Releases: cs3org/reva
v2.24.0
Changelog for reva 2.24.0 (2024-09-09)
The following sections list the changes in reva 2.24.0 relevant to
reva users. The changes are ordered by importance.
Summary
- Fix #4820: Fix response code when upload a file over locked
- Fix #4837: Fix OCM userid encoding
- Fix #4823: Return etag for ocm shares
- Fix #4822: Allow listing directory trash items by key
- Enh #4816: Ignore resharing requests
- Enh #4817: Added a new role space editor without versions
- Enh #4829: Added a new roles viewer/editor with ListGrants
- Enh #4828: New event: UserSignedIn
- Enh #4836: Publish an event when an OCM invite is generated
Details
- Bugfix #4820: Fix response code when upload a file over locked
We fixed a bug where the response code was incorrect when uploading a file over a locked file.
- Bugfix #4837: Fix OCM userid encoding
We now base64 encode the remote userid and provider as the local federated user id. This allows
us to always differentiate them from local users and unpack the encoded user id and provider
when making requests to the remote ocm provider.
owncloud/ocis#9927
#4837
#4833
- Bugfix #4823: Return etag for ocm shares
The ocm remote storage now passes on the etag returned in the PROPFIND response.
- Bugfix #4822: Allow listing directory trash items by key
The storageprovider now passes on the key without inventing a / as the relative path when it
was not present at the end of the key. This allows differentiating requests that want to get the
trash item of a folder itself (where the relative path is empty) or listing the children of a
folder in the trash (where the relative path at least starts with a /).
We also fixed the /dav/spaces endpoint to not invent a / at the end of URLs to allow clients to
actually make these different requests.
As a byproduct we now return the size of trashed items.
- Enhancement #4816: Ignore resharing requests
We now ignore resharing permissions. Instead of returning BadRequest we just reduce the
permissions.
- Enhancement #4817: Added a new role space editor without versions
We add a new role space editor without list and restore version permissions.
- Enhancement #4829: Added a new roles viewer/editor with ListGrants
We add a new roles space viewer/editor with ListGrants permissions.
- Enhancement #4828: New event: UserSignedIn
There is a new Event that cam be triggered when a user signs in
- Enhancement #4836: Publish an event when an OCM invite is generated
The ocm generate-invite endpoint now publishes an event whenever an invitation is requested
and generated. This event can be subscribed to by other services to react to the generated
invitation.
v2.23.0
Changelog for reva 2.23.0 (2024-08-19)
The following sections list the changes in reva 2.23.0 relevant to
reva users. The changes are ordered by importance.
Summary
- Fix #4802: Block overwriting mountpoints
- Fix #4782: Fixed the response code when copying from a share to a personal space
- Fix #4805: Fix creating spaces
- Fix #4651: Fix deleting space shares
- Fix #4808: Fixed bugs in the owncloudsql storage driver
- Enh #4772: Allow configuring grpc max connection age
- Enh #4784: Bump tusd to v2
- Enh #4478: Hellofs
- Enh #4744: Respect service transport
- Enh #4812: Concurrent stat requests when listing shares
- Enh #4798: Update go-ldap to v3.4.8
Details
- Bugfix #4802: Block overwriting mountpoints
This blocks overwriting mountpoints through the webdav COPY api. It is now returning a bad
request when attempting to overwrite a mountpoint.
- Bugfix #4782: Fixed the response code when copying from a share to a personal space
We fixed the response code when copying a file from a share to a personal space with a secure view
role.
- Bugfix #4805: Fix creating spaces
We fixed a problem where it wasn't possible to create new spaces when running on a non-writable
working directory.
- Bugfix #4651: Fix deleting space shares
We no longer check if a share is an ocm sharee if listng ocm shares has been disabled anyway. This
allows unsharing space shares.
- Bugfix #4808: Fixed bugs in the owncloudsql storage driver
- Enhancement #4772: Allow configuring grpc max connection age
We added a GRPC_MAX_CONNECTION_AGE env var that allows limiting the lifespan of connections.
A closed connection triggers grpc clients to do a new DNS lookup to pick up new IPs.
- Enhancement #4784: Bump tusd to v2
Bump tusd pkg to v2.4.0
- Enhancement #4478: Hellofs
We added a minimal hello world filesystem as an example for a read only storage driver.
- Enhancement #4744: Respect service transport
The service registry now takes into account the service transport when creating grpc clients.
This allows using dns, unix and kubernetes as the protocol in addition to tcp. dns
will turn the gRPC client into a Thick
Client that can look up
multiple endpoints via DNS. kubernetes will use
github.com/sercand/kuberesolver to
connect to the kubernetes API and pick up service changes. Furthermore, we enabled round robin
load balancing for the default transparent retry configuration of
gRPC.
- Enhancement #4812: Concurrent stat requests when listing shares
The sharesstorageprovider now concurrently stats the accepted shares when listing the share
jail. The default number of 5 workers can be changed by setting the max_concurrency value in
the config map.
- Enhancement #4798: Update go-ldap to v3.4.8
Update go-ldap/ldap/v3 to the latest upstream release to include the latest bugfixes and
enhancements.
v2.22.0
Changelog for reva 2.22.0 (2024-07-29)
The following sections list the changes in reva 2.22.0 relevant to
reva users. The changes are ordered by importance.
Summary
- Fix #4741: Always find unique providers
- Fix #4762: Blanks in dav Content-Disposition header
- Fix #4775: Fixed the response code when copying the shared from to personal
- Fix #4633: Allow all users to create internal links
- Fix #4771: Deleting resources via their id
- Fix #4768: Fixed the file name validation if nodeid is used
- Fix #4758: Fix moving locked files, enable handling locked files via ocdav
- Fix #4774: Fix micro ocdav service init and registration
- Fix #4776: Fix response code for DEL file that in postprocessing
- Fix #4746: Uploading the same file multiple times leads to orphaned blobs
- Fix #4778: Zero byte uploads
- Chg #4759: Updated to the latest version of the go-cs3apis
- Chg #4773: Ocis bumped
- Enh #4766: Set archiver output format via query parameter
- Enh #4763: Improve posixfs storage driver
Details
- Bugfix #4741: Always find unique providers
The gateway will now always try to find a single unique provider. It has stopped aggregating
multiple ListContainer responses when we removed any business logic from it.
- Bugfix #4762: Blanks in dav Content-Disposition header
We've fixed the encoding of blanks in the dav Content-Disposition header.
- Bugfix #4775: Fixed the response code when copying the shared from to personal
We fixed the response code when copying the file from shares to personal space with a secure view
role.
- Bugfix #4633: Allow all users to create internal links
Due to a bug, not all space members were allowed to create internal links. This has been fixed.
- Bugfix #4771: Deleting resources via their id
We fixed a bug where deleting resources by using their id via the /dav/spaces/ endpoint would
not work.
- Bugfix #4768: Fixed the file name validation if nodeid is used
We have fixed the file name validation if nodeid is used
- Bugfix #4758: Fix moving locked files, enable handling locked files via ocdav
We fixed a problem when trying to move locked files. We also enabled the ocdav service to handle
locked files.
- Bugfix #4774: Fix micro ocdav service init and registration
We no longer call Init to configure default options because it was replacing the existing
options.
- Bugfix #4776: Fix response code for DEL file that in postprocessing
We fixed the response code when DELETE and MOVE requests to the file that is still in
post-processing.
- Bugfix #4746: Uploading the same file multiple times leads to orphaned blobs
Fixed a bug where multiple uploads of the same file would lead to orphaned blobs in the
blobstore. These orphaned blobs will now be deleted.
- Bugfix #4778: Zero byte uploads
Zero byte uploads would trigger postprocessing which lead to breaking pipelines.
- Change #4759: Updated to the latest version of the go-cs3apis
The go-cs3apis dependency was updated to the latest version
- Change #4773: Ocis bumped
Ocis bumped. The expected failures removed.
- Enhancement #4766: Set archiver output format via query parameter
Sets the archive output format e.G "tar" via the url query parameter "output-format",
possible params are "zip" and "tar", falls back to "zip".
owncloud/ocis#9399
owncloud/web#11080
#4766
- Enhancement #4763: Improve posixfs storage driver
Improve the posixfs storage driver by fixing several issues and corner cases.
v2.21.0
Changelog for reva 2.21.0 (2024-07-08)
The following sections list the changes in reva 2.21.0 relevant to
reva users. The changes are ordered by importance.
Summary
- Fix #4740: Disallow reserved filenames
- Fix #4748: Quotes in dav Content-Disposition header
- Fix #4750: Validate a space path
- Enh #4737: Add the backchannel logout event
- Enh #4749: DAV error codes
- Enh #4742: Expose disable-versioning configuration option
- Enh #4739: Improve posixfs storage driver
- Enh #4738: Add GetServiceUserToken() method to utils pkg
Details
- Bugfix #4740: Disallow reserved filenames
We now disallow the reserved .. and . filenames. They are only allowed as destinations of
move or copy operations.
- Bugfix #4748: Quotes in dav Content-Disposition header
We've fixed the the quotes in the dav Content-Disposition header. They caused an issue where
certain browsers would decode the quotes and falsely prepend them to the filename.
- Bugfix #4750: Validate a space path
We've fixed the issue when validating a space path
- Enhancement #4737: Add the backchannel logout event
We've added the backchannel logout event
- Enhancement #4749: DAV error codes
DAV error responses now include an error code for clients to use if they need to check for a
specific error type.
- Enhancement #4742: Expose disable-versioning configuration option
This PR exposes the disable-versioning configuration option to the user. This option allows
the user to disable versioning for the storage-providers.
- Enhancement #4739: Improve posixfs storage driver
Improve the posixfs storage driver by fixing several issues and adding missing features.
- Enhancement #4738: Add GetServiceUserToken() method to utils pkg
Added GetServiceUserToken() function to the utils pkg to easily get a reva token for a service
account.
v2.20.0
Changelog for reva 2.20.0 (2024-06-19)
The following sections list the changes in reva 2.20.0 relevant to
reva users. The changes are ordered by importance.
Summary
- Fix #4623: Consistently use spaceid and nodeid in logs
- Fix #4584: Prevent copying a file to a parent folder
- Fix #4700: Clean empty trash node path on delete
- Fix #4567: Fix error message in authprovider if user is not found
- Fix #4615: Write blob based on session id
- Fix #4557: Fix ceph build
- Fix #4711: Duplicate headers in DAV responses
- Fix #4568: Fix sharing invite on virtual drive
- Fix #4559: Fix graph drive invite
- Fix #4593: Make initiatorIDs also work on uploads
- Fix #4608: Use gateway selector in jsoncs3
- Fix #4546: Fix the mount points naming
- Fix #4678: Fix nats encoding
- Fix #4630: Fix ocm-share-id
- Fix #4518: Fix an error when lock/unlock a file
- Fix #4622: Fix public share update
- Fix #4566: Fix public link previews
- Fix #4589: Fix uploading via a public link
- Fix #4660: Fix creating documents in nested folders of public shares
- Fix #4635: Fix nil pointer when removing groups from space
- Fix #4709: Fix share update
- Fix #4661: Fix space share update for ocs
- Fix #4656: Fix space share update
- Fix #4561: Fix Stat() by Path on re-created resource
- Fix #4710: Tolerate missing user space index
- Fix #4632: Fix access to files withing a public link targeting a space root
- Fix #4603: Mask user email in output
- Chg #4542: Drop unused service spanning stat cache
- Enh #4712: Add the error translation to the utils
- Enh #4696: Add List method to ocis and s3ng blobstore
- Enh #4693: Add mimetype for sb3 files
- Enh #4699: Add a Path method to blobstore
- Enh #4695: Add photo and image props
- Enh #4706: Add secureview flag when listing apps via http
- Enh #4585: Move more consistency checks to the usershare API
- Enh #4702: Added theme capability
- Enh #4672: Add virus filter to list uploads sessions
- Enh #4614: Bump mockery to v2.40.2
- Enh #4621: Use a memory cache for the personal space creation cache
- Enh #4556: Allow tracing requests by giving util functions a context
- Enh #4694: Expose SecureView in WebDAV permissions
- Enh #4652: Better error codes when removing a space member
- Enh #4725: Unique share mountpoint name
- Enh #4689: Extend service account permissions
- Enh #4545: Extend service account permissions
- Enh #4581: Make decomposedfs more extensible
- Enh #4564: Send file locked/unlocked events
- Enh #4730: Improve posixfs storage driver
- Enh #4587: Allow passing a initiator id
- Enh #4645: Add ItemID to LinkRemoved
- Enh #4686: Mint view only token for open in app requests
- Enh #4606: Remove resharing
- Enh #4643: Secure viewer share role
- Enh #4631: Add space-share-updated event
- Enh #4685: Support t and x in ACEs
- Enh #4625: Test async processing cornercases
- Enh #4653: Allow to resolve public shares without the ocs tokeninfo endpoint
- Enh #4657: Add ScanData to Uploadsession
Details
- Bugfix #4623: Consistently use spaceid and nodeid in logs
Sometimes we tried to log a node which led to a JSON recursion error because it contains a
reference to the space root, which references itself. We now always log spaceid and
nodeid.
- Bugfix #4584: Prevent copying a file to a parent folder
When copying a file to its parent folder, the file would be copied onto the parent folder, moving
the original folder to the trash-bin.
owncloud/ocis#1230
#4584
#4582
#4571
- Bugfix #4700: Clean empty trash node path on delete
We now delete empty directories in the trash when an item is purged or restored. This prevents
old empty directories from slowing down the globbing of trash items.
- Bugfix #4567: Fix error message in authprovider if user is not found
- Bugfix #4615: Write blob based on session id
Decomposedfs now uses the session id and size when moving an uplode to the blobstore. This fixes
a cornercase that prevents an upload session from correctly being finished when another
upload session to the file was started and already finished.
- Bugfix #4557: Fix ceph build
- Bugfix #4711: Duplicate headers in DAV responses
We fixed an issue where the DAV response headers were duplicated. This was caused by the WebDav
handler which copied over all headers from the datagateways response. Now, only the relevant
headers are copied over to the DAV response to prevent duplication.
- Bugfix #4568: Fix sharing invite on virtual drive
We fixed the issue when sharing of virtual drive with other users was allowed
- Bugfix #4559: Fix graph drive invite
We fixed the issue when sharing of personal drive is allowed via graph
- Bugfix #4593: Make initiatorIDs also work on uploads
One needs to pass them on initateupload already.
- Bugfix #4608: Use gateway selector in jsoncs3
The jsoncs3 user share manager now uses the gateway selector to get a fresh client before making
requests and uses the configured logger from the context.
- Bugfix #4546: Fix the mount points naming
We fixed a bug that caused inconsistent naming when multiple users share the resource with same
name to another user.
- Bugfix #4678: Fix nats encoding
Encode nats-js-kv keys. This got lost by a dependency bump.
- Bugfix #4630: Fix ocm-share-id
We now use the share id to correctly identify ocm shares.
- Bugfix #4518: Fix an error when lock/unlock a file
We fixed a bug when anonymous user with viewer role in public link of a folder can lock/unlock a
file inside it
- Bugfix #4622: Fix public share update
We fixed the permission check for updating public shares. When updating the permissions of a
public share while not providing a password, the check must be against the new permissions to
take into account that users can opt out only for view permissions.
- Bugfix #4566: Fix public link previews
Fixes previews for public links
- Bugfix #4589: Fix uploading via a public link
Fix http error when uploading via a public link
- Bugfix #4660: Fix creating documents in nested folders of public shares
We fixed a bug that prevented creating new documented in a nested folder of a public share.
- Bugfix #4635: Fix nil pointer when removing groups from space
We fixed the nil pointer when removing groups from space via graph
- Bugfix #4709: Fix share update
We fixed the response code when the role/permission is empty on the share update
- Bugfix #4661: Fix space share update for ocs
We fixed the space share update for ocs.
- Bugfix #4656: Fix space share update
We fixed the permission check for updating the space shares when update an expirationDateTime
only.
- Bugfix #4561: Fix Stat() by Path on re-created resource
We fixed bug that caused Stat Requests using a Path reference to a mount point in the sharejail to
not resolve correctly, when a share using the same mount point to an already deleted resource
was still existing.
- Bugfix #4710: Tolerate missing user space index
We fixed a bug where the spaces for a user were not listed if the user had no space index by user.
This happens when a user has the role "User Light" and has been invited to a project space via a
group.
- Bugfix #4632: Fix access to files withing a public link targeting a space root
We fixed an issue that prevented users from opening documents within a public share that
targets a space root.
- Bugfix #4603: Mask user email in output
We have fixed a bug where the user email was not masked in the output and the user emails could be
enumerated through the sharee search.
- Change #4542: Drop unused service spanning stat cache
We removed the stat cache shared between gateway and storage providers. It is constantly
invalidated and needs a different approach.
v2.19.7
Changelog for reva 2.19.7 (2024-05-13)
The following sections list the changes in reva 2.19.7 relevant to
reva users. The changes are ordered by importance.
Summary
- Enh #4673: Add virus filter to list uploads sessions
Details
- Enhancement #4673: Add virus filter to list uploads sessions
Adds a filter for filtering for infected uploads
v2.19.6
Changelog for reva 2.19.6 (2024-04-29)
The following sections list the changes in reva 2.19.6 relevant to
reva users. The changes are ordered by importance.
Summary
- Fix #4654: Write blob based on session id
- Fix #4666: Fix uploading via a public link
- Fix #4665: Fix creating documents in nested folders of public shares
- Enh #4655: Bump mockery to v2.40.2
- Enh #4664: Add ScanData to Uploadsession
Details
- Bugfix #4654: Write blob based on session id
Decomposedfs now uses the session id and size when moving an uplode to the blobstore. This fixes
a cornercase that prevents an upload session from correctly being finished when another
upload session to the file was started and already finished.
- Bugfix #4666: Fix uploading via a public link
Fix http error when uploading via a public link
owncloud/ocis#8699
#4666
#4589
- Bugfix #4665: Fix creating documents in nested folders of public shares
We fixed a bug that prevented creating new documented in a nested folder of a public share.
owncloud/ocis#8957
#4665
#4660
- Enhancement #4655: Bump mockery to v2.40.2
We switched to the latest mockery and changed to .mockery.yaml based mock generation.
- Enhancement #4664: Add ScanData to Uploadsession
Adds virus scan results to the upload session.
v2.19.5
Changelog for reva 2.19.5 (2024-04-17)
The following sections list the changes in reva 2.19.5 relevant to
reva users. The changes are ordered by importance.
Summary
- Fix #4626: Fix public share update
- Fix #4634: Fix access to files withing a public link targeting a space root
Details
- Bugfix #4626: Fix public share update
We fixed the permission check for updating public shares. When updating the permissions of a
public share while not providing a password, the check must be against the new permissions to
take into account that users can opt out only for view permissions.
- Bugfix #4634: Fix access to files withing a public link targeting a space root
We fixed an issue that prevented users from opening documents within a public share that
targets a space root.
v2.19.3
Changelog for reva 2.19.3 (2024-04-04)
The following sections list the changes in reva 2.19.3 relevant to
reva users. The changes are ordered by importance.
Summary
- Fix #4607: Mask user email in output
Details
- Bugfix #4607: Mask user email in output
We have fixed a bug where the user email was not masked in the output and the user emails could be
enumerated through the sharee search.
v2.16.4
Changelog for reva 2.16.4 (2024-03-22)
The following sections list the changes in reva 2.16.4 relevant to
reva users. The changes are ordered by importance.
Summary
- Fix #4398: Fix ceph build
- Fix #4396: Allow an empty credentials chain in the auth middleware
- Fix #4423: Fix disconnected traces
- Fix #4590: Fix uploading via a public link
- Fix #4470: Keep failed processing status
- Enh #4397: Introduce UploadSessionLister interface
Details
- Bugfix #4398: Fix ceph build
Fix ceph build as already fixed in edge
- Bugfix #4396: Allow an empty credentials chain in the auth middleware
When running with ocis, all external http-authentication is handled by the proxy service. So
the reva auth middleware should not try to do any basic or bearer auth.
owncloud/ocis#6692
#4396
#4241
- Bugfix #4423: Fix disconnected traces
We fixed a problem where the appctx logger was using a new traceid instead of picking up the one
from the trace parent.
- Bugfix #4590: Fix uploading via a public link
Fix http error when uploading via a public link
owncloud/ocis#8658
owncloud/ocis#8629
#4590
- Bugfix #4470: Keep failed processing status
We now keep the postprocessing status when a blob could not be copied to the blobstore.
- Enhancement #4397: Introduce UploadSessionLister interface
We introduced a new UploadSessionLister interface that allows better control of upload
sessions. Upload sessions include the processing state and can be used to filter and purge the
list of currently ongoing upload sessions.