Skip to content

3.0.0-rc.3

Pre-release
Pre-release
Compare
Choose a tag to compare
@ownclouders ownclouders released this 08 May 18:05
· 6728 commits to master since this release
v3.0.0-rc.3
d3a49c8

Changes in 3.0.0

Warning

BREAKING CHANGE in ocis deployments

To upgrade from 2.0.0 to 3.0.0-rc.1 or later please shut down and execute the following steps

1. Application ID

you need to set GRAPH_APPLICATION_ID to a random uuidv4.

You can also add

graph:
 application:
   id: some-random-uuid

to the ocis.yaml file which was created during initialisation

2. Search Index

The data format of the search index has also changed. You can safely delete the whole search index.
It is located in a subfolder called search in the ocis base path where ocis stores its data.
The search index automatically fills itself again when changes happen in each space. You can also re-index the space manually.

Sorry for the inconvenience 😅

Note

The metadata store in the DecomposedFS has changed

When you upgrade from 2.0.0 to 3.0.0-rc.1 or later and if you didn't set OCIS_DECOMPOSEDFS_METADATA_BACKEND manually,
ocis will change the storage of the file metadata from using extended attributes (xattrs) to messagepack (messagepack).

This decision was made because extended attributes are limited and have some issues using shared filesystems. Messagepack is a straightforward binary format.

Changes between 3.0.0-rc.2 and 3.0.0-rc.3

ocis

  • Bugfix - Hide the existence of space when deleting/updating: #5031
  • Bugfix - Fix Logout Url config name: #6227

reva

web

All changes in 3.0.0

  • Bugfix - Return 425 on Thumbnails: #5300
  • Bugfix - Allow selected updates on graph users: #6233
  • Bugfix - Disassociate users from deleted school: #5343
  • Bugfix - Fix default role assignment for demo users: #3432
  • Bugfix - Fix so that PATCH requests for groups actually updates the group name: #5949
  • Bugfix - Hide the existence of space when deleting/updating: #5031
  • Bugfix - Fix OIDC auth cache: #5997
  • Bugfix - Fix Postprocessing events: #5269
  • Bugfix - Fix Search reindexing performance regression: #6085
  • Bugfix - Fix Search tag indexing: #5405
  • Bugfix - Fix user type config for user provider: #6027
  • Bugfix - Fix userlog panic: #6114
  • Bugfix - Fix Logout Url config name: #6227
  • Bugfix - Add missing CORS config: #5987
  • Bugfix - Populate expanded properties: #5421
  • Bugfix - Add portrait thumbnail resolutions: #5656
  • Bugfix - Fix authenticate headers for API requests: #5992
  • Change - Bump libregraph lico: #5768
  • Change - Updated Cache Configuration: #5829
  • Change - Remove the settings ui: #5463
  • Change - Do not share versions: #5531
  • Enhancement - Add debug server to audit: #6178
  • Enhancement - Add debug server to idm: #6153
  • Enhancement - Add debug server to postprocessing: #6203
  • Enhancement - Add debug server to userlog: #6202
  • Enhancement - Add 'ocis decomposedfs metadata' command: #5858
  • Enhancement - Add debug server to eventhistory: #6204
  • Enhancement - Add global env variable extractor: #5164
  • Enhancement - Add the email HTML templates: #6147
  • Enhancement - Open Debug endpoint for Notifications: #5002
  • Enhancement - Add MessageRichParameters: #5927
  • Enhancement - Add webfinger service: #5373
  • Enhancement - Async Postprocessing: #5207
  • Enhancement - Automate md creation: #5901
  • Enhancement - Add more logging to av service: #5973
  • Enhancement - Return Bad Request when requesting GDPR export for another user: #6123
  • Enhancement - Add endpoints to upload a custom logo: #5735
  • Enhancement - Bump go-ldap version: #6004
  • Enhancement - Bump libre-graph-api-go: #5309
  • Enhancement - Update Reva to version 2.13.2: #6205
  • Enhancement - Collect global envvars: #5367
  • Enhancement - Make the settings bundles part of the service config: #5589
  • Enhancement - Configure GRPC in ocs: #6022
  • Enhancement - Disable Notifications: #6137
  • Enhancement - Drive group permissions: #5312
  • Enhancement - Make the group members addition limit configurable: #5357
  • Enhancement - Allow username to be changed: #5509
  • Enhancement - Graph Drives IdentitySet displayName: #5347
  • Enhancement - Make the LDAP base DN for new groups configurable: #5974
  • Enhancement - Update to go 1.20 to use memlimit: #5732
  • Enhancement - Display surname and givenName attributes: #5388
  • Enhancement - Extended search: #5221
  • Enhancement - Resource tags: #5227
  • Enhancement - Allow users to be disabled: #5588
  • Enhancement - Web config additions: #6032
  • Enhancement - Eventhistory service: #5600
  • Enhancement - Expiration Notifications: #5330
  • Enhancement - GDPR Export: #6064
  • Enhancement - Make graph/education API errors more consistent: #5682
  • Enhancement - Add endpoint to list permissions: #5594
  • Enhancement - Notifications: #6038
  • Enhancement - Open Debug endpoint for Nats: #5002
  • Enhancement - No Notifications for own actions: #5871
  • Enhancement - Notify about policies: #5912
  • Enhancement - Add a capability for the Personal Data export: #5984
  • Enhancement - Introduce policies-service: #5714
  • Enhancement - Better config for postprocessing service: #5457
  • Enhancement - Add config option to enforce passwords on public links: #5848
  • Enhancement - Add new permission for public links: #5690
  • Enhancement - Added possibility to assign roles based on OIDC claims: #6048
  • Enhancement - Added option to configure default quota per role: #5616
  • Enhancement - Add optional services to the runtime: #6071
  • Enhancement - Add new SetProjectSpaceQuota permission: #5660
  • Enhancement - Add expiration to user and group shares: #5389
  • Enhancement - Space Management permissions: #5441
  • Enhancement - Cli to purge expired trash-bin items: #5500
  • Enhancement - Update web to v7.0.0-rc.36: #6234
  • Enhancement - Use Accept-Language Header: #5918
  • Enhancement - Use gotext master: #5867
  • Enhancement - Userlog: #5699
  • Enhancement - Userlog Service: #5610
  • Enhancement - Determine the users language to translate via Transifex: #6089
  • Enhancement - Web options configuration: #6188

Details

  • Bugfix - Return 425 on Thumbnails: #5300

    Return 425 on thumbnails GET when file is processing. Pass 425 also through webdav
    endpoint

    #5300

  • Bugfix - Allow selected updates on graph users: #6233

    We are now allowing a couple of update request to complete even if
    GRAPH_LDAP_SERVER_WRITE_ENABLED=false:

    • When using a group to disable users (OCIS_LDAP_DISABLE_USER_MECHANISM=group) updates to the accountEnabled property of a user will be allowed
    • When a distinct base dn for new groups is configured ( GRAPH_LDAP_GROUP_CREATE_BASE_DN is set to a different value than GRAPH_LDAP_GROUP_BASE_DN), allow the creation/update of local groups.

    #6233

  • Bugfix - Disassociate users from deleted school: #5343

    When a school is deleted, users should be disassociated from it.

    #5246
    #5343

  • Bugfix - Fix default role assignment for demo users: #3432

    The roles-assignments for demo users where duplicated with every restart of the settings
    service.

    #3432

  • Bugfix - Fix so that PATCH requests for groups actually updates the group name: #5949

    #5949

  • Bugfix - Hide the existence of space when deleting/updating: #5031

    The "code": "notAllowed" changed to "code": "itemNotFound"

    #5031
    #6220

  • Bugfix - Fix OIDC auth cache: #5997

    We've fixed an issue rendering the OIDC auth cache useless.

    #5997

  • Bugfix - Fix Postprocessing events: #5269

    Postprocessing service did not want to play with non-tls events. That is fixed now

    #5269

  • Bugfix - Fix Search reindexing performance regression: #6085

    We've fixed a regression in the search service reindexing step, causing the whole space to be
    reindexed instead of just the changed resources.

    #6085

  • Bugfix - Fix Search tag indexing: #5405

    We've fixed an issue where search is not able to index tags for space resources.

    #5405

  • Bugfix - Fix user type config for user provider: #6027

    We needed to provide a default value for the user type property in the user provider.

    #6027

  • Bugfix - Fix userlog panic: #6114

    Userlog services paniced because of nil ctx. That is fixed now

    #6114

  • Bugfix - Fix Logout Url config name: #6227

    We fixed the yaml and json name of the logout url option.

    #6227

  • Bugfix - Add missing CORS config: #5987

    The graph, userlog and ocdav services had no CORS config options.

    #5987

  • Bugfix - Populate expanded properties: #5421

    We now return an empty array when an expanded relation has no entries. This makes consuming the
    responses a little easier.

    #5419
    #5421
    #5426

  • Bugfix - Add portrait thumbnail resolutions: #5656

    Add portrait-orientation resolutions to the thumbnail service's default configuration.
    This prevents portrait photos from being heavily cropped into landscape resolutions in the
    web viewer.

    #5656

  • Bugfix - Fix authenticate headers for API requests: #5992

    We changed the www-authenticate header which should not be sent when the XMLHttpRequest
    header is set.

    #5986
    #5992

  • Change - Bump libregraph lico: #5768

    We updated lico to the latest version * Update to 0.59.4 - upstream dropped the kc and cookie
    backends

    #5768

  • Change - Updated Cache Configuration: #5829

    We updated all cache related environment vars to more closely follow the go micro naming
    pattern: - {service}_CACHE_STORE_TYPE becomes {service}_CACHE_STORE or
    {service}_PERSISTENT_STORE - {service}_CACHE_STORE_ADDRESS(ES) becomes
    {service}_CACHE_STORE_NODES - The mem store implementation name changes to memory -
    In yaml files the cache type becomes store We introduced redis-sentinel as a store
    implementation.

    #5829

  • Change - Remove the settings ui: #5463

    With ownCloud Web having transitioned to Vue 3 recently, we would have had to port the settings
    ui as well. The decision was made to discontinue the settings ui instead. As a result all traces
    of the settings ui have been removed.

    The only user facing setting that ever existed in the settings service is now integrated into
    the account page of ownCloud Web (click on top right user menu, then on your username to reach
    the account page).

    #5463

  • Change - Do not share versions: #5531

    We changed the default behavior of shares: Share receivers have no access to versions. People
    in spaces with the "Editor" or "Manager" role can still see versions and work with them.

    #5531

  • Enhancement - Add debug server to audit: #6178

    We added a debug server to audit.

    #5002
    #6178

  • Enhancement - Add debug server to idm: #6153

    We added a debug server to idm.

    #5003
    #6153

  • Enhancement - Add debug server to postprocessing: #6203

    We added a debug server to postprocessing.

    #5002
    #6203

  • Enhancement - Add debug server to userlog: #6202

    We added a debug server to userlog.

    #5002
    #6202

  • Enhancement - Add 'ocis decomposedfs metadata' command: #5858

    We added a 'ocis decomposedfs metadata' command for inspecting and manipulating node
    metadata.

    #5858

  • Enhancement - Add debug server to eventhistory: #6204

    We added a debug server to eventhistory.

    #5002
    #6204

  • Enhancement - Add global env variable extractor: #5164

    We have added a little tool that will extract global env vars, that are loaded only through
    os.Getenv for documentation purposes

    #4916
    #5164

  • Enhancement - Add the email HTML templates: #6147

    Add the email HTML templates

    #6146
    #6147

  • Enhancement - Open Debug endpoint for Notifications: #5002

    We added a debug server to the notifications service

    #5002
    #6155

  • Enhancement - Add MessageRichParameters: #5927

    Adds the messageRichParameters to virus and policies notifications

    #5927

  • Enhancement - Add webfinger service: #5373

    Adds a webfinger service to redirect ocis clients

    #6102
    #5373
    #6110

  • Enhancement - Async Postprocessing: #5207

    Provides functionality for async postprocessing. This will allow the system to do the
    postprocessing (virusscan, copying of bytes to their final destination, ...) asynchronous
    to the users request. Major change when active.

    #5207

  • Enhancement - Automate md creation: #5901

    Automatically create _index.md files from the services README.md

    #5901

  • Enhancement - Add more logging to av service: #5973

    We need more debug logging in some situations to understand the state of a virus scan.

    #5973

  • Enhancement - Return Bad Request when requesting GDPR export for another user: #6123

    This is an enhancement, not security related as the requested uid is never used

    #6123

  • Enhancement - Add endpoints to upload a custom logo: #5735

    Added endpoints to upload and reset custom logos. The files are stored under the
    WEB_ASSET_PATH which defaults to $OCIS_BASE_DATA_PATH/web/assets.

    #5735
    #5559

  • Enhancement - Bump go-ldap version: #6004

    Use master version of go-ldap to get rid of nasty = bug. See
    go-ldap/ldap#416

    #6004

  • Enhancement - Bump libre-graph-api-go: #5309

    We fixed a couple of issues in libre-graph-api-go package.

    • rename drive permission grantedTo to grantedToIdentities to be ms graph spec compatible.
    • drive.name is a required property now.
    • add group property to the identitySet.

    #5309
    #5312

  • Enhancement - Update Reva to version 2.13.2: #6205

    Changelog for reva 2.13.2 (2023-05-08) =======================================

    Changelog for reva 2.13.1 (2023-05-03) =======================================

    Changelog for reva 2.13.0 (2023-05-02) =======================================

    #6205
    #6186

  • Enhancement - Collect global envvars: #5367

    Compose a list of all envvars living in more than 1 service

    #5367

  • Enhancement - Make the settings bundles part of the service config: #5589

    We added the settings bundles to the config. The default roles are still unchanged. You can now
    override the defaults by replacing the whole bundles list via json config files. The config
    file is loaded from a specified path which can be configured with SETTINGS_BUNDLES_PATH.

    #5589
    #5607

  • Enhancement - Configure GRPC in ocs: #6022

    Fixes a panic in ocs when running not in single binary

    #6022

  • Enhancement - Disable Notifications: #6137

    Introduce new setting to disable notifications

    #6137

  • Enhancement - Drive group permissions: #5312

    We've updated the libregraph.Drive response to contain group permissions.

    #5312

  • Enhancement - Make the group members addition limit configurable: #5357

    It's now possible to configure the limit of group members addition by PATCHing
    /graph/v1.0/groups/{groupID}. It still defaults to 20 as defined in the spec but it can be
    configured via .graph.api.group_members_patch_limit in ocis.yaml or via the
    GRAPH_GROUP_MEMBERS_PATCH_LIMIT environment variable.

    #5262
    #5357

  • Enhancement - Allow username to be changed: #5509

    When OnPremisesSamAccountName is present in a PATCH on {apiRoot}/users/{userID} it will
    change the username of the user. This also changes the references to this user in the groups.

    #4988
    #5509

  • Enhancement - Graph Drives IdentitySet displayName: #5347

    We've added the IdentitySet displayName property to the group and user sets for the graph
    drives endpoint. The values for groups and users get cached.

    #5347
    owncloud/web#8178

  • Enhancement - Make the LDAP base DN for new groups configurable: #5974

    The LDAP backend for the Graph service introduced a new config option for setting the Parent DN
    for new groups created via the /groups/ endpoint. (GRAPH_LDAP_GROUP_CREATE_BASE_DN)

    It defaults to the value of GRAPH_LDAP_GROUP_BASE_DN. If set to a different value the
    GRAPH_LDAP_GROUP_CREATE_BASE_DN needs to be a subordinate DN of
    GRAPH_LDAP_GROUP_BASE_DN.

    All existing groups with a DN outside the GRAPH_LDAP_GROUP_CREATE_BASE_DN tree will be
    treated as read-only groups. So it is not possible to edit these groups.

    #5974

  • Enhancement - Update to go 1.20 to use memlimit: #5732

    We updated to go 1.20 which allows setting GOMEMLIMIT, which we by default set to 0.9.

    #5732

  • Enhancement - Display surname and givenName attributes: #5388

    When querying the graph API, the surname and givenName attributes are now displayed for users.

    #5386
    #5388

  • Enhancement - Extended search: #5221

    Provides multiple enhancement to the search implementation. * content extraction, search
    now supports apache tika to extract resource contents. * search engine, underlying search
    engine is swappable now. * event consumers, the number of event consumers can now be set, which
    improves the speed of the individual tasks

    #5184
    #5221

  • Enhancement - Resource tags: #5227

    We've added the ability to tag resources via the graph api. Tags can be added (put request) and
    removed (delete request) from a resource, a list of available tags can also be requested by
    sending a get request to the graph endpoint.

    #5184
    #5227
    #5271

  • Enhancement - Allow users to be disabled: #5588

    By setting the accountEnabled property to false for a user via the graph API. Users can be
    disabled (i.e. they can no longer login)

    #5588
    #5620

  • Enhancement - Web config additions: #6032

    We've added config keys for defining additional css, scripts and translations for ownCloud
    Web.

    #6032

  • Enhancement - Eventhistory service: #5600

    Introduces the eventhistory service. It is a service that stores events and provides a grpc
    API to retrieve them.

    #5600

  • Enhancement - Expiration Notifications: #5330

    Send emails to the user informing that a share or a space membership expires.

    #5330

  • Enhancement - GDPR Export: #6064

    Adds an endpoint to collect all data that is related to a user

    #6064
    #5950

  • Enhancement - Make graph/education API errors more consistent: #5682

    Aligned the error messages when creating schools and classes fail and changed the response
    code from 500 to 409.

    #5660
    #5682

  • Enhancement - Add endpoint to list permissions: #5594

    We added 'https://cloud.ocis.test/api/v0/settings/permissions-list' to retrieve all
    permissions of the logged in user.

    #5594
    #5571

  • Enhancement - Notifications: #6038

    Make Emails translatable via transifex The transifex translation add in to the email
    templates. The optional environment variable NOTIFICATIONS_TRANSLATION_PATH added to
    config. The optional global environment variable OCIS_TRANSLATION_PATH added to
    notifications and userlog config.

    #6025
    #6038

  • Enhancement - Open Debug endpoint for Nats: #5002

    We added a debug server to nats

    #5002
    #6139

  • Enhancement - No Notifications for own actions: #5871

    Don't send notifications on space events when the user has executed them herself.

    #5871

  • Enhancement - Notify about policies: #5912

    Notify the user when a file was deleted due to policies (policies service)

    #5912

  • Enhancement - Add a capability for the Personal Data export: #5984

    Adds a capability for the personal data export endpoint

    #5984

  • Enhancement - Introduce policies-service: #5714

    Introduces policies service. The policies-service provides a new grpc api which can be used to
    return whether a requested operation is allowed or not. Open Policy Agent is used to determine
    the set of rules of what is permitted and what is not.

    2 further levels of authorization build on this:

    • Proxy Authorization
    • Event Authorization (needs async post-processing enabled)

    The simplest authorization layer is in the proxy, since every request is processed here, only
    simple decisions that can be processed quickly are made here, more complex queries such as file
    evaluation are explicitly excluded in this layer.

    The next layer is event-based as a pipeline step in asynchronous post-processing, since
    processing at this point is asynchronous, the operations there can also take longer and be more
    expensive, the bytes of a file can be examined here as an example.

    Since the base block is a grpc api, it is also possible to use it directly. The policies are
    written in the rego query
    language
    .

    #5580
    #5714

  • Enhancement - Better config for postprocessing service: #5457

    The postprocessing service is now individually configurable. This is achieved by allowing a
    list of postprocessing steps that are processed in order of their appearance in the
    POSTPROCESSING_STEPS envvar.

    #5457

  • Enhancement - Add config option to enforce passwords on public links: #5848

    Added a new config option to enforce passwords on public links with "Uploader, Editor,
    Contributor" roles.

    The new options are: OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD,
    SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD and
    FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD. Check the docs on how to
    properly set them.

    #5848
    #5785
    #5720

  • Enhancement - Add new permission for public links: #5690

    Added a new permission 'PublicLink.Write' to check if a user can create or update public links.

    #5690

  • Enhancement - Added possibility to assign roles based on OIDC claims: #6048

    OCIS can now be configured to update a user's role assignment from the values of a claim provided
    via the IDPs userinfo endpoint. The claim name and the mapping between claim values and ocis
    role name can be configured via the configuration of the proxy service. Example:

    role_mapping: - role_name: admin claim_value: myAdminRole - role_name: spaceadmin
    claim_value: mySpaceAdminRole - role_name: user claim_value: myUserRole - role_name:
    guest: claim_value: myGuestRole ```
    
    https://github.com/owncloud/ocis/pull/6048
    
  • Enhancement - Added option to configure default quota per role: #5616

    Admins can assign default quotas to users with certain roles by adding the following config to
    the proxy.yaml. E.g.: ``` role_quotas: d7beeea8-8ff4-406b-8fb6-ab2dd81e6b11: 2300000

    
    It maps a role ID to the quota in bytes.
    
    https://github.com/owncloud/ocis/pull/5616
    
    
  • Enhancement - Add optional services to the runtime: #6071

    Make it possible to start optional services in the ocis runtime. Instead of using
    OCIS_RUN_SERVICES to define all services we can now use OCIS_ADD_RUN_SERVICES to add a
    comma separated list of additional services which are not started in the single process by
    default.

    #6071

  • Enhancement - Add new SetProjectSpaceQuota permission: #5660

    Additionally to set-space-quota for setting quota on personal spaces we now have
    Drive.ReadWriteQuota.Project for setting project spaces quota

    #5660

  • Enhancement - Add expiration to user and group shares: #5389

    Added expiration to user and group shares.

    #5389

  • Enhancement - Space Management permissions: #5441

    We added new space management permissions. space-properties will allow changing space
    properties (name, description, ...). space-ability will allow enabling and disabling
    spaces

    #5441

  • Enhancement - Cli to purge expired trash-bin items: #5500

    Introduction of a new cli command to purge old trash-bin items. The command is part of the
    storage-users service and can be used as follows:

    ocis storage-users trash-bin purge-expired.

    The purge-expired command configuration is done in the ocisconfiguration or as usual by
    using environment variables.

    ENV STORAGE_USERS_PURGE_TRASH_BIN_USER_ID is used to obtain space trash-bin
    information and takes the system admin user as the default OCIS_ADMIN_USER_ID. It should be
    noted, that this is only set by default in the single binary. The command only considers spaces
    to which the user has access and delete permission.

    ENV STORAGE_USERS_PURGE_TRASH_BIN_PERSONAL_DELETE_BEFORE has a default value of 30 days, which means the command will delete all files older than 30 days. The value is
    human-readable, valid values are 24h, 60m, 60s etc. 0 is equivalent to disable and
    prevents the deletion of personal space trash-bin files.

    ENV STORAGE_USERS_PURGE_TRASH_BIN_PROJECT_DELETE_BEFORE has a default value of 30 days, which means the command will delete all files older than 30 days. The value is
    human-readable, valid values are 24h, 60m, 60s etc. 0 is equivalent to disable and
    prevents the deletion of project space trash-bin files.

    Likewise, only spaces of the type project and personal are taken into account. Spaces of
    type virtual, for example, are ignored.

    #5499
    #5500

  • Enhancement - Update web to v7.0.0-rc.36: #6234

    Tags: web

    We updated ownCloud Web to v7.0.0-rc.36. Please refer to the changelog (linked) for details on
    the web release.

    #6234
    https://github.com/owncloud/web/releases/tag/v7.0.0-rc.36

  • Enhancement - Use Accept-Language Header: #5918

    Use the Accept-Language header instead of the custom Prefered-Language

    #5918

  • Enhancement - Use gotext master: #5867

    We needed to use forked version until our upstream changes were merged

    #5867

  • Enhancement - Userlog: #5699

    Enhance userlog service with proper api and messages

    #5699

  • Enhancement - Userlog Service: #5610

    Introduces userlog service. It stores eventIDs the user is interested in and provides an API to
    retrieve the events.

    #5610

  • Enhancement - Determine the users language to translate via Transifex: #6089

    #6087
    #6089
    Enhance
    userlog
    service
    with
    proper
    api
    and
    messages

  • Enhancement - Web options configuration: #6188

    Hardcode web options instead of using a generic map[string]interface{}

    #6188