2022-12-09 (Chart Release 4.29.0)

Bug fixes and other updates

• Prevention of storing unnecessary data in the database if adding a bot to a conversation fails. (#2870)

Internal changes

• bump nginx-module-vts from v0.1.15 to v0.2.1 (#2827)
• Build nginz and nginz_disco docker images using nix (#2796)

2022-11-03 (Chart Release 4.26.0)

Release notes

• If you have not upgraded to release 2021-03-21 (Chart Release 2.103.0) yet, please do that now!

  NB: we only support releases 6 months back, so this should not be an issue. But in this particular case we are positive that things will break if you don't do an intermediate upgrade. (#2768)

• Build docker images using nix derivations instead of Dockerfiles (#2331, #2771, #2772, #2775, #2776)

• Upgrade team-settings version to 4.13.0-v0.31.5-0-4754212 (#2180)

• Upgrade webapp version to 2022-11-02-production.0-v0.31.9-0-337e400 (#2302)

• The experimental wire-server-metrics helm chart has been removed.

  These were mostly a wrapper around prometheus operator. It makes more sense to
  refer to the upstream docs of Prometheus Operator or Grafana Agent Operator for
  installation instead. (#2740)

API changes

• Do not expose swagger-ui on prod systems (to minimize attack surface) (#2800)

• Change mime type of body of /v3/mls/commit-bundles endpoint (#2773)

• Stop rate-limiting asset-signed-url requests on /assets/.* (#2786)

• The /access endpoint now takes an optional client_id query parameter. The first time it is provided, a new user token will be generated containing the given client ID. Successive invocations of /access will ignore the client_id parameter. Some endpoints can now potentially require a client ID as part of the access token. When trying to invoke them with an access token that does not contain a client ID, an authentication error will occur. (#2764)

Features

• Introduce support for external commits in MLS (#2765)

• The GET /teams/{tid}/members endpoint now supports pagination (#2802)

Bug fixes and other updates

• Clients without any prekeys are not deleted completely (#2758)

Documentation

• tentatively allow GET /api/event-notification-schemas for json schemas of server-initiated events (missing pieces tracked in https://wearezeta.atlassian.net/browse/FS-1008) (#2739)

• Fix copyright date on docs.wire.com (#2792)

• Improve and cross-link documentation on SNS / push notifications. (#PR_NOT_FOUND)

• Add extension sphinx-reredirects and configuration to generate simple JavaScript based redirects to new locations of previously inconsistently named files/URLs. (#2811)

Internal changes

• Convert brig's auth endpoints to servant (#2750)

• Remove deprecated table for storing scim external_ids.

  Data has been migrated away in release 2021-03-21 (Chart Release 2.103.0) (see /services/spar/migrate-data/src/Spar/DataMigration/V1_ExternalIds.hs); last time it has been touched in production is before upgrade to release 2021-03-23 (Chart Release 2.104.0). (#2768)

• Refactor some internal Scim user tests (#2762)

• Reduce the payload size of internal client.delete event (#2807, #2816)

• Bump servant-swagger-ui package. (#2747)

• Increase charts/galley memory limit to 500M. (#2798)

• Add RPC, ServiceRPC and GalleyProvider effects to brig (#2653)

• Use locally build schema binaries for db migrations and execute them right before running integration tests. (#2791)

• Rename the make targets from db-migrate-package and db-reset-package to db-migrate and db-reset and allow migrating and resetting all keyspaces. (#2791)

• Add a Make target for ghci (#2749)

• Upgrade nginz/nginx to 1.22.1 (#2777)

• The dev environment provided by nix now contains all the haskell packages
  compiled by nix. This could casue linker errors while compiling haskell code in
  this repo. One way to get resolve them is to delete the 'dist-newstyle'
  directory. (#2331)

• Implemented a new intersperse combinator for Polysemy (#2767)

• Add a Concurrency effect for Polysemy (#2748)

• Don't fail client deletion when mls remove key is undefined (#2738)

• Migrate stern to swagger2-ui (remaining backwards compatible with circulating backoffice images) (see also #2742 from last release) (#2744)

• Gundeck push token API and notification API is migrated to Servant (#2769)

• Delete deploy/services-demo directory (#2789)

• Upgrade Servant to 0.19 (#2809)

2022-10-04

Release notes

• Upgrade webapp version to 2022-10-04-production.0-v0.31.2-0-a438b30
  (#2302)

API changes

• Remove /legalhold/conversation alias from v2 (#2734)

• Make v2 a supported version and start v3 (#2734)

Features

• Allow deletion of MLS team conversations (#2733)

Bug fixes and other updates

• Revert synchronous semantics of client deletion endpoint (#2737)

Documentation

• JCT-146 - update outdated info SER-211 - update new info regarding
  nodetool use (#2736)

Internal changes

• Skeleton implementation of new endpoint for JWT DPoP access token
  generation (#2652, #2686)

• Add swagger2-ui to stern (#2742 …)

2022-09-27

Release notes

• For users of the (currently alpha) coturn Helm chart, manual action is
  required when upgrading to this version. The labels applied to the Kubernetes
  manifests in this chart have changed, in order to match the conventions used
  in the wire-server charts. However, this may mean that upgrading with Helm can
  fail, due to changes to the StatefulSet included in this chart -- in this
  case, the StatefulSet must be deleted before the chart is upgraded. (#2677)

• wire-server helm charts: Adjust default CPU/Memory resources: Remove CPU limits to avoid CPU throttling; adjust request CPU and memory based on observed values. Overall this decreases the amount of CPU/memory that the wire-server chart needs to install/schedule pods. (#2675)

• Upgrade team-settings version to 4.12.1-v0.31.5-0-0167ea4 (#2180)

• Upgrade webapp version to 2022-09-20-production.0-v0.31.2-0-7f74074 (#2302)

API changes

• Add new endpoint /mls/commit-bundles for submitting MLS CommitBundles. A CommitBundle is a triple consisting of a commit message, an optional welcome message and a public group state. (#2688)

• MLS: Store and expose group info via GET /conversations/:domain/:id/groupinfo (#2721)

• Add /mls/public-keys to nginz chart (#2676)

• Users being kicked out results in member-leave events originating from the user who caused the change in the conversation (#2724)

• Leaving an MLS conversation is now possible using the regular endpoint DELETE /conversations/{cnv_domain}/{cnv}/members/{usr_domain}/{usr}. When a user leaves, the backend sends external remove proposals for all their clients in the corresponding MLS group. (#2667)

• Validate remotely claimed key packages (#2692)

Features

• The coturn chart now has support for exposing its metric endpoint with a
  ServiceMonitor, which can be ingested by third-party metrics collection tools. (#2677)

• Deleting clients creates MLS remove proposals (#2674)

• External remove proposals are now sent to a group when a user is deleted (#2650)

• Allow non-admins to commit add proposals in MLS conversations (#2691)

• Optionally add invitation urls to the body of /teams/{tid}/invitations. This allows further processing; e.g. to send those links with custom emails or distribute them as QR codes. See docs for details and privacy implications. (#2684)

Bug fixes and other updates

• SCIM user deletion suffered from a couple of race conditions. The user in now first deleted in spar, because this process depends on data from brig. Then, the user is deleted in brig. If any error occurs, the SCIM deletion request can be made again. This change depends on brig being completely deployed before using the SCIM deletion endpoint in brig. In the unlikely event of using SCIM deletion during the deployment, these requests can be retried (in case of error). (#2637)

• The 2nd factor password challenge team feature is disabled for SSO users (#2693)

• Less surprising handling of SIGINT, SIGTERM for proxy, stern. Increase grace period for shutdown from 5s to 30s for all services. (#2715)

Documentation

• Drop Client model (unused) from old swagger.
  Add a description and example data for mls_public_keys field in new swagger. (#2657)

• Document user deactivation (aka suspension) with SCIM. (#2720)

• Monitoring page showed wrong wrong configuration charts. Updated prometheus-operator to kube-prometheus-stack chart in the documentation. (#2708)

Internal changes

• Make client deletion asynchronous (#2669)

• Allow external add proposals without previously uploading key packages. (#2661)

• Allow legalhold tokens access to /converations/<uuid> endpoint (#2682, #2726)

• Move Brig.Sem.* modules to Brig.Effects (consistency) (#2672)

• The labels applied to resources in the coturn chart have been changed to
  reflect the conventions in the wire-server charts. (#2677)

• Drop the managed column from team_conv table in Galley (#2127)

• Fix link in PR template (#2673)

• In Gundeck's 'notifications' cassandra table, switch to TWCS compaction strategy, which should be more efficient for this workload, and possibly bring performance benefits to latencies.
  It may be beneficial to run a manual compaction before rolling out this
  change (but things should also work without this manual operation).
  In case you have time, run the following from a cassandra machine before deploying this update: nodetool compact gundeck notifications. (#2615)

• Add regular expression support to libzauth ACL language (#2714)

• Make test API calls point to the most recent version by default (#2695)

• Clients and key package refs in an MLS conversation are now stored in their own table. (#2667)

• Refactor MLS test framework (#2678)

• Update mls-test-cli to version 0.5 (#2685)

• Added rusty-jwt-tools to docker images (#2686)

• The account API is now migrated to servant. (#2699, #2700, #2701, #2702, #2703, #2704, #2705, #2707)

• Update nginz and cannon ACLs to match api-versioned paths (#2725)

• For wire-server cloud, on kubernetes 1.21+, favour topology-aware routing, which reduces unnecessary inter-availability-zone traffic, reducing latency and cloud provider cross-AZ traffic costs. (#2723)

2022-09-01

Release notes (Chart Release 4.23.0)

• The internal endpoint GET i/mls/clients has been changed, and it now returns a list of ClientInfo instead of a list of ClientId. (#2631)

API changes

• Fix key package error description (#2651)

• Expose MLS public keys in a new endpoint GET /mls/public-keys. (#2602)

Features

• The coturn chart now supports exposing the control port over TLS. (#2620)

• Forward all MLS default proposal types (#2628)

• New endpoints HEAD and GET /nonce/clients to request new nonces for client certificate requests (coming up soon). (#2641, #2655)

Bug fixes and other updates

• Fix cql-io bug where restarting whole cassandra cluster could cause downtime. Upstream changes in https://gitlab.com/twittner/cql-io/-/merge_requests/20 (#2640)

• Improve client check when adding clients to MLS conversations (#2631)

Documentation

• Move developer docs onto docs.wire.com (instead of exposing them on github only) (#2622, #2649)

• Add build instructions for developers (#2621)

• Make target audience explicit on docs.wire.com (#2662)

Internal changes

• Support for external Add proposals (#2567)

• Add additional checks on incoming MLS messages:

  • if the sender matches the authenticated user
  • if the sender of message to a remote conversation is a member
  • if the group ID of a remote conversation matches the local mapping (#2618)

• Apply changes introduced by cabal-fmt. (#2624)

• Remove some redudant constraints in brig (#2638)

• Brig Polysemy: Port UserPendingActivationStore to polysemy (#2636)

• Add make target delete-cache-on-linker-errors to delete all Haskell compilation related caches. This is useful in cases where the development environment gets into an inconsistent state. (#2623)

• Move Paging effect from galley into polysemy-wire-zoo (#2648)

• Fix broken hls-hlint-plugin in nix env (#2629)

• Adjust developer PR template and document config and API procedures in-tree. (#2617)

• Add mls-test-cli to builder image (#2626)

• Add mls-test-cli to deps image (#2630)

• mls-test-cli: Use Cargo.lock file when building (#2634)

• Move common Arbitrary instances to types-common package for compilation speed (#2658)

• LoginId migrated to schema-profunctor (#2633, #2645)

• Improve cleaning rules in Makefile. (#2639)

• Fix typos, dangling reference in source code haddocs, etc. (#2586)

• Update the Elastic Search version used for running integration tests to the one that is delivered by wire-server-deploy. (#2656)

Federation changes

• Add mlsPrivateKeyPaths setting to galley (#2602)

2022-08-16

API changes

• Drop the deprecated member removal endpoint (#2593)

Features

• charts/cannon: Ensure HSTS headers are set for all endpoints (#2574)

• Expired MLS key packages are deleted from the database (#2582)

• Add support for MLS Remove proposals (#2561)

• Human readable names for SAML IdPs (#2565)

• The preferredLanguage field from SCIM now maps to the user locale in BRIG and will be set and updated on post SCIM user and on update SCIM user using SAML. (#2605)

• For TLS1.2, by default, remove ECDHE-ECDSA-AES128-GCM-SHA256 and ECDHE-RSA-AES128-GCM-SHA256 ciphers for ingress traffic. (#2528)

Bug fixes and other updates

• Allow deleting existing splash screens in `PUT /teams/:tid (see also PR#2474 in Release 4.18.0) (#2588)
• Backoffice: Fix an issue where in some deployments ibis/galeb (Wire Cloud internal services) are unreachable from backoffice if deployed in a different namespace. (#2610)
• Fix an issue for larger client requests on e.g. /list-users and /list-conversations, which were giving 413 errors for some users. Allow client requests of 256k by default (was 64k). (#2579)

Internal changes

• Add shellcheck, libstdc++ to nix env; handle emacs auto-save files better (#2609)
• Allow features to be set with HTTP method PATCH. This reflects a prior behavior
  that is used by Ibis. Additionally, it's more consistent when all setters can be
  called with PUT and PATCH. As this will fix calls by Ibis, the deployment order
  doesn't matter. (#2575)
• Brig Polysemization: introduce BlacklistStore and BlacklistPhonePrefixStore effects (#2590)
• Add cabal-fmt development tool (#2601)
• Reformat all cabal files with cabal-fmt (#2603)
• Delete tools: bonanza and makedeb (#2600)
• No more package.yaml / hpack, and stick with cabal files as the single (and only) source of truth (#2596)
• Port Brig SearchAPI and UserRichInfo endpoints to Servant (#2580)
• Added TTL data to stern feature flag GET endpoint. (#2564)
• Prepare removing deprecated non-binding teams (no more used in integration tests) (#2514, #2607)
• Add internal endpoint in Brig to update clients' key package refs in DB upon committing.
  Brig should be deployed before Galley. (#2604)
• Improved the resilience of provisioning new users via SAML by combining two persistence calls into one, preventing a creation failure from locking a user handle with no corresponding user. (#2526)

Federation changes

• Fix TBS field in MLS Message type (#2599)

2022-07-19

Release notes

• Users of the (currently alpha) coturn Helm chart must manually update
  their configuration due to changes in how the chart handles authentication
  secrets. Please see below for further details. (#2553)

API changes

• The response to POST /mls/messages adds a timestamp (#2560)

Features

• charts/wire-server: default log format everywhere to StructuredJSON format (introduced in #1951 and #1959) (#2559)

• The coturn chart now supports multiple authentication secrets, which permits
  multiple backend instances to use the same TURN servers without needing to
  share authentication secrets between the backend instances.

  Correspondingly, the .Values.secrets.zrestSecret configuration option, which
  took a single authentication secret as its argument, has been replaced with the
  option .Values.secrets.zrestSecrets (note spelling!), which instead takes a
  list of authentication secrets as its argument. (#2553)

• Add support for bare MLS proposals (#2436)

Bug fixes and other updates

• Fix a bug in charts/cannon. It's now possible to use a custom TLS certificate when enabling cannon's nginz sidecar container. (Previously only letsencrypt certificates worked, and were tested) (#2558)

• Minor fixes in helmcharts:

  • charts/nginz: Rate limit SSO endpoints less
  • charts/nginz: Ensure rate limiting isn't commented out
  • charts/galley: Honour .setttings.httpPoolSize
  • charts/galley: Fix typo in settings.featureFlags.validateSAMLEmails
  • charts/gundeck: Remove aws.connectionLimit
  • charts/brig: Fix default brandLabelUrl and remove brandLabel (#2563)

Internal changes

• Port brig UserHandle API to servant (#2556)

• Bump timeout for integration tests to 15 minutes (from 10 minutes), as 10 minutes is no longer enough. (#2570)

• Internal endpoints to PATCH feature status (#2555)

• Change the proposal hold time to 28 days (#2568)

2022-07-12

Release notes

• Deploy spar before galley (#2543)

• Upgrade team-settings version to 4.11.0-v0.31.1-0-9e64150 (#2180)

API changes

• Restore PUT /v2/connections endpoint (#2539)

Features

• 2nd factor authentication code generation is rate limited now (#2522)

• The team member CSV export now fills created_on for SCIM users (#2543)

Internal changes

• Add Helm chart for inbucket. Inbucket is a SMTP server that does not relay, but instead display received mail in a webapp and make them accessible via an API. (#2544)

• Bump saml2-web-sso (#2545, #2546)

• use checkedConnectCluster to avoid dropping requests to Redis when Gundeck reconnects to the Redis cluster (#2542)

• Do not log polysemy errors in Galley (#2531)

• Remove old crypto-cli tool from the ubuntu image (#2538)

Federation changes

• Added new-remote-conversation RPC, used to notify a backend of a remote conversation the first time any user from that backend is added to it. (#2378)

• Added federation endpoint send-mls-message used to send messages to remote converesations (#2378)

2022-07-05

Release notes

• For users of the (currently alpha) coturn Helm chart:
  manual intervention may be required when upgrading to
  this version of the chart from a prior version, due to a bug in
  Kubernetes which
  may interfere with applying changes to pod and service port configuration
  correctly.

  If, after updating this chart, the coturn pods do not have both a coturn-udp
  port and a coturn-tcp port, then the coturn StatefulSet must be manually
  deleted from the cluster, and then recreated by re-running Helm. Similarly, if
  the coturn Service does not have both a coturn-udp port and a coturn-tcp
  port, this Service must also be deleted and recreated. (#2500)

• The nginz{-tcp,-http} services have been unified into a nginz service, and
  moved into the nginz chart.

  The nginz-ingress-services chart simply targets the nginz service, so there's
  no need to set matching service.nginz.external{Http,Tcp}Port inside the
  nginx-ingress-services chart anymore.

  The config.http.httpPort and config.ws.wsPort values in the nginz chart
  still configure the ports the nginz service is listening on.

  Metrics were moved from config.http.httpPort to a new http-metrics port.

  The nginz chart also gained support for metrics.serviceMonitor.enabled,
  creating a ServiceMonitor resource to scrape metrics, like for other wire
  services.

  (#2476)

• Upgrade webapp version to 2022-06-30-production.0-v0.30.5-0-3e2aaf6 (#2302)

• In the helm charts, the wireService label has been removed.

  In some cases, we were already setting the app label too.

  Now we consistently use the app label to label different wire services.

  The wireService label was also used in the spec.selector.matchLabels field
  on existing Deployment / StatefulSet resources.
  As these fields being immutable, changing them isn't possible without recreation.

  If you encounter an issue like

  field is immutable && cannot patch "*" with kind *

  you need to manually delete these StatefulSet and Deployment resources, and apply helm again, which will recreate them.

  This means downtime, so plan a maintenance window for it.

  The wire-server-metrics chart was previously running some custom
  configuration to automatically add all payloads with a wireService label into
  metrics scraping.

  With the removal of the wireService label, this custom configuration has been
  removed.

  Instead, all services that expose metrics will now create ServiceMonitor
  resources, if their helm chart is applied with metrics.serviceMonitor.enable
  set to true.

  This prevents scraping agents from querying services that don't expose metrics
  at /i/metrics unnecessarily.

  Additionally, makes it easier to run other metric scraping operators, like
  grafana-agent-operator, without the need to also create some custom
  wireService label config there.

  Generally, if you have any monitoring solution installed in your cluster that
  uses the Prometheus CRDs, set metrics.serviceMonitor.enable for the following charts:

  • brig
  • cannon
  • cargohold
  • galley
  • gundeck
  • proxy
  • spar (#2413)

API changes

• The request body of POST /conversations endpoint can now contain an optional creator_client field. The creator_client field is only relevant for MLS conversations, in which case it must be set to the ID of the client making the request. (#2486)

• Retire deprecated feature config API endpoints for API version V2 (#2492)

Features

• Prevent race conditions in concurrent MLS commit requests. (#2525)

• charts/wire-server: Optionally include backoffice (#2490)

• The coturn chart has new functionality to enable graceful pod termination, by
  waiting for all active allocations on a coturn instance to drain first. When
  combined with a suitable external service discovery mechanism which can steer
  client traffic away from terminating coturn pods, this can be used to implement
  graceful rolling restarts of clusters of coturn instances. (#2456)

• ./deploy/services-demo/create_team_members.sh creates users with given roles now (#2137)

• MLS implementation progress:

  • Remote users can be added to MLS conversations
  • MLS messages (both handshake and application) are now propagates to remote
    conversation participants. (#2415)

• charts/nginz: Serve swagger-ui for viewing swagger-1.2 docs (#2466)

• GET teams/:tid response now contains an optional field splash_screen which contains the asset key of the team's splash screen. PUT teams/:tid now supports updating the splash screen asset key. (#2474)

• Missing feature config mapping added (#2494)

• Add MLS team feature configuration (#2499)

• Team feature API now includes endpoints to get and set the searchVisibilityInbound feature (#2503)

Bug fixes and other updates

• charts/backoffice: Fix version of frontend and auto-bump version of stern on every release (#2490)

• The service definitions in the coturn Helm chart were missing the control plane
  UDP port used by coturn. (#2500)

• In nginx-ingress-services chart, when enabling useCertManager, now correctly creates the required issuer by default. (#2532)

• Fix handling of creator client in MLS conversations (#2486)

• Fix all clients having the same MLS public key (#2501)

• A user now cannot delete an identity provider that they are authenticated with any more (#2519)

Internal changes

• brig-types: remove all re-exports (#2505)

• Fixed flakiness of email update test, related to the test user account being suspended, causing subsequent runs of the test to fail. (#2497)

• galley-types: remove all re-exports (#2504)

• Enforce some IdP invariants (#2533)

• Switch to new MLS test CLI (https://github.com/wireapp/mls-test-cli) (#2508)

• Forward /i/users/:uid/features/:feature to brig (#2468)

• charts/nginz: Forward /i/legalhold/whitelisted-teams to galley instead of brig (#2460)

• make the ldap-scim-bridge chart deployable once per team, and improve docs. (#1843)

• Refactored and simplified the feature config API (#2435)

• Removed deprecated internal feature config API endpoints (#2496)

• Deactivated gundeck's integration tests for local steps (make ci). (#2510)

• retry gundeck's Redis connection in case of network errors such as IP changes or network outages (#2512)

• Add AWS security token metrics to all services (#2473)

2022-06-14

Release notes

• Upgrade team-settings version to 4.10.0-v0.29.7-0-3be8ca3 (#2180)

• Upgrade webapp version to 2022-06-13-production.0-v0.29.7-0-2819b90 (#2302)

Documentation

• Docs for guest links server and team feature settings added (#2480)

Internal changes

• All feature configs like guest links e.g. can now be overridden in the helm configuration, so that they can be disabled/enabled and configured server wide (#2479)