Bug 249324 - www/mattermost-webapp www/mattermost-server: Update to 5.27.0
Summary: www/mattermost-webapp www/mattermost-server: Update to 5.27.0
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Li-Wen Hsu
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-09-14 18:13 UTC by Greg Fitzgerald
Modified: 2020-10-24 08:23 UTC (History)
3 users (show)

See Also:
loic.blot: maintainer-feedback+
koobs: merge-quarterly?


Attachments
mattermost-5.27.0 (10.68 KB, patch)
2020-09-14 18:13 UTC, Greg Fitzgerald
no flags Details | Diff
New 5.28.0 version (19.19 KB, patch)
2020-10-16 08:11 UTC, Raúl
no flags Details | Diff
portmaster build (8.76 KB, application/octet-stream)
2020-10-16 08:13 UTC, Raúl
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Greg Fitzgerald 2020-09-14 18:13:51 UTC
Created attachment 217962 [details]
mattermost-5.27.0

Release v5.27 - Quality Release

Release day: 2020-09-16

Mattermost v5.27.0 contains a low level security fix. Upgrading is recommended. Details will be posted on our security updates page 30 days after release as per the Mattermost Responsible Disclosure Policy.
Improvements

    Added the ability to upgrade Mattermost from Team Edition to Enterprise Edition directly from the System Console.
    Added various improvements for Admin Advisor feature (Team Edition), including that the bot messages now appear only once for the 500-user advisory and the banner notification interval is reduced from daily to weekly.
    Changed the Default Theme setting in the System Console to a drop-down field.

Bug Fixes

    Fixed an issue where the server crashed when a Compliance Export job was run for Global Relay EML.
    Fixed an issue where Compliance Jobs did not restart correctly after a Warning status.
    Fixed an issue where users were not matching on mixed-case SAML assertions.
    Fixed an issue where Channel Admin was not able to make the default role as Channel Admin for AD/LDAP Groups.
    Fixed an issue where user role was not added correctly in the Members block in System Console > Teams.
    Fixed an issue where a team stopped loading in the System Console Filter By-dropdown when a search was performed and then cleared.
    Fixed an issue where the ability to demote Admins to members and to deactivate accounts from System Console > Users was not available.
    Fixed an issue where a false message “Group Mentions is already taken” was shown when a System Admin tried to add a channel to an AD/LDAP Group.
    Fixed an issue where a AD/LDAP group mention of an outsider group was highlighted in a Group Synced channel.
    Fixed an issue where incoming webhooks owned by a bot did not consistently allow a username override.
    Fixed an issue where the emoji picker in the Edit Post modal was misaligned.
    Fixed an issue where pasted unicode emojis failed to appear once posted.
    Fixed an issue where long text in message edit modal did not scroll with a scroll bar.
    Fixed an issue with Accessibility where user’s name was not displayed in alt text on some images.
    Fixed an issue where dates on System Console > Site Statistics - Dates were displayed out of order on days when there were no posts.
    Fixed an issue where the Admin Advisor bot was unexpectedly displayed in the Integrations > Bot Accounts page.
    Fixed an issue where a new badge in the channel sidebar category header reappeard after a channel was removed from the category.
    Fixed an issue where the theme color for Sidebar Text Active Border was not currently being used in the active border in the sidebar.
    Fixed an issue where users saw an incorrect mention count when added to a channel by another user.
    Fixed an issue where channels created from another browser tab did not immediately appear in the channel sidebar.
    Fixed an issue where a console error showed when creating a new custom category in the channel sidebar.
    Fixed an issue where enabling the new channel sidebar created invalid channel links.
    Fixed an issue where a channel state got broken after an “unallowed” deletion.
    Fixed an issue where dynamic slash command autocomplete options did not update between requests.
    Fixed an issue where an incorrect callback URL with OAuth 2.0 allowed users to click Back to Mattermost in the authentication window.
    Fixed an issue where editing “Full Name” got overwritten by Single Sign-On settings.
    Fixed an issue where “You do not have the appropriate permissions” error was shown for warn_metrics call for non-admin users.
    Fixed an issue where the channel switcher sometimes showed a wrong empty state with network API.
    Fixed an issue where the loader was not hidden when posts were not loading which affected the performance of some Linux distros.
    Fixed an issue where PatchConfig caused a panic if SiteURL was not set.
    Fixed an issue where a panic occurred when the server was getting a shutdown before InitPlugins() was able to complete.
    Fixed an issue where a panic was caused when a user joined a team with default channels archived.
    Fixed an issue where App.GetSidebarCategories() panicked on nil returned value.
    Fixed an issue where the SendEmailNotifications setting blocked testing the SMTP connection.

Open Source Components

    Removed @types/redux-mock-store and tinycolor2 from https://github.com/mattermost/mattermost-webapp.
    Added bootstrap-colorpicker in https://github.com/mattermost/mattermost-webapp.
    Added @react-native-community/clipboard in https://github.com/mattermost/mattermost-mobile.

API Changes

    Added POST api/v4/upgrade_to_enterprise API endpoint to be able to execute an inplace upgrade from Team Edition to Enterprise Edition.
    Added GET api/v4/upgrade_to_enterprise/status API endpoint to get the current status for the inplace upgrade from Team Edition to Enterprise Edition.
    Added POST api/v4/restart API endpoint to restart the system after an upgrade from Team Edition to Enterprise Edition.

Known Issues

    Twitter link previews do not work in Mattermost.
    On a server using a subpath, the URL opens a blank page if the System Admin changes the Site URL in the System Console. To fix this, the System Admin should restart the server.
    Login does not work when Custom Terms of Service is enabled and MFA is enforced.
    Google login fails on the Classic mobile apps.
    Status may sometimes get stuck as Away or Offline in High Availability mode with IP Hash turned off.
    Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
    Searching with Elasticsearch enabled may not always highlight the searched terms.
    Team sidebar on desktop app does not update when channels have been read on mobile.
    Slack import through the CLI fails if email notifications are enabled.
    Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.
Comment 1 loic.blot 2020-09-19 06:34:33 UTC
okay for me, let's go
Comment 2 Raúl 2020-10-16 08:11:20 UTC
Created attachment 218788 [details]
New 5.28.0 version

Release v5.28 - Feature Release

Release day: 2020-10-16
Compatibility

    PostgreSQL ended long-term support for version 9.4 in February 2020. Mattermost is officially supporting PostgreSQL version 10 with v5.26 release as PostgreSQL 9.4 is no longer supported. New installs will require PostgreSQL 10+. Previous Mattermost versions, including our current ESR, will continue to be compatible with PostgreSQL 9.4. We plan on fully deprecating PostgreSQL 9.4 In our v5.30 release (December 16, 2020). Please follow the instructions under the Upgrading Section within the PostgreSQL documentation.
    Support for Mattermost Server Extended Support Release (ESR) 5.19 has come to the end of its lifecycle. Upgrading to Mattermost Server v5.25 or later is required.
    TLS versions 1.0 and 1.1 have been deprecated by browser vendors. Starting in v5.31 (January 16, 2021) mmctl will return an error when connected to Mattermost servers deployed with these TLS versions and System Admins will need to explicitly add a flag in their commands to continue to use them. We recommend upgrading to TLS version 1.2 or higher.

Breaking Changes

    Now when the service crashes, it will generate a coredump instead of just dumping the stack trace to the console. This allows us to preserve the full information of the crash to help with debugging it. For more information about coredumps, please see: https://man7.org/linux/man-pages/man5/core.5.html.

IMPORTANT: If you upgrade from a release earlier than v5.27, please read the other Important Upgrade Notes.
Highlights
New admin roles to delegate administration tasks to other types of administrators (E20)

    New admin roles are additional system roles that have access to designated areas of the System Console. This enables you to delegate certain administrative tasks to other members of your organization.

Certificate-based authentication with AD/LDAP (E10)

    You can now improve the security of your AD/LDAP authentication with certificate-based AD/LDAP authentication.

Stay current with in-product notices

    With in-product notices, users and Admins will be made aware of the newest product enhancements from within Mattermost. Learn more about in-product notices here.

Improvements
User Interface (UI)

    Improved the readability of the toast banner message timestamp, post timestamp, and date separators.
    Added animation for emoji reactions on webapp.
    Added the ability to use Ctrl + B and Ctrl + I to add bold and italics markdown formatting to selected text.
    Clicking on original message creator’s username in discontinuing posts now opens the user’s profile popover.
    Added support for PSD file preview.
    When the Enable Latex Rendering option is set to true, the current code now doesn’t highlight.
    Updated the UX of the More unreads indicator in the channel sidebar.
    Select Team list container now scales in width based on browser window width.
    Added support for signaling login to other tabs (Windows, macOS and Linux browsers).

Search

    Added wildcard support to Bleve.
    Search terms including stopwords now return matching stopwords instead of an empty result.
    Removed duplication in is_or_search and IncludeDeletedChannels parameters for search.
    * characters are now filtered from the search terms in the database.
    Fixed inconsistencies across product when using in:@` / `in:, such as displaying Direct and Group Messages in in:@ search suggestions.

Notifications

    Added an option in the Account Settings to select different desktop notification sounds.

Command Line Interface (CLI)

    Added config migrate, config subpath, user delete, integrity, user migrate_auth, moveChannel, updateChannelPrivacy, restoreTeam, channel delete, and plugin marketplace commands to mmctl.

Plugins

    Plugins now start concurrently on server startup.
    Plugin tooltips are now only rendered when user hovers over a link.
    Added a CreateCommand plugin API that creates a slash command that is not handled by the plugin itself.

Administration

    Added the ability to upload and remove private and public certicates for LDAP authentication.
    Added support for resumable file uploads.
    Added the ability to convert a public channel to private and vice versa via Advanced Permissions.
    Added filters to search teams in Teams page.
    Improved logging related to sessions that are not found.
    Created Grafana enterprise metrics for logging, such as for current queue level(s), rate of logging records emitted, and rate of logging errors.
    Improved logging when GetUser fails during MFA Authentication.
    Added support for sending telemetry via an environment variable set by packages to identify type of deployment (e.g. Docker, Mattermost Omnibus).

Bug Fixes

    Fixed an issue where a large number of archived channels caused performance degradation.
    Fixed an issue where group list-ldap mmctl command didn’t return any results.
    Fixed an issue where user were allowed to update their profile picture on ADFS setup with SAML and LDAP configured and AD/LDAP Sync enabled.
    Fixed an issue where patching the config with DataSourceReplicas caused a panic.
    Fixed an issue where API invites by email were silently rate-limited.
    Fixed an issue where deactivated users broke pagination in Manage Members modal.
    Fixed an issue where an error occurred while inviting more than 20 users to a team via Invite People.
    Fixed an issue where a PostUtils.formatText crashed when formatting text with unicode emoji.
    Fixed an issue where a white screen occurred when editing a post and sending the post from a preview mode.
    Fixed an issue on Microsoft Edge (non-Chromium) where logging out caused the user to get stuck at a loading screen.
    Fixed an issue where a selected item in the Direct Messages More menu didn’t scroll into view when using keyboard navigation.
    Fixed an issue where users received ghost notifications when the “First name trigger mention” setting was set but the “First Name” was not set.
    Fixed an issue where post text was partially hidden by the post hover menu.
    Fixed an issue where users were unable to type color hex value into custom theme color input box.
    Fixed an issue where the badge with a mention count on the team sidebar did not increment when user was added to a channel.
    Fixed an issue where Group Message results were prioritized over Direct Message results for Full Name in the user autocomplete.
    Fixed an issue where the New Message indicator was broken when a webhook owned by the user posted to a channel.
    Fixed an issue where the active search bar was not vertically aligned with left edge of the right-hand side in tablet view.
    Fixed an issue where there were two scrollbars showing in the channel switcher.
    Fixed an issue where the “Start trial” message was unreadable in the System Console on dark theme on first load.
    Fixed an issue on Firefox where pasting an image also added the file as text.
    Fixed an issue where Python syntax highlighting handled """ strangely.
    Fixed an issue where formatting around inline codes was missing.
    Fixed an issue where GetPluginStatus didn’t work in a non-cluster environment.

config.json

Multiple setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.
Changes to Team Edition and Enterprise Edition:

    Under LdapSettings in config.json:
        Added PublicCertificateFile, to be able to upload the public certificate to be used for encryption with SAML configuration.
        Added PrivateKeyFile, to be able to upload the private key to be used for encryption with SAML configuration.
    Under ServiceSettings in config.json:
        Added EnableAPIChannelDeletion, to permanently delete channels for compliance reasons.
        Added EnableAPIUserDeletion, to permanently delete users for compliance reasons.
    Under NotificationLogSettings and ExperimentalAuditSettings in config.json:
        Added AdvancedLoggingConfig, to enable configuration options for setting audit targets.
    Under AnnouncementSettings in config.json:
        Added AdminNoticesEnabled and UserNoticesEnabled, to enable in-product notices to make users and Admins aware of the newest product enhancements from within Mattermost.
    EnableCustomEmoji, EnableGifPicker, ExperimentalViewArchivedChannels and ExperimentalTimezone are now enabled by default for new installs.

Open Source Components

    Added react-is and tinycolor2 to https://github.com/mattermost/mattermost-webapp.
    Removed @types/highlight.js, @typescript-eslint/parser, bootstrap-colorpicker, and intl from https://github.com/mattermost/mattermost-webapp.
    Removed react-native-v8 from https://github.com/mattermost/mattermost-mobile.

Database Changes

    Added a new column Commands.PluginId.
    Changed to data type of Teams.Type to varchar(255).
    Changed to data type of Teams.SchemeId to varchar(26).
    Changed to data type of IncomingWebhooks.Username to varchar(255).
    Changes to data type of IncomingWebhooks.IconURL to text",.

API Changes

    Added POST /upgrade_to_enterprise API endpoint.
    Added GET /upgrade_to_enterprise/status API endpoint.
    Added POST /restart API endpoint.
    Added GET /warn_metrics/status API endpoint.
    Added POST /warn_metrics/ack/:warn_metric_id API endpoint.

Known Issues

    Emoji counter in the center channel doesn’t always update immediately when a reaction is added in the right-hand side.
    Pressing ENTER closes the Account Settings Edit modal when adjusting the settings for desktop notification sound.
    Admin Filter option is not disabled in AD/LDAP page for admin roles with sysconsole_write_authentication permission.
    Twitter link previews no longer work in Mattermost as Twitter has removed OpenGraph data from its pages.
    On a server using a subpath, the URL opens a blank page if the System Admin changes the Site URL in the System Console. To fix this, the System Admin should restart the server.
    Login does not work when Custom Terms of Service is enabled and MFA is enforced.
    Google login fails on the Classic mobile apps.
    Status may sometimes get stuck as Away or Offline in High Availability mode with IP Hash turned off.
    Searching stop words in quotes with Elasticsearch enabled returns more than just the searched terms.
    Searching with Elasticsearch enabled may not always highlight the searched terms.
    Team sidebar on desktop app does not update when channels have been read on mobile.
    Slack import through the CLI fails if email notifications are enabled.
    Push notifications don’t always clear on iOS when running Mattermost in High Availability mode.
Comment 3 Raúl 2020-10-16 08:13:21 UTC
Created attachment 218789 [details]
portmaster build
Comment 4 commit-hook freebsd_committer 2020-10-24 08:23:59 UTC
A commit references this bug:

Author: lwhsu
Date: Sat Oct 24 08:23:42 UTC 2020
New revision: 553164
URL: https://svnweb.freebsd.org/changeset/ports/553164

Log:
  www/mattermost-{webapp,server}: Update to 5.28.0

  PR:		249324
  Submitted by:	Ra?l <raul.munoz@custos.es>
  		Greg Fitzgerald <gregf@beastie.tech> (5.27.0)
  Approved by:	loic.blot@unix-experience.fr (maintainer)

Changes:
  head/www/mattermost-server/Makefile
  head/www/mattermost-server/distinfo
  head/www/mattermost-webapp/Makefile
  head/www/mattermost-webapp/distinfo
  head/www/mattermost-webapp/pkg-plist