5.0.5

Table of Contents

• Changelog for 5.0.5

Changes in 5.0.5

Summary

• Enhancement - Update web to v8.0.2: #9153

Details

• Enhancement - Update web to v8.0.2: #9153

  Tags: web

  We updated ownCloud Web to v8.0.2. Please refer to the changelog (linked) for
  details on the web release.

  • Bugfix owncloud/web#10515: Folder replace
  • Bugfix owncloud/web#10598: Hidden right sidebar on small screens
  • Bugfix owncloud/web#10634: Scope loss when showing search results
  • Bugfix owncloud/web#10657: Theme loading without matching theme
  • Bugfix owncloud/web#10763: Flickering loading indicator
  • Bugfix owncloud/web#10810: Download files with special chars in name
  • Bugfix owncloud/web#10881: IDP logout issues

  #9153
  https://github.com/owncloud/web/releases/tag/v8.0.2

5.0.4

Table of Contents

• Changelog for 5.0.4

Changes in 5.0.4

Summary

• Bugfix - Update reva to v2.19.7: #9011
• Bugfix - Service startup of WOPI example: #9127
• Bugfix - Nats reconnects: #9139

Details

• Bugfix - Update reva to v2.19.7: #9011

  We updated reva to v2.19.7

  • Enhancement cs3org/reva#4673: Add virus filter to list uploads sessions

  #9011

• Bugfix - Service startup of WOPI example: #9127

  We fixed a bug in the service startup of the appprovider-onlyoffice in the
  ocis_wopi deployment example.

  #9127

• Bugfix - Nats reconnects: #9139

  We fixed the reconnect handling of the natjs kv registry.

  #9139
  #8880

5.0.4-rc.1

Changes in 5.0.4

Summary

• Bugfix - Update reva to v2.19.7: #9011
• Bugfix - Service startup of WOPI example: #9127
• Bugfix - Nats reconnects: #9139

Details

• Bugfix - Update reva to v2.19.7: #9011

  We updated reva to v2.19.7

  • Enhancement cs3org/reva#4673: Add virus filter to list uploads sessions

  #9011

• Bugfix - Service startup of WOPI example: #9127

  We fixed a bug in the service startup of the appprovider-onlyoffice in the
  ocis_wopi deployment example.

  #9127

• Bugfix - Nats reconnects: #9139

  We fixed the reconnect handling of the natjs kv registry.

  #9139
  #8880

5.0.3

Changes in 5.0.3

Summary

• Bugfix - Update the admin user role assignment to enforce the config: #8918
• Bugfix - Crash when processing crafted TIFF files: #8981
• Bugfix - Update reva to v2.19.5: #9011
• Bugfix - Fix infected file handling: #9011

Details

• Bugfix - Update the admin user role assignment to enforce the config: #8918

  The admin user role assigment was not updated after the first assignment. We now
  read the assigned role during init and update the admin user ID accordingly if
  the role is not assigned. This is especially needed when the OCIS_ADMIN_USER_ID
  is set after the autoprovisioning of the admin user when it originates from an
  external Identity Provider.

  #8918
  #8897

• Bugfix - Crash when processing crafted TIFF files: #8981

  Fix for a vulnerability with low severity in disintegration/imaging.

  #8981
  GHSA-q7pp-wcgr-pffx

• Bugfix - Update reva to v2.19.5: #9011

  We updated reva to v2.19.5

  • Bugfix cs3org/reva#4654: Write blob based on session id
  • Bugfix cs3org/reva#4666: Fix uploading via a public link
  • Bugfix cs3org/reva#4665: Fix creating documents in nested folders of public shares
  • Enhancement cs3org/reva#4655: Bump mockery to v2.40.2
  • Enhancement cs3org/reva#4664: Add ScanData to Uploadsession

  #9011

• Bugfix - Fix infected file handling: #9011

  Reworks virus handling. Shows scandate and outcome on ocis storage-users uploads
  sessions. Avoids retrying infected files on ocis postprocessing restart.

  #9011

5.0.2

Table of Contents

• Changelog for 5.0.2

Changes in 5.0.2

Summary

• Bugfix - Fix creating new WOPI documents on public shares: #8828
• Bugfix - Update reva to v2.19.5: #8873

Details

• Bugfix - Fix creating new WOPI documents on public shares: #8828

  Creating a new Office document in a publicly shared folder is now possible.

  #8691
  #8828

• Bugfix - Update reva to v2.19.5: #8873

  We updated reva to v2.19.5

  • Bugfix cs3org/reva#4626: Fix public share update
  • Bugfix cs3org/reva#4634: Fix access to files withing a public link targeting a space root

  #8873

5.0.2-rc.1

Changes in 5.0.2-rc.1

Summary

• Bugfix - Fix creating new WOPI documents on public shares: #8828
• Bugfix - Update reva to v2.19.5: #8873

Details

• Bugfix - Fix creating new WOPI documents on public shares: #8828

  Creating a new Office document in a publicly shared folder is now possible.

  #8691
  #8828

• Bugfix - Update reva to v2.19.5: #8873

  We updated reva to v2.19.5

  • Bugfix cs3org/reva#4626: Fix public share update
  • Bugfix cs3org/reva#4634: Fix access to files withing a public link targeting a space root

  #8873

5.0.1

Changes in 5.0.1

Summary

• Bugfix - Update reva to v2.19.4: #8781
• Bugfix - Fix restarting of postprocessing: #8782
• Bugfix - Fix the create personal space cache: #8799
• Bugfix - Make IDP cookies same site strict: #8716

Details

• Bugfix - Update reva to v2.19.4: #8781

  We updated reva to v2.19.4

  • Bugfix cs3org/reva#4612: Use gateway selector in jsoncs3 to scale the service

  Https://github.com/owncloud/ocis/pull/8787

  We updated reva to v2.19.3

  • Bugfixcs3org/reva#4607: Mask user email in output

  #8781

• Bugfix - Fix restarting of postprocessing: #8782

  When an upload is not found, the logic to restart postprocessing was bunked.
  Additionally we extended the upload sessions command to be able to restart the
  uploads without using a second command.

  NOTE: This also includes a breaking fix for the deprecated ocis storage-users uploads list command

  #8782

• Bugfix - Fix the create personal space cache: #8799

  We fixed a problem with the config for the create personal space cache which
  resulted in the cache never being used.

  #8799

• Enhancement - Make IDP cookies same site strict: #8716

  To enhance the security of our application and prevent Cross-Site Request
  Forgery (CSRF) attacks, we have updated the SameSite attribute of the build in
  Identity Provider (IDP) cookies to Strict.

  This change restricts the browser from sending these cookies with any cross-site
  requests, thereby limiting the exposure of the user's session to potential
  threats.

  This update does not impact the existing functionality of the application but
  provides an additional layer of security where needed.

  This only affects cookies set by the built-in IDP. Production systems should not be affected.

  #8716

4.0.7

Changes in 4.0.7

Summary

• Bugfix - Update reva to include bugfixes and improvements: #8718
• Enhancement - Update to go 1.22: #8597

Details

• Bugfix - Update reva to include bugfixes and improvements: #8718

  Changelog for reva 2.13.4

  • Bugfix cs3org/reva#4398: Fix ceph build
  • Bugfix cs3org/reva#4396: Allow an empty credentials chain in the auth middleware
  • Bugfix cs3org/reva#4423: Fix disconnected traces
  • Bugfix cs3org/reva#4590: Fix uploading via a public link
  • Bugfix cs3org/reva#4470: Keep failed processing status
  • Enhancement cs3org/reva#4397: Introduce UploadSessionLister interface

  #8718

• Enhancement - Update to go 1.22: #8597

  We have updated go to version 1.22.

  #8597

5.0.0

Changes in 5.0.0

Summary

• Bugfix - Fix wrong compile date: #6132
• Bugfix - Fix the kql-bleve search: #7290
• Bugfix - Bring back the USERS_LDAP_USER_SCHEMA_ID variable: #7312
• Bugfix - Do not reset state of received shares when rebuilding the jsoncs3 index: #7319
• Bugfix - Deprecate redundant encryptions settings for notification service: #7345
• Bugfix - Check school number for duplicates before adding a school: #7351
• Bugfix - Don't reload web config: #7369
• Bugfix - Delete outdated userlog events: #7410
• Bugfix - Set the mountpoint on auto accept: #7460
• Bugfix - Fix default language fallback: #7465
• Bugfix - GetUserByClaim fixed for Active Directory: #7476
• Bugfix - Fix preview request 500 error when made too early: #7502
• Bugfix - Fix 403 in docs pipeline: #7509
• Bugfix - Fix the auth service env variable: #7523
• Bugfix - Token storage config fixed: #7528
• Bugfix - Set existing mountpoint on auto accept: #7592
• Bugfix - Return 423 status code on tag create: #7596
• Bugfix - Fix libre-graph status codes: #7678
• Bugfix - Fix unlock via space API: #7726
• Bugfix - Disable DEPTH infinity in PROPFIND: #7746
• Bugfix - Fix the tgz mime type: #7772
• Bugfix - Fix natsjs cache: #7790
• Bugfix - Fix search service start: #7795
• Bugfix - Fix search response: #7815
• Bugfix - The race conditions in tests: #7847
• Bugfix - Do not purge expired upload sessions that are still postprocessing: #7859
• Bugfix - Fix the public link update: #7862
• Bugfix - Fix jwt config of policies service: #7893
• Bugfix - Updating logo with new theme structure: #7930
• Bugfix - Password policy return code was wrong: #7952
• Bugfix - Removed outdated and unused dependency from idp package: #7957
• Bugfix - Update permission validation: #7963
• Bugfix - Renaming a user to a string with capital letters: #7964
• Bugfix - Improve OCM support: #7973
• Bugfix - Permissions of a role with duplicate ID: #7976
• Bugfix - Non durable streams for sse service: #7986
• Bugfix - Fix empty trace ids: #8023
• Bugfix - Fix search by containing special characters: #8050
• Bugfix - Fix the upload postprocessing: #8117
• Bugfix - Disallow to delete a file during the processing: #8132
• Bugfix - Fix wrong naming in nats-js-kv registry: #8140
• Bugfix - IDP CS3 backend sessions now survive a restart: #8142
• Bugfix - Fix patching of language: #8182
• Bugfix - Fix search service to not log expected cases as errors: #8200
• Bugfix - Updating and reset logo failed: #8211
• Bugfix - Cleanup graph/pkg/service/v0/driveitems.go: #8228
• Bugfix - Cleanup search/pkg/search/search.go: #8230
• Bugfix - Graph/sharedWithMe works for shares from project spaces now: #8233
• Bugfix - Fix PATCH/DELETE status code for drives that don't support them: #8235
• Bugfix - Fix nats authentication: #8236
• Bugfix - Fix the resource name: #8246
• Bugfix - Apply role constraints when creating shares via the graph API: #8247
• Bugfix - Fix concurrent access to a map: #8269
• Bugfix - Fix nats registry: #8281
• Bugfix - Remove invalid environment variables: #8303
• Bugfix - Fix concurrent shares config: #8317
• Bugfix - Fix Content-Disposition header for downloads: #8381
• Bugfix - Signed url verification: #8385
• Bugfix - Fix an error when move: #8396
• Bugfix - Fix extended env parser: #8409
• Bugfix - Graph/drives/permission Expiration date update: #8413
• Bugfix - Fix search error message: #8444
• Bugfix - Graph/sharedWithMe align IDs with webdav response: #8467
• Bugfix - Fix an error when lock/unlock a public shared file: #8472
• Bugfix - Bump reva to pull in changes to fix recursive trashcan purge: #8505
• Bugfix - Fix remove/update share permissions: #8529
• Bugfix - Fix graph drive invite: #8538
• Bugfix - We now always select the next clients when autoaccepting shares: #8570
• Bugfix - Correct the default mapping of roles: #8639
• Bugfix - Disable Multipart uploads: #8667
• Bugfix - Fix last month search: #31145
• Change - Auto-Accept Shares: #7097
• Change - Change the default TUS chunk size: #7273
• Change - Remove privacyURL and imprintURL from the config: #7938
• Change - Remove accessDeniedHelpUrl from the config: #7970
• Change - Change the default store for presigned keys to nats-js-kv: #8419
• Change - Deprecate sharing cs3 backends: #8478
• Enhancement - Add the Banned Passwords List: #4197
• Enhancement - Introduce service accounts: #6427
• Enhancement - SSE for messaging: #6992
• Enhancement - Support spec violating AD FS access token issuer: #7140
• Enhancement - Add OCIS_LDAP_BIND_PASSWORD as replacement for LDAP_BIND_PASSWORD: #7176
• Enhancement - Keyword Query Language (KQL) search syntax: #7212
• Enhancement - Introduce clientlog service: #7217
• Enhancement - Proxy uses service accounts for provisioning: #7240
• Enhancement - The password policies change request: #7264
• Enhancement - Introduce natsjs registry: #7272
• Enhancement - Add the password policies: #7285
• Enhancement - Add login URL config: #7317
• Enhancement - Improve SSE format: #7325
• Enhancement - New value auto for NOTIFICATIONS_SMTP_AUTHENTICATION: #7356
• Enhancement - Make sse service scalable: #7382
• Enhancement - Edit wrong named enves: #7406
• Enhancement - Thumbnail generation with image processors: #7409
• Enhancement - Set default for Async Uploads to true: #7416
• Enhancement - The default language added: #7417
• Enhancement - Add "Last modified" filter Chip: [#7455](https://github.com/owncloud/ocis/pul...

5.0.0-rc.6

Incremental changes since 5.0.0-rc.5

oCIS

• Bugfix - Fix an error when lock/unlock a public shared file: #8472
• Bugfix - Fix remove/update share permissions: #8529
• Bugfix - Fix graph drive invite: #8538
• Bugfix - We now always select the next clients when autoaccepting shares: #8570
• Bugfix - Correct the default mapping of roles: #8639
• Change - Change the default store for presigned keys to nats-js-kv: #8419
• Enhancement - Graphs endpoint for mounting and unmounting shares: #7885
• Enhancement - Update to go 1.22: #8586

Reva

• Bugfix cs3org/reva#4557: Fix ceph build
• Bugfix cs3org/reva#4570: Fix sharing invite on virtual drive
• Bugfix cs3org/reva#4559: Fix graph drive invite
• Bugfix cs3org/reva#4518: Fix an error when lock/unlock a file
• Bugfix cs3org/reva#4566: Fix public link previews
• Bugfix cs3org/reva#4561: Fix Stat() by Path on re-created resource
• Bugfix cs3org/reva#4534: Fix remove/update share permissions
• Bugfix cs3org/reva#4539: Fix a typo
• Enhancement cs3org/reva#4556: Allow tracing requests by giving util functions a context
• Enhancement cs3org/reva#4545: Extend service account permissions
• Enhancement cs3org/reva#4564: Send file locked/unlocked events

Web

• Bugfix owncloud/web#10573: Add link in right sidebar sharing menu, doesn't copy link to clipboard
• Bugfix owncloud/web#10576: WebDav Url in right sidebar is missing dav in path
• Bugfix owncloud/web#10585: Update translations
• Bugfix owncloud/web#10514: Indicate shares that are not manageable due to file locking

All Changes in 5.0.0-rc.6

Summary

• Bugfix - Fix wrong compile date: #6132
• Bugfix - Fix the kql-bleve search: #7290
• Bugfix - Bring back the USERS_LDAP_USER_SCHEMA_ID variable: #7312
• Bugfix - Do not reset state of received shares when rebuilding the jsoncs3 index: #7319
• Bugfix - Deprecate redundant encryptions settings for notification service: #7345
• Bugfix - Check school number for duplicates before adding a school: #7351
• Bugfix - Don't reload web config: #7369
• Bugfix - Delete outdated userlog events: #7410
• Bugfix - Set the mountpoint on auto accept: #7460
• Bugfix - Fix default language fallback: #7465
• Bugfix - GetUserByClaim fixed for Active Directory: #7476
• Bugfix - Fix preview request 500 error when made too early: #7502
• Bugfix - Fix 403 in docs pipeline: #7509
• Bugfix - Fix the auth service env variable: #7523
• Bugfix - Token storage config fixed: #7528
• Bugfix - Set existing mountpoint on auto accept: #7592
• Bugfix - Return 423 status code on tag create: #7596
• Bugfix - Fix libre-graph status codes: #7678
• Bugfix - Fix unlock via space API: #7726
• Bugfix - Disable DEPTH infinity in PROPFIND: #7746
• Bugfix - Fix the tgz mime type: #7772
• Bugfix - Fix natsjs cache: #7790
• Bugfix - Fix search service start: #7795
• Bugfix - Fix search response: #7815
• Bugfix - The race conditions in tests: #7847
• Bugfix - Do not purge expired upload sessions that are still postprocessing: #7859
• Bugfix - Fix the public link update: #7862
• Bugfix - Fix jwt config of policies service: #7893
• Bugfix - Updating logo with new theme structure: #7930
• Bugfix - Password policy return code was wrong: #7952
• Bugfix - Removed outdated and unused dependency from idp package: #7957
• Bugfix - Update permission validation: #7963
• Bugfix - Renaming a user to a string with capital letters: #7964
• Bugfix - Improve OCM support: #7973
• Bugfix - Permissions of a role with duplicate ID: #7976
• Bugfix - Non durable streams for sse service: #7986
• Bugfix - Fix empty trace ids: #8023
• Bugfix - Fix search by containing special characters: #8050
• Bugfix - Fix the upload postprocessing: #8117
• Bugfix - Disallow to delete a file during the processing: #8132
• Bugfix - Fix wrong naming in nats-js-kv registry: #8140
• Bugfix - IDP CS3 backend sessions now survive a restart: #8142
• Bugfix - Fix patching of language: #8182
• Bugfix - Fix search service to not log expected cases as errors: #8200
• Bugfix - Updating and reset logo failed: #8211
• Bugfix - Cleanup graph/pkg/service/v0/driveitems.go: #8228
• Bugfix - Cleanup search/pkg/search/search.go: #8230
• Bugfix - Graph/sharedWithMe works for shares from project spaces now: #8233
• Bugfix - Fix PATCH/DELETE status code for drives that don't support them: #8235
• Bugfix - Fix nats authentication: #8236
• Bugfix - Fix the resource name: #8246
• Bugfix - Apply role constraints when creating shares via the graph API: #8247
• Bugfix - Fix concurrent access to a map: #8269
• Bugfix - Fix nats registry: #8281
• Bugfix - Remove invalid environment variables: #8303
• Bugfix - Fix concurrent shares config: #8317
• Bugfix - Fix Content-Disposition header for downloads: #8381
• Bugfix - Signed url verification: #8385
• Bugfix - Fix an error when move: #8396
• Bugfix - Fix extended env parser: #8409
• Bugfix - Graph/drives/permission Expiration date update: #8413
• Bugfix - Fix search error message: #8444
• Bugfix - Graph/sharedWithMe align IDs with webdav response: #8467
• Bugfix - Fix an error when lock/unlock a public shared file: #8472
• Bugfix - Bump reva to pull in changes to fix recursive trashcan purge: #8505
• Bugfix - Fix remove/update share permissions: #8529
• Bugfix - Fix graph drive invite: #8538
• Bugfix - We now always select the next clients when autoaccepting shares: #8570
• Bugfix - Correct the default mapping of roles: #8639
• Bugfix - Fix last month search: #31145
• Change - Auto-Accept Shares: #7097
• Change - Change the default TUS chunk size: [#7273](https:/...