release-1.6

This release fixes a couple of minor linter-warnings, and updates the submissions of events slightly. In the past the IP of the submission-source was always used - but now it is possible for a remote host to specify its own IP, without that being overwritten.

This is useful for heartbeats which might be running inside docker-containers, for example. With this change made a docker-container can be restarted, receive a new IP, and continue to update the existing event.

This release updates our build-process, managed by github actions, to use the new syntax. (#12).

There have been minor tweaks to the code for correctness/neatness, but no significant changes to the previous release.

This release is being made solely to transition the testing and release process from TravisCI to github actions:

• github-action-tester
  • Used to run tests.
• github-action-publish-binaries
  • Used to make releases.

This release exists solely to provide binaries for more systems.

Specifically we now ship binaries for:

• ARM
• Darwin
• Linux
• Windows

There are zero functional changes compared to the previous release; although the example sql file has been updated for correctness.

This release is a trivial update which changes from using bootstrap v3.3.7 to v3.4.0. There are no functional changes.

This release is dedicated to code-quality; there are zero user-visible changes, instead we've fixed all outstanding go vet and go lint warnings.

This release updates the handling of source-addresess, to strip any::ffff: prefix which might be present. This doesn't change the behaviour in any way, but improves the display of IPs in the user-interface.

This is tagged release-1.0 as the system is stable has been in-production for several months now.

This release is the first makes a significant change to the database-storage, rather than using SQLite we're now using MySQL. This makes the installation a little more complex:

• You must create database.
  • And setup a user to connect to it.
• You must set a DSN in the environment.

However the gain is much more reliability. (I was suffering a flurry of "database is locked" errors when using SQLite under significant load.)

Other changes in this release include:

• Non-blocking invokation of the purppura-notify script.
  • Which has been updated to allow the script to determine the number of notifications which have been made.
  • Allowing easy escalation of outstanding alerts.
• Collection of metrics.
  • Via golang-metrics

This release updates the web-based user-interface to filter the detail of any raised/acknowledged/pending alerts, this removes the security-risk of not escaping the body.

This should have been included in release-0.7 but was missed due to a hasty git-push.

In short:

• Subject is HTML-escaped.
  • Meaning you should not use HTML in your subject.
• Detail is sanitized.
  • Meaning you can use links, bold, italic, etc, but XSS will be prevented.
  • This is achived via bluemonday.

This release updates the web user-interface to escape characters in alert-subjects.

The detail-field of alerts, be they raised, pending, or acknowledged, is left to be free-form HTML although this is a minor security risk.