Table of Contents
- Changelog for 8.0.6
Changes in 8.0.6
Summary
- Security - Upgrade libvips to 8.18.4: #12596
- Security - Upgrade Go to 1.25.12: #12602
- Enhancement - Allow disabling the last sign-in timestamp update: #12522
Details
-
Security - Upgrade libvips to 8.18.4: #12596
Bumped libvips to 8.18.4 in all Docker images. The previous pin (8.18.3-r0) was
dropped from the Alpine edge/community repository, which broke the image build. -
Security - Upgrade Go to 1.25.12: #12602
Bumped the Go toolchain used to build the release binaries and Docker images
from 1.25.11 to 1.25.12. Go 1.25.11 is affected by CVE-2026-39822 (os.Root
symlink following allows directory traversal), which is fixed in 1.25.12 and was
blocking the release image security scan. -
Enhancement - Allow disabling the last sign-in timestamp update: #12522
The graph service maintains the 'oCLastSignInTimestamp' LDAP attribute of a user
on every sign-in (when the LDAP identity backend has write access). This can
cause a significant amount of LDAP write load, especially when the proxy's OIDC
userinfo cache has a short TTL and sign-in events are emitted frequently.A new setting 'OCIS_LDAP_UPDATE_LAST_SIGNIN_DATE' /
'GRAPH_LDAP_UPDATE_LAST_SIGNIN_DATE' (default 'true') allows disabling the
update of the last sign-in timestamp without having to disable all LDAP writes
('OCIS_LDAP_SERVER_WRITE_ENABLED') or the graph events consumer. When set to
'false' the graph service no longer listens for 'UserSignedIn' events and does
not write the 'oCLastSignInTimestamp' attribute.