The first feature release of the 5.9 series of NAV is now out!
The source code is available for download at GitHub [1].
New packages for Debian 10 (Buster) and 11 (Bullseye) are available in our APT repository [2] as usual. We haven't started building packages for Debian 12 (Bookworm) yet, as NAV does not yet support running under Python 3.11.
Please be extra aware of config file changes. Look out for `*.dpkg-dist` files in `/etc/nav` and make sure to update your running config.
Added =====
- Added option to enable secure cookies in new web security section of webfront.conf (#2194, #2815) - Made mod_auth_mellon (SAML) work for logins (#2740) - Also added howto for setting up mod_auth_mellon for Feide authentication.
Fixed =====
- Cycle session IDs on login/logout to protect against potential session fixation attacks (#2804, #2813, #2836, #2835) - Flush sessions on logout (#2828) - Prevent clickjacking attacks on NAV by disallowing putting NAV site in document frames (#2816, #2817) - Cleaned up overview/intro docs (#2827) - Various cleanups of the test suites: - Remove FakeSession redundancy (#2841, #2842) - Fixed activeipcollector get_timestamp function implementation and its broken timezone-naive test (#2831) - Fixed broken statemon tests (#2832) - Fixed warnings during integration tests (#2847, #2858) - Preserve 500-errors in webcrawler tests (#2861) - Removed nonsensical pydantic requirement (#2867) - Removed warnings when building docs (#2856)
Changed =======
- Modernize installation of NAV scripts/binaries using pyproject.toml (#2676, #2679) - Changed the documentation theme from “Bootstrap” to “Read The Docs”, as the Bootstrap theme was no longer being maintained. This also avoids unnecessary JavaScript libraries in the docs (#2805, #2825, #2824, #2834, #2837, #2833, #2853, #2868) - Various changes needed to move NAV closer to being fully compatible with Python 3.11: - Replaced all uses of pkg_resources with importlib (#2791, #2798, #2799) - Upgraded Twisted to a version that supports Python 3.11 (#2792, #2796) - Upgraded psycopg to 2.9.9 (#2793, #2795) - Dropped code that was there to support Django’s older than 3.2 (#2823) - Upgraded python-ldap from 3.4.0->3.4.4 (#2830) - Enabled running test suite on Python 3.10 by default (#2838) - Stopped running test suite on Python 3.8 by default (#2851) - Fixed invalid/deprecated backslash escapes in MIB dump files, as warned about in newer Python versions (#2846, #2848) - Fixed deprecation warning for Django 4.0 in test suite (#2844) - Removed an adaption to Pythons older than 3.7 (#2840) - Install Node/NPM in docker dev environment (#2855) - Vendor the PickleSerializer (#2866)
Release notes =============
We always advise you to have a look at NAV's accompanying release notes [3] before upgrading.
Happy NAVing everyone!
Links =====
[1] https://github.com/Uninett/nav/releases [2] https://nav.uninett.no/install-instructions/#debian [3] https://nav.readthedocs.io/en/latest/release-notes.html#nav-5-9