v1.1.0: Release notes
Last updated
Last updated
OpenCRVS v1.1.0-stable is a minor release marking the commencement of a standardised for OpenCRVS. This release will be maintained for 6 months by the core development team.
The v1.1.0 release includes collective hotfixes to stabilise the previous v1.0.1 minor patch release.
It is to be used in conjunction with a forked country configuration release
We strongly recommend that all implementers currently running v1.0.1 perform the upgrade to v1.1.0 as soon as possible.
The following pages in our documentation have been corrected and updated due to the requirements of the new features.
The following explains in more detail each major feature that has been included in this release.
Previously the create and edit user flow and the onboarding flow were not utilising the new Content UI components from the storybook. These flows have been refactored.
Dependency upgrades
A host of bugfixes were discovered and prioritsed by our QA team to stabilise OpenCRVS v1.0.1 .In future, non-breaking change bugfixes will be released as v1.1.<PATCH> hotfix releases.
Breaking changes - core
v1.1.0 includes the following improvements which are breaking changes. Core migrations are performed automatically when you upgrade and run this release as explained in the migration notes.
An automatic migration adds a new channel /confirm/registration to OpenHIM so that the payload between country configuration BRN generation and core workflow service can be monitored in OpenHIM. Additionally log retention for all OpenHIM channels is hardocded to 30 days. This saves approximately 20GB of storage space on a production server every year.
Breaking changes - country configuration
v1.1.0 includes the following configuration improvements which are breaking changes. You must merge all changes from the Farajaland master branch into your country configuration fork to retrieve all these updates as explained in the migration notes.
The country configuration now loads the JWT public key from core from a new endpoint in the auth microservice "/.well-known"
. This improves our security processes as we can now rotate the public key without taking the stack down. An additional benefit of this change is this also allows development teams to start the country configuration server with just yarn dev
, rather than previously the v1.0.1 requirement to run yarn dev <-- path to the core directory -->
.
We fixed a bug in our provided Github Action deploy.yml.
Docker Compose yml files have all been updated to support bugfixes in core.
The core emergency-backup-metadata.sh and emergency-restore-metadata.sh scripts contained bugs which have been resolved and these scripts are now located in the country configuration server.
The following translation keys have been added:
v1.1.0-stable:
to:
In this release a new "migration" microservice has been introduced to core to support a simper upgrade procedure for system administrators. This microservice utilises the package and performs automatic breaking change core migrations. This means that a system implementer will never need to manually install, store and run database migration files.
In this release, no major components have been upgraded. In December's release v1.2.0 Create React App has been replaced with , we have introduced an S3 compatible document store and are upgrading a host of dependencies.
Bugfix : When registering a birth, a document "Legal Guardian Proof" was entered into the database mistakenly as "Informant's Birth Certificate". An automatic migration finds any such entries and correctly labels the document.
Bugfix related to : When improving our demo data generator script to more accurately reflect "real" Field Agent performance, we noticed that the timestamp saved to InfluxDB marking when the Field Agent commenced the application was incorrectly set to the timestamp associated with the last edit on the application. An automatic migration finds any such entries and correctly sets the timestamp.
The Ansible playbooks in core, now extend an additional playbook.yml
in the country configuration. This allows application secrets that encrypt the manager node databases' /data folder to be configured as you wish. The prop encrypt_passphrase has been renamed to disk_encryption_key to more accurately reflect the use case of this value. The disk_encryption_key is saved into a file at the location root/disk-encryption-key.txt The script decrypt.sh
is run on a system reboot, as we noticed that on reboot the data folder would not mount until it is decrypted. Mongo DB and Elasticsearch passwords are saved into an example text file opencrvs.secrets inside the encrypted data/ folder.
PRODUCTION NOTE: In production, you will need to provision a and amend the country configuration , , and scripts at the linked locations in order to change the approach to storing and accessing the and . Our supplied approach is not production ready. Secure secret storage is currently outside the scope of OpenCRVS.
In the December OpenCRVS release v.1.2.0 we intend to show an example of how an HSM could be configured. In the meantime, MOSIP's documentation on the requirements of a is useful reading.
For full details of all product updates, visit
Deployment script: This issue is resolved in . We deprecated the --update-metadata
parameter which is passed to deploy.sh
from the Github Action. The country configuration Github Action file deploy.yml still attempts to pass this parameter to deploy.sh. This causes the deploy script to fail. To resolve this issue, please edit the Github Action deploy.yml in your country configuration in lines 90, 112 and 134 from: