Changed

• [x] Renamed SMB logging config.php settings from "wnd" to "smb" - #30244 @patrickjahns
• [x] Improved error messages in user:delete command - #30164 @patrickjahns
• [ ] ~Allow avatars to be visible publicly for public calendar~ - #30228 @patrickjahns
  ❌ - decision was to revert this: https://github.com/owncloud/core/pull/30961
• [x] Validate email address in mail settings section - #30315 @patrickjahns
• [x] Only decrypt users who have already logged in with decrypt-all occ command - #30640 @patrickjahns
• Replace usage of "create_function" in PHP - #30714 NOT QA relevat
• [x] Provisioning API can now properly set default or zero quota - #30755 @patrickjahns
• [x] User quota setting can be queried through provisioning API - #30850 @patrickjahns

Library updates

• Bump PHP to 5.6.33 in composer - #30403
• Bump phpseclib/phpseclib from 2.0.3 to 2.0.10 - #30052 #30537
• Bump phpunit and symfony/translation to match master - #30410
• Bump guzzlehttp/guzzle from 5.3.1 to 5.3.2 - #30217
• Bump lukasreschke/id3parser from 0.0.1 to 0.0.3 - #30085
• Bump symfony to 3.4.5 - #30689
• Bump symfony/translation from 3.2.4 to 3.3.16 - #30380
• Bump latest symfony and sabre/vobject point versions - #30266
• Bump karma from 1.5.0 to 2.0.0 in /build - #30050
• Bump punic/punic from 1.6.5 to 3.1.0 - #30550
• Bump symfony to 3.4.6 and Sabre vobject to 4.1.5 - #30768
• Bump sabre/http from 4.2.3 to v4.2.4 - #30599
• Bump jakub-onderka/php-parallel-lint from 0.9.2 to 1.0.0 - #30626
• Bump behat/mink-extension from 2.3.0 to 2.3.1 - #30706
• Bump league/flysystem from 1.0.42 to 1.0.43 - #30704
• Update composer in stable10 with versions as at 2018-02-07 - #30390

Fixes

• [x] Fix wording if you are not a member of any groups - #30558 @patrickjahns

• [x] Fix for error when querying non present log_secret - #30470 @patrickjahns

• Free resources in preview providers - #30533

  • not testable by QA @patrickjahns
• [x] Make theming work when theme app is outside the ownCloud root - #30477 @PVince81 - https://github.com/owncloud/core/issues/31170 => works in RC3
• [x] Don't try decrypting federated shares in decrypt-all command - #30155 @sharidas link => https://github.com/owncloud/core/pull/30155#issuecomment-381864805
• [x] Keep null in getMetaData in Checksum storage wrapper, fixes some files:scan scenarios - #30302
  
  
  
  • @IljaN
  
  
• [ ] Fix failure of shares which are already moved with transfer ownership - #30161 @PVince81 => :no_entry_sign: link share of recipient on sub-entry is lost after transfer, raised https://github.com/owncloud/core/issues/31150 => deferred to 10.0.9
• [x] Return 403 instead of 503 to resume syncing of desktop client - #30353
  
  
  
  • help from desktop team for testing - https://github.com/owncloud/core/issues/29794 (by @patrickjahns ) - @SamuAlfageme -> https://github.com/owncloud/core/issues/29794#issuecomment-381880701
  
  
• [x] Fix validation for new encryption storage key location - #30357
  
  
  
  • will summon @pako81 https://github.com/owncloud/core/issues/27660
  
  
• [x] Prevent share icon from shrinking with long texts - #30352 @PVince81 - only partially fixed, see https://github.com/owncloud/core/issues/29821#issuecomment-381900562 confirmed fixed in 10.0.8RC2
• [x] Fixed regression where a user could not set own email address in the settings page - #30319 @PVince81 https://github.com/owncloud/core/issues/31098#issuecomment-381638609
• [x] Check trashbin permissions before moving to trash, fixes deletion as guest user - #30240
  
  
  
  • tested via guests app / trashbin icon still visible for guests
  
  
• [x] Handle no read access to skeleton - #30241 @patrickjahns
• [x] Fix file name escaping in error messages in web UI related to file operations - #30193 @patrickjahns
  
  
  
  • covered by 🤖 (automated tests)
  
  
• [x] Show new basename and extension while waiting for rename operation to finish in web UI - #30040 @patrickjahns
• [x] Fix deletion of group with special characters in web UI - #30111 @patrickjahns
• [x] Fix missing preview in file upload conflict window - #30125 @patrickjahns
• [x] Convert null to empty string for Oracle in file cache accessor - #30224 @patrickjahns
• [x] Filter sender display name in mail notification handler - #31056 @patrickjahns
• [x] Filter file name when sending internal mail - #31046 @patrickjahns
• [x] Email autocomplete in link share dialog will not return local/federated users any more, only contacts - #30998 @PVince81 - tested with https://github.com/owncloud/core/pull/30998#issuecomment-381742256
• [x] Fix settings page where elements are inline when they shouldn't - #30988 @PVince81 - visual test on settings page with multiple resolutions
• [ ] Do not log errors when uploading forbidden file format - [#30991]
  (https://github.com/owncloud/core/issues/30991)
  
  
  
  • @patrickjahns : ❌ partially working - but is it the expected behavior?
  
  
• [x] Fix upload issue by replacing emittingCall with separate before and after events - #30986 @SergioBertolinSG
• [x] Fix Symfony event emittingCall by adding return - #31045 @SergioBertolinSG
• [x] Remove unsupported "enable for groups" field for theme apps - #30948 @patrickjahns
• [x] Added OneNote 2016 user agent string to make it work with Webdav - #30965
  
  
  
  • @patrickjahns: pinged @mmattel
  
  
• [x] Fix repair command and added more files:scan unit tests - #30618 #30959 @PVince81 - repair command runs with "all" or specific user (note: the only broken part was because of the fix "Continue in case of rare error" which introduced a bug which was fixed by #30618 and #30959)
• [x] Mask "marketplace.key" in config list as it is sensitive - #30917 @patrickjahns
• [x] Set empty authtoken names to 'none' as empty is not allowed any more - #30908 @PVince81 https://github.com/owncloud/core/issues/31098#issuecomment-381641479
• [x] Treat any unknown app version as 0.0.1 - [#30890] (https://github.com/owncloud/core/issues/30890) @PVince81 - works, tested with steps from the PR
• [x] Ignore multiple slashes in http path - #30854 - @PVince81 tested in browser
• [x] Use storage specific move operation for object store - #30817 @IljaN
• [x] Fix webUI display of group containing numeric username - #30811 - @PVince81 :robot: spotted
• [ ] Fix calendar changes limit - #30816
• [x] Properly use error exit code for unsupported PHP version - #30780 @patrickjahns
• [x] Unbrand Personal security sessions message - #30754 @patrickjahns
• [x] Propagate move exception messages to the frontend - #30791 @PVince81 - works. Throw exception in View::rename() and its message is displayed
• Fix chunk size comparison for big values on 32-bit systems - #30772
  
  
  
  • @patrickjahns : not further tested as we do officially do not support 32 bit systems
  
  
• [x] Make error origin more distinguishable in some filesystem code paths - #30682 @PVince81 => not testable as not reproducible
• [x] Don't send emails when importing calendar/events - #30666 @DeepDiver1975 - works as before
• [Fix file mtime issue on 32-bit systems - #30546
  
  
  
  • @patrickjahns : not further tested as we do officially do not support 32 bit systems
  
  
• [x] Continue in case of rare error in files:scan repair command - #30494 @PVince81 - :car: not testable because not reproducible
• [x] Modals dialogs can now scroll, improves link share dialog UX - #30424 @PVince81 - public link share dialog scrollable when vertical space is narrow
• [x] Adjust link share wording and fix translations - #31036
  
  
  
  • @patrickjahns + 🤖
  
  
• [ ] Guide users to also check spelling for typos in federated share id - #30355 => :no_entry: missing code path https://github.com/owncloud/core/pull/30159#issuecomment-381729259 (would consider "known issue" as it's minor)
• [x] Fixed issue with number of hidden files not updating on renaming a file - #30359 @PVince81 - rename "test" to ".test" updates file count when hide mode is enabled in web UI
• [x] Fix deleted items auto expiration for users with no quota - #30163
  
  
  
  • [x] fix alone @PVince81 - confirmed broken in 10.0.5 and fixed in 10.0.8 RC2
  
  
  • [x] regression test retention / trashbin expiration
  
  
• [ ] Fix caldav and carddav syncing when dealing with lots of data - #30252
• [x] Don't restrain width of icon-logo - #30282 @PVince81 - visual test with example theme as per https://github.com/owncloud/core/pull/30282#issue-165229530 (confirmed broken on 10.0.5 and fixed in 10.0.8 RC1)
• [x] Proper error message when trying to add user to a group they are already member of in web UI - #30194 @patrickjahns
• [x] Fix app author parsing in apps page - #30043 @patrickjahns
  
  
  
  • tested with polls and qwnotes app 10.0.7 vs 10.0.8
  
  
• [x] Fix files endpoint bug when downloading vCard - #30149 @PVince81, confirmed broken in 10.0.7 and fixed in 10.0.8 RC2 using steps from https://github.com/owncloud/core/issues/30078
• [x] Use LargeFileHelper to calculate log file size - fixes #30227 - #30234 @PVince81 - log file size still looks ok. Not testing on 32-bit system.

Removed

• [x] Removed private oc_current_user Javascript variable - #30486 #30556
  @PVince81 - evaluate "oc_current_user" in 10.0.5 and 10.0.8 RC1

• [x] Remove app store config values from config.sample.php - #30422 @patrickjahns

• [x] Remove documentation of the theme option in config.sample.php - #30350 @patrickjahns
• [x] Remove unused config.sample.php parameters - #30933 #30812 @patrickjahns
• [x] Remove "Unlimited" word from quota report in personal page - #31041 @patrickjahns

To test checksum repair command, upload a file and then manually modify checksum column in oc_filecache to something else.

More notes here: https://github.com/owncloud/documentation/issues/4014

⚠️ Critical / Auth / Security related ⚠️

Fixxed

• [x] Refactored metadata sync code to unify behavior across all login methods - #30638
  
  
  
  • [x] Properly create a session for a pure token based request, fixed oauth2 issues - #30542
  
  
• [x] Catch session unavailable exception - #30347 #30623
• [x] Fixing logout for app password scenario - #30591 [] @IljaN [ ] @patrickjahns
  
  
  
  • [x] Test with app-password login via client with ldap [] @IljaN [ ] @patrickjahns
  
  
• [x] Proper HTTP status code on login exception - #30639 @patrickjahns + 🤖 (api tests cover this scenario as well )
• [x] Fix some CSRF issues on Webdav endpoint by only checking for POST method - #30358 @IljaN
• [x] Adding a system configuration for global CORS domains - #30906
  
  
  
  • @IljaN
  
  
• [x] Better label for CORS in settings section - #30663
  
  
  
  • @IljaN
  
  
• [x] Allow regular users to change their CORS domains - #30649
  
  
  
  • @IljaN
  
  
• [x] Remove implicit login in base.php to remove bogus "Login failed" logs - #30814
  
  
  
  • @patrickjahns / @SamuAlfageme -> confirmed it is fixed in 10.0.8
  
  
• [x] Initialize root folder service later to fix user backend registration order issue - #30810
  
  
  
  • @voroyam has tested it with the initial issue that caused the error and confirmed it is now fixed
  
  
• [x] Check apache auth on login form - #31074
  @patrickjahns - checked and tested with upcoming user_ldap app
• [x] Check basic auth credentials periodically after a timeout instead of … - #31076 @patrickjahns
• [x] Polish totp middleware a little - #30849 @phil-davis
• [x] Fix CORS OPTIONS request for unauthenticated requests - #30912
  
  
  
  • @IljaN
  
  
• [x] Validate system path data used in findBinaryPath - #30061 @settermjd unit tests are enough
• [x] Properly filter link share email parameters - #30165
  
  
  
  • [x] @patrickjahns confirmed fixed on RC1
  
  

Removed private oc_current_user Javascript variable - #30486 #30556

We had a regression in calendar which was resolved already https://github.com/owncloud/calendar/pull/884

@DeepDiver1975 @PVince81
Can we put this in "developer" release notes - so third party developers will know about this change ?

@patrickjahns Tested:

Fix validation for new encryption storage key location - #30357

Works perfectly. Please go ahead and tick the checkbox

Added repair step to fix orphaned reshares

Currently untested with oracle... any chance to test it with it? I haven't found easy support to test it with oracle.
I'm marking as passed as it works fine for mysql and postgresql, although the performance looks scary for large datasets on first sight. I'm not sure how fast it will behave or if we can do something about it.

@jvillafanez
docker run -p 1521:1521 deepdiver/docker-oracle-xe-11g - then you have oracle.

If you need a container with oracle php modules - you can use https://hub.docker.com/r/owncloudci/php/tags

Note:

with the oracle container above - database username is autotest - database password is owncloud and database is XE - ref: https://github.com/owncloud/core/blob/master/tests/drone/install-server.sh

Can we put this in "developer" release notes - so third party developers will know about this change ?

This was never supposed to be public API but people still used this.

We can add a note in the regular release notes as we don't have developer release notes.

Tested "Fixed regression where a user could not set own email address in the settings page - #30319"

• [x] TEST: email can be saved when opening confirmation link while being logged in
• [x] TEST: email can be saved when opening confirmation link while being logged out then logging in
• [x] TEST: correct error when opening confirmation link as the wrong user

Tested "Set empty authtoken names to 'none' as empty is not allowed any more - #30908"

• [x] TEST: Setup OC 10.0.4, created two app tokens, one with no name and one with a name, upgrade to 10.0.8RC1 => both tokens still work => DB contains "(none)" for the formerly unnamed token

Ticked "Added config.php option to select apps to ignore missing signature file (mostly for themes)" as Confirmed by @thommierother https://github.com/owncloud/core/pull/30891#issuecomment-381077539

Tested "Guide users to also check spelling for typos in federated share id - #30355" => with failure: no_entry missing code path #30159 (comment) (would consider "known issue" as it's minor)

Tested "Added user:modify command to core - #30652" => works changing display name and email

Tested "Fix failure of shares which are already moved with transfer ownership - #30161", not working 100% as expected, raised bug https://github.com/owncloud/core/issues/31150

Added:
Configurable minimum characters before autocomplete user searches https://github.com/owncloud/core/pull/30798

Found bug "Public link share name length check is inaccurate": https://github.com/owncloud/core/issues/31157

Tested: Better label for CORS in settings section - #30663 -> OK!

Tested: Allow regular users to change their CORS domains - #30649 -> OK!

Tested by setting custom Origin header in curl for ocs requests. If origin matched the whitelisted origin, correct CORS headers are present. CORS-Whitelists are isolated between different users.

Tested: Adding a system configuration for global CORS domains - #30906 -> OK!

Tested: Fix CORS OPTIONS request for unauthenticated requests - #30912 -> OK!

OPTIONS with "Access-Control-Request-Method" header returns 200 on un-authenticated ocs-api request.

Failed Test "Make theming work when theme app is outside the ownCloud root - #30477" and failed, raised https://github.com/owncloud/core/issues/31170

Added "regression test retention / trashbin expiration" checkbox as the fix of the matching item moves more code around and does more than just fixing the issue.

Tested: Keep null in getMetaData in Checksum storage wrapper, fixes some files:scan scenarios #30302 -> OK!

Filescan does not crash on unreadable local and ext-storage files.

Tested: Fixing logout for app password scenario - #30591 -> OK!

No login failed messages in log when logging in with app password.

@voroyam Can you please test app-password login in combination with ldap? No "Login-Failed" Messages should appear in the log.

Added "test app-pasword login with ldap"

Missing items and items to add since RC1:

10.0.8 RC2 items

Added

• [x] Added option for user:sync to reenable formerly disabled users - #31124 @jvillafanez - reenable works
• [x] Ability to log extra JSON fields - #31121 @PVince81 - tested with custom app

• [x] Trigger event when logging - #31121 @PVince81 - tested with custom app

• [x] Added Symfony events for configuration changes (config.php and appconfig) - #30788 #30937 #31107 @SergioBertolinSG

• [x] Added Symfony events for updating share attributes (expiration, password, name) - #31120 @SergioBertolinSG
• [x] Added Symfony events for feature change in group admin - #31132 @SergioBertolinSG

Changed

• [x] Set minimum php version to 5.6 in composer.json - #31100 @PVince81 => dev only, no libs were updated, nothing to test

Fixes

• [x] Properly align three button dialogs - #31147 @PVince81 - works
• [x] Many documentation improvements in config.sample.php - #31114 #31127 #31128 #31068 => docs only
• [x] Fix some documentation paths in config.sample.php - #30431 => docs only
• [x] Fix App Framework ApiContoller initialization to fix thumbnail access - #31104 - @SergioBertolinSG https://github.com/owncloud/core/issues/29914#issuecomment-382036231 => fixed in RC3
• [x] Properly trigger file-related Symfony events when chunking - #31087 @PVince81 - works

Tested: Fix some CSRF issues on Webdav endpoint by only checking for POST method - #30358 -> OK!

PROPFIND via Postman works without CSRF-Token

Testing "Do not log errors when uploading forbidden file format"

❌

Tested with files_antivirus master:

• No more error message is in the logs - but the server replies with a 500
  

Behavior with old antivirus-app:
10.0.8RC3 + files_antivirus from marketplace

10.0.7 + files_antivirus from marketplace

Tested "Make syslog output configurable, introduce new default that includes the request id ", works

Testing: Added config switch to enable fallback to http scheme when creating fed shares

Receiving side just sees this error message when going via http

Failed: Files app UI now retries chunk uploads in web UI on stalled uploads, will be reverted: https://github.com/owncloud/core/pull/31185

Retested "Make theming work when theme app is outside the ownCloud root - #30477", works in RC3

Notifications items to test

From https://github.com/owncloud/notifications/pull/180

• [ ] Allow CORS requests to list notifications - #176 => @DeepDiver1975 ignore, only relevant for Phoenix
• [x] Add support for email notifications - #156 #162 #175 #171 @PVince81 - tested with federated share notification
• [x] Add occ command arguments for link and link text - #172 @PVince81 works
• [x] Fix occ command for group notification - #146 @PVince81 works

Tested "Properly trigger file-related Symfony events when chunking" with old chunking, new chunking and no chunking: events are triggered

Tested "Use storage specific move operation for object store - #30817" => OK!

Retested Fix App Framework ApiContoller initialization to fix thumbnail access - #31104 - @SergioBertolinSG #29914 (comment) Not working in RC2, Works in RC3.

Tested "regression test retention / trashbin expiration" - works fine (at least no regression). Need however to clarify what is the expected behavior about the min retention period. Will open a separate issue for that.

Failed: "Added config switch to enable fallback to http scheme when creating fed shares - #30646", tested by @DeepDiver1975. It seems the code is not triggered / the fix is in the wrong location.

@DeepDiver1975 will fix it. Ticket: https://github.com/owncloud/core/issues/31194

Tested: Catch session unavailable exception - #30347 #30623 -> OK!

Additional codereview because hard to reproduce, automated tests should be enough

❗️ Confusing behaviour with single user syncing if the user doesn't exists (Ticket opened in https://github.com/owncloud/core/issues/31207 for 10.0.9)

root@3b450a98bad4:/opt/owncloud# sudo -u www-data ./occ user:sync -u miimi "OC\User\Database"
If unknown users are found, what do you want to do with their accounts? (removing the account will also remove its data)
  [0] disable
  [1] remove
  [2] ask later
 > 2
Syncing miimi ...
These accounts that are no longer available in the backend:
miimi, ,  (no longer exists in the backend)
What do you want to do with their accounts? (removing the account will also remove its data)
  [0] disable
  [1] remove
 > 0
Disabling accounts
miimi, ,  (no longer exists in the backend)

From a behavioural point of view, this doesn't look good. Asking first what to do was thought in order to sync a large number of users so you can set the appropiate action before start the syncing. With just one user this seems a bit pointless.
What really bothers me is that we should know at some point that the account doesn't exists. Asking what to do with a missing account is pointless, and then disabling or removing a missing account is misleading.

I'm not sure if there is an easy enough fix for this to include it in 10.0.8. Otherwise we'll likely have to delay the solution for 10.0.9.

10.0.8 RC4 items to test

• [x] Federation fallback to http config switch: https://github.com/owncloud/core/issues/31196 @patrickjahns to test
• [x] Expiration date missing in link share email: https://github.com/owncloud/core/issues/31201 @PVince81 - to test :no_entry_sign: the date is here but it's always the one from today, not the actual expiration date, fix here https://github.com/owncloud/core/pull/31212 => fixed and works in final
• [x] Prevent background scan to scan homes of users who never logged in - #31189 @PVince81 - works, no more message (I made sure to have loglevel 0)

-> tested "Prevent background scan to scan homes of users who never logged in"
tested during other test -> message not appearing

Tested "Federation fallback to http config switch" -> works as expected

RC testing is done, thanks a lot everybody for the big effort!

final smoke test here: https://github.com/owncloud/core/issues/31096#issuecomment-382798088

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.