Releases: cs3org/reva
Release list
v3.11.1
Changelog for reva 3.11.1 (2026-07-09)
The following sections list the changes in reva 3.11.1 relevant to
reva users. The changes are ordered by importance.
Summary
- Fix #5702: Preserve child ACLs when creating parent shares
Details
v3.11.0
Changelog for reva 3.11.0 (2026-07-07)
The following sections list the changes in reva 3.11.0 relevant to
reva users. The changes are ordered by importance.
Summary
- Fix #5693: Bugfix where descriptions are not propagated to web
- Fix #5694: Whitelisted more request types for the lightweight scope
- Chg #5671: Dropped support for Nextcloud as storage/user/auth provider
- Enh #5691: Refactor current ocm invite manager to GORM
- Enh #5688: Modernize Go Code
- Enh #5562: Share hierarchy checks
- Enh #5690: Store remote users on ocm share
Details
-
Bugfix #5693: Bugfix where descriptions are not propagated to web
This fixes a bug where the descriptions of the ocm invites are not propagated to the web.
-
Bugfix #5694: Whitelisted more request types for the lightweight scope
This is required to enable OCM for external accounts
-
Change #5671: Dropped support for Nextcloud as storage/user/auth provider
This PR removes the code to support Nextcloud as storage, user, and auth provider.
This code was developed as part of the initial effort to put in place the ScienceMesh, where the
deployment model was to run Reva at each site, including sites running Nextcloud where Reva
would be responsible for the OCM-based federation layer and Nextcloud for all the rest.Over the years, and especially during 2025-26, Nextcloud has implemented all OCM-related
capabilities natively, and this interface is getting obsoleted. We have kept it until the
maintenance cost was negligible, but with the upcoming changes on the OCM implementation,
this is not sustainable any longer. -
Enhancement #5691: Refactor current ocm invite manager to GORM
Refactor the ocm invite manager to user the GORM.
-
Enhancement #5688: Modernize Go Code
-
Enhancement #5562: Share hierarchy checks
This PR adds a hierarchical checking algorithm for shares to the gateway, as defined in ADR
general/0005-sharing. Concrectely, the new algorithm does the following:- Before applying any ACL, the gateway checks for parent and child shares in the database. *
Based on their relationships and permission levels, the gateway decides whether to apply,
reapply, or reject the operation. * ACL updates will be applied orderd by path-length (where
the shortest comes first) to maintain consistent inheritance semantics (otherwise, you
would overwrite child shares). * The algorithm applies equally to create, update, and delete
operations.
- Before applying any ACL, the gateway checks for parent and child shares in the database. *
-
Enhancement #5690: Store remote users on ocm share
This commit adds the following functionality:
- Functionality to add remote users even without the invitation flow when an OCM share is
received. - This configuration option is a whitelist of hosts of which this functionality is
enabled for. - A machine secret is added so that we can impersonate the user receiving the share
since the ocm endpoint is unauthenticated.
- Functionality to add remote users even without the invitation flow when an OCM share is
v3.10.4
Changelog for reva 3.10.4 (2026-07-01)
The following sections list the changes in reva 3.10.4 relevant to
reva users. The changes are ordered by importance.
Summary
- Fix #5685: Add sciencemesh paths for external accounts
- Fix #5686: Do not fail list shares if only OCM shares fail to be retrieved
- Fix #5687: Set resource id properly in share creation
Details
v3.10.3
Changelog for reva 3.10.3 (2026-06-30)
The following sections list the changes in reva 3.10.3 relevant to
reva users. The changes are ordered by importance.
Summary
- Fix #5683: Redact machine auth secret from log
- Fix #5684: Ignore basic auth if a signature is present
- Enh #5677: Cancel background jobs and trigger scheduled jobs on demand
- Enh #5672: Associate on-demand jobs with a user
- Enh #5682: Configure on-demand jobs from the config file
Details
-
Bugfix #5683: Redact machine auth secret from log
-
Bugfix #5684: Ignore basic auth if a signature is present
-
Enhancement #5677: Cancel background jobs and trigger scheduled jobs on demand
Added the ability to cancel a background job run, both on-demand and leader-scoped periodic,
and to trigger a scheduled job to run immediately. Cancellation is cooperative through the
job's context, durable so it reaches a run that is still queued or running on another process,
and terminal so a cancelled run is not retried. Triggering enqueues an extra run without
disturbing the schedule's regular cadence. -
Enhancement #5672: Associate on-demand jobs with a user
On-demand background jobs can now be attached to a user through a WithOwner enqueue option, so
the jobs a user created can be listed back (e.g. for a UI) with ListByOwner; jobs enqueued
without it stay internal. An opt-in Unique option was also added to keep at most one active run
per owner and key, so a user cannot, for instance, start the same export twice. -
Enhancement #5682: Configure on-demand jobs from the config file
On-demand background jobs are now given their own configuration section from the config file,
handed to the job constructor the same way the other services receive their configuration.
Each job reads its settings from [serverless.services.jobs.on_demand.""], so it can
load what it needs at startup instead of seeing only the per-run parameters.
v3.10.2
Changelog for reva 3.10.2 (2026-06-29)
The following sections list the changes in reva 3.10.2 relevant to
reva users. The changes are ordered by importance.
Summary
- Fix #5650: Fix for cephmount lock & xattr bugs
- Fix #5649: Ceph: fix path resolution
- Fix #5648: Eosfs: fixed lock retrieval
- Fix #5673: Fix a nilptr in the HTTP server
- Fix #5662: Check for nil pointers
- Fix #5676: Fixed parsing of OCM discovery payload
- Fix #5681: Correctly identify OCM embedded payloads
- Fix #5653: Honor pidfile passed with the -p option
- Fix #5639: Bound the Prometheus HTTP handler label cardinality
- Enh #5651: Add a background jobs framework
- Enh #5663: Add immutable stubs & upgrade cs3apis
- Enh #5652: Add support for signed URLs of the archiver
- Enh #5645: Implement hiding for ocm shares
- Enh #5611: OCM: reworked discovery logic and payload
- Enh #5654: Enable external accounts to list received OCM shares
- Enh #5664: Implement the new OCM webapp protocol
- Enh #5674: Honor outbound proxy settings in the OCM client
- Enh #5643: Utilize the new transferring state in the cs3api
Details
-
Bugfix #5650: Fix for cephmount lock & xattr bugs
- ReadArbitraryMetadata - Returns stored user.* xattrs in GetMD instead of nothing. * Paths
Unlock/SetLock open the full chroot path instead of the incorrect relative path. * Quality of
life improvements for error handling & debug logs.
- ReadArbitraryMetadata - Returns stored user.* xattrs in GetMD instead of nothing. * Paths
-
Bugfix #5649: Ceph: fix path resolution
When performing a id-to-path lookup the path may not always be empty, as in the case for wopi,
this case was not handled. -
Bugfix #5648: Eosfs: fixed lock retrieval
GetLock on a file with an empty lock now returns no lock as opposed to failing with a malformed
lock exception -
Bugfix #5673: Fix a nilptr in the HTTP server
-
Bugfix #5662: Check for nil pointers
-
Bugfix #5676: Fixed parsing of OCM discovery payload
The principle is that we should not fail the JSON parsing on unsupported capabilities, but only
on out of spec payloads. Therefore,ResourceTypemust be a generic string, to be validated
afterwards. -
Bugfix #5681: Correctly identify OCM embedded payloads
OCM "ro-crate" shares are to be mapped to (CS3) EMBEDDED resource types, where "embedded" is a
generic term to signal that any JSON-represented payload can be mapped in this way. -
Bugfix #5653: Honor pidfile passed with the -p option
The pidfile was always generated at a random path in the OS temp dir on startup, ignoring the
location passed with -p. As a result -s reload (and the other -s signals) could not find the
running master to signal it. The -p path is now honored when starting revad. -
Bugfix #5639: Bound the Prometheus HTTP handler label cardinality
The HTTP metrics interceptor used the full request URL path as the value of the
handlerlabel
on thehttp_request_duration_secondshistogram. Because Reva HTTP endpoints are
user-bound, this produced unbounded label cardinality and caused excessive metrics
storage. The label is now derived from the leading static path segment, keeping cardinality
bounded to the number of route prefixes. -
Enhancement #5651: Add a background jobs framework
Introduce a framework to run background work in reva, both periodically (e.g. warming a cache
or cleaning up expired state) and once on demand on a user request. Jobs are hosted by a new "jobs"
serverless service backed by NATS JetStream, run status is tracked in a SQL store and can be
queried by run id, and multiple jobs processes can run together without duplicating work. -
Enhancement #5663: Add immutable stubs & upgrade cs3apis
This upgrade is needed so we can move past this version to the cs3apis even though we don't use it
currently. -
Enhancement #5652: Add support for signed URLs of the archiver
-
Enhancement #5645: Implement hiding for ocm shares
This commit introduces the functionailty required to hide ocm shares
-
Enhancement #5611: OCM: reworked discovery logic and payload
This PR adapts the OCM Discovery endpoint to the latest standard and introduces better logic to
discover remote endpoints' protocols. -
Enhancement #5654: Enable external accounts to list received OCM shares
External accounts cannot create shares but can be recipient of shares. This now applies to OCM
shares as well. -
Enhancement #5664: Implement the new OCM webapp protocol
Following the OCM specifications, the webapp protocol and access method were reworked in the
cs3apis: the view mode was replaced by share permissions (view, read, write, share on the
wire), and the protocol now carries a shared secret, requirements (including
must-exchange-token), targets (blank or iframe), and optional display metadata (appName,
appIconHint, mediaTypes).- The OCM /shares endpoint now validates and parses webapp protocol payloads according to the
new specification; legacy payloads carrying a viewMode are rejected - Outgoing webapp shares
are serialized with the new wire fields, with the shared secret taken from the share token - The
SQL share manager persists the new webapp fields - Roles for webapp-only shares are now derived
from the share permissions instead of the view mode
- The OCM /shares endpoint now validates and parses webapp protocol payloads according to the
-
Enhancement #5674: Honor outbound proxy settings in the OCM client
ocmd.NewClientnow honors the standard HTTP_PROXY, HTTPS_PROXY, and NO_PROXY
environment variables for outbound OCM requests, while keeping the existing request timeout
and insecure TLS behavior. This applies to discovery, outgoing shares, invite-accepted,
token exchange, and directory-service fetches that go through the shared OCM client. -
Enhancement #5643: Utilize the new transferring state in the cs3api
- Puts the ocm share in a transferring state when doing the processing of an embedded share is
ongoing - A callback is implemented that puts the share in the accepted state when the transfer
is finished
- Puts the ocm share in a transferring state when doing the processing of an embedded share is
v3.10.1
Changelog for reva 3.10.1 (2026-06-05)
The following sections list the changes in reva 3.10.1 relevant to
reva users. The changes are ordered by importance.
Summary
Details
v3.10.0
Changelog for reva 3.10.0 (2026-06-03)
The following sections list the changes in reva 3.10.0 relevant to
reva users. The changes are ordered by importance.
Summary
- Fix #5624: Throw proper err upon invalid COPY request
- Fix #5620: Fix PROPFIND inconsistencies
- Enh #5625: Store attributes on version folders in EOS
- Enh #5627: Use destination field in received ocm share
- Enh #5626: Implement CS3 labels API
- Enh #5638: Add SpaceID field in shares table
- Enh #5629: Support for zenodo json-ld wrapped ro-crates
Details
-
Bugfix #5624: Throw proper err upon invalid COPY request
When doing a COPY / MOVE with an invalid space id, Reva starts copying from
/instead of
returning an error -
Bugfix #5620: Fix PROPFIND inconsistencies
Stop emitting a duplicate
oc:public-link-expirationentry in the not-found list, drop an
erroneous fallthrough fromoc:privatelinkand skip re-addingoc:namewhen explicitly
requested (since it's already added unconditionally) -
Enhancement #5625: Store attributes on version folders in EOS
See ADR decisions/reva/0004-attributes-version-folder.md
-
Enhancement #5627: Use destination field in received ocm share
Instead of hijacking the opaque we use the new destination field when processing a share
-
Enhancement #5626: Implement CS3 labels API
Together with this, the new table is also "GORM-ified"
-
Enhancement #5638: Add SpaceID field in shares table
On top of that, we set the owner of a share to be initiator
-
Enhancement #5629: Support for zenodo json-ld wrapped ro-crates
Adds support for OCM embedded shares whose payload is an RO-Crate wrapping the Zenodo JSON-LD
format (the plain RO-Crate is also supported)
v3.9.0
Changelog for reva 3.9.0 (2026-05-21)
The following sections list the changes in reva 3.9.0 relevant to
reva users. The changes are ordered by importance.
Summary
- Fix #5619: Fix EOS bug in version folder creation
- Fix #5618: Workaround for weird EOS ENODATA issue
- Fix #5610: Display ResourceType correctly for OCM Shares
- Fix #5609: OCM invite manager should use shared DB conf
- Enh #5571: Exclude expired shares from
ListReceivedShares - Enh #5552: OCM code-flow token exchange
- Enh #5598: Performance improvements to /permissions call
- Enh #5613: Check verb in signed URLs
Details
-
Bugfix #5619: Fix EOS bug in version folder creation
Due to a bug in the EOS drivers, version folders were created under the owner of the first
resource in a directory, instead of the owner of the corresponding file. -
Bugfix #5618: Workaround for weird EOS ENODATA issue
-
Bugfix #5610: Display ResourceType correctly for OCM Shares
-
Bugfix #5609: OCM invite manager should use shared DB conf
-
Enhancement #5571: Exclude expired shares from
ListReceivedSharesListReceivedSharesno longer returns shares whose expiration date has passed
-
Enhancement #5552: OCM code-flow token exchange
Added end-to-end OCM code-flow support for both sender and receiver paths. Shares can now
declarerequirements: ["must-exchange-token"]andaccessTypes: ["remote"], with the
new fields preserved across both SQL and JSON persistence. Discovery advertises
tokenEndPointandexchange-token, the newPOST /ocm/tokenendpoint exchanges
authorization codes into short-lived JWTs, and the dedicatedocmsharecodeand
ocmexchangedtokenauth managers separate exchange-code validation from
exchanged-token validation.The same feature branch also hardens the runtime path uncovered during live interop
validation. Code-flow scopes now carry share and resource identity without embedding the
long-lived shared secret, malformed protocol payloads are rejected earlier, and the
validated interop fixes stay in the same change set: correctclient_idhandling,
root-mounted DAV share recovery for Nextcloud-style clients, preserved download paths for
root-mounted single-file reads, and the related WOPI external-link fix that prefers
canonical share ids over legacy tokens.Validation coverage was expanded at the seams that changed most. The branch now includes
focused tests for/ocm/tokenbehavior, discovery-to-route coupling, WOPI share-id
fallback, received-side token-endpoint discovery and exchange helpers, received-side
retry wrappers, and persistence/validation behavior. Legacy direct-secret flows remain
operational, while code-flow shares enforce token exchange as an explicit protocol
requirement. -
Enhancement #5598: Performance improvements to /permissions call
-
Enhancement #5613: Check verb in signed URLs
v3.8.2
Changelog for reva 3.8.2 (2026-05-20)
The following sections list the changes in reva 3.8.2 relevant to
reva users. The changes are ordered by importance.
Summary
- Fix #5619: Fix EOS bug in version folder creation