Release Notes - version 2.020.28a

Version 2.020.28a was deployed to https://kf.kobotoolbox.org/ on Monday, 20 July 2020 at 01:00 UTC and to https://kobo.humanitarianresponse.info/ on Thursday, 9 July 2020 at 00:02 UTC.

Bugs Fixed

PR Description Related Issues
#2728 Use the current, 64-character CSRF token cookie instead of any stale ones set by old versions of the application #2717
#2725 Revert change that enabled HttpOnly on the CSRF token cookie, since this caused CSRF errors in some circumstances and “offers little practical benefit” #2588, #2589, #2717
kobotoolbox/kobocat#624 Fix some 404 errors in the legacy photo gallery by stripping out extra tokens added to image URLs by the gallery JavaScript library kobotoolbox/kobocat#623

Improvements

PR Description Related Issues
#2719 Improve icon cache so that new releases do not require hard refreshes to display correctly #2715
#2639 Avoid a confusing error message when connectivity fails while editing permissions #2341
#2608 Display a better error message and title in the REST Services log when a submission has been deleted #2470
#2720, kobotoolbox/kobocat#620 Reduce session timeout to 1 week from the Django default of 2 weeks, for better security kobotoolbox/tasks#336
kobotoolbox/kobocat#628 Remove calls to MongoDB fsync, which is not available in all environments kobotoolbox/kobocat#627, kobotoolbox/kobo-docker#293
2 Likes