chore(release): 1.3.0 [skip ci]

# [1.3.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.2.1...v1.3.0) (2025-04-22)

### Bug Fixes

* **helmfile:** Fix Kyverno lint issues for EE components ([46b3834](46b38342d3))
* **helmfile:** Remove no longer used `secrets.nubus.defaultAccounts.*` ([6e6d155](6e6d15552e))
* **helmfile:** Support for Keycloak session settings via `functional.authentication.realmSettings.*` ([3fcfa00](3fcfa00503))
* **migrations:** Optional delete of `ums-minio-rewrites` Ingress, as it is non-existing in deployments with external object storage ([6932953](693295391b))
* **ox-connector:** Update to v0.19.0 ([fe664a7](fe664a7f8d))
* **xwiki:** Update Helm chart to v1.4.4 to fix the problem with XWiki not starting when secrets contained specific (XML interpreted) characters ([67a1df0](67a1df0f80))

### Features

* **collabora:** Update to 24.04.13 ([8f12208](8f12208074))
* **helmfile:** Add template support for annotations ([9cde57d](9cde57d74b))
* **helmfile:** Support for SSO federation; see `ssoFederation` section in `functional.yaml.gotmpl` for details ([79975a5](79975a58e3))
* **nubus:** Show openDesk version to all users (instead of admin users only) ([393ee31](393ee31163))
* **nubus:** Update to 1.8.0 ([90c49f6](90c49f6f83))
* **openproject:** Update to 15.5.0 ([7f1cfc5](7f1cfc5555))

CHANGELOG.md

@@ -1,3 +1,25 @@
+# [1.3.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.2.1...v1.3.0) (2025-04-22)
+
+
+### Bug Fixes
+
+* **helmfile:** Fix Kyverno lint issues for EE components ([46b3834](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/46b38342d3cb6789e1734cd6eba412bc726c834b))
+* **helmfile:** Remove no longer used `secrets.nubus.defaultAccounts.*` ([6e6d155](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/6e6d15552e87a77870755db3b48f2af686916c1f))
+* **helmfile:** Support for Keycloak session settings via `functional.authentication.realmSettings.*` ([3fcfa00](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/3fcfa00503854f752a3885321b16b3f3597cb09a))
+* **migrations:** Optional delete of `ums-minio-rewrites` Ingress, as it is non-existing in deployments with external object storage ([6932953](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/693295391bb02892b537a48513c9e0c2824ed466))
+* **ox-connector:** Update to v0.19.0 ([fe664a7](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/fe664a7f8d696fea53b6abadec5a0cb5db751f43))
+* **xwiki:** Update Helm chart to v1.4.4 to fix the problem with XWiki not starting when secrets contained specific (XML interpreted) characters ([67a1df0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/67a1df0f80dc598287174a8dd6bda3f477227f0d))
+
+
+### Features
+
+* **collabora:** Update to 24.04.13 ([8f12208](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/8f12208074b2947ec65ebc3c21920d4f775e0c6e))
+* **helmfile:** Add template support for annotations ([9cde57d](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/9cde57d74b8cfdd09e4f6b82cf45f1b1a686e035))
+* **helmfile:** Support for SSO federation; see `ssoFederation` section in `functional.yaml.gotmpl` for details ([79975a5](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/79975a58e3a4f50e59d1d790045c22a32ab49372))
+* **nubus:** Show openDesk version to all users (instead of admin users only) ([393ee31](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/393ee311630630fd1aae8354ead90bcaaf5e4dba))
+* **nubus:** Update to 1.8.0 ([90c49f6](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/90c49f6f83df0b34b86c17164eaa4e137d0cd9be))
+* **openproject:** Update to 15.5.0 ([7f1cfc5](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/7f1cfc55551f608603e0401dfef24bbb9cc334e5))
+
 ## [1.2.1](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.2.0...v1.2.1) (2025-03-28)
 
 

docs/security-context.md

@@ -100,6 +100,7 @@ containerSecurityContext:
     type: "RuntimeDefault"
 ```
 
+
 or
 
 ```yaml
@@ -111,7 +112,7 @@ containerSecurityContext:
 ## readOnlyRootFilesystem
 
 
-Containers should have immutable file systems, so that attackers can not modify application code or download malicious code.
+Containers should have an immutable file systems, so that attackers can not modify application code or download malicious code.
 
 ```yaml
 containerSecurityContext:
@@ -146,7 +147,7 @@ This list gives you an overview of templated security settings and if they compl
 
 | process | status | allowPrivilegeEscalation | privileged | readOnlyRootFilesystem | runAsNonRoot | runAsUser | runAsGroup | seccompProfile | capabilities |
 | ------- | ------ | ------------------------ | ---------- | ---------------------- | ------------ | --------- | ---------- | -------------- | ------------ |
-| **collabora**/collabora-online | :x: | yes | no | no | yes | 100 | 101 | yes | no ["CHOWN","FOWNER","SYS_CHROOT"] |
+| **collabora**/collabora-online | :x: | yes | no | no | yes | 1001 | 1001 | yes | no ["CHOWN","FOWNER","SYS_CHROOT"] |
 | **cryptpad**/cryptpad | :x: | no | no | no | yes | 4001 | 4001 | yes | yes |
 | **element**/matrix-neoboard-widget | :white_check_mark: | no | no | yes | yes | 101 | 101 | yes | yes |
 | **element**/matrix-neochoice-widget | :white_check_mark: | no | no | yes | yes | 101 | 101 | yes | yes |