commit orthanc-authorization for openSUSE:Factory

Source-Sync Tue, 15 Jul 2025 08:24:20 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package orthanc-authorization for 
openSUSE:Factory checked in at 2025-07-15 16:44:04
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/orthanc-authorization (Old)
 and      /work/SRC/openSUSE:Factory/.orthanc-authorization.new.7373 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "orthanc-authorization"

Tue Jul 15 16:44:04 2025 rev:5 rq:1293149 version:0.9.4

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/orthanc-authorization/orthanc-authorization.changes  
    2025-05-08 18:26:18.191790288 +0200
+++ 
/work/SRC/openSUSE:Factory/.orthanc-authorization.new.7373/orthanc-authorization.changes
    2025-07-15 16:45:21.515403594 +0200
@@ -1,0 +2,22 @@
+Mon Jul 14 12:56:31 UTC 2025 - Axel Braun <axel.br...@gmx.de>
+
+- version 0.9.4
+  * Fixed a security issue: the entries in the cache token->permissions were 
kept too long in the cache
+  allowing users to have access to generic routes even with an expired token.
+  These entries are now stored maximum for 10 seconds.
+  Note that the validity duration of the token->user-profile entries is 
determined by the auth-service;
+  typically 60 seconds.
+  * New default permissions to Q&R remote modalities
+  * The /tokens/decode route now returns 2 additionnal fields:
+    "ResourcesDicomIds" and "ResourcesOrthancIds".
+    This will only work if the authorization service returns a "resources" 
field to the /tokens/decode route.
+  * Maintenance: Use Orthanc SDK 1.12.4 by default to benefit from more 
detailed logging.
+  * Fix default permission for /dicom-web/servers/../stow
+  * When calling /dicom-web/studies with a resource token when no 
StudyInstanceUID 
+    is specified in the query args, the plugin now adds a filter on 
StudyInstanceUID=X|Y where
+    X & Y are the StudyInstanceUIDs of the resource token.  
+    This will only work if the authorization service returns a "resources" 
field to the /tokens/decode route.  
+    This notably prevents OHIF to display errors when requesting 
+    prior studies while still preserving the security since only the 
authorized resources are returned.
+
+-------------------------------------------------------------------

Old:
----
  OrthancAuthorization-0.9.2.tar.gz

New:
----
  OrthancAuthorization-0.9.4.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ orthanc-authorization.spec ++++++
--- /var/tmp/diff_new_pack.55L3gS/_old  2025-07-15 16:45:24.199515666 +0200
+++ /var/tmp/diff_new_pack.55L3gS/_new  2025-07-15 16:45:24.199515666 +0200
@@ -21,7 +21,7 @@
 Summary:        Authorisation plugin for Orthanc
 License:        GPL-3.0-or-later
 Group:          Productivity/Graphics/Viewers
-Version:        0.9.2
+Version:        0.9.4
 Release:        0
 URL:            http://orthanc-server.com
 Source0:        
https://orthanc.uclouvain.be/downloads/sources/%{name}/OrthancAuthorization-%{version}.tar.gz

++++++ OrthancAuthorization-0.9.2.tar.gz -> OrthancAuthorization-0.9.4.tar.gz 
++++++
++++ 15715 lines of diff (skipped)

commit orthanc-authorization for openSUSE:Factory

Reply via email to