diff --git a/source/product-overview/mattermost-v11-changelog.md b/source/product-overview/mattermost-v11-changelog.md index cd9b8139243..31f55c33362 100644 --- a/source/product-overview/mattermost-v11-changelog.md +++ b/source/product-overview/mattermost-v11-changelog.md @@ -13,6 +13,161 @@ Platform and OS scope reflects reported and tested environments and may not represent all affected configurations. ``` +(release-v11.9-feature-release)= +## Release v11.9 - [Feature Release](https://docs.mattermost.com/product-overview/release-policy.html#release-types) + +**Release day: 2026-07-16** + +### Upgrade Impact + +#### Database Schema Changes + - The following schema changes are included in the v11.9 release. No database downtime is expected for this upgrade. See the [Important Upgrade Notes](https://docs.mattermost.com/upgrade/important-upgrade-notes.html) for more details. + - Added the ``voipdeviceid`` column to the ``sessions`` table to support VoIP device tracking; metadata-only DDL on PostgreSQL 11+, minimal performance impact expected. + - Added composite index ``idx_access_control_policies_type_id`` on ``AccessControlPolicies(Type, Id)`` to improve policy lookup performance with no downtime or blocking impact. + - Removed orphaned ``threadmemberships`` rows where the user is no longer a channel member; irreversible data-only migration that may run slowly on large instances. + - Added a ``lastused`` column to ``incomingwebhooks`` with a negligible-duration catalog-only lock and no downtime required. + - Added ``'rank'`` to the ``property_field_type`` enum via a catalog-only ``ALTER TYPE`` statement; no user-table locks are acquired and no downtime is required for the upgrade. + - Converted up to three classification-marking ``PropertyFields`` from type ``'select'`` to ``'rank'`` and backfilled rank ordering into their options; negligible performance impact. + - Added ``rank``-type support to the ``AttributeView`` materialized view so ABAC policies can evaluate ranked property options; no performance impact expected on feature-flagged deployments. + - Renamed ``system_classification`` and ``channel_classification`` entries in ``PropertyFields`` to the canonical name ``classification``; affects at most two rows with no performance impact. + - Added an ``expiresat`` column and partial index to ``useraccesstokens`` to support PAT expiry enforcement, with no large-table impact or downtime required. + - Added a ``SchemaVersion`` column to ``PropertyGroups`` with no large-table impact or downtime required. + - Added a ``targetid`` column and ``idx_channelbookmarks_type_targetid`` index to ``channelbookmarks`` to support a new ``board`` bookmark type, with no impact to existing bookmarks or downtime required. + - Added the ``ChannelGuards`` table and a ``PluginId`` index to support plugin-exclusive channel ownership, with no downtime or backwards-compatibility impact. + +#### config.json +New setting options were added to ``config.json``. Below is a list of the additions and their default values on install. The settings can be modified in ``config.json``, or the System Console when available. + - **Changes to All plans:** + - Under ``AccessControlSettings`` in ``config.json``, added ``EnforceDeviceIDConsistency`` configuration setting to enforce device ID consistency across sessions. + - Under ``AccessControlSettings`` in ``config.json``, added ``TrustProxyDeviceIdentityHeader`` configuration setting to trust a proxy-supplied device identity header for session attribute collection. + - **Changes to All plans:** + - Under ``FileSettings`` in ``config.json``, added ``AzureStorageAccount``, ``AzureAccessKey``, ``AzureContainer``, ``AzurePathPrefix``, ``AzureEndpoint``, ``AzureSSL``, and ``AzureRequestTimeoutMilliseconds`` configuration settings for Azure Blob Storage filestore backend support. + - Under ``FileSettings`` in ``config.json``, added ``AzureCloud``, ``ExportAzureCloud``, ``AzureAuthMode``, ``ExportAzureAuthMode``, and ``ExportAzurePresignExpiresSeconds`` configuration settings for Azure Blob Storage support. + - Under ``FileSettings`` in ``config.json``, added ``ExtractContentTimeout`` configuration setting to limit how long a single uploaded document's content extraction occupies a worker (default 10 seconds). + - Under ``ServiceSettings`` in ``config.json``, added ``MaximumPersonalAccessTokenLifetimeDays`` configuration setting to require personal access tokens to expire within a configured maximum lifetime (``0`` imposes no policy). + +### Improvements +See [this blog post](https://mattermost.com/blog/mattermost-v11-9-0-is-now-available/) on the highlights in our latest release. + +#### User Interface + - Pre-packaged Jira plugin version [v4.7.1](https://github.com/mattermost/mattermost-plugin-jira/releases/tag/v4.7.1). + - Pre-packaged Playbooks plugin version [v2.10.0](https://github.com/mattermost/mattermost-plugin-playbooks/releases/tag/v2.10.0). + - Pre-packaged Agents plugin version [v2.4.2](https://github.com/mattermost/mattermost-plugin-agents/releases/tag/v2.4.2). + - Pre-packaged [Calls plugin](https://docs.mattermost.com/end-user-guide/collaborate/make-calls.html) version [v1.12.1](https://github.com/mattermost/mattermost-plugin-calls/releases/tag/v1.12.1). + - Pre-packaged Boards plugin version [v9.3.0](https://github.com/mattermost/mattermost-plugin-boards/releases/tag/v9.3.0). + - Pre-packaged GitLab plugin version [v1.13.0](https://github.com/mattermost/mattermost-plugin-gitlab/releases/tag/v1.13.0). + - Pre-packaged Boards plugin version [v9.3.0](https://github.com/mattermost/mattermost-plugin-boards/releases/tag/v9.3.0). + - Added zoom and pan support to the image file preview: use the scroll wheel to zoom at the cursor, click-and-drag to pan, and +/-/0 keyboard shortcuts (reported on webapp). + - Added a toast notification for plugin-rejected file uploads, consistent with the existing notification for rejected downloads. + - Added a Data Spillage Handling feature discovery page in the System Console for lower-tier licenses. + - Added clearer validation messaging for invalid user attribute names in the System Console. + - Incoming webhooks now show information about the last time they were triggered. + - Threads started by a webhook are no longer highlighted for the user who owns the webhook. + - Added user setting "Auto-follow threads on channel-wide mentions" (Settings → Notifications). When disabled, @channel/@all/@here mentions no longer force thread membership; users still receive mention notifications but must manually follow the thread. + - Hardened the web app against crashes caused by components rendered by a plugin. + +#### Plugins/Integrations + - Implemented clickable action buttons inside post markdown for bots, webhooks, and plugins. Integrations bind ``mmaction://`` markdown links to actions defined in a new ``mm_blocks_actions`` post property. + - Added channel bookmark type ``board`` with an optional ``target_id``. The bookmarks API rejects creating, updating, or deleting board bookmarks but allows reordering them when the caller has bookmark order permission. + - Added a webapp hook ``registerChannelTypeOption``. + - Added a ``MessagesWillBeConsumedWithContext`` plugin hook. + - Added a ``ChannelWillBeUpdated`` plugin hook. + - Added a ``ChannelWillBeRestored`` plugin hook. + - Added a ``ScheduledPostWillBeCreated`` plugin hook. + - Added a ``DraftWillBeUpserted`` plugin hook. + - Added a webapp hook ``registerChannelIconOverride``. + - Added a webapp hook ``registerChannelComposerBannerComponent``. + - Added a webapp hook ``registerPostHeaderComponent``. + - Added a webapp hook ``registerComposerPlaceholder``. + - Added a webapp hook ``registerProductSwitcherMenuItem``. + - Added ``RegisterChannelGuard`` and ``UnregisterChannelGuard`` plugin api methods. + +#### Administration + - Added [Azure Blob Storage](ocs.mattermost.com/administration-guide/configure/azure-blob-storage.html) support. + - Added Azure Blob Storage as a selectable backend in the File Storage and Export Storage admin console panels. The S3 Test Connection control is now backend-agnostic and validates the active driver. + - Added an Azure Cloud selector to the Azure Blob Storage admin panels with built-in support for Azure Commercial and Azure Government endpoints. Choose "Custom Endpoint" to point at Azurite, a reverse proxy, or any other Azure cloud by providing the full Blob service URL. + - Added a Microsoft Entra ID / ``DefaultAzureCredential`` authentication mode to the Azure Blob Storage admin panels alongside the existing shared-key path. Select "Default credential (Microsoft Entra ID)" to authenticate via managed identity, workload identity, service principal environment variables, or ``az login`` — whichever the host environment provides — with no access key required. + - Added Azure Blob Storage support for the optional presigned export-download feature (``EnableExportDirectDownload``). Bulk-export downloads now generate a time-limited Shared Access Signature when the export backend is Azure, matching the existing S3 behavior. A new ``FileSettings.ExportAzurePresignExpiresSeconds`` configuration field controls the SAS lifetime (defaults to 6 hours, capped at Azure's 7-day SAS limit). + - Added validation of the Azure file storage account name and routed Azure custom-endpoint requests through the standard outbound HTTP transport. + - Added SAML connectivity status and error diagnostics to support packet output. + - Added OAuth2/OpenID Connect provider connectivity status (GitLab, Google, Office365, OpenID) to the support packet diagnostics. + - Added database diagnostics to the support packet, covering connection pool stats on every supported driver and PostgreSQL aggregate performance indicators (cache hit ratio, deadlocks, temp files, lock wait/idle activity, longest running query, and Posts autovacuum/dead tuples). Per-query timeouts and partial-failure handling keep packet generation resilient when individual pg_stat queries fail. + - Personal access tokens can now be required to expire within a configured maximum lifetime via the new ``MaximumPersonalAccessTokenLifetimeDays`` System Console setting (non-zero = expiry required and capped to that many days; ``0``, the default, imposes no policy). The policy applies only to newly created tokens; bot tokens are exempt. The ``POST /users/{id}/tokens`` endpoint now accepts a client-supplied ``expires_at`` (Unix millis), and ``mmctl user token generate`` gained an ``--expires-in`` flag (e.g. ``--expires-in 90d``) for creating expiring tokens via CLI. Added an ``ExpiresAt`` column to the ``UserAccessTokens`` table and enforced expiry at token validation time. Expired personal access tokens are now rejected with HTTP 401 and reaped hourly by a new background job (``cleanup_expired_access_tokens``); audit events are emitted on rejection (``rejectExpiredUserAccessToken``) and reap (``expireUserAccessToken``). Tokens with ``ExpiresAt = 0`` remain non-expiring, preserving behavior for all pre-existing tokens. Added an expiry chooser to the **Personal Access Token** creation user interface in **Account Settings**, backed by the new ``ServiceSettings.MaximumPersonalAccessTokenLifetimeDays`` admin policy, which is now also configurable in the ``System Console`` under ``Integrations > Integration Management``. The token list (user and admin) shows each token's expiry and status (active / expired / disabled) with a warning when a token is within 7 days of expiry. + - Added a pre-migration setup to fix incorrect database migration numbers that prevented upgrading Mattermost from v10.11 to v11.7. + - Added a new ``FileSettings.ExtractContentTimeout`` setting (default 10 seconds) that limits how long a single uploaded document's content extraction occupies a worker, and moved document content extraction to a dedicated, non-blocking worker pool so it no longer delays file uploads for other users. + - Stopped logging the email subject in the "sending mail" server log to prevent potential exposure of PII such as sender names from Direct Message and mention notifications. + - Enabled CJK (Chinese, Japanese, Korean) search by default for PostgreSQL. + - Added support for OpenSearch v3, while continuing to support OpenSearch v2. + - User attributes can now be synced with AD/LDAP or SAML whether they are user-editable or admin-managed. When an attribute is synced, the "Editable by users" toggle is disabled; remove the sync link to change it again. + - Added [attribute value masking](http://docs.mattermost.com/administration-guide/manage/admin/abac-system-wide-policies.html) for access control policies: admins who don't hold specific attribute values see a masked placeholder (``--------``) instead of the raw value, with affected rule rows set to read-only and save/delete actions disabled. Applies to the table editor, CEL editor, and team settings modal. Requires Enterprise Advanced license. + - Added support for iOS Calls ring for Direct/Group Message channels. + - Expanded session attribute collection to include values provided by Desktop App and Mobile clients. + - Removed legacy interactive dialog code path on webapp. + - Added a channel-guard enforcement for scheduled posts and drafts. + - Added Phase 8b, 8c, 8d, 8e, 8f, 8h, 12, and 12e of the ``mbe-tech-preview``. + - Added a ``mattermost db ping`` [subcommand](https://docs.mattermost.com/deployment-guide/reference-architecture/deployment-scenarios/air-gapped-deployment.html) that waits for the database to become reachable, with configurable ``--timeout`` and ``--retry-interval`` flags. + - Added a new "rank" custom profile attribute type whose options carry an explicit ordering. System Admins can create and manage ranked attributes in the **System Console** and assign ranked values to users, enabling attribute-based access control policies that compare clearance- or classification-style attributes with ordinal operators (for example, "is at least Secret") instead of enumerating every qualifying value. + - Added a new ``ClusterReliableFallbackLength`` [metric](https://docs.mattermost.com/administration-guide/scale/performance-monitoring-metrics.html) with the total length in bytes of the ``SendBestEffort`` calls (UDP) that had to fallback to TCP because of the message length. + - Made ``SendBestEffort`` cluster messages fall back to using TCP when their length is larger than a UDP datagram. + - Added a license preview and diff view when uploading a new license in the System Console, allowing administrators to compare the new license's features with the current license before applying. + - Added a new ``mattermost_system_server_info`` Prometheus metric that exposes the server version and build hash as labels. + - Enabled support for permission-action rules (file upload, file download) on channel-scope access control policies, with a new "Simulate access" modal in System Console and Channel Settings that previews per-user, per-action decisions before saving. Requires the Enterprise Advanced license. + +#### Performance + - Improved the performance of concurrent logins by removing a global mutex in favour of database serialization for computing login attempts. This, in turn, fixed the semantics of the ``MaximumLoginAttempts`` setting, which is now honored across all nodes in the cluster: instead of allowing ``n*MaximumLoginAttempts`` attempts, with ``n`` the number of nodes, we now allow ``MaximumLoginAttempts`` attempts regardless of the number of nodes. + - Reduced cluster send error logs from oversized ``plugin_statuses_changed`` WebSocket events. + +### Bug Fixes + - Fixed an issue where a file read failure while building a Global Relay compliance export could crash the server. + - Fixed display of long usernames in the user account menu. + - Fixed a white flash that appeared in the global header and left sidebar when switching between products (Playbooks/Boards) and Channels. + - Fixed an issue where the AI actions toolbar separator was shown when no AI actions button was available. + - Fixed an issue where the Incoming Webhooks list reordered entries between page navigations. + - Fixed a JavaScript error when reviewers received content review updates for permanently removed flagged posts. + - Fixed an issue where the Global Threads view showed only 1 quick reaction emoji in the post hover toolbar instead of 3 (reported on webapp). + - Fixed IPv6 addresses containing hex segments (e.g. ``:beef:``) being incorrectly rendered as custom emoji in the web app. + - Fixed a bulk-import failure ("ChannelMember not found") when a group-channel hash already existed but its membership was incomplete — for example with concurrent import workers, a prior import that crashed mid-loop, or a pre-existing group channel whose membership had drifted. + - Fixed an issue where the content review bot Direct Message displayed an empty ``""`` block under "With comment" when the reporter or reviewer did not enter a comment. + - Fixed incorrect encoding of image URLs containing query parameters when using an image proxy (reported on webapp). + - Fixed an issue where the SAML metadata endpoint did not correctly pull the IDP public certificate. + - Fixed an issue where selecting a new role for a team or channel linked to a group in the System Console would not update the role dropdown in the user interface. + - Fixed an issue where importing direct or group message channels without scheme flags in the payload (notably from mmetl Slack exports) produced channel members with no effective role, breaking the message input for those channels on the web client. + - Fixed the Membership Policies row action Edit option to open the membership policy editor. + - Fixed the onboarding checklist button positioning when a bottom classification banner is visible. + - Fixed a regression that made the Integrations and Custom Emoji pages illegible when using a dark theme (reported on webapp). + - Fixed an issue where the Role and Permissions column values in the System Console Permission Policies (and Membership Policies) list ran together without a separator and were truncated mid-word instead of showing an ellipsis. + - Fixed an issue where a channel member removed by an attribute-based access control (ABAC) access-rule change could still appear in the Channel Info Members list until a full page reload, even though the member count was correct. + - Fixed an issue where "Mark as Unread" from the channel sidebar did nothing when the most recent message in the channel was a system join/leave message (reported on MacOS / Desktop App). + - Fixed an issue where channel admins saw "Failed to load this channel's permission policy" on the Permissions Policy tab when the channel had no access control policy configured. + - [Fixed](https://docs.mattermost.com/end-user-guide/collaborate/react-with-emojis-gifs.html) custom emoji upload size and GIF frame limits. + - Fixed file moves and copies on S3 file stores failing for files larger than 5 GiB (for example, finalizing an ``mmctl`` import upload of an import archive over 5 GiB) by using a server-side multipart copy. + - Fixed an issue where a bot user created by a plugin could become the first system admin on a fresh install (reported on webapp and browser). + - Fixed an issue where a custom classification selection was lost if a user selected a preset from the classification preset options. + - Fixed validation for ``PUT /api/v4/users/{user_id}/auth`` to reject unknown auth services and prevent auth data on email/password users. + - Fixed an issue that caused a flagged post to continue being visible for content reviewers until a refresh after deletion. + - Preserved unknown permissions during migrations on downgrade. + - Fixed an issue where channels with a permission-only access control policy (and no membership policy) were incorrectly hidden from the channel picker in the Invite People → Invite as Guest flow. + - Tightened authorization on the OAuth deauthorization and personal access token management endpoints. + - Tightened validation when updating channel member roles via the API. + - Fixed an issue where the **Channel Settings Permissions Policy** rule editor cleared all entered fields (role, conditions, and permissions) when a validation error was shown on save. + - Avoided saving stale configurations from the System Console by refreshing a system admin's snapshot of the configuration whenever it changed. + - Fixed an issue where the Bot Accounts page loaded at most 200 bots, hiding newer bots from the list and search on servers with more than 200 bot accounts. + +### API Changes + - Added ``POST /file/test`` (``testFileStore``) API endpoint for backend-agnostic file store connection testing. + - Added ``POST /file/s3_test`` (``testFileStore``) API endpoint. + - Removed ``POST /file/s3_test`` (``testS3``) API endpoint. + - Added ``GET /access_control/policy`` (``getTeamAccessControlPolicy``) API endpoint. + - Added ``GET /sessions/attributes/manifest`` (``getSessionAttributesManifest``) API endpoint. + - Added a new API file: ``team_abac_api_test.go``. + - Added a new API file: ``team_membership_enforcement_test.go``. + +### Audit Log Event Changes + - Added ``AuditEventRejectExpiredUserAccessToken`` audit log event. + +### Go Version + - v11.9 is built with Go ``v1.26.4``. + (release-v11.8-feature-release)= ## Release v11.8 - [Feature Release](https://docs.mattermost.com/product-overview/release-policy.html#release-types)