Tenth round of improvements in 2.X series This version brings mostly security and bug fixes, library upgrades, stale code refactorings, but a number of changes warrants new release. Among security fixes there are mitigations for XSS, fixed enforcement of STS, secure cookies and CSP. Fixed are a few glitches in basic reporting filters. They default to AND now, and as previous OR combinations of basic rules was nonsensical, please review, whether your basic filters do what you expect. As new combination is stricter, you won't lose any events from reports, however more of them can get through the filters. Also, a bug where in some cases reporting filters were not able to be created is fixed. A number of bugfixes and refactorings concerning report feedback, encodings, timezones, support scripts, configuration, stale libraries and a number of crashes is now in place. Also, development pipeline and Vagrant support is vastly improved. Notes for administrators: Because of nasty and hard to track situations, lower case (for case insensitivity) is now enforced in user names. If case conflict situation appears in your case, you will find redundant users with _case_conflict suffix - please review conflicting users to find and enable the correct one. As mostly redundant library-like Vial tree is now refactored and simplified back into Hawat, please take care to review mentions of "vial" in your configuration (if any, replace with "hawat"). Please, visit the issue tracker for list of related issues: [[https://homeproj.cesnet.cz/versions/146]] [[https://homeproj.cesnet.cz/versions/122]]