Release Notes v2.173

Release Date: June 17, 2026

Overview

UCM v2.173 reworks how SSO accounts are identified and overhauls the Backups page. It supersedes the v2.172 SSO behaviour: instead of refusing an SSO login whose email already exists, UCM now identifies SSO accounts by the identity provider's stable identifier and lets local and SSO accounts coexist.

Changed

SSO identity by stable identifier (#136, #138)

SSO accounts are now matched on the IdP's immutable identifier, never on email or username:

OIDC → the sub claim
SAML → the persistent NameID (transient NameIDs are ignored)
LDAP → entryUUID / objectGUID — configurable per provider via Stable ID attribute, auto-detected by default, falling back to the DN

The identifier is bound to the account on first login, so a user is recognised across username and email changes in the directory, and the email is never used as an authentication key (removing the "account pre-hijacking" risk).

Consequences:

An SSO login whose email also belongs to a local account now provisions a separate SSO account — no Internal Server Error, no forced reconciliation. Email is unique only among local accounts.
An administrator can still merge a person's local and SSO accounts via Users → Link to SSO; linking no longer renames the local username, and the next matching login is adopted by email (then bound to the stable id). Unlink SSO reverts to a local account.

See SSO Authentication → Identity matching & shared emails. Migration 045.

Backups page

The Available Backups list is paginated, searchable and sortable, with multi-select bulk delete.
A summary header shows backup count, total size and free disk (with a warning when disk usage is high).
Retention is always visible (no longer hidden behind the automatic-backup toggle) and a Clean up now action applies it on demand.

Fixed

Backups could fill the disk — pre-migration database snapshots are capped to the most recent few, and backup retention now runs as its own daily scheduled task (previously it only ran after a scheduled backup, so manual backups accumulated indefinitely).

Upgrade Notes

No action required. Migrations run automatically at startup and are dual-backend (SQLite + PostgreSQL).
Existing SSO accounts are bound to their stable identifier on their next login. Existing local↔SSO email collisions can be reconciled at any time with Link to SSO (optional).

Validation

Verified end-to-end against real identity providers (LDAP, OIDC and SAML) and smoke-tested on the Debian/RPM packages and the Docker image (SQLite and PostgreSQL).

Release Notes v2.173

Release Notes v2.173

Overview

Changed

SSO identity by stable identifier (#136, #138)

Backups page

Fixed

Upgrade Notes

Validation

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!