Safety vulnerability ID: 49528
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Nemo 4.1.0 updates its dependency 'Pillow' to v9.1.1 to include a security fix.
Latest version: 6.0.3
NEMO is a laboratory logistics web application. Use it to schedule reservations, control tool access, track maintenance issues, and more.
Upgrade notes
To enable the new sensor data plugin:
* Add `'NEMO.apps.sensors'` to `INSTALLED_APPS` in your `settings.py`
* Add a cron job to run every minute, either calling `docker exec -it nemo django-admin manage_sensor_data` or sending an http request to `/manage_sensor_data`
Live demo!
A live splash pad demo is now available at [https://nemo.nist.gov/demo](https://nemo.nist.gov/demo).
You can find the instructions on how to use it [here](https://github.com/usnistgov/NEMO#online-demo)
New features
* Added Sensor data plugin for temperature, humidity, gases etc.:
* Sensor cards can be created in a similar way to the interlock cards. Currently only Modbus TCP connection is available for sensors.
* Sensors can be added to a sensor card as well as Sensor categories to organize all the sensors.
* Sensor data can be displayed as a graph with different date ranges and data can be exported in csv file for further processing.
* Sensor email alerts can be set with a trigger condition or when no data is read for a sensor.
* The sensor dashboard will display sensor or categories as red when an alert has been triggered.
* Split customization settings into tabs for better readability and refactored it in a way that plugins can now add their own.
* Added option to make training required flag for new users optional (in customizations page).
* Added alternate email in user preferences (gear icon on top right corner in NEMO) as well as flags to decide which NEMO emails should be sent to the alternate email address.
Improvements
* Added landing page option flag to hide item from staff (visible to facility managers and admin only)
* Added minified version of most Javascript libraries to improve page load time
* Date pickers will now follow the format set for `DATETIME_INPUT_FORMAT`, `DATE_INPUT_FORMAT` and `TIME_INPUT_FORMAT` for better consistency throughout the application. Remove Bootstrap datepicker in favor of more versatile datetimepicker.
* Added red border on required reservation and post usage questions, and on failed validation to better spot where the error is. Updated validation checks to happen on any input rather than only on required ones.
* Added new REST_FRAMEWORK API permission: `'NEMO.permissions.DjangoModelPermissions'` that allows for more granular permissions. With this permission class, users need view permission on individual models (UsageEvent, Project, Account etc.) to be able to access the data in the REST API. The only exception is for accessing billing data, which requires the special `use_billing_api` permission to access since no models are directly associated with billing.
Bug fixes
* Fixed issue where staff status calendar was not respecting the closure staff_absent flag (always showing closure rather than only when flag is set)
* Fixed "Cancel outage" button not showing anymore
* Users should be logged in to access any media files. Thanks r-xyz for reporting and fixing this!
* Fixed a chicken-and-egg situation when migrating or creating migrations
Libraries
* Django 3.2.12 -> 3.2.13 (vulnerability)
* Moment 2.10.2 -> 2.29.3
* cryptography 36.0.2 -> 37.0.2
* Pillow 9.1.0 -> 9.1.1 (vulnerability)
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application