Skip to content

Commit

Permalink
Add changelog for Release 2024-04-25
Browse files Browse the repository at this point in the history
  • Loading branch information
zebot committed Apr 25, 2024
1 parent f5ffe5e commit c266d4b
Show file tree
Hide file tree
Showing 58 changed files with 238 additions and 151 deletions.
238 changes: 238 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,241 @@
# [2024-04-25] (Chart Release 4.42.0)

## Release notes


* There is a new optional Boolean in Brig's Helm chart, `config.multiSFT.enabled`,
signalling whether calls between federated SFT servers are allowed.

IMPORTANT: The value of this new option needs be set to the value of
`multiSFT.enabled` in SFT's Helm chart. Otherwise federated SFT servers won't
work.

If provided, the field `is_federating` in the response of `/calls/config/v2`
will reflect `multiSFT.enabled`'s value.

Example:

```
# [brig/values.yaml]
multiSFT:
enabled: true
```

Also, the optional object `sftToken` with its fields `ttl` and `secret` define
whether an SFT credential would be rendered in the response of
`/calls/config/v2`. The field `ttl` determines the seconds for the credential to
be valid and `secret` is the path to the secret shared with SFT to create
credentials.

Example:

```
# [brig.yaml]
sft:
sftBaseDomain: sft.wire.example.com
sftSRVServiceName: sft
sftDiscoveryIntervalSeconds: 10
sftListLength: 20
sftToken:
ttl: 120
secret: /path/to/secret
``` (#3915)
* The "addClient" internal endpoint of galley has been changed. This can cause temporary failures during upgrades if brig attempts to use this endpoint on a different version of galley. (#3904)
* Removed the deprecated and unused field `geoDb` from Brig's config. (#3975)
* Added support for 3 more MLS ciphersuites. To enable MLS, all supported signature schemes (ed25519 and the three ecdsa variants) now need to have private keys specified in galley's configuration file. (#3964)
## API changes
* Create version 6 of client-related endpoints, fixing an oddity in the serialisation of capabilities. (#3904)
* Add gzip request support to spar and proxy (#4013)
## Features
* Backend validates display name during DPoP challenge (#3890)
* Add Helm chart `smallstep-accomp` that provides a CRL endpoint proxy for federated E2EI (#3896)
* Support for Elasticsearch password authentication (#6717, #7283)
* Support unblocking a user in an MLS 1-to-1 conversation (#3940)
* Add E2EI configuration setup to smallstep-accomp chart (#3944)
* Remove Helm migrated charts webapp, team-settings, account-pages, sftd (#3927)
* charts/nginz: Rate limiting claiming MLS key-pacakges by requesting and target user (#3918)
* Support connecting to Elasticsearch over TLS
It can be enabled by setting these options on the wire-server helm chart:
```yaml
brig:
config:
elasticsearch:
scheme: https
# When custom CAs are required, one of these must be set:
tlsCa: <PEM encoded CA certificates>
tlsCaSecretRef:
name: <Name of the secret>
key: <Key in the secret containing pem encoded CA Cert>
# When TLS needs to be used without verification:
insecureSkipVerifyTls: true
elasticsearch-index:
elasticsearch:
scheme: https
# When custom CAs are required, one of these must be set:
tlsCa: <PEM encoded CA certificates>
tlsCaSecretRef:
name: <Name of the secret>
key: <Key in the secret containing pem encoded CA Cert>
# When TLS needs to be used without verification:
insecureSkipVerifyTls: true
``` (#3989)
* Make gundeck's notificationTTL configurable. The value defines how long
notifications are (at most) stored in the database. Decreasing this value e.g.
helps to safe database space on test environments. (#3960)
* charts/nginz: Allow 3000 reqs/min on /conversations/one2one/:user_domain/:user (#3918)
* Support authenticating to redis (#3971)
## Bug fixes and other updates
* Send connection cancelled event to local pending connection when user gets deleted (#3861)
* Optional `apiProxy` attribute added to `deeplink.json` in nginz chart (#3933)
* coturn cert-reloader sidecar config: process name should not contain the path (helm chart) (#3916)
* Prevent conflict on subsequent tries to provision a SCIM user (#3914)
* Avoid IO Exception when querying
GET /converations/{cnv_domain}/{cnv}/groupinfo
with public group state not set in galley.converation. (#3939)
* Return an actual list of other users in a remote MLS 1-to-1 conversation (#3998)
* charts/background-worker: Fix name of the service monitor (#3913)
* Fix crash when enqueing an empty list of notifications and federation is disabled (#PR_NOT_FOUND)
* Add the request ID to the request's execution environment in gundeck, such that it can be logged. (#3903)
* The AWS SNS ARN was parsed by accumulating the environment name up to the first
dash ('-') such that parts of this name spilled over into the app name. Now, we
accumulate up to the last dash. (#3894)
* Fix bug where welcome notifications were generated for each client instead of for each user (#3907)
* Do not deliver MLS one-to-one conversation messages to a user that blocked the sender (#3889, #3906)
* Optimize getting all feature configs (#4002)
## Documentation
* adds new coding-conventions.md and talks about the decision we made for `cs` (#4006)
* Distinguish UTCTime and UTCTimeMillis in swagger (#3899)
* Patch hole in scim docs regarding wire team role manipulation. (#3897)
## Internal changes
* Create a new script (`Sbom.hs`) to generate the wire-server sbom (bill of material) file. (#3942)
* port flaking LH tests to new integration and improve the ergonomics of our testing library (#3876)
* some small refactorings to make it more clear in code what is happening when registering a scim token and an IdP (#3966)
* In order for the CRL-proxy to function correctly, it needs to have CORS headers set.
We are now setting the CORS headers on the ingress level. (#3956)
* drop cs in all production code and from Imports (#4001)
* Galley's internal `DELETE /i/client/:clientID` now early-exits before visiting all conversations if the client is already gone.
Galley now reports debug logs for every call to Cassandra. (#3985)
* move formatting and linting of haskell files to treefmt, remove some of the now unneeded rules (#4000)
* Integration test cases for strangely behaving feature config settings. (#4007)
* Add ldap-scim-bridge chart to the wire-server release (#3999)
* Disable `integration` subchart of `wire-server` by default (#3682)
* Provide password as value in `elasticsearch-ephemeral`. This way we can use
different passwords on our test systems. Ensuring that the password is really
configurable (and not accidentally hardcoded somewhere.) (#3994)
* Upgraded fluent-bit chart to version 0.46.2
Added example values for fluent-bit helm chart for output to syslog server (#4012)
* Ported 2FA tests to the new integration test suite (#3986)
* To ensure certificate revocations get active in a short time frame, disable
caching of proxy results on client side by setting respective HTTP headers. (#3952)
* Ensure that targets of the smallstep nginx proxy are resolved at runtime via the
configured DNS server. This has two benefits: The target gets adjusted when it's
changed at the DNS server. And, nginx doesn't fail to start when the target
doesn't exist yet. (#3947)
* Use schema-profunctor for user event serialisation and introduce golden tests (#3912)
* Setup federation-v0 environment for use in integration tests:
- add federation-v0 domain to test environment
- provision integration certificates with cert-manager (#3849, #3898)
* Add assets to output of ejpd-info end-point in stern; also:
- [brig] now talks to carghold for profile picture extraction;
- [integration] migrate ejpd tests;
- [integration] enhanced `shouldMatch` shows a diff on failure now;
- [integration] added `shouldMatchLeniently` for rule-based canonicalization of arguments (#3875)
* Bump hsaml2, saml2-web-sso dependencies. (#3995)
* Remove support for push token transport types APNSVoIP, APNSVoIPSandbox from gundeck. (#3967)
* Include remote domain in federator error logs (#3919)
* Remove remaining splinters of wai-routing, wai-predicate from brig. (#3996)
## Federation changes
* The on-conversation-updated notification is now queued instead of being sent directly. A new version of the notification has been introduced with a different JSON format for the body, mostly for testing purposes of the versioning system.
Since the notification is now sent asynchronously, some error conditions in case of unreachable backends cannot be triggered anymore. (#3831)
* Versioning of backend to backend notifications. Notifications are now stored in "bundles" containing a serialised payload for each supported version. The background worker then dynamically selects the best version to use and sends only the notification corresponding to that version.
(#3831)
# [2024-02-13] (Chart Release 4.41.0)
# [2024-02-12] (Chart Release 4.40.0)
Expand Down
37 changes: 0 additions & 37 deletions changelog.d/0-release-notes/WPB-227

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/0-release-notes/client-internal-api

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/0-release-notes/geodb

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/0-release-notes/new-ciphersuites

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/1-api-changes/client-capabilities

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/1-api-changes/gzip

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/2-features/WPB-6190

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/2-features/WPB-6252

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/2-features/WPB-6717

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/2-features/WPB-6783

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/2-features/WPB-6997-smallstep-accomp

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/2-features/WPB-7025

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/2-features/claim-key-packages-rate-limit

This file was deleted.

32 changes: 0 additions & 32 deletions changelog.d/2-features/es-tls

This file was deleted.

3 changes: 0 additions & 3 deletions changelog.d/2-features/gundeck-configure-notificationTTL

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/2-features/one2one-rate-limit

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/2-features/redis-creds

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/3-bug-fixes/WPB-6258

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/3-bug-fixes/WPB-6524

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/3-bug-fixes/WPB-6567

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/3-bug-fixes/WPB-6577

This file was deleted.

5 changes: 0 additions & 5 deletions changelog.d/3-bug-fixes/WPB-7023

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/3-bug-fixes/WPB-7415

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/3-bug-fixes/bw-service-monitor

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/3-bug-fixes/enqueue-lazy

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/3-bug-fixes/log-requestId-gundeck

This file was deleted.

3 changes: 0 additions & 3 deletions changelog.d/3-bug-fixes/sns-arn-parsing

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/3-bug-fixes/welcome-notifications

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/3-bug-fixes/wpb-6144-messaging-blocked-user

This file was deleted.

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/4-docs/start-coding-conventions

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/4-docs/utctime-swagger

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/4-docs/wpb-6780-patch-hole-in-scim-docs

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/5-internal/SEC-596

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/5-internal/WPB-5687

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/5-internal/WPB-7021

This file was deleted.

2 changes: 0 additions & 2 deletions changelog.d/5-internal/WPB-7155

This file was deleted.

1 change: 0 additions & 1 deletion changelog.d/5-internal/WPB-7222

This file was deleted.

Loading

0 comments on commit c266d4b

Please sign in to comment.