# [1.10.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.9.0...v1.10.0) (2025-11-24)
### Bug Fixes
* **collabora:** Update Controller to 1.1.6 incl. Helm chart update to 1.1.10 ([d25c95f](d25c95f06b))
* **collabora:** Update from 25.04.5 to 25.04.6 ([8de0f5d](8de0f5de72))
* **external-services:** Create `nubus_authsession` database ([ec72602](ec72602cdd))
* **helmfile:** Enable verification for XWiki Helm chart ([5104793](51047936de))
* **helmfile:** Streamline annotations ([7aa717c](7aa717c050))
* **nubus:** Remove legacy `UMC` Keycloak client that was used for SAML connection with the Nubus portal ([152221f](152221fa79))
* **open-xchange:** Only enable `smtpSASLAuthEnable` when `relayHost` is set ([70bbbf3](70bbbf311f))
* **open-xchange:** Optimize Dovecot Pro full-text search caches; review `migrations.md` for required upgrade steps ([f3f707c](f3f707c9ee))
* **open-xchange:** Template SASL security options ([684c6d4](684c6d4f29))
* **open-xchange:** Update Dovecot configuration based on supplier's best practise review ([850761e](850761e047))
* **opendesk-static-files:** [[#260](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/issues/260)] Fix doublette creation of configmap `data` keys when the same file is referenced multiple times for a component ([b5a76be](b5a76bea57))
* **openproject:** Update from 16.1.0 to 16.1.1 ([62fae99](62fae9976a))
* **xwiki:** Update XWiki from 17.4.4 to 17.4.7 ([02a3b77](02a3b77114))
### Features
* **jitsi:** Update from 2.0.10431 to 2.0.10590 ([f5aad1f](f5aad1fa47))
* **nubus:** Update from v1.14.0 to v1.15.2 ([12379d6](12379d67e0))
* **open-xchange:** Support for LDAP group based mailing lists ([cc94f0c](cc94f0c66d))
* **openproject:** Update OpenProject from 16.5.1 to 16.6.0 ([19438c0](19438c0281))
# [1.9.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.8.0...v1.9.0) (2025-11-07)
### Bug Fixes
* **collabora:** Update from 25.04.4.3.1 to 25.04.5.3.1 ([e0128e6](e0128e6ccf))
* **element:** Increase message and media rate limits ([13968a8](13968a8133))
* **element:** Update favicon to use PNG version ([f8104f6](f8104f6358))
* **element:** Update Synapse from v1.137.0 to v1.141.0; fixes https://github.com/element-hq/synapse/security/advisories/GHSA-fh66-fcv5-jjfr which applies to all openDesk deployments using Element/Matrix with federation enabled ([02d3021](02d3021c4b))
* **element:** Update widgets primary color theme settings ([94394a1](94394a1e3e))
* **gitlab:** Add issue templates ([26da7e3](26da7e3667))
* **helmfile:** Support setting the `defaultLanguage` - relevant for OX App Suite and XWiki - in `functional.yaml.gotmpl` ([24065db](24065dbc70))
* **helmfile:** Use passwords defined in `database.yaml.gotmpl` for Cassandra when available ([0268219](026821996a))
* **notes:** Fix python path for self signed certs ([c4279d1](c4279d11bb))
* **notes:** Fix repeated redirects on expired session; Remove fetching of external assets ([c1012f4](c1012f4e65))
* **open-xchange:** Don't enable sasl auth when no relay host is set ([ff3b221](ff3b221870))
* **open-xchange:** Enable and configure defaults for ContactCollector, remove legacy config artifacts ([465f60d](465f60d4a2))
* **open-xchange:** Use masterpassword for mailfilter in migration Pods; use PLAIN instead of OAuth for SASL ([484dfaf](484dfafe64))
* **ox-connector:** Use FQDN for internal service URLs ([8593d5f](8593d5f2bd))
### Features
* **helmfile:** Add toggle for external mail client onboarding and allow non-default FQDNs for IMAP and SMTP endpoints ([25a97ab](25a97abba6))
* **open-xchange:** Enable XRechnung in Viewer ([08e6ec5](08e6ec59d2))
* **openproject:** Update from 16.4.1 to 16.5.1 ([74cf2ee](74cf2ee0d8))
# [1.8.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.7.1...v1.8.0) (2025-09-25)
### Bug Fixes
* **clamav:** [bmi/opendesk/deployment/opendesk[#234](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/issues/234)] Update Helm chart to support conditional proxy credentials ([dee7525](dee7525649))
* **element:** Let Synapse create room `v12` by default; review `migrations.md` for details ([af9d4cd](af9d4cda6c))
* **helmfile:** Add more detailed descriptions on `functional.authentication.realmSettings` and provide two `accessCodeLifespan*` options ([0314a70](0314a7076a))
* **helmfile:** Do not set portal "Support" link by default ([776fe92](776fe92ae1))
* **intercom-service:** Update from v2.19.0 to v2.19.5 ([3305dfa](3305dfa5fb))
* **jitsi:** [bmi/opendesk/deployment/opendesk[#228](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/issues/228)] Turn off Gravatar option, by default this still keeps the input field in the Jitsi UI, but does not longer issue requests to gravatar.com; check `migrations.md` in case the option should be enabled ([083fa98](083fa9842d))
* **nextcloud:** App "Spreed" and core app "Comments" not enabled by default; review `migrations.md` for potential upgrade steps ([31d35b2](31d35b25c6))
* **nextcloud:** Update from 31.0.6 to 31.0.7 including the latest app versions ([f848b9a](f848b9a0f4))
* **open-xchange:** Add client onboarding for mail ([d8fc3e0](d8fc3e04f5))
* **open-xchange:** Set guest mode to inherit theming and set theme for notification mail button ([f2ce251](f2ce25193a))
* **open-xchange:** Switch off Element integration when `apps.element.enabled: [secure]` ([7a2dbc5](7a2dbc5f8c))
* **open-xchange:** Update Dovecot charts with improved auth cache defaults ([836d8a4](836d8a494d))
* **opendesk-certificates:** [bmi/opendesk/deployment/opendesk[#236](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/issues/236)] Update Helm chart to add `commonName` to certificate ([2e708a7](2e708a75b6))
* **openproject:** [bmi/opendesk/deployment/opendesk[#228](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/issues/228)] Turn off Gravatar option by default; check `migrations.md` in case the option should be enabled ([628e914](628e91435c))
* **ox-connector:** Update from v0.27.7 to v0.27.9 ([ba77f2b](ba77f2b11c))
* **postfix:** Relax TLS settings to `TLSv1.2`/`medium` for broader SMTP relay compatibility ([31cbd9a](31cbd9af1a))
* **xwiki:** Update image to set new default for user self-registration; review migrations.md for required actions on existing deployments ([c75abaf](c75abaf1e6))
### Features
* **collabora:** Support for macro execution controlled by `functional.weboffice.macros.enabled` (default: `[secure]`) ([38f2bdd](38f2bdd2b9))
* **cryptpad:** Update from 2024.6.1 to 2025.6.0 ([23dfe0a](23dfe0aaa6))
* **element:** Update Element-Web from 1.11.89 or 1.12.0 and Synapse from 1.129.0 to 1.137.0 ([f895bcc](f895bcc2b8))
* **element:** Update NeoBoard widget to v2.3.1, NeoChoice widget to v1.6.0, NeoDateFix widget to v1.7.2 and NeoDateFix bot to 2.8.5 ([b377a5e](b377a5e0e2))
* **jitsi:** Upgrade from stable-9955 to stable-10431 ([e138610](e138610d29))
* **nextcloud:** Expose `forbiddenChars` in `functional.yaml.gotmpl`; review `migrations.md` for required upgrade steps ([5a2c1fc](5a2c1fcf98))
* **notes:** Update from 3.2.1 to 3.4.0 ([c636650](c63665040c))
* **nubus:** Update from 1.12.0 to 1.13.1 ([35424b8](35424b88d6))
* **nubus:** Update from v1.13.1 to v1.14.0 using OIDC instead of SAML for portal SSO; review `migrations.md` for required upgrade steps ([d3b1f57](d3b1f575cc))
* **open-xchange:** Add options to `functional.groupware`; review `migrations.md` for details on new defaults/required upgrade steps ([8a7cc3b](8a7cc3b8c7))
* **open-xchange:** Enable mail categories ([4da1c5d](4da1c5d9e3))
* **open-xchange:** Update from 8.39 to 8.40 ([c70a0bd](c70a0bdc4c))
* **open-xchange:** Update from 8.40 to 8.41 ([c50b817](c50b817795))
* **openproject:** Update OpenProject from 16.2.1 to 16.3.2 ([f77f329](f77f3291ca))
* **openproject:** Update OpenProject from 16.3.2 to 16.4.1 ([f5483d1](f5483d1a3b))
* **xwiki:** Update from 16.10.5 to 17.4.4 and configure openDesk's Collabora for `.odt`, `.rtf` and `.docx` export of wiki pages ([813e92c](813e92c1b0))
## [1.7.1](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.7.0...v1.7.1) (2025-08-26)
### Bug Fixes
* **collabora:** Update from 25.04.3 to 25.04.4 ([84d6b50](84d6b504d2))
* **helmfile:** When optional mail domain is set, use it as sender domain for system generated (noreply) mails ([bd4c997](bd4c997950))
* **jitsi:** Increase `patchJVB` job `backoffLimit` to avoid deployment failures on infrastructure where LoadBalancer services take longer to become available ([eb2a181](eb2a1811fb))
* **nextcloud:** Fetch central navigation from cluster internal service ([dd0e516](dd0e516778))
* **nextcloud:** Stop browser from caching server-generated files ([410a1ad](410a1ade69))
* **nextcloud:** Work around a bug that breaks the `nextcloud-management` job in case the theming `primary_color` was set in Nextcloud's web UI ([4aebe22](4aebe22f22))
* **notes:** Explicitly template security contexts; add missing ingress classes and pull secrets ([834c847](834c84768a))
* **nubus:** Remove temporary `nubusUdmListener` `livenessProbe` as recommended by supplier ([688a505](688a505ef7))
* **open-xchange:** Click on top bar logo to point to portal instead of mail inbox ([9f762a7](9f762a7c2e))
* **open-xchange:** Configure correct autoreply addresses and enable FTS in Dovecot EE ([997c083](997c083335))
* **open-xchange:** Explicitly deactivate DAV support if not enabled in `functional.yaml.gotmpl` ([62ba5ab](62ba5aba49))
* **open-xchange:** Fix FTS bulk delete in Dovecot EE ([cd2a356](cd2a356b89))
* **open-xchange:** Set mail quota using `functional.groupware.quota.default` ([67fe50e](67fe50e53c))
* **opendesk-static-files:** Serve missing `.png` favicons for Notes and the Nextcloud topbar logo ([42b1105](42b11059d2))
* **ox-connector:** Update OX Connector and OX Extension to v0.27.7 ([57c96af](57c96af5a5))
* **xwiki:** Templating of `imagePullSecrets` ([bbbcd68](bbbcd6807e))
# [1.7.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.6.0...v1.7.0) (2025-08-11)
### Bug Fixes
* **collabora:** Connect to Collabora Controller websocket via service ([5d01f60](5d01f6023d))
* **collabora:** Update from 25.04.2 to 25.04.3 ([3507c62](3507c62f83))
* **helmfile:** Adds default-enterprise-overrides to default values in helmfile-generic ([672e649](672e649b60))
* **nextcloud:** Block filesystem-unsafe characters in file and folder names ([0df6212](0df6212ca9))
* **nextcloud:** Include latest Helm chart version with supports `configuration.sharing.restrictUserEnumerationToGroup` ([c3dfa2a](c3dfa2a607))
* **notes:** Set Pod Disruption Budget (PDB) labels ([e35dac0](e35dac087a))
* **nubus:** Add `livenessProbe` for `nubusUdmListener` to mitigate cases where the listener becomes uninitialized and stops forwarding provisioning data to NATS. Temporary until upstream provides a probe ([ef8d67f](ef8d67f3c1))
* **open-xchange:** Disable documents role ([573e11f](573e11f5c5))
* **open-xchange:** Postfix to support submissions and external secrets ([13ab665](13ab665900))
* **open-xchange:** Support application specific passwords in groupware when CalDAV/CardDAV support is enabled, see `functional.groupware.davSupport.enabled` for reference ([90b2290](90b22904da))
* **open-xchange:** Use dedicated pod for migration ([6fd52b1](6fd52b167e))
* **opendesk-certificates:** Update Helm chart to remove default host for `webmail` being set even if OX App Suite is not enabled ([09a0aac](09a0aace45))
* **opendesk-services:** Update opendesk-alerts from 1.1.1 to 1.1.2, update opendesk-dashboards from 1.1.1 to 1.1.2 ([174d4fc](174d4fc61c))
* **openproject:** Update from 16.2.0 to 16.2.1 ([bba9b71](bba9b716a3))
* **ox-connector:** Update OX Connector and OX Extension to v0.27.2; review `migrations.md` for required upgrade steps ([9d51e40](9d51e40063))
### Features
* **nextcloud:** Enhance theming options for Nextcloud ([bdc7331](bdc7331cb5))
* **notes:** Switch to new Helm chart with support for self-signed deployments; review `migrations.md` for required upgrade steps ([3106ca7](3106ca793e))
* **nubus:** Allow configuration of limits for password reset requests via `security.passwordResetLimits` ([09f54b4](09f54b4134))
* **nubus:** Update from 1.11.2 to 1.12.0 ([5537dbb](5537dbbd7c))
* **open-xchange:** Update from 8.38 to 8.39 ([489986e](489986e906))
* **open-xchange:** Use internal endpoint for provisioning and support for optionally spinning up a dedicated internal Pod just for provisioning (see `technial.oxAppSuite.provisioning.dedicatedCoreMwPod` for details) ([31b7ec7](31b7ec7827))
* **openproject:** Update from 16.1.1 to 16.2.0 ([e273abb](e273abbecf))
# [1.6.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.5.0...v1.6.0) (2025-07-14)
### Bug Fixes
* **dovecot-pro:** Use of `requiredEnv` instead of `env` and update `README-EE.md` ([a79e40f](a79e40f44a))
* **helmfile:** Prefix NATS passwords as workaround for upstream issue and add documentation to `gettings-started.md` [[#185](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/issues/185), [#202](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/issues/202)] ([7f478bf](7f478bffd6))
* **helmfile:** Remove default setting from `repositories.helm.registryOpencodeDeEnterprise` for better support of `PRIVATE_HELM_REGISTRY_URL` ([c5dd881](c5dd8814ae))
* **helmfile:** Set `nubusKeycloakBootstrap` debug mode when openDesk is running in debug mode ([4e0ffee](4e0ffeea1f))
* **helmfile:** Streamline license header comment style [[#192](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/issues/192)] ([20cbad3](20cbad31e7))
* **nubus:** Explicitly template `nubusStackDataUms.stackDataContext.portalFqdn` to fix custom hostname support [[#193](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/issues/193)] ([6aa6d3a](6aa6d3af2f))
* **nubus:** Replace openDesk portal fork with upstream `portal-frontend` image ([e4f1afc](e4f1afca0f))
* **nubus:** Update from 1.11.1 to 1.11.2 ([237c9af](237c9af3c1))
* **open-xchange:** Add missing `imagePullSecrets` for `core-imageconverter` and `core-documentconverter` ([9b7f439](9b7f439d83))
* **open-xchange:** Enable `com.openexchange.smime.test` only when openDesk is running with `debug.enabled: true` ([51ff7a5](51ff7a5fdb))
* **open-xchange:** Enable searching by LDAP `mailAlternativeAddress` when resolving global contacts. Note: OX App Suite evaluates all `mailAlternativeAddress` values of a user when searching, but only the first address is returned, which might differ from the one that matched the search criteria. ([9014324](9014324156))
* **open-xchange:** Use `objectstore.dovecot.secretKey` when defined ([5c33226](5c332264ed))
* **opendesk-services:** Add missing certificates ([acbabdb](acbabdb806))
* **openproject:** Update from 16.1.0 to 16.1.1 ([e30d4f1](e30d4f126d))
### Features
* **collabora:** Update from 24.04.13 to 25.04.2 ([c56f564](c56f564025))
* **element:** Update NeoBoard from 2.1.0 to 2.2.1, NeoChoice from 1.5.1. to 1.5.2, NeoDateFix from 1.7.0 to 1.7.1 widgets and NeoDateFixBot from 2.8.2 to 2.8.3 latest releases ([98d31f8](98d31f811b))
* **helmfile:** Add options in `functional.yaml.gotmpl` for setting the portal's corner links, toggling the welcome message and the newsfeed ([1a6f438](1a6f438724))
* **nextcloud:** Update from 30.0.10 to 31.0.6 and support for notify-push ([a4c8be6](a4c8be60f3))
* **nubus:** Update from 1.9.1 to 1.11.1; required minimum openDesk version for this upgrade is 1.5.0, see `migrations.md` for details ([ccd5ab8](ccd5ab84e3))
* **open-xchange:** Store attachments for calendar, contact and task objects in object storage; review `migrations.md` for required upgrade steps ([4eb6570](4eb6570b0a))
* **open-xchange:** Updated OX App Suite from 8.37 to 8.38 ([2b31751](2b317514c6))
# [1.5.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.4.1...v1.5.0) (2025-06-16)
### Bug Fixes
* **dovecot:** Enable Dovecot ACL for CE (file) & EE (cassandra) ([9354ee7](9354ee7196))
* **notes:** Support templating of Ingress annotations `bodyTimeout` and `bodySize` to allow application defined upload limits to be reached ([69faf77](69faf77d15))
* **nubus:** Create required LDAP objects for `global.additionalMailDomains` ([4dcb683](4dcb683118))
* **nubus:** Explicitly template security context for Keycloak proxy ([e959438](e9594382ed))
* **nubus:** Update CSS for login screen to show login button for federated IdP ([0d4e1b0](0d4e1b01e3))
* **nubus:** Use read-only root filesystem for Keycloak bootstrap ([1edd7c3](1edd7c3f06))
* **open-xchange:** Enabled mail login resolver ([7547f49](7547f4948e))
* **open-xchange:** Update Dovecot CE chart to support ACLs (mailbox sharing) and usernames different from local part of mail address ([87c30ab](87c30ab8e3))
* **open-xchange:** Use login name instead of email between OX and Dovecot ([8e9ef08](8e9ef0867b))
* **openproject:** Update from 16.0.0 to 16.0.1 ([b60f9c7](b60f9c7576))
* **openxchange:** Update App Suite 8.37 to latest patch level (8.37.69) ([bc436b2](bc436b2485))
### Features
* **ci:** Update Helm to 3.18.1 and Helmfile to 1.1.1 ([59a4086](59a40864ed))
* **notes:** Update from 2.4.0 to 3.2.1 ([9f4e3c8](9f4e3c86c7))
* **open-xchange:** Support for `mailAlternativAddress`(es) for sending and receiving emails ([6d6b1a6](6d6b1a6dd7))
* **openproject:** Update from 15.5.1 to 16.0.0 including Helm chart update ([add7266](add72669ae))
## [1.4.1](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.4.0...v1.4.1) (2025-06-02)
### Bug Fixes
* **nextcloud:** Update NC CE to 30.0.10 ([785be8b](785be8b662))
* **nextcloud:** Update Nextcloud incl. apps to 30.0.10 ([559fbf6](559fbf6801))
* **nubus:** Use `.Values.theme.texts.productName` for Keycloak's `loginTitle` instead of static product name string ([d1a1e5d](d1a1e5dc29))
* **open-xchange:** Re-adding `com.openexchange.oauth.provider.*` to fix central contacts feature ([561e44f](561e44fd4c))
* **open-xchange:** Set `com.openexchange.hostname` to get working links in outgoing system mails (e.g. task assignments) ([0d61687](0d616871e3))
* **postfix:** Require TLSv1.3 ([3b3d8ac](3b3d8aca54))
* **requirements.md:** Helm 3.18.x is not supported due to upstream bug ([1ea9cae](1ea9cae1ce))
# [1.3.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.2.1...v1.3.0) (2025-04-22)
### Bug Fixes
* **helmfile:** Fix Kyverno lint issues for EE components ([46b3834](46b38342d3))
* **helmfile:** Remove no longer used `secrets.nubus.defaultAccounts.*` ([6e6d155](6e6d15552e))
* **helmfile:** Support for Keycloak session settings via `functional.authentication.realmSettings.*` ([3fcfa00](3fcfa00503))
* **migrations:** Optional delete of `ums-minio-rewrites` Ingress, as it is non-existing in deployments with external object storage ([6932953](693295391b))
* **ox-connector:** Update to v0.19.0 ([fe664a7](fe664a7f8d))
* **xwiki:** Update Helm chart to v1.4.4 to fix the problem with XWiki not starting when secrets contained specific (XML interpreted) characters ([67a1df0](67a1df0f80))
### Features
* **collabora:** Update to 24.04.13 ([8f12208](8f12208074))
* **helmfile:** Add template support for annotations ([9cde57d](9cde57d74b))
* **helmfile:** Support for SSO federation; see `ssoFederation` section in `functional.yaml.gotmpl` for details ([79975a5](79975a58e3))
* **nubus:** Show openDesk version to all users (instead of admin users only) ([393ee31](393ee31163))
* **nubus:** Update to 1.8.0 ([90c49f6](90c49f6f83))
* **openproject:** Update to 15.5.0 ([7f1cfc5](7f1cfc5555))
# [1.2.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.1.2...v1.2.0) (2025-03-25)
### Bug Fixes
* **collabora:** Set proper theming for Collabora Online (openDesk EE) ([896b3c1](896b3c102c))
* **collabora:** Update to 24.04.12 ([4296db7](4296db7c90))
* **dev-tooling:** Fix path names when refencing local Helm chart copies in `helmfile-child.yaml.gotmpl` files ([60f5e36](60f5e36b7c))
* **docs:** Add `functional.md` and reference it in `getting-started.md` ([0efc0af](0efc0af761))
* **docs:** Add testing.md ([c4e4258](c4e4258162))
* **dovecot:** Update EE Helm chart to resolve issue with mandatory set `PriorityClass` ([696f2da](696f2daa9c))
* **element:** Run UVS container as a non-root user ([f262507](f26250774e))
* **element:** Update NeoChoice and NeoBoard widget to latest releases ([7456543](7456543d81))
* **helmfile:** Add missing `deletePodsOnSuccessTimeout` statements ([87144b8](87144b8fd3))
* **helmfile:** Support for `functional.externalServices.matrix.federation.domainAllowList` ([817af98](817af98fcd))
* **intercom:** Allow transient session cookies and rolling session duration configuration ([4d59d12](4d59d12a97))
* **intercom:** Update to Intercom Service v2.10.3 ([7b05213](7b05213d6e))
* **jitsi:** Update chart to v3.1.0 incl. a fix in room history toggle ([1480253](1480253a52))
* **migrations:** Explicit scoping of role required for access to the migration's ConfigMap ([02488fe](02488fe2dd))
* **nextcloud:** Disable integration with OX App Suite if groupware it is not available ([fdfe76c](fdfe76c37e))
* **nextcloud:** Update apps and support branding of the HTML title ([bc55f6a](bc55f6a366))
* **nextcloud:** Update images for improved log output ([f1147f0](f1147f0fdf))
* **nextcloud:** Update images to allow logging in environments where inotify cannot be used ([0110675](01106757da))
* **nextcloud:** Update to 30.0.6 including latest apps ([52b0b13](52b0b13e6b))
* **nubus:** Add imagePullSecrets to nginx-s3-gateway ([466b70a](466b70a9bb))
* **nubus:** Add migrations for Nubus 1.7.0; See migrations.md for details ([7d7e9e6](7d7e9e65b3))
* **nubus:** Always use S3 gateway for assets ([1e62a0d](1e62a0dfe1))
* **nubus:** Change logo URLs for apps referencing the openDesk logo provided by Nubus ([5d398f5](5d398f5d64))
* **nubus:** Cleanup of unnecessary LDAP groups; customization option to show the OX App Suite context selection in the IAM's admin UI ([4c42ed7](4c42ed76e8))
* **nubus:** Delete now legacy Ingress `ums-minio-rewrites` ([1c50aa5](1c50aa5ce2))
* **nubus:** Fix mixed up links for legal and privacy statement ([dbcc785](dbcc785134))
* **nubus:** Indent `nubusPortalConsumer.persistence.groupMembershipCache` causing `persistence.storages.nubusPortalConsumer.*` to be ignored; See migrations.md for details ([baa5b14](baa5b14551))
* **nubus:** Register OX provisioning consumer only when OX is enabled; See migrations.md for details ([adb3fa1](adb3fa18eb))
* **nubus:** Remove unnecessary inactive portal tiles and folders ([1724fa1](1724fa14a3))
* **nubus:** Update openDesk customizing: Preset openDesk specific attributes on `Administrator` account; Remove unused portal categories ([6edfe72](6edfe7239f))
* **opendesk-services:** Add notes to certificate resource ([d18abb0](d18abb0d0a))
* **openproject:** Update `opendesk-openproject-bootstrap` to support external secrets ([41e0aae](41e0aaeffe))
* **openproject:** Update to 15.3.0 including update for seeding relevant environment variables ([a6de1fe](a6de1fe694))
* **openproject:** Update to 15.3.1 ([f34a4a3](f34a4a3601))
* **openproject:** Update to 15.3.2 ([6723a34](6723a34c22))
* **openproject:** Update to 15.4.0 ([2a0f2a3](2a0f2a3333))
* **openproject:** Update to 15.4.1 ([747cae5](747cae545a))
* **openxchange:** Template HTML title from `.Values.theme.texts.productName` ([2e992fc](2e992fc236))
* **openxchange:** Update to latest 8.35 patch level ([44c2081](44c2081bd8))
* **ox-connector:** Update to v0.14.7 ([dd3b35b](dd3b35b626))
* **postfix:** Add internal authentication ([2389d59](2389d59735))
* **postfix:** Add recipient delimiter support ([f92b76b](f92b76b2b2))
* **requirements.md:** Set Ingress NGINX 1.11.5 as requirement ([2bf8e1d](2bf8e1de98))
* **synapse:** Use synapse-guest-module by Element (supplier) ([2730b03](2730b03e70))
### Features
* **helmfile:** Use PostgreSQL as default database for Nextcloud and XWiki; follow `migrations.md` when upgrading an existing environment ([2f584bd](2f584bd8e8))
* **nextcloud:** Support external secrets for metrics token ([dbec2ec](dbec2ec36f))
* **notes:** Update to v2.4.0 ([3d35440](3d35440dc7))
* **nubus:** Support of external secrets in opendesk-keycloak-bootstrap ([3d2f751](3d2f75165a))
* **nubus:** Update to v1.7.0 ([d018385](d018385473))
* **openxchange:** Update to OX App Suite 8.35 ([037537b](037537b394))
* **xwiki:** Update to 16.10.5 ([bfd27f3](bfd27f3c39))
## [1.1.2](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.1.1...v1.1.2) (2025-02-19)
### Bug Fixes
* **dovecot:** Add Dovecot Pro [EE] ([6e343c7](6e343c76a3))
* **element:** Add Element EE components ([61d94a8](61d94a8de6))
* **helmfile:** Add missing customizing option for Matrix widgets ([9c79c44](9c79c44453))
* **helmfile:** Add SSL option for Keycloak Extensions Proxy's PostgreSQL connection ([91d0f98](91d0f98682))
* **helmfile:** Fine-grained service types ([de8b560](de8b560fe7))
* **helmfile:** Integrate oD EE ([03ec704](03ec70435c))
* **helmfile:** Introduce `apps` as top level in `opendesk_main.yaml.gotmpl`; Please check migrations.md for upgrades of existing installations ([2fcf014](2fcf014894))
* **helmfile:** Make openDesk IAM attributes optional with enabled as default ([b32996d](b32996da34))
* **helmfile:** Provide toggle in `functional.yaml.gotmpl` for "new device notification" mails ([284c9fe](284c9fe0c7))
* **helmfile:** Remove reference to no longer required `elementWeb` chart ([cd9c54b](cd9c54b177))
* **helmfile:** Set default for domain to `opendesk.internal` to avoid enforcing DOMAIN environment variable for deployments using YAML overrides ([930ae9d](930ae9d3e7))
* **helmfile:** Update/streamline theming ([8eeaa23](8eeaa23c2f))
* **jitsi:** Support for phone dial-in into Jitsi conferences ([1323ef1](1323ef142e))
* **nextcloud:** Update `groupfolders` app to fix group selection in admin mode ([ab49bf9](ab49bf9f6b))
* **nextcloud:** Update Nextcloud to 29.0.11 and support for Cron-Job specific resource definitions ([09f4829](09f482981b))
* **nubus:** Disable unused notification feature ([955f17e](955f17ef8b))
* **nubus:** Fix Keycloak dialogue background length on small screens ([4662709](4662709673))
* **nubus:** Only configure apps that are deployed to show up in IAM admin UI and Keycloak ([1f051e7](1f051e7779))
* **nubus:** Re-implement toggle for UDM-REST-API based on `functional.externalServices.nubus.udmRestApi.enabled` ([777e7d2](777e7d2fc6))
* **nubus:** Remove doublet `resources` key in `udm-listener` StatefulSet ([10e0b0a](10e0b0ad6c))
* **nubus:** Support for custom UDM commands ([aff8edb](aff8edbde2))
* **nubus:** Update Keycloak Extensions Proxy ([601e649](601e649913))
* **open-xchange:** Parameters to split read and write queries to MariaDB ([370247b](370247b951))
* **open-xchange:** Update OX App Suite to 8.33 ([581c8ae](581c8aed1f))
* **openproject:** Update OpenProject to 15.2.1 ([83c311b](83c311b101))
* **oxconnector:** Update to strict `securityContext` from upstream defaults ([32df165](32df1657d2))
## [1.1.1](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.1.0...v1.1.1) (2025-01-27)
### Bug Fixes
* **docs:** Add permissions.md ([04ab28c](04ab28c029))
* **element:** MatrixID for Element "Welcome User" to support deployments where matrix domain differs from homeserver FQDN ([ccb51a0](ccb51a0de3))
* **element:** Update Element to 1.11.90 ([335806a](335806a53e))
* **element:** Update Helm chart to v6.0.2 for a fix when using non generated secrets in `opendesk-synapse` ([d5e73fe](d5e73feb88))
* **element:** Update Synapse to 1.121.1 ([33ff922](33ff9227b7))
* **helmfile:** Move the access restriction configuration for Keycloak client scopes into helmfile templating, instead of hardcoded Helm chart values ([3662b5c](3662b5cd25))
* **helmfile:** Remove duplicate entries from `secrets.yaml.gotmpl` ([a13cf63](a13cf63024))
* **helmfile:** Support component specific storageClassNames. **Note:** Please check the migration.md if you upgrade a deployment that has set custom PVC sizes using `persistence.size` settings. ([bacf51e](bacf51efb1))
* **helmfile:** Support PostgreSQL as alternative database backend for Nextcloud and XWiki. **Note:** PostgreSQL is likely to become the preferred option/default in the future and MariaDB might be deprecated at a later point. ([a0f52ee](a0f52ee7d4))
* **helmfile:** Update `opendesk-alerts` and `opendesk-dashboards` to get predictable sort order, improving GitOps deployments ([0c91117](0c91117575))
* **helmfile:** Update upstream images for k8s/kubectl to v1.32.0 ([b71c2e5](b71c2e57ee))
* **intercom:** Remove legacy OIDC claims ([6796f32](6796f320f7))
* **nextcloud:** Update image and Helm chart to support app toggles during deployment ([1cdfcf2](1cdfcf2784))
* **nextcloud:** Update to Nextcloud 29.0.10 ([d096fb1](d096fb1154))
* **nubus:** Fix `pullPolicy` setting for `ldapServer.leaderElector` to satisfy Kyverno linter ([6f2f7cd](6f2f7cd5db))
* **nubus:** Merge yaml files for better maintainability ([6c67eca](6c67eca7aa))
* **nubus:** Pre-create groups in Keycloak to avoid race condition on group sync when initial users login parallel ([5496317](5496317fee))
* **nubus:** Remove `extra` settings from ldapServer needed for openDesk 1.0.0 LDAP migration ([fab862e](fab862eec6))
* **nubus:** Remove b64 encoded files from CSS, instead use `opendesk-static-files` ([2926e2c](2926e2c93a))
* **nubus:** Template `secrets.nubus.masterpassword`. **Note:** Please check migrations.md for details. ([5aae75a](5aae75a152))
* **nubus:** Update customizations for group cleanup ([0b230fa](0b230fa2cc))
* **open-xchange:** Add missing `registryOpencodeDe` to OX-Connector's `waitForDependency` image ([a16d907](a16d9071c9))
* **openproject:** Update to 15.1.1 ([b4b714f](b4b714ff41))
* **openproject:** Update to 15.2.0 ([9d8e9c3](9d8e9c3ade))
* **static-files:** Update Helm chart to use more generic `assets` over `theme.imagery.assets` ([63562c1](63562c1aae))
* **static-files:** Update Helm chart to v4.0.1 to support longer domain names ([b0e665b](b0e665b031))
* **xwiki:** Update Helm chart to v1.4.1 to fix support for custom `ingressClassName` values. Ref [#144](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/issues/144) ([033cb55](033cb558dd))
# [1.1.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.0.0...v1.1.0) (2024-12-24)
### Bug Fixes
* **cassandra:** Prepare cassandra for openDesk Enterprise. ([508e286](508e286232))
* **cassandra:** Remove values in charts.yaml for enterprise components. ([c0cbb76](c0cbb76921))
* **ci:** Explicitly set RELEASE_BRANCH (to `main`) for scan and release steps ([e5ad0bb](e5ad0bb2e0))
* **ci:** Reduce Kyverno linting issues ([e4d9106](e4d9106c45))
* **collabora:** Add/update Helmfile for Collabora Controller to be used in EE deployments ([a63d7cb](a63d7cb861))
* **collabora:** Update to 24.04.9.2. ([407f2be](407f2be2ad))
* **docs:** Add `architecture.md` and `apis.md` ([7710858](77108587c7))
* **docs:** Add GitOps / Argo CD documentation ([bbe7550](bbe7550c46))
* **docs:** Update and streamline README.md and migrations.md. ([a86c0af](a86c0afdbb))
* **element:** Add extensive database options ([9e102e2](9e102e2d1b))
* **element:** Prepare element for openDesk Enterprise. ([00a1a93](00a1a9394e))
* **element:** Rename release opendesk-element to opendesk-element-web ([1213ecc](1213ecc425))
* **element:** Switch `element-web` base image to Alpine ([47ce294](47ce294403))
* **element:** Toggle IPv4-only mode depending on cluster.networking.ipFamilies ([627b9c1](627b9c1e84))
* **element:** Update Matrix Meetings Bot to 2.8.2 ([4403dfe](4403dfe720))
* **element:** Update Synapse to 1.120.2 and Element to 1.11.87 update also related containers ([9d7644d](9d7644dc04))
* **helmfile:** Add `opendesk-static-files` to `opendesk-services` to serve favicons ([6438284](6438284090))
* **helmfile:** Add Redis username and tls option ([564fb2d](564fb2d7c7))
* **helmfile:** Allow usage of pre-defined CA certificates. ([0738fa0](0738fa080d))
* **helmfile:** Auto-redirect user to login dialogue, please read migrations.md for more details ([a9c8dfe](a9c8dfeab1))
* **helmfile:** Remove `default.user` and `default.admin` for new deployments. ([54f9e4c](54f9e4c3f8))
* **helmfile:** Remove `theme` subtree from the migration's `.Values` secret to avoid a bloated secret hitting limits in certain clusters setups and GitOps tools. ([b6725dd](b6725dddc1))
* **helmfile:** Splitting the directory `./helmfile/apps/services` into `-external` and `opendesk-` services, please read migrations.md for more details ([277a1f5](277a1f5a65))
* **helmfile:** Streamline `commonLabels.deployStage`. ([f969425](f96942536f))
* **helmfile:** Streamline `requests.cpu` in `resources.yaml` ([43f427e](43f427e06a))
* **helmfile:** Streamline file extensions in `/helmfile/environments/default` to ([0e3b661](0e3b661565))
* **helmfile:** Unify templating name for Open-Xchange to `openxchange` and for OX App Suite to `oxAppSuite`. ([6ff1fcd](6ff1fcd438))
* **helmfile:** Use dictionaries for defining `customization.yaml`, please read migrations.md for more details ([86ef0be](86ef0be542))
* **jitsi:** Update Jitsi Helm chart and images. ([5c691e4](5c691e4508))
* **jitsi:** Update to 2.0.9823 and chart to 2.1.1 ([56ce335](56ce3355fc))
* **jitsi:** Update to switch the colors of `Hang up` and `End meeting for all` buttons. ([9dbb2b7](9dbb2b755c))
* **migrations:** Cleanup of jobs ([539a302](539a30263c))
* **migrations:** Update to support Nubus 1.5.1 ([7f60ab3](7f60ab3b7a))
* **nextcloud:** Add Redis TLS option ([1402593](1402593556))
* **nextcloud:** Fix templating for nextcloud database name ([7f1f6cd](7f1f6cdcd4))
* **nextcloud:** Fix templating for nextcloud database user ([c8c12a2](c8c12a278e))
* **nextcloud:** Support IPv4 only clusters ([b25ada1](b25ada1f60))
* **nextcloud:** Trusted Proxy setting. ([bc0ca8b](bc0ca8b4c1))
* **nextcloud:** Update Chart to 3.6.1 and Image to 2.3.3 (including rollback to 29.0.8). Introducing setting for `functional.filestore.sharing.external.sendPasswordMail` ([18fcaa0](18fcaa0331))
* **nextcloud:** Update to 29.0.9 incl. latest apps. ([c63cca7](c63cca72a3))
* **notes:** Add `favicon.ico` via `opendesk-static-files` ([669995b](669995bb95))
* **notes:** Add https to all endpoints ([174951c](174951cd51))
* **nubus:** Add nginx s3 proxy when minio disabled ([b3b6ab5](b3b6ab5a61))
* **nubus:** Enable Keycloak debug mode logging; add Keycloak specific section to debugging.md ([3b3679b](3b3679bab1))
* **nubus:** Fix selfsigned certificate mounts ([b90bff3](b90bff30b3))
* **nubus:** Leader election on re-deployments ([b965677](b9656772a9))
* **nubus:** Start ums keycloak bootstrap already during Sync phase ([16dfd25](16dfd255c6))
* **nubus:** Update external portal links and login screen background. ([901b1f5](901b1f529e))
* **nubus:** Update to 1.4.0 ([2a94f2d](2a94f2dd4b))
* **nubus:** Update to v1.5.1 ([4c7422a](4c7422a411))
* **nubus:** Use favicon with transparent background for portal ([1b13c3e](1b13c3ea65))
* **open-xchange:** Extend Dovecot LDAP filter to also match OX-Resources ([31ea6e0](31ea6e0e08))
* **open-xchange:** Fix truststore decrypt error on self-signed deployments ([8611d95](8611d95e5a))
* **open-xchange:** Update AppSuite to 8.30, update Helm chart to 2.12.85 ([0c88699](0c88699917))
* **opendesk-services:** Update minio to 2024.12.13 ([4cda827](4cda827f55))
* **opendesk-services:** Update otterize Network Policies ([4602396](4602396583))
* **openproject:** Bump Helm chart to 9.2 ([718eb45](718eb45e9c))
* **openproject:** Bump version to 15.0.2 ([c06e0bb](c06e0bb8d4))
* **openproject:** Update 15.1.0 image ([6d329e1](6d329e18cf))
* **openproject:** Update branding and Helm chart to 9.0.1 ([d3b1916](d3b191644b))
* **openproject:** Update to 14.6.3 incl. latest Helm chart (8.3.2). ([4c82adf](4c82adf668))
* **postfix:** Added service type definition analogous to dovecot ([31ec100](31ec1003c0))
* **services:** Add template for certificate issuerRef.kind ([df144fe](df144fe3d3))
* **services:** Update MariaDB chart to v3.0.3 in preparation for the use of external secrets. ([08feab1](08feab1cfc))
* **services:** Update Redis to 7.4.1 as required by OX Appsuite, please read migrations.md for more details ([5e0b2e2](5e0b2e26fc))
* **xwiki:** Fix templating for xwiki database port ([de15071](de15071ae9))
* **xwiki:** Set superadmin password account only when debug is enabled ([e2b3bd5](e2b3bd543f))
### Features
* **helmfile:** Add grafana dashboards ([1441c57](1441c5734f))
* **helmfile:** Add openDesk specific alerts ([f630a36](f630a369da))
* **helmfile:** Add template support for antivirus icap/milter ([83da87e](83da87e962))
* **helmfile:** Allow custom/self-signed ca-certificates ([c71faf5](c71faf5e80))
* **jitsi:** Enable Jitsi room history by default. ([45add79](45add7981c))
* Newsfeed in Portal based on XWiki blog feature ([3ad285a](3ad285a869))
* **notes:** Integrate Preview of Notes app ([96f1819](96f18196c5))
# [1.0.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v0.9.0...v1.0.0) (2024-10-14)
### Bug Fixes
* **ci:** Add TESTS_GRACE_PERIOD variable for run-tests job. ([1023f3d](1023f3d081))
* **ci:** Re-enable e2e test trigger. ([603b102](603b102f41))
* **ci:** Remove K8s secret creation for `EXTERNAL_REGISTRY_USERNAME` / `EXTERNAL_REGISTRY_PASSWORD`. ([cbe6b1a](cbe6b1ae6c))
* **ci:** Trigger e2e tests for multiple languages. ([9d7d89f](9d7d89f74f))
* **collabora:** Add ipFamilies cluster.networking option ([add2ab1](add2ab1a41))
* **collabora:** Reduce Collabora's securityContext capabilities. ([a7ea701](a7ea701cc6))
* **collabora:** Set Nextcloud URL for custom font support. ([370c7cd](370c7cd836))
* **collabora:** Update to 24.04.6.1.1. ([97f7a1c](97f7a1cafd))
* **collabora:** Update to 24.04.6.2.1. ([3d44193](3d441933ca))
* **collabora:** Update to 24.04.7.1.2. ([11ebb80](11ebb80494))
* **collabora:** Update to 24.04.7.2. ([5f72da4](5f72da4e57))
* **docs:** Update `replicas.yaml` and `docs/scaling.md`. ([45715a2](45715a2059))
* **docs:** Various updates. ([8aa1a7f](8aa1a7fa7d))
* **element:** Feature toggle for user controlled updates of their Element display name; new default for generating MatrixID, check docs/migrations.md for details. ([efc41cb](efc41cb3aa))
* **element:** Set Synapse rate limit. ([4ff720d](4ff720d36f))
* **element:** Update 'capabilities_approved' for NeoBoard Widget ([ade8535](ade8535c44))
* **element:** Update NeoBoard to 1.20.0 and `synapse-guest-module` to 2.0.0. ([11b0d44](11b0d441e0))
* **element:** Update NeoDateFix translations. ([71f21dc](71f21dc433))
* **element:** Update Synapse to v0.1150. ([12680e5](12680e5c1a))
* **element:** Use Element upstream without widgets. ([bdc6ad2](bdc6ad2864))
* **helmfile:** Add `cluster.networking.proxies`. Deployments need to set this if their load balancer or reverse proxy IPs are not part of the `cluster.networking.cidr`. ([a395759](a395759551))
* **helmfile:** Add `sample.yaml.gotmpl` to `dev` and `prod` env directories. ([dd80abe](dd80abe622))
* **helmfile:** Add new settings to `functional.yaml` for fileshare expiry dates. ([6b88f73](6b88f731eb))
* **helmfile:** Check imagePullSecrets templates for all resources ([13e0bb8](13e0bb8d68))
* **helmfile:** Move Intercom-Service to Nubus component. ([ef1dad7](ef1dad7433))
* **helmfile:** Move OX-Connector to Open-Xchange component. ([751f578](751f5783d0))
* **helmfile:** Remove NET_RAW capabilities ([e512486](e512486e74))
* **helmfile:** Remove some YAML linter warnings. ([d641359](d641359c29))
* **helmfile:** Remove toggle `functional.email.systemGenerated.useComponentInSenderdomain`. Mails will no longer use a component subdomain in their sender address. ([b60fe39](b60fe39b5c))
* **helmfile:** Switch fom dep5 to REUSE.toml. ([592f031](592f03135f))
* **helmfile:** Update portal and branding. ([6ba6923](6ba6923612))
* **helmfile:** Update replicas.yaml. ([8ef69ec](8ef69ecaf2))
* **helmfile:** Update to support Helmfile 1.0.0-rc5. ([f4b9395](f4b9395b41))
* **intercom-service:** Customizable user mapper. ([a7e5f64](a7e5f64b50))
* **jitsi:** Improve handling of non authorized users. ([8bca56d](8bca56d4ac))
* **jitsi:** Update chart for improved openDesk look & feel. ([f297d8c](f297d8c0b7))
* **jitsi:** Update Helm chart and Keycloak Adapter image. ([3ad81e6](3ad81e6b92))
* **jitsi:** Update images to `9646-stable`. ([49ad36e](49ad36ef4e))
* **jitsi:** Updated branding and new option `functional.dataProtection.jitsiRoomHistory.enabled` defaulting to `[secure]`. ([67d52c7](67d52c771e))
* **nextcloud:** Add support for secret keys for administrator and ldap credentials ([7aee88e](7aee88ec94))
* **nextcloud:** Bump image to incorporate latest PHP fixes. ([c9ae039](c9ae0391b0))
* **nextcloud:** Remove `/index.php`. ([3baf37c](3baf37c509))
* **nextcloud:** Update to 29.0.5 and support for new functional settings regarding sharing of files. See the options related to `functional.filestore.sharing` in `functional.yaml` and also `migrations.md` regarding their defaults that differ from the previous standard behaviour of openDesk. ([ac148d0](ac148d0c28))
* **nextcloud:** Update to 29.0.6 including latest app updates. ([9950b73](9950b73ae3))
* **nubus:** Add interim ingress configuration fixing UMC in German ([6a60c6d](6a60c6dd43))
* **nubus:** Only use one LDAP Primary and make replica count of Secondary and Proxy others configurable ([31753ff](31753ffb19))
* **nubus:** Reduce lint failures, especially take care of pullSecrets ([e923468](e923468cd6))
* **nubus:** Remove duplicated "nubusPortalFrontend" ([8cd2f3a](8cd2f3a993))
* **nubus:** Remove superfluous variables ([a7d3d25](a7d3d2585c))
* **nubus:** Update "openDesk Standard" OX profile. ([fdb37c3](fdb37c3943))
* **nubus:** Update customization for improved UX. ([b9db81f](b9db81f69d))
* **nubus:** Update LDAP openDesk schemas and add related openDesk config options to user. ([e3238f9](e3238f96f7))
* **nubus:** Update LDAP to openLDAP 2.5. ([c63e725](c63e725525))
* **nubus:** Update opendesk-nubus to set default OXContext and improved OXProfile, update migrations to (optionally) ldap-patch OXContext for `Administrator`/`default.admin` as well as patch the OXProfile to 1.0 default state. ([e619db6](e619db6da2))
* **nubus:** Update to 0.63.2 ([28dd762](28dd762db3))
* **nubus:** Update to 0.64.2. ([fc7099a](fc7099a8a6))
* **nubus:** Update to Nubus 0.62.2. ([8229949](8229949b47))
* **nubus:** Update to version 0.57.3. ([11f750e](11f750e1d6))
* **open-xchange:** DisplayName settings for OX-Connector. ([b7faa24](b7faa24d76))
* **open-xchange:** Update cluster internal Nextcloud URL. ([b1946d0](b1946d0c1d))
* **open-xchange:** Update Migrations for OX-Connector. ([6325b69](6325b69a91))
* **open-xchange:** Update OpenXchange Appsuite Bootstrap to v2.1.0 ([fb8f7cd](fb8f7cd28a))
* **open-xchange:** Update OX AppSuite to 8.26 and improve configuration including server-side Element integration. ([61d7496](61d74966d0))
* **openproject:** Bump OpenProject to 14.5.1. ([deacbc9](deacbc9db5))
* **openproject:** Remove `OPENPROJECT_PER__PAGE__OPTIONS` to enable functional administration of the setting. ([df9380b](df9380b924))
* **openproject:** Update Helm chart to v8.0.0 and explicitly template resources. ([91e34aa](91e34aabaa))
* **openproject:** Update to 14.6.0. ([560aa30](560aa30cba))
* **openproject:** Update to 14.6.1. ([cc4b359](cc4b359124))
* **openproject:** Updated bootstrap image does not fail on rerun. ([7d0d6ea](7d0d6ea8d1))
* **services:** Bump Postfix Helm chart to 2.2.0. ([f194f24](f194f24845))
* **services:** Support application based connection limits and password updates for PostgreSQL and MariaDB. ([c03566d](c03566dd63))
* **xwiki:** Disable check for local Office component. ([a91f181](a91f181c46))
* **xwiki:** Enable IAM controlled functional admin role. ([fa8572f](fa8572f785))
* **xwiki:** Update to 16.4.4 - updated. ([6347966](6347966765))
* **xwiki:** Update to 16.4.4. ([d693ff9](d693ff94f4))
### Features
* **element:** Add feature flag `functional.dataProtection.matrixPresence.enabled` that defaults to `[secure]` to avoid that openDesk provides presence information on users unintended. We include the hardcoded configuration in openDesk Synapse that users cannot change their displayname. ([4b99357](4b99357b21))
* **helmfile:** Add customization.yaml to define custom files for helmfile releases ([180ccdd](180ccddfaa))
* **helmfile:** Add fine-granular registry overwrites ([7348547](7348547d96))
* **helmfile:** Add support for argocd git-ops deployment ([9f081d8](9f081d8567))
* **helmfile:** Change default subdomain names. Attention, consult docs/migrations.md for upgrade deployments. ([3d84e80](3d84e804c2))
* **helmfile:** Full ArgoCD support ([7bf8e69](7bf8e6976a))
* **helmfile:** Support feature toggle `email.systemGenerated.useComponentInSenderdomain`. ([a46a632](a46a632616))
* **nextcloud:** Use nextcloud image with bundled nginx ([81f5969](81f5969653))
* **nubus:** Update IAM components. ([ce03400](ce03400043))
* **nubus:** Update to Nubus 0.39.2 chart ([7345563](73455630fd))
* **open-xchange:** Support for email migration feature toggle enabling masterpassword authentication in Dovecot and AppSuite. Requires openDesk Enterprise. ([356d8df](356d8dfbfd))
* **services:** [bmi/opendesk/deployment/opendesk[#66](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/issues/66)] Add dkimpy-milter to sign outgoing emails with DKIM and use local postfix as mail relay in all components. ([fbe4909](fbe4909a8e))
### BREAKING CHANGES
* **helmfile:** Upgrading from previous releases requires manual steps, read `./docs/migrations.md` carefully.
## [0.8.1](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v0.8.0...v0.8.1) (2024-07-01)
### Bug Fixes
* **collabora:** Bump image to 24.04.4.1.1. ([368fe13](368fe13ddb))
* **collabora:** Bump image to 24.04.4.2.1. ([01767d3](01767d3806))
* **docs:** Add Ports section to getting started. ([c07b25c](c07b25c4b9))
* **docs:** Correction regarding the currently supported ingress controller. ([8514908](85149086ae))
* **docs:** Update regarding the currently supported ingress controller. ([064a5ad](064a5ad246))
* **element:** Provide the internal cluster domain to `synapse-web`. ([a8692d5](a8692d5506))
* **helmfile:** Add script to ease local development of platform charts. ([d8f3e05](d8f3e05e58))
* **helmfile:** Enable SMTP for XWiki and Element/Synapse; Streamline mail sender addresses within platform based on `<localpart>@<component>.<domain>` and allow configuration of `<localpart>`. ([01c5e6b](01c5e6b359))
* **helmfile:** Include all `.yaml.gotmpl` files for the envs in `environments.yaml`. ([e523434](e52343440d))
* **helmfile:** Streamline `functional.yaml`. *Upgrade notice:* If you set a non default value for `.Values.portal.enableDeploymentInformation` please change it to `.Values.admin.portal.deploymentInformation.enabled` with this version. ([e89b16a](e89b16a747))
* **jitsi:** Update PatchJVB bitnami/kubectl image to 1.30.2. ([6ef3641](6ef3641d82))
* **nubus:** Enable Keycloak's user account console. ([c03e4a5](c03e4a5340))
* **nubus:** Remove doublette ingress annotations. ([890b36e](890b36ecbb))
* **open-xchange:** Fixing YAML indentation of updater resources ([0ce346b](0ce346b162))
* **openproject:** Bump image to 14.2.0. ([1ad35f1](1ad35f1e12))
* **openproject:** Switch DBInit container image to Alpine based version to reduce footprint. ([c90f7c1](c90f7c1742))
* **openproject:** Update PostgreSQL image for DB init to 16.3. ([45e5699](45e569955d))
* **services:** Allow Postfix "relayHost" to be empty. ([7268f60](7268f607a5))
## [0.7.1](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v0.7.0...v0.7.1) (2024-05-21)
### Bug Fixes
* **ci:** Add Renovate dependency update automation. ([650c41c](650c41c3f0))
* **cryptpad:** Update Helm chart v0.0.19 and include CryptPad app in Helmfile deployment. ([931ed95](931ed95ce1))
* **docu:** Add IdP federation documentation. ([7167055](7167055303))
* **docu:** Rename SYNAPSE_DOMAIN to MATRIX_DOMAIN. If you use SYNAPSE_DOMAIN in your deployment, ensure you set the MATRIX_DOMAIN accordingly before upgrading. ([96baa6c](96baa6cc15))
* **element:** Provide certificate for alternative Synapse domain. ([88ac239](88ac2396e6))
* **helmfile:** Use Open CoDE as default registry for Univention helm chart ([#71](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/issues/71)). ([4e56ce4](4e56ce4073))
* **jitsi:** Bump images to stable-9457-2. ([1d47fa6](1d47fa681a))
* **jitsi:** Raise Jibri memory limits to fullfil Jibri's 2Gi /dev/shm requirement and update Helm chart; To update an existing installation you need to manually delete the `jitsi-prosody` stateful set before the update e.g. `kubectl -n <your_namespace> delete --cascade=orphan statefulsets jitsi-prosody`. Ensure you use the `--cascade=orphan` part, otherwise you have to remove and reinstall the complete deployment. ([6570c13](6570c13f3a))
* **nextcloud:** Bump to 28.0.5 incl. latest app versions. ([04d9372](04d9372cfc))
* **nubus:** Bump Keycloak to 24.0.3. ([923533d](923533d7b7))
* **nubus:** Enable 2FA for group "Domain Admins" by default. ([1179669](11796699bb))
* **nubus:** Update keycloak-bootstap and keycloak-extensions. ([1c6666f](1c6666fe45))
* **open-xchange:** Support change of username. ([b2cfa8b](b2cfa8b996))
* **openproject:** Bump version to 14.0.1, update Helm chart to 4.5.0. ([e085211](e0852119e8))
# [0.7.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v0.6.0...v0.7.0) (2024-05-06)
### Bug Fixes
* **ci:** Add debug option. Has to be supported by stage specific configuration containing: `debug.enabled: {{ env "DEBUG_ENABLED" | default false }}` ([3dc6484](3dc648421b))
* **element:** Provide the internal cluster domain to synapse web ([b9ac5ec](b9ac5ecf2d))
* **univention-management-stack:** Add the image configuration for NATS ([e9ec2f3](e9ec2f3a6e))
* **univention-management-stack:** Fix [#55](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/issues/55), [#35](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/issues/35) by updating chart "ums" to 0.11.2 and image "portal-listener" to 0.20.6; To update an existing installation you need to manually delete the `ums-portal-listener` stateful set before the update: `kubectl -n <your_namespace> delete statefulsets ums-portal-listener` ([2ad0270](2ad027082f))
* **univention-management-stack:** Migrate UDM-REST-API image to new Univention registry ([9be3b78](9be3b78761))
* **univention-management-stack:** Objectstore credentials ([d1bd43f](d1bd43fa95))
* **univention-management-stack:** Update Helm chart to 0.12.0 including required changes to openDesk Helmfile deployment. ([fefd2f6](fefd2f6cae))
* **univention-management-stack:** Use the NATS related image configuration ([cd22570](cd225703eb))
### Features
* **element:** Add support for Matrix federation ([36139b4](36139b42f1))
* **helmfile:** Introduce additional variables for mailDomain and synapseDomain ([e6fe2a7](e6fe2a7c18))
* **services:** Add opendesk-home service, which redirects on domain to portal ([c7e2172](c7e217208c))
## [0.5.79](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v0.5.78...v0.5.79) (2024-02-29)
### Bug Fixes
* **collabora:** Bump image to 23.05.9.2.1 ([f4b8226](f4b8226ea1))
* **collabora:** Fix aliasgroups configuration whitelisting the Nextcloud host ([8b065fd](8b065fd9d7))
* **docs:** Update version numbers of functional components for release in README.md ([31e5cf3](31e5cf317c))
* **element:** Provide end-to-end encryption as user controlled option ([3d31127](3d31127a6a))
* **helmfile:** Enhance objectore environment variables to allow external Object Store ([d444226](d4442261aa))
* **helmfile:** Set debuglevel to WARN instead of INFO when debug is not enabled. ([2efceef](2efceef076))
* **nextcloud:** Bump images to enable password_policy and fix email with groupware ([8807b24](8807b24ce0))
* **univention-management-stack:** Bump Keycloak Extensions chart and configure the `/univention/meta.json` to be retrieved from `ums-stack-gateway` to avoid the inline 404 during Keycloak login. ([2023d5b](2023d5bce4))
* **univention-management-stack:** Provisioning version bump ([410a023](410a023714))
* **univention-management-stack:** Template more Keycloak Extension values incl. logLevel ([7ec123b](7ec123b9a1))
## [0.5.77](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v0.5.76...v0.5.77) (2024-02-16)
### Bug Fixes
* **ci:** Complete CI var usage for external registry ([3bcdcd0](3bcdcd06b7))
* **ci:** Update openDesk CI Lint to v2.3.1 ([250ef2b](250ef2bc3f))
* **collabora:** Add chart validation ([0159902](01599022f1))
* **collabora:** Bump to 23.05.9.1.1 ([b525a81](b525a814fc))
* **cryptpad:** Update chart to v0.0.18 ([6f0b1f3](6f0b1f37fc))
* **docs:** Add functional component table referencing the component versions to README.md ([bc7eeb8](bc7eeb8c9d))
* **docs:** Add generated security-context.md ([d9e07ff](d9e07ff7bd))
* **element:** Change name of neodatefix bot job ([dd535da](dd535daac0))
* **element:** Disable e2ee ([ba0824b](ba0824bac3))
* **helmfile:** Add additional provisioning components and configuration ([110ff56](110ff56f74))
* **helmfile:** Add seLinuxOptions for all applications ([02d04fa](02d04faa2a))
* **helmfile:** Annotations in image.yaml ([7ebbd03](7ebbd03bdc))
* **helmfile:** Bump Collabora Chart to 1.11.1 and Image to 23.05.8.4.1 ([d2b1f0b](d2b1f0b07b))
* **helmfile:** Fix annotations in images.yaml ([acaec3b](acaec3b8ac))
* **helmfile:** Fix umsPortalFrontend image annotation ([8f83261](8f83261986))
* **helmfile:** Improve debugging ([56f5e35](56f5e35895))
* **nextcloud:** Bump openincryptpad to 0.3.3 and disable circles app ([f2b8acf](f2b8acfba8))
* **nextcloud:** Set backchannel logout url ([c0fc225](c0fc225349))
* **nextcloud:** Update image, nextcloud apps and chart ([fd2a66f](fd2a66f8f2))
* **nextcloud:** Update nextcloud image and chart to support upgrades ([5d95e7a](5d95e7ab2a))
* **nextcloud:** Update to Nextcloud to v28 ([7c9f38f](7c9f38f06e))
* **open-xchange:** Bump Gotenberg image ([49f126d](49f126d169))
* **open-xchange:** Dovecot image on OpenCoDE without mirror ([1396071](1396071865))
* **openproject:** Bump version to 13.3.0 ([c2087ef](c2087efcf9))
* **univention-management-stack:** New device login notifications on first login with 2FA ([ee1a337](ee1a337ab5))
* **univention-management-stack:** Patches not applied to uldap ([2909e1d](2909e1d821))
* **univention-management-stack:** Support for object-storage icons and portal files ([83ac645](83ac645fae))
* **univention-management-stack:** Update NGINX Helm chart to 15.9.3 ([c16c0ac](c16c0ac795))
* **univention-management-stack:** Update otterize to allow umc-server communication with memcached ([6c15dc1](6c15dc1d66))
* **xwiki:** Add bottom border to top nav bar to be aligned with the other components ([affa92c](affa92cde2))
* **xwiki:** Bump XWiki chart to 1.3.0 ([cabee0c](cabee0c9da))
