Releases: sjacorg/bayanat
Release list
v4.0.2 — Security + reload fix
Security
- Bumped vulnerable dependencies in
uv.lock:urllib32.6.3 → 2.7.0 (high, GHSA-48p4-8xcf-vxj5 sensitive headers forwarded across origins in proxied redirects; GHSA-pq67-6m6q-mj2v decompression-bomb bypass in streaming API)lxml6.0.2 → 6.1.0 (GHSA-pp7h-53gx-mx7r, high, XXE initerparse/ETCompatXMLParser)pillow12.1.1 → 12.2.0 (GHSA-2vfv-wwj6-7q47, high, FITS GZIP decompression bomb)pypdf6.10.0 → 6.10.2 (medium, three RAM-exhaustion advisories)python-dotenv1.2.1 → 1.2.2 (medium, symlink-following inset_key)Mako1.3.10 → 1.3.11 (medium, path traversal inTemplateLookup)pytest9.0.2 → 9.0.3 (dev, medium, vulnerabletmpdirhandling)
- Bumped
axios1.15.0 → 1.16.0 (frontend dep, GHSA-4hjh-wcwx-04pq DoS via large response).
Fixed
- Admin "Reload" button now actually reloads the app.
uwsgi.iniwas missing thetouch-reload=reload.inidirective, so the maintenance task touched the file with no effect on the running workers. After upgrading, existing installs should also appendtouch-reload=reload.inito/bayanat/uwsgi.iniif they have local edits to that file. - Allowed-extensions validator now accepts up to 5-character file extensions (previously capped at 4 characters). The cap rejected valid extensions like
mhtml,xhtml, andjhtmlfromMEDIA_ALLOWED_EXTENSIONSandSHEETS_ALLOWED_EXTENSIONS. - Restored the native browser PDF viewer for inline preview.
Full changelog: v4.0.1...v4.0.2
v4.0.1 — Bulk OCR hotfix
Fixed
- Bulk OCR: celery worker now consumes the
ocrqueue. The systemd unit written by the installer was only subscribing to the defaultceleryqueue, so tasks dispatched by bulk OCR (UI andflask ocr process) silently piled up in Redis. Single-media OCR was not affected.
Upgrading existing v4.0.0 installs (in-place patch, no reinstall)
sudo sed -i.bak 's|worker --autoscale 2,5 -B$|& -Q celery,ocr|' /etc/systemd/system/bayanat-celery.service
sudo systemctl daemon-reload
sudo systemctl restart bayanat-celeryVerify: sudo journalctl -u bayanat-celery --since "30 seconds ago" | grep -A 3 '\[queues\]' — should list both celery and ocr.
Fresh installs
The installer on main now ships the correct unit — no action needed beyond the standard install command.
Full changelog: v4.0.0...v4.0.1
Bayanat v4.0.0
Bayanat v4.0.0
Bayanat v4 is a major release focused on two things: document intelligence — a new OCR pipeline with provider choice, an editable Extraction model, and text search and translation — and operations — a one-command installer, Alembic database migrations, a diagnostics command, and a hardened security posture.
Highlights
Document Intelligence
v3 had a basic Tesseract helper that tried to extract text from PDFs during media import. v4 replaces it with a full document intelligence pipeline:
- Provider-agnostic OCR. A new pluggable backend supports Google Vision and any OpenAI-compatible chat-completions endpoint — local engines like Ollama, LM Studio, vLLM, and llama.cpp; open-weight vision-language models like LLaVA, Qwen-VL, Llama 3.2 Vision, and MiniCPM-V; hosted commercial providers like OpenRouter, Together, Groq, and Fireworks; or Google Vision. Administrators switch providers at any time from the system administration dashboard without touching
.envor restarting (#315). Invalid env values are coerced to a safe default at boot. - Extraction model. OCR results are now first-class data. The new
Extractiontable stores per-media text with status, confidence, language, and a full JSONrawfield containing provider output including multi-page PDF pages. - Editable with history. Editors can correct OCR output inline; every change goes through a revision-tracked history (#265).
- On-demand translation. Any extraction can be translated from the document view through the configured provider — Google Translate when using Google Vision, or the same LLM endpoint when using an LLM backend (#259).
- Search inside documents. Extraction text is searchable from the media dashboard with trigram indexing for fast ILIKE/similarity queries (#240, #259, #286).
- PDF and DOCX support. Multi-page PDFs are processed with a configurable page cap; DOCX files are extracted directly (#272).
- Parallelized bulk OCR. Bulk jobs use Celery with rate limiting and per-task isolation so a single failure doesn't poison the batch (#265, #285, #289).
- Text Map overlay. When using Google Vision, an opt-in UI overlay draws the per-word bounding boxes on top of the document image so you can verify detection visually. Falls back to plain text for LLM providers (#265).
- S3 storage backend support throughout the OCR pipeline (#260, #261, #262).
One-Command Install and Atomic Upgrades
A new CLI installer (#290) stands up Bayanat end-to-end from a fresh server:
curl -sL https://raw.githubusercontent.com/sjacorg/bayanat/main/bayanat | sudo bash -s install yourdomain.comThe installer provisions PostgreSQL + PostGIS, Redis, the application, the worker, and Nginx, and sets up a symlink-based release layout at /opt/bayanat/ with shared configuration and media that persists across updates. Switching versions is instant and rolling back is just as fast.
Database Migrations via Alembic
v4 replaces the old loose SQL migration files with Alembic through Flask-Migrate (#302). Upgrading from v3 is now a single idempotent command:
flask db upgradeA baseline revision consolidates all pre-v3.0 schema changes into one idempotent migration, so installs from v2.4 onward upgrade cleanly. flask db current shows the applied revision; flask check-db-alignment validates that the live schema matches the models.
Diagnostics and Operations
flask doctor— new comprehensive installation health check that verifies the Python environment, database connection, Redis, Celery worker presence, filesystem layout, and config (#309).flask check-db-alignmentgained Alembic status reporting and structured output (#309).- Docker entrypoint now runs Alembic migrations automatically on container startup.
- Ruff pre-commit hook catching unused imports and syntax errors before they reach CI (#309).
- Lightweight pytest CI with service containers — 770+ tests run on every PR (#299).
- New VitePress documentation site replacing the old Wiki.js setup (#269), with restored peer-review, threat model, methodology, export flowchart, and packages docs (#283, #284).
Security Hardening
- Content Security Policy. v4 introduces CSP headers and other security headers via Flask-Talisman (#238). This is new — v3 had no CSP and no Talisman in its dependencies.
- Exception message sanitization to prevent stack traces from leaking in error responses (#273).
can_access_mediapermission for fine-grained control over media dashboard access (#280).views.pysplit into 18 sub-modules underenferno/admin/views/for tighter code isolation and review surface (#252). Import paths for anything underenferno.admin.viewshave changed.- Published
SECURITY.md(#306). This file did not exist in v3. - Updated threat model to V3.0 (#236). v3 shipped with Threat Model V2.9.0; v4 is an update.
- CodeQL added as a new workflow alongside the existing pip-audit, Semgrep, and retire-js scans.
- Dependency security patches: cryptography, pypdf, cbor2, pygments, yt-dlp, axios (#273, #279, #300, #304, #307, #312).
Search and UI Improvements
- Chips-based advanced text search (#228)
- Redesigned advanced search layout (#264)
- New actor map query visualization using Leaflet (#226) — a new
MapVisualization.jscomponent - Redesigned labels management with hierarchy constraints: no self-parent, sibling title uniqueness (#266)
- Coordinates input for GeoMap without requiring map clicks (#237)
- PDF thumbnails rendered on media cards via a new
PdfThumbnail.jscomponent (#234) - TinyMCE rich-text editor synced with Vuetify dark mode (#294)
- Color picker discoverability improvements (#274)
- New account security page template (#271)
- Personal vs organization settings clarified (#267)
- Activity monitor: "Subject" → "Affected Item" (#246)
- Missing person profile: "Last Address" → "Place of Disappearance" (#291)
- Username display in user dropdowns (#231)
- Ethnographic information added to the Short Actor dialog (#295)
- CSV import metadata now queryable (#233)
- Notification drawer usability tweaks (#248) — drawer width, hover-only mark-as-read, mark-all button, subtler urgent-notification styling
- Fixed media preview, playback, and shared-media regressions (#235, #244, #296)
Performance
- Fixed N+1 query patterns across search and list views (#287)
- Pre-fetch OCR IDs instead of OR-subquery for search (#286)
- Media loading optimizations (#241)
- GIN trigram indexes on extraction text fields
- Increased uWSGI buffer-size to prevent 502 errors under load (#278)
- Font-display swap for faster text rendering (#297)
- S3 GetObject call eliminated after put_object on direct upload (#314)
Data Model and Integrity
- New
Extractiontable for OCR results with edit history (#240, #265) - Media orientation field for image rotation (#265)
- Label constraints: self-parent prevention, sibling title uniqueness (#266)
- Media orphan cleanup with per-entity etag uniqueness (#311)
- Dynamic field bug fixes and core field seeding for search dialogs (#263, #276)
- Modernized datetime and SQLAlchemy patterns to remove deprecation warnings (#313)
Breaking Changes
- All deployments must run
flask db upgrade(see upgrade guide below) - Old SQL migration files in
enferno/migrations/are deprecated in favor of Alembic views.pysplit into sub-modules — downstream code that imported fromenferno.admin.viewsdirectly will need path updates
Upgrade Path
See Upgrading to v4. Short version:
pg_dump <your-database> > bayanat-backup-$(date +%Y%m%d).sql
git fetch --tags
git checkout v4.0.0
uv sync --frozen
uv run flask db upgrade
# restart bayanat + bayanat-celeryAcknowledgements
Thanks to everyone who filed bugs, contributed code, and reviewed changes. v4 represents about six months of work since v3.0.0 (2025-11-29), spanning 76 merged pull requests across OCR, search, security, deployment tooling, and infrastructure.
Full changelog: v3.0.0...v4.0.0
bayanat v3.0.0
Major Changes
- Dynamic Forms: Bayanat has moved from the fixed database structure in the three main components, Actors, Bulletins, and Incidents, to a dynamic fields system. This allows administrators to create custom fields for these entities without the need to modify the database schema directly, or the application code. This provides greater flexibility in tailoring the system to specific organizational needs.
- New form builders are available for the three main components, accessible via the System Administration menu. Administrators can create, edit, and delete custom fields, as well as organize their layout within the forms. The core fields remain intact, but most of them can now be hidden if not needed.
- Administrators can create long or short text, number, date and time, and single and multi-select dropdowns.
- Fields can be marked as required and searchable.
- Searchable fields will be included in the advanced search tool for the respective component.
- A major architectural change in this release is the migration to using uv for managing the Python virtual environment and dependencies. This change aims to streamline dependency management and improve the overall maintainability of the Bayanat codebase.
- Several user interface enhancements and bug fixes.
For a complete list of changes, please refer to the Changelog section below.
Upgrade Steps
Please ensure the Bayanat database, config.json and the .env files are backed up before beginning this upgrade.
After stopping all Bayanat services, carefully follow the following steps to upgrade to this version:
-
Migrate to uv:
-
Install uv if your system doesn't already have it.
-
Install the dependencies:
cd /bayanat uv venv uv sync -
If you additionally want to enable voices transcription through OpenAI's Whisper and OCR through Google's Tesseract, installation the optional requirements:
uv sync --extra ai -
Edit systemd service files for bayanat and celery to reflect the new virtual environment:
sudo systemctl edit --full bayanat.service sudo systemctl edit --full bayanat-celery.serviceYou should change refereces in
ExecStartandEnvironmentfrom the old environment directoryenv/to.venv/. Check the installation manual for an up-to-date template.
-
-
Database migrations:
psql -d bayanat -f enferno/migrations/20250109_174532_create_originid_indices.sql psql -d bayanat -f enferno/migrations/20250820_101500_create_dynamic_fields_table.sql psql -d bayanat -f enferno/migrations/20251003_144517_seed_incident_core_fields.sql -
Restart services.
Changelog
- Add FE validation for events by @apodacaduron in #149
- Truncate long descriptions and add "Show More" toggle by @apodacaduron in #148
- Limit event comments to 255 chars by @apodacaduron in #159
- chore(deps): bump pypdf from 5.5.0 to 6.0.0 in /requirements by @dependabot[bot] in #156
- Search for related a/b/i not using cursors by @apodacaduron in #158
- Inconsistency between the date entry format and the display format by @apodacaduron in #151
- Add restrictions to location search UI by @apodacaduron in #154
- UV by @level09 in #163
- Dialogs are fullscreen and not sizing properly by @apodacaduron in #157
- Improve test infrastructure and security updates by @level09 in #162
- Broken progress steps in sheets import by @apodacaduron in #160
- Filter event types in map visualization by @apodacaduron in #150
- Update uwsgi.ini for UV virtual environment by @level09 in #167
- Date format inconsistency by @apodacaduron in #169
- Removed list items cannot be reselected without resetting field by @apodacaduron in #170
- Threat Model V2.9.0 by @ahmadko in #166
- Fix Black invalid Configuration by @level09 in #171
- Fix test failures after AI dependencies installation by @level09 in #168
- Tests Cleanup: remove unnecessary config.test.json and unused imports by @level09 in #173
- Login dialog blocks 2FA enrollment by @apodacaduron in #174
- Add account status to user dashboard by @tarekio in #172
- Fix table not rendering on system logs page by @apodacaduron in #177
- Fix graph visualizations and incident and activity search by @tarekio in #176
- Add origin id field to actor and bulletin searchbox by @apodacaduron in #140
- Fixes session handling issues with Flask-Session Redis backend during login/logout operations by @level09 in #181
- Use correct const for approved export notification by @tarekio in #179
- Fix a leftover cfg var by @tarekio in #187
- Session Dialog Fix - Implementation by @level09 in #188
- fix: adjust search request data structure for specific endpoint by @tarekio in #191
- Add event date to popup in map by @apodacaduron in #175
- Warning when closing Activity search dialog by @apodacaduron in #182
- Related Items View Not Loading Correctly by @apodacaduron in #184
- Add catch to copy coordinates popup by @apodacaduron in #192
- chore(deps): bump axios from 1.8.2 to 1.12.0 by @dependabot[bot] in #190
- chore(deps): bump jsondiffpatch from 0.6.0 to 0.7.2 by @dependabot[bot] in #189
- Event locations list drop down after selection by @apodacaduron in #183
- Add scroll to menu in system administration page by @apodacaduron in #193
- Upgrade outdated FE packages by @apodacaduron in #197
- Adjust props syntax and fix typo by @apodacaduron in #195
- Audit
enferno/staticfolder using retire js by @apodacaduron in #198 - Validation error messages lack detail by @apodacaduron in #185
- Improve setting labels in diff (System Administration) by @apodacaduron in #194
- fix: handle missing query parameter in graph visualization by @tarekio in #203
- Remove package json and npm references by @apodacaduron in #201
- Standarize component registration pascal case by @apodacaduron in #200
- Add verified labels field to short actor form by @apodacaduron in #206
- fix: cast and strip whitespace for ID number in sheet import by @tarekio in #207
- Ignore Python build artifacts by @level09 in #204
- Fix security audit workflow environment by @level09 in #210
- fix: add first peer reviewer attr to bulletins, actors, and incidents API responses by @tarekio in #212
- Add activity validations and types by @tarekio in #214
- fix: correct text formatting in two-factor authentication selection page by @tarekio in #213
- Dynamic Fields System for Flexible Entity Customization by @level09 in #100
- chore: update messages.pot by @tarekio in #215
- Upgrade dependencies to address security vulnerabilities by @level09 in #218
- Prevent information exposure in error responses by @level09 in #219
- fix: remove error from dyn field failure response to prevent exposure by @tarekio in #220
- Event not displayed in cards by @apodacaduron in #221
- Fix long text wrapping issue in diff dialog by @apodacaduron in #209
- Form builder: Fix state collision by @apodacaduron in #223
- Exclude secrets from configuration revision history by @level09 in #225
New Contributors
Full Changelog: v2.9.0...v3.0.0
bayanat v2.9.0
Features, Improvements, Fixes
This will be updated shortly.
Upgrade Steps
Please ensure the Bayanat database, config.json and the .env files are backed up before beginning this upgrade.
After stopping all Bayanat services, carefully follow the following steps to upgrade to this version:
-
Upgrade deps:
source env/bin/activate pip install -r requirements.txt -
Database migrations:
psql -d bayanat -f enferno/migrations/20250115_120200_export_ref_to_tags.sql psql -d bayanat -f enferno/migrations/20250527_000000_search_optimization_indexes.sql psql -d bayanat -f enferno/migrations/20250623_120954_create_id_number_types.sql psql -d bayanat -f enferno/migrations/20250623_184016_actor_id_number_migration.sql psql -d bayanat -f enferno/migrations/20250718_153735_create_notification_table.sql -
Restart services.
What's Changed
- feat: Harden nginx config by @zhabiba24 in #40
- bugfix: remove no longer needed options watcher by @crnogaj in #43
- docs: update API docs for web import endpoints by @cango91 in #47
- BYNT-1275: CSRF rate limiting by @cango91 in #49
- new YT-DLP upgrade + minor upgrade of few other libs by @level09 in #53
- Database Migration: add database migration guidelines to CONTRIBUTING.md by @level09 in #59
- BYNT-1322: Change Export.ref to Export.tags by @cango91 in #55
- feat: OpenAI Whisper Integration by @cango91 in #48
- fix: satellite imagery is broken in GeoMap and GlobalMap by @apodacaduron in #46
- Video playback issues by @apodacaduron in #45
- bugfix: missing @celery.task decorator for web import by @tarekio in #63
- fix import of media mixin on import log by @apodacaduron in #66
- fix clear search behavior bulletins by @apodacaduron in #64
- Fix 'Invalid Date' in Import Log Dialog by @apodacaduron in #74
- Fix pagination after bulk updates on the bulletins page by @apodacaduron in #72
- Dependency upgrades by @level09 in #79
- fix: replace existing media check which sqlalchemy doesn't recognize by @tarekio in #80
- Permanent fix for non-English media filenames by @tarekio in #81
- bug: BYNT-1335 - Error Parsing Doc/Pdf on Media Import by @cango91 in #61
- Bump jinja by @tarekio in #85
- Support pre-3.12 versions by @tarekio in #84
- Move media import processing to celery fully by @tarekio in #83
- Bynt-1328/1332 Preserving Arabic titles media import/Web Import Can't Import Content With Long Titles by @cango91 in #67
- Tweak to media import settings language and defaults by @tarekio in #90
- Optimize Celery tasks by implementing connection pooling by @level09 in #88
- Update dependencies in requirements files by @level09 in #91
- Improve ETL code by @tarekio in #89
- Bump @babel/runtime from 7.26.0 to 7.26.10 by @dependabot[bot] in #87
- Bump axios from 1.7.8 to 1.8.2 by @dependabot[bot] in #86
- Dependency Upgrades by @level09 in #96
- Auto scroll to invalid elements by @apodacaduron in #71
- bump requests version. by @cango91 in #101
- bug: BYNT-1331 - Web Import downloads low quality by @cango91 in #62
- Add missing dz property on extradropzone by @apodacaduron in #103
- Setup wizard goes into loop when 2fa is activated by @apodacaduron in #99
- bug: Setup Test Modifies Production Configuration by @cango91 in #76
- Show Arabic content if English is missing by @tarekio in #105
- Test Improvements by @cango91 in #60
- Migrate image gallery from PhotoSwipe to lightgallery.js by @apodacaduron in #98
- Fixes for issues in sheet imports by @tarekio in #104
- BYNT-1274: Configure Logging Behavior by @cango91 in #51
- Add title max length warning by @apodacaduron in #70
- Duplicated rows when creating records by @apodacaduron in #75
- BYNT-807: Add search to location admin levels and types by @cango91 in #112
- chore(deps): bump urllib3 from 2.4.0 to 2.5.0 in /requirements by @dependabot[bot] in #115
- Specify v4 s3 signatures to allow buckets with KMS encryption by @tarekio in #82
- BYNT-1362: Add search for actor tags by @cango91 in #110
- Bynt-1351: Missing whisper handling by @cango91 in #111
- Secondary language not displayed in preview by @apodacaduron in #113
- Bynt 1301 css adjustment unifield by @apodacaduron in #117
- Remove videojs example files by @apodacaduron in #118
- Location dialog is broken by @apodacaduron in #120
- BYNT-1337 - Export error handling by @cango91 in #108
- Implement better handling of server responses in handle request error by @apodacaduron in #114
- BYNT-1365: Webauthn device name validation using form extension by @cango91 in #119
- BYNT-1370/1/2: ID Number Types and Actor.id_number migration by @cango91 in #121
- BYNT-1383: Set default for radius by @cango91 in #128
- System administration new design by @apodacaduron in #58
- New Short Actor Form & Bulletin Dialog Redesign by @apodacaduron in #109
- chore(deps): bump pillow from 11.2.1 to 11.3.0 in /requirements by @dependabot[bot] in #125
- Ensure only non-empty strings are converted to JSON arrays by @level09 in #137
- BYNT-1368: Sheet Import - Actor Move Origin ID by @cango91 in #123
- chore: merge validation utils into a single file by @cango91 in #130
- Implement new login design by @apodacaduron in #116
- replace hardcoded url with one from the config by @apodacaduron in #138
- Add confirmation for resetting an import sheet mapping fix back btn by @apodacaduron in #134
- BYNT-1387: enforce password policies in backend + chore: configure gitleaks to ignore tests by @cango91 in #129
- BYNT-1400: Handle new ID number in Sheet Import (BE) by @cango91 in #141
- BYNT-1391: Add DELETE Mapping endpoint by @cango91 in #133
- Show delete button as soon as ID Number input is dirty by @apodacaduron in #142
- Media file is not fully visible after rotation by @apodacaduron in #146
- chore(deps): bump form-data from 4.0.1 to 4.0.4 by @dependabot[bot] in #145
- Make event title optional by @apodacaduron in #143
- BYNT-1389: Standardize API Responses by @cango91 in #131
- Search Optimization Rewrite by @level09 in #97
- Update torch version to 2.8.0 in optional requirements by @level09 in #152
- bynt-1364: implement username and email validation for user endpoints by @cango91 in #126
- Fix Code Scanning Potential Stack Trace exposure by @level09 in #153
- Notification system 🚨 by @cango91 in #50
New Contributors
- @zhabiba24 made their first contribution in #40
- @crnogaj made their first contribution in #43
- @tarekio made their first contribution in #63
Full Changelog: v2.4.0...v2.9.0
bayanat v2.4.0
New Features
- Archiving evidence: utilize
yt-dlpto archive video evidence from popular websites. The feature allows users to import files from the web into Bayanat. The users needs to be authorized by an administrators and a list of allowed websites can be added from the system settings, along with proxy settings. Admins can check the status of imported items from the Media Import Log dashboard. - Editable Locations Admin Levels: allows the administrators to add or delete administrative levels to match the target country. The order of the levels in the full location can also now be changes, again to allow for matching the target country.
- Editable Potential and Claimed Violation Categories: these two lists are now customization from the Component Data dashboard.
- Add Audio Playback Support: an audio player will allow users to play audio files attached to items directly from Bayanat without the need to download the files. Administrators still need to allow upload of audio files.
- Reauth and Verify popup: a popup will allow the user to re-authenticate when they lose their session while working (e.g. working for a long time on an item, after which the system logs them out for inactivity). This will prevent the users from losing their work in such scenarios. The popup will also appear when the user attempts an action that requires strong authentication.
- Add Tags to Actors: users can now add free tags when editing Actors.
Improvements
- Move force reset from System Settings to Users dashboard.
- Tweak user permissions terminology in the User card to make them simpler to understand.
- Fix long text overflow in preview drawers.
- Minor improvements to search.
- Include Actor Profiles in Actor CSV exports.
- Make PDF a default export format.
- Add an option to load default system settings.
- Add a confirmation message for deleting an event in Incidents.
- Add frontend validations for Actor columns.
- Invoke webauthn immediately after login when active.
- Rename all instances of Ref/Refs to Tag/Tags.
- Prioritize video files in Media section.
- UI/UX improvements to 2FA pages.
- UI/UX improvements to System Setting dashboard.
- Client-side sorting in System Log dashboard.
- Remove webauthn settings from System Setting, allow by default.
- Other improvements to UI/UX.
Bug Fixes
- Fix a bug that prevented Actor type search.
- Fix a bug that prevented Sources of Actor profiles from appearing in related Actor results.
- Fix a bug that caused props warning when dragging chips in Sheets Import.
- Fix a bug in validations on switch Actor types in Sheets Import.
- Fix a bug that caused multiple log entries of the same event.
- Fix a bug that caused the data table not to reset to first page when a new search is carried.
- Fix a bug that caused inconsistent results when searching for refs/tags in Bulletins.
- Fix a bug in CSV file import code.
- Fix a bug that caused Actor relationship information to be hidden.
- Fix a bug that caused focus issues with dialogs and TinyMCE.
- Fix bugs in export dashboard and card.
- Fix a bug that prevented file paths in source links.
- Fix a bug that prevented the application of max file size setting in media import dashboard.
Other
- Fix typos in frontend strings.
- Minimal Sqlalchemy2.x / Flask-sqlalchemy3.x Upgrade
- Simplified models structure, moving models into their own files.
- Phase out legacy Pydantic remnants.
- Update requirements.
Please ensure the Bayanat database, config.js and the .env files are backed up before beginning this upgrade.
This version brings Bayanat to compatibility with Ubuntu 24.04.
After stopping all Bayanat services, carefully follow the following steps to upgrade to this version:
-
Upgrade deps:
source env/bin/activate pip install -r requirements.txt -
Database migrations:
-
Admin Levels table migrations:
BEGIN; ALTER TABLE location_admin_level ADD COLUMN display_order INTEGER; UPDATE location_admin_level SET code = new_values.new_code, display_order = new_values.new_code FROM ( SELECT id, ROW_NUMBER() OVER (ORDER BY code, id) AS new_code FROM location_admin_level ) new_values WHERE location_admin_level.id = new_values.id; ALTER TABLE location_admin_level ADD CONSTRAINT location_admin_level_code_key UNIQUE (code); COMMIT; -
Migration for User web import permission:
ALTER TABLE "user" ADD COLUMN IF NOT EXISTS can_import_web BOOLEAN DEFAULT FALSE; -
Migration for the bug fix in ref in Bulletins:
UPDATE bulletin SET ref = '{}' WHERE ref IS NULL; ALTER TABLE bulletin ALTER COLUMN ref SET DEFAULT '{}'; ALTER TABLE bulletin ALTER COLUMN ref SET NOT NULL; -
Migration for adding tags to Actor:
ALTER TABLE actor ADD COLUMN tags VARCHAR[] DEFAULT '{}' NOT NULL; -
Migration for renaming refs to tags in Bulletin:
ALTER TABLE bulletin RENAME COLUMN ref TO tags; -
Check all migrations are successful:
flask check-db-alignment
-
-
Restart services.
What's Changed
NOTE: These PRs were completed on a private repository prior to the move to this public one.
- Experimental search improvements by @tarekio in #542
- Merge master into prod by @tarekio in #545
- Minimal Sqlalchemy2.x / Flask-sqlalchemy3.x Upgrade by @level09 in #489
- Simplified Models structure by @level09 in #503
- Move force reset from sys settings to users by @tarekio in #512
- Make Admin-Levels Editable by @cango91 in #505
- Make PV/CV editable on the component-data dashboard by @cango91 in #491
- Bugfix: Actor Type Search by @cango91 in #548
- Resolve Import bugs (Country / Ethnography) in Actors by @level09 in #549
- Incidents: No confirmation message for deleting an event by @apodacaduron in #551
- Sheets Import: Props warning when dragging chips by @apodacaduron in #552
- Sheets Import: fix validations on switch actor types by @apodacaduron in #553
- Fix Missing Person Details by @cango91 in #534
- Show
Sourcesin<actor-result>Components by @cango91 in #493 - Export Actor Profiles as CSV by @cango91 in #559
- Reauth popup by @apodacaduron in #560
- Fix typo in translation by @apodacaduron in #567
- Add FE validations for Actor columns by @apodacaduron in #562
- Update and sync package-lock file by @level09 in #565
- Fix missing color prop on switch by @apodacaduron in #571
- Fix duplicate logs 🪵 by @cango91 in #544
- Add export format json to configs - 2 by @apodacaduron in #569
- docker version pinning by @tarekio in #588
- Add Audio Playback Support by @cango91 in #535
v-data-table-serversync fix by @cango91 in #584- Improve user permission names by @apodacaduron in #572
- Invoke webauthn immediately after login by @apodacaduron in #576
- Upgrade all dependencies to the max compatible version possible by @level09 in #563
- Reauth popup 2fa support by @apodacaduron in #577
- PDF Export: export all profile descriptions by @cango91 in #536
- Actors Validation Fix: # Children by @cango91 in #554
- Add an Option to load default system settings ↩️ by @cango91 in #543
- Phase Out Legacy Pydantic Remnants by @cango91 in #566
- PreviewCard: Fix long text overflow by @apodacaduron in #587
- Archiving evidence by @level09 in #579
- Make reauth popup only listen to 401 requests by @apodacaduron in #595
- Remove webauthn setting by @tarekio in #593
- Adv Search Bugfix for Multiple Excluded Terms by @cango91 in #583
- Sort items per update_at by @tarekio in #603
- System Logs: Add client side table sorting by @apodacaduron in #597
- Advanced Search Bugfix: Ref inclusion/exclusion inconsistency by @cango91 in #594
- Upgrade all dependencies by @level09 in #608
- Integrate maxFilesize to media and sheets import dropzones by @level09 in #605
- Fix table sync (again) by @tarekio in #602
- Data Import Log dashboard is not responsive by @apodacaduron in #607
- Fix console warning "toDataUrl on HTMLCanvasElement" by @apodacaduron in #598
- Add validation to No of Children by @apodacaduron in #606
- Make system settings toolbar sticky by @apodacaduron in #570
- CSV export, improve code quality by @cango91 in #575
- Restore Default Config Command by @cango91 in #526
- Updates to user dialog and sidebar by @apodacaduron in #573
- Validation Fix: Allow Filepath for Source Link by @cango91 in #590
- Allow to go back to 2FA selector by @apodacaduron in #596
- Export card style broken and status not refreshing by @apodacaduron in #555
- Reauth popup breaks 2FA setup when 2FA is enforced by @apodacaduron in #613
- Validation improvements by @cango91 in #609
- make GOOGLE_MAPS_API_KEY optional by @tarekio in #616
- Fix error in config var name by @tarekio in #617
- Prioritize videos in media section by @apodacaduron in #582
- Locations: Fix focus retention in nested dialogs of TinyMCE editor by @apodacaduron in #581
- Labels are invisible in dark mode by @apodacaduron in #604
- Hide Number and Parent ID when not available by @apodacaduron in #585
- Verify popup by @apodacaduron in #578
- BYNT-587: Add tags to Actor by @cango91 in #610
- Tweak pre-commit config by @tarekio in #619
- Remove all references to webauthn by @tarekio in #600
- Warnings in the import log dashboard by @apodacaduron in #615
- Incidents to actor relation is not show in the actor preview card by @apodacaduron in #614
- CSV Import Bugfix: Reset correct seq_id by @cango91 in #589
- BYNT-1312: change all references to ref/refs for bulletins by @cango91 in #612
- BYNT-1325: Centralize URL valida...
bayanat v2.2.4
- Fix a bug in Media category serialization.
- Fix time validation issue in Media screenshots.
- Fix date validation bug.
- Update translations.
- Fix typos in strings.
- Upgrade requirements.
This is a minor version which brings bug fixes, update translations and upgrading requirements.
After stopping all Bayanat services and backing up the database, follow the following steps:
-
Upgrade deps:
source env/bin/activate pip install -r requirements.txt -
Database migrations:
No database migrations required to upgrade to this version.
-
Restart services.
bayanat v2.2.0
- UI Setup Wizard: Bayanat now comes with a wizard that helps installer set up Bayanat before first use. The wizard will allow the installer to seamlessly create the first admin account, customize some settings to better match the country or context the users will be working on, set security policies and enable or disable important features. After the completion of the wizard, Bayanat will be ready to use and there will be some extra steps that the admin may need to further customize their Bayanat. These steps will be appear in the dashboard with guidance.
- Improvements to Actor dialog UI/UX.
- Improve UI of save button in Actors, Bulletins and Incidents.
- Improvements to System Settings dashboard UI/UX, improve help text.
- Redesign Media card; introduce UI/UX improvements, display more information about the media file.
- Changes to Media deduplication detection.
- Migrating deduplication dashboard to Vue3, improvements to UI/UX.
- Refactor the way relationship info is fetched from backend.
- Add more children search options to Actor.
- Allow export of embedded images in descriptions in PDF.
- Add copy to review dialog search fields.
- Enable full text search to Actor Profile columns, now possible when searching in Actors.
- Disallow duplicate files in Media upload dialog.
- Introduce backend permission checks for full history access.
- Add System Settings validations.
- Add tests for Access Control.
- Add tests for import endpoints.
- Changes to typehints to make them more readable.
- Move all Python print statements to logger.
- Upgrade to Pydantic 2.x.
- Upgrade to python 3.12.
- Upgrade requirements.
- Cleanup unneeded static files.
- Fix a bug which caused uploading or importing files with non-English characters to fail.
- Fix a bug in Sheet Import tool that prevent scrolling in last step.
- Fix a bug in Flask 404 and 500 error pages.
- Fix a bug in Component Data dashboard that prevented scrolling.
- Fix a bug in System Logs dashboard.
- Fix a bug in System Administration dashboard.
- Fix a bug that caused existing uploaded files to be cleared when uploading more files to the file upload dialog.
- Fix a bug in Sheet Import tool when using CSV file.
- Fix a bug in Sheet Import tool.
Please ensure the Bayanat database, config.js and the .env files are backed up before beginning this upgrade.
This version brings Bayanat to compatibility with Ubuntu 24.04.
After stopping all Bayanat services, carefully follow the following steps to upgrade to this version:
-
Upgrade deps:
source env/bin/activate pip install -r requirements.txt -
Database migrations:
-
Media table migrations:
BEGIN; -- Step 1: Remove the existing unique constraint on etag ALTER TABLE media DROP CONSTRAINT IF EXISTS media_etag_key; -- Step 2: Add a new index on etag if it doesn't exist CREATE INDEX IF NOT EXISTS ix_media_etag ON media (etag); -- Step 3: Add a new partial unique constraint CREATE UNIQUE INDEX IF NOT EXISTS ix_media_etag_unique_not_deleted ON media (etag) WHERE deleted = FALSE; COMMIT; -
Actor Profiles FTS migrations:
BEGIN; ALTER TABLE actor_profile ADD column search text generated always as ( id::text || ' ' || COALESCE(originid, '') || ' ' || COALESCE(description,'') || ' ' || COALESCE(source_link,'') ) stored; CREATE INDEX ix_actor_profile_search ON actor_profile USING gin (search gin_trgm_ops); COMMIT; -
Check all migrations are successful:
flask check-db-alignment
-
-
Add
SETUP_COMPLETE=trueto yourconfig.jsonfile. If you havejq, you can run the following:
mv config.json config.json.backup; jq '.SETUP_COMPLETE=true' config.json.backup > config.json
You can also make this change manually.
- Restart services.
bayanat v2.1
- UI/UX improvements to cards, dialogs and data tables.
- UI/UX improvements to Sheets Import tool.
- Major rewrite of node visualization code.
- Enable administrators to revoke users two factor authentication devices.
- Improve session security and privacy by removing unneeded information from API response.
- Allow users to filter items using their own filters.
- Improvements to translations code
- Allow clearing of assignee and reviewer in bulk operations.
- Enforce to_date > from_date in Events.
- Remove absolute paths from system logs.
- Fix multiple bugs that restricted admin access to certain operations.
- Fix multiple bugs in items selection in data tables
- Fix multiple bugs that prevented media viewing in cards.
- Fix a bug that caused relationships to appear twice in preview cards.
- Fix a bug that prevented non-admin users from restricting items upon creation.
- Fix a bug in incident get route
- Fix a bug that caused some fields in Actor search to be hidden.
- Fix a bug in skin markings import
- Fix a bug in 'Filter related to' search buttons.
- Fix a bug in Location description edit box.
- Fix a bug in edit button handler in Actor card
- Fix a bug that caused geo location types to reset after reentering the advanced search dialog.
- Fix a bug in Location card map.
- Fix a bug in date fields in Incident advanced search.
- Fix a bug in Incident number of items in data table.
- Fix a bug in Incident form title.
- Fix a bug in date fields.
- Fix a bug that prevented incident card preview
- Fix a bug in Father and Mother name search fields in Actor.
- Fix a bug in adding refs from review dialog.
- Fix a bug in Location type and admin level search.
- Fix a bug in locations map visualization in the Bulletin card.
- Fix a bug in event map visualizations in Actor card.
- Fix cascading flashed messages upon sign.
- Hide delete location button from non-admin users.
- Fix multiple issues in validations.
- Improve tests coverage.
- Adding threat model.
- Migrate to PyPDF.
- Upgrade requirements.
This version brings lots of UI/UX improvements, bug fixes and minor new features.
After stopping all Bayanat services and backing up the database, follow the following steps:
-
Upgrade deps:
source env/bin/activate pip install -r requirements.txt -
Database migrations:
No database migrations required to upgrade to this version.
-
Restart services.
bayanat v2.0
- Upgrade to Vue 3.4 and Vuetify 3.6 accompanied by big improvements to the user interface and experience.
- Moving user settings to a global drawer and rearranging.
- Improving the UI of security pages (password change, 2FA, etc.).
- Overall improvements to cards and dialogs and dark mode.
- Session management: This feature allows administrators to track and manage user's sessions.
- View current and past user sessions.
- Logout specific or all sessions of a user.
- Settings to dis/allow concurrent user sessions and retention period for the sessions data.
- Introducing validations to user input, improving security and data consistency. The validations cover most core Bayanat API endpoints.
- System Log dashboard:
- Administrators can track errors in their instances and report it to us easily.
- Log settings can be set in the
.envfile.
- Automatic backups:
- Backups can be saved locally or to an S3 bucket.
- Settings can be set set in the
.envfile for security purposes.
- Improvements to code quality, adding type hints.
- Adding API documentation and improving docstrings in back-end code.
- Fix a bug in Google Maps API key setting.
- Fix a bug in User Groups dashboard paging.
- Fix a bug which cause the 'No Access Groups' checkbox to be automatically checked.
- Separate tests from config.json and improving test coverage.
- Improving translations coverage and adding translations for Chinese (simplified and traditional).
- Upgrade dependencies.
- Remove Flask Cache.
Please ensure the Bayanat database, config.js and the .env files are backed up before beginning this upgrade.
After stopping all Bayanat services, carefully follow the following steps to upgrade to this version:
-
Upgrade deps:
source env/bin/activate pip install -r requirements.txt -
Database migrations:
-
Session table migrations:
BEGIN; CREATE TABLE sessions ( id SERIAL PRIMARY KEY, user_id INTEGER NOT NULL, session_token VARCHAR(255) UNIQUE NOT NULL, ip_address VARCHAR(255), created_at TIMESTAMP DEFAULT current_timestamp, updated_at TIMESTAMP DEFAULT current_timestamp, deleted BOOLEAN, last_active TIMESTAMP, expires_at TIMESTAMP, meta JSON, is_active BOOLEAN DEFAULT TRUE, CONSTRAINT fk_user FOREIGN KEY (user_id) REFERENCES "user" (id) ON DELETE CASCADE ); COMMIT; -
Roles table migrations:
BEGIN; ALTER TABLE "role" DROP CONSTRAINT "role_name_key"; ALTER TABLE "role" ALTER COLUMN "name" DROP NOT NULL; WITH updated_rows AS ( UPDATE "role" SET "name" = concat('Custom_role_', id::text) WHERE "name" IS NULL RETURNING id ), max_id AS ( SELECT max(id) AS max FROM updated_rows ) SELECT setval(pg_get_serial_sequence('role','id'), COALESCE((SELECT max FROM max_id), 1)) WHERE EXISTS (SELECT * FROM max_id); ALTER TABLE "role" ALTER COLUMN name SET NOT NULL; ALTER TABLE "role" ADD CONSTRAINT "role_name_key" UNIQUE ("name"); COMMIT; -
Check all migrations are successful:
flask check-db-alignment
-
-
Restart services.