-<p>Som vanlig, hvis du bruker Bitcoin og ønsker å vise din støtte til
-det jeg driver med, setter jeg pris på om du sender Bitcoin-donasjoner
-til min adresse
-<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.
-Merk, betaling med bitcoin er ikke anonymt. :)</p>
-</description>
- </item>
-
- <item>
- <title>Why is your site not using Content Security Policy / CSP?</title>
- <link>http://people.skolelinux.org/pere/blog/Why_is_your_site_not_using_Content_Security_Policy___CSP_.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Why_is_your_site_not_using_Content_Security_Policy___CSP_.html</guid>
- <pubDate>Sun, 9 Dec 2018 15:00:00 +0100</pubDate>
- <description><p>Yesterday, I had the pleasure of watching on Frikanalen the OWASP
-talk by Scott Helme titled
-"<a href="https://frikanalen.no/video/626080/">What We’ve Learned From
-Billions of Security Reports</a>". I had not heard of the
-<a href="https://en.wikipedia.org/wiki/Content_Security_Policy">Content
-Security Policy standard</a> nor its ability to "call home" when a
-browser detect a policy breach (I do not follow web page design
-development much these days), and found the talk very illuminating.</p>
-
-<p>The mechanism allow a web site owner to use HTTP headers to tell
-visitors web browser which sources (internal and external) are allowed to
-be used on the web site. Thus it become possible to enforce a "only
-local content" policy despite web designers urge to fetch programs
-from random sites on the Internet, like the one
-<a href="https://securityaffairs.co/wordpress/68966/hacking/browsealoud-plugin-hack.html">enabling
-the attack</a> reported by Scott Helme earlier this year.</p>
-
-<p>Using CSP seem like an obvious thing for a site admin to implement
-to take some control over the information leak that occur when
-external sources are used to render web pages, it is a mystery more
-sites are not using CSP? It is being
-<a href="https://www.w3.org/TR/CSP/">standardized under W3C</a> these
-days, and is supposed by most web browsers</p>
-
-<p>I managed to find <a href="https://github.com/mozilla/django-csp">a
-Django middleware for implementing CSP</a> and was happy to discover
-it was already in Debian. I plan to use it to add CSP support to the
-Frikanalen web site soon.</p>
+<ul>
+
+ <li>Significantly improved OData parsing</li>
+ <li>Support for business specific metadata and national identifiers</li>
+ <li>Continued implementation of domain model and endpoints</li>
+ <li>Improved testing</li>
+ <li>Ability to export and import from arkivstruktur.xml</li>
+
+</ul>
+
+<p>We are currently in the process of reaching an agreement with an
+archive institution to publish their picture archive using nikita with
+business specific metadata and we hope that we can share this with you
+soon. This is an interesting project as it allows the organisation to
+bring an older picture archive back to life while using the original
+metadata values stored as business specific metadata. Combined with
+OData means the scope and use of the archive is significantly
+increased and will showcase both the flexibility and power of
+Noark.</p>
+
+<p>I really think we are approaching a version 1.0 of nikita, even
+though there is still a lot of work to be done. The notable work at
+the moment is to implement access-control and full text indexing of
+documents.</p>
+
+<p>My sincere thanks to everyone who has contributed to this
+release!</p>
+
+<p>- Thomas</p>
+
+<p><strong>Release 0.6 2021-06-10 (d1ba5fc7e8bad0cfdce45ac20354b19d10ebbc7b)</strong></p>
+
+<ul>
+
+ <li>Refactor metadata entity search</li>
+ <li>Remove redundant security configuration</li>
+ <li>Make OpenAPI documentation work</li>
+ <li>Change database structure / inheritance model to a more sensible approach</li>
+ <li>Make it possible to move entities around the fonds structure</li>
+ <li>Implemented a number of missing endpoints</li>
+ <li>Make sure yml files are in sync</li>
+ <li>Implemented/finalised storing and use of
+ <ul>
+ <li>Business Specific Metadata</li>
+ <li>Norwegian National Identifiers</li>
+ <li>Cross Reference</li>
+ <li>Keyword</li>
+ <li>StorageLocation</li>
+ <li>Author</li>
+ <li>Screening for relevant objects</li>
+ <li>ChangeLog</li>
+ <li>EventLog</li>
+ </ul></li>
+ <li>Make generation of updated docker image part of successful CI pipeline</li>
+ <li>Implement pagination for all list requests
+ <ul>
+ <li>Refactor code to support lists</li>
+ <li>Refactor code for readability</li>
+ <li>Standardise the controller/service code</li>
+ </ul></li>
+ <li>Finalise File->CaseFile expansion and Record->registryEntry/recordNote
+expansion</li>
+ <li>Improved Continuous Integration (CI) approach via gitlab</li>
+ <li>Changed conversion approach to generate tagged PDF documents</li>
+ <li>Updated dependencies
+ <ul>
+ <li>For security reasons</li>
+ <li>Brought codebase to spring-boot version 2.5.0</li>
+ <li>Remove import of necessary dependencies</li>
+ <li>Remove non-used metrics classes</li>
+ </ul></li>
+ <li>Added new analysis to CI including</li>
+ <li>Implemented storing of Keyword</li>
+ <li>Implemented storing of Screening and ScreeningMetadata</li>
+ <li>Improved OData support
+ <ul>
+ <li>Better support for inheritance in queries where applicable</li>
+ <li>Brought in more OData tests</li>
+ <li>Improved OData/hibernate understanding of queries</li>
+ <li>Implement $count, $orderby</li>
+ <li>Finalise $top and $skip</li>
+ <li>Make sure & is used between query parameters</li>
+ </ul></li>
+ <li>Improved Testing in codebase
+ <ul>
+ <li>A new approach for integration tests to make test more readable</li>
+ <li>Introduce tests in parallel with code development for TDD approach</li>
+ <li>Remove test that required particular access to storage</li>
+ </ul></li>
+ <li>Implement case-handling process from received email to case-handler
+ <ul>
+ <li>Develop required GUI elements (digital postroom from email)</li>
+ <li>Introduced leader, quality control and postroom roles</li>
+ </ul></li>
+ <li>Make PUT requests return 200 OK not 201 CREATED</li>
+ <li>Make DELETE requests return 204 NO CONTENT not 200 OK</li>
+ <li>Replaced 'oppdatert*' with 'endret*' everywhere to match latest spec</li>
+ <li>Upgrade Gitlab CI to use python > 3 for CI scripts</li>
+ <li>Bug fixes
+ <ul>
+ <li>Fix missing ALLOW</li>
+ <li>Fix reading of objects from jar file during start-up</li>
+ <li>Reduce the number of warnings in the codebase</li>
+ <li>Fix delete problems</li>
+ <li>Make better use of cascade for "leaf" objects</li>
+ <li>Add missing annotations where relevant</li>
+ <li>Remove the use of ETAG for delete</li>
+ <li>Fix missing/wrong/broken rels discovered by runtest</li>
+ <li>Drop unofficial convertFil (konverterFil) end point</li>
+ <li>Fix regex problem for dateTime</li>
+ <li>Fix multiple static analysis issues discovered by coverity</li>
+ <li>Fix proxy problem when looking for object class names</li>
+ <li>Add many missing translated Norwegian to English (internal)
+attribute/entity names</li>
+ <li>Change UUID generation approach to allow code also set a value</li>
+ <li>Fix problem with Part/PartParson</li>
+ <li>Fix problem with empty OData search results</li>
+ <li>Fix metadata entity domain problem</li>
+ </ul></li>
+ <li>General Improvements
+ <ul>
+ <li>Makes future refactoring easier as coupling is reduced</li>
+ <li>Allow some constant variables to be set from property file</li>
+ <li>Refactor code to make reflection work better across codebase</li>
+ <li>Reduce the number of @Service layer classes used in @Controller
+classes</li>
+ <li>Be more consistent on naming of similar variable types</li>
+ <li>Start printing rels/href if they are applicable</li>
+ <li>Cleaner / standardised approach to deleting objects</li>
+ <li>Avoid concatenation when using StringBuilder</li>
+ <li>Consolidate code to avoid duplication</li>
+ <li>Tidy formatting for a more consistent reading style across
+similar class files</li>
+ <li>Make throw a log.error message not an log.info message</li>
+ <li>Make throw print the log value rather than printing in multiple
+places</li>
+ <li>Add some missing pronom codes</li>
+ <li>Fix time formatting issue in Gitlab CI</li>
+ <li>Remove stale / unused code</li>
+ <li>Use only UUID datatype rather than combination String/UUID for systemID</li>
+ <li>Mark variables final and @NotNull where relevant to indicate
+intention</li>
+ </ul></li>
+ <li>Change Date values to DateTime to maintain compliance with Noark 5
+standard</li>
+ <li>Domain model improvements using Hypersistence Optimizer
+ <ul>
+ <li>Move @Transactional from class to methods to avoid borrowing the JDBC Connection unnecessarily</li>
+ <li>Fix OneToOne performance issues</li>
+ <li>Fix ManyToMany performance issues</li>
+ <li>Add missing bidirectional synchronization support</li>
+ <li>Fix ManyToMany performance issue</li>
+ </ul></li>
+ <li>Make List<> and Set<> use final-keyword to avoid potential problems
+during update operations</li>
+ <li>Changed internal URLs, replaced "hateoas-api" with "api".</li>
+ <li>Implemented storing of Precedence.</li>
+ <li>Corrected handling of screening.</li>
+ <li>Corrected _links collection returned for list of mixed entity types
+to match the specific entity.</li>
+ <li>Improved several internal structures.</li>
+</ul>
+
+</blockquote></p>
+
+<p>If free and open standardized archiving API sound interesting to
+you, please contact us on IRC
+(<a href="irc://irc.oftc.net/%23nikita">#nikita on
+irc.oftc.net</a>) or email
+(<a href="https://lists.nuug.no/mailman/listinfo/nikita-noark">nikita-noark
+mailing list</a>).</p>
projects / homepage.git / blobdiff