Skip to content

Latest commit

 

History

History
747 lines (420 loc) · 24.4 KB

CHANGELOG.md

File metadata and controls

747 lines (420 loc) · 24.4 KB

9.16.0

  • GovukPrometheus - custom labels from rack env (#424)

9.15.8

  • Update dependencies

9.15.7

  • Update dependencies

9.15.6

  • Update dependencies

9.15.5

  • Update dependencies

9.15.4

  • Update dependencies

9.15.3

  • Update dependencies

9.15.2

  • Update dependencies

9.15.1

  • Update dependencies

9.15.0

  • Add Sanitiser::Strategy::SanitisingError to excluded exceptions list (#402)

9.14.6

  • Update dependencies

9.14.5

  • Update dependencies

9.14.4

  • Update dependencies

9.14.3

  • Update SidekiqRedis healthcheck to work with Sidekiq 7 #399

9.14.2

  • Update dependencies

9.14.1

  • Update dependencies

9.14.0

  • Configure time_zone with govuk_time_zone #392

9.13.1

  • Update dependencies

9.13.0

  • Add Slimmer::SourceWrapperNotFoundError to excluded exceptions.

9.12.0

  • Set time_zone to London in all GOV.UK apps (#381)

9.11.2

  • Fix Logstasher monkey patch overriding patch from this library for OpenTelemetry errors (#377)

9.11.1

  • Fix OpenTelemetry errors when using with Logstasher gem (#372)

9.11.0

  • Add GDS::SSO::PermissionDeniedError to excluded exceptions list (#366)

9.10.0

  • Simplify the logic for deciding whether to initialize GovukPrometheusExporter. GovukPrometheusExporter provides the /metrics webserver and "exporter" process for aggregating counters in multi-process apps. govuk_app_config will now always attempt to initialize GovukPrometheusExporter except when running under rails console. The GOVUK_PROMETHEUS_EXPORTER environment variable no longer has any effect.

9.9.2

  • Add single cookie consent api URLs (#355)

9.9.1

  • Stop sending SignalExceptions to Sentry by default.

9.9.0

  • Drop support for Ruby 3.0. The minimum required Ruby version is now 3.1.4.

9.8.2

  • Fix Ruby 3.3 compatibility (#343)

9.8.1

  • Revert "Add GOVUK domains to script src CSP" (#336)

9.8.0

  • Add GOVUK domains to script src CSP (#334)

9.7.0

  • Enable adding custom LogStasher fields from apps (#327)

9.6.0

9.5.0

  • Allow gov.uk domains to embed pages in the global Content Security Policy (#325)

9.4.0

  • Disallow any domain from embeding a page to prevent clickjacking (#322)
  • Fix GovukContentSecurityPolicy test (#324)

9.3.0

  • Get prometheus labels from controller, not params (#320)

9.2.0

  • Default to Prometheus histograms, not summaries (#318)

9.1.0

  • GovukAppConfig silences OpenTelemetry log output when running a rake task (#311)
  • Update warning message for Prometheus metric server address already in use.
  • Add ability to support custom collectors in the Prometheus exporter.

9.0.4

  • Fix an issue with Rails.logger being not an instance of ActiveSupport::Logger. Rails expects Rails.logger to have methods that Ruby STD Logger does not provide. e.g. silence() (#309)

9.0.3

  • When error is reported by Rails logger, the field is now logged as "error_message" in order to avoid overwriting the "message" field.

9.0.2

  • GovukAppConfig no longer automatically initialises OpenTelemetry when running in rails console.

9.0.1

  • Rename the "error" field in Rails logs from logstasher to "message" as error is supposed to be an object.

9.0.0

  • BREAKING: JSON logs are no longer configured automatically for production Rails apps and are turned on with the GOVUK_RAILS_JSON_LOGGING environment variable (#302)
  • Add govuk_request_id to JSON logging for apps with gds-api-adapters (#300)
  • BREAKING: Remove $stdout, $stderr and $real_stdout redirections (#300)
  • BREAKING: Change error log behaviour from logging JSON to full string (#300)
  • Remove monkeypatch for errors (#300)

8.1.1

  • Fix prometheus_exporter to method patching compatible with OpenTelemetry.

8.1.0

  • Add ability to enable OpenTelemetry instrumentation for Rails applications.

8.0.2

  • Fix the ability to collect Sidekiq metrics in GovukPrometheusExporter. (#299)

8.0.1

  • Change the "source" field in Rails logs from logstasher from string representing IP host address to an empty object.

8.0.0

  • BREAKING: Content Security Policy forbids the use of inline style attributes.

7.2.1

  • Allow prometheus binding to fail with a warning rather than a crash (#294)

7.2.0

  • Suppress noisy Puma::HttpParserError errors (#292)

7.1.0

  • GovukError now allows specifying any name for the Sentry environment tag via the SENTRY_CURRENT_ENV environment variable. The environment name no longer has to match one of a fixed set of strings in order for GovukError to log events to Sentry.

7.0.0

  • BREAKING: Remove unicorn and GovukUnicorn. All production GOV.UK apps are now using Puma instead.
  • GovukStatsd is deprecated and will be removed in a future major release.

6.0.1

  • Add support for configuring timeouts for puma-based applications

6.0.0

  • BREAKING: Drop support for Ruby 2.7
  • Register the Prometheus exporter in Sinatra middleware

5.1.0

  • Add support to force-load the GovukPrometheusExporter by setting GOVUK_PROMETHEUS_EXPORTER to force. (#282)

5.0.0

  • Forbid base elements in the Content Security Policy
  • BREAKING: Content Security Policy forbids unsafe-inline script-src and data: image-src. It provides a nonce generator. Apps that can't support this will need to amend their CSP configuration in an initializer, see example in signon. Any apps that still use jQuery 1.x will need unsafe-inline for Firefox compatibility.

4.13.0

  • Flush log writes to stdout immediately so that structured (JSON) logs are not lost on crash or delayed indefinitely.

4.12.0

  • Allow https://img.youtube.com as a CSP image source
  • CSP only allows scripts, styles and fonts from self which reflects GOV.UK production behaviour
  • Set the default CSP behaviour to be allow communication only to self
  • Remove webchat scripts from the CSP, these are now handled in government-frontend
  • Remove www.signin.service.gov.uk from the CSP as it is no-longer used in GOV.UK
  • Disallow data fonts in the global Content Security policy

4.11.1

  • Remove govuk_i18n plural rules file

4.11.0

  • Update Plek support to allow version 5
  • Add I18n plural rules for Welsh (cy), Maltese (mt) and Chinese (zh) since Rails-I18n has dropped support for them in 7.0.6 (#266)

4.10.1

  • Fix an object ownership/sharing bug where the Rails log level was erroneously being set to WARN when initialising Sentry.

4.10.0

  • Reduce log level for the Sentry gem from INFO to WARN to avoid polluting logs with uninformative messages. This only affects log messages from the Sentry gem itself, which go to stdout.

4.9.0

  • Add GovukProxy::StaticProxy to forward Static asset requests by setting GOVUK_PROXY_STATIC_ENABLED=true.(#261)

4.8.0

  • Enables Sentry environment names for EKS versions of integration, staging and production.(#260)

4.7.1

  • Fix the ability to open the Rails console (bundle exec rails c) when running inside a container (#257).

4.7.0

  • Adds Prometheus Sidekiq monitoring (#255)

4.6.3

  • Adds region1.google-analytics.com to the security policy for GA (#250)

4.6.2

  • Adds a new domain to the security policy for GA (#248)

4.6.1

  • Fixes warning message to refer to correct Sidekiq gem dependency name (#243).

4.6.0

  • Add a warning for apps using GovukError with Sidekiq that don't have sentry-sidekiq installed (#241).
  • Add internal Sidekiq exception "Sidekiq::JobRetry::Skip" to excluded exceptions (#241).

4.5.0

  • Add lux.speedcurve.com to connect_src for GOV.UK Content Security Policy (#232)
  • Fix prometheus_exporter to only be enabled when the GOVUK_PROMETHEUS_EXPORTER env var is set to "true" (#231).
  • Add Prometheus monitoring for EKS section to README.md (#231).
  • Fix govuk_error being incompatible with Ruby >= 3 (#233)
  • Require Ruby 2.7 as the minimum supported Ruby version (#233)
  • Require Sentry 5 and Unicorn 6 major versions (#237)
  • Prevent sentry-rails logger warnings when govuk_error is used with non-Rails apps (#234)

4.4.3

  • Update prometheus exporter server to 0.0.0.0 from localhost (#227).

4.4.2

  • Update HMPO webchat address in security policy (#225).

4.4.1

  • Fix issue where GovukPrometheusExporter module prevented the gem to load due to missing constant "PrometheusExporter" (#224).
  • Lazy load the prometheus_exporter dependency for only apps that use GovukPrometheusExporter (#224).

4.4.0

  • Add GovukPrometheusModule, to allow for export of prometheus metrics (#223).

4.3.0

  • Remove Speedcurve's LUX from the connect-src policy (#216).

4.2.0

  • Add pluralisation rules for Azerbaijani, Persian, Georgian, and Turkish. (#219)

4.1.0

  • Add Puma to dependencies (#214).

4.0.1

  • Update Content Security Policy with new klick2contact.com subdomain (#213).

4.0.0

  • BREAKING: replaces deprecated sentry-raven with sentry-ruby and sentry-rails. Follow the migration guide before upgrading to this version of govuk_app_config to ensure full compatibility with the new gems.
  • BREAKING: GovukError.configure can only be called once, and non-Rails apps will have to manually call GovukError.configure in order to initialise Sentry.
  • BREAKING: apps will no longer increment the error_reports_failed statsd if events fail to get sent to Sentry.
  • BREAKING: the behaviour of before_send has changed, and the should_capture method is deprecated.
  • See pre-release notes below for details.
  • PR: #212

4.0.0.pre.4

  • Fix Sentry client initialisation (#205).
  • BREAKING: non-Rails apps will need to manually call GovukError.configure in order to initialise Sentry.
  • BREAKING: GovukError.configure can only be called once by the downstream application.

4.0.0.pre.3

4.0.0.pre.2

  • Fix default Sentry configuration (#202).
  • BREAKING: this means no more silence_ready or transport_failure_callback options.

4.0.0.pre.1

  • BREAKING: upgrades Sentry gem from sentry-raven to sentry-ruby (#199). There is a migration guide you should follow before upgrading to this version of govuk_app_config.
  • This release also fixes the data_sync_excluded_exceptions behaviour that was broken in v3.1.0 (later fixed in v3.3.0, which was released after 4.0.0.pre.1).
  • Released as a pre-release to identify and fix any problems before a wider rollout.

3.3.0

  • Revert the should_capture/before_send consolidation introduced in 3.1.0. This fixes the data_sync_excluded_exceptions behaviour that has been broken since v3.1.0. (#211)

3.2.0

  • Add Speedcurve's LUX to connect-src policy (#206)

3.1.1

  • Fix the new before_send behaviour & tests, and add documentation (#197)

3.1.0

  • Remove support for should_capture callbacks in favour of before_send (#196)

3.0.0

  • BREAKING: Implement RFC 141 - remove unsuitable healthchecks and return a 500 on healthcheck failure (#193)

2.10.0

  • Allow LUX domain on img-src policy (#191)

2.9.1

  • Fixes bug in GovukI18n introduced in the last version (#189)

2.9.0

  • Add GovukI18n module with custom plural rules (#187)

2.8.4

  • Ensure Redis healthcheck avoids potential race condition (#185)

2.8.3

  • Add new Redis healthcheck and relevant tests (#183)

2.8.2

  • Allow apps to configure the host and protocol for Statsd (#180)

2.8.1

  • Add GdsApi::ContentStore::ItemNotFound to data_sync_excluded_exceptions (#178)
  • Dependabot bumps to allow latest versions of logstasher (#177) and unicorn (#175)

2.8.0

  • Adds govuk_app_config version to every Sentry call (#174)

2.7.1

  • Fix broken data sync error handling for non-Rails apps (#172)

2.7.0

  • Ignore intermittent template retrieval errors from Slimmer (#170)

2.6.0

  • Ignore errors that occur in temporary environments (adds active_sentry_environments config) (#168)

2.5.2

  • Fix govuk_app_config in Ruby 2.7 environments by explicitly requiring the 'delegate' library (#167)

2.5.1

  • Increase scope of data_sync_excluded_exceptions so that it includes subclasses (#165)

2.5.0

  • Use delegator pattern for GovukError.configure, to allow custom should_capture (#160)

2.4.1

  • Bump 'sentry-raven' to 3.1.1 to improve grouping of errors (#162)

2.4.0

  • Add new GovukHealthcheck::Mongoid and GovukHealthcheck::RailsCache health checks (#161)

2.3.0

  • Remove unused SidekiqQueueSizeCheck healthcheck base class (#156)

2.2.2

2.2.1

  • Fix linting issues (#149)

2.2.0

  • Monkey patch ActionDispatch::DebugExceptions#log_error so it logs errors on a single line (#147)

2.1.2

  • Add missing ActiveRecord rescue_responses (#142)

2.1.1

  • Revert using sentry option of rails_report_rescued_exceptions (#140)

2.1.0

  • Stop exceptions rescued by rails from appearing in Sentry (#138)

2.0.3

  • Add hmrc-uk.digital.nuance.com (Nuance/HMRC Webchat provider) and gov.klick2contact.com (HMPO web chat provider) to connect-src CSP list (#133)

2.0.2

  • Add www.gov.uk to CSP list (#129)
  • Add hmrc-uk.digital.nuance.com (Nuance/HMRC Webchat provider) to script-src CSP list (#130)

2.0.1

  • Reorder requires to resolve: "NameError: uninitialized constant GovukAppConfig::Railtie::GovukLogging"

2.0.0

  • Remove support for AWS X-Ray.

1.20.2

  • Fix GdsApi::HTTPIntermittentServer errors no longer being filtered from exceptions sent to Sentry.

1.20.1

  • Fix regression in error reporting code which caused an error.

1.20.0

  • Fix CSP in development
  • Add youtube-nocookie.com to consent security policy
  • Update dependencies
  • Update error reporting code

1.19.0

  • Use GOVUK_CSP_REPORT_ONLY and GOVUK_CSP_REPORT_URI to configure content security policy.

1.18.1

  • Fix incorrect report_uri= method usage in content security policy

1.18.0

  • Use Rails DSL to configure content security policy, allowing apps to modify the policy and use nonce features.

1.17.0

  • Tweak our CSP to work with 'dev.gov.uk'

1.16.3

  • Revert PR #89 - it relies on an unreleased feature of aws-xray-sdk

1.16.2

  • Don't log Context Missing Errors (ERROR -- : can not find the current context.)

1.16.1

  • Return Critical status for SidekiqRedis if Redis raises a connection error.

1.16.0

  • Add a DoubleClick domain to our content security policy.

1.15.1

  • Fix the UNICORN_TIMEOUT setting, which previously resulted in a crash on start.

1.15.0

  • Allow configuring the unicorn timeout through the UNICORN_TIMEOUT environment variable (default: 60).

1.14.0

  • Add content security policy support.

1.13.1

  • Remove formating from the Logstasher logger, used by default for the GDS API Adapters logging.

1.13.0

  • Configure the GDS API Adapters logger to use logstasher
  • More consistent log level configuration by default

1.12.0

  • Make ActiveRecord healthcheck more accurate

1.11.3

  • Add Initialized healthchecks

1.11.2

  • Fix crash on start due to incorrect method invocation.

1.11.1

  • Fix crash on start due to incorrect method invocation.

1.11.0

  • Disable X-Ray entirely if the GOVUK_APP_CONFIG_DISABLE_XRAY environment variable is set.

1.10.0

  • Only instrument the aws_sdk gem with AWS X-Ray if the XRAY_PATCH_AWS_SDK environment variable is present.

1.9.3

  • Do not report Sidekiq queue thresholds in healthchecks which are infinite or NaN.

1.9.2

  • Set a default segment name for XRay if the GOVUK_APP_NAME environment variable is missing, rather than throwing an exception.

1.9.1

  • Make XRay log missing segments (such as when executing rake tasks) as an error, rather than throwing an exception.

1.9.0

  • Record 1% of requests with AWS X-Ray.

1.8.0

  • Handle a health check which raises an exception.
  • Configure Sentry to only log on startup in the production Rails environment (if Rails is in use)

1.7.0

  • Add various convenience health check classes which make it easier to add custom checks into apps without writing lots of code.

1.6.0

  • Make health checks classes rather than instances, allowing internal data to be cached and improve performance.

1.5.1

  • Set the Content-Type of healthchecks to application/json.
  • Make the health check statuses symbols.

1.5.0

  • Add healthcheck support. See README.md for usage information.

1.4.2

  • Ignore ActionController::UnknownHttpMethod errors.

1.4.1

  • Check the inner exception as well for the intermittent failure behaviour added in 1.4.0, eg in the case of ActionView::Template::Error

1.4.0

  • Don't log intermittent errors from gds-api-adapters in Sentry, count them in Graphite instead

1.3.2

  • Update instructions to suggest that GovukUnicorn should be required directly require "govuk_app_config/govuk_unicorn" rather than passively through require "govuk_app_config" to isolate it from other configuration.
  • Move STDOUT/STDERR configuration inside GovukLogging module to reduce side effects when gem is initialised.

How to upgrade

  • In your applications config/unicorn.rb file change require "govuk_app_config" to require "govuk_app_config/govuk_unicorn"

1.3.1

  • Fix collection of Statsd gauge metrics

1.3.0

  • Include a class to configure unicorn to the common GOV.UK configuration

How to upgrade

  • Find or create a config/unicorn.rb file in the app
  • At the top of the file insert: 
    require "govuk_app_config/govuk_unicorn"
GovukUnicorn.configure(self)
  • If the app has the following, remove it: 
    # Load the system-wide standard Unicorn file
def load_file_if_exists(config, file)
  config.instance_eval(File.read(file)) if File.exist?(file)
end
load_file_if_exists(self, "/etc/govuk/unicorn.rb")

1.2.1

  • Use INFO log level for the default Rails logger

1.2.0

  • Upgrade unicorn gem from 5.3.1 to 5.4.0

1.1.0

  • Support statsd methods of decrement, count, timing, set, and batch

1.0.0

  • Add Unicorn (our web server) as a dependency
  • Use version 2.7.0 of the Sentry client.
  • Set up logging configuration for Rails applications.
  • Don't send ActionController::BadRequest to Sentry

How to upgrade

  • Remove gem 'unicorn' from your Gemfile
  • For Rails apps only:
    • Remove gem 'logstasher' from your Gemfile
    • Remove all config.logstasher.* configs from config/environments/production.rb
    • If the app has a config/initializers/logstash.rb remove it
    • If the app has any of the following (likely in config/environments/production.rb), remove it: 
      # Use default logging formatter so that PID and timestamp are not suppressed.
config.log_formatter = ::Logger::Formatter.new

# Use a different logger for distributed setups.
# require 'syslog/logger'
config.logger = ActiveSupport::TaggedLogging.new(Logger.new($stderr))

$real_stdout = $stdout.clone
$stdout.reopen($stderr)

0.3.0

  • Add time and gauge to GovukStatsd
  • Add GovukError.configure as an alias to Raven.configure

0.2.0

  • First actual release with support for Sentry

0.1.0

Empty gem.