1.11.0

Allow a banner to be configured and displayed post-login.

Support user preferences.

Support system preferences.

Support PACTFLOW_DATABASE_PORT environment variable.

Allow API token expiry to be configured.

Show warning in UI when API token is due to expire.

Support database field level encryption of API tokens.

Support ignoring specified applications when using can-i-deploy.

Allow secrets and webhooks to be assigned to, and managed by, a specific team.

Improve pending pacts and WIP pacts logic.

Add pactbroker.azureDevOpsVerificationStatus webhook parameter .

Validate that well-formed JSON or YAML is used when publishing Base64 encoded provider contracts.

Disallow the deletion of predefined roles.

Add endpoint to reset role/permissions assignments for predefined roles.

Deprecate system:preference:read permission. All logged in users may now read the system preferences.

Allow team administrators to be assigned to teams. Team administrators can add and remove users and applications from teams.

Add system_account:manage:team permission to allow team users to view/regenerate the API tokens for system account users that are assigned to their team.

Update default permissions assigned to predefined roles to use team scoped permissions wherever applicable.

Renamed "Test Maintainer" role to "User" for new installations.

Ensure the SAML provider base URL is derived correctly when the login endpoint is specified in the metadata, not an environment variable.

Correctly record which SAML provider was used to log in when multiple SAML providers are configured.

Ensure api token values are not show in debug logging.

If not already set, the PACTFLOW_BASE_URL should be set to mitigate cache poisoning vulnerabilities.

The PACTFLOW_MASTER_SECRETS_ENCRYPTION_KEY environment variable has been renamed to PACTFLOW_MASTER_ENCRYPTION_KEY. The old name will continue to work, but please update your configuration to avoid warnings. Do not change the value of this key.

Steps to enable API token database field level encryption:

Please read the relevant documentation for each of the following environment variables and update your configuration with the appropriate values.

Restart the PactFlow On-Premises application. The API tokens will be encrypted during start up once the PACTFLOW_API_TOKEN_ENCRYPTION_ENABLED environment variable has been set to true.

Verify that the API tokens have been encrypted by running the SQL:

sql SELECT COUNT(*) FROM saas_api_tokens; SELECT COUNT(*) FROM saas_api_tokens WHERE encrypted_value IS NOT NULL;

Both counts should be the same.

Verify that users still have access to the API using their existing tokens executing the following curl command, or making the same request with Postman or equivalent:

bash curl -v https://{YOUR_PACTFLOW_DOMAIN} \ -H "Authorization: Bearer {EXISTING_TOKEN_VALUE}"

The response should be a 200 OK with a JSON body.

Once it has been confirmed that the now-encrypted API tokens are working correctly, please clear the unencrypted values from the database using the following SQL:

sql UPDATE saas_api_tokens SET value = NULL;

Once API token encryption has been enabled and the unencrypted values removed, encryption cannot be disabled again.