Skip to content
Tenth round of improvements in 2.X series

This version brings mostly security and bug fixes, library upgrades, stale
code refactorings, but a number of changes warrants new release.

Among security fixes there are mitigations for XSS, fixed enforcement of
STS, secure cookies and CSP.

Fixed are a few glitches in basic reporting filters. They default to AND
now, and as previous OR combinations of basic rules was nonsensical, please
review, whether your basic filters do what you expect. As new combination is
stricter, you won't lose any events from reports, however more of them can
get through the filters. Also, a bug where in some cases reporting filters
were not able to be created is fixed.

A number of bugfixes and refactorings concerning report feedback, encodings,
timezones, support scripts, configuration, stale libraries and a number of
crashes is now in place.

Also, development pipeline and Vagrant support is vastly improved.

Notes for administrators: Because of nasty and hard to track situations,
lower case (for case insensitivity) is now enforced in user names. If case
conflict situation appears in your case, you will find redundant users with
_case_conflict suffix - please review conflicting users to find and enable
the correct one.

As mostly redundant library-like Vial tree is now refactored and simplified
back into Hawat, please take care to review mentions of "vial" in
your configuration (if any, replace with "hawat").

Please, visit the issue tracker for list of related issues: