Archivematica 1.18.0 and Storage Service 0.24.0 release notes
Home > Release Notes > Archivematica 1.18.0 and Storage Service 0.24.0
Release date: TBD
Environments
Please see the installation instructions.
Archivematica 1.18.0 and Storage Service 0.24.0 have been tested in the following environments:
- Ubuntu 24.04 64-bit Server Edition
- Rocky Linux 9 x86_64
For development purposes, most of our developers prefer to use Docker containers. These and all above environments are linked from the installation instructions above.
Changed
Elasticsearch 8.x
Archivematica 1.18.0 no longer supports Elasticsearch 6.x and is now compatible with version 8.x. For instructions on migrating your Elasticsearch data, refer to the Upgrade Elasticsearch from 6.x to 8.x section of the Upgrade page in the documentation.
Ubuntu 24.04
Archivematica 1.18.0 supports Ubuntu 24.04 and drops support for Ubuntu 20.04.
JHOVE validation commands
New JHOVE validation commands have been implemented to prevent false positives that occur when JHOVE encounters the built-in BYTESTREAM module following validation errors. The existing validation rules have been updated to use these new commands.
The new commands also capture errors from the command output and include them in the outcome detail note of the validation PREMIS event within the METS file.
Special thanks to Felicitas Günther for sharing their error-handling implementation.
JHOVE 1.34.0
PRONOM v120
Cookie configuration improvements
New application variables have been added to control cookie flags (Secure, HttpOnly, SameSite) in the Archivematica Dashboard and Storage Service. This change enhances session protection and reduces risks such as session hijacking and cross-site request forgery, particularly in HTTPS deployments.
Because default values for several cookie-related settings have changed, this update is backward incompatible with previous deployments. In particular, if your deployment is not using HTTPS, you must explicitly set the *_SESSION_COOKIE_SECURE and *_CSRF_COOKIE_SECURE application variables to false to restore the previous behavior. Deployments already configured with HTTPS should not be affected by these changes. Administrators should review their settings to take advantage of these options ensuring deployment configurations are updated to align with these stricter defaults:
| Variable Name | Previous Value | New Value |
|---|---|---|
ARCHIVEMATICA_DASHBOARD_DASHBOARD_SESSION_COOKIE_SECURE |
false |
true
|
ARCHIVEMATICA_DASHBOARD_DASHBOARD_SESSION_COOKIE_HTTPONLY |
false |
true
|
ARCHIVEMATICA_DASHBOARD_DASHBOARD_SESSION_COOKIE_SAMESITE |
Lax |
Strict
|
ARCHIVEMATICA_DASHBOARD_DASHBOARD_CSRF_COOKIE_SECURE |
false |
true
|
ARCHIVEMATICA_DASHBOARD_DASHBOARD_CSRF_COOKIE_HTTPONLY |
false |
false
|
ARCHIVEMATICA_DASHBOARD_DASHBOARD_CSRF_COOKIE_SAMESITE |
Lax |
Strict
|
| Variable Name | Previous Value | New Value |
|---|---|---|
SESSION_COOKIE_SECURE |
false |
true
|
SESSION_COOKIE_HTTPONLY |
false |
true
|
SESSION_COOKIE_SAMESITE |
Lax |
Strict
|
CSRF_COOKIE_SECURE |
false |
true
|
CSRF_COOKIE_HTTPONLY |
false |
true
|
CSRF_COOKIE_SAMESITE |
Lax |
Strict
|
Fixed
Users must re-authenticate when changing their passwords
User API keys are not displayed anymore
- Issue: https://github.com/archivematica/Issues/issues/1736
- Issue: https://github.com/archivematica/Issues/issues/1738
METS file generation works with bags with no metadata
Transfer status check has been optimized
Special thanks to Liam Lloyd-Tucker for this contribution.
Transcribe job handles invalid arguments
Please see the 1.18.0 milestone in GitHub for all issues addressed in this release: https://github.com/archivematica/Issues/milestone/27?closed=1.