XNAT 1.8.4 offers a series of improvements and bug fixes, primarily focused on site administration: resource management, event service, and improvements to the Admin UI. There are also a series of subtle but helpful user-facing UI improvements.
A series of high-priority bugs were addressed in this release:
- XNAT-6784 : Fixed a critical bug where long project IDs, datatype names, or usernames could cause data tables to fail.
- XNAT-6867 : Fixed a critical bug where imported ECAT image sessions and other non-catalog resources could not be deleted.
- XNAT-6912 : Fixed a critical bug where user accounts generated by the OpenID authentication plugin could not be administered, due to account name length and allowable characters.
- Fixed a series of security issues involving project creation, cross-site scripting, open URLs, resource rendering, and the search engine.
Key UI Improvements
- XNAT-6777 : Added UI and backend support to enable image session downloads at the subject level
- XNAT-6397 & XNAT-6520 : Enable proper handling of scan-level data listings
- XNAT-6926 : Allow project owners to restrict downloading of data via the UI based on a user's role in the project
- XNAT-6594 , XNAT-6830 : Fixed bugs rendering scan preview montages for scans with RGB data and scans without instance number data
- XNAT-6483 , XNAT-6708 , XNAT-6795 , XNAT-6938 : Minor UI improvements to data table filtering, project creation, project reassignment in the Prearchive, and display of recently imported data
User Registration/Authentication Enhancements and Restrictions
Since XNAT can support multiple means of user registration, via LDAP and OpenID plugins, users can potentially be presented with a confusing array of registration and help options via the UI. A series of tickets addresses this and other related user account management issues.
- XNAT-4648 : Allow site administrators to completely remove user registration links from the UI, via the Site Administration > Security > User Authentication Settings panel.
- XNAT-6948 : Allow site administrators to disable project access requests, via the Site Administration > Security > User Authentication Settings panel.
- XNAT-6957 : Create an API endpoint that can update user account information on request
- XNAT-6860 : Fixed a bug handling external login requests (via LDAP) to expired XNAT accounts
Resource File Management Improvements
Authorized users (or data processes) have always been able to upload files of any type as resources, attaching them to projects, subjects, or experiments. This includes HTML-formatted resources that can potentially contain damaging scripts which would be executed if rendered in the browser. In XNAT-1.8.4, we addressed this vulnerability by allowing site administrators greater control over resource rendering. We also addressed a series of other issues related to resources.
- XNAT-7002 : Added fine-grained control of whether HTML resources are rendered in the browser, and if so, what types. Full documentation is here: How To Restrict Rendering of XNAT Resources
- XNAT-6883 : Added support for adding non-imaging resource files in the Prearchive
- XNAT-6885 : Fixed a bug in imaging experiment serialization at the subject level
- XNAT-6947 : Fixed a bug that prevented downloading of resources with special characters in the file name
- XNAT-6913 : Fixed a bug that prevented in-browser rendering of PDF resource files
Event Service Improvements
- XNAT-6710 : Fixed a critical bug preventing event payloads from being processed on project assets (experiments that do not pertain to subjects)
- XNAT-6807 : Fixed a minor bug where adjusting project preferences could trigger a "Project Created" event
- XNAT-6950 : Fixed a bug where events could be modified even if server validation failed
- XNAT-6915 : Fixed a bug where events that affect multiple items simultaneously were failing to trigger corresponding event subscriptions
- XNAT-5933 , XNAT-5936 , XNAT-6487 , XNAT-6754 : Minor UI and UX improvements to Event Service subscription management
Other Admin UI Improvements
Several panels in the Admin UI have been refactored or moved to new locations and an array of new config settings have been made available. To help users navigate these changes, a search function has been added to the Admin UI to quickly identify and find settings.
- XNAT-6663 : Added a config item search panel to the upper right corner of the Admin UI that can lead users to every item stored as a site configuration. For config entries that do not have UI, users are directed to Swagger.
- XNAT-6605 & XNAT-6890 : Standardize outgoing email templates and add many more email notifications for specific events. Refactor the notifications section of the Admin UI to compensate.
- XNAT-6762 , XNAT-6765 , XNAT-6949 : Minor UI and UX enhancements to the Manage Users, Manage File System Paths, and Manage Data Types control panels
Various Backend Improvements
- XNAT-5212 : Fix a critical bug where series import filters are ignored by the "SI" session importer (compressed uploader)
- XNAT-6811 : Resolved an API permissions bug for users with the "Data Manager" role
- XNAT-6862 : Add API support for direct-archive importing introduced in XNAT 1.8.3. See: Using Direct-to-Archive Uploading
- XNAT-6910 : Workflow fix for bulk launching containers
- XNAT-6953 : Refactored the XNATExpiredPasswordFilter method
- XNAT-6973 : Workflow fix related to logging and auditing