Tags

## v1.1.6, 2024.09.23

### Added

feat(devops): allow to generate Trivy HTML report (sbom + security) #121

### Fixed

- fix(cert-remind): add forgot password tip (cert manager) #120
- fix: PHP ext-intl is mandatory to i18n #119

### Dependencies

- chore(composer.lock): upgrade symfony (6.4.11 => 6.4.12), composer/semver, nikic/php-parser, ... #118

## v1.1.5, 2024.09.11

### Added

- feat(make): allow to generate SBOM files #113
- doc: add auto generated SBOM files (Software Bill of Materials) #114

### Changed

- ci: twig linter is not allowed to fail #115

### Fixed

- chore(nelmio): xss_protection is deprecated since nelmio/security-bundle 3.4.0 #116

### Dependencies

- chore(composer.lock): upgrade symfony/polyfill*, phpstan/phpdoc-parser, nelmio/security-bundle, twig/* #117
- chore(composer.lock): upgrading doctrine/annotations, nelmio/security-bundle #112

## v1.1.4, 2024.09.03

### Added

- ci: add Twig linter #111

### Dependancies

- chore(composer.lock): upgrade symfony (6.4.10 => 6.4.11), twig, doctrine #110

## v1.1.3, 2024.07.26

### Dependancies

- chore(composer.lock): upgrade symfony (6.4.9 => 6.4.10), composer/*, nelmio/security-bundle  #109

## v1.1.2, 2024.06.28

### Dependencies

- chore(composer.lock): upgrading doctrine/dbal, ...
- chore(composer.lock): upgrade symfony (6.4.8 => 6.4.9), doctrine/*, monolog #107

## v1.1.1, 2024.06.04

### Changed

- Certificate reminder: set `false` as default value for
  `WEBAPP_CERTIFICAT_COPY_REMINDER_TO_EMAIL_ALERTING` environment variable #105

```bash
# Webapp - Send copy of certificate end-of-life notifications to WEBAPP_EMAIL_ALERTING_TO
WEBAPP_CERTIFICAT_COPY_REMINDER_TO_EMAIL_ALERTING=false # (default: false)
```

### Fixed

- ADMIN > configuration display : add missing environment variables #102

### Dependancies

- chore(composer.lock): upgrading doctrine/event-manager, doctrine-fixtures #101
- chore(composer.lock): upgrading symfony (6.4.7 => 6.4.8) #106

# v1.0.2, 2023.12.18

### Fixed

- test: allow to run Infection (mutation testing)
- test(pkcs12 convertor): allow mutation testing
- fix(convertHexadecimalToDecimal): remove hexadecimal prefix [ `0x` ]
- fix(NormalizesDataForCertificate): remove special characters used by JSON format
- fix(composer.json): unblock doctrine/orm version
- test: add unit tests for new Symfony services and exceptions
- refactor: add specific Symfony services (Certificate, CertificateAuthority, CfsslService, ...)
- refactor: add dedicated exceptions
  - KeySizeRangeException
  - InvalidAlgorithmException
  - Pkcs12ConvertorFailed
  - InvalidPrivateKey
  - InvalidPublicKey
  - NotMatchingPrivateAndPublicKeys

### Dependancies

- chore(composer.lock): upgrade `symfony` (`v6.4.0` => `v6.4.1`)
- chore(composer.json): upgrade `symfony` (`v6.3.9` => `v6.4.0`)
- chore(composer.lock): upgrade `symfony` (`v6.3.8` => `v6.3.9`)
- chore(composer.lock): upgrade `phpunit`, `doctrine`, `nelmio/security-bundle`, `composer/ca-bundle`

## v1.0.1, 2023.11.13

### Security

- fix: escape special characters of password sent to openssl command #81
- chore(composer.lock): doctrine, symfony/* (`v6.3.7` => `v6.3.8`)

## v1.0.0, 2023.11.09

### Fixed

- fix(ux): remove misspelling in tab name. (see: #80)
- chore(composer.lock): upgrade `symfony/monolog-bundle` (`v3.8.0` => `v3.10.0`)

## v1.0.0-rc.2.0, 2023.10.31

### Fixed

- fix(ux): use browser native "minlength" attribute for password fields
- fix(a11y): add a missing "nav" HTML tag

### Security

- chore(composer.lock): update `monolog`, `symfony/*` (v6.3.6 => v6.3.7)

<details>
<summary>
see: https://symfony.com/blog/symfony-6-3-7-released

Update `symfony/*` (v6.3.6 => v6.3.7) : 0 installs, 18 updates, 0 removals

</summary>

Lock file operations: 0 installs, 18 updates, 0 removals
- Upgrading monolog/monolog (3.4.0 => 3.5.0)
- Upgrading symfony/doctrine-bridge (v6.3.6 => v6.3.7)
- Upgrading symfony/doctrine-messenger (v6.3.6 => v6.3.7)
- Upgrading symfony/dotenv (v6.3.0 => v6.3.7)
- Upgrading symfony/flex (v2.4.0 => v2.4.1)
- Upgrading symfony/form (v6.3.6 => v6.3.7)
- Upgrading symfony/framework-bundle (v6.3.6 => v6.3.7)
- Upgrading symfony/http-client (v6.3.6 => v6.3.7)
- Upgrading symfony/http-foundation (v6.3.6 => v6.3.7)
- Upgrading symfony/http-kernel (v6.3.6 => v6.3.7)
- Upgrading symfony/intl (v6.3.2 => v6.3.7)
- Upgrading symfony/messenger (v6.3.6 => v6.3.7)
- Upgrading symfony/security-bundle (v6.3.6 => v6.3.7)
- Upgrading symfony/security-core (v6.3.5 => v6.3.7)
- Upgrading symfony/serializer (v6.3.6 => v6.3.7)
- Upgrading symfony/translation (v6.3.6 => v6.3.7)
- Upgrading symfony/validator (v6.3.6 => v6.3.7)
- Upgrading symfony/yaml (v6.3.3 => v6.3.7)

</details>

## v1.0.0-rc.1.0, 2023.10.25

### Added

- feat(i18n): as an anonymous user, the interface is in French
- feat(webperf): add HTTP "Cache-Control: immutable" headers for CSS and JS files

## v0.17.0, 2023.10.25

### Added

- feat(i18n): as a manager, the interface is in French
- feat(css): use AssetMapper to bust browser cache when css, js or images change
- ci(release-build): add checksum of webapp files

### Changed

#### Breaking change

- ci(release): use lower file and directory permissions
- feat(security)!: HTTPS is mandatory for PROD environment

### Fixed

- fix: specify application language in HTML code

### Security

- chore(composer.lock): update `symfony/*` (v6.3.5 => v6.3.6)

<details>
<summary>

Update `symfony/*` (v6.3.5 => v6.3.6) : 0 installs, 21 updates, 0 removals

</summary>

Package operations:  0 installs, 21 updates, 0 removals
- Upgrading php-webdriver/webdriver (1.15.0 => 1.15.1)
- Upgrading symfony/cache (v6.3.5 => v6.3.6)
- Upgrading symfony/doctrine-bridge (v6.3.5 => v6.3.6)
- Upgrading symfony/doctrine-messenger (v6.3.1 => v6.3.6)
- Upgrading symfony/flex (v2.3.3 => v2.4.0)
- Upgrading symfony/form (v6.3.5 => v6.3.6)
- Upgrading symfony/framework-bundle (v6.3.5 => v6.3.6)
- Upgrading symfony/http-client (v6.3.5 => v6.3.6)
- Upgrading symfony/http-foundation (v6.3.5 => v6.3.6)
- Upgrading symfony/http-kernel (v6.3.5 => v6.3.6)
- Upgrading symfony/messenger (v6.3.5 => v6.3.6)
- Upgrading symfony/notifier (v6.3.0 => v6.3.6)
- Upgrading symfony/phpunit-bridge (v6.3.2 => v6.3.6)
- Upgrading symfony/security-bundle (v6.3.5 => v6.3.6)
- Upgrading symfony/security-http (v6.3.5 => v6.3.6)
- Upgrading symfony/serializer (v6.3.5 => v6.3.6)
- Upgrading symfony/translation (v6.3.3 => v6.3.6)
- Upgrading symfony/validator (v6.3.5 => v6.3.6)
- Upgrading symfony/var-dumper (v6.3.5 => v6.3.6)
- Upgrading symfony/var-exporter (v6.3.4 => v6.3.6)
- Upgrading symfony/web-profiler-bundle (v6.3.2 => v6.3.6)

</details>

## v0.16.0, 2023.10.19

### Added

- feat: allow anonymous user to use "forgot password" form

### Changed

- chore(composer.lock): update `doctrine/dbal`

## v0.15.0, 2023.10.06

### Added

- feat: allow user to change password

### Changed

- chore(composer.lock): update `doctrine/collections`, `egulias/email-validator` and `dbrekelmans/bdi`

<details>
<summary>

Update `doctrine/collections`, `egulias/email-validator` and `dbrekelmans/bdi` : 0 installs, 3 updates, 0 removals

</summary>

- Upgrading dbrekelmans/bdi (1.0.5 => 1.1.0)
- Upgrading doctrine/collections (2.1.3 => 2.1.4)
- Upgrading egulias/email-validator (4.0.1 => 4.0.2)

</details>

## v0.14.0, 2023.10.02

### Added

- feat(admin): display missing configuration
- feat(form): display min password length
- feat(user): use minimum password length defined by env variable
- feat(certificate): use minimum password length defined by env variable
- feat(env): allow to configure minimum password length (user and certificate)
- feat(env): allow to configure i18n default locale
- feat(env): allow to configure lifetime of reset password token (default: 20 minutes)

see `.env` file:
```bash
WEBAPP_I18N_DEFAULT_LOCALE                        # User interface language (default: 'en')
WEBAPP_USER_CONFIG_RESET_PASSWORD_TOKEN_LIFETIME  # Lifetime of reset password token in seconds (default: 1200 = 20 minutes).
WEBAPP_USER_CONFIG_MIN_PASSWORD_LENGTH            # Minimum user password length (default: 12)
WEBAPP_CERTIFICAT_CONFIG_MIN_PASSWORD_LENGTH      # Minimum certificate password length (default: 12)
```

### Fixed

- test(manager): add tests for create certificate form

### Security

- chore(composer.lock): update `symfony/*` (v6.3.4 => v6.3.5), `doctrine/*`, `phpdoc-parser`
- chore(composer.lock): update `phpunit/*`, `symfony/maker-bundle`

<details>
<summary>

Update `symfony/*` (v6.3.4 => v6.3.5), `doctrine/*`, `phpdoc-parser` : 0 installs, 24 updates, 0 removals

</summary>

see:
https://symfony.com/blog/symfony-6-3-5-released

- Upgrading symfony/http-foundation (v6.3.4 => v6.3.5)
- Upgrading symfony/var-dumper (v6.3.4 => v6.3.5)
- Upgrading symfony/error-handler (v6.3.2 => v6.3.5)
- Upgrading symfony/http-kernel (v6.3.4 => v6.3.5)
- Upgrading symfony/doctrine-bridge (v6.3.4 => v6.3.5)
- Upgrading symfony/dependency-injection (v6.3.4 => v6.3.5)
- Upgrading symfony/string (v6.3.2 => v6.3.5)
- Upgrading doctrine/deprecations (v1.1.1 => 1.1.2)
- Upgrading doctrine/dbal (3.6.6 => 3.7.0)
- Upgrading symfony/routing (v6.3.3 => v6.3.5)
- Upgrading symfony/finder (v6.3.3 => v6.3.5)
- Upgrading symfony/cache (v6.3.4 => v6.3.5)
- Upgrading symfony/framework-bundle (v6.3.4 => v6.3.5)
- Upgrading symfony/password-hasher (v6.3.0 => v6.3.5)
- Upgrading symfony/security-core (v6.3.3 => v6.3.5)
- Upgrading symfony/security-http (v6.3.4 => v6.3.5)
- Upgrading phpstan/phpdoc-parser (1.24.1 => 1.24.2)
- Upgrading symfony/twig-bridge (v6.3.2 => v6.3.5)
- Upgrading symfony/messenger (v6.3.4 => v6.3.5)
- Upgrading symfony/form (v6.3.2 => v6.3.5)
- Upgrading symfony/mime (v6.3.3 => v6.3.5)
- Upgrading symfony/mailer (v6.3.0 => v6.3.5)
- Upgrading symfony/http-client (v6.3.2 => v6.3.5)
- Upgrading symfony/security-bundle (v6.3.4 => v6.3.5)
- Upgrading symfony/serializer (v6.3.4 => v6.3.5)
- Upgrading symfony/validator (v6.3.4 => v6.3.5)

</details>

## v0.13.0, 2023.09.06

### Added

- feat: replace simple lists with paginated lists
- feat(env): configure the number of items in paginated lists
  - see `WEBAPP_ADMIN_CONFIG_DEFAULT_MAX_USER_PER_PAGE` in .env file.
  - see `WEBAPP_ADMIN_CONFIG_DEFAULT_MAX_CERT_PER_PAGE` in .env file.
  - see `WEBAPP_MANAGER_CONFIG_DEFAULT_MAX_CERT_PER_PAGE` in .env file.

### Fixed

- fix(template): remove an excess closing HTML tag

### Security

- feat(security): strengthen the session fixation strategy
- feat(security): send HTTP header to clear browsing data on logout
- fix(security): enable by default CSRF protection

## v0.12.1, 2023.09.01

### Security

- chore(composer.lock): update `symfony/*` (v6.3.2 => v6.3.3), `doctrine/*`, `twig/*`, ...

<details>
<summary>

Update `symfony/*` (v6.3.2 => v6.3.4), `doctrine/*`, `twig/*`, ... : 0 installs, 32 updates, 0 removals

</summary>

see: <https://symfony.com/blog/symfony-6-3-4-released>

- Upgrading composer/ca-bundle (1.3.6 => 1.3.7)
- Upgrading doctrine/data-fixtures (1.6.6 => 1.6.7)
- Upgrading doctrine/dbal (3.6.5 => 3.6.6)
- Upgrading nikic/php-parser (v4.16.0 => v4.17.1)
- Upgrading php-webdriver/webdriver (1.14.0 => 1.15.0)
- Upgrading phpdocumentor/type-resolver (1.7.2 => 1.7.3)
- Upgrading phpunit/phpunit (9.6.10 => 9.6.11)
- Upgrading symfony/cache (v6.3.2 => v6.3.4)
- Upgrading symfony/clock (v6.3.1 => v6.3.4)
- Upgrading symfony/console (v6.3.2 => v6.3.4)
- Upgrading symfony/dependency-injection (v6.3.2 => v6.3.4)
- Upgrading symfony/doctrine-bridge (v6.3.2 => v6.3.4)
- Upgrading symfony/dom-crawler (v6.3.1 => v6.3.4)
- Upgrading symfony/framework-bundle (v6.3.2 => v6.3.4)
- Upgrading symfony/http-foundation (v6.3.2 => v6.3.4)
- Upgrading symfony/http-kernel (v6.3.3 => v6.3.4)
- Upgrading symfony/messenger (v6.3.3 => v6.3.4)
- Upgrading symfony/polyfill-intl-grapheme (v1.27.0 => v1.28.0)
- Upgrading symfony/polyfill-intl-icu (v1.27.0 => v1.28.0)
- Upgrading symfony/polyfill-intl-idn (v1.27.0 => v1.28.0)
- Upgrading symfony/polyfill-intl-normalizer (v1.27.0 => v1.28.0)
- Upgrading symfony/polyfill-mbstring (v1.27.0 => v1.28.0)
- Upgrading symfony/polyfill-php83 (v1.27.0 => v1.28.0)
- Upgrading symfony/process (v6.3.2 => v6.3.4)
- Upgrading symfony/security-bundle (v6.3.3 => v6.3.4)
- Upgrading symfony/security-http (v6.3.2 => v6.3.4)
- Upgrading symfony/serializer (v6.3.3 => v6.3.4)
- Upgrading symfony/validator (v6.3.2 => v6.3.4)
- Upgrading symfony/var-dumper (v6.3.3 => v6.3.4)
- Upgrading symfony/var-exporter (v6.3.2 => v6.3.4)
- Upgrading twig/extra-bundle (v3.7.0 => v3.7.1)
- Upgrading twig/twig (v3.7.0 => v3.7.1)

</details>