Clojars Worklog - 2022

This worklog covers work performed on Clojars under a contract from the Clojurists Together Foundation. The contract covers security improvements and general maintenance.

Changelogs: clojars-web, clojars-server-config

Rewrote search indexing to upgrade from Lucene 2 to 8 and address #721, #806

I verified 17 groups.

Changelogs: clojars-web, clojars-server-config

• Fixed issues with the GitHub token discovery reporting when the request was invalid
• Implemented Single-Use & Expiring deploy tokens

I verified 15 groups.

Changelogs: clojars-web, clojars-server-config

• Added email notification to all group members when deploy occurs
• Fixed bug where we were sharing a non-reentrant SimpleDateFormat instance across threads
• Group verification tooling improvements

I verified 14 groups.

Changelogs: clojars-web, clojars-server-config

• Fixed size upload overrides in nginx
• Allowed using email address as username when deploying
• Improved token page display & added single-use token auto-naming
• Significant changes to set security headers that control browser security behavior. We now get an A+ from Security Headers
• Replaced git.io links

I verified 11 groups.

Changelogs: clojars-web, clojars-server-config

• Added sending emails to users when their email address or password changes
• Increased server volume size and reduced log retention window to prevent running out of disk space

I verified 11 groups.

Changelogs: clojars-web, clojars-server-config

• Security/CVE fixes/improvements
• Send emails on group membership change

I verified 18 groups.

Changelogs: clojars-web, clojars-server-config

• A quiet month of vacation

I verified 4 groups.