Releases: nightscout/cgm-remote-monitor
15.0.2
Release 15.0.0. Apple Gluten Free Muffin
Nightscout version 15.0.0
Current dev branch preparing release for 15.0.0
. This is a major version bump because we changed node version requirements to support only lts
versions, removing older versions.
Breaking changes:
- Node 12 no longer supported, modern versions of node and npm.
- AAPS Compatibility - AAPS 3.2.0 need at least NS 15.0.0.
Fixes
- fix security issue where part of v2 API was unsecured.
- Viewing reports from another timezone now aligns treatment and glucose data, at the trade of framing the query in UTC. This may result in wrapping to tomorrow or yesterday's date depending on the timezones involved, and time of day.
Improvements
- tweak viewport for iphone
- new "easy state" in v2 API to help enable reproducible, easy to consume statistics and usage information.
Loop
- Make Loop overrides more convenient by removing unused OTP field.
- Introduce Nightsout Connect, a plugin to unify importing external cloud provider diabetes data into Nightscout.
Android APS
- Prevent gaps from appearing in some cases.
- Upgrades to data consistency and auth
While using websockets in NS v3 plugin treatments entered through NS UI (plus button) and other applications using v1 API are not sent to AAPS. This will be fixed in future release of NS. Always use the same client (v1 or v3) in AAPS and AAPSClient until NS fully switch to v3 internaly. The same is valid for AAPS and AAPSClient itself.
See the full release notes for AAPS 3.2.0 for more details.
Maintenance
- update or pin many dependencies to keep Nightscout up to date
- changed build system to trivially support more cloud providers, notably Digital Ocean.
- updating mongo uri parser and providing indices expected to improve Azure + CosmoDB compatibility
- More translations and language updates.
- Update mongodb dependencies and poll the database 15 seconds instead of 5 seconds.
What's Changed
- Wip/bewest/pieter git dev20220815 by @bewest in #7568
- Add Node 16 support, drop Node 12 support. Update supported browsers and documentation by @PieterGit in #7514
- New build artefact cache location by @sulkaharo in #7526
- Wip/bewest/code ql analysis by @bewest in #7569
- codeql text/html injection in food.js by @bewest in #7570
- Fix empty import config by @k2s in #7647
- fix webpack 5 polyfills by @k2s in #7646
- Remove unused OTP field from Remote Override form. by @gestrich in #7513
- Change the SHA1 validation to be case insensitive by @sulkaharo in #7780
- New Crowdin updates by @sulkaharo in #7238
- Bump jsonwebtoken from 8.5.1 to 9.0.0 by @dependabot in #7787
- Merge master back to dev by @sulkaharo in #7799
- Update socket.io and uuid packages by @sulkaharo in #7793
- Fix Server error by @Joerg-Schoemer in #7784
- Forwarded fix by @dnicolaas in #7593
- Change viewport scale to fix layout on iPhone by @sulkaharo in #7623
- Refactor moment to be loaded from ctx by @sulkaharo in #7331
- Fixes a bug introduced in #7273 by @sulkaharo in #7825
- Merge master to dev so Git is in sync by @sulkaharo in #7834
- apiv3 fix patch operation by @MilosKozak in #7807
- Delete v3 api identifiers when cloning a record in profile editor by @sulkaharo in #7839
- Downgrade jsdom to version 11.11.0 by @sulkaharo in #7851
- Fix api v3 users seeing gaps in CGM data by @sulkaharo in #7853
- Possibly fix Loop time zones not being recognised in profile editor and reports by @sulkaharo in #7833
- New Crowdin updates by @sulkaharo in #7808
- Update Mongo URL parser to 1.0.2 to fix issues Scott H found by @sulkaharo in #7606
- minimum attempt to protect /api/v2/ endpoints by @bewest in #7554
- Wip/bewest/daytoday redo 03 by @bewest in #7857
- Add logging limits to docker-compose.yml for all services (mongo, nightscout and traefik) by @bjornoleh in #7884
- Add event type to event on treatment notify if it's missing by @sulkaharo in #7888
- Fixed pushover callbacks not being processed by @yodax in #7876
- Add charging state to the uploader battery pill by @yodax in #7873
- Fix loading JWT when auth subject has no permissions by @sulkaharo in #7894
- Alarm sockets for api v3 by @MilosKozak in #7858
- Api3 remove auth token by @PetrOndrusek in #6863
- cheat for tests across different time zones by @bewest in #7905
- Fixes #7910 by @sulkaharo in #7911
- Ensure indexes for Roles and Subjects collections as part of boot by @MarcinJuraszek in #7902
- New Crowdin updates by @sulkaharo in #7869
- Wip/bewest/document data rights by @bewest in #7828
- Fix default value of the checkbox in plugin-specific settings by @Jackenmen in #8031
- Fix label's
for
attribute for plugin-specific settings by @Jackenmen in #8030 - support for nightscout-connect + easystate summary API v2 by @bewest in #7983
- Summary V2 API and API V2 cleanup by @sulkaharo in #8029
- Wip/bewest/nightscout connect by @bewest in #8039
- New Crowdin updates by @sulkaharo in #8042
- Upgrade APN Library & Support Time-Sensitive Notifications by @gestrich in #8047
- Wip/bewest/api secret free reads by @bewest in #8085
- APIv3 sync only on srvModified by @MilosKozak in #8100
- README.md: use shareous1 for Nightscout connect using Dexcom share by @bjornoleh in #8073
- Point readme to correct location of swagger.yaml by @jakobsandberg in #7312
- Mongo driver update & less frequent database polls by @sulkaharo in #8026
- New Crowdin updates by @sulkaharo in #8082
- dev - candidate for release 15.0.0 by @bewest in #7809
New Contributors
- @k2s made their first contribution in #7647
- @dependabot made their first contribution in #7787
- @Joerg-Schoemer made their first contribution in #7784
- @dnicolaas made their first contribution in #7593
- @MarcinJuraszek made their first contribution in #7902
- @Jackenmen made their first contribution in #8031
Full Changelog: 14.2.6...15.0.0
Release 14.2.6 - Classic Liquorice
Highlights
Release discussions: #7237
- Data rights management - Thanks to @tynbendad: Obscuring the data source restores interoperability among data brokers choosing to discriminate. See
OBSCURED
andOBSCURE_DEVICE_PROVENANCE
environment variables. - Next version of Loop (likely 3.0.x, currently in dev as 2.3.0) - Verified @ps2 - required for Loop 3.0 remote real-time sharing features.
- Eliminate crash/NPE for AndroidAPS 3.. Verified @MilosKozak, @samihusseingit - required for 14.2.4+ compatibility with AAPS 3.0.
Proper and formal support for LTS Node versions. (We are delaying removing support for older Node until the next version to create an easier upgrade pathway for some users.)
What's Changed
Thanks to all contributors!
- obscure private device provenance by @bewest in #7249
- Fixes an issue where treatment units were all rewritten on load, regardless of units by @sulkaharo in #7273
- Change deduping interval by @MilosKozak in #7285
- Omnipod reservoir fixes by @ps2 in #7380
- Fix expiration time on remote notifications for Loop by @ps2 in #7375
- Support automatic bolus volumes in the enacted field for loop status. by @ps2 in #7385
- Results could be null and can crash the website by @samihusseingit in #7468
- Wip/bewest/upgrade node by @bewest in #7343
- Fix incorrect appending for loop enacted status by @ps2 in #7488
- rm package-lock.json && npm install by @bewest in #7487
- Allow Remote Carb Entries in Past or Future by @gestrich in #7512
- Build Docker image for arm64 architecture by @p5nbTgip0r in #7043
New Contributors
- @samihusseingit made their first contribution in #7468
- @gestrich made their first contribution in #7512
Full Changelog: 14.2.5...14.2.6
Release 14.2.5 Sweet Liquorice
Update Share2Nightscout-bridge. Thanks to @cpitchford for fixing trend arrows, adjusting lag from Dexcom Share and increasing mmol precision.
Update minimed-connect-to-nightscout. Thanks to @stijnbrouwers for including a capability to log in as a Carepartner user.
Thanks to all contributors for many updates in translations across Turkish, Hebrew, Polish, Portugese, Brazilian, Arabic, Greek, and German languages.
What's Changed
- Ensure that HIGH and LOW values are reported when using share2bridge by @cpitchford in #7207
- Increase accuracy of mg/dl to mmol/l ratio by @cpitchford in #7204
- Fix api-secret header name in swagger configuration. by @MJDSys in #7154
- New Crowdin updates by @sulkaharo in #7047
- Fix docker image build by @pazaan in #7219
- Optimize time between polling share2nightscout-bridge to reduce ingest lag by @cpitchford in #7231
- update 20.10.21 by @DaniilBondarenko2004 in #7183
- new dev branch starting post 14.2.4 release by @bewest in #7146
- Dev by @tlwitt in #7225
Full Changelog: 14.2.4...14.2.5
Release 14.2.4 Sweet Liquorice
What's Changed
- Add wares to v2 to support request parsing by @sulkaharo in #7144
- Prep next release - 14.2.4 by @bewest in #7139
These hotfixes restore remote overrides feature broken in 14.2.4. See for more details: #7141 (comment)
Full Changelog: 14.2.3...14.2.4
Release 14.2.3 Sweet Liquorice
- docker-compose support
- Updates from CrowdIn for translations
- update URL pointing to docs
- updates to Dexcom Bridge
- fix handling request body size - allows openaps and other systems to upload multiple days of data
- eliminate xss vulnerability in handling the x-forward-for header
Release 14.2.2 Sweet Liquorice
- Merge latest translations from Crowdin
- Clean project root
- Re-introduce a wrapper server.js in the project root
Release 14.2.1 Sweet Liquorice
- Upgrades socket.io to 2.4.0
Release 14.2.0 Sweet Liquorice
Welcome to Release 14.2 Sweet Liquorice!
This release focuses on improving the overall security of Nightscout. 14.2 adds a new method for Nightscout to notify you of various security issues in your setup. After upgrading to the this release, if Nightscout wants to tell you something about the system security, you'll see a red megaphone appear in the Nightscout web client. To see the messages, you'll have to sign in using your API-SECRET or a token that's got administration privileges. Full details of the messages can be found in the Nightscout documentation: https://nightscout.github.io/nightscout/security/
Advance warning regarding future releases: we are likely to make compatibility breaking changes in upcoming releases that will change how the authentication flows with the Nightscout API works, along with changes to validation of data sent to Nightscout. If you're an app developer and are using the Nightscout APIs in your application, please join our Discord channel to learn about the changes are they're implemented. You can join the channel here: https://discord.gg/zg7CvCQ
Nightscout translations are now made in Crowdin. This is very easy even for non-technical folks, so please join and contribute! https://crowdin.com/project/nightscout
Note if you're running your instance with a very old MongoDB version, your installation might break. We've tested the release using MongoDB 4.2 and 4.4.
New Features and Improvements
- Administration messages support
- Bolus bubble rendering in Nightscout UI is now more configurable, see the new Settings in the client settings panel
- You can now configure Nightscout to disable battery alarms during night
- Security improvement: treatments and CGM entries sent over the REST API V1 are now filtered for XSS injection code
- A lot of work has been put into localization, huge thanks to all the contributors
- Reports now remember the settings you've chosen across sessions
- Alexa integration now supports Spanish
- Fixed a bug with AAPS updating CGM values after Dexcom rounds the value
- Added support for Portuguese and Slovenian
- Support for Traditional Chinese has been removed until we find a contributor to help with translating more of the software. The next release will remove support for Japanese unless a larger portion of the text has been translated by time of release.
- The site has now been tested to again work on iOS 9 devices
For developers
- APIV3 results are now wrapped differently from before
- Webpack was upgraded to V5
- Client JS bundling was simplified to just one bundle, cutting down bundling time to ~50% of current
- Removed cache invalidation token from bundling process and generating it on server boot
- Security improvement: generate strong persistent random string on deploy to use for JWT signing instead of api_secret
- Security improvement: moved api-secret and JWT signing to a separate centralized security component and deletes api_secret from environment, so it's not accessible elsewhere
- Security improvement: Clients can now send the api_secret using SHA512
- Moved some server components away from project root to make it easier to see what code runs in server vs client
- Fixes some issues reported by linter
Nightscout 14.1.0 Salty Liquorice
Important note
Users using mmconnect plugin should immediately update to this release due to significant fixes in the newly release version of the mmconnect integration.
Changes
- The localization system was completely overhauled and now uses Crowdin for the translation process. If you want to help with translations, please contribute at https://crowdin.com/project/nightscout
- Many small fixes to UI including non-localizable text
- Refactored authentication, so read-only tokens work correctly when used to log in on a site that does not grant any default privileges
- Refactor mongo-storage and fix a bug with Promises in some Mongo configurations
- Fix clock views issue introduced in previous release, which broke the view for some users
- Fix a bug in client load while server is still starting
- Rename Weekly Success report to Weekly Distribution
- Docker builds are back on, using Github Actions
- API V3 now supports the cache layer introduced in API V1 in release 14.0
- Use new mmconnect release, which should fix issues with mmconnect
- Google Home and Alexa should now work with multiple simultaneous CGM sources