ivooskamp/clearview
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a51694289c
clearview/docs/changelog.md
Ivo Oskamp 1e69be4301 release: v0.2.0
2026-05-28 16:40:45 +02:00

3.2 KiB
Raw Blame History

Clearview changelog

This file is the release-summary changelog used by build-and-push.sh to determine the current version. The first heading must be the most recent release in the form ## vX.Y.Z — YYYY-MM-DD.

For day-by-day development history see changelog-develop.md.

v0.2.0 — 2026-05-28

Added

  • Authentication — session-based login (Argon2id, HttpOnly cookie, 8h sliding / 30d remember-me), first-run setup page, admin/user roles, user-management UI under Settings (CRUD + password reset), and an audit log. All API endpoints now require an authenticated session.
  • Mailbox permission scanning — new scan_type=mailbox enumerates Exchange Online delegated access (Full Access, Send As, Send on Behalf, Calendar/Inbox folder delegations) via PowerShell + ExchangeOnlineManagement. Supports manual UPNs, CSV import, and "all mailboxes in tenant".
  • Entra Group scanning — new scan_type=entra_groups enumerates Microsoft 365 / Azure AD group memberships (Members + Owners, with nested-group expansion). Manual IDs, CSV import, and "all groups in tenant".
  • SharePoint root-permissions modescan_type=sharepoint_root inventories site-root role assignments without traversing libraries/folders/files; recursive expansion of SharePoint groups, AAD/M365 groups, and readable UPNs for directly-assigned users.
  • Resolve sharing links / groups — post-scan actions to expand SharingLinks recipients and SharePoint/AAD group memberships into the deviation rows.
  • Connection preflight per target with persisted last-probe status and a manual "Test" button.
  • Excel export of Targets + Deviations sheets, with type-aware sheet names and columns.
  • Tenant primary_domain field, expanded mailbox onboarding instructions, and English-only UI.
  • Sidebar layout — fixed left sidebar with hash-based routing.

Changed

  • main.py split into per-route modules (api_tenants, api_jobs, api_onboarding) with shared helpers; behaviour-preserving.
  • Scanner split into scanners/ package (sharepoint, mailbox, entra).
  • Token cache now has TTL + lock + MSAL app reuse; worker job claim is atomic (SELECT … FOR UPDATE SKIP LOCKED); all datetimes are timezone-aware UTC (timestamptz migration).
  • Schema management moved from startup create_all to Alembic migrations (baseline + timestamptz + auth tables).
  • Build number visible in the UI; build script reads version from docs/changelog.md.
  • Dockerfile now installs PowerShell 7 + ExchangeOnlineManagement (~150 MB).

Fixed

  • SharePoint REST $filter=HasUniqueRoleAssignments (unsupported as OData filter) — now client-side.
  • Dead CSS removed; accessibility focus styles strengthened; risk badge colours made distinct.

v0.1.0 — 2026-04-13

Added

  • Initial Clearview release: SharePoint permission deviation scanning across multiple customer tenants.
  • Tenant Profiles with certificate-based or client-secret authentication.
  • Asynchronous scan job queue with per-target preflight probe and retry handling.
  • Job Details panel with site filter, Excel export, and SharingLinks resolution.
  • CSV import of Microsoft Sites export format.
  • Two onboarding modes (automated via Graph platform app, or manual).