6. Changelog#
This changelog documents all notable changes to the ICS app. Keep a Changelog is the format and this project adheres to Semantic Versioning.
6.1. v1.8#
Released: 15. December 2024
6.1.1. Added#
Endpoint to securely proxy requests from Univention-Portal to XWiki on
/wiki
, allowing to load RSS feeds from XWiki.UCR variables to configure XWiki.
intercom-service/xwiki/enabled
to activate or deactivate XWiki integration.intercom-service/xwiki/url
to set the URL of the XWiki instance.intercom-service/xwiki/audience
to configure the OIDC client.
UCR variable
intercom-service/settings/username-claim
to configure the claim in the identity token that contains the username.
6.1.2. Changed#
Load all the configuration during initialization to improve asynchronous performance.
Updated base image to UCS 5.2-0 December 2024 build.
6.2. v1.7#
Released: 15. November 2024
6.2.1. Added#
UCR variable
intercom-service/settings/user-unique-mapper
to configure the unique user claim name for the Keycloak OIDC client.
6.2.2. Changed#
Order of middlewares for Nextcloud proxying caused authentication prompts in some cases.
6.3. v1.6#
Released: 22. April 2024
6.3.1. Added#
Reconnect to Redis after the service was down.
UCR variables to allow users to configure an external Redis server.
intercom-service/redis/host
to set the hostname of the Redis server.intercom-service/redis/port
to set the port of the Redis server.intercom-service/redis/user
to set the password of the Redis server.
6.3.2. Changed#
Image is now based on UCS base image.
6.3.3. Fixed#
AppCenter settings are now correctly applied during after installation.
6.4. v1.5#
Released: 20. June 2023
6.4.1. Added#
UCR variables to set the path to external self-signed certificates.
6.4.2. Security#
Updated dependencies.
6.5. v1.4#
Released: 13. December 2022
6.5.1. Changed#
Refresh Nextcloud token when expired before proxying the request.
Improved logging messages with JSON formatting.
6.5.2. Added#
UCR variable to set the log level.
Logging to files and standard output.
6.5.3. Security#
Intercom service requests Nextcloud tokens with the Nextcloud audience, instead of the audience of OX App Suite.
6.6. v1.3#
Released: 28. October 2022
6.6.1. Changed#
Treat expired refresh tokens as no token, triggering a silent login attempt.
Matrix login type set to m.login.application_service and is not configurable any more.
Switch to v3 Matrix client API.
6.7. v1.2#
Released: 29. September 2022
6.7.1. Added#
Various debug logs
6.7.2. Changed#
Apply firewall rules during installation to make ICS accessible from outside of UCS.
Set Docker DNS based on the UCR variables nameserver1, nameserver2 and nameserver3.
6.7.3. Security#
The Filepicker functionality of ICS now fetches a separate token for authenticating with the file hosting application Nextcloud. The OX OIDC-client in the IdP must be allowed, to fetch a token for the Nextcloud OIDC-client. This was always intended, but not correctly enforced in earlier versions.
6.7.4. Fixed#
Update deprecated usage of express.urlencoded.
ICS health check failed because of Nordeck URL returning 404.
Video conferences created as the wrong user.
Central navigation returning navigation.json for the wrong user under certain circumstances.
6.8. v1.1#
Released: 16. September 2022
6.8.1. Added#
- Stability
ICS split the cookie headers by a logic that didn’t consider certain cases. Now, ICS uses a standard cookie library for the handling cookie headers.
During app installation, ICS tests the URLs of the required services Keycloak, Nextcloud, Nordeck, and UCS Portal, if it can reach them. The installation shows a warning, if the test can’t reach the services. Additionally, ICS runs a health check within the Docker container every 60 seconds to test, if it can reach the services.
- Refreshing Access Tokens
A middleware that automatically refreshes access tokens when they expire.
6.8.2. Changed#
Improve the readability of user documentation.
6.8.3. Security#
The Redis database provides persistence for app sessions. The update applies the following security fixes to Redis:
Password protection provided in
/etc/intercom-redis.secret
.The Redis container is only accessible from the docker-compose internal network (
external: false
).
Verify the JWT (JSON Web Token) access or ID token with the public key of the Keycloak issuer.
Enable
backchannel-logout
and remove the appropriated app-session from ICS.
6.8.4. Fixed#
Convert the uppercase value for the environment variable
PROXY
to lowercase. Using the variable in JavaScript requires the value in a lowercase string.
6.9. v1.0#
Released: 22. August 2022
6.9.1. Added#
Endpoint for OIDC silent login against Keycloak on
/silent
.Endpoint to securely proxy requests from Open-Xchange to Nordeck on
/nob
, allowing the creation of Element videoconferences from Open-Xchange.Endpoint to securely proxy requests from Open-Xchange to Nextcloud on
/fs
, allowing to use the email Filepicker with Nextcloud.Endpoint to securely proxy requests from Open-Xchange to UCS Portal
/navigation.json
, allowing for use of UCS Portal central navigation from Open-Xchange.Session storage with Redis.