release-1.6

This release fixes a couple of minor linter-warnings, and updates the submissions of events slightly. In the past the IP of the submission-source was always used - but now it is possible for a remote host to specify its own IP, without that being overwritten.

This is useful for heartbeats which might be running inside docker-containers, for example. With this change made a docker-container can be restarted, receive a new IP, and continue to update the existing event.

This release updates our build-process, managed by github actions, to use the new syntax. (#12).

There have been minor tweaks to the code for correctness/neatness, but no significant changes to the previous release.

This release is being made solely to transition the testing and release process from TravisCI to github actions:

• github-action-tester
  • Used to run tests.
• github-action-publish-binaries
  • Used to make releases.

This release exists solely to provide binaries for more systems.

Specifically we now ship binaries for:

• ARM
• Darwin
• Linux
• Windows

There are zero functional changes compared to the previous release; although the example sql file has been updated for correctness.

This release is a trivial update which changes from using bootstrap v3.3.7 to v3.4.0. There are no functional changes.

This release is dedicated to code-quality; there are zero user-visible changes, instead we've fixed all outstanding go vet and go lint warnings.

This release updates the handling of source-addresess, to strip any::ffff: prefix which might be present. This doesn't change the behaviour in any way, but improves the display of IPs in the user-interface.

This is tagged release-1.0 as the system is stable has been in-production for several months now.

This release is the first makes a significant change to the database-storage, rather than using SQLite we're now using MySQL. This makes the installation a little more complex:

• You must create database.
  • And setup a user to connect to it.
• You must set a DSN in the environment.

However the gain is much more reliability. (I was suffering a flurry of "database is locked" errors when using SQLite under significant load.)

Other changes in this release include:

• Non-blocking invokation of the purppura-notify script.
  • Which has been updated to allow the script to determine the number of notifications which have been made.
  • Allowing easy escalation of outstanding alerts.
• Collection of metrics.
  • Via golang-metrics

This release updates the web-based user-interface to filter the detail of any raised/acknowledged/pending alerts, this removes the security-risk of not escaping the body.

This should have been included in release-0.7 but was missed due to a hasty git-push.

In short:

• Subject is HTML-escaped.
  • Meaning you should not use HTML in your subject.
• Detail is sanitized.
  • Meaning you can use links, bold, italic, etc, but XSS will be prevented.
  • This is achived via bluemonday.

This release updates the web user-interface to escape characters in alert-subjects.

The detail-field of alerts, be they raised, pending, or acknowledged, is left to be free-form HTML although this is a minor security risk.

This release makes minor changes to the user-interface:

• Allowing a click anywhere in the table-columns to toggle the appropriate row.

Beyond some internal cleanups there are no significant changes, with the exception that all URIs now accept an optional trailing slash, and POSTing an event with missing fields will cause an error at submission-time.

Unfortunately the binaries of previous releases were all broken.

When you attempt to login you see:

    Binary was compiled with 'CGO_ENABLED=0', go-sqlite3 requires cgo to work. This is a stub

In short cross-compiling is broken, so I've had to disable it and the binaries for non AMD64 linux choices.

This is a minor update which simplifies the internal implementation of the cookie-based authentication.

The only user-visible change is the minor bump of bootstrap from version 3.3.6, to 3.3.7.

This is the first public release of the code which is now in production:

• https://alert.steve.fi/

This code completely replaces the purple project, despite not having comprehensive tests yet.