Release notes

• User search provides information about user type (regular, app, legacy bot) now. Also, Elasticsearch re-indexing requires postgres access now. If you run brig-index directly anywhere, make sure to add the relevant settings. The Elasticsearch index must be refilled from Cassandra in order for the changes to the search results to take effect. See https://docs.wire.com/latest/developer/reference/elastic-search.html?h=index#refill-es-documents-from-cassandra (#4913, #4957)

• Conversation codes can now be migrated to PostgreSQL. For existing installations:

  • Set postgresMigration.conversationCodes: migration-to-postgresql in both galley and background-worker.
  • Run the backfill with migrateConversationCodes: true.
  • Wait for wire_conv_codes_migration_finished to reach 1.0.
  • Switch to postgresMigration.conversationCodes: postgresql and disable migrateConversationCodes. (#4961)

• The background-worker defaults for the postgres migration now match galley and point to cassandra (previously postgres). This currenlty only affects the background job, which is not expected to run before postgres is in use. However, if you relied on the defaults after migrating to postgres, please update your config to keep using postgres. (#4965)

• Drop support for kubernetes versions below 1.27 (#4969)

API changes

• New end-point GET /teams/:tid/apps listing all team apps. (#4960)

• Add type field to search results received from GET /search/contacts (#4913)

Features

• nginx-ingress-services: Add federator.tls.issuer option to use a separate ClusterIssuer for federation mTLS certificates. (#4964)

• Log changes to IdP configurations made via the IdP REST API to syslog. (#4935)

• Allow commit bundles to contain one application message. The message must be for the epoch after the commit, and it gets sent after the commit has been accepted. (#4929)

Bug fixes and other updates

• background-worker's default settings for postgresMigration have been correctly set to cassandra. (#4965)

Internal changes

• Circumvent potential performance issue with TVar (Map ...) (#4948)

• Migration of conversation codes from cassandra to postgres (#4959, #4961)

• • Test for team and user email templates added
  • Refactoring to make email rendering testable
  • Removed SMS and call templates (#4699)

• Drop cryptobox, handle prekey in pure Haskell. (#4719)

• Move Feature Flags read to wire-subsystems. (#4918, #4974)

• Federator: Replace Linux-only hinotify with cross-platform fsnotify library
  for certificate file monitoring. This enables native file system watching
  on both Linux and macOS, removing the need for platform-specific stubs. (#4955)

• Simplify and modernize the Nix setup of rusty-jwt-tools. This includes
  updating to version 0.14.0. (#4952)

Release notes

• Operators: if you override galley.settings.featureFlags.cells in your Helm values, update your override to include the newly required cells config fields (channels/groups/one2one/users/collabora/publicLinks/storage/metadata); if you use the chart defaults, no action is needed. (#4903)

API changes

• Create new API version V15 and finalize API version V14 (#4942)

• The PUT /teams/:tid/features/cells endpoint has changed in API version V14 and requires additional config values. (#4903)

• Add new fields to apps: category, description, creator (#4879)

• Add "get app" endpoint to Brig (GET /teams/:tid/apps/:id) (#4879)

• Add pagination to SCIM groups in Spar /scim/v2/Groups

Features

• Add meetingsPremium feature flag to distinguish premium teams from trial teams. Meetings created by premium team members are marked as non-trial. Public endpoints: GET/PUT /teams/:tid/features/meetingsPremium. Internal endpoints: GET/PUT/PATCH /i/teams/:tid/features/meetingsPremium and lock status management.

  Add meetings feature flag to control access to the meetings API. When disabled, all meetings endpoints return 403 Forbidden. The feature is enabled and unlocked by default. Public endpoints: GET/PUT /teams/:tid/features/meetings. Internal endpoints: GET/PUT/PATCH /i/teams/:tid/features/meetings and lock status management. (#4915)

• New team feature config cellsInternal (#4889, #4907, #4940)

• The cells feature flag now contains a set of additional configuration values (#4903)

• nginx-ingress-services chart: Add support for cert-manager Certificate
  privateKey rotation policy configuration. This allows preserving private
  keys across certificate renewals for client key pinning scenarios.

  Configuration options:

  • tls.privateKey.rotationPolicy - for ingress certificates
  • federator.tls.privateKey.rotationPolicy - for federator certificate

  Setting rotationPolicy to "Never" preserves the private key, enabling
  scenarios where clients pin the server's public key rather than the
  certificate itself. (#4945)

• Allow configuring page size and parallelism for conversation migration to
  PostgreSQL. This can be configured like this:

  background-worker:
    config:
      migrateConversationsOptions:
        pageSize: 10000
        parallelism: 2

  (#4904)

• Introduce new metrics for better tracking of conversation migration to postgresql:

  1. wire_local_convs_migration_failed
  2. wire_user_remote_convs_migration_failed

  If any of these become 1, it means the migration has failed. The logs would
  contain the error. In order to restart the migration, the background-worker must
  be restarted. (#4891)

• Commits with a broken group info are now let through if the group was already broken (#4883)

• When a SAML IdP is created on a multi-ingress domain (implying that
  multi-ingress domains are configured in Spar) the domain is added as domain
  field to that IdP's extraInfo (WireIdP type in Haskell.) To avoid confusion
  in later lookups, at most one IdP can be configured per multi-ingress domain.
  If multi-ingress is not configured or it's not configured for the specific
  domain, no domain field gets added to the IdP. This guards against creating
  multiple IdPs and then assigning them to multi-ingress domains. Thus, users who
  don't use multi-ingress don't observe any change. This feature only opens the
  door to later provide an IdP for a multi-ingress domain. (#4778)

Bug fixes and other updates

• Fixed notification endpoint returning an empty page with hasMore=true (#4871)

• Fix SCIM groups endpoint to only return SCIM-managed groups, not wire-managed groups (#4906)

• Fixed: change user idp, external_id or emails via scim (scim user update / patch failed to update parts of ValidScimId). (#4887)

• Add <?xml version="1.0" encoding="UTF-8"?> to SAML/XML output. (#4898)

• Make Swagger schema instances for GET /search/results and GET /teams/{tid}/search distinct (#4921)

• Fix swagger docs for GET and POST on /conversations/{cnv}/code to show
  that the response will always include the uri field. (#4911)

• Reduce gc_grace_period for all conversation related tables to 1 day. This will
  help restart the postgresql migration after a day, if it fails mid way. Lowering
  it too much runs the risk of offline nodes resurrecting deleted data. (#4899)

• Make underlying users for apps findable from GET /search/contacts (#4920)

• Reject messages in MLS groups while in epoch 0. (#4811)

• Optimize Postgresql queries for getting conversation members (#4896, #4896)

• Since 5.23.23 (5866bab) RabbitMQ settings are
  mandatory for Brig in both, federated and non-federated setups. Unfortunately,
  this wasn't reflected in Brig's Helm chart. So, non-federated deployments were
  failing. (#4886)

Internal changes

• Upgrade nixpkgs and dependencies (icluding GHC from 9.8 to 9.10) (#4909)

• Upgrade ormolu to match GHC 9.10. (#4923)

• Fix postgres migrations on CI test runs (#4931)

• Add mls-users tool to list all active users that don't support MLS. (#4888)

• Add a golden test for IdP (de-) serialization to ensure the format doesn't change due to future developments. (#4927)

• Explain MultiIngressSSO test helper functions a bit better. (#4882)

• Use nix flakes instead of niv and manually pinned git dependencies (#4933)

Release notes

• Background-worker configuration: required values when supplying your own Helm values

  Add the following fields under background-worker:

  • config.federationDomain
  • config.postgresql
  • config.cassandraBrig
  • config.cassandraGalley
  • secrets.pgPassword

  Notes

  • config.cassandra (for gundeck) already exists; no change needed.
  • config.backgroundJobs and config.postgresqlPool have defaults; override only if needed.
  • config.postgresMigration.conversation defaults to postgresql; change only if migrating conversations to PostgreSQL.
  • config.brig and config.gundeck endpoints have in-cluster defaults; override only if your service DNS/ports differ.

  PostgreSQL migration note

  • Conversation migration settings have to be aligned across galley and background-worker.
    See docs/src/developer/reference/config-options.md for the full migration steps and configuration details. (#4797)

• Starting this release, existing deployments can migrate the conversation data to
  PostgreSQL from Cassandra. This is necessary for channel search and management
  of channels from the team-management UI. It is highly recommended to take a
  backup of the Galley Cassandra before triggering the migration.

  The migration needs to happen in 3 steps:

  1. Prepare wire-server for migration.

     This step make sure that wire-server keep working as expected during the
     migration. To do this deploy wire-server with this config change:

     galley:
       config:
         postgresMigration:
           conversation: migration-to-postgresql
     background-worker:
       config:
         migrateConversations: false
         postgresMigration:
           conversation: migration-to-postgresql

     Once set to migration-to-postgresql, do not switch back to cassandra.

     This change should restart all the galley pods, any new conversations will
     now be written to PostgreSQL.

  2. Trigger the migration and wait.

     This step will actually carry out the migration. To do this deploy
     wire-server with this config change:

     background-worker:
       config:
         migrateConversations: true
         postgresMigration:
           conversation: migration-to-postgresql

     This change should restart the background-worker pods. It is recommended to
     watch the logs and wait for both of these two metrics to report 1.0:
     wire_local_convs_migration_finished and wire_user_remote_convs_migration_finished.
     This can take a long time depending on number of conversations in the DB.

  3. Configure wire-server to only use PostgreSQL for conversations.

     This will be the configuration which must be used from now on for every new
     release.

     galley:
       config:
         postgresMigration:
           conversation: postgresql
     background-worker:
       config:
         migrateConversations: false
         postgresMigration:
           conversation: postgresql

  (#4810)

• This release introduces a breaking change in the databases-ephemeral and redis-ephemeral Helm charts.

  The upstream Helm chart used for redis-ephemeral has been replaced to enable an upgrade to Redis 7.4.6 (previously based on the Bitnami chart). As a result, the Redis service hostname has changed from
  {{ .Release.Name }}-master → {{ .Release.Name }}.

  Please update the gundeck.config.redis.host value in the wire-server configuration accordingly.

  The updated Helm chart only supports standalone deployments.

  If you are providing custom values to the databases-ephemeral or redis-ephemeral releases, make sure to review the documentation for redis-ephemeral and its upstream Helm chart to ensure compatibility with this update. (#4845)

API changes

• Change federation-not-implemented error status from 500 to 422. (#4855)

• Create new API version V14 and finalize API version V13 (#4860)

• All events of type conversation.* would also contain a field via which can
  either be "user" or "scim". When the value is "scim", the from and
  qualified_from fields must be ignored. They exist only for backwards
  compatibility. (#4797)

Features

• Allow collaborator permissions to be updated in a team. (#4697)

• Add support for SCIM managed UserGroup deletion. (#4833)

• Add PUT /conversations/:domain/:conv_id/members endpoint to atomically replace conversation members. (#4819,#4838)

• Add users of user groups to a channel in asynchronous background worker job (#4797)

• Add GET /teams/:tid/channels/search endpoint for listing and searching channels (#4821, #4836)

• Support migration of all conversation data to Postgresql. (#4810)

• Get scim groups by id with scim. (#4831)

• Return informative diagnostics on group info mismatch (#4788)

• Add field to mls feature for enabling group info diagnostics per team (#4788)

• Allow configuring postgresql pool paramters. In brig and galley helm charts, the paramters can be configured like this:

  postgresqlPool:
    size: 100
    acquisitionTimeout: 10s
    agingTimeout: 1d
    idlenessTimeout: 10m

  (#4828)

• New metrics on postgres connection pool health. Example:

  $ curl -s http://localhost:8082/i/metrics | grep wire_hasql_pool_session_count
  wire_hasql_pool_session_count 118.0
  

  Grep output for hasql to see all gauges and counters. (#4834)

• Add configurable large_client_header_buffers to nginz helm chart for handling large SAML SSO responses (#4816)

• Return an error when receiving a message or commit bundle for a conversation that is out of sync (#4854)

• Create user groups with SCIM. (#4848)

• Get scim groups by substring of displayName. (#4853)

• Return group members as part of the search result in SCIM groups. (#4859)

• Update / (de-)populate SCIM groups with SCIM. (#4829)

Bug fixes and other updates

• Filter out non-searchable team members in GET /teams/:tid/members (#4826)

• Fixed: team admin attempting to manage a channel received 403 errors when they were also a member of that channel with conversation_role wire_member (#4847)

• The result of GET /teams/:tid/channels/search is now ordered case-insensitively (#4870)

• Make emails visible for team admin under POST /list-users (#4852)

• Fix kubectl image tag in reaper and restund charts to use correct version. v1.32.4 is the last tag of the 1.32 series. (#4827)

• Move searchable field matching from boost to filter part of the Elastic Search query. (This is a non-functional change, it only improves clarity.) (#4849)

• Disable out of sync MLS error on older backends (#4869)

Documentation

• Updated OpenAPI docs for the PUT /conversations/:domain/:id/members endpoint (#4861)

• Add troubleshooting documentation for "414 Request-URI Too Large" errors during SAML SSO login (#4816)

Internal changes

• Move /services/brig/deb/opt/brig/templates => libs/wire-subsystems/templates.

  (because it'll be needed in galley any moment now.) (#4830)

• Fix: Inappropriate 500 errors removed from BrigAPIAccess interpreter (#4865)

• Fix the add-license Makefile target and add missing license headers. (#4851)

• Keep track of out of sync mls groups (#4837)

• Remove unused redis-cluster chart (#4846)

• In the past, we built wire-server with Stack. Now, we’re using Cabal. Some traces of stack were still around in our project setup. These have been removed them to decrease build times and avoid confusion. (#4850)

Release notes

• Team user search role filter has been fixed and results now include each member's team role. Note: existing search index documents will only show roles after a reindex or when users get updated; newly created or updated users populate their role automatically. (#4728)

• Elasticsearch/OpenSearch mapping updated for team user search to support filtering by unverified email addresses. For the new filter email=verified|unverified on GET /teams/{tid}/search to work as intended, it is necessary to create a new index and re-index the data either by migrating to a new index or by recreating the index.

• Allow storing conversation data in postgres.

  This is currently not the default and is experimental.
  The migration path from Cassandra is yet to be programmed.

  However, new installations can use this by configuring the wire-server helm
  chart like this:

  galley:
    config:
      postgresqlMigration:
        conversation: postgresql

(#4764)

API changes

• Stub endpoints for enterprise provisioning (only in V13) (#4743)

• Finalize API Version V12, start new develop version V13. (#4817)

• The blocked domains feature
  (optSettings.setCustomerExtensions.domainsBlockedForRegistration) is now
  more strict: It is not only forbidden to register users with these domains in
  their email addresses, but also to change a user's email address to one of
  these domains.

  This affects the endpoints:

  • /register (as before)
  • /activate/send
  • /users/{uid}/email
  • /i/self/email (internal endpoint)
  • /access/self/email
  • /i/teams/{tid}/invitations (internal endpoint)
  • /teams/{tid}/invitations (#4624)

Features

• Allow collaborator to be removed from a team. (#4694)

• Add PodDisruptionBudget for Backoffice (#4751)

• Implement user-groups channels association (/user-groups/{gid}/channels). (#4783)

• Implement channels and channelsCount in user-groups endpoints. (#4776)

• Add entreprise-provisioning, a CLI to batch provision various entities, currently, creates and associate channels to existing user-groups. (#4790)

• Brig: Add optional email query parameter to GET /teams/{tid}/search ("browse-team"). (#4774)

• Add feature flag for "simplified user connection requests" QR codes
  (simplifiedUserConnectionRequestQRCode). As it has been implicitly enabled
  before - there was no way to turn it off - it's enabled by default. (#4763)

• Added user group endpoints to nginz config (#4744)

• New endpoint to update the users of a user group (#4768)

• Include total count in user group list/search responses (#4773)

• Allow updates of SCIM users by SCIM even if E2EID is enabled (#4772)

• Add global AssetAuditLog feature flag (#4779)

• cargohold: add asset audit logging (#4782, #4784, #4787)

• Add searchable field to users, users who have it set to false won't be found by the public endpoint.
  Add POST /users/:uid/searchable endpoint where team admin can change it for user.
  Add /teams/:tid/search?searchable=false, where the query parameter makes it return only non-searchable users. (#4786)

• Add user group ids to team member search result (#4809)

• Add endpoint for a team admin to get a new app cookie (#4769)

• Introduce apps and the corresponding creation endpoint POST /teams/:tid/apps. (#4696)

• Add stealthUsers feature flag (#4803)

• Remove user from all user groups on deletion (#4781)

• Add type field to user profiles. The possible values are "regular" for regular users, "bot" for services and "app" for apps. (#4758)

Bug fixes and other updates

• The role filter of the team search is fixed (#4728)

• Changed Swagger data type Pict from {} which is interpreted as string to
  {"type":"object"}. Also, static Swagger specifications of earlier API versions
  have been adapted. (#4785)

• Added nginz rules for missing endpoints (#4808)

Documentation

• add documentation on setting up federated calling (#4796)

• Update multi-ingress deeplink documentation to have a better example (#4807)

Internal changes

• Add a preStopHook to gundeck helm chart to avoid spurious 500s on gundeck restarts. (#4730)

• Add hls.json to .gitignore. It's only useful in specific editor setups. (#4747)

• New make rule and python script for creating /postgres-schema.sql. (not hooked into CI yet) (#4760)

• Add postgres dynamic query builder (#4812)

• charts/{redis-ephemeral,reaper}: switch away from non-working bitnami registry (#4792)

• Update kubectl, restund, redis-cluster, and rabbitmq images to use bitnamilegacy registry (#4791)

• Switch reaper and restund kubectl images to bitnamilegacy registry to ensure shell access compatibility (#4801)

Release notes

• Increase the default of setChallengeTTL from 2 to 7 days in Brig's Helm chart. (#4737)

Features

• Introduce galley.conversation.parent_conv to support shadow conversations. (#4708)

• Add an endpoint to allow team admins to bulk add users to user groups. (#4712)

• Add member count to user group list endpoint. (#4714)

Bug fixes and other updates

• Fix bug in reset logic for one2one conversations (#4735)

Internal changes

• Refactoring of store effects in galley as a prerequisite for the postgres migration (#4732, #4738, #4740)

• Unused UserGroup User events were removed (#4734)

• Update nixpkgs (source of dependencies) to latest of unstable
  channel.
  This has no specific reason other than preventing tech-debt. (#4733)

API changes

• Create new API version V12 and finalize V11 (#4724)

Features

• New team feature config for chat bubbles (#4711)

• New team feature config for apps (#4715)

Internal changes

• Fix race condition during postgres migrations in integration tests (#4723)

• Improve logging on RabbitMQ connection (#4716)

• Add PodDisruptionBudgets to service charts; render only when replicas > 1 (#4720)

• charts/nginz: Make k8s dns resolver service configurable for nginz (#4726)

Release notes

• The wire-server now uses quorum queues for user notifications, communicating
  with cells and for watching dead lettered user-notifications. These were
  previously declared without any type making them "classic" RabbitMQ queues.

  The transition is unfortunately not automatic. There are no official clients of
  wire-server which use these queues, so in most cases there should only be two
  queues which need to moved over:

  1. cells_events
  2. dead-user-notifications

  If there are no other classic queues and no cells server is deployed, the steps
  of upgrade are very simple:

  1. Delete these queues
  2. Deploy the new version of wire-server

  Please note that rolling back this deployment would not be possible unless these
  queues are deleted again.

  In case there are other classic queues of format
  user-notifications.<user-id>.<client-id> or if a cells server is configured,
  then this ugprade would require some downtime. The steps are documented on
  RabbitMQ blog:
  https://www.rabbitmq.com/blog/2023/03/02/quorum-queues-migration#in-place-migration

API changes

• New end-point GET /user-groups?... for filtering, sorting, and pagination. (#4607)

Features

• Allow team collaborators with implicit_connection permission to create and query a One2One conversation with a team member. (#4692)

• Introduce new feature config consumableNotifications, it should be used by
  clients to determine whether they should use the consumable-notifications
  feature. This will not be enforced by the server. (#4689)

• Do not deliver client specific notifications to temporary clients. (#4703)

Bug fixes and other updates

• Fix bug where reset action was returning "invalid-op" for non-group conversations (#4702)

Internal changes

• Move user creation to UserStore (#4695)

• Fixed 504 errors when trying to reach services in other namespaces. (#4701)

• charts/nginz: remove nginz_disco script and sidecar container, and replace outside upstreams.txt file by an inline block, making use of 'resolve' keyword to directly reference DNS names inside the kubernetes cluster. (#4663)

Release notes

• Galley now requires a connection to PostgreSQL. This can be configured similar to brig using configs galley.config.postgresql and galley.secrets.pgPassword. Galley must use the same PostgreSQL instance as brig. (#4677)

API changes

• Create new API version V11 and finalize V10 (#4510, #4684)

Features

• New immutable feature config allowedGlobalOperations with MLS conversation reset option (#4671)

• Add endpoints to add team collaborators ("bots") and query all for a team. (#4659)

• Add option to check group info consistency on every MLS commit (#4670)

• Allow team collaborators to create team conversations. (#4677)

Bug fixes and other updates

• Prevent typing indicator notification being send to own clients (#4658)

• background-worker: Set metric gauge wire_background_worker_running_workers to 1 when a worker is running instead of 0. (#4662)

Internal changes

• The chart for nginx-ingress-controller has been removed (#4675)

• Do not log KilledByHttp2ThreadManager error thrown by http2 client (#4672)

• A rate limit error from an internal call to i/users/:uid/reauthenticate will now be propagated to the external caller (#4673)

• Dedicated error label for MLS leaf node signature validation failure (#4665)

• Include the new group ID in the MLS conversation reset event (#4669)

• Log AMQP consumer cancellations in backend notification pusher. (#4634)

• Decrease backendNotificationPusher.remotesRefreshInterval for local
  integration tests to give it a better chance to run between test executions. (#4634)

• Make make devtest make rule work for other packages. (#4667)

Release notes

• charts/cannon: There is a new configuration value called
  config.notificationTTL, this defaults to the same value as gundeck. If it is
  overriden in gundeck, it must also be overriden in cannon. (#4631)

API changes

• Finalize API version V9 (#4645)

• Add the TeamId to the payload of conversation.delete events. The field's
  path is team. (#4618)

Features

• Allow team admin to query channel data (#4633, #4635)

• Brig setting to en-/disable ephemeral user creation (#4630)

• Allow team admin to remove members from a channel (#4620)

• background-worker: New gauge metric wire_background_worker_running_workers,
  contains label worker for each worker. Set to 1 when the worker is running,
  set to 0 when the worker is not running. (#4652)

• cannon: Replace message count mechanism with detecting the end of initial sync (#4631)

• The /events websocket will close a connection when it detects client inactivity. The inactivity behaviour can be controlled by setting the cannon options wsOpts.activityTimeout and wsOpts.pongTimeout. After wsOpts.activityTimeout microseconds of client inactivity (including no pings), the server sends a ping, and waits for a corresponding pong for wsOpts.pongTimeout microseconds. If no pong is received within this time window, the connection is terminated. (#4636)

Bug fixes and other updates

• Team name removed from team invitation email template (#4654)

• gundeck: Send push notifications to clients with consumable-notifications capability (#4626)

• Avoid returning duplicate user search results when handle matches exactly (#4656)

• background-worker/dead-user-notifs-watcher: Reconnect when connection with RabbitMQ is broken (#4652)

• Generated Swagger docs differed from the ratified ones for versions up to V9
  regarding the get-all-registered-domains
  (/teams/{teamId}/registered-domains) endpoint: The backend_url became part
  of the backend object which should be introduced with V10. As teams do not
  set backend redirects this should not be seen in practice. (#4647)

Documentation

• Add documentation on self-deleting messages and setting custom time-frames for operators (#4650)

Internal changes

• Upgrade RabbitMQ to version 4.x locally and on CI (#4639)

• No ack for message_count event (#4625)

• More test on validation of scim-provisioned emails. Cleanup of code and internal APIs. (#4617)

• Fix false positive warning of members not being present in remote conversations. (#4644)

• Updated email templates to v1.0.130 (#4648)

• Updated email templates to v1.0.133 (#4655)

• Limit the amount of unacknowledged messages the RabbitMQ notifications consumer
  receives to 100. Beyond this limit, received messages have to be acknowledged
  to receive new ones. This prevents overloading the consumer with new messages. (#4615)

• Timestamps for failing integration tests. (#4638)

Release notes

• Behavior of email validation in the context of SCIM user provisioning has changed: if your users receive a validation email on address change, you need to do nothing. If they don't, the behavior changes: before this release, the email address was only used as SCIM external_id, not to send emails to the user, because there was no validation step. With this release, the default behavior is that SCIM has the authority to auto-validate email addresses, and no further user action is needed.

  Consider changing the validateSAMLEmails feature flag value for some teams, or the default for your instance accordingly.

  The old behavior for validateSAMLEmails == disabled (no validation email, but also no valid email address) is not supported any more. We suggest you use something as external_id that is not an email address if you want that. (#4612)

API changes

• Add a new endpoint /mls/reset-conversation which can be used to restore an MLS group that ended up in an invalid state for any reason. After resetting, the conversation has the same users, but the corresponding MLS group gets a new group ID and resets to epoch 0 with no clients.

  Users on backends that don't support reset are kicked out of the conversation upon reset, and no such user can join afterwards.

  A new event type conversation.mls-reset has been added, and is sent to all members of a conversation when it is reset. (#4558)

Features

• Auto activate SAML emails if validateSAMLEmails feature is disabled (#4612)

• Add update, delete, add/remove users to UserGroups. (#4600, #4604, #4605)

• Send notifications on user group updates (#4600)

• Team admin can add user to a channel (#4574)

• Allow team admin to change the name of a channel (#4584)

• Endpoint to get the current server time (#4606)

• Add support for AWS Signature V4 authentication header to ZAuth (#4593)

Bug fixes and other updates

• Do not allow ephemeral users to search for contacts (#4609)

Internal changes

• Send cells notification when cells feature is updated (#4614)

• Send message count to websocket on connect (#4608)

• Add proxy_connect_timeout to nginz's configuration. Otherwise, not answering
  services (e.g. due to network issues) can delay requests/response for a very
  long time. (#4610)

• nginz: Set Z-Timestamp header when proxying requests (#4593, #4611)