Changes in 1.14.0
Summary
- Security - Don't expose services by default: #2612
- Bugfix - Create parent directories for idp configuration: #2667
- Change - Configurable default quota: #2621
- Change - New default data paths and easier configuration of the data path: #2590
- Change - Split spaces webdav url and graph url in base and path: #2660
- Change - Update ownCloud Web to v4.4.0: #2681
- Enhancement - Add user setting capability: #2655
- Enhancement - Broaden bufbuild/Buf usage: #2630
- Enhancement - Replace fileb0x with go-embed: #1199
- Enhancement - Upgrade to go-micro v4.1.0: #2616
- Enhancement - Review and correct http header: #2666
- Enhancement - Lower TUS max chunk size: #2584
- Enhancement - Add sharees additional info paramater config to ocs: #2637
- Enhancement - Add a middleware to authenticate public share requests: #2536
- Enhancement - Report quota states: #2628
- Enhancement - Start up a new machine auth provider in the storage service: #2528
- Enhancement - Enforce permission on update space quota: #2650
- Enhancement - Update lico to v0.51.1: #2654
- Enhancement - Update reva to v1.15: #2658
Details
-
Security - Don't expose services by default: #2612
We've changed the bind behaviour for all non public facing services. Before this PR all
services would listen on all interfaces. After this PR, all services listen on 127.0.0.1 only,
except the proxy which is listening on 0.0.0.0:9200. -
Bugfix - Create parent directories for idp configuration: #2667
The parent directories of the identifier-registration.yaml config file might not exist when
starting idp. Create them, when that is the case. -
Change - Configurable default quota: #2621
When creating a new space a (configurable) default quota will be used (instead the hardcoded
one). One can set the EnvVarGRAPH_SPACES_DEFAULT_QUOTAto configure it -
Change - New default data paths and easier configuration of the data path: #2590
We've changed the default data path for our release artifacts: - oCIS docker images will now
store all data in/var/lib/ocisinstead in/var/tmp/ocis- binary releases will now store
all data in~/.ocisinstead of/var/tmp/ocisAlso if you're a developer and you run oCIS from source, it will store all data in
~/.ocisfrom
now on.You can now easily change the data path for all extensions by setting the environment variable
OCIS_BASE_DATA_PATH.If you want to package oCIS, you also can set the default data path at compile time, eg. by passing
-X "github.com/owncloud/ocis/ocis-pkg/config/defaults.BaseDataPathType=path" -X "github.com/owncloud/ocis/ocis-pkg/config/defaults.BaseDataPathValue=/var/lib/ocis"
to your go build step. -
Change - Split spaces webdav url and graph url in base and path: #2660
We've fixed the behavior for the spaces webdav url and graph explorer graph url settings, so
that they respect the environment variableOCIS_URL. Previously oCIS admins needed to set
these URLs manually to make spaces and the graph explorer work. -
Change - Update ownCloud Web to v4.4.0: #2681
Tags: web
We updated ownCloud Web to v4.4.0. Please refer to the changelog (linked) for details on the web
release. -
Enhancement - Add user setting capability: #2655
We've added a capability to communicate the existance of a user settings service to clients.
-
Enhancement - Broaden bufbuild/Buf usage: #2630
We've switched the usage of bufbuild/Buf from a protoc replacement only to also using it to
confige the outputs and pinning dependencies. -
Enhancement - Replace fileb0x with go-embed: #1199
Go-embed already brings the functionality we need but with less code. We decided to use it
instead of 3rd party fileb0x -
Enhancement - Upgrade to go-micro v4.1.0: #2616
We've upgraded to go-micro v4.1.0
-
Enhancement - Review and correct http header: #2666
Reviewed and corrected the necessary http headers. Made CORS configurable.
-
Enhancement - Lower TUS max chunk size: #2584
We've lowered the TUS max chunk size from infinite to 0.1GB so that chunking actually happens.
-
Enhancement - Add sharees additional info paramater config to ocs: #2637
-
Enhancement - Add a middleware to authenticate public share requests: #2536
Added a new middleware to authenticate public share requests. This makes it possible to use
APIs which require an authenticated context with public shares. -
Enhancement - Report quota states: #2628
When listing the available spaces via the GraphAPI we now return quota states to make it easier
for the clients to add visual indicators. -
Enhancement - Start up a new machine auth provider in the storage service: #2528
This PR also adds the config to skip encoding user groups in reva tokens
-
Enhancement - Enforce permission on update space quota: #2650
Added a check that only users with the
set-space-quotapermission can update the space
quota. -
Enhancement - Update lico to v0.51.1: #2654
Updated lico to v0.51.1 This update includes: * Apply LibreGraph naming treewide * move to
go1.17 * Update 3rd party Go dependencies -
Enhancement - Update reva to v1.15: #2658
Updated reva to v1.15 This update includes: * Fix
cs3org/reva#2168: Override provider if
was previously registered * Fix
cs3org/reva#2173: Fix archiver max size
reached error * Fix cs3org/reva#2167:
Handle nil quota in decomposedfs * Fix
cs3org/reva#2153: Restrict EOS project
spaces sharing permissions to admins and writers * Fix
cs3org/reva#2179: Fix the returned
permissions for webdav uploads * Chg
cs3org/reva#2479: Make apps able to work
with public shares * Enh
cs3org/reva#2174: Inherit ACLs for files
from parent directories * Enh
cs3org/reva#2152: Add a reference
parameter to the getQuota request * Enh
cs3org/reva#2171: Add optional claim
parameter to machine auth * Enh
cs3org/reva#2135: Nextcloud test
improvements * Enh cs3org/reva#2180:
Remove OCDAV options namespace parameter * Enh
cs3org/reva#2170: Handle propfind
requests for existing files * Enh
cs3org/reva#2165: Allow access to
recycle bin for arbitrary paths outside homes * Enh
cs3org/reva#2189: Add user settings
capability * Enh cs3org/reva#2162:
Implement the UpdateStorageSpace method * Enh
cs3org/reva#2117: Add ocs cache warmup
strategy for first request from the user