Merge pull request #161 from datasharingframework/v2.1.0

added release notes for 2.1.0

Author: schwzr

docs/src/.vuepress/sidebar/fetch-versioned-release-notes.sh

@@ -10,7 +10,7 @@ REPO_NAME="dsf"
 OUTPUT_BASE_DIR="../../operations"
 
 # Define the range of versions 
-VERSIONS=("v1.0.0" "v1.1.0" "v1.2.0" "v1.3.0" "v1.3.1" "v1.3.2" "v1.4.0" "v1.5.0" "v1.5.1" "v1.5.2" "v1.6.0" "v1.7.0" "v1.7.1" "v1.8.0" "v1.9.0" "v2.0.0" "v2.0.1" "v2.0.2")
+VERSIONS=("v1.0.0" "v1.1.0" "v1.2.0" "v1.3.0" "v1.3.1" "v1.3.2" "v1.4.0" "v1.5.0" "v1.5.1" "v1.5.2" "v1.6.0" "v1.7.0" "v1.7.1" "v1.8.0" "v1.9.0" "v2.0.0" "v2.0.1" "v2.0.2" "v2.1.0")
 
 # Fetch all release details
 echo "Fetching all releases..."

docs/src/operations/v2.0.0/release-notes.md

@@ -19,7 +19,7 @@ General remarks:
 
 Feature Summary:
 - With the 2.0.0 release the workflow engine for the **DSF BPE Server** was migrated from *Camunda 7* to the community-driven, open-source BPMN engine [Operaton](https://operaton.org). The migration includes a byte-code rewriting layer that allows existing v1 process plugins compiled against Camunda classes to continue running without recompilation.
-- The release includes a new **Process Plugin API v2**, offering cleaner abstractions, new services and expanded metadata. The API introduces foundational support for FHIR validation services (planned to be fully activated in 2.1) and provides utilities such as data encryption, compression and new logging facilities. Using the new FHIR server connections API, credentials for local FHIR data servers can be shared between process plugins, with password, mTLS and OIDC based authentication supported.
+- The release includes a new **Process Plugin API v2**, offering cleaner abstractions, new services and expanded metadata. The API introduces foundational support for FHIR validation services (planned to be fully activated in a future release) and provides utilities such as data encryption, compression and new logging facilities. Using the new FHIR server connections API, credentials for local FHIR data servers can be shared between process plugins, with password, mTLS and OIDC based authentication supported.
  - Default FHIR profiles for all supported resources have been created for version 2.0.0 on the **DSF FHIR Server**, with automated data-migration to ensure compliance for existing installations. The authorization system now supports fine-grained, resource-specific roles and enhanced practitioner-based access control for `Task` and `QuestionnaireResponse` resources. Internal optimizations improve performance for `Binary` resources with a new size limit of resources constraint by PostgreSQL's 4TB limit of *Large Objects* (limits of forwarding- and reverse-proxies for uploads may be smaller).
  - Finally, the **user experience** has been modernized with a more responsive layout and a new statistics panels on the FHIR server visible to administrators. Extensive configuration cleanup and unified logging controls simplify administration across both the BPE and FHIR servers.
  - The DSF 2.0.0 code-base was upgraded to Java 25 and uses latest versions of Jetty and HAPI. A new [dsf-maven-plugin](https://repo1.maven.org/maven2/dev/dsf/dsf-maven-plugin/2.0.0-RC2) was created to automate build steps and help process plugins developers in generating configuration documentation and docker-compose based DSF development setups.

docs/src/operations/v2.1.0/release-notes.md

@@ -1,4 +1,81 @@
----
-title: Release Notes (v2.1.0)
-icon: note
----
+---
+title: Release Notes (v2.1.0)
+icon: note
+---
+
+## [Release Notes for v2.1.0](https://github.com/datasharingframework/dsf/releases/tag/v2.1.0)
+
+::: tip Release Notes
+You can access all release notes on our [GitHub](https://github.com/datasharingframework/dsf/releases).
+:::
+
+### 2.1.0 - Security and Performance
+General remarks:
+
+- This is a feature update for DSF 2.x with security and performance improvements.
+- To Update from an existing 2.x installation, please see the [2.x -> 2.1.0 Upgrade Guide](https://dsf.dev/operations/v2.1.0/upgrade-from-2.html). 
+- For a fresh deployment, follow the [installation instructions](https://dsf.dev/operations/v2.1.0/install.html).
+
+Security Advisories:
+- Missing Session Timeout for OIDC Sessions: [GHSA-gj7p-595x-qwf5](https://github.com/datasharingframework/dsf/security/advisories/GHSA-gj7p-595x-qwf5)
+- Inverted Time Comparison in OIDC JWKS and Token Cache: [GHSA-xmj9-7625-f634](https://github.com/datasharingframework/dsf/security/advisories/GHSA-xmj9-7625-f634)
+
+Bug Fixes:
+- In previous versions starting processes via the FHIR server front-end failed, if `Task` resources used input parameter codes (`Task.input.type`) that were substrings of other input parameter codes ([#442](https://github.com/datasharingframework/dsf/issues/442)). The front-end code was fixed to handle these edge-cases.
+- Process instances started with DSF 1.x failed to continue on DSF 2.x ([#438](https://github.com/datasharingframework/dsf/issues/438)). Fallback code was added to correctly read the old DSF 1.x Task process variables.
+- A configuration error in the `DsfClient` used by v2 process plugins via the [FHIR client connections API](https://dsf.dev/operations/v2.1.0/bpe/fhir-client-connections.html) resulted in bearer tokens and basic authentication credentials not being send ([#432](https://github.com/datasharingframework/dsf/issues/432)). The feature registration order was fixed to send authentication credentials in the `DsfClient` implementation.
+
+Feature Summary:
+- An identifier constraint rule was added to the `Task` base profile http://dsf.dev/fhir/StructureDefinition/task for resources with status `draft`. The constraint adds a rule to the base profile that was previously only enforced via the [TaskAuthorizationRule](https://github.com/datasharingframework/dsf/blob/main/dsf-fhir/dsf-fhir-server/src/main/java/dev/dsf/fhir/authorization/TaskAuthorizationRule.java#L357).
+- The DSF FHIR server front-end was improved to display the `Binary` resource content inline. This feature is enabled for `Binary` resources with content-types: `text/html` and `text/plain`.
+- The performance of allow-list and other bundle executions was improved by modifying the database schema and optimizing the FHIR server code base. A new `current` column was added to resource tables together with a number of new database indexes. A "not found" cache was added for metadata resources to reduce unnecessary database calls.
+- Other security improvements were implemented and are detailed in the [DSF 2.1.0 hardening measures](https://dsf.dev/operations/v2.1.0/hardening-measures.html) document.
+
+Docker images for this release can be accessed via the GitHub Docker registry - ghcr.io:
+* **bpe**: [ghcr.io/datasharingframework/bpe:2.1.0](https://github.com/datasharingframework/dsf/pkgs/container/bpe/796016761?tag=2.1.0)  
+  Digest: sha256:3ee7ef0ac201fc3776273fbfc2569bdc4edf724a2bb9f1b4a889eb7e13ff4049
+* **bpe_proxy**: [ghcr.io/datasharingframework/bpe_proxy:2.1.0](https://github.com/datasharingframework/dsf/pkgs/container/bpe_proxy/796013677?tag=2.1.0)  
+    Digest: sha256:c67da4a1720ea75a383764db2bf25619fe70f57773b1069029f5b49588eb1ecc
+* **fhir**: [ghcr.io/datasharingframework/fhir:2.1.0](https://github.com/datasharingframework/dsf/pkgs/container/fhir/796016727?tag=2.1.0)  
+  Digest: sha256:71599af143f0262a7265aa2bc4ea5a9660f11de6248a053e060b5667070203fd
+* **fhir_proxy**: [ghcr.io/datasharingframework/fhir_proxy:2.1.0](https://github.com/datasharingframework/dsf/pkgs/container/fhir_proxy/796013880?tag=2.1.0)  
+  Digest: sha256:9f11a3580c970314532f5951808be6fe72f1de7d53348e625d2dd0c95bcf1d96
+
+Process Plugin API v1 on Maven Central:
+```xml
+<dependency>
+    <groupId>dev.dsf</groupId>
+    <artifactId>dsf-bpe-process-api-v1</artifactId>
+    <version>2.1.0</version>
+</dependency>
+```
+Process Plugin API v2 on Maven Central:
+```xml
+<dependency>
+    <groupId>dev.dsf</groupId>
+    <artifactId>dsf-bpe-process-api-v2</artifactId>
+    <version>2.1.0</version>
+</dependency>
+```
+DSF Maven Plugin on Maven Central:
+```xml
+<plugin>
+    <groupId>dev.dsf</groupId>
+    <artifactId>dsf-maven-plugin</artifactId>
+    <version>2.1.0</version>
+</plugin>
+```
+
+Issues closed:
+- Security Improvements / Defense-in-Depth [#453](https://github.com/datasharingframework/dsf/issues/453)
+- Upgrade Dependencies [#448](https://github.com/datasharingframework/dsf/issues/448)
+- Improve Allow-List Bundle Execution Performance [#443](https://github.com/datasharingframework/dsf/issues/443)
+- Form.js builds invalid Task resource when submitting form [#442](https://github.com/datasharingframework/dsf/issues/442)
+- Add Identifier Constraint to Task Profile [#440](https://github.com/datasharingframework/dsf/issues/440)
+- Process Instances from DSF 1.x Fail to Continue on DSF 2.x [#438](https://github.com/datasharingframework/dsf/issues/438)
+- Start New Development Cycle [#435](https://github.com/datasharingframework/dsf/issues/435)
+- Automate Docker Image Builds and Maven Central Deploys [#434](https://github.com/datasharingframework/dsf/issues/434)
+- ClientConfig in DsfClientJersey overwrites Authentication Features [#432](https://github.com/datasharingframework/dsf/issues/432)
+
+This release contains contributions from [@EmteZogaf](https://github.com/EmteZogaf), [@hhund](https://github.com/hhund), [@jaboehri](https://github.com/jaboehri), [@schwzr](https://github.com/schwzr) and [@wetret](https://github.com/wetret).
+