v4.1.1

Fixes:

• CloudFormation failing at CloudFrontSecurityHeadersSetup

v4.1.0

Fixes:

• Update several dependencies to resolve various security issues
• Remove a bunch of unused code
• Fix the CFN template to be lintable

Features:

• GitHub Flavored Markdown extensions are now supported in all Markdown fragments, including both custom content fragments and API descriptions.
• Headers in custom content fragments now include IDs prefixed with header-, so you can reference things like # Section Header via #header-section-header.

v4.0.4

Fixes:

• Assorted security updates within dependencies.

v3.0.7

Fixes:

• Assorted security updates within dependencies.

v3.0.6

IMPORTANT: Versions 3.0.0, 3.0.1, 3.0.2 contain a security issue and should not be installed. If you have installed or upgraded to any of the affected versions, you should upgrade to v3.0.6. In general, we recommend you update to the latest version for the best experience.

Fixes:

• Fixed security issue.
• Fixed related non-security bug in URL path matching.

v4.0.3

IMPORTANT: v4.0.0 contains a security issue and should not be installed. If you have installed or upgraded to v4.0.0, you should upgrade to v4.0.3. In general, we recommend you update to the latest version for the best experience.

Fixes:

• Updated websocket-extensions from 0.1.3 to 0.1.4 in dev-portal.
• Fixed security issue.
• Fixed related non-security bug in URL path matching.

v4.0.0

Features:

• Manage administrators from within the admin panel of the developer portal (#308, #358, #375)
  • Add users, remove users, and promote them to admins purely from a web interface in the admin panel
  • Invite users to see the panel
• Users can generate Swagger/OpenAPI exports from the developer portal (#350)
  • Users can optionally include x-amazon-apigateway-integrations extensions, x-amazon-apigateway-authorizer extensions, or extensions for importing into Postman, and they can include any combination of the three
  • Users can export as either JSON or YAML, depending on their preference
• External documentation fields are now consistently shown (#375)
  • External documentation descriptions are rendered as Markdown per Swagger spec
  • External documentation URLs are auto-linked
• APIs managed by API Gateway are shown with their AWS stage names (#357, #375)
  • These are still called "APIs" from the developer portal, and no direct reference to the AWS concept of "stages" is made in the text

Fixes:

• Update dependencies to fix npm audit warnings (#330, #375, commit fff3d74)
  • Also removed a few unnecessary dependencies - your deployment lambdas should be slightly smaller and load a little quicker
• Optimize the catalog updater substantially and fix some client-side logic that further slowed the process down (#375)
  • Also added loading spinners for each relevant button in the admin panel
• Fall back to available server endpoints for imported APIs that lack the optional host field (all Swagger 2 imports, some OpenAPI 3 imports), and omit it entirely if the fallback fails (#375)
• The server-side 60-minute session timer is now reflected client-side as well, and it validates this against the client (#367)
• The client now consistently waits for login before actually requesting certain data, to avoid certain client-side errors (#362)
• Fix error handling in the backend to more rigorously report exceptions (#362, #375)
• Fix static asset setup to properly copy images, to avoid encoding errors (#370)
• Fix logo loading, to use proper keys (#362, #375)
• Fix file upload iteration to not throw exceptions (#373)
• Fix data issue with the APIs listing (#377)
• Fix race condition with config in static asset uploader (#380)
• Ensure all APIs are fetched in admin panel (#393)
• Assorted visual, grammatical, and typographical fixes (#361, #390, #401, #402, #403, #404)
• Assorted security fixes

Changes:

• Marketplace subscription support is removed for now, as it's known broken (#410)
• Update Node.js in the lambdas to 12 (#330)
• Limit for API imports increased to 10MB to allow for larger imports (#359)
• Update development setup scripts and related documentation for easier onboarding (#344, #380, #396)
  • Node 12 or later is now required to build the developer portal locally
• Remove redundant subscribable/unsubscribable categories from admin panel (#362)
  • The core concept and the reasoning behind it is that you can only subscribe to APIs with usage plans (an invariant that already existed prior), and so the presence of a usage plan being assigned to it is what makes it subscribable
• Streamline search to be a bit more intuitive to use, and simplify its results (#362)
• Log errors much more consistently and regularly
• Registration confirmation emails now include a link to the developer portal instance they were created for and a more informative email title to clarify its origin (#369)
• Streamline the deployment process from source significantly for those who need deeper customization than what SAM/SAR alone allows (#380)
• Cognito user pool settings have been updated
• Cognito user pools are now retained post-deletion (#412)
• Add config options to the development script side to fill out the rest of the SAM template functionality (#396)

v3.0.2

Fixes:

• Fix fetching only one page of usage plans (#257)
  • Add unit tests for getAllUsagePlans (846992a)
  • Fetch all usage plans in DevPortalLambda (34dd2f4)
  • Move getAllUsagePlans to a "shared" file (6cdc771)
  • Fetch all usage plan pages in catalog updater (5bf6b1c)
• Redirect index.html to root in frontend router (fixes #260) (4dcd576)
• Redirect /index.html?action=... to /login and /logout (fixes #254) (30da724)

Changes:

• Validation
  • Add validation for the rebuild mode (cd935d9)
  • Add validation for boolean parameters (0619a8c)
• Upgrade packages to resolve npm audit warnings
  • Use patched swagger-ui fork to fix UI debounce bug (a4c2ef0)
  • Update package-lock.json's (9dfe539)
  • Remove deprecated NODE_PATH from .env (9a681a5)
  • Upgrade to react-scripts=^3.0.1, swagger-ui=3.22.3 (52c80bb)
• README
  • Reformat README Setup section for improved readability (ba9825c)
  • Fixing deadlink (5c1b978)
• Update description of overwrite-content in CFN template (f1806d4)
• Run npm install upon npm run get-dependencies (2ac23ae)
• Support specifying AWS SAM CLI profile name
  • Optionally include AWS SAM CLI profile option also in the write-config.js (44b4dc7)
  • Add optional AWS SAM CLI profile option to be used to interact with AWS API. (c5353f5)

v3.0.1

Bugfixes:

• CORS headers are now correctly set for custom domain names
• npm dependencies updated

Security & architecture changes:

• When UseRoute53Nameservers is enabled, records are only created for the exact URL specified in the CustomDomainName stack parameter. Previously, records for the URL specified (e.g., foo.bar.com) and the www-prefixed URL (e.g., www.foo.bar.com) were both created. This causes issues with the way CORS is implemented in the dev portal. Please create a github issue if this affects your use-case.

v3.0.0

Upgrading to v3.0.0:

See this wiki page.

Features:

• Admin users and admin panel
  • Conveniently build your API catalog using a web interface in the developer portal
• Users can generate SDKs for your APIs
• Users can use the search interface to locate an API by its name, description, resources, documentation, etc.
• Account owner can now see associations between User Pool identities, Identity Pool identities, and API keys
  • If you upgrade a dev portal from v2.3.3, this should backfill for your existing users
• Users can now submit feedback to the owner of a developer portal. This feedback is sent via SNS to an email and saved in a table in DDB.
  • To enable this feature, deploy or update the stack with the DevPortalAdminEmail parameter set to your email address, then reply to the SNS subscription request.

Security & architecture changes:

• S3 bucket containing web assets is now only accessible through CloudFront. Please migrate to the CloudFront URL.
• Cognito Hosted Sign-On UI is now mandatory, instead of optional