Releases: wireapp/wire-server
2022-01-28
2022-01-27
Release notes
-
The
nginz
chart now configures nginx to only allow cross-origin requests from an explicit allow list of subdomains. By default these are:nginz: nginx_conf: allowlisted_origins: - webapp - teams - account
If you changed the names of these services, you must adjust those names in the nginz config as well. (#1630)
-
Backend now separates conversation access control for guests and services. The old access roles are still supported but it is encouraged to upgrade clients since mapping between the old access roles and the new access roles is not isomorphic. For more details refer to the API changes below or the Swagger docs.
Old clients are fully supported; if new clients and old clients are mixed, to old clients, either guests of services may appear to be enable if they are not, which may lead to error messages (confusing but harmless). (#2035)
API changes
- Endpoints that recently have accepted
access_role
in their payload will now acceptaccess_role_v2
as well which will take precedence overaccess_role
. See Swagger docs for how values are mapped. Endpoints that recently have returnedaccess_role
in their payload will now additionally return theaccess_role_v2
field. (#2035)
Features
- Conversation access roles now distinguish between guests and services. (#2035)
Bug fixes and other updates
- There is now an explicit CORS allow list for all endpoints. In previous releases, all subdomains were accepted, however they must now be listed explicitly. This is a breaking change, as now only known Javascript applications may access the backend. (#1630)
- Prevent 500s when SFTs are not reachable from Backend (#2077)
Internal changes
- Bump hsaml2 package version (#2075)
- Separate Spar.Data module into smaller Cassandra interpreters (#2064)
- Fix some HLint issues in libs/wire-api. (#2065)
- Fix broken build process of package "old-time" for some environments (#2056)
- Refresh license headers (#2062)
- Rename Spar.Sem.ScimTokenStore.GetByTeam to LookupByTeam (#2068)
- (Try syntax change in config file that breaks nginz (#2073, reverted in a4a6193))
Federation changes
- Tag several federation tests cases for the M2 release (#2045)
2022-01-18
Changes
Release notes
- This release introduces a mandatory
federationDomain
configuration setting to cargohold. Please update yourvalues/wire-server/values.yaml
to setcargohold.settings.federationDomain
to the same value as the corresponding option in galley (and brig). (#1990) - The brig server config option
setDefaultLocale
has been replaced bysetDefaultUserLocale
andsetDefaultTemplateLocale
(see docs/reference/config-options.md for details) (#2028) - From this release onwards, the images for haskell components (brig, galley,
cargohold, etc.) will be using Ubuntu 20.04 as the base. The images are about
30-35 MB larger than the previous alpine based images. (#1852) - Wire cloud operators: Make sure #35 is applied to all SFT servers before deploying. (#2030)
API changes
- The deprecated endpoint
GET /teams
now ignores query parametersids
,start
(#2027) - Add qualified v4 endpoints for downloading and deleting assets. The upload API is still on the same path, but the asset object it returns now contains a
domain
field. (#2002) - Remove resumable upload API (#1998)
Features
- Allow configuring setDefaultLocale in brig using helm chart (#2025)
- If the guest links team feature is disabled guest links will be revoked. (#1976)
- Revoke guest links if feature is disabled. If the guest links team feature is disabled
get /conversations/join
,post /conversations/:cnv/code
, andget /conversations/:cnv/code
will return an error. (#1980) - Specialize
setDefaultLocale
to distinguish between default user locale and default template locale if the user's locale is n/a. (#2028)
Bug fixes and other updates
Documentation
- Annotate a first batch of integration and unit tests to map them to externally-facing documentation (#1869)
- Add the description to several test cases (#1991)
- Improve documentation for stern tool and helm chart (#2032)
Internal changes
- Replace servant-generic in Galley with a custom
Named
combinator (#2022) - The Swagger documentation module is not regenerated anymore if its content is unchanged (#2018)
- cabal-run-integration.sh - remove Makefile indirection (#2044)
- Fix test runner for global cabal make target (#1987)
- The
cabal-install-artefacts.sh
script now creates thedist
directory if it does not exist (#2007) - Set
purge: false
in fake-s3 chart (#1981) - Add missing backendTwo.carghold in integration.yaml (#2039)
- Use GHC 8.10.7 and stack 2.7.3 for builds (#1852)
- Fix non-controversial HLint issues in federator to improve code quality (#2011)
- Added laws for DefaultSsoCode, Now, IdP and ScimExternalIdStore (#1940)
- Moved specifications for Spar effects out of the test suite and into the library (#2005)
- Tag integration tests for security audit. (#2000)
- Upgrade nixpkgs pin used to provision developement dependencies (#1852)
- Servantify Galley Teams API. (#2008, #2010, #2027)
- When sending an activation code, the blocked domains are checked before the whitelist. This only affects the wire SaaS staging environment (there is no whitelist configuration in prod, and blocked domains are not applicable to on-prem installations). (#2023)
- Add a helm chart that deploys restund (#2003)
- Publish restund helm chart (#2036)
- Improve optional field API in schema-profunctor (#1988)
- Migrate the public API of Cannon to Servant. (There is an internal API that is not yet migrated.) (#2024)
- sftd chart: Add multiSFT option, remove additionalArgs option (#1992)
- sftd chart: Fix quoted args for multiSFT option (#1999)
rangedSchema
does not need to be passed singletons explicitly anymore (#2017)- Split cannon benchmarks and tests (#1986)
- Tag integration tests for certification. (#1985)
- Tag integration tests for certification. (#2001)
- New internal endpoint to configure the guest links team feature. (#1993)
Federation changes
- Make federator capable of streaming responses (#1966)
- Use
Named
routes for the federation API (#2033) - Fix Brig's configmap for SFT lookups (#2015)
- SFTD chart: provide a /sft_servers_all.json url that can be used by brig to populate /calls/config/v2 (#2019)
- Allow making HTTP-only requests to SFTs via an IPv4 address (#2026)
- Replace IPv4-HTTP-only Approach to SFT Server Lookup with /sft_servers_all.json (#2030)
- Extend GET /calls/config/v2 to include all SFT servers in federation (#2012)
- Improve Brig's configuration for SFTs and fix a call to SFT servers (#2014)
- Enable downloading assets from a remote (federated) cargohold instance via the v4 API. The content of remote assets is returned as stream with content type
application/octet-stream
. Please refer to the Swagger API documentation for more details. (#2004)
2021-12-10
This release includes changes from both the 2021-12-02 and 2021-12-10 versions, as 2021-12-02 was not properly released on GitHub.
Release notes
-
Breaking change to the
fake-aws-s3
(part offake-aws
) helm chart. We now use minio helm chart from https://charts.min.io. The options are documented here (#1944)Before running the upgrade, the operators must use
kubectl edit deployment fake-aws-s3
and explicitly setspec.template.spec.containers[0].serviceAccount
andspec.template.spec.containers[0].serviceAccountName
to null. (#1944) -
Upgrade team-settings version to 4.3.0-v0.28.28-a2f11cf (#1856)
-
Upgrade webapp version to 2021-12-02-production.0-v0.28.29-0-ec2fa00 (#1954)
-
If you have
selfDeletingMessages
configured ingalley.yaml
, addlockStatus: unlocked
. (#1963) -
Upgrade SFTD to 2.1.19. (#1983)
API changes
- A new endpoint is added to Brig (
put /users/:uid/email
) that allows a team owner to initiate changing/setting a user email by (re-)sending an activation email. (#1948) - get team feature config for self deleting messages response includes lock status (#1963)
- A new public Galley endpoint was added to dis-/enable the conversation guest link feature. The feature can only be configured through the public API if the lock status is unlocked in the server config. (#1964)
- new internal endpoints for setting the lock status of self deleting messages (#1963)
Features
-
By default install elasticsearch version 6.8.18 when using the elasticsearch-ephemeral chart (#1952)
-
Use fluent-bit chart from fluent.github.io instead of deprecated charts.helm.sh. Previous fluent-bit values are not compatible with the new chart, the documentation for the new chart can be found here (#1952)
-
Use kibana chart from helm.elastic.co instead of deprecated charts.helm.sh. Previous kibana values are not compatible with the new chart, the documentation for the new chart can be found here. This also upgrades kibana to version 6.8.18. (#1952)
-
Use kube-prometheus-stack instead of prometheus-operator and update grafana dashboards for compatibility and add federation endpoints to relevant queries. (#1915)
-
Add log format called 'StructuredJSON' for easier log aggregation (#1951)
-
Team and server wide config for conversation guest link feature to configure feature status and lock status (#1964). If the feature is not configured on the server, the defaults will be:
featureFlags: ... conversationGuestLinks: defaults: status: enabled lockStatus: unlocked
-
Lock status for the self deleting messages feature can be set internally by ibis and customer support (#1963)
Bug fixes and other updates
-
elasticsearch-ephemeral: Disable automatic creation of indices (#1949)
-
Correctly detect log level when rendering logs as structured JSON (#1959)
Documentation
-
Document the wire-server PR process better. (#1934)
-
Remove documentation of unsupported scim end-point use case. (#1941)
-
Document servant setup and combinators (#1933)
-
Fix typo in swagger. (#1982)
-
Proposal for API versioning system. (#1958)
-
Update federation error documentation after changes to the federation API (#1956, #1975, #1978)
Internal changes
-
Add in-memory interpreters for most Spar effects (#1920)
-
Use minio helm chart in fake-aws-s3 from charts.min.io instead of helm.min.io, the latter seems to be down (#1944)
-
Upgrade to polysemy-1.7.0.0
(#1932) -
Replace Galley monad with polysemy's Sem throughout Galley (#1917)
-
Separate VerdictFormatStore effect from AReqIdStore effect (#1925)
-
Suspend/unsuspend teams in backoffice/stern. (#1977)
-
Set request ID correctly in galley logs (#1967)
-
Improve cabal make targets: faster installation and better support for building and testing all packages (#1979)
-
sftd chart: add config key
additionalArgs
(#1972)
Federation changes
2021-11-15
Changes
Release notes
- In case you use a multi-datacentre cassandra setup (most likely you do not), be aware that now LOCAL_QUORUM is in use as a default. (#1884)
- Deploy galley before brig. (#1857)
- Upgrade webapp version to 2021-11-01-production.0-v0.28.29-0-d919633 (#1856)
API changes
- Remove locale from publicly facing user profiles (but not from the self profile) (#1888)
Features
- End-points for configuring self-deleting messages. (#1857)
Bug fixes and other updates
- Ensure that all endpoints have a correct handler in prometheus metrics (#1919)
- Push events when AppLock or SelfDeletingMessages config change. (#1901)
Documentation
- Federation: Document how to deploy local builds (#1880)
Internal changes
- Add a 'filterNodesByDatacentre' config option useful during cassandra DC migration (#1886)
- Add ormolu to the direnv, add a GH Action to ensure formatting (#1908)
- Turn placeholder access effects into actual Polysemy effects. (#1904)
- Fix a bug in the IdP.Mem interpreter, and added law tests for IdP (#1863)
- Introduce fine-grained error types and polysemy error effects in Galley. (#1907)
- Add polysemy store effects and split off Cassandra specific functionality from the Galley.Data module hierarchy. (#1890, #1906)
- Make golden-tests in wire-api package a separate test suite (for faster feedback loop during development). (#1926)
- Separate IdPRawMetadataStore effect from IdP effect (#1924)
- Test sending message to multiple remote domains (#1899)
- Use cabal to build wire-server (opt-in) (#1853)
Federation changes
- Close GRPC client after making a request to a federator. (#1865)
- Do not fail user deletion when a remote notification fails (#1912)
- Add a one-to-one conversation test in getting conversations in the federation API (#1899)
- Notify remote participants when a user leaves a conversation because they were deleted (#1891)
2021-10-29
Release notes
- Upgrade SFT to 2.1.15 (#1849)
- Upgrade team settings to Release: v4.2.0 and image tag: 4.2.0-v0.28.28-1e2ef7 (#1856)
- Upgrade Webapp to image tag: 20021-10-28-federation-m1 (#1856)
API changes
- Remove
POST /list-conversations
endpoint. (#1840) - The member.self ID in conversation endpoints is qualified and available as
"qualified_id". The old unqualified "id" is still available. (#1866)
Features
- Allow configuring nginz so it serve the deeplink for apps to discover the backend (#1889)
- SFT: allow using TURN discovery using 'turnDiscoveryEnabled' (#1519)
Bug fixes and other updates
- Fix an issue related to installing the SFT helm chart as a sub chart to the wire-server chart. (#1677)
- SAML columns (Issuer, NameID) in CSV files with team members. (#1828)
Internal changes
- Add a 'make flake-PATTERN' target to run a subset of tests multiple times to trigger a failure case in flaky tests (#1875)
- Avoid a flaky test to fail related to phone updates and improve failure output. (#1874)
- Brig: Delete deprecated
GET /i/users/connections-status
endpoint. (#1842) - Replace shell.nix with direnv + nixpkgs.buildEnv based setup (#1876)
- Make connection DB functions work with Qualified IDs (#1819)
- Fix more Swagger validation errors. (#1841)
- Turn
Galley
into a polysemy monad stack. (#1881) - Internal CI tooling improvement: decrease integration setup time by using helmfile. (#1805)
- Depend on hs-certificate master instead of our fork (#1822)
- Add internal endpoint to insert or update a 1-1 conversation. This is to be used by brig when updating the status of a connection. (#1825)
- Update helm to 3.6.3 in developer tooling (nix-shell) (#1862)
- Improve the
Qualified
abstraction and make local/remote tagging safer (#1839) - Add some new Spar effects, completely isolating us from saml2-web-sso interface (#1827)
- Convert legacy POST conversations/:cnv/members endpoint to Servant (#1838)
- Simplify mock federator interface by removing unnecessary arguments. (#1870)
- Replace the
Spar
newtype, instead usingSem
directly. (#1833)
Federation changes
- Remove remote guests as well as local ones when "Guests and services" is disabled in a group conversation, and propagate removal to remote members. (#1854)
- Check connections when adding remote users to a local conversation and local users to remote conversations. (#1842)
- Check connections when creating group and team conversations with remote members. (#1870)
- Server certificates without the "serverAuth" extended usage flag are now rejected when connecting to a remote federator. (#1855)
- Close GRPC client after making a request to a remote federator. (#1865)
- Support deleting conversations with federated users (#1861)
- Ensure that the conversation creator is included only once in notifications sent to remote users (#1879)
- Allow connecting to remote users. One to one conversations are not created yet. (#1824)
- Make federator's default log level Info (#1882)
- The creator of a conversation now appears as a member when the conversation is fetched from a remote backend (#1842)
- Include remote connections in the response to
POST /list-connections
(#1826) - When a user gets deleted, notify remotes about conversations and connections in chunks of 1000 (#1872, #1883)
- Make federated requests to multiple backends in parallel. (#1860)
- Make conversation ID of
RemoteConversation
unqualified and move it out of the metadata record. (#1839) - Make the conversation creator field in the
on-conversation-created
RPC unqualified. (#1858) - Update One2One conversation when connection status changes (#1850)
2021-10-01
Release notes
- Deploy brig before galley (#1811, #1818)
- The conference call initiation feature can now be configured for personal accounts in
brig.yaml
.enabled
is the default and the previous behavior. If you want to change that, read /docs/reference/config-options.md#conference-calling-1 (#1811, #1818) - Only if you are an early adopter of multi-team IdP issuers on release 2021-09-14: note that the query parameter for IdP creation has changed. This only affects future calls to this one end-point. (#1763)
- For wire.com cloud operators: reminder to also deploy nginz. (No special action needed for on-premise operators) (#1773)
API changes
- Add endpoint
POST /connections/:domain/:userId
to create a connection (#1773) - Deprecate
PUT /conversations/:cnv/access
endpoint (#1807) - Deprecate
PUT /conversations/:cnv/message-timer
endpoint (#1780) - Deprecate
PUT /conversations/:cnv/members/:usr
endpoint (#1784) - Deprecate
PUT /conversations/:cnv/receipt-mode
endpoint (#1797) - Add endpoint
GET /connections/:domain/:userId
to get a single connection (#1773) - Add
POST /list-connections
endpoint to get connections (#1773) - Add qualified endpoint for updating conversation access (#1807)
- Add qualified endpoint for updating message timer (#1780)
- Add qualified endpoint for updating conversation members (#1784)
- Add qualified endpoint for updating receipt mode (#1797)
- Add endpoint
PUT /connections/:domain/:userId
to update a connection (#1773)
Features
- Helm charts to deploy ldap-scim-bridge (#1709)
- Per-account configuration of conference call initiation (details: /docs/reference/config-options.md#conference-calling-1) (#1811, #1818)
Bug fixes and other updates
- An attempt to create a 3rd IdP with the same issuer was triggering an exception. (#1763)
- When a user was auto-provisioned into two teams under the same pair of
Issuer
andNameID
, they where directed into the wrong team, and not rejected. (#1763)
Documentation
- Expand documentation of
conversations/list-ids
endpoint (#1779) - Add documentation of the multi-table paging abstraction (#1803)
- Document how to use IdP issuers for multiple teams (#1763)
- All named Swagger schemas are now displayed in the Swagger UI (#1802)
Internal changes
- Abstract out multi-table-pagination used in list conversation-ids endpoint (#1788)
- Testing: rewrite monadic to applicative style generators (#1782)
- Add a test checking that creating conversations of exactly the size limit is allowed (#1820)
- Rewrite the DELETE /self endpoint to Servant (#1771)
- Fix conversation generator in mapping test (#1778)
- Polysemize spar (#1806, #1787, #1793, #1814, #1792, #1781, #1786, #1810, #1816, #1815)
- Refactored a few functions dealing with conversation updates, in an attempt to
make the conversation update code paths more uniform, and also reduce special
cases for local and remote objects. (#1801) - Merged http2-client fixes as mentioned in the comments of #1703 (#1809)
- Some executables now have a runtime dependency on ncurses (#1791)
- Minor changes around SAML and multi-team Issuers.
- Change query param to not contain
-
, but_
. (This is considered an internal change because the feature has been release in the last release, but only been documented in this one.) - Haddocks.
- Simplify code.
- Remove unnecessary calls to cassandra. (#1763)
- Change query param to not contain
- Clean up JSON Golden Tests (Part 6) (#1769)
- Remove explicit instantiations of ErrorDescription (#1794)
- Remove one flaky integration test about ordering of search results (#1798)
- Report all failures in JSON golden tests in a group at once (#1746)
- Convert the
PUT /conversations/:cnv/access
endpoint to Servant (#1807) - Move /connections/* endpoints to Servant (#1770)
- Servantify Galley's DELETE /i/user endpoint (#1772)
- Convert the
PUT /conversations/:cnv/message-timer
endpoint to Servant (#1780) - Convert the
PUT /conversations/:cnv/members/:usr
endpoint to Servant (#1796) - Convert the
PUT /conversations/:cnv/receipt-mode
endpoint to Servant (#1797) - Expose wire.com internal EJDP process to backoffice/stern. (#1831)
- Update configurable boolean team feature list in backoffice/stern. (#1829)
- Handle upper/lower case more consistently in scim and rich-info data. (#1754)
Federation changes
- Add value for verification depth of client certificates in federator ingress (#1812)
- Document federation API conventions and align already existing APIs (#1765)
- Notify remote users when a conversation access settings are updated (#1808)
- Notify remote users when a conversation member role is updated (#1785)
- Notify remote users when a conversation message timer is updated (#1783)
- Notify remote users when a conversation is renamed (#1767)
- Make sure that only users that are actually part of a conversation get notified about updates in the conversation metadata (#1767)
- Notify remote users when a conversation receipt mode is updated (#1801)
- Implement updates to remote members (#1785)
- Make conversation ID of the on-conversation-created RPC unqualified (#1766)
- 4 endpoints for create/update/get/list connections designed for remote users in mind. So far, the implementation only works for local users (actual implementation will come as a follow-up) (#1773)
- The returned
connection
object now has aqualified_to
field with the domain of the (potentially remote) user. (#1773) - Add migration for remote connection table (#1789)
- Remove a user from remote conversations upon deleting their account (#1790)
- Remove elasticsearch specific details from the search endpoint (#1768)
- Added support for updating self member status of remote conversations (#1753)
2021-09-14
API changes
- Remove the long-deprecated
message
field inPOST /connections
(#1726) - Add
PUT /conversations/:domain/:cnv/name
(#1737) - Deprecate
PUT /conversations/:cnv/name
(#1737) - Add
GET & PUT /conversations/:domain/:cnv/self
(#1740) - Deprecate
GET & PUT /conversations/:cnv/self
(#1740) - Remove endpoint
GET /conversations/:domain/:cnv/self
(#1752) - The
otr_muted
field inMember
andMemberUpdate
has been removed. (#1751) - Removed the ability to update one's own role (#1752)
Features
- Disallow changing phone number to a black listed phone number (#1758)
- Support using a single IDP with a single EntityID (aka issuer ID) to set up two teams. Sets up a migration, and makes teamID + EntityID unique, rather than relying on EntityID to be unique. Required to support multiple teams in environments where the IDP software cannot present anything but one EntityID (E.G.: DualShield). (#1755)
Documentation
- Added documentation of federation errors (#1674)
- Better swagger schema for the Range type (#1748)
- Add better example for Domain in swagger (#1748)
Internal changes
- Introduce new process for writing changelogs (#1749)
- Clean up JSON golden tests (Part 4, Part 5) (#1756, #1762)
- Increased timeout on certificate update tests to 10s (#1750)
- Fix for flaky test in spar (#1760)
- Rewrite the
POST /connections
endpoint to Servant (#1726) - Various improvements and fixes around SAML/SCIM (#1735)
Federation changes
2021-09-08
Release Notes
API Changes
Features
- Bump SFTD to 2.0.127 (#1745)
Bug fixes and other updates
- Remove support for managed conversations in member removal (#1718)
- Update the webapp to correct labeling on CBR calling (#1743)
Documentation
- Document backend internals for user connections (#1717)
- Open Update spar braindump and explain idp deletion (#1728)
Internal changes
- Integration test script does not display the output interactively (#1742)
- Clean up JSON golden tests (#1729, #1732, #1733)
- Make regenerated golden tests' JSON output deterministic (#1734)
- Import fix for snappy linker issue (#1736)
Federation changes
Release 2021 08 27
Release Notes
API Changes
- Deprecate
DELETE /conversations/:cnv/members/:usr
(#1697) - Add
DELETE /conversations/:cnv/members/:domain/:usr
(#1697)
Features
Bug fixes and other updates
- Fix case sensitivity in schema parser in hscim library (#1714)
- [helm charts] resolve a rate-limiting issue when using certificate-manager alongside wire-server and nginx-ingress-services helm charts (#1715)
Documentation
- Improve Swagger for
DELETE /conversations/:cnv/members/:usr
(#1697)
Internal changes
- Integration test script now displays output interactively (#1700)
- Fixed a few issues with error response documentation in Swagger (#1707)
- Make mapping between (team) permissions and roles more lenient (#1711)
- The
DELETE /conversations/:cnv/members/:usr
endpoint rewritten to Servant (#1697) - Remove leftover auto-connect internal endpoint and code (#1716)
- Bump wire-webapp (#1720)
- Bump team-settings (#1721)
- Bump account-pages (#1666)