github owncloud/ocis v5.0.0-rc.6
5.0.0-rc.6

latest releases: v7.0.0-rc.2, v7.0.0-rc.1, v6.6.1...
pre-release8 months ago

Incremental changes since 5.0.0-rc.5

oCIS

  • Bugfix - Fix an error when lock/unlock a public shared file: #8472
  • Bugfix - Fix remove/update share permissions: #8529
  • Bugfix - Fix graph drive invite: #8538
  • Bugfix - We now always select the next clients when autoaccepting shares: #8570
  • Bugfix - Correct the default mapping of roles: #8639
  • Change - Change the default store for presigned keys to nats-js-kv: #8419
  • Enhancement - Graphs endpoint for mounting and unmounting shares: #7885
  • Enhancement - Update to go 1.22: #8586

Reva

Web

All Changes in 5.0.0-rc.6

Summary

  • Bugfix - Fix wrong compile date: #6132
  • Bugfix - Fix the kql-bleve search: #7290
  • Bugfix - Bring back the USERS_LDAP_USER_SCHEMA_ID variable: #7312
  • Bugfix - Do not reset state of received shares when rebuilding the jsoncs3 index: #7319
  • Bugfix - Deprecate redundant encryptions settings for notification service: #7345
  • Bugfix - Check school number for duplicates before adding a school: #7351
  • Bugfix - Don't reload web config: #7369
  • Bugfix - Delete outdated userlog events: #7410
  • Bugfix - Set the mountpoint on auto accept: #7460
  • Bugfix - Fix default language fallback: #7465
  • Bugfix - GetUserByClaim fixed for Active Directory: #7476
  • Bugfix - Fix preview request 500 error when made too early: #7502
  • Bugfix - Fix 403 in docs pipeline: #7509
  • Bugfix - Fix the auth service env variable: #7523
  • Bugfix - Token storage config fixed: #7528
  • Bugfix - Set existing mountpoint on auto accept: #7592
  • Bugfix - Return 423 status code on tag create: #7596
  • Bugfix - Fix libre-graph status codes: #7678
  • Bugfix - Fix unlock via space API: #7726
  • Bugfix - Disable DEPTH infinity in PROPFIND: #7746
  • Bugfix - Fix the tgz mime type: #7772
  • Bugfix - Fix natsjs cache: #7790
  • Bugfix - Fix search service start: #7795
  • Bugfix - Fix search response: #7815
  • Bugfix - The race conditions in tests: #7847
  • Bugfix - Do not purge expired upload sessions that are still postprocessing: #7859
  • Bugfix - Fix the public link update: #7862
  • Bugfix - Fix jwt config of policies service: #7893
  • Bugfix - Updating logo with new theme structure: #7930
  • Bugfix - Password policy return code was wrong: #7952
  • Bugfix - Removed outdated and unused dependency from idp package: #7957
  • Bugfix - Update permission validation: #7963
  • Bugfix - Renaming a user to a string with capital letters: #7964
  • Bugfix - Improve OCM support: #7973
  • Bugfix - Permissions of a role with duplicate ID: #7976
  • Bugfix - Non durable streams for sse service: #7986
  • Bugfix - Fix empty trace ids: #8023
  • Bugfix - Fix search by containing special characters: #8050
  • Bugfix - Fix the upload postprocessing: #8117
  • Bugfix - Disallow to delete a file during the processing: #8132
  • Bugfix - Fix wrong naming in nats-js-kv registry: #8140
  • Bugfix - IDP CS3 backend sessions now survive a restart: #8142
  • Bugfix - Fix patching of language: #8182
  • Bugfix - Fix search service to not log expected cases as errors: #8200
  • Bugfix - Updating and reset logo failed: #8211
  • Bugfix - Cleanup graph/pkg/service/v0/driveitems.go: #8228
  • Bugfix - Cleanup search/pkg/search/search.go: #8230
  • Bugfix - Graph/sharedWithMe works for shares from project spaces now: #8233
  • Bugfix - Fix PATCH/DELETE status code for drives that don't support them: #8235
  • Bugfix - Fix nats authentication: #8236
  • Bugfix - Fix the resource name: #8246
  • Bugfix - Apply role constraints when creating shares via the graph API: #8247
  • Bugfix - Fix concurrent access to a map: #8269
  • Bugfix - Fix nats registry: #8281
  • Bugfix - Remove invalid environment variables: #8303
  • Bugfix - Fix concurrent shares config: #8317
  • Bugfix - Fix Content-Disposition header for downloads: #8381
  • Bugfix - Signed url verification: #8385
  • Bugfix - Fix an error when move: #8396
  • Bugfix - Fix extended env parser: #8409
  • Bugfix - Graph/drives/permission Expiration date update: #8413
  • Bugfix - Fix search error message: #8444
  • Bugfix - Graph/sharedWithMe align IDs with webdav response: #8467
  • Bugfix - Fix an error when lock/unlock a public shared file: #8472
  • Bugfix - Bump reva to pull in changes to fix recursive trashcan purge: #8505
  • Bugfix - Fix remove/update share permissions: #8529
  • Bugfix - Fix graph drive invite: #8538
  • Bugfix - We now always select the next clients when autoaccepting shares: #8570
  • Bugfix - Correct the default mapping of roles: #8639
  • Bugfix - Fix last month search: #31145
  • Change - Auto-Accept Shares: #7097
  • Change - Change the default TUS chunk size: #7273
  • Change - Remove privacyURL and imprintURL from the config: #7938
  • Change - Remove accessDeniedHelpUrl from the config: #7970
  • Change - Change the default store for presigned keys to nats-js-kv: #8419
  • Change - Deprecate sharing cs3 backends: #8478
  • Enhancement - Add the Banned Passwords List: #4197
  • Enhancement - Introduce service accounts: #6427
  • Enhancement - SSE for messaging: #6992
  • Enhancement - Support spec violating AD FS access token issuer: #7140
  • Enhancement - Add OCIS_LDAP_BIND_PASSWORD as replacement for LDAP_BIND_PASSWORD: #7176
  • Enhancement - Keyword Query Language (KQL) search syntax: #7212
  • Enhancement - Introduce clientlog service: #7217
  • Enhancement - Proxy uses service accounts for provisioning: #7240
  • Enhancement - The password policies change request: #7264
  • Enhancement - Introduce natsjs registry: #7272
  • Enhancement - Add the password policies: #7285
  • Enhancement - Add login URL config: #7317
  • Enhancement - Improve SSE format: #7325
  • Enhancement - New value auto for NOTIFICATIONS_SMTP_AUTHENTICATION: #7356
  • Enhancement - Make sse service scalable: #7382
  • Enhancement - Edit wrong named enves: #7406
  • Enhancement - Thumbnail generation with image processors: #7409
  • Enhancement - Set default for Async Uploads to true: #7416
  • Enhancement - The default language added: #7417
  • Enhancement - Add "Last modified" filter Chip: #7455
  • Enhancement - Config for disabling Web extensions: #7486
  • Enhancement - Store and index metadata: #7490
  • Enhancement - Add support for audio files to the thumbnails service: #7491
  • Enhancement - Implement sharing roles: #7524
  • Enhancement - Add new permission to delete public link password: #7538
  • Enhancement - Add config to enforce passwords on all public links: #7547
  • Enhancement - Tika content extraction cleanup for search: #7553
  • Enhancement - Allow configuring storage registry with envvars: #7554
  • Enhancement - Add search MediaType filter: #7602
  • Enhancement - Add Sharing NG endpoints: #7633
  • Enhancement - Configs for Web embed mode: #7670
  • Enhancement - Support login page background configuration: #7674
  • Enhancement - Add new permissions: #7700
  • Enhancement - Add preferred language to user settings: #7720
  • Enhancement - Add user filter startswith and contains: #7739
  • Enhancement - Allow configuring additional routes: #7741
  • Enhancement - Default link permission config: #7783
  • Enhancement - Add banned password list to the default deployments: #7784
  • Enhancement - Update to go 1.21: #7794
  • Enhancement - Add Sharing NG list permissions endpoint: #7805
  • Enhancement - Add user list requires filter config: #7866
  • Enhancement - Retry antivirus postprocessing step in case of problems: #7874
  • Enhancement - Add validation to public share provider: #7877
  • Enhancement - Graphs endpoint for mounting and unmounting shares: #7885
  • Enhancement - Store and index metadata: #7886
  • Enhancement - Allow regular users to list other users: #7887
  • Enhancement - Add edit public share to sharing NG: #7908
  • Enhancement - Add cli commands for trash-bin: #7917
  • Enhancement - Add validation update public share: #7978
  • Enhancement - Allow inmemory nats-js-kv stores: #7979
  • Enhancement - Disable the password policy: #7985
  • Enhancement - Use kv store in natsjs registry: #7987
  • Enhancement - Allow authentication nats connections: #7989
  • Enhancement - Add RED metrics to the metrics endpoint: #7994
  • Enhancement - Add ocm and sciencemesh services: #7998
  • Enhancement - Make nats-js-kv the default registry: #8011
  • Enhancement - Service Account roles: #8051
  • Enhancement - Update antivirus service: #8062
  • Enhancement - Remove deprecated environment variables: #8149
  • Enhancement - Disable the password policy: #8152
  • Enhancement - Allow restarting multiple uploads with one command: #8287
  • Enhancement - Modify the concurrency default: #8309
  • Enhancement - Improve ocis single binary start: #8320
  • Enhancement - Use environment variables in yaml config files: #8339
  • Enhancement - Increment filenames on upload collisions in secret filedrops: #8340
  • Enhancement - Allow sending multiple user ids in one sse event: #8379
  • Enhancement - Allow to skip service listing: #8408
  • Enhancement - Add a make step to validate the env var annotations: #8436
  • Enhancement - Drop the unnecessary grants exists check when creating shares: #8502
  • Enhancement - Update to go 1.22: #8586
  • Enhancement - Update web to v8.0.0: #8613
  • Enhancement - Update web to v8.0.1: #8626
  • Enhancement - Update reva to 2.19.2: #8638

Details

  • Bugfix - Fix wrong compile date: #6132

    We fixed that current date is always printed.

    #6124
    #6132

  • Bugfix - Fix the kql-bleve search: #7290

    We fixed the issue when 500 on searches that contain ":". Added the characters
    escaping according to https://blevesearch.com/docs/Query-String-Query/

    #7282
    #7290

  • Bugfix - Bring back the USERS_LDAP_USER_SCHEMA_ID variable: #7312

    We reintroduced the USERS_LDAP_USER_SCHEMA_ID variable which was accidently
    removed from the users service with the 4.0.0 release.

    #7312
    owncloud/ocis-charts#397

  • Bugfix - Do not reset state of received shares when rebuilding the jsoncs3 index: #7319

    We fixed a problem with the "ocis migrate rebuild-jsoncs3-indexes" command which
    reset the state of received shares to "pending".

    #7319

  • Bugfix - Deprecate redundant encryptions settings for notification service: #7345

    The values tls and ssl for the smtp_encryption configuration setting are
    duplicates of starttls and ssltls. They have been marked as deprecated. A
    warning will be logged when they are still used. Please use starttls instead
    for tls and ssltls instead of `ssl.

    #7345

  • Bugfix - Check school number for duplicates before adding a school: #7351

    We fixed an issue that allowed to create two schools with the same school number

    https://github.com/owncloud/enterprise/issues/6051
    #7351

  • Bugfix - Don't reload web config: #7369

    When requesting config.json file from the server, web service would reload the
    file if a path is set. This will remove config entries set via Envvar. Since we
    want to have the possiblity to set configuration from both sources we removed
    the reading from file. The file will still be loaded on service startup.

    #7369

  • Bugfix - Delete outdated userlog events: #7410

    Userlog will now delete events when the user has no longer access to the
    underlying resource

    #7410

  • Bugfix - Set the mountpoint on auto accept: #7460

    On shares auto accept set a mountpoint with same logic as ocs handler

    #7460

  • Bugfix - Fix default language fallback: #7465

    Add the default language for the webui, the settings, userlog and notification
    service.

    #7465

  • Bugfix - GetUserByClaim fixed for Active Directory: #7476

    The reva ldap backend for the users and groups service did not hex escape binary
    uuids in LDAP filter correctly this could cause problems in Active Directory
    setups for services using the GetUserByClaim CS3 request with claim "userid".

    #7469
    #7476

  • Bugfix - Fix preview request 500 error when made too early: #7502

    Fix the status code and message when a thumbnail request is made too early.

    #7502
    #7507

  • Bugfix - Fix 403 in docs pipeline: #7509

    Docs pipeline was not routed through our proxies which could lead to requests
    being blacklisted

    #7509
    #7511

  • Bugfix - Fix the auth service env variable: #7523

    We the auth service env variable to the service specific name. Before it was
    configurable via AUTH_MACHINE_JWT_SECRET and now is configurable via
    AUTH_SERVICE_JWT_SECRET.

    #7523

  • Bugfix - Token storage config fixed: #7528

    The token storage config in the config.json for web was missing when it was set
    to false.

    #7462
    #7528

  • Bugfix - Set existing mountpoint on auto accept: #7592

    When already having a share for a specific resource, auto accept would use
    custom mountpoints which lead to other errors. Now auto-accept is using the
    existing mountpoint of a share.

    #7592

  • Bugfix - Return 423 status code on tag create: #7596

    When a file is locked, return 423 status code instead 500 on tag create

    #7596

  • Bugfix - Fix libre-graph status codes: #7678

    Creating group: https://owncloud.dev/libre-graph-api/#/groups/CreateGroup
    changed: 200 -> 201

    Creating users: https://owncloud.dev/libre-graph-api/#/users/CreateUser changed:
    200 -> 201

    Export GDPR: https://owncloud.dev/libre-graph-api/#/user/ExportPersonalData
    changed: 201 -> 202

    #7678
    #7705

  • Bugfix - Fix unlock via space API: #7726

    We fixed a bug that caused Error 500 when user try to unlock file using fileid
    The handleSpaceUnlock has been added

    #7708
    #7726
    cs3org/reva#4338

  • Bugfix - Disable DEPTH infinity in PROPFIND: #7746

    We fixed the Disabled DEPTH infinity in PROPFIND for: Personal
    /remote.php/dav/files/admin Public link share
    /remote.php/dav/public-files/ Trashbin
    /remote.php/dav/spaces/trash-bin/

    #7359
    #7746
    cs3org/reva#4278

  • Bugfix - Fix the tgz mime type: #7772

    We have fixed a bug when the tgz mime type was not "application/gzip"

    #7744
    #7772

  • Bugfix - Fix natsjs cache: #7790

    The nats-js cache was not working. It paniced and wrote a lot of error logs.
    Both is fixed now.

    #7790

  • Bugfix - Fix search service start: #7795

    The search service would sometimes not start correctly because config values
    are overwritten by default configuration.

    #7795

  • Bugfix - Fix search response: #7815

    We fixed the search response code from 500 to 400 when the request is invalid

    #7812
    #7815

  • Bugfix - The race conditions in tests: #7847

    We fixed the race conditions in tests.

    #7846
    #7847

  • Bugfix - Do not purge expired upload sessions that are still postprocessing: #7859

    #7859
    #7958

  • Bugfix - Fix the public link update: #7862

    We fixed a bug when normal users can update the public link to delete its
    password if permission is not sent in data.

    #7821
    #7862

  • Bugfix - Fix jwt config of policies service: #7893

    Removes jwt config of policies service

    #7893

  • Bugfix - Updating logo with new theme structure: #7930

    Updating and resetting the logo when using the new theme.json structure in Web
    has been fixed.

    #7930

  • Bugfix - Password policy return code was wrong: #7952

    We fixed the status code on SharingNG update permissions for public shares.

    #7952

  • Bugfix - Removed outdated and unused dependency from idp package: #7957

    We've removed the outdated and apparently unused dependency cldr from the
    kpop dependency inside the idp web ui. This resolves a security issue around
    an oudated xmldom package version, originating from said kpop library.

    #7957
    #7988

  • Bugfix - Update permission validation: #7963

    We fixed a bug where the permission validation was not working correctly.

    #7963
    cs3org/reva#4405

  • Bugfix - Renaming a user to a string with capital letters: #7964

    We fixed the issue that led to correct update but the 404 response code when
    renaming an existing user to a string with capital letters.

    #7964

  • Bugfix - Improve OCM support: #7973

    We improved functionality of the OCM support.

    #7973

  • Bugfix - Permissions of a role with duplicate ID: #7976

    We remove the redundant permissions of a role with duplicate ID.

    #7931
    #7976

  • Bugfix - Non durable streams for sse service: #7986

    Configure sse streams to be non-durable. This functionality is not needed for
    the sse service

    #7986

  • Bugfix - Fix empty trace ids: #8023

    We changed the default tracing to produce non-empty traceids.

    #8023
    #8017

  • Bugfix - Fix search by containing special characters: #8050

    As the OData query parser interprets characters like '@' or '-' in a special
    way. Search request for users or groups needs to be quoted. We fixed the
    libregraph users and groups endpoints to handle quoted search terms correctly.

    #7990
    #8050
    #8035

  • Bugfix - Fix the upload postprocessing: #8117

    We fixed the upload postprocessing when the destination file does not exist
    anymore.

    #7909
    #8117

  • Bugfix - Disallow to delete a file during the processing: #8132

    We want to disallow deleting a file during the processing to prevent collecting
    the orphan uploads.

    #8127
    #8132
    cs3org/reva#4446

  • Bugfix - Fix wrong naming in nats-js-kv registry: #8140

    Registers the registry under the correct name

    #8140

  • Bugfix - IDP CS3 backend sessions now survive a restart: #8142

    We now correctly reinitialize the CS3 backend session after the IDP service has
    been restarted.

    #8142

  • Bugfix - Fix patching of language: #8182

    User would not be able to patch their preferred language when the ldap backend
    is set to read-only. This makes no sense as language is stored elsewhere.

    #8182

  • Bugfix - Fix search service to not log expected cases as errors: #8200

    We changed the search service to not log cases where resources that were about
    to be indexed can no longer be found. Those are expected cases, e.g. when the
    file in question has already been deleted or renamed meanwhile.

    #8200

  • Bugfix - Updating and reset logo failed: #8211

    We fixed a bug when admin tried to update or reset the logo.

    #8101
    #8211

  • Bugfix - Cleanup graph/pkg/service/v0/driveitems.go: #8228

    Main fix is using proto getters to avoid panics. But some other code
    improvements were also done

    #8228

  • Bugfix - Cleanup search/pkg/search/search.go: #8230

    Now uses proto getters to avoid panics.

    #8230

  • Bugfix - Graph/sharedWithMe works for shares from project spaces now: #8233

    We fixed a bug in the 'graph/v1beta1/me/drive/sharedWithMe' endpoint that caused
    an error response when the user received shares from project spaces.
    Additionally the endpoint now behaves more graceful in cases where the
    displayname of the owner or creator of a share or shared resource couldn't be
    resolved.

    #8027
    #8215
    #8233

  • Bugfix - Fix PATCH/DELETE status code for drives that don't support them: #8235

    Updating and Deleting the virtual drives for shares is currently not supported.
    Instead of returning a generic 500 status we return a 405 response now.

    #7881
    #8235

  • Bugfix - Fix nats authentication: #8236

    Fixes nats authentication for registry/events/stores

    #8236

  • Bugfix - Fix the resource name: #8246

    We fixed a problem where after renaming resource as sharer the receiver see a
    new name.

    #8242
    #8246
    cs3org/reva#4463

  • Bugfix - Apply role constraints when creating shares via the graph API: #8247

    We fixed a bug in the graph API for creating and updating shares so that
    Spaceroot specific roles like 'Manager' and 'Co-owner' can no longer be assigned
    for shares on files or directories.

    #8131
    #8247

  • Bugfix - Fix concurrent access to a map: #8269

    We fixed the race condition that led to concurrent map access in a publicshare
    manager.

    #8255
    #8269
    cs3org/reva#4472

  • Bugfix - Fix nats registry: #8281

    The nats registry would behave badly when configuring nats-js-kv via envvar.
    Reason is the way go-micro initializes. It took 5 developers to find the issue
    and the fix so the details cannot be shared here. Just accept that it is working
    now

    #8281

  • Bugfix - Remove invalid environment variables: #8303

    We have removed two spaces related environment variables (whether project spaces
    and the share jail are enabled) and hardcoded the only allowed options. Misusing
    those variables would have resulted in invalid config.

    #8303

  • Bugfix - Fix concurrent shares config: #8317

    We fixed setting the config for concurrent web requests, which did not work as
    expected before.

    #8317

  • Bugfix - Fix Content-Disposition header for downloads: #8381

    We have fixed a bug that caused downloads to fail on Chromebased browsers when
    the filename contained special characters.

    #8361
    #8381
    cs3org/reva#4498

  • Bugfix - Signed url verification: #8385

    Signed urls now expire properly

    #8385

  • Bugfix - Fix an error when move: #8396

    We fixed a bug that caused Internal Server Error when move using destination id

    #6739
    #8396
    cs3org/reva#4503

  • Bugfix - Fix extended env parser: #8409

    The extended envvar parser would be angry if there are two os.Getenv in the
    same line. We fixed this.

    #8409

  • Bugfix - Graph/drives/permission Expiration date update: #8413

    We fixed a bug in the Update sharing permission the expiration dates can't be
    removed from link permissions.

    #8405
    #8413

  • Bugfix - Fix search error message: #8444

    We fixed an error message returned when the search request is invalid

    #8442
    #8444

  • Bugfix - Graph/sharedWithMe align IDs with webdav response: #8467

    The IDs of the driveItems returned by the 'graph/v1beta1/me/drive/sharedWithMe'
    endpoint are now aligned with the IDs returned in the PROPFIND response of the
    webdav service.

    #8420
    #8080
    #8467

  • Bugfix - Fix an error when lock/unlock a public shared file: #8472

    We fixed a bug when anonymous user with viewer role in public link of a folder
    can lock/unlock a file inside it

    #7785
    #8472

  • Bugfix - Bump reva to pull in changes to fix recursive trashcan purge: #8505

    We have fixed a bug in the trashcan purge process that did not delete folder
    structures recursively.

    #8473
    #8505
    cs3org/reva#4533

  • Bugfix - Fix remove/update share permissions: #8529

    This is a workaround that should prevent removing or changing the share
    permissions when the file is locked. These limitations have to be removed after
    the wopi server will be able to unlock the file properly. These limitations are
    not spread on the files inside the shared folder.

    #8273
    #8529
    cs3org/reva#4534

  • Bugfix - Fix graph drive invite: #8538

    We fixed the issue when sharing of personal drive is allowed via graph

    #8494
    #8538

  • Bugfix - We now always select the next clients when autoaccepting shares: #8570

    #8570

  • Bugfix - Correct the default mapping of roles: #8639

    The default config for the OIDC role mapping was incorrect. Lightweight users
    are now assignable.

    #8639

  • Bugfix - Fix last month search: #31145

    We've fixed the last month search edge case when currently is 31-th.

    Https://github.com/owncloud/ocis/issues/7629
    #7742

    golang/go#31145
    The
    issue
    is
    related
    to
    the
    build-in
    package
    behavior

  • Change - Auto-Accept Shares: #7097

    Automatically accepts shares. This feature is active by default and can be
    deactivated via the environment variable FRONTEND_AUTO_ACCEPT_SHARES.

    #7097

  • Change - Change the default TUS chunk size: #7273

    We changed the default TUS chunk size from 100MB to 10MB. You can still use the
    old value by configuring it in your deployment.

    #7273

  • Change - Remove privacyURL and imprintURL from the config: #7938

    We've removed the option privacyURL and imprintURL from the config, since other
    clients weren't able to consume these. In order to be accessible by other
    clients, not just Web, those should be configured via the theme.json file.

    #7938

  • Change - Remove accessDeniedHelpUrl from the config: #7970

    We've removed the option accessDeniedHelpUrl from the config, since other
    clients weren't able to consume it. In order to be accessible by other clients,
    not just Web, it should be configured via the theme.json file.

    #7970

  • Change - Change the default store for presigned keys to nats-js-kv: #8419

    We wrapped the store service in a micro store implementation and changed the
    default to the built-in NATS instance.

    #8419

  • Change - Deprecate sharing cs3 backends: #8478

    The cs3 user and public sharing drivers have already been replaced by
    jsoncs3. We now mark them as deprecated in preparation to kill a lot of unused
    code in reva.

    #8478

  • Enhancement - Add the Banned Passwords List: #4197

    Added an option to enable a password check against a banned passwords list
    OCIS-3809

    cs3org/reva#4197
    #7314

  • Enhancement - Introduce service accounts: #6427

    Introduces service accounts to avoid impersonating users in async processes

    #5550
    #6427

  • Enhancement - SSE for messaging: #6992

    So far, sse has only been used to exchange messages between the server and the
    client. In order to be able to send more content to the client, we have moved
    the endpoint to a separate service and are now also using it for other
    notifications like:

    • notify postprocessing state changes.
    • notify file locking and unlocking.

    #6992

  • Enhancement - Support spec violating AD FS access token issuer: #7140

    AD FS /adfs/.well-known/openid-configuration has an optional
    access_token_issuer which, in violation of the OpenID Connect spec, takes
    precedence over issuer.

    #7140

  • Enhancement - Add OCIS_LDAP_BIND_PASSWORD as replacement for LDAP_BIND_PASSWORD: #7176

    The enviroment variable OCIS_LDAP_BIND_PASSWORD was added to be more
    consistent with all other global LDAP variables.

    LDAP_BIND_PASSWORD is deprecated now and scheduled for removal with the 5.0.0
    release.

    We also deprecated LDAP_USER_SCHEMA_ID_IS_OCTETSTRING for removal with 5.0.0.
    The replacement for it is OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING.

    #7176

  • Enhancement - Keyword Query Language (KQL) search syntax: #7212

    We've introduced support for
    KQL
    as the default oCIS search query language.

    Simple queries:

    • tag:golden tag:"silver"
    • name:file.txt name:"file.docx"
    • content:ahab content:"captain aha*"

    Date/-range queries

    • Mtime:"2023-09-05T08:42:11.23554+02:00"
    • Mtime>"2023-09-05T08:42:11.23554+02:00"
    • Mtime>="2023-09-05T08:42:11.23554+02:00"
    • Mtime<"2023-09-05T08:42:11.23554+02:00"
    • Mtime<="2023-09-05T08:42:11.23554+02:00"
    • Mtime:today - range: start of today till end of today
    • Mtime:yesterday - range: start of yesterday till end of yesterday
    • Mtime:"this week" - range: start of this week till end of this week
    • Mtime:"this month" - range: start of this month till end of this month
    • Mtime:"last month" - range: start of last month till end of last month
    • Mtime:"this year" - range: start of this year till end of this year
    • Mtime:"last year" - range: start of last year till end of last year

    Conjunctive normal form queries:

    • tag:golden AND tag:"silver, tag:golden OR tag:"silver, tag:golden NOT tag:"silver
    • (tag:book content:ahab*), tag:(book pdf)

    Complex queries:

    • (name:"moby di*" OR tag:bestseller) AND tag:book NOT tag:read

    #7042
    #7179
    #7114
    owncloud/web#9636
    owncloud/web#9646
    #7212
    #7043
    #7247
    #7248
    #7254
    #7262
    owncloud/web#9653
    owncloud/web#9672

  • Enhancement - Introduce clientlog service: #7217

    Add the clientlog service which will send machine readable notifications to
    clients

    #7217

  • Enhancement - Proxy uses service accounts for provisioning: #7240

    The proxy service now uses a service account for provsioning task, like role
    assignment and user auto-provisioning. This cleans up some technical debt that
    required us to mint reva tokes inside the proxy service.

    #5550
    #7240

  • Enhancement - The password policies change request: #7264

    The variables renaming OCIS-3767

    #7264

  • Enhancement - Introduce natsjs registry: #7272

    Introduce a registry based on the natsjs object store

    #7272
    #7487

  • Enhancement - Add the password policies: #7285

    Add the password policies OCIS-3767

    #7285
    #7194
    cs3org/reva#4147

  • Enhancement - Add login URL config: #7317

    Introduce a config to set the web login URL via WEB_OPTION_LOGIN_URL.

    #7317

  • Enhancement - Improve SSE format: #7325

    Improve format of sse notifications

    #7325

  • Enhancement - New value auto for NOTIFICATIONS_SMTP_AUTHENTICATION: #7356

    This cause the notifications service to automatically pick a suitable
    authentication method to use with the configured SMTP server. This is also the
    new default behavior. The previous default was to not use authentication at all.

    #7356

  • Enhancement - Make sse service scalable: #7382

    When running multiple sse instances some events would not be reported to the
    user. This is fixed.

    #7382

  • Enhancement - Edit wrong named enves: #7406

    Checked and changed the envvars specified in the task and also removed those
    that are no longer used.

    #7406

  • Enhancement - Thumbnail generation with image processors: #7409

    Thumbnails can now be changed during creation, previously the images were always
    scaled to fit the given frame, but it could happen that the images were cut off
    because they could not be placed better due to the aspect ratio.

    This pr introduces the possibility of specifying how the behavior should be,
    following processors are available

    • resize
    • fit
    • fill
    • thumbnail

    The processor can be applied by adding the processor query param to the request,
    e.g. processor=fit, processor=fill, ...

    To find out more how the individual processors work please read
    https://github.com/disintegration/imaging

    If no processor is provided it behaves the same as before (resize for gif's and
    thumbnail for all other)

    https://github.com/owncloud/enterprise/issues/6057
    #5179
    owncloud/web#7728
    #7409

  • Enhancement - Set default for Async Uploads to true: #7416

    Async Uploads are meanwhile standard and needed for multiple features. Hence we
    default them to true

    #7416

  • Enhancement - The default language added: #7417

    The ability of configuration the default language has been added to the setting
    service.

    https://github.com/owncloud/enterprise/issues/5915
    #7417

  • Enhancement - Add "Last modified" filter Chip: #7455

    Add "Last modified" filter Chip

    #7431
    #7551
    #7455

  • Enhancement - Config for disabling Web extensions: #7486

    A new config for disabling specific Web extensions via their id has been added.

    owncloud/web#8524
    #7486

  • Enhancement - Store and index metadata: #7490

    Audio metadata is now extracted and stored by the search service. It is
    available for driveItems in a folder listing using the Graph API.

    #7490

  • Enhancement - Add support for audio files to the thumbnails service: #7491

    The thumbnails service can now extract artwork from audio files (mp3, ogg, flac)
    and render it just like any other image.

    #7491

  • Enhancement - Implement sharing roles: #7524

    Implement libre graph sharing roles

    #7418
    #7524

  • Enhancement - Add new permission to delete public link password: #7538

    Users with this new permission can now delete passwords on read-only public
    links. The permission is added to the default roles "Admin" and "Space Admin".

    #7538
    #7538
    cs3org/reva#4270

  • Enhancement - Add config to enforce passwords on all public links: #7547

    We added the config OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD to enforce
    passwords on all public shares.

    #7539
    #7547

  • Enhancement - Tika content extraction cleanup for search: #7553

    So far it has not been possible to determine whether the content for search
    should be cleaned up of 'stop words' or not. Stop words are filling words like
    "I, you, have, am" etc and defined by the search engine.

    The behaviour can now be set with the newly introduced settings option
    SEARCH_EXTRACTOR_TIKA_CLEAN_STOP_WORDS=false which is enabled by default.

    In addition, the stop word cleanup is no longer as aggressive and now ignores
    numbers, urls, basically everything except the defined stop words.

    #6674
    #7553

  • Enhancement - Allow configuring storage registry with envvars: #7554

    Introduced new envvars to configure the storage registry in the gateway service

    #7554

  • Enhancement - Add search MediaType filter: #7602

    Add filter MediaType filter shortcuts to search for specific document types. For
    example, a search query mediatype:documents will search for files with the
    following mimetypes:

    Application/msword
    MimeType:application/vnd.openxmlformats-officedocument.wordprocessingml.document
    MimeType:application/vnd.oasis.opendocument.text MimeType:text/plain
    MimeType:text/markdown MimeType:application/rtf
    MimeType:application/vnd.apple.pages

    Besides the document shorthand, it also contains following:

    • file
    • folder
    • document
    • spreadsheet
    • presentation
    • pdf
    • image
    • video
    • audio
    • archive

    File

    Folder

    Document:

    Application/msword
    application/vnd.openxmlformats-officedocument.wordprocessingml.document
    application/vnd.oasis.opendocument.text text/plain text/markdown application/rtf
    application/vnd.apple.pages

    Spreadsheet:

    Application/vnd.ms-excel application/vnd.oasis.opendocument.spreadsheet text/csv
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
    application/vnd.oasis.opendocument.spreadsheet application/vnd.apple.numbers

    Presentations:

    Application/vnd.ms-powerpoint
    application/vnd.openxmlformats-officedocument.presentationml.presentation
    application/vnd.oasis.opendocument.presentation application/vnd.apple.keynote

    PDF

    Application/pdf

    Image:

    Image/*

    Video:

    Video/*

    Audio:

    Audio/*

    Archive (zip ...):

    Application/zip application/x-tar application/x-gzip application/x-7z-compressed
    application/x-rar-compressed application/x-bzip2 application/x-bzip
    application/x-tgz

    #7432
    #7602

  • Enhancement - Add Sharing NG endpoints: #7633

    We've added new sharing ng endpoints to the graph beta api. The following
    endpoints are added:

    • /v1beta1/me/drive/sharedByMe
    • /v1beta1/me/drive/sharedWithMe
    • /v1beta1/roleManagement/permissions/roleDefinitions
    • /v1beta1/roleManagement/permissions/roleDefinitions/{roleID}
    • /v1beta1/drives/{drive-id}/items/{item-id}/createLink (create a sharing link)

    #7436
    #6993
    #7633
    #7686
    #7684
    #7683
    #7239
    #7687
    #7751
    owncloud/libre-graph-api#112

  • Enhancement - Configs for Web embed mode: #7670

    New configs for the Web embed mode have been added:

    • enabled Defines if embed mode is enabled.
    • target Defines how Web is being integrated when running in embed mode.
    • messagesOrigin Defines a URL under which Web can be integrated via iFrame.
    • delegateAuthentication Defines whether Web should require authentication to be done by the parent application.
    • delegateAuthenticationOrigin Defines the host to validate the message event origin against when running Web in 'embed' mode.

    owncloud/web#9768
    #7670

  • Enhancement - Support login page background configuration: #7674

    Introduce a new environment variable IDP_LOGIN_BACKGROUND_URL that overrides
    the default background image of the IDP login page when present.

    #7674
    #7900

  • Enhancement - Add new permissions: #7700

    Adds new permissions to admin/spaceadmin/user roles - Favorites.List allows /
    denies the Favorites Listing Request - Favorites.Write is implemented to be
    enforced on marking/unmark files as favouritesShare - Shares.Write permission
    denies / allows sharing completely for a user on all share CUD requests. (User,
    Group)

    #7700

  • Enhancement - Add preferred language to user settings: #7720

    We have added the preferred language to the libre-graph api & added endpoints
    for that to ocis.

    #5455
    #7720
    owncloud/libre-graph-api#130

  • Enhancement - Add user filter startswith and contains: #7739

    We add two new filters to the user list endpoint. The startswith filter allows
    to filter users by the beginning of their name. The contains filter allows to
    filter users by a substring of their name.

    #5486
    #7739

  • Enhancement - Allow configuring additional routes: #7741

    Allows adding custom routes to the ocis proxy. This enables custom ocis
    extensions.

    #7741

  • Enhancement - Default link permission config: #7783

    A new config for default link permissions that is being announced via
    capabilities has been added. It defaults to 1 (= public link with viewer
    permissions).

    owncloud/web#9919
    #7783

  • Enhancement - Add banned password list to the default deployments: #7784

    We add banned password list to the default deployments

    #7724
    #7784

  • Enhancement - Update to go 1.21: #7794

    We updated to go 1.21.

    #7794

  • Enhancement - Add Sharing NG list permissions endpoint: #7805

    We've added a new sharing ng endpoint which lists all permissions for a given
    item.

    #6993
    #7805

  • Enhancement - Add user list requires filter config: #7866

    Introduce a config to require filters in order to list users in Web via
    WEB_OPTION_USER_LIST_REQUIRES_FILTER.

    #7866

  • Enhancement - Retry antivirus postprocessing step in case of problems: #7874

    The antivirus postprocessing step will now be retried for a configurable amount
    of times in case it can't get a result from clamav.

    #7874

  • Enhancement - Add validation to public share provider: #7877

    We changed the implementation of the public share provider in reva to do the
    validation on the CS3 Api side. This makes the implementation on the graph side
    smaller.

    #6993
    #7877

  • Enhancement - Graphs endpoint for mounting and unmounting shares: #7885

    Functionality for mounting (accepting) and unmounting (rejecting) received
    shares has been added to the graph API.

    #7885

  • Enhancement - Store and index metadata: #7886

    Location metadata is now extracted and stored by the search service. It is
    available for driveItems in a folder listing using the Graph API.

    #7886

  • Enhancement - Allow regular users to list other users: #7887

    Regular users can search for other users and groups. The following limitations
    apply:

    • Only search queries are allowed (using the $search=term query parameter)
    • The search term needs to have at least 3 characters
    • for user searches the result set only contains the attributes displayName, userType, mail and id
    • for group searches the result set only contains the attributes displayName, groupTypes and id

    #7782
    #7887

  • Enhancement - Add edit public share to sharing NG: #7908

    We added the ability to edit public shares to the sharing NG endpoints.

    #6993
    #7908

  • Enhancement - Add cli commands for trash-bin: #7917

    We added the list and restore commands to the trash-bin items to the CLI

    #7845
    #7917
    cs3org/reva#4392

  • Enhancement - Add validation update public share: #7978

    For Sharing NG, we needed validation in the implementing reva service to keep
    the client implementation simple.

    #7978

  • Enhancement - Allow inmemory nats-js-kv stores: #7979

    Adds envvars to keep nats-js-kv stores in memory and not persist them on disc.

    #7979

  • Enhancement - Disable the password policy: #7985

    We add the environment variable that allow to disable the password policy.

    #7916
    #7985
    cs3org/reva#4409

  • Enhancement - Use kv store in natsjs registry: #7987

    Replaces the nats object store with the nats kv store in the natsjs registry

    #7987

  • Enhancement - Allow authentication nats connections: #7989

    Allow events, store and registry implementation to pass username/password to the
    nats instance

    #7989

  • Enhancement - Add RED metrics to the metrics endpoint: #7994

    We added three new metrics to the metrics endpoint to support the RED method for
    monitoring microservices.

    • Request Rate: The number of requests per second. The total count of requests
      is available under ocis_proxy_requests_total. - Error Rate: The number of
      failed requests per second. The total count of failed requests is available
      under ocis_proxy_errors_total. - Duration: The amount of time each request
      takes. The duration of all requests is available under
      ocis_proxy_request_duration_seconds. This is a histogram metric, so it also
      provides information about the distribution of request durations.

    The metrics are available under the following paths: PROXY_DEBUG_ADDR/metrics
    in a prometheus compatible format and maybe secured by PROXY_DEBUG_TOKEN.

    #7994

  • Enhancement - Add ocm and sciencemesh services: #7998

    We added sciencemesh and ocm services to enable federation.

    #7998
    #7576
    #7464
    #7463

  • Enhancement - Make nats-js-kv the default registry: #8011

    The previously used default mdns is faulty. Deprecated it together with
    consul, nats and etcd implementations.

    #8011
    #8027

  • Enhancement - Service Account roles: #8051

    Use a hidden role for service accounts. It will not appear in ListRoles calls
    but internally handled by settings service

    #8051
    #8074

  • Enhancement - Update antivirus service: #8062

    We update the antivirus icap client library and optimize the antivirus scanning
    service. ANTIVIRUS_ICAP_TIMEOUT is now deprecated and
    ANTIVIRUS_ICAP_SCAN_TIMEOUT should be used instead.

    ANTIVIRUS_ICAP_SCAN_TIMEOUT supports human durations like 1s, 1m, 1h and
    1d.

    #6764
    #8062

  • Enhancement - Remove deprecated environment variables: #8149

    We have removed all deprecated environment variables that have been marked for
    removal for 5.0.0

    #8025
    #8149

  • Enhancement - Disable the password policy: #8152

    We reworked and moved disabling the password policy logic from the reva to the
    ocis.

    #7916
    #8152
    cs3org/reva#4453

  • Enhancement - Allow restarting multiple uploads with one command: #8287

    Allows to restart all commands in a specific state.

    #8287

  • Enhancement - Modify the concurrency default: #8309

    We have changed the default MaxConcurrency value from 100 to 5 to prevent too
    frequent gc runs on low memory systems. We have also bumped reva to pull in the
    related changes from there.

    #8257
    #8309
    cs3org/reva#4485

  • Enhancement - Improve ocis single binary start: #8320

    Removes waiting times when starting the single binary. Improves ocis single
    binary boot time from 8s to 2.5s

    #8320

  • Enhancement - Use environment variables in yaml config files: #8339

    We added the ability to use environment variables in yaml config files. This
    allows to use environment variables in the config files of the ocis services
    which will be replaced by the actual value of the environment variable at
    runtime.

    Example:

    web:
      http:
        addr: ${SOME_HTTP_ADDR}
    

    This makes it possible to use the same config file for different environments
    without the need to change the config file itself. This is especially useful
    when using docker-compose to run the ocis services. It is a common pattern to
    create an .env file which contains the environment variables for the
    docker-compose file. Now you can use the same .env file to configure the ocis
    services.

    #8339

  • Enhancement - Increment filenames on upload collisions in secret filedrops: #8340

    We have bumped reva to pull in the changes needed for automatically increment
    filenames on upload collisions in secret filedrops.

    #8291
    #8340

  • Enhancement - Allow sending multiple user ids in one sse event: #8379

    Sending multiple user ids in one sse event is now possible which reduces the
    number of sent events.

    #8379
    cs3org/reva#4501

  • Enhancement - Allow to skip service listing: #8408

    The ocis version cmd listed all services by default. This is not always
    intended, so we allow to skip the listing of the services by using the
    --skip-services flag.

    #8070
    #8408

  • Enhancement - Add a make step to validate the env var annotations: #8436

    We have added a make step make check-env-var-annotations to validate the
    environment variable annotations in to the environment variables.

    #8258
    #8436

  • Enhancement - Drop the unnecessary grants exists check when creating shares: #8502

    We have bumped reva to drop the unnecessary grants exists check when creating
    shares.

    #8502

  • Enhancement - Update to go 1.22: #8586

    We have updated go to version 1.22.

    #8586

  • Enhancement - Update web to v8.0.0: #8613

    Tags: web

    We updated ownCloud Web to v8.0.0. Please refer to the changelog (linked) for
    details on the web release.

    #8613
    https://github.com/owncloud/web/releases/tag/v8.0.0

  • Enhancement - Update web to v8.0.1: #8626

    Tags: web

    We updated ownCloud Web to v8.0.1. Please refer to the changelog (linked) for
    details on the web release.

    #8626
    https://github.com/owncloud/web/releases/tag/v8.0.1

  • Enhancement - Update reva to 2.19.2: #8638

    We update reva to the version 2.19.2

    We update reva to the version 2.19.1

    We update reva to the version 2.19.0

    Changelog for reva 2.18.0 (2023-12-22)

    The following sections list the changes in reva 2.18.0 relevant to reva users.
    The changes are ordered by importance.

    Changelog for reva 2.17.0 (2023-12-12)

    The following sections list the changes in reva 2.17.0 relevant to reva users.
    The changes are ordered by importance.

    #8638
    #8519
    #8502
    #8340
    #8381
    #8287
    #8278
    #8264
    #8100
    #8100
    #8038
    #8056
    #7949
    #7793
    #7978
    #7979
    #7963
    #7986
    #7721
    #7727
    #7752

Don't miss a new ocis release

NewReleases is sending notifications on new releases.