2026-04-20 (Chart release 5.30.0)

Release notes

• Since 5.29 was broken and you should have skipped it, you are about to upgrade from 5.28 to 5.30 in one step. This has been tested and should work. Please consult the release notes from both 5.29 and 5.30 for changes w.r.t. 5.28.

• background-worker now reuses galley's configmap and secrets for cassandra, postgres and federation domain settings. This removes redundant settings and keeps the two services aligned. No operator action is strictly required; however, we advise removing the background-worker value overrides for galley's cassandra, postgres, and federation domain settings, as they are duplicated and no longer needed:

  • background-worker.config.cassandraGalley
  • background-worker.config.postgresql
  • background-worker.secrets.pgPassword
  • background-worker.config.federationDomain (#5180)

• Operators upgrading from the previous wire-server chart release, where the service charts were consolidated into the umbrella chart, must now set tags.proxy explicitly again.

  If your currently installed values no longer contain a proxy tag because of that consolidation, add one before upgrading to this release and set it to the intended state:

  • tags.proxy: true to deploy the proxy chart
  • tags.proxy: false to keep the proxy chart disabled (#5161)

• The Restund helm chart and code stops being supported and shipped. If you have not already, please migrate to coturn which continues to be supported. (#5162)

Features

• Send team.member-join to all apps in team. (#5187)

Bug fixes and other updates

• Remove the Server response header value for entire API. (#5179)

• Integration tests for user events when user type is app. Replace redundant app-created event with team.member-join. (#5139)

• (Un-)suspend apps if en-/disabled in the team. (#5177)

• Apps from outside own team do not appear in contact search. (#5173)

• Fix: apps cannot form connections accross teams. Integration test for cross-team conversations working with apps as expected. (#5171)

• Prevent password reset for SAML users (#5191)

• Remove apps from conversations when apps are disabled in conversation. (#5176)

• Fix: allow removal of bots from conversation after switching it to MLS. (#5186)

• Hotfix: handle NULL in brig-cassandra:user.user_type. (#5193)

• Fix bug where the mls-users tool would crash for users with null supported_protocols (#5190)

Documentation

• Make schema-profunctor schema names derived and avoid name clashes between scopes. (#5151)

Internal changes

• Propagate error from brig on stern API call GET i/domain-registration/:domain (#5179)

• The status code for rate limit responses from nginz and cannon is now configurable and set to 420 per default (#5154)

• Moved code from galley to ClientSubsystem (#5154, #5147, #5157, #5156, #5165, #5168)

• The defaults in k8ssandra-test-cluster should now work for both a fresh cassandra 4.1 pod as well as an upgrade of an existing previous k8ssandra-test-cluster deployment. We assume k8ssandra-operator helm chart version 1.20.2. (#5091)

• Use sbomnix to generate SBOMs for Nix-built Docker images and devShells. Adjust Helm chart values for inlined wire-server chart. (#5167)

• Remove tom-bombadil SBOM creation targets from Makefile. There's a better approach to create SBOMs in place (in Makefile and CI). (#5181)

2026-03-24 - (Chart Release 5.29.0)

This release is broken. Please upgrade from 5.28 directly to 5.30!

Release notes

• Helm chart refactoring: several core services were migrated from wire-server subcharts into the umbrella chart templates (charts/wire-server/templates).

  Moved as core services:

  • background-worker
  • brig
  • cannon
  • cargohold
  • galley
  • gundeck
  • proxy
  • spar

  As a result, dependency tags for moved services are obsolete for the current wire-server chart, because these services are no longer resolved through requirements.yaml dependencies. In particular, tags.brig, tags.galley, tags.cannon, tags.cargohold, tags.gundeck, tags.proxy, and tags.spar are no longer needed for wire-server deployments.

  Operator note: during upgrade, rendered manifests will show metadata/source changes (for example chart labels and template source paths). This is expected from the inlining refactor and may trigger a one-time rollout due to checksum annotation changes.

  Compatibility note: for standard wire-server deployments this is not expected to be breaking, because the moved core services were not toggled off via tags in default/in-repo environments. However, this is a breaking change for custom deployments that previously disabled any of these services via wire-server dependency tags (tags.<service>: false), because those tags are now obsolete after inlining. (#5085)

• Rate-limit status codes in nginz and cannon's embedded nginz are now configurable via Helm values.

  Compatibility note: the default remains 420, so this does not change behavior for existing deployments and requires no direct operator action. (#5124)

• Remove the old metallb wrapper chart. This hasn't been published or updated
  for quite some time. Even the Docker images weren't available anymore. (#5111)

API changes

• Require admin password for refreshing app cookies (POST /teams/:tid/apps/:uid/cookies). (#5129)

• Add "app" attribute to GET /list-users, GET /users/:dom/:uid; make GET /teams/:tid/apps, GET /teams/:tid/apps/:uid return same schema as GET /list-users. (#5070)

• GET /teams/:tid/search response contains user types now (app or regular). (#5074)

• • remove pict attribute from GetApp
  • remove metadata attribute from GetApp
  • inline GetApp fields into NewApp
  • make CreatedApp.user contain UserProfile (which includes app info)
  • rename GetApp to AppInfo
  • remove AppInfo.{name,assets,accentId} (redundant user data) (#5115)

• Create new API version V16 and finalize API version V15. (#5121)

Features

• Add meetings listings endpoint /meetings/list. (#5109)

• Add Wire Meetings add invitation endpoint POST /meetings/:domain/:id/invitations (#5132)

• Add Wire Meetings delete invitation endpoint POST /meetings/:domain/:id/invitations/delete (#5136)

Bug fixes and other updates

• Claiming key packages for a deleted user now returns a client error instead of a server error (#5113)

• backoffice/stern: fix Swagger UI for comma-separated list query parameters (#5108)

• Streamlined and fixed team feature config validateSAMLemails (#5114)

• When the admin creates a new app cookie, all previous ones must be revoked. (#5149)

• charts/elasticsearch-index: Allow configuring postgresql (#5092)

• charts/wire-server: Fix nil pointer errors in merged subchart templates when optional values (brig.turn, rabbitmq TLS, cassandraBrig/cassandraGalley) are not provided (#5112)

• Improve error message when failing to parse group ID (#5089)

Documentation

• Updated docs for the team feature validateSAMLemails (#5118)

Internal changes

• The status code for rate limit responses from nginz and cannon is now configurable and set to 420 per default (#5124)

• Add curl to integration test failure reports. (#5048)

• Add UserType fields in various data types. (#5074)

• Progressively move away from singletons to type class to allow progressive migration to wire-subsystems of Galley's actions.
  Drop Galley.Intra.Util,Galley.Effects, Galley.API.MLS.Commit, and Galley.API.Push.
  Break dependencies to Opts/Env.
  Split ConversationSubsystem.Interpreter Galley.API.Federation (#5075, #5081, #5086, #5087, #5098, #5101, #5102, #5103, #5104, #5110, #5145, #5148)

• Logging Wire-Client, Wire-Client-Version and Wire-Config-Hash headers in nginz (#5123)

• Refactor scripts to alleviate SonarQube warnings (#5097)

• Consumable notifications are now disabled (#5116)

• The fields code, label, and message where added to the inconsistent group state error response of POST /mls/commit-bundels (#PR_NOT_FOUND)

• Refactor Category: from ADT to Text. (#5120)

• Moved TeamVisibilityStore operations into TeamStore (#5137)

• Moved TeamNotificationStore to wire-subsystems (#5138)

• Moved CustomBackendStore to wire-subsystems (#5135)

• Moved TeamMemberStore, interpreter, and ListItems interpreters for Team to wire-subsystems (#5140)

• sbomqs has been unused for years now. Thus, dropping it from our Nix env. (#5144)

• Adjust the default Nix flake devShell such that nix develop is usable. (#5127)

• Create and upload SBOMs for Helmfile, docker-compose and Helm charts. (#5122)

2026-03-03 - (Chart Release 5.28.0)

Release notes

• The following Helm charts changed in this branch:

  • charts/demo-smtp
  • charts/fake-aws-ses
  • charts/fake-aws-sns
  • charts/legalhold

  Image field overrides are supported via split values (repository + tag) in the changed charts.
  There are backward incompatibilities if old string-style image overrides are still used. (#5015)

• Cassandra (brig.user) now keeps track of user types, only for newly created users. Read this paragraph if you have already created apps before their official support: For existing users and bots, the user type is inferred, but existing apps will show as regular users. Please remove those users from your team and create them again. (#5022)

• Starting in this version, wire-server is tested against cassandra (4.1.x). The codebase is compatible with cassandra 3.11, 4.0, and 4.1. But going forward, only 4.1 or newer will get tested. We recommend you eventually upgrade cassandra to 4.1.x. (#5062)

API changes

• PUT /teams/:tid/apps/:uid for app metadata update. (#5053)

• GET /teams/:tid/apps now includes app ids in response. (#5057)

Features

• Add Meetings API for creating and managing scheduled meetings.

  New endpoints:

  • POST /meetings - Create a meeting with title, start/end times, recurrence patterns (daily, weekly, etc.), and invited emails. Each meeting creates an associated MLS conversation.
  • GET /meetings/:domain/:meetingId - Retrieve a meeting by ID. Accessible to the meeting creator or any conversation member.

  Features:

  • Recurring meeting support with configurable patterns and end dates
  • Trial status: personal users receive trial meetings, paying team members receive non-trial meetings
  • Meeting expiration: old meetings are automatically filtered based on a configurable validity period (#4918)

• PUT /meetings/:domain/:meetingId for updating meetings.

  Supported fields:

  • startTime, endTime - update meeting time (must be valid: start < end)
  • title - update meeting title
  • recurrence - update recurrence pattern

  Authorization: only the meeting creator can update the meeting. (#5065)

• Ephemeral users are now allowed to upload and download files (#5016)

• Pass optional cookie label on initiating the SSO login flow (#5049)

• Revoke cookie with same label on login (#5055)

• Emit new event user.session-refresh-suggested on cookie revocation (#5060)

• New public system setting for nomad profiles support (#5077)

• Print better error logs even when errors are overwritten to be hidden from the users (#5000)

• Add history metadata support to channels. Channels now have a new field history which can be set on creation and updated by admins. (#4991)

• Send an email to team admins and owners when an IdP is changed via API (create,
  update, delete). This behaviour is for now only enabled for multi-ingress
  setups. (#4987)

• Add /sso/get-by-email endpoint to retrieve SSO codes by user email address.
  This will enable clients to fetch SSO codes and not have to ask the user for
  them.

  This feature is turned off by default and can be enabled in spar by setting
  the enableIdPByEmailDiscovery flag. Multi-ingress domains are taken into
  account to find the right SSO code to use. Users must have been created via
  SCIM; non-SCIM users are ignored. Please refer to the documentation for further
  information. (#5024)

Bug fixes and other updates

• Delete app when removing a user from a team. (#5046)

• Listing users never excludes apps on grounds of not having an identity. (#5029)

• cannon: Do not report status code 500 when websocket is closed due to client
  errors (#5045)

• Remove ModifyConversationHistory permission (#5027)

• The backend is now able to accept commits in the presence of duplicated remove proposals (#4999)

• Repair user key inconsistency when inviting user (#5031)

• Repair user key inconsistency on registration
  (#5050)

Internal changes

• Made hard coded images in helm charts configurable (#5015)

• Fix: create team members for apps in galley, not just brig users. (#4970)

• Change GET /i/users on brig to never return users with status Deleted.

  This shouldn't change backend behavior, except for avoiding some race
  conditions involving user deletion and fetching. (#5052)

• Request-Id is now correctly propagated in cannon and cargohold (#5073)

• Integration tests: test lib now supports shouldMatchShape for json schema assertions. (#5057)

• Move conversation creation logic to wire-subsystems

  • Moved conversation creation logic from Galley.API.Create to Wire.ConversationSubsystem.Interpreter
  • Relocated utility modules:
    • Galley.API.Error → Galley.Types.Error
    • Galley.API.One2One → Wire.ConversationSubsystem.One2One
    • Galley.API.Util → Wire.ConversationSubsystem.Util
    • Galley.Effects.UserClientIndexStore → Wire.Effects.UserClientIndexStore
  • Removed Galley.Validation module (functionality moved to interpreter)
  • Updated background-worker configmap:
    • Added galley endpoint configuration to template
    • Added galleyEndpoint field to environment
    • Updated Registry to call getConfiguredFeatureFlags and provide flags via runInputSem
  • Added roundtrip and golden tests for:
    • ConversationSubsystemConfig
    • FeatureDefaults types: LegalholdConfig, SSOConfig, SearchVisibilityAvailableConfig

• cannon chart: allow optional extra command line args to pass to the cannon process (#5023)

• cannon chart: add scheduling options for node selector, affinity, and tolerations (#5020)

• Updated email templates to v1.0.148 (#5003)

• Federator helm chart: by default remove the CPU limit (and throttling). A limit can still be specified. (#5076)

• Move IdPConfigStore to wire-subsystems. This will enable using it in other effects. (#5011)

• Upgrade wire-server's Nix env. Switch to nixpkgs nixos-25.11 (the release branch). (#5032)

• Update libzauth-c's dependencies. (#5039)

Federation changes

• Support external cert-manager issuers (e.g. AWS PCA) for federation TLS by adding optional group field to federator.tls.issuer and making certificate duration/renewBefore configurable via federator.tls.duration and federator.tls.renewBefore in nginx-ingress-services chart. (#5025)

2026-02-04 (Chart Release 5.27.0)

Release notes

• Team features can now be migrated from Cassandra to Postgres. To migrate:
  • Set galley postgresMigration.teamFeatures to migration-to-postgresql.
  • Enable the background-worker flag migrateTeamFeatures=true to run the backfill.
  • Monitor the wire_team_features_migration_finished metric to confirm completion.
  • Switch postgresMigration.teamFeatures to postgresql and restart Galley and background-worker.
  • Once fully cut over, drop the Cassandra team_features_dyn table. (#4979)

API changes

• Filter user search by type: GET /search/contacts?q=...&type=regular,app (#4986)

Bug fixes and other updates

• Fix Brig's emails templates fetch script. (#4878)
• Add mls-duplicate-public-key error to swagger (#4996)
• Set idle timeout on HTTP connections to 30s. Set ping interval to 15s in cannon,
  missing two pings will cause the connection to close. This also removes ability
  for the client to control the ping interval. (#4992, #4992)

Internal changes

• Migration from Cassandra to Postgres of Team Features (#4982, #4983, #4979)
• Add an AGENTS.md file to provide basic information about the project to AI
  tools. (#4993)
• Add net_connections condition to liveness probe of brig pod (#4990)
• cannon: Add /websocket endpoint which is the same as /await (#5001)

2026-01-26 (Chart Release 5.26.0)

Release notes

• User search provides information about user type (regular, app, legacy bot) now. Also, Elasticsearch re-indexing requires postgres access now. If you run brig-index directly anywhere, make sure to add the relevant settings. The Elasticsearch index must be refilled from Cassandra in order for the changes to the search results to take effect. See https://docs.wire.com/latest/developer/reference/elastic-search.html?h=index#refill-es-documents-from-cassandra (#4913, #4957)

• Conversation codes can now be migrated to PostgreSQL. For existing installations:

  • Set postgresMigration.conversationCodes: migration-to-postgresql in both galley and background-worker.
  • Run the backfill with migrateConversationCodes: true.
  • Wait for wire_conv_codes_migration_finished to reach 1.0.
  • Switch to postgresMigration.conversationCodes: postgresql and disable migrateConversationCodes. (#4961)

• The background-worker defaults for the postgres migration now match galley and point to cassandra (previously postgres). This currenlty only affects the background job, which is not expected to run before postgres is in use. However, if you relied on the defaults after migrating to postgres, please update your config to keep using postgres. (#4965)

• Drop support for kubernetes versions below 1.27 (#4969)

API changes

• New end-point GET /teams/:tid/apps listing all team apps. (#4960)

• Add type field to search results received from GET /search/contacts (#4913)

Features

• nginx-ingress-services: Add federator.tls.issuer option to use a separate ClusterIssuer for federation mTLS certificates. (#4964)

• Log changes to IdP configurations made via the IdP REST API to syslog. (#4935)

• Allow commit bundles to contain one application message. The message must be for the epoch after the commit, and it gets sent after the commit has been accepted. (#4929)

Bug fixes and other updates

• background-worker's default settings for postgresMigration have been correctly set to cassandra. (#4965)

Internal changes

• Circumvent potential performance issue with TVar (Map ...) (#4948)

• Migration of conversation codes from cassandra to postgres (#4959, #4961)

• • Test for team and user email templates added
  • Refactoring to make email rendering testable
  • Removed SMS and call templates (#4699)

• Drop cryptobox, handle prekey in pure Haskell. (#4719)

• Move Feature Flags read to wire-subsystems. (#4918, #4974)

• Federator: Replace Linux-only hinotify with cross-platform fsnotify library
  for certificate file monitoring. This enables native file system watching
  on both Linux and macOS, removing the need for platform-specific stubs. (#4955)

• Simplify and modernize the Nix setup of rusty-jwt-tools. This includes
  updating to version 0.14.0. (#4952)

2026-01-13 (Chart Release 5.25.0)

Release notes

• Operators: if you override galley.settings.featureFlags.cells in your Helm values, update your override to include the newly required cells config fields (channels/groups/one2one/users/collabora/publicLinks/storage/metadata); if you use the chart defaults, no action is needed. (#4903)

API changes

• Create new API version V15 and finalize API version V14 (#4942)

• The PUT /teams/:tid/features/cells endpoint has changed in API version V14 and requires additional config values. (#4903)

• Add new fields to apps: category, description, creator (#4879)

• Add "get app" endpoint to Brig (GET /teams/:tid/apps/:id) (#4879)

• Add pagination to SCIM groups in Spar /scim/v2/Groups

Features

• Add meetingsPremium feature flag to distinguish premium teams from trial teams. Meetings created by premium team members are marked as non-trial. Public endpoints: GET/PUT /teams/:tid/features/meetingsPremium. Internal endpoints: GET/PUT/PATCH /i/teams/:tid/features/meetingsPremium and lock status management.

  Add meetings feature flag to control access to the meetings API. When disabled, all meetings endpoints return 403 Forbidden. The feature is enabled and unlocked by default. Public endpoints: GET/PUT /teams/:tid/features/meetings. Internal endpoints: GET/PUT/PATCH /i/teams/:tid/features/meetings and lock status management. (#4915)

• New team feature config cellsInternal (#4889, #4907, #4940)

• The cells feature flag now contains a set of additional configuration values (#4903)

• nginx-ingress-services chart: Add support for cert-manager Certificate
  privateKey rotation policy configuration. This allows preserving private
  keys across certificate renewals for client key pinning scenarios.

  Configuration options:

  • tls.privateKey.rotationPolicy - for ingress certificates
  • federator.tls.privateKey.rotationPolicy - for federator certificate

  Setting rotationPolicy to "Never" preserves the private key, enabling
  scenarios where clients pin the server's public key rather than the
  certificate itself. (#4945)

• Allow configuring page size and parallelism for conversation migration to
  PostgreSQL. This can be configured like this:

  background-worker:
    config:
      migrateConversationsOptions:
        pageSize: 10000
        parallelism: 2

  (#4904)

• Introduce new metrics for better tracking of conversation migration to postgresql:

  1. wire_local_convs_migration_failed
  2. wire_user_remote_convs_migration_failed

  If any of these become 1, it means the migration has failed. The logs would
  contain the error. In order to restart the migration, the background-worker must
  be restarted. (#4891)

• Commits with a broken group info are now let through if the group was already broken (#4883)

• When a SAML IdP is created on a multi-ingress domain (implying that
  multi-ingress domains are configured in Spar) the domain is added as domain
  field to that IdP's extraInfo (WireIdP type in Haskell.) To avoid confusion
  in later lookups, at most one IdP can be configured per multi-ingress domain.
  If multi-ingress is not configured or it's not configured for the specific
  domain, no domain field gets added to the IdP. This guards against creating
  multiple IdPs and then assigning them to multi-ingress domains. Thus, users who
  don't use multi-ingress don't observe any change. This feature only opens the
  door to later provide an IdP for a multi-ingress domain. (#4778)

Bug fixes and other updates

• Fixed notification endpoint returning an empty page with hasMore=true (#4871)

• Fix SCIM groups endpoint to only return SCIM-managed groups, not wire-managed groups (#4906)

• Fixed: change user idp, external_id or emails via scim (scim user update / patch failed to update parts of ValidScimId). (#4887)

• Add <?xml version="1.0" encoding="UTF-8"?> to SAML/XML output. (#4898)

• Make Swagger schema instances for GET /search/results and GET /teams/{tid}/search distinct (#4921)

• Fix swagger docs for GET and POST on /conversations/{cnv}/code to show
  that the response will always include the uri field. (#4911)

• Reduce gc_grace_period for all conversation related tables to 1 day. This will
  help restart the postgresql migration after a day, if it fails mid way. Lowering
  it too much runs the risk of offline nodes resurrecting deleted data. (#4899)

• Make underlying users for apps findable from GET /search/contacts (#4920)

• Reject messages in MLS groups while in epoch 0. (#4811)

• Optimize Postgresql queries for getting conversation members (#4896, #4896)

• Since 5.23.23 (5866bab) RabbitMQ settings are
  mandatory for Brig in both, federated and non-federated setups. Unfortunately,
  this wasn't reflected in Brig's Helm chart. So, non-federated deployments were
  failing. (#4886)

Internal changes

• Upgrade nixpkgs and dependencies (icluding GHC from 9.8 to 9.10) (#4909)

• Upgrade ormolu to match GHC 9.10. (#4923)

• Fix postgres migrations on CI test runs (#4931)

• Add mls-users tool to list all active users that don't support MLS. (#4888)

• Add a golden test for IdP (de-) serialization to ensure the format doesn't change due to future developments. (#4927)

• Explain MultiIngressSSO test helper functions a bit better. (#4882)

• Use nix flakes instead of niv and manually pinned git dependencies (#4933)

2025-11-26 (Chart Release 5.24.0)

Release notes

• Background-worker configuration: required values when supplying your own Helm values

  Add the following fields under background-worker:

  • config.federationDomain
  • config.postgresql
  • config.cassandraBrig
  • config.cassandraGalley
  • secrets.pgPassword

  Notes

  • config.cassandra (for gundeck) already exists; no change needed.
  • config.backgroundJobs and config.postgresqlPool have defaults; override only if needed.
  • config.postgresMigration.conversation defaults to postgresql; change only if migrating conversations to PostgreSQL.
  • config.brig and config.gundeck endpoints have in-cluster defaults; override only if your service DNS/ports differ.

  PostgreSQL migration note

  • Conversation migration settings have to be aligned across galley and background-worker.
    See docs/src/developer/reference/config-options.md for the full migration steps and configuration details. (#4797)

• Starting this release, existing deployments can migrate the conversation data to
  PostgreSQL from Cassandra. This is necessary for channel search and management
  of channels from the team-management UI. It is highly recommended to take a
  backup of the Galley Cassandra before triggering the migration.

  The migration needs to happen in 3 steps:

  1. Prepare wire-server for migration.

     This step make sure that wire-server keep working as expected during the
     migration. To do this deploy wire-server with this config change:

     galley:
       config:
         postgresMigration:
           conversation: migration-to-postgresql
     background-worker:
       config:
         migrateConversations: false
         postgresMigration:
           conversation: migration-to-postgresql

     Once set to migration-to-postgresql, do not switch back to cassandra.

     This change should restart all the galley pods, any new conversations will
     now be written to PostgreSQL.

  2. Trigger the migration and wait.

     This step will actually carry out the migration. To do this deploy
     wire-server with this config change:

     background-worker:
       config:
         migrateConversations: true
         postgresMigration:
           conversation: migration-to-postgresql

     This change should restart the background-worker pods. It is recommended to
     watch the logs and wait for both of these two metrics to report 1.0:
     wire_local_convs_migration_finished and wire_user_remote_convs_migration_finished.
     This can take a long time depending on number of conversations in the DB.

  3. Configure wire-server to only use PostgreSQL for conversations.

     This will be the configuration which must be used from now on for every new
     release.

     galley:
       config:
         postgresMigration:
           conversation: postgresql
     background-worker:
       config:
         migrateConversations: false
         postgresMigration:
           conversation: postgresql

  (#4810)

• This release introduces a breaking change in the databases-ephemeral and redis-ephemeral Helm charts.

  The upstream Helm chart used for redis-ephemeral has been replaced to enable an upgrade to Redis 7.4.6 (previously based on the Bitnami chart). As a result, the Redis service hostname has changed from
  {{ .Release.Name }}-master → {{ .Release.Name }}.

  Please update the gundeck.config.redis.host value in the wire-server configuration accordingly.

  The updated Helm chart only supports standalone deployments.

  If you are providing custom values to the databases-ephemeral or redis-ephemeral releases, make sure to review the documentation for redis-ephemeral and its upstream Helm chart to ensure compatibility with this update. (#4845)

API changes

• Change federation-not-implemented error status from 500 to 422. (#4855)

• Create new API version V14 and finalize API version V13 (#4860)

• All events of type conversation.* would also contain a field via which can
  either be "user" or "scim". When the value is "scim", the from and
  qualified_from fields must be ignored. They exist only for backwards
  compatibility. (#4797)

Features

• Allow collaborator permissions to be updated in a team. (#4697)

• Add support for SCIM managed UserGroup deletion. (#4833)

• Add PUT /conversations/:domain/:conv_id/members endpoint to atomically replace conversation members. (#4819,#4838)

• Add users of user groups to a channel in asynchronous background worker job (#4797)

• Add GET /teams/:tid/channels/search endpoint for listing and searching channels (#4821, #4836)

• Support migration of all conversation data to Postgresql. (#4810)

• Get scim groups by id with scim. (#4831)

• Return informative diagnostics on group info mismatch (#4788)

• Add field to mls feature for enabling group info diagnostics per team (#4788)

• Allow configuring postgresql pool paramters. In brig and galley helm charts, the paramters can be configured like this:

  postgresqlPool:
    size: 100
    acquisitionTimeout: 10s
    agingTimeout: 1d
    idlenessTimeout: 10m

  (#4828)

• New metrics on postgres connection pool health. Example:

  $ curl -s http://localhost:8082/i/metrics | grep wire_hasql_pool_session_count
  wire_hasql_pool_session_count 118.0
  

  Grep output for hasql to see all gauges and counters. (#4834)

• Add configurable large_client_header_buffers to nginz helm chart for handling large SAML SSO responses (#4816)

• Return an error when receiving a message or commit bundle for a conversation that is out of sync (#4854)

• Create user groups with SCIM. (#4848)

• Get scim groups by substring of displayName. (#4853)

• Return group members as part of the search result in SCIM groups. (#4859)

• Update / (de-)populate SCIM groups with SCIM. (#4829)

Bug fixes and other updates

• Filter out non-searchable team members in GET /teams/:tid/members (#4826)

• Fixed: team admin attempting to manage a channel received 403 errors when they were also a member of that channel with conversation_role wire_member (#4847)

• The result of GET /teams/:tid/channels/search is now ordered case-insensitively (#4870)

• Make emails visible for team admin under POST /list-users (#4852)

• Fix kubectl image tag in reaper and restund charts to use correct version. v1.32.4 is the last tag of the 1.32 series. (#4827)

• Move searchable field matching from boost to filter part of the Elastic Search query. (This is a non-functional change, it only improves clarity.) (#4849)

• Disable out of sync MLS error on older backends (#4869)

Documentation

• Updated OpenAPI docs for the PUT /conversations/:domain/:id/members endpoint (#4861)

• Add troubleshooting documentation for "414 Request-URI Too Large" errors during SAML SSO login (#4816)

Internal changes

• Move /services/brig/deb/opt/brig/templates => libs/wire-subsystems/templates.

  (because it'll be needed in galley any moment now.) (#4830)

• Fix: Inappropriate 500 errors removed from BrigAPIAccess interpreter (#4865)

• Fix the add-license Makefile target and add missing license headers. (#4851)

• Keep track of out of sync mls groups (#4837)

• Remove unused redis-cluster chart (#4846)

• In the past, we built wire-server with Stack. Now, we’re using Cabal. Some traces of stack were still around in our project setup. These have been removed them to decrease build times and avoid confusion. (#4850)

[2025-10-21] (Chart Release 5.23.0)

Release notes

• Team user search role filter has been fixed and results now include each member's team role. Note: existing search index documents will only show roles after a reindex or when users get updated; newly created or updated users populate their role automatically. (#4728)

• Elasticsearch/OpenSearch mapping updated for team user search to support filtering by unverified email addresses. For the new filter email=verified|unverified on GET /teams/{tid}/search to work as intended, it is necessary to create a new index and re-index the data either by migrating to a new index or by recreating the index.

• Allow storing conversation data in postgres.

  This is currently not the default and is experimental.
  The migration path from Cassandra is yet to be programmed.

  However, new installations can use this by configuring the wire-server helm
  chart like this:

  galley:
    config:
      postgresqlMigration:
        conversation: postgresql

(#4764)

API changes

• Stub endpoints for enterprise provisioning (only in V13) (#4743)

• Finalize API Version V12, start new develop version V13. (#4817)

• The blocked domains feature
  (optSettings.setCustomerExtensions.domainsBlockedForRegistration) is now
  more strict: It is not only forbidden to register users with these domains in
  their email addresses, but also to change a user's email address to one of
  these domains.

  This affects the endpoints:

  • /register (as before)
  • /activate/send
  • /users/{uid}/email
  • /i/self/email (internal endpoint)
  • /access/self/email
  • /i/teams/{tid}/invitations (internal endpoint)
  • /teams/{tid}/invitations (#4624)

Features

• Allow collaborator to be removed from a team. (#4694)

• Add PodDisruptionBudget for Backoffice (#4751)

• Implement user-groups channels association (/user-groups/{gid}/channels). (#4783)

• Implement channels and channelsCount in user-groups endpoints. (#4776)

• Add entreprise-provisioning, a CLI to batch provision various entities, currently, creates and associate channels to existing user-groups. (#4790)

• Brig: Add optional email query parameter to GET /teams/{tid}/search ("browse-team"). (#4774)

• Add feature flag for "simplified user connection requests" QR codes
  (simplifiedUserConnectionRequestQRCode). As it has been implicitly enabled
  before - there was no way to turn it off - it's enabled by default. (#4763)

• Added user group endpoints to nginz config (#4744)

• New endpoint to update the users of a user group (#4768)

• Include total count in user group list/search responses (#4773)

• Allow updates of SCIM users by SCIM even if E2EID is enabled (#4772)

• Add global AssetAuditLog feature flag (#4779)

• cargohold: add asset audit logging (#4782, #4784, #4787)

• Add searchable field to users, users who have it set to false won't be found by the public endpoint.
  Add POST /users/:uid/searchable endpoint where team admin can change it for user.
  Add /teams/:tid/search?searchable=false, where the query parameter makes it return only non-searchable users. (#4786)

• Add user group ids to team member search result (#4809)

• Add endpoint for a team admin to get a new app cookie (#4769)

• Introduce apps and the corresponding creation endpoint POST /teams/:tid/apps. (#4696)

• Add stealthUsers feature flag (#4803)

• Remove user from all user groups on deletion (#4781)

• Add type field to user profiles. The possible values are "regular" for regular users, "bot" for services and "app" for apps. (#4758)

Bug fixes and other updates

• The role filter of the team search is fixed (#4728)

• Changed Swagger data type Pict from {} which is interpreted as string to
  {"type":"object"}. Also, static Swagger specifications of earlier API versions
  have been adapted. (#4785)

• Added nginz rules for missing endpoints (#4808)

Documentation

• add documentation on setting up federated calling (#4796)

• Update multi-ingress deeplink documentation to have a better example (#4807)

Internal changes

• Add a preStopHook to gundeck helm chart to avoid spurious 500s on gundeck restarts. (#4730)

• Add hls.json to .gitignore. It's only useful in specific editor setups. (#4747)

• New make rule and python script for creating /postgres-schema.sql. (not hooked into CI yet) (#4760)

• Add postgres dynamic query builder (#4812)

• charts/{redis-ephemeral,reaper}: switch away from non-working bitnami registry (#4792)

• Update kubectl, restund, redis-cluster, and rabbitmq images to use bitnamilegacy registry (#4791)

• Switch reaper and restund kubectl images to bitnamilegacy registry to ensure shell access compatibility (#4801)

2025-09-02 (Chart Release 5.22.0)

Release notes

• Increase the default of setChallengeTTL from 2 to 7 days in Brig's Helm chart. (#4737)

Features

• Introduce galley.conversation.parent_conv to support shadow conversations. (#4708)

• Add an endpoint to allow team admins to bulk add users to user groups. (#4712)

• Add member count to user group list endpoint. (#4714)

Bug fixes and other updates

• Fix bug in reset logic for one2one conversations (#4735)

Internal changes

• Refactoring of store effects in galley as a prerequisite for the postgres migration (#4732, #4738, #4740)

• Unused UserGroup User events were removed (#4734)

• Update nixpkgs (source of dependencies) to latest of unstable
  channel.
  This has no specific reason other than preventing tech-debt. (#4733)

2025-08-25 (Chart Release 5.21.0)

API changes

• Create new API version V12 and finalize V11 (#4724)

Features

• New team feature config for chat bubbles (#4711)

• New team feature config for apps (#4715)

Internal changes

• Fix race condition during postgres migrations in integration tests (#4723)

• Improve logging on RabbitMQ connection (#4716)

• Add PodDisruptionBudgets to service charts; render only when replicas > 1 (#4720)

• charts/nginz: Make k8s dns resolver service configurable for nginz (#4726)