Skip to content

Production Release 2016-08-17#

This release contains a number of security fixes. The security fixes do not affect partner applications using the REST API. There are some new Partner-facing features (marked with 💡 ) and fixes (❗ )

august-oauth 2.0.34#

  • ASL1-8761 Improve token security
  • ASL1-9265❗ Captialization breaks OAUTH login
  • ASL1-9291❗ OAuth page refers to non-https fonts
  • ASL1-9462❗ Make password comparsion consistent between August app and OAuth

august-rest-api 0.0.148-HOTFIXES#

  • ASL2-933 correct august-rest-api's incorrect setup instructions
  • ASL2-946 Lock operations is not displayed in Activity Feed
  • ASL1-3005 Move the tracking of the lock/unlock from the logging db to the august db
  • ASL1-7906 PUT /locks/:lockID/:userID/:type does not accept invited user's information
  • ASL1-8653 Fix for 3rd party OAuth token management
  • ASL1-8760 House activity feed endpoint returns keypad events if called by Guest
  • ASL1-9107 iOS Can't delete invitations from August app
  • ASL1-9196 (Internal)
  • ASL1-9258 (Internal)
  • ASL1-9265❗ Captialization breaks OAUTH login
  • ASL1-9271 (Internal code cleanup)
  • ASL1-9272 Read from Activity Log & Logging DB For Lock Related Activity
  • ASL1-9295 Measure accuracy of the lock state on the server
  • ASL1-9319 (Internal database cleanup, missing names in invitations)
  • ASL1-9343 /activity not returning results
  • ASL1-9347💡   Partner PINs should also accept iCal format for recurring schedule
  • ASL1-9382 Enforce the proper permission on the following end points
  • ASL1-9415 RRULE extracted from iCal data format string causes 500 on initiatecomm endpoint
  • ASL1-9458 getLockBatteryPercentage should give different answers for Helios and Jupiter.
  • ASL1-9466 The timezone endpoint should be restricted to superuser.
  • ASL1-9492 Whitelist motion detection in get activity logs endpoint
  • ASL1-9515 Timezone end point should only be called by a lock superuser
  • ASL1-9516 Lock firmware endpoint should be limited to lock superusers
  • ASL1-9517 setnotification end point is not secure
  • ASL1-9532 Security Fix For Initiate Comm Actions
  • ASL1-9554 Security work
  • Connect-612 (Internal notifications of HomeKit operations)
  • Connect-613 (Internal notifications of keypad operation)
  • Connect-614 (Internal notifications of keypad operation)
  • Connect-660 Generate single event for currently supported operations.
  • Connect-741 Fully implement the scan command
  • Connect-811 In case of a timeout response to ACS, retry with a timeout
  • Doorbell-1833❗ Doorbell - doorbells/mine and doorbell/:doorbellID -> should return the same doorbell object
  • Doorbell-1905 (Internal work)
  • Doorbell-1960 (Internal work)
  • Keypad-1415 Update the notification registration endpoint to accept unverified users
  • Keypad-1418 Support new updating state for PIN syncing
  • Keypad-1419 Use different battery scale for K2 Keypads in log processing
  • Keypad-1420 Relax Delete PIN commit checking
  • Keypad-1538❗ Keypad operations should appear in the activity feed
  • PART-363 API endpoint to support AugustAccess AugustWorksWith Integration

august-notification-server 1.0.32#

  • ASL1-9286 - Sending email from wrong domain: change to august.com