Release 2026-03-03 - (expected chart version 5.28.0)#5080
Open
Release 2026-03-03 - (expected chart version 5.28.0)#5080
Conversation
update renovate config
This reverts commit 82c5e5e.
* Factor out proposal ref check * Refactor proposal fetching method * Improve proposal ref check For each missing proposal, check if it is deleting an index which is already deleted by an included proposal. If so, do not throw a missing reference error. * Add CHANGELOG entry * Get rid of Ord instance for StoredProposal
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This is a pure refactoring. It enables usage of this effect by other effects in the standard Wire way.
* Ignore partials for languages not in [en,de] There are no team emails which may include them. Thus, we don't need them in this repo. * Move template fetch script to wire-subsystems Otherwise, the templates are created in the abandonned brig folders. This is probably a missing step of migrating email templating to wire-subsystems. * Ignore superfluous files in fetch.py `index.html`, `index.txt` and `index-subject.txt` aren't needed here. Look at the wire-emails project if you need them. * Update email templates to v1.0.148.
* Add history metadata to conversation record * Add history update action and event * Add history update action * Implement history DB write * Store history config on conv creation * Read history config from DB * More history tests * Add CHANGELOG entry * Lint * Update golden tests * Fix federation golden tests * Fix conversation create with history test on Cassandra * Add history field to cassandra * fixup! Add history field to cassandra * More history setting tests
Co-authored-by: Sven Tennie <sven.tennie@wire.com>
Setting this yaml ``` cannonArgs: ["+RTS", "-M2g", "-RTS"] ``` yields a process that looks like this when it runs: ``` tr '\0' ' ' < /proc/1/cmdline; echo /nix/store/0424psvij1xlqnf4bw88pvrlirfj4mzd-dumb-init-1.2.5/bin/dumb-init -- /nix/store/zg65yxh6pll45hb8x87hmbfyjvy2qcik-cannon/bin/cannon +RTS -M2g -RTS ``` * Update charts/cannon/templates/statefulset.yaml Co-authored-by: Leonhardt Wille <lwille@users.noreply.github.com> * Update charts/cannon/templates/statefulset.yaml Co-authored-by: Akshay Mankar <akshay@wire.com> * Fix cannon resources indent * Fix cannon chart YAML * Tidy cannon args templating * Render cannon args on new line * tweak --------- Co-authored-by: Leonhardt Wille <lwille@users.noreply.github.com> Co-authored-by: Akshay Mankar <akshay@wire.com>
* ingress-nginx: support for external cert-manager issuers * making federator ingress cert duration configurable
Send emails to team admins and owners when SAML IdP configurations are created, updated, or deleted. These include details about certificate changes (additions/removals) and configuration updates (issuer/endpoint changes). Changes: - Add SAMLEmailSubsystem effect and interpreter for IdP change emails - Create email templates for IdP configuration change notifications - Add Data.Hourglass.Const module with midnight constant - Add unit tests for rendering the new templates - Use schema-profunctor `ToSchema` to get `ToJSON`/`FromJSON` instances for `IdP` This feature enables team administrators to be informed of security-relevant changes to their SAML authentication configuration.
* update federated calling configuration * better description for coturn abuse * fix incorrect statement for coturn ratelimiting allowlist * fix example list
Add the /sso/get-by-email endpoint to look the right IdPId for an email address up, taking the multi-ingress domain host into account. The whole feature is disabled by default, returning in HTTP 404s.
Take into account that different string representations may express the same path. Thus, `normalise` all of them.
This broke API compatibility. Instead, reuse ModifyConversationAccess action permission. Permissions are only used internally and don't really affect the behaviour of the backend, anyway.
I had to tweak the renovate PR a bit: - crate2nix wasn't executed (no nix, no effect :) ) - treefmt to format the changes --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Sven Tennie <sven.tennie@wire.com>
Switch to the nixpkgs release branch (from unstable). Cleanup nix pins. Fix `integration/scripts/integration-dynamic-backends-vhosts.sh`: `curl` was complaining: "The file '/certs/rabbitmq-ca/ca.pem' provided to --cacert does not exist." So, fix this path - though, I don't understand how it could have ever worked before.
Manually executed `crate2nix generate` to reflect this change in Nix. --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Sven Tennie <sven.tennie@wire.com>
Master->Develop after release
* Rename ClientStore -> UserClientIndexStore * Move UserClientIndexStore interpreter to wire-subsystems * Remove action to get configuration from the store effect * Expose `getBrigClients` as `ConversationSubsystem.internalGetClientIds`
…2 namespace (#5058) This will allow integration tests to cleanup after themselves
…sandra or postgres (#4968)
…l revocation (#5060)
* Repair user key inconsistency on registration * Add CHANGELOG entry * Restore activation check
* Move getActivityTimestamps from UserStore to ClientStore * UserSubsystem: Use ClientSubsystem instead of ClientStore
* Cassandra upgrade to 4.0 * use latest patch version of 4.0
This reverts commit 86a4e4f.
This reverts commit 059c242.
* Cassandra 4.1 * Hi CI
zebot
added
the
ok-to-test
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
13 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
[2026-03-03] (Chart Release 5.28.0)
Release notes
The following Helm charts changed in this branch:
charts/demo-smtpcharts/fake-aws-sescharts/fake-aws-snscharts/legalholdImage field overrides are supported via split values (
repository+tag) in the changed charts.There are backward incompatibilities if old string-style image overrides are still used. (WPB-18320 make hardcoded images in helm charts configurable via values yaml #5015)
Cassandra (
brig.user) now keeps track of user types, only for newly created users. Read this paragraph if you have already created apps before their official support: For existing users and bots, the user type is inferred, but existing apps will show as regular users. Please remove those users from your team and create them again. ([WPB-22549] add type field to user #5022)Starting in this version, wire-server is tested against cassandra (4.1.x). The codebase is compatible with cassandra 3.11, 4.0, and 4.1. But going forward, only 4.1 or newer will get tested. We recommend you eventually upgrade cassandra to 4.1.x. (Cassandra upgrade to 4.0 #5062)
API changes
PUT /teams/:tid/apps/:uidfor app metadata update. ([WPB-21287] put app metadata #5053)GET /teams/:tid/appsnow includes app ids in response. ([WPB-23644] about fetching apps and reg users #5057)Features
Add Meetings API for creating and managing scheduled meetings.
New endpoints:
POST /meetings- Create a meeting with title, start/end times, recurrence patterns (daily, weekly, etc.), and invited emails. Each meeting creates an associated MLS conversation.GET /meetings/:domain/:meetingId- Retrieve a meeting by ID. Accessible to the meeting creator or any conversation member.Features:
PUT /meetings/:domain/:meetingIdfor updating meetings.Supported fields:
startTime,endTime- update meeting time (must be valid: start < end)title- update meeting titlerecurrence- update recurrence patternAuthorization: only the meeting creator can update the meeting. (WPB-21964: Add Wire Meetings update #5065)
Ephemeral users are now allowed to upload and download files (WPB-22814 allow ephemeral users to upload files #5016)
Pass optional cookie label on initiating the SSO login flow (WPB-23422 Mark Cookie with label during SSO Login Flow #5049)
Revoke cookie with same label on login (WPB-23659 Revoke cookie with same label on login/cookie renewal #5055)
Emit new event
user.session-refresh-suggestedon cookie revocation (WPB-23660 add and emituser.session-refresh-suggestedevent on label revocation #5060)New public system setting for nomad profiles support (WPB-23792 public setting for nomad profiles #5077)
Print better error logs even when errors are overwritten to be hidden from the users (Better error logs when errors are hidden from the users #5000)
Add history metadata support to channels. Channels now have a new field
historywhich can be set on creation and updated by admins. (History metadata #4991)Send an email to team admins and owners when an IdP is changed via API (create,
update, delete). This behaviour is for now only enabled for multi-ingress
setups. (IdP change notification emails #4987)
Add
/sso/get-by-emailendpoint to retrieve SSO codes by user email address.This will enable clients to fetch SSO codes and not have to ask the user for
them.
This feature is turned off by default and can be enabled in
sparby settingthe
enableIdPByEmailDiscoveryflag. Multi-ingress domains are taken intoaccount to find the right SSO code to use. Users must have been created via
SCIM; non-SCIM users are ignored. Please refer to the documentation for further
information. (Add /sso/get-by-email endpoint #5024)
Bug fixes and other updates
Delete app when removing a user from a team. (WPB-18187: Delete app when removing a user from a team #5046)
Listing users never excludes apps on grounds of not having an identity. ([WPB-22549] fix logic around members with user type app and no user identity #5029)
cannon: Do not report status code 500 when websocket is closed due to client
errors (cannon: Do not report status code 500 in metrics when websocket is closed due to client errors #5045)
Remove ModifyConversationHistory permission (Remove ModifyConversationHistory action #5027)
The backend is now able to accept commits in the presence of duplicated remove proposals (Better proposal reference check #4999)
Repair user key inconsistency when inviting user (Repair user key inconsistency on invitation #5031)
Repair user key inconsistency on registration
(Repair user key inconsistency on registration #5050)
Internal changes
Made hard coded images in helm charts configurable (WPB-18320 make hardcoded images in helm charts configurable via values yaml #5015)
Fix: create team members for apps in galley, not just brig users. ([WPB-22549] connect users to apps. #4970)
Change
GET /i/userson brig to never return users with statusDeleted.This shouldn't change backend behavior, except for avoiding some race
conditions involving user deletion and fetching. ([WPB-22549] fix conv join events #5052)
Request-Id is now correctly propagated in
cannonandcargohold(WPB-23365 fix Request-Id propagation #5073)Integration tests: test lib now supports
shouldMatchShapefor json schema assertions. ([WPB-23644] about fetching apps and reg users #5057)Move conversation creation logic to wire-subsystems
Galley.API.CreatetoWire.ConversationSubsystem.InterpreterGalley.API.Error→Galley.Types.ErrorGalley.API.One2One→Wire.ConversationSubsystem.One2OneGalley.API.Util→Wire.ConversationSubsystem.UtilGalley.Effects.UserClientIndexStore→Wire.Effects.UserClientIndexStoreGalley.Validationmodule (functionality moved to interpreter)background-workerconfigmap:galleyendpoint configuration to templategalleyEndpointfield to environmentRegistryto callgetConfiguredFeatureFlagsand provide flags viarunInputSemConversationSubsystemConfigcannon chart: allow optional extra command line args to pass to the cannon process (Allow extra cannon args via Helm #5023)
cannon chart: add scheduling options for node selector, affinity, and tolerations (Add cannon chart scheduling knobs #5020)
Updated email templates to v1.0.148 (Email templates v1.0.148 #5003)
Federator helm chart: by default remove the CPU limit (and throttling). A limit can still be specified. (federator chart: don't throttle CPU by default #5076)
Move
IdPConfigStoretowire-subsystems. This will enable using it in other effects. (Move IdPConfigStore to wire-subsystems #5011)Upgrade wire-server's Nix env. Switch to nixpkgs
nixos-25.11(the release branch). (Update Nix env #5032)Update
libzauth-c's dependencies. (libzauth-c: Update all dependencies #5039)Federation changes
groupfield tofederator.tls.issuerand making certificateduration/renewBeforeconfigurable viafederator.tls.durationandfederator.tls.renewBeforein nginx-ingress-services chart. (ingress-nginx: support for external cert-manager issuers #5025)