opendesk/CHANGELOG.md

1.10.0 (2025-11-24)

Bug Fixes

• collabora: Update Controller to 1.1.6 incl. Helm chart update to 1.1.10 (d25c95f)
• collabora: Update from 25.04.5 to 25.04.6 (8de0f5d)
• external-services: Create nubus_authsession database (ec72602)
• helmfile: Enable verification for XWiki Helm chart (5104793)
• helmfile: Streamline annotations (7aa717c)
• nubus: Remove legacy UMC Keycloak client that was used for SAML connection with the Nubus portal (152221f)
• open-xchange: Only enable smtpSASLAuthEnable when relayHost is set (70bbbf3)
• open-xchange: Optimize Dovecot Pro full-text search caches; review migrations.md for required upgrade steps (f3f707c)
• open-xchange: Template SASL security options (684c6d4)
• open-xchange: Update Dovecot configuration based on supplier's best practise review (850761e)
• opendesk-static-files: [#260] Fix doublette creation of configmap data keys when the same file is referenced multiple times for a component (b5a76be)
• openproject: Update from 16.1.0 to 16.1.1 (62fae99)
• xwiki: Update XWiki from 17.4.4 to 17.4.7 (02a3b77)

Features

• jitsi: Update from 2.0.10431 to 2.0.10590 (f5aad1f)
• nubus: Update from v1.14.0 to v1.15.2 (12379d6)
• open-xchange: Support for LDAP group based mailing lists (cc94f0c)
• openproject: Update OpenProject from 16.5.1 to 16.6.0 (19438c0)

1.9.0 (2025-11-07)

Bug Fixes

• collabora: Update from 25.04.4.3.1 to 25.04.5.3.1 (e0128e6)
• element: Increase message and media rate limits (13968a8)
• element: Update favicon to use PNG version (f8104f6)
• element: Update Synapse from v1.137.0 to v1.141.0; fixes https://github.com/element-hq/synapse/security/advisories/GHSA-fh66-fcv5-jjfr which applies to all openDesk deployments using Element/Matrix with federation enabled (02d3021)
• element: Update widgets primary color theme settings (94394a1)
• gitlab: Add issue templates (26da7e3)
• helmfile: Support setting the defaultLanguage - relevant for OX App Suite and XWiki - in functional.yaml.gotmpl (24065db)
• helmfile: Use passwords defined in database.yaml.gotmpl for Cassandra when available (0268219)
• notes: Fix python path for self signed certs (c4279d1)
• notes: Fix repeated redirects on expired session; Remove fetching of external assets (c1012f4)
• open-xchange: Don't enable sasl auth when no relay host is set (ff3b221)
• open-xchange: Enable and configure defaults for ContactCollector, remove legacy config artifacts (465f60d)
• open-xchange: Use masterpassword for mailfilter in migration Pods; use PLAIN instead of OAuth for SASL (484dfaf)
• ox-connector: Use FQDN for internal service URLs (8593d5f)

Features

• helmfile: Add toggle for external mail client onboarding and allow non-default FQDNs for IMAP and SMTP endpoints (25a97ab)
• open-xchange: Enable XRechnung in Viewer (08e6ec5)
• openproject: Update from 16.4.1 to 16.5.1 (74cf2ee)

1.8.0 (2025-09-25)

Bug Fixes

• clamav: [bmi/opendesk/deployment/opendesk#234] Update Helm chart to support conditional proxy credentials (dee7525)
• element: Let Synapse create room v12 by default; review migrations.md for details (af9d4cd)
• helmfile: Add more detailed descriptions on functional.authentication.realmSettings and provide two accessCodeLifespan* options (0314a70)
• helmfile: Do not set portal "Support" link by default (776fe92)
• intercom-service: Update from v2.19.0 to v2.19.5 (3305dfa)
• jitsi: [bmi/opendesk/deployment/opendesk#228] Turn off Gravatar option, by default this still keeps the input field in the Jitsi UI, but does not longer issue requests to gravatar.com; check migrations.md in case the option should be enabled (083fa98)
• nextcloud: App "Spreed" and core app "Comments" not enabled by default; review migrations.md for potential upgrade steps (31d35b2)
• nextcloud: Update from 31.0.6 to 31.0.7 including the latest app versions (f848b9a)
• open-xchange: Add client onboarding for mail (d8fc3e0)
• open-xchange: Set guest mode to inherit theming and set theme for notification mail button (f2ce251)
• open-xchange: Switch off Element integration when apps.element.enabled: [secure] (7a2dbc5)
• open-xchange: Update Dovecot charts with improved auth cache defaults (836d8a4)
• opendesk-certificates: [bmi/opendesk/deployment/opendesk#236] Update Helm chart to add commonName to certificate (2e708a7)
• openproject: [bmi/opendesk/deployment/opendesk#228] Turn off Gravatar option by default; check migrations.md in case the option should be enabled (628e914)
• ox-connector: Update from v0.27.7 to v0.27.9 (ba77f2b)
• postfix: Relax TLS settings to TLSv1.2/medium for broader SMTP relay compatibility (31cbd9a)
• xwiki: Update image to set new default for user self-registration; review migrations.md for required actions on existing deployments (c75abaf)

Features

• collabora: Support for macro execution controlled by functional.weboffice.macros.enabled (default: [secure]) (38f2bdd)
• cryptpad: Update from 2024.6.1 to 2025.6.0 (23dfe0a)
• element: Update Element-Web from 1.11.89 or 1.12.0 and Synapse from 1.129.0 to 1.137.0 (f895bcc)
• element: Update NeoBoard widget to v2.3.1, NeoChoice widget to v1.6.0, NeoDateFix widget to v1.7.2 and NeoDateFix bot to 2.8.5 (b377a5e)
• jitsi: Upgrade from stable-9955 to stable-10431 (e138610)
• nextcloud: Expose forbiddenChars in functional.yaml.gotmpl; review migrations.md for required upgrade steps (5a2c1fc)
• notes: Update from 3.2.1 to 3.4.0 (c636650)
• nubus: Update from 1.12.0 to 1.13.1 (35424b8)
• nubus: Update from v1.13.1 to v1.14.0 using OIDC instead of SAML for portal SSO; review migrations.md for required upgrade steps (d3b1f57)
• open-xchange: Add options to functional.groupware; review migrations.md for details on new defaults/required upgrade steps (8a7cc3b)
• open-xchange: Enable mail categories (4da1c5d)
• open-xchange: Update from 8.39 to 8.40 (c70a0bd)
• open-xchange: Update from 8.40 to 8.41 (c50b817)
• openproject: Update OpenProject from 16.2.1 to 16.3.2 (f77f329)
• openproject: Update OpenProject from 16.3.2 to 16.4.1 (f5483d1)
• xwiki: Update from 16.10.5 to 17.4.4 and configure openDesk's Collabora for .odt, .rtf and .docx export of wiki pages (813e92c)

1.7.1 (2025-08-26)

Bug Fixes

• collabora: Update from 25.04.3 to 25.04.4 (84d6b50)
• helmfile: When optional mail domain is set, use it as sender domain for system generated (noreply) mails (bd4c997)
• jitsi: Increase patchJVB job backoffLimit to avoid deployment failures on infrastructure where LoadBalancer services take longer to become available (eb2a181)
• nextcloud: Fetch central navigation from cluster internal service (dd0e516)
• nextcloud: Stop browser from caching server-generated files (410a1ad)
• nextcloud: Work around a bug that breaks the nextcloud-management job in case the theming primary_color was set in Nextcloud's web UI (4aebe22)
• notes: Explicitly template security contexts; add missing ingress classes and pull secrets (834c847)
• nubus: Remove temporary nubusUdmListener livenessProbe as recommended by supplier (688a505)
• open-xchange: Click on top bar logo to point to portal instead of mail inbox (9f762a7)
• open-xchange: Configure correct autoreply addresses and enable FTS in Dovecot EE (997c083)
• open-xchange: Explicitly deactivate DAV support if not enabled in functional.yaml.gotmpl (62ba5ab)
• open-xchange: Fix FTS bulk delete in Dovecot EE (cd2a356)
• open-xchange: Set mail quota using functional.groupware.quota.default (67fe50e)
• opendesk-static-files: Serve missing .png favicons for Notes and the Nextcloud topbar logo (42b1105)
• ox-connector: Update OX Connector and OX Extension to v0.27.7 (57c96af)
• xwiki: Templating of imagePullSecrets (bbbcd68)

1.7.0 (2025-08-11)

Bug Fixes

• collabora: Connect to Collabora Controller websocket via service (5d01f60)
• collabora: Update from 25.04.2 to 25.04.3 (3507c62)
• helmfile: Adds default-enterprise-overrides to default values in helmfile-generic (672e649)
• nextcloud: Block filesystem-unsafe characters in file and folder names (0df6212)
• nextcloud: Include latest Helm chart version with supports configuration.sharing.restrictUserEnumerationToGroup (c3dfa2a)
• notes: Set Pod Disruption Budget (PDB) labels (e35dac0)
• nubus: Add livenessProbe for nubusUdmListener to mitigate cases where the listener becomes uninitialized and stops forwarding provisioning data to NATS. Temporary until upstream provides a probe (ef8d67f)
• open-xchange: Disable documents role (573e11f)
• open-xchange: Postfix to support submissions and external secrets (13ab665)
• open-xchange: Support application specific passwords in groupware when CalDAV/CardDAV support is enabled, see functional.groupware.davSupport.enabled for reference (90b2290)
• open-xchange: Use dedicated pod for migration (6fd52b1)
• opendesk-certificates: Update Helm chart to remove default host for webmail being set even if OX App Suite is not enabled (09a0aac)
• opendesk-services: Update opendesk-alerts from 1.1.1 to 1.1.2, update opendesk-dashboards from 1.1.1 to 1.1.2 (174d4fc)
• openproject: Update from 16.2.0 to 16.2.1 (bba9b71)
• ox-connector: Update OX Connector and OX Extension to v0.27.2; review migrations.md for required upgrade steps (9d51e40)

Features

• nextcloud: Enhance theming options for Nextcloud (bdc7331)
• notes: Switch to new Helm chart with support for self-signed deployments; review migrations.md for required upgrade steps (3106ca7)
• nubus: Allow configuration of limits for password reset requests via security.passwordResetLimits (09f54b4)
• nubus: Update from 1.11.2 to 1.12.0 (5537dbb)
• open-xchange: Update from 8.38 to 8.39 (489986e)
• open-xchange: Use internal endpoint for provisioning and support for optionally spinning up a dedicated internal Pod just for provisioning (see technial.oxAppSuite.provisioning.dedicatedCoreMwPod for details) (31b7ec7)
• openproject: Update from 16.1.1 to 16.2.0 (e273abb)

1.6.0 (2025-07-14)

Bug Fixes

• dovecot-pro: Use of requiredEnv instead of env and update README-EE.md (a79e40f)
• helmfile: Prefix NATS passwords as workaround for upstream issue and add documentation to gettings-started.md [#185, #202] (7f478bf)
• helmfile: Remove default setting from repositories.helm.registryOpencodeDeEnterprise for better support of PRIVATE_HELM_REGISTRY_URL (c5dd881)
• helmfile: Set nubusKeycloakBootstrap debug mode when openDesk is running in debug mode (4e0ffee)
• helmfile: Streamline license header comment style [#192] (20cbad3)
• nubus: Explicitly template nubusStackDataUms.stackDataContext.portalFqdn to fix custom hostname support [#193] (6aa6d3a)
• nubus: Replace openDesk portal fork with upstream portal-frontend image (e4f1afc)
• nubus: Update from 1.11.1 to 1.11.2 (237c9af)
• open-xchange: Add missing imagePullSecrets for core-imageconverter and core-documentconverter (9b7f439)
• open-xchange: Enable com.openexchange.smime.test only when openDesk is running with debug.enabled: true (51ff7a5)
• open-xchange: Enable searching by LDAP mailAlternativeAddress when resolving global contacts. Note: OX App Suite evaluates all mailAlternativeAddress values of a user when searching, but only the first address is returned, which might differ from the one that matched the search criteria. (9014324)
• open-xchange: Use objectstore.dovecot.secretKey when defined (5c33226)
• opendesk-services: Add missing certificates (acbabdb)
• openproject: Update from 16.1.0 to 16.1.1 (e30d4f1)

Features

• collabora: Update from 24.04.13 to 25.04.2 (c56f564)
• element: Update NeoBoard from 2.1.0 to 2.2.1, NeoChoice from 1.5.1. to 1.5.2, NeoDateFix from 1.7.0 to 1.7.1 widgets and NeoDateFixBot from 2.8.2 to 2.8.3 latest releases (98d31f8)
• helmfile: Add options in functional.yaml.gotmpl for setting the portal's corner links, toggling the welcome message and the newsfeed (1a6f438)
• nextcloud: Update from 30.0.10 to 31.0.6 and support for notify-push (a4c8be6)
• nubus: Update from 1.9.1 to 1.11.1; required minimum openDesk version for this upgrade is 1.5.0, see migrations.md for details (ccd5ab8)
• open-xchange: Store attachments for calendar, contact and task objects in object storage; review migrations.md for required upgrade steps (4eb6570)
• open-xchange: Updated OX App Suite from 8.37 to 8.38 (2b31751)

1.5.0 (2025-06-16)

Bug Fixes

• dovecot: Enable Dovecot ACL for CE (file) & EE (cassandra) (9354ee7)
• notes: Support templating of Ingress annotations bodyTimeout and bodySize to allow application defined upload limits to be reached (69faf77)
• nubus: Create required LDAP objects for global.additionalMailDomains (4dcb683)
• nubus: Explicitly template security context for Keycloak proxy (e959438)
• nubus: Update CSS for login screen to show login button for federated IdP (0d4e1b0)
• nubus: Use read-only root filesystem for Keycloak bootstrap (1edd7c3)
• open-xchange: Enabled mail login resolver (7547f49)
• open-xchange: Update App Suite 8.37 to latest patch level (8.37.69) (bc436b2)
• open-xchange: Update Dovecot CE chart to support ACLs (mailbox sharing) and usernames different from local part of mail address (87c30ab)
• open-xchange: Use login name instead of email between OX and Dovecot (8e9ef08)
• openproject: Update from 16.0.0 to 16.0.1 (b60f9c7)

Features

• ci: Update Helm to 3.18.1 and Helmfile to 1.1.1 (59a4086)
• notes: Update from 2.4.0 to 3.2.1 (9f4e3c8)
• open-xchange: Support for mailAlternativAddress(es) for sending and receiving emails (6d6b1a6)
• openproject: Update from 15.5.1 to 16.0.0 including Helm chart update (add7266)

1.4.1 (2025-06-02)

Bug Fixes

• nextcloud: Update NC CE to 30.0.10 (785be8b)
• nextcloud: Update Nextcloud incl. apps to 30.0.10 (559fbf6)
• nubus: Use .Values.theme.texts.productName for Keycloak's loginTitle instead of static product name string (d1a1e5d)
• open-xchange: Re-adding com.openexchange.oauth.provider.* to fix central contacts feature (561e44f)
• open-xchange: Set com.openexchange.hostname to get working links in outgoing system mails (e.g. task assignments) (0d61687)
• postfix: Require TLSv1.3 (3b3d8ac)
• requirements.md: Helm 3.18.x is not supported due to upstream bug (1ea9cae)

1.4.0 (2025-05-20)

Bug Fixes

• docs: Update requirements, bump helmfile to v1.0.0 (88b29c5)
• dovecot: Encode object storage password and add more template values (c40de73)
• nubus: [#182] Add KC_TRUSTSTORE_PATHS to Keycloak when using self-signed certificates (006aed7)
• nubus: [#183] Do not override nubusPortalConsumer.waitForDependency.image when using self-signed certificates (b45a0bf)
• nubus: Update ArgoCD hook annotations (f2b1384)
• open-xchange: Update Open-Xchange to v8.36 (b40b863)
• open-xchange: Update Open-Xchange to v8.37 (174c73c)
• openproject: Update to 15.5.1 (e91efa8)
• openxchange: Add proper dav URLs in client onboarding and disable unnecessary oauth section (bba2af0)
• openxchange: Disable redundant o-x-authentication-oauth package (1d2b17b)
• openxchange: Enable DAV support (709e50f)

Features

• collabora: Update enterprise image to 24.04.13.4.1 (b590810)
• helmfile: Define global.additionalMailDomains as list; if you use the setting already, check migrations.md for details (4b30576)
• helmfile: Option to select default file format for weboffice using; see functional.weboffice.defaultFormat in functional.yaml.gotmpl for details (5f58a85)
• nubus: Update nubus to v1.9.1 (3d694a8)

1.3.2 (2025-05-06)

Bug Fixes

• dovecot: Update Helm chart to fix migration mode (7ba84b9)
• helmfile: Explicitly template auth-modules in OX App Suite; Streamline name of OX App Suite EE image (6cbb6b6)

1.3.1 (2025-04-24)

Bug Fixes

• ci: Update Helm to v3.17.3 (9446faa)
• ci: Update Helm to v3.17.3 (d794a20)
• docs: Update "Ingress controller" section and add footnote on volume provisioner in requirements.md (17efbd7)
• helmfile: Conditional templating of additional annotations in selected components to unblock openDesk deployment despite a bug in Helm 3.17 (https://github.com/helm/helm/issues/30587) (861b84b)
• postfix: Disable unauthenticated relaying of mails in postfix-ox (7414f05)

1.3.0 (2025-04-22)

Bug Fixes

• helmfile: Fix Kyverno lint issues for EE components (46b3834)
• helmfile: Remove no longer used secrets.nubus.defaultAccounts.* (6e6d155)
• helmfile: Support for Keycloak session settings via functional.authentication.realmSettings.* (3fcfa00)
• migrations: Optional delete of ums-minio-rewrites Ingress, as it is non-existing in deployments with external object storage (6932953)
• ox-connector: Update to v0.19.0 (fe664a7)
• xwiki: Update Helm chart to v1.4.4 to fix the problem with XWiki not starting when secrets contained specific (XML interpreted) characters (67a1df0)

Features

• collabora: Update to 24.04.13 (8f12208)
• helmfile: Add template support for annotations (9cde57d)
• helmfile: Support for SSO federation; see ssoFederation section in functional.yaml.gotmpl for details (79975a5)
• nubus: Show openDesk version to all users (instead of admin users only) (393ee31)
• nubus: Update to 1.8.0 (90c49f6)
• openproject: Update to 15.5.0 (7f1cfc5)

1.2.1 (2025-03-28)

Bug Fixes

• dovecot: Support external secrets (f758685)
• element: Update Synapse to 1.127.1; Fixes https://www.cve.org/CVERecord?id=CVE-2025-30355 which applies to Synapse installations with unrestricted (no allow list) federation enabled (5cd12b9)
• openproject: Update to 15.4.2 (aa8e30b)

1.2.0 (2025-03-25)

Bug Fixes

• collabora: Set proper theming for Collabora Online (openDesk EE) (896b3c1)
• collabora: Update to 24.04.12 (4296db7)
• dev-tooling: Fix path names when refencing local Helm chart copies in helmfile-child.yaml.gotmpl files (60f5e36)
• docs: Add functional.md and reference it in getting-started.md (0efc0af)
• docs: Add testing.md (c4e4258)
• dovecot: Update EE Helm chart to resolve issue with mandatory set PriorityClass (696f2da)
• element: Run UVS container as a non-root user (f262507)
• element: Update NeoChoice and NeoBoard widget to latest releases (7456543)
• helmfile: Add missing deletePodsOnSuccessTimeout statements (87144b8)
• helmfile: Support for functional.externalServices.matrix.federation.domainAllowList (817af98)
• intercom: Allow transient session cookies and rolling session duration configuration (4d59d12)
• intercom: Update to Intercom Service v2.10.3 (7b05213)
• jitsi: Update chart to v3.1.0 incl. a fix in room history toggle (1480253)
• migrations: Explicit scoping of role required for access to the migration's ConfigMap (02488fe)
• nextcloud: Disable integration with OX App Suite if groupware it is not available (fdfe76c)
• nextcloud: Update apps and support branding of the HTML title (bc55f6a)
• nextcloud: Update images for improved log output (f1147f0)
• nextcloud: Update images to allow logging in environments where inotify cannot be used (0110675)
• nextcloud: Update to 30.0.6 including latest apps (52b0b13)
• nubus: Add imagePullSecrets to nginx-s3-gateway (466b70a)
• nubus: Add migrations for Nubus 1.7.0; See migrations.md for details (7d7e9e6)
• nubus: Always use S3 gateway for assets (1e62a0d)
• nubus: Change logo URLs for apps referencing the openDesk logo provided by Nubus (5d398f5)
• nubus: Cleanup of unnecessary LDAP groups; customization option to show the OX App Suite context selection in the IAM's admin UI (4c42ed7)
• nubus: Delete now legacy Ingress ums-minio-rewrites (1c50aa5)
• nubus: Fix mixed up links for legal and privacy statement (dbcc785)
• nubus: Indent nubusPortalConsumer.persistence.groupMembershipCache causing persistence.storages.nubusPortalConsumer.* to be ignored; See migrations.md for details (baa5b14)
• nubus: Register OX provisioning consumer only when OX is enabled; See migrations.md for details (adb3fa1)
• nubus: Remove unnecessary inactive portal tiles and folders (1724fa1)
• nubus: Update openDesk customizing: Preset openDesk specific attributes on Administrator account; Remove unused portal categories (6edfe72)
• opendesk-services: Add notes to certificate resource (d18abb0)
• openproject: Update opendesk-openproject-bootstrap to support external secrets (41e0aae)
• openproject: Update to 15.3.0 including update for seeding relevant environment variables (a6de1fe)
• openproject: Update to 15.3.1 (f34a4a3)
• openproject: Update to 15.3.2 (6723a34)
• openproject: Update to 15.4.0 (2a0f2a3)
• openproject: Update to 15.4.1 (747cae5)
• openxchange: Template HTML title from .Values.theme.texts.productName (2e992fc)
• openxchange: Update to latest 8.35 patch level (44c2081)
• ox-connector: Update to v0.14.7 (dd3b35b)
• postfix: Add internal authentication (2389d59)
• postfix: Add recipient delimiter support (f92b76b)
• requirements.md: Set Ingress NGINX 1.11.5 as requirement (2bf8e1d)
• synapse: Use synapse-guest-module by Element (supplier) (2730b03)

Features

• helmfile: Use PostgreSQL as default database for Nextcloud and XWiki; follow migrations.md when upgrading an existing environment (2f584bd)
• nextcloud: Support external secrets for metrics token (dbec2ec)
• notes: Update to v2.4.0 (3d35440)
• nubus: Support of external secrets in opendesk-keycloak-bootstrap (3d2f751)
• nubus: Update to v1.7.0 (d018385)
• openxchange: Update to OX App Suite 8.35 (037537b)
• xwiki: Update to 16.10.5 (bfd27f3)

1.1.2 (2025-02-19)

Bug Fixes

• dovecot: Add Dovecot Pro [EE] (6e343c7)
• element: Add Element EE components (61d94a8)
• helmfile: Add missing customizing option for Matrix widgets (9c79c44)
• helmfile: Add SSL option for Keycloak Extensions Proxy's PostgreSQL connection (91d0f98)
• helmfile: Fine-grained service types (de8b560)
• helmfile: Integrate oD EE (03ec704)
• helmfile: Introduce apps as top level in opendesk_main.yaml.gotmpl; Please check migrations.md for upgrades of existing installations (2fcf014)
• helmfile: Make openDesk IAM attributes optional with enabled as default (b32996d)
• helmfile: Provide toggle in functional.yaml.gotmpl for "new device notification" mails (284c9fe)
• helmfile: Remove reference to no longer required elementWeb chart (cd9c54b)
• helmfile: Set default for domain to opendesk.internal to avoid enforcing DOMAIN environment variable for deployments using YAML overrides (930ae9d)
• helmfile: Update/streamline theming (8eeaa23)
• jitsi: Support for phone dial-in into Jitsi conferences (1323ef1)
• nextcloud: Update groupfolders app to fix group selection in admin mode (ab49bf9)
• nextcloud: Update Nextcloud to 29.0.11 and support for Cron-Job specific resource definitions (09f4829)
• nubus: Disable unused notification feature (955f17e)
• nubus: Fix Keycloak dialogue background length on small screens (4662709)
• nubus: Only configure apps that are deployed to show up in IAM admin UI and Keycloak (1f051e7)
• nubus: Re-implement toggle for UDM-REST-API based on functional.externalServices.nubus.udmRestApi.enabled (777e7d2)
• nubus: Remove doublet resources key in udm-listener StatefulSet (10e0b0a)
• nubus: Support for custom UDM commands (aff8edb)
• nubus: Update Keycloak Extensions Proxy (601e649)
• open-xchange: Parameters to split read and write queries to MariaDB (370247b)
• open-xchange: Update OX App Suite to 8.33 (581c8ae)
• openproject: Update OpenProject to 15.2.1 (83c311b)
• oxconnector: Update to strict securityContext from upstream defaults (32df165)

1.1.1 (2025-01-27)

Bug Fixes

• docs: Add permissions.md (04ab28c)
• element: MatrixID for Element "Welcome User" to support deployments where matrix domain differs from homeserver FQDN (ccb51a0)
• element: Update Element to 1.11.90 (335806a)
• element: Update Helm chart to v6.0.2 for a fix when using non generated secrets in opendesk-synapse (d5e73fe)
• element: Update Synapse to 1.121.1 (33ff922)
• helmfile: Move the access restriction configuration for Keycloak client scopes into helmfile templating, instead of hardcoded Helm chart values (3662b5c)
• helmfile: Remove duplicate entries from secrets.yaml.gotmpl (a13cf63)
• helmfile: Support component specific storageClassNames. Note: Please check the migration.md if you upgrade a deployment that has set custom PVC sizes using persistence.size settings. (bacf51e)
• helmfile: Support PostgreSQL as alternative database backend for Nextcloud and XWiki. Note: PostgreSQL is likely to become the preferred option/default in the future and MariaDB might be deprecated at a later point. (a0f52ee)
• helmfile: Update opendesk-alerts and opendesk-dashboards to get predictable sort order, improving GitOps deployments (0c91117)
• helmfile: Update upstream images for k8s/kubectl to v1.32.0 (b71c2e5)
• intercom: Remove legacy OIDC claims (6796f32)
• nextcloud: Update image and Helm chart to support app toggles during deployment (1cdfcf2)
• nextcloud: Update to Nextcloud 29.0.10 (d096fb1)
• nubus: Fix pullPolicy setting for ldapServer.leaderElector to satisfy Kyverno linter (6f2f7cd)
• nubus: Merge yaml files for better maintainability (6c67eca)
• nubus: Pre-create groups in Keycloak to avoid race condition on group sync when initial users login parallel (5496317)
• nubus: Remove extra settings from ldapServer needed for openDesk 1.0.0 LDAP migration (fab862e)
• nubus: Remove b64 encoded files from CSS, instead use opendesk-static-files (2926e2c)
• nubus: Template secrets.nubus.masterpassword. Note: Please check migrations.md for details. (5aae75a)
• nubus: Update customizations for group cleanup (0b230fa)
• open-xchange: Add missing registryOpencodeDe to OX-Connector's waitForDependency image (a16d907)
• openproject: Update to 15.1.1 (b4b714f)
• openproject: Update to 15.2.0 (9d8e9c3)
• static-files: Update Helm chart to use more generic assets over theme.imagery.assets (63562c1)
• static-files: Update Helm chart to v4.0.1 to support longer domain names (b0e665b)
• xwiki: Update Helm chart to v1.4.1 to fix support for custom ingressClassName values. Ref #144 (033cb55)

1.1.0 (2024-12-24)

Bug Fixes

• cassandra: Prepare cassandra for openDesk Enterprise. (508e286)
• cassandra: Remove values in charts.yaml for enterprise components. (c0cbb76)
• ci: Explicitly set RELEASE_BRANCH (to main) for scan and release steps (e5ad0bb)
• ci: Reduce Kyverno linting issues (e4d9106)
• collabora: Add/update Helmfile for Collabora Controller to be used in EE deployments (a63d7cb)
• collabora: Update to 24.04.9.2. (407f2be)
• docs: Add architecture.md and apis.md (7710858)
• docs: Add GitOps / Argo CD documentation (bbe7550)
• docs: Update and streamline README.md and migrations.md. (a86c0af)
• element: Add extensive database options (9e102e2)
• element: Prepare element for openDesk Enterprise. (00a1a93)
• element: Rename release opendesk-element to opendesk-element-web (1213ecc)
• element: Switch element-web base image to Alpine (47ce294)
• element: Toggle IPv4-only mode depending on cluster.networking.ipFamilies (627b9c1)
• element: Update Matrix Meetings Bot to 2.8.2 (4403dfe)
• element: Update Synapse to 1.120.2 and Element to 1.11.87 update also related containers (9d7644d)
• helmfile: Add opendesk-static-files to opendesk-services to serve favicons (6438284)
• helmfile: Add Redis username and tls option (564fb2d)
• helmfile: Allow usage of pre-defined CA certificates. (0738fa0)
• helmfile: Auto-redirect user to login dialogue, please read migrations.md for more details (a9c8dfe)
• helmfile: Remove default.user and default.admin for new deployments. (54f9e4c)
• helmfile: Remove theme subtree from the migration's .Values secret to avoid a bloated secret hitting limits in certain clusters setups and GitOps tools. (b6725dd)
• helmfile: Splitting the directory ./helmfile/apps/services into -external and opendesk- services, please read migrations.md for more details (277a1f5)
• helmfile: Streamline commonLabels.deployStage. (f969425)
• helmfile: Streamline requests.cpu in resources.yaml (43f427e)
• helmfile: Streamline file extensions in /helmfile/environments/default to (0e3b661)
• helmfile: Unify templating name for Open-Xchange to openxchange and for OX App Suite to oxAppSuite. (6ff1fcd)
• helmfile: Use dictionaries for defining customization.yaml, please read migrations.md for more details (86ef0be)
• jitsi: Update Jitsi Helm chart and images. (5c691e4)
• jitsi: Update to 2.0.9823 and chart to 2.1.1 (56ce335)
• jitsi: Update to switch the colors of Hang up and End meeting for all buttons. (9dbb2b7)
• migrations: Cleanup of jobs (539a302)
• migrations: Update to support Nubus 1.5.1 (7f60ab3)
• nextcloud: Add Redis TLS option (1402593)
• nextcloud: Fix templating for nextcloud database name (7f1f6cd)
• nextcloud: Fix templating for nextcloud database user (c8c12a2)
• nextcloud: Support IPv4 only clusters (b25ada1)
• nextcloud: Trusted Proxy setting. (bc0ca8b)
• nextcloud: Update Chart to 3.6.1 and Image to 2.3.3 (including rollback to 29.0.8). Introducing setting for functional.filestore.sharing.external.sendPasswordMail (18fcaa0)
• nextcloud: Update to 29.0.9 incl. latest apps. (c63cca7)
• notes: Add favicon.ico via opendesk-static-files (669995b)
• notes: Add https to all endpoints (174951c)
• nubus: Add nginx s3 proxy when minio disabled (b3b6ab5)
• nubus: Enable Keycloak debug mode logging; add Keycloak specific section to debugging.md (3b3679b)
• nubus: Fix selfsigned certificate mounts (b90bff3)
• nubus: Leader election on re-deployments (b965677)
• nubus: Start ums keycloak bootstrap already during Sync phase (16dfd25)
• nubus: Update external portal links and login screen background. (901b1f5)
• nubus: Update to 1.4.0 (2a94f2d)
• nubus: Update to v1.5.1 (4c7422a)
• nubus: Use favicon with transparent background for portal (1b13c3e)
• open-xchange: Extend Dovecot LDAP filter to also match OX-Resources (31ea6e0)
• open-xchange: Fix truststore decrypt error on self-signed deployments (8611d95)
• open-xchange: Update AppSuite to 8.30, update Helm chart to 2.12.85 (0c88699)
• opendesk-services: Update minio to 2024.12.13 (4cda827)
• opendesk-services: Update otterize Network Policies (4602396)
• openproject: Bump Helm chart to 9.2 (718eb45)
• openproject: Bump version to 15.0.2 (c06e0bb)
• openproject: Update 15.1.0 image (6d329e1)
• openproject: Update branding and Helm chart to 9.0.1 (d3b1916)
• openproject: Update to 14.6.3 incl. latest Helm chart (8.3.2). (4c82adf)
• postfix: Added service type definition analogous to dovecot (31ec100)
• services: Add template for certificate issuerRef.kind (df144fe)
• services: Update MariaDB chart to v3.0.3 in preparation for the use of external secrets. (08feab1)
• services: Update Redis to 7.4.1 as required by OX Appsuite, please read migrations.md for more details (5e0b2e2)
• xwiki: Fix templating for xwiki database port (de15071)
• xwiki: Set superadmin password account only when debug is enabled (e2b3bd5)

Features

• helmfile: Add grafana dashboards (1441c57)
• helmfile: Add openDesk specific alerts (f630a36)
• helmfile: Add template support for antivirus icap/milter (83da87e)
• helmfile: Allow custom/self-signed ca-certificates (c71faf5)
• jitsi: Enable Jitsi room history by default. (45add79)
• Newsfeed in Portal based on XWiki blog feature (3ad285a)
• notes: Integrate Preview of Notes app (96f1819)

1.0.0 (2024-10-14)

Bug Fixes

• ci: Add TESTS_GRACE_PERIOD variable for run-tests job. (1023f3d)
• ci: Re-enable e2e test trigger. (603b102)
• ci: Remove K8s secret creation for EXTERNAL_REGISTRY_USERNAME / EXTERNAL_REGISTRY_PASSWORD. (cbe6b1a)
• ci: Trigger e2e tests for multiple languages. (9d7d89f)
• collabora: Add ipFamilies cluster.networking option (add2ab1)
• collabora: Reduce Collabora's securityContext capabilities. (a7ea701)
• collabora: Set Nextcloud URL for custom font support. (370c7cd)
• collabora: Update to 24.04.6.1.1. (97f7a1c)
• collabora: Update to 24.04.6.2.1. (3d44193)
• collabora: Update to 24.04.7.1.2. (11ebb80)
• collabora: Update to 24.04.7.2. (5f72da4)
• docs: Update replicas.yaml and docs/scaling.md. (45715a2)
• docs: Various updates. (8aa1a7f)
• element: Feature toggle for user controlled updates of their Element display name; new default for generating MatrixID, check docs/migrations.md for details. (efc41cb)
• element: Set Synapse rate limit. (4ff720d)
• element: Update 'capabilities_approved' for NeoBoard Widget (ade8535)
• element: Update NeoBoard to 1.20.0 and synapse-guest-module to 2.0.0. (11b0d44)
• element: Update NeoDateFix translations. (71f21dc)
• element: Update Synapse to v0.1150. (12680e5)
• element: Use Element upstream without widgets. (bdc6ad2)
• helmfile: Add cluster.networking.proxies. Deployments need to set this if their load balancer or reverse proxy IPs are not part of the cluster.networking.cidr. (a395759)
• helmfile: Add sample.yaml.gotmpl to dev and prod env directories. (dd80abe)
• helmfile: Add new settings to functional.yaml for fileshare expiry dates. (6b88f73)
• helmfile: Check imagePullSecrets templates for all resources (13e0bb8)
• helmfile: Move Intercom-Service to Nubus component. (ef1dad7)
• helmfile: Move OX-Connector to Open-Xchange component. (751f578)
• helmfile: Remove NET_RAW capabilities (e512486)
• helmfile: Remove some YAML linter warnings. (d641359)
• helmfile: Remove toggle functional.email.systemGenerated.useComponentInSenderdomain. Mails will no longer use a component subdomain in their sender address. (b60fe39)
• helmfile: Switch fom dep5 to REUSE.toml. (592f031)
• helmfile: Update portal and branding. (6ba6923)
• helmfile: Update replicas.yaml. (8ef69ec)
• helmfile: Update to support Helmfile 1.0.0-rc5. (f4b9395)
• intercom-service: Customizable user mapper. (a7e5f64)
• jitsi: Improve handling of non authorized users. (8bca56d)
• jitsi: Update chart for improved openDesk look & feel. (f297d8c)
• jitsi: Update Helm chart and Keycloak Adapter image. (3ad81e6)
• jitsi: Update images to 9646-stable. (49ad36e)
• jitsi: Updated branding and new option functional.dataProtection.jitsiRoomHistory.enabled defaulting to [secure]. (67d52c7)
• nextcloud: Add support for secret keys for administrator and ldap credentials (7aee88e)
• nextcloud: Bump image to incorporate latest PHP fixes. (c9ae039)
• nextcloud: Remove /index.php. (3baf37c)
• nextcloud: Update to 29.0.5 and support for new functional settings regarding sharing of files. See the options related to functional.filestore.sharing in functional.yaml and also migrations.md regarding their defaults that differ from the previous standard behaviour of openDesk. (ac148d0)
• nextcloud: Update to 29.0.6 including latest app updates. (9950b73)
• nubus: Add interim ingress configuration fixing UMC in German (6a60c6d)
• nubus: Only use one LDAP Primary and make replica count of Secondary and Proxy others configurable (31753ff)
• nubus: Reduce lint failures, especially take care of pullSecrets (e923468)
• nubus: Remove duplicated "nubusPortalFrontend" (8cd2f3a)
• nubus: Remove superfluous variables (a7d3d25)
• nubus: Update "openDesk Standard" OX profile. (fdb37c3)
• nubus: Update customization for improved UX. (b9db81f)
• nubus: Update LDAP openDesk schemas and add related openDesk config options to user. (e3238f9)
• nubus: Update LDAP to openLDAP 2.5. (c63e725)
• nubus: Update opendesk-nubus to set default OXContext and improved OXProfile, update migrations to (optionally) ldap-patch OXContext for Administrator/default.admin as well as patch the OXProfile to 1.0 default state. (e619db6)
• nubus: Update to 0.63.2 (28dd762)
• nubus: Update to 0.64.2. (fc7099a)
• nubus: Update to Nubus 0.62.2. (8229949)
• nubus: Update to version 0.57.3. (11f750e)
• open-xchange: DisplayName settings for OX-Connector. (b7faa24)
• open-xchange: Update cluster internal Nextcloud URL. (b1946d0)
• open-xchange: Update Migrations for OX-Connector. (6325b69)
• open-xchange: Update OpenXchange Appsuite Bootstrap to v2.1.0 (fb8f7cd)
• open-xchange: Update OX AppSuite to 8.26 and improve configuration including server-side Element integration. (61d7496)
• openproject: Bump OpenProject to 14.5.1. (deacbc9)
• openproject: Remove OPENPROJECT_PER__PAGE__OPTIONS to enable functional administration of the setting. (df9380b)
• openproject: Update Helm chart to v8.0.0 and explicitly template resources. (91e34aa)
• openproject: Update to 14.6.0. (560aa30)
• openproject: Update to 14.6.1. (cc4b359)
• openproject: Updated bootstrap image does not fail on rerun. (7d0d6ea)
• services: Bump Postfix Helm chart to 2.2.0. (f194f24)
• services: Support application based connection limits and password updates for PostgreSQL and MariaDB. (c03566d)
• xwiki: Disable check for local Office component. (a91f181)
• xwiki: Enable IAM controlled functional admin role. (fa8572f)
• xwiki: Update to 16.4.4 - updated. (6347966)
• xwiki: Update to 16.4.4. (d693ff9)

Features

• element: Add feature flag functional.dataProtection.matrixPresence.enabled that defaults to [secure] to avoid that openDesk provides presence information on users unintended. We include the hardcoded configuration in openDesk Synapse that users cannot change their displayname. (4b99357)
• helmfile: Add customization.yaml to define custom files for helmfile releases (180ccdd)
• helmfile: Add fine-granular registry overwrites (7348547)
• helmfile: Add support for argocd git-ops deployment (9f081d8)
• helmfile: Change default subdomain names. Attention, consult docs/migrations.md for upgrade deployments. (3d84e80)
• helmfile: Full ArgoCD support (7bf8e69)
• helmfile: Support feature toggle email.systemGenerated.useComponentInSenderdomain. (a46a632)
• nextcloud: Use nextcloud image with bundled nginx (81f5969)
• nubus: Update IAM components. (ce03400)
• nubus: Update to Nubus 0.39.2 chart (7345563)
• open-xchange: Support for email migration feature toggle enabling masterpassword authentication in Dovecot and AppSuite. Requires openDesk Enterprise. (356d8df)
• services: [bmi/opendesk/deployment/opendesk#66] Add dkimpy-milter to sign outgoing emails with DKIM and use local postfix as mail relay in all components. (fbe4909)

BREAKING CHANGES

• helmfile: Upgrading from previous releases requires manual steps, read ./docs/migrations.md carefully.

0.9.0 (2024-07-24)

Bug Fixes

• collabora: Update to 24.04.5.1.1. (8a2d951)
• collabora: Update to 24.04.5.1.2. (74d444e)
• docs: Update workflow.md. (fd3df7d)
• docu: Update documentation on integration uses cases (#95). (382af1d)
• helmfile: Add S3 bucket for migrations. (972020f)
• helmfile: Streamline prefixes for customizable defaults. UPGRADES: See ./docs/migrations.md for more details. (26a7641)
• jitsi: Raise memory limit for jicofo and jvb as required by upstream product. (fe923bb)
• keycloak: Support for custom OIDC Clients and ClientScopes. (46412d1)
• nextcloud: Support templating of default quota and *_retention_obligation settings (#93). (23ef1d5)
• nextcloud: Update to 28.0.7 including latest apps for 28. (671f57a)
• nextcloud: Update to 28.0.7 including the apps, fix admin panel warnings (#94). Updated cluster.networking.cidr potentially requires manual migration, see docs/migrations.md for details. (63f8394)
• openproject: Bump to 14.3.0 and update Helm chart to 7.0.0. (6b609ed)
• openproject: Support for adding token to enable OpenProject Premium. (dfaf4be)
• xwiki: Add email address mapping to LDAP sync; Fix hostname null value in notification links. (1067e72)
• xwiki: Remove .rtf and .odt export options as they are currently non functional. (b806d51)
• xwiki: Update to 16.4. (db7f5d6)
• xwiki: Update to 16.4.1. (e54aaab)

Features

• authentication: Avoid that users can open a app they do not have the appropriate LDAP group set for. Implementation is based on role based client scopes. Introducing also an openDesk migration approach with a pre and post deployment stage. (b4570a9)

0.8.1 (2024-07-01)

Bug Fixes

• collabora: Bump image to 24.04.4.1.1. (368fe13)
• collabora: Bump image to 24.04.4.2.1. (01767d3)
• docs: Add Ports section to getting started. (c07b25c)
• docs: Correction regarding the currently supported ingress controller. (8514908)
• docs: Update regarding the currently supported ingress controller. (064a5ad)
• element: Provide the internal cluster domain to synapse-web. (a8692d5)
• helmfile: Add script to ease local development of platform charts. (d8f3e05)
• helmfile: Enable SMTP for XWiki and Element/Synapse; Streamline mail sender addresses within platform based on <localpart>@<component>.<domain> and allow configuration of <localpart>. (01c5e6b)
• helmfile: Include all .yaml.gotmpl files for the envs in environments.yaml. (e523434)
• helmfile: Streamline functional.yaml. Upgrade notice: If you set a non default value for .Values.portal.enableDeploymentInformation please change it to .Values.admin.portal.deploymentInformation.enabled with this version. (e89b16a)
• jitsi: Update PatchJVB bitnami/kubectl image to 1.30.2. (6ef3641)
• nubus: Enable Keycloak's user account console. (c03e4a5)
• nubus: Remove doublette ingress annotations. (890b36e)
• open-xchange: Fixing YAML indentation of updater resources (0ce346b)
• openproject: Bump image to 14.2.0. (1ad35f1)
• openproject: Switch DBInit container image to Alpine based version to reduce footprint. (c90f7c1)
• openproject: Update PostgreSQL image for DB init to 16.3. (45e5699)
• services: Allow Postfix "relayHost" to be empty. (7268f60)

0.8.0 (2024-06-10)

Bug Fixes

• ci: Allow CI to be triggered by API authorized personal access token. (b95fd11)
• collabora: Semi-disable update checker. (d7a127f)
• collabora: Update to 24.04.3.1.1. (5869316)
• docs: Spell check and streamline. (4d99bf3)
• element: Bump container images (widgets, community artifacts). (f856205)
• element: Bump to v1.11.67. (a4ff89b)
• element: Update Synapse. (9fa8ace)
• helmfile: Remove unused ox-provisioning hostname. (e31a0a2)
• jitsi: Update jitsi-keycloak-adapter image to Docker tag v20240314. (6202bc4)
• nubus: Change to new Univention upstream registry. (d7fbc57)
• nubus: Disable UDM REST API routing by default and always disable UMC local login. (e1e8a7f)
• nubus: Guardian version bump and refactoring. (2f88752)
• nubus: Re-add selfservice-listener image configuration. (af711b0)
• open-xchange: Set Nubus LDAP attribute to render manager_name in address book. See https://forge.univention.org/bugzilla/show_bug.cgi?id=53741 for reference. (4f92001)
• openproject: Bump library/postgres image to v16. (742c293)
• openproject: Bump to 14.1.0, set default timezone on deployment to Europe/Berlin and raise default memory limit to 2Gi. (6e49721)
• openproject: Update Helm chart to v5.1.4. (75cd077)
• openproject: Update to 14.1.1 and bump PostgreSQL 13 image for InitDB. (bd2d7cf)
• services: Update opendesk-home to v1.0.2 to fix issue with Element .well-known ingress collision. (b0eb28b)
• univention-management-stack: Add functional switch to disable deployment information. (a31c5f5)

Features

• element: Enable Matrix federation via https. (ecb566f)
• helmfile: Add support for Ingress parameter configuration (proxy-body-size, proxy-read-timeout, proxy-send-timeout). (dc39b94)
• helmfile: Create child helmfile for GitOps approach. (a899699)
• nubus: Cleanup Keycloak values. (f3d8cf0)

0.7.1 (2024-05-21)

Bug Fixes

• ci: Add Renovate dependency update automation. (650c41c)
• cryptpad: Update Helm chart v0.0.19 and include CryptPad app in Helmfile deployment. (931ed95)
• docu: Add IdP federation documentation. (7167055)
• docu: Rename SYNAPSE_DOMAIN to MATRIX_DOMAIN. If you use SYNAPSE_DOMAIN in your deployment, ensure you set the MATRIX_DOMAIN accordingly before upgrading. (96baa6c)
• element: Provide certificate for alternative Synapse domain. (88ac239)
• helmfile: Use Open CoDE as default registry for Univention helm chart (#71). (4e56ce4)
• jitsi: Bump images to stable-9457-2. (1d47fa6)
• jitsi: Raise Jibri memory limits to fullfil Jibri's 2Gi /dev/shm requirement and update Helm chart; To update an existing installation you need to manually delete the jitsi-prosody stateful set before the update e.g. kubectl -n <your_namespace> delete --cascade=orphan statefulsets jitsi-prosody. Ensure you use the --cascade=orphan part, otherwise you have to remove and reinstall the complete deployment. (6570c13)
• nextcloud: Bump to 28.0.5 incl. latest app versions. (04d9372)
• nubus: Bump Keycloak to 24.0.3. (923533d)
• nubus: Enable 2FA for group "Domain Admins" by default. (1179669)
• nubus: Update keycloak-bootstap and keycloak-extensions. (1c6666f)
• open-xchange: Support change of username. (b2cfa8b)
• openproject: Bump version to 14.0.1, update Helm chart to 4.5.0. (e085211)

0.7.0 (2024-05-06)

Bug Fixes

• ci: Add debug option. Has to be supported by stage specific configuration containing: debug.enabled: {{ env "DEBUG_ENABLED" | default false }} (3dc6484)
• element: Provide the internal cluster domain to synapse web (b9ac5ec)
• univention-management-stack: Add the image configuration for NATS (e9ec2f3)
• univention-management-stack: Fix #55, #35 by updating chart "ums" to 0.11.2 and image "portal-listener" to 0.20.6; To update an existing installation you need to manually delete the ums-portal-listener stateful set before the update: kubectl -n <your_namespace> delete statefulsets ums-portal-listener (2ad0270)
• univention-management-stack: Migrate UDM-REST-API image to new Univention registry (9be3b78)
• univention-management-stack: Objectstore credentials (d1bd43f)
• univention-management-stack: Update Helm chart to 0.12.0 including required changes to openDesk Helmfile deployment. (fefd2f6)
• univention-management-stack: Use the NATS related image configuration (cd22570)

Features

• element: Add support for Matrix federation (36139b4)
• helmfile: Introduce additional variables for mailDomain and synapseDomain (e6fe2a7)
• services: Add opendesk-home service, which redirects on domain to portal (c7e2172)

0.6.0 (2024-04-11)

Bug Fixes

• helmfile: Improve support for external Objectstore, and fix issue with DoveCot storageClassName (1b748b6), closes #57 #60 #56
• nextcloud: Bump to 28.0.4 (cb33a92)
• univention-management-stack: add Guardian provisioning job image (79c52d0)
• univention-management-stack: Update UMC to 0.11.8 (5e3f4fa)
• univention-management-stack: Use umbrella helm chart (10ecb44)
• xwiki: Bump to 15.10.8 and enable OIDC backchannel logout (c395d35)

Features

• open-xchange: Bump to 8.23 and remove Istio prerequisite (3be3564)

0.5.81 (2024-03-28)

Bug Fixes

• docs: Various updates (50e2638)
• element: Update Element Web to v1.11.59 with widget sync fix and NeoBoard v1.14.0 (0fd4a26)
• helmfile: Fix OpenAPI validations for Kubernetes v1.28 (0aa4cfb)
• nextcloud: Bump to 28.0.3 (34d2c05)
• nextcloud: Rename default shared folder to __Shared_with_me__ (5f9d015)
• open-xchange: Bump to 8.22 (5ebf291)
• openproject: Bump OpenProject to 13.4.0 (d565c05)
• openproject: Bump version to 13.4.1 (7cc3964)
• services: Update Otterize Policies (42f63e3)
• univention-management-stack: Add missing authenticator secret mount to portal-server (5a39e87)
• univention-management-stack: Update LDAP server for BSI base security compliance (8e889db)
• univention-management-stack: Update ldap-notifier and ldap-server (a41ddd5)
• univention-management-stack: Update provisioning charts, images and helm value to add authentication (8c97bcf)

0.5.80 (2024-03-11)

Bug Fixes

• ci: Remove creation of release artefacts, use the images.yaml and charts.yaml in ./helmfile/environments/default for information about the artefacts instead. (ee99eef)
• collabora: Bump image to 23.05.9.4.1 (9c32058)
• docs: Add development.md and refactor images.yaml and charts.yaml (a2b333b)
• helmfile: YAML handling of seLinuxOptions and align overall toYaml syntax (011ad2c)
• nextcloud: Update images digests (bc18724)
• openproject: Bump to 13.3.1 (7ee9e47)

0.5.79 (2024-02-29)

Bug Fixes

• collabora: Bump image to 23.05.9.2.1 (f4b8226)
• collabora: Fix aliasgroups configuration whitelisting the Nextcloud host (8b065fd)
• docs: Update version numbers of functional components for release in README.md (31e5cf3)
• element: Provide end-to-end encryption as user controlled option (3d31127)
• helmfile: Enhance objectore environment variables to allow external Object Store (d444226)
• helmfile: Set debuglevel to WARN instead of INFO when debug is not enabled. (2efceef)
• nextcloud: Bump images to enable password_policy and fix email with groupware (8807b24)
• univention-management-stack: Bump Keycloak Extensions chart and configure the /univention/meta.json to be retrieved from ums-stack-gateway to avoid the inline 404 during Keycloak login. (2023d5b)
• univention-management-stack: Provisioning version bump (410a023)
• univention-management-stack: Template more Keycloak Extension values incl. logLevel (7ec123b)

0.5.78 (2024-02-23)

Bug Fixes

• ci: Move main development repo OpenCoDE (43718b8)
• ci: Run release pipeline only on pushes to main (13dcb00)
• ci: Update kyverno rules (d9263c9)
• docs: Add missing footnote regarding Nubus (bc6e4f8)
• nextcloud: Set admin priviledges for users in central IAM (a3e415d)
• univention-management-stack: Scaling udm-rest-api (57d0f61)
• univention-management-stack: Set Keycloak CSP header to allow session continuation in admin portal. (a398e5a)
• univention-management-stack: UMS portal-server scalability (b1b4c28)
• univention-management-stack: Univention Portal upstream codefixes version bump (c2f62f7)
• univention-management-stack: Update provisioning to fix high CPU usage when in idle (d9c23bd)

0.5.77 (2024-02-16)

Bug Fixes

• ci: Complete CI var usage for external registry (3bcdcd0)
• ci: Update openDesk CI Lint to v2.3.1 (250ef2b)
• collabora: Add chart validation (0159902)
• collabora: Bump to 23.05.9.1.1 (b525a81)
• cryptpad: Update chart to v0.0.18 (6f0b1f3)
• docs: Add functional component table referencing the component versions to README.md (bc7eeb8)
• docs: Add generated security-context.md (d9e07ff)
• element: Change name of neodatefix bot job (dd535da)
• element: Disable e2ee (ba0824b)
• helmfile: Add additional provisioning components and configuration (110ff56)
• helmfile: Add seLinuxOptions for all applications (02d04fa)
• helmfile: Annotations in image.yaml (7ebbd03)
• helmfile: Bump Collabora Chart to 1.11.1 and Image to 23.05.8.4.1 (d2b1f0b)
• helmfile: Fix annotations in images.yaml (acaec3b)
• helmfile: Fix umsPortalFrontend image annotation (8f83261)
• helmfile: Improve debugging (56f5e35)
• nextcloud: Bump openincryptpad to 0.3.3 and disable circles app (f2b8acf)
• nextcloud: Set backchannel logout url (c0fc225)
• nextcloud: Update image, nextcloud apps and chart (fd2a66f)
• nextcloud: Update nextcloud image and chart to support upgrades (5d95e7a)
• nextcloud: Update to Nextcloud to v28 (7c9f38f)
• open-xchange: Bump Gotenberg image (49f126d)
• open-xchange: Dovecot image on OpenCoDE without mirror (1396071)
• openproject: Bump version to 13.3.0 (c2087ef)
• univention-management-stack: New device login notifications on first login with 2FA (ee1a337)
• univention-management-stack: Patches not applied to uldap (2909e1d)
• univention-management-stack: Support for object-storage icons and portal files (83ac645)
• univention-management-stack: Update NGINX Helm chart to 15.9.3 (c16c0ac)
• univention-management-stack: Update otterize to allow umc-server communication with memcached (6c15dc1)
• xwiki: Add bottom border to top nav bar to be aligned with the other components (affa92c)
• xwiki: Bump XWiki chart to 1.3.0 (cabee0c)

0.5.76 (2024-01-24)

Bug Fixes

• nextcloud: Correct indent in monitoring resources (bea1413)
• services: Monitoring for minio with correct labels and there are no prometheusRule (af63e5c)
• univention-management-stack: Fix external registry for nats charts (cbb33b9)

0.5.75 (2024-01-24)

Bug Fixes

• ci: Add Kyverno CI Lint (e778a59)
• helmfile: Cleanup and small conformity fixes (db0a544)
• helmfile: Merge .yaml and .gotmpl files for Services, Provisioning, Cryptpad, Intercom-Service and Element (a49daa6)
• helmfile: Split image and helm registry (89c149a)
• univention-management-stack: UMC secure session cookie (67f7c05)
• univention-management-stack: Update guardian to version 2 (a99f338)

0.5.74 (2024-01-12)

Bug Fixes

• ci: Add opendesk-ci linter (b23152b)
• ci: Scan all images for malware on release (807b73c)
• ci: Switch to 'on_success' instead of 'always' (e1f6370)
• collabora: Migrate collabora to yaml.gotmpl file (09d001b)
• cryptpad: Bump image (90152bd)
• cryptpad: Bump image to 5.6.0 (1c4db30)
• cryptpad: Verify against GPG key (fec0d1f)
• docs: Update Helm Chart Trust Chain information (f894370)
• element: Fix rights & roles of neoboard (7daa93f)
• element: Fix rights and roles configuration (452624c)
• helmfile: Add image annotations for mirroring (41e777c)
• helmfile: Add logLevel to globals (8db9bf3)
• helmfile: Add XWiki GPG key (712605e)
• helmfile: Increase timeouts for deployment of services (3b557a8)
• helmfile: Merge fix values filename for Jitsi (7a14531)
• helmfile: Remove oci flag from charts.yaml and move user/password (2ad48b6)
• helmfile: Sort images and charts (acf6816)
• helmfile: Switch artefacts to be pulled from Open CoDE or upstream (6b3d99d)
• intercom-service: Add scaling option. (969c42a)
• jitsi: Add available securityContexts here (8f09740)
• nextcloud: Replace community Nextcloud with openDesk Nextcloud (813a2e2)
• open-xchange: Enable ICAP and merge yaml and gotmpl files (306252d)
• openproject: Consolidate env values set by Helm chart (08754cc)
• openproject: Merge yaml and gotmpl value files (45967c7)
• services: Add scaling to all services (0492420)
• univention-management-stack: Add guardian components (db749d8)
• univention-management-stack: Add missing image template for ums stack gateway and imagePullSecrets to keycloak extensions (0bf059e)
• univention-management-stack: Add ums provisioning service (d039c65)
• univention-management-stack: Bump Keycloak Bootstrap image (bb289d5)
• univention-management-stack: Bump Keycloak chart and image and provide settings for IT-Grundschutz (c2e9204)
• univention-management-stack: Keycloak clients for guardian (b30b29d)
• univention-management-stack: Provide openDesk version info for admins in portal menu (5f5a65f)
• univention-management-stack: SAML join using internal Keycloak hostname (acbef3a)
• univention-management-stack: Streamline timeouts for deployment (506ef4a)
• univention-management-stack: Updated base image (78993e1)
• xwiki: Bump Helm chart und image, fix favicon (87b6fcf)
• xwiki: Ldap group sync filter (9aa907a)
• xwiki: Update default XWiki configuration (f13f39a)
• xwiki: Update Image to include XWiki 15.10.4 (9ff6056)
• xwiki: Update to 1.2.6 and add imagePullSecrets (2d2455f)
• xwiki: Verify against GPG key (a0d5fb8)

0.5.73 (2023-12-21)

Bug Fixes

• docs: Add and reference workflow.md (0e1e875)
• helmfile: Make GPG keys to use CC0-1.0 (006e20f)
• helmfile: Pull Univention Helm charts from OCI (8d6503c)
• helmfile: Switch Helm charts to Open CoDE (0952221)
• open-xchange: Disable debug container (appsuite-toolkit) (40fb9dc)
• univention-management-stack: Add extended timeouts to Helm deployment (1f7b3ca)

0.5.72 (2023-12-18)

Bug Fixes

• collabora: Update image to 23.05.6.3.1 (8c378c6)
• docs: Update scaling.md (d342efe)
• open-xchange: Update Helm chart removing yaml templating doublettes (c21dd46)

0.5.71 (2023-12-15)

Bug Fixes

• docs: Security.md (36bbbae)
• univention-management-stack: Switch to Univention Keycloak (902076c)

0.5.70 (2023-12-14)

Bug Fixes

• univention-management-stack: Remove UCS container monolith and make UMS standard IAM (450c434)

0.5.69 (2023-12-12)

Bug Fixes

• univention-management-stack: Functional replacement for UCS container monolith, still optional. (ce38714)

0.5.68 (2023-12-11)

Bug Fixes

• jitsi: Disable IP Blacklist (6a649cb)
• open-xchange: Update to latest version (db4bfa4)

0.5.67 (2023-12-11)

Bug Fixes

• services: Use Charts from openCoDE registry (cc0daa2)

0.5.66 (2023-12-08)

Bug Fixes

• element: Update Element and Widgets (6a26299)

0.5.65 (2023-12-08)

Bug Fixes

• univention-management-stack: Bump OX Connector (83192b7)

0.5.64 (2023-12-06)

Bug Fixes

• openproject: Switch to release container and set home url link (e67ab8f)

0.5.63 (2023-12-06)

Bug Fixes

• nextcloud: Remove Talk folder (0ea5856)

0.5.62 (2023-12-06)

Bug Fixes

• nextcloud: Bump image to 27.1.4 and update Helm chart to configure "Shared_with_me" folder (d04a603)
• univention-management-stack: Update optional UMS preview state (94ae3da)

0.5.61 (2023-12-05)

Bug Fixes

• services: Fix port declaration for Postfix (bf5dcda)

0.5.60 (2023-12-05)

Bug Fixes

• ci: Ensure release creation with artifacts (dc7ce0b)

0.5.59 (2023-12-05)

Bug Fixes

• helmfile: Add configurable objectstore (3b5493d)

0.5.58 (2023-12-01)

Bug Fixes

• cryptpad: Add websocket annotation (c41643e)
• openproject: Add seederJob intent (05cc82d)
• openproject: Bump to 2.6.2 (c8bc8b3)
• services: Add NetworkPolicy section to docs/security.md (24812b6)
• services: Add Otterize based security settings (bec9a2d)
• univention-management-stack: Add Otterize annotations for jobs (2628a0e)

0.5.57 (2023-12-01)

Bug Fixes

• helmfile: Using correct private registry for postfix helm-chart (d367739)

0.5.56 (2023-11-30)

Bug Fixes

• element: Raise treshold for login rate limit to avoid too early barrier hitting normal users (466e741)

0.5.55 (2023-11-30)

Bug Fixes

• cryptpad: Update Helm chart to enable readiness and liveness probes (6d3e484)

0.5.54 (2023-11-29)

Bug Fixes

• helmfile: Add and document security context for components (519db51)

0.5.53 (2023-11-29)

Bug Fixes

• univention-managemen-stack: Integrate Attribute to Group Mapper into the containerized stack (7bbab22)
• univention-management-stack: Add Announcements icon into "umc-gateway" (7a9ecf7)
• univention-management-stack: Add Announcements module into "umc-server" (4c52a5a)
• univention-management-stack: Add branding related configuration to stack-gateway (a5f263c)
• univention-management-stack: Apply styling (b3d45c4)
• univention-management-stack: Configure openDesk branding in frontend chart (cbe8fb2)
• univention-management-stack: Document database of UMS Notifications API (3cf348c)
• univention-management-stack: Move static settings from gotmpl into yaml for umc-gateway (b3ac0ae)
• univention-management-stack: Quote all composed strings (1c35ca6)
• univention-management-stack: Remove frontend-custom (8b6a4b2)
• univention-management-stack: Set SMTP host for self-service notifications (0c7a77c)
• univention-management-stack: UMC uses external memcached (211bee9)
• univention-management-stack: Update ums-dependencies (e0c6c14)
• univention-management-stack: Update ums-dependencies (c246edd)
• univention-management-stack: Update ums-dependencies (86b4818)
• univention-management-stack: Use "stack-gateway" in all deployments (c19bca2)

0.5.52 (2023-11-28)

Bug Fixes

• ci: Open automatic MRs for new branches (735fec3)

0.5.51 (2023-11-28)

Bug Fixes

• nextcloud: Bump chart to fix central navigation (cac6abe)
• openproject: Update container and prepare for OIDC based user admin role setting (6dc92df)

0.5.50 (2023-11-27)

Bug Fixes

• ci: Add metadata for renovate processing (36aa3ed)

0.5.49 (2023-11-27)

Bug Fixes

• nextcloud: Bump image to incorporate fix for https://github.com/nextcloud/security-advisories/security/advisories/GHSA-f962-hw26-g267 (efbd814)

0.5.48 (2023-11-24)

Bug Fixes

• services: Update resource requests and remove cpu limits (f86a74b)

0.5.47 (2023-11-24)

Bug Fixes

• helmfile: Rename absolute paths on OpenCoDE to new 'opendesk' base group name (7ac2e0f)
• xwiki: Enable the sync of user profile picture from LDAP (6aa3d38)

0.5.46 (2023-11-23)

Bug Fixes

• element: Fix quotes in element chart (a447c13)

0.5.45 (2023-11-22)

Bug Fixes

• open-xchange: Add security context (db48140)

0.5.44 (2023-11-21)

Bug Fixes

• ci: Remove default BASE_DOMAIN in .gitlab-ci.yml (7ae65a3)

0.5.43 (2023-11-20)

Bug Fixes

• univention-management-stack: Update optional UMS preview state (061e588)

0.5.42 (2023-11-20)

Bug Fixes

• nextcloud: Add exporter and serviceMonitor (feed270)
• nextcloud: Bump openDesk bootstrap to 3.2.3 to support serverinfo token (ea14f95)

0.5.41 (2023-11-16)

Bug Fixes

• helmfile: Split README into docs (cd0e94f)

0.5.40 (2023-11-14)

Bug Fixes

• open-xchange: Bump Dovecot and fix out-of-office replys (55f6ba2)

0.5.39 (2023-11-14)

Bug Fixes

• univention-management-stack: Update optional UMS preview state (e231e57)

0.5.38 (2023-11-13)

Bug Fixes

• collabora: Update image to 23.05.5.4.1 (c460467)

0.5.37 (2023-11-12)

Bug Fixes

• openproject: Add bootstrapping of Nextcloud filestore (1971dfb)

0.5.36 (2023-11-10)

Bug Fixes

• element: Update Element and Widgets (97034a5)

0.5.35 (2023-11-10)

Bug Fixes

• helmfile: Eliminate some yamllint errors (1d03a6e)
• helmfile: Move ldap host variable into helpers (08811de)
• helmfile: Update charts to use proper quoting (69ea840)
• services: Add minio as service and consume by OpenProject (baa5827)

0.5.34 (2023-11-09)

Bug Fixes

• openproject: Bump helmchart and properly template OP's initdb image (0d8e92f)

0.5.33 (2023-11-09)

Bug Fixes

• cryptpad: Update security context (89ae1d9)

0.5.32 (2023-11-09)

Bug Fixes

• collabora: Resource definitions (65ce9a1)

0.5.31 (2023-11-08)

Bug Fixes

• univention-management-stack: Update optional UMS preview state (d0a0799)

0.5.30 (2023-11-06)

Bug Fixes

• collabora: Init monitoring in defaults and in collabora (for prometheus-monitor, -rules and grafana dashboard) (0ad0434)
• helmfile: Add monitoring.yaml for optional monitoring (385d81b)

0.5.29 (2023-11-06)

Bug Fixes

• xwiki: Update XWiki Helm configuration to enable LDAP and OIDC user synchronization (7c56c72)

0.5.28 (2023-11-06)

Bug Fixes

• open-xchange: Add Document- and ImageConverter, improve LDAP address book filters (899a8c5)

0.5.27 (2023-11-04)

Bug Fixes

• docs: Re-include release artefacts (4359b21)

0.5.26 (2023-11-02)

Bug Fixes

• element: Enables user directory search for all users (8fafd90)

0.5.25 (2023-11-01)

Bug Fixes

• cryptpad: Add CryptPad to support editing of diagrams.net files from within Nextcloud (ab6014f)

0.5.24 (2023-11-01)

Bug Fixes

• collabora: Update image to 23.05.5.3.1 (38336d0)

0.5.23 (2023-11-01)

Bug Fixes

• element: Update Element Web to latest release (b47de62)

0.5.22 (2023-10-31)

Bug Fixes

• openproject: Nextcloud integration within K8s instances (d249d0e)

0.5.21 (2023-10-30)

Bug Fixes

• helmfile: Deinstall components if disabled (7feaadf)
• helmfile: Put enviroments in first document inside of a yaml (034e98c)

0.5.20 (2023-10-30)

Bug Fixes

• helmfile: Remove old XWiki image, set explicit timeout for OP deployment, bump Jitsi Helm chart to enable chat for stand-alone Jitsi (5d01f8c)

0.5.19 (2023-10-30)

Bug Fixes

• element: Update Element Web and Nordeck Widgets to latest releases (2313f75)

0.5.18 (2023-10-28)

Bug Fixes

• xwiki: Switch to Alpine/Jetty slim image (b399869)

0.5.17 (2023-10-28)

Bug Fixes

• nextcloud: Update swp_integration app and prepare CryptPad integration (a046dea)

0.5.16 (2023-10-26)

Bug Fixes

• openproject: Slim container with upgraded helm-chart (535823e)

0.5.15 (2023-10-25)

Bug Fixes

• helmfile: Add XWiki Jetty and UniventionKeycloak to image.yaml for Compliance checks. They are not yet part of standard deployment. (8e376bb)

0.5.14 (2023-10-20)

Bug Fixes

• element: Support for openDesk top bar with central navigation (e609b75)

0.5.13 (2023-10-20)

Bug Fixes

• element: Configure rights and roles (59d58e3)

0.5.12 (2023-10-19)

Bug Fixes

• element: Add an application service for the intercom-service (1a4eced)
• element: Add the Matrix NeoBoard Widget deployment (5afd233)
• element: Add the Matrix NeoChoice Widget deployment (7756d35)
• element: Add the Matrix NeoDateFix Bot deployment (785989e)
• element: Add the Matrix NeoDateFix Widget deployment (27b6796)
• element: Add the Matrix User Verification Service deployment (30405d1)
• element: Upgrade Element to v1.11.46 (82a037e)
• element: Upgrade the opendesk-element charts to 2.3.0 (fd9e04d)
• element: Upgrade the opendesk-matrix-widgets charts to 2.3.0 (cbe5141)
• element: Use a separate image configuration for the bootstrap tasks (7f7c364)
• intercom-service: Allow access from the non-istio domain and reference to the correct synapse hostname (16f2ac4)
• intercom-service: Fix the nordeck configuration (06dcdd7)
• jitsi: Use template for the cluster networking domain (0898d96)
• keycloak: Use the correct backchannel logout configuration for element (86657b1)
• open-xchange: Enable Element calendar integration (f564efd)

0.5.11 (2023-10-11)

Bug Fixes

• helmfile: Quote all password template strings (fb7dba7)
• services: Add memcached service (72e3afd)

0.5.10 (2023-10-11)

Bug Fixes

• intercom-service: Update intercom-service chart to v2.0.0 (c3129f1)

0.5.9 (2023-10-10)

Bug Fixes

• element: Enable the guest module in Synapse (da1bf35)

0.5.8 (2023-10-10)

Bug Fixes

• helmfile: Add default port for SMTP in environment (74f9ec2)

0.5.7 (2023-10-09)

Bug Fixes

• openproject: Mail sender address (711d29e)

0.5.6 (2023-10-09)

Bug Fixes

• helmfile: Use signed bitnami charts from openDesk Mirror Builds (70744d0)
• services: Bump redis chart to 18.1.2 (d4c751d)

0.5.5 (2023-10-09)

Bug Fixes

• openproject: Switch image to fix central navigation; set email sender address (e42feb4)

0.5.4 (2023-10-02)

Bug Fixes

• helmfile: Add third environment (test) (7dbcbfe)

0.5.3 (2023-09-28)

Bug Fixes

• open-xchange: Rollback MariaDB version to fix OX Guard initialization (e33acd3)

0.5.2 (2023-09-28)

Bug Fixes

• ci: Add Gitlab-CI sledgehammer deployment removal (6fd655a)

0.5.1 (2023-09-28)

Bug Fixes

• docs: Add 'Helm Chart Trust Chain' section (b6b4972)
• docs: Highlight that Helmfile >= 0.157.0 is required (d86f516)
• element: Use OCI registry and verify chart signatures (a41b9a6)
• helmfile: Add cleanup flag for job resources (0f01b94)
• helmfile: Create directory for gpg pubkeys (4c5731e)
• intercom-service: Use OCI registry and verify chart signatures (74b3d41)
• jitsi: Verify chart signatures (1dd6582)
• keycloak-bootstrap: Use OCI registry and verify chart signatures (ca5d5f8)
• keycloak: Use OCI registry and verify chart signatures (095059c)
• nextcloud: Use OCI registry and verify chart signatures (41dfdc0)
• open-xchange: Use OCI registry and verify chart signatures (2d5d370)
• open-xchange: Use renamed istio gateway (65d2642)
• openproject: Use OCI registry and verify chart signatures (5343840)
• services: Add wildcard certifcate request support (15ad8ca)
• services: Bump opendesk-certificates to 2.1.0 (4372f06)
• services: Only create istio gateway with webmail domain (6a39011)
• services: Use OCI registry for all services and add gpg verify mechanism (892920b)
• univention-corporate-container: Use OCI registry and verify chart signatures (424317e)

0.5.0 (2023-09-27)

Bug Fixes

• element: Move the static configuration into the values.yaml (f22619b)
• element: Specify resources for the guest module init container (275798c)

Features

• element: Activate the guest module (5ad25ac)

0.4.9 (2023-09-27)

Bug Fixes

• nextcloud: Bump Helm chart to add app "groupfolders" (62b767e)

0.4.8 (2023-09-26)

Bug Fixes

• openproject: Digest rollback (9acce08)

0.4.7 (2023-09-26)

Bug Fixes

• helmfile: Add timeout for database services (98ec02f)
• openproject: Image digest (b340373)

0.4.6 (2023-09-26)

Bug Fixes

• openproject: Use renamed registry open_desk (a37faf3)

0.4.5 (2023-09-26)

Bug Fixes

• helmfile: Streamline timeouts (2703615)

0.4.4 (2023-09-25)

Bug Fixes

• open-xchange: Updates for mail templates and mail export (ae3d0da)

0.4.3 (2023-09-25)

Bug Fixes

• nextcloud: Update image to 27.1.1 (ce7e5f6)

0.4.2 (2023-09-21)

Bug Fixes

• nextcloud: Add Nextcloud app for OpenProject integration; Bump Collabora Image (f46c8a9)

0.4.1 (2023-09-19)

Bug Fixes

• univention-management-stack: Remove doublette triple dashes in helmfile.yaml (41b9afb)

0.4.0 (2023-09-18)

Features

• ci: Optionally trigger E2E tests of the SouvAP Dev team (a99c088)

0.3.2 (2023-09-14)

Bug Fixes

• helmfile: Fix linter issues (1514678)
• univention-management-stack: Add "commonLabels" into helmfile (16c08f8)
• univention-management-stack: Add Helm charts (a74d662)
• univention-management-stack: Add switch "univentionManagementStack.enabled" (471a2fa)
• univention-management-stack: Adjust Ingress configuration for portal-server (13bcd78)
• univention-management-stack: Adjust Ingress configuration for umc (320da3b)
• univention-management-stack: Adjust Ingress configuration of notifications-api (5e1a7b1)
• univention-management-stack: Adjust ingress configuration of the portal-frontend (c54bab1)
• univention-management-stack: Adjust Ingress configuration of udm-rest-api (c61b1b8)
• univention-management-stack: Adjust Ingress conifguration of store-dav (96097e4)
• univention-management-stack: Configure cookie banner data (12c931f)
• univention-management-stack: Define resource requests and limits (2f8a298)
• univention-management-stack: Disable istio for the stack (4835a2b)
• univention-management-stack: Prepare persistence configuration (7ab1cb5)
• univention-management-stack: Process bases before releases (ec3f1d9)
• univention-management-stack: Set externalDomainName for bootstrapping the stack (0ba71f2)
• univention-management-stack: Split templated from static values (09079a1)
• univention-management-stack: Split values into templated and static (d3c4390)
• univention-management-stack: Update portal-listener to leverage dependency waiting (c840608)
• univention-management-stack: Use global secrets to fill initialPasswordAdministrator (a4bab40)
• univention-management-stack: Use global secrets to populate ldap related secrets (9409ad8)
• univention-management-stack: Use global secrets to set store-dav related passwords (90019e3)
• univention-management-stack: Use ldap base DN "dc=swp-ldap,dc=internal" (77e362f)
• univention-management-stack: Use postgresql service for notifications-api (fe0e0cd)
• univention-management-stack: Use the prefix "ums-" for all releases (edb25bd)
• univention-management-stack: Use the value "global.imagePullPolicy" (15db5dc)

0.3.1 (2023-09-14)

Bug Fixes

• collabora: Update Ingress annotations and set securityContext (b5583ca)
• element: Improve default container security settings (882f1fb)
• element: Update opendesk element version to 2.0.1 (d725b93)
• helmfile: Remove default SMTP credentials and create docs for SMTP/TURN (e120f5f)
• helmfile: Update images and use a tag and digest together (c7fc187)
• services: Explicitly set securityContexts (a799db0)
• services: Update Postfix to 2.0.2 fixing security gaining (e1070ee)

0.3.0 (2023-09-12)

Features

• ci: Selective tests (d2e7ac9)

0.2.10 (2023-09-06)

Bug Fixes

• helmfile: Add imagePullPolicy default env variable (f988644)
• helmfile: Update images and add jitsi, keycloak to security section in docs (0eceb85)
• jitsi: Update chart to 1.4.2 with improved security and fixed change on each deployment (1349181)
• jitsi: Update jitsi to 1.5.1 and fix prosody image (ed7e5e4)
• keycloak: Improve default security settings (3b90533)
• nextcloud: Fix yamllint disable comment (4380e78)
• services: Disable https redirect in istio to fix cert-manager issues (1ef4a86)
• services: Fix capabilities of postifix (a6fa846)
• services: Fix OCI registry address of postgresql, mariadb (be82243)

0.2.10 (2023-09-06)

Bug Fixes

• helmfile: Add imagePullPolicy default env variable (f988644)
• helmfile: Update images and add jitsi, keycloak to security section in docs (0eceb85)
• jitsi: Update chart to 1.4.2 with improved security and fixed change on each deployment (1349181)
• keycloak: Improve default security settings (3b90533)
• nextcloud: Fix yamllint disable comment (4380e78)
• services: Disable https redirect in istio to fix cert-manager issues (1ef4a86)
• services: Fix capabilities of postifix (a6fa846)
• services: Fix OCI registry address of postgresql, mariadb (be82243)

0.2.9 (2023-09-05)

Bug Fixes

• collabora: Add websocket support for NGINX Inc. Ingress (6e5ef63)
• docs: Add security part in README (ff462ab)
• docs: Update scaling docs (63a1e25)
• helmfile: Reduce icap resources in default enviroment (c5ab1b8)
• helmfile: Update clamav and nextcloud images in default environment (4f2a8ae)
• nextcloud: Add support for up to 4G large upload for Ingress NGINX and NGINX Inc. Ingress (6e68f7f)
• nextcloud: Rename sovereign-workplace-nextcloud-bootstrap to opendesk-nextcloud-bootstrap and use OCI (cef11ac)
• nextcloud: Use clamav-icap when clamavDistributed is activated (41d40c9)
• services: Enable security context and use default increased security settings (9a6d240)
• services: Fix image registry templates for postfix (6321ff5)
• services: Replace image digest by tag (f758293)
• services: Set readOnlyRootFilesystem to true on master (5fbf86b)
• services: Update clamav to 4.0.0, redis to 18.0.0, postgresql to 2.0.2, mariadb to 2.0.2 and use OCI registries (9d78664)

0.2.8 (2023-08-31)

Bug Fixes

• open-xchange: Update images and Helm chart (39565c7)

0.2.7 (2023-08-30)

Bug Fixes

• jitsi: Update Jitsi Helm chart to set the user's display name as default (387bd87)

0.2.6 (2023-08-30)

Bug Fixes

• ci: Change path of asset_generator (6ab4fa0)
• ci: Include deployment environments (0f59736)
• ci: Release artefacts (2a61b5f)

0.2.6 (2023-08-30)

Bug Fixes

• ci: Change path of asset_generator (6ab4fa0)
• ci: Include deployment environments (0f59736)
• ci: Release artefacts (2a61b5f)

0.2.6 (2023-08-30)

Bug Fixes

• ci: Change path of asset_generator (6ab4fa0)
• ci: Release artefacts (2a61b5f)

0.2.5 (2023-08-30)

Bug Fixes

• xwiki: Theming and language of central navigation (3d4d45f)

0.2.4 (2023-08-29)

Bug Fixes

• element: Apply the global theme to Element (7f7eae8)

0.2.3 (2023-08-29)

Bug Fixes

• ci: Add central branding information (a14c42f)

0.2.2 (2023-08-16)

Bug Fixes

• jitsi: Allow configuration of LoadBalancer status field for patchJVB job (7491582)
• open-xchange: Explicitly disable core-ui-middleware ingress (06dc7a1)

0.2.1 (2023-08-16)

Bug Fixes

• keycloak: Increase proxy-buffer-size for ingress-nginx (d8adcc4)

0.2.0 (2023-08-15)

Bug Fixes

• helmfile: Replace bitnami repositories with OCI (4c21fd2)

Features

• helmfile: Implement private image/chart registry variables (5788323)

0.1.2 (2023-08-15)

Bug Fixes

• jitsi: Update support for NodePort setups with different ingress/egress ips (de25789)

0.1.1 (2023-08-14)

Bug Fixes

• open-xchange: Bump dovecot and sovereign-workplace-open-xchange-bootstrap to 1.3.0 with image digest support (53796da)
• open-xchange: Bump sovereign-workplace-open-xchange-bootstrap to 1.3.1 (390f2de)

0.1.0 (2023-08-14)

Bug Fixes

• docs: Typo (ee684a7)

Features

• element: Add element component (5f0ca92)

0.0.6 (2023-08-14)

Bug Fixes

• open-xchange: Functional mailboxes auth settings update in AppSuite and Dovecot (53948ea)

0.0.5 (2023-08-11)

Bug Fixes

• keycloak: Improve digest image pinning (b8a8932)

0.0.4 (2023-08-11)

Bug Fixes

• jitsi: Fix identifiers in resources (3a0b246)

0.0.3 (2023-08-10)

Bug Fixes

• keycloak: Keycloak extensions sha256 image pinning, includes fix for failing keycloak extension handler on unavailable SMTP relay. (27ce715)

0.0.2 (2023-08-10)

Bug Fixes

• services: Remove fqdn from dovecot in postfix (2033c76)

0.0.1 (2023-08-10)

Bug Fixes

• ci: Add 'qa' cluster (43e94f8)
• ci: Deploy provisioning in separate/later stage (ef1cb75)
• collabora: Bump to 23.05.2.2.1 and add capabilites to non containerd k8s clusters (2652b26)
• collabora: Image version bump from 23.05.1.2.1 to 23.05.1.2.2 (3bf7dae)
• collabora: Remove MKNOD capabilities (2f18734)
• docs: Cleanup and enhance README.md and CONTRIBUTING.md (cc5f88c)
• helmfile: Allow selection of environments when installing from root helmfile (8ce01df)
• helmfile: Comment out Open-Xchange Appsuite 8 Deployment until is publicly available (cb65baa)
• jitsi: Fix wrong parameter for jitsiPatchJVB tag (fb3fca2)
• nextcloud: Add Istio domain on integration for read/write contacts with Open-Xchange (b235685)
• provisioning: OX-Connector inits contexts and accessprofiles first, profile pictures are now provisioned (94552a3)
• provisioning: Update OX-Connector image (3cc7ba9)
• services: Bump postgresql chart to 2.0.0 (e609bf3)
• services: Specify dovecot with fqdn (59d64de)
• services: Update mariadb Chart to 2.0.0 (f39811c)
• univention-corporate-server: Update image to improve pod restarting behaviour (57dea1e)
• xwiki: Remove init job as XWiki now does the required bootstrapping internally; Restartability works now as expected (8425c10)
• xwiki: Use external-registry for image download (841bfb6)

Features

• ci: Add release-automation and linting (82bf038)
• ci: Support for MASTER_PASSWORD to be set on Gitlab Settings > CI/CD > Variables (e7d68ea)
• ci: Triggered tests (23fc3c4)
• docs: Update various chapters and structure (42232db)
• helmfile: Add capabilities for a RWO deployment (d5190cd)
• helmfile: Remove environment specific values to use cluster defaults (4fb86b5)
• helmfile: Remove environments and replace with generic one (ef7d75f)
• nextcloud: Rename to sovereign-workplace-nextcloud-bootstrap and bump to 2.2.0 (84de627)
• open-xchange: Add service type for dovecot (c9a763f)
• open-xchange: OX AppSuite 8 within SWP is now publicly available (6dc470f)
• services: Add clamav-simple deployment (505f25c)
• sovereign-workplace: Initial commit (533c504)