v0.4.0

This release contains minor bug fixes and enhancements.

Changelog since v0.3.1

Other

• Allow the same export filename to be used across multiple buckets (#870, @sethvargo)
• Fix revision token validation and ensure revision tokens are valid for the previous 14 days of keys, not just the keys uploaded in the revision request. (#865, @sethvargo)
• If just some of the exposure keys in a publish request are bad, drop those but accept the rest. Convey a partial success message back in the publish response. (#863, @mikehelmick)

Infrastructure

• Changes tracing standard from b3 to TraceContext. (#878, @icco)

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

v0.3.1

This release includes support for partial failures during key upload.

Changelog since v0.3.0

Changes

• If just some of the exposure keys in a publish request are bad, drop those but accept the rest. Convey a partial success message back in the publish response. (#863, @mikehelmick)

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

v0.3.0

This release includes changes to support traveler bits, better validation on
client input, and standardized response codes for clients.

Changelog since v0.2.0

Potentially breaking

• Added validation of ReportType claim in verification certificates. All verification certificates must include a valid report type or the publish request will be rejected. (#823, @mikehelmick)
• Fix typo in configuration variable name DEFAULT_REGOIN -> DEFAULT_REGION (#857, @sethvargo)
• Update functional requirements doc to reflect changes made to support v1.5, the verification protocol, data validation, and standard responses. (#853, @mikehelmick)
• Verification Certificate HMAC can be calculated without transmission risk values if transmission risk values are all 0 (#827, @mikehelmick)
• Revision token issues now return specific error codes and result in 400 level errors. v1 API definition contains new error codes. (#821, @mikehelmick)
• Adds an extra check on export generation that the key length for exported keys is exactly 16 bytes. (#852, @mikehelmick)

Infrastructure

• Allow customizing the database backup location (defaults unchanged) (#825, @sethvargo)

Security

• Add key-rotation container to docs (#839, @whaught)
• Added key-rotation endpoint to build/deploy/promote (#824, @whaught)
• Include a database lock around key rotation (#820, @whaught)

Other

• Formalized release process. (#819, @mikehelmick)
• ExportConfig supports the v1 API traveler bit, allowing exports to include "home" region and keys of federated-in travelers. (#826, @mikehelmick)
• Always include a logger object and make logging package public (#850, @sethvargo)
• E2E test for key rotation (#828, @whaught)
• Fix metrics exporting when using stackdriver (#843, @mikehelmick)
• Integration test that enables the verification flow (#829, @argetlam-cs)
• Moves package internal/observability to pkg/observability. (#845, @icco)
• Update documentation for new v1 API shape (#833, @mikehelmick)

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

v0.2.0

Release notes for v0.2.0

Changelog since

• Database migrations required
• New v1 API for the exposure service
• served on /v1/publish
• introduces ErrorCode constants, see pkg/api/v1/exposure_types.go_
• introduces "traveler" bit that can be used for roaming agreements
• federation API will be updatd in a future release
• v1alpha1 API can be disabled by setting env ENABLE_V1ALPHA1_API=false
• Revision tokens
• both the v1alpha1 and v1 APIs return structured JSON responses now that include revision tokens
• requires 2 new environment variable to be set
  • REVISION_TOKEN_KEY_ID : key ID of symmetric encryption key in your chosen key management system
    • REVISION_TOKEN_AAD : base64 encoded bytes for encryption of revision token keys. Can be in a secret manager
• terraform apply will create these values when using GCP.
• EN v1.5 API support
• reportType accepted via verification certificates. 1.1 transmission risk values are backfilled automatically
• symptom onset interval will be used to calculate days +/- sypmtom onset for a TEK
• new fields added to export files
• terraform supports updating existing deployments + custom domains on Cloud Run
• Improved DB read retrys
• renamed default branch from master to main

Dependencies

Added

• github.com/google/mako: v0.2.0
• github.com/google/martian/v3: v3.0.0
• github.com/mikehelmick/go-chaff: v0.3.0
• github.com/sethvargo/go-retry: v0.1.0
• github.com/sethvargo/go-signalcontext: v0.1.0

Changed

• cloud.google.com/go/bigquery: v1.6.0 → v1.8.0
• cloud.google.com/go/storage: v1.6.0 → v1.10.0
• cloud.google.com/go: v0.57.0 → v0.61.0
• github.com/google/go-cmp: v0.4.1 → v0.5.0
• github.com/google/pprof: fc25d7d → 1a94d86
• github.com/sethvargo/go-envconfig: v0.1.1 → v0.2.3
• github.com/sethvargo/go-gcpkms: e50d0c7 → v0.1.0
• github.com/yuin/goldmark: v1.1.27 → v1.1.32
• go.opencensus.io: v0.22.3 → v0.22.4
• golang.org/x/crypto: 06a226f → 75b2880
• golang.org/x/mod: v0.2.0 → v0.3.0
• golang.org/x/net: 0ba52f6 → ab34263
• golang.org/x/sync: 43a5402 → 6e8e738
• golang.org/x/sys: 0598657 → ddb9806
• golang.org/x/text: v0.3.2 → v0.3.3
• golang.org/x/tools: f8e0ea3 → 130c9f1
• google.golang.org/api: v0.25.0 → v0.29.0
• google.golang.org/genproto: 8367513 → 11fb19a
• google.golang.org/grpc: v1.29.1 → v1.30.0
• google.golang.org/protobuf: v1.24.0 → v1.25.0

Removed

Nothing has changed.

v0.1 - tagging before default branch rename

Update README.md (#676)

https://github.com/google/exposure-notifications-verification-server/commit/37dfad3ef09cfb68ba21cc56a815039b33e72bf1