|
| 1 | +# [2026-03-03] (Chart Release 5.28.0) |
| 2 | + |
| 3 | +## Release notes |
| 4 | + |
| 5 | + |
| 6 | +* The following Helm charts changed in this branch: |
| 7 | + - `charts/demo-smtp` |
| 8 | + - `charts/fake-aws-ses` |
| 9 | + - `charts/fake-aws-sns` |
| 10 | + - `charts/legalhold` |
| 11 | + |
| 12 | + Image field overrides are supported via split values (`repository` + `tag`) in the changed charts. |
| 13 | + There are backward incompatibilities if old string-style image overrides are still used. (#5015) |
| 14 | + |
| 15 | +* Cassandra (`brig.user`) now keeps track of user types, only for newly created users. **Read this paragraph if you have already created apps before their official support:** For existing users and bots, the user type is inferred, but existing apps will show as regular users. Please remove those users from your team and create them again. (#5022) |
| 16 | + |
| 17 | +* Starting in this version, wire-server is tested against cassandra (4.1.x). The codebase is compatible with cassandra 3.11, 4.0, and 4.1. But going forward, only 4.1 or newer will get tested. We recommend you eventually upgrade cassandra to 4.1.x. (#5062) |
| 18 | + |
| 19 | + |
| 20 | +## API changes |
| 21 | + |
| 22 | + |
| 23 | +* `PUT /teams/:tid/apps/:uid` for app metadata update. (#5053) |
| 24 | + |
| 25 | +* `GET /teams/:tid/apps` now includes app ids in response. (#5057) |
| 26 | + |
| 27 | + |
| 28 | +## Features |
| 29 | + |
| 30 | + |
| 31 | +* Add Meetings API for creating and managing scheduled meetings. |
| 32 | + |
| 33 | + New endpoints: |
| 34 | + - `POST /meetings` - Create a meeting with title, start/end times, recurrence patterns (daily, weekly, etc.), and invited emails. Each meeting creates an associated MLS conversation. |
| 35 | + - `GET /meetings/:domain/:meetingId` - Retrieve a meeting by ID. Accessible to the meeting creator or any conversation member. |
| 36 | + |
| 37 | + Features: |
| 38 | + - Recurring meeting support with configurable patterns and end dates |
| 39 | + - Trial status: personal users receive trial meetings, paying team members receive non-trial meetings |
| 40 | + - Meeting expiration: old meetings are automatically filtered based on a configurable validity period (#4918) |
| 41 | + |
| 42 | +* `PUT /meetings/:domain/:meetingId` for updating meetings. |
| 43 | + |
| 44 | + Supported fields: |
| 45 | + - `startTime`, `endTime` - update meeting time (must be valid: start < end) |
| 46 | + - `title` - update meeting title |
| 47 | + - `recurrence` - update recurrence pattern |
| 48 | + |
| 49 | + Authorization: only the meeting creator can update the meeting. (#5065) |
| 50 | + |
| 51 | +* Ephemeral users are now allowed to upload and download files (#5016) |
| 52 | + |
| 53 | +* Pass optional cookie label on initiating the SSO login flow (#5049) |
| 54 | + |
| 55 | + |
| 56 | +* Revoke cookie with same label on login (#5055) |
| 57 | + |
| 58 | +* Emit new event `user.session-refresh-suggested` on cookie revocation (#5060) |
| 59 | + |
| 60 | +* New public system setting for nomad profiles support (#5077) |
| 61 | + |
| 62 | +* Print better error logs even when errors are overwritten to be hidden from the users (#5000) |
| 63 | + |
| 64 | +* Add history metadata support to channels. Channels now have a new field `history` which can be set on creation and updated by admins. (#4991) |
| 65 | + |
| 66 | +* Send an email to team admins and owners when an IdP is changed via API (create, |
| 67 | + update, delete). This behaviour is for now only enabled for multi-ingress |
| 68 | + setups. (#4987) |
| 69 | + |
| 70 | +* Add `/sso/get-by-email` endpoint to retrieve SSO codes by user email address. |
| 71 | + This will enable clients to fetch SSO codes and not have to ask the user for |
| 72 | + them. |
| 73 | + |
| 74 | + This feature is turned off by default and can be enabled in `spar` by setting |
| 75 | + the `enableIdPByEmailDiscovery` flag. Multi-ingress domains are taken into |
| 76 | + account to find the right SSO code to use. Users must have been created via |
| 77 | + SCIM; non-SCIM users are ignored. Please refer to the documentation for further |
| 78 | + information. (#5024) |
| 79 | + |
| 80 | + |
| 81 | +## Bug fixes and other updates |
| 82 | + |
| 83 | + |
| 84 | +* Delete app when removing a user from a team. (#5046) |
| 85 | + |
| 86 | +* Listing users never excludes apps on grounds of not having an identity. (#5029) |
| 87 | + |
| 88 | +* cannon: Do not report status code 500 when websocket is closed due to client |
| 89 | + errors (#5045) |
| 90 | + |
| 91 | +* Remove ModifyConversationHistory permission (#5027) |
| 92 | + |
| 93 | +* The backend is now able to accept commits in the presence of duplicated remove proposals (#4999) |
| 94 | + |
| 95 | +* Repair user key inconsistency when inviting user (#5031) |
| 96 | + |
| 97 | +* Repair user key inconsistency on registration |
| 98 | + (#5050) |
| 99 | + |
| 100 | + |
| 101 | +## Internal changes |
| 102 | + |
| 103 | + |
| 104 | +* Made hard coded images in helm charts configurable (#5015) |
| 105 | + |
| 106 | +* Fix: create team members for apps in galley, not just brig users. (#4970) |
| 107 | + |
| 108 | +* Change `GET /i/users` on brig to never return users with status `Deleted`. |
| 109 | + |
| 110 | + This shouldn't change backend behavior, except for avoiding some race |
| 111 | + conditions involving user deletion and fetching. (#5052) |
| 112 | + |
| 113 | +* Request-Id is now correctly propagated in `cannon` and `cargohold` (#5073) |
| 114 | + |
| 115 | +* Integration tests: test lib now supports `shouldMatchShape` for json schema assertions. (#5057) |
| 116 | + |
| 117 | +* # Move conversation creation logic to wire-subsystems |
| 118 | + |
| 119 | + - Moved conversation creation logic from `Galley.API.Create` to `Wire.ConversationSubsystem.Interpreter` |
| 120 | + - Relocated utility modules: |
| 121 | + - `Galley.API.Error` → `Galley.Types.Error` |
| 122 | + - `Galley.API.One2One` → `Wire.ConversationSubsystem.One2One` |
| 123 | + - `Galley.API.Util` → `Wire.ConversationSubsystem.Util` |
| 124 | + - `Galley.Effects.UserClientIndexStore` → `Wire.Effects.UserClientIndexStore` |
| 125 | + - Removed `Galley.Validation` module (functionality moved to interpreter) |
| 126 | + - Updated `background-worker` configmap: |
| 127 | + - Added `galley` endpoint configuration to template |
| 128 | + - Added `galleyEndpoint` field to environment |
| 129 | + - Updated `Registry` to call `getConfiguredFeatureFlags` and provide flags via `runInputSem` |
| 130 | + - Added roundtrip and golden tests for: |
| 131 | + - `ConversationSubsystemConfig` |
| 132 | + - FeatureDefaults types: LegalholdConfig, SSOConfig, SearchVisibilityAvailableConfig |
| 133 | + |
| 134 | + |
| 135 | +* cannon chart: allow optional extra command line args to pass to the cannon process (#5023) |
| 136 | + |
| 137 | +* cannon chart: add scheduling options for node selector, affinity, and tolerations (#5020) |
| 138 | + |
| 139 | +* Updated email templates to v1.0.148 (#5003) |
| 140 | + |
| 141 | +* Federator helm chart: by default remove the CPU limit (and throttling). A limit can still be specified. (#5076) |
| 142 | + |
| 143 | +* Move `IdPConfigStore` to `wire-subsystems`. This will enable using it in other effects. (#5011) |
| 144 | + |
| 145 | +* Upgrade wire-server's Nix env. Switch to nixpkgs `nixos-25.11` (the release branch). (#5032) |
| 146 | + |
| 147 | +* Update `libzauth-c`'s dependencies. (#5039) |
| 148 | + |
| 149 | + |
| 150 | +## Federation changes |
| 151 | + |
| 152 | + |
| 153 | +* Support external cert-manager issuers (e.g. AWS PCA) for federation TLS by adding optional `group` field to `federator.tls.issuer` and making certificate `duration`/`renewBefore` configurable via `federator.tls.duration` and `federator.tls.renewBefore` in nginx-ingress-services chart. (#5025) |
| 154 | + |
| 155 | + |
1 | 156 | # [2026-02-04] (Chart Release 5.27.0) |
2 | 157 |
|
3 | 158 | ## Release notes |
|
0 commit comments