github owncloud/ocis v2.0.0-beta.6
2.0.0-beta.6
on GitHub

latest releases: v6.1.0-alpha.1, v6.0.0, v6.0.0-alpha.2...
pre-release23 months ago

Changes in 2.0.0-beta.6

Summary

  • Bugfix - Fix DN parsing issues and sizelimit handling in libregraph/idm: #3631
  • Bugfix - Remove runtime kill and run commands: #3740
  • Bugfix - Check permissions when deleting Space: #3709
  • Bugfix - Logging in on the wrong account when an email address is not unique: #4039
  • Bugfix - Allow empty environment variables: #3892
  • Bugfix - Remove unused transfer secret from app provider: #3798
  • Bugfix - Make IDP secrets configurable via environment variables: #3744
  • Bugfix - CSP rules for silent token refresh in iframe: #4031
  • Bugfix - Enable debug server by default: #3827
  • Bugfix - Rework default role provisioning: #3900
  • Bugfix - Fix search index getting out of sync: #3851
  • Bugfix - Inconsistency env var naming for LDAP filter configuration: #3890
  • Bugfix - Fix LDAP insecure options: #3897
  • Bugfix - Fix handling of invalid LDAP users and groups: #4274
  • Bugfix - Fix logging levels: #4102
  • Bugfix - Fix OCIS_RUN_SERVICES: #4133
  • Bugfix - Set default name for public link via capabilities: #3834
  • Bugfix - Remove legacy accounts proxy routes: #3831
  • Bugfix - Fix unused config option GRAPH_SPACES_INSECURE: #55555
  • Bugfix - Remove unused configuration options: #3973
  • Bugfix - Remove static ocs user backend config: #4077
  • Bugfix - Remove unused OCS storage configuration: #3955
  • Bugfix - Fix the ocis search command: #3796
  • Bugfix - Rename search env variable for the grpc server address: #3800
  • Bugfix - Fix search in received shares: #4308
  • Bugfix - Fix make sensitive config values in the proxy's debug server: #4086
  • Bugfix - Fix the idm and settings extensions' admin user id configuration option: #3799
  • Bugfix - Substring search for sharees: #547
  • Bugfix - Fix configuration validation for extensions' server commands: #3911
  • Bugfix - Fix startup error logging: #4093
  • Bugfix - Fix multiple storage-users env variables: #3802
  • Bugfix - Thumbnails for /dav/xxx?preview=1 requests: #3567
  • Bugfix - Fix unrestricted quota on the graphAPI: #4363
  • Bugfix - Fix user autoprovisioning: #3893
  • Bugfix - Fix version info: #3953
  • Bugfix - Fix version number in status page: #3788
  • Bugfix - Fix the webdav URL of drive roots: #3706
  • Bugfix - Idp: Check if CA certificate if present: #3623
  • Bugfix - Fix graph endpoint: #3925
  • Bugfix - Escape DN attribute value: #4117
  • Bugfix - Make IDP only wait for certs when using LDAP: #3965
  • Bugfix - Make ocdav service behave properly: #3957
  • Bugfix - Return proper errors when ocs/cloud/users is using the cs3 backend: #3483
  • Bugfix - Polish search: #4094
  • Bugfix - Save Katherine: #3823
  • Bugfix - Fix Thumbnails for IDs without a trailing path: #3791
  • Bugfix - Space Creators can hand over spaces: #4244
  • Bugfix - URL encode the webdav url in the graph API: #3597
  • Bugfix - Store user passwords hashed in idm: #3778
  • Change - Update ocis packages and imports to V2: #3678
  • Change - Load configuration files just from one directory: #3587
  • Change - Reduce permissions on docker image predeclared volumes: #3641
  • Change - Introduce ocis init and remove all default secrets: #3551
  • Change - The glauth and accounts services are removed: #3685
  • Change - Reduce drives in graph /me/drives API: #3629
  • Change - Switched default configuration to use libregraph/idm: #3331
  • Change - Rename MetadataUserID: #3671
  • Change - Use new space ID util functions: #3648
  • Change - Prevent access to disabled space: #3779
  • Change - Rename serviceUser to systemUser: #3673
  • Change - Use the spaceID on the cs3 resource: #4748
  • Change - Split MachineAuth from SystemUser: #3672
  • Enhancement - Add capability for alias links: #3983
  • Enhancement - Add drives field to users endpoint: #4072
  • Enhancement - Add FRONTEND_ENABLE_RESHARING env variable: #4023
  • Enhancement - Add number of total matches to the search result: #4189
  • Enhancement - Align service naming: #3606
  • Enhancement - Add acting user to the audit log: #3753
  • Enhancement - Add audit events for created containers: #3941
  • Enhancement - Don't setup demo role assignments on default: #3661
  • Enhancement - Improve validation of OIDC access tokens: #3841
  • Enhancement - Improve error log for "could not get user by claim" error: #4227
  • Enhancement - Introduce service registry cache: #3833
  • Enhancement - Reintroduce user autoprovisioning in proxy: #3860
  • Enhancement - Disable the color logging in docker compose examples: #871
  • Enhancement - Allow providing list of services NOT to start: #4254
  • Enhancement - Introduce insecure flag for smtp email notifications: #4279
  • Enhancement - Optional events in graph service: #55555
  • Enhancement - Fix behavior for foobar (in present tense): #4346
  • Enhancement - Add config option to provide TLS certificate: #3818
  • Enhancement - Add descriptions for graph-explorer config: #3759
  • Enhancement - Add /me/changePassword endpoint to GraphAPI: #3063
  • Enhancement - Generate signing key and encryption secret: #3909
  • Enhancement - Update IdP UI: #3493
  • Enhancement - Wrap metadata storage with dedicated reva gateway: #3602
  • Enhancement - New migrate command for migrating shares and public shares: #3987
  • Enhancement - Product field in OCS version: #2918
  • Enhancement - Refactor extensions to services: #3980
  • Enhancement - Allow resharing: #3904
  • Enhancement - Add initial version of the search extensions: #3635
  • Enhancement - Add capability for public link single file edit: #6787
  • Enhancement - Added share_jail and projects feature flags in spaces capability: #3626
  • Enhancement - Use storageID when requesting special items: #4356
  • Enhancement - Add description tags to the thumbnails config structs: #3752
  • Enhancement - Make thumbnails service log less noisy: #3959
  • Enhancement - Update linkshare capabilities: #3579
  • Enhancement - Update reva: #3944
  • Enhancement - Update reva to version 2.7.2: #4115
  • Enhancement - Update reva to v2.7.4: #4294
  • Enhancement - Update reva to version 2.4.1: #3746
  • Enhancement - Update reva to version 2.5.1: #3932
  • Enhancement - Update reva to v2.3.1: #3552
  • Enhancement - Update ownCloud Web to v5.5.0-rc.8: #6854
  • Enhancement - Update ownCloud Web to v5.5.0-rc.9: #6854
  • Enhancement - Update ownCloud Web to v5.5.0-rc.6: #6854
  • Enhancement - Update ownCloud Web to v5.7.0-rc.1: #4005
  • Enhancement - Update ownCloud Web to v5.7.0-rc.4: #4140
  • Enhancement - Update ownCloud Web to v5.7.0-rc.8: #4314
  • Enhancement - Expand personal drive on the graph user: #4357
  • Enhancement - Add descriptions to webdav configuration: #3755
  • Enhancement - Search service at the old webdav endpoint: #4118

Details

  • Bugfix - Fix DN parsing issues and sizelimit handling in libregraph/idm: #3631

    We fixed a couple on issues in libregraph/idm related to correctly parsing LDAP DNs for
    usernames contain characters that require escaping.

    Also libregraph/idm was not properly returning "Size limit exceeded" errors when the result
    set exceeded the requested size.

    #3631
    #4039
    #4078

  • Bugfix - Remove runtime kill and run commands: #3740

    We've removed the kill and run commands from the oCIS runtime. If these dynamic capabilities
    are needed, one should switch to a full fledged supervisor and start oCIS as individual
    services.

    If one wants to start a only a subset of services, this is still possible by setting
    OCIS_RUN_EXTENSIONS.

    #3740

  • Bugfix - Check permissions when deleting Space: #3709

    Check for manager permissions when deleting spaces. Do not allow deleting spaces via dav
    service

    #3709

  • Bugfix - Logging in on the wrong account when an email address is not unique: #4039

    The default configuration to use the same logon attribute for all services. Also, if the
    configured logon attribute is not unique access to ocis is denied.

    #4039

  • Bugfix - Allow empty environment variables: #3892

    We've fixed the behavior for empty environment variables, that previously would not have
    overwritten default values. Therefore it had the same effect like not setting the environment
    variable. We now check if the environment variable is set at all and if so, we also allow to
    override a default value with an empty value.

    #3892

  • Bugfix - Remove unused transfer secret from app provider: #3798

    We've fixed the startup of the app provider by removing the startup dependency on a configured
    transfer secret, which was not used. This only happend if you start the app provider without
    runtime (eg. ocis app-provider server) and didn't have configured all oCIS secrets.

    #3798

  • Bugfix - Make IDP secrets configurable via environment variables: #3744

    We've fixed the configuration options of the IDP to make the IDP secrets again configurable via
    environment variables.

    #3744

  • Bugfix - CSP rules for silent token refresh in iframe: #4031

    When renewing the access token silently web needs to be opened in an iframe. This was previously
    blocked by a restrictive iframe CSP rule in the Secure middleware and has now been fixed by
    allow self for iframes.

    owncloud/web#7030
    #4031

  • Bugfix - Enable debug server by default: #3827

    We've fixed the behavior for the audit, idm, nats and notifications extensions, that did not
    start their debug server by default.

    #3827

  • Bugfix - Rework default role provisioning: #3900

    We fixed a race condition in the default role assignment code that could lead to users loosing
    privileges. When authenticating before the settings service was fully running.

    #3900

  • Bugfix - Fix search index getting out of sync: #3851

    We fixed a problem where the search index got out of sync with child elements of a parent
    containing special characters.

    #3851

  • Bugfix - Inconsistency env var naming for LDAP filter configuration: #3890

    There was a naming inconsitency for the enviroment variables used to define LDAP filters for
    user and groups queries. Some services used LDAP_USER_FILTER while others used
    LDAP_USERFILTER. This is now changed to use LDAP_USER_FILTER and LDAP_GROUP_FILTER.

    Note: If your oCIS setup is using an LDAP configuration that has any of the *_LDAP_USERFILTER
    or *_LDAP_GROUPFILTER environment variables set, please update the configuration to use
    the new unified names *_LDAP_USER_FILTER respectively *_LDAP_GROUP_FILTER instead.

    #3890

  • Bugfix - Fix LDAP insecure options: #3897

    We've fixed multiple LDAP insecure options:

    • The Graph LDAP insecure option default was set to true and now defaults to false. This is possible after #3888, since the Graph also now uses the LDAP CAcert by default.
    • The Graph LDAP insecure option was configurable by the environment variable OCIS_INSECURE, which was replaced by the dedicated LDAP_INSECURE variable. This variable is also used by all other services using LDAP.
    • The IDP insecure option for the user backend now also picks up configuration from LDAP_INSECURE.

    #3897

  • Bugfix - Fix handling of invalid LDAP users and groups: #4274

    We fixed an issue where ocis would exit with a panic when LDAP users or groups where missing
    required attributes (e.g. the id)

    #4274

  • Bugfix - Fix logging levels: #4102

    We've fixed the configuration of logging levels. Previously it was not possible to configure a
    service with a more or less verbose log level then all other services when running in the
    supervised / runtime mode ocis server.

    For example OCIS_LOG_LEVEL=error PROXY_LOG_LEVEL=debug ocis server did not configure
    error logging for all services except the proxy, which should be on debug logging. This is now
    fixed and working properly.

    Also we fixed the format of go-micro logs to always default to error level. Previously this was
    only ensured in the supervised / runtime mode.

    #4089
    #4102

  • Bugfix - Fix OCIS_RUN_SERVICES: #4133

    OCIS_RUN_SERVICES was introduced as successor to OCIS_RUN_EXTENSIONS because we
    wanted to call oCIS "core" extensions services. We kept OCIS_RUN_EXTENSIONS for backwards
    compatibility reasons.

    It turned out, that setting OCIS_RUN_SERVICES has no effect since introduced.
    OCIS_RUN_EXTENSIONS. OCIS_RUN_EXTENSIONS was working fine all the time.

    We now fixed OCIS_RUN_SERVICES, so that you can use it as a equivalent replacement for
    OCIS_RUN_EXTENSIONS

    #4133

  • Bugfix - Set default name for public link via capabilities: #3834

    We have now added a default name for public link shares which is communicated via the
    capabilities.

    #1237
    #3834

  • Bugfix - Remove legacy accounts proxy routes: #3831

    We've removed the legacy accounts routes from the proxy default config. There were no longer
    used since the switch to IDM as the default user backend. Also accounts is no longer part of the
    oCIS binary and therefore should not be part of the proxy default route config.

    #3831

  • Bugfix - Fix unused config option GRAPH_SPACES_INSECURE: #55555

    We've removed the unused config option GRAPH_SPACES_INSECURE from the GRAPH service.

    https://github.com/owncloud/ocis/pull/55555

  • Bugfix - Remove unused configuration options: #3973

    We've removed multiple unused configuration options:

    #3973

  • Bugfix - Remove static ocs user backend config: #4077

    We've remove the OCS_ACCOUNT_BACKEND_TYPE configuration option. It was intended to allow
    configuration of different user backends for the ocs service. Right now the ocs service only
    has a "cs3" backend. Therefor it's a static entry and not configurable.

    #4077

  • Bugfix - Remove unused OCS storage configuration: #3955

    We've removed the unused OCS configuration option OCS_STORAGE_USERS_DRIVER.

    #3955

  • Bugfix - Fix the ocis search command: #3796

    We've fixed the behavior for ocis search, which didn't show further help when not all secrets
    have been configured. It also was not possible to start the search service standalone from the
    oCIS binary without configuring all oCIS secrets, even they were not needed by the search
    service.

    #3796

  • Bugfix - Rename search env variable for the grpc server address: #3800

    We've fixed the gprc server address configuration environment variable by renaming it from
    ACCOUNTS_GRPC_ADDR to SEARCH_GRPC_ADDR

    #3800

  • Bugfix - Fix search in received shares: #4308

    We fixed a problem where items in received shares were not found.

    #4308

  • Bugfix - Fix make sensitive config values in the proxy's debug server: #4086

    We've fixed a security issue of the proxy's debug server config report endpoint. Previously
    sensitive configuration values haven't been masked. We now mask these values.

    #4086

  • Bugfix - Fix the idm and settings extensions' admin user id configuration option: #3799

    We've fixed the admin user id configuration of the settings and idm extensions. The have
    previously only been configurable via the oCIS shared configuration and therefore have been
    undocumented for the extensions. This config option is now part of both extensions'
    configuration and can now also be used when the extensions are compiled standalone.

    #3799

  • Bugfix - Substring search for sharees: #547

    We fixed searching for sharees to be no longer case-sensitive. With this we introduced two new
    settings for the users and groups services: "group_substring_filter_type" for the group
    services and "user_substring_filter_type" for the users service. They allow to set the type
    of LDAP filter that is used for substring user searches. Possible values are: "initial",
    "final" and "any" to do either prefix, suffix or full substring searches. Both settings
    default to "initial".

    Also a new option "search_min_length" was added for the "frontend" service. It allows to
    configure the minimum number of characters to enter before a search for Sharees is started.
    This setting is e.g. evaluated by the web ui via the capabilities endpoint.

    #547

  • Bugfix - Fix configuration validation for extensions' server commands: #3911

    We've fixed the configuration validation for the extensions' server commands. Before this
    fix error messages have occurred when trying to start individual services without certain
    oCIS fullstack configuration values.

    We now no longer do the common oCIS configuration validation for extensions' server commands
    and now rely only on the extensions' validation function.

    #3911

  • Bugfix - Fix startup error logging: #4093

    We've fixed the startup error logging, so that users will the reason for a failed startup even on
    "error" log level. Previously they would only see it on "info" log level. Also in a lot of cases
    the reason for the failed shutdown was omitted.

    #4093

  • Bugfix - Fix multiple storage-users env variables: #3802

    We've fixed multiple environment variable configuration options for the storage-users
    extension:

    • STORAGE_USERS_GRPC_ADDR was used to configure both the address of the http and grpc server. This resulted in a failing startup of the storage-users extension if this config option is set, because the service tries to double-bind the configured port (one time for each of the http and grpc server). You can now configure the grpc server's address with the environment variable STORAGE_USERS_GRPC_ADDR and the http server's address with the environment variable STORAGE_USERS_HTTP_ADDR
    • STORAGE_USERS_S3NG_USERS_PROVIDER_ENDPOINT was used to configure the permissions service endpoint for the S3NG driver and was therefore renamed to STORAGE_USERS_S3NG_PERMISSIONS_ENDPOINT
    • It's now possible to configure the permissions service endpoint for all storage drivers with the environment variable STORAGE_USERS_PERMISSION_ENDPOINT, which was previously only used by the S3NG driver.

    #3802

  • Bugfix - Thumbnails for /dav/xxx?preview=1 requests: #3567

    We've added the thumbnail rendering for /dav/xxx?preview=1,
    /remote.php/webdav/{relative path}?preview=1 and /webdav/{relative path}?preview=1 requests, which was previously not supported because of missing routes. It
    now returns the same thumbnails as for /remote.php/dav/xxx?preview=1.

    #3567

  • Bugfix - Fix unrestricted quota on the graphAPI: #4363

    Unrestricted quota needs to show 0 on the API. It is not good for clients when the property is
    missing.

    #4363

  • Bugfix - Fix user autoprovisioning: #3893

    We've fixed the autoprovsioning feature that was introduced in beta2. Due to a bug the role
    assignment of the privileged user that is used to create accounts wasn't propagated correctly
    to the graph service.

    #3893

  • Bugfix - Fix version info: #3953

    We've fixed the version info that is displayed when you run:

    • ocis version - ocis <extension name> version

    Since #2918, these commands returned an empty version only.

    #3953

  • Bugfix - Fix version number in status page: #3788

    We needed to undo the version number changes on the status page to keep compatibility for legacy
    clients. We added a new field productversion for the actual version of the product.

    #3788
    #3805

  • Bugfix - Fix the webdav URL of drive roots: #3706

    Fixed the webdav URL of drive roots in the graph API.

    #3706
    #3916

  • Bugfix - Idp: Check if CA certificate if present: #3623

    Upon first start with the default configurtation the idm service creates a server
    certificate, that might not be finished before the idp service is starting. Add a check to idp
    similar to what the user, group, and auth-providers implement.

    #3623

  • Bugfix - Fix graph endpoint: #3925

    We have added the memberOf slice to the /users endpoint and the member slice to the /group
    endpoint

    #3925

  • Bugfix - Escape DN attribute value: #4117

    Escaped the DN attribute value on creating users and groups.

    #4117

  • Bugfix - Make IDP only wait for certs when using LDAP: #3965

    When configuring cs3 as the backend the IDP no longer waits for an LDAP certificate to appear.

    #3965

  • Bugfix - Make ocdav service behave properly: #3957

    The ocdav service now properly passes the tracing config and shuts down when receiving a kill
    signal.

    #3957

  • Bugfix - Return proper errors when ocs/cloud/users is using the cs3 backend: #3483

    The ocs API was just exiting with a fatal error on any update request, when configured for the cs3
    backend. Now it returns a proper error.

    #3483

  • Bugfix - Polish search: #4094

    We improved the feedback when providing invalid search queries and added support for limiting
    the number of results returned.

    #4094

  • Bugfix - Save Katherine: #3823

    SpaceManager user katherine was removed with the demo user switch. Now she comes back

    #3823
    #3824

  • Bugfix - Fix Thumbnails for IDs without a trailing path: #3791

    The routes in the chi router were not matching thumbnail requests without a trailing path.

    #3791

  • Bugfix - Space Creators can hand over spaces: #4244

    Set no owner on non personal spaces to be able to pass the space manager role to a new user.

    #4244

  • Bugfix - URL encode the webdav url in the graph API: #3597

    Fixed the webdav URL in the drives responses. Without encoding the URL could be broken by files
    with spaces in the file name.

    #3538
    #3597

  • Bugfix - Store user passwords hashed in idm: #3778

    Support for hashing user passwords was added to libregraph/idm. The graph API will now set
    userpasswords using the LDAP Modify Extended Operation (RFC3062). In the default
    configuration passwords will be hashed using the argon2id algorithm.

    #3778
    #4053

  • Change - Update ocis packages and imports to V2: #3678

    This needs to be done in preparation for the major version bump in ocis.

    #3678

  • Change - Load configuration files just from one directory: #3587

    We've changed the configuration file loading behavior and are now only loading configuration
    files from ONE single directory. This directory can be set on compile time or via an environment
    variable on startup (OCIS_CONFIG_DIR).

    We are using following configuration default paths:

    • Docker images: /etc/ocis/ - Binary releases: $HOME/.ocis/config/

    #3587

  • Change - Reduce permissions on docker image predeclared volumes: #3641

    We've lowered the permissions on the predeclared volumes of the oCIS docker image from 777 to
    750.

    This change doesn't affect you, unless you use the docker image with the non default uid/guid to
    start oCIS (default is 1000:1000).

    #3641

  • Change - Introduce ocis init and remove all default secrets: #3551

    We've removed all default secrets and the hardcoded UUID of the user admin. This means you
    can't start oCIS any longer without setting these via environment variable or configuration
    file.

    In order to make this easy for you, we introduced a new command: ocis init. You can run this
    command before starting oCIS with ocis server and it will bootstrap you a configuration file
    for a secure oCIS instance.

    #3524
    #3551
    #3743

  • Change - The glauth and accounts services are removed: #3685

    After switching the default configuration to libregraph/idm we could remove the glauth and
    accounts services from the source code (they were already disabled by default with the
    previous release)

    #3685

  • Change - Reduce drives in graph /me/drives API: #3629

    Reduced the drives in the graph /me/drives API to only the drives the user has access to. The
    endpoint /drives will list all drives when the user has the permission.

    #3629

  • Change - Switched default configuration to use libregraph/idm: #3331

    We switched the default configuration of oCIS to use the "idm" service (based on
    libregraph/idm) as the standard source for user and group information. The accounts and
    glauth services are no longer enabled by default and will be removed with an upcoming release.

    #3331
    #3633

  • Change - Rename MetadataUserID: #3671

    MetadataUserID is renamed to SystemUserID including yaml tags and env vars

    #3671

  • Change - Use new space ID util functions: #3648

    Changed code to use the new space ID util functions so that everything works with the new spaces
    ID format.

    #3648
    #3669

  • Change - Prevent access to disabled space: #3779

    Previously managers where allowed to edit the space even when it is disabled This is no longer
    possible

    #3779

  • Change - Rename serviceUser to systemUser: #3673

    We renamed serviceUser to systemUser in all configs and vars including yaml-tags and env vars

    #3673

  • Change - Use the spaceID on the cs3 resource: #4748

    We cleaned up the CS3Api to use a proper attribute for the space id.

    https://github.com/owncloud/ocis/pull/4748

  • Change - Split MachineAuth from SystemUser: #3672

    We now have two different APIKeys: MachineAuth for the machine-auth service and SystemUser
    for the system user used e.g. by settings service

    #3672

  • Enhancement - Add capability for alias links: #3983

    For better UX clients need a way to discover if alias links are supported by the server. We added a
    capability under "files_sharing/public/alias"

    #3983
    #3991

  • Enhancement - Add drives field to users endpoint: #4072

    We have added $expand=drives to the /users/{id}/ endpoint using the user filter
    implemented in reva.

    #4072
    cs3org/reva#3046
    #4323

  • Enhancement - Add FRONTEND_ENABLE_RESHARING env variable: #4023

    We introduced resharing which was enabled by default, this is now configurable and can be
    enabled by setting the env FRONTEND_ENABLE_RESHARING to true. By default resharing is
    now disabled.

    #4023

  • Enhancement - Add number of total matches to the search result: #4189

    The search service now returns the number of total matches alongside the results.

    #4189

  • Enhancement - Align service naming: #3606

    We now reflect the configured service names when listing them in the ocis runtime

    #3603
    #3606

  • Enhancement - Add acting user to the audit log: #3753

    Added the acting user to the events in the audit log.

    #3753
    #3992

  • Enhancement - Add audit events for created containers: #3941

    Handle the event ContainerCreated in the audit service.

    #3941

  • Enhancement - Don't setup demo role assignments on default: #3661

    Added a configuration option to explicitly tell the settings service to generate the default
    role assignments.

    #3661
    #3956

  • Enhancement - Improve validation of OIDC access tokens: #3841

    Previously OIDC access tokes were only validated by requesting the userinfo from the IDP. It is
    now possible to enable additional verification if the IDP issues access tokens in JWT format.
    In that case the oCIS proxy service will now verify the signature of the token using the public
    keys provided by jwks_uri endpoint of the IDP. It will also verify if the issuer claim (iss)
    matches the expected values.

    The new validation is enabled by setting PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD to
    "jwt". Which is also the default. Setting it to "none" will disable the feature.

    #3841
    #4227

  • Enhancement - Improve error log for "could not get user by claim" error: #4227

    We've improved the error log for "could not get user by claim" error where previously only the
    "nil" error has been logged. Now we're logging the message from the transport.

    #4227

  • Enhancement - Introduce service registry cache: #3833

    We've improved the service registry / service discovery by setting up registry caching (TTL
    20s), so that not every requests has to do a lookup on the registry.

    #3833

  • Enhancement - Reintroduce user autoprovisioning in proxy: #3860

    With the removal of the accounts service autoprovisioning of users upon first login was no
    longer possible. We added this feature back for the cs3 user backend in the proxy. Leveraging
    the libregraph users API for creating the users.

    #3860

  • Enhancement - Disable the color logging in docker compose examples: #871

    Disabled the color logging in the example docker compose deployments. Although colored logs
    are helpful during the development process they may be undesired in other situations like
    production deployments, where the logs aren't consumed by humans directly but instead by a log
    aggregator.

    #871
    #3935

  • Enhancement - Allow providing list of services NOT to start: #4254

    Until now if one wanted to use a custom version of a service, one needed to provide
    OCIS_RUN_SERVICES which is a list of all services to start. Now one can provide
    OCIS_EXCLUDE_RUN_SERVICES which is a list of only services not to start

    #4254

  • Enhancement - Introduce insecure flag for smtp email notifications: #4279

    We've introduced the NOTIFICATIONS_SMTP_INSECURE configuration option, that let's you
    skip certificate verification for smtp email servers.

    #4279

  • Enhancement - Optional events in graph service: #55555

    We've changed the graph service so that you also can start it without any event bus. Therefore
    you need to set GRAPH_EVENTS_ENDPOINT to an empty string. The graph API will not emit any
    events in this case.

    https://github.com/owncloud/ocis/pull/55555

  • Enhancement - Fix behavior for foobar (in present tense): #4346

    We've added the configuration option PROXY_OIDC_REWRITE_WELLKNOWN to rewrite the
    /.well-known/openid-configuration endpoint. If active, it serves the
    /.well-known/openid-configuration response of the original IDP configured in
    OCIS_OIDC_ISSUER / PROXY_OIDC_ISSUER. This is needed so that the Desktop Client,
    Android Client and iOS Client can discover the OIDC identity provider.

    Previously this rewrite needed to be performed with an external proxy as NGINX or Traefik if an
    external IDP was used.

    #2819
    #3280
    #4346

  • Enhancement - Add config option to provide TLS certificate: #3818

    Added a config option to the graph service to provide a TLS certificate to be used to verify the
    LDAP server certificate.

    #3818
    #3888

  • Enhancement - Add descriptions for graph-explorer config: #3759

    Added descriptions tags to the graph-explorer config tags so that they will be included in the
    documentation.

    #3759

  • Enhancement - Add /me/changePassword endpoint to GraphAPI: #3063

    When using the builtin user management, allow users to update their own password via the
    graph/v1.0/me/changePassword endpoint.

    #3063
    #3705

  • Enhancement - Generate signing key and encryption secret: #3909

    The idp service now automatically generates a signing key and encryption secret when they
    don't exist. This will enable service restarts without invalidating existing sessions.

    #3909
    #4022

  • Enhancement - Update IdP UI: #3493

    Updated our fork of the lico IdP UI. This also updated the used npm dependencies. The design
    didn't change.

    #3493
    #4074

  • Enhancement - Wrap metadata storage with dedicated reva gateway: #3602

    We wrapped the metadata storage in a minimal reva instance with a dedicated gateway, including
    static storage registry, static auth registry, in memory userprovider, machine
    authprovider and demo permissions service. This allows us to preconfigure the service user
    for the ocis settings service, share and public share providers.

    #3602
    #3647

  • Enhancement - New migrate command for migrating shares and public shares: #3987

    We added a new migrate subcommand which can be used to migrate shares and public shares
    between different share and publicshare managers.

    #3987
    #4019

  • Enhancement - Product field in OCS version: #2918

    We've added a new field to the OCS Version, which is supposed to announce the product name. The
    web ui as a client will make use of it to make the backend product and version available (e.g. for
    easier bug reports).

    #2918

  • Enhancement - Refactor extensions to services: #3980

    We have decided to name all extensions, we maintain and provide with ocis, services from here on
    to avoid confusion between external extensions and code we provide and maintain.

    #3980

  • Enhancement - Allow resharing: #3904

    This will allow resharing files

    #3904

  • Enhancement - Add initial version of the search extensions: #3635

    It is now possible to search for files and directories by their name using the web UI. Therefor
    new search extension indexes files in a persistent local index.

    #3635

  • Enhancement - Add capability for public link single file edit: #6787

    It is now possible to share a single file by link with edit permissions. Therefore we need a
    public share capability to enable that feature in the clients. At the same time, we improved the
    WebDAV permissions for public links.

    owncloud/web#6787
    #3538

  • Enhancement - Added share_jail and projects feature flags in spaces capability: #3626

    We've added feature flags to the spaces capability to indicate to clients which features are
    supposed to be shown to users.

    #3626

  • Enhancement - Use storageID when requesting special items: #4356

    We need to use the storageID when requesting the special items of a space to spare a registry
    lookup and improve the performance

    #4356

  • Enhancement - Add description tags to the thumbnails config structs: #3752

    Added description tags to the config structs in the thumbnails service so they will be included
    in the config documentation.

    Important If you ran ocis init with the v2.0.0-alpha* version then you have to manually add the transfer_secret to the ocis.yaml.

    Just open the ocis.yaml config file and look for the thumbnails section. Then add a random
    transfer_secret so that it looks like this:

    yaml thumbnails: thumbnail: transfer_secret: <put random value here>

    #3752

  • Enhancement - Make thumbnails service log less noisy: #3959

    Reduced the log severity when no thumbnail was found from warn to debug. This reduces the spam in
    the logs.

    #3959

  • Enhancement - Update linkshare capabilities: #3579

    We have updated the capabilities regarding password enforcement and expiration dates of
    public links. They were previously hardcoded in a way that didn't reflect the actual backend
    functionality anymore.

    #3579

  • Enhancement - Update reva: #3944

    Changelog for reva 2.6.1 (2022-06-27) =======================================

    The following sections list the changes in reva 2.6.1 relevant to reva users. The changes are
    ordered by importance.

    Summary -------

    Changelog for reva 2.6.0 (2022-06-21) =======================================

    The following sections list the changes in reva 2.6.0 relevant to reva users. The changes are
    ordered by importance.

    #3944
    #3975
    #3982
    #4000
    #4006

  • Enhancement - Update reva to version 2.7.2: #4115

    Changelog for reva 2.7.2 (2022-07-18) =======================================

    Changelog for reva 2.7.1 (2022-07-15) =======================================

    Changelog for reva 2.7.0 (2022-07-15) =======================================

    #4115
    #4201
    #4203
    #4025
    #4211

  • Enhancement - Update reva to v2.7.4: #4294

    Updated reva to version 2.7.4 This update includes:

    Updated reva to version 2.7.3 This update includes:

    Https://github.com/owncloud/ocis/pull/4272
    cs3org/reva#3096 https://github.com/cs3org/reva/pull/4315

    #4294
    #4330
    #4369

  • Enhancement - Update reva to version 2.4.1: #3746

    Changelog for reva 2.4.1 (2022-05-24) =======================================

    The following sections list the changes in reva 2.4.1 relevant to reva users. The changes are
    ordered by importance.

    Summary -------

    Changelog for reva 2.4.0 (2022-05-24) =======================================

    The following sections list the changes in reva 2.4.0 relevant to reva users. The changes are
    ordered by importance.

    Summary -------

    #3746
    #3771
    #3778
    #3842
    #3854
    #3858
    #3867

  • Enhancement - Update reva to version 2.5.1: #3932

    Changelog for reva 2.5.1 (2022-06-08) =======================================

    The following sections list the changes in reva 2.5.1 relevant to reva users. The changes are
    ordered by importance.

    Summary -------

    Changelog for reva 2.5.0 (2022-06-07) =======================================

    The following sections list the changes in reva 2.5.0 relevant to reva users. The changes are
    ordered by importance.

    Summary -------

    #3932
    #3928
    #3922

  • Enhancement - Update reva to v2.3.1: #3552

    Updated reva to version 2.3.1. This update includes

    Updated reva to version 2.3.0. This update includes:

    #3621
    #3552
    #3570
    #3601
    #3602
    #3605
    #3611
    #3637
    #3652
    #3681

  • Enhancement - Update ownCloud Web to v5.5.0-rc.8: #6854

    Tags: web

    We updated ownCloud Web to v5.5.0-rc.8. Please refer to the changelog (linked) for details on
    the web release.

    owncloud/web#6854
    #3844
    #3862
    https://github.com/owncloud/web/releases/tag/v5.5.0-rc.8

  • Enhancement - Update ownCloud Web to v5.5.0-rc.9: #6854

    Tags: web

    We updated ownCloud Web to v5.5.0-rc.9. Please refer to the changelog (linked) for details on
    the web release.

    Summary -------

    owncloud/web#6854
    #3927
    https://github.com/owncloud/web/releases/tag/v5.5.0-rc.9

  • Enhancement - Update ownCloud Web to v5.5.0-rc.6: #6854

    Tags: web

    We updated ownCloud Web to v5.5.0-rc.6. Please refer to the changelog (linked) for details on
    the web release.

    owncloud/web#6854
    #3664
    #3680
    #3727
    #3747
    #3797
    https://github.com/owncloud/web/releases/tag/v5.5.0-rc.6

  • Enhancement - Update ownCloud Web to v5.7.0-rc.1: #4005

    Tags: web

    We updated ownCloud Web to v5.7.0-rc.1. Please refer to the changelog (linked) for details on
    the web release.

    #4005
    owncloud/web#7158
    #3990
    owncloud/web#6854
    https://github.com/owncloud/web/releases/tag/v5.7.0-rc.1

  • Enhancement - Update ownCloud Web to v5.7.0-rc.4: #4140

    Tags: web

    We updated ownCloud Web to v5.7.0-rc.4. Please refer to the changelog (linked) for details on
    the web release.

    #4140
    https://github.com/owncloud/web/releases/tag/v5.7.0-rc.4

  • Enhancement - Update ownCloud Web to v5.7.0-rc.8: #4314

    Tags: web

    We updated ownCloud Web to v5.7.0-rc.9. Please refer to the changelog (linked) for details on
    the web release.

    #4314
    https://github.com/owncloud/web/releases/tag/v5.7.0-rc.8

  • Enhancement - Expand personal drive on the graph user: #4357

    We can now list the personal drive on the users endpoint via the graph API. A user can add an
    $expand=drive query to list the personal drive of the requested user.

    #4357

  • Enhancement - Add descriptions to webdav configuration: #3755

    Added descriptions to webdav config structs to include them in the config documentation.

    #3755

  • Enhancement - Search service at the old webdav endpoint: #4118

    We made the search service available for legacy clients at the old webdav endpoint.

    #4118

Check out latest releases or
releases around owncloud/ocis v2.0.0-beta.6

Don't miss a new ocis release

NewReleases is sending notifications on new releases.

Get notifications