[WPB-21261] Release 2025-10-21 - (expected chart version 5.23.0) #4820
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Master->Develop after release
This changes the rules for blocked email domains: - Users cannot activate their accounts with a blocked email (this stays the same) - Users with blocked domains cannot be invited to teams - Users cannot change their email address to one of a blocked domain The pre-condition to this commit is that legitimate domains are not part of the blocked domains set anymore. In the past, legitimate domains were blocked to force users to be invited to teams. This should now be handled by the new enterprise login feature(s). This commit brings back b480a34 which was reverted by 5e65ed9 . --------- Co-authored-by: Matthias Fischmann <[email protected]>
This file is used by my (Sven) editor setup. It's probably not of general usefulness.
* feat: add pdb to backoffice
Configure Renovate
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
renovate: security updates only
* Initial implementation of AppStore * App subsystem * Generate team event on app creation * Add app creation endpoint * Generate app cookie * Basic app creation test * Add app creation permission * Add CHANGELOG entry * Better logging * Fix team event parsing
- use library functions for stripping list (string) prefix - content-type:application/xml is already added by addXML helper
cloned from the corresp. cassandra script.
Add a feature flag for "simplified user connection requests" QR codes. This flag will only be interpreted by clients; backend behaviour does not change.
* PostgresMarshall: Add instance for tuples of length upto 16 * Move PostgresMarshall to wire-api This way we can write instances for various types next to them
* Add type field to user profile * Set type field correctly for apps * Test type field * Add CHANGELOG entry * Update golden tests * fixup! Add type field to user profile
We currently get a few 500s sometime when gundeck restarts, where some current requests seem to get aborted mid-request. This is possibly due to terminating pods still getting some traffic. https://wearezeta.atlassian.net/browse/WPB-19694
* Merge runMaybeStatement and runResultlessStatement * Remove user from all user groups * Remove user from groups on user deletion * Use harcoded names in user group test * Test removal from user group on deletion * Add CHANGELOG entry
…uting to wire-docs and fix build.yaml
…documentation WPB-20718: update multi-ingress deeplink doc
…ciation (#4783) Co-authored-by: Leif Battermann <[email protected]>
…endpoints (#4776)
* WPB-20544-bypass-wire-server-enterprise * add documentation on federated calling * update federated calling documentation * remove nginx hack
* Extract actions for MLS commit lock in a separate effect This will allow us to migrate rest of the conversation data to postgres * ConversationStore: Remove action createConversationId It has nothing to do with the store, the one place which calls this can call `Random.uuid` instead. * Extract logic to convert NewConversation -> StoredConversation outside the Casssadnra interpreter * ConversationStore: Remove polymorphism from CreateMembers It was used only twice seems like unnecesary leak of business logic into the store effect. * PostgresUnmarshall: Add a few instances * ConversationStore: Delete unused Get(Remote,Local)MembersByDomain * ConversationStore.Cassandra: Make functions for making conv objects from db more general * ConversationStore.Cassandra: Always cleanup deleted convs Previously this was done in the store interpreter when getting one conv, but done in galley code when getting a list of convs. The cleanup logic is required only in Cassandra because it cannot guarantee that deletions of rows from the member table along with rows from the conv table. So the usual deletion logic is to mark the conv deleted first and then try to delete the rows. This will all not be required in Postgres because we can do these things with transactions. * galley: Allow selecting postgrsql for storing conversations * ConversationStore: Rename CreateSubConversation to UpsertSubConversation Also change the Postgres interpreter to do so. In the galley code, this is explicitly being used as an Upsert. * CovnersationStore: Add action GetConversationIds This replaces the use of ListItems. * CovnersationStore: Add action GetLocalConversationIds This replaces the use of ListItems with LegacyPaging * ConversationStore: CreateMembersInRemoteConversation -> Upsert... * ConversationStore: CreateMembers -> UpsertMembers * ConversationStore: CreateConversation -> UpsertConversation * galley-integration: Ignore order of self conversation ids returned from /conversations/list-ids --------- Co-authored-by: Matthias Fischmann <[email protected]>
* Introduce query builder DSL * Add haddocks * Add CHANGELOG entry * Typo
* Remove references to non-existent note Note [ephemeral user sideeffect] was removed in commit: b0934a3 WPB-15801 GET and DELETE Registered Domains (#4438) * Make the `Wire.API.Team.Member.userId` lens more general * Minor refactor - make `!!!` definition easier to understand - extract `getProfile` * Add `searchable` field to data types * Add Elastic Search boolean field type * Add `POST /users/:uid/searchable` * Add Elastic Search indexing * Filter by searchable in Elastic Search * Filter by `searchable` in exact handle search * Test searchable field and contact search * Use common CQL splice for team member queries * Test /team/:tid/members?searchable=false * Add query param to Brig * Update services/brig/src/Brig/Provider/API.hs Co-authored-by: Akshay Mankar <[email protected]> * Update libs/wire-subsystems/src/Wire/UserSubsystem/Interpreter.hs Co-authored-by: Akshay Mankar <[email protected]> * Move test from brig to integration package * Partially revert "Minor refactor": inline getProfile back again This reverts commit 68b6c6e. * Minor refactor: use record syntax, deduplicate golden tests * Update libs/wire-api/src/Wire/API/Routes/Public/Brig.hs Co-authored-by: Leif Battermann <[email protected]> * Create all test users' presence in /teams/:tid/search * Add changelog entry * Wrap searchable POST body to JSON object * fix templates * Add seacrhable to golden tests * Implement searchable flag to MockInterpreters * second attempt at correct /team/:tid/search * Add test to check that legacy users are found --------- Co-authored-by: Akshay Mankar <[email protected]> Co-authored-by: Leif Battermann <[email protected]>
* chore: align kubectl images with available tags reaper now uses registry.k8s.io/kubectl:v1.32.9 (with the registry’s required v prefix) restund falls back to docker.io/bitnamilegacy/kubectl:1.24.12 since registry.k8s.io no longer ships that version * update kubectl image for restund - use registry.k8s.io for kubectl image with version v1.32.9 * update changelog.d * use bitnamilegacy kubectl which includes shell * restund also requires kubectl with shell access * update changelog.d text
zebot
added
the
ok-to-test
fisx
changed the title
fisx
approved these changes
Oct 21, 2025
Contributor
|
There's a |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
[2025-10-21] (Chart Release 5.23.0)
Release notes
Team user search role filter has been fixed and results now include each member's team role. Note: existing search index documents will only show roles after a reindex or when users get updated; newly created or updated users populate their role automatically. (WPB-19693 fix role filter in team search endpoint #4728)
Elasticsearch/OpenSearch mapping updated for team user search to support filtering by unverified email addresses. For the new filter
email=verified|unverifiedonGET /teams/{tid}/searchto work as intended, it is necessary to create a new index and re-index the data either by migrating to a new index or by recreating the index.Allow storing conversation data in postgres.
This is currently not the default and is experimental.
The migration path from Cassandra is yet to be programmed.
However, new installations can use this by configuring the wire-server helm
chart like this:
API changes
Stub endpoints for enterprise provisioning (only in V13) (WPB-19807 User Group and Channel API stubs #4743)
Finalize API Version V12, start new develop version V13. ([WPB-21259] Finalize API Version V12 #4817)
The blocked domains feature
(
optSettings.setCustomerExtensions.domainsBlockedForRegistration) is nowmore strict: It is not only forbidden to register users with these domains in
their email addresses, but also to change a user's email address to one of
these domains.
This affects the endpoints:
/register(as before)/activate/send/users/{uid}/email/i/self/email(internal endpoint)/access/self/email/i/teams/{tid}/invitations(internal endpoint)/teams/{tid}/invitations(disallow email change to blocked domain #4624)Features
Allow collaborator to be removed from a team. (WPB-18190: Add route to delete collaborator from team #4694)
Add PodDisruptionBudget for Backoffice (feat: add pdb to backoffice #4751)
Implement user-groups channels association (
/user-groups/{gid}/channels). (WPB-19712: Allow team admin to update the channels to user-group association #4783)Implement
channelsandchannelsCountinuser-groupsendpoints. (WPB-19713: ImplementchannelsandchannelsCountinuser-groupsendpoints #4776)Add
entreprise-provisioning, a CLI to batch provision various entities, currently, creates and associate channels to existing user-groups. (WPB-19716: Batch create Channels and Map them to User Groups #4790)Brig: Add optional
emailquery parameter toGET /teams/{tid}/search("browse-team"). (WPB-19730 add email verified unverified filter in team search endpoint #4774)Add feature flag for "simplified user connection requests" QR codes
(
simplifiedUserConnectionRequestQRCode). As it has been implicitly enabledbefore - there was no way to turn it off - it's enabled by default. (Simplified user connecting qr code feature flag #4763)
Added user group endpoints to nginz config (WPB-19933 Add nginz config for new user group endpoints #4744)
New endpoint to update the users of a user group (WPB-20003 update and replace user group members #4768)
Include total count in user group list/search responses (WPB-20183 Include total count in user group list/search responses #4773)
Allow updates of SCIM users by SCIM even if E2EID is enabled (WPB-20203 backend updating user attributes via SCIM should be possible when E2EID is enabled #4772)
Add global
AssetAuditLogfeature flag (WPB-20206 create a new feature flag asset audit log #4779)cargohold: add asset audit logging (WPB-20207 add audit logging and metadata storage to asset upload #4782, WPB-20208 Audit log on asset download #4784, WPB-20209 Forward IP address by federator #4787)
Add
searchablefield to users, users who have it set tofalsewon't be found by the public endpoint.Add
POST /users/:uid/searchableendpoint where team admin can change it for user.Add
/teams/:tid/search?searchable=false, where the query parameter makes it return only non-searchable users. (WPB-20214: Add member searchability #4786)Add user group ids to team member search result (WPB-20764 add user group ids to team member search result #4809)
Add endpoint for a team admin to get a new app cookie (Refresh app cookie #4769)
Introduce apps and the corresponding creation endpoint
POST /teams/:tid/apps. (Create apps table #4696)Add
stealthUsersfeature flag (Add stealth users feature flag #4803)Remove user from all user groups on deletion (Update user groups on user deletion #4781)
Add
typefield to user profiles. The possible values are "regular" for regular users, "bot" for services and "app" for apps. (Add a type field to users #4758)Bug fixes and other updates
The role filter of the team search is fixed (WPB-19693 fix role filter in team search endpoint #4728)
Changed Swagger data type
Pictfrom{}which is interpreted asstringto{"type":"object"}. Also, static Swagger specifications of earlier API versionshave been adapted. (add type to Pict data type in Swagger #4785)
Added nginz rules for missing endpoints (add nginz rules for missing endpoints #4808)
Documentation
add documentation on setting up federated calling (Wpb 20733 federation calling docs #4796)
Update multi-ingress deeplink documentation to have a better example (WPB-20718: update multi-ingress deeplink doc #4807)
Internal changes
Add a preStopHook to gundeck helm chart to avoid spurious 500s on gundeck restarts. (charts/gundeck: add prestop hook #4730)
Add
hls.jsonto.gitignore. It's only useful in specific editor setups. (ignore hls.json #4747)New make rule and python script for creating
/postgres-schema.sql. (not hooked into CI yet) (Make rule and python script for creating/postgres-schema.sql. #4760)Add postgres dynamic query builder (Introduce query builder DSL #4812)
charts/{redis-ephemeral,reaper}: switch away from non-working bitnami registry (charts/{redis-ephemeral,reaper}: switch away from non-working bitnami… #4792)
Update kubectl, restund, redis-cluster, and rabbitmq images to use bitnamilegacy registry (chore: update bitnami image registry for the charts required by offline bundle #4791)
Switch reaper and restund kubectl images to bitnamilegacy registry to ensure shell access compatibility (Align kubectl images with available tags #4801)