Mwdb-core

**New features and improvements:**
- Refactored mechanism that handles JWT tokens used for authorization (https://github.com/CERT-Polska/mwdb-core/pull/542, KWMORALE)
It's recommended to rollup your API keys after upgrade because they use slightly different format that is more compliant with [RFC7519](https://datatracker.ietf.org/doc/html/rfc7519). All previously generated API keys will be honored by further 2.x.x releases of MWDB Core.
- API key token is shown only just after creation due to security reasons (https://github.com/CERT-Polska/mwdb-core/pull/524, KWMORALE)
- Repository name shown in navbar can be set directly in MWDB configuration (https://github.com/CERT-Polska/mwdb-core/pull/521, KWMORALE)
- Added new hooks for various MWDB actions that can be intercepted in plugins (https://github.com/CERT-Polska/mwdb-core/pull/513, wklimek)
- Added configurable rate limits for specific endpoints and methods (https://github.com/CERT-Polska/mwdb-core/pull/523, wklimek)
- Karton analysis association can be removed from object (https://github.com/CERT-Polska/mwdb-core/pull/533, wklimek)
- Added relative date-time ranges in search (https://github.com/CERT-Polska/mwdb-core/pull/555, wklimek)
- Added visual indicator for non-editable groups in Administration panel (https://github.com/CERT-Polska/mwdb-core/pull/519, wklimek)
- Extendable upload form (https://github.com/CERT-Polska/mwdb-core/pull/541, thanks yankovs!)

**Bugfixes:**
- Fixed exception handling for exceptions that happen out of request context (https://github.com/CERT-Polska/mwdb-core/pull/522)
- Fixed crash in web application when user clicks "Add" in Attributes box and no attributes are available to add (https://github.com/CERT-Polska/mwdb-core/pull/539, thanks chivay!)
- Removed too short limit of field length in OpenID Connect Provider configuration (https://github.com/CERT-Polska/mwdb-core/pull/552)
- Fixed ISE 500 caused by concurrent assign of Karton analysis on the same object (https://github.com/CERT-Polska/mwdb-core/pull/576)
- Fixed remove of self-loop relationship that causes removal of all permissions to the object (https://github.com/CERT-Polska/mwdb-core/pull/579)
- Various fixes in documentation

Special thanks to wklimek for all contributions and dd8917vk for catching few regressions during development!

Bugfix release that bumps Flask and Karton dependencies. In addition, we pin `itsdangerous==2.0.1` due to `2.1.0` release that breaks installation of MWDB Core 2.6.0.

**Changes:**
- Pinned `itsdangerous` to 2.0.1
- Bumped versions of the following dependencies:
- `karton-core` from 4.2.0 to 4.3.0
- `Flask` from 1.1.2 to 2.0.2 and related dependencies to latest versions
- `Werkzeug` from 1.0.1 to 2.0.3
- `uwsgi` from 2.0.19.1 to 2.0.20

Release made to create correct Docker image for v2.6.0 version by fixed CI workflow

**Key changes**:

- **Support for OpenID Connect authentication**
You can play with it using our development setup: https://github.com/CERT-Polska/mwdb-core/blob/master/dev/oidc/README.md
- **JSON values in attributes**
Whole objects can be stored as attribute value instead of single string. In future: we plan to implement template-based rich formatting to visually represent these objects in tables, lists, collapsible trees etc.
- **New Attribute API** - better designed API for accessing attriibutes that supersedes old Metakey API

**New features and improvements**:

- Transactional tag adding during upload. Now you can upload your file and related tags within the same request (https://github.com/CERT-Polska/mwdb-core/commit/7b05dfb21d981342acb1506fbbb1cc4008c337bd)
- `comment_author:` search field that allows to search for objects commented by selected user (https://github.com/CERT-Polska/mwdb-core/pull/454)
- `upload_count:` search field that allows to search for objects related with more than N different user uploads. (https://github.com/CERT-Polska/mwdb-core/pull/466)
- `multi:` search field that allows to search for multiple hashes separated by spaces (https://github.com/CERT-Polska/mwdb-core/pull/470)
- MWDB stores all file names that object appeared with, not only the first one (https://github.com/CERT-Polska/mwdb-core/pull/482)
- Introduced server-side statement timeout, along with customizable client-side timeouts (currently hardcoded to 8 seconds for general Web requests and 60 seconds for file upload from Web)

**Bugfixes and improvements**:

- **Fixed faulty login/recover password page that responds with `Session expired` instead of actual error** (https://github.com/CERT-Polska/mwdb-core/pull/461)
- **Fixed password recover in `Settings` page when administrator wants to send new password link to different user** (https://github.com/CERT-Polska/mwdb-core/pull/475)
- **Fixed race conditions resulting in ISE 500 on adding/removing the same tags concurrently** (https://github.com/CERT-Polska/mwdb-core/pull/459)
- Correct handling of missing API endpoint when static files are served by Flask (https://github.com/CERT-Polska/mwdb-core/pull/472)
- Fixed ISE 500 when non-UUID value was passed to `karton` attribute (https://github.com/CERT-Polska/mwdb-core/pull/474)
- Fixed wrong type conflict check during object upload (https://github.com/CERT-Polska/mwdb-core/pull/477)
- `karton:<uuid>` search field supports single wildcard to filter out not analyzed samples (https://github.com/CERT-Polska/mwdb-core/pull/451)
- CRC32 hash is zero-padded to 8 bytes (https://github.com/CERT-Polska/mwdb-core/pull/495)
- Added mouseover text for attribute keys (https://github.com/CERT-Polska/mwdb-core/pull/490)

CI pipeline testing before the actual stable v2.6.0 release.

**Bugfixes**:

- Plugins were not built correctly in Docker environments due to change from `npm install` to `npm ci` in Dockerfile. That change was reverted (https://github.com/CERT-Polska/mwdb-core/pull/449)