<!-- Raise an issue to propose your change
(https://github.com/opencv/cvat/issues).
It helps to avoid duplication of efforts from multiple independent
contributors.
Discuss your ideas with maintainers to be sure that changes will be
approved and merged.
Read the [Contribution
guide](https://opencv.github.io/cvat/docs/contributing/). -->

<!-- Provide a general summary of your changes in the Title above -->

### Motivation and context
<!-- Why is this change required? What problem does it solve? If it
fixes an open
issue, please link to the issue here. Describe your changes in detail,
add
screenshots. -->

### How has this been tested?
<!-- Please describe in detail how you tested your changes.
Include details of your testing environment, and the tests you ran to
see how your change affects other areas of the code, etc. -->

### Checklist
<!-- Go over all the following points, and put an `x` in all the boxes
that apply.
If an item isn't applicable for some reason, then ~~explicitly
strikethrough~~ the whole
line. If you don't do that, GitHub will show incorrect progress for the
pull request.
If you're unsure about any of these, don't hesitate to ask. We're here
to help! -->
- [x] I submit my changes into the `develop` branch
- [ ] I have added a description of my changes into the
[CHANGELOG](https://github.com/opencv/cvat/blob/develop/CHANGELOG.md)
file
- [ ] I have updated the documentation accordingly
- [ ] I have added tests to cover my changes
- [ ] I have linked related issues (see [GitHub docs](

https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword))
- [ ] I have increased versions of npm packages if it is necessary

([cvat-canvas](https://github.com/opencv/cvat/tree/develop/cvat-canvas#versioning),

[cvat-core](https://github.com/opencv/cvat/tree/develop/cvat-core#versioning),

[cvat-data](https://github.com/opencv/cvat/tree/develop/cvat-data#versioning)
and

[cvat-ui](https://github.com/opencv/cvat/tree/develop/cvat-ui#versioning))

### License

- [x] I submit _my code changes_ under the same [MIT License](
https://github.com/opencv/cvat/blob/develop/LICENSE) that covers the
project.
  Feel free to contact the maintainers if that's a concern.

<!-- Raise an issue to propose your change
(https://github.com/opencv/cvat/issues).
It helps to avoid duplication of efforts from multiple independent
contributors.
Discuss your ideas with maintainers to be sure that changes will be
approved and merged.
Read the [Contribution
guide](https://opencv.github.io/cvat/docs/contributing/). -->

<!-- Provide a general summary of your changes in the Title above -->

### Motivation and context
<!-- Why is this change required? What problem does it solve? If it
fixes an open
issue, please link to the issue here. Describe your changes in detail,
add
screenshots. -->
Right now helm chart is broken and not usable at least in my
environment, I trying to fix it to make it work
content: 

1. Moved test-related values to another values.file to separate it from
default config
2. fixed issue with multiple caches in same RWX volume, which prevents
db migration to start
3. Removed hardcoded mandatory traefik ingress usage
4. Added confugurable default storage option to chart

### How has this been tested?
<!-- Please describe in detail how you tested your changes.
Include details of your testing environment, and the tests you ran to
see how your change affects other areas of the code, etc. -->
We test it on our AKS with RWX volume

### Checklist
<!-- Go over all the following points, and put an `x` in all the boxes
that apply.
If an item isn't applicable for some reason, then ~~explicitly
strikethrough~~ the whole
line. If you don't do that, GitHub will show incorrect progress for the
pull request.
If you're unsure about any of these, don't hesitate to ask. We're here
to help! -->
- [x] I submit my changes into the `develop` branch
- [x] I have added a description of my changes into the
[CHANGELOG](https://github.com/opencv/cvat/blob/develop/CHANGELOG.md)
file
- [x] I have updated the documentation accordingly
- [x] I have added tests to cover my changes
- [x] I have linked related issues (see [GitHub docs](

https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword))
- [x] I have increased versions of npm packages if it is necessary

([cvat-canvas](https://github.com/opencv/cvat/tree/develop/cvat-canvas#versioning),

[cvat-core](https://github.com/opencv/cvat/tree/develop/cvat-core#versioning),

[cvat-data](https://github.com/opencv/cvat/tree/develop/cvat-data#versioning)
and

[cvat-ui](https://github.com/opencv/cvat/tree/develop/cvat-ui#versioning))

### License

- [x] I submit _my code changes_ under the same [MIT License](
https://github.com/opencv/cvat/blob/develop/LICENSE) that covers the
project.
  Feel free to contact the maintainers if that's a concern.
  
closes #6043 
closes #6096 
closes #5733

---------
Co-authored-by: NMichael Kirpichev <m.kirpichev@haut.ai>
Co-authored-by: NNikita Manovich <nikita@cvat.ai>
Co-authored-by: NAndrey Zhavoronkov <andrey@cvat.ai>

## \[2.5.1\] - 2023-07-19
### Fixed
- Memory leak related to unclosed av container
(<https://github.com/opencv/cvat/pull/6501>)

The current mitigation approach (resolving the IP address and checking
if it's in the private range) is insufficient for a few reasons:

* It is susceptible to DNS rebinding (an attacker-controlled DNS name
resolving to a public IP address when queried during the check, and to a
private IP address afterwards).

* It is susceptible to redirect-based attacks (a server with a public
address redirecting to a server with a private address).

* It is only applied when downloading remote files of tasks (and is not
easily reusable).

Replace it with an approach based on smokescreen, a proxy that blocks
connections to private IP addresses. In addition, use this proxy for
webhooks, since they also make requests to untrusted URLs.

The benefits of smokescreen are as follows:

* It's not susceptible to the problems listed above.

* It's configurable, so system administrators can allow certain private
IP ranges if necessary. This configurability is exposed via the
`SMOKESCREEN_OPTS` environment variable.

* It doesn't require much code to use.

The drawbacks of smokescreen are:

* It's not as clear when the request fails due to smokescreen (compared
to manual IP validation). To compensate, make the error message in
`_download_data` more verbose.

* The smokescreen project seems to be in early development (judging by
the 0.0.x version numbers). Still, Stripe itself uses it, so it should
be good enough. It's also not very convenient to set up (on account of
not providing binaries), so disable it in development environments.

Keep the scheme check from `_validate_url`. I don't think this check
prevents any attacks (as requests only supports http/https to begin
with), but it provides a friendly error message in case the user tries
to use an unsupported scheme.

## \[2.4.7] - 2023-06-16
### Added
- \[API\] API Now supports the creation and removal of Ground Truth
jobs. (<https://github.com/opencv/cvat/pull/6204>)
- \[API\] We've introduced task quality estimation endpoints.
(<https://github.com/opencv/cvat/pull/6204>)
- \[CLI\] An option to select the organization.
(<https://github.com/opencv/cvat/pull/6317>)

### Fixed
- Issues with running serverless models for EXIF-rotated images.
(<https://github.com/opencv/cvat/pull/6275/>)
- File uploading issues when using https configuration.
(<https://github.com/opencv/cvat/pull/6308>)
- Dataset export error with `outside` property of tracks.
(<https://github.com/opencv/cvat/issues/5971>)
- Broken logging in the TransT serverless function.
(<https://github.com/opencv/cvat/pull/6290>)

---------
Co-authored-by: NAnastasia Yasakova <yasakova_anastasiya@mail.ru>
Co-authored-by: NMariia Acoca <39969264+mdacoca@users.noreply.github.com>
Co-authored-by: NMaxim Zhiltsov <zhiltsov.max35@gmail.com>
Co-authored-by: Nklakhov <kirill.9992@gmail.com>
Co-authored-by: NRoman Donchenko <roman@cvat.ai>
Co-authored-by: NKirill Sizov <kirill.sizov@cvat.ai>
Co-authored-by: NBoris Sekachev <boris.sekachev@yandex.ru>
Co-authored-by: NPaweł Kotiuk <kotiuk@zohomail.eu>
Co-authored-by: NNikita Manovich <nikita@cvat.ai>

The server part of #6039 

- Added support for Ground Truth jobs in a task
- Added support for job creation and removal (only Ground Truth jobs can
  be created or removed in a task)
- Added a component to autocompute quality metrics for a task
- Added tests
- Fixed https://github.com/opencv/cvat/issues/5971 (both parts - the
  outside problem and the manifest problem, the manifest part fix is also
  available in #6216)
Co-authored-by: Nklakhov <kirill.9992@gmail.com>
Co-authored-by: NRoman Donchenko <roman@cvat.ai>
Co-authored-by: NKirill Sizov <kirill.sizov@cvat.ai>

## \[2.4.5] - 2023-06-02
### Added
- Integrated support for sharepoint and cloud storage files, along with
directories to be omitted during task creation (server)
(<https://github.com/opencv/cvat/pull/6074>)
- Enabled task creation with directories from cloud storage or
sharepoint (<https://github.com/opencv/cvat/pull/6074>)
- Enhanced task creation to support any data type supported by the
server
by default, from cloud storage without the necessity for the `use_cache`
option (<https://github.com/opencv/cvat/pull/6074>)
- Added capability for task creation with data from cloud storage
without the `use_cache` option
(<https://github.com/opencv/cvat/pull/6074>)

### Changed
- User can now access resource links from any organization or sandbox,
granted it's available to them
(<https://github.com/opencv/cvat/pull/5892>)
- Cloud storage manifest files have been made optional
(<https://github.com/opencv/cvat/pull/6074>)
- Updated Django to the 4.2.x version
(<https://github.com/opencv/cvat/pull/6122>)
- Renamed certain Nuclio functions to adhere to a common naming
convention. For instance,
`onnx-yolov7` -> `onnx-wongkinyiu-yolov7`, `ultralytics-yolov5` ->
`pth-ultralytics-yolov5`
  (<https://github.com/opencv/cvat/pull/6140>)

### Deprecated
- Deprecated the endpoint `/cloudstorages/{id}/content`
(<https://github.com/opencv/cvat/pull/6074>)

### Fixed
- Fixed the issue of skeletons dumping on created tasks/projects
(<https://github.com/opencv/cvat/pull/6157>)
- Resolved an issue related to saving annotations for skeleton tracks
(<https://github.com/opencv/cvat/pull/6075>)

---------
Signed-off-by: Ndependabot[bot] <support@github.com>
Co-authored-by: NBoris Sekachev <boris.sekachev@yandex.ru>
Co-authored-by: NRoman Donchenko <roman@cvat.ai>
Co-authored-by: NMaria Khrustaleva <maya17grd@gmail.com>
Co-authored-by: NBoris Sekachev <sekachev.bs@gmail.com>
Co-authored-by: NNikita Manovich <nikita@cvat.ai>
Co-authored-by: NAnastasia Yasakova <yasakova_anastasiya@mail.ru>
Co-authored-by: NSnyk bot <snyk-bot@snyk.io>
Co-authored-by: Ndependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: NKirill Sizov <kirill.sizov@cvat.ai>
Co-authored-by: NPaweł Kotiuk <kotiuk@zohomail.eu>
Co-authored-by: NSK <450723+senthilkumarkj@users.noreply.github.com>
Co-authored-by: NKirill Lakhov <kirill.9992@gmail.com>

This is similar to annotations in backend template at
https://github.com/tidaltech/cvat/blob/develop/helm-chart/templates/cvat_backend/service.yml#L10-L13

Currently, OpenVINO-based functions assume that a local directory will
be mounted into the container. In Kubernetes, that isn't possible, so
implement an alternate approach: create a separate base image and
inherit the function image from it.

In addition, implement some modernizations:

* Upgrade the version of OpenVINO to the latest (2022.3). Make the
necessary updates to the code. Note that 2022.1 introduced an entirely
new inference API, but I haven't switched to it yet to minimize changes.

* Use the runtime version of the Docker image as the base instead of the
dev version. This significantly reduces the size of the final image (by
~3GB).

* Replace the `faster_rcnn_inception_v2_coco` model with
`faster_rcnn_inception_resnet_v2_atrous_coco`, as the former has been
  removed from OMZ.

* Ditto with `person-reidentification-retail-0300` -> `0277`.

* The IRs used in the DEXTR function are not supported by OpenVINO
anymore (format too old), so rewrite the build process to create them
from the original code/weights instead.

The `CVAT_NUCLIO_FUNCTION_NAMESPACE` needs to be defined consistently in
order for Nuclio integration to work. Currently, it's set to `cvat` for
the main CVAT server process, but not for any other CVAT process (which
means it defaults to `nuclio` in those processes). Since it's the
annotation worker process that actually invokes the Nuclio functions,
the invocation fails.

Fix it by synchronizing the Nuclio environment variables across all
backend deployments. Technically, I think only the server and annotation
worker deployments need these variables, but since they're accessed by
`cvat/settings/base.py` in every process that loads Django, define them
everywhere to be sure.

Fixes #5626.