From 1474d631a89c8ba078d3227a721f983fed62cd53 Mon Sep 17 00:00:00 2001 From: Amy Blais <29708087+amyblais@users.noreply.github.com> Date: Tue, 25 Jul 2023 17:52:03 -0400 Subject: [PATCH 1/4] Clarify release notes for AllowCorsFrom --- source/install/self-managed-changelog.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/install/self-managed-changelog.md b/source/install/self-managed-changelog.md index 46c81ef8a7d..680e548d88b 100644 --- a/source/install/self-managed-changelog.md +++ b/source/install/self-managed-changelog.md @@ -462,7 +462,7 @@ Mattermost v7.9.0 contains a low severity level security fix. [Upgrading](https: - Mattermost v7.8.7 contains no database or functional changes. - Updated prepackaged Boards to v7.8.7. - Fixed typo in the database migration scripts that broke idempotency. - - For servers wanting to allow websockets to connect from other origins, please set the ``ServiceSettings.AllowCorsFrom`` [config setting](https://docs.mattermost.com/configure/integrations-configuration-settings.html#enable-cross-origin-requests-from). + - For servers wanting to allow websockets to connect from origins other than the origin of the site URL, please set the ``ServiceSettings.AllowCorsFrom`` [config setting](https://docs.mattermost.com/configure/integrations-configuration-settings.html#enable-cross-origin-requests-from). Also ensure that the ``siteURL`` is set correctly. - **v7.8.6, released 2023-05-31** - Fixed an issue where the total user count was fetched for every client connection. It is only necessary to fetch this once. - Prepackaged version 1.3.0 of the Welcomebot plugin. From b542d8834db70d5315c77628bada8273fbdf1f24 Mon Sep 17 00:00:00 2001 From: Amy Blais <29708087+amyblais@users.noreply.github.com> Date: Tue, 25 Jul 2023 17:55:54 -0400 Subject: [PATCH 2/4] Update self-managed-changelog.md --- source/install/self-managed-changelog.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/source/install/self-managed-changelog.md b/source/install/self-managed-changelog.md index 680e548d88b..06ead8e7e19 100644 --- a/source/install/self-managed-changelog.md +++ b/source/install/self-managed-changelog.md @@ -43,7 +43,7 @@ Latest Mattermost Releases: - Removed deprecated ``PermissionUseSlashCommands``. - Removed deprecated ``model.CommandArgs.Session``. - Pass a ``context.Context`` to Client4 methods. - - For servers wanting to allow websockets to connect from other origins, please set the ``ServiceSettings.AllowCorsFrom`` [configuration setting](https://docs.mattermost.com/configure/integrations-configuration-settings.html#enable-cross-origin-requests-from). + - For servers wanting to allow websockets to connect from origins other than the origin of the site URL, please set the ``ServiceSettings.AllowCorsFrom`` [config setting](https://docs.mattermost.com/configure/integrations-configuration-settings.html#enable-cross-origin-requests-from). Also ensure that the ``siteURL`` is set correctly. - In v8.0, the following repositories are merged into one: ``mattermost-server``, ``mattermost-webapp`` and ``mmctl``. Developers should read the updated [Developer Guide](https://developers.mattermost.com/contribute/developer-setup/) for details. - Fixed an issue caused by a migration in the previous release. Query takes around 11ms on a PostgreSQL 14 DB t3.medium RDS instance. Locks on the preferences table will only be acquired if there are rows to delete, but the time taken is negligible. - Fixed an issue where a user would still see threads in the threads view of channels they have left. Migration execution time in PostgreSQL: Execution time: 58.11 sec, DELETE 2766690. Migration execution time in MySQL: Query OK, 2766769 rows affected (4 min 47.57 sec). @@ -229,7 +229,7 @@ Multiple setting options were added to ``config.json``. Below is a list of the a - Mattermost v7.10.3 contains low to medium severity level security fixes. [Upgrading](https://docs.mattermost.com/upgrade/upgrading-mattermost-server.html) to this release is recommended. Details will be posted on our [security updates page](https://mattermost.com/security-updates/) 30 days after release as per the [Mattermost Responsible Disclosure Policy](https://mattermost.com/security-vulnerability-report/). - Updated prepackaged Boards to v7.10.3. - Included prepackaged Welcomebot plugin v1.3.0. - - For servers wanting to allow websockets to connect from other origins, please set the ``ServiceSettings.AllowCorsFrom`` [config setting](https://docs.mattermost.com/configure/integrations-configuration-settings.html#enable-cross-origin-requests-from). + - For servers wanting to allow websockets to connect from origins other than the origin of the site URL, please set the ``ServiceSettings.AllowCorsFrom`` [config setting](https://docs.mattermost.com/configure/integrations-configuration-settings.html#enable-cross-origin-requests-from). Also ensure that the ``siteURL`` is set correctly. - **v7.10.2, released 2023-05-18** - Fixed an issue where v7.10 reported an incorrect mmctl version. - **v7.10.1, released 2023-05-16** @@ -330,7 +330,7 @@ Multiple setting options were added to ``config.json``. Below is a list of the a - **v7.9.5, released 2023-06-15** - Mattermost v7.9.5 contains low to medium severity level security fixes. [Upgrading](https://docs.mattermost.com/upgrade/upgrading-mattermost-server.html) to this release is recommended. Details will be posted on our [security updates page](https://mattermost.com/security-updates/) 30 days after release as per the [Mattermost Responsible Disclosure Policy](https://mattermost.com/security-vulnerability-report/). - Updated prepackaged Boards to v7.9.6. - - For servers wanting to allow websockets to connect from other origins, please set the ``ServiceSettings.AllowCorsFrom`` [config setting](https://docs.mattermost.com/configure/integrations-configuration-settings.html#enable-cross-origin-requests-from). + - For servers wanting to allow websockets to connect from origins other than the origin of the site URL, please set the ``ServiceSettings.AllowCorsFrom`` [config setting](https://docs.mattermost.com/configure/integrations-configuration-settings.html#enable-cross-origin-requests-from). Also ensure that the ``siteURL`` is set correctly. - **v7.9.4, released 2023-05-16** - Mattermost v7.9.4 contains medium severity level security fixes. [Upgrading](https://docs.mattermost.com/upgrade/upgrading-mattermost-server.html) to this release is recommended. Details will be posted on our [security updates page](https://mattermost.com/security-updates/) 30 days after release as per the [Mattermost Responsible Disclosure Policy](https://mattermost.com/security-vulnerability-report/). - Fixed an issue where a user would still see threads in the threads view of channels they have left. Migration execution time in MySQL: Query OK, 2766769 rows affected (4 min 47.57 sec). Migration execution time in PostgreSQL: 58.11 sec, DELETE 2766690. From ea44d2a596809f8fb15829ef13f104e192a8ac1e Mon Sep 17 00:00:00 2001 From: Amy Blais <29708087+amyblais@users.noreply.github.com> Date: Tue, 25 Jul 2023 17:57:39 -0400 Subject: [PATCH 3/4] Update self-managed-changelog.md --- source/install/self-managed-changelog.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/source/install/self-managed-changelog.md b/source/install/self-managed-changelog.md index 06ead8e7e19..ba919206204 100644 --- a/source/install/self-managed-changelog.md +++ b/source/install/self-managed-changelog.md @@ -43,7 +43,7 @@ Latest Mattermost Releases: - Removed deprecated ``PermissionUseSlashCommands``. - Removed deprecated ``model.CommandArgs.Session``. - Pass a ``context.Context`` to Client4 methods. - - For servers wanting to allow websockets to connect from origins other than the origin of the site URL, please set the ``ServiceSettings.AllowCorsFrom`` [config setting](https://docs.mattermost.com/configure/integrations-configuration-settings.html#enable-cross-origin-requests-from). Also ensure that the ``siteURL`` is set correctly. + - For servers wanting to allow websockets to connect from origins other than the origin of the site URL, please set the ``ServiceSettings.AllowCorsFrom`` [configuration setting](https://docs.mattermost.com/configure/integrations-configuration-settings.html#enable-cross-origin-requests-from). Also ensure that the ``siteURL`` is set correctly. - In v8.0, the following repositories are merged into one: ``mattermost-server``, ``mattermost-webapp`` and ``mmctl``. Developers should read the updated [Developer Guide](https://developers.mattermost.com/contribute/developer-setup/) for details. - Fixed an issue caused by a migration in the previous release. Query takes around 11ms on a PostgreSQL 14 DB t3.medium RDS instance. Locks on the preferences table will only be acquired if there are rows to delete, but the time taken is negligible. - Fixed an issue where a user would still see threads in the threads view of channels they have left. Migration execution time in PostgreSQL: Execution time: 58.11 sec, DELETE 2766690. Migration execution time in MySQL: Query OK, 2766769 rows affected (4 min 47.57 sec). @@ -229,7 +229,7 @@ Multiple setting options were added to ``config.json``. Below is a list of the a - Mattermost v7.10.3 contains low to medium severity level security fixes. [Upgrading](https://docs.mattermost.com/upgrade/upgrading-mattermost-server.html) to this release is recommended. Details will be posted on our [security updates page](https://mattermost.com/security-updates/) 30 days after release as per the [Mattermost Responsible Disclosure Policy](https://mattermost.com/security-vulnerability-report/). - Updated prepackaged Boards to v7.10.3. - Included prepackaged Welcomebot plugin v1.3.0. - - For servers wanting to allow websockets to connect from origins other than the origin of the site URL, please set the ``ServiceSettings.AllowCorsFrom`` [config setting](https://docs.mattermost.com/configure/integrations-configuration-settings.html#enable-cross-origin-requests-from). Also ensure that the ``siteURL`` is set correctly. + - For servers wanting to allow websockets to connect from origins other than the origin of the site URL, please set the ``ServiceSettings.AllowCorsFrom`` [configuration setting](https://docs.mattermost.com/configure/integrations-configuration-settings.html#enable-cross-origin-requests-from). Also ensure that the ``siteURL`` is set correctly. - **v7.10.2, released 2023-05-18** - Fixed an issue where v7.10 reported an incorrect mmctl version. - **v7.10.1, released 2023-05-16** @@ -330,7 +330,7 @@ Multiple setting options were added to ``config.json``. Below is a list of the a - **v7.9.5, released 2023-06-15** - Mattermost v7.9.5 contains low to medium severity level security fixes. [Upgrading](https://docs.mattermost.com/upgrade/upgrading-mattermost-server.html) to this release is recommended. Details will be posted on our [security updates page](https://mattermost.com/security-updates/) 30 days after release as per the [Mattermost Responsible Disclosure Policy](https://mattermost.com/security-vulnerability-report/). - Updated prepackaged Boards to v7.9.6. - - For servers wanting to allow websockets to connect from origins other than the origin of the site URL, please set the ``ServiceSettings.AllowCorsFrom`` [config setting](https://docs.mattermost.com/configure/integrations-configuration-settings.html#enable-cross-origin-requests-from). Also ensure that the ``siteURL`` is set correctly. + - For servers wanting to allow websockets to connect from origins other than the origin of the site URL, please set the ``ServiceSettings.AllowCorsFrom`` [configuration setting](https://docs.mattermost.com/configure/integrations-configuration-settings.html#enable-cross-origin-requests-from). Also ensure that the ``siteURL`` is set correctly. - **v7.9.4, released 2023-05-16** - Mattermost v7.9.4 contains medium severity level security fixes. [Upgrading](https://docs.mattermost.com/upgrade/upgrading-mattermost-server.html) to this release is recommended. Details will be posted on our [security updates page](https://mattermost.com/security-updates/) 30 days after release as per the [Mattermost Responsible Disclosure Policy](https://mattermost.com/security-vulnerability-report/). - Fixed an issue where a user would still see threads in the threads view of channels they have left. Migration execution time in MySQL: Query OK, 2766769 rows affected (4 min 47.57 sec). Migration execution time in PostgreSQL: 58.11 sec, DELETE 2766690. @@ -462,7 +462,7 @@ Mattermost v7.9.0 contains a low severity level security fix. [Upgrading](https: - Mattermost v7.8.7 contains no database or functional changes. - Updated prepackaged Boards to v7.8.7. - Fixed typo in the database migration scripts that broke idempotency. - - For servers wanting to allow websockets to connect from origins other than the origin of the site URL, please set the ``ServiceSettings.AllowCorsFrom`` [config setting](https://docs.mattermost.com/configure/integrations-configuration-settings.html#enable-cross-origin-requests-from). Also ensure that the ``siteURL`` is set correctly. + - For servers wanting to allow websockets to connect from origins other than the origin of the site URL, please set the ``ServiceSettings.AllowCorsFrom`` [configuration setting](https://docs.mattermost.com/configure/integrations-configuration-settings.html#enable-cross-origin-requests-from). Also ensure that the ``siteURL`` is set correctly. - **v7.8.6, released 2023-05-31** - Fixed an issue where the total user count was fetched for every client connection. It is only necessary to fetch this once. - Prepackaged version 1.3.0 of the Welcomebot plugin. From 1377578397181d323c48c5d20026eb5aff76bd48 Mon Sep 17 00:00:00 2001 From: Amy Blais <29708087+amyblais@users.noreply.github.com> Date: Tue, 25 Jul 2023 18:01:16 -0400 Subject: [PATCH 4/4] Update important-upgrade-notes.rst --- source/upgrade/important-upgrade-notes.rst | 23 ++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/source/upgrade/important-upgrade-notes.rst b/source/upgrade/important-upgrade-notes.rst index 2a9ccab08ad..66740e332dc 100644 --- a/source/upgrade/important-upgrade-notes.rst +++ b/source/upgrade/important-upgrade-notes.rst @@ -62,8 +62,9 @@ Important Upgrade Notes | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | Removed deprecated ``model.CommandArgs.Session``. | | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| | For servers wanting to allow websockets to connect from other origins, please set the ``ServiceSettings.AllowCorsFrom`` `configuration setting | -| | `_. | +| | For servers wanting to allow websockets to connect from origins other than the origin of the site URL, please set the ``ServiceSettings.AllowCorsFrom`` | +| | `configuration setting `_. Also ensure that | +| | the ``siteURL`` is set correctly. | | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | In v8.0 release, the following repositories are merged into one: ``mattermost-server``, ``mattermost-webapp`` and ``mmctl``. | | | Developers should read the updated `Developer Guide `_ for details. | @@ -89,8 +90,10 @@ Important Upgrade Notes | | In v7.10.1, fixed an issue where a user would still see threads in the threads view of channels they have left. Migration execution time in MySQL: Query OK, | | | 2766769 rows affected (4 min 47.57 sec). Migration execution time in PostgreSQL: 58.11 sec, DELETE 2766690. | | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| | In v7.10.3, for servers wanting to allow websockets to connect from other origins, please set the ``ServiceSettings.AllowCorsFrom`` `config setting | -| | `_. | +| | In v7.10.3, for servers wanting to allow websockets to connect from origins other than the origin of the site URL, please set the | +| | ``ServiceSettings.AllowCorsFrom`` | +| | `configuration setting `_. Also ensure that | +| | the ``siteURL`` is set correctly. | +----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | v7.9 | Added a new index on ``Posts(OriginalId)``. For a database with 11.8 million posts, on a machine with a i7-11800H CPU (8 cores, 16 threads), 32GiB of RAM and | | | SSD, the index creation takes 98.51s on MYSQL and 2.6s on PostgreSQL. | @@ -139,8 +142,10 @@ Important Upgrade Notes | | | | | Locks on the ``oauthaccessdata`` and sessions table will only be acquired if there are rows to delete. | | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| | In v7.9.5, for servers wanting to allow websockets to connect from other origins, please set the ``ServiceSettings.AllowCorsFrom`` `config setting | -| | `_. | +| | In v7.9.5, for servers wanting to allow websockets to connect from origins other than the origin of the site URL, please set the | +| | ``ServiceSettings.AllowCorsFrom`` | +| | `configuration setting `_. Also ensure that | +| | the ``siteURL`` is set correctly. | +----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | v7.8 | `Message Priority & Acknowledgement `__ is now enabled by default | | | for all instances. You may disable this feature in the System Console by going to **Posts > Message Priority** or via the config ``PostPriority`` setting. | @@ -184,8 +189,10 @@ Important Upgrade Notes | | | | | Locks on the ``oauthaccessdata`` and sessions table will only be acquired if there are rows to delete. | | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| | In v7.8.7, for servers wanting to allow websockets to connect from other origins, please set the ``ServiceSettings.AllowCorsFrom`` `config setting | -| | `_. | +| | In v7.8.7, for servers wanting to allow websockets to connect from origins other than the origin of the site URL, please set the | +| | ``ServiceSettings.AllowCorsFrom`` | +| | `configuration setting `_. Also ensure that | +| | the ``siteURL`` is set correctly. | +----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | v7.7 | Plugins with a webapp component may need to be updated to work with Mattermost v7.7 release and the updated ``React v17`` dependency. | | | |