Skip to content

6.0.0

Compare
Choose a tag to compare
@ownclouders ownclouders released this 19 Jun 20:32
· 2660 commits to master since this release
v6.0.0
2ff3748

Changes in 6.0.0

Important

This is a Rolling Release
Please check the documentation about the scope of this release.

Summary

  • Bugfix - Fix an error when lock/unlock a public shared file: #8472
  • Bugfix - Fix the docker-compose wopi: #8483
  • Bugfix - Fix remove/update share permissions: #8529
  • Bugfix - Correct the default mapping of roles: #8534
  • Bugfix - Fix graph drive invite: #8538
  • Bugfix - Fix the mount points naming: #8543
  • Bugfix - We now always select the next clients when autoaccepting shares: #8570
  • Bugfix - Always select next before making calls: #8578
  • Bugfix - Fix sharing invite on virtual drive: #8609
  • Bugfix - Prevent copying a file to a parent folder: #8649
  • Bugfix - Disable Multipart uploads: #8666
  • Bugfix - Internal links shouldn't have a password: #8668
  • Bugfix - Fix uploading via a public link: #8702
  • Bugfix - Mask user email in output: #8726
  • Bugfix - Fix restarting of postprocessing: #8782
  • Bugfix - Fix the create personal space cache: #8799
  • Bugfix - Fix removing groups from space: #8803
  • Bugfix - Validate conditions for sharing roles by resource type: #8815
  • Bugfix - Fix creating the drive item: #8817
  • Bugfix - Fix unmount item from share: #8827
  • Bugfix - Fix creating new WOPI documents on public shares: #8828
  • Bugfix - Nats reconnects: #8880
  • Bugfix - Update the admin user role assignment to enforce the config: #8897
  • Bugfix - Fix affected users on sses: #8928
  • Bugfix - Fix well-known rewrite endpoint: #8946
  • Bugfix - Crash when processing crafted TIFF files: #8981
  • Bugfix - Fix collaboration registry setting: #9105
  • Bugfix - Service startup of WOPI example: #9127
  • Bugfix - Fix the status code for multiple mount and unmount share: #9193
  • Bugfix - Don't show thumbnails for secureview shares: #9299
  • Bugfix - Fix share update: #9301
  • Bugfix - Fix the error translation from utils: #9331
  • Bugfix - Fix the settings metedata tests: #9341
  • Bugfix - The hidden shares have been excluded from a search result: #9371
  • Bugfix - Encode Registry Keys: #9385
  • Change - Change the default store for presigned keys to nats-js-kv: #8419
  • Change - Disable resharing by default for deprecation: #8653
  • Change - The filesystem backend for the settings service has been removed: #9138
  • Change - Define maximum input image dimensions and size when generating previews: #9360
  • Enhancement - Introduce staticroutes package & remove well-known OIDC middleware: #6095
  • Enhancement - Graphs endpoint for mounting and unmounting shares: #7885
  • Enhancement - Add epub reader to web default apps: #8410
  • Enhancement - Change Cors default settings: #8518
  • Enhancement - Custom WEB App Loading: #8523
  • Enhancement - Update to go 1.22: #8586
  • Enhancement - Send more sse events: #8587
  • Enhancement - Send SSE when file is locked/unlocked: #8602
  • Enhancement - Add the spaceID to sse: #8614
  • Enhancement - The graph endpoints for listing permission works for spaces now: #8642
  • Enhancement - Bump keycloak: #8687
  • Enhancement - Make IDP cookies same site strict: #8716
  • Enhancement - Make server side space templates production ready: #8723
  • Enhancement - Sharing NG role names and descriptions: #8743
  • Enhancement - Ability to Change Share Item Visibility in Graph API: #8750
  • Enhancement - Enable web extension drawio by default: #8760
  • Enhancement - Remove resharing: #8762
  • Enhancement - Add CSP and other security related headers to oCIS: #8777
  • Enhancement - Add FileTouched SSE Event: #8778
  • Enhancement - Prepare runners to start the services: #8802
  • Enhancement - Sharing SSEs: #8854
  • Enhancement - Secure viewer share role: #8907
  • Enhancement - Add Link SSEs: #8908
  • Enhancement - ShareeIDs in SSEs: #8915
  • Enhancement - Allow to resolve public shares without the ocs tokeninfo endpoint: #8926
  • Enhancement - Initiator-IDs: #8936
  • Enhancement - Add endpoint for getting drive items: #8939
  • Enhancement - Improve infected file handling: #8947
  • Enhancement - Configurable claims for auto-provisioning user accounts: #8952
  • Enhancement - Bump nats-js-kv pkg: #8953
  • Enhancement - Graph permission created date time: #8954
  • Enhancement - Add virus filter to sessions command: #9041
  • Enhancement - Assimilate clean into sessions command: #9041
  • Enhancement - Add remote item id to WebDAV report responses: #9094
  • Enhancement - Theme Processing and Logo Customization: #9133
  • Enhancement - Add watermark text: #9144
  • Enhancement - Update selected attributes of autoprovisioned users: #9166
  • Enhancement - Limit concurrent thumbnail requests: #9199
  • Enhancement - The storage-users doc updated: #9228
  • Enhancement - Docker compose example for ClamAV: #9229
  • Enhancement - Add command to check ocis backup consistency: #9238
  • Enhancement - Web server compression: #9287
  • Enhancement - Add secureview flag when listing apps via http: #9289
  • Enhancement - Activitylog Service: #9327
  • Enhancement - Update web to v9.0.0-alpha.7: #9395
  • Enhancement - Bump Reva to v2.20.0: #9415

Details

  • Bugfix - Fix an error when lock/unlock a public shared file: #8472

    We fixed a bug when anonymous user with viewer role in public link of a folder
    can lock/unlock a file inside it

    #7785
    #8472

  • Bugfix - Fix the docker-compose wopi: #8483

    We fixed an issue when Collabora is not available time by time after running the
    docker-compose wopi deployment

    #8474
    #8483

  • Bugfix - Fix remove/update share permissions: #8529

    This is a workaround that should prevent removing or changing the share
    permissions when the file is locked. These limitations have to be removed after
    the wopi server will be able to unlock the file properly. These limitations are
    not spread on the files inside the shared folder.

    #8273
    #8529
    cs3org/reva#4534

  • Bugfix - Correct the default mapping of roles: #8534

    The default config for the OIDC role mapping was incorrect. Lightweight users
    are now assignable.

    #8534

  • Bugfix - Fix graph drive invite: #8538

    We fixed the issue when sharing of personal drive is allowed via graph

    #8494
    #8538

  • Bugfix - Fix the mount points naming: #8543

    We fixed a bug that caused inconsistent naming when multiple users share the
    resource with same name to another user.

    #8471
    #8543

  • Bugfix - We now always select the next clients when autoaccepting shares: #8570

    #8570

  • Bugfix - Always select next before making calls: #8578

    We now select the next client more often to spread out load

    #8578

  • Bugfix - Fix sharing invite on virtual drive: #8609

    We fixed the issue when sharing of virtual drive with other users was allowed

    #8495
    https://github.com/owncloud/ocis/pull/8609

  • Bugfix - Prevent copying a file to a parent folder: #8649

    When copying a file to a parent folder, the file would be copied to the parent
    folder, but the file would not be removed from the original folder.

    #1230
    #8649
    cs3org/reva#4571
    %60

  • Bugfix - Disable Multipart uploads: #8666

    Disables multiparts uploads as they lead to high memory consumption

    #8666

  • Bugfix - Internal links shouldn't have a password: #8668

    Internal links shouldn't have a password when create/update

    #8619
    #8668

  • Bugfix - Fix uploading via a public link: #8702

    Fix http error when uploading via a public link

    #8699
    #8702

  • Bugfix - Mask user email in output: #8726

    We have fixed a bug where the user email was not masked in the output and the
    user emails could be enumerated through the sharee search. This is the ocis side
    which adds an suiting config option to mask user emails in the output.

    #8726
    cs3org/reva#4603
    #8764

  • Bugfix - Fix restarting of postprocessing: #8782

    When an upload is not found, the logic to restart postprocessing was bunked.
    Additionally we extended the upload sessions command to be able to restart the
    uploads without using a second command.

    NOTE: This also includes a breaking fix for the deprecated ocis storage-users uploads list command

    #8782

  • Bugfix - Fix the create personal space cache: #8799

    We fixed a problem with the config for the create personal space cache which
    resulted in the cache never being used.

    #8799

  • Bugfix - Fix removing groups from space: #8803

    We fixed a bug when unable to remove groups from space via graph

    #8768
    #8803

  • Bugfix - Validate conditions for sharing roles by resource type: #8815

    We improved the validation of the allowed sharing roles for specific resource
    type for various sharing related graph API endpoints. This allows e.g. the web
    client to restrict the sharing roles presented to the user based on the type of
    the resource that is being shared.

    #8331
    #8815

  • Bugfix - Fix creating the drive item: #8817

    We fixed the issue when creating a drive item with random item id was allowed

    #8724
    #8817

  • Bugfix - Fix unmount item from share: #8827

    We fixed the status code returned for the request to delete a driveitem.

    #8731
    #8827

  • Bugfix - Fix creating new WOPI documents on public shares: #8828

    Creating a new Office document in a publicly shared folder is now possible.

    #8691
    #8828

  • Bugfix - Nats reconnects: #8880

    We fixed the reconnect handling of the natjs kv registry.

    #8880

  • Bugfix - Update the admin user role assignment to enforce the config: #8897

    The admin user role assigment was not updated after the first assignment. We now
    read the assigned role during init and update the admin user ID accordingly if
    the role is not assigned. This is especially needed when the OCIS_ADMIN_USER_ID
    is set after the autoprovisioning of the admin user when it originates from an
    external Identity Provider.

    #8897

  • Bugfix - Fix affected users on sses: #8928

    The AffectedUsers field of sses now only reports affected users.

    #8928

  • Bugfix - Fix well-known rewrite endpoint: #8946

    #8703
    #8946

  • Bugfix - Crash when processing crafted TIFF files: #8981

    Fix for a vulnerability with low severity in disintegration/imaging.

    #8981
    GHSA-q7pp-wcgr-pffx

  • Bugfix - Fix collaboration registry setting: #9105

    Fixed the collaboration service GRPC namespace

    #9105

  • Bugfix - Service startup of WOPI example: #9127

    We fixed a bug in the service startup of the appprovider-onlyoffice in the
    ocis_wopi deployment example.

    #9127

  • Bugfix - Fix the status code for multiple mount and unmount share: #9193

    We fixed the status code for multiple mount and unmount share.

    #8876
    #9193

  • Bugfix - Don't show thumbnails for secureview shares: #9299

    We have fixed a bug where thumbnails were shown for secureview shares.

    #9249
    #9299

  • Bugfix - Fix share update: #9301

    We fixed the response code when the role/permission is empty on the share update

    #8747
    #9301

  • Bugfix - Fix the error translation from utils: #9331

    We've fixed the error translation from the statusCodeError type to CS3 Status
    because the FromCS3Status function converts a CS3 status code into a
    corresponding local Error representation.

    #9151
    #9331

  • Bugfix - Fix the settings metedata tests: #9341

    We fix the settings metedata tests that had the data race

    #9372
    #9341

  • Bugfix - The hidden shares have been excluded from a search result: #9371

    The hidden shares have been excluded from a search result.

    #7383
    #9371

  • Bugfix - Encode Registry Keys: #9385

    Encode the keys of the natsjskv registry as they have always been.

    #9385

  • Change - Change the default store for presigned keys to nats-js-kv: #8419

    We wrapped the store service in a micro store implementation and changed the
    default to the built-in NATS instance.

    #8419

  • Change - Disable resharing by default for deprecation: #8653

    We disabled the resharing feature by default. This feature will be removed from
    the product in the next major release. The resharing feature is not recommended
    for use and should be disabled. Existing reshares will continue to work.

    #8653

  • Change - The filesystem backend for the settings service has been removed: #9138

    The only remaining backend for the settings service is metadata, which has
    been the default backend since ocis 2.0

    #9138

  • Change - Define maximum input image dimensions and size when generating previews: #9360

    This is a general hardening change to limit processing time and resources of the
    thumbnailer.

    #9360
    #9035
    #9069

  • Enhancement - Introduce staticroutes package & remove well-known OIDC middleware: #6095

    We have introduced a new static routes package to the proxy. This package is
    responsible for serving static files and oidc well-known endpoint
    /.well-known/openid-configuration. We have removed the well-known middleware
    for OIDC and moved it to the newly introduced static routes module in the proxy.

    #6095
    #8541

  • Enhancement - Graphs endpoint for mounting and unmounting shares: #7885

    Functionality for mounting (accepting) and unmounting (rejecting) received
    shares has been added to the graph API.

    #7885

  • Enhancement - Add epub reader to web default apps: #8410

    We've added the new epub reader app to the web default apps, so it will be
    enabled and usable by default.

    #8410

  • Enhancement - Change Cors default settings: #8518

    We have changed the default CORS settings to set Access-Control-Allow-Origin
    to the OCIS_URL if not explicitely set and Access-Control-Allow-Credentials
    to false if not explicitely set.

    #8514
    #8518

  • Enhancement - Custom WEB App Loading: #8523

    We've added a new feature which allows the administrator of the environment to
    provide custom web applications to the users. This feature is useful for
    organizations that have specific web applications that they want to provide to
    their users.

    The users will then be able to access these custom web applications from the web
    ui. For a detailed description of the feature, please read the WEB service
    README.md file.

    #8392
    #8523

  • Enhancement - Update to go 1.22: #8586

    We have updated go to version 1.22.

    #8586

  • Enhancement - Send more sse events: #8587

    We added sse events for ItemTrashed, ItemRestored,ContainerCreated and
    FileRenamed

    #8587

  • Enhancement - Send SSE when file is locked/unlocked: #8602

    Send sse events when a file is locked or unlocked.

    #8602

  • Enhancement - Add the spaceID to sse: #8614

    Adds the spaceID to all clientlog sse messages

    #8614
    #8624

  • Enhancement - The graph endpoints for listing permission works for spaces now: #8642

    We enhanced the 'graph/v1beta1/drives/{{driveid}}/items/{{itemid}}/permissions'
    endpoint to list permission of the space when the 'itemid' refers to a space
    root.

    #8352
    #8642

  • Enhancement - Bump keycloak: #8687

    Bumps keycloak version

    #8569
    #8687

  • Enhancement - Make IDP cookies same site strict: #8716

    To enhance the security of our application and prevent Cross-Site Request
    Forgery (CSRF) attacks, we have updated the SameSite attribute of the build in
    Identity Provider (IDP) cookies to Strict.

    This change restricts the browser from sending these cookies with any cross-site
    requests, thereby limiting the exposure of the user's session to potential
    threats.

    This update does not impact the existing functionality of the application but
    provides an additional layer of security where needed.

    #8716

  • Enhancement - Make server side space templates production ready: #8723

    Fixes several smaller bugs and adds some improvements to space templates,
    introduced with #8558

    #8723

  • Enhancement - Sharing NG role names and descriptions: #8743

    We've adjusted the display names and descriptions of the sharing NG roles to
    align with the previously agreed upon terms.

    #8743

  • Enhancement - Ability to Change Share Item Visibility in Graph API: #8750

    Introduce the PATCH /graph/v1beta1/drives/{driveID}/items/{itemID} Graph API
    endpoint which allows updating individual Drive Items.

    At the moment, only the share visibility is considered changeable, but in the
    future, more properties can be added to this endpoint.

    This enhancement is needed for the user interface, allowing specific shares to
    be hidden or unhidden as needed, thereby improving the user experience.

    #8654
    #8750

  • Enhancement - Enable web extension drawio by default: #8760

    Enable web extension drawio by default

    #8760

  • Enhancement - Remove resharing: #8762

    Removed resharing feature from codebase

    #8762

  • Enhancement - Add CSP and other security related headers to oCIS: #8777

    General hardening of oCIS

    #8777
    #9025
    #9167
    #9313

  • Enhancement - Add FileTouched SSE Event: #8778

    Send an sse when a file is touched (aka 0 byte upload)

    #8778

  • Enhancement - Prepare runners to start the services: #8802

    The runners will improve and make service startup easier. The runner's behavior
    is more predictable with clear expectations.

    #8802

  • Enhancement - Sharing SSEs: #8854

    Added server side events for item moved, share created/updated/removed, space
    membership created/removed.

    #8854
    #8875

  • Enhancement - Secure viewer share role: #8907

    A new share role "Secure viewer" has been added. This role is applicable for
    files, folders and spaces and only allows viewing them (and their content).

    #8907

  • Enhancement - Add Link SSEs: #8908

    Add sses for link created/updated/removed.

    #8908

  • Enhancement - ShareeIDs in SSEs: #8915

    We will now send a list of userIDs (one or in case of a group share multiple) on
    share related SSEs

    #8915

  • Enhancement - Allow to resolve public shares without the ocs tokeninfo endpoint: #8926

    Instead of querying the /v1.php/apps/files_sharing/api/v1/tokeninfo/ endpoint, a
    client can now resolve public and internal links by sending a PROPFIND request
    to /dav/public-files/{sharetoken}

    • authenticated clients accessing an internal link are redirected to the "real" resource (`/dav/spaces/{target-resource-id}
    • authenticated clients are able to resolve public links like before. For password protected links they need to supply the password even if they have access to the underlying resource by other means.
    • unauthenticated clients accessing an internal link get a 401 returned with WWW-Authenticate set to Bearer (so that the client knows that it need to get a token via the IDP login page.
    • unauthenticated clients accessing a password protected link get a 401 returned with an error message to indicate the requirement for needing the link's password.

    #8858
    #8926
    cs3org/reva#4653

  • Enhancement - Initiator-IDs: #8936

    Allows sending a header Initiator-ID on http requests. This id will be added
    to sse events so clients can figure out if their particular instance was
    triggering the event. Additionally this adds the etag of the file/folder to all
    sse events.

    #8936
    #8701

  • Enhancement - Add endpoint for getting drive items: #8939

    An endpoint for getting drive items via ID has been added.

    #8915
    #8939

  • Enhancement - Improve infected file handling: #8947

    Reworks virus handling.Shows scandate and outcome on ocis storage-users uploads
    sessions. Avoids retrying infected files on ocis postprocessing restart.

    #8947

  • Enhancement - Configurable claims for auto-provisioning user accounts: #8952

    We introduce the new environment variables "PROXY_AUTOPROVISION_CLAIM_USERNAME",
    "PROXY_AUTOPROVISION_CLAIM_EMAIL", and "PROXY_AUTOPROVISION_CLAIM_DISPLAYNAME"
    which can be used to configure the OIDC claims that should be used for
    auto-provisioning user accounts.

    The automatic fallback to use the 'email' claim value as the username when the
    'preferred_username' claim is not set, has been removed.

    Also it is now possible to autoprovision users without an email address.

    #8635
    #6909
    #8952

  • Enhancement - Bump nats-js-kv pkg: #8953

    Uses official nats-js-kv package now. Moves away from custom fork.

    #8953

  • Enhancement - Graph permission created date time: #8954

    We've added the created date time to graph permission objects.

    #8749
    #8954

  • Enhancement - Add virus filter to sessions command: #9041

    Allow filtering upload session by virus status (has-virus=true/false)

    #9041

  • Enhancement - Assimilate clean into sessions command: #9041

    We deprecated ocis storage-user uploads clean and added the same logic to
    ocis storage-users uploads session --clean

    #9041

  • Enhancement - Add remote item id to WebDAV report responses: #9094

    The remote item id has been added to WebDAV REPORT responses.

    #9094
    #9095

  • Enhancement - Theme Processing and Logo Customization: #9133

    We have made significant improvements to the theme processing in Infinite Scale.
    The changes include:

    • Enhanced the way themes are composed. Now, the final theme is a combination of
      the built-in theme and the custom theme provided by the administrator via
      WEB_ASSET_THEMES_PATH and WEB_UI_THEME_PATH. - Introduced a new mechanism to
      load custom assets. This is particularly useful when a single asset, such as a
      logo, needs to be overwritten. - Fixed the logo customization option.
      Previously, small theme changes would copy the entire theme. Now, only the
      changed keys are considered, making the process more efficient. - Default themes
      are now part of ocis. This change simplifies the theme management process for
      web.

    These changes enhance the robustness of the theme handling in Infinite Scale and
    provide a better user experience.

    #8966
    #9133

  • Enhancement - Add watermark text: #9144

    We've added the watermark text for the Secure View mode.

    #9144

  • Enhancement - Update selected attributes of autoprovisioned users: #9166

    When autoprovisioning is enabled, we now update autoprovisioned users when their
    display name or email address claims change.

    #8955
    #9166

  • Enhancement - Limit concurrent thumbnail requests: #9199

    The number of concurrent requests to the thumbnail service can be limited now to
    have more control over the consumed system resources.

    #9199

  • Enhancement - The storage-users doc updated: #9228

    The storage-users doc was updated, added the details to the 'Restore Trash-Bins
    Items' section.

    #9228

  • Enhancement - Docker compose example for ClamAV: #9229

    This PR adds a docker compose example for running a local oCIS together with
    ClamAV as virus scanner. The example is for demonstration purposes only and
    should not be used in production.

    #9229

  • Enhancement - Add command to check ocis backup consistency: #9238

    Adds a command that checks the consistency of an ocis backup.

    #9238

  • Enhancement - Web server compression: #9287

    We've added a compression middleware to the web server to reduce the request
    size when delivering static files. This speeds up loading times in web clients.

    owncloud/web#7964
    #9287

  • Enhancement - Add secureview flag when listing apps via http: #9289

    To allow clients to see which application supports secure view, we add a flag to
    the http response when the app service name matches a configured secure view app
    provider. The app can be configured by setting
    FRONTEND_APP_HANDLER_SECURE_VIEW_APP_ADDR to the address of the registered CS3
    app provider.

    #9289
    #9280
    #9277

  • Enhancement - Activitylog Service: #9327

    Adds a new service activitylog which stores events (activities) per resource.
    This data can be retrieved by clients to show item activities

    #9327

  • Enhancement - Update web to v9.0.0-alpha.7: #9395

    Tags: web

    We updated ownCloud Web to v9.0.0-alpha.7. Please refer to the changelog
    (linked) for details on the web release.

    #9395
    https://github.com/owncloud/web/releases/tag/v9.0.0

  • Enhancement - Bump Reva to v2.20.0: #9415

    #9415
    #9377
    #9330
    #9318
    #9269
    #9236
    #9188
    #9132
    #9041
    #9002
    #8917
    #8795
    #8701
    #8606
    #8937