<!-- Raise an issue to propose your change
(https://github.com/opencv/cvat/issues).
It helps to avoid duplication of efforts from multiple independent
contributors.
Discuss your ideas with maintainers to be sure that changes will be
approved and merged.
Read the [Contribution
guide](https://opencv.github.io/cvat/docs/contributing/). -->

<!-- Provide a general summary of your changes in the Title above -->

### Motivation and context
<!-- Why is this change required? What problem does it solve? If it
fixes an open
issue, please link to the issue here. Describe your changes in detail,
add
screenshots. -->

### How has this been tested?
<!-- Please describe in detail how you tested your changes.
Include details of your testing environment, and the tests you ran to
see how your change affects other areas of the code, etc. -->

### Checklist
<!-- Go over all the following points, and put an `x` in all the boxes
that apply.
If an item isn't applicable for some reason, then ~~explicitly
strikethrough~~ the whole
line. If you don't do that, GitHub will show incorrect progress for the
pull request.
If you're unsure about any of these, don't hesitate to ask. We're here
to help! -->
- [x] I submit my changes into the `develop` branch
- [ ] I have added a description of my changes into the
[CHANGELOG](https://github.com/opencv/cvat/blob/develop/CHANGELOG.md)
file
- [ ] I have updated the documentation accordingly
- [ ] I have added tests to cover my changes
- [ ] I have linked related issues (see [GitHub docs](

https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword))
- [ ] I have increased versions of npm packages if it is necessary

([cvat-canvas](https://github.com/opencv/cvat/tree/develop/cvat-canvas#versioning),

[cvat-core](https://github.com/opencv/cvat/tree/develop/cvat-core#versioning),

[cvat-data](https://github.com/opencv/cvat/tree/develop/cvat-data#versioning)
and

[cvat-ui](https://github.com/opencv/cvat/tree/develop/cvat-ui#versioning))

### License

- [x] I submit _my code changes_ under the same [MIT License](
https://github.com/opencv/cvat/blob/develop/LICENSE) that covers the
project.
  Feel free to contact the maintainers if that's a concern.

<!-- Raise an issue to propose your change
(https://github.com/opencv/cvat/issues).
It helps to avoid duplication of efforts from multiple independent
contributors.
Discuss your ideas with maintainers to be sure that changes will be
approved and merged.
Read the [Contribution
guide](https://opencv.github.io/cvat/docs/contributing/). -->

<!-- Provide a general summary of your changes in the Title above -->

### Motivation and context
<!-- Why is this change required? What problem does it solve? If it
fixes an open
issue, please link to the issue here. Describe your changes in detail,
add
screenshots. -->
Right now helm chart is broken and not usable at least in my
environment, I trying to fix it to make it work
content: 

1. Moved test-related values to another values.file to separate it from
default config
2. fixed issue with multiple caches in same RWX volume, which prevents
db migration to start
3. Removed hardcoded mandatory traefik ingress usage
4. Added confugurable default storage option to chart

### How has this been tested?
<!-- Please describe in detail how you tested your changes.
Include details of your testing environment, and the tests you ran to
see how your change affects other areas of the code, etc. -->
We test it on our AKS with RWX volume

### Checklist
<!-- Go over all the following points, and put an `x` in all the boxes
that apply.
If an item isn't applicable for some reason, then ~~explicitly
strikethrough~~ the whole
line. If you don't do that, GitHub will show incorrect progress for the
pull request.
If you're unsure about any of these, don't hesitate to ask. We're here
to help! -->
- [x] I submit my changes into the `develop` branch
- [x] I have added a description of my changes into the
[CHANGELOG](https://github.com/opencv/cvat/blob/develop/CHANGELOG.md)
file
- [x] I have updated the documentation accordingly
- [x] I have added tests to cover my changes
- [x] I have linked related issues (see [GitHub docs](

https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword))
- [x] I have increased versions of npm packages if it is necessary

([cvat-canvas](https://github.com/opencv/cvat/tree/develop/cvat-canvas#versioning),

[cvat-core](https://github.com/opencv/cvat/tree/develop/cvat-core#versioning),

[cvat-data](https://github.com/opencv/cvat/tree/develop/cvat-data#versioning)
and

[cvat-ui](https://github.com/opencv/cvat/tree/develop/cvat-ui#versioning))

### License

- [x] I submit _my code changes_ under the same [MIT License](
https://github.com/opencv/cvat/blob/develop/LICENSE) that covers the
project.
  Feel free to contact the maintainers if that's a concern.
  
closes #6043 
closes #6096 
closes #5733

---------
Co-authored-by: NMichael Kirpichev <m.kirpichev@haut.ai>
Co-authored-by: NNikita Manovich <nikita@cvat.ai>
Co-authored-by: NAndrey Zhavoronkov <andrey@cvat.ai>

## \[2.5.1\] - 2023-07-19
### Fixed
- Memory leak related to unclosed av container
(<https://github.com/opencv/cvat/pull/6501>)

The current mitigation approach (resolving the IP address and checking
if it's in the private range) is insufficient for a few reasons:

* It is susceptible to DNS rebinding (an attacker-controlled DNS name
resolving to a public IP address when queried during the check, and to a
private IP address afterwards).

* It is susceptible to redirect-based attacks (a server with a public
address redirecting to a server with a private address).

* It is only applied when downloading remote files of tasks (and is not
easily reusable).

Replace it with an approach based on smokescreen, a proxy that blocks
connections to private IP addresses. In addition, use this proxy for
webhooks, since they also make requests to untrusted URLs.

The benefits of smokescreen are as follows:

* It's not susceptible to the problems listed above.

* It's configurable, so system administrators can allow certain private
IP ranges if necessary. This configurability is exposed via the
`SMOKESCREEN_OPTS` environment variable.

* It doesn't require much code to use.

The drawbacks of smokescreen are:

* It's not as clear when the request fails due to smokescreen (compared
to manual IP validation). To compensate, make the error message in
`_download_data` more verbose.

* The smokescreen project seems to be in early development (judging by
the 0.0.x version numbers). Still, Stripe itself uses it, so it should
be good enough. It's also not very convenient to set up (on account of
not providing binaries), so disable it in development environments.

Keep the scheme check from `_validate_url`. I don't think this check
prevents any attacks (as requests only supports http/https to begin
with), but it provides a friendly error message in case the user tries
to use an unsupported scheme.

## \[2.4.7] - 2023-06-16
### Added
- \[API\] API Now supports the creation and removal of Ground Truth
jobs. (<https://github.com/opencv/cvat/pull/6204>)
- \[API\] We've introduced task quality estimation endpoints.
(<https://github.com/opencv/cvat/pull/6204>)
- \[CLI\] An option to select the organization.
(<https://github.com/opencv/cvat/pull/6317>)

### Fixed
- Issues with running serverless models for EXIF-rotated images.
(<https://github.com/opencv/cvat/pull/6275/>)
- File uploading issues when using https configuration.
(<https://github.com/opencv/cvat/pull/6308>)
- Dataset export error with `outside` property of tracks.
(<https://github.com/opencv/cvat/issues/5971>)
- Broken logging in the TransT serverless function.
(<https://github.com/opencv/cvat/pull/6290>)

---------
Co-authored-by: NAnastasia Yasakova <yasakova_anastasiya@mail.ru>
Co-authored-by: NMariia Acoca <39969264+mdacoca@users.noreply.github.com>
Co-authored-by: NMaxim Zhiltsov <zhiltsov.max35@gmail.com>
Co-authored-by: Nklakhov <kirill.9992@gmail.com>
Co-authored-by: NRoman Donchenko <roman@cvat.ai>
Co-authored-by: NKirill Sizov <kirill.sizov@cvat.ai>
Co-authored-by: NBoris Sekachev <boris.sekachev@yandex.ru>
Co-authored-by: NPaweł Kotiuk <kotiuk@zohomail.eu>
Co-authored-by: NNikita Manovich <nikita@cvat.ai>

The server part of #6039 

- Added support for Ground Truth jobs in a task
- Added support for job creation and removal (only Ground Truth jobs can
  be created or removed in a task)
- Added a component to autocompute quality metrics for a task
- Added tests
- Fixed https://github.com/opencv/cvat/issues/5971 (both parts - the
  outside problem and the manifest problem, the manifest part fix is also
  available in #6216)
Co-authored-by: Nklakhov <kirill.9992@gmail.com>
Co-authored-by: NRoman Donchenko <roman@cvat.ai>
Co-authored-by: NKirill Sizov <kirill.sizov@cvat.ai>

## \[2.4.5] - 2023-06-02
### Added
- Integrated support for sharepoint and cloud storage files, along with
directories to be omitted during task creation (server)
(<https://github.com/opencv/cvat/pull/6074>)
- Enabled task creation with directories from cloud storage or
sharepoint (<https://github.com/opencv/cvat/pull/6074>)
- Enhanced task creation to support any data type supported by the
server
by default, from cloud storage without the necessity for the `use_cache`
option (<https://github.com/opencv/cvat/pull/6074>)
- Added capability for task creation with data from cloud storage
without the `use_cache` option
(<https://github.com/opencv/cvat/pull/6074>)

### Changed
- User can now access resource links from any organization or sandbox,
granted it's available to them
(<https://github.com/opencv/cvat/pull/5892>)
- Cloud storage manifest files have been made optional
(<https://github.com/opencv/cvat/pull/6074>)
- Updated Django to the 4.2.x version
(<https://github.com/opencv/cvat/pull/6122>)
- Renamed certain Nuclio functions to adhere to a common naming
convention. For instance,
`onnx-yolov7` -> `onnx-wongkinyiu-yolov7`, `ultralytics-yolov5` ->
`pth-ultralytics-yolov5`
  (<https://github.com/opencv/cvat/pull/6140>)

### Deprecated
- Deprecated the endpoint `/cloudstorages/{id}/content`
(<https://github.com/opencv/cvat/pull/6074>)

### Fixed
- Fixed the issue of skeletons dumping on created tasks/projects
(<https://github.com/opencv/cvat/pull/6157>)
- Resolved an issue related to saving annotations for skeleton tracks
(<https://github.com/opencv/cvat/pull/6075>)

---------
Signed-off-by: Ndependabot[bot] <support@github.com>
Co-authored-by: NBoris Sekachev <boris.sekachev@yandex.ru>
Co-authored-by: NRoman Donchenko <roman@cvat.ai>
Co-authored-by: NMaria Khrustaleva <maya17grd@gmail.com>
Co-authored-by: NBoris Sekachev <sekachev.bs@gmail.com>
Co-authored-by: NNikita Manovich <nikita@cvat.ai>
Co-authored-by: NAnastasia Yasakova <yasakova_anastasiya@mail.ru>
Co-authored-by: NSnyk bot <snyk-bot@snyk.io>
Co-authored-by: Ndependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: NKirill Sizov <kirill.sizov@cvat.ai>
Co-authored-by: NPaweł Kotiuk <kotiuk@zohomail.eu>
Co-authored-by: NSK <450723+senthilkumarkj@users.noreply.github.com>
Co-authored-by: NKirill Lakhov <kirill.9992@gmail.com>

Also, migrate to the version less Compose file format.

Compose V1 is EOL:
<https://www.docker.com/blog/announcing-compose-v2-general-availability/>.

- Added explanatory messages for actions denied for user limits
- Fixed few rules and checks
- Upgraded OPA version

Co-authored-by: Ndalli <skcha67@gmail.com>