Merge branch 'stable-5.0' into update-changelog

changelog/5.0.1_2024-04-10/bump-reva.md

@@ -0,0 +1,13 @@
+Bugfix: Update reva to v2.19.4
+
+We updated reva to v2.19.4
+
+*   Bugfix [cs3org/reva#4612](https://github.com/cs3org/reva/pull/4612): Use gateway selector in jsoncs3 to scale the service
+
+https://github.com/owncloud/ocis/pull/8787
+
+We updated reva to v2.19.3
+
+*   Bugfix[cs3org/reva#4607](https://github.com/cs3org/reva/pull/4607): Mask user email in output
+
+https://github.com/owncloud/ocis/pull/8781

changelog/5.0.1_2024-04-10/enhancement-strict-same-site-cookie.md

@@ -0,0 +1,14 @@
+Bugfix: Make IDP cookies same site strict
+
+To enhance the security of our application and prevent Cross-Site Request Forgery (CSRF) attacks, we have updated the
+SameSite attribute of the build in Identity Provider (IDP) cookies to Strict.
+
+This change restricts the browser from sending these cookies with any cross-site requests,
+thereby limiting the exposure of the user's session to potential threats.
+
+This update does not impact the existing functionality of the application but provides an additional layer of security
+where needed.
+
+This only affects cookies set by the built-in IDP. Production systems should not be affected.
+
+https://github.com/owncloud/ocis/pull/8716

changelog/5.0.1_2024-04-10/fix-create-personal-space-cache.md

@@ -0,0 +1,5 @@
+Bugfix: Fix the create personal space cache
+
+We fixed a problem with the config for the create personal space cache which resulted in the cache never being used.
+
+https://github.com/owncloud/ocis/pull/8799

changelog/5.0.1_2024-04-10/fix-postprocessing-restart.md

@@ -0,0 +1,8 @@
+Bugfix: Fix restarting of postprocessing
+
+When an upload is not found, the logic to restart postprocessing was bunked. Additionally we extended the upload sessions
+command to be able to restart the uploads without using a second command.
+
+NOTE: This also includes a breaking fix for the deprecated `ocis storage-users uploads list` command
+
+https://github.com/owncloud/ocis/pull/8782

deployments/continuous-deployment-config/ocis_keycloak/released.yml

@@ -32,7 +32,7 @@
         env:
           INSECURE: "false"
           TRAEFIK_ACME_MAIL: mbarz@owncloud.com
-          OCIS_DOCKER_TAG: 5.0.0
+          OCIS_DOCKER_TAG: 5.0.1
           OCIS_DOMAIN: ocis.ocis-keycloak.released.owncloud.works
           KEYCLOAK_DOMAIN: keycloak.ocis-keycloak.released.owncloud.works
           COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml

deployments/continuous-deployment-config/ocis_ldap/released.yml

@@ -32,7 +32,7 @@
         env:
           INSECURE: "false"
           TRAEFIK_ACME_MAIL: mbarz@owncloud.com
-          OCIS_DOCKER_TAG: 5.0.0
+          OCIS_DOCKER_TAG: 5.0.1
           OCIS_DOMAIN: ocis.ocis-ldap.released.owncloud.works
           LDAP_MANAGER_DOMAIN: ldap.ocis-ldap.released.owncloud.works
           COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml

deployments/continuous-deployment-config/ocis_traefik/released.yml

@@ -32,7 +32,7 @@
         env:
           INSECURE: "false"
           TRAEFIK_ACME_MAIL: mbarz@owncloud.com
-          OCIS_DOCKER_TAG: 5.0.0
+          OCIS_DOCKER_TAG: 5.0.1
           OCIS_DOMAIN: ocis.ocis-traefik.released.owncloud.works
           DEMO_USERS: "true"
           INBUCKET_DOMAIN: mail.ocis-traefik.released.owncloud.works

deployments/continuous-deployment-config/ocis_wopi/released.yml

@@ -32,7 +32,7 @@
         env:
           INSECURE: "false"
           TRAEFIK_ACME_MAIL: mbarz@owncloud.com
-          OCIS_DOCKER_TAG: 5.0.0
+          OCIS_DOCKER_TAG: 5.0.1
           OCIS_DOMAIN: ocis.ocis-wopi.released.owncloud.works
           COMPANION_DOMAIN: companion.ocis-wopi.released.owncloud.works
           COMPANION_IMAGE: owncloud/uppy-companion:3.12.13-owncloud

services/frontend/pkg/config/config.go

@@ -144,6 +144,7 @@ type OCS struct {
 	PublicShareMustHavePassword          bool               `yaml:"public_sharing_share_must_have_password" env:"OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD;FRONTEND_OCS_PUBLIC_SHARE_MUST_HAVE_PASSWORD" desc:"Set this to true if you want to enforce passwords on all public shares." introductionVersion:"5.0"`
 	WriteablePublicShareMustHavePassword bool               `yaml:"public_sharing_writeableshare_must_have_password" env:"OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD;FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD" desc:"Set this to true if you want to enforce passwords on Uploader, Editor or Contributor shares." introductionVersion:"5.0"`
 	IncludeOCMSharees                    bool               `yaml:"include_ocm_sharees" env:"FRONTEND_OCS_INCLUDE_OCM_SHAREES" desc:"Include OCM sharees when listing sharees." introductionVersion:"5.0"`
+	ShowUserEmailInResults               bool               `yaml:"show_email_in_results" env:"FRONTEND_SHOW_USER_EMAIL_IN_RESULTS;OCIS_SHOW_USER_EMAIL_IN_RESULTS" desc:"Mask user email addresses in responses. (EXPERIMENTAL)" introductionVersion:"5.1"`
 }
 
 type CacheWarmupDrivers struct {

services/frontend/pkg/config/defaults/defaultconfig.go

@@ -116,6 +116,7 @@ func DefaultConfig() *config.Config {
 			ListOCMShares:               true,
 			PublicShareMustHavePassword: true,
 			IncludeOCMSharees:           false,
+			ShowUserEmailInResults:      true,
 		},
 		Middleware: config.Middleware{
 			Auth: config.Auth{

services/frontend/pkg/revaconfig/config.go

@@ -338,7 +338,8 @@ func FrontendConfigFromStruct(cfg *config.Config, logger log.Logger) (map[string
 							"productversion": version.GetString(),
 						},
 					},
-					"include_ocm_sharees": cfg.OCS.IncludeOCMSharees,
+					"include_ocm_sharees":   cfg.OCS.IncludeOCMSharees,
+					"show_email_in_results": cfg.OCS.ShowUserEmailInResults,
 				},
 			},
 		},