Bot releases are hidden (Show)
Published by ownclouders almost 2 years ago
Warning
BREAKING CHANGE in ocis deployments
In order to make every ocis storage provider ID unique by default, we needed to use a random uuidv4 during ocis init. Existing installations need to set this value explicitly or ocis will terminate after the upgrade.
To upgrade from 2.0.0-rc.1 to 2.0.0-rc.2, 2.0.0 or later you need to setGATEWAY_STORAGE_USERS_MOUNT_ID
andSTORAGE_USERS_MOUNT_ID
to the same random uuidv4.You can also add
storage_users: mount_id: some-random-uuid gateway: storage_registry: storage_users_mount_id: some-random-uuid
to the ocis.yaml file which was created during initialisation
Changing the ID of the storage-users provider will change all
- WebDAV Urls
- FileIDs
- SpaceIDs
- Bookmarks
- and will make all existing shares invalid.
The Android, Web and iOS clients will continue to work without interruptions. The Desktop Client sync connections need to be deleted and recreated.
Sorry for the inconvenience 😅WORKAROUND - Not Recommended: You can avoid this by setting
GATEWAY_STORAGE_USERS_MOUNT_ID=1284d238-aa92-42ce-bdc4-0b0000009157
and
STORAGE_USERS_MOUNT_ID=1284d238-aa92-42ce-bdc4-0b0000009157
But this will cause problems later when two ocis instances want to federate.BREAKING CHANGE for users in owncloud web
owncloud/web#6648: breaks existing bookmarks - they won't resolve anymore.
BREAKING CHANGE for developers in owncloud web
owncloud/web#6648: the appDefaults composables from web-pkg now work with drive aliases, concatenated with relative item paths, instead of webdav paths. If you use the appDefaults composables in your application it's likely that your code needs to be adapted.
OCIS_RUN_SERVICES
: #4133
GRAPH_SPACES_INSECURE
: #55555
ocis search
command: #3796
/dav/xxx?preview=1
requests: #3567
ocis init
and remove all default secrets: #3551
glauth
and accounts
services are removed: #3685
share_jail
and projects
feature flags in spaces capability: #3626
Published by ownclouders almost 2 years ago
Warning
BREAKING Change: In order to make every ocis storage provider ID unique by default, we needed to use a random uuidv4 during ocis init. Existing istallations need to set this value explicitly or ocis will terminate after the upgrade.
To upgrade from 2.0.0-rc.1 to 2.0.0-rc.2 you need to setGATEWAY_STORAGE_USERS_MOUNT_ID
andSTORAGE_USERS_MOUNT_ID
to the same random uuidv4.You can also add
storage_users: mount_id: some-random-uuid gateway: storage_registry: storage_users_mount_id: some-random-uuid
to the ocis.yaml file which was created during initialisation
Changing the ID of the storage-users provider will change all
- WebDAV Urls
- FileIDs
- SpaceIDs
- Bookmarks
and will make all existing shares invalid.
The Android, Web and iOS clients have continue to work without interruptions. The Desktop Client sync connections need to be deleted and recreated.
Sorry for the inconveniance 😅
WORKAROUND - Not Recommended: You can avoid this by setting
GATEWAY_STORAGE_USERS_MOUNT_ID=1284d238-aa92-42ce-bdc4-0b0000009157
and
STORAGE_USERS_MOUNT_ID=1284d238-aa92-42ce-bdc4-0b0000009157
But this will cause problems later when two ocis instances want to federate.
OCIS_RUN_SERVICES
: #4133
GRAPH_SPACES_INSECURE
: #55555
ocis search
command: #3796
/dav/xxx?preview=1
requests: #3567
ocis init
and remove all default secrets: #3551
glauth
and accounts
services are removed: #3685
share_jail
and projects
feature flags in spaces capability: #3626
Published by micbar almost 2 years ago
The following sections list the changes for 2.0.0-rc.1.
OCIS_RUN_SERVICES
: #4133
GRAPH_SPACES_INSECURE
: #55555
ocis search
command: #3796
/dav/xxx?preview=1
requests: #3567
ocis init
and remove all default secrets: #3551
glauth
and accounts
services are removed: #3685
share_jail
and projects
feature flags in spaces capability: #3626
Published by ownclouders about 2 years ago
OCIS_RUN_SERVICES
: #4133
GRAPH_SPACES_INSECURE
: #55555
ocis search
command: #3796
/dav/xxx?preview=1
requests: #3567
ocis init
and remove all default secrets: #3551
glauth
and accounts
services are removed: #3685
share_jail
and projects
feature flags in spaces capability: #3626
Bugfix - Fix configuration of mimetypes for the app registry: #4411
We've fixed the configuration option for mimetypes in the app registry. Previously the
default config would always be merged over the user provided configuration. Now the default
mimetype configuration is only used if the user does not providy any mimetype configuration
(like it is already done in the proxy with the routes configuration).
Bugfix - Disable default expiration for public links: #4445
The default expiration for public links was enabled in the capabilities without providing a
(then required) default amount of days for clients to pick a reasonable expiration date upon
link creation. This has been fixed by disabling the default expiration for public links in the
capabilities. With this configuration clients will no longer set a default expiration date
upon link creation.
https://github.com/owncloud/ocis/issues/4445
https://github.com/owncloud/ocis/pull/4475
Bugfix - Show help for some commands when unconfigured: #4405
We've fixed some commands to show the help also when oCIS is not yet configured. Previously the
help was not displayed to the user but instead a configuration validation error.
Bugfix - Translations on login page: #7550
We've fixed several translations on the login page. Also, the browser language is now being
used properly to determine the language.
https://github.com/owncloud/web/issues/7550
https://github.com/owncloud/ocis/pull/4504
Bugfix - Autocreate IDP private key also if file exists but is empty: #4394
We've fixed the behavior for the IDP private key generation so that a private key is also
generated when the file already exists but is empty.
Bugfix - Rename extensions to services (leftover occurences): #4407
We've already renamed extensions to services in previous PRs and this PR peforms this rename
for leftover occurences.
Bugfix - Fix DN parsing issues and sizelimit handling in libregraph/idm: #3631
We fixed a couple on issues in libregraph/idm related to correctly parsing LDAP DNs for
usernames contain characters that require escaping.
Also libregraph/idm was not properly returning "Size limit exceeded" errors when the result
set exceeded the requested size.
https://github.com/owncloud/ocis/issues/3631
https://github.com/owncloud/ocis/issues/4039
https://github.com/owncloud/ocis/issues/4078
Bugfix - Remove runtime kill and run commands: #3740
We've removed the kill and run commands from the oCIS runtime. If these dynamic capabilities
are needed, one should switch to a full fledged supervisor and start oCIS as individual
services.
If one wants to start a only a subset of services, this is still possible by setting
OCIS_RUN_EXTENSIONS.
Bugfix - Check permissions when deleting Space: #3709
Check for manager permissions when deleting spaces. Do not allow deleting spaces via dav
service
Bugfix - Logging in on the wrong account when an email address is not unique: #4039
The default configuration to use the same logon attribute for all services. Also, if the
configured logon attribute is not unique access to ocis is denied.
Bugfix - Allow empty environment variables: #3892
We've fixed the behavior for empty environment variables, that previously would not have
overwritten default values. Therefore it had the same effect like not setting the environment
variable. We now check if the environment variable is set at all and if so, we also allow to
override a default value with an empty value.
Bugfix - Remove unused transfer secret from app provider: #3798
We've fixed the startup of the app provider by removing the startup dependency on a configured
transfer secret, which was not used. This only happend if you start the app provider without
runtime (eg. ocis app-provider server
) and didn't have configured all oCIS secrets.
Bugfix - Make IDP secrets configurable via environment variables: #3744
We've fixed the configuration options of the IDP to make the IDP secrets again configurable via
environment variables.
Bugfix - CSP rules for silent token refresh in iframe: #4031
When renewing the access token silently web needs to be opened in an iframe. This was previously
blocked by a restrictive iframe CSP rule in the Secure
middleware and has now been fixed by
allow self
for iframes.
https://github.com/owncloud/web/issues/7030
https://github.com/owncloud/ocis/pull/4031
Bugfix - Enable debug server by default: #3827
We've fixed the behavior for the audit, idm, nats and notifications extensions, that did not
start their debug server by default.
Bugfix - Rework default role provisioning: #3900
We fixed a race condition in the default role assignment code that could lead to users loosing
privileges. When authenticating before the settings service was fully running.
Bugfix - Fix search index getting out of sync: #3851
We fixed a problem where the search index got out of sync with child elements of a parent
containing special characters.
Bugfix - Inconsistency env var naming for LDAP filter configuration: #3890
There was a naming inconsitency for the enviroment variables used to define LDAP filters for
user and groups queries. Some services used LDAP_USER_FILTER
while others used
LDAP_USERFILTER
. This is now changed to use LDAP_USER_FILTER
and LDAP_GROUP_FILTER
.
Note: If your oCIS setup is using an LDAP configuration that has any of the *_LDAP_USERFILTER
or *_LDAP_GROUPFILTER
environment variables set, please update the configuration to use
the new unified names *_LDAP_USER_FILTER
respectively *_LDAP_GROUP_FILTER
instead.
Bugfix - Fix LDAP insecure options: #3897
We've fixed multiple LDAP insecure options:
true
and now defaults to false
. This is possible after #3888, since the Graph also now uses the LDAP CAcert by default.OCIS_INSECURE
, which was replaced by the dedicated LDAP_INSECURE
variable. This variable is also used by all other services using LDAP.LDAP_INSECURE
.Bugfix - Fix handling of invalid LDAP users and groups: #4274
We fixed an issue where ocis would exit with a panic when LDAP users or groups where missing
required attributes (e.g. the id)
Bugfix - Fix logging levels: #4102
We've fixed the configuration of logging levels. Previously it was not possible to configure a
service with a more or less verbose log level then all other services when running in the
supervised / runtime mode ocis server
.
For example OCIS_LOG_LEVEL=error PROXY_LOG_LEVEL=debug ocis server
did not configure
error logging for all services except the proxy, which should be on debug logging. This is now
fixed and working properly.
Also we fixed the format of go-micro logs to always default to error level. Previously this was
only ensured in the supervised / runtime mode.
https://github.com/owncloud/ocis/issues/4089
https://github.com/owncloud/ocis/pull/4102
Bugfix - Fix OCIS_RUN_SERVICES
: #4133
OCIS_RUN_SERVICES
was introduced as successor to OCIS_RUN_EXTENSIONS
because we
wanted to call oCIS "core" extensions services. We kept OCIS_RUN_EXTENSIONS
for backwards
compatibility reasons.
It turned out, that setting OCIS_RUN_SERVICES
has no effect since introduced.
OCIS_RUN_EXTENSIONS
. OCIS_RUN_EXTENSIONS
was working fine all the time.
We now fixed OCIS_RUN_SERVICES
, so that you can use it as a equivalent replacement for
OCIS_RUN_EXTENSIONS
Bugfix - Fix permissions in REPORT: #4520
The REPORT endpoint wouldn't return any permissions on personal spaces Now it does. Also bumps
reva
Bugfix - Set default name for public link via capabilities: #3834
We have now added a default name for public link shares which is communicated via the
capabilities.
https://github.com/owncloud/ocis/issues/1237
https://github.com/owncloud/ocis/pull/3834
Bugfix - Remove legacy accounts proxy routes: #3831
We've removed the legacy accounts routes from the proxy default config. There were no longer
used since the switch to IDM as the default user backend. Also accounts is no longer part of the
oCIS binary and therefore should not be part of the proxy default route config.
Bugfix - Fix unused config option GRAPH_SPACES_INSECURE
: #55555
We've removed the unused config option GRAPH_SPACES_INSECURE
from the GRAPH service.
Bugfix - Remove unused configuration options: #3973
We've removed multiple unused configuration options:
STORAGE_SYSTEM_DATAPROVIDER_INSECURE
, see also cs3org/reva#2993 -STORAGE_USERS_DATAPROVIDER_INSECURE
, see also cs3org/reva#2993 -STORAGE_SYSTEM_TEMP_FOLDER
, see also cs3org/reva#2993 -STORAGE_USERS_TEMP_FOLDER
, see also cs3org/reva#2993 - WEB_UI_CONFIG_VERSION
, seeGATEWAY_COMMIT_SHARE_TO_STORAGE_REF
, see alsoBugfix - Remove static ocs user backend config: #4077
We've remove the OCS_ACCOUNT_BACKEND_TYPE
configuration option. It was intended to allow
configuration of different user backends for the ocs service. Right now the ocs service only
has a "cs3" backend. Therefor it's a static entry and not configurable.
Bugfix - Remove unused OCS storage configuration: #3955
We've removed the unused OCS configuration option OCS_STORAGE_USERS_DRIVER
.
Bugfix - Fix the ocis search
command: #3796
We've fixed the behavior for ocis search
, which didn't show further help when not all secrets
have been configured. It also was not possible to start the search service standalone from the
oCIS binary without configuring all oCIS secrets, even they were not needed by the search
service.
Bugfix - Rename search env variable for the grpc server address: #3800
We've fixed the gprc server address configuration environment variable by renaming it from
ACCOUNTS_GRPC_ADDR
to SEARCH_GRPC_ADDR
Bugfix - Fix search in received shares: #4308
We fixed a problem where items in received shares were not found.
Bugfix - Fix search report: #7557
There were multiple issues with REPORT search responses from webdav. Also we want it to be
consistent with PROPFIND responses. * the remote.php
prefix was missing from the href
(added even though not neccessary) * the ids were formatted wrong, they should look different
for shares and spaces. * the name of the resource was missing * the shareid was missing (for
shares) * the prop shareroot
(containing the name of the share root) was missing * the
permissions prop was empty
https://github.com/owncloud/web/issues/7557
https://github.com/owncloud/ocis/pull/4484
Bugfix - Fix make sensitive config values in the proxy's debug server: #4086
We've fixed a security issue of the proxy's debug server config report endpoint. Previously
sensitive configuration values haven't been masked. We now mask these values.
Bugfix - Fix the idm and settings extensions' admin user id configuration option: #3799
We've fixed the admin user id configuration of the settings and idm extensions. The have
previously only been configurable via the oCIS shared configuration and therefore have been
undocumented for the extensions. This config option is now part of both extensions'
configuration and can now also be used when the extensions are compiled standalone.
Bugfix - Substring search for sharees: #547
We fixed searching for sharees to be no longer case-sensitive. With this we introduced two new
settings for the users and groups services: "group_substring_filter_type" for the group
services and "user_substring_filter_type" for the users service. They allow to set the type
of LDAP filter that is used for substring user searches. Possible values are: "initial",
"final" and "any" to do either prefix, suffix or full substring searches. Both settings
default to "initial".
Also a new option "search_min_length" was added for the "frontend" service. It allows to
configure the minimum number of characters to enter before a search for Sharees is started.
This setting is e.g. evaluated by the web ui via the capabilities endpoint.
Bugfix - Fix configuration validation for extensions' server commands: #3911
We've fixed the configuration validation for the extensions' server commands. Before this
fix error messages have occurred when trying to start individual services without certain
oCIS fullstack configuration values.
We now no longer do the common oCIS configuration validation for extensions' server commands
and now rely only on the extensions' validation function.
Bugfix - Fix startup error logging: #4093
We've fixed the startup error logging, so that users will the reason for a failed startup even on
"error" log level. Previously they would only see it on "info" log level. Also in a lot of cases
the reason for the failed shutdown was omitted.
Bugfix - Fix multiple storage-users env variables: #3802
We've fixed multiple environment variable configuration options for the storage-users
extension:
STORAGE_USERS_GRPC_ADDR
was used to configure both the address of the http and grpc server. This resulted in a failing startup of the storage-users extension if this config option is set, because the service tries to double-bind the configured port (one time for each of the http and grpc server). You can now configure the grpc server's address with the environment variable STORAGE_USERS_GRPC_ADDR
and the http server's address with the environment variable STORAGE_USERS_HTTP_ADDR
STORAGE_USERS_S3NG_USERS_PROVIDER_ENDPOINT
was used to configure the permissions service endpoint for the S3NG driver and was therefore renamed to STORAGE_USERS_S3NG_PERMISSIONS_ENDPOINT
STORAGE_USERS_PERMISSION_ENDPOINT
, which was previously only used by the S3NG driver.Bugfix - Thumbnails for /dav/xxx?preview=1
requests: #3567
We've added the thumbnail rendering for /dav/xxx?preview=1
,
/remote.php/webdav/{relative path}?preview=1
and /webdav/{relative path}?preview=1
requests, which was previously not supported because of missing routes. It
now returns the same thumbnails as for /remote.php/dav/xxx?preview=1
.
Bugfix - Fix unrestricted quota on the graphAPI: #4363
Unrestricted quota needs to show 0 on the API. It is not good for clients when the property is
missing.
Bugfix - Fix user autoprovisioning: #3893
We've fixed the autoprovsioning feature that was introduced in beta2. Due to a bug the role
assignment of the privileged user that is used to create accounts wasn't propagated correctly
to the graph
service.
Bugfix - Fix version info: #3953
We've fixed the version info that is displayed when you run:
ocis version
- ocis <extension name> version
Since #2918, these commands returned an empty version only.
Bugfix - Fix version number in status page: #3788
We needed to undo the version number changes on the status page to keep compatibility for legacy
clients. We added a new field productversion
for the actual version of the product.
https://github.com/owncloud/ocis/issues/3788
https://github.com/owncloud/ocis/pull/3805
Bugfix - Fix the webdav URL of drive roots: #3706
Fixed the webdav URL of drive roots in the graph API.
https://github.com/owncloud/ocis/issues/3706
https://github.com/owncloud/ocis/pull/3916
Bugfix - Idp: Check if CA certificate if present: #3623
Upon first start with the default configurtation the idm service creates a server
certificate, that might not be finished before the idp service is starting. Add a check to idp
similar to what the user, group, and auth-providers implement.
Bugfix - Fix graph endpoint: #3925
We have added the memberOf slice to the /users endpoint and the member slice to the /group
endpoint
Bugfix - Escape DN attribute value: #4117
Escaped the DN attribute value on creating users and groups.
Bugfix - Make IDP only wait for certs when using LDAP: #3965
When configuring cs3 as the backend the IDP no longer waits for an LDAP certificate to appear.
Bugfix - Make ocdav service behave properly: #3957
The ocdav service now properly passes the tracing config and shuts down when receiving a kill
signal.
Bugfix - Return proper errors when ocs/cloud/users is using the cs3 backend: #3483
The ocs API was just exiting with a fatal error on any update request, when configured for the cs3
backend. Now it returns a proper error.
Bugfix - Polish search: #4094
We improved the feedback when providing invalid search queries and added support for limiting
the number of results returned.
Bugfix - Save Katherine: #3823
SpaceManager user katherine was removed with the demo user switch. Now she comes back
https://github.com/owncloud/ocis/issues/3823
https://github.com/owncloud/ocis/pull/3824
Bugfix - Fix Thumbnails for IDs without a trailing path: #3791
The routes in the chi router were not matching thumbnail requests without a trailing path.
Bugfix - Space Creators can hand over spaces: #4244
Set no owner on non personal spaces to be able to pass the space manager role to a new user.
Bugfix - URL encode the webdav url in the graph API: #3597
Fixed the webdav URL in the drives responses. Without encoding the URL could be broken by files
with spaces in the file name.
https://github.com/owncloud/ocis/issues/3538
https://github.com/owncloud/ocis/pull/3597
Bugfix - Store user passwords hashed in idm: #3778
Support for hashing user passwords was added to libregraph/idm. The graph API will now set
userpasswords using the LDAP Modify Extended Operation (RFC3062). In the default
configuration passwords will be hashed using the argon2id algorithm.
https://github.com/owncloud/ocis/issues/3778
https://github.com/owncloud/ocis/pull/4053
Change - Update ocis packages and imports to V2: #3678
This needs to be done in preparation for the major version bump in ocis.
Change - Load configuration files just from one directory: #3587
We've changed the configuration file loading behavior and are now only loading configuration
files from ONE single directory. This directory can be set on compile time or via an environment
variable on startup (OCIS_CONFIG_DIR
).
We are using following configuration default paths:
/etc/ocis/
- Binary releases: $HOME/.ocis/config/
Change - Reduce permissions on docker image predeclared volumes: #3641
We've lowered the permissions on the predeclared volumes of the oCIS docker image from 777 to
750.
This change doesn't affect you, unless you use the docker image with the non default uid/guid to
start oCIS (default is 1000:1000).
Change - Introduce ocis init
and remove all default secrets: #3551
We've removed all default secrets and the hardcoded UUID of the user admin
. This means you
can't start oCIS any longer without setting these via environment variable or configuration
file.
In order to make this easy for you, we introduced a new command: ocis init
. You can run this
command before starting oCIS with ocis server
and it will bootstrap you a configuration file
for a secure oCIS instance.
https://github.com/owncloud/ocis/issues/3524
https://github.com/owncloud/ocis/pull/3551
https://github.com/owncloud/ocis/pull/3743
Change - Rename "uploads purge" command to "uploads clean": #4403
We've renamed the storage-users service's "uploads purge" command to "upload clean".
Change - The glauth
and accounts
services are removed: #3685
After switching the default configuration to libregraph/idm we could remove the glauth and
accounts services from the source code (they were already disabled by default with the
previous release)
Change - Reduce drives in graph /me/drives API: #3629
Reduced the drives in the graph /me/drives
API to only the drives the user has access to. The
endpoint /drives
will list all drives when the user has the permission.
Change - Switched default configuration to use libregraph/idm: #3331
We switched the default configuration of oCIS to use the "idm" service (based on
libregraph/idm) as the standard source for user and group information. The accounts and
glauth services are no longer enabled by default and will be removed with an upcoming release.
https://github.com/owncloud/ocis/pull/3331
https://github.com/owncloud/ocis/pull/3633
Change - Rename MetadataUserID: #3671
MetadataUserID is renamed to SystemUserID including yaml tags and env vars
Change - Use new space ID util functions: #3648
Changed code to use the new space ID util functions so that everything works with the new spaces
ID format.
https://github.com/owncloud/ocis/pull/3648
https://github.com/owncloud/ocis/pull/3669
Change - Prevent access to disabled space: #3779
Previously managers where allowed to edit the space even when it is disabled This is no longer
possible
Change - Rename serviceUser to systemUser: #3673
We renamed serviceUser to systemUser in all configs and vars including yaml-tags and env vars
Change - Use the spaceID on the cs3 resource: #4748
We cleaned up the CS3Api to use a proper attribute for the space id.
Change - Split MachineAuth from SystemUser: #3672
We now have two different APIKeys: MachineAuth for the machine-auth service and SystemUser
for the system user used e.g. by settings service
Enhancement - Add capability for alias links: #3983
For better UX clients need a way to discover if alias links are supported by the server. We added a
capability under "files_sharing/public/alias"
https://github.com/owncloud/ocis/issues/3983
https://github.com/owncloud/ocis/pull/3991
Enhancement - Add drives field to users endpoint: #4072
We have added $expand=drives
to the /users/{id}/
endpoint using the user filter
implemented in reva.
https://github.com/owncloud/ocis/pull/4072
https://github.com/cs3org/reva/pull/3046
https://github.com/owncloud/ocis/pull/4323
Enhancement - Add FRONTEND_ENABLE_RESHARING env variable: #4023
We introduced resharing which was enabled by default, this is now configurable and can be
enabled by setting the env FRONTEND_ENABLE_RESHARING
to true
. By default resharing is
now disabled.
Enhancement - Add number of total matches to the search result: #4189
The search service now returns the number of total matches alongside the results.
Enhancement - Align service naming: #3606
We now reflect the configured service names when listing them in the ocis runtime
https://github.com/owncloud/ocis/issues/3603
https://github.com/owncloud/ocis/pull/3606
Enhancement - Add acting user to the audit log: #3753
Added the acting user to the events in the audit log.
https://github.com/owncloud/ocis/issues/3753
https://github.com/owncloud/ocis/pull/3992
Enhancement - Add audit events for created containers: #3941
Handle the event ContainerCreated
in the audit service.
Enhancement - Don't setup demo role assignments on default: #3661
Added a configuration option to explicitly tell the settings service to generate the default
role assignments.
https://github.com/owncloud/ocis/issues/3661
https://github.com/owncloud/ocis/pull/3956
Enhancement - Introduce "delete-all-spaces" permission: #4196
This is assigned to the Admin role by default and allows to cleanup orphaned spaces (e.g. where
the owner as been deleted)
Enhancement - Improve validation of OIDC access tokens: #3841
Previously OIDC access tokes were only validated by requesting the userinfo from the IDP. It is
now possible to enable additional verification if the IDP issues access tokens in JWT format.
In that case the oCIS proxy service will now verify the signature of the token using the public
keys provided by jwks_uri endpoint of the IDP. It will also verify if the issuer claim (iss)
matches the expected values.
The new validation is enabled by setting PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD
to
"jwt". Which is also the default. Setting it to "none" will disable the feature.
https://github.com/owncloud/ocis/issues/3841
https://github.com/owncloud/ocis/pull/4227
Enhancement - Add /app/open-with-web endpoint: #4376
We've added an /app/open-with-web endpoint to the app provider, so that clients that are no
browser or have only limited browser access can also open apps with the help of a Web URL.
https://github.com/owncloud/ocis/pull/4376
https://github.com/cs3org/reva/pull/3143
Enhancement - Add previewFileMimeTypes to web default config: #4414
We've added previewFileMimeTypes to the web default config, so web can determine which
preview types are supported by the backend.
Enhancement - Added language option to the app provider: #4399
We've added a language option to the app provider which will in the end be passed to the app a user
opens so that the web ui is displayed in the users language.
https://github.com/owncloud/ocis/issues/4367
https://github.com/owncloud/ocis/pull/4399
https://github.com/cs3org/reva/pull/3156
Enhancement - Improve error log for "could not get user by claim" error: #4227
We've improved the error log for "could not get user by claim" error where previously only the
"nil" error has been logged. Now we're logging the message from the transport.
Enhancement - Improve login screen design: #4500
We've improved the design of the login screen to match with the general design used in Web.
https://github.com/owncloud/web/issues/7552
https://github.com/owncloud/ocis/pull/4500
Enhancement - Add configuration options for mail authentication and encryption: #4443
We've added configuration options to configure the authentication and encryption for
sending mails in the notifications service.
Furthermore there is now a distinguished configuration option for the username to use for
authentication against the mail server. This allows you to customize the sender address to
your liking. For example sender addresses like my oCIS instance <[email protected]>
are
now possible, too.
Enhancement - Introduce service registry cache: #3833
We've improved the service registry / service discovery by setting up registry caching (TTL
20s), so that not every requests has to do a lookup on the registry.
Enhancement - Reintroduce user autoprovisioning in proxy: #3860
With the removal of the accounts service autoprovisioning of users upon first login was no
longer possible. We added this feature back for the cs3 user backend in the proxy. Leveraging
the libregraph users API for creating the users.
Enhancement - Added command to reset administrator password: #4084
The new command ocis idm resetpassword
allows to reset the administrator password when ocis
is not running. So it is possible to recover setups where the admin password was lost.
https://github.com/owncloud/ocis/issues/4084
https://github.com/owncloud/ocis/pull/4365
Enhancement - Disable the color logging in docker compose examples: #871
Disabled the color logging in the example docker compose deployments. Although colored logs
are helpful during the development process they may be undesired in other situations like
production deployments, where the logs aren't consumed by humans directly but instead by a log
aggregator.
https://github.com/owncloud/ocis/issues/871
https://github.com/owncloud/ocis/pull/3935
Enhancement - Allow providing list of services NOT to start: #4254
Until now if one wanted to use a custom version of a service, one needed to provide
OCIS_RUN_SERVICES
which is a list of all services to start. Now one can provide
OCIS_EXCLUDE_RUN_SERVICES
which is a list of only services not to start
Enhancement - Introduce insecure flag for smtp email notifications: #4279
We've introduced the NOTIFICATIONS_SMTP_INSECURE
configuration option, that let's you
skip certificate verification for smtp email servers.
Enhancement - Optional events in graph service: #55555
We've changed the graph service so that you also can start it without any event bus. Therefore
you need to set GRAPH_EVENTS_ENDPOINT
to an empty string. The graph API will not emit any
events in this case.
Enhancement - Fix behavior for foobar (in present tense): #4346
We've added the configuration option PROXY_OIDC_REWRITE_WELLKNOWN
to rewrite the
/.well-known/openid-configuration
endpoint. If active, it serves the
/.well-known/openid-configuration
response of the original IDP configured in
OCIS_OIDC_ISSUER
/ PROXY_OIDC_ISSUER
. This is needed so that the Desktop Client,
Android Client and iOS Client can discover the OIDC identity provider.
Previously this rewrite needed to be performed with an external proxy as NGINX or Traefik if an
external IDP was used.
https://github.com/owncloud/ocis/issues/2819
https://github.com/owncloud/ocis/issues/3280
https://github.com/owncloud/ocis/pull/4346
Enhancement - OCS get share now also handle received shares: #4322
Requesting a specific share can now also correctly map the path to the mountpoint if the
requested share is a received share.
https://github.com/owncloud/ocis/issues/4322
https://github.com/owncloud/ocis/pull/4539
Enhancement - Add config option to provide TLS certificate: #3818
Added a config option to the graph service to provide a TLS certificate to be used to verify the
LDAP server certificate.
https://github.com/owncloud/ocis/issues/3818
https://github.com/owncloud/ocis/pull/3888
Enhancement - Add descriptions for graph-explorer config: #3759
Added descriptions tags to the graph-explorer config tags so that they will be included in the
documentation.
Enhancement - Add /me/changePassword endpoint to GraphAPI: #3063
When using the builtin user management, allow users to update their own password via the
graph/v1.0/me/changePassword endpoint.
https://github.com/owncloud/ocis/issues/3063
https://github.com/owncloud/ocis/pull/3705
Enhancement - Generate signing key and encryption secret: #3909
The idp service now automatically generates a signing key and encryption secret when they
don't exist. This will enable service restarts without invalidating existing sessions.
https://github.com/owncloud/ocis/issues/3909
https://github.com/owncloud/ocis/pull/4022
Enhancement - Update IdP UI: #3493
Updated our fork of the lico IdP UI. This also updated the used npm dependencies. The design
didn't change.
https://github.com/owncloud/ocis/issues/3493
https://github.com/owncloud/ocis/pull/4074
Enhancement - Wrap metadata storage with dedicated reva gateway: #3602
We wrapped the metadata storage in a minimal reva instance with a dedicated gateway, including
static storage registry, static auth registry, in memory userprovider, machine
authprovider and demo permissions service. This allows us to preconfigure the service user
for the ocis settings service, share and public share providers.
https://github.com/owncloud/ocis/pull/3602
https://github.com/owncloud/ocis/pull/3647
Enhancement - New migrate command for migrating shares and public shares: #3987
We added a new migrate
subcommand which can be used to migrate shares and public shares
between different share and publicshare managers.
https://github.com/owncloud/ocis/pull/3987
https://github.com/owncloud/ocis/pull/4019
Enhancement - Add missing unprotected paths: #4454
Added missing unprotected paths for the text-editor, preview, pdf-viewer, draw-io and
index.html to the authentication middleware.
https://github.com/owncloud/ocis/pull/4454
https://github.com/owncloud/ocis/pull/4458
Enhancement - Product field in OCS version: #2918
We've added a new field to the OCS Version, which is supposed to announce the product name. The
web ui as a client will make use of it to make the backend product and version available (e.g. for
easier bug reports).
Enhancement - Automatically orientate photos when generating thumbnails: #4477
The thumbnailer now makes use of the exif orientation information to automatically orientate
pictures before generating thumbnails.
https://github.com/owncloud/ocis/issues/4477
https://github.com/owncloud/ocis/pull/4513
Enhancement - Refactor extensions to services: #3980
We have decided to name all extensions, we maintain and provide with ocis, services from here on
to avoid confusion between external extensions and code we provide and maintain.
Enhancement - Refactor the proxy service: #4401
The routes of the proxy service now have a "unprotected" flag. This is used by the
authentication middleware to determine if the request needs to be blocked when missing
authentication or not.
https://github.com/owncloud/ocis/issues/4401
https://github.com/owncloud/ocis/issues/4497
https://github.com/owncloud/ocis/pull/4461
https://github.com/owncloud/ocis/pull/4498
https://github.com/owncloud/ocis/pull/4514
Enhancement - Allow resharing: #3904
This will allow resharing files
Enhancement - Rewrite of the request authentication middleware: #4374
There were some flaws in the authentication middleware which were resolved by this rewrite.
This rewrite also introduced the need to manually mark certain paths as "unprotected" if
requests to these paths must not be authenticated.
Enhancement - Add initial version of the search extensions: #3635
It is now possible to search for files and directories by their name using the web UI. Therefor
new search extension indexes files in a persistent local index.
Enhancement - Add capability for public link single file edit: #6787
It is now possible to share a single file by link with edit permissions. Therefore we need a
public share capability to enable that feature in the clients. At the same time, we improved the
WebDAV permissions for public links.
https://github.com/owncloud/web/pull/6787
https://github.com/owncloud/ocis/pull/3538
Enhancement - Added share_jail
and projects
feature flags in spaces capability: #3626
We've added feature flags to the spaces
capability to indicate to clients which features are
supposed to be shown to users.
Enhancement - Use storageID when requesting special items: #4356
We need to use the storageID when requesting the special items of a space to spare a registry
lookup and improve the performance
Enhancement - Add description tags to the thumbnails config structs: #3752
Added description tags to the config structs in the thumbnails service so they will be included
in the config documentation.
Important If you ran ocis init
with the v2.0.0-alpha*
version then you have to manually add the transfer_secret
to the ocis.yaml.
Just open the ocis.yaml
config file and look for the thumbnails section. Then add a random
transfer_secret
so that it looks like this:
yaml thumbnails: thumbnail: transfer_secret: <put random value here>
Enhancement - Make thumbnails service log less noisy: #3959
Reduced the log severity when no thumbnail was found from warn to debug. This reduces the spam in
the logs.
Enhancement - Update linkshare capabilities: #3579
We have updated the capabilities regarding password enforcement and expiration dates of
public links. They were previously hardcoded in a way that didn't reflect the actual backend
functionality anymore.
Enhancement - Update reva: #3944
Changelog for reva 2.6.1 (2022-06-27) =======================================
The following sections list the changes in reva 2.6.1 relevant to reva users. The changes are
ordered by importance.
Summary -------
Changelog for reva 2.6.0 (2022-06-21) =======================================
The following sections list the changes in reva 2.6.0 relevant to reva users. The changes are
ordered by importance.
https://github.com/owncloud/ocis/pull/3944
https://github.com/owncloud/ocis/pull/3975
https://github.com/owncloud/ocis/pull/3982
https://github.com/owncloud/ocis/pull/4000
https://github.com/owncloud/ocis/pull/4006
Enhancement - Update reva to version 2.7.2: #4115
Changelog for reva 2.7.2 (2022-07-18) =======================================
Changelog for reva 2.7.1 (2022-07-15) =======================================
Changelog for reva 2.7.0 (2022-07-15) =======================================
https://github.com/owncloud/ocis/pull/4115
https://github.com/owncloud/ocis/pull/4201
https://github.com/owncloud/ocis/pull/4203
https://github.com/owncloud/ocis/pull/4025
https://github.com/owncloud/ocis/pull/4211
Enhancement - Update reva to v2.7.4: #4294
Updated reva to version 2.7.4 This update includes:
Updated reva to version 2.7.3 This update includes:
Https://github.com/owncloud/ocis/pull/4272
https://github.com/cs3org/reva/pull/3096 https://github.com/cs3org/reva/pull/4315
https://github.com/owncloud/ocis/pull/4294
https://github.com/owncloud/ocis/pull/4330
https://github.com/owncloud/ocis/pull/4369
Enhancement - Update reva to v2.8.0: #4444
Updated reva to version 2.8.0. This update includes:
Enhancement - Update reva to version 2.4.1: #3746
Changelog for reva 2.4.1 (2022-05-24) =======================================
The following sections list the changes in reva 2.4.1 relevant to reva users. The changes are
ordered by importance.
Summary -------
Changelog for reva 2.4.0 (2022-05-24) =======================================
The following sections list the changes in reva 2.4.0 relevant to reva users. The changes are
ordered by importance.
Summary -------
https://github.com/owncloud/ocis/pull/3746
https://github.com/owncloud/ocis/pull/3771
https://github.com/owncloud/ocis/pull/3778
https://github.com/owncloud/ocis/pull/3842
https://github.com/owncloud/ocis/pull/3854
https://github.com/owncloud/ocis/pull/3858
https://github.com/owncloud/ocis/pull/3867
Enhancement - Update reva to version 2.5.1: #3932
Changelog for reva 2.5.1 (2022-06-08) =======================================
The following sections list the changes in reva 2.5.1 relevant to reva users. The changes are
ordered by importance.
Summary -------
Changelog for reva 2.5.0 (2022-06-07) =======================================
The following sections list the changes in reva 2.5.0 relevant to reva users. The changes are
ordered by importance.
Summary -------
https://github.com/owncloud/ocis/pull/3932
https://github.com/owncloud/ocis/pull/3928
https://github.com/owncloud/ocis/pull/3922
Enhancement - Update Reva to version 2.10.0: #4522
Changelog for reva 2.10.0 (2022-09-09) =======================================
Changelog for reva 2.9.0 (2022-09-08) =======================================
https://github.com/owncloud/ocis/pull/4522
https://github.com/owncloud/ocis/pull/4534
https://github.com/owncloud/ocis/pull/4548
https://github.com/owncloud/ocis/pull/4558
Enhancement - Update reva to v2.3.1: #3552
Updated reva to version 2.3.1. This update includes
Updated reva to version 2.3.0. This update includes:
https://github.com/owncloud/ocis/issues/3621
https://github.com/owncloud/ocis/pull/3552
https://github.com/owncloud/ocis/pull/3570
https://github.com/owncloud/ocis/pull/3601
https://github.com/owncloud/ocis/pull/3602
https://github.com/owncloud/ocis/pull/3605
https://github.com/owncloud/ocis/pull/3611
https://github.com/owncloud/ocis/pull/3637
https://github.com/owncloud/ocis/pull/3652
https://github.com/owncloud/ocis/pull/3681
Enhancement - Update ownCloud Web to v5.5.0-rc.8: #6854
Tags: web
We updated ownCloud Web to v5.5.0-rc.8. Please refer to the changelog (linked) for details on
the web release.
https://github.com/owncloud/web/pull/6854
https://github.com/owncloud/ocis/pull/3844
https://github.com/owncloud/ocis/pull/3862
https://github.com/owncloud/web/releases/tag/v5.5.0-rc.8
Enhancement - Update ownCloud Web to v5.5.0-rc.9: #6854
Tags: web
We updated ownCloud Web to v5.5.0-rc.9. Please refer to the changelog (linked) for details on
the web release.
Summary -------
https://github.com/owncloud/web/pull/6854
https://github.com/owncloud/ocis/pull/3927
https://github.com/owncloud/web/releases/tag/v5.5.0-rc.9
Enhancement - Update ownCloud Web to v5.5.0-rc.6: #6854
Tags: web
We updated ownCloud Web to v5.5.0-rc.6. Please refer to the changelog (linked) for details on
the web release.
https://github.com/owncloud/web/pull/6854
https://github.com/owncloud/ocis/pull/3664
https://github.com/owncloud/ocis/pull/3680
https://github.com/owncloud/ocis/pull/3727
https://github.com/owncloud/ocis/pull/3747
https://github.com/owncloud/ocis/pull/3797
https://github.com/owncloud/web/releases/tag/v5.5.0-rc.6
Enhancement - Update ownCloud Web to v5.7.0-rc.1: #4005
Tags: web
We updated ownCloud Web to v5.7.0-rc.1. Please refer to the changelog (linked) for details on
the web release.
https://github.com/owncloud/ocis/pull/4005
https://github.com/owncloud/web/pull/7158
https://github.com/owncloud/ocis/pull/3990
https://github.com/owncloud/web/pull/6854
https://github.com/owncloud/web/releases/tag/v5.7.0-rc.1
Enhancement - Update ownCloud Web to v5.7.0-rc.4: #4140
Tags: web
We updated ownCloud Web to v5.7.0-rc.4. Please refer to the changelog (linked) for details on
the web release.
https://github.com/owncloud/ocis/pull/4140
https://github.com/owncloud/web/releases/tag/v5.7.0-rc.4
Enhancement - Update ownCloud Web to v5.7.0-rc.8: #4314
Tags: web
We updated ownCloud Web to v5.7.0-rc.9. Please refer to the changelog (linked) for details on
the web release.
preview
apphttps://github.com/owncloud/ocis/pull/4314
https://github.com/owncloud/web/releases/tag/v5.7.0-rc.8
Enhancement - Update ownCloud Web to v5.7.0-rc.10: #4439
Tags: web
We updated ownCloud Web to v5.7.0-rc.10. Please refer to the changelog (linked) for details on
the web release.
https://github.com/owncloud/ocis/pull/4439
https://github.com/owncloud/web/releases/tag/v5.7.0-rc.10
Enhancement - Update ownCloud Web to v5.7.0: #4508
Tags: web
We updated ownCloud Web to v5.7.0. Please refer to the changelog (linked) for details on the web
release.
https://github.com/owncloud/ocis/pull/4508
https://github.com/owncloud/ocis/pull/4547
https://github.com/owncloud/ocis/pull/4550
https://github.com/owncloud/web/releases/tag/v5.7.0
Enhancement - Expand personal drive on the graph user: #4357
We can now list the personal drive on the users endpoint via the graph API. A user can add an
$expand=drive
query to list the personal drive of the requested user.
Enhancement - Add descriptions to webdav configuration: #3755
Added descriptions to webdav config structs to include them in the config documentation.
Enhancement - Search service at the old webdav endpoint: #4118
We made the search service available for legacy clients at the old webdav endpoint.
Published by kulmann about 2 years ago
OCIS_RUN_SERVICES
: #4133
GRAPH_SPACES_INSECURE
: #55555
ocis search
command: #3796
/dav/xxx?preview=1
requests: #3567
ocis init
and remove all default secrets: #3551
glauth
and accounts
services are removed: #3685
share_jail
and projects
feature flags in spaces capability: #3626
Bugfix - Fix configuration of mimetypes for the app registry: #4411
We've fixed the configuration option for mimetypes in the app registry. Previously the
default config would always be merged over the user provided configuration. Now the default
mimetype configuration is only used if the user does not providy any mimetype configuration
(like it is already done in the proxy with the routes configuration).
Bugfix - Show help for some commands when unconfigured: #4405
We've fixed some commands to show the help also when oCIS is not yet configured. Previously the
help was not displayed to the user but instead a configuration validation error.
Bugfix - Autocreate IDP private key also if file exists but is empty: #4394
We've fixed the behavior for the IDP private key generation so that a private key is also
generated when the file already exists but is empty.
Bugfix - Rename extensions to services (leftover occurences): #4407
We've already renamed extensions to services in previous PRs and this PR peforms this rename
for leftover occurences.
Bugfix - Fix DN parsing issues and sizelimit handling in libregraph/idm: #3631
We fixed a couple on issues in libregraph/idm related to correctly parsing LDAP DNs for
usernames contain characters that require escaping.
Also libregraph/idm was not properly returning "Size limit exceeded" errors when the result
set exceeded the requested size.
https://github.com/owncloud/ocis/issues/3631
https://github.com/owncloud/ocis/issues/4039
https://github.com/owncloud/ocis/issues/4078
Bugfix - Remove runtime kill and run commands: #3740
We've removed the kill and run commands from the oCIS runtime. If these dynamic capabilities
are needed, one should switch to a full fledged supervisor and start oCIS as individual
services.
If one wants to start a only a subset of services, this is still possible by setting
OCIS_RUN_EXTENSIONS.
Bugfix - Check permissions when deleting Space: #3709
Check for manager permissions when deleting spaces. Do not allow deleting spaces via dav
service
Bugfix - Logging in on the wrong account when an email address is not unique: #4039
The default configuration to use the same logon attribute for all services. Also, if the
configured logon attribute is not unique access to ocis is denied.
Bugfix - Allow empty environment variables: #3892
We've fixed the behavior for empty environment variables, that previously would not have
overwritten default values. Therefore it had the same effect like not setting the environment
variable. We now check if the environment variable is set at all and if so, we also allow to
override a default value with an empty value.
Bugfix - Remove unused transfer secret from app provider: #3798
We've fixed the startup of the app provider by removing the startup dependency on a configured
transfer secret, which was not used. This only happend if you start the app provider without
runtime (eg. ocis app-provider server
) and didn't have configured all oCIS secrets.
Bugfix - Make IDP secrets configurable via environment variables: #3744
We've fixed the configuration options of the IDP to make the IDP secrets again configurable via
environment variables.
Bugfix - CSP rules for silent token refresh in iframe: #4031
When renewing the access token silently web needs to be opened in an iframe. This was previously
blocked by a restrictive iframe CSP rule in the Secure
middleware and has now been fixed by
allow self
for iframes.
https://github.com/owncloud/web/issues/7030
https://github.com/owncloud/ocis/pull/4031
Bugfix - Enable debug server by default: #3827
We've fixed the behavior for the audit, idm, nats and notifications extensions, that did not
start their debug server by default.
Bugfix - Rework default role provisioning: #3900
We fixed a race condition in the default role assignment code that could lead to users loosing
privileges. When authenticating before the settings service was fully running.
Bugfix - Fix search index getting out of sync: #3851
We fixed a problem where the search index got out of sync with child elements of a parent
containing special characters.
Bugfix - Inconsistency env var naming for LDAP filter configuration: #3890
There was a naming inconsitency for the enviroment variables used to define LDAP filters for
user and groups queries. Some services used LDAP_USER_FILTER
while others used
LDAP_USERFILTER
. This is now changed to use LDAP_USER_FILTER
and LDAP_GROUP_FILTER
.
Note: If your oCIS setup is using an LDAP configuration that has any of the *_LDAP_USERFILTER
or *_LDAP_GROUPFILTER
environment variables set, please update the configuration to use
the new unified names *_LDAP_USER_FILTER
respectively *_LDAP_GROUP_FILTER
instead.
Bugfix - Fix LDAP insecure options: #3897
We've fixed multiple LDAP insecure options:
true
and now defaults to false
. This is possible after #3888, since the Graph also now uses the LDAP CAcert by default.OCIS_INSECURE
, which was replaced by the dedicated LDAP_INSECURE
variable. This variable is also used by all other services using LDAP.LDAP_INSECURE
.Bugfix - Fix handling of invalid LDAP users and groups: #4274
We fixed an issue where ocis would exit with a panic when LDAP users or groups where missing
required attributes (e.g. the id)
Bugfix - Fix logging levels: #4102
We've fixed the configuration of logging levels. Previously it was not possible to configure a
service with a more or less verbose log level then all other services when running in the
supervised / runtime mode ocis server
.
For example OCIS_LOG_LEVEL=error PROXY_LOG_LEVEL=debug ocis server
did not configure
error logging for all services except the proxy, which should be on debug logging. This is now
fixed and working properly.
Also we fixed the format of go-micro logs to always default to error level. Previously this was
only ensured in the supervised / runtime mode.
https://github.com/owncloud/ocis/issues/4089
https://github.com/owncloud/ocis/pull/4102
Bugfix - Fix OCIS_RUN_SERVICES
: #4133
OCIS_RUN_SERVICES
was introduced as successor to OCIS_RUN_EXTENSIONS
because we
wanted to call oCIS "core" extensions services. We kept OCIS_RUN_EXTENSIONS
for backwards
compatibility reasons.
It turned out, that setting OCIS_RUN_SERVICES
has no effect since introduced.
OCIS_RUN_EXTENSIONS
. OCIS_RUN_EXTENSIONS
was working fine all the time.
We now fixed OCIS_RUN_SERVICES
, so that you can use it as a equivalent replacement for
OCIS_RUN_EXTENSIONS
Bugfix - Set default name for public link via capabilities: #3834
We have now added a default name for public link shares which is communicated via the
capabilities.
https://github.com/owncloud/ocis/issues/1237
https://github.com/owncloud/ocis/pull/3834
Bugfix - Remove legacy accounts proxy routes: #3831
We've removed the legacy accounts routes from the proxy default config. There were no longer
used since the switch to IDM as the default user backend. Also accounts is no longer part of the
oCIS binary and therefore should not be part of the proxy default route config.
Bugfix - Fix unused config option GRAPH_SPACES_INSECURE
: #55555
We've removed the unused config option GRAPH_SPACES_INSECURE
from the GRAPH service.
Bugfix - Remove unused configuration options: #3973
We've removed multiple unused configuration options:
STORAGE_SYSTEM_DATAPROVIDER_INSECURE
, see also cs3org/reva#2993 -STORAGE_USERS_DATAPROVIDER_INSECURE
, see also cs3org/reva#2993 -STORAGE_SYSTEM_TEMP_FOLDER
, see also cs3org/reva#2993 -STORAGE_USERS_TEMP_FOLDER
, see also cs3org/reva#2993 - WEB_UI_CONFIG_VERSION
, seeGATEWAY_COMMIT_SHARE_TO_STORAGE_REF
, see alsoBugfix - Remove static ocs user backend config: #4077
We've remove the OCS_ACCOUNT_BACKEND_TYPE
configuration option. It was intended to allow
configuration of different user backends for the ocs service. Right now the ocs service only
has a "cs3" backend. Therefor it's a static entry and not configurable.
Bugfix - Remove unused OCS storage configuration: #3955
We've removed the unused OCS configuration option OCS_STORAGE_USERS_DRIVER
.
Bugfix - Fix the ocis search
command: #3796
We've fixed the behavior for ocis search
, which didn't show further help when not all secrets
have been configured. It also was not possible to start the search service standalone from the
oCIS binary without configuring all oCIS secrets, even they were not needed by the search
service.
Bugfix - Rename search env variable for the grpc server address: #3800
We've fixed the gprc server address configuration environment variable by renaming it from
ACCOUNTS_GRPC_ADDR
to SEARCH_GRPC_ADDR
Bugfix - Fix search in received shares: #4308
We fixed a problem where items in received shares were not found.
Bugfix - Fix make sensitive config values in the proxy's debug server: #4086
We've fixed a security issue of the proxy's debug server config report endpoint. Previously
sensitive configuration values haven't been masked. We now mask these values.
Bugfix - Fix the idm and settings extensions' admin user id configuration option: #3799
We've fixed the admin user id configuration of the settings and idm extensions. The have
previously only been configurable via the oCIS shared configuration and therefore have been
undocumented for the extensions. This config option is now part of both extensions'
configuration and can now also be used when the extensions are compiled standalone.
Bugfix - Substring search for sharees: #547
We fixed searching for sharees to be no longer case-sensitive. With this we introduced two new
settings for the users and groups services: "group_substring_filter_type" for the group
services and "user_substring_filter_type" for the users service. They allow to set the type
of LDAP filter that is used for substring user searches. Possible values are: "initial",
"final" and "any" to do either prefix, suffix or full substring searches. Both settings
default to "initial".
Also a new option "search_min_length" was added for the "frontend" service. It allows to
configure the minimum number of characters to enter before a search for Sharees is started.
This setting is e.g. evaluated by the web ui via the capabilities endpoint.
Bugfix - Fix configuration validation for extensions' server commands: #3911
We've fixed the configuration validation for the extensions' server commands. Before this
fix error messages have occurred when trying to start individual services without certain
oCIS fullstack configuration values.
We now no longer do the common oCIS configuration validation for extensions' server commands
and now rely only on the extensions' validation function.
Bugfix - Fix startup error logging: #4093
We've fixed the startup error logging, so that users will the reason for a failed startup even on
"error" log level. Previously they would only see it on "info" log level. Also in a lot of cases
the reason for the failed shutdown was omitted.
Bugfix - Fix multiple storage-users env variables: #3802
We've fixed multiple environment variable configuration options for the storage-users
extension:
STORAGE_USERS_GRPC_ADDR
was used to configure both the address of the http and grpc server. This resulted in a failing startup of the storage-users extension if this config option is set, because the service tries to double-bind the configured port (one time for each of the http and grpc server). You can now configure the grpc server's address with the environment variable STORAGE_USERS_GRPC_ADDR
and the http server's address with the environment variable STORAGE_USERS_HTTP_ADDR
STORAGE_USERS_S3NG_USERS_PROVIDER_ENDPOINT
was used to configure the permissions service endpoint for the S3NG driver and was therefore renamed to STORAGE_USERS_S3NG_PERMISSIONS_ENDPOINT
STORAGE_USERS_PERMISSION_ENDPOINT
, which was previously only used by the S3NG driver.Bugfix - Thumbnails for /dav/xxx?preview=1
requests: #3567
We've added the thumbnail rendering for /dav/xxx?preview=1
,
/remote.php/webdav/{relative path}?preview=1
and /webdav/{relative path}?preview=1
requests, which was previously not supported because of missing routes. It
now returns the same thumbnails as for /remote.php/dav/xxx?preview=1
.
Bugfix - Fix unrestricted quota on the graphAPI: #4363
Unrestricted quota needs to show 0 on the API. It is not good for clients when the property is
missing.
Bugfix - Fix user autoprovisioning: #3893
We've fixed the autoprovsioning feature that was introduced in beta2. Due to a bug the role
assignment of the privileged user that is used to create accounts wasn't propagated correctly
to the graph
service.
Bugfix - Fix version info: #3953
We've fixed the version info that is displayed when you run:
ocis version
- ocis <extension name> version
Since #2918, these commands returned an empty version only.
Bugfix - Fix version number in status page: #3788
We needed to undo the version number changes on the status page to keep compatibility for legacy
clients. We added a new field productversion
for the actual version of the product.
https://github.com/owncloud/ocis/issues/3788
https://github.com/owncloud/ocis/pull/3805
Bugfix - Fix the webdav URL of drive roots: #3706
Fixed the webdav URL of drive roots in the graph API.
https://github.com/owncloud/ocis/issues/3706
https://github.com/owncloud/ocis/pull/3916
Bugfix - Idp: Check if CA certificate if present: #3623
Upon first start with the default configurtation the idm service creates a server
certificate, that might not be finished before the idp service is starting. Add a check to idp
similar to what the user, group, and auth-providers implement.
Bugfix - Fix graph endpoint: #3925
We have added the memberOf slice to the /users endpoint and the member slice to the /group
endpoint
Bugfix - Escape DN attribute value: #4117
Escaped the DN attribute value on creating users and groups.
Bugfix - Make IDP only wait for certs when using LDAP: #3965
When configuring cs3 as the backend the IDP no longer waits for an LDAP certificate to appear.
Bugfix - Make ocdav service behave properly: #3957
The ocdav service now properly passes the tracing config and shuts down when receiving a kill
signal.
Bugfix - Return proper errors when ocs/cloud/users is using the cs3 backend: #3483
The ocs API was just exiting with a fatal error on any update request, when configured for the cs3
backend. Now it returns a proper error.
Bugfix - Polish search: #4094
We improved the feedback when providing invalid search queries and added support for limiting
the number of results returned.
Bugfix - Save Katherine: #3823
SpaceManager user katherine was removed with the demo user switch. Now she comes back
https://github.com/owncloud/ocis/issues/3823
https://github.com/owncloud/ocis/pull/3824
Bugfix - Fix Thumbnails for IDs without a trailing path: #3791
The routes in the chi router were not matching thumbnail requests without a trailing path.
Bugfix - Space Creators can hand over spaces: #4244
Set no owner on non personal spaces to be able to pass the space manager role to a new user.
Bugfix - URL encode the webdav url in the graph API: #3597
Fixed the webdav URL in the drives responses. Without encoding the URL could be broken by files
with spaces in the file name.
https://github.com/owncloud/ocis/issues/3538
https://github.com/owncloud/ocis/pull/3597
Bugfix - Store user passwords hashed in idm: #3778
Support for hashing user passwords was added to libregraph/idm. The graph API will now set
userpasswords using the LDAP Modify Extended Operation (RFC3062). In the default
configuration passwords will be hashed using the argon2id algorithm.
https://github.com/owncloud/ocis/issues/3778
https://github.com/owncloud/ocis/pull/4053
Change - Update ocis packages and imports to V2: #3678
This needs to be done in preparation for the major version bump in ocis.
Change - Load configuration files just from one directory: #3587
We've changed the configuration file loading behavior and are now only loading configuration
files from ONE single directory. This directory can be set on compile time or via an environment
variable on startup (OCIS_CONFIG_DIR
).
We are using following configuration default paths:
/etc/ocis/
- Binary releases: $HOME/.ocis/config/
Change - Reduce permissions on docker image predeclared volumes: #3641
We've lowered the permissions on the predeclared volumes of the oCIS docker image from 777 to
750.
This change doesn't affect you, unless you use the docker image with the non default uid/guid to
start oCIS (default is 1000:1000).
Change - Introduce ocis init
and remove all default secrets: #3551
We've removed all default secrets and the hardcoded UUID of the user admin
. This means you
can't start oCIS any longer without setting these via environment variable or configuration
file.
In order to make this easy for you, we introduced a new command: ocis init
. You can run this
command before starting oCIS with ocis server
and it will bootstrap you a configuration file
for a secure oCIS instance.
https://github.com/owncloud/ocis/issues/3524
https://github.com/owncloud/ocis/pull/3551
https://github.com/owncloud/ocis/pull/3743
Change - Rename "uploads purge" command to "uploads clean": #4403
We've renamed the storage-users service's "uploads purge" command to "upload clean".
Change - The glauth
and accounts
services are removed: #3685
After switching the default configuration to libregraph/idm we could remove the glauth and
accounts services from the source code (they were already disabled by default with the
previous release)
Change - Reduce drives in graph /me/drives API: #3629
Reduced the drives in the graph /me/drives
API to only the drives the user has access to. The
endpoint /drives
will list all drives when the user has the permission.
Change - Switched default configuration to use libregraph/idm: #3331
We switched the default configuration of oCIS to use the "idm" service (based on
libregraph/idm) as the standard source for user and group information. The accounts and
glauth services are no longer enabled by default and will be removed with an upcoming release.
https://github.com/owncloud/ocis/pull/3331
https://github.com/owncloud/ocis/pull/3633
Change - Rename MetadataUserID: #3671
MetadataUserID is renamed to SystemUserID including yaml tags and env vars
Change - Use new space ID util functions: #3648
Changed code to use the new space ID util functions so that everything works with the new spaces
ID format.
https://github.com/owncloud/ocis/pull/3648
https://github.com/owncloud/ocis/pull/3669
Change - Prevent access to disabled space: #3779
Previously managers where allowed to edit the space even when it is disabled This is no longer
possible
Change - Rename serviceUser to systemUser: #3673
We renamed serviceUser to systemUser in all configs and vars including yaml-tags and env vars
Change - Use the spaceID on the cs3 resource: #4748
We cleaned up the CS3Api to use a proper attribute for the space id.
Change - Split MachineAuth from SystemUser: #3672
We now have two different APIKeys: MachineAuth for the machine-auth service and SystemUser
for the system user used e.g. by settings service
Enhancement - Add capability for alias links: #3983
For better UX clients need a way to discover if alias links are supported by the server. We added a
capability under "files_sharing/public/alias"
https://github.com/owncloud/ocis/issues/3983
https://github.com/owncloud/ocis/pull/3991
Enhancement - Add drives field to users endpoint: #4072
We have added $expand=drives
to the /users/{id}/
endpoint using the user filter
implemented in reva.
https://github.com/owncloud/ocis/pull/4072
https://github.com/cs3org/reva/pull/3046
https://github.com/owncloud/ocis/pull/4323
Enhancement - Add FRONTEND_ENABLE_RESHARING env variable: #4023
We introduced resharing which was enabled by default, this is now configurable and can be
enabled by setting the env FRONTEND_ENABLE_RESHARING
to true
. By default resharing is
now disabled.
Enhancement - Add number of total matches to the search result: #4189
The search service now returns the number of total matches alongside the results.
Enhancement - Align service naming: #3606
We now reflect the configured service names when listing them in the ocis runtime
https://github.com/owncloud/ocis/issues/3603
https://github.com/owncloud/ocis/pull/3606
Enhancement - Add acting user to the audit log: #3753
Added the acting user to the events in the audit log.
https://github.com/owncloud/ocis/issues/3753
https://github.com/owncloud/ocis/pull/3992
Enhancement - Add audit events for created containers: #3941
Handle the event ContainerCreated
in the audit service.
Enhancement - Don't setup demo role assignments on default: #3661
Added a configuration option to explicitly tell the settings service to generate the default
role assignments.
https://github.com/owncloud/ocis/issues/3661
https://github.com/owncloud/ocis/pull/3956
Enhancement - Improve validation of OIDC access tokens: #3841
Previously OIDC access tokes were only validated by requesting the userinfo from the IDP. It is
now possible to enable additional verification if the IDP issues access tokens in JWT format.
In that case the oCIS proxy service will now verify the signature of the token using the public
keys provided by jwks_uri endpoint of the IDP. It will also verify if the issuer claim (iss)
matches the expected values.
The new validation is enabled by setting PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD
to
"jwt". Which is also the default. Setting it to "none" will disable the feature.
https://github.com/owncloud/ocis/issues/3841
https://github.com/owncloud/ocis/pull/4227
Enhancement - Add /app/open-with-web endpoint: #4376
We've added an /app/open-with-web endpoint to the app provider, so that clients that are no
browser or have only limited browser access can also open apps with the help of a Web URL.
https://github.com/owncloud/ocis/pull/4376
https://github.com/cs3org/reva/pull/3143
Enhancement - Added language option to the app provider: #4399
We've added a language option to the app provider which will in the end be passed to the app a user
opens so that the web ui is displayed in the users language.
https://github.com/owncloud/ocis/issues/4367
https://github.com/owncloud/ocis/pull/4399
https://github.com/cs3org/reva/pull/3156
Enhancement - Improve error log for "could not get user by claim" error: #4227
We've improved the error log for "could not get user by claim" error where previously only the
"nil" error has been logged. Now we're logging the message from the transport.
Enhancement - Add configuration options for mail authentication and encryption: #4443
We've added configuration options to configure the authentication and encryption for
sending mails in the notifications service.
Furthermore there is now a distinguished configuration option for the username to use for
authentication against the mail server. This allows you to customize the sender address to
your liking. For example sender addresses like my oCIS instance <[email protected]>
are
now possible, too.
Enhancement - Introduce service registry cache: #3833
We've improved the service registry / service discovery by setting up registry caching (TTL
20s), so that not every requests has to do a lookup on the registry.
Enhancement - Reintroduce user autoprovisioning in proxy: #3860
With the removal of the accounts service autoprovisioning of users upon first login was no
longer possible. We added this feature back for the cs3 user backend in the proxy. Leveraging
the libregraph users API for creating the users.
Enhancement - Added command to reset administrator password: #4084
The new command ocis idm resetpassword
allows to reset the administrator password when ocis
is not running. So it is possible to recover setups where the admin password was lost.
https://github.com/owncloud/ocis/issues/4084
https://github.com/owncloud/ocis/pull/4365
Enhancement - Disable the color logging in docker compose examples: #871
Disabled the color logging in the example docker compose deployments. Although colored logs
are helpful during the development process they may be undesired in other situations like
production deployments, where the logs aren't consumed by humans directly but instead by a log
aggregator.
https://github.com/owncloud/ocis/issues/871
https://github.com/owncloud/ocis/pull/3935
Enhancement - Allow providing list of services NOT to start: #4254
Until now if one wanted to use a custom version of a service, one needed to provide
OCIS_RUN_SERVICES
which is a list of all services to start. Now one can provide
OCIS_EXCLUDE_RUN_SERVICES
which is a list of only services not to start
Enhancement - Introduce insecure flag for smtp email notifications: #4279
We've introduced the NOTIFICATIONS_SMTP_INSECURE
configuration option, that let's you
skip certificate verification for smtp email servers.
Enhancement - Optional events in graph service: #55555
We've changed the graph service so that you also can start it without any event bus. Therefore
you need to set GRAPH_EVENTS_ENDPOINT
to an empty string. The graph API will not emit any
events in this case.
Enhancement - Fix behavior for foobar (in present tense): #4346
We've added the configuration option PROXY_OIDC_REWRITE_WELLKNOWN
to rewrite the
/.well-known/openid-configuration
endpoint. If active, it serves the
/.well-known/openid-configuration
response of the original IDP configured in
OCIS_OIDC_ISSUER
/ PROXY_OIDC_ISSUER
. This is needed so that the Desktop Client,
Android Client and iOS Client can discover the OIDC identity provider.
Previously this rewrite needed to be performed with an external proxy as NGINX or Traefik if an
external IDP was used.
https://github.com/owncloud/ocis/issues/2819
https://github.com/owncloud/ocis/issues/3280
https://github.com/owncloud/ocis/pull/4346
Enhancement - Add config option to provide TLS certificate: #3818
Added a config option to the graph service to provide a TLS certificate to be used to verify the
LDAP server certificate.
https://github.com/owncloud/ocis/issues/3818
https://github.com/owncloud/ocis/pull/3888
Enhancement - Add descriptions for graph-explorer config: #3759
Added descriptions tags to the graph-explorer config tags so that they will be included in the
documentation.
Enhancement - Add /me/changePassword endpoint to GraphAPI: #3063
When using the builtin user management, allow users to update their own password via the
graph/v1.0/me/changePassword endpoint.
https://github.com/owncloud/ocis/issues/3063
https://github.com/owncloud/ocis/pull/3705
Enhancement - Generate signing key and encryption secret: #3909
The idp service now automatically generates a signing key and encryption secret when they
don't exist. This will enable service restarts without invalidating existing sessions.
https://github.com/owncloud/ocis/issues/3909
https://github.com/owncloud/ocis/pull/4022
Enhancement - Update IdP UI: #3493
Updated our fork of the lico IdP UI. This also updated the used npm dependencies. The design
didn't change.
https://github.com/owncloud/ocis/issues/3493
https://github.com/owncloud/ocis/pull/4074
Enhancement - Wrap metadata storage with dedicated reva gateway: #3602
We wrapped the metadata storage in a minimal reva instance with a dedicated gateway, including
static storage registry, static auth registry, in memory userprovider, machine
authprovider and demo permissions service. This allows us to preconfigure the service user
for the ocis settings service, share and public share providers.
https://github.com/owncloud/ocis/pull/3602
https://github.com/owncloud/ocis/pull/3647
Enhancement - New migrate command for migrating shares and public shares: #3987
We added a new migrate
subcommand which can be used to migrate shares and public shares
between different share and publicshare managers.
https://github.com/owncloud/ocis/pull/3987
https://github.com/owncloud/ocis/pull/4019
Enhancement - Add missing unprotected paths: #4454
Added missing unprotected paths for the text-editor, preview, pdf-viewer, draw-io and
index.html to the authentication middleware.
https://github.com/owncloud/ocis/pull/4454
https://github.com/owncloud/ocis/pull/4458
Enhancement - Product field in OCS version: #2918
We've added a new field to the OCS Version, which is supposed to announce the product name. The
web ui as a client will make use of it to make the backend product and version available (e.g. for
easier bug reports).
Enhancement - Refactor extensions to services: #3980
We have decided to name all extensions, we maintain and provide with ocis, services from here on
to avoid confusion between external extensions and code we provide and maintain.
Enhancement - Allow resharing: #3904
This will allow resharing files
Enhancement - Rewrite of the request authentication middleware: #4374
There were some flaws in the authentication middleware which were resolved by this rewrite.
This rewrite also introduced the need to manually mark certain paths as "unprotected" if
requests to these paths must not be authenticated.
Enhancement - Add initial version of the search extensions: #3635
It is now possible to search for files and directories by their name using the web UI. Therefor
new search extension indexes files in a persistent local index.
Enhancement - Add capability for public link single file edit: #6787
It is now possible to share a single file by link with edit permissions. Therefore we need a
public share capability to enable that feature in the clients. At the same time, we improved the
WebDAV permissions for public links.
https://github.com/owncloud/web/pull/6787
https://github.com/owncloud/ocis/pull/3538
Enhancement - Added share_jail
and projects
feature flags in spaces capability: #3626
We've added feature flags to the spaces
capability to indicate to clients which features are
supposed to be shown to users.
Enhancement - Use storageID when requesting special items: #4356
We need to use the storageID when requesting the special items of a space to spare a registry
lookup and improve the performance
Enhancement - Add description tags to the thumbnails config structs: #3752
Added description tags to the config structs in the thumbnails service so they will be included
in the config documentation.
Important If you ran ocis init
with the v2.0.0-alpha*
version then you have to manually add the transfer_secret
to the ocis.yaml.
Just open the ocis.yaml
config file and look for the thumbnails section. Then add a random
transfer_secret
so that it looks like this:
yaml thumbnails: thumbnail: transfer_secret: <put random value here>
Enhancement - Make thumbnails service log less noisy: #3959
Reduced the log severity when no thumbnail was found from warn to debug. This reduces the spam in
the logs.
Enhancement - Update linkshare capabilities: #3579
We have updated the capabilities regarding password enforcement and expiration dates of
public links. They were previously hardcoded in a way that didn't reflect the actual backend
functionality anymore.
Enhancement - Update reva: #3944
Changelog for reva 2.6.1 (2022-06-27) =======================================
The following sections list the changes in reva 2.6.1 relevant to reva users. The changes are
ordered by importance.
Summary -------
Changelog for reva 2.6.0 (2022-06-21) =======================================
The following sections list the changes in reva 2.6.0 relevant to reva users. The changes are
ordered by importance.
https://github.com/owncloud/ocis/pull/3944
https://github.com/owncloud/ocis/pull/3975
https://github.com/owncloud/ocis/pull/3982
https://github.com/owncloud/ocis/pull/4000
https://github.com/owncloud/ocis/pull/4006
Enhancement - Update reva to version 2.7.2: #4115
Changelog for reva 2.7.2 (2022-07-18) =======================================
Changelog for reva 2.7.1 (2022-07-15) =======================================
Changelog for reva 2.7.0 (2022-07-15) =======================================
https://github.com/owncloud/ocis/pull/4115
https://github.com/owncloud/ocis/pull/4201
https://github.com/owncloud/ocis/pull/4203
https://github.com/owncloud/ocis/pull/4025
https://github.com/owncloud/ocis/pull/4211
Enhancement - Update reva to v2.7.4: #4294
Updated reva to version 2.7.4 This update includes:
Updated reva to version 2.7.3 This update includes:
Https://github.com/owncloud/ocis/pull/4272
https://github.com/cs3org/reva/pull/3096 https://github.com/cs3org/reva/pull/4315
https://github.com/owncloud/ocis/pull/4294
https://github.com/owncloud/ocis/pull/4330
https://github.com/owncloud/ocis/pull/4369
Enhancement - Update reva to v2.8.0: #4444
Updated reva to version 2.8.0. This update includes:
Enhancement - Update reva to version 2.4.1: #3746
Changelog for reva 2.4.1 (2022-05-24) =======================================
The following sections list the changes in reva 2.4.1 relevant to reva users. The changes are
ordered by importance.
Summary -------
Changelog for reva 2.4.0 (2022-05-24) =======================================
The following sections list the changes in reva 2.4.0 relevant to reva users. The changes are
ordered by importance.
Summary -------
https://github.com/owncloud/ocis/pull/3746
https://github.com/owncloud/ocis/pull/3771
https://github.com/owncloud/ocis/pull/3778
https://github.com/owncloud/ocis/pull/3842
https://github.com/owncloud/ocis/pull/3854
https://github.com/owncloud/ocis/pull/3858
https://github.com/owncloud/ocis/pull/3867
Enhancement - Update reva to version 2.5.1: #3932
Changelog for reva 2.5.1 (2022-06-08) =======================================
The following sections list the changes in reva 2.5.1 relevant to reva users. The changes are
ordered by importance.
Summary -------
Changelog for reva 2.5.0 (2022-06-07) =======================================
The following sections list the changes in reva 2.5.0 relevant to reva users. The changes are
ordered by importance.
Summary -------
https://github.com/owncloud/ocis/pull/3932
https://github.com/owncloud/ocis/pull/3928
https://github.com/owncloud/ocis/pull/3922
Enhancement - Update reva to v2.3.1: #3552
Updated reva to version 2.3.1. This update includes
Updated reva to version 2.3.0. This update includes:
https://github.com/owncloud/ocis/issues/3621
https://github.com/owncloud/ocis/pull/3552
https://github.com/owncloud/ocis/pull/3570
https://github.com/owncloud/ocis/pull/3601
https://github.com/owncloud/ocis/pull/3602
https://github.com/owncloud/ocis/pull/3605
https://github.com/owncloud/ocis/pull/3611
https://github.com/owncloud/ocis/pull/3637
https://github.com/owncloud/ocis/pull/3652
https://github.com/owncloud/ocis/pull/3681
Enhancement - Update ownCloud Web to v5.5.0-rc.8: #6854
Tags: web
We updated ownCloud Web to v5.5.0-rc.8. Please refer to the changelog (linked) for details on
the web release.
https://github.com/owncloud/web/pull/6854
https://github.com/owncloud/ocis/pull/3844
https://github.com/owncloud/ocis/pull/3862
https://github.com/owncloud/web/releases/tag/v5.5.0-rc.8
Enhancement - Update ownCloud Web to v5.5.0-rc.9: #6854
Tags: web
We updated ownCloud Web to v5.5.0-rc.9. Please refer to the changelog (linked) for details on
the web release.
Summary -------
https://github.com/owncloud/web/pull/6854
https://github.com/owncloud/ocis/pull/3927
https://github.com/owncloud/web/releases/tag/v5.5.0-rc.9
Enhancement - Update ownCloud Web to v5.5.0-rc.6: #6854
Tags: web
We updated ownCloud Web to v5.5.0-rc.6. Please refer to the changelog (linked) for details on
the web release.
https://github.com/owncloud/web/pull/6854
https://github.com/owncloud/ocis/pull/3664
https://github.com/owncloud/ocis/pull/3680
https://github.com/owncloud/ocis/pull/3727
https://github.com/owncloud/ocis/pull/3747
https://github.com/owncloud/ocis/pull/3797
https://github.com/owncloud/web/releases/tag/v5.5.0-rc.6
Enhancement - Update ownCloud Web to v5.7.0-rc.1: #4005
Tags: web
We updated ownCloud Web to v5.7.0-rc.1. Please refer to the changelog (linked) for details on
the web release.
https://github.com/owncloud/ocis/pull/4005
https://github.com/owncloud/web/pull/7158
https://github.com/owncloud/ocis/pull/3990
https://github.com/owncloud/web/pull/6854
https://github.com/owncloud/web/releases/tag/v5.7.0-rc.1
Enhancement - Update ownCloud Web to v5.7.0-rc.4: #4140
Tags: web
We updated ownCloud Web to v5.7.0-rc.4. Please refer to the changelog (linked) for details on
the web release.
https://github.com/owncloud/ocis/pull/4140
https://github.com/owncloud/web/releases/tag/v5.7.0-rc.4
Enhancement - Update ownCloud Web to v5.7.0-rc.8: #4314
Tags: web
We updated ownCloud Web to v5.7.0-rc.9. Please refer to the changelog (linked) for details on
the web release.
preview
apphttps://github.com/owncloud/ocis/pull/4314
https://github.com/owncloud/web/releases/tag/v5.7.0-rc.8
Enhancement - Update ownCloud Web to v5.7.0-rc.10: #4439
Tags: web
We updated ownCloud Web to v5.7.0-rc.10. Please refer to the changelog (linked) for details on
the web release.
https://github.com/owncloud/ocis/pull/4439
https://github.com/owncloud/web/releases/tag/v5.7.0-rc.10
Enhancement - Expand personal drive on the graph user: #4357
We can now list the personal drive on the users endpoint via the graph API. A user can add an
$expand=drive
query to list the personal drive of the requested user.
Enhancement - Add descriptions to webdav configuration: #3755
Added descriptions to webdav config structs to include them in the config documentation.
Enhancement - Search service at the old webdav endpoint: #4118
We made the search service available for legacy clients at the old webdav endpoint.
Published by ownclouders about 2 years ago
OCIS_RUN_SERVICES
: #4133
GRAPH_SPACES_INSECURE
: #55555
ocis search
command: #3796
/dav/xxx?preview=1
requests: #3567
ocis init
and remove all default secrets: #3551
glauth
and accounts
services are removed: #3685
share_jail
and projects
feature flags in spaces capability: #3626
Bugfix - Fix DN parsing issues and sizelimit handling in libregraph/idm: #3631
We fixed a couple on issues in libregraph/idm related to correctly parsing LDAP DNs for
usernames contain characters that require escaping.
Also libregraph/idm was not properly returning "Size limit exceeded" errors when the result
set exceeded the requested size.
https://github.com/owncloud/ocis/issues/3631
https://github.com/owncloud/ocis/issues/4039
https://github.com/owncloud/ocis/issues/4078
Bugfix - Remove runtime kill and run commands: #3740
We've removed the kill and run commands from the oCIS runtime. If these dynamic capabilities
are needed, one should switch to a full fledged supervisor and start oCIS as individual
services.
If one wants to start a only a subset of services, this is still possible by setting
OCIS_RUN_EXTENSIONS.
Bugfix - Check permissions when deleting Space: #3709
Check for manager permissions when deleting spaces. Do not allow deleting spaces via dav
service
Bugfix - Logging in on the wrong account when an email address is not unique: #4039
The default configuration to use the same logon attribute for all services. Also, if the
configured logon attribute is not unique access to ocis is denied.
Bugfix - Allow empty environment variables: #3892
We've fixed the behavior for empty environment variables, that previously would not have
overwritten default values. Therefore it had the same effect like not setting the environment
variable. We now check if the environment variable is set at all and if so, we also allow to
override a default value with an empty value.
Bugfix - Remove unused transfer secret from app provider: #3798
We've fixed the startup of the app provider by removing the startup dependency on a configured
transfer secret, which was not used. This only happend if you start the app provider without
runtime (eg. ocis app-provider server
) and didn't have configured all oCIS secrets.
Bugfix - Make IDP secrets configurable via environment variables: #3744
We've fixed the configuration options of the IDP to make the IDP secrets again configurable via
environment variables.
Bugfix - CSP rules for silent token refresh in iframe: #4031
When renewing the access token silently web needs to be opened in an iframe. This was previously
blocked by a restrictive iframe CSP rule in the Secure
middleware and has now been fixed by
allow self
for iframes.
https://github.com/owncloud/web/issues/7030
https://github.com/owncloud/ocis/pull/4031
Bugfix - Enable debug server by default: #3827
We've fixed the behavior for the audit, idm, nats and notifications extensions, that did not
start their debug server by default.
Bugfix - Rework default role provisioning: #3900
We fixed a race condition in the default role assignment code that could lead to users loosing
privileges. When authenticating before the settings service was fully running.
Bugfix - Fix search index getting out of sync: #3851
We fixed a problem where the search index got out of sync with child elements of a parent
containing special characters.
Bugfix - Inconsistency env var naming for LDAP filter configuration: #3890
There was a naming inconsitency for the enviroment variables used to define LDAP filters for
user and groups queries. Some services used LDAP_USER_FILTER
while others used
LDAP_USERFILTER
. This is now changed to use LDAP_USER_FILTER
and LDAP_GROUP_FILTER
.
Note: If your oCIS setup is using an LDAP configuration that has any of the *_LDAP_USERFILTER
or *_LDAP_GROUPFILTER
environment variables set, please update the configuration to use
the new unified names *_LDAP_USER_FILTER
respectively *_LDAP_GROUP_FILTER
instead.
Bugfix - Fix LDAP insecure options: #3897
We've fixed multiple LDAP insecure options:
true
and now defaults to false
. This is possible after #3888, since the Graph also now uses the LDAP CAcert by default.OCIS_INSECURE
, which was replaced by the dedicated LDAP_INSECURE
variable. This variable is also used by all other services using LDAP.LDAP_INSECURE
.Bugfix - Fix handling of invalid LDAP users and groups: #4274
We fixed an issue where ocis would exit with a panic when LDAP users or groups where missing
required attributes (e.g. the id)
Bugfix - Fix logging levels: #4102
We've fixed the configuration of logging levels. Previously it was not possible to configure a
service with a more or less verbose log level then all other services when running in the
supervised / runtime mode ocis server
.
For example OCIS_LOG_LEVEL=error PROXY_LOG_LEVEL=debug ocis server
did not configure
error logging for all services except the proxy, which should be on debug logging. This is now
fixed and working properly.
Also we fixed the format of go-micro logs to always default to error level. Previously this was
only ensured in the supervised / runtime mode.
https://github.com/owncloud/ocis/issues/4089
https://github.com/owncloud/ocis/pull/4102
Bugfix - Fix OCIS_RUN_SERVICES
: #4133
OCIS_RUN_SERVICES
was introduced as successor to OCIS_RUN_EXTENSIONS
because we
wanted to call oCIS "core" extensions services. We kept OCIS_RUN_EXTENSIONS
for backwards
compatibility reasons.
It turned out, that setting OCIS_RUN_SERVICES
has no effect since introduced.
OCIS_RUN_EXTENSIONS
. OCIS_RUN_EXTENSIONS
was working fine all the time.
We now fixed OCIS_RUN_SERVICES
, so that you can use it as a equivalent replacement for
OCIS_RUN_EXTENSIONS
Bugfix - Set default name for public link via capabilities: #3834
We have now added a default name for public link shares which is communicated via the
capabilities.
https://github.com/owncloud/ocis/issues/1237
https://github.com/owncloud/ocis/pull/3834
Bugfix - Remove legacy accounts proxy routes: #3831
We've removed the legacy accounts routes from the proxy default config. There were no longer
used since the switch to IDM as the default user backend. Also accounts is no longer part of the
oCIS binary and therefore should not be part of the proxy default route config.
Bugfix - Fix unused config option GRAPH_SPACES_INSECURE
: #55555
We've removed the unused config option GRAPH_SPACES_INSECURE
from the GRAPH service.
Bugfix - Remove unused configuration options: #3973
We've removed multiple unused configuration options:
STORAGE_SYSTEM_DATAPROVIDER_INSECURE
, see also cs3org/reva#2993 -STORAGE_USERS_DATAPROVIDER_INSECURE
, see also cs3org/reva#2993 -STORAGE_SYSTEM_TEMP_FOLDER
, see also cs3org/reva#2993 -STORAGE_USERS_TEMP_FOLDER
, see also cs3org/reva#2993 - WEB_UI_CONFIG_VERSION
, seeGATEWAY_COMMIT_SHARE_TO_STORAGE_REF
, see alsoBugfix - Remove static ocs user backend config: #4077
We've remove the OCS_ACCOUNT_BACKEND_TYPE
configuration option. It was intended to allow
configuration of different user backends for the ocs service. Right now the ocs service only
has a "cs3" backend. Therefor it's a static entry and not configurable.
Bugfix - Remove unused OCS storage configuration: #3955
We've removed the unused OCS configuration option OCS_STORAGE_USERS_DRIVER
.
Bugfix - Fix the ocis search
command: #3796
We've fixed the behavior for ocis search
, which didn't show further help when not all secrets
have been configured. It also was not possible to start the search service standalone from the
oCIS binary without configuring all oCIS secrets, even they were not needed by the search
service.
Bugfix - Rename search env variable for the grpc server address: #3800
We've fixed the gprc server address configuration environment variable by renaming it from
ACCOUNTS_GRPC_ADDR
to SEARCH_GRPC_ADDR
Bugfix - Fix search in received shares: #4308
We fixed a problem where items in received shares were not found.
Bugfix - Fix make sensitive config values in the proxy's debug server: #4086
We've fixed a security issue of the proxy's debug server config report endpoint. Previously
sensitive configuration values haven't been masked. We now mask these values.
Bugfix - Fix the idm and settings extensions' admin user id configuration option: #3799
We've fixed the admin user id configuration of the settings and idm extensions. The have
previously only been configurable via the oCIS shared configuration and therefore have been
undocumented for the extensions. This config option is now part of both extensions'
configuration and can now also be used when the extensions are compiled standalone.
Bugfix - Substring search for sharees: #547
We fixed searching for sharees to be no longer case-sensitive. With this we introduced two new
settings for the users and groups services: "group_substring_filter_type" for the group
services and "user_substring_filter_type" for the users service. They allow to set the type
of LDAP filter that is used for substring user searches. Possible values are: "initial",
"final" and "any" to do either prefix, suffix or full substring searches. Both settings
default to "initial".
Also a new option "search_min_length" was added for the "frontend" service. It allows to
configure the minimum number of characters to enter before a search for Sharees is started.
This setting is e.g. evaluated by the web ui via the capabilities endpoint.
Bugfix - Fix configuration validation for extensions' server commands: #3911
We've fixed the configuration validation for the extensions' server commands. Before this
fix error messages have occurred when trying to start individual services without certain
oCIS fullstack configuration values.
We now no longer do the common oCIS configuration validation for extensions' server commands
and now rely only on the extensions' validation function.
Bugfix - Fix startup error logging: #4093
We've fixed the startup error logging, so that users will the reason for a failed startup even on
"error" log level. Previously they would only see it on "info" log level. Also in a lot of cases
the reason for the failed shutdown was omitted.
Bugfix - Fix multiple storage-users env variables: #3802
We've fixed multiple environment variable configuration options for the storage-users
extension:
STORAGE_USERS_GRPC_ADDR
was used to configure both the address of the http and grpc server. This resulted in a failing startup of the storage-users extension if this config option is set, because the service tries to double-bind the configured port (one time for each of the http and grpc server). You can now configure the grpc server's address with the environment variable STORAGE_USERS_GRPC_ADDR
and the http server's address with the environment variable STORAGE_USERS_HTTP_ADDR
STORAGE_USERS_S3NG_USERS_PROVIDER_ENDPOINT
was used to configure the permissions service endpoint for the S3NG driver and was therefore renamed to STORAGE_USERS_S3NG_PERMISSIONS_ENDPOINT
STORAGE_USERS_PERMISSION_ENDPOINT
, which was previously only used by the S3NG driver.Bugfix - Thumbnails for /dav/xxx?preview=1
requests: #3567
We've added the thumbnail rendering for /dav/xxx?preview=1
,
/remote.php/webdav/{relative path}?preview=1
and /webdav/{relative path}?preview=1
requests, which was previously not supported because of missing routes. It
now returns the same thumbnails as for /remote.php/dav/xxx?preview=1
.
Bugfix - Fix unrestricted quota on the graphAPI: #4363
Unrestricted quota needs to show 0 on the API. It is not good for clients when the property is
missing.
Bugfix - Fix user autoprovisioning: #3893
We've fixed the autoprovsioning feature that was introduced in beta2. Due to a bug the role
assignment of the privileged user that is used to create accounts wasn't propagated correctly
to the graph
service.
Bugfix - Fix version info: #3953
We've fixed the version info that is displayed when you run:
ocis version
- ocis <extension name> version
Since #2918, these commands returned an empty version only.
Bugfix - Fix version number in status page: #3788
We needed to undo the version number changes on the status page to keep compatibility for legacy
clients. We added a new field productversion
for the actual version of the product.
https://github.com/owncloud/ocis/issues/3788
https://github.com/owncloud/ocis/pull/3805
Bugfix - Fix the webdav URL of drive roots: #3706
Fixed the webdav URL of drive roots in the graph API.
https://github.com/owncloud/ocis/issues/3706
https://github.com/owncloud/ocis/pull/3916
Bugfix - Idp: Check if CA certificate if present: #3623
Upon first start with the default configurtation the idm service creates a server
certificate, that might not be finished before the idp service is starting. Add a check to idp
similar to what the user, group, and auth-providers implement.
Bugfix - Fix graph endpoint: #3925
We have added the memberOf slice to the /users endpoint and the member slice to the /group
endpoint
Bugfix - Escape DN attribute value: #4117
Escaped the DN attribute value on creating users and groups.
Bugfix - Make IDP only wait for certs when using LDAP: #3965
When configuring cs3 as the backend the IDP no longer waits for an LDAP certificate to appear.
Bugfix - Make ocdav service behave properly: #3957
The ocdav service now properly passes the tracing config and shuts down when receiving a kill
signal.
Bugfix - Return proper errors when ocs/cloud/users is using the cs3 backend: #3483
The ocs API was just exiting with a fatal error on any update request, when configured for the cs3
backend. Now it returns a proper error.
Bugfix - Polish search: #4094
We improved the feedback when providing invalid search queries and added support for limiting
the number of results returned.
Bugfix - Save Katherine: #3823
SpaceManager user katherine was removed with the demo user switch. Now she comes back
https://github.com/owncloud/ocis/issues/3823
https://github.com/owncloud/ocis/pull/3824
Bugfix - Fix Thumbnails for IDs without a trailing path: #3791
The routes in the chi router were not matching thumbnail requests without a trailing path.
Bugfix - Space Creators can hand over spaces: #4244
Set no owner on non personal spaces to be able to pass the space manager role to a new user.
Bugfix - URL encode the webdav url in the graph API: #3597
Fixed the webdav URL in the drives responses. Without encoding the URL could be broken by files
with spaces in the file name.
https://github.com/owncloud/ocis/issues/3538
https://github.com/owncloud/ocis/pull/3597
Bugfix - Store user passwords hashed in idm: #3778
Support for hashing user passwords was added to libregraph/idm. The graph API will now set
userpasswords using the LDAP Modify Extended Operation (RFC3062). In the default
configuration passwords will be hashed using the argon2id algorithm.
https://github.com/owncloud/ocis/issues/3778
https://github.com/owncloud/ocis/pull/4053
Change - Update ocis packages and imports to V2: #3678
This needs to be done in preparation for the major version bump in ocis.
Change - Load configuration files just from one directory: #3587
We've changed the configuration file loading behavior and are now only loading configuration
files from ONE single directory. This directory can be set on compile time or via an environment
variable on startup (OCIS_CONFIG_DIR
).
We are using following configuration default paths:
/etc/ocis/
- Binary releases: $HOME/.ocis/config/
Change - Reduce permissions on docker image predeclared volumes: #3641
We've lowered the permissions on the predeclared volumes of the oCIS docker image from 777 to
750.
This change doesn't affect you, unless you use the docker image with the non default uid/guid to
start oCIS (default is 1000:1000).
Change - Introduce ocis init
and remove all default secrets: #3551
We've removed all default secrets and the hardcoded UUID of the user admin
. This means you
can't start oCIS any longer without setting these via environment variable or configuration
file.
In order to make this easy for you, we introduced a new command: ocis init
. You can run this
command before starting oCIS with ocis server
and it will bootstrap you a configuration file
for a secure oCIS instance.
https://github.com/owncloud/ocis/issues/3524
https://github.com/owncloud/ocis/pull/3551
https://github.com/owncloud/ocis/pull/3743
Change - The glauth
and accounts
services are removed: #3685
After switching the default configuration to libregraph/idm we could remove the glauth and
accounts services from the source code (they were already disabled by default with the
previous release)
Change - Reduce drives in graph /me/drives API: #3629
Reduced the drives in the graph /me/drives
API to only the drives the user has access to. The
endpoint /drives
will list all drives when the user has the permission.
Change - Switched default configuration to use libregraph/idm: #3331
We switched the default configuration of oCIS to use the "idm" service (based on
libregraph/idm) as the standard source for user and group information. The accounts and
glauth services are no longer enabled by default and will be removed with an upcoming release.
https://github.com/owncloud/ocis/pull/3331
https://github.com/owncloud/ocis/pull/3633
Change - Rename MetadataUserID: #3671
MetadataUserID is renamed to SystemUserID including yaml tags and env vars
Change - Use new space ID util functions: #3648
Changed code to use the new space ID util functions so that everything works with the new spaces
ID format.
https://github.com/owncloud/ocis/pull/3648
https://github.com/owncloud/ocis/pull/3669
Change - Prevent access to disabled space: #3779
Previously managers where allowed to edit the space even when it is disabled This is no longer
possible
Change - Rename serviceUser to systemUser: #3673
We renamed serviceUser to systemUser in all configs and vars including yaml-tags and env vars
Change - Use the spaceID on the cs3 resource: #4748
We cleaned up the CS3Api to use a proper attribute for the space id.
Change - Split MachineAuth from SystemUser: #3672
We now have two different APIKeys: MachineAuth for the machine-auth service and SystemUser
for the system user used e.g. by settings service
Enhancement - Add capability for alias links: #3983
For better UX clients need a way to discover if alias links are supported by the server. We added a
capability under "files_sharing/public/alias"
https://github.com/owncloud/ocis/issues/3983
https://github.com/owncloud/ocis/pull/3991
Enhancement - Add drives field to users endpoint: #4072
We have added $expand=drives
to the /users/{id}/
endpoint using the user filter
implemented in reva.
https://github.com/owncloud/ocis/pull/4072
https://github.com/cs3org/reva/pull/3046
https://github.com/owncloud/ocis/pull/4323
Enhancement - Add FRONTEND_ENABLE_RESHARING env variable: #4023
We introduced resharing which was enabled by default, this is now configurable and can be
enabled by setting the env FRONTEND_ENABLE_RESHARING
to true
. By default resharing is
now disabled.
Enhancement - Add number of total matches to the search result: #4189
The search service now returns the number of total matches alongside the results.
Enhancement - Align service naming: #3606
We now reflect the configured service names when listing them in the ocis runtime
https://github.com/owncloud/ocis/issues/3603
https://github.com/owncloud/ocis/pull/3606
Enhancement - Add acting user to the audit log: #3753
Added the acting user to the events in the audit log.
https://github.com/owncloud/ocis/issues/3753
https://github.com/owncloud/ocis/pull/3992
Enhancement - Add audit events for created containers: #3941
Handle the event ContainerCreated
in the audit service.
Enhancement - Don't setup demo role assignments on default: #3661
Added a configuration option to explicitly tell the settings service to generate the default
role assignments.
https://github.com/owncloud/ocis/issues/3661
https://github.com/owncloud/ocis/pull/3956
Enhancement - Improve validation of OIDC access tokens: #3841
Previously OIDC access tokes were only validated by requesting the userinfo from the IDP. It is
now possible to enable additional verification if the IDP issues access tokens in JWT format.
In that case the oCIS proxy service will now verify the signature of the token using the public
keys provided by jwks_uri endpoint of the IDP. It will also verify if the issuer claim (iss)
matches the expected values.
The new validation is enabled by setting PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD
to
"jwt". Which is also the default. Setting it to "none" will disable the feature.
https://github.com/owncloud/ocis/issues/3841
https://github.com/owncloud/ocis/pull/4227
Enhancement - Improve error log for "could not get user by claim" error: #4227
We've improved the error log for "could not get user by claim" error where previously only the
"nil" error has been logged. Now we're logging the message from the transport.
Enhancement - Introduce service registry cache: #3833
We've improved the service registry / service discovery by setting up registry caching (TTL
20s), so that not every requests has to do a lookup on the registry.
Enhancement - Reintroduce user autoprovisioning in proxy: #3860
With the removal of the accounts service autoprovisioning of users upon first login was no
longer possible. We added this feature back for the cs3 user backend in the proxy. Leveraging
the libregraph users API for creating the users.
Enhancement - Disable the color logging in docker compose examples: #871
Disabled the color logging in the example docker compose deployments. Although colored logs
are helpful during the development process they may be undesired in other situations like
production deployments, where the logs aren't consumed by humans directly but instead by a log
aggregator.
https://github.com/owncloud/ocis/issues/871
https://github.com/owncloud/ocis/pull/3935
Enhancement - Allow providing list of services NOT to start: #4254
Until now if one wanted to use a custom version of a service, one needed to provide
OCIS_RUN_SERVICES
which is a list of all services to start. Now one can provide
OCIS_EXCLUDE_RUN_SERVICES
which is a list of only services not to start
Enhancement - Introduce insecure flag for smtp email notifications: #4279
We've introduced the NOTIFICATIONS_SMTP_INSECURE
configuration option, that let's you
skip certificate verification for smtp email servers.
Enhancement - Optional events in graph service: #55555
We've changed the graph service so that you also can start it without any event bus. Therefore
you need to set GRAPH_EVENTS_ENDPOINT
to an empty string. The graph API will not emit any
events in this case.
Enhancement - Fix behavior for foobar (in present tense): #4346
We've added the configuration option PROXY_OIDC_REWRITE_WELLKNOWN
to rewrite the
/.well-known/openid-configuration
endpoint. If active, it serves the
/.well-known/openid-configuration
response of the original IDP configured in
OCIS_OIDC_ISSUER
/ PROXY_OIDC_ISSUER
. This is needed so that the Desktop Client,
Android Client and iOS Client can discover the OIDC identity provider.
Previously this rewrite needed to be performed with an external proxy as NGINX or Traefik if an
external IDP was used.
https://github.com/owncloud/ocis/issues/2819
https://github.com/owncloud/ocis/issues/3280
https://github.com/owncloud/ocis/pull/4346
Enhancement - Add config option to provide TLS certificate: #3818
Added a config option to the graph service to provide a TLS certificate to be used to verify the
LDAP server certificate.
https://github.com/owncloud/ocis/issues/3818
https://github.com/owncloud/ocis/pull/3888
Enhancement - Add descriptions for graph-explorer config: #3759
Added descriptions tags to the graph-explorer config tags so that they will be included in the
documentation.
Enhancement - Add /me/changePassword endpoint to GraphAPI: #3063
When using the builtin user management, allow users to update their own password via the
graph/v1.0/me/changePassword endpoint.
https://github.com/owncloud/ocis/issues/3063
https://github.com/owncloud/ocis/pull/3705
Enhancement - Generate signing key and encryption secret: #3909
The idp service now automatically generates a signing key and encryption secret when they
don't exist. This will enable service restarts without invalidating existing sessions.
https://github.com/owncloud/ocis/issues/3909
https://github.com/owncloud/ocis/pull/4022
Enhancement - Update IdP UI: #3493
Updated our fork of the lico IdP UI. This also updated the used npm dependencies. The design
didn't change.
https://github.com/owncloud/ocis/issues/3493
https://github.com/owncloud/ocis/pull/4074
Enhancement - Wrap metadata storage with dedicated reva gateway: #3602
We wrapped the metadata storage in a minimal reva instance with a dedicated gateway, including
static storage registry, static auth registry, in memory userprovider, machine
authprovider and demo permissions service. This allows us to preconfigure the service user
for the ocis settings service, share and public share providers.
https://github.com/owncloud/ocis/pull/3602
https://github.com/owncloud/ocis/pull/3647
Enhancement - New migrate command for migrating shares and public shares: #3987
We added a new migrate
subcommand which can be used to migrate shares and public shares
between different share and publicshare managers.
https://github.com/owncloud/ocis/pull/3987
https://github.com/owncloud/ocis/pull/4019
Enhancement - Product field in OCS version: #2918
We've added a new field to the OCS Version, which is supposed to announce the product name. The
web ui as a client will make use of it to make the backend product and version available (e.g. for
easier bug reports).
Enhancement - Refactor extensions to services: #3980
We have decided to name all extensions, we maintain and provide with ocis, services from here on
to avoid confusion between external extensions and code we provide and maintain.
Enhancement - Allow resharing: #3904
This will allow resharing files
Enhancement - Add initial version of the search extensions: #3635
It is now possible to search for files and directories by their name using the web UI. Therefor
new search extension indexes files in a persistent local index.
Enhancement - Add capability for public link single file edit: #6787
It is now possible to share a single file by link with edit permissions. Therefore we need a
public share capability to enable that feature in the clients. At the same time, we improved the
WebDAV permissions for public links.
https://github.com/owncloud/web/pull/6787
https://github.com/owncloud/ocis/pull/3538
Enhancement - Added share_jail
and projects
feature flags in spaces capability: #3626
We've added feature flags to the spaces
capability to indicate to clients which features are
supposed to be shown to users.
Enhancement - Use storageID when requesting special items: #4356
We need to use the storageID when requesting the special items of a space to spare a registry
lookup and improve the performance
Enhancement - Add description tags to the thumbnails config structs: #3752
Added description tags to the config structs in the thumbnails service so they will be included
in the config documentation.
Important If you ran ocis init
with the v2.0.0-alpha*
version then you have to manually add the transfer_secret
to the ocis.yaml.
Just open the ocis.yaml
config file and look for the thumbnails section. Then add a random
transfer_secret
so that it looks like this:
yaml thumbnails: thumbnail: transfer_secret: <put random value here>
Enhancement - Make thumbnails service log less noisy: #3959
Reduced the log severity when no thumbnail was found from warn to debug. This reduces the spam in
the logs.
Enhancement - Update linkshare capabilities: #3579
We have updated the capabilities regarding password enforcement and expiration dates of
public links. They were previously hardcoded in a way that didn't reflect the actual backend
functionality anymore.
Enhancement - Update reva: #3944
Changelog for reva 2.6.1 (2022-06-27) =======================================
The following sections list the changes in reva 2.6.1 relevant to reva users. The changes are
ordered by importance.
Summary -------
Changelog for reva 2.6.0 (2022-06-21) =======================================
The following sections list the changes in reva 2.6.0 relevant to reva users. The changes are
ordered by importance.
https://github.com/owncloud/ocis/pull/3944
https://github.com/owncloud/ocis/pull/3975
https://github.com/owncloud/ocis/pull/3982
https://github.com/owncloud/ocis/pull/4000
https://github.com/owncloud/ocis/pull/4006
Enhancement - Update reva to version 2.7.2: #4115
Changelog for reva 2.7.2 (2022-07-18) =======================================
Changelog for reva 2.7.1 (2022-07-15) =======================================
Changelog for reva 2.7.0 (2022-07-15) =======================================
https://github.com/owncloud/ocis/pull/4115
https://github.com/owncloud/ocis/pull/4201
https://github.com/owncloud/ocis/pull/4203
https://github.com/owncloud/ocis/pull/4025
https://github.com/owncloud/ocis/pull/4211
Enhancement - Update reva to v2.7.4: #4294
Updated reva to version 2.7.4 This update includes:
Updated reva to version 2.7.3 This update includes:
Https://github.com/owncloud/ocis/pull/4272
https://github.com/cs3org/reva/pull/3096 https://github.com/cs3org/reva/pull/4315
https://github.com/owncloud/ocis/pull/4294
https://github.com/owncloud/ocis/pull/4330
https://github.com/owncloud/ocis/pull/4369
Enhancement - Update reva to version 2.4.1: #3746
Changelog for reva 2.4.1 (2022-05-24) =======================================
The following sections list the changes in reva 2.4.1 relevant to reva users. The changes are
ordered by importance.
Summary -------
Changelog for reva 2.4.0 (2022-05-24) =======================================
The following sections list the changes in reva 2.4.0 relevant to reva users. The changes are
ordered by importance.
Summary -------
https://github.com/owncloud/ocis/pull/3746
https://github.com/owncloud/ocis/pull/3771
https://github.com/owncloud/ocis/pull/3778
https://github.com/owncloud/ocis/pull/3842
https://github.com/owncloud/ocis/pull/3854
https://github.com/owncloud/ocis/pull/3858
https://github.com/owncloud/ocis/pull/3867
Enhancement - Update reva to version 2.5.1: #3932
Changelog for reva 2.5.1 (2022-06-08) =======================================
The following sections list the changes in reva 2.5.1 relevant to reva users. The changes are
ordered by importance.
Summary -------
Changelog for reva 2.5.0 (2022-06-07) =======================================
The following sections list the changes in reva 2.5.0 relevant to reva users. The changes are
ordered by importance.
Summary -------
https://github.com/owncloud/ocis/pull/3932
https://github.com/owncloud/ocis/pull/3928
https://github.com/owncloud/ocis/pull/3922
Enhancement - Update reva to v2.3.1: #3552
Updated reva to version 2.3.1. This update includes
Updated reva to version 2.3.0. This update includes:
https://github.com/owncloud/ocis/issues/3621
https://github.com/owncloud/ocis/pull/3552
https://github.com/owncloud/ocis/pull/3570
https://github.com/owncloud/ocis/pull/3601
https://github.com/owncloud/ocis/pull/3602
https://github.com/owncloud/ocis/pull/3605
https://github.com/owncloud/ocis/pull/3611
https://github.com/owncloud/ocis/pull/3637
https://github.com/owncloud/ocis/pull/3652
https://github.com/owncloud/ocis/pull/3681
Enhancement - Update ownCloud Web to v5.5.0-rc.8: #6854
Tags: web
We updated ownCloud Web to v5.5.0-rc.8. Please refer to the changelog (linked) for details on
the web release.
https://github.com/owncloud/web/pull/6854
https://github.com/owncloud/ocis/pull/3844
https://github.com/owncloud/ocis/pull/3862
https://github.com/owncloud/web/releases/tag/v5.5.0-rc.8
Enhancement - Update ownCloud Web to v5.5.0-rc.9: #6854
Tags: web
We updated ownCloud Web to v5.5.0-rc.9. Please refer to the changelog (linked) for details on
the web release.
Summary -------
https://github.com/owncloud/web/pull/6854
https://github.com/owncloud/ocis/pull/3927
https://github.com/owncloud/web/releases/tag/v5.5.0-rc.9
Enhancement - Update ownCloud Web to v5.5.0-rc.6: #6854
Tags: web
We updated ownCloud Web to v5.5.0-rc.6. Please refer to the changelog (linked) for details on
the web release.
https://github.com/owncloud/web/pull/6854
https://github.com/owncloud/ocis/pull/3664
https://github.com/owncloud/ocis/pull/3680
https://github.com/owncloud/ocis/pull/3727
https://github.com/owncloud/ocis/pull/3747
https://github.com/owncloud/ocis/pull/3797
https://github.com/owncloud/web/releases/tag/v5.5.0-rc.6
Enhancement - Update ownCloud Web to v5.7.0-rc.1: #4005
Tags: web
We updated ownCloud Web to v5.7.0-rc.1. Please refer to the changelog (linked) for details on
the web release.
https://github.com/owncloud/ocis/pull/4005
https://github.com/owncloud/web/pull/7158
https://github.com/owncloud/ocis/pull/3990
https://github.com/owncloud/web/pull/6854
https://github.com/owncloud/web/releases/tag/v5.7.0-rc.1
Enhancement - Update ownCloud Web to v5.7.0-rc.4: #4140
Tags: web
We updated ownCloud Web to v5.7.0-rc.4. Please refer to the changelog (linked) for details on
the web release.
https://github.com/owncloud/ocis/pull/4140
https://github.com/owncloud/web/releases/tag/v5.7.0-rc.4
Enhancement - Update ownCloud Web to v5.7.0-rc.8: #4314
Tags: web
We updated ownCloud Web to v5.7.0-rc.9. Please refer to the changelog (linked) for details on
the web release.
preview
apphttps://github.com/owncloud/ocis/pull/4314
https://github.com/owncloud/web/releases/tag/v5.7.0-rc.8
Enhancement - Expand personal drive on the graph user: #4357
We can now list the personal drive on the users endpoint via the graph API. A user can add an
$expand=drive
query to list the personal drive of the requested user.
Enhancement - Add descriptions to webdav configuration: #3755
Added descriptions to webdav config structs to include them in the config documentation.
Enhancement - Search service at the old webdav endpoint: #4118
We made the search service available for legacy clients at the old webdav endpoint.
Published by ownclouders over 2 years ago
OCIS_RUN_SERVICES
: #4133
GRAPH_SPACES_INSECURE
: #55555
ocis search
command: #3796
/dav/xxx?preview=1
requests: #3567
ocis init
and remove all default secrets: #3551
glauth
and accounts
services are removed: #3685
share_jail
and projects
feature flags in spaces capability: #3626
Bugfix - Fix DN parsing issues and sizelimit handling in libregraph/idm: #3631
We fixed a couple on issues in libregraph/idm related to correctly parsing LDAP DNs for
usernames contain characters that require escaping.
Also libregraph/idm was not properly returning "Size limit exceeded" errors when the result
set exceeded the requested size.
https://github.com/owncloud/ocis/issues/3631
https://github.com/owncloud/ocis/issues/4039
https://github.com/owncloud/ocis/issues/4078
Bugfix - Remove runtime kill and run commands: #3740
We've removed the kill and run commands from the oCIS runtime. If these dynamic capabilities
are needed, one should switch to a full fledged supervisor and start oCIS as individual
services.
If one wants to start a only a subset of services, this is still possible by setting
OCIS_RUN_EXTENSIONS.
Bugfix - Check permissions when deleting Space: #3709
Check for manager permissions when deleting spaces. Do not allow deleting spaces via dav
service
Bugfix - Logging in on the wrong account when an email address is not unique: #4039
The default configuration to use the same logon attribute for all services. Also, if the
configured logon attribute is not unique access to ocis is denied.
Bugfix - Allow empty environment variables: #3892
We've fixed the behavior for empty environment variables, that previously would not have
overwritten default values. Therefore it had the same effect like not setting the environment
variable. We now check if the environment variable is set at all and if so, we also allow to
override a default value with an empty value.
Bugfix - Remove unused transfer secret from app provider: #3798
We've fixed the startup of the app provider by removing the startup dependency on a configured
transfer secret, which was not used. This only happend if you start the app provider without
runtime (eg. ocis app-provider server
) and didn't have configured all oCIS secrets.
Bugfix - Make IDP secrets configurable via environment variables: #3744
We've fixed the configuration options of the IDP to make the IDP secrets again configurable via
environment variables.
Bugfix - CSP rules for silent token refresh in iframe: #4031
When renewing the access token silently web needs to be opened in an iframe. This was previously
blocked by a restrictive iframe CSP rule in the Secure
middleware and has now been fixed by
allow self
for iframes.
https://github.com/owncloud/web/issues/7030
https://github.com/owncloud/ocis/pull/4031
Bugfix - Enable debug server by default: #3827
We've fixed the behavior for the audit, idm, nats and notifications extensions, that did not
start their debug server by default.
Bugfix - Rework default role provisioning: #3900
We fixed a race condition in the default role assignment code that could lead to users loosing
privileges. When authenticating before the settings service was fully running.
Bugfix - Fix search index getting out of sync: #3851
We fixed a problem where the search index got out of sync with child elements of a parent
containing special characters.
Bugfix - Inconsistency env var naming for LDAP filter configuration: #3890
There was a naming inconsitency for the enviroment variables used to define LDAP filters for
user and groups queries. Some services used LDAP_USER_FILTER
while others used
LDAP_USERFILTER
. This is now changed to use LDAP_USER_FILTER
and LDAP_GROUP_FILTER
.
Note: If your oCIS setup is using an LDAP configuration that has any of the *_LDAP_USERFILTER
or *_LDAP_GROUPFILTER
environment variables set, please update the configuration to use
the new unified names *_LDAP_USER_FILTER
respectively *_LDAP_GROUP_FILTER
instead.
Bugfix - Fix LDAP insecure options: #3897
We've fixed multiple LDAP insecure options:
true
and now defaults to false
. This is possible after #3888, since the Graph also now uses the LDAP CAcert by default.OCIS_INSECURE
, which was replaced by the dedicated LDAP_INSECURE
variable. This variable is also used by all other services using LDAP.LDAP_INSECURE
.Bugfix - Fix logging levels: #4102
We've fixed the configuration of logging levels. Previously it was not possible to configure a
service with a more or less verbose log level then all other services when running in the
supervised / runtime mode ocis server
.
For example OCIS_LOG_LEVEL=error PROXY_LOG_LEVEL=debug ocis server
did not configure
error logging for all services except the proxy, which should be on debug logging. This is now
fixed and working properly.
Also we fixed the format of go-micro logs to always default to error level. Previously this was
only ensured in the supervised / runtime mode.
https://github.com/owncloud/ocis/issues/4089
https://github.com/owncloud/ocis/pull/4102
Bugfix - Fix OCIS_RUN_SERVICES
: #4133
OCIS_RUN_SERVICES
was introduced as successor to OCIS_RUN_EXTENSIONS
because we
wanted to call oCIS "core" extensions services. We kept OCIS_RUN_EXTENSIONS
for backwards
compatibility reasons.
It turned out, that setting OCIS_RUN_SERVICES
has no effect since introduced.
OCIS_RUN_EXTENSIONS
. OCIS_RUN_EXTENSIONS
was working fine all the time.
We now fixed OCIS_RUN_SERVICES
, so that you can use it as a equivalent replacement for
OCIS_RUN_EXTENSIONS
Bugfix - Set default name for public link via capabilities: #3834
We have now added a default name for public link shares which is communicated via the
capabilities.
https://github.com/owncloud/ocis/issues/1237
https://github.com/owncloud/ocis/pull/3834
Bugfix - Remove legacy accounts proxy routes: #3831
We've removed the legacy accounts routes from the proxy default config. There were no longer
used since the switch to IDM as the default user backend. Also accounts is no longer part of the
oCIS binary and therefore should not be part of the proxy default route config.
Bugfix - Fix unused config option GRAPH_SPACES_INSECURE
: #55555
We've removed the unused config option GRAPH_SPACES_INSECURE
from the GRAPH service.
Bugfix - Remove unused configuration options: #3973
We've removed multiple unused configuration options:
STORAGE_SYSTEM_DATAPROVIDER_INSECURE
, see also cs3org/reva#2993 -STORAGE_USERS_DATAPROVIDER_INSECURE
, see also cs3org/reva#2993 -STORAGE_SYSTEM_TEMP_FOLDER
, see also cs3org/reva#2993 -STORAGE_USERS_TEMP_FOLDER
, see also cs3org/reva#2993 - WEB_UI_CONFIG_VERSION
, seeGATEWAY_COMMIT_SHARE_TO_STORAGE_REF
, see alsoBugfix - Remove static ocs user backend config: #4077
We've remove the OCS_ACCOUNT_BACKEND_TYPE
configuration option. It was intended to allow
configuration of different user backends for the ocs service. Right now the ocs service only
has a "cs3" backend. Therefor it's a static entry and not configurable.
Bugfix - Remove unused OCS storage configuration: #3955
We've removed the unused OCS configuration option OCS_STORAGE_USERS_DRIVER
.
Bugfix - Fix the ocis search
command: #3796
We've fixed the behavior for ocis search
, which didn't show further help when not all secrets
have been configured. It also was not possible to start the search service standalone from the
oCIS binary without configuring all oCIS secrets, even they were not needed by the search
service.
Bugfix - Rename search env variable for the grpc server address: #3800
We've fixed the gprc server address configuration environment variable by renaming it from
ACCOUNTS_GRPC_ADDR
to SEARCH_GRPC_ADDR
Bugfix - Fix make sensitive config values in the proxy's debug server: #4086
We've fixed a security issue of the proxy's debug server config report endpoint. Previously
sensitive configuration values haven't been masked. We now mask these values.
Bugfix - Fix the idm and settings extensions' admin user id configuration option: #3799
We've fixed the admin user id configuration of the settings and idm extensions. The have
previously only been configurable via the oCIS shared configuration and therefore have been
undocumented for the extensions. This config option is now part of both extensions'
configuration and can now also be used when the extensions are compiled standalone.
Bugfix - Fix configuration validation for extensions' server commands: #3911
We've fixed the configuration validation for the extensions' server commands. Before this
fix error messages have occurred when trying to start individual services without certain
oCIS fullstack configuration values.
We now no longer do the common oCIS configuration validation for extensions' server commands
and now rely only on the extensions' validation function.
Bugfix - Fix startup error logging: #4093
We've fixed the startup error logging, so that users will the reason for a failed startup even on
"error" log level. Previously they would only see it on "info" log level. Also in a lot of cases
the reason for the failed shutdown was omitted.
Bugfix - Fix multiple storage-users env variables: #3802
We've fixed multiple environment variable configuration options for the storage-users
extension:
STORAGE_USERS_GRPC_ADDR
was used to configure both the address of the http and grpc server. This resulted in a failing startup of the storage-users extension if this config option is set, because the service tries to double-bind the configured port (one time for each of the http and grpc server). You can now configure the grpc server's address with the environment variable STORAGE_USERS_GRPC_ADDR
and the http server's address with the environment variable STORAGE_USERS_HTTP_ADDR
STORAGE_USERS_S3NG_USERS_PROVIDER_ENDPOINT
was used to configure the permissions service endpoint for the S3NG driver and was therefore renamed to STORAGE_USERS_S3NG_PERMISSIONS_ENDPOINT
STORAGE_USERS_PERMISSION_ENDPOINT
, which was previously only used by the S3NG driver.Bugfix - Thumbnails for /dav/xxx?preview=1
requests: #3567
We've added the thumbnail rendering for /dav/xxx?preview=1
,
/remote.php/webdav/{relative path}?preview=1
and /webdav/{relative path}?preview=1
requests, which was previously not supported because of missing routes. It
now returns the same thumbnails as for /remote.php/dav/xxx?preview=1
.
Bugfix - Fix user autoprovisioning: #3893
We've fixed the autoprovsioning feature that was introduced in beta2. Due to a bug the role
assignment of the privileged user that is used to create accounts wasn't propagated correctly
to the graph
service.
Bugfix - Fix version info: #3953
We've fixed the version info that is displayed when you run:
ocis version
- ocis <extension name> version
Since #2918, these commands returned an empty version only.
Bugfix - Fix version number in status page: #3788
We needed to undo the version number changes on the status page to keep compatibility for legacy
clients. We added a new field productversion
for the actual version of the product.
https://github.com/owncloud/ocis/issues/3788
https://github.com/owncloud/ocis/pull/3805
Bugfix - Fix the webdav URL of drive roots: #3706
Fixed the webdav URL of drive roots in the graph API.
https://github.com/owncloud/ocis/issues/3706
https://github.com/owncloud/ocis/pull/3916
Bugfix - Idp: Check if CA certificate if present: #3623
Upon first start with the default configurtation the idm service creates a server
certificate, that might not be finished before the idp service is starting. Add a check to idp
similar to what the user, group, and auth-providers implement.
Bugfix - Fix graph endpoint: #3925
We have added the memberOf slice to the /users endpoint and the member slice to the /group
endpoint
Bugfix - Escape DN attribute value: #4117
Escaped the DN attribute value on creating users and groups.
Bugfix - Make IDP only wait for certs when using LDAP: #3965
When configuring cs3 as the backend the IDP no longer waits for an LDAP certificate to appear.
Bugfix - Make ocdav service behave properly: #3957
The ocdav service now properly passes the tracing config and shuts down when receiving a kill
signal.
Bugfix - Return proper errors when ocs/cloud/users is using the cs3 backend: #3483
The ocs API was just exiting with a fatal error on any update request, when configured for the cs3
backend. Now it returns a proper error.
Bugfix - Polish search: #4094
We improved the feedback when providing invalid search queries and added support for limiting
the number of results returned.
Bugfix - Save Katherine: #3823
SpaceManager user katherine was removed with the demo user switch. Now she comes back
https://github.com/owncloud/ocis/issues/3823
https://github.com/owncloud/ocis/pull/3824
Bugfix - Fix Thumbnails for IDs without a trailing path: #3791
The routes in the chi router were not matching thumbnail requests without a trailing path.
Bugfix - URL encode the webdav url in the graph API: #3597
Fixed the webdav URL in the drives responses. Without encoding the URL could be broken by files
with spaces in the file name.
https://github.com/owncloud/ocis/issues/3538
https://github.com/owncloud/ocis/pull/3597
Bugfix - Store user passwords hashed in idm: #3778
Support for hashing user passwords was added to libregraph/idm. The graph API will now set
userpasswords using the LDAP Modify Extended Operation (RFC3062). In the default
configuration passwords will be hashed using the argon2id algorithm.
https://github.com/owncloud/ocis/issues/3778
https://github.com/owncloud/ocis/pull/4053
Change - Update ocis packages and imports to V2: #3678
This needs to be done in preparation for the major version bump in ocis.
Change - Load configuration files just from one directory: #3587
We've changed the configuration file loading behavior and are now only loading configuration
files from ONE single directory. This directory can be set on compile time or via an environment
variable on startup (OCIS_CONFIG_DIR
).
We are using following configuration default paths:
/etc/ocis/
- Binary releases: $HOME/.ocis/config/
Change - Reduce permissions on docker image predeclared volumes: #3641
We've lowered the permissions on the predeclared volumes of the oCIS docker image from 777 to
750.
This change doesn't affect you, unless you use the docker image with the non default uid/guid to
start oCIS (default is 1000:1000).
Change - Introduce ocis init
and remove all default secrets: #3551
We've removed all default secrets and the hardcoded UUID of the user admin
. This means you
can't start oCIS any longer without setting these via environment variable or configuration
file.
In order to make this easy for you, we introduced a new command: ocis init
. You can run this
command before starting oCIS with ocis server
and it will bootstrap you a configuration file
for a secure oCIS instance.
https://github.com/owncloud/ocis/issues/3524
https://github.com/owncloud/ocis/pull/3551
https://github.com/owncloud/ocis/pull/3743
Change - The glauth
and accounts
services are removed: #3685
After switching the default configuration to libregraph/idm we could remove the glauth and
accounts services from the source code (they were already disabled by default with the
previous release)
Change - Reduce drives in graph /me/drives API: #3629
Reduced the drives in the graph /me/drives
API to only the drives the user has access to. The
endpoint /drives
will list all drives when the user has the permission.
Change - Switched default configuration to use libregraph/idm: #3331
We switched the default configuration of oCIS to use the "idm" service (based on
libregraph/idm) as the standard source for user and group information. The accounts and
glauth services are no longer enabled by default and will be removed with an upcoming release.
https://github.com/owncloud/ocis/pull/3331
https://github.com/owncloud/ocis/pull/3633
Change - Rename MetadataUserID: #3671
MetadataUserID is renamed to SystemUserID including yaml tags and env vars
Change - Use new space ID util functions: #3648
Changed code to use the new space ID util functions so that everything works with the new spaces
ID format.
https://github.com/owncloud/ocis/pull/3648
https://github.com/owncloud/ocis/pull/3669
Change - Prevent access to disabled space: #3779
Previously managers where allowed to edit the space even when it is disabled This is no longer
possible
Change - Rename serviceUser to systemUser: #3673
We renamed serviceUser to systemUser in all configs and vars including yaml-tags and env vars
Change - Use the spaceID on the cs3 resource: #4748
We cleaned up the CS3Api to use a proper attribute for the space id.
Change - Split MachineAuth from SystemUser: #3672
We now have two different APIKeys: MachineAuth for the machine-auth service and SystemUser
for the system user used e.g. by settings service
Enhancement - Add capability for alias links: #3983
For better UX clients need a way to discover if alias links are supported by the server. We added a
capability under "files_sharing/public/alias"
https://github.com/owncloud/ocis/issues/3983
https://github.com/owncloud/ocis/pull/3991
Enhancement - Add FRONTEND_ENABLE_RESHARING env variable: #4023
We introduced resharing which was enabled by default, this is now configurable and can be
enabled by setting the env FRONTEND_ENABLE_RESHARING
to true
. By default resharing is
now disabled.
Enhancement - Add number of total matches to the search result: #4189
The search service now returns the number of total matches alongside the results.
Enhancement - Align service naming: #3606
We now reflect the configured service names when listing them in the ocis runtime
https://github.com/owncloud/ocis/issues/3603
https://github.com/owncloud/ocis/pull/3606
Enhancement - Add acting user to the audit log: #3753
Added the acting user to the events in the audit log.
https://github.com/owncloud/ocis/issues/3753
https://github.com/owncloud/ocis/pull/3992
Enhancement - Add audit events for created containers: #3941
Handle the event ContainerCreated
in the audit service.
Enhancement - Don't setup demo role assignments on default: #3661
Added a configuration option to explicitly tell the settings service to generate the default
role assignments.
https://github.com/owncloud/ocis/issues/3661
https://github.com/owncloud/ocis/pull/3956
Enhancement - Introduce service registry cache: #3833
We've improved the service registry / service discovery by setting up registry caching (TTL
20s), so that not every requests has to do a lookup on the registry.
Enhancement - Reintroduce user autoprovisioning in proxy: #3860
With the removal of the accounts service autoprovisioning of users upon first login was no
longer possible. We added this feature back for the cs3 user backend in the proxy. Leveraging
the libregraph users API for creating the users.
Enhancement - Disable the color logging in docker compose examples: #871
Disabled the color logging in the example docker compose deployments. Although colored logs
are helpful during the development process they may be undesired in other situations like
production deployments, where the logs aren't consumed by humans directly but instead by a log
aggregator.
https://github.com/owncloud/ocis/issues/871
https://github.com/owncloud/ocis/pull/3935
Enhancement - Optional events in graph service: #55555
We've changed the graph service so that you also can start it without any event bus. Therefore
you need to set GRAPH_EVENTS_ENDPOINT
to an empty string. The graph API will not emit any
events in this case.
Enhancement - Add config option to provide TLS certificate: #3818
Added a config option to the graph service to provide a TLS certificate to be used to verify the
LDAP server certificate.
https://github.com/owncloud/ocis/issues/3818
https://github.com/owncloud/ocis/pull/3888
Enhancement - Add descriptions for graph-explorer config: #3759
Added descriptions tags to the graph-explorer config tags so that they will be included in the
documentation.
Enhancement - Add /me/changePassword endpoint to GraphAPI: #3063
When using the builtin user management, allow users to update their own password via the
graph/v1.0/me/changePassword endpoint.
https://github.com/owncloud/ocis/issues/3063
https://github.com/owncloud/ocis/pull/3705
Enhancement - Generate signing key and encryption secret: #3909
The idp service now automatically generates a signing key and encryption secret when they
don't exist. This will enable service restarts without invalidating existing sessions.
https://github.com/owncloud/ocis/issues/3909
https://github.com/owncloud/ocis/pull/4022
Enhancement - Update IdP UI: #3493
Updated our fork of the lico IdP UI. This also updated the used npm dependencies. The design
didn't change.
https://github.com/owncloud/ocis/issues/3493
https://github.com/owncloud/ocis/pull/4074
Enhancement - Wrap metadata storage with dedicated reva gateway: #3602
We wrapped the metadata storage in a minimal reva instance with a dedicated gateway, including
static storage registry, static auth registry, in memory userprovider, machine
authprovider and demo permissions service. This allows us to preconfigure the service user
for the ocis settings service, share and public share providers.
https://github.com/owncloud/ocis/pull/3602
https://github.com/owncloud/ocis/pull/3647
Enhancement - New migrate command for migrating shares and public shares: #3987
We added a new migrate
subcommand which can be used to migrate shares and public shares
between different share and publicshare managers.
https://github.com/owncloud/ocis/pull/3987
https://github.com/owncloud/ocis/pull/4019
Enhancement - Product field in OCS version: #2918
We've added a new field to the OCS Version, which is supposed to announce the product name. The
web ui as a client will make use of it to make the backend product and version available (e.g. for
easier bug reports).
Enhancement - Refactor extensions to services: #3980
We have decided to name all extensions, we maintain and provide with ocis, services from here on
to avoid confusion between external extensions and code we provide and maintain.
Enhancement - Allow resharing: #3904
This will allow resharing files
Enhancement - Add initial version of the search extensions: #3635
It is now possible to search for files and directories by their name using the web UI. Therefor
new search extension indexes files in a persistent local index.
Enhancement - Add capability for public link single file edit: #6787
It is now possible to share a single file by link with edit permissions. Therefore we need a
public share capability to enable that feature in the clients. At the same time, we improved the
WebDAV permissions for public links.
https://github.com/owncloud/web/pull/6787
https://github.com/owncloud/ocis/pull/3538
Enhancement - Added share_jail
and projects
feature flags in spaces capability: #3626
We've added feature flags to the spaces
capability to indicate to clients which features are
supposed to be shown to users.
Enhancement - Add description tags to the thumbnails config structs: #3752
Added description tags to the config structs in the thumbnails service so they will be included
in the config documentation.
Important If you ran ocis init
with the v2.0.0-alpha*
version then you have to manually add the transfer_secret
to the ocis.yaml.
Just open the ocis.yaml
config file and look for the thumbnails section. Then add a random
transfer_secret
so that it looks like this:
yaml thumbnails: thumbnail: transfer_secret: <put random value here>
Enhancement - Make thumbnails service log less noisy: #3959
Reduced the log severity when no thumbnail was found from warn to debug. This reduces the spam in
the logs.
Enhancement - Update linkshare capabilities: #3579
We have updated the capabilities regarding password enforcement and expiration dates of
public links. They were previously hardcoded in a way that didn't reflect the actual backend
functionality anymore.
Enhancement - Update reva: #3944
Changelog for reva 2.6.1 (2022-06-27) =======================================
The following sections list the changes in reva 2.6.1 relevant to reva users. The changes are
ordered by importance.
Summary -------
Changelog for reva 2.6.0 (2022-06-21) =======================================
The following sections list the changes in reva 2.6.0 relevant to reva users. The changes are
ordered by importance.
https://github.com/owncloud/ocis/pull/3944
https://github.com/owncloud/ocis/pull/3975
https://github.com/owncloud/ocis/pull/3982
https://github.com/owncloud/ocis/pull/4000
https://github.com/owncloud/ocis/pull/4006
Enhancement - Update reva to version 2.7.2: #4115
Changelog for reva 2.7.2 (2022-07-18) =======================================
Changelog for reva 2.7.1 (2022-07-15) =======================================
Changelog for reva 2.7.0 (2022-07-15) =======================================
https://github.com/owncloud/ocis/pull/4115
https://github.com/owncloud/ocis/pull/4201
https://github.com/owncloud/ocis/pull/4203
https://github.com/owncloud/ocis/pull/4025
https://github.com/owncloud/ocis/pull/4211
Enhancement - Update reva to version 2.4.1: #3746
Changelog for reva 2.4.1 (2022-05-24) =======================================
The following sections list the changes in reva 2.4.1 relevant to reva users. The changes are
ordered by importance.
Summary -------
Changelog for reva 2.4.0 (2022-05-24) =======================================
The following sections list the changes in reva 2.4.0 relevant to reva users. The changes are
ordered by importance.
Summary -------
https://github.com/owncloud/ocis/pull/3746
https://github.com/owncloud/ocis/pull/3771
https://github.com/owncloud/ocis/pull/3778
https://github.com/owncloud/ocis/pull/3842
https://github.com/owncloud/ocis/pull/3854
https://github.com/owncloud/ocis/pull/3858
https://github.com/owncloud/ocis/pull/3867
Enhancement - Update reva to version 2.5.1: #3932
Changelog for reva 2.5.1 (2022-06-08) =======================================
The following sections list the changes in reva 2.5.1 relevant to reva users. The changes are
ordered by importance.
Summary -------
Changelog for reva 2.5.0 (2022-06-07) =======================================
The following sections list the changes in reva 2.5.0 relevant to reva users. The changes are
ordered by importance.
Summary -------
https://github.com/owncloud/ocis/pull/3932
https://github.com/owncloud/ocis/pull/3928
https://github.com/owncloud/ocis/pull/3922
Enhancement - Update reva to v2.3.1: #3552
Updated reva to version 2.3.1. This update includes
Updated reva to version 2.3.0. This update includes:
https://github.com/owncloud/ocis/issues/3621
https://github.com/owncloud/ocis/pull/3552
https://github.com/owncloud/ocis/pull/3570
https://github.com/owncloud/ocis/pull/3601
https://github.com/owncloud/ocis/pull/3602
https://github.com/owncloud/ocis/pull/3605
https://github.com/owncloud/ocis/pull/3611
https://github.com/owncloud/ocis/pull/3637
https://github.com/owncloud/ocis/pull/3652
https://github.com/owncloud/ocis/pull/3681
Enhancement - Update ownCloud Web to v5.5.0-rc.8: #6854
Tags: web
We updated ownCloud Web to v5.5.0-rc.8. Please refer to the changelog (linked) for details on
the web release.
https://github.com/owncloud/web/pull/6854
https://github.com/owncloud/ocis/pull/3844
https://github.com/owncloud/ocis/pull/3862
https://github.com/owncloud/web/releases/tag/v5.5.0-rc.8
Enhancement - Update ownCloud Web to v5.5.0-rc.9: #6854
Tags: web
We updated ownCloud Web to v5.5.0-rc.9. Please refer to the changelog (linked) for details on
the web release.
Summary -------
https://github.com/owncloud/web/pull/6854
https://github.com/owncloud/ocis/pull/3927
https://github.com/owncloud/web/releases/tag/v5.5.0-rc.9
Enhancement - Update ownCloud Web to v5.5.0-rc.6: #6854
Tags: web
We updated ownCloud Web to v5.5.0-rc.6. Please refer to the changelog (linked) for details on
the web release.
https://github.com/owncloud/web/pull/6854
https://github.com/owncloud/ocis/pull/3664
https://github.com/owncloud/ocis/pull/3680
https://github.com/owncloud/ocis/pull/3727
https://github.com/owncloud/ocis/pull/3747
https://github.com/owncloud/ocis/pull/3797
https://github.com/owncloud/web/releases/tag/v5.5.0-rc.6
Enhancement - Update ownCloud Web to v5.7.0-rc.1: #4005
Tags: web
We updated ownCloud Web to v5.7.0-rc.1. Please refer to the changelog (linked) for details on
the web release.
https://github.com/owncloud/ocis/pull/4005
https://github.com/owncloud/web/pull/7158
https://github.com/owncloud/ocis/pull/3990
https://github.com/owncloud/web/pull/6854
https://github.com/owncloud/web/releases/tag/v5.7.0-rc.1
Enhancement - Update ownCloud Web to v5.7.0-rc.4: #4140
Tags: web
We updated ownCloud Web to v5.7.0-rc.4. Please refer to the changelog (linked) for details on
the web release.
https://github.com/owncloud/ocis/pull/4140
https://github.com/owncloud/web/releases/tag/v5.7.0-rc.4
Enhancement - Add descriptions to webdav configuration: #3755
Added descriptions to webdav config structs to include them in the config documentation.
Enhancement - Search service at the old webdav endpoint: #4118
We made the search service available for legacy clients at the old webdav endpoint.
Published by ownclouders over 2 years ago
ocis search
command: #3796
/dav/xxx?preview=1
requests: #3567
ocis init
and remove all default secrets: #3551
glauth
and accounts
services are removed: #3685
share_jail
and projects
feature flags in spaces capability: #3626
Bugfix - Remove runtime kill and run commands: #3740
We've removed the kill and run commands from the oCIS runtime. If these dynamic capabilities
are needed, one should switch to a full fledged supervisor and start oCIS as individual
services.
If one wants to start a only a subset of services, this is still possible by setting
OCIS_RUN_EXTENSIONS.
Bugfix - Check permissions when deleting Space: #3709
Check for manager permissions when deleting spaces. Do not allow deleting spaces via dav
service
Bugfix - Allow empty environment variables: #3892
We've fixed the behavior for empty environment variables, that previously would not have
overwritten default values. Therefore it had the same effect like not setting the environment
variable. We now check if the environment variable is set at all and if so, we also allow to
override a default value with an empty value.
Bugfix - Remove unused transfer secret from app provider: #3798
We've fixed the startup of the app provider by removing the startup dependency on a configured
transfer secret, which was not used. This only happend if you start the app provider without
runtime (eg. ocis app-provider server
) and didn't have configured all oCIS secrets.
Bugfix - Make IDP secrets configurable via environment variables: #3744
We've fixed the configuration options of the IDP to make the IDP secrets again configurable via
environment variables.
Bugfix - Enable debug server by default: #3827
We've fixed the behavior for the audit, idm, nats and notifications extensions, that did not
start their debug server by default.
Bugfix - Rework default role provisioning: #3900
We fixed a race condition in the default role assignment code that could lead to users loosing
privileges. When authenticating before the settings service was fully running.
Bugfix - Fix search index getting out of sync: #3851
We fixed a problem where the search index got out of sync with child elements of a parent
containing special characters.
Bugfix - Inconsistency env var naming for LDAP filter configuration: #3890
There was a naming inconsitency for the enviroment variables used to define LDAP filters for
user and groups queries. Some services used LDAP_USER_FILTER
while others used
LDAP_USERFILTER
. This is now changed to use LDAP_USER_FILTER
and LDAP_GROUP_FILTER
.
Note: If your oCIS setup is using an LDAP configuration that has any of the *_LDAP_USERFILTER
or *_LDAP_GROUPFILTER
environment variables set, please update the configuration to use
the new unified names *_LDAP_USER_FILTER
respectively *_LDAP_GROUP_FILTER
instead.
Bugfix - Fix LDAP insecure options: #3897
We've fixed multiple LDAP insecure options:
true
and now defaults to false
. This is possible after #3888, since the Graph also now uses the LDAP CAcert by default.OCIS_INSECURE
, which was replaced by the dedicated LDAP_INSECURE
variable. This variable is also used by all other services using LDAP.LDAP_INSECURE
.Bugfix - Set default name for public link via capabilities: #3834
We have now added a default name for public link shares which is communicated via the
capabilities.
https://github.com/owncloud/ocis/issues/1237
https://github.com/owncloud/ocis/pull/3834
Bugfix - Remove legacy accounts proxy routes: #3831
We've removed the legacy accounts routes from the proxy default config. There were no longer
used since the switch to IDM as the default user backend. Also accounts is no longer part of the
oCIS binary and therefore should not be part of the proxy default route config.
Bugfix - Remove unused OCS storage configuration: #3955
We've removed the unused OCS configuration option OCS_STORAGE_USERS_DRIVER
.
Bugfix - Fix the ocis search
command: #3796
We've fixed the behavior for ocis search
, which didn't show further help when not all secrets
have been configured. It also was not possible to start the search service standalone from the
oCIS binary without configuring all oCIS secrets, even they were not needed by the search
service.
Bugfix - Rename search env variable for the grpc server address: #3800
We've fixed the gprc server address configuration environment variable by renaming it from
ACCOUNTS_GRPC_ADDR
to SEARCH_GRPC_ADDR
Bugfix - Fix the idm and settings extensions' admin user id configuration option: #3799
We've fixed the admin user id configuration of the settings and idm extensions. The have
previously only been configurable via the oCIS shared configuration and therefore have been
undocumented for the extensions. This config option is now part of both extensions'
configuration and can now also be used when the extensions are compiled standalone.
Bugfix - Fix configuration validation for extensions' server commands: #3911
We've fixed the configuration validation for the extensions' server commands. Before this
fix error messages have occurred when trying to start individual services without certain
oCIS fullstack configuration values.
We now no longer do the common oCIS configuration validation for extensions' server commands
and now rely only on the extensions' validation function.
Bugfix - Fix multiple storage-users env variables: #3802
We've fixed multiple environment variable configuration options for the storage-users
extension:
STORAGE_USERS_GRPC_ADDR
was used to configure both the address of the http and grpc server. This resulted in a failing startup of the storage-users extension if this config option is set, because the service tries to double-bind the configured port (one time for each of the http and grpc server). You can now configure the grpc server's address with the environment variable STORAGE_USERS_GRPC_ADDR
and the http server's address with the environment variable STORAGE_USERS_HTTP_ADDR
STORAGE_USERS_S3NG_USERS_PROVIDER_ENDPOINT
was used to configure the permissions service endpoint for the S3NG driver and was therefore renamed to STORAGE_USERS_S3NG_PERMISSIONS_ENDPOINT
STORAGE_USERS_PERMISSION_ENDPOINT
, which was previously only used by the S3NG driver.Bugfix - Thumbnails for /dav/xxx?preview=1
requests: #3567
We've added the thumbnail rendering for /dav/xxx?preview=1
,
/remote.php/webdav/{relative path}?preview=1
and /webdav/{relative path}?preview=1
requests, which was previously not supported because of missing routes. It
now returns the same thumbnails as for /remote.php/dav/xxx?preview=1
.
Bugfix - Fix user autoprovisioning: #3893
We've fixed the autoprovsioning feature that was introduced in beta2. Due to a bug the role
assignment of the privileged user that is used to create accounts wasn't propagated correctly
to the graph
service.
Bugfix - Fix version info: #3953
We've fixed the version info that is displayed when you run:
ocis version
- ocis <extension name> version
Since #2918, these commands returned an empty version only.
Bugfix - Fix version number in status page: #3788
We needed to undo the version number changes on the status page to keep compatibility for legacy
clients. We added a new field productversion
for the actual version of the product.
https://github.com/owncloud/ocis/issues/3788
https://github.com/owncloud/ocis/pull/3805
Bugfix - Fix the webdav URL of drive roots: #3706
Fixed the webdav URL of drive roots in the graph API.
https://github.com/owncloud/ocis/issues/3706
https://github.com/owncloud/ocis/pull/3916
Bugfix - Idp: Check if CA certificate if present: #3623
Upon first start with the default configurtation the idm service creates a server
certificate, that might not be finished before the idp service is starting. Add a check to idp
similar to what the user, group, and auth-providers implement.
Bugfix - Fix graph endpoint: #3925
We have added the memberOf slice to the /users endpoint and the member slice to the /group
endpoint
Bugfix - Make IDP only wait for certs when using LDAP: #3965
When configuring cs3 as the backend the IDP no longer waits for an LDAP certificate to appear.
Bugfix - Make ocdav service behave properly: #3957
The ocdav service now properly passes the tracing config and shuts down when receiving a kill
signal.
Bugfix - Return proper errors when ocs/cloud/users is using the cs3 backend: #3483
The ocs API was just exiting with a fatal error on any update request, when configured for the cs3
backend. Now it returns a proper error.
Bugfix - Save Katherine: #3823
SpaceManager user katherine was removed with the demo user switch. Now she comes back
https://github.com/owncloud/ocis/issues/3823
https://github.com/owncloud/ocis/pull/3824
Bugfix - Fix Thumbnails for IDs without a trailing path: #3791
The routes in the chi router were not matching thumbnail requests without a trailing path.
Bugfix - URL encode the webdav url in the graph API: #3597
Fixed the webdav URL in the drives responses. Without encoding the URL could be broken by files
with spaces in the file name.
https://github.com/owncloud/ocis/issues/3538
https://github.com/owncloud/ocis/pull/3597
Change - Update ocis packages and imports to V2: #3678
This needs to be done in preparation for the major version bump in ocis.
Change - Load configuration files just from one directory: #3587
We've changed the configuration file loading behavior and are now only loading configuration
files from ONE single directory. This directory can be set on compile time or via an environment
variable on startup (OCIS_CONFIG_DIR
).
We are using following configuration default paths:
/etc/ocis/
- Binary releases: $HOME/.ocis/config/
Change - Reduce permissions on docker image predeclared volumes: #3641
We've lowered the permissions on the predeclared volumes of the oCIS docker image from 777 to
750.
This change doesn't affect you, unless you use the docker image with the non default uid/guid to
start oCIS (default is 1000:1000).
Change - Introduce ocis init
and remove all default secrets: #3551
We've removed all default secrets and the hardcoded UUID of the user admin
. This means you
can't start oCIS any longer without setting these via environment variable or configuration
file.
In order to make this easy for you, we introduced a new command: ocis init
. You can run this
command before starting oCIS with ocis server
and it will bootstrap you a configuration file
for a secure oCIS instance.
https://github.com/owncloud/ocis/issues/3524
https://github.com/owncloud/ocis/pull/3551
https://github.com/owncloud/ocis/pull/3743
Change - The glauth
and accounts
services are removed: #3685
After switching the default configuration to libregraph/idm we could remove the glauth and
accounts services from the source code (they were already disabled by default with the
previous release)
Change - Reduce drives in graph /me/drives API: #3629
Reduced the drives in the graph /me/drives
API to only the drives the user has access to. The
endpoint /drives
will list all drives when the user has the permission.
Change - Switched default configuration to use libregraph/idm: #3331
We switched the default configuration of oCIS to use the "idm" service (based on
libregraph/idm) as the standard source for user and group information. The accounts and
glauth services are no longer enabled by default and will be removed with an upcoming release.
https://github.com/owncloud/ocis/pull/3331
https://github.com/owncloud/ocis/pull/3633
Change - Rename MetadataUserID: #3671
MetadataUserID is renamed to SystemUserID including yaml tags and env vars
Change - Use new space ID util functions: #3648
Changed code to use the new space ID util functions so that everything works with the new spaces
ID format.
https://github.com/owncloud/ocis/pull/3648
https://github.com/owncloud/ocis/pull/3669
Change - Prevent access to disabled space: #3779
Previously managers where allowed to edit the space even when it is disabled This is no longer
possible
Change - Rename serviceUser to systemUser: #3673
We renamed serviceUser to systemUser in all configs and vars including yaml-tags and env vars
Change - Split MachineAuth from SystemUser: #3672
We now have two different APIKeys: MachineAuth for the machine-auth service and SystemUser
for the system user used e.g. by settings service
Enhancement - Add FRONTEND_ENABLE_RESHARING env variable: #4023
We introduced resharing which was enabled by default, this is now configurable and can be
enabled by setting the env FRONTEND_ENABLE_RESHARING
to true
. By default resharing is
now disabled.
Enhancement - Align service naming: #3606
We now reflect the configured service names when listing them in the ocis runtime
https://github.com/owncloud/ocis/issues/3603
https://github.com/owncloud/ocis/pull/3606
Enhancement - Add acting user to the audit log: #3753
Added the acting user to the events in the audit log.
https://github.com/owncloud/ocis/issues/3753
https://github.com/owncloud/ocis/pull/3992
Enhancement - Add audit events for created containers: #3941
Handle the event ContainerCreated
in the audit service.
Enhancement - Don't setup demo role assignments on default: #3661
Added a configuration option to explicitly tell the settings service to generate the default
role assignments.
https://github.com/owncloud/ocis/issues/3661
https://github.com/owncloud/ocis/pull/3956
Enhancement - Introduce service registry cache: #3833
We've improved the service registry / service discovery by setting up registry caching (TTL
20s), so that not every requests has to do a lookup on the registry.
Enhancement - Reintroduce user autoprovisioning in proxy: #3860
With the removal of the accounts service autoprovisioning of users upon first login was no
longer possible. We added this feature back for the cs3 user backend in the proxy. Leveraging
the libregraph users API for creating the users.
Enhancement - Disable the color logging in docker compose examples: #871
Disabled the color logging in the example docker compose deployments. Although colored logs
are helpful during the development process they may be undesired in other situations like
production deployments, where the logs aren't consumed by humans directly but instead by a log
aggregator.
https://github.com/owncloud/ocis/issues/871
https://github.com/owncloud/ocis/pull/3935
Enhancement - Add config option to provide TLS certificate: #3818
Added a config option to the graph service to provide a TLS certificate to be used to verify the
LDAP server certificate.
https://github.com/owncloud/ocis/issues/3818
https://github.com/owncloud/ocis/pull/3888
Enhancement - Add descriptions for graph-explorer config: #3759
Added descriptions tags to the graph-explorer config tags so that they will be included in the
documentation.
Enhancement - Add /me/changePassword endpoint to GraphAPI: #3063
When using the builtin user management, allow users to update their own password via the
graph/v1.0/me/changePassword endpoint.
https://github.com/owncloud/ocis/issues/3063
https://github.com/owncloud/ocis/pull/3705
Enhancement - Generate signing key and encryption secret: #3909
The idp service now automatically generates a signing key and encryption secret when they
don't exist. This will enable service restarts without invalidating existing sessions.
https://github.com/owncloud/ocis/issues/3909
https://github.com/owncloud/ocis/pull/4022
Enhancement - Wrap metadata storage with dedicated reva gateway: #3602
We wrapped the metadata storage in a minimal reva instance with a dedicated gateway, including
static storage registry, static auth registry, in memory userprovider, machine
authprovider and demo permissions service. This allows us to preconfigure the service user
for the ocis settings service, share and public share providers.
https://github.com/owncloud/ocis/pull/3602
https://github.com/owncloud/ocis/pull/3647
Enhancement - New migrate command for migrating shares and public shares: #3987
We added a new migrate
subcommand which can be used to migrate shares and public shares
between different share and publicshare managers.
https://github.com/owncloud/ocis/pull/3987
https://github.com/owncloud/ocis/pull/4019
Enhancement - Product field in OCS version: #2918
We've added a new field to the OCS Version, which is supposed to announce the product name. The
web ui as a client will make use of it to make the backend product and version available (e.g. for
easier bug reports).
Enhancement - Allow resharing: #3904
This will allow resharing files
Enhancement - Add initial version of the search extensions: #3635
It is now possible to search for files and directories by their name using the web UI. Therefor
new search extension indexes files in a persistent local index.
Enhancement - Add capability for public link single file edit: #6787
It is now possible to share a single file by link with edit permissions. Therefore we need a
public share capability to enable that feature in the clients. At the same time, we improved the
WebDAV permissions for public links.
https://github.com/owncloud/web/pull/6787
https://github.com/owncloud/ocis/pull/3538
Enhancement - Added share_jail
and projects
feature flags in spaces capability: #3626
We've added feature flags to the spaces
capability to indicate to clients which features are
supposed to be shown to users.
Enhancement - Add description tags to the thumbnails config structs: #3752
Added description tags to the config structs in the thumbnails service so they will be included
in the config documentation.
Important If you ran ocis init
with the v2.0.0-alpha*
version then you have to manually add the transfer_secret
to the ocis.yaml.
Just open the ocis.yaml
config file and look for the thumbnails section. Then add a random
transfer_secret
so that it looks like this:
yaml thumbnails: thumbnail: transfer_secret: <put random value here>
Enhancement - Make thumbnails service log less noisy: #3959
Reduced the log severity when no thumbnail was found from warn to debug. This reduces the spam in
the logs.
Enhancement - Update linkshare capabilities: #3579
We have updated the capabilities regarding password enforcement and expiration dates of
public links. They were previously hardcoded in a way that didn't reflect the actual backend
functionality anymore.
Enhancement - Update reva: #3944
Changelog for reva 2.6.1 (2022-06-27) =======================================
The following sections list the changes in reva 2.6.1 relevant to reva users. The changes are
ordered by importance.
Summary -------
Changelog for reva 2.6.0 (2022-06-21) =======================================
The following sections list the changes in reva 2.6.0 relevant to reva users. The changes are
ordered by importance.
https://github.com/owncloud/ocis/pull/3944
https://github.com/owncloud/ocis/pull/3975
https://github.com/owncloud/ocis/pull/3982
https://github.com/owncloud/ocis/pull/4000
https://github.com/owncloud/ocis/pull/4006
Enhancement - Update reva: #4025
Enhancement - Update reva to version 2.4.1: #3746
Changelog for reva 2.4.1 (2022-05-24) =======================================
The following sections list the changes in reva 2.4.1 relevant to reva users. The changes are
ordered by importance.
Summary -------
Changelog for reva 2.4.0 (2022-05-24) =======================================
The following sections list the changes in reva 2.4.0 relevant to reva users. The changes are
ordered by importance.
Summary -------
https://github.com/owncloud/ocis/pull/3746
https://github.com/owncloud/ocis/pull/3771
https://github.com/owncloud/ocis/pull/3778
https://github.com/owncloud/ocis/pull/3842
https://github.com/owncloud/ocis/pull/3854
https://github.com/owncloud/ocis/pull/3858
https://github.com/owncloud/ocis/pull/3867
Enhancement - Update reva to version 2.5.1: #3932
Changelog for reva 2.5.1 (2022-06-08) =======================================
The following sections list the changes in reva 2.5.1 relevant to reva users. The changes are
ordered by importance.
Summary -------
Changelog for reva 2.5.0 (2022-06-07) =======================================
The following sections list the changes in reva 2.5.0 relevant to reva users. The changes are
ordered by importance.
Summary -------
https://github.com/owncloud/ocis/pull/3932
https://github.com/owncloud/ocis/pull/3928
https://github.com/owncloud/ocis/pull/3922
Enhancement - Update reva to v2.3.1: #3552
Updated reva to version 2.3.1. This update includes
Updated reva to version 2.3.0. This update includes:
https://github.com/owncloud/ocis/issues/3621
https://github.com/owncloud/ocis/pull/3552
https://github.com/owncloud/ocis/pull/3570
https://github.com/owncloud/ocis/pull/3601
https://github.com/owncloud/ocis/pull/3602
https://github.com/owncloud/ocis/pull/3605
https://github.com/owncloud/ocis/pull/3611
https://github.com/owncloud/ocis/pull/3637
https://github.com/owncloud/ocis/pull/3652
https://github.com/owncloud/ocis/pull/3681
Enhancement - Update ownCloud Web to v5.5.0-rc.8: #6854
Tags: web
We updated ownCloud Web to v5.5.0-rc.8. Please refer to the changelog (linked) for details on
the web release.
https://github.com/owncloud/web/pull/6854
https://github.com/owncloud/ocis/pull/3844
https://github.com/owncloud/ocis/pull/3862
https://github.com/owncloud/web/releases/tag/v5.5.0-rc.8
Enhancement - Update ownCloud Web to v5.5.0-rc.9: #6854
Tags: web
We updated ownCloud Web to v5.5.0-rc.9. Please refer to the changelog (linked) for details on
the web release.
Summary -------
https://github.com/owncloud/web/pull/6854
https://github.com/owncloud/ocis/pull/3927
https://github.com/owncloud/web/releases/tag/v5.5.0-rc.9
Enhancement - Update ownCloud Web to v5.5.0-rc.6: #6854
Tags: web
We updated ownCloud Web to v5.5.0-rc.6. Please refer to the changelog (linked) for details on
the web release.
https://github.com/owncloud/web/pull/6854
https://github.com/owncloud/ocis/pull/3664
https://github.com/owncloud/ocis/pull/3680
https://github.com/owncloud/ocis/pull/3727
https://github.com/owncloud/ocis/pull/3747
https://github.com/owncloud/ocis/pull/3797
https://github.com/owncloud/web/releases/tag/v5.5.0-rc.6
Enhancement - Update ownCloud Web to v5.7.0-rc.1: #4005
Tags: web
We updated ownCloud Web to v5.7.0-rc.1. Please refer to the changelog (linked) for details on
the web release.
https://github.com/owncloud/ocis/pull/4005
https://github.com/owncloud/web/pull/7158
https://github.com/owncloud/ocis/pull/3990
https://github.com/owncloud/web/pull/6854
https://github.com/owncloud/web/releases/tag/v5.7.0-rc.1
Enhancement - Add descriptions to webdav configuration: #3755
Added descriptions to webdav config structs to include them in the config documentation.
Published by kulmann over 2 years ago
ocis search
command: #3796
/dav/xxx?preview=1
requests: #3567
ocis init
and remove all default secrets: #3551
glauth
and accounts
services are removed: #3685
share_jail
and projects
feature flags in spaces capability: #3626
Bugfix - Remove runtime kill and run commands: #3740
We've removed the kill and run commands from the oCIS runtime. If these dynamic capabilities
are needed, one should switch to a full fledged supervisor and start oCIS as individual
services.
If one wants to start a only a subset of services, this is still possible by setting
OCIS_RUN_EXTENSIONS.
Bugfix - Check permissions when deleting Space: #3709
Check for manager permissions when deleting spaces. Do not allow deleting spaces via dav
service
Bugfix - Allow empty environment variables: #3892
We've fixed the behavior for empty environment variables, that previously would not have
overwritten default values. Therefore it had the same effect like not setting the environment
variable. We now check if the environment variable is set at all and if so, we also allow to
override a default value with an empty value.
Bugfix - Remove unused transfer secret from app provider: #3798
We've fixed the startup of the app provider by removing the startup dependency on a configured
transfer secret, which was not used. This only happend if you start the app provider without
runtime (eg. ocis app-provider server
) and didn't have configured all oCIS secrets.
Bugfix - Make IDP secrets configurable via environment variables: #3744
We've fixed the configuration options of the IDP to make the IDP secrets again configurable via
environment variables.
Bugfix - Enable debug server by default: #3827
We've fixed the behavior for the audit, idm, nats and notifications extensions, that did not
start their debug server by default.
Bugfix - Fix search index getting out of sync: #3851
We fixed a problem where the search index got out of sync with child elements of a parent
containing special characters.
Bugfix - Inconsistency env var naming for LDAP filter configuration: #3890
There was a naming inconsitency for the enviroment variables used to define LDAP filters for
user and groups queries. Some services used LDAP_USER_FILTER
while others used
LDAP_USERFILTER
. This is now changed to use LDAP_USER_FILTER
and LDAP_GROUP_FILTER
.
Note: If your oCIS setup is using an LDAP configuration that has any of the *_LDAP_USERFILTER
or *_LDAP_GROUPFILTER
environment variables set, please update the configuration to use
the new unified names *_LDAP_USER_FILTER
respectively *_LDAP_GROUP_FILTER
instead.
Bugfix - Fix LDAP insecure options: #3897
We've fixed multiple LDAP insecure options:
true
and now defaults to false
. This is possible after #3888, since the Graph also now uses the LDAP CAcert by default.OCIS_INSECURE
, which was replaced by the dedicated LDAP_INSECURE
variable. This variable is also used by all other services using LDAP.LDAP_INSECURE
.Bugfix - Set default name for public link via capabilities: #3834
We have now added a default name for public link shares which is communicated via the
capabilities.
https://github.com/owncloud/ocis/issues/1237
https://github.com/owncloud/ocis/pull/3834
Bugfix - Remove legacy accounts proxy routes: #3831
We've removed the legacy accounts routes from the proxy default config. There were no longer
used since the switch to IDM as the default user backend. Also accounts is no longer part of the
oCIS binary and therefore should not be part of the proxy default route config.
Bugfix - Fix the ocis search
command: #3796
We've fixed the behavior for ocis search
, which didn't show further help when not all secrets
have been configured. It also was not possible to start the search service standalone from the
oCIS binary without configuring all oCIS secrets, even they were not needed by the search
service.
Bugfix - Rename search env variable for the grpc server address: #3800
We've fixed the gprc server address configuration environment variable by renaming it from
ACCOUNTS_GRPC_ADDR
to SEARCH_GRPC_ADDR
Bugfix - Fix the idm and settings extensions' admin user id configuration option: #3799
We've fixed the admin user id configuration of the settings and idm extensions. The have
previously only been configurable via the oCIS shared configuration and therefore have been
undocumented for the extensions. This config option is now part of both extensions'
configuration and can now also be used when the extensions are compiled standalone.
Bugfix - Fix configuration validation for extensions' server commands: #3911
We've fixed the configuration validation for the extensions' server commands. Before that
fix error messages have occurred when trying to start individual services without certain
oCIS fullstack configuration values.
We now no longer do the common oCIS configuration validation for extensions' server commands
and now rely only on the extensions' validation function.
Bugfix - Fix multiple storage-users env variables: #3802
We've fixed multiple environment variable configuration options for the storage-users
extension:
STORAGE_USERS_GRPC_ADDR
was used to configure both the address of the http and grpc server. This resulted in a failing startup of the storage-users extension if this config option is set, because the service tries to double-bind the configured port (one time for each of the http and grpc server). You can now configure the grpc server's address with the environment variable STORAGE_USERS_GRPC_ADDR
and the http server's address with the environment variable STORAGE_USERS_HTTP_ADDR
STORAGE_USERS_S3NG_USERS_PROVIDER_ENDPOINT
was used to configure the permissions service endpoint for the S3NG driver and was therefore renamed to STORAGE_USERS_S3NG_PERMISSIONS_ENDPOINT
STORAGE_USERS_PERMISSION_ENDPOINT
, which was previously only used by the S3NG driver.Bugfix - Thumbnails for /dav/xxx?preview=1
requests: #3567
We've added the thumbnail rendering for /dav/xxx?preview=1
,
/remote.php/webdav/{relative path}?preview=1
and /webdav/{relative path}?preview=1
requests, which was previously not supported because of missing routes. It
now returns the same thumbnails as for /remote.php/dav/xxx?preview=1
.
Bugfix - Fix user autoprovisioning: #3893
We've fixed the autoprovsioning feature that was introduced in beta2. Due to a bug the role
assignment of the privileged user that is used to create accounts wasn't propagated correctly
to the graph
service.
Bugfix - Fix version number in status page: #3788
We needed to undo the version number changes on the status page to keep compatibility for legacy
clients. We added a new field productversion
for the actual version of the product.
https://github.com/owncloud/ocis/issues/3788
https://github.com/owncloud/ocis/pull/3805
Bugfix - Fix the webdav URL of drive roots: #3706
Fixed the webdav URL of drive roots in the graph API.
https://github.com/owncloud/ocis/issues/3706
https://github.com/owncloud/ocis/pull/3916
Bugfix - Idp: Check if CA certificate if present: #3623
Upon first start with the default configurtation the idm service creates a server
certificate, that might not be finished before the idp service is starting. Add a check to idp
similar to what the user, group, and auth-providers implement.
Bugfix - Return proper errors when ocs/cloud/users is using the cs3 backend: #3483
The ocs API was just exiting with a fatal error on any update request, when configured for the cs3
backend. Now it returns a proper error.
Bugfix - Save Katherine: #3823
SpaceManager user katherine was removed with the demo user switch. Now she comes back
https://github.com/owncloud/ocis/issues/3823
https://github.com/owncloud/ocis/pull/3824
Bugfix - Fix Thumbnails for IDs without a trailing path: #3791
The routes in the chi router were not matching thumbnail requests without a trailing path.
Bugfix - URL encode the webdav url in the graph API: #3597
Fixed the webdav URL in the drives responses. Without encoding the URL could be broken by files
with spaces in the file name.
https://github.com/owncloud/ocis/issues/3538
https://github.com/owncloud/ocis/pull/3597
Change - Update ocis packages and imports to V2: #3678
This needs to be done in preparation for the major version bump in ocis.
Change - Load configuration files just from one directory: #3587
We've changed the configuration file loading behavior and are now only loading configuration
files from ONE single directory. This directory can be set on compile time or via an environment
variable on startup (OCIS_CONFIG_DIR
).
We are using following configuration default paths:
/etc/ocis/
- Binary releases: $HOME/.ocis/config/
Change - Reduce permissions on docker image predeclared volumes: #3641
We've lowered the permissions on the predeclared volumes of the oCIS docker image from 777 to
750.
This change doesn't affect you, unless you use the docker image with the non default uid/guid to
start oCIS (default is 1000:1000).
Change - Introduce ocis init
and remove all default secrets: #3551
We've removed all default secrets and the hardcoded UUID of the user admin
. This means you
can't start oCIS any longer without setting these via environment variable or configuration
file.
In order to make this easy for you, we introduced a new command: ocis init
. You can run this
command before starting oCIS with ocis server
and it will bootstrap you a configuration file
for a secure oCIS instance.
https://github.com/owncloud/ocis/issues/3524
https://github.com/owncloud/ocis/pull/3551
https://github.com/owncloud/ocis/pull/3743
Change - The glauth
and accounts
services are removed: #3685
After switching the default configuration to libregraph/idm we could remove the glauth and
accounts services from the source code (they were already disabled by default with the
previous release)
Change - Reduce drives in graph /me/drives API: #3629
Reduced the drives in the graph /me/drives
API to only the drives the user has access to. The
endpoint /drives
will list all drives when the user has the permission.
Change - Switched default configuration to use libregraph/idm: #3331
We switched the default configuration of oCIS to use the "idm" service (based on
libregraph/idm) as the standard source for user and group information. The accounts and
glauth services are no longer enabled by default and will be removed with an upcoming release.
https://github.com/owncloud/ocis/pull/3331
https://github.com/owncloud/ocis/pull/3633
Change - Rename MetadataUserID: #3671
MetadataUserID is renamed to SystemUserID including yaml tags and env vars
Change - Use new space ID util functions: #3648
Changed code to use the new space ID util functions so that everything works with the new spaces
ID format.
https://github.com/owncloud/ocis/pull/3648
https://github.com/owncloud/ocis/pull/3669
Change - Prevent access to disabled space: #3779
Previously managers where allowed to edit the space even when it is disabled This is no longer
possible
Change - Rename serviceUser to systemUser: #3673
We renamed serviceUser to systemUser in all configs and vars including yaml-tags and env vars
Change - Split MachineAuth from SystemUser: #3672
We now have two different APIKeys: MachineAuth for the machine-auth service and SystemUser
for the system user used e.g. by settings service
Enhancement - Align service naming: #3606
We now reflect the configured service names when listing them in the ocis runtime
https://github.com/owncloud/ocis/issues/3603
https://github.com/owncloud/ocis/pull/3606
Enhancement - Introduce service registry cache: #3833
We've improved the service registry / service discovery by setting up registry caching (TTL
20s), so that not every requests has to do a lookup on the registry.
Enhancement - Reintroduce user autoprovisioning in proxy: #3860
With the removal of the accounts service autoprovisioning of users upon first login was no
longer possible. We added this feature back for the cs3 user backend in the proxy. Leveraging
the libregraph users API for creating the users.
Enhancement - Add config option to provide TLS certificate: #3818
Added a config option to the graph service to provide a TLS certificate to be used to verify the
LDAP server certificate.
https://github.com/owncloud/ocis/issues/3818
https://github.com/owncloud/ocis/pull/3888
Enhancement - Add descriptions for graph-explorer config: #3759
Added descriptions tags to the graph-explorer config tags so that they will be included in the
documentation.
Enhancement - Add /me/changePassword endpoint to GraphAPI: #3063
When using the builtin user management, allow users to update their own password via the
graph/v1.0/me/changePassword endpoint.
https://github.com/owncloud/ocis/issues/3063
https://github.com/owncloud/ocis/pull/3705
Enhancement - Wrap metadata storage with dedicated reva gateway: #3602
We wrapped the metadata storage in a minimal reva instance with a dedicated gateway, including
static storage registry, static auth registry, in memory userprovider, machine
authprovider and demo permissions service. This allows us to preconfigure the service user
for the ocis settings service, share and public share providers.
https://github.com/owncloud/ocis/pull/3602
https://github.com/owncloud/ocis/pull/3647
Enhancement - Product field in OCS version: #2918
We've added a new field to the OCS Version, which is supposed to announce the product name. The
web ui as a client will make use of it to make the backend product and version available (e.g. for
easier bug reports).
Enhancement - Add initial version of the search extensions: #3635
It is now possible to search for files and directories by their name using the web UI. Therefor
new search extension indexes files in a persistent local index.
Enhancement - Add capability for public link single file edit: #6787
It is now possible to share a single file by link with edit permissions. Therefore we need a
public share capability to enable that feature in the clients. At the same time, we improved the
WebDAV permissions for public links.
https://github.com/owncloud/web/pull/6787
https://github.com/owncloud/ocis/pull/3538
Enhancement - Added share_jail
and projects
feature flags in spaces capability: #3626
We've added feature flags to the spaces
capability to indicate to clients which features are
supposed to be shown to users.
Enhancement - Add description tags to the thumbnails config structs: #3752
Added description tags to the config structs in the thumbnails service so they will be included
in the config documentation.
Important If you ran ocis init
with the v2.0.0-alpha*
version then you have to manually add the transfer_secret
to the ocis.yaml.
Just open the ocis.yaml
config file and look for the thumbnails section. Then add a random
transfer_secret
so that it looks like this:
yaml thumbnails: thumbnail: transfer_secret: <put random value here>
Enhancement - Update linkshare capabilities: #3579
We have updated the capabilities regarding password enforcement and expiration dates of
public links. They were previously hardcoded in a way that didn't reflect the actual backend
functionality anymore.
Enhancement - Update reva to version 2.4.1: #3746
Changelog for reva 2.4.1 (2022-05-24) =======================================
The following sections list the changes in reva 2.4.1 relevant to reva users. The changes are
ordered by importance.
Summary -------
Changelog for reva 2.4.0 (2022-05-24) =======================================
The following sections list the changes in reva 2.4.0 relevant to reva users. The changes are
ordered by importance.
Summary -------
https://github.com/owncloud/ocis/pull/3746
https://github.com/owncloud/ocis/pull/3771
https://github.com/owncloud/ocis/pull/3778
https://github.com/owncloud/ocis/pull/3842
https://github.com/owncloud/ocis/pull/3854
https://github.com/owncloud/ocis/pull/3858
https://github.com/owncloud/ocis/pull/3867
Enhancement - Update reva to version 2.5.1: #3932
Changelog for reva 2.5.1 (2022-06-08) =======================================
The following sections list the changes in reva 2.5.1 relevant to reva users. The changes are
ordered by importance.
Summary -------
Changelog for reva 2.5.0 (2022-06-07) =======================================
The following sections list the changes in reva 2.5.0 relevant to reva users. The changes are
ordered by importance.
Summary -------
https://github.com/owncloud/ocis/pull/3932
https://github.com/owncloud/ocis/pull/3928
https://github.com/owncloud/ocis/pull/3922
Enhancement - Update reva to v2.3.1: #3552
Updated reva to version 2.3.1. This update includes
Updated reva to version 2.3.0. This update includes:
https://github.com/owncloud/ocis/issues/3621
https://github.com/owncloud/ocis/pull/3552
https://github.com/owncloud/ocis/pull/3570
https://github.com/owncloud/ocis/pull/3601
https://github.com/owncloud/ocis/pull/3602
https://github.com/owncloud/ocis/pull/3605
https://github.com/owncloud/ocis/pull/3611
https://github.com/owncloud/ocis/pull/3637
https://github.com/owncloud/ocis/pull/3652
https://github.com/owncloud/ocis/pull/3681
Enhancement - Update ownCloud Web to v5.5.0-rc.8: #6854
Tags: web
We updated ownCloud Web to v5.5.0-rc.8. Please refer to the changelog (linked) for details on
the web release.
https://github.com/owncloud/web/pull/6854
https://github.com/owncloud/ocis/pull/3844
https://github.com/owncloud/ocis/pull/3862
https://github.com/owncloud/web/releases/tag/v5.5.0-rc.8
Enhancement - Update ownCloud Web to v5.5.0-rc.9: #6854
Tags: web
We updated ownCloud Web to v5.5.0-rc.9. Please refer to the changelog (linked) for details on
the web release.
Summary -------
https://github.com/owncloud/web/pull/6854
https://github.com/owncloud/ocis/pull/3927
https://github.com/owncloud/web/releases/tag/v5.5.0-rc.9
Enhancement - Update ownCloud Web to v5.5.0-rc.6: #6854
Tags: web
We updated ownCloud Web to v5.5.0-rc.6. Please refer to the changelog (linked) for details on
the web release.
https://github.com/owncloud/web/pull/6854
https://github.com/owncloud/ocis/pull/3664
https://github.com/owncloud/ocis/pull/3680
https://github.com/owncloud/ocis/pull/3727
https://github.com/owncloud/ocis/pull/3747
https://github.com/owncloud/ocis/pull/3797
https://github.com/owncloud/web/releases/tag/v5.5.0-rc.6
Enhancement - Add descriptions to webdav configuration: #3755
Added descriptions to webdav config structs to include them in the config documentation.
Published by ownclouders over 2 years ago
ocis search
command: #3796
/dav/xxx?preview=1
requests: #3567
ocis init
and remove all default secrets: #3551
glauth
and accounts
services are removed: #3685
share_jail
and projects
feature flags in spaces capability: #3626
Bugfix - Remove runtime kill and run commands: #3740
We've removed the kill and run commands from the oCIS runtime. If these dynamic capabilities
are needed, one should switch to a full fledged supervisor and start oCIS as individual
services.
If one wants to start a only a subset of services, this is still possible by setting
OCIS_RUN_EXTENSIONS.
Bugfix - Check permissions when deleting Space: #3709
Check for manager permissions when deleting spaces. Do not allow deleting spaces via dav
service
Bugfix - Remove unused transfer secret from app provider: #3798
We've fixed the startup of the app provider by removing the startup dependency on a configured
transfer secret, which was not used. This only happend if you start the app provider without
runtime (eg. ocis app-provider server
) and didn't have configured all oCIS secrets.
Bugfix - Make IDP secrets configurable via environment variables: #3744
We've fixed the configuration options of the IDP to make the IDP secrets again configurable via
environment variables.
Bugfix - Enable debug server by default: #3827
We've fixed the behavior for the audit, idm, nats and notifications extensions, that did not
start their debug server by default.
Bugfix - Fix search index getting out of sync: #3851
We fixed a problem where the search index got out of sync with child elements of a parent
containing special characters.
Bugfix - Set default name for public link via capabilities: #3834
We have now added a default name for public link shares which is communicated via the
capabilities.
https://github.com/owncloud/ocis/issues/1237
https://github.com/owncloud/ocis/pull/3834
Bugfix - Remove legacy accounts proxy routes: #3831
We've removed the legacy accounts routes from the proxy default config. There were no longer
used since the switch to IDM as the default user backend. Also accounts is no longer part of the
oCIS binary and therefore should not be part of the proxy default route config.
Bugfix - Fix the ocis search
command: #3796
We've fixed the behavior for ocis search
, which didn't show further help when not all secrets
have been configured. It also was not possible to start the search service standalone from the
oCIS binary without configuring all oCIS secrets, even they were not needed by the search
service.
Bugfix - Rename search env variable for the grpc server address: #3800
We've fixed the gprc server address configuration environment variable by renaming it from
ACCOUNTS_GRPC_ADDR
to SEARCH_GRPC_ADDR
Bugfix - Fix the idm and settings extensions' admin user id configuration option: #3799
We've fixed the admin user id configuration of the settings and idm extensions. The have
previously only been configurable via the oCIS shared configuration and therefore have been
undocumented for the extensions. This config option is now part of both extensions'
configuration and can now also be used when the extensions are compiled standalone.
Bugfix - Fix multiple storage-users env variables: #3802
We've fixed multiple environment variable configuration options for the storage-users
extension:
STORAGE_USERS_GRPC_ADDR
was used to configure both the address of the http and grpc server. This resulted in a failing startup of the storage-users extension if this config option is set, because the service tries to double-bind the configured port (one time for each of the http and grpc server). You can now configure the grpc server's address with the environment variable STORAGE_USERS_GRPC_ADDR
and the http server's address with the environment variable STORAGE_USERS_HTTP_ADDR
STORAGE_USERS_S3NG_USERS_PROVIDER_ENDPOINT
was used to configure the permissions service endpoint for the S3NG driver and was therefore renamed to STORAGE_USERS_S3NG_PERMISSIONS_ENDPOINT
STORAGE_USERS_PERMISSION_ENDPOINT
, which was previously only used by the S3NG driver.Bugfix - Thumbnails for /dav/xxx?preview=1
requests: #3567
We've added the thumbnail rendering for /dav/xxx?preview=1
,
/remote.php/webdav/{relative path}?preview=1
and /webdav/{relative path}?preview=1
requests, which was previously not supported because of missing routes. It
now returns the same thumbnails as for /remote.php/dav/xxx?preview=1
.
Bugfix - Fix version number in status page: #3788
We needed to undo the version number changes on the status page to keep compatibility for legacy
clients. We added a new field productversion
for the actual version of the product.
https://github.com/owncloud/ocis/issues/3788
https://github.com/owncloud/ocis/pull/3805
Bugfix - Idp: Check if CA certificate if present: #3623
Upon first start with the default configurtation the idm service creates a server
certificate, that might not be finished before the idp service is starting. Add a check to idp
similar to what the user, group, and auth-providers implement.
Bugfix - Return proper errors when ocs/cloud/users is using the cs3 backend: #3483
The ocs API was just exiting with a fatal error on any update request, when configured for the cs3
backend. Now it returns a proper error.
Bugfix - Save Katherine: #3823
SpaceManager user katherine was removed with the demo user switch. Now she comes back
https://github.com/owncloud/ocis/issues/3823
https://github.com/owncloud/ocis/pull/3824
Bugfix - Fix Thumbnails for IDs without a trailing path: #3791
The routes in the chi router were not matching thumbnail requests without a trailing path.
Bugfix - URL encode the webdav url in the graph API: #3597
Fixed the webdav URL in the drives responses. Without encoding the URL could be broken by files
with spaces in the file name.
https://github.com/owncloud/ocis/issues/3538
https://github.com/owncloud/ocis/pull/3597
Change - Update ocis packages and imports to V2: #3678
This needs to be done in preparation for the major version bump in ocis.
Change - Load configuration files just from one directory: #3587
We've changed the configuration file loading behavior and are now only loading configuration
files from ONE single directory. This directory can be set on compile time or via an environment
variable on startup (OCIS_CONFIG_DIR
).
We are using following configuration default paths:
/etc/ocis/
- Binary releases: $HOME/.ocis/config/
Change - Reduce permissions on docker image predeclared volumes: #3641
We've lowered the permissions on the predeclared volumes of the oCIS docker image from 777 to
750.
This change doesn't affect you, unless you use the docker image with the non default uid/guid to
start oCIS (default is 1000:1000).
Change - Introduce ocis init
and remove all default secrets: #3551
We've removed all default secrets and the hardcoded UUID of the user admin
. This means you
can't start oCIS any longer without setting these via environment variable or configuration
file.
In order to make this easy for you, we introduced a new command: ocis init
. You can run this
command before starting oCIS with ocis server
and it will bootstrap you a configuration file
for a secure oCIS instance.
https://github.com/owncloud/ocis/issues/3524
https://github.com/owncloud/ocis/pull/3551
https://github.com/owncloud/ocis/pull/3743
Change - The glauth
and accounts
services are removed: #3685
After switching the default configuration to libregraph/idm we could remove the glauth and
accounts services from the source code (they were already disabled by default with the
previous release)
Change - Reduce drives in graph /me/drives API: #3629
Reduced the drives in the graph /me/drives
API to only the drives the user has access to. The
endpoint /drives
will list all drives when the user has the permission.
Change - Switched default configuration to use libregraph/idm: #3331
We switched the default configuration of oCIS to use the "idm" service (based on
libregraph/idm) as the standard source for user and group information. The accounts and
glauth services are no longer enabled by default and will be removed with an upcoming release.
https://github.com/owncloud/ocis/pull/3331
https://github.com/owncloud/ocis/pull/3633
Change - Rename MetadataUserID: #3671
MetadataUserID is renamed to SystemUserID including yaml tags and env vars
Change - Use new space ID util functions: #3648
Changed code to use the new space ID util functions so that everything works with the new spaces
ID format.
https://github.com/owncloud/ocis/pull/3648
https://github.com/owncloud/ocis/pull/3669
Change - Prevent access to disabled space: #3779
Previously managers where allowed to edit the space even when it is disabled This is no longer
possible
Change - Rename serviceUser to systemUser: #3673
We renamed serviceUser to systemUser in all configs and vars including yaml-tags and env vars
Change - Split MachineAuth from SystemUser: #3672
We now have two different APIKeys: MachineAuth for the machine-auth service and SystemUser
for the system user used e.g. by settings service
Enhancement - Align service naming: #3606
We now reflect the configured service names when listing them in the ocis runtime
https://github.com/owncloud/ocis/issues/3603
https://github.com/owncloud/ocis/pull/3606
Enhancement - Introduce service registry cache: #3833
We've improved the service registry / service discovery by setting up registry caching (TTL
20s), so that not every requests has to do a lookup on the registry.
Enhancement - Reintroduce user autoprovisioning in proxy: #3860
With the removal of the accounts service autoprovisioning of users upon first login was no
longer possible. We added this feature back for the cs3 user backend in the proxy. Leveraging
the libregraph users API for creating the users.
Enhancement - Add descriptions for graph-explorer config: #3759
Added descriptions tags to the graph-explorer config tags so that they will be included in the
documentation.
Enhancement - Add /me/changePassword endpoint to GraphAPI: #3063
When using the builtin user management, allow users to update their own password via the
graph/v1.0/me/changePassword endpoint.
https://github.com/owncloud/ocis/issues/3063
https://github.com/owncloud/ocis/pull/3705
Enhancement - Wrap metadata storage with dedicated reva gateway: #3602
We wrapped the metadata storage in a minimal reva instance with a dedicated gateway, including
static storage registry, static auth registry, in memory userprovider, machine
authprovider and demo permissions service. This allows us to preconfigure the service user
for the ocis settings service, share and public share providers.
https://github.com/owncloud/ocis/pull/3602
https://github.com/owncloud/ocis/pull/3647
Enhancement - Product field in OCS version: #2918
We've added a new field to the OCS Version, which is supposed to announce the product name. The
web ui as a client will make use of it to make the backend product and version available (e.g. for
easier bug reports).
Enhancement - Add initial version of the search extensions: #3635
It is now possible to search for files and directories by their name using the web UI. Therefor
new search extension indexes files in a persistent local index.
Enhancement - Add capability for public link single file edit: #6787
It is now possible to share a single file by link with edit permissions. Therefore we need a
public share capability to enable that feature in the clients. At the same time, we improved the
WebDAV permissions for public links.
https://github.com/owncloud/web/pull/6787
https://github.com/owncloud/ocis/pull/3538
Enhancement - Added share_jail
and projects
feature flags in spaces capability: #3626
We've added feature flags to the spaces
capability to indicate to clients which features are
supposed to be shown to users.
Enhancement - Add description tags to the thumbnails config structs: #3752
Added description tags to the config structs in the thumbnails service so they will be included
in the config documentation.
Important If you ran ocis init
with the v2.0.0-alpha*
version then you have to manually add the transfer_secret
to the ocis.yaml.
Just open the ocis.yaml
config file and look for the thumbnails section. Then add a random
transfer_secret
so that it looks like this:
yaml thumbnails: thumbnail: transfer_secret: <put random value here>
Enhancement - Update linkshare capabilities: #3579
We have updated the capabilities regarding password enforcement and expiration dates of
public links. They were previously hardcoded in a way that didn't reflect the actual backend
functionality anymore.
Enhancement - Update reva to version 2.4.1: #3746
Changelog for reva 2.4.1 (2022-05-24) =======================================
The following sections list the changes in reva 2.4.1 relevant to reva users. The changes are
ordered by importance.
Summary -------
Changelog for reva 2.4.0 (2022-05-24) =======================================
The following sections list the changes in reva 2.4.0 relevant to reva users. The changes are
ordered by importance.
Summary -------
https://github.com/owncloud/ocis/pull/3746
https://github.com/owncloud/ocis/pull/3771
https://github.com/owncloud/ocis/pull/3778
https://github.com/owncloud/ocis/pull/3842
https://github.com/owncloud/ocis/pull/3854
https://github.com/owncloud/ocis/pull/3858
https://github.com/owncloud/ocis/pull/3867
Enhancement - Update reva to v2.3.1: #3552
Updated reva to version 2.3.1. This update includes
Updated reva to version 2.3.0. This update includes:
https://github.com/owncloud/ocis/issues/3621
https://github.com/owncloud/ocis/pull/3552
https://github.com/owncloud/ocis/pull/3570
https://github.com/owncloud/ocis/pull/3601
https://github.com/owncloud/ocis/pull/3602
https://github.com/owncloud/ocis/pull/3605
https://github.com/owncloud/ocis/pull/3611
https://github.com/owncloud/ocis/pull/3637
https://github.com/owncloud/ocis/pull/3652
https://github.com/owncloud/ocis/pull/3681
Enhancement - Update ownCloud Web to v5.5.0-rc.8: #6854
Tags: web
We updated ownCloud Web to v5.5.0-rc.8. Please refer to the changelog (linked) for details on
the web release.
https://github.com/owncloud/web/pull/6854
https://github.com/owncloud/ocis/pull/3844
https://github.com/owncloud/ocis/pull/3862
https://github.com/owncloud/web/releases/tag/v5.5.0-rc.8
Enhancement - Update ownCloud Web to v5.5.0-rc.6: #6854
Tags: web
We updated ownCloud Web to v5.5.0-rc.6. Please refer to the changelog (linked) for details on
the web release.
https://github.com/owncloud/web/pull/6854
https://github.com/owncloud/ocis/pull/3664
https://github.com/owncloud/ocis/pull/3680
https://github.com/owncloud/ocis/pull/3727
https://github.com/owncloud/ocis/pull/3747
https://github.com/owncloud/ocis/pull/3797
https://github.com/owncloud/web/releases/tag/v5.5.0-rc.6
Enhancement - Add descriptions to webdav configuration: #3755
Added descriptions to webdav config structs to include them in the config documentation.
Published by ownclouders over 2 years ago
/dav/xxx?preview=1
requests: #3567
ocis init
and remove all default secrets: #3551
share_jail
and projects
feature flags in spaces capability: #3626
Bugfix - Remove runtime kill and run commands: #3740
We've removed the kill and run commands from the oCIS runtime. If these dynamic capabilities
are needed, one should switch to a full fledged supervisor and start oCIS as individual
services.
If one wants to start a only a subset of services, this is still possible by setting
OCIS_RUN_EXTENSIONS.
Bugfix - Check permissions when deleting Space: #3709
Check for manager permissions when deleting spaces. Do not allow deleting spaces via dav
service
Bugfix - Make IDP secrets configurable via environment variables: #3744
We've fixed the configuration options of the IDP to make the IDP secrets again configurable via
environment variables.
Bugfix - Thumbnails for /dav/xxx?preview=1
requests: #3567
We've added the thumbnail rendering for /dav/xxx?preview=1
,
/remote.php/webdav/{relative path}?preview=1
and /webdav/{relative path}?preview=1
requests, which was previously not supported because of missing routes. It
now returns the same thumbnails as for /remote.php/dav/xxx?preview=1
.
Bugfix - Idp: Check if CA certificate if present: #3623
Upon first start with the default configurtation the idm service creates a server
certificate, that might not be finished before the idp service is starting. Add a check to idp
similar to what the user, group, and auth-providers implement.
Bugfix - Return proper errors when ocs/cloud/users is using the cs3 backend: #3483
The ocs API was just exiting with a fatal error on any update request, when configured for the cs3
backend. Now it returns a proper error.
Bugfix - URL encode the webdav url in the graph API: #3597
Fixed the webdav URL in the drives responses. Without encoding the URL could be broken by files
with spaces in the file name.
https://github.com/owncloud/ocis/issues/3538
https://github.com/owncloud/ocis/pull/3597
Change - Update ocis packages and imports to V2: #3678
This needs to be done in preparation for the major version bump in ocis.
Change - Load configuration files just from one directory: #3587
We've changed the configuration file loading behavior and are now only loading configuration
files from ONE single directory. This directory can be set on compile time or via an environment
variable on startup (OCIS_CONFIG_DIR
).
We are using following configuration default paths:
/etc/ocis/
- Binary releases: $HOME/.ocis/config/
Change - Reduce permissions on docker image predeclared volumes: #3641
We've lowered the permissions on the predeclared volumes of the oCIS docker image from 777 to
750.
This change doesn't affect you, unless you use the docker image with the non default uid/guid to
start oCIS (default is 1000:1000).
Change - Introduce ocis init
and remove all default secrets: #3551
We've removed all default secrets and the hardcoded UUID of the user admin
. This means you
can't start oCIS any longer without setting these via environment variable or configuration
file.
In order to make this easy for you, we introduced a new command: ocis init
. You can run this
command before starting oCIS with ocis server
and it will bootstrap you a configuration file
for a secure oCIS instance.
https://github.com/owncloud/ocis/issues/3524
https://github.com/owncloud/ocis/pull/3551
https://github.com/owncloud/ocis/pull/3743
Change - Reduce drives in graph /me/drives API: #3629
Reduced the drives in the graph /me/drives
API to only the drives the user has access to. The
endpoint /drives
will list all drives when the user has the permission.
Change - Switched default configuration to use libregraph/idm: #3331
We switched the default configuration of oCIS to use the "idm" service (based on
libregraph/idm) as the standard source for user and group information. The accounts and
glauth services are no longer enabled by default and will be removed with an upcoming release.
https://github.com/owncloud/ocis/pull/3331
https://github.com/owncloud/ocis/pull/3633
Change - Rename MetadataUserID: #3671
MetadataUserID is renamed to SystemUserID including yaml tags and env vars
Change - Use new space ID util functions: #3648
Changed code to use the new space ID util functions so that everything works with the new spaces
ID format.
https://github.com/owncloud/ocis/pull/3648
https://github.com/owncloud/ocis/pull/3669
Change - Rename serviceUser to systemUser: #3673
We renamed serviceUser to systemUser in all configs and vars including yaml-tags and env vars
Change - Split MachineAuth from SystemUser: #3672
We now have two different APIKeys: MachineAuth for the machine-auth service and SystemUser
for the system user used e.g. by settings service
Enhancement - Align service naming: #3606
We now reflect the configured service names when listing them in the ocis runtime
https://github.com/owncloud/ocis/issues/3603
https://github.com/owncloud/ocis/pull/3606
Enhancement - Wrap metadata storage with dedicated reva gateway: #3602
We wrapped the metadata storage in a minimal reva instance with a dedicated gateway, including
static storage registry, static auth registry, in memory userprovider, machine
authprovider and demo permissions service. This allows us to preconfigure the service user
for the ocis settings service, share and public share providers.
https://github.com/owncloud/ocis/pull/3602
https://github.com/owncloud/ocis/pull/3647
Enhancement - Product field in OCS version: #2918
We've added a new field to the OCS Version, which is supposed to announce the product name. The
web ui as a client will make use of it to make the backend product and version available (e.g. for
easier bug reports).
Enhancement - Add initial version of the search extensions: #3635
It is now possible to search for files and directories by their name using the web UI. Therefor
new search extension indexes files in a persistent local index.
Enhancement - Add capability for public link single file edit: #6787
It is now possible to share a single file by link with edit permissions. Therefore we need a
public share capability to enable that feature in the clients. At the same time, we improved the
WebDAV permissions for public links.
https://github.com/owncloud/web/pull/6787
https://github.com/owncloud/ocis/pull/3538
Enhancement - Added share_jail
and projects
feature flags in spaces capability: #3626
We've added feature flags to the spaces
capability to indicate to clients which features are
supposed to be shown to users.
Enhancement - Update linkshare capabilities: #3579
We have updated the capabilities regarding password enforcement and expiration dates of
public links. They were previously hardcoded in a way that didn't reflect the actual backend
functionality anymore.
Enhancement - Update reva to v2.3.1: #3552
Updated reva to version 2.3.1. This update includes
Updated reva to version 2.3.0. This update includes:
https://github.com/owncloud/ocis/issues/3621
https://github.com/owncloud/ocis/pull/3552
https://github.com/owncloud/ocis/pull/3570
https://github.com/owncloud/ocis/pull/3601
https://github.com/owncloud/ocis/pull/3602
https://github.com/owncloud/ocis/pull/3605
https://github.com/owncloud/ocis/pull/3611
https://github.com/owncloud/ocis/pull/3637
https://github.com/owncloud/ocis/pull/3652
https://github.com/owncloud/ocis/pull/3681
Enhancement - Update ownCloud Web to v5.5.0-rc.5: #6854
Tags: web
We updated ownCloud Web to v5.5.0-rc.5. Please refer to the changelog (linked) for details on
the web release.
https://github.com/owncloud/web/pull/6854
https://github.com/owncloud/ocis/pull/3664
https://github.com/owncloud/ocis/pull/3680
https://github.com/owncloud/ocis/pull/3727
https://github.com/owncloud/ocis/pull/3747
https://github.com/owncloud/web/releases/tag/v5.5.0-rc.5
Published by ownclouders over 2 years ago
/dav/xxx?preview=1
requests: #3567
ocis init
and remove all default secrets: #3551
share_jail
and projects
feature flags in spaces capability: #3626
Bugfix - Remove runtime kill and run commands: #3740
We've removed the kill and run commands from the oCIS runtime. If these dynamic capabilities
are needed, one should switch to a full fledged supervisor and start oCIS as individual
services.
If one wants to start a only a subset of services, this is still possible by setting
OCIS_RUN_EXTENSIONS.
Bugfix - Check permissions when deleting Space: #3709
Check for manager permissions when deleting spaces. Do not allow deleting spaces via dav
service
Bugfix - Make IDP secrets configurable via environment variables: #3744
We've fixed the configuration options of the IDP to make the IDP secrets again configurable via
environment variables.
Bugfix - Thumbnails for /dav/xxx?preview=1
requests: #3567
We've added the thumbnail rendering for /dav/xxx?preview=1
,
/remote.php/webdav/{relative path}?preview=1
and /webdav/{relative path}?preview=1
requests, which was previously not supported because of missing routes. It
now returns the same thumbnails as for /remote.php/dav/xxx?preview=1
.
Bugfix - Idp: Check if CA certificate if present: #3623
Upon first start with the default configurtation the idm service creates a server
certificate, that might not be finished before the idp service is starting. Add a check to idp
similar to what the user, group, and auth-providers implement.
Bugfix - Return proper errors when ocs/cloud/users is using the cs3 backend: #3483
The ocs API was just exiting with a fatal error on any update request, when configured for the cs3
backend. Now it returns a proper error.
Bugfix - URL encode the webdav url in the graph API: #3597
Fixed the webdav URL in the drives responses. Without encoding the URL could be broken by files
with spaces in the file name.
https://github.com/owncloud/ocis/issues/3538
https://github.com/owncloud/ocis/pull/3597
Change - Update ocis packages and imports to V2: #3678
This needs to be done in preparation for the major version bump in ocis.
Change - Load configuration files just from one directory: #3587
We've changed the configuration file loading behavior and are now only loading configuration
files from ONE single directory. This directory can be set on compile time or via an environment
variable on startup (OCIS_CONFIG_DIR
).
We are using following configuration default paths:
/etc/ocis/
- Binary releases: $HOME/.ocis/config/
Change - Reduce permissions on docker image predeclared volumes: #3641
We've lowered the permissions on the predeclared volumes of the oCIS docker image from 777 to
750.
This change doesn't affect you, unless you use the docker image with the non default uid/guid to
start oCIS (default is 1000:1000).
Change - Introduce ocis init
and remove all default secrets: #3551
We've removed all default secrets and the hardcoded UUID of the user admin
. This means you
can't start oCIS any longer without setting these via environment variable or configuration
file.
In order to make this easy for you, we introduced a new command: ocis init
. You can run this
command before starting oCIS with ocis server
and it will bootstrap you a configuration file
for a secure oCIS instance.
https://github.com/owncloud/ocis/issues/3524
https://github.com/owncloud/ocis/pull/3551
https://github.com/owncloud/ocis/pull/3743
Change - Reduce drives in graph /me/drives API: #3629
Reduced the drives in the graph /me/drives
API to only the drives the user has access to. The
endpoint /drives
will list all drives when the user has the permission.
Change - Switched default configuration to use libregraph/idm: #3331
We switched the default configuration of oCIS to use the "idm" service (based on
libregraph/idm) as the standard source for user and group information. The accounts and
glauth services are no longer enabled by default and will be removed with an upcoming release.
https://github.com/owncloud/ocis/pull/3331
https://github.com/owncloud/ocis/pull/3633
Change - Rename MetadataUserID: #3671
MetadataUserID is renamed to SystemUserID including yaml tags and env vars
Change - Use new space ID util functions: #3648
Changed code to use the new space ID util functions so that everything works with the new spaces
ID format.
https://github.com/owncloud/ocis/pull/3648
https://github.com/owncloud/ocis/pull/3669
Change - Rename serviceUser to systemUser: #3673
We renamed serviceUser to systemUser in all configs and vars including yaml-tags and env vars
Change - Split MachineAuth from SystemUser: #3672
We now have two different APIKeys: MachineAuth for the machine-auth service and SystemUser
for the system user used e.g. by settings service
Enhancement - Align service naming: #3606
We now reflect the configured service names when listing them in the ocis runtime
https://github.com/owncloud/ocis/issues/3603
https://github.com/owncloud/ocis/pull/3606
Enhancement - Wrap metadata storage with dedicated reva gateway: #3602
We wrapped the metadata storage in a minimal reva instance with a dedicated gateway, including
static storage registry, static auth registry, in memory userprovider, machine
authprovider and demo permissions service. This allows us to preconfigure the service user
for the ocis settings service, share and public share providers.
https://github.com/owncloud/ocis/pull/3602
https://github.com/owncloud/ocis/pull/3647
Enhancement - Product field in OCS version: #2918
We've added a new field to the OCS Version, which is supposed to announce the product name. The
web ui as a client will make use of it to make the backend product and version available (e.g. for
easier bug reports).
Enhancement - Add initial version of the search extensions: #3635
It is now possible to search for files and directories by their name using the web UI. Therefor
new search extension indexes files in a persistent local index.
Enhancement - Add capability for public link single file edit: #6787
It is now possible to share a single file by link with edit permissions. Therefore we need a
public share capability to enable that feature in the clients. At the same time, we improved the
WebDAV permissions for public links.
https://github.com/owncloud/web/pull/6787
https://github.com/owncloud/ocis/pull/3538
Enhancement - Added share_jail
and projects
feature flags in spaces capability: #3626
We've added feature flags to the spaces
capability to indicate to clients which features are
supposed to be shown to users.
Enhancement - Update linkshare capabilities: #3579
We have updated the capabilities regarding password enforcement and expiration dates of
public links. They were previously hardcoded in a way that didn't reflect the actual backend
functionality anymore.
Enhancement - Update reva to v2.3.1: #3552
Updated reva to version 2.3.1. This update includes
Updated reva to version 2.3.0. This update includes:
https://github.com/owncloud/ocis/issues/3621
https://github.com/owncloud/ocis/pull/3552
https://github.com/owncloud/ocis/pull/3570
https://github.com/owncloud/ocis/pull/3601
https://github.com/owncloud/ocis/pull/3602
https://github.com/owncloud/ocis/pull/3605
https://github.com/owncloud/ocis/pull/3611
https://github.com/owncloud/ocis/pull/3637
https://github.com/owncloud/ocis/pull/3652
https://github.com/owncloud/ocis/pull/3681
Enhancement - Update ownCloud Web to v5.5.0-rc.5: #6854
Tags: web
We updated ownCloud Web to v5.5.0-rc.5. Please refer to the changelog (linked) for details on
the web release.
https://github.com/owncloud/web/pull/6854
https://github.com/owncloud/ocis/pull/3664
https://github.com/owncloud/ocis/pull/3680
https://github.com/owncloud/ocis/pull/3727
https://github.com/owncloud/ocis/pull/3747
https://github.com/owncloud/web/releases/tag/v5.5.0-rc.5
Published by ownclouders over 2 years ago
Published by ownclouders over 2 years ago
owncloudsql
driver to authprovider config: #3435
Bugfix - Add owncloudsql
driver to authprovider config: #3435
Bugfix - Corrected documentation: #3439
Bugfix - Ensure the same data on /ocs/v?.php/config like oC10: #3113
We've fixed the returned values on the /ocs/v?.php/config endpoints, so that they now return
the same values as an oC10 would do.
Bugfix - Use the default server download protocol if spaces are not supported: #3386
Change - Fix keys with underscores in the config files: #3412
We've fixed some config keys in configuration files that previously didn't contain
underscores but should.
Please check the documentation on https://owncloud.dev for latest configuration
documentation.
Change - Don't create demo users by default: #3474
As we are coming closer to the first beta, we need to disable the creation of the demo users by
default.
https://github.com/owncloud/ocis/issues/3181
https://github.com/owncloud/ocis/pull/3474
Enhancement - Alias links: #3454
Bumps reva and configures ocs token endpoint to be unprotected
Enhancement - Replace deprecated String.prototype.substr(): #3448
We've replaced all occurrences of the deprecated String.prototype.substr() function with
String.prototype.slice() which works similarly but isn't deprecated.
Enhancement - Add sorting to GraphAPI users and groups: #3360
The GraphAPI endpoints for users and groups support ordering now. User can be ordered by
displayName, onPremisesSamAccountName and mail. Groups can be ordered by displayName.
Example: https://localhost:9200/graph/v1.0/groups?$orderby=displayName asc
Enhancement - Unify LDAP config settings accross services: #3476
The storage services where updated to adapt for the recent changes of the LDAP settings in reva.
Also we allow now to use a new set of top-level LDAP environment variables that are shared
between all LDAP-using services in ocis (graph, idp, storage-auth-basic,
storage-userprovider, storage-groupprovider, idm). This should simplify the most LDAP
based configurations considerably.
Here is a list of the new environment variables: LDAP_URI LDAP_INSECURE LDAP_CACERT
LDAP_BIND_DN LDAP_BIND_PASSWORD LDAP_LOGIN_ATTRIBUTES LDAP_USER_BASE_DN
LDAP_USER_SCOPE LDAP_USER_FILTER LDAP_USER_OBJECTCLASS LDAP_USER_SCHEMA_MAIL
LDAP_USER_SCHEMA_DISPLAY_NAME LDAP_USER_SCHEMA_USERNAME LDAP_USER_SCHEMA_ID
LDAP_USER_SCHEMA_ID_IS_OCTETSTRING LDAP_GROUP_BASE_DN LDAP_GROUP_SCOPE
LDAP_GROUP_FILTER LDAP_GROUP_OBJECTCLASS LDAP_GROUP_SCHEMA_GROUPNAME
LDAP_GROUP_SCHEMA_ID LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING
Where need these can be overwritten by service specific variables. E.g. it is possible to use
STORAGE_LDAP_URI to overide the top-level LDAP_URI variable.
https://github.com/owncloud/ocis/issues/3150
https://github.com/owncloud/ocis/pull/3476
Enhancement - Make config dir configurable: #3440
We have added an OCIS_CONFIG_DIR
environment variable the will take precedence over the
default /etc/ocis
, ~/.ocis
and .config
locations. When it is set the default locations
will be ignored and only the configuration files in that directory will be read.
Enhancement - Use embeddable ocdav go micro service: #3397
We now use the reva pgk/micro/ocdav
package that implements a go micro compatible version of
the ocdav service.
Enhancement - Update reva to v2.2.0: #3397
Updated reva to version 2.2.0. This update includes:
https://github.com/owncloud/ocis/pull/3397
https://github.com/owncloud/ocis/pull/3430
https://github.com/owncloud/ocis/pull/3476
https://github.com/owncloud/ocis/pull/3482
https://github.com/owncloud/ocis/pull/3497
https://github.com/owncloud/ocis/pull/3513
https://github.com/owncloud/ocis/pull/3514
Enhancement - Update ownCloud Web to v5.4.0: #6709
Tags: web
We updated ownCloud Web to v5.4.0. Please refer to the changelog (linked) for details on the web
release.
https://github.com/owncloud/web/pull/6709
https://github.com/owncloud/ocis/pull/3437
https://github.com/owncloud/ocis/pull/3487
https://github.com/owncloud/ocis/pull/3509
https://github.com/owncloud/web/releases/tag/v5.4.0
Enhancement - Implement audit events for user and groups: #3467
Added audit events for users and groups. This will log: * User creation * User deletion * User
property change (currently only email) * Group creation * Group deletion * Group member add *
Group member remove
Published by ownclouders over 2 years ago
owncloudsql
driver to authprovider config: #3435
Bugfix - Add owncloudsql
driver to authprovider config: #3435
Bugfix - Corrected documentation: #3439
Bugfix - Ensure the same data on /ocs/v?.php/config like oC10: #3113
We've fixed the returned values on the /ocs/v?.php/config endpoints, so that they now return
the same values as an oC10 would do.
Bugfix - Use the default server download protocol if spaces are not supported: #3386
Change - Fix keys with underscores in the config files: #3412
We've fixed some config keys in configuration files that previously didn't contain
underscores but should.
Please check the documentation on https://owncloud.dev for latest configuration
documentation.
Change - Don't create demo users by default: #3474
As we are coming closer to the first beta, we need to disable the creation of the demo users by
default.
https://github.com/owncloud/ocis/issues/3181
https://github.com/owncloud/ocis/pull/3474
Enhancement - Alias links: #3454
Bumps reva and configures ocs token endpoint to be unprotected
Enhancement - Replace deprecated String.prototype.substr(): #3448
We've replaced all occurrences of the deprecated String.prototype.substr() function with
String.prototype.slice() which works similarly but isn't deprecated.
Enhancement - Add sorting to GraphAPI users and groups: #3360
The GraphAPI endpoints for users and groups support ordering now. User can be ordered by
displayName, onPremisesSamAccountName and mail. Groups can be ordered by displayName.
Example: https://localhost:9200/graph/v1.0/groups?$orderby=displayName asc
Enhancement - Unify LDAP config settings accross services: #3476
The storage services where updated to adapt for the recent changes of the LDAP settings in reva.
Also we allow now to use a new set of top-level LDAP environment variables that are shared
between all LDAP-using services in ocis (graph, idp, storage-auth-basic,
storage-userprovider, storage-groupprovider, idm). This should simplify the most LDAP
based configurations considerably.
Here is a list of the new environment variables: LDAP_URI LDAP_INSECURE LDAP_CACERT
LDAP_BIND_DN LDAP_BIND_PASSWORD LDAP_LOGIN_ATTRIBUTES LDAP_USER_BASE_DN
LDAP_USER_SCOPE LDAP_USER_FILTER LDAP_USER_OBJECTCLASS LDAP_USER_SCHEMA_MAIL
LDAP_USER_SCHEMA_DISPLAY_NAME LDAP_USER_SCHEMA_USERNAME LDAP_USER_SCHEMA_ID
LDAP_USER_SCHEMA_ID_IS_OCTETSTRING LDAP_GROUP_BASE_DN LDAP_GROUP_SCOPE
LDAP_GROUP_FILTER LDAP_GROUP_OBJECTCLASS LDAP_GROUP_SCHEMA_GROUPNAME
LDAP_GROUP_SCHEMA_ID LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING
Where need these can be overwritten by service specific variables. E.g. it is possible to use
STORAGE_LDAP_URI to overide the top-level LDAP_URI variable.
https://github.com/owncloud/ocis/issues/3150
https://github.com/owncloud/ocis/pull/3476
Enhancement - Make config dir configurable: #3440
We have added an OCIS_CONFIG_DIR
environment variable the will take precedence over the
default /etc/ocis
, ~/.ocis
and .config
locations. When it is set the default locations
will be ignored and only the configuration files in that directory will be read.
Enhancement - Use embeddable ocdav go micro service: #3397
We now use the reva pgk/micro/ocdav
package that implements a go micro compatible version of
the ocdav service.
Enhancement - Update reva to v2.2.0: #3397
Updated reva to version 2.2.0. This update includes:
https://github.com/owncloud/ocis/pull/3397
https://github.com/owncloud/ocis/pull/3430
https://github.com/owncloud/ocis/pull/3476
https://github.com/owncloud/ocis/pull/3482
https://github.com/owncloud/ocis/pull/3497
https://github.com/owncloud/ocis/pull/3513
https://github.com/owncloud/ocis/pull/3514
Enhancement - Update ownCloud Web to v5.4.0: #6709
Tags: web
We updated ownCloud Web to v5.4.0. Please refer to the changelog (linked) for details on the web
release.
https://github.com/owncloud/web/pull/6709
https://github.com/owncloud/ocis/pull/3437
https://github.com/owncloud/ocis/pull/3487
https://github.com/owncloud/ocis/pull/3509
https://github.com/owncloud/web/releases/tag/v5.4.0
Enhancement - Implement audit events for user and groups: #3467
Added audit events for users and groups. This will log: * User creation * User deletion * User
property change (currently only email) * Group creation * Group deletion * Group member add *
Group member remove
Published by ownclouders over 2 years ago
Published by ownclouders over 2 years ago
Bugfix - Network configuration in individiual_services example: #3238
Tidy up the deployments/examples/ocis_individual_services example so that the
instructions work.
Bugfix - Improve gif thumbnails: #3305
Improved the gif thumbnail generation for gifs with different disposal strategies.
Bugfix - Fix error handling in GraphAPI GetUsers call: #3357
A missing return statement caused GetUsers to return misleading results when the identity
backend returned an error.
Bugfix - Fix request validation on GraphAPI User updates: #3167
Fix PATCH on graph/v1.0/users when no 'mail' attribute is present in the request body
Bugfix - Replace public mountpoint fileid with grant fileid: #3349
We now show the same resoucre id for resources when accessing them via a public links as when
using a logged in user. This allows the web ui to start a WOPI session with the correct resource
id.
Change - Add remote item to mountpoint and fix spaceID: #3365
A mountpoint represents the mounted share on the share receivers side. The original resource
is located where the grant has been set. This item is now shown as libregraph remoteItem on the
mountpoint. While adding this, we fixed the spaceID for mountpoints.
Change - Switch NATS backend: #3192
We've switched the NATS backend from Streaming to JetStream, since NATS Streaming is
depreciated.
https://github.com/owncloud/ocis/pull/3192
https://github.com/cs3org/reva/pull/2574
Change - Drop json config file support: #3366
We've remove the support to configure oCIS and it's service with a json file. From now on we only
support yaml configuration files, since they have the possibility to add comments.
Change - Settings service now stores its data via metadata service: #3232
Instead of writing files to disk it will use metadata service to do so
Enhancement - Audit logger will now log file events: #3332
See full list of supported events in audit/pkg/types/types.go
Enhancement - Add password reset link to login page: #3329
Added a configurable passwort reset link to the login page. It can be set via
IDP_PASSWORD_RESET_URI
. If the option is not set the link will not be shown.
Enhancement - Log sharing events in audit service: #3301
Contains sharing related events. See full list in audit/pkg/types/events.go
Enhancement - Add space aliases: #3283
Space aliases can be used to resolve spaceIDs in a client.
Enhancement - Include etags in drives listing: #3267
Added etags in the response of list drives.
Enhancement - Improve thumbnails API: #3272
Changed the thumbnails API to no longer transfer images via GRPC. GRPC has a limited message
size and isn't very efficient with large binary data. The new API transports the images over
HTTP.
Enhancement - Update reva to v2.1.0: #3330
Updated reva to version 2.1.0. This update includes:
OK
https://github.com/owncloud/ocis/pull/3330
https://github.com/owncloud/ocis/pull/3405
https://github.com/owncloud/ocis/pull/3416
Enhancement - Update ownCloud Web to v5.3.0: #6561
Tags: web
We updated ownCloud Web to v5.3.0. Please refer to the changelog (linked) for details on the web
release.
https://github.com/owncloud/web/pull/6561
https://github.com/owncloud/ocis/pull/3291
https://github.com/owncloud/ocis/pull/3375
https://github.com/owncloud/web/releases/tag/v5.3.0
Published by ownclouders over 2 years ago
Bugfix - Network configuration in individiual_services example: #3238
Tidy up the deployments/examples/ocis_individual_services example so that the
instructions work.
Bugfix - Improve gif thumbnails: #3305
Improved the gif thumbnail generation for gifs with different disposal strategies.
Bugfix - Fix error handling in GraphAPI GetUsers call: #3357
A missing return statement caused GetUsers to return misleading results when the identity
backend returned an error.
Bugfix - Fix request validation on GraphAPI User updates: #3167
Fix PATCH on graph/v1.0/users when no 'mail' attribute is present in the request body
Bugfix - Replace public mountpoint fileid with grant fileid: #3349
We now show the same resoucre id for resources when accessing them via a public links as when
using a logged in user. This allows the web ui to start a WOPI session with the correct resource
id.
Change - Add remote item to mountpoint and fix spaceID: #3365
A mountpoint represents the mounted share on the share receivers side. The original resource
is located where the grant has been set. This item is now shown as libregraph remoteItem on the
mountpoint. While adding this, we fixed the spaceID for mountpoints.
Change - Switch NATS backend: #3192
We've switched the NATS backend from Streaming to JetStream, since NATS Streaming is
depreciated.
https://github.com/owncloud/ocis/pull/3192
https://github.com/cs3org/reva/pull/2574
Change - Drop json config file support: #3366
We've remove the support to configure oCIS and it's service with a json file. From now on we only
support yaml configuration files, since they have the possibility to add comments.
Change - Settings service now stores its data via metadata service: #3232
Instead of writing files to disk it will use metadata service to do so
Enhancement - Audit logger will now log file events: #3332
See full list of supported events in audit/pkg/types/types.go
Enhancement - Add password reset link to login page: #3329
Added a configurable passwort reset link to the login page. It can be set via
IDP_PASSWORD_RESET_URI
. If the option is not set the link will not be shown.
Enhancement - Log sharing events in audit service: #3301
Contains sharing related events. See full list in audit/pkg/types/events.go
Enhancement - Add space aliases: #3283
Space aliases can be used to resolve spaceIDs in a client.
Enhancement - Include etags in drives listing: #3267
Added etags in the response of list drives.
Enhancement - Improve thumbnails API: #3272
Changed the thumbnails API to no longer transfer images via GRPC. GRPC has a limited message
size and isn't very efficient with large binary data. The new API transports the images over
HTTP.
Enhancement - Update reva to v2.1.0: #3330
Updated reva to version 2.1.0. This update includes:
OK
https://github.com/owncloud/ocis/pull/3330
https://github.com/owncloud/ocis/pull/3405
https://github.com/owncloud/ocis/pull/3416
Enhancement - Update ownCloud Web to v5.3.0: #6561
Tags: web
We updated ownCloud Web to v5.3.0. Please refer to the changelog (linked) for details on the web
release.
https://github.com/owncloud/web/pull/6561
https://github.com/owncloud/ocis/pull/3291
https://github.com/owncloud/ocis/pull/3375
https://github.com/owncloud/web/releases/tag/v5.3.0
Published by ownclouders over 2 years ago
Bugfix - Capabilities for password protected public links: #3229
Allow password protected public links to request capabilities.
https://github.com/owncloud/web/issues/5863
https://github.com/owncloud/ocis/pull/3229
https://github.com/owncloud/web/pull/6471
Bugfix - Make events settings configurable: #3214
We've fixed the hardcoded events settings to be configurable.
Bugfix - Align storage metadata GPRC bind port with other variable names: #3169
Changed STORAGE_METADATA_GRPC_PROVIDER_ADDR to STORAGE_METADATA_GRPC_ADDR so it aligns
with standard environment variable naming conventions used in oCIS.
Change - Unify file IDs: #3185
We changed the file IDs to be consistent across all our APIs (WebDAV, LibreGraph, OCS). We
removed the base64 encoding. Now they are formatted like !. They are
using a reserved character !
as a URL safe separator.
Enhancement - Add sorting to list Spaces: #3200
We added the OData query param "orderBy" for listing spaces. We can now order by Space Name and
LastModifiedDateTime.
Example 1:
https://localhost:9200/graph/v1.0/me/drives/?$orderby=lastModifiedDateTime desc
Example 2: https://localhost:9200/graph/v1.0/me/drives/?$orderby=name asc
https://github.com/owncloud/ocis/issues/3200
https://github.com/owncloud/ocis/pull/3201
https://github.com/owncloud/ocis/pull/3218
Enhancement - Change NATS port: #3210
Currently only a certain range of ports is allowed for ocis application. Use a supported port
for nats server
Enhancement - Re-Enabling web cache control: #3109
We've re-enable browser caching headers (Expires
and Last-Modified
) for the web
service, this was disabled due to a problem in the fileserver used before. Since we're now using
our own fileserver implementation this works again and is enabled by default.
Enhancement - Add SPA conform fileserver for web: #3109
We've added an SPA conform fileserver to the web service. It enables web to use vue's history
mode and behaves like nginx try_files.
Enhancement - Implement notifications service: #3217
Implemented the minimal version of the notifications service to be able to notify a user when
they received a share.
Enhancement - Thumbnails in spaces: #3219
Added support for thumbnails in spaces.
https://github.com/owncloud/ocis/pull/3219
https://github.com/owncloud/ocis/pull/3235
Enhancement - Update reva to v2.0.0: #3231
We updated reva to the version 2.0.0.
ListRecycle
when listing trashbinhttps://github.com/owncloud/ocis/pull/3231
https://github.com/owncloud/ocis/pull/3258
Enhancement - Update ownCloud Web to v5.2.0: #6506
Tags: web
We updated ownCloud Web to v5.2.0. Please refer to the changelog (linked) for details on the web
release.
https://github.com/owncloud/web/pull/6506
https://github.com/owncloud/ocis/pull/3202
https://github.com/owncloud/web/releases/tag/v5.2.0
Published by ownclouders over 2 years ago
Bugfix - Capabilities for password protected public links: #3229
Allow password protected public links to request capabilities.
https://github.com/owncloud/web/issues/5863
https://github.com/owncloud/ocis/pull/3229
https://github.com/owncloud/web/pull/6471
Bugfix - Make events settings configurable: #3214
We've fixed the hardcoded events settings to be configurable.
Bugfix - Align storage metadata GPRC bind port with other variable names: #3169
Changed STORAGE_METADATA_GRPC_PROVIDER_ADDR to STORAGE_METADATA_GRPC_ADDR so it aligns
with standard environment variable naming conventions used in oCIS.
Change - Unify file IDs: #3185
We changed the file IDs to be consistent across all our APIs (WebDAV, LibreGraph, OCS). We
removed the base64 encoding. Now they are formatted like !. They are
using a reserved character !
as a URL safe separator.
Enhancement - Add sorting to list Spaces: #3200
We added the OData query param "orderBy" for listing spaces. We can now order by Space Name and
LastModifiedDateTime.
Example 1:
https://localhost:9200/graph/v1.0/me/drives/?$orderby=lastModifiedDateTime desc
Example 2: https://localhost:9200/graph/v1.0/me/drives/?$orderby=name asc
https://github.com/owncloud/ocis/issues/3200
https://github.com/owncloud/ocis/pull/3201
https://github.com/owncloud/ocis/pull/3218
Enhancement - Change NATS port: #3210
Currently only a certain range of ports is allowed for ocis application. Use a supported port
for nats server
Enhancement - Re-Enabling web cache control: #3109
We've re-enable browser caching headers (Expires
and Last-Modified
) for the web
service, this was disabled due to a problem in the fileserver used before. Since we're now using
our own fileserver implementation this works again and is enabled by default.
Enhancement - Add SPA conform fileserver for web: #3109
We've added an SPA conform fileserver to the web service. It enables web to use vue's history
mode and behaves like nginx try_files.
Enhancement - Implement notifications service: #3217
Implemented the minimal version of the notifications service to be able to notify a user when
they received a share.
Enhancement - Thumbnails in spaces: #3219
Added support for thumbnails in spaces.
https://github.com/owncloud/ocis/pull/3219
https://github.com/owncloud/ocis/pull/3235
Enhancement - Update reva to v2.0.0: #3231
We updated reva to the version 2.0.0.
ListRecycle
when listing trashbinhttps://github.com/owncloud/ocis/pull/3231
https://github.com/owncloud/ocis/pull/3231
Enhancement - Update ownCloud Web to v5.2.0: #6506
Tags: web
We updated ownCloud Web to v5.2.0. Please refer to the changelog (linked) for details on the web
release.
https://github.com/owncloud/web/pull/6506
https://github.com/owncloud/ocis/pull/3202
https://github.com/owncloud/web/releases/tag/v5.2.0