Release v2026.1

.dockerignore

@@ -1,2 +1,3 @@
 node_modules
 npm-debug.log
+test

.env.template

@@ -15,10 +15,12 @@ HTTPS_PORT=443
 # SERVICE_NODE_OPTIONS=
 
 # Optional: connect to a custom database server
-# DB_HOST=
-# DB_USER=
-# DB_PASSWORD=
-# DB_NAME=
+# PGHOST=
+# PGUSER=
+# PGPASSWORD=
+# PGDATABASE=
+# Refer to the installation documentation (https://docs.getodk.org/central-install/)
+# to learn about advanced database configuration.
 
 # Optional: configure a custom mail server
 # EMAIL_FROM=

.github/workflows/close-issues.yml

@@ -20,7 +20,7 @@ jobs:
           script: |
             const body = context.payload.pull_request.body || "";
             const closedIssues = new Set();
-            const issueRegex = /(Closes|Fixes|Resolves)\s*:?\s+#(\d+)/gi;
+            const issueRegex = /(Close|Closes|Closed|Fix|Fixes|Fixed|Resolve|Resolves|Resolved)\s*:?\s+(?:(?:https:\/\/)?github.com\/getodk\/central\/issues\/|getodk\/central#|#)(\d+)/gi;
             let match;
 
             while ((match = issueRegex.exec(body)) !== null) {
@@ -36,6 +36,7 @@ jobs:
                   });
                   console.log(`Closed issue #${issueNumber}`);
                 } catch (e) {
+                  console.error(e);
                   console.error(`Could not automatically close issue #${issueNumber}. Skipping issue.`);
                 }
               }

.github/workflows/test.yml

@@ -12,10 +12,14 @@ jobs:
     - run: docker --version
     - run: docker compose version
     - uses: actions/checkout@v4
+    - run: ./test/check-submodules.sh
     - run: sudo apt-get install shellcheck
     - run: ./test/check-scripts.sh
     - run: ./test/check-for-large-files.sh
     - run: ./test/check-dockerfiles.sh
+    - run: cd test && npm clean-install
+    - run: cd test && npm run lint
+    - run: cd test && npm run test:github-actions
   test-envsub:
     timeout-minutes: 2
     runs-on: ubuntu-latest
@@ -37,12 +41,12 @@ jobs:
         submodules: recursive
     - uses: actions/setup-node@v4
       with:
-        node-version: 22.22.0
+        node-version: 24.13.0
     - run: cd test/nginx && npm clean-install
     - run: cd test/nginx && npm run lint
     - run: cd test/nginx && ./setup-tests.sh
     - run: cd test/nginx && npm run test:nginx
-    - run: cd test/nginx && ./gixy.sh
+    - run: cd test/nginx && ./lint-config.sh
 
     - if: always()
       run: cd test/nginx && docker compose -f nginx.test.docker-compose.yml logs --no-log-prefix nginx-ssl-selfsign
@@ -72,7 +76,7 @@ jobs:
         fetch-depth: 0
         fetch-tags: true
         submodules: recursive
-    - run: ./test/check-docker-context.sh --report
+    - run: ./test/check-docker-context.sh --min-size 50000 --max-size 60000 --min-count 1500 --max-count 1700
     - run: ./test/test-images.sh
     - if: always()
       run: docker compose logs

docker-compose.dev.yml

@@ -12,9 +12,18 @@ services:
       - central
     ports:
       - 5432:5432
+    environment:
+      POSTGRES_USER: jubilant
+      POSTGRES_PASSWORD: jubilant
+      POSTGRES_DB: jubilant
   postgres:
     profiles:
       - central
+    environment:
+      PGUSER: jubilant
+      POSTGRES_INITDB_ARGS: -U jubilant
+      POSTGRES_PASSWORD: jubilant
+      POSTGRES_DB: jubilant
     image: debian:bullseye
     command: /bin/sh -c 'mkdir -p /var/lib/postgresql/14/data && touch /var/lib/postgresql/14/.postgres14-upgrade-successful'
   mail:

docker-compose.yml

@@ -37,6 +37,8 @@ services:
   service:
     build:
       context: .
+      args:
+        DB_SSL: ${DB_SSL}  # So that we can error out at build time if this is defined with a value of "true" (no longer supported from 2026.1).
       dockerfile: service.dockerfile
     depends_on:
       - secrets
@@ -47,17 +49,25 @@ services:
     volumes:
       - secrets:/etc/secrets
       - /data/transfer:/data/transfer
+    env_file:
+      - ".env"
     environment:
       - DOMAIN=${DOMAIN}
       - SYSADMIN_EMAIL=${SYSADMIN_EMAIL}
       - HTTPS_PORT=${HTTPS_PORT:-443}
       - NODE_OPTIONS=${SERVICE_NODE_OPTIONS:-}
-      - DB_HOST=${DB_HOST:-postgres14}
-      - DB_USER=${DB_USER:-odk}
-      - DB_PASSWORD=${DB_PASSWORD:-odk}
+      # Prepare libpq connection env vars, while handling legacy DB_* vars.
+      # Resolution order:
+      # 1. PGVAR specified in .env. This includes declarations with empty values, for instance, to use an empty password (PGPASSWORD=).
+      # 2. Corresponding legacy DB_VAR in .env. These are legacy overrides for custom database connections.
+      # 3. ODK default value.
+      - PGHOST=${PGHOST-${DB_HOST:-postgres14}}
+      - PGDATABASE=${PGDATABASE-${DB_NAME:-odk}}
+      - PGUSER=${PGUSER-${DB_USER:-odk}}
+      - PGPASSWORD=${PGPASSWORD-${DB_PASSWORD:-odk}}
+      - PGAPPNAME=${PGAPPNAME-odkcentral}
+      # End of libpq connection env var preparation.
       - DB_POOL_SIZE=${DB_POOL_SIZE:-10}
-      - DB_NAME=${DB_NAME:-odk}
-      - DB_SSL=${DB_SSL:-null}
       - EMAIL_FROM=${EMAIL_FROM:-no-reply@$DOMAIN}
       - EMAIL_HOST=${EMAIL_HOST:-mail}
       - EMAIL_PORT=${EMAIL_PORT:-25}
@@ -79,7 +89,7 @@ services:
       - S3_SECRET_KEY=${S3_SECRET_KEY:-}
       - S3_BUCKET_NAME=${S3_BUCKET_NAME:-}
       - SESSION_LIFETIME=${SESSION_LIFETIME:-86400}
-    command: [ "wait-for-it", "${DB_HOST:-postgres14}:5432", "--", "./start-odk.sh" ]
+    command: [ "./start-odk.sh" ]
     restart: always
     logging:
       driver: local
@@ -113,7 +123,7 @@ services:
       options:
         max-file: "30"
   pyxform:
-    image: 'ghcr.io/getodk/pyxform-http:v4.2.0'
+    image: 'ghcr.io/getodk/pyxform-http:v4.3.1'
     restart: always
   secrets:
     volumes:
@@ -138,7 +148,7 @@ services:
       - SUPPORT_EMAIL=${SYSADMIN_EMAIL}
       - HTTPS_PORT=${HTTPS_PORT:-443}
   enketo_redis_main:
-    image: redis:7.4.7
+    image: redis:8.4.0
     volumes:
       - ./files/enketo/redis-enketo-main.conf:/usr/local/etc/redis/redis.conf:ro
       - enketo_redis_main:/data
@@ -147,7 +157,7 @@ services:
       - /usr/local/etc/redis/redis.conf
     restart: always
   enketo_redis_cache:
-    image: redis:7.4.7
+    image: redis:8.4.0
     volumes:
       - ./files/enketo/redis-enketo-cache.conf:/usr/local/etc/redis/redis.conf:ro
       - enketo_redis_cache:/data

files/nginx/common-headers.conf

@@ -8,5 +8,5 @@ add_header Vary          $cache_header_vary;
 
 add_header Referrer-Policy same-origin;
 add_header Strict-Transport-Security "max-age=63072000" always;
-add_header X-Frame-Options "SAMEORIGIN";
-add_header X-Content-Type-Options nosniff;
+add_header X-Frame-Options "SAMEORIGIN" always;
+add_header X-Content-Type-Options nosniff always;

files/nginx/odk.conf.template

@@ -81,7 +81,7 @@ map $arg_st $redirect_single_prefix {
 map $request_uri $central_frontend_csp {
   # Web Forms CSP for /f/... and /projects/.../forms/... routes
   ~^/(?:f/[^/]+(?:/.*)?|projects/\d+/forms/[^/]+/(?:(?:draft/)?(?:preview|submissions/new(?:/offline)?)|submissions/[^/]+/edit)(?:/)?)(?:\?.*)?$
-    "default-src 'none'; connect-src 'self' https:; font-src 'self' data:; frame-src 'none'; img-src blob: https:; manifest-src 'none'; media-src 'none'; object-src 'none'; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; worker-src blob:; report-uri /csp-report";
+    "default-src 'none'; connect-src 'self' https:; font-src 'self' data:; frame-src 'self'; img-src blob: data: https:; manifest-src 'none'; media-src 'none'; object-src 'none'; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; worker-src blob:; report-uri /csp-report";
 
   default
     "default-src 'none'; connect-src 'self' https://translate.google.com https://translate.googleapis.com; font-src 'self'; frame-src 'self' https://getodk.github.io/central/news.html; img-src data: https:; manifest-src 'none'; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; style-src-attr 'unsafe-inline'; worker-src blob:; report-uri /csp-report";
@@ -104,7 +104,7 @@ server {
 
   server_tokens off;
 
-  add_header Content-Security-Policy-Report-Only "default-src 'none'; connect-src https://translate.google.com https://translate.googleapis.com; img-src https://translate.google.com; report-uri /csp-report";
+  add_header Content-Security-Policy-Report-Only "default-src 'none'; connect-src https://translate.google.com https://translate.googleapis.com; img-src https://translate.google.com; report-uri /csp-report" always;
   include /usr/share/odk/nginx/common-headers.conf;
 
   client_max_body_size 100m;
@@ -160,7 +160,7 @@ server {
     # Google Maps API: https://developers.google.com/maps/documentation/javascript/content-security-policy
     # Use 'none' per directive instead of falling back to default-src to make CSP violation reports more specific
     proxy_hide_header Content-Security-Policy-Report-Only;
-    add_header Content-Security-Policy-Report-Only "default-src 'none'; connect-src 'self' blob: https://maps.googleapis.com/ https://maps.google.com/ https://maps.gstatic.com/mapfiles/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://translate.google.com https://translate.googleapis.com; font-src 'self' https://fonts.gstatic.com/; frame-src 'none'; img-src data: blob: jr: 'self' https://maps.google.com/maps/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/maps/ https://tile.openstreetmap.org/ https://translate.google.com; manifest-src 'none'; media-src blob: jr: 'self'; object-src 'none'; script-src 'unsafe-inline' 'self' https://maps.googleapis.com/maps/api/js/ https://maps.google.com/maps/ https://maps.google.com/maps-api-v3/api/js/; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com/css; style-src-attr 'unsafe-inline'; report-uri /csp-report";
+    add_header Content-Security-Policy-Report-Only "default-src 'none'; connect-src 'self' blob: https://maps.googleapis.com/ https://maps.google.com/ https://maps.gstatic.com/mapfiles/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://translate.google.com https://translate.googleapis.com; font-src 'self' https://fonts.gstatic.com/; frame-src 'none'; img-src data: blob: jr: 'self' https://maps.google.com/maps/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/maps/ https://tile.openstreetmap.org/ https://translate.google.com; manifest-src 'none'; media-src blob: jr: 'self'; object-src 'none'; script-src 'unsafe-inline' 'self' https://maps.googleapis.com/maps/api/js/ https://maps.google.com/maps/ https://maps.google.com/maps-api-v3/api/js/; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com/css; style-src-attr 'unsafe-inline'; report-uri /csp-report" always;
 
     include /usr/share/odk/nginx/common-headers.conf;
   }
@@ -173,7 +173,7 @@ server {
 
   location ~ ^/v\d {
     proxy_hide_header Content-Security-Policy-Report-Only;
-    add_header Content-Security-Policy-Report-Only "default-src 'none'; report-uri /csp-report";
+    add_header Content-Security-Policy-Report-Only "default-src 'none'; report-uri /csp-report" always;
 
     include /usr/share/odk/nginx/common-headers.conf;
     include /usr/share/odk/nginx/backend.conf;
@@ -183,7 +183,7 @@ server {
     root /usr/share/nginx/html;
     try_files /blank.html =404;
 
-    add_header Content-Security-Policy-Report-Only "default-src 'none'; connect-src https://translate.google.com https://translate.googleapis.com; img-src https://translate.google.com; report-uri /csp-report";
+    add_header Content-Security-Policy-Report-Only "default-src 'none'; connect-src https://translate.google.com https://translate.googleapis.com; img-src https://translate.google.com; report-uri /csp-report" always;
     include /usr/share/odk/nginx/common-headers.conf;
   }
   location = /blank.html {
@@ -194,7 +194,7 @@ server {
     root /usr/share/nginx/html;
     try_files $uri $uri/ /index.html;
 
-    add_header Content-Security-Policy-Report-Only "$central_frontend_csp";
+    add_header Content-Security-Policy-Report-Only "$central_frontend_csp" always;
 
     include /usr/share/odk/nginx/common-headers.conf;
   }

files/prebuild/write-version.sh

@@ -4,9 +4,9 @@ shopt -s inherit_errexit
 
 {
   echo "versions:"
-  echo "$(git rev-parse HEAD) ($(git describe --tags))"
+  echo "$(git rev-parse HEAD) ($(git describe --tags --always))"
   git submodule foreach --quiet --recursive \
     "commit=\$(git rev-parse HEAD); \
-     tag=\$(git describe --tags); \
+     tag=\$(git describe --tags --always); \
      printf ' %s %s (%s)\n' \"\$commit\" \"\$path\" \"\$tag\""
 } > /tmp/version.txt

files/service/config.json.template

@@ -1,11 +1,10 @@
 {
   "default": {
     "database": {
-      "host": "${DB_HOST}",
-      "user": "${DB_USER}",
-      "password": "${DB_PASSWORD}",
-      "database": "${DB_NAME}",
-      "ssl": ${DB_SSL},
+      "host": "",
+      "user": "",
+      "password": "",
+      "database": "",
       "maximumPoolSize": ${DB_POOL_SIZE}
     },
     "email": {

files/service/scripts/start-odk.sh

@@ -17,6 +17,9 @@ SENTRY_TAGS="{ \"version.central\": \"$(cat sentry-versions/central)\", \"versio
 # shellcheck disable=SC2090
 export SENTRY_TAGS
 
+echo "waiting for PostgreSQL to become connectable to..."
+while ! (psql --no-password --quiet --command "" > /dev/null 2>&1 || (echo "sleeping 1 second waiting for a database connection"; false)); do sleep 1; done
+
 echo "running migrations.."
 node ./lib/bin/run-migrations
 

nginx.dockerfile

@@ -1,4 +1,4 @@
-FROM node:22.22.0-slim AS intermediate
+FROM node:24.13.0-slim AS intermediate
 
 RUN apt-get update \
     && apt-get install -y --no-install-recommends \

secrets.dockerfile

@@ -1,3 +1,3 @@
-FROM node:22.22.0-slim
+FROM node:24.13.0-slim
 
 COPY files/enketo/generate-secrets.sh ./

service.dockerfile

@@ -1,4 +1,4 @@
-ARG node_version=22.22.0
+ARG node_version=24.13.0
 
 
 
@@ -16,6 +16,8 @@ RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ $(grep -oP 'VERSION_CODEN
       | gpg --dearmor > /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg
 
 
+ARG DB_SSL
+RUN [[ -v DB_SSL ]] && (echo '\n\n\n\n\nYou have the "DB_SSL" variable defined (in your .env file, probably).\nThis variable is no longer supported from Central 2026.1 onwards.\nThere is a new way of configuring SSL for your database, please see:\n\nhttps://docs.getodk.org/central-install-digital-ocean/#using-a-custom-database-server\n\nPlease refer to the Central 2026.1.0 release notes for more information on this change.\n\n\n\n\n'; exit 13) || true
 
 FROM node:${node_version}-slim AS intermediate
 RUN apt-get update \
@@ -24,11 +26,11 @@ RUN apt-get update \
     && rm -rf /var/lib/apt/lists/*
 COPY . .
 RUN mkdir /tmp/sentry-versions
-RUN git describe --tags --dirty > /tmp/sentry-versions/central
+RUN git describe --tags --dirty --always > /tmp/sentry-versions/central
 WORKDIR /server
-RUN git describe --tags --dirty > /tmp/sentry-versions/server
+RUN git describe --tags --dirty --always > /tmp/sentry-versions/server
 WORKDIR /client
-RUN git describe --tags --dirty > /tmp/sentry-versions/client
+RUN git describe --tags --dirty --always > /tmp/sentry-versions/client
 
 
 
@@ -48,7 +50,6 @@ RUN apt-get update \
     && apt-get install -y --no-install-recommends \
         gpg \
         cron \
-        wait-for-it \
         procps \
         postgresql-client-14 \
         netcat-traditional \

test/check-docker-context.sh

@@ -50,9 +50,11 @@ docker buildx create --name docker_context_checker \
 docker buildx use docker_context_checker
 
 log "Building docker image..."
+iidfile="$(mktemp)"
 (
 docker \
     buildx build --load \
+    --iidfile "$iidfile" \
     --no-cache --progress plain --file - . 2>&1 <<EOF
 FROM busybox
 COPY . /build-context
@@ -71,19 +73,16 @@ vars="$(awk '
   stage == "files" { ++file_count }
   stage == "size"  { total_size=$3 }
 
-  /exporting config/ { image_hash=$4 }
-
   END {
     print "file_count: " file_count "\n"
     print "total_size: " total_size "\n"
-    print "image_hash: " image_hash "\n"
   }
 ' "$tmp")"
 
 
 file_count="$(echo "$vars" | grep file_count | cut -d: -f2)"
 total_size="$(echo "$vars" | grep total_size | cut -d: -f2)"
-docker_img="$(echo "$vars" | grep image_hash | cut -d: -f3)"
+docker_img="$(cat "$iidfile")"
 
 cleanup() {
   log "Removing docker image..."
@@ -97,13 +96,6 @@ throw_err() {
   exit 1
 }
 
-log "File count: $file_count"
-if [[ "${skip_count-}" != "true" ]]; then
-  if [[ "$file_count" -lt "$min_count" ]] || [[ "$file_count" -gt "$max_count" ]]; then
-    throw_err "This is a surprising number of files - expected between $min_count and $max_count"
-  fi
-fi
-
 human_size() {
   if [[ "$1" -gt 999999 ]]; then
     echo "$(bc <<< "scale=3; $1 / 1000000") GB"
@@ -112,7 +104,15 @@ human_size() {
   fi
 }
 
+log "File count: $file_count"
 log "Total size: $(human_size "$total_size")"
+
+if [[ "${skip_count-}" != "true" ]]; then
+  if [[ "$file_count" -lt "$min_count" ]] || [[ "$file_count" -gt "$max_count" ]]; then
+    throw_err "This is a surprising number of files - expected between $min_count and $max_count"
+  fi
+fi
+
 if [[ "${skip_size-}" != "true" ]]; then
   # N.B. busybox `du` outputs in kB
   # See: https://www.busybox.net/downloads/BusyBox.html#du