ImisDevelopers
diff --git a/‎CONTRIBUTING.md‎
Lines changed: 2 additions & 0 deletions b/‎CONTRIBUTING.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 2 additions & 1 deletion b/‎README.md‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎SECURITY.md‎
Lines changed: 44 additions & 0 deletions b/‎SECURITY.md‎
Lines changed: 44 additions & 0 deletions
diff --git a/‎SERVER_CUSTOMIZATION.md‎
Lines changed: 7 additions & 0 deletions b/‎SERVER_CUSTOMIZATION.md‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎SERVER_UPDATE.md‎
Lines changed: 26 additions & 1 deletion b/‎SERVER_UPDATE.md‎
Lines changed: 26 additions & 1 deletion
diff --git a/‎sormas-api/src/main/java/de/symeda/sormas/api/ConfigFacade.java‎
Lines changed: 2 additions & 0 deletions b/‎sormas-api/src/main/java/de/symeda/sormas/api/ConfigFacade.java‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎sormas-api/src/main/java/de/symeda/sormas/api/FacadeProvider.java‎
Lines changed: 6 additions & 0 deletions b/‎sormas-api/src/main/java/de/symeda/sormas/api/FacadeProvider.java‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎sormas-api/src/main/java/de/symeda/sormas/api/caze/CaseDataDto.java‎
Lines changed: 11 additions & 0 deletions b/‎sormas-api/src/main/java/de/symeda/sormas/api/caze/CaseDataDto.java‎
Lines changed: 11 additions & 0 deletions
@@ -10,6 +10,8 @@
 
 Please read adhere to the following guidelines when submitting new issues. This allows us to process your request as quickly as possible. Make sure to always use the templates that are automatically provided when creating an issue.
 
+If you want to report a **security issue**, please follow our guideline for [*Responsible Disclosure*](SECURITY.md).
+
 **Important:** Whenever creating a new issue, **please search the repository for similar issues first** to avoid duplicates. You can do this manually or by using the search functionality in the header and limiting your results to the SORMAS repository.
 
 * [Bug Report](#bug-report)
 
@@ -20,7 +20,8 @@ You can give SORMAS a try on our play server at https://sormas.helmholtz-hzi.de!
 Read through our [*Contributing Readme*](CONTRIBUTING.md) and contact us at [email protected] or join our [developer chat on Gitter](https://gitter.im/SORMAS-Project) to learn how you can help to drive the development of SORMAS forward and to get development support from our core developers. SORMAS is a community-driven project, and we'd love to have you on board! If you want to contribute to the code, please strictly adhere to the [*Development Environment*](DEVELOPMENT_ENVIRONMENT.md) guide to ensure that everything is set up correctly. Please also make sure that you've read the [*Development Contributing Guidelines*](CONTRIBUTING.md#development-contributing-guidelines) before you start to develop.
 
 #### How Can I Report a Bug or Request a Feature?
-Please [create a new issue](https://github.com/hzi-braunschweig/SORMAS-Project/issues/new/choose) and read the [*Submitting an Issue*](CONTRIBUTING.md#submitting-an-issue) guide for more detailed instructions. We appreciate your help!
+If you want to report a **security issue**, please follow our guideline for [*Responsible Disclosure*](SECURITY.md).  
+For bugs without security implications, change and feature requests, please [create a new issue](https://github.com/hzi-braunschweig/SORMAS-Project/issues/new/choose) and read the [*Submitting an Issue*](CONTRIBUTING.md#submitting-an-issue) guide for more detailed instructions. We appreciate your help!
 
 #### Which Browsers and Android Versions Are Supported?
 SORMAS officially supports and is tested on **Chromium-based browsers** (like Google Chrome) and **Mozilla Firefox**, and all Android versions starting from **Android 7.0** (Nougat). In principle, SORMAS should be usable with all web browsers that are supported by Vaadin 8 (Chrome, Firefox, Safari, Edge, Internet Explorer 11; see https://vaadin.com/faq).
 
@@ -0,0 +1,44 @@
+# Security Policies and Procedures
+
+This document outlines security procedures and general policies for the SORMAS
+project.
+
+  * [Reporting a Security Bug](#reporting-a-security-bug)
+  * [Disclosure Policy](#disclosure-policy)
+  * [Comments on this Policy](#comments-on-this-policy)
+  
+If you want to report a bug which is not security sensible, please [submit an issue](https://github.com/hzi-braunschweig/SORMAS-Project/blob/development/CONTRIBUTING.md#submitting-an-issue). 
+
+## Reporting a Security Bug
+
+Our team and community take all security bugs in SORMAS seriously.
+Thank you for improving the security of SORMAS. We appreciate your efforts and
+responsible disclosure and will make every effort to acknowledge your
+contributions.  
+Unfortunately, SORMAS does not offer a paid bug bounty programme or other forms of compensation.
+
+Report security bugs by emailing at **[email protected]**.
+
+We will acknowledge your email and follow up with a response within 10 business days, or explain why a reply may take longer. The response will indicate the next steps in handling your report.  
+After the initial reply to your report, the security team will endeavor to keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
+
+Report security bugs in third-party modules to the person or team maintaining
+the module.
+
+
+## Disclosure Policy
+
+When the security team receives a security bug report, they will assign it to a
+primary handler. This person will coordinate the fix and release process,
+involving the following steps:
+
+  * Confirm the problem and determine the affected versions.
+  * Audit code to find any potential similar problems.
+  * Prepare fixes for all releases still under maintenance. These fixes will be
+    released as fast as possible.
+
+## Comments on this Policy
+
+If you have suggestions on how this process could be improved please submit a
+pull request.
+
@@ -36,6 +36,13 @@ The following properties are currently configurable:
   * `geocodingServiceUrlTemplate` is the url for searching for address details, `${street}`, `${houseNumber}`, `${postalCode}`, and `${city}` placeholders will be replaced with the actual address fields when searching;
   * `geocodingLongitudeJsonPath` and `geocodingLatitudeJsonPath` are used to obtain the longitude and latitude of the address in the result of the geocoding service request
 * **Authentication Provider**: Allows the user to choose the way of authentication for SORMAS and all it's third party clients. Supported values `SORMAS` (default) and `KEYCLOAK`
+
+### Custom login page
+When setting up the server a custom file directory is created (most likely `/opt/sormas/custom`). You can adjust the `login*.html` files in that directory to customize the login page.
+
+### Custom download files in about section
+You can create a sub-folder `aboutfiles` in the custom directory mentioned above (e.g. `/opt/sormas/custom/aboutfiles`). Any file in that directory will be made available in the about section of the frontend.
+
 ## Importing Infrastructure Data
 When you start a SORMAS server for the first time, some default infrastructure data is generated to ensure that the server is usable and the default users can be created. It is recommended (and, unless you're working on a demo server, necessary) to archive this default data and import the official infrastructure data of the country or part of the country that you intend to use SORMAS in instead.
 
 
@@ -48,4 +48,29 @@ These are the default users for most user roles, intended to be used on developm
 ### Mobile app users
 **Surveillance Officer:** SurvOff  
 **Hospital Informant:** HospInf  
-**Point of Entry Informant:** PoeInf  
+**Point of Entry Informant:** PoeInf
+
+# Updating Keycloak
+
+## Standalone installation
+
+Upgrading from Keycloak 11 to 12 following the steps from here https://www.keycloak.org/docs/latest/upgrading/#_upgrading
+
+1. Stop the old server and make sure to remove any open connections to the DB
+2. Backup the DB *(once the upgrade is done the old version cannot be used with the new DB version)*
+3. Backup the old installation
+4. Remove `${OLD_KEYCLOAK_HOME}/standalone/data/tx-object-store/`
+5. Download the new Keycloak installation from https://www.keycloak.org/downloads
+6. Copy the `${NEW_KEYCLOAK_HOME}/standalone/` directory from the previous installation over the directory in the new installation
+7. Copy the postgres module from `${OLD_KEYCLOAK_HOME}/modules/system/layers/keycloak/org/` over to the new installation directory
+8. Copy the SORMAS themes from `{OLD_KEYCLOAK_HOME}/themes/` over to the new installation directory
+9. While the new installation is stopped, run `${NEW_KEYCLOAK_HOME}/bin/jboss-cli.sh ----file=${NEW_KEYCLOAK_HOME}/bin/migrate-standalone.cli` *(`.bat` for Windows)*
+10. Start the new Keycloak installation from `${NEW_KEYCLOAK_HOME}/bin/standalone.sh` *(`.bat` for Windows)*
+
+## Docker installation
+
+The docker installation is automatically upgraded to the latest version specified in the Dockerfile.
+
+**Prerequisites:** Make sure the DB is backed up, because once the upgrade is done the new DB won't be usable with the old version of Keycloak.
+
+For more info see the [Keycloak Docker Documentation](https://github.com/hzi-braunschweig/SORMAS-Docker/blob/development/keycloak/README.md).
@@ -85,6 +85,8 @@ public interface ConfigFacade {
 
 	int getDaysAfterEventGetsArchived();
 
+	int getDaysAfterSystemEventGetsDeleted();
+
 	GeoLatLon getCountryCenter();
 
 	int getMapZoom();
 
@@ -67,6 +67,7 @@
 import de.symeda.sormas.api.sormastosormas.SormasToSormasFacade;
 import de.symeda.sormas.api.survnet.SurvnetGatewayFacade;
 import de.symeda.sormas.api.symptoms.SymptomsFacade;
+import de.symeda.sormas.api.systemevents.SystemEventFacade;
 import de.symeda.sormas.api.task.TaskFacade;
 import de.symeda.sormas.api.therapy.PrescriptionFacade;
 import de.symeda.sormas.api.therapy.TherapyFacade;
@@ -324,6 +325,11 @@ public static DocumentFacade getDocumentFacade() {
 		return get().lookupEjbRemote(DocumentFacade.class);
 	}
 
+	public static SystemEventFacade getSystemEventFacade() {
+
+		return get().lookupEjbRemote(SystemEventFacade.class);
+	}
+
 	public static LabMessageFacade getLabMessageFacade() {
 		return get().lookupEjbRemote(LabMessageFacade.class);
 	}
 
@@ -127,6 +127,7 @@ public class CaseDataDto extends PseudonymizableDto {
 	public static final String POINT_OF_ENTRY_DETAILS = "pointOfEntryDetails";
 	public static final String ADDITIONAL_DETAILS = "additionalDetails";
 	public static final String EXTERNAL_ID = "externalID";
+	public static final String EXTERNAL_TOKEN = "externalToken";
 	public static final String SHARED_TO_COUNTRY = "sharedToCountry";
 	public static final String NOSOCOMIAL_OUTBREAK = "nosocomialOutbreak";
 	public static final String INFECTION_SETTING = "infectionSetting";
@@ -375,6 +376,10 @@ public class CaseDataDto extends PseudonymizableDto {
 		COUNTRY_CODE_GERMANY,
 		COUNTRY_CODE_SWITZERLAND })
 	private String externalID;
+	@HideForCountriesExcept(countries = {
+			COUNTRY_CODE_GERMANY,
+			COUNTRY_CODE_SWITZERLAND })
+	private String externalToken;
 	private boolean sharedToCountry;
 	@HideForCountriesExcept
 	private boolean nosocomialOutbreak;
@@ -1030,6 +1035,12 @@ public void setExternalID(String externalID) {
 		this.externalID = externalID;
 	}
 
+	public String getExternalToken() { return externalToken; }
+
+	public void setExternalToken(String externalToken) {
+		this.externalToken = externalToken;
+	}
+
 	public boolean isSharedToCountry() {
 		return sharedToCountry;
 	}