Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package orthanc-authorization for
openSUSE:Factory checked in at 2025-07-15 16:44:04
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/orthanc-authorization (Old)
and /work/SRC/openSUSE:Factory/.orthanc-authorization.new.7373 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "orthanc-authorization"
Tue Jul 15 16:44:04 2025 rev:5 rq:1293149 version:0.9.4
Changes:
--------
---
/work/SRC/openSUSE:Factory/orthanc-authorization/orthanc-authorization.changes
2025-05-08 18:26:18.191790288 +0200
+++
/work/SRC/openSUSE:Factory/.orthanc-authorization.new.7373/orthanc-authorization.changes
2025-07-15 16:45:21.515403594 +0200
@@ -1,0 +2,22 @@
+Mon Jul 14 12:56:31 UTC 2025 - Axel Braun <[email protected]>
+
+- version 0.9.4
+ * Fixed a security issue: the entries in the cache token->permissions were
kept too long in the cache
+ allowing users to have access to generic routes even with an expired token.
+ These entries are now stored maximum for 10 seconds.
+ Note that the validity duration of the token->user-profile entries is
determined by the auth-service;
+ typically 60 seconds.
+ * New default permissions to Q&R remote modalities
+ * The /tokens/decode route now returns 2 additionnal fields:
+ "ResourcesDicomIds" and "ResourcesOrthancIds".
+ This will only work if the authorization service returns a "resources"
field to the /tokens/decode route.
+ * Maintenance: Use Orthanc SDK 1.12.4 by default to benefit from more
detailed logging.
+ * Fix default permission for /dicom-web/servers/../stow
+ * When calling /dicom-web/studies with a resource token when no
StudyInstanceUID
+ is specified in the query args, the plugin now adds a filter on
StudyInstanceUID=X|Y where
+ X & Y are the StudyInstanceUIDs of the resource token.
+ This will only work if the authorization service returns a "resources"
field to the /tokens/decode route.
+ This notably prevents OHIF to display errors when requesting
+ prior studies while still preserving the security since only the
authorized resources are returned.
+
+-------------------------------------------------------------------
Old:
----
OrthancAuthorization-0.9.2.tar.gz
New:
----
OrthancAuthorization-0.9.4.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ orthanc-authorization.spec ++++++
--- /var/tmp/diff_new_pack.55L3gS/_old 2025-07-15 16:45:24.199515666 +0200
+++ /var/tmp/diff_new_pack.55L3gS/_new 2025-07-15 16:45:24.199515666 +0200
@@ -21,7 +21,7 @@
Summary: Authorisation plugin for Orthanc
License: GPL-3.0-or-later
Group: Productivity/Graphics/Viewers
-Version: 0.9.2
+Version: 0.9.4
Release: 0
URL: http://orthanc-server.com
Source0:
https://orthanc.uclouvain.be/downloads/sources/%{name}/OrthancAuthorization-%{version}.tar.gz
++++++ OrthancAuthorization-0.9.2.tar.gz -> OrthancAuthorization-0.9.4.tar.gz
++++++
++++ 15715 lines of diff (skipped)
