Merge branch 'stable-5.0' into forward-port-changelog

changelog/5.0.3_2024-05-02/CVE-2023-36308.md

@@ -0,0 +1,7 @@
+Bugfix: Crash when processing crafted TIFF files
+
+Fix for a vulnerability with low severity in disintegration/imaging.
+
+https://github.com/advisories/GHSA-q7pp-wcgr-pffx
+https://github.com/owncloud/ocis/pull/8981
+

changelog/5.0.3_2024-05-02/bump-reva.md

@@ -0,0 +1,11 @@
+Bugfix: Update reva to v2.19.5
+
+We updated reva to v2.19.5
+
+*   Bugfix      [cs3org/reva#4654](https://github.com/cs3org/reva/pull/4654): Write blob based on session id
+*   Bugfix      [cs3org/reva#4666](https://github.com/cs3org/reva/pull/4666): Fix uploading via a public link
+*   Bugfix      [cs3org/reva#4665](https://github.com/cs3org/reva/pull/4665): Fix creating documents in nested folders of public shares
+*   Enhancement [cs3org/reva#4655](https://github.com/cs3org/reva/pull/4655): Bump mockery to v2.40.2
+*   Enhancement [cs3org/reva#4664](https://github.com/cs3org/reva/pull/4664): Add ScanData to Uploadsession
+
+https://github.com/owncloud/ocis/pull/9011

changelog/5.0.3_2024-05-02/fix-admin-role-assignment.md

@@ -0,0 +1,7 @@
+Bugfix: Update the admin user role assignment to enforce the config
+
+The admin user role assigment was not updated after the first assignment. We now read the assigned role during init and update the admin user ID accordingly if the role is not assigned.
+This is especially needed when the OCIS_ADMIN_USER_ID is set after the autoprovisioning of the admin user when it originates from an external Identity Provider.
+
+https://github.com/owncloud/ocis/pull/8918
+https://github.com/owncloud/ocis/pull/8897

changelog/5.0.3_2024-05-02/rework-virus-handling.md

@@ -0,0 +1,5 @@
+Bugfix: Fix infected file handling
+
+Reworks virus handling. Shows scandate and outcome on ocis storage-users uploads sessions. Avoids retrying infected files on ocis postprocessing restart.
+
+https://github.com/owncloud/ocis/pull/9011

deployments/continuous-deployment-config/ocis_keycloak/released.yml

@@ -32,7 +32,7 @@
         env:
           INSECURE: "false"
           TRAEFIK_ACME_MAIL: mbarz@owncloud.com
-          OCIS_DOCKER_TAG: 5.0.2
+          OCIS_DOCKER_TAG: 5.0.3
           OCIS_DOMAIN: ocis.ocis-keycloak.released.owncloud.works
           KEYCLOAK_DOMAIN: keycloak.ocis-keycloak.released.owncloud.works
           COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml

deployments/continuous-deployment-config/ocis_ldap/released.yml

@@ -32,7 +32,7 @@
         env:
           INSECURE: "false"
           TRAEFIK_ACME_MAIL: mbarz@owncloud.com
-          OCIS_DOCKER_TAG: 5.0.2
+          OCIS_DOCKER_TAG: 5.0.3
           OCIS_DOMAIN: ocis.ocis-ldap.released.owncloud.works
           LDAP_MANAGER_DOMAIN: ldap.ocis-ldap.released.owncloud.works
           COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml

deployments/continuous-deployment-config/ocis_traefik/released.yml

@@ -32,7 +32,7 @@
         env:
           INSECURE: "false"
           TRAEFIK_ACME_MAIL: mbarz@owncloud.com
-          OCIS_DOCKER_TAG: 5.0.2
+          OCIS_DOCKER_TAG: 5.0.3
           OCIS_DOMAIN: ocis.ocis-traefik.released.owncloud.works
           DEMO_USERS: "true"
           INBUCKET_DOMAIN: mail.ocis-traefik.released.owncloud.works

deployments/continuous-deployment-config/ocis_wopi/released.yml

@@ -32,7 +32,7 @@
         env:
           INSECURE: "false"
           TRAEFIK_ACME_MAIL: mbarz@owncloud.com
-          OCIS_DOCKER_TAG: 5.0.2
+          OCIS_DOCKER_TAG: 5.0.3
           OCIS_DOMAIN: ocis.ocis-wopi.released.owncloud.works
           COMPANION_DOMAIN: companion.ocis-wopi.released.owncloud.works
           COMPANION_IMAGE: owncloud/uppy-companion:3.12.13-owncloud