Skip to content

v8.0.6

Latest

Choose a tag to compare

@github-actions github-actions released this 17 Jul 09:08
v8.0.6
5344650

Table of Contents

Changes in 8.0.6

Summary

  • Security - Upgrade libvips to 8.18.4: #12596
  • Security - Upgrade Go to 1.25.12: #12602
  • Enhancement - Allow disabling the last sign-in timestamp update: #12522

Details

  • Security - Upgrade libvips to 8.18.4: #12596

    Bumped libvips to 8.18.4 in all Docker images. The previous pin (8.18.3-r0) was
    dropped from the Alpine edge/community repository, which broke the image build.

    #12596

  • Security - Upgrade Go to 1.25.12: #12602

    Bumped the Go toolchain used to build the release binaries and Docker images
    from 1.25.11 to 1.25.12. Go 1.25.11 is affected by CVE-2026-39822 (os.Root
    symlink following allows directory traversal), which is fixed in 1.25.12 and was
    blocking the release image security scan.

    #12602

  • Enhancement - Allow disabling the last sign-in timestamp update: #12522

    The graph service maintains the 'oCLastSignInTimestamp' LDAP attribute of a user
    on every sign-in (when the LDAP identity backend has write access). This can
    cause a significant amount of LDAP write load, especially when the proxy's OIDC
    userinfo cache has a short TTL and sign-in events are emitted frequently.

    A new setting 'OCIS_LDAP_UPDATE_LAST_SIGNIN_DATE' /
    'GRAPH_LDAP_UPDATE_LAST_SIGNIN_DATE' (default 'true') allows disabling the
    update of the last sign-in timestamp without having to disable all LDAP writes
    ('OCIS_LDAP_SERVER_WRITE_ENABLED') or the graph events consumer. When set to
    'false' the graph service no longer listens for 'UserSignedIn' events and does
    not write the 'oCLastSignInTimestamp' attribute.

    #9942
    #12522