Skip to Content

DevOps Portal 1.4.2

Last modified by DevOps-as-a-Service Operator on 2025/02/05 11:33

Released on September 21, 2023

PSA (Privacy and Security Assessment) Compliance

  • Passwords of users expire now after 12 months. The current implementation sends emails on every Monday and Thursday morning to users whose password will expire within the next 21 days (3 weeks). The normal procedure is to change the password when logged in to the DevOps Portal using the menu item Account/Password. If the password has already expired, the affected user needs to use the Did you forget your password? link on the login page to reset the password. Please note, that the login page in general does not reveal any information about why a login failed. This is done to not support potential password crackers with any feedback. Therefore, if you cannot log in, always check that the username and password are correct. If this doesn't help, a password reset can be tried, but please note that this will not work if you have been locked in the Portal by a Portal Admin. As a last resort, use the Contact link in the Portal footer to contact a Portal Admin.
  • Passwords cannot be reused within 60 days. The current implementation disallows to change a password more than once within 24h (1 day). In addition, a history is kept of the last 60 passwords. At the end, we recommend using a reliable password manager like e.g. KeePassXC which can create strong random passwords that are stored encrypted on a local drive. Using this approach, there's no problem when a new password has to be set at the DevOps Portal.
  • To improve the security, the account log of the Portal is now also stored in the central logging system of the DevOps-as-a-Service instance.
  • Strict-Transport-Security has been implemented for HTTP response headers where missing.
  • X-Content-Type-Options:  “nosniff” has been implemented for HTTP response headers where missing.
  • Content Security Policy (CSP) implemented.

Enhancements

  • The auto-provisioning backend has been redesigned for improved performance. The changes were also especially important for instances with more than 1000 users.
  • The DevOps Portal is currently being prepared to allow downtime free updates in the future. One of the required changes was to drop the # sign used in deep links to certain pages. Please update browser bookmarks if necessary.

Improvements

  • All user roles in Jenkins have been adapted to the new schema introduced by latest Jenkins versions.
  • The contact email address available in the Portal footer is now also used in the footer of the login page. A shift-reload of the page in the browser will help to get the login page properly updated. As an alternative, the browser cache can be emptied.
  • The number of entities, remaining licences etc. has been stream lined to look exactly the same on all pages.
  • When a project admin has added additional roles to a project member in Jira, these excessive roles are automatically removed when a project sync is triggered. Therefore, each member will get just its well-defined single role as set in the Portal.
  • Several problems for the auto-provisioning of the upcoming tools YouTrack and Gitea have been solved.
  • Updates of used software frameworks.
  • On the Portal Homepage now only active projects can be selected, but no retired ones. This is a preparation for the upcoming enhanced project retirement.

Bugfixes

  • On large instances, it could happen that for locked users, the Confluence licence was not removed. This is fixed now.
  • In the past, a problem could occur in LDAP when the Organization was changed for a user. This has been already fixed, but now some remaining wrong entries in LDAP have been repaired.
  • The Portal allows up to 1024 characters for a project description. Since the text is propagated to the tools it's now automatically shortened to 255 characters for Bitbucket, Gitea and GitLab, since these tools don't support texts longer than this limit.
  • A pending sync could show up on role assignments for users without a Confluence licence. It's been harmless, but will not occur any longer.
  • A pending sync related to SonarQube could show up on role assignments for users in LOCKED or CREATED state. It's been harmless, but will not occur any longer.
  • On a project resync, the project role column was emptied. Now it keeps its content. It was just a visual problem.
  • A JavaScript error sometimes visible in the debug console of browsers has been fixed.

Known Issues

  • Unfortunately, the links to Agile Board and Backlog in the Jira tile of the DevOps Portal homepage do not work properly for users which have more than one project. In fact, the links will lead to the last visited agile board on Jira, independent to the project selection on the homepage of the DevOps Portal. This is caused by the fact, that agile boards are not part of a Jira project, but instead are independent entities. We are striving to find a solution for the problem in a future version.

Posted by DevOps-as-a-Service Operator  · Permalink · Comments (0)

© 2018-2025 T-Systems International GmbH