You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
Added
✨ Added a Service Name and Service ID so you can tell JIM instances apart at a glance. Set a friendly name per instance on the Service Settings page and see it under "JIM" in the sidebar, in the browser tab title, and in the footer. The Service ID is generated once per instance and never changes, useful for tooling, logs, and telemetry (#583)
✨ Predefined Searches can now be disabled and re-enabled without deleting them; disabled searches are hidden from the portal, the search API, and the sidebar navigation, while administrators can still manage them via the admin UI, the new /api/v1/predefined-searches endpoints, and the new Get-JIMPredefinedSearch / Set-JIMPredefinedSearch PowerShell cmdlets (#555)
✨ PowerShell cmdlets for System endpoints: Get-JIMHealth (with -Ready and -Live probes), Get-JIMVersion, Get-JIMAuthConfig, and Get-JIMUserInfo; health, version, and auth config cmdlets work without Connect-JIM via a -Url parameter (#468)
✨ Interactive API reference powered by Scalar, available at /api/reference in all environments including air-gapped deployments; OpenAPI document is pre-generated at build time for instant loading with zero runtime overhead
✨ Public API reference published to the JIM documentation site at tetronio.github.io/JIM/api/reference/; automatically updated on every release to match the published JIM version
✨ Clear Connected System activity now tracks and displays removal statistics, showing how many pending exports and connected system objects were removed (#74)
✨ New count endpoints for metaverse objects, connector space, and pending exports, with filtering by object type, partition, change type, and status; suitable for dashboards, SIEM integration, and capacity monitoring (#154)
✨ New user menu in the navigation drawer showing the signed-in user's avatar (with initials), display name and username, with pinning, dark mode and sign-out controls in a single polished popover (#49)
✨ Automated integration test metrics streaming to central tracking system with Grafana dashboards (#476)
🔒 API and PowerShell support for managing Role membership on Metaverse Objects, enabling administrators to appoint or remove additional admins without restarting the service (#467)
✨ New API endpoints for Role member management: list members, add member, remove member, get Role by ID, and list the Roles a Metaverse Object is a member of
✨ New PowerShell cmdlets Get-JIMRoleMember, Add-JIMRoleMember, Remove-JIMRoleMember, and Get-JIMMetaverseObjectRole with full pipeline support
✨ Get-JIMRole cmdlet now supports -Id parameter for direct Role lookup by identifier
🔒 Safety checks prevent administrator lockout: self-removal from the Administrator role and removing the last Administrator are both blocked with clear error messages
🔒 Sign-out with identity provider, gated by the SSOEnableLogOut service setting, with a confirmation dialog to prevent accidental clicks (#49)
Performance
⚡ Connected System detail lookups are much cheaper on write-path and validation API calls: introduced a lightweight GetConnectedSystemCoreAsync retrieval variant that loads only essential properties, and migrated the API controllers that previously paid for the full schema, partition and container graph just to verify the system exists (#494)
⚡ Connected System container hierarchy loading now handles arbitrary depth and avoids the cartesian-explosion risk of the previous 11-level hard-coded Include chain; containers are loaded flat and rebuilt into a tree in memory (#494)
⚡ Full Connected System loads now issue one database query for object matching rules instead of four, eliminating the fan-out that split-query mode introduced when walking Sources.ConnectedSystemAttribute, Sources.MetaverseAttribute, TargetMetaverseAttribute and MetaverseObjectType as separate Include branches (#494)
⚡ Default all EF Core queries to AsNoTracking, reducing memory and CPU overhead for read-heavy operations; write paths explicitly opt in to change tracking (#484)
⚡ Enriched diagnostic spans with cumulative object count and wall-clock offset tags for throughput profiling (#476)
⚡ Added MetricsCheckpoint log lines for guaranteed throughput tracking at any log level (#476)
Changed
🖥️ Partition-configuration validation errors now pinpoint the exact gap (hierarchy not imported, no partitions selected, or selected partitions have no container selected) and name the partition involved, replacing the previous generic "no partitions or containers have been selected" message and making misconfigurations far faster to diagnose (#564)
🖥️ Page footer now links the Tetron name to tetron.io and includes a GitHub link next to the version number (#49)
📦 File Connector storage uses the formal Docker named volume jim-connector-files-volume, mounted at /connector-files inside JIM Web and JIM Worker. Default deployments get working File Connector exports out of the box without any host-side permission setup. Customers integrating with external file shares bind-mount over a subdirectory of /connector-files. See the JIM File Connector documentation for both patterns.
Fixed
🐛 Group and other multi-valued-reference sync activities no longer produce duplicate execution items; cross-page reference resolution now merges reference attribute flow into the original Projected/Joined record instead of creating a second standalone "Attribute Flow" record for the same object. Fixes inflated activity counts and removes the confusing split-outcome rows that appeared in activity detail
🐛 Static member values and other multi-valued references on group activity detail pages now render as clickable user chips with display names instead of raw GUIDs; reference change records now carry their target as a proper foreign key so the link can be materialised on display
🐛 Export failures caught by exception handlers now produce Run Profile Execution Items reliably; previously a thrown connector exception could mark a batch failed without producing any RPEI, so the activity appeared to complete successfully despite silent export failures
🐛 Metaverse Object and Connected System Object change history is now persisted during sync RPEI flush and on single-object create, ensuring the audit timeline reflects every sync run
🐛 Sign-out with the bundled Keycloak no longer fails with "Missing parameters: id_token_hint"; JIM now persists the ID token during sign-in so the OIDC middleware can include it on the end-session request per the OIDC spec (#49)
🐛 Keycloak hostname configuration corrected so that browsers and Docker back-channel clients each get the right endpoint URLs, fixing sign-in and sign-out for all four deployment scenarios (Codespaces, devcontainer native, devcontainer Docker, production) (#49)
🐛 Connected System partition trees now include nested containers below the top level. Directories with nested organisational units (e.g. OU=Users,OU=Corp) are loaded and returned through the API in full, so administrators can select nested containers for import and automation can address them via PowerShell (#586)
Security
🔒 Supply chain hardening: all Docker base images are digest-pinned, all GitHub Actions are pinned by commit SHA, and the main branch is protected with required status checks including automated code review, CodeQL, container scan, and dependency scan (#520, #517, #521)
🔒 Patched transitive System.Security.Cryptography.Xml to 10.0.6 to address CVE-2026-33116 (low-severity DoS in EncryptedXml); the package is pulled in via ASP.NET Core Data Protection but not used by JIM at runtime
🔒 Patched basic-ftp CRLF injection vulnerabilities (GHSA-chqc-8p9q-pq6q and GHSA-rp42-5vxx-qpwr) and picked up Ubuntu Noble security updates for libldap and cifs-utils in all production container images
