What’s new

Corrections have been made in the e-mails changing block;

Recaptcha V2 module has been updated;

Inclusion of media in the CSP.

Authorization policies for files;

Corrections were made in the module Redirect User on Login.

The names of the administrative menus were revised.

Drupal’s Core has been updated to 7.98;

Improvements in the Terms of Use and Privacy module;

Improvements in the SAML module;

Performance improvements with fewer calls on the Platform;

Improvements in the Redoc module;

Sending of emails in HTML format;

Fixed a bug that caused extrainfo to be excluded when editing an APP;

Fixed a bug in the Swagger module, which replaced APIs with similar names.

Improvements in the Terms of Use and Privacy module;

Correction in the registration of the user;

Removed permission for anonymous user on MyApps.

The names of the administrative menus were revised.

Swagger download was improved.

Corrections were made in:

Drupal 7.97 Core Security was updated.

Plans would not return when APP Fields were blocked while editing APPs.

Fixes were made in the API Status.

Fixed invalid icon in MyApps V2.

Drupal 7.95 Core Security updated;

Changes to Swagger3 to be compatible with the new Redoc add-on.

Fixes were made in MyApps V2.

Vulnerabilities were fixed.

Correction in the loading of APIs in new APP registration;

Password reset for blocked registration;

Module to remove other modules;

Content change revision flag is enabled by default;

Change in MyApps/New/Edit Extra Fields after created;

Fixed API Search.

Fixed password reset.

Correction in the visualization of APPs for Manager;

Improvements in the Terms of Use module;

Improvements in the listing of Swaggers.

E-mail sending after changing the password;

Administrator can no longer change the user’s password;

Fixed the modal window for APP deletion;

Client Secret hidden, but with visualization by modal;

Setting maximum amount for creation of APPs;

Activate/Deactivate optional fields in the APPs view;

Inclusion of Loading in the submission of all forms in the Dev Portal;

Improvements in loading APPs;

Inclusion of button to delete Swagger inside the Swagger3 module;

Drupal 7.94 Core Update;

Fields were disabled in the editing of APPs;

Functional module to put a rate limit on the creation of APPs.

Update on the CSP.

Module for creating forms;

Module for MyApps with restrictions.

Creation of a module to purge inactive developers on the Dev Portal;

Visual improvements in the API Browser;

Stored Cross-Site Scripting (XSS);

Improvements to prevent automated User Registration;

Download Swagger button was included in the API technical documentation.

Public access to .json files with API restrictions;

Performance improvements in registering APPs;

APIs organized in alphabetical order in the register of APPs;

More options to manage the plans in the registration of APPs;

Improvements in CSP (Content-Security-Policies);

Drupal core updated to version 7.92.

Automatically add extrainfo in the APPs with the Registration data.

New directives in httpdconf;

Registration of DEVs is no longer linked to the API Platform.

Inclusion of customized endpoint for registration of APPs.

Fixed an issue related to the listing of users by IDOR.

Security update of Drupal core to 7.91;

Inclusion of download button for Swagger for APIs sent by API Platform;

When uploading a new Swagger through the Dev Portal, the old one is no longer deleted;

Audit shows who uploaded Swagger;

Improvements for loading APIs listing in API Browser and MyApps;

Report generation of modules installed/activated in Dev Portal using administrator login;

Inclusion of the Back button in the Access Token view;

Google Analytics Module updated;

Permission for Administrator to view the Custom Signup module;

CSP (Content Security Policy) updated;

CSP updated.

Fixed: user was not being notified of account created by an administrator;

Fixed: reset was not working due to page redirection after login;

Fixed: Terms of Use was returning error upon refusal;

Correction in Swagger’s permission settings ;

Correction in the new module API Segregation V2;

Swagger-Ui version Update;

Correction in API Segregation;

APPs editing fix was implemented for Manager 19.x and 18.x.

Correction in user registration for API Platform 4.8.0.1 and for 18.x and 19x.

Recaptcha corrected in module Login/Registration/Password-reset.

New module to load APIs listing via CSV and via Database;

Improvements in Permission List, adding the “.site” as a restriction of new registrations;

Improvements to view only APPs from only one Environment per extrafield;

Release of Hotjar and Google Tag Manager to CSP.

Fixed the Core of the Rules module;

New cache control security guidelines on the header;

Option to block email editing;

New SameSite and HttpOnly attributes guidelines in the cookie has_js.

Fixed the apps for monetizable APIs.

Included the shownOnAPIBrowser param in the API Browser.

Fixed the Portal database.

Created apps for monetizable APIs.

Drupal Core 7.89 update;

Update of the user table in the field changed, which was null and showing 52 years;

Enables the adm permission to edit pages in full html;

Fixed the table name.

Drupal Core 7.88 update with the latest security release;

Module Register Flow enables registration without email validation;

Integration Status URL allows you to monitor if the integration between the Portal and Manager is working properly;

Fixes error when editing apps for the old Manager;

Fixes issue when filtering apps through the APIs Manager;

Correction of security flaws (Injection and XSS);

New audit module within the Dev Portal.

Drupal Core 7.87 updated with the latest security release;

Option to return all of the resources from the APIs in the API Status;

Content-Security-Policies updates;

Removed the class .fas (compatibility with some visual identity);

Fixed a Bounty error in the API Browser;

Increases the file upload size in the Dev Portal to 5MB;

Password module to force the Dev Portal user to use a stronger password;

Fixed a bug in the User-Registration-Password module, which did not correctly send the reset of the password.

All modules developed by Sensedia have been released for Admin type profiles;

Synchronization of documents from Github to the Dev Portal;

Fixed a bug which the "&" character was not allowed to be used when creating Apps;

Cache fix in the API Browser.

Updated the JS to accept the OpenAPI 3.0 in the API Browser;

Fixed JS that caused an error in the dropdown menu within MyApps;

Fixed recaptcha within MyApps/new. It was not possible to disable recaptcha;

New CSP guidelines that blocked external resources;

Fixed conflicts in URLs caused by a redirection condition.

Included Redocs in the CSP security header since it was blocking the use of Redocs;

Fixed a bug in the developer registration that was not validating the email already registered.

Fixed the Auto-Logout system;

Fixed the bug when accessing the administrative tab within the MyApps module;

Upgrade from PHP 7.2 to 7.4,

Included the new Register Flow module that releases the registration only for one domain while the others are blocked and wait for the administrator to activate the registration;

Fixed the Tryout in the API Browser that was being blocked by the CSP header;

Change root’s e-mail address.

Set Permissions-Policy and Content-Security-Policy;

Make the TFA module mandatory;

Fixed the IP security lock.

Improvements in API segregation.

API search in the API registration process was fixed;

reCaptcha removed from APPs registration, but with automated registration restriction (rate limit).

Tokens visualization for older versions of Manager, as there was a change in the endpoint for returning tokens in more recent versions of Manager;

Multilingual reCaptcha for APP registration.

The administrator role will be able to view all Sensedia modules;

Module to download data from registered developers, with fields already filled, eliminating the need to request support to extract the database;

New version of API Status. It now shows all API operations for which the developer has a registered APP;

Error message on the Deny List was corrected.

XMLs visualization was blocked.

Number of APPs per page;

Enable/Disable detailing of Access Tokens;

Client ID and Client Secret encode, with Base64;

Enable/Disable Client Secret;

Enable/Disable button for APP registration;

Enable/Disable APP Editing;

Add the Extrafield view of an APP.

API is mandatory for registering new APP;

When an API is set as non-mandatory, it is possible to disable the visualization of the API.

Possibility to separate APIs as Internal and External;

Possibility of setting email domains to view the Internal APIs;

In this case, the options "Allow Apps Link" and "Show iterative documentation (Swagger)" of the API inside the API Platform are disabled;

Possibility to set, in HTML, the Terms of Use within the module;

For all changes made in the Terms of Use using HTML, a record will be kept informing who made the changes, when it was done and what was changed;

Possibility to download the data of the acceptance of the developers;

Possibility to reset the table of data of acceptance, but only for root users.

Removal of the memory setting in settings.php, because the configuration is part of the infrastructure.

Adjustment in the log so that the response of API calls in the "watchdogs" table is not registered, which used to cause high session rate in the DB.

Drupal CMS Core updated to 7.82

Multilingual email sending;

Registration restriction for certain configurable domains (DenyList);

Restriction of environments for the visualization of the Dev Dashboard;

Copy and Download buttons on request/response in API Browse (Swagger);

Correction on role validation on API Browser/Swagger visualization.

Restriction of the config file visualization;

Configuration of Cookie Secure and samesite=Lax;

Remotion of the meta tag from Drupal generator;

Inclusion of reCaptcha when creating APPs.

Set number of APPs per Page;

Enable/Disable Client Secret;

API as mandatory when registering an APP.

Adjustments were made in Sensedia modules;

Inclusion of a module that closes a session by time.

Restriction on txt file visualization;

Session cookie is now set to be closed in 30 min. Previously it was set for 23 days.

Drupal CMS Core updated to 7.80.

When deleting a user in Dev Portal, the Developer status in API Platform will be changed to BLOCKED. The developer will not be deleted from Manager;

For Manager versions 4.3.3.0 and above, PATCH will be performed instead of PUT;

Adjustments were made in the default modules (Admin Menu, Password Policy, Rules and Token).