Split up Element and Nordeck widgets since they have different vendors

## [1.7.1](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.7.0...v1.7.1) (2025-08-26)

### Bug Fixes

* **collabora:** Update from 25.04.3 to 25.04.4 ([84d6b50](84d6b504d2))
* **helmfile:** When optional mail domain is set, use it as sender domain for system generated (noreply) mails ([bd4c997](bd4c997950))
* **jitsi:** Increase `patchJVB` job `backoffLimit` to avoid deployment failures on infrastructure where LoadBalancer services take longer to become available ([eb2a181](eb2a1811fb))
* **nextcloud:** Fetch central navigation from cluster internal service ([dd0e516](dd0e516778))
* **nextcloud:** Stop browser from caching server-generated files ([410a1ad](410a1ade69))
* **nextcloud:** Work around a bug that breaks the `nextcloud-management` job in case the theming `primary_color` was set in Nextcloud's web UI ([4aebe22](4aebe22f22))
* **notes:** Explicitly template security contexts; add missing ingress classes and pull secrets ([834c847](834c84768a))
* **nubus:** Remove temporary `nubusUdmListener` `livenessProbe` as recommended by supplier ([688a505](688a505ef7))
* **open-xchange:** Click on top bar logo to point to portal instead of mail inbox ([9f762a7](9f762a7c2e))
* **open-xchange:** Configure correct autoreply addresses and enable FTS in Dovecot EE ([997c083](997c083335))
* **open-xchange:** Explicitly deactivate DAV support if not enabled in `functional.yaml.gotmpl` ([62ba5ab](62ba5aba49))
* **open-xchange:** Fix FTS bulk delete in Dovecot EE ([cd2a356](cd2a356b89))
* **open-xchange:** Set mail quota using `functional.groupware.quota.default` ([67fe50e](67fe50e53c))
* **opendesk-static-files:** Serve missing `.png` favicons for Notes and the Nextcloud topbar logo ([42b1105](42b11059d2))
* **ox-connector:** Update OX Connector and OX Extension to v0.27.7 ([57c96af](57c96af5a5))
* **xwiki:** Templating of `imagePullSecrets` ([bbbcd68](bbbcd6807e))

.gitlab/merge_request_templates/Bugfix.md

@@ -44,14 +44,16 @@ Set labels:
 /label ~"Testautomation::👀"
 ```
 
-# 👷 Developer Checklist
+ # 👷 Developer Checklist
 
-- Does the MR include new bits and pieces (e.g. new secrets) that require documentation?
+**Documentation:**
-  - [ ] No.
-  - [ ] Yes, and the documentation was updated accordingly.
 
-Document in an extra comment and link to that comment:
+Does this MR introduce changes (e.g., new secrets, configuration options) that require documentation?
-- [ ] How you verified the fix is working as expected, also in upgrade scenarios.
+- [ ] No
-- [ ] Any regression testing done.
+- [ ] Yes, and the documentation has been updated accordingly
 
---> Link to comment:
+**Quality Assurance:**
+- [ ] Verified that the feature works as expected, including upgrade scenarios
+- [ ] Performed regression testing
+- Link to internal comment(s) with detailed QA results (to avoid exposing infrastructure details):
+  - ...

.gitlab/merge_request_templates/Feature.md

@@ -36,12 +36,14 @@ Set labels:
 
 # 👷 Developer Checklist
 
-- Does the MR include new bits and pieces (e.g. new secrets) that require documentation?
+**Documentation:**
-  - [ ] No.
-  - [ ] Yes, and the documentation was updated accordingly.
 
-Document in an extra comment and link to that comment:
+Does this MR introduce changes (e.g., new secrets, configuration options) that require documentation?
-- [ ] How you verified the feature is working as expected, also in upgrade scenarios.
+- [ ] No
-- [ ] Any regression testing done.
+- [ ] Yes, and the documentation has been updated accordingly
 
---> Link to comment:
+**Quality Assurance:**
+- [ ] Verified that the feature works as expected, including upgrade scenarios
+- [ ] Performed regression testing
+- Link to internal comment(s) with detailed QA results (to avoid exposing infrastructure details):
+  - ...

.gitlab/merge_request_templates/Other.md

@@ -30,12 +30,14 @@ Set labels:
 
 # 👷 Developer Checklist
 
-- Does the MR include new bits and pieces (e.g. new secrets) that require documentation?
+**Documentation:**
-  - [ ] No.
-  - [ ] Yes, and the documentation was updated accordingly.
 
-Document in an extra comment and link to that comment:
+Does this MR introduce changes (e.g., new secrets, configuration options) that require documentation?
-- [ ] How you verified the change is working as expected, also in upgrade scenarios.
+- [ ] No
-- [ ] Any regression testing done.
+- [ ] Yes, and the documentation has been updated accordingly
 
---> Link to comment:
+**Quality Assurance:**
+- [ ] Verified that the feature works as expected, including upgrade scenarios
+- [ ] Performed regression testing
+- Link to internal comment(s) with detailed QA results (to avoid exposing infrastructure details):
+  - ...

.gitlab/merge_request_templates/Update.md

@@ -28,14 +28,16 @@ Set labels:
 /label ~"Testautomation::👀"
 ```
 
-## 👷 Developer Checklist
+# 👷 Developer Checklist
 
-- Does the MR include new bits and pieces (e.g. new secrets) that require documentation?
+**Documentation:**
-  - [ ] No.
-  - [ ] Yes, and the documentation was updated accordingly.
 
-Document in an extra comment and link to that comment:
+Does this MR introduce changes (e.g., new secrets, configuration options) that require documentation?
-- [ ] How you verified the update is working as expected, also in upgrade scenarios.
+- [ ] No
-- [ ] Any regression testing done.
+- [ ] Yes, and the documentation has been updated accordingly
 
---> Link to comment:
+**Quality Assurance:**
+- [ ] Verified that the feature works as expected, including upgrade scenarios
+- [ ] Performed regression testing
+- Link to internal comment(s) with detailed QA results (to avoid exposing infrastructure details):
+  - ...

CHANGELOG.md

@@ -1,3 +1,25 @@
+## [1.7.1](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.7.0...v1.7.1) (2025-08-26)
+
+
+### Bug Fixes
+
+* **collabora:** Update from 25.04.3 to 25.04.4 ([84d6b50](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/84d6b504d21e687de3fb4cdabafc9cff6fe1f1d7))
+* **helmfile:** When optional mail domain is set, use it as sender domain for system generated (noreply) mails ([bd4c997](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/bd4c997950750e36168434e82daf48f20d0a42df))
+* **jitsi:** Increase `patchJVB` job `backoffLimit` to avoid deployment failures on infrastructure where LoadBalancer services take longer to become available ([eb2a181](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/eb2a1811fb1d11b0dd0ea0e9987f96846a855ac7))
+* **nextcloud:** Fetch central navigation from cluster internal service ([dd0e516](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/dd0e516778104c47ef990d95d01bdec6b33d9bab))
+* **nextcloud:** Stop browser from caching server-generated files ([410a1ad](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/410a1ade6907f676d3c4cbc68b33754e0e41e9fb))
+* **nextcloud:** Work around a bug that breaks the `nextcloud-management` job in case the theming `primary_color` was set in Nextcloud's web UI ([4aebe22](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/4aebe22f22dc9e679563a46687ebdc8793c281e8))
+* **notes:** Explicitly template security contexts; add missing ingress classes and pull secrets ([834c847](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/834c84768a3a6537990e27377acb170b6269dfb0))
+* **nubus:** Remove temporary `nubusUdmListener` `livenessProbe` as recommended by supplier ([688a505](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/688a505ef780e7c81006a73db6465ef75dea1404))
+* **open-xchange:** Click on top bar logo to point to portal instead of mail inbox ([9f762a7](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/9f762a7c2ea3f8e4d3207d8d2aae44597a366ee0))
+* **open-xchange:** Configure correct autoreply addresses and enable FTS in Dovecot EE ([997c083](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/997c083335b79aa7446894b6ebbb6ed1d5950a3d))
+* **open-xchange:** Explicitly deactivate DAV support if not enabled in `functional.yaml.gotmpl` ([62ba5ab](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/62ba5aba496af40208a13abeb6c8f1de62e98e35))
+* **open-xchange:** Fix FTS bulk delete in Dovecot EE ([cd2a356](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/cd2a356b89249b8a163f2becc57832164bc6c8e5))
+* **open-xchange:** Set mail quota using `functional.groupware.quota.default` ([67fe50e](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/67fe50e53c7477016efe3b3d90c63214928f165c))
+* **opendesk-static-files:** Serve missing `.png` favicons for Notes and the Nextcloud topbar logo ([42b1105](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/42b11059d29d6445e1e4e3309ad7a9a026b56c92))
+* **ox-connector:** Update OX Connector and OX Extension to v0.27.7 ([57c96af](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/57c96af5a545a6a6851926b85bca0dc24263b55e))
+* **xwiki:** Templating of `imagePullSecrets` ([bbbcd68](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/bbbcd6807e972c6120d90df52b8ffe9da03ebce3))
+
 # [1.7.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.6.0...v1.7.0) (2025-08-11)
 
 

README.md

@@ -34,7 +34,8 @@ openDesk currently features the following functional main components:
 
 | Function             | Functional Component        | License                                                                                | Component<br/>Version                                                                                                        | Upstream Documentation                                                                                                                |
 |----------------------|-----------------------------|----------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|
-| Chat & collaboration | Element ft. Nordeck widgets | AGPL-3.0-or-later (Element Web), AGPL-3.0-only (Synapse), Apache-2.0 (Nordeck widgets) | [1.11.89](https://github.com/element-hq/element-web/releases/tag/v1.11.89)                                                   | [For the most recent release](https://element.io/user-guide)                                                                          |
+| Chat                 | Element ft. Nordeck widgets | AGPL-3.0-or-later (Element Web), AGPL-3.0-only (Synapse),                              | [1.11.89](https://github.com/element-hq/element-web/releases/tag/v1.11.89)                                                   | [For the most recent release](https://element.io/user-guide)                                                                          |
+| Chat widgets         | Nordeck widgets             | Apache-2.0                                                                             |                                                                                                                              | [For the most recent release](https://nordeck.net/element-widgets)                                                                    |
 | Collaborative notes  | Notes (aka Docs)            | MIT                                                                                    | [3.2.1](https://github.com/suitenumerique/docs/releases/tag/v3.2.1)                                                          | Online documentation/welcome document available in installed application                                                              |
 | Diagram editor       | CryptPad ft. diagrams.net   | AGPL-3.0-only                                                                          | [2024.9.0](https://github.com/cryptpad/cryptpad/releases/tag/2024.9.0)                                                       | [For the most recent release](https://docs.cryptpad.org/en/)                                                                          |
 | File management      | Nextcloud                   | AGPL-3.0-or-later                                                                      | [31.0.6](https://nextcloud.com/de/changelog/#31-0-6)                                                                         | [Nextcloud 31](https://docs.nextcloud.com/)                                                                                           |
@@ -43,7 +44,7 @@ openDesk currently features the following functional main components:
 | Portal & IAM         | Nubus                       | AGPL-3.0-or-later                                                                      | [1.12.0](https://docs.software-univention.de/nubus-kubernetes-release-notes/1.x/en/1.12.html#version-1-12-0-2025-07-31)      | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html)                                             |
 | Project management   | OpenProject                 | GPL-3.0-only                                                                           | [16.2.1](https://www.openproject.org/docs/release-notes/16-2-1/)                                                             | [For the most recent release](https://www.openproject.org/docs/user-guide/)                                                           |
 | Videoconferencing    | Jitsi                       | Apache-2.0                                                                             | [2.0.9955](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9955)                                        | [For the most recent  release](https://jitsi.github.io/handbook/docs/category/user-guide/)                                            |
-| Weboffice            | Collabora                   | MPL-2.0                                                                                | [25.04.3](https://www.collaboraoffice.com/code-25-04-release-notes/)                                                         | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/)        |
+| Weboffice            | Collabora                   | MPL-2.0                                                                                | [25.04.4](https://www.collaboraoffice.com/code-25-04-release-notes/)                                                         | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/)        |
 
 While not all components are perfectly designed for the execution inside containers, one of the project's objectives is to
 align the applications with best practices regarding container design and operations.

dev/charts-local.py

@@ -129,7 +129,7 @@ def grep_yaml(file):
     with open(file, 'r') as file:
         content = ''
         for line in file.readlines():
-            if not ': {{' in line and not '- {{' in line:
+            if not '{{' in line:
                 content += line
     return yaml.safe_load(content)
 

docs/migrations.md

@@ -96,7 +96,7 @@ Manual checks and possible activities are also required by openDesk updates, the
 
 We cannot hold back all migrations as some are required e.g. due to a change in a specific component that we want/need to update, we try to bundle others only with major releases.
 
-This section should provide you with an overview of what changes to expect in the next major release (openDesk 2.0) expected in September 2025.
+This section provides an overview of potential changes to be part of the next major release (openDesk 2.0).
 
 - `functional.portal.link*` (see `functional.yaml.gotmpl` for details) are going to be moved into the `theme.*` tree, we are also going to move the icons used for the links currently found under `theme.imagery.portalEntries` in this step.
 - We will explicitly set the [database schema configuration](https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Configuration/#HConfigurethenamesofdatabaseschemas) for XWiki to avoid the use of the `public` schema.

docs/security-context.md

@@ -172,9 +172,9 @@ This list gives you an overview of templated security settings and if they compl
 | **nextcloud**/opendesk-nextcloud-notifypush | :white_check_mark: | no | no | yes | yes | 101 | 101 | yes | yes |
 | **nextcloud**/opendesk-nextcloud/aio | :white_check_mark: | no | no | yes | yes | 101 | 101 | yes | yes |
 | **nextcloud**/opendesk-nextcloud/exporter | :white_check_mark: | no | no | yes | yes | 65532 | 65532 | yes | yes |
-| **notes**/impress/backend | :x: | n/a | n/a | n/a | n/a | n/a | n/a | n/a | no |
+| **notes**/impress/backend | :white_check_mark: | no | no | yes | yes | 1001 | 1001 | yes | yes |
-| **notes**/impress/frontend | :x: | n/a | n/a | n/a | n/a | n/a | n/a | n/a | no |
+| **notes**/impress/frontend | :white_check_mark: | no | no | yes | yes | 1000 | 1000 | yes | yes |
-| **notes**/impress/y-provider | :x: | n/a | n/a | n/a | n/a | n/a | n/a | n/a | no |
+| **notes**/impress/y-provider | :white_check_mark: | no | no | yes | yes | 1001 | 1001 | yes | yes |
 | **nubus**/intercom-service | :white_check_mark: | no | no | yes | yes | 1000 | 1000 | yes | yes |
 | **nubus**/intercom-service/provisioning | :x: | n/a | n/a | n/a | n/a | n/a | n/a | yes | no |
 | **nubus**/opendesk-keycloak-bootstrap | :white_check_mark: | no | no | yes | yes | 1000 | 1000 | yes | yes |

helmfile/apps/collabora/values.yaml.gotmpl

@@ -20,6 +20,11 @@ collabora:
     --o:num_prespawn_children={{ .Values.technical.collabora.numPrespawnChildren }}
     --o:remote_font_config.url=https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}/apps/richdocuments/settings/fonts.json
     --o:net.proto={{ if eq .Values.cluster.networking.ipFamilies "DualStack" }}all{{ else }}{{ .Values.cluster.networking.ipFamilies }}{{ end }}
+    --o:security.enable_macros_execution={{ .Values.functional.weboffice.macros.enabled }}
+    --o:security.macro_security_level={{- $val := printf "%v" .Values.functional.weboffice.macros.securityLevel -}}{{- if or (eq $val "0") (eq $val "1") -}}{{ $val }}
+      {{- else -}}
+      {{ fail (printf "Invalid value for functional.weboffice.macros.securityLevel: '%s'. Allowed values: 0 or 1" $val) }}
+      {{- end }}
     {{- if .Values.debug.enabled }}
     --o:logging.level=debug
     {{- else }}

helmfile/apps/jitsi/values-jitsi.yaml.gotmpl

@@ -302,6 +302,7 @@ jitsi:
   {{- end }}
 
 patchJVB:
+  backoffLimit: 12
   configuration:
     staticLoadbalancerIP: {{ .Values.cluster.networking.ingressGatewayIP | quote }}
     loadbalancerStatusField: {{ .Values.cluster.networking.loadBalancerStatusField | quote }}

helmfile/apps/nextcloud/values-nextcloud-management.yaml.gotmpl

@@ -130,6 +130,7 @@ configuration:
 
   opendeskIntegration:
     centralNavigation:
+      jsonUrl: "http://ums-portal-server/portal/navigation.json"
       username:
         value: "opendesk_username"
       password:

helmfile/apps/nubus/values-opendesk-keycloak-bootstrap.yaml.gotmpl

@@ -101,6 +101,8 @@ config:
     revokeRefreshToken: {{ .Values.functional.authentication.realmSettings.revokeRefreshToken }}
     ssoSessionIdleTimeout: {{ .Values.functional.authentication.realmSettings.ssoSessionIdleTimeout }}
     ssoSessionMaxLifespan: {{ .Values.functional.authentication.realmSettings.ssoSessionMaxLifespan }}
+    accessCodeLifespanUserAction: {{ .Values.functional.authentication.realmSettings.accessCodeLifespanUserAction }}
+    accessCodeLifespanLogin: {{ .Values.functional.authentication.realmSettings.accessCodeLifespanLogin }}
     offlineSessionIdleTimeout: {{ .Values.functional.authentication.realmSettings.offlineSessionIdleTimeout }}
     offlineSessionMaxLifespanEnabled: {{ .Values.functional.authentication.realmSettings.offlineSessionMaxLifespanEnabled }}
     offlineSessionMaxLifespan: {{ .Values.functional.authentication.realmSettings.offlineSessionMaxLifespan }}

helmfile/apps/opendesk-services/values-opendesk-static-files.yaml.gotmpl

@@ -27,7 +27,7 @@ assets:
     paths:
       - path: "/resources/...../login/UCS/img/favicon.ico"
         data: {{ .Values.theme.imagery.login.faviconIco }}
-      - path: "/static-files/login/logo.svg"
+      - path: "/opendesk-static-files/login/logo.svg"
         data: {{ .Values.theme.imagery.login.logoSvg }}
   nextcloud:
     subdomain: {{ .Values.global.hosts.nextcloud }}
@@ -36,11 +36,18 @@ assets:
         data: {{ .Values.theme.imagery.files.faviconPng }}
       - path: "/core/img/favicon.ico"
         data: {{ .Values.theme.imagery.files.faviconIco }}
+      - path: "/apps/integration_swp/logo"
+        data: {{ .Values.theme.imagery.logoHeaderSvgB64 }}
+        mimeType: "image/svg+xml"
   notes:
     subdomain: {{ .Values.global.hosts.notes }}
     paths:
       - path: "/favicon.ico"
         data: {{ .Values.theme.imagery.notes.faviconIco }}
+      - path: "/favicon.png"
+        data: {{ .Values.theme.imagery.notes.faviconPng }}
+      - path: "/favicon-dark.png"
+        data: {{ .Values.theme.imagery.notes.faviconPng }}
   openproject:
     subdomain: {{ .Values.global.hosts.openproject }}
     paths:
@@ -64,7 +71,6 @@ assets:
         data: {{ .Values.theme.imagery.portal.waitingSpinnerSvg }}
       - path: "/static-files/login/background.jpg"
         data: {{ .Values.theme.imagery.login.backgroundJpg }}
-
   xwiki:
     subdomain: {{ .Values.global.hosts.xwiki }}
     paths:

helmfile/environments/default-enterprise-overrides/charts.yaml.gotmpl

@@ -6,7 +6,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "zendis/opendesk-enterprise/components/product-development/charts/opendesk-dovecot-pro"
     name: "dovecot"
-    version: "3.1.7"
+    version: "3.1.8"
     verify: true
   oxAppSuite:
     registry: "registry.opencode.de"

helmfile/environments/default-enterprise-overrides/images.yaml.gotmpl

@@ -5,8 +5,7 @@ images:
   collabora:
     registry: "registry.opencode.de"
     repository: "zendis/opendesk-enterprise/components/supplier/collabora/images/collabora-online-for-opendesk"
-    tag: "25.04.3.4.1@sha256:929ce210bb1ff46275af64e94ce02ab0a0470572eba8251ad35b8b4296c3a171"
+    tag: "25.04.4.3.1@sha256:b0b5fa9b061df1e8473dff9bb2cf295ab41bd7b35a78b785de518883b07e97c2"
-
   dovecot:
     registry: "registry.opencode.de"
     repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/images-mirror/dovecot-pro"
@@ -14,7 +13,7 @@ images:
   nextcloud:
     registry: "registry.opencode.de"
     repository: "zendis/opendesk-enterprise/components/supplier/nextcloud/images/opendesk-nextcloud"
-    tag: "31.0.6@sha256:cf893f2a7e1613a8c7641651c8a459f321c8bbbd234071b89f5638163ada00ef"
+    tag: "1.6.3@sha256:2a60cf286952f7762ddb32c3de2bb1359a657d739b507f8b077504fe5d0c7c11"
   openxchangeCoreMW:
     registry: "registry.opencode.de"
     repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/images-mirror/middleware-public-sector-pro"

helmfile/environments/default/charts.yaml.gotmpl

@@ -149,7 +149,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-jitsi"
     name: "opendesk-jitsi"
-    version: "3.1.0"
+    version: "3.2.0"
     verify: true
   mariadb:
     # providerCategory: "Platform"
@@ -249,7 +249,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
     name: "opendesk-nextcloud"
-    version: "4.4.0"
+    version: "4.4.1"
     verify: true
   nextcloudManagement:
     # providerCategory: "Platform"
@@ -259,7 +259,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
     name: "opendesk-nextcloud-management"
-    version: "4.4.0"
+    version: "4.4.1"
     verify: true
   nextcloudNotifyPush:
     # providerCategory: "Platform"
@@ -269,7 +269,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
     name: "opendesk-nextcloud-notifypush"
-    version: "4.4.0"
+    version: "4.4.1"
     verify: true
   nginx:
     # providerCategory: "Community"
@@ -351,7 +351,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-static-files"
     name: "opendesk-static-files"
-    version: "4.0.1"
+    version: "4.1.0"
     verify: true
   openproject:
     # providerCategory: "Supplier"
@@ -417,7 +417,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
     name: "ox-connector"
-    version: "0.27.2"
+    version: "0.27.7"
     verify: true
   postfix:
     # providerCategory: "Platform"

helmfile/environments/default/functional.yaml.gotmpl

@@ -25,18 +25,47 @@ functional:
       clients: ~
       # Define additional/custom OIDC client scopes to be created in the 'opendesk' realm within Keycloak.
       clientScopes: ~
-    # Configure global settings of the 'opendesk' realm within Keycloak. The values are directly
+    # Global settings of the 'opendesk' realm within Keycloak. The values are used to set Keycloak's realm attributes
-    # passed into the `realmSettings` section of the `opendesk-keycloak-bootstrap` chart.
+    # of the same name and are applied by `opendesk-keycloak-bootstrap`.
     # Ref.: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-keycloak-bootstrap
     # Note: Global settings can potentially be overridden on a client level.
+    # Note: All numeric "Lifespan" values are defined in seconds.
     realmSettings:
+      # The lifespan of an access token in seconds.
+      # Ref.: https://www.keycloak.org/docs/latest/server_admin > "Access Token Lifespan"
       accessTokenLifespan: 300
+      # If true, refresh tokens are revoked after use. If false, they can be reused until they expire.
+      # Ref.: https://www.keycloak.org/docs/latest/server_admin > "Revoke Refresh Token"
       revokeRefreshToken: false
+      # Maximum time of inactivity before the SSO session is invalidated.
+      # Applies to logged-in user sessions.
+      # Ref.: https://www.keycloak.org/docs/latest/server_admin > "SSO Session Idle "
       ssoSessionIdleTimeout: 14400
+      # Absolute maximum time a session can exist, regardless of activity.
+      # After this, the user is forced to re-authenticate.
+      # Ref.: https://www.keycloak.org/docs/latest/server_admin/#_sso_session_max
       ssoSessionMaxLifespan: 57600
+      # Maximum time a user has to complete login related actions like update password or configure totp.
+      accessCodeLifespanUserAction: 300
+      # Maximum time a user has to complete a login.
+      accessCodeLifespanLogin: 1800
+      # How long offline sessions remain valid when idle.
+      # Offline sessions are typically used with refresh tokens for background tasks or mobile apps.
+      # Ref.: https://www.keycloak.org/docs/latest/server_admin/ > "Offline Session Idle"
       offlineSessionIdleTimeout: 2592000
+      # Whether to enforce an absolute max lifespan on offline sessions.
+      # If false, only the idle timeout applies.
+      # Ref.: https://www.keycloak.org/docs/latest/server_admin/ > "Offline Session Max Limited"
       offlineSessionMaxLifespanEnabled: false
+      # Max total lifespan for offline sessions.
+      # Only applies if `offlineSessionMaxLifespanEnabled` is true.
+      # Here it's set, but will not be enforced unless enabled.
+      # Ref.: https://www.keycloak.org/docs/latest/server_admin/ > "Offline Session Max"
       offlineSessionMaxLifespan: 5184000
+      # The following `client*` settings are timeout settings for client sessions on a per client basis.
+      # Their logic follows the `ssoSession*` and `offlineSession*` settings.
+      # A value of 0 disables this timeout.
+      # Ref.: https://www.keycloak.org/docs/latest/server_admin/ > "Client Session Idle"
       clientSessionIdleTimeout: 0
       clientSessionMaxLifespan: 0
       clientOfflineSessionIdleTimeout: 0
@@ -172,7 +201,7 @@ functional:
     # Link to the legal notice shown in the portal menu, set to "~" if you want to remove the link
     linkLegalNotice: "https://opendesk.eu/impressum"
     # Link to the privacy statement shown in the portal menu, set to "~" if you want to remove the link
-    linkPrivacyStatement: "https://zendis.de/datenschutzerklaerung"
+    linkPrivacyStatement: "https://www.zendis.de/datenschutzerklarung"
     # Link to documentation, shown in the right lower corner of the portal, set to "~" if you want to remove the link
     linkDocumentation: "https://docs.opendesk.eu/"
     # Link to support, shown in the right lower corner of the portal, set to "~" if you want to remove the link
@@ -193,5 +222,13 @@ functional:
     # You can choose between "ODF" and "OOXML".
     # Ref.: https://en.wikipedia.org/wiki/Comparison_of_Office_Open_XML_and_OpenDocument
     defaultFormat: "ODF"
-
+    # Macro related options.
+    macros:
+      # Specifies whether the macro execution (Basic and Python scripts) is enabled in general.
+      # If set to false, the `securityLevel` is ignored.
+      enabled: false
+      # Chose from the following values:
+      # 1: Confirmation required before executing macros from untrusted sources.
+      # 0: All macros will be executed without confirmation.
+      securityLevel: 1
 ...

helmfile/environments/default/global.generated.yaml.gotmpl

@@ -3,5 +3,5 @@
 ---
 global:
   systemInformation:
-    releaseVersion: "v1.7.0"
+    releaseVersion: "v1.7.1"
 ...

helmfile/environments/default/images.yaml.gotmpl

@@ -50,7 +50,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/supplier/collabora/images/collabora-online-for-opendesk"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/collabora/images/collabora-online-for-opendesk"
-    tag: "25.04.3.2.1@sha256:e2940b19d855bf6e557c445aaf5b2b7db978af9aeae7e6400bfcc99411dd8bb9"
+    tag: "25.04.4.3.1@sha256:2ba934fb0dc18965bfaf19151017205b0a85af8b069bc34c994a8eae0b4bee34"
   collaboraController:
     # Enterprise Component
     # providerCategory: "Supplier"
@@ -332,7 +332,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
-    tag: "31.0.6@sha256:0fc39982b568383b531e7b5864c421725085bb70787a44cb30e401d6face8efa"
+    tag: "2.10.3@sha256:93fc967cebb24508b5903c15a83af5c038aa006a5c091a41a7bcd81ae14a69bb"
   nextcloudExporter:
     # providerCategory: "Platform"
     # providerResponsible: "openDesk"
@@ -590,7 +590,7 @@ images:
     # upstreamMirrorStartFrom: ["0", "10", "0"]
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/univention/images-mirror/ox-extension"
-    tag: "0.27.2@sha256:7bb54f5ae0e797172fb92bd7a8a479f179ebd51c1fb5af98fa7b6025f9ffaca4"
+    tag: "0.27.7@sha256:c0ec68bbd79707de8f4d8efe7aa2b0d907ea3207865fed7a0c8e8ef1806ef70d"
   nubusPortalConsumer:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -908,7 +908,7 @@ images:
     # upstreamMirrorStartFrom: ["0", "4", "2"]
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/univention/images-mirror/ox-connector-standalone"
-    tag: "0.27.2@sha256:4753a1d4a01acb7c6946fc9c8596fd328afe0d3c0b3098adfe85cef89fb1b7d7"
+    tag: "0.27.7@sha256:de5153eca1607686f7c42e8bfc89103d346947e779e40c4f63992009a3ee2fef"
   postfix:
     # providerCategory: "Platform"
     # providerResponsible: "openDesk"

helmfile/environments/default/theme.yaml.gotmpl

@@ -68,6 +68,7 @@ theme:
 
     notes:
       faviconIco: {{ readFile "./../../files/theme/notes/favicon.ico" | b64enc | quote }}
+      faviconPng: {{ readFile "./../../files/theme/notes/favicon.png" | b64enc | quote }}
 
     portal:
       faviconIco: {{ readFile "./../../files/theme/portal/favicon/favicon.ico" | b64enc | quote }}
@@ -76,9 +77,9 @@ theme:
       appleTouchIcon: {{ readFile "./../../files/theme/portal/favicon/apple-touch-icon.png" | b64enc | quote }}
       webManifestIcon192: {{ readFile "./../../files/theme/portal/favicon/web-app-manifest-192x192.png" | b64enc | quote }}
       webManifestIcon512: {{ readFile "./../../files/theme/portal/favicon/web-app-manifest-512x512.png" | b64enc | quote }}
-
       waitingSpinnerSvg: {{ readFile "./../../files/theme/portal/waiting-spinner.svg" | b64enc | quote }}
       backgroundSvg: {{ readFile "./../../files/theme/portal/background.svg" | b64enc | quote }}
+
     portalTiles:
       adminAnnouncement: {{ readFile "./../../files/theme/admin_announcements/favicon.svg" | b64enc | quote }}
       adminFunctionalmailbox: {{ readFile "./../../files/theme/admin_functionalmailbox/favicon.svg" | b64enc | quote }}

helmfile/files/theme/portal/stylesheet.css

@@ -94,7 +94,7 @@
   --select-arrow: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAXCAYAAADgKtSgAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAABkSURBVHgB7Y3BCQAhDAS3BEtICVeCJdi5JVwpGsGHiGLECD4ysL9lBjCMpwk8En6p/kV4XuL9WAeo/sr/gwDHi4JAK47YYBXoxQ6bzALH4lnAa4lHgaQpHgVUxW0g4ILYMC6TAZ0BJA3bxN3RAAAAAElFTkSuQmCC');
   --layout-height-header: 63px;
   /* Keycloak user screens logo */
-  --login-logo: url("/static-files/login/logo.svg") no-repeat center;
+  --login-logo: url("/opendesk-static-files/login/logo.svg") no-repeat center;
 }
 
 button {

publiccode.yml

@@ -22,8 +22,8 @@ name: "openDesk"
 platforms:
   - "web"
 developmentStatus: "stable"
-softwareVersion: "1.7.0"
+softwareVersion: "1.7.1"
-releaseDate: "2025-08-11"
+releaseDate: "2025-08-26"
 softwareType: "standalone/web"
 url: "https://gitlab.opencode.de/bmi/opendesk/"
 logo: ".opencode/openDesk-logo-rgb-color.svg"