github owncloud/ocis v3.0.0
3.0.0

latest releases: v4.0.7, v5.0.0, v5.0.0-rc.6...
9 months ago

Changes in 3.0.0

Warning

BREAKING CHANGE in ocis deployments

To upgrade from 2.0.0 to 3.0.0-rc.1 or later please shut down and execute the following steps

1. Application ID

you need to set GRAPH_APPLICATION_ID to a random uuidv4.

You can also add

graph:
 application:
   id: some-random-uuid

to the ocis.yaml file which was created during initialisation

2. Search Index

The data format of the search index has also changed. You can safely delete the whole search index.
It is located in a subfolder called search in the ocis base path where ocis stores its data.
The search index automatically fills itself again when changes happen in each space. You can also re-index the space manually.

Sorry for the inconvenience 😅

Note

The metadata store in the DecomposedFS has changed

When you upgrade from 2.0.0 to 3.0.0-rc.1 or later and if you didn't set OCIS_DECOMPOSEDFS_METADATA_BACKEND manually,
ocis will change the storage of the file metadata from using extended attributes (xattrs) to messagepack (messagepack).

This decision was made because extended attributes are limited and have some issues using shared filesystems. Messagepack is a straightforward binary format.

Summary

  • Bugfix - Return 425 on Thumbnails: #5300
  • Bugfix - Allow selected updates on graph users: #6233
  • Bugfix - Disassociate users from deleted school: #5343
  • Bugfix - Fix error message when disabling users: #6435
  • Bugfix - Fix default role assignment for demo users: #3432
  • Bugfix - Empty exact list while searching for a sharee: #6398
  • Bugfix - Reduced default TTL of user and group caches in graph API: #6320
  • Bugfix - Fix so that PATCH requests for groups actually updates the group name: #5949
  • Bugfix - Use UUID attribute for computing "sub" claim in lico idp: #904
  • Bugfix - Hide the existence of space when deleting/updating: #5031
  • Bugfix - Fix OIDC auth cache: #5997
  • Bugfix - Fix the empty string givenName attribute when creating user: #5431
  • Bugfix - Fix Postprocessing events: #5269
  • Bugfix - Fix Search reindexing performance regression: #6085
  • Bugfix - Fix Search tag indexing: #5405
  • Bugfix - Fix the wrong status code when appRoleAssignments is forbidden: #6037
  • Bugfix - Fix user type config for user provider: #6027
  • Bugfix - Fix userlog panic: #6114
  • Bugfix - Fix Logout Url config name: #6227
  • Bugfix - Add missing CORS config: #5987
  • Bugfix - Add missing response to blocked requests: #6277
  • Bugfix - Populate expanded properties: #5421
  • Bugfix - Add portrait thumbnail resolutions: #5656
  • Bugfix - Trace proxy middlewares: #6313
  • Bugfix - Update the default admin role: #6310
  • Bugfix - Fix authenticate headers for API requests: #5992
  • Change - Bump libregraph lico: #5768
  • Change - Updated Cache Configuration: #5829
  • Change - Remove the settings ui: #5463
  • Change - Do not share versions: #5531
  • Change - We renamed the guest role to user light: #6456
  • Enhancement - Add specific result to antivirus for debugging: #6265
  • Enhancement - Add debug server to audit: #6178
  • Enhancement - Add debug server to idm: #6153
  • Enhancement - Add debug server to postprocessing: #6203
  • Enhancement - Add debug server to userlog: #6202
  • Enhancement - Add 'ocis decomposedfs metadata' command: #5858
  • Enhancement - Add debug server to eventhistory: #6204
  • Enhancement - Add global env variable extractor: #5164
  • Enhancement - Add the email HTML templates: #6147
  • Enhancement - Open Debug endpoint for Notifications: #5002
  • Enhancement - Add MessageRichParameters: #5927
  • Enhancement - Add webfinger service: #5373
  • Enhancement - Async Postprocessing: #5207
  • Enhancement - Automate md creation: #5901
  • Enhancement - Add more logging to av service: #5973
  • Enhancement - Return Bad Request when requesting GDPR export for another user: #6123
  • Enhancement - Add endpoints to upload a custom logo: #5735
  • Enhancement - Bump go-ldap version: #6004
  • Enhancement - Bump libre-graph-api-go: #5309
  • Enhancement - Update Reva to version 2.14.0: #6448
  • Enhancement - Collect global envvars: #5367
  • Enhancement - Make the settings bundles part of the service config: #5589
  • Enhancement - Configure GRPC in ocs: #6022
  • Enhancement - Default LDAP write to true: #6362
  • Enhancement - Disable Notifications: #6137
  • Enhancement - Drive group permissions: #5312
  • Enhancement - Make the group members addition limit configurable: #5357
  • Enhancement - Allow username to be changed: #5509
  • Enhancement - Graph Drives IdentitySet displayName: #5347
  • Enhancement - Make the LDAP base DN for new groups configurable: #5974
  • Enhancement - Update to go 1.20 to use memlimit: #5732
  • Enhancement - Display surname and givenName attributes: #5388
  • Enhancement - Extended search: #5221
  • Enhancement - Resource tags: #5227
  • Enhancement - Allow users to be disabled: #5588
  • Enhancement - Web config additions: #6032
  • Enhancement - Eventhistory service: #5600
  • Enhancement - Expiration Notifications: #5330
  • Enhancement - Fix to prevent the email X-Site scripting: #6429
  • Enhancement - Fix preview or viewing of shared animated GIFs: #6386
  • Enhancement - Fix err when the user share the locked file: #6357
  • Enhancement - Add fulltextsearch capabilty: #6366
  • Enhancement - GDPR Export: #6064
  • Enhancement - Make graph/education API errors more consistent: #5682
  • Enhancement - Graph user capabilities: #6339
  • Enhancement - Configurable ID Cache: #6353
  • Enhancement - Add endpoint to list permissions: #5594
  • Enhancement - Notifications: #6038
  • Enhancement - Open Debug endpoint for Nats: #5002
  • Enhancement - No Notifications for own actions: #5871
  • Enhancement - Notify about policies: #5912
  • Enhancement - Add otlp tracing exporter: #5132
  • Enhancement - Add a capability for the Personal Data export: #5984
  • Enhancement - Introduce policies-service: #5714
  • Enhancement - Better config for postprocessing service: #5457
  • Enhancement - Add Store to postprocessing: #6281
  • Enhancement - Add config option to enforce passwords on public links: #5848
  • Enhancement - Add new permission for public links: #5690
  • Enhancement - Remove the email logo: #6359
  • Enhancement - Remove quota from share jails api responses: #6309
  • Enhancement - Rename permissions: #3922
  • Enhancement - Added possibility to assign roles based on OIDC claims: #6048
  • Enhancement - Added option to configure default quota per role: #5616
  • Enhancement - Add optional services to the runtime: #6071
  • Enhancement - Add new SetProjectSpaceQuota permission: #5660
  • Enhancement - Add expiration to user and group shares: #5389
  • Enhancement - Space Management permissions: #5441
  • Enhancement - Cli to purge expired trash-bin items: #5500
  • Enhancement - Unify CA Cert envvars: #6392
  • Enhancement - Update web to v7.0.0-rc.37: #6294
  • Enhancement - Update web to v7.0.0-rc.38: #6375
  • Enhancement - Update web to v7.0.0: #6438
  • Enhancement - Use Accept-Language Header: #5918
  • Enhancement - Use gotext master: #5867
  • Enhancement - Userlog: #5699
  • Enhancement - Userlog Service: #5610
  • Enhancement - Determine the users language to translate via Transifex: #6089
  • Enhancement - Web options configuration: #6188

Details

  • Bugfix - Return 425 on Thumbnails: #5300

    Return 425 on thumbnails GET when file is processing. Pass 425 also through webdav
    endpoint

    #5300

  • Bugfix - Allow selected updates on graph users: #6233

    We are now allowing a couple of update request to complete even if
    GRAPH_LDAP_SERVER_WRITE_ENABLED=false:

    • When using a group to disable users (OCIS_LDAP_DISABLE_USER_MECHANISM=group) updates to the accountEnabled property of a user will be allowed
    • When a distinct base dn for new groups is configured ( GRAPH_LDAP_GROUP_CREATE_BASE_DN is set to a different value than GRAPH_LDAP_GROUP_BASE_DN), allow the creation/update of local groups.

    #6233

  • Bugfix - Disassociate users from deleted school: #5343

    When a school is deleted, users should be disassociated from it.

    #5246
    #5343

  • Bugfix - Fix error message when disabling users: #6435

    When we disable users by adding them to a group we do not need to update the user entry.

    #6435

  • Bugfix - Fix default role assignment for demo users: #3432

    The roles-assignments for demo users where duplicated with every restart of the settings
    service.

    #3432

  • Bugfix - Empty exact list while searching for a sharee: #6398

    We fixed a bug in the sharing api, it always returns an empty exact list while searching for a
    sharee

    #4265
    #6398
    cs3org/reva#3877

  • Bugfix - Reduced default TTL of user and group caches in graph API: #6320

    We reduced the default TTL of the cache for user and group information on the /drives endpoints
    to 60 seconds. This fixes in issue where outdated information was show on the spaces list for a
    very long time.

    #6320

  • Bugfix - Fix so that PATCH requests for groups actually updates the group name: #5949

    #5949

  • Bugfix - Use UUID attribute for computing "sub" claim in lico idp: #904

    By default the LDAP backend for lico uses the User DN for computing the "sub" claim of a user. This
    caused the "sub" claim to stay the same even if a user was deleted and recreated (and go a new UUID
    assgined with that). We now use the user's unique id (owncloudUUID by default) for computing
    the sub claim. So that user's recreated with the same name will be treated as different users
    by the IDP.

    #904
    #6326
    #6338
    #6420

  • Bugfix - Hide the existence of space when deleting/updating: #5031

    The "code": "notAllowed" changed to "code": "itemNotFound"

    #5031
    #6220

  • Bugfix - Fix OIDC auth cache: #5997

    We've fixed an issue rendering the OIDC auth cache useless.

    #5997

  • Bugfix - Fix the empty string givenName attribute when creating user: #5431

    Omitempty givenName attribute when creating user

    #5431
    #6259

  • Bugfix - Fix Postprocessing events: #5269

    Postprocessing service did not want to play with non-tls events. That is fixed now

    #5269

  • Bugfix - Fix Search reindexing performance regression: #6085

    We've fixed a regression in the search service reindexing step, causing the whole space to be
    reindexed instead of just the changed resources.

    #6085

  • Bugfix - Fix Search tag indexing: #5405

    We've fixed an issue where search is not able to index tags for space resources.

    #5405

  • Bugfix - Fix the wrong status code when appRoleAssignments is forbidden: #6037

    Fix the wrong status code when appRoleAssignments is forbidden in the
    CreateAppRoleAssignment and DeleteAppRoleAssignment methods.

    #6037
    #6276

  • Bugfix - Fix user type config for user provider: #6027

    We needed to provide a default value for the user type property in the user provider.

    #6027

  • Bugfix - Fix userlog panic: #6114

    Userlog services paniced because of nil ctx. That is fixed now

    #6114

  • Bugfix - Fix Logout Url config name: #6227

    We fixed the yaml and json name of the logout url option.

    #6227

  • Bugfix - Add missing CORS config: #5987

    The graph, userlog and ocdav services had no CORS config options.

    #5987

  • Bugfix - Add missing response to blocked requests: #6277

    We added the missing response body to requests which were blocked by the policy engine.

    #6277

  • Bugfix - Populate expanded properties: #5421

    We now return an empty array when an expanded relation has no entries. This makes consuming the
    responses a little easier.

    #5419
    #5421
    #5426

  • Bugfix - Add portrait thumbnail resolutions: #5656

    Add portrait-orientation resolutions to the thumbnail service's default configuration.
    This prevents portrait photos from being heavily cropped into landscape resolutions in the
    web viewer.

    #5656

  • Bugfix - Trace proxy middlewares: #6313

    We moved trace initialization to an early middleware to also trace requests made by other proxy
    middlewares.

    #6313

  • Bugfix - Update the default admin role: #6310

    The admin role was missing two permissions. We added them to make the space admin role a subset of
    the admin role. This matches better with the default user expectations.

    #6310

  • Bugfix - Fix authenticate headers for API requests: #5992

    We changed the www-authenticate header which should not be sent when the XMLHttpRequest
    header is set.

    #5986
    #5992

  • Change - Bump libregraph lico: #5768

    We updated lico to the latest version * Update to 0.59.4 - upstream dropped the kc and cookie
    backends

    #5768

  • Change - Updated Cache Configuration: #5829

    We updated all cache related environment vars to more closely follow the go micro naming
    pattern: - {service}_CACHE_STORE_TYPE becomes {service}_CACHE_STORE or
    {service}_PERSISTENT_STORE - {service}_CACHE_STORE_ADDRESS(ES) becomes
    {service}_CACHE_STORE_NODES - The mem store implementation name changes to memory -
    In yaml files the cache type becomes store We introduced redis-sentinel as a store
    implementation.

    #5829

  • Change - Remove the settings ui: #5463

    With ownCloud Web having transitioned to Vue 3 recently, we would have had to port the settings
    ui as well. The decision was made to discontinue the settings ui instead. As a result all traces
    of the settings ui have been removed.

    The only user facing setting that ever existed in the settings service is now integrated into
    the account page of ownCloud Web (click on top right user menu, then on your username to reach
    the account page).

    #5463

  • Change - Do not share versions: #5531

    We changed the default behavior of shares: Share receivers have no access to versions. People
    in spaces with the "Editor" or "Manager" role can still see versions and work with them.

    #5531

  • Change - We renamed the guest role to user light: #6456

    We needed to rename the "Guest" role to "User Light" because the naming was creating
    confusions. The roles are not bound to a user type.

    #6058
    #6456

  • Enhancement - Add specific result to antivirus for debugging: #6265

    We added the ability to define a specific result for the virus scanner via env-var
    (ANTIVIRUS_DEBUG_SCAN_OUTCOME)

    #6265

  • Enhancement - Add debug server to audit: #6178

    We added a debug server to audit.

    #5002
    #6178

  • Enhancement - Add debug server to idm: #6153

    We added a debug server to idm.

    #5003
    #6153

  • Enhancement - Add debug server to postprocessing: #6203

    We added a debug server to postprocessing.

    #5002
    #6203

  • Enhancement - Add debug server to userlog: #6202

    We added a debug server to userlog.

    #5002
    #6202

  • Enhancement - Add 'ocis decomposedfs metadata' command: #5858

    We added a 'ocis decomposedfs metadata' command for inspecting and manipulating node
    metadata.

    #5858

  • Enhancement - Add debug server to eventhistory: #6204

    We added a debug server to eventhistory.

    #5002
    #6204

  • Enhancement - Add global env variable extractor: #5164

    We have added a little tool that will extract global env vars, that are loaded only through
    os.Getenv for documentation purposes

    #4916
    #5164

  • Enhancement - Add the email HTML templates: #6147

    Add the email HTML templates

    #6146
    #6147

  • Enhancement - Open Debug endpoint for Notifications: #5002

    We added a debug server to the notifications service

    #5002
    #6155

  • Enhancement - Add MessageRichParameters: #5927

    Adds the messageRichParameters to virus and policies notifications

    #5927

  • Enhancement - Add webfinger service: #5373

    Adds a webfinger service to redirect ocis clients

    #6102
    #5373
    #6110

  • Enhancement - Async Postprocessing: #5207

    Provides functionality for async postprocessing. This will allow the system to do the
    postprocessing (virusscan, copying of bytes to their final destination, ...) asynchronous
    to the users request. Major change when active.

    #5207

  • Enhancement - Automate md creation: #5901

    Automatically create _index.md files from the services README.md

    #5901

  • Enhancement - Add more logging to av service: #5973

    We need more debug logging in some situations to understand the state of a virus scan.

    #5973

  • Enhancement - Return Bad Request when requesting GDPR export for another user: #6123

    This is an enhancement, not security related as the requested uid is never used

    #6123

  • Enhancement - Add endpoints to upload a custom logo: #5735

    Added endpoints to upload and reset custom logos. The files are stored under the
    WEB_ASSET_PATH which defaults to $OCIS_BASE_DATA_PATH/web/assets.

    #5735
    #5559

  • Enhancement - Bump go-ldap version: #6004

    Use master version of go-ldap to get rid of nasty = bug. See
    go-ldap/ldap#416

    #6004

  • Enhancement - Bump libre-graph-api-go: #5309

    We fixed a couple of issues in libre-graph-api-go package.

    • rename drive permission grantedTo to grantedToIdentities to be ms graph spec compatible.
    • drive.name is a required property now.
    • add group property to the identitySet.

    #5309
    #5312

  • Enhancement - Update Reva to version 2.14.0: #6448

    Changelog for reva 2.14.0 (2023-06-05) =======================================

    Changelog for reva 2.13.3 (2023-05-17) =======================================

    Changelog for reva 2.13.2 (2023-05-08) =======================================

    Changelog for reva 2.13.1 (2023-05-03) =======================================

    Changelog for reva 2.13.0 (2023-05-02) =======================================

    #6448
    #6447
    #6381
    #6305
    #6339
    #6205
    #6186

  • Enhancement - Collect global envvars: #5367

    Compose a list of all envvars living in more than 1 service

    #5367

  • Enhancement - Make the settings bundles part of the service config: #5589

    We added the settings bundles to the config. The default roles are still unchanged. You can now
    override the defaults by replacing the whole bundles list via json config files. The config
    file is loaded from a specified path which can be configured with SETTINGS_BUNDLES_PATH.

    #5589
    #5607

  • Enhancement - Configure GRPC in ocs: #6022

    Fixes a panic in ocs when running not in single binary

    #6022

  • Enhancement - Default LDAP write to true: #6362

    Default OCIS_LDAP_SERVER_WRITE_ENABLED to true

    #6362

  • Enhancement - Disable Notifications: #6137

    Introduce new setting to disable notifications

    #6137

  • Enhancement - Drive group permissions: #5312

    We've updated the libregraph.Drive response to contain group permissions.

    #5312

  • Enhancement - Make the group members addition limit configurable: #5357

    It's now possible to configure the limit of group members addition by PATCHing
    /graph/v1.0/groups/{groupID}. It still defaults to 20 as defined in the spec but it can be
    configured via .graph.api.group_members_patch_limit in ocis.yaml or via the
    GRAPH_GROUP_MEMBERS_PATCH_LIMIT environment variable.

    #5262
    #5357

  • Enhancement - Allow username to be changed: #5509

    When OnPremisesSamAccountName is present in a PATCH on {apiRoot}/users/{userID} it will
    change the username of the user. This also changes the references to this user in the groups.

    #4988
    #5509

  • Enhancement - Graph Drives IdentitySet displayName: #5347

    We've added the IdentitySet displayName property to the group and user sets for the graph
    drives endpoint. The values for groups and users get cached.

    #5347
    owncloud/web#8178

  • Enhancement - Make the LDAP base DN for new groups configurable: #5974

    The LDAP backend for the Graph service introduced a new config option for setting the Parent DN
    for new groups created via the /groups/ endpoint. (GRAPH_LDAP_GROUP_CREATE_BASE_DN)

    It defaults to the value of GRAPH_LDAP_GROUP_BASE_DN. If set to a different value the
    GRAPH_LDAP_GROUP_CREATE_BASE_DN needs to be a subordinate DN of
    GRAPH_LDAP_GROUP_BASE_DN.

    All existing groups with a DN outside the GRAPH_LDAP_GROUP_CREATE_BASE_DN tree will be
    treated as read-only groups. So it is not possible to edit these groups.

    #5974

  • Enhancement - Update to go 1.20 to use memlimit: #5732

    We updated to go 1.20 which allows setting GOMEMLIMIT, which we by default set to 0.9.

    #5732

  • Enhancement - Display surname and givenName attributes: #5388

    When querying the graph API, the surname and givenName attributes are now displayed for users.

    #5386
    #5388

  • Enhancement - Extended search: #5221

    Provides multiple enhancement to the search implementation. * content extraction, search
    now supports apache tika to extract resource contents. * search engine, underlying search
    engine is swappable now. * event consumers, the number of event consumers can now be set, which
    improves the speed of the individual tasks

    #5184
    #5221

  • Enhancement - Resource tags: #5227

    We've added the ability to tag resources via the graph api. Tags can be added (put request) and
    removed (delete request) from a resource, a list of available tags can also be requested by
    sending a get request to the graph endpoint.

    #5184
    #5227
    #5271

  • Enhancement - Allow users to be disabled: #5588

    By setting the accountEnabled property to false for a user via the graph API. Users can be
    disabled (i.e. they can no longer login)

    #5588
    #5620

  • Enhancement - Web config additions: #6032

    We've added config keys for defining additional css, scripts and translations for ownCloud
    Web.

    #6032

  • Enhancement - Eventhistory service: #5600

    Introduces the eventhistory service. It is a service that stores events and provides a grpc
    API to retrieve them.

    #5600

  • Enhancement - Expiration Notifications: #5330

    Send emails to the user informing that a share or a space membership expires.

    #5330

  • Enhancement - Fix to prevent the email X-Site scripting: #6429

    Fix to prevent the email notification X-Site scripting

    #6411
    #6429

  • Enhancement - Fix preview or viewing of shared animated GIFs: #6386

    Fix preview or viewing of shared animated GIFs

    #5418
    #6386

  • Enhancement - Fix err when the user share the locked file: #6357

    Fix unexpected behavior when the user try to share the locked file

    #6197
    #6357

  • Enhancement - Add fulltextsearch capabilty: #6366

    It needs an extra envvar FRONTEND_FULL_TEXT_SEARCH_ENABLED

    #6366

  • Enhancement - GDPR Export: #6064

    Adds an endpoint to collect all data that is related to a user

    #6064
    #5950

  • Enhancement - Make graph/education API errors more consistent: #5682

    Aligned the error messages when creating schools and classes fail and changed the response
    code from 500 to 409.

    #5660
    #5682

  • Enhancement - Graph user capabilities: #6339

    Adds capablities to show if users are writeable in LDAP so clients can block their specific
    fields

    #6339

  • Enhancement - Configurable ID Cache: #6353

    Makes the integrated idcache (used to reduce reads from disc) configurable with the general
    cache envvars

    #6353

  • Enhancement - Add endpoint to list permissions: #5594

    We added 'https://cloud.ocis.test/api/v0/settings/permissions-list' to retrieve all
    permissions of the logged in user.

    #5594
    #5571

  • Enhancement - Notifications: #6038

    Make Emails translatable via transifex The transifex translation add in to the email
    templates. The optional environment variable NOTIFICATIONS_TRANSLATION_PATH added to
    config. The optional global environment variable OCIS_TRANSLATION_PATH added to
    notifications and userlog config.

    #6025
    #6038

  • Enhancement - Open Debug endpoint for Nats: #5002

    We added a debug server to nats

    #5002
    #6139

  • Enhancement - No Notifications for own actions: #5871

    Don't send notifications on space events when the user has executed them herself.

    #5871

  • Enhancement - Notify about policies: #5912

    Notify the user when a file was deleted due to policies (policies service)

    #5912

  • Enhancement - Add otlp tracing exporter: #5132

    We can now configure otlp to send traces using the otlp exporter.

    #5132
    cs3org/reva#3496

  • Enhancement - Add a capability for the Personal Data export: #5984

    Adds a capability for the personal data export endpoint

    #5984

  • Enhancement - Introduce policies-service: #5714

    Introduces policies service. The policies-service provides a new grpc api which can be used to
    return whether a requested operation is allowed or not. Open Policy Agent is used to determine
    the set of rules of what is permitted and what is not.

    2 further levels of authorization build on this:

    • Proxy Authorization
    • Event Authorization (needs async post-processing enabled)

    The simplest authorization layer is in the proxy, since every request is processed here, only
    simple decisions that can be processed quickly are made here, more complex queries such as file
    evaluation are explicitly excluded in this layer.

    The next layer is event-based as a pipeline step in asynchronous post-processing, since
    processing at this point is asynchronous, the operations there can also take longer and be more
    expensive, the bytes of a file can be examined here as an example.

    Since the base block is a grpc api, it is also possible to use it directly. The policies are
    written in the rego query
    language
    .

    #5580
    #5714

  • Enhancement - Better config for postprocessing service: #5457

    The postprocessing service is now individually configurable. This is achieved by allowing a
    list of postprocessing steps that are processed in order of their appearance in the
    POSTPROCESSING_STEPS envvar.

    #5457

  • Enhancement - Add Store to postprocessing: #6281

    Add a gomicro store for the postprocessing service. Needed to run multiple postprocessing
    instances

    #6281

  • Enhancement - Add config option to enforce passwords on public links: #5848

    Added a new config option to enforce passwords on public links with "Uploader, Editor,
    Contributor" roles.

    The new options are: OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD,
    SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD and
    FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD. Check the docs on how to
    properly set them.

    #5848
    #5785
    #5720

  • Enhancement - Add new permission for public links: #5690

    Added a new permission 'PublicLink.Write' to check if a user can create or update public links.

    #5690

  • Enhancement - Remove the email logo: #6359

    Remove the email logo

    #6359
    #6361

  • Enhancement - Remove quota from share jails api responses: #6309

    We have removed the quota object from api responses for share jails, which would permanently
    show exceeded due to restrictions in the permission system.

    #4472
    #6309

  • Enhancement - Rename permissions: #3922

    Rename permissions to be consistent and future proof

    cs3org/reva#3922
    #6418

  • Enhancement - Added possibility to assign roles based on OIDC claims: #6048

    OCIS can now be configured to update a user's role assignment from the values of a claim provided
    via the IDPs userinfo endpoint. The claim name and the mapping between claim values and ocis
    role name can be configured via the configuration of the proxy service. Example:

    role_mapping: - role_name: admin claim_value: myAdminRole - role_name: spaceadmin
    claim_value: mySpaceAdminRole - role_name: user claim_value: myUserRole - role_name:
    guest: claim_value: myGuestRole ```
    
    https://github.com/owncloud/ocis/pull/6048
    
  • Enhancement - Added option to configure default quota per role: #5616

    Admins can assign default quotas to users with certain roles by adding the following config to
    the proxy.yaml. E.g.: ``` role_quotas: d7beeea8-8ff4-406b-8fb6-ab2dd81e6b11: 2300000

    
    It maps a role ID to the quota in bytes.
    
    https://github.com/owncloud/ocis/pull/5616
    
    
  • Enhancement - Add optional services to the runtime: #6071

    Make it possible to start optional services in the ocis runtime. Instead of using
    OCIS_RUN_SERVICES to define all services we can now use OCIS_ADD_RUN_SERVICES to add a
    comma separated list of additional services which are not started in the single process by
    default.

    #6071

  • Enhancement - Add new SetProjectSpaceQuota permission: #5660

    Additionally to set-space-quota for setting quota on personal spaces we now have
    Drive.ReadWriteQuota.Project for setting project spaces quota

    #5660

  • Enhancement - Add expiration to user and group shares: #5389

    Added expiration to user and group shares.

    #5389

  • Enhancement - Space Management permissions: #5441

    We added new space management permissions. space-properties will allow changing space
    properties (name, description, ...). space-ability will allow enabling and disabling
    spaces

    #5441

  • Enhancement - Cli to purge expired trash-bin items: #5500

    Introduction of a new cli command to purge old trash-bin items. The command is part of the
    storage-users service and can be used as follows:

    ocis storage-users trash-bin purge-expired.

    The purge-expired command configuration is done in the ocisconfiguration or as usual by
    using environment variables.

    ENV STORAGE_USERS_PURGE_TRASH_BIN_USER_ID is used to obtain space trash-bin
    information and takes the system admin user as the default OCIS_ADMIN_USER_ID. It should be
    noted, that this is only set by default in the single binary. The command only considers spaces
    to which the user has access and delete permission.

    ENV STORAGE_USERS_PURGE_TRASH_BIN_PERSONAL_DELETE_BEFORE has a default value of 30 days, which means the command will delete all files older than 30 days. The value is
    human-readable, valid values are 24h, 60m, 60s etc. 0 is equivalent to disable and
    prevents the deletion of personal space trash-bin files.

    ENV STORAGE_USERS_PURGE_TRASH_BIN_PROJECT_DELETE_BEFORE has a default value of 30 days, which means the command will delete all files older than 30 days. The value is
    human-readable, valid values are 24h, 60m, 60s etc. 0 is equivalent to disable and
    prevents the deletion of project space trash-bin files.

    Likewise, only spaces of the type project and personal are taken into account. Spaces of
    type virtual, for example, are ignored.

    #5499
    #5500

  • Enhancement - Unify CA Cert envvars: #6392

    Introduce a global OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE to avoid needing to configure
    all {SERVICENAME}_EVENTS_TLS_ROOT_CA_CERTIFICATE envvars

    #6392

  • Enhancement - Update web to v7.0.0-rc.37: #6294

    Tags: web

    We updated ownCloud Web to v7.0.0-rc.37. Please refer to the changelog (linked) for details on
    the web release.

    #6294
    https://github.com/owncloud/web/releases/tag/v7.0.0-rc.37

  • Enhancement - Update web to v7.0.0-rc.38: #6375

    Tags: web

    We updated ownCloud Web to v7.0.0-rc.38. Please refer to the changelog (linked) for details on
    the web release.

    #6375
    https://github.com/owncloud/web/releases/tag/v7.0.0-rc.38

  • Enhancement - Update web to v7.0.0: #6438

    Tags: web

    We updated ownCloud Web to v7.0.0. Please refer to the changelog (linked) for details on the web
    release.

    Breaking changes * BREAKING CHANGE for developers and admins in

    owncloud/web#7948: we've updated
    Vue.js to version 3. Existing apps that have not been updated to Vue.js version 3 will not be
    compatible anymore. * BREAKING CHANGE for admins in
    owncloud/web#8563: we've introduced
    contrast colors in our theming. In case you have created a custom theme.json it needs to be
    adjusted accordingly: -contrast color values need to be added to all swatches, e.g. to
    swatch-brand-contrast. See https://owncloud.dev/clients/web/theming/#colors

    Summary * Bugfix

    owncloud/web#6423: Archiver in
    protected public links * Bugfix
    owncloud/web#6434: Endless lazy
    loading indicator after sorting file table * Bugfix
    owncloud/web#6731: Layout with long
    breadcrumb * Bugfix
    owncloud/web#6768: Pagination after
    increasing items per page * Bugfix
    owncloud/web#7513: Calendar popup
    position in right sidebar * Bugfix
    owncloud/web#7655: Loading shares in
    deep nested folders * Bugfix
    owncloud/web#7925: "Paste"-action
    without write permissions * Bugfix
    owncloud/web#7926: Include spaces in
    the list info * Bugfix
    owncloud/web#7958: Prevent deletion of
    own account * Bugfix owncloud/web#7966:
    UI fixes for sorting and quickactions * Bugfix
    owncloud/web#7969: Space quota not
    displayed after creation * Bugfix
    owncloud/web#8026: Text editor
    appearance * Bugfix owncloud/web#8040:
    Reverting versions for read-only shares * Bugfix
    owncloud/web#8045: Resolving drives in
    search * Bugfix owncloud/web#8054:
    Search repeating no results message * Bugfix
    owncloud/web#8058: Current year
    selection in the date picker * Bugfix
    owncloud/web#8061: Omit "page"-query
    in breadcrumb navigation * Bugfix
    owncloud/web#8080: Left sidebar
    navigation item text flickers on transition * Bugfix
    owncloud/web#8081: Space member
    disappearing * Bugfix
    owncloud/web#8083: Re-using space
    images * Bugfix owncloud/web#8148:
    Show space members despite deleted entries * Bugfix
    owncloud/web#8158: Search bar input
    appearance * Bugfix owncloud/web#8265:
    Application menu active display on hover * Bugfix
    owncloud/web#8276: Loading additional
    user data * Bugfix owncloud/web#8300:
    Re-loading space members panel * Bugfix
    owncloud/web#8326: Editing users who
    never logged in * Bugfix
    owncloud/web#8340: Cancel custom
    permissions * Bugfix
    owncloud/web#8411: Drop menus with
    limited vertical screen space * Bugfix
    owncloud/web#8420: Token renewal in
    vue router hash mode * Bugfix
    owncloud/web#8434: Accessing route
    in admin-settings with insufficient permissions * Bugfix
    owncloud/web#8479: "Show
    more"-action in shares panel * Bugfix
    owncloud/web#8480: Paste action
    conflict dialog broken * Bugfix
    owncloud/web#8498: PDF display issue -
    Update CSP object-src policy * Bugfix
    owncloud/web#8508: Remove fuzzy search
    results * Bugfix owncloud/web#8523:
    Space image upload * Bugfix
    owncloud/web#8549: Batch context
    actions in admin settings * Bugfix
    owncloud/web#8554: Height of dropdown
    no-option * Bugfix owncloud/web#8576:
    De-duplicate event handling to prevent errors on Draw-io * Bugfix
    owncloud/web#8585: Users without
    role assignment * Bugfix
    owncloud/web#8587: Password
    enforced check for public links * Bugfix
    owncloud/web#8592: Group members
    sorting * Bugfix owncloud/web#8694:
    Broken re-login after logout * Bugfix
    owncloud/web#8695: Open files in
    external app * Bugfix
    owncloud/web#8756: Copy link to
    clipboard text * Bugfix
    owncloud/web#8758: Preview controls
    colors * Bugfix owncloud/web#8776:
    Selection reset on action click * Bugfix
    owncloud/web#8814: Share recipient
    container exceed * Bugfix
    owncloud/web#8825: Remove drop target
    in read-only folders * Bugfix
    owncloud/web#8827: Opening context
    menu via keyboard * Bugfix
    owncloud/web#8834: Hide upload hint
    in empty read-only folders * Bugfix
    owncloud/web#8864: Public link empty
    password stays forever * Bugfix
    owncloud/web#8880: Sidebar header
    after deleting resource * Bugfix
    owncloud/web#8928: Infinite login
    redirect * Bugfix owncloud/web#8987:
    Limit amount of concurrent tus requests * Bugfix
    owncloud/web#8992: Personal space name
    after language change * Bugfix
    owncloud/web#9004: Endless loading
    when encountering a public link error * Bugfix
    owncloud/web#9009: Public link file
    previews * Bugfix owncloud/web#9014:
    Empty file list after deleting resources * Bugfix
    owncloud/web#9015: Prevent "virtual"
    spaces from being displayed in the UI * Bugfix
    owncloud/web#9020: Sidebar for
    spaces on "Shared via link"-page * Bugfix
    owncloud/web#9022: Spaces in search
    results * Bugfix owncloud/web#9030:
    Share indicator loading after pasting resources * Bugfix
    owncloud/web#9050: Preview app mime
    type detection * Bugfix
    owncloud/web#9061: Resource not
    found and No content message at the same time * Bugfix
    owncloud/web#9080: Incorrect pause
    state in upload info * Bugfix
    owncloud/web#9131: Select all checkbox

    #6438
    https://github.com/owncloud/web/releases/tag/v7.0.0

  • Enhancement - Use Accept-Language Header: #5918

    Use the Accept-Language header instead of the custom Prefered-Language

    #5918

  • Enhancement - Use gotext master: #5867

    We needed to use forked version until our upstream changes were merged

    #5867

  • Enhancement - Userlog: #5699

    Enhance userlog service with proper api and messages

    #5699

  • Enhancement - Userlog Service: #5610

    Introduces userlog service. It stores eventIDs the user is interested in and provides an API to
    retrieve the events.

    #5610

  • Enhancement - Determine the users language to translate via Transifex: #6089

    #6087
    #6089
    Enhance
    userlog
    service
    with
    proper
    api
    and
    messages

  • Enhancement - Web options configuration: #6188

    Hardcode web options instead of using a generic map[string]interface{}

    #6188

Don't miss a new ocis release

NewReleases is sending notifications on new releases.