# v1.1.0: Release notes

**OpenCRVS v1.1.0-stable** is a minor release marking the commencement of a standardised [release process](https://documentation.opencrvs.org/v1.5/general/releases) for OpenCRVS. This release will be maintained for 6 months by the core development team.

The v1.1.0 release includes collective hotfixes to stabilise the previous v1.0.1 minor patch release.

It is to be used in conjunction with a forked country configuration release [v1.1.0](https://github.com/opencrvs/opencrvs-farajaland/releases/tag/v1.1.0)

*We strongly recommend that all implementers currently running v1.0.1 perform the upgrade to v1.1.0 as soon as possible.*

### Documentation updates

The following pages in our documentation have been corrected and updated due to the requirements of the new features.

[Specified upgraded Ubuntu version and increased diskspace for servers](https://documentation.opencrvs.org/v1.5/setup/3.-installation/3.3-set-up-a-server-hosted-environment/3.3.1-provision-your-server-nodes-with-ssh-access)

[Supported Node version updated for development environments](https://documentation.opencrvs.org/v1.5/setup/3.-installation/3.1-set-up-a-development-environment/3.1.1-install-the-required-dependencies)

[Simpler command to start country configuration server](https://documentation.opencrvs.org/v1.5/setup/3.-installation/3.1-set-up-a-development-environment/3.1.3-starting-and-stopping-opencrvs)

[Improved instructions for forking in order to make migration simpler](https://documentation.opencrvs.org/v1.5/setup/3.-installation/3.2-set-up-your-own-country-configuration/3.2.1-fork-your-own-country-configuration-repository)

[Information on how to encrypt and safely store application secrets required by Ansible](https://documentation.opencrvs.org/v1.5/setup/3.-installation/3.3-set-up-a-server-hosted-environment/3.3.2-install-dependencies)

[Missing A record in DNS settings and wildcard option](https://github.com/opencrvs/documentation/blob/master/v1.5.0/setup/3.-installation/3.3-set-up-a-server-hosted-environment/3.3.5-setup-dns-a-records)

[Requirement to duplicate Github Actions for deployment in a forked repo](https://github.com/opencrvs/documentation/blob/master/v1.5.0/setup/3.-installation/3.3-set-up-a-server-hosted-environment/3.3.6-deploy-automated-and-manual)

### Major Features

The following explains in more detail each major feature that has been included in this release.

#### Migration microservice

In this release a new "migration" microservice has been introduced to core to support a simper upgrade procedure for system administrators. This microservice utilises the package [migrate-mongo](https://github.com/oneralon/migrate-mongo-ts) and performs automatic breaking change core migrations. This means that a system implementer will never need to manually install, store and run database migration files.

#### UI updates for new users

Previously the create and edit user flow and the onboarding flow were not utilising the new Content UI components from the storybook. These flows have been refactored.

**Dependency upgrades**

In this release, no major components have been upgraded. In December's release v1.2.0 Create React App has been replaced with [Vite](https://vitejs.dev/), we have introduced an S3 compatible document store [Min.io](https://min.io/) and are upgrading a host of dependencies.

#### Miscellaneous bugfixes and refactor

A host of bugfixes were discovered and prioritsed by our QA team to stabilise OpenCRVS v1.0.1 .In future, non-breaking change bugfixes will be released as v1.1.\<PATCH> hotfix releases.

**Breaking changes - core**

v1.1.0 includes the following improvements which are breaking changes. Core migrations are performed automatically when you upgrade and run this release as explained in the migration notes.

* Bugfix [OCRVS-3561](https://github.com/opencrvs/opencrvs-core/issues/3683): When registering a birth, a document "Legal Guardian Proof" was entered into the database mistakenly as "Informant's Birth Certificate". An automatic migration finds any such entries and correctly labels the document.
* Bugfix related to [OCRVS-2641](https://github.com/opencrvs/opencrvs-core/issues/2641): When improving our demo data generator script to more accurately reflect "real" Field Agent performance, we noticed that the timestamp saved to InfluxDB marking when the Field Agent commenced the application was incorrectly set to the timestamp associated with the last edit on the application. An automatic migration finds any such entries and correctly sets the timestamp.
* An automatic migration adds a new channel /confirm/registration to OpenHIM so that the payload between country configuration BRN generation and core workflow service can be monitored in OpenHIM. Additionally log retention for all OpenHIM channels is hardocded to 30 days. This saves approximately 20GB of storage space on a production server every year.

**Breaking changes - country configuration**

v1.1.0 includes the following configuration improvements which are breaking changes. You must merge all changes from the Farajaland master branch into your country configuration fork to retrieve all these updates as explained in the migration notes.

* The country configuration now loads the JWT public key from core from a new endpoint in the auth microservice **`"/.well-known"`**. This improves our security processes as we can now rotate the public key without taking the stack down. An additional benefit of this change is this also allows development teams to start the country configuration server with just `yarn dev`, rather than previously the v1.0.1 requirement to run `yarn dev <-- path to the core directory -->`.
* We fixed a bug in our provided Github Action **deploy.yml**.
* Docker Compose yml files have all been updated to support bugfixes in core.
* The core **emergency-backup-metadata.sh** and **emergency-restore-metadata.sh** scripts contained bugs which have been resolved and these scripts are now located in the country configuration server.
* The Ansible playbooks in core, now extend an additional `playbook.yml` in the country configuration. This allows application secrets that [LUKS](https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup) encrypt the manager node databases' **/data** folder to be configured as you wish. The prop **encrypt\_passphrase** has been renamed to **disk\_encryption\_key** to more accurately reflect the use case of this value. The disk\_*encryption\_*&#x6B;ey is saved into a file at the location **root/disk-encryption-key.txt** The script `decrypt.sh` is run on a system reboot, as we noticed that on reboot the data folder would not mount until it is decrypted. Mongo DB and Elasticsearch passwords are saved into an example text file **opencrvs.secrets** inside the encrypted **data/** folder.

{% hint style="warning" %}
**PRODUCTION NOTE:** In production, you will need to provision a [Hardware Security Module](https://en.wikipedia.org/wiki/Hardware_security_module) and amend the country configuration [playbook.yml](https://github.com/opencrvs/opencrvs-farajaland/blob/master/playbook.yml), [decrypt.sh](https://github.com/opencrvs/opencrvs-farajaland/blob/271730aefa1d56a264da52eab0dd3224f062cd15/decrypt.sh#L34), [emergency-backup-metadata.sh](https://github.com/opencrvs/opencrvs-farajaland/blob/271730aefa1d56a264da52eab0dd3224f062cd15/emergency-backup-metadata.sh#L68) and [emergency-restore-metadata.sh](https://github.com/opencrvs/opencrvs-farajaland/blob/271730aefa1d56a264da52eab0dd3224f062cd15/emergency-restore-metadata.sh#L45) scripts at the linked locations in order to change the approach to storing and accessing the [***disk\_encryption\_key***](https://github.com/opencrvs/opencrvs-farajaland/blob/271730aefa1d56a264da52eab0dd3224f062cd15/playbook.yml#L31) and [**MongoDB and Elasticsearch passwords**](https://github.com/opencrvs/opencrvs-farajaland/blob/271730aefa1d56a264da52eab0dd3224f062cd15/playbook.yml#L19). **Our supplied approach is not production ready. Secure secret storage is currently outside the scope of OpenCRVS.**

*In the December OpenCRVS release v.1.2.0 we intend to show an example of how an HSM could be configured. In the meantime, MOSIP's documentation on the requirements of a* [*Hardware Security Module*](https://docs.mosip.io/1.1.5/build-and-deploy/hardware-security-module-hsm-specifications) *is useful reading.*
{% endhint %}

* The following translation keys have been added:

```
"config.application.updatingeMessage": "Updating..."
"constants.requestReason": "Reason for request"
"form.field.label.updatingUser": "Updating user"
"form.field.label.creatingNewUser": "Creating new user"
"form.section.user.preview.title": "Confirm details"
"record.certificate.collectedInAdvance": "Printed in advance by"
```

**For full details of all product updates, visit** [**https://github.com/opencrvs/opencrvs-core/releases**](https://github.com/opencrvs/opencrvs-core/releases)

### **Known issues**

**v1.1.0-stable:**

1. **Deployment script:** This issue is resolved in [v1.1.1](https://github.com/opencrvs/opencrvs-core/releases/tag/v1.1.1). We deprecated the `--update-metadata` parameter which is passed to `deploy.sh` from the Github [Deploy](https://github.com/opencrvs/documentation/blob/master/v1.5.0/setup/3.-installation/3.3-set-up-a-server-hosted-environment/3.3.6-deploy-automated-and-manual) Action. The **country configuration Github Action file deploy.yml** still attempts to pass this parameter to *deploy.sh.* This causes the deploy script to fail. To resolve this issue, **please edit the Github Action deploy.yml in your country configuration** in lines 90, 112 and 134 from:

```
bash deploy.sh --clear-data=${{ env.FACTORY_RESET }} --restore-metadata=${{ env.FACTORY_RESET }} --update-metadata=no ...
```

to:

```
bash deploy.sh --clear-data=${{ env.FACTORY_RESET }} --restore-metadata=${{ env.FACTORY_RESET }} ...
```