v2020-10-05

2020-10-05

Release Notes

With this release, the setCookieDomain configuration (under brig/config.optSettings) no longer has any effect, and can be removed.

Security improvements

• Authentication cookies are set to the specific DNS name of the backend server (like nginz-https.example.com), instead of a wildcard domain (like *.example.com). This is achieved by leaving the domain empty in the Set-Cookie header, but changing the code to allow clients with old cookies to continue using them until they get renewed. (#1102)

Bug Fixes

• Match users on email in SCIM search: Manage invited user by SCIM when SSO is enabled (#1207)

New Features

• Amount of SFT servers returned on /calls/config/v2 can be limited (default 5, configurable) (#1206)
• Allow SCIM without SAML (#1200)

Internal changes

• Cargohold: Log more about AWS errors, ease compatibility testing (#1205, #1210)
• GHC upgrade to 8.8.4 (#1204)
• Preparation for APNS notification on iOS 13 devices: Use mutable content for non-voip notifications and update limits (#1212)
• Cleanup: remove unused scim_user table (#1211)

2020-09-04

Release Notes

Bug Fixes

• Fixed logic related to ephemeral users (#1197)

New Features

• SFT servers now exposed over /calls/config/v2 (#1177)
• First federation endpoint (#1188)

Internal changes

• ormolu upgrade to 0.1.2.0 and formatting (#1145, #1185, #1186)
• handy cqlsh make target to manually poke at the database (#1170)
• spar cleanup
• brig user name during scim user parsing (#1195)
• invitation refactor (#1196)
• SCIM users are never ephemeral (#1198)

2020-07-29

Release Notes

• This release makes a couple of changes to the elasticsearch mapping and requires a data migration. The correct order of upgrade is:
  1. Update mapping
  2. Upgrade brig as usual
  3. Run data migration
     Search should continue to work normally during this upgrade.
• Now with cargohold using V4 signatures, the region is part of the Authorization header, so please make sure it is configured correctly. This can be provided the same way as the AWS credentials, e.g. using the AWS_REGION environment variable.

Bug Fixes

• Fix member count of suspended teams in journal events (#1171)
• Disallow team creation when setRestrictUserCreation is true (#1174)

New Features

• Pending invitations by email lookup (#1168)
• Support s3 v4 signatures (and use package amazonka instead of aws in cargohold) (#1157)
• Federation: Implement ID mapping (brig) (#1162)

Internal changes

• SCIM cleanup; drop table spar.scim_user (#1169, #1172)
• ormolu script: use ++FAILURES as it will not evaluate to 0 (#1178)
• Refactor: Simplify SRV lookup logic in federation-util (#1175)
• handy cqlsh make target to manually poke at the database (#1170)
• hscim: add license headers (#1165)
• Upgrade stack to 2.3.1 (#1166)
• gundeck: drop deprecated tables (#1163)

2020-07-13

Release Notes

• If you are self-hosting wire on the public internet, consider changing your brig server config.
• Deploy all services except nginz.
• No migrations, no restrictions on deployment order.

New Features

• Restrict user creation in on-prem installations (#1161)
• Implement active flag in SCIM for user suspension (#1158)

Bug Fixes

• Fix setting team feature status in Stern/backoffice (#1146)
• Add missing Swagger models (#1153)
• docs/reference/elastic-search.md: fix typos (#1154)

Internal changes

• Federation: Implement ID mapping (galley) (#1134)
• Tweak cassandra container settings to get it to work on nixos. (#1155)
• Merge wireapp/subtree-hscim repository under /libs, preserving history (#1152)
• Add link to twilio message ID format (#1150)
• Run backoffice locally (#1148)
• Fix services-demo (#1149, #1156)
• Add missing license headers (#1143)
• Test sign up with invalid email (#1141)
• Fix ormolu script (source code pretty-printing) (#1142)

2020-06-19

Release Notes

• run galley schema migrations
• no need to upgrade nginz

New Features

• Add team level flag for digital signatures (#1132)

Bug fixes

• Bump http-client (#1138)

Internal changes

• Script for finding undead users in elasticsearch (#1137)
• DB changes for federation (#1070)
• Refactor team feature tests (#1136)

2020-06-10

Release Notes

• schema migration for cassandra_galley
• promote stern after galley
• promote spar after brig
• no need to upgrade nginz

New Features

• Validate saml emails (#1113, #1122, #1129)

Documentation

• Add a note about unused registration flow in docs (#1119)
• Update cassandra-schema.cql (#1127)

Internal changes

• Fix incomplete pattern in code checking email domain (custom extensions) (#1130)
• Enable additional GHC warnings (#1131)
• Cleanup export list; swagger names. (#1126)

2020-06-03

Release Notes

• This release fixes a bug with searching. To get this fix, a new elasticsearch index must be used.
  The steps for doing this migration can be found in ./docs/reference/elastic-search.md
  Alternatively the same index can be recreated instead, this will cause downtime.
  The steps for the recreation can be found in ./docs/reference/elastic-search.md

New Features

• Customer Extensions (not documented, disabled by default, use at your own risk, details) (#1108)
• Upgrade emails to the latest version: small change in the footer (#1106)
• Add new "team event queue" and send MemberJoin events on it (#1097, #1115)
• Change maxTeamSize to Word32 to allow for larger teams (#1105)

Bug fixes

• Implement better prefix search for name/handle (#1052, #1124)
• Base64 encode error details in HTML presented by Spar. (#1120)
• Bump schemaVersion for Brig and Galley (#1118)

Internal Changes

• Copy swagger-ui bundle to nginz conf for integration tests (#1121)
• Use wire-api types in public endpoints (galley, brig, gundeck, cargohold) (#1114, #1116, #1117)
• wire-api: extend generic Arbitrary instances with implementation for 'shrink' (#1111)
• api-client: depend on wire-api only (#1110)
• Move and add wire-api JSON roundtrip tests (#1098)
• Spar tests cleanup (#1100)

2020-05-15

New Features

• Add tool to migrate data for galley (#1096)
  This can be used in a more automated way than the backfill-billing-team-member.
  It should be done as a step after deployment.

Internal Changes

• More tests for OTR messages using protobuf (#1095)
• Set brig's logLevel to Warn while running integration-tests (#1099)
• Refactor: Create wire-api package for types used in the public API (#1090)

2020-05-07

Upgrade steps (IMPORTANT)

• Deploy new version of all services as usual, make sure enableIndexedBillingTeamMember setting in galley is false.
• Run backfill using

  CASSANDRA_HOST_GALLEY=<IP Address of one of the galley cassandra instaces>
  CASSANDRA_PORT_GALLEY=<port>
  CASSANDRA_KEYSPACE_GALLEY=<GALLEY_KEYSPACE>
  docker run quay.io/wire/backfill-billing-team-members:2.81.18 \
    --cassandra-host-galley="$CASSANDRA_HOST_GALLEY" \
    --cassandra-port-galley="$CASSANDRA_PORT_GALLEY" \
    --cassandra-keyspace-galley="$CASSANDRA_KEYSPACE_GALLEY"

  You can also run the above using kubectl run.
• Set enableIndexedBillingTeamMember setting in galley to true and re-deploy the same version.

New Features

• Custom search visibility - limit name search (#1086)
• Add tool to backfill billing_team_member (#1089)
• Index billing team members (#1081, #1091)
• Allow team deletion on stern (#1080)
• Do not fanout very large teams (#1060, #1075)

Bug fixes

• Fix licenses of db tools (#1088)

Internal Changes

• Add docs for updating ID Provider (#1074)
• Add comments/docs about hie.yaml (#1037)
• Don't poll from SQS as often (#1082)
• Refactor: Split API modules into public/internal (#1083)
• Manage license headers with headroom instead of licensure (#1084)
• Monitor access to DynamoDB (#1077)
• Make make docker-intermediate command work again (#1079)
• Upgrade Ormolu to 0.0.5.0 (#1078)
• Add (very few) unit tests to galley (#1071)
• Pull brig-index before running the docker ephemeral setup (#1066)

2020-04-21

New Features

• Allow for report_missing in NewOtrMessage. (#1056, #1062)
• List team members by UserId (#1048)
• Support idp update. (#1065 for issuer, #1026 for everything else)
• Support synchronous purge-deletion of idps (via query param). (#1068)

Bug fixes

• Test that custom backend domains are case-insensitive (#1051)
• Swagger improvements. (#1059, #1054)

Internal Changes

• Count team members using es (#1046)
• Make delete or downgrade team owners scale (#1029)
• services-demo/demo.sh: mkdir zauth (if not exists) (#1055)
• Use fork of bloodhound to support ES 5.2 (#1050)