2025-02-07 (Chart Release 5.11.0)

API changes

• New endpoints for domain registration and verification (#4389, #4422, #4433, #4434, #4438)

  • POST /domain-verification/:domain/team
  • POST /domain-verification/:domain/backend
  • POST /domain-verification/:domain/challenges
  • POST /domain-verification/:domain/challenges/:challengeId
  • POST /domain-verification/:domain/authorize-team
  • POST /get-domain-registration
  • GET /teams/:tid/registered-domains
  • DELETE /teams/:tid/registered-domains/:domain

• Deprecated API endpoints were removed from API version V8. (#4407)

• Add a flag to the response body of POST /get-domain-registration to indicate
  whether domain_redirect is set to none due to the existence of a registered
  account. This makes it possible for clients to let a user log in with an
  existing cloud account even if a redirection to an on-prem backend is set up
  for their domain. (#4441)

Features

• Team feature config for domain registration (#4429)

Bug fixes and other updates

• Fix 503 on user registration when the enterprise service is disabled (#4421)

• Fix 503 on team invitation when wire-server-enterprise is disabled (#4439)

• Fix bug in nginz: /consent/<foo> requests not correctly forwarded to galeb. (#4376)

• MLS: when recreating external (backend) proposals, these are now propagated to
  the clients only after the corresponding external commit has been forwarded to
  the clients. (#4412)

• MLS group info is now saved with the commit lock held. This prevents a bug where group info on a later commit was overwritten by an earlier group info, leading to out-of-sync MLS state between backends and clients. (#4436)

Internal changes

• Internal spar endpoint to retrieve the team's identity providers (#4417)

• Adjust existing onboarding flow to new domain registration constraints.

  Endpoints:

  • POST /teams/{id}/invitations
  • POST /register (#4409)

• federator: Install signal handlers for SIGINT and SIGTERM, close sockets when receiving these signals (#4398)

• /i/index/refresh now uses the correct URL for additional indices. Thus, the
  refreshed indices can reside on different ElasticSearch instances. This
  endpoint is exclusively called from tests. (#4413)

• Test single consumer behaviour of notifications (#4443)

2025-01-28 (Chart Release 5.10.0)

Release notes

This is a hotfix release to re-enable adding and removing bots to conversations. (#4424, #4425, #4426)

2024-12-30 (Chart Release 5.9.0)

Release notes

• POST /scim/auth-token request body allows you to choose an IdP UUID to associate with. If none is given, do not associate.

  WARNING: the new behavior differs from the old one when first creating a unique SAML IdP and then the SCIM token: before this release, this request would associate the two, now it doesn't. (#4349)

• We changed the default MLS cipher suite from

  • MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519

  to

  • MLS_128_DHKEMP256_AES128GCM_SHA256_P256

  and the allowed MLS cipher suites from only

  • MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519

  to only

  • MLS_128_DHKEMP256_AES128GCM_SHA256_P256.

  ATTENTION: This breaks your MLS clients if they used the previous defaults before. This is even true if you allow several cipher suites, since current MLS clients only support one cipher suite at a time.

  Adjust the defaults in the server configuration to switch the values of defaultCipherSuite and allowedCipherSuites back to the previous defaults, 1 and [1], respectively. Once MLS clients support several cipher suites, you could even use [1,2] or a list of other cipher suites in allowedCipherSuites. Make sure that this list contains the currently used cipher suite! (#4373)

• This release contains a new Git submodule: wire-server-enterprise. This module represents a service which contains all non-open-source features. Wire can still be deployed and run without this service. Building it without wire-server-enterprise is currently not documented, but Wire will keep providing the artefacts.

  The service can be deployed with a dedicated Helm chart (charts/wire-server-enterprise.) The required service image is not freely available (the registry is password protected.) (#4357)

API changes

• The client_id query parameter of the GET /events endpoint is now optional. When not provided, events are returned from a temporary queue that's not bound to any specific client. The queue is deleted when the websocket disconnects. (#4360)

Features

• You can now create both multiple SCIM peers and multiple SAML IdPs, and freely associate them with each other (team management app implementation pending). (#4349)

• Internal API and backoffice support for managing email domains for enterprise login (#4364)

Bug fixes and other updates

• Fix gzip filter failed to use preallocated memory alerts in nginz by upgrading (#4365)

• Send team active event in personal user to team flow (#4380)

• Add profile name to new team owner welcome mail (#4378)

Internal changes

• Delete federation V0 and V1 queues after integration tests (#4374)

• Stabilize index migration tests by fixing a race on index names. (#4382)

• Adjust the existing Ormolu script to format the wire-server-enterprise submodule
  as well. (#4377)

• Revive and translate old integration test (#4387, #4386)

• Translate integration test to new suite. (#4384)

2024-12-11 (Chart Release 5.8.0)

Release notes

• [RabbitMQ events] Notifications are now also sent via RabbitMQ. Therefore RabbitMQ is now a required dependency for Cannon and Gundeck. Cassandra is now a required dependency for Cannon and Background-Worker. Both of them need access to the Gundeck keyspace. These are breaking changes for Charts. (#4272, #4358, #4340)

• If brig's server values config has the field emailSMS.team, the correct value for the personal user to team invitation URL must be set under emailSMS.team.tExistingUserInvitationUrl. Otherwise the URL will point to a path under the account pages and therefore a value for externalUrls.accountPages is required. (#4341)

API changes

• The endpoint POST /teams/:tid/invitations gained a new optional field allow_existing, which controls whether an existing personal user should be invited to the team (#4336)

Features

• Welcome email for new team owner. (#4333)

• Added inviter's email to GET /teams/invitation/info endpoint. (#4332)

Bug fixes and other updates

• Updated nginz config for personal user to team flow (#4334)

• Freeze API version 7, create new dev version 8. Also update checklist. (#4356, #4356)

• Fixed config for personal user to team invitation URL template. (#4341)

• Fixed search index after personal user creates team (#4362)

Documentation

• Add a few more swagger descriptions and examples. (#4323)

Internal changes

• charts/wire-server-enterprise is a Helm chart to run the wire-server-enterprise
  service. This service can only be deployed with an image pull secret (the
  registry is not open to public.) (#4359)

• [Polysemy] Move email update and remove operations to effects (#4316, #4316)

• Log uncaught IO exceptions in cargohold (#4352)

• Updated email templates to v1.0.124 (#4328)

• charts/galley: Make missing mls keys a templating error. Update MLS docs. (#4369)

• [RabbitMQ events] New endpoint GET /events for consuming events is added (in API V8).

  • When a client misses notifications because it was offline for too long, it needs to know this information so it can do a full synchronisation. This appears as the first notification in GET /events endpoint whenever the system detects this happening. The next acknowledgement of the message makes this notification not appear anymore until the next notification is missed. (#4272)
  • New internal endpoint POST /i/users/:uid/clients/:cid/consumable-notifications is added (#4272)
  • Connection pooling in cannon (#4348)
  • Add consumers to the draining step on Cannon, in case of termination. (#4342)
  • List queues more efficiently. (#4351)

2024-11-04 (Chart Release 5.7.0)

Bug fixes and other updates

• galley: Use bulk query when getting all feature configs for a team user (#4325)

Internal changes

• Block access to assets.*/minio/ path for public access. (#4297)
• galley: Delete unused endpoint for getting feature status for multiple teams (#4326)
• Fix shellcheck problems in all shell scripts (#4220)

2024-10-30 (Chart Release 5.6.0)

Release notes

• To remove phone keys from brig's user_keys table an ad hoc data-migration can be run. See PR #4146 which contains the implementation. (#4130)

• Because the phone column is deleted from Brig's user table in a schema
  migration, temporarily there might be 5xx errors during deployment if Wire
  server 5.4.0 was not deployed previously. To avoid these errors, please deploy
  the Wire server 5.4.0 release first. (#4130)

• With this release it will be possible to invite personal users to teams. In brig's config, emailSMS.team.tExistingUserInvitationUrl is required to be set to a value that points to the correct teams/account page.
  If emailSMS.team is not defined at all in the current environment, the value of externalUrls.teamSettings (or, if not present, externalUrls.nginz) will be used to construct the correct url, and no configuration change is necessary. (#4229)

• charts/wire-server: There is a new config value called background-worker.config.enableFederation which defaults to false. This must be kept in sync with tags.federation. (#4243)

• If you are mapping an email address to the externalId field in the
  scim schema, please check the following list for items that apply to
  you and recommended steps before/during/after upgrade.

  • Situation: the emails field of in your scim user records is
    empty.

    What you need to do: change your schema mapping to contain the
    same address in externalId and (as a record with one element) in
    emails.

  • Situation: the emails field of your scim user records is
    non-empty.

    What you need to do: make sure emails contains exactly one
    entry, which is the email from externalId. If there is a
    discrepancy, the address from emails will become the new
    (unvalidated) address of the user, and the user will receive an
    email to validate it. If the email cannot be sent or is ignored
    by the recipient, the valid address will not be changed. (#4221)

• A schema migration drops column 'phone' from Brig's 'team_invitation' table. Previous releases were still reading this column. As there is no Team Settings UI action to enter a phone number, this reading will not miss to read actual phone numbers. Therefore, during deployment this will lead to benign 5xx errors. (#4149)

• Password hashing can now be done using argon2id instead of scrypt. The argon2id parameters can be configured using these options:

  brig:
    optSettings:
      setPasswordHashingOptions:
        algorithm: argon2id
        iterations: ...
        memory: ... # memory needed in KiB
        parallelism: ...
  galley:
    settings:
      passwordHashingOptions:
        algorithm: argon2id
        iterations: ...
        memory: ... # memory needed in KiB
        parallelism: ...

  The default option is still to use scrypt as moving to argon2id might require
  allocating more resources according to configured parameters.

  When configured to use argon2id, the DB will be migrated slowly over time as the
  users enter their passwords (either to login or to do other operations which
  require explicit password entry). This migration is NOT done in reverse,
  i.e., if a deployment started with argon2id as the algorithm then chose to move
  to scrypt, the passwords will not get rehashed automatically, instead the users
  will have to reset their passwords if that is desired.

  NOTE It is highly recommended to move to argon2id as it will be made the
  only available choice for the algorithm config option in future.

  (#4291, #4291)

• Config value gundeck.config.bulkPush has been removed. This is purely an
  internal change, in case the value was overriden to false, operators might see
  more spiky usage of CPU and memory from gundeck due to bulk processing. (#4290)

API changes

• A new endpoint POST /teams/invitations/accept allows a non-team user to accept an invitation to join a team (#4229)

• Services allowlist are blocked by 409 (mls-services-not-allowed) for teams with default protocol MLS. (#4266)

• The POST /clients and PUT /clients/:cid endpoints support a new capability "consume-notifications" (#4259)

• New variant in API version 7 of endpoints for creating and listing SCIM tokens that support a name field. New endpoint in version 7 for updating a SCIM token name. (#4307)

• All the phone number-based functionality is removed from the client API v6 (#4149)

• The team CSV export endpoint has gained two extra columns: last_active and status. The streaming behaviour has also been improved. (#4293)

• The changes to the capabilities field of the Client structure, introduced in v6, have now been postponed to v7 (#4179)

• Finalise version 6 and introduce new development version 7 (#4179, #4179)

• From API version 7 the GET /mls/public-key and GET /conversations/one2one/:domain/:uid endpoints now take a format query parameter which can be either raw (default, for raw base64-encoded keys) or jwk (for JWK keys) (#4216, #4224)

• GET /conversations/one2one/:domain/:uid now returns public_keys along with the conversation containing all MLS public keys for the backend which will host this conversation (since v6). (#4224)

• Remove the ability to set the TTL of a feature flag. Existing TTLs are still retrieved and returned as before. Note that this only applies to the conferenceCalling feature, as none of the others supported TTL anyway. (#4164)

• Add useSFTForOneToOneCalls as a config option for the Conference Calling feature flag and make its lock status explicit. (#4164)

• Add endpoint to upgrade a personal user to a team owner (#4251)

Features

• DB migration for dropping phone column from user table (#4130)

• A text status field was added to user and user profile (#4155)

• Allow an existing non-team user to migrate to a team (#4229, #4268, #4315)

• Makes it impossible for a user to join an MLS conversation while already under legalhold (at least pending)

  This implies two things:

  1. If a user is under legalhold they cannot ever join an MLS conversation, not even an MLS self conversation.
  2. A user has to reject to be put under legalhold when they want to join an MLS conversation (ignoring the request to be put under legalhold is not enough). (#4242)

• Email template for inviting a personal user to a team added (#4310)

• Clients can declare to be supporting a capability for consuming notifications (#4259)

• New endpoint to revoke an OAuth session (#4213)

• Adds a field which contains a list of all active sessions to each OAuth application in the response of GET /oauth/applications (#4211)

• SCIM's emails field is now handled and the external ID is not restricted to being an email anymore (#4221)

• Added human readable names for SCIM tokens (#4307)

• allow subconversations for MLS 1-1 conversations (#4133)

• Allow choosing hashing algorithm and configuring argon2id parameters (#4291, #4291)

• Deny requests for a legalhold device for users who are part of any MLS conversations (#4245)

• Allow setting of Kubernetes annotations for the coturn Service. (#4189)

• Add initialConfig setting for the mls feature flag (#4262)

• Add federationProtocols setting to galley, which can be used to disable the creation of federated conversations with a given protocol (#4278)

• added open telemetry instrumentation for brig, galley, gundeck and cannon (#3901)

• Send confirmation email after adding a personal user to a new team (#4253)

• The SFT and turn usernames returned by /calls/config/v2 are now deterministically computed from the user ID (#4156)

• Use latest stable RabbitMQ version (3.13.7) and Helm chart (14.6.9). Please
  note that this minor RabbitMQ version upgrade (3.11.x to 3.13.x) may need
  special treatment regarding existing RabbitMQ instances. See
  https://www.rabbitmq.com/docs/upgrade#rabbitmq-version-upgradability . The major
  Helm chart version upgrade may (depending on your setup/values) need attention
  as well: https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq#upgrading (#4227)

Bug fixes and other updates

• Fixed API version check. It has now precedence over other checks like e.g. method check. (#4152)

• Fix handling of defaults of mlsE2EID feature config (#4233)

• Match cipher suite tag in query parameters against key packages on replacing key packages (#4158)

• Users with SAML-SSO are allowed to delete their email address on the rest api. If they do that, the search indices are not updated correctly, and finding the user by the removed email address is still possible. (#4260)

• Re-add accidentally removed add-bot@v6 route in nginz, fixes #4302 (#4318)

• Exclude exception message from error response (#4153)

• Return HTTP 400 instead of 500 when property key is not printable ASCII (#4148)

• move cipher suite updates into the commit lock (#4151)

• Fix feature flag default calculation for mlsMigration and enforceFileDownloadLocation (#4265)

• Allow setting existing properties even if we have max properties (#4148)

• removed spam from nginx (nginz) by using the new style http/2 directive (#3901)

• brig: Make GET /services/tags work again (#4250)

• Process bounce and complaint notifications from SES correctly. (#4301)

Documentation

• Call graph of federated endpoints was removed from the docs (#4299)

• Restored LegalHold internal API swagger as part of Brig. (#4191)

• Fix: show openapi docs for blocked versions (#4309)

• Move docs from docs.wire.com to generated helper page served by brig (#4311)

• Deleted proteus-specific test documentation tags and added some new ...

2024-07-09 (Chart Release 5.5.0)

Bug fixes and other updates

• Fix names of metrics so they do not contain any dots (#4134)

2024-07-08 (Chart Release 5.4.0)

• Phone registration and login is not supported anymore. All API endpoints dealing with phone numbers and phone activation codes now fail with a 400 error. Brig options related to phone number support have now been deleted, namely:
  • setTwilio
  • setNexmo
  • setAllowlistPhonePrefixes. (#4045)

API changes

• Internal API endpoints related to phone numbers have been removed.

  In brig:

  • iGetPhonePrefix
  • iDeletePhonePrefix
  • iPostPhonePrefix.

  In stern:

  • get-users-by-phone
  • put-phone. (#4045)

Features

• charts/coturn: support putting coturn into 'drain' mode when terminating pods, denying new incoming client connections. This speeds up graceful coturn restarts significantly. (#4098)

• Set SFT usernames's shared field according to team settings (#4117)

• Updated the mlsE2EId feature config with two additional fields crlProxy and useProxyOnMobile (#4051)

• reject MLS messages for future epochs (#4110)

• Introduce more configuration options to the coturn helm chart (#4083)

• Update email templates to v1.0.121. (#4064)

• Support connecting to RabbitMQ over TLS. See "Configure RabbitMQ" section in the documentation for details. (#4094)

• Support connecting to Redis over TLS

  It can be enabled by setting these options on the wire-server helm chart:

  gundeck:
    config:
      redis:
        enableTls: true
  
        # When custom CAs are required, one of these must be set:
        tlsCa: <PEM encoded CA certificates>
        tlsCaSecretRef:
          name: <Name of the secret>
          key: <Key in the secret containing pem encoded CA Cert>
  
        # When TLS needs to be used without verification:
        insecureSkipVerifyTls: true

  (#4016)

Bug fixes and other updates

• fixed stern endpoint /i/users/meta-info (#4101)

• Log password reset errors instead of propagating them (#4114)

• Log request ids in brig. (#4086)

• Do not set update origin "scim" in public brig api. (#4072)

• Disabling legalhold before user's approval doesn't result in an error (#4104)

• Make scim-delete-user idempotent. Hide information about existing users (make delete idempotent) (#4120)

• Expose /providers/assets via nginz (#4082)

• federator: Expect a client certificate to be the certificate chain

  Without this openssl doesn't forward to whole chain causing mTLS to not succeed. (#4089)

• Only resend proposals once after external commit (#4103)

• gundeck: Better tolerance for redis-cluster restarts (#4084)

• GHC does not support repeated --with-rtsopts options, and it simply applies the last one. This means many of the baked-in options were actually not being passed, including -N for some of the services and -T for cannon. (#4118)

• Ensure that a Request ID is logged whenever unexpected errors are caught in any service (#4059)

• charts/coturn: use allowed dir to write PID file (#4098)

• Make pending LH requests (with no LH devices listening yet) not throw LH policy errors. This helps eg. in cases where a LH request is issued to the wrong user by accident, and the user can clear up the mistake. (#4056)

Documentation

• Adjust documentation for migrated helm charts (#4058)

Internal changes

• Adapt EJPD data to current requirements. (#3945)

• Port team feature tests to the integration package (#4063)

• Ported flaky legalhold test to the new integration test suite (#4057)

• Added profile update operations to the user subsystem. (#4046)

• Introduce authentication subsystem with password reset. (#4086)

• update nixpkgs and hence GHC version as well as some other tooling. (#4071)

• nginz: Added allowlisted_fqdn_origins to nginx_conf value (#4087)

• Add weeder for dead code elimination. (#4088)

• Introduce email subsystem (#4111)

• replace cabal.project.local template and update cabal.project (#4119)

• Add HTTP proxy in the local setup for elasticsearch in federation-v0. This makes it possible to use a single elasticsearch instance for both the main backends and federation-v0. (#4062)

• federator: Add metrics for garbage collections and unexpected errors that were caught (#4085)

• federator: Simplify polysemy setup to make it similar to other services so the
  interpreter is only used for hoisting the servant application and not explicitly
  inside handler of an endpoint (#4059)

• Added prometheus enable and datacenter size variables for k8ssandra-test-cluster helm chart. (#4011)

• Make Handle type abstract to guarantee it always contains valid Handles. (#4076)

• metrics-core: Delete Data.Metrics in favour of defining metrics closer to where they are being emitted (#4085)

• add more metadata into the meta attribute of all nix derivations produced locally (#4069)

• Do not log anything when warp kills a worker thread. (#4112)

• Introduce VerificationCodSubsystem (#4121)

• add tests for bots that use self-signed certs and add documentation on why we cannot test the bots to work with PKI (#4027)

2024-05-21 (Chart Release 5.3.0)

API changes

• /mls/keys use JWK instead of bare keys as MLS removal keys (#3548)

• The cipher_suite field is not present anymore in objects corresponding to newly created conversations (#4009)

Features

• Upgrade rusty-jwt-tools to support ecdsa_secp256r1_sha256 (#4035)

• gundeck: Delete all APNS_VOIP and APNS_VOIP_SANDBOX push tokens (#4044)

Bug fixes and other updates

• gundeck: Fix parsing errors for SNS ARN for VOIP Tokens (#4040)

• Fix hardcoded ciphersuite when switching to mixed (#4048)

Internal changes

• Add tool to determine number of phone-only users (#4024)

• Log federator request ID on exceptions (#4037)

• Update mls-test-cli to version 0.12 (#4039)

• Remove inbucket helm chart. (#4032)

• Finish servantifying galley and remove wai-routing dependency (#4018)

• New subsystem for user management. (#3977)

• Clean up syntax of test cases that occur in BSI audit. (#4041)

2024-04-29 (Chart Release 5.2.0)

Important: Do not upgrade

If you're upgrading to this version, if there were users using the APNS_VOIP tokens this will cause issues with notifications to those users.

Bug fixes and other updates

• charts/brig: Fix template for settings ES CA certs (#4022)