Mwdb-core

**New features and improvements**:

* Performance improvements:
* Set collation of some string fields to 'C' to better utilize btree index. **Be aware that database migration may took a while** (https://github.com/CERT-Polska/mwdb-core/pull/959)
* Add index on comment.object_id column (https://github.com/CERT-Polska/mwdb-core/pull/988)
* Open-ID Connect improvements:
* Fetching userinfo claims from userinfo endpoint, previously we assumed that they'll be send along with ID Token (https://github.com/CERT-Polska/mwdb-core/pull/972)
* Plugin-customizable OpenIDProvider class (https://github.com/CERT-Polska/mwdb-core/pull/982)
* OpenID Provider group is no longer a workspace and doesn't imply sharing objects within group (https://github.com/CERT-Polska/mwdb-core/pull/974)
* Custom rate limit settings for specific group of users (https://github.com/CERT-Polska/mwdb-core/pull/987)
* Allow to set limit of tags returned by TagListResource (https://github.com/CERT-Polska/mwdb-core/pull/960)

**Bugfixes**:

* Fix internal server error when querying without field (by msm-cert in https://github.com/CERT-Polska/mwdb-core/pull/957)
* Fix: 'mwdb-core configure web' command after transition to Vite (https://github.com/CERT-Polska/mwdb-core/pull/966)
* Fix: 'Back' doesn't work in RecentView because of navigation loop (https://github.com/CERT-Polska/mwdb-core/pull/975)

**Full Changelog**: https://github.com/CERT-Polska/mwdb-core/compare/v2.13.0...v2.14.0

This release is focused on further improvements of search performance and bugfixes.

It's recommended to upgrade your karton-system to v5.4.0 before applying this upgrade.

**New features and improvements:**

* Improved performance of object lists in Web UI (https://github.com/CERT-Polska/mwdb-core/pull/949)
* Improved performance of wildcard queries for JSONB fields by psrok1 in https://github.com/CERT-Polska/mwdb-core/pull/943
* Karton is upgraded to v5.4.0 with much faster analysis status lookup method (https://github.com/CERT-Polska/mwdb-core/pull/938)
* Tags are passed to Karton tasks (by aBUDmdBQ in https://github.com/CERT-Polska/mwdb-core/pull/934)
* Frontend: added warning banner when server version is different than client version, so user needs to clear cache (https://github.com/CERT-Polska/mwdb-core/pull/950)
* Allow to set custom upload size limit via NGINX_MAX_UPLOAD_SIZE env var in mwdb-web Docker image
(https://github.com/CERT-Polska/mwdb-core/pull/930)

**Bugfixes:**

* Fix: ISE 500 on concurrent tag addition (https://github.com/CERT-Polska/mwdb-core/pull/926)
* Fix: ISE 500 when non-numerical value appears in range search in JSON column by psrok1 in https://github.com/CERT-Polska/mwdb-core/pull/953
* Fix possible issues with plugins after replacing Flask-RESTful with own implementation (https://github.com/CERT-Polska/mwdb-core/pull/937)
* Fix searching in diff mode (https://github.com/CERT-Polska/mwdb-core/pull/941)
* Fix too eager schema for FileItemResponseSchema.latest_config field that affected performance of getting file items (https://github.com/CERT-Polska/mwdb-core/pull/942)
* Fix unnecessary joined relationship for 'favorite' parameter affecting performance of searching and getting object lists (https://github.com/CERT-Polska/mwdb-core/pull/948)

New Contributors
* aBUDmdBQ made their first contribution in https://github.com/CERT-Polska/mwdb-core/pull/934

**Full Changelog**: https://github.com/CERT-Polska/mwdb-core/compare/v2.12.0...v2.13.0

**Upgrade highlights:**

If you use plugins that are adding new endpoints to the API, you need to fix `Resource` imports before upgrade: [What's changed](https://mwdb.readthedocs.io/en/latest/whats-changed.html#important-change-replaced-flask-restful-with-own-lightweight-implementation)

**New features and improvements:**

- Support for Prometheus metrics (https://github.com/CERT-Polska/mwdb-core/pull/908, [Prometheus metrics docs](https://mwdb.readthedocs.io/en/latest/prometheus-guide.html))
- Refactored search engine to improve search performance for configs, attributes and file names (https://github.com/CERT-Polska/mwdb-core/pull/906)
- UI: changed attribute adding modal to always show preview and make JSON values less concerning (https://github.com/CERT-Polska/mwdb-core/pull/921)
- Limited default verbosity of logs (https://github.com/CERT-Polska/mwdb-core/pull/909, see [note about enable_debug_log](https://mwdb.readthedocs.io/en/latest/whats-changed.html#important-change-changes-in-logging-introduced-prometheus-metrics))
- Added support for `execute` attribute that is passed to Karton to enable/disable execution in sandbox (https://github.com/CERT-Polska/mwdb-core/pull/904, thanks msm-cert)
- Flask-Limiter was replaced with direct use of limits library (https://github.com/CERT-Polska/mwdb-core/pull/915)
- Dropped usage of Flask-Restful (https://github.com/CERT-Polska/mwdb-core/pull/916)

**Bug fixes**:

- Fix: installation issues on Debian 12 (bumped psycopg2-binary to 2.9.9, https://github.com/CERT-Polska/mwdb-core/pull/922)
- Fix: ISE 500 on user removal (https://github.com/CERT-Polska/mwdb-core/pull/913)
- Fix: Don't treat 0 number as an empty attribute value (https://github.com/CERT-Polska/mwdb-core/pull/920)
- Fix: MWDB doesn't surrender on Karton when can't be loaded eagerly and tries to load it lazily (https://github.com/CERT-Polska/mwdb-core/pull/919)
- Web: Fixed race condition with applying request_timeout value (https://github.com/CERT-Polska/mwdb-core/pull/905)

**Full Changelog**: https://github.com/CERT-Polska/mwdb-core/compare/v2.11.0...v2.12.0

**New features and improvements:**

- Simple UI for uploading configurations and blobs (by postrowinski in https://github.com/CERT-Polska/mwdb-core/pull/803)
- Object tabs are extendable via plugins (by yankovs in https://github.com/CERT-Polska/mwdb-core/pull/896)
- Bump karton-core to v5.3.2 (by yankovs in https://github.com/CERT-Polska/mwdb-core/pull/902)

**Full Changelog**: https://github.com/CERT-Polska/mwdb-core/compare/v2.10.3...v2.11.0

Bugfixes:

- Bumped Werkzeug to 3.0.1 including critical fix for very slow upload of huge files having speciifc layout (see https://github.com/CERT-Polska/mwdb-core/pull/885)
- Fixed uneditable parent field in Upload view (https://github.com/CERT-Polska/mwdb-core/pull/879)

Bugfixes:

- Fixed default web_bundle_dir so webapp works correctly in standalone PyPi installation (https://github.com/CERT-Polska/mwdb-core/pull/873)