed

## new features

-   Uploaded files now have permission checks. For example, only members
    of a study can access the uploaded files for that study.
-   The study consent upload has been moved to a separate tab.
-   It is now possible to use feature collections in geofilters. This
    allows to use files e.g. from geojson.io without further
    modification.
-   Added admin UI for geolocations.
-   There is now a "pseudonyms deleted" badge in subject deletion that
Bengfort's avatar
Bengfort committed
    helps data protection coordinators to understand what is left to be
Bengfort's avatar
Bengfort committed
    done.
-   Privacy levels (both for subjects and attributes) are now included
    in attribute export and the corresponding API endpoints.
-   Added a marker for the minimum subject count to study progress bars.


# 0.77.0 (release skipped)


# 0.76.0 (release skipped)


Bengfort's avatar
Bengfort committed
# 0.75.1 (2022-05-10)

-   Fixed default value for subject's privacy level


Bengfort's avatar
Bengfort committed
# 0.75.0 (2022-04-26)
Hayat's avatar
Hayat committed

## bug fixes

-   Fixed showing the consent document in consent forms outside of
    subject management.

Hayat's avatar
Hayat committed
## new features

Bengfort's avatar
Bengfort committed
-   Broadcast messages allow to communicate important information to all
    users, e.g. scheduled maintenance.
-   The data protection dashboard now shows a new category ("unnecessary
    recruitment data") for subjects who have recruitment data, but no
    recruitment consent.
-   When editing an appointment, users can now select whether other
    users should be informed via mail or not.
-   The third cleanup option ("mismatch") now also excludes subjects
    without recruitment consent.
-   The new command `cleanup_dashboards` allows to delete all subjects
    listed in the data protection dashboard.
-   When deleting all pseudonym domains and a subject is also not
    interested in study news, a participation is no longer counted as
    legal basis to keep the subject's data
-   More precise wording in the subject deletion process to reflect that
    legally binding retention periods may prevent the deletion of
    scientific data even if this goes against the subject's wishes.
Hayat's avatar
Hayat committed


Bengfort's avatar
Bengfort committed
# 0.74.0 (2022-04-05)
Bengfort's avatar
Bengfort committed

## bug fixes

-   Fixed missing entries in reliability maintenance dashboard
-   Fixed autocompletion for the source field on subjects
-   Do not list blocked and deceased subjects in maintenance dashboards
-   Fixed wrong date in notification mail when an appointment is removed
-   Fixed order of sessions in appointment form

## breaking changes

-   It is no longer possible to assign conductors to participations.
    This feature has been replaced by appointment assignments (see
    below). Existing assignments are migrated automatically.
-   The default values for `CASTELLUM_SUBJECT_DELETE_STUDY_MAIL_BODY`
    and `CASTELLUM_SUBJECT_EXPORT_STUDY_MAIL_BODY` have been expanded
    with "(link only available for conductors)". If you have customized
    these settings you might want to adapt them.
-   `CASTELLUM_APPOINTMENT_CHANGE_NOTIFICATION_BODY` has been changed
    to to be used with a single `change` instead of `changes`.

## new features

-   It is now possible to delete a study domain and all related
    pseudonyms. Once a pseudonym is deleted, it is no longer possible to
    find the corresponding contact information. Note, however, that
    additional steps might be necessary for full anonymization of
    scientific data (e.g. image data).
-   It is now possible to assign conductors to individual appointments
    instead of participations. Email notifications are only sent to the
    assigned conductors.
-   Assignments are no longer cleared when the status of a study
    changes.
-   `CASTELLUM_CUSTOM_PRIVACY_LEVELS` can be used to distinguish
    different reasons for assigning a privacy level to a subject.
-   The execution list can now be sorted by tags and number of
    appointments
-   Execution tags are now included in calendar feeds
-   "Onetime invitations" have been renamed to "anonymous invitations".
    Participations in anonymous invitations are now treated as "awaiting
    response", so they are deleted automatically when a study ends.
-   Recruitment consent and blocked are no longer considered legal bases
    for deceased subjects
-   In recruitment cleanup, the "Unsuitable" option now also includes
Bengfort's avatar
Bengfort committed
    subjects who no longer have recruitment consent.
Bengfort's avatar
Bengfort committed
-   It is now possible to add multiple members to a study at the same
    time.
-   Subscribing to calendar feeds has been simplified by using
    webcal links which can be handled by calendar software directly.
-   The "add to study" feature now warns that it is mainly meant for
    migration purposes.


Bengfort's avatar
Bengfort committed
# 0.73.2 (2022-03-21)

-   Fixed link to participations in subject overview
-   Fixed crash when editing users via the admin UI


Bengfort's avatar
Bengfort committed
# 0.73.1 (2022-03-15)

-   Fixed missing translations


Bengfort's avatar
Bengfort committed
# 0.73.0 (2022-03-15)
Bengfort's avatar
Bengfort committed

## bug fixes

-   Fixed resetting user token in admin UI
-   Fixed future due date in data protection dashboard
-   Fixed getting pseudonyms in execution for finished studies

## new features

-   Added script `cleanup_underage_consents` to remove recruitment
    consents for underage subjects 2 years after they have come of age.
-   Help subject managers to clear residual recruitment data if there is
    no recruitment consent.


Bengfort's avatar
Bengfort committed
# 0.72.1 (2022-03-02)

## security

-   Accounts that were deactivated by removing the `is_active` flag were
    still able to access data using their token (either via the API or
    from calendar feeds). Note that expired accounts were still blocked.

## bug fixes

-   Fixed resetting user tokens in the admin UI.


Bengfort's avatar
Bengfort committed
# 0.72.0 (2022-02-22)
Bengfort's avatar
Bengfort committed

## bug fixes

-   Better handling of errors when the scheduler is not available.

## new features

-   Identicons are used to represent subjects throughout the
    application.
-   The UI for cleaning up the recruitment list has been revised. We
    also made some changes to how it works:
    -   Cleaning up subject that do not match the current filters will
        no longer exclude subjects with unknown attributes.
    -   Cleanup will no longer exclude subjects that have a follow-up
        scheduled.
-   The recruitment consent now also shows which version of the consent
Bengfort's avatar
Bengfort committed
    document was confirmed and on which date.
Bengfort's avatar
Bengfort committed
-   The maintenance dashboard contains additional relevant information
    for each subject.
-   Most badges gained a short explanation in a tooltip.
Bengfort's avatar
Bengfort committed
-   The accessibility was improved. Most importantly, there is now an
    invisible link at the beginning of the page to skip directly to the
    main content.
Bengfort's avatar
Bengfort committed


Bengfort's avatar
Bengfort committed
# 0.71.1 (2022-02-01)

-   Fix cases in which all subjects would be included in the subject
    protection dashboard.


Bengfort's avatar
Bengfort committed
# 0.71.0 (2022-02-01)
Bengfort's avatar
Bengfort committed

## breaking changes

-   It is no longer possible to create appointments for subjects
    who are not participating. If the status is changed from
    "participating" to anything else, existing appointments are deleted.
Bengfort's avatar
Bengfort committed
    This has less potential for confusion than keeping the appointments
Bengfort's avatar
Bengfort committed
    but ignoring them.
Bengfort's avatar
Bengfort committed
-   The docker image is now based on Alpine 3.14 which might cause
Bengfort's avatar
Bengfort committed
    issues if used with a docker version before 20.10.

## security

-   If available, django-axes is now also used to block brute-force
    attacks on API views. Previously it was only used on the login view.
    Django-axes is available by default in the official docker image.
-   In production setups, Django by default sends error reports to the
    email addresses defined in the `ADMINS` setting. These reports
    potentially contain sensitive data, e.g. session IDs. Starting with
    this version, Castellum cuts down the amount of information
    contained in these reports. You can restore the original behavior
    using the `DEFAULT_EXCEPTION_REPORTER` setting.

## bug fixes

-   Fixed a crash in the subjects pseudonyms view
-   Fixed cases in which subject creation requests were imported a
Bengfort's avatar
Bengfort committed
    second time after they had already been processed.
Bengfort's avatar
Bengfort committed
-   Fixed an indeterministic crash in the `create_demo_content` command.

## new features

-   It is now possible to add more than one resource to a session.
-   The users who are allowed to access a general domain are now defined
    in the admin UI for domains, not users.
-   Study tags are now displayed more prominently.
-   The "potential subjects" counts in study management now exclude
    subjects who are already participating or excluded.
Bengfort's avatar
Bengfort committed
-   JSON files in attribute export now use UTF-8 encoding instead of
    ASCII with escape codes.
Bengfort's avatar
Bengfort committed
# 0.70.2 (2022-01-12)

-   Enabled cache busting
-   Fixed width of alert in member management
-   Fixed error on invalid placeholders in resource URL
-   Fixed duplicate display of attribute options
-   Gracefully handle mail server errors in mail recruitment
-   Ignore `notify_to_be_deleted` for estranged subject maintenance view


Bengfort's avatar
Bengfort committed
# 0.70.1 (2022-01-11)

-   Fixed a broken migration


Bengfort's avatar
Bengfort committed
# 0.70.0 (2022-01-11)
Bengfort's avatar
Bengfort committed

## security

-   The calendars that are displayed in different parts of castellum
    constantly poll for new events. This was counted as user activity
    and therefore prevented the auto-logout mechanism to work correctly.
    With this release these requests are ignored when checking for user
    activity.

## breaking changes

-   `CASTELLUM_PSEUDONYMS_API_ENABLED` was renamed/extended to
    `CASTELLUM_API_ENABLED`
-   The execution API URLs changed (see docs/API.md for details)

## bug fixes

-   Fixed some missing fields in study duplication
-   Fixed various issues (including crashes) in the
    `fetch_scheduler_appointments` command
-   Fixed crash when trying to edit a guardian in recruitment/execution
-   Fixed missing translation fallback for attribute options
-   Fixed phone number in subject creation requests
Bengfort's avatar
Bengfort committed

## new features

-   This release contains many UI changes. Highlights:
    -   Styling was updated to bootstrap 5
    -   Changed the study list layout
    -   Changed study member management to display a single table
    -   Changed the data protection dashboard to display a single list
-   In recruitment, recently active (and therefore potentially
    responsive) subjects are highlighted with a badge and a new sort
    option. There is also a new button to only add recently active
    subjects.
-   A subject's privacy level is now prominently displayed in the UI,
    including recruitment and execution. A user's privacy level is
    correspondingly displayed in member management. This way it is
    easier to see whether your coworkers are allowed to access a
    specific subject.
-   There is a new subject maintenance view for subjects that have not
    been contacted in a long time.
-   The email address is now included in study export/import
-   The data protection dashboard now also displays meaningful
    information when the request is overdue.
-   Scheduler appointments are now synced automatically for the whole
    study when a relevant view is used. Previously, only the
    appointments for a single subject were synced when relevant views
    for that subject were used.
-   When setting a schedule ID, castellum now checks whether that
    schedule actually exists.
-   A schedule ID can no longer be changed once an appointment exists to
    avoid synchronisation issues between the scheduler and castellum.
-   Added two new API endpoints to list studies and get study metadata
    (see docs/API.md for details)
-   General domains can now have exportable attributes that are
    available via a new API endpoint


Bengfort's avatar
Bengfort committed
# 0.69.2 (2021-12-01)
Bengfort's avatar
Bengfort committed

-   Fixed displaying external event feeds


Bengfort's avatar
Bengfort committed
# 0.69.1 (2021-11-30)

-   Fixed pseudonym migration


Bengfort's avatar
Bengfort committed
# 0.69.0 (2021-11-30)
Bengfort's avatar
Bengfort committed

You need to update to at least 0.68.0 before updating to this version.

## breaking changes

-   The primary key for the Subject model was changed from `Subject.id`
    (integer) to `Subject.uuid` (UUID) to effectively make enumeration
    attacks impossible.
-   The `attribute_export` command now requires a subject UUID instead
    of an ID.
-   Castellum will no longer prevent users from creating overlapping
    appointments because this turned out to be too inflexible in
    practice. The corresponding error messages have been downgraded
    to warnings.
-   There is no longer a datepicker for browsers that do not natively
    support one. This mostly affects Safari prior to 14.1.
-   The legacy scheduler API (`SchedulerPingView`) has been removed.
    Instead you can now use the new `fetch_scheduler_appointments`
    command. Additionally, scheduler events will automatically be
    fetched when users access an appointment view.

## bug fixes

-   External calendar feeds defined via `Resource.url` now properly
    support recurring events.
-   Users are now warned on invalid subject search queries instead of
    just showing no results.
Bengfort's avatar
Bengfort committed
-   Fixed crash in legal representative update view.
Bengfort's avatar
Bengfort committed

## new features

-   Calendars with events in different colors now contain a legend.
-   `Resource.url` can now contain `{start}` and `{end}` placeholders.
-   The external calendar feed from `Resource.url` is now also displayed
    in the resource manager calendar.
-   The execution progress view now displays participating and dropped
    out subjects separately.
-   `ContactCreationRequest` gained a free text `message` field.


Bengfort's avatar
Bengfort committed
# 0.68.1 (2021-11-10)

-   Fixed events from `Resource.url` showing up multiple times.


Bengfort's avatar
Bengfort committed
# 0.68.0 (2021-11-09)
Bengfort's avatar
Bengfort committed

You need to update to at least 0.67.0 before updating to this version.

## breaking changes

-   The default value for `CASTELLUM_APPOINTMENT_REMINDER_PERIOD` was
    increased from 2 days to 3 days.
-   `StudyTypeEventFeed` was removed. For most use cases you can use
    `Resource.url` instead.
-   `User.logout_timeout` and `LOGOUT_TIMEOUT_DEFAULT` were replaced by
    `CASTELLUM_LOGOUT_TIMEOUT`.
-   `Sudy.data_sensitivity` was removed.
-   `Study.custom_filter` was removed. If you need a similar
    functionality it is recommended to create a bespoke attribute and
    fill it automatically from a python script.
-   When accepting or discarding a `SubjectCreationRequest`, it is no
    longer deleted but only marked as deleted. The associated contact
    information is still deleted. This way you can discerne whether an
    incoming request has already been handled or not.
Bengfort's avatar
Bengfort committed

## bug fixes

-   Calendars now use more space for events to avoid cropping. The text
    is also available as a tooltip.
-   For studies that are one time invitations, display the number of
    contacted subjects instead of invited subjects in the overview.

## new features

-   Users can now be added as managers for resources. In that case they
    gain access to a resource calendar.
-   Resources can now reference external event feeds. This event feed is
    included in the recruitment calendar for studies that use this
    resource.
-   The study calendar now includes the number of required subjects.
    This helps finding potential capacity peaks.
-   `ContactCreationRequest` gained a `phone_number` field.


Bengfort's avatar
Bengfort committed
# 0.67.2 (2021-10-26)

-   Fixed adding newly created legal representatives (regression from
    0.67.0)


Bengfort's avatar
Bengfort committed
# 0.67.1 (2021-10-19)

-   Fixed a faulty migration.


Bengfort's avatar
Bengfort committed
# 0.67.0 (2021-10-19)
Bengfort's avatar
Bengfort committed

## security

-   Added a missing privacy level check in appointment feeds
-   Fixed a possible subject enumeration in the legal guardian form

## bug fixes

-   Fixed sending appointment reminders only once (regression from