Skip to content

Releases: wireapp/wire-server

2022-02-02

03 Feb 16:32
9a32554
Compare
Choose a tag to compare

Release notes

  • Upgrade webapp version to 2022-01-27-production.0-v0.28.29-0-42c9a1e (#2078)

Features

  • Allow brig's additionalWriteIndex to be on a different ElasticSearch cluster.
    This allows migrating to a new ElasticSearch cluster. (#2063)

  • The file sharing team feature now has a server wide configurable lock status. For more information please refer to /docs/reference/config-options.md#file-sharing. (#2059)

Internal changes

  • Remove non-existing functions from module export lists (#2095)

  • Rename Spar.Sem.IdP to Spar.Sem.IdPConfigStore (#2067)

  • Endpoints based on MultiVerb can now be made to return content types not listed in the Accept header (#2074)

  • The lock status of the file sharing team feature can be updated via the internal API (PUT /i/teams/:tid/features/fileSharing/(un)?locked). (#2059)

  • Servantify Galley Teams API (GET /teams/:tid and DELETE /teams/:tid). (#2092)

  • Add explicit export lists to all Spar.Sem modules (#2070)

  • Separate some Spar.Sem utility functions into their own module (#2069)

2022-01-28

28 Jan 14:56
1b37f06
Compare
Choose a tag to compare

Release notes

  • Bump the webapp version. (#2082)

Internal changes

  • Additional integration testing for conversation access control. (#2057)

2022-01-27

28 Jan 09:27
13a6a83
Compare
Choose a tag to compare

Release notes

  • The nginz chart now configures nginx to only allow cross-origin requests from an explicit allow list of subdomains. By default these are:

    nginz:
      nginx_conf:
        allowlisted_origins:
        - webapp
        - teams
        - account

    If you changed the names of these services, you must adjust those names in the nginz config as well. (#1630)

  • Backend now separates conversation access control for guests and services. The old access roles are still supported but it is encouraged to upgrade clients since mapping between the old access roles and the new access roles is not isomorphic. For more details refer to the API changes below or the Swagger docs.
    Old clients are fully supported; if new clients and old clients are mixed, to old clients, either guests of services may appear to be enable if they are not, which may lead to error messages (confusing but harmless). (#2035)

API changes

  • Endpoints that recently have accepted access_role in their payload will now accept access_role_v2 as well which will take precedence over access_role. See Swagger docs for how values are mapped. Endpoints that recently have returned access_role in their payload will now additionally return the access_role_v2 field. (#2035)

Features

  • Conversation access roles now distinguish between guests and services. (#2035)

Bug fixes and other updates

  • There is now an explicit CORS allow list for all endpoints. In previous releases, all subdomains were accepted, however they must now be listed explicitly. This is a breaking change, as now only known Javascript applications may access the backend. (#1630)
  • Prevent 500s when SFTs are not reachable from Backend (#2077)

Internal changes

  • Bump hsaml2 package version (#2075)
  • Separate Spar.Data module into smaller Cassandra interpreters (#2064)
  • Fix some HLint issues in libs/wire-api. (#2065)
  • Fix broken build process of package "old-time" for some environments (#2056)
  • Refresh license headers (#2062)
  • Rename Spar.Sem.ScimTokenStore.GetByTeam to LookupByTeam (#2068)
  • (Try syntax change in config file that breaks nginz (#2073, reverted in a4a6193))

Federation changes

  • Tag several federation tests cases for the M2 release (#2045)

2022-01-18

19 Jan 09:35
b97b966
Compare
Choose a tag to compare

Changes

Release notes

  • This release introduces a mandatory federationDomain configuration setting to cargohold. Please update your values/wire-server/values.yaml to set cargohold.settings.federationDomain to the same value as the corresponding option in galley (and brig). (#1990)
  • The brig server config option setDefaultLocale has been replaced by setDefaultUserLocale and setDefaultTemplateLocale (see docs/reference/config-options.md for details) (#2028)
  • From this release onwards, the images for haskell components (brig, galley,
    cargohold, etc.) will be using Ubuntu 20.04 as the base. The images are about
    30-35 MB larger than the previous alpine based images. (#1852)
  • Wire cloud operators: Make sure #35 is applied to all SFT servers before deploying. (#2030)

API changes

  • The deprecated endpoint GET /teams now ignores query parameters ids, start (#2027)
  • Add qualified v4 endpoints for downloading and deleting assets. The upload API is still on the same path, but the asset object it returns now contains a domain field. (#2002)
  • Remove resumable upload API (#1998)

Features

  • Allow configuring setDefaultLocale in brig using helm chart (#2025)
  • If the guest links team feature is disabled guest links will be revoked. (#1976)
  • Revoke guest links if feature is disabled. If the guest links team feature is disabled get /conversations/join, post /conversations/:cnv/code, and get /conversations/:cnv/code will return an error. (#1980)
  • Specialize setDefaultLocale to distinguish between default user locale and default template locale if the user's locale is n/a. (#2028)

Bug fixes and other updates

  • Fix an issue with remote asset streaming (#2037, #2038)

Documentation

  • Annotate a first batch of integration and unit tests to map them to externally-facing documentation (#1869)
  • Add the description to several test cases (#1991)
  • Improve documentation for stern tool and helm chart (#2032)

Internal changes

  • Replace servant-generic in Galley with a custom Named combinator (#2022)
  • The Swagger documentation module is not regenerated anymore if its content is unchanged (#2018)
  • cabal-run-integration.sh - remove Makefile indirection (#2044)
  • Fix test runner for global cabal make target (#1987)
  • The cabal-install-artefacts.sh script now creates the dist directory if it does not exist (#2007)
  • Set purge: false in fake-s3 chart (#1981)
  • Add missing backendTwo.carghold in integration.yaml (#2039)
  • Use GHC 8.10.7 and stack 2.7.3 for builds (#1852)
  • Fix non-controversial HLint issues in federator to improve code quality (#2011)
  • Added laws for DefaultSsoCode, Now, IdP and ScimExternalIdStore (#1940)
  • Moved specifications for Spar effects out of the test suite and into the library (#2005)
  • Tag integration tests for security audit. (#2000)
  • Upgrade nixpkgs pin used to provision developement dependencies (#1852)
  • Servantify Galley Teams API. (#2008, #2010, #2027)
  • When sending an activation code, the blocked domains are checked before the whitelist. This only affects the wire SaaS staging environment (there is no whitelist configuration in prod, and blocked domains are not applicable to on-prem installations). (#2023)
  • Add a helm chart that deploys restund (#2003)
  • Publish restund helm chart (#2036)
  • Improve optional field API in schema-profunctor (#1988)
  • Migrate the public API of Cannon to Servant. (There is an internal API that is not yet migrated.) (#2024)
  • sftd chart: Add multiSFT option, remove additionalArgs option (#1992)
  • sftd chart: Fix quoted args for multiSFT option (#1999)
  • rangedSchema does not need to be passed singletons explicitly anymore (#2017)
  • Split cannon benchmarks and tests (#1986)
  • Tag integration tests for certification. (#1985)
  • Tag integration tests for certification. (#2001)
  • New internal endpoint to configure the guest links team feature. (#1993)

Federation changes

  • Make federator capable of streaming responses (#1966)
  • Use Named routes for the federation API (#2033)
  • Fix Brig's configmap for SFT lookups (#2015)
  • SFTD chart: provide a /sft_servers_all.json url that can be used by brig to populate /calls/config/v2 (#2019)
  • Allow making HTTP-only requests to SFTs via an IPv4 address (#2026)
  • Replace IPv4-HTTP-only Approach to SFT Server Lookup with /sft_servers_all.json (#2030)
  • Extend GET /calls/config/v2 to include all SFT servers in federation (#2012)
  • Improve Brig's configuration for SFTs and fix a call to SFT servers (#2014)
  • Enable downloading assets from a remote (federated) cargohold instance via the v4 API. The content of remote assets is returned as stream with content type application/octet-stream. Please refer to the Swagger API documentation for more details. (#2004)

2021-12-10

10 Dec 16:34
90b3c3c
Compare
Choose a tag to compare

This release includes changes from both the 2021-12-02 and 2021-12-10 versions, as 2021-12-02 was not properly released on GitHub.

Release notes

  • Breaking change to the fake-aws-s3 (part of fake-aws) helm chart. We now use minio helm chart from https://charts.min.io. The options are documented here (#1944)

    Before running the upgrade, the operators must use kubectl edit deployment fake-aws-s3 and explicitly set spec.template.spec.containers[0].serviceAccount and spec.template.spec.containers[0].serviceAccountName to null. (#1944)

  • Upgrade team-settings version to 4.3.0-v0.28.28-a2f11cf (#1856)

  • Upgrade webapp version to 2021-12-02-production.0-v0.28.29-0-ec2fa00 (#1954)

  • If you have selfDeletingMessages configured in galley.yaml, add lockStatus: unlocked. (#1963)

  • Upgrade SFTD to 2.1.19. (#1983)

API changes

  • A new endpoint is added to Brig (put /users/:uid/email) that allows a team owner to initiate changing/setting a user email by (re-)sending an activation email. (#1948)
  • get team feature config for self deleting messages response includes lock status (#1963)
  • A new public Galley endpoint was added to dis-/enable the conversation guest link feature. The feature can only be configured through the public API if the lock status is unlocked in the server config. (#1964)
  • new internal endpoints for setting the lock status of self deleting messages (#1963)

Features

  • By default install elasticsearch version 6.8.18 when using the elasticsearch-ephemeral chart (#1952)

  • Use fluent-bit chart from fluent.github.io instead of deprecated charts.helm.sh. Previous fluent-bit values are not compatible with the new chart, the documentation for the new chart can be found here (#1952)

  • Use kibana chart from helm.elastic.co instead of deprecated charts.helm.sh. Previous kibana values are not compatible with the new chart, the documentation for the new chart can be found here. This also upgrades kibana to version 6.8.18. (#1952)

  • Use kube-prometheus-stack instead of prometheus-operator and update grafana dashboards for compatibility and add federation endpoints to relevant queries. (#1915)

  • Add log format called 'StructuredJSON' for easier log aggregation (#1951)

  • Team and server wide config for conversation guest link feature to configure feature status and lock status (#1964). If the feature is not configured on the server, the defaults will be:

      featureFlags:
        ...
        conversationGuestLinks:
          defaults:
            status: enabled
            lockStatus: unlocked
  • Lock status for the self deleting messages feature can be set internally by ibis and customer support (#1963)

Bug fixes and other updates

  • elasticsearch-ephemeral: Disable automatic creation of indices (#1949)

  • Correctly detect log level when rendering logs as structured JSON (#1959)

Documentation

  • Document the wire-server PR process better. (#1934)

  • Remove documentation of unsupported scim end-point use case. (#1941)

  • Document servant setup and combinators (#1933)

  • Fix typo in swagger. (#1982)

  • Proposal for API versioning system. (#1958)

  • Update federation error documentation after changes to the federation API (#1956, #1975, #1978)

Internal changes

  • Add in-memory interpreters for most Spar effects (#1920)

  • Use minio helm chart in fake-aws-s3 from charts.min.io instead of helm.min.io, the latter seems to be down (#1944)

  • Upgrade to polysemy-1.7.0.0
    (#1932)

  • Replace Galley monad with polysemy's Sem throughout Galley (#1917)

  • Separate VerdictFormatStore effect from AReqIdStore effect (#1925)

  • Suspend/unsuspend teams in backoffice/stern. (#1977)

  • Set request ID correctly in galley logs (#1967)

  • Improve cabal make targets: faster installation and better support for building and testing all packages (#1979)

  • sftd chart: add config key additionalArgs (#1972)

Federation changes

  • The server-to-server API now uses HTTP2 directly instead of gRPC (#1930)

  • Errors when leaving a conversation are now correctly handled instead of resulting in a generic federation error. (#1928)

  • Add cargohold as a new federated component (#1973)

2021-11-15

16 Nov 08:27
793b764
Compare
Choose a tag to compare

Changes

Release notes

  • In case you use a multi-datacentre cassandra setup (most likely you do not), be aware that now LOCAL_QUORUM is in use as a default. (#1884)
  • Deploy galley before brig. (#1857)
  • Upgrade webapp version to 2021-11-01-production.0-v0.28.29-0-d919633 (#1856)

API changes

  • Remove locale from publicly facing user profiles (but not from the self profile) (#1888)

Features

  • End-points for configuring self-deleting messages. (#1857)

Bug fixes and other updates

  • Ensure that all endpoints have a correct handler in prometheus metrics (#1919)
  • Push events when AppLock or SelfDeletingMessages config change. (#1901)

Documentation

  • Federation: Document how to deploy local builds (#1880)

Internal changes

  • Add a 'filterNodesByDatacentre' config option useful during cassandra DC migration (#1886)
  • Add ormolu to the direnv, add a GH Action to ensure formatting (#1908)
  • Turn placeholder access effects into actual Polysemy effects. (#1904)
  • Fix a bug in the IdP.Mem interpreter, and added law tests for IdP (#1863)
  • Introduce fine-grained error types and polysemy error effects in Galley. (#1907)
  • Add polysemy store effects and split off Cassandra specific functionality from the Galley.Data module hierarchy. (#1890, #1906)
  • Make golden-tests in wire-api package a separate test suite (for faster feedback loop during development). (#1926)
  • Separate IdPRawMetadataStore effect from IdP effect (#1924)
  • Test sending message to multiple remote domains (#1899)
  • Use cabal to build wire-server (opt-in) (#1853)

Federation changes

  • Close GRPC client after making a request to a federator. (#1865)
  • Do not fail user deletion when a remote notification fails (#1912)
  • Add a one-to-one conversation test in getting conversations in the federation API (#1899)
  • Notify remote participants when a user leaves a conversation because they were deleted (#1891)

2021-10-29

29 Oct 12:15
d6b9490
Compare
Choose a tag to compare

Release notes

  • Upgrade SFT to 2.1.15 (#1849)
  • Upgrade team settings to Release: v4.2.0 and image tag: 4.2.0-v0.28.28-1e2ef7 (#1856)
  • Upgrade Webapp to image tag: 20021-10-28-federation-m1 (#1856)

API changes

  • Remove POST /list-conversations endpoint. (#1840)
  • The member.self ID in conversation endpoints is qualified and available as
    "qualified_id". The old unqualified "id" is still available. (#1866)

Features

  • Allow configuring nginz so it serve the deeplink for apps to discover the backend (#1889)
  • SFT: allow using TURN discovery using 'turnDiscoveryEnabled' (#1519)

Bug fixes and other updates

  • Fix an issue related to installing the SFT helm chart as a sub chart to the wire-server chart. (#1677)
  • SAML columns (Issuer, NameID) in CSV files with team members. (#1828)

Internal changes

  • Add a 'make flake-PATTERN' target to run a subset of tests multiple times to trigger a failure case in flaky tests (#1875)
  • Avoid a flaky test to fail related to phone updates and improve failure output. (#1874)
  • Brig: Delete deprecated GET /i/users/connections-status endpoint. (#1842)
  • Replace shell.nix with direnv + nixpkgs.buildEnv based setup (#1876)
  • Make connection DB functions work with Qualified IDs (#1819)
  • Fix more Swagger validation errors. (#1841)
  • Turn Galley into a polysemy monad stack. (#1881)
  • Internal CI tooling improvement: decrease integration setup time by using helmfile. (#1805)
  • Depend on hs-certificate master instead of our fork (#1822)
  • Add internal endpoint to insert or update a 1-1 conversation. This is to be used by brig when updating the status of a connection. (#1825)
  • Update helm to 3.6.3 in developer tooling (nix-shell) (#1862)
  • Improve the Qualified abstraction and make local/remote tagging safer (#1839)
  • Add some new Spar effects, completely isolating us from saml2-web-sso interface (#1827)
  • Convert legacy POST conversations/:cnv/members endpoint to Servant (#1838)
  • Simplify mock federator interface by removing unnecessary arguments. (#1870)
  • Replace the Spar newtype, instead using Sem directly. (#1833)

Federation changes

  • Remove remote guests as well as local ones when "Guests and services" is disabled in a group conversation, and propagate removal to remote members. (#1854)
  • Check connections when adding remote users to a local conversation and local users to remote conversations. (#1842)
  • Check connections when creating group and team conversations with remote members. (#1870)
  • Server certificates without the "serverAuth" extended usage flag are now rejected when connecting to a remote federator. (#1855)
  • Close GRPC client after making a request to a remote federator. (#1865)
  • Support deleting conversations with federated users (#1861)
  • Ensure that the conversation creator is included only once in notifications sent to remote users (#1879)
  • Allow connecting to remote users. One to one conversations are not created yet. (#1824)
  • Make federator's default log level Info (#1882)
  • The creator of a conversation now appears as a member when the conversation is fetched from a remote backend (#1842)
  • Include remote connections in the response to POST /list-connections (#1826)
  • When a user gets deleted, notify remotes about conversations and connections in chunks of 1000 (#1872, #1883)
  • Make federated requests to multiple backends in parallel. (#1860)
  • Make conversation ID of RemoteConversation unqualified and move it out of the metadata record. (#1839)
  • Make the conversation creator field in the on-conversation-created RPC unqualified. (#1858)
  • Update One2One conversation when connection status changes (#1850)

2021-10-01

04 Oct 06:22
143ee9f
Compare
Choose a tag to compare

Release notes

API changes

  • Add endpoint POST /connections/:domain/:userId to create a connection (#1773)
  • Deprecate PUT /conversations/:cnv/access endpoint (#1807)
  • Deprecate PUT /conversations/:cnv/message-timer endpoint (#1780)
  • Deprecate PUT /conversations/:cnv/members/:usr endpoint (#1784)
  • Deprecate PUT /conversations/:cnv/receipt-mode endpoint (#1797)
  • Add endpoint GET /connections/:domain/:userId to get a single connection (#1773)
  • Add POST /list-connections endpoint to get connections (#1773)
  • Add qualified endpoint for updating conversation access (#1807)
  • Add qualified endpoint for updating message timer (#1780)
  • Add qualified endpoint for updating conversation members (#1784)
  • Add qualified endpoint for updating receipt mode (#1797)
  • Add endpoint PUT /connections/:domain/:userId to update a connection (#1773)

Features

  • Helm charts to deploy ldap-scim-bridge (#1709)
  • Per-account configuration of conference call initiation (details: /docs/reference/config-options.md#conference-calling-1) (#1811, #1818)

Bug fixes and other updates

  • An attempt to create a 3rd IdP with the same issuer was triggering an exception. (#1763)
  • When a user was auto-provisioned into two teams under the same pair of Issuer and NameID, they where directed into the wrong team, and not rejected. (#1763)

Documentation

  • Expand documentation of conversations/list-ids endpoint (#1779)
  • Add documentation of the multi-table paging abstraction (#1803)
  • Document how to use IdP issuers for multiple teams (#1763)
  • All named Swagger schemas are now displayed in the Swagger UI (#1802)

Internal changes

  • Abstract out multi-table-pagination used in list conversation-ids endpoint (#1788)
  • Testing: rewrite monadic to applicative style generators (#1782)
  • Add a test checking that creating conversations of exactly the size limit is allowed (#1820)
  • Rewrite the DELETE /self endpoint to Servant (#1771)
  • Fix conversation generator in mapping test (#1778)
  • Polysemize spar (#1806, #1787, #1793, #1814, #1792, #1781, #1786, #1810, #1816, #1815)
  • Refactored a few functions dealing with conversation updates, in an attempt to
    make the conversation update code paths more uniform, and also reduce special
    cases for local and remote objects. (#1801)
  • Merged http2-client fixes as mentioned in the comments of #1703 (#1809)
  • Some executables now have a runtime dependency on ncurses (#1791)
  • Minor changes around SAML and multi-team Issuers.
    • Change query param to not contain -, but _. (This is considered an internal change because the feature has been release in the last release, but only been documented in this one.)
    • Haddocks.
    • Simplify code.
    • Remove unnecessary calls to cassandra. (#1763)
  • Clean up JSON Golden Tests (Part 6) (#1769)
  • Remove explicit instantiations of ErrorDescription (#1794)
  • Remove one flaky integration test about ordering of search results (#1798)
  • Report all failures in JSON golden tests in a group at once (#1746)
  • Convert the PUT /conversations/:cnv/access endpoint to Servant (#1807)
  • Move /connections/* endpoints to Servant (#1770)
  • Servantify Galley's DELETE /i/user endpoint (#1772)
  • Convert the PUT /conversations/:cnv/message-timer endpoint to Servant (#1780)
  • Convert the PUT /conversations/:cnv/members/:usr endpoint to Servant (#1796)
  • Convert the PUT /conversations/:cnv/receipt-mode endpoint to Servant (#1797)
  • Expose wire.com internal EJDP process to backoffice/stern. (#1831)
  • Update configurable boolean team feature list in backoffice/stern. (#1829)
  • Handle upper/lower case more consistently in scim and rich-info data. (#1754)

Federation changes

  • Add value for verification depth of client certificates in federator ingress (#1812)
  • Document federation API conventions and align already existing APIs (#1765)
  • Notify remote users when a conversation access settings are updated (#1808)
  • Notify remote users when a conversation member role is updated (#1785)
  • Notify remote users when a conversation message timer is updated (#1783)
  • Notify remote users when a conversation is renamed (#1767)
  • Make sure that only users that are actually part of a conversation get notified about updates in the conversation metadata (#1767)
  • Notify remote users when a conversation receipt mode is updated (#1801)
  • Implement updates to remote members (#1785)
  • Make conversation ID of the on-conversation-created RPC unqualified (#1766)
  • 4 endpoints for create/update/get/list connections designed for remote users in mind. So far, the implementation only works for local users (actual implementation will come as a follow-up) (#1773)
  • The returned connection object now has a qualified_to field with the domain of the (potentially remote) user. (#1773)
  • Add migration for remote connection table (#1789)
  • Remove a user from remote conversations upon deleting their account (#1790)
  • Remove elasticsearch specific details from the search endpoint (#1768)
  • Added support for updating self member status of remote conversations (#1753)

2021-09-14

13 Sep 22:45
26d73d0
Compare
Choose a tag to compare

API changes

  • Remove the long-deprecated message field in POST /connections (#1726)
  • Add PUT /conversations/:domain/:cnv/name (#1737)
  • Deprecate PUT /conversations/:cnv/name (#1737)
  • Add GET & PUT /conversations/:domain/:cnv/self (#1740)
  • Deprecate GET & PUT /conversations/:cnv/self (#1740)
  • Remove endpoint GET /conversations/:domain/:cnv/self (#1752)
  • The otr_muted field in Member and MemberUpdate has been removed. (#1751)
  • Removed the ability to update one's own role (#1752)

Features

  • Disallow changing phone number to a black listed phone number (#1758)
  • Support using a single IDP with a single EntityID (aka issuer ID) to set up two teams. Sets up a migration, and makes teamID + EntityID unique, rather than relying on EntityID to be unique. Required to support multiple teams in environments where the IDP software cannot present anything but one EntityID (E.G.: DualShield). (#1755)

Documentation

  • Added documentation of federation errors (#1674)
  • Better swagger schema for the Range type (#1748)
  • Add better example for Domain in swagger (#1748)

Internal changes

  • Introduce new process for writing changelogs (#1749)
  • Clean up JSON golden tests (Part 4, Part 5) (#1756, #1762)
  • Increased timeout on certificate update tests to 10s (#1750)
  • Fix for flaky test in spar (#1760)
  • Rewrite the POST /connections endpoint to Servant (#1726)
  • Various improvements and fixes around SAML/SCIM (#1735)

Federation changes

  • Avoid remote calls to get conversation when it is not found locally (#1749)
  • Federator CA store and client credentials are now automatically reloaded (#1730)
  • Ensure clients only receive messages meant for them in remote convs (#1739)

2021-09-08

08 Sep 12:52
7587f9d
Compare
Choose a tag to compare

Release Notes

API Changes

  • Add POST /conversations/list/v2 (#1703)
  • Deprecate POST /list-conversations (#1703)

Features

  • Bump SFTD to 2.0.127 (#1745)

Bug fixes and other updates

  • Remove support for managed conversations in member removal (#1718)
  • Update the webapp to correct labeling on CBR calling (#1743)

Documentation

  • Document backend internals for user connections (#1717)
  • Open Update spar braindump and explain idp deletion (#1728)

Internal changes

  • Integration test script does not display the output interactively (#1742)
  • Clean up JSON golden tests (#1729, #1732, #1733)
  • Make regenerated golden tests' JSON output deterministic (#1734)
  • Import fix for snappy linker issue (#1736)

Federation changes

  • Refactored remote error handling in federator (#1681)
  • The update conversation membership federation endpoint takes OriginDomainHeader (#1719)
  • Added new endpoint to allow fetching conversation metadata by qualified ids (#1703)