Merge pull request #4660 from wireapp/release_2025-07-11_14_25

Release 2025-07-11 - (expected chart version 5.18.0)

Author: akshaymankar

CHANGELOG.md

@@ -1,3 +1,86 @@
+# [2025-07-11] (Chart Release 5.18.0)
+
+## Release notes
+
+
+* charts/cannon: There is a new configuration value called
+  `config.notificationTTL`, this defaults to the same value as gundeck. If it is
+  overriden in gundeck, it must also be overriden in cannon. (#4631)
+
+
+## API changes
+
+
+* Finalize API version V9 (#4645)
+
+* Add the `TeamId` to the payload of `conversation.delete` events. The field's
+  path is `team`. (#4618)
+
+
+## Features
+
+
+* Allow team admin to query channel data (#4633, #4635)
+
+* Brig setting to en-/disable ephemeral user creation (#4630)
+
+* Allow team admin to remove members from a channel (#4620)
+
+* background-worker: New gauge metric `wire_background_worker_running_workers`,
+  contains label `worker` for each worker. Set to `1` when the worker is running,
+  set to `0` when the worker is not running. (#4652)
+
+* cannon: Replace message count mechanism with detecting the end of initial sync (#4631)
+
+* The /events websocket will close a connection when it detects client inactivity. The inactivity behaviour can be controlled by setting the cannon options `wsOpts.activityTimeout` and `wsOpts.pongTimeout`. After `wsOpts.activityTimeout` microseconds of client inactivity (including no pings), the server sends a ping, and waits for a corresponding pong for `wsOpts.pongTimeout` microseconds. If no pong is received within this time window, the connection is terminated. (#4636)
+
+
+## Bug fixes and other updates
+
+
+* Team name removed from team invitation email template (#4654)
+
+* gundeck: Send push notifications to clients with `consumable-notifications` capability (#4626)
+
+* Avoid returning duplicate user search results when handle matches exactly  (#4656)
+
+* background-worker/dead-user-notifs-watcher: Reconnect when connection with RabbitMQ is broken (#4652)
+
+* Generated Swagger docs differed from the ratified ones for versions up to V9
+  regarding the `get-all-registered-domains`
+  (`/teams/{teamId}/registered-domains`) endpoint: The `backend_url` became part
+  of the `backend` object which should be introduced with V10. As teams do not
+  set backend redirects this should not be seen in practice. (#4647)
+
+
+## Documentation
+
+
+* Add documentation on self-deleting messages and setting custom time-frames for operators (#4650)
+
+
+## Internal changes
+
+
+* Upgrade RabbitMQ to version 4.x locally and on CI (#4639)
+
+* No ack for `message_count` event (#4625)
+
+* More test on validation of scim-provisioned emails.  Cleanup of code and internal APIs. (#4617)
+
+* Fix false positive warning of members not being present in remote conversations. (#4644)
+
+* Updated email templates to v1.0.130 (#4648)
+
+* Updated email templates to v1.0.133 (#4655)
+
+* Limit the amount of unacknowledged messages the RabbitMQ notifications consumer
+  receives to `100`. Beyond this limit, received messages have to be acknowledged
+  to receive new ones.  This prevents overloading the consumer with new messages. (#4615)
+
+* Timestamps for failing integration tests. (#4638)
+
+
 # [2025-06-16] (Chart Release 5.17.0)
 
 ## Release notes
@@ -106,7 +189,7 @@
 ## API changes
 
 
-* From API version V9 on, the `POST /domain-verification/{domain}/backend` and
+* From API version V10 on, the `POST /domain-verification/{domain}/backend` and
   `POST /get-domain-registration` endpoints are adjusted to also carry the
   `webapp_url` in their payloads. The structure of these payloads changes as
   well: The former `backend_url` and the new `webapp_url` are now combined in one

Makefile

@@ -77,7 +77,7 @@ clean:
 clean-hint:
 	@echo -e "\n\n\n>>> PSA: if you get errors that are hard to explain,"
 	@echo -e ">>> try 'git submodule update --init --recursive' and 'make full-clean' and run your command again."
-	@echo -e ">>> see https://github.com/wireapp/wire-server/blob/develop/docs/developer/building.md#linker-errors-while-compiling"
+	@echo -e ">>> see https://github.com/wireapp/wire-server/blob/develop/docs/src/developer/developer/building.md#linker-errors-while-compiling"
 	@echo -e ">>> to never have to remember submodules again, try 'git config --global submodule.recurse true'"
 	@echo -e "\n\n\n"
 
@@ -151,8 +151,8 @@ devtest:
 # find . -name '*.hs' | entr -s 'make -C ~/src/wire-server c package=wire-subsystems test=1'
 .PHONY: devtest-package
 devtest-package:
-	@ghcid --command 'cabal repl test:$(package)-tests' --test='main' \
-	  || echo -e "\n\n\n*** usage: make devtest-package package=wire-subsystems.\n*** did you make sure the test-suite goal in the cabal file of your\n*** package follows the naming convention (see wire-subsystems)?\n\n"
+	@ghcid --command 'cabal repl $(package):tests lib:$(package)' --test='main' \
+	  || echo -e "\n\n\n*** usage: make devtest-package package=<package>.\n*** this works for wire-subsystems; for other packages, you may need to edit the cabal file.\n\n"
 
 .PHONY: sanitize-pr
 sanitize-pr: check-weed treefmt
@@ -444,7 +444,7 @@ libzauth:
 kube-integration:  kube-integration-setup kube-integration-test
 
 .PHONY: kube-integration-setup
-kube-integration-setup: charts-integration
+kube-integration-setup: charts-integration helm-oci-login
 	export NAMESPACE=$(NAMESPACE); export HELM_PARALLELISM=$(HELM_PARALLELISM); ./hack/bin/integration-setup-federation.sh
 
 .PHONY: kube-integration-test
@@ -468,6 +468,9 @@ kube-restart-%:
 	kubectl delete pod -n $(NAMESPACE) -l app=$(*)
 	kubectl delete pod -n $(NAMESPACE)-fed2 -l app=$(*)
 
+helm-oci-login:
+	./hack/bin/helm-oci-login.sh
+
 .PHONY: latest-tag
 latest-tag:
 	./hack/bin/find-latest-docker-tag.sh
@@ -540,7 +543,7 @@ upload-chart-%: release-chart-%
 	./hack/bin/upload-helm-charts-s3.sh -r $(HELM_REPO) -d .local/charts/$(*)
 
 # Usecases for this make target:
-# To uplaod all helm charts in the CHARTS_RELEASE list (see top of the time)
+# To upload all helm charts in the CHARTS_RELEASE list (see top of the time)
 # (assummption: CI sets DOCKER_TAG and HELM_SEMVER)
 .PHONY: upload-charts
 upload-charts: charts-release
@@ -626,7 +629,7 @@ kind-restart-%: .local/kind-kubeconfig
 	kubectl delete pod -n $(NAMESPACE)-fed2 -l app=$(*)
 
 # This target can be used to template a helm chart with values filled in from
-# hack/helm_vars (what CI uses) as overrrides, if available. This allows debugging helm
+# hack/helm_vars (what CI uses) as overrides, if available. This allows debugging helm
 # templating issues without actually installing anything, and without needing
 # access to a kubernetes cluster. e.g.:
 #   make helm-template-wire-server

charts/brig/templates/configmap.yaml

@@ -388,5 +388,6 @@ data:
       setAuditLogEmailRecipient: {{ .setAuditLogEmailRecipient }}
       {{- end }}
       setChallengeTTL: {{ or .setChallengeTTL 172800 }}
+      setEphemeralUserCreationEnabled: {{ .setEphemeralUserCreationEnabled }}
     {{- end }}
   {{- end }}

charts/brig/values.yaml

@@ -80,7 +80,7 @@ config:
     #   key: <ca-attribute>
 
   # Postgres connection settings
-  # 
+  #
   # Values are described in https://www.postgresql.org/docs/17/libpq-connect.html#LIBPQ-PARAMKEYWORDS
   # To set the password via a brig secret see `secrets.pgPassword`.
   #
@@ -189,6 +189,7 @@ config:
       ipAddressExceptions: []
       maxRateLimitedKeys: 100000 # Estimated memory usage: 4 MB
     # setAuditLogEmailRecipient: [email protected]
+    setEphemeralUserCreationEnabled: true
 
   smtp:
     passwordFile: /etc/wire/brig/secrets/smtp-password.txt

charts/cannon/templates/configmap.yaml

@@ -36,12 +36,16 @@ data:
       {{- end }}
     {{- end }}
 
+    rabbitMqMaxConnections: {{ .config.rabbitMqMaxConnections }}
+    rabbitMqMaxChannels: {{ .config.rabbitMqMaxChannels }}
+
     drainOpts:
       gracePeriodSeconds: {{ .config.drainOpts.gracePeriodSeconds }}
       millisecondsBetweenBatches: {{ .config.drainOpts.millisecondsBetweenBatches }}
       minBatchSize: {{ .config.drainOpts.minBatchSize }}
 
     disabledAPIVersions: {{ toJson .config.disabledAPIVersions }}
+    notificationTTL: {{ .config.notificationTTL }}
   {{- end }}
 
 

charts/cannon/values.yaml

@@ -17,6 +17,8 @@ config:
     vHost: /
     enableTls: false
     insecureSkipVerifyTls: false
+  rabbitMqMaxConnections: 1000
+  rabbitMqMaxChannels: 300
   cassandra:
     host: aws-cassandra
     # To enable TLS provide a CA:
@@ -37,6 +39,11 @@ config:
     millisecondsBetweenBatches: 50
     minBatchSize: 20
 
+  # TTL of stored notifications in Seconds. After this period, notifications
+  # will be deleted and thus not delivered.
+  # The default is 28 days.
+  notificationTTL: 2419200
+
   # Disable one ore more API versions. Please make sure the configuration value is the same in all these charts:
   # brig, cannon, cargohold, galley, gundeck, proxy, spar.
   disabledAPIVersions: [ development ]

charts/galley/values.yaml

@@ -148,7 +148,7 @@ config:
           status: disabled
       sso: disabled-by-default
       teamSearchVisibility: disabled-by-default
-      validateSAMLemails:
+      validateSAMLEmails:
         defaults:
           status: enabled
       outlookCalIntegration:

charts/nginz/values.yaml

@@ -153,7 +153,6 @@ nginx_conf:
       - all
       max_body_size: "0"
       disable_request_buffering: true
-      doc: true
     - path: /bot/assets
       envs:
       - all
@@ -170,12 +169,10 @@ nginx_conf:
       envs:
       - all
       use_websockets: true
-      doc: true
     - path: /events
       envs:
       - all
       use_websockets: true
-      doc: true
     brig:
     - path: /api-version
       envs:
@@ -185,11 +182,9 @@ nginx_conf:
     - path: /users
       envs:
       - all
-      doc: true
     - path: /handles
       envs:
       - all
-      doc: true
     - path: /list-users
       envs:
       - all
@@ -581,12 +576,10 @@ nginx_conf:
     - path: /conversations$
       envs:
       - all
-      doc: true
       oauth_scope: conversations
     - path: /conversations/([^/]*)/code
       envs:
       - all
-      doc: true
       oauth_scope: conversations_code
     - path: /conversations/join
       envs:
@@ -596,7 +589,6 @@ nginx_conf:
     - path: /conversations
       envs:
       - all
-      doc: true
     - path: /legalhold/conversations/(.*)
       envs:
       - all
@@ -701,13 +693,15 @@ nginx_conf:
     - path: /push
       envs:
       - all
-      doc: true
     - path: /presences
       envs:
       - all
     - path: /notifications
       envs:
       - all
+    - path: /time
+      envs:
+      - all
     spar:
     - path: /identity-providers
       envs:
@@ -764,7 +758,6 @@ nginx_conf:
     - path: /proxy
       envs:
       - all
-      doc: true
     ibis:
     - path: /billing
       envs:

deploy/dockerephemeral/docker-compose.yaml

@@ -318,7 +318,7 @@ services:
 
   rabbitmq:
     container_name: rabbitmq
-    image: rabbitmq:3.13.7-management-alpine
+    image: rabbitmq:4.1.1-management-alpine
     environment:
       - RABBITMQ_USERNAME
       - RABBITMQ_PASSWORD