# HG changeset patch # User Alain Mazy # Date 1679068903 -3600 # Node ID 9194a65254d4b74c697ac7e80525ccb9d53df0cc # Parent 23afe0f2b62b4c8927ce3be1685251fc18248105 news diff -r 23afe0f2b62b -r 9194a65254d4 NEWS --- a/NEWS Fri Mar 17 16:55:58 2023 +0100 +++ b/NEWS Fri Mar 17 17:01:43 2023 +0100 @@ -1,3 +1,6 @@ +2023-03-17 - v 0.5.0 +==================== + * BREAKING-CHANGE: the API between the authorization plugin and the WebService has slightly changed. Check the samples in the README (TODO). - "identifier" has been renamed into "server-id" @@ -7,6 +10,7 @@ * new GET "auth/user/profile" Rest API route to retrieve user permissions * new PUT "auth/tokens/{token-type}" Rest API route to create tokens * new POST "auth/tokens/decode" Rest API route to decode tokens +* these 3 new routes required an updated auth-web-service. * SECURITY FIX: in prior versions, it was possible to browse remote dicom-web servers without being authenticated. (The API routes /dicom-web/servers/.../studies were unprotected). The local