Merge pull request #4020 from wireapp/release_2024-04-25_11_46

Release 2024-04-25 - (expected chart version 4.42.0)

.envrc

@@ -49,6 +49,11 @@ export LANG=en_US.UTF-8
 export RABBITMQ_USERNAME=guest
 export RABBITMQ_PASSWORD=alpaca-grapefruit
 
+# Redis
+
+export REDIS_PASSWORD=very-secure-redis-cluster-password
+export REDIS_ADDITIONAL_WRITE_PASSWORD=very-secure-redis-master-password
+
 # Integration tests
 export INTEGRATION_DYNAMIC_BACKENDS_POOLSIZE=3
 
@@ -58,7 +63,7 @@ export AWS_REGION="eu-west-1"
 export AWS_ACCESS_KEY_ID="dummykey"
 export AWS_SECRET_ACCESS_KEY="dummysecret"
 
-# integration test suite timeout 
+# integration test suite timeout
 export TEST_TIMEOUT_SECONDS=2
 
 # allow local .envrc overrides

.hlint.yaml

@@ -11,6 +11,7 @@
 - ignore: { name: Avoid lambda using `infix` }
 - ignore: { name: Eta reduce }
 - ignore: { name: Use section }
+- ignore: { name: "Use :" }
 - ignore: { name: Use underscore }
 
 # custom rules:

CHANGELOG.md

@@ -1,3 +1,241 @@
+# [2024-04-25] (Chart Release 4.42.0)
+
+## Release notes
+
+
+* There is a new optional Boolean in Brig's Helm chart, `config.multiSFT.enabled`,
+ signalling whether calls between federated SFT servers are allowed.
+
+ IMPORTANT: The value of this new option needs be set to the value of
+ `multiSFT.enabled` in SFT's Helm chart. Otherwise federated SFT servers won't
+ work.
+
+ If provided, the field `is_federating` in the response of `/calls/config/v2`
+ will reflect `multiSFT.enabled`'s value.
+
+ Example:
+
+ ```
+ # [brig/values.yaml]
+ multiSFT:
+ enabled: true
+ ```
+
+ Also, the optional object `sftToken` with its fields `ttl` and `secret` define
+ whether an SFT credential would be rendered in the response of
+ `/calls/config/v2`. The field `ttl` determines the seconds for the credential to
+ be valid and `secret` is the path to the secret shared with SFT to create
+ credentials.
+
+ Example:
+
+ ```
+ # [brig.yaml]
+ sft:
+ sftBaseDomain: sft.wire.example.com
+ sftSRVServiceName: sft
+ sftDiscoveryIntervalSeconds: 10
+ sftListLength: 20
+ sftToken:
+ ttl: 120
+ secret: /path/to/secret
+ ``` (#3915)
+
+* The "addClient" internal endpoint of galley has been changed. This can cause temporary failures during upgrades if brig attempts to use this endpoint on a different version of galley. (#3904)
+
+* Removed the deprecated and unused field `geoDb` from Brig's config. (#3975)
+
+* Added support for 3 more MLS ciphersuites. To enable MLS, all supported signature schemes (ed25519 and the three ecdsa variants) now need to have private keys specified in galley's configuration file. (#3964)
+
+
+## API changes
+
+
+* Create version 6 of client-related endpoints, fixing an oddity in the serialisation of capabilities. (#3904)
+
+* Add gzip request support to spar and proxy (#4013)
+
+
+## Features
+
+
+* Backend validates display name during DPoP challenge (#3890)
+
+* Add Helm chart `smallstep-accomp` that provides a CRL endpoint proxy for federated E2EI (#3896)
+
+* Support for Elasticsearch password authentication (#6717, #7283)
+
+* Support unblocking a user in an MLS 1-to-1 conversation (#3940)
+
+* Add E2EI configuration setup to smallstep-accomp chart (#3944)
+
+* Remove Helm migrated charts webapp, team-settings, account-pages, sftd (#3927)
+
+* charts/nginz: Rate limiting claiming MLS key-pacakges by requesting and target user (#3918)
+
+* Support connecting to Elasticsearch over TLS
+
+ It can be enabled by setting these options on the wire-server helm chart:
+
+ ```yaml
+ brig:
+ config:
+ elasticsearch:
+ scheme: https
+
+ # When custom CAs are required, one of these must be set:
+ tlsCa: <PEM encoded CA certificates>
+ tlsCaSecretRef:
+ name: <Name of the secret>
+ key: <Key in the secret containing pem encoded CA Cert>
+
+ # When TLS needs to be used without verification:
+ insecureSkipVerifyTls: true
+
+ elasticsearch-index:
+ elasticsearch:
+ scheme: https
+
+ # When custom CAs are required, one of these must be set:
+ tlsCa: <PEM encoded CA certificates>
+ tlsCaSecretRef:
+ name: <Name of the secret>
+ key: <Key in the secret containing pem encoded CA Cert>
+
+ # When TLS needs to be used without verification:
+ insecureSkipVerifyTls: true
+ ``` (#3989)
+
+* Make gundeck's notificationTTL configurable. The value defines how long
+ notifications are (at most) stored in the database. Decreasing this value e.g.
+ helps to safe database space on test environments. (#3960)
+
+* charts/nginz: Allow 3000 reqs/min on /conversations/one2one/:user_domain/:user (#3918)
+
+* Support authenticating to redis (#3971)
+
+
+## Bug fixes and other updates
+
+
+* Send connection cancelled event to local pending connection when user gets deleted (#3861)
+
+* Optional `apiProxy` attribute added to `deeplink.json` in nginz chart (#3933)
+
+* coturn cert-reloader sidecar config: process name should not contain the path (helm chart) (#3916)
+
+* Prevent conflict on subsequent tries to provision a SCIM user (#3914)
+
+* Avoid IO Exception when querying
+
+ GET /converations/{cnv_domain}/{cnv}/groupinfo
+
+ with public group state not set in galley.converation. (#3939)
+
+* Return an actual list of other users in a remote MLS 1-to-1 conversation (#3998)
+
+* charts/background-worker: Fix name of the service monitor (#3913)
+
+* Fix crash when enqueing an empty list of notifications and federation is disabled (#PR_NOT_FOUND)
+
+* Add the request ID to the request's execution environment in gundeck, such that it can be logged. (#3903)
+
+* The AWS SNS ARN was parsed by accumulating the environment name up to the first
+ dash ('-') such that parts of this name spilled over into the app name. Now, we
+ accumulate up to the last dash. (#3894)
+
+* Fix bug where welcome notifications were generated for each client instead of for each user (#3907)
+
+* Do not deliver MLS one-to-one conversation messages to a user that blocked the sender (#3889, #3906)
+
+* Optimize getting all feature configs (#4002)
+
+
+## Documentation
+
+
+* adds new coding-conventions.md and talks about the decision we made for `cs` (#4006)
+
+* Distinguish UTCTime and UTCTimeMillis in swagger (#3899)
+
+* Patch hole in scim docs regarding wire team role manipulation. (#3897)
+
+
+## Internal changes
+
+
+* Create a new script (`Sbom.hs`) to generate the wire-server sbom (bill of material) file. (#3942)
+
+* port flaking LH tests to new integration and improve the ergonomics of our testing library (#3876)
+
+* some small refactorings to make it more clear in code what is happening when registering a scim token and an IdP (#3966)
+
+* In order for the CRL-proxy to function correctly, it needs to have CORS headers set.
+ We are now setting the CORS headers on the ingress level. (#3956)
+
+* drop cs in all production code and from Imports (#4001)
+
+* Galley's internal `DELETE /i/client/:clientID` now early-exits before visiting all conversations if the client is already gone.
+ Galley now reports debug logs for every call to Cassandra. (#3985)
+
+* move formatting and linting of haskell files to treefmt, remove some of the now unneeded rules (#4000)
+
+* Integration test cases for strangely behaving feature config settings. (#4007)
+
+* Add ldap-scim-bridge chart to the wire-server release (#3999)
+
+* Disable `integration` subchart of `wire-server` by default (#3682)
+
+* Provide password as value in `elasticsearch-ephemeral`. This way we can use
+ different passwords on our test systems. Ensuring that the password is really
+ configurable (and not accidentally hardcoded somewhere.) (#3994)
+
+* Upgraded fluent-bit chart to version 0.46.2
+ Added example values for fluent-bit helm chart for output to syslog server (#4012)
+
+* Ported 2FA tests to the new integration test suite (#3986)
+
+* To ensure certificate revocations get active in a short time frame, disable
+ caching of proxy results on client side by setting respective HTTP headers. (#3952)
+
+* Ensure that targets of the smallstep nginx proxy are resolved at runtime via the
+ configured DNS server. This has two benefits: The target gets adjusted when it's
+ changed at the DNS server. And, nginx doesn't fail to start when the target
+ doesn't exist yet. (#3947)
+
+* Use schema-profunctor for user event serialisation and introduce golden tests (#3912)
+
+* Setup federation-v0 environment for use in integration tests:
+ - add federation-v0 domain to test environment
+ - provision integration certificates with cert-manager (#3849, #3898)
+
+* Add assets to output of ejpd-info end-point in stern; also:
+
+ - [brig] now talks to carghold for profile picture extraction;
+ - [integration] migrate ejpd tests;
+ - [integration] enhanced `shouldMatch` shows a diff on failure now;
+ - [integration] added `shouldMatchLeniently` for rule-based canonicalization of arguments (#3875)
+
+* Bump hsaml2, saml2-web-sso dependencies. (#3995)
+
+* Remove support for push token transport types APNSVoIP, APNSVoIPSandbox from gundeck. (#3967)
+
+* Include remote domain in federator error logs (#3919)
+
+* Remove remaining splinters of wai-routing, wai-predicate from brig. (#3996)
+
+
+## Federation changes
+
+
+* The on-conversation-updated notification is now queued instead of being sent directly. A new version of the notification has been introduced with a different JSON format for the body, mostly for testing purposes of the versioning system.
+
+ Since the notification is now sent asynchronously, some error conditions in case of unreachable backends cannot be triggered anymore. (#3831)
+
+* Versioning of backend to backend notifications. Notifications are now stored in "bundles" containing a serialised payload for each supported version. The background worker then dynamically selects the best version to use and sends only the notification corresponding to that version.
+ (#3831)
+
+
 # [2024-02-13] (Chart Release 4.41.0)
 
 # [2024-02-12] (Chart Release 4.40.0)