**Key changes**:
- **Support for OpenID Connect authentication**
You can play with it using our development setup: https://github.com/CERT-Polska/mwdb-core/blob/master/dev/oidc/README.md
- **JSON values in attributes**
Whole objects can be stored as attribute value instead of single string. In future: we plan to implement template-based rich formatting to visually represent these objects in tables, lists, collapsible trees etc.
- **New Attribute API** - better designed API for accessing attriibutes that supersedes old Metakey API
**New features and improvements**:
- Transactional tag adding during upload. Now you can upload your file and related tags within the same request (https://github.com/CERT-Polska/mwdb-core/commit/7b05dfb21d981342acb1506fbbb1cc4008c337bd)
- `comment_author:` search field that allows to search for objects commented by selected user (https://github.com/CERT-Polska/mwdb-core/pull/454)
- `upload_count:` search field that allows to search for objects related with more than N different user uploads. (https://github.com/CERT-Polska/mwdb-core/pull/466)
- `multi:` search field that allows to search for multiple hashes separated by spaces (https://github.com/CERT-Polska/mwdb-core/pull/470)
- MWDB stores all file names that object appeared with, not only the first one (https://github.com/CERT-Polska/mwdb-core/pull/482)
- Introduced server-side statement timeout, along with customizable client-side timeouts (currently hardcoded to 8 seconds for general Web requests and 60 seconds for file upload from Web)
**Bugfixes and improvements**:
- **Fixed faulty login/recover password page that responds with `Session expired` instead of actual error** (https://github.com/CERT-Polska/mwdb-core/pull/461)
- **Fixed password recover in `Settings` page when administrator wants to send new password link to different user** (https://github.com/CERT-Polska/mwdb-core/pull/475)
- **Fixed race conditions resulting in ISE 500 on adding/removing the same tags concurrently** (https://github.com/CERT-Polska/mwdb-core/pull/459)
- Correct handling of missing API endpoint when static files are served by Flask (https://github.com/CERT-Polska/mwdb-core/pull/472)
- Fixed ISE 500 when non-UUID value was passed to `karton` attribute (https://github.com/CERT-Polska/mwdb-core/pull/474)
- Fixed wrong type conflict check during object upload (https://github.com/CERT-Polska/mwdb-core/pull/477)
- `karton:<uuid>` search field supports single wildcard to filter out not analyzed samples (https://github.com/CERT-Polska/mwdb-core/pull/451)
- CRC32 hash is zero-padded to 8 bytes (https://github.com/CERT-Polska/mwdb-core/pull/495)
- Added mouseover text for attribute keys (https://github.com/CERT-Polska/mwdb-core/pull/490)