Skip to content

v8.0.5

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 19 Jun 10:06
· 394 commits to master since this release
v8.0.5
This tag was signed with the committer’s verified signature.
kobergj
GPG key ID: CF6CB8F549FB246B
Verified
Learn about vigilant mode.
70713c0
This commit was signed with the committer’s verified signature.
kobergj
GPG key ID: CF6CB8F549FB246B
Verified
Learn about vigilant mode.

Table of Contents

Changes in 8.0.5

Summary

  • Security - Bump Go to 1.25.11: #12446
  • Security - Upgrade libvips to 8.18.3: #12446
  • Bugfix - Education user delete no longer 404s and leaves the LDAP entry behind: #12395
  • Bugfix - Recover from permanently-closed NATS connections in the nats-js-kv store: #12401

Details

  • Security - Bump Go to 1.25.11: #12446

    Fixes CVE-2026-42504, a stdlib MIME header decoding vulnerability flagged by the
    release image scan.

    #12446

  • Security - Upgrade libvips to 8.18.3: #12446

    Bumped libvips to 8.18.3 in all Docker images. The previous pin (8.18.2-r0) was
    dropped from the Alpine edge/community repository, which broke the image build.

    #12446

  • Bugfix - Education user delete no longer 404s and leaves the LDAP entry behind: #12395

    DELETE /graph/v1.0/education/users/{id} previously returned a 404 without
    removing the user. The education user delete handler used user.GetExternalID()
    for the backend DELETE, while the regular /users handler and the pre-v8.0 code
    path used user.GetId(). With the default RequireExternalID=false, the LDAP
    backend looked up the user by name-or-UUID, so the externalID never matched, the
    LDAP entry was never removed, and the response was a 404. This is now fixed.

    #12395

  • Bugfix - Recover from permanently-closed NATS connections in the nats-js-kv store: #12401

    The nats-js-kv go-micro store plugin's hasConn() only checked whether the
    connection object was non-nil, not whether it was still alive. Once the
    underlying NATS client exhausted its reconnect attempts (e.g. a NATS pod restart
    longer than the client's reconnect window), the connection stayed non-nil but
    permanently closed. Because connection initialization is gated on !hasConn(),
    it never re-ran, so every subsequent KV operation failed with nats: connection closed until the affected pod was restarted.

    This surfaced as several user-visible failures backed by the NATS KV cache, e.g.
    all spaces becoming invisible (storage-users ListStorageSpaces) and download
    failures from missing signing keys (ocs).

    The store plugin now treats a closed connection as no connection, so the next
    operation transparently re-initializes it.

    #12401

Assets 16
Loading