2021-12-10

This release includes changes from both the 2021-12-02 and 2021-12-10 versions, as 2021-12-02 was not properly released on GitHub.

Release notes

• Breaking change to the fake-aws-s3 (part of fake-aws) helm chart. We now use minio helm chart from https://charts.min.io. The options are documented here (#1944)

  Before running the upgrade, the operators must use kubectl edit deployment fake-aws-s3 and explicitly set spec.template.spec.containers[0].serviceAccount and spec.template.spec.containers[0].serviceAccountName to null. (#1944)

• Upgrade team-settings version to 4.3.0-v0.28.28-a2f11cf (#1856)

• Upgrade webapp version to 2021-12-02-production.0-v0.28.29-0-ec2fa00 (#1954)

• If you have selfDeletingMessages configured in galley.yaml, add lockStatus: unlocked. (#1963)

• Upgrade SFTD to 2.1.19. (#1983)

API changes

• A new endpoint is added to Brig (put /users/:uid/email) that allows a team owner to initiate changing/setting a user email by (re-)sending an activation email. (#1948)
• get team feature config for self deleting messages response includes lock status (#1963)
• A new public Galley endpoint was added to dis-/enable the conversation guest link feature. The feature can only be configured through the public API if the lock status is unlocked in the server config. (#1964)
• new internal endpoints for setting the lock status of self deleting messages (#1963)

Features

• By default install elasticsearch version 6.8.18 when using the elasticsearch-ephemeral chart (#1952)

• Use fluent-bit chart from fluent.github.io instead of deprecated charts.helm.sh. Previous fluent-bit values are not compatible with the new chart, the documentation for the new chart can be found here (#1952)

• Use kibana chart from helm.elastic.co instead of deprecated charts.helm.sh. Previous kibana values are not compatible with the new chart, the documentation for the new chart can be found here. This also upgrades kibana to version 6.8.18. (#1952)

• Use kube-prometheus-stack instead of prometheus-operator and update grafana dashboards for compatibility and add federation endpoints to relevant queries. (#1915)

• Add log format called 'StructuredJSON' for easier log aggregation (#1951)

• Team and server wide config for conversation guest link feature to configure feature status and lock status (#1964). If the feature is not configured on the server, the defaults will be:

    featureFlags:
      ...
      conversationGuestLinks:
        defaults:
          status: enabled
          lockStatus: unlocked

• Lock status for the self deleting messages feature can be set internally by ibis and customer support (#1963)

Bug fixes and other updates

• elasticsearch-ephemeral: Disable automatic creation of indices (#1949)

• Correctly detect log level when rendering logs as structured JSON (#1959)

Documentation

• Document the wire-server PR process better. (#1934)

• Remove documentation of unsupported scim end-point use case. (#1941)

• Document servant setup and combinators (#1933)

• Fix typo in swagger. (#1982)

• Proposal for API versioning system. (#1958)

• Update federation error documentation after changes to the federation API (#1956, #1975, #1978)

Internal changes

• Add in-memory interpreters for most Spar effects (#1920)

• Use minio helm chart in fake-aws-s3 from charts.min.io instead of helm.min.io, the latter seems to be down (#1944)

• Upgrade to polysemy-1.7.0.0
  (#1932)

• Replace Galley monad with polysemy's Sem throughout Galley (#1917)

• Separate VerdictFormatStore effect from AReqIdStore effect (#1925)

• Suspend/unsuspend teams in backoffice/stern. (#1977)

• Set request ID correctly in galley logs (#1967)

• Improve cabal make targets: faster installation and better support for building and testing all packages (#1979)

• sftd chart: add config key additionalArgs (#1972)

Federation changes

• The server-to-server API now uses HTTP2 directly instead of gRPC (#1930)

• Errors when leaving a conversation are now correctly handled instead of resulting in a generic federation error. (#1928)

• Add cargohold as a new federated component (#1973)

2021-11-15

Changes

Release notes

• In case you use a multi-datacentre cassandra setup (most likely you do not), be aware that now LOCAL_QUORUM is in use as a default. (#1884)
• Deploy galley before brig. (#1857)
• Upgrade webapp version to 2021-11-01-production.0-v0.28.29-0-d919633 (#1856)

API changes

• Remove locale from publicly facing user profiles (but not from the self profile) (#1888)

Features

• End-points for configuring self-deleting messages. (#1857)

Bug fixes and other updates

• Ensure that all endpoints have a correct handler in prometheus metrics (#1919)
• Push events when AppLock or SelfDeletingMessages config change. (#1901)

Documentation

• Federation: Document how to deploy local builds (#1880)

Internal changes

• Add a 'filterNodesByDatacentre' config option useful during cassandra DC migration (#1886)
• Add ormolu to the direnv, add a GH Action to ensure formatting (#1908)
• Turn placeholder access effects into actual Polysemy effects. (#1904)
• Fix a bug in the IdP.Mem interpreter, and added law tests for IdP (#1863)
• Introduce fine-grained error types and polysemy error effects in Galley. (#1907)
• Add polysemy store effects and split off Cassandra specific functionality from the Galley.Data module hierarchy. (#1890, #1906)
• Make golden-tests in wire-api package a separate test suite (for faster feedback loop during development). (#1926)
• Separate IdPRawMetadataStore effect from IdP effect (#1924)
• Test sending message to multiple remote domains (#1899)
• Use cabal to build wire-server (opt-in) (#1853)

Federation changes

• Close GRPC client after making a request to a federator. (#1865)
• Do not fail user deletion when a remote notification fails (#1912)
• Add a one-to-one conversation test in getting conversations in the federation API (#1899)
• Notify remote participants when a user leaves a conversation because they were deleted (#1891)

2021-10-29

Release notes

• Upgrade SFT to 2.1.15 (#1849)
• Upgrade team settings to Release: v4.2.0 and image tag: 4.2.0-v0.28.28-1e2ef7 (#1856)
• Upgrade Webapp to image tag: 20021-10-28-federation-m1 (#1856)

API changes

• Remove POST /list-conversations endpoint. (#1840)
• The member.self ID in conversation endpoints is qualified and available as
  "qualified_id". The old unqualified "id" is still available. (#1866)

Features

• Allow configuring nginz so it serve the deeplink for apps to discover the backend (#1889)
• SFT: allow using TURN discovery using 'turnDiscoveryEnabled' (#1519)

Bug fixes and other updates

• Fix an issue related to installing the SFT helm chart as a sub chart to the wire-server chart. (#1677)
• SAML columns (Issuer, NameID) in CSV files with team members. (#1828)

Internal changes

• Add a 'make flake-PATTERN' target to run a subset of tests multiple times to trigger a failure case in flaky tests (#1875)
• Avoid a flaky test to fail related to phone updates and improve failure output. (#1874)
• Brig: Delete deprecated GET /i/users/connections-status endpoint. (#1842)
• Replace shell.nix with direnv + nixpkgs.buildEnv based setup (#1876)
• Make connection DB functions work with Qualified IDs (#1819)
• Fix more Swagger validation errors. (#1841)
• Turn Galley into a polysemy monad stack. (#1881)
• Internal CI tooling improvement: decrease integration setup time by using helmfile. (#1805)
• Depend on hs-certificate master instead of our fork (#1822)
• Add internal endpoint to insert or update a 1-1 conversation. This is to be used by brig when updating the status of a connection. (#1825)
• Update helm to 3.6.3 in developer tooling (nix-shell) (#1862)
• Improve the Qualified abstraction and make local/remote tagging safer (#1839)
• Add some new Spar effects, completely isolating us from saml2-web-sso interface (#1827)
• Convert legacy POST conversations/:cnv/members endpoint to Servant (#1838)
• Simplify mock federator interface by removing unnecessary arguments. (#1870)
• Replace the Spar newtype, instead using Sem directly. (#1833)

Federation changes

• Remove remote guests as well as local ones when "Guests and services" is disabled in a group conversation, and propagate removal to remote members. (#1854)
• Check connections when adding remote users to a local conversation and local users to remote conversations. (#1842)
• Check connections when creating group and team conversations with remote members. (#1870)
• Server certificates without the "serverAuth" extended usage flag are now rejected when connecting to a remote federator. (#1855)
• Close GRPC client after making a request to a remote federator. (#1865)
• Support deleting conversations with federated users (#1861)
• Ensure that the conversation creator is included only once in notifications sent to remote users (#1879)
• Allow connecting to remote users. One to one conversations are not created yet. (#1824)
• Make federator's default log level Info (#1882)
• The creator of a conversation now appears as a member when the conversation is fetched from a remote backend (#1842)
• Include remote connections in the response to POST /list-connections (#1826)
• When a user gets deleted, notify remotes about conversations and connections in chunks of 1000 (#1872, #1883)
• Make federated requests to multiple backends in parallel. (#1860)
• Make conversation ID of RemoteConversation unqualified and move it out of the metadata record. (#1839)
• Make the conversation creator field in the on-conversation-created RPC unqualified. (#1858)
• Update One2One conversation when connection status changes (#1850)

2021-10-01

Release notes

• Deploy brig before galley (#1811, #1818)
• The conference call initiation feature can now be configured for personal accounts in brig.yaml. enabled is the default and the previous behavior. If you want to change that, read /docs/reference/config-options.md#conference-calling-1 (#1811, #1818)
• Only if you are an early adopter of multi-team IdP issuers on release 2021-09-14: note that the query parameter for IdP creation has changed. This only affects future calls to this one end-point. (#1763)
• For wire.com cloud operators: reminder to also deploy nginz. (No special action needed for on-premise operators) (#1773)

API changes

• Add endpoint POST /connections/:domain/:userId to create a connection (#1773)
• Deprecate PUT /conversations/:cnv/access endpoint (#1807)
• Deprecate PUT /conversations/:cnv/message-timer endpoint (#1780)
• Deprecate PUT /conversations/:cnv/members/:usr endpoint (#1784)
• Deprecate PUT /conversations/:cnv/receipt-mode endpoint (#1797)
• Add endpoint GET /connections/:domain/:userId to get a single connection (#1773)
• Add POST /list-connections endpoint to get connections (#1773)
• Add qualified endpoint for updating conversation access (#1807)
• Add qualified endpoint for updating message timer (#1780)
• Add qualified endpoint for updating conversation members (#1784)
• Add qualified endpoint for updating receipt mode (#1797)
• Add endpoint PUT /connections/:domain/:userId to update a connection (#1773)

Features

• Helm charts to deploy ldap-scim-bridge (#1709)
• Per-account configuration of conference call initiation (details: /docs/reference/config-options.md#conference-calling-1) (#1811, #1818)

Bug fixes and other updates

• An attempt to create a 3rd IdP with the same issuer was triggering an exception. (#1763)
• When a user was auto-provisioned into two teams under the same pair of Issuer and NameID, they where directed into the wrong team, and not rejected. (#1763)

Documentation

• Expand documentation of conversations/list-ids endpoint (#1779)
• Add documentation of the multi-table paging abstraction (#1803)
• Document how to use IdP issuers for multiple teams (#1763)
• All named Swagger schemas are now displayed in the Swagger UI (#1802)

Internal changes

• Abstract out multi-table-pagination used in list conversation-ids endpoint (#1788)
• Testing: rewrite monadic to applicative style generators (#1782)
• Add a test checking that creating conversations of exactly the size limit is allowed (#1820)
• Rewrite the DELETE /self endpoint to Servant (#1771)
• Fix conversation generator in mapping test (#1778)
• Polysemize spar (#1806, #1787, #1793, #1814, #1792, #1781, #1786, #1810, #1816, #1815)
• Refactored a few functions dealing with conversation updates, in an attempt to
  make the conversation update code paths more uniform, and also reduce special
  cases for local and remote objects. (#1801)
• Merged http2-client fixes as mentioned in the comments of #1703 (#1809)
• Some executables now have a runtime dependency on ncurses (#1791)
• Minor changes around SAML and multi-team Issuers.
  • Change query param to not contain -, but _. (This is considered an internal change because the feature has been release in the last release, but only been documented in this one.)
  • Haddocks.
  • Simplify code.
  • Remove unnecessary calls to cassandra. (#1763)
• Clean up JSON Golden Tests (Part 6) (#1769)
• Remove explicit instantiations of ErrorDescription (#1794)
• Remove one flaky integration test about ordering of search results (#1798)
• Report all failures in JSON golden tests in a group at once (#1746)
• Convert the PUT /conversations/:cnv/access endpoint to Servant (#1807)
• Move /connections/* endpoints to Servant (#1770)
• Servantify Galley's DELETE /i/user endpoint (#1772)
• Convert the PUT /conversations/:cnv/message-timer endpoint to Servant (#1780)
• Convert the PUT /conversations/:cnv/members/:usr endpoint to Servant (#1796)
• Convert the PUT /conversations/:cnv/receipt-mode endpoint to Servant (#1797)
• Expose wire.com internal EJDP process to backoffice/stern. (#1831)
• Update configurable boolean team feature list in backoffice/stern. (#1829)
• Handle upper/lower case more consistently in scim and rich-info data. (#1754)

Federation changes

• Add value for verification depth of client certificates in federator ingress (#1812)
• Document federation API conventions and align already existing APIs (#1765)
• Notify remote users when a conversation access settings are updated (#1808)
• Notify remote users when a conversation member role is updated (#1785)
• Notify remote users when a conversation message timer is updated (#1783)
• Notify remote users when a conversation is renamed (#1767)
• Make sure that only users that are actually part of a conversation get notified about updates in the conversation metadata (#1767)
• Notify remote users when a conversation receipt mode is updated (#1801)
• Implement updates to remote members (#1785)
• Make conversation ID of the on-conversation-created RPC unqualified (#1766)
• 4 endpoints for create/update/get/list connections designed for remote users in mind. So far, the implementation only works for local users (actual implementation will come as a follow-up) (#1773)
• The returned connection object now has a qualified_to field with the domain of the (potentially remote) user. (#1773)
• Add migration for remote connection table (#1789)
• Remove a user from remote conversations upon deleting their account (#1790)
• Remove elasticsearch specific details from the search endpoint (#1768)
• Added support for updating self member status of remote conversations (#1753)

2021-09-14

API changes

• Remove the long-deprecated message field in POST /connections (#1726)
• Add PUT /conversations/:domain/:cnv/name (#1737)
• Deprecate PUT /conversations/:cnv/name (#1737)
• Add GET & PUT /conversations/:domain/:cnv/self (#1740)
• Deprecate GET & PUT /conversations/:cnv/self (#1740)
• Remove endpoint GET /conversations/:domain/:cnv/self (#1752)
• The otr_muted field in Member and MemberUpdate has been removed. (#1751)
• Removed the ability to update one's own role (#1752)

Features

• Disallow changing phone number to a black listed phone number (#1758)
• Support using a single IDP with a single EntityID (aka issuer ID) to set up two teams. Sets up a migration, and makes teamID + EntityID unique, rather than relying on EntityID to be unique. Required to support multiple teams in environments where the IDP software cannot present anything but one EntityID (E.G.: DualShield). (#1755)

Documentation

• Added documentation of federation errors (#1674)
• Better swagger schema for the Range type (#1748)
• Add better example for Domain in swagger (#1748)

Internal changes

• Introduce new process for writing changelogs (#1749)
• Clean up JSON golden tests (Part 4, Part 5) (#1756, #1762)
• Increased timeout on certificate update tests to 10s (#1750)
• Fix for flaky test in spar (#1760)
• Rewrite the POST /connections endpoint to Servant (#1726)
• Various improvements and fixes around SAML/SCIM (#1735)

Federation changes

• Avoid remote calls to get conversation when it is not found locally (#1749)
• Federator CA store and client credentials are now automatically reloaded (#1730)
• Ensure clients only receive messages meant for them in remote convs (#1739)

2021-09-08

Release Notes

API Changes

• Add POST /conversations/list/v2 (#1703)
• Deprecate POST /list-conversations (#1703)

Features

• Bump SFTD to 2.0.127 (#1745)

Bug fixes and other updates

• Remove support for managed conversations in member removal (#1718)
• Update the webapp to correct labeling on CBR calling (#1743)

Documentation

• Document backend internals for user connections (#1717)
• Open Update spar braindump and explain idp deletion (#1728)

Internal changes

• Integration test script does not display the output interactively (#1742)
• Clean up JSON golden tests (#1729, #1732, #1733)
• Make regenerated golden tests' JSON output deterministic (#1734)
• Import fix for snappy linker issue (#1736)

Federation changes

• Refactored remote error handling in federator (#1681)
• The update conversation membership federation endpoint takes OriginDomainHeader (#1719)
• Added new endpoint to allow fetching conversation metadata by qualified ids (#1703)

Release 2021 08 27

Release Notes

API Changes

• Deprecate DELETE /conversations/:cnv/members/:usr (#1697)
• Add DELETE /conversations/:cnv/members/:domain/:usr (#1697)

Features

Bug fixes and other updates

• Fix case sensitivity in schema parser in hscim library (#1714)
• [helm charts] resolve a rate-limiting issue when using certificate-manager alongside wire-server and nginx-ingress-services helm charts (#1715)

Documentation

• Improve Swagger for DELETE /conversations/:cnv/members/:usr (#1697)

Internal changes

• Integration test script now displays output interactively (#1700)
• Fixed a few issues with error response documentation in Swagger (#1707)
• Make mapping between (team) permissions and roles more lenient (#1711)
• The DELETE /conversations/:cnv/members/:usr endpoint rewritten to Servant (#1697)
• Remove leftover auto-connect internal endpoint and code (#1716)
• Bump wire-webapp (#1720)
• Bump team-settings (#1721)
• Bump account-pages (#1666)

Federation changes

• Added client certificate support for server to server authentication (#1682)
• Implemented full server-to-server authentication (#1687)
• Add an endpoint for removing a qualified user from a local conversation (#1697)

2021-08-16

Release Notes

This is a routine release requiring only the routine upgrade steps.

API Changes

• Add POST /conversations/list-ids (#1686)
• Deprecate GET /converstations/ids (#1686)

Features

• Client functions for the hscim library (#1694, #1699, #1702, https://hackage.haskell.org/package/hscim)

Bug fixes and other updates

• Change http response code for missing-legalhold-consent. (#1688)
• Remove old end-point for changing email

Federation changes (alpha feature, do not use yet)

• Add new API to list paginated qualified conversation ids (#1686)

Documentation

• Fix swagger: mark name in UserUpdate as optional (#1691, #1692)

Internal changes

• Replaced uses of UVerb and EmptyResult with MultiVerb (#1693)
• Added a mechanism to derive AsUnion instances automatically (#1693)
• Integration test coverage (#1696, #1704)

2021-08-02

Release Notes

If you want to set the default for file sharing in all teams to disabled, search for "File Sharing" in https://github.com/wireapp/wire-server/tree/develop/docs/reference/config-options.md.

Release Notes for Wire.com Cloud operators

Upgrade nginz (#1658)

API Changes

Features

• A new team feature for classified domains is available (#1626):
  • a public endpoint is at GET /teams/:tid/features/classifiedDomains
  • an internal endpoint is at GET /i/teams/:tid/features/classifiedDomains
• Extend feature config API (#1658)
• fileSharing feature config (#1652, #1654, #1655)
• conferenceCalling feature flag (#1683)
• Add user_id to csv export (#1663)

Bug fixes and other updates

• New, hardened end-point for changing email (68b4db0)
• Fix: CSV export is missing SCIM external id when SAML is also used (#1608)
• Fix: sso_id field in user record (brig) was not always filled correctly in cassandra (#1334)

Documentation

• Improved Swagger documentation for endpoints with multiple responses (#1649, #1645)

Internal changes

• Improvements to local integration test setup when using buildah and kind (#1667)
• The servant-swagger dependency now points to the current upstream master (#1656)
• Improved error handling middleware (#1671)
• Refactor function createUser for readability (#1670)
• Removed explicit implementation for user HEAD endpoints (#1679)
• Improved test coverage for error responses (#1680)
• Introduced MultiVerb endpoints in Servant API (#1649).

Federation changes (alpha feature, do not use yet)

• Validate server TLS certificate between federators (#1662)
• A clarification is added about listing your own domain as a classified domain (#1678)
• Added a QualifiedCapture type to Servant for qualified paths (#1669)
• Renamed DomainHeader type to OriginDomainHeader (#1689)
• Added golden tests for protobuf serialisation / deserialisation (#1644).

2021-07-09

Release Notes

This release requires a manual change in your galley configuration: settings.conversationCodeURI in galley.yaml was had to be set to ${WEBAPP}/join before this release, and must be set to ${ACCOUNTS}/conversation-join from now on, where ${WEBAPP} is the url to the webapp and ${ACCOUNTS} is the url to the account pages.

API Changes

• Several public team feature endpoints are removed (their internal and
  Stern-based counterparts remain available):
  • PUT /teams/:tid/features/sso
  • PUT /teams/:tid/features/validateSAMLemails
  • PUT /teams/:tid/features/digitalSignatures
• All endpoints that fetch conversation details now also include a new key
  qualified_id for a qualified conversation ID (#1640)
• New endpoint POST /list-conversations similar to GET /conversations, but which will also return your own remote conversations (if federation is enabled). (#1591)

Features

• Change settings.conversationCodeURI in galley.yaml (#1643).
• [Federation] RPC to propagate messages to other backends (#1596).
• [Federation] Fetch remote user's clients when sending messages (#1635).
• [Federation] Actually propagate messages to other backends (#1638).
• [Federation] Support sending messages to remote conversations (#1609).
• [Federation] Guard against path traversal attacks (#1646).

Internal changes

• Feature endpoints are rewritten in Servant (#1642).
• Internal federation endpoints using the publicly-facing conversation data type
  now also include a qualified conversation ID under the qualified_id key
  (#1640)
• schema-profunctor: add optField combinator and corresponding documentation (#1621, #1624).
• [Federation] Let a receiving backend decide conversation attribute specifics of its users
  added to a new conversation via POST /federation/register-conversation (#1622).
• [Federation] Adjust scripts under ./hack/federation to work with recent changes to the federation API (#1632).
• Refactored Proteus endpoint to work with qualified users (#1634).
• Refactored Federator InternalServer (#1637)

Internal Federation API changes

• Breaking change on InwardResponse and OutwardResponse in router.proto for improved error handling (#1637)
  • Note: federation should not be in use anywhere yet, so this should not have any impact

Documentation

• Fix validation errors in Swagger documentation (#1625).

Bug fixes and other updates

• Restore old behaviour for parse errors in request bodies (#1628, #1629).
• Allow to change IdP Issuer name to previous name (#1615).