v2023.04.25

What's Changed

• MaxSupportedMinClientVersion update. by @agr in #9406
• [WCP]alt attribute for img tag by @lyndaidaii in #9404
• Update Fabric Core to 11.0.1 by @dannyjdev in #9407
• URL redirect and ValidateIssuer CodeQL bugs by @advay26 in #9398
• [2FA] Update link msa/aad account page with legacy password account information. by @dannyjdev in #9408
• add domain avatars.githubusercontent.com by @lyndaidaii in #9425
• Update the issue template list to talk about sign in issues by @joelverhagen in #9432
• [A11y] Search page a11y fixes for tags and framework filter buttons by @advay26 in #9429
• [ReleasePre][2023.03.28]FI of main into dev by @lyndaidaii in #9443
• [ReleasePre][2023.03.28]FI of dev into main by @lyndaidaii in #9442
• Handle missing X-Forwarded-For header in TableErrorLog by @joelverhagen in #9444
• Fix accessibility issue - add missing header tag by @theot12 in #9446
• Fix accessibility issue - role required when aria-expanded attribute is used by @theot12 in #9445
• [A11y]The focus order is not in left to right order by @lyndaidaii in #9452
• [A11y] Fix Framework filter tooltip's confusing double behavior by @advay26 in #9454
• [A11y bug] More Information link on search results page is ambiguous. by @dannyjdev in #9458
• [ReleasePrep][2023.04.05]RI of dev into main by @advay26 in #9455
• Keyboard focus is not clearly visible by @lyndaidaii in #9456
• [A11y][Organizations]Ensures select element has an accessible name by @ryuyu in #9459
• Tooltip/popover placement update by @agr in #9457
• [A11y] TFM table differentiate versions for screen readers by @dannyjdev in #9463
• [A11y bug] Package Manager tab on Package details reads as both selected and expanded by @dannyjdev in #9460
• Disallow aria-expanded for collapsible elements without an allowed role by @theot12 in #9464
• Getting back the error message when uploading large files. by @agr in #9469
• Keyboard focus on owner list on package detail page by @lyndaidaii in #9470
• [A11y] Make screen readers start with packages list on Search Page. by @dannyjdev in #9465
• Add wakatime.com domain to whitelisted domains by @guibranco in #9448
• [a11y] remove span element in version history table by @theot12 in #9476
• [A11y] Add screen reader description to More information and Add new links by @dannyjdev in #9477
• [Search DV] Display deprecation and vulnerabilities on search page. by @dannyjdev in #9440
• [ReleasePrep][2023.04.25]RI of dev into main by @joelverhagen in #9483

New Contributors

• @guibranco made their first contribution in #9448

Full Changelog: v2023.02.27...v2023.04.25

v2023.02.27

What's Changed

• Update NuGetGallery.Services to address CG alerts by @joelverhagen in #9274
• Address accessibility for syntax highlighting by @lyndaidaii in #9273
• Fix Support link by @lyndaidaii in #9276
• Update Download table heading by @toseni in #9267
• Add instructions to install MSBuildSdk packages by @ianrathbone in #9268
• Added CSRF token checks to address CodeQL bugs by @advay26 in #9278
• Make thiner border for focused links by @MRmlik12 in #9277
• Fix bug around handling security advisories with 100 or more affected packages by @joelverhagen in #9279
• Correct link for email of new account verification by @lyndaidaii in #9284
• Use package's NormalizedVersion to create support requests by @drewgillies in #9285
• Upload page UX polish by @lyndaidaii in #9281
• Merge branch "main" into dev by @joelverhagen in #9296
• Return 404 when the null version is provided to the license endpoint by @joelverhagen in #9297
• Change VerifyGitHubVulnerabilities into a job by @joelverhagen in #9298
• Swap Package Manager and dotnet CLI tabs in display package UI by @drewgillies in #9302
• [ReleasePrep][2022.11.09]RI of dev into main by @ryuyu in #9305
• [A11y] Correct role attribute for package lists by @advay26 in #9303
• [A11y] Change role attribute of Recaptcha iframe by @advay26 in #9306
• [A11y] Removed incorrect role attribute from breadcrumb headings by @advay26 in #9311
• Update to latest client SDK to bring .NET 7 support onto the frameworks tab by @joelverhagen in #9312
• [A11y] Make aria-hidden elements not focusable by @camigthompson in #9314
• changed dotnet new example by @vlada-shubina in #9309
• [A11y] Remove aria-hidden attribute for prefix reserved element by @camigthompson in #9315
• [ReleasePre][2022.11.22] FI of dev into main by @lyndaidaii in #9317
• Add domain flat.badgen.net by @lyndaidaii in #9318
• Audit the AddCredential action after we commit to the DB by @joelverhagen in #9324
• Added support for .NET Framework 4.8.1 by @advay26 in #9327
• Selectively render the vulnerable element on manage packages page by @joelverhagen in #9328
• add document about how to deploy locally by @xiaoxstz in #9333
• Move the error message container outside of the Upload section by @joelverhagen in #9338
• Remove the client secret from AAD V2 authenticator by @joelverhagen in #9340
• Removes en-us to improve documentation localization by @JonDouglas in #9325
• [ReleasePrep][2023.01.01]RI of dev into main by @ryuyu in #9345
• [A11y][Fastpass] Remove aria-expanded attribute where not allowed by @camigthompson in #9348
• [A11y][Fastpass] Add role attribute where aria-label attribute is used by @camigthompson in #9349
• Search-by-TFM Frontend changes by @advay26 in #9342
• Search-by-TFM feature flight UI bug fix by @advay26 in #9357
• More telemetry for downloads service. by @agr in #9361
• [ReleasePrep][2023.01.26]RI of dev into main by @agr in #9362
• [TFM] net6.0-windows7.0 compatibility added. by @dannyjdev in #9364
• Update readme link by @lyndaidaii in #9358
• redirect to external privacy link by @lyndaidaii in #9347
• AAD account checks on packages for safety reports by @drewgillies in #9360
• Search-by-TFM Bug Bash feedback by @advay26 in #9366
• [ReleasePrep][2023.02.08] RI of dev into main by @zhhyu in #9383
• Add new domain for image allowlist by @lyndaidaii in #9378
• Fix two small UI issues (README bg color, Script & Interactive info) by @joelverhagen in #9385
• Modify warning message on display package page when missing readme by @lyndaidaii in #9365
• Search page A11y fixes by @advay26 in #9387
• Added null checks to mitigate exceptions on the '/profiles' pages by @advay26 in #9388
• Tags sometimes spill over into the next line when there are multiple of them by @advay26 in #9391
• Putting back missing word by @agr in #9394
• [ReleasePrep][2023.02.23]RI of dev into main by @RiadGahlouz in #9401

New Contributors

• @toseni made their first contribution in #9267
• @ianrathbone made their first contribution in #9268
• @MRmlik12 made their first contribution in #9277
• @vlada-shubina made their first contribution in #9309
• @xiaoxstz made their first contribution in #9333
• @JonDouglas made their first contribution in #9325

Full Changelog: v2022.10.19...v2023.02.27

v2022.10.19

What's Changed

• Report services are not using Blob storage SDK classes anymore. by @agr in #8484
• [nonGallery] Fix break in githubvulnerabilities2db dependency injection by @drewgillies in #8516
• [nonGallery] return backfill to order by date, batch size 1000 by @drewgillies in #8510
• Update CODEOWNERS to point at gallery group by @skofman1 in #8524
• Add survey banner by @lyndaidaii in #8526
• add feature flag for banner by @lyndaidaii in #8527
• [nonGallery] adjust backfill logic - remove redundant catch, process null TFMs by @drewgillies in #8528
• [ReleasePrep][2021.04.15]RI dev into main by @agr in #8530
• [a11y] Add popovers to verification checkmarks by @drewgillies in #8521
• [A11y] Make announcers read the version history table data correctly. by @dannyjdev in #8529
• [A11Y] Screenreader does not read required keyword for the control “Package Owner". by @dannyjdev in #8537
• [nonGallery] Adjust try blocks in TFM backfill, repair empty TFM metadata case by @drewgillies in #8531
• Adjust support request hint to include DMCA text by @drewgillies in #8536
• [Hotfix]change sql get vulnerabilities by package id by @lyndaidaii in #8540
• Added links to best practices page on package upload page by @sophiamfavro in #8542
• [A11y] Remove collapse from cancel button in ApiKey page. by @dannyjdev in #8539
• [A11y] Moved aria-labelledby so that announcer says correctly radio button grouping. by @dannyjdev in #8538
• Fixing build warning by @agr in #8518
• Agr blobs by @agr in #8517
• Revert "[Hotfix]change sql get vulnerabilities by package id" by @loic-sharma in #8555
• fixed missing flights for icons and readMes by @sophiamfavro in #8558
• [ReleasePrep][2021.04.26] RI of dev into main by @loic-sharma in #8553
• Resize image in readme by @lyndaidaii in #8568
• Change the link of trusted domains by @lyndaidaii in #8571
• Hide Licence file section on package upload if empty by @rocklan in #8550
• show some content of readme if is too long by @lyndaidaii in #8570
• Display version metadata only in an info box by @rocklan in #8554
• Add NUKE tab for dotnet tools by @matkoch in #8578
• [non-Gallery] Add a non-locked monitoring cursor for inspection during backfill job by @drewgillies in #8577
• Add banner to all pages by @lyndaidaii in #8579
• [ReleasePrep][2021.05.18]RI dev into main by @lyndaidaii in #8586
• Add caching to package details page vulnerabilities query by @drewgillies in #8580
• [ReleasePrep][2021.05.23]RI dev into main by @drewgillies in #8593
• Gallery instance uptime tracking by @agr in #8583
• New Display Package Page: created flight and setup for implementation of new page by @sophiamfavro in #8591
• Fix for package icons show up in search results in certain widths by @rocklan in #8551
• Created gird for new page layout of Display Package Page for redesign by @sophiamfavro in #8612
• [ReleasePrep][2021.06.01]RI of dev into main by @ryuyu in #8615
• Add link for reserved namespace error during package upload by @lyndaidaii in #8610
• Add accessible popovers to reserved checkmarks by @drewgillies in #8622
• Add accessible popovers to vulnerability alerts by @drewgillies in #8624
• [Readme]Add message for readme during validation by @lyndaidaii in #8608
• [nonGallery] Ingest withdrawn data in GitHub GraphQL by @drewgillies in #8544
• Set default flags in local environment by @lyndaidaii in #8630
• Tabs for the new Display Package page redesign by @sophiamfavro in #8625
• [ReleasePrep][2021.06.10]RI of dev into main by @agr in #8633
• Utilize vulnerabilities caching service for in manage packages page by @drewgillies in #8620
• [online safety] Add safety categories to report abuse form by @drewgillies in #8635
• Styled Header for new display package page by @sophiamfavro in #8639
• remove bullet point for tasklist by @lyndaidaii in #8629
• [Readme]Reduce space when display content in readme container by @lyndaidaii in #8609
• Fixed ImageDomainValidator for GitHub URLs by @nils-a in #8646
• Added warning banner for owners that description is in README tab by @sophiamfavro in #8656
• [Microbuild] NuGetGallery Update ServerCommon commit on build.ps1. by @dannyjdev in #8661
• [ReleasePrep][2021.06.28]FI of main into dev by @dannyjdev in #8663
• [ReleasePrep][2021.06.28]RI of dev into main by @dannyjdev in #8664
• Sidebar for New Display Package Page by @sophiamfavro in #8650
• Make the package downloads box a bit bigger for macOS by @joelverhagen in #8682
• Strip html comments from markdown by @CyberAndrii in #8667
• Improve API key expiration warnings by @loic-sharma in #8676
• modify pettry link by @lyndaidaii in #8658
• [ReleasePrep][2021.7.16]NuGetGallery of main into dev by @lyndaidaii in #8688
• Include app.codacy.com in trusted domain by @Tagliatti in #8687
• Fix newline breaks in markdown by @CyberAndrii in #8673
• Add npm audit warnings for Bootstrap JS by @joelverhagen in #8695
• [ReleasePrep][2021-07-20] RI of dev to main by @shishirx34 in #8696
• [Redesign] Update installation instructions by @loic-sharma in #8690
• Display NuGet Package Explorer link on details page. by @dannyjdev in #8697
• [AccountDeleter]Adding stubbed definition for missing DI objects. by @ryuyu in #8677
• [Redesign] Fix registration's link to the README by @loic-sharma in #8699
• Add admin panel for bulk unlisted or relisting packages by @joelverhagen in #8691
• new issue templates using forms by @zkat in #8683
• [Redesign] Add telemetry by @loic-sharma in #8701
• [Redesign] Improve Lighthouse score by @loic-sharma in #8707
• [Redesign] Add preview banner & URL by @loic-sharma in #8705
• [Redesign] Fix a few bugs by @loic-sharma in #8709
• Fixed line endings in DisplayPackage.cshtml by @agr in #8713
• [Redesign] Fix spacing of dependency groups by @loic-sharma in #8721
• [Redesign] Fix Safari font issue by @loic-sharma in #8723
• [Redesign] Fix README alerts if package hasn't passed validation by @loic-sharma in #8718
• [Redesign] Fix visual issues on narrow screens by @loic-sharma in #8724
• [Redesign] Address sidebar feedback by @loic-sharma in #8725
• [Redesign] Remove extra space on README warnings by @loic-sharma in #8730
• [ReleasePrep][2021.08.03]FI of master/main into dev by @zhhyu in #8733
• [ReleasePrep][2021.08.03]RI of dev into main by @zhhyu in #8734
• Render a canonical tag on each page by @MatthewSteepl...

v2021.04.08

Deployment: #8512

Changes:
Add dotnet local tool instructions tab (#8433)
Update Service Bus libraries from ServerCommon (#8420)
Update to new y18n version per npm audit (#8471)
Update DI for alt stats container (#8472)
reject empty readme file & fix error message for invalid extension (#8473)
improved the #r directive instructions (#8405)
a11y fix - remove horizontal scrollbar from page (#8499)
Added mandatory styles to add organizations page (#8500)
Preparing ErrorLog for secret refresh. (#8485)
CloudAuditService preparing for secret refresh (#8486)
show more link jumps problem (#8501)
Introduce a version-specific ID column for display purposes (#8504)

v2020.06.09

Addressed a cross-site scripting vulnerability detailed in CVE-2020-1340

v2019.01.14

20e0683 Not null the createdby on delete account (#6808)
04b8a6a License expression display in Gallery (#6784)
f5699cb Add DeleteIfExistsAsync and CreateAsync container APIs (#6812)
06e5747 Embedded license preview when uploading a package through UI (#6807)

NuGet Gallery release

v2018.12.12

Tag for the gallery release on 12/12/2018

v2018.11.12

95cbe09 Embedded license file ingestion for Gallery (#6580)
556e915 Add cache control for nupkgs/snupks in public containers (#6634)
36acf28 Add update blob properties support to cloud storage (#6640)
51ca9a7 Fix for broken package delete (#6642)
6cb7f30 Upload license expression redirect url logic (#6641)
5091aa4 ServerComon 2.36 to NuGetGalleryCore (#6643)
9855ce7 Don't attempt to send emails if they have no recipients (#6637)
85eeadd Added alternative license expression URLs to be allowed in without warning into Gallery (#6649)
f612b6c Revert "Redirect HTTP 400 to a specific error page instead of default or 500"

v2018.10.20

1b98757 (HEAD -> master, origin/master, origin/HEAD) Merge pull request #6333 from NuGet/dev
88b36b0 (origin/dev) Merge pull request #6332 from NuGet/chenriks-fi-conflicts
c1d08b7 Revert email retry (#6290) (#6331)
fe4f6e9 Merge branch 'master' into chenriks-fi-conflicts
0ac2f91 (dev) Improve manage certificates message (#6324)
f2436a7 Set the CacheControl property on packages blobs (#6297)
bc0954b (chenriks-jsrefs) [NuGet Symbol Server] Add download symbols support to Package details page (#6320)
baa5bc0 Retry failed emails (#6312)
665daa6 Change current version highlighting on package page (#6319)
fb22bd5 Make the upload progress bar resilient to slow uploads (#6306)
8ac0bcb If ConfirmEmailAddresses config is false, users should not be required to confirm changing their email (#6314)
1b3707e Backfill repo metadata tool (#6288)
e5bc4fb Cleanup (#6310)
ac9e62d Restore auto-add co-owner feature (#6289)
a9379ee Add ViewBase field to hide opensearch.xml link (#6304)
9b00ef8 Merge revert email retry from master to dev
b634f27 Revert email retry (#6290)
3805e2e [NuGet Symbol Server] Add Symbol push validation support (#6276)
7b7ed59 Fix (most) accessibility issues found by recent scan (#6215)