Version 2.020.28a was deployed to https://kf.kobotoolbox.org/ on Monday, 20 July 2020 at 01:00 UTC and to https://kobo.humanitarianresponse.info/ on Thursday, 9 July 2020 at 00:02 UTC.
Bugs Fixed
| PR | Description | Related Issues |
|---|---|---|
| #2728 | Use the current, 64-character CSRF token cookie instead of any stale ones set by old versions of the application | #2717 |
| #2725 | Revert change that enabled HttpOnly on the CSRF token cookie, since this caused CSRF errors in some circumstances and “offers little practical benefit”
|
#2588, #2589, #2717 |
| kobotoolbox/kobocat#624 | Fix some 404 errors in the legacy photo gallery by stripping out extra tokens added to image URLs by the gallery JavaScript library | kobotoolbox/kobocat#623 |
Improvements
| PR | Description | Related Issues |
|---|---|---|
| #2719 | Improve icon cache so that new releases do not require hard refreshes to display correctly | #2715 |
| #2639 | Avoid a confusing error message when connectivity fails while editing permissions | #2341 |
| #2608 | Display a better error message and title in the REST Services log when a submission has been deleted | #2470 |
| #2720, kobotoolbox/kobocat#620 | Reduce session timeout to 1 week from the Django default of 2 weeks, for better security | kobotoolbox/tasks#336 |
| kobotoolbox/kobocat#628 | Remove calls to MongoDB fsync, which is not available in all environments |
kobotoolbox/kobocat#627, kobotoolbox/kobo-docker#293 |
