Python-nightscout

Welcome to Release 14.2 Sweet Liquorice!

This release focuses on improving the overall security of Nightscout. 14.2 adds a new method for Nightscout to notify you of various security issues in your setup. After upgrading to the this release, if Nightscout wants to tell you something about the system security, you'll see a red megaphone appear in the Nightscout web client. To see the messages, you'll have to sign in using your API-SECRET or a token that's got administration privileges. Full details of the messages can be found in the Nightscout documentation: https://nightscout.github.io/nightscout/security/

Advance warning regarding future releases: we are likely to make compatibility breaking changes in upcoming releases that will change how the authentication flows with the Nightscout API works, along with changes to validation of data sent to Nightscout. If you're an app developer and are using the Nightscout APIs in your application, please join our Discord channel to learn about the changes are they're implemented. You can join the channel here: https://discord.gg/zg7CvCQ

Nightscout translations are now made in Crowdin. This is very easy even for non-technical folks, so please join and contribute! https://crowdin.com/project/nightscout

Note if you're running your instance with a very old MongoDB version, your installation might break. We've tested the release using MongoDB 4.2 and 4.4.

New Features and Improvements

* Administration messages support
* Bolus bubble rendering in Nightscout UI is now more configurable, see the new Settings in the client settings panel
* You can now configure Nightscout to disable battery alarms during night
* Security improvement: treatments and CGM entries sent over the REST API V1 are now filtered for XSS injection code
* A lot of work has been put into localization, huge thanks to all the contributors
* Reports now remember the settings you've chosen across sessions
* Alexa integration now supports Spanish
* Fixed a bug with AAPS updating CGM values after Dexcom rounds the value
* Added support for Portuguese and Slovenian
* Support for Traditional Chinese has been removed until we find a contributor to help with translating more of the software. The next release will remove support for Japanese unless a larger portion of the text has been translated by time of release.
* The site has now been tested to again work on iOS 9 devices

For developers

* APIV3 results are now wrapped differently from before
* Webpack was upgraded to V5
* Client JS bundling was simplified to just one bundle, cutting down bundling time to ~50% of current
* Removed cache invalidation token from bundling process and generating it on server boot
* Security improvement: generate strong persistent random string on deploy to use for JWT signing instead of api_secret
* Security improvement: moved api-secret and JWT signing to a separate centralized security component and deletes api_secret from environment, so it's not accessible elsewhere
* Security improvement: Clients can now send the api_secret using SHA512
* Moved some server components away from project root to make it easier to see what code runs in server vs client
* Fixes some issues reported by linter

Important note

Users using mmconnect plugin should immediately update to this release due to significant fixes in the newly release version of the mmconnect integration.

Changes

* The localization system was completely overhauled and now uses Crowdin for the translation process. If you want to help with translations, please contribute at https://crowdin.com/project/nightscout
* Many small fixes to UI including non-localizable text
* Refactored authentication, so read-only tokens work correctly when used to log in on a site that does not grant any default privileges
* Refactor mongo-storage and fix a bug with Promises in some Mongo configurations
* Fix clock views issue introduced in previous release, which broke the view for some users
* Fix a bug in client load while server is still starting
* Rename Weekly Success report to Weekly Distribution
* Docker builds are back on, using Github Actions
* API V3 now supports the cache layer introduced in API V1 in release 14.0
* Use new mmconnect release, which should fix issues with mmconnect
* Google Home and Alexa should now work with multiple simultaneous CGM sources

* Basal and careportal plugins are now enabled by default
* Test if database is in read only mode when Nightscout starts and give an error if read only mode is detected
* The client now checks if the server has loaded the initial data and is ready to server the client before letting user into the main UI
* Google Home and Amazon Alexa fixes for new installations
* Fixed Pushover crashing Nightscout if Pushover servers are returning an internal server error
* Fix swagger for APIv3
* Language updates
* Use the delta plugin data to show the delta in the clock views
* Update Node version checks during startup to refer to Node 10 and 12 & allow any LTS version
* Fix for disabling the BG alarms for simple alarms
* Load battery and other rare events up to two months back
* Unified black and color clock layouts
* Clock views now update data more frequently
* Fix how CSP policy is set for Helmet, fixes 6260
* Authorization fix for misformatted URLs that send auth token multiple times, causing Nightscout to fail
* Added unit test for batch upload of CGM entries
* Improved / removed some logging to reduce Papertrail load

This release fixes batch uploading of device status records and a timing related issue in cache flushing when data was deleted and inserted very quickly in succession

* Fix crash if carb absorption rate is blank
* Fix Pebble API endpoint not recognising mmol
* Improve environment variable parsing so extra white spaces are ignored
* Fix error page, so if there is trouble connecting to Mongo, a human readable error is shown
* Error page layout improvement to make it more friendly
* Fixes a memory leak in caching
* Fixes cache data injection on REST inserts by injecting the _id to inserted object correctly, so data backfills work as expected

* This release improves on the earlier MongoDB caching based on issues reported by users