Commit graph

21946 commits

Author SHA1 Message Date
sabril
d09ab7173e
MM-67498 Bulk migrate batches M13-20 from Enzyme to RTL (#35207)
* test: bulk migrate batches m13-20 from enzyme to rtl

* remove commented test block

---------

Co-authored-by: Mattermost Build <build@mattermost.com>
2026-02-12 08:24:08 +08:00
Doug Lauder
61b7fc1594
MM-66789: Include log viewer (system console) in log root path validation (#35221)
Some checks are pending
API / build (push) Waiting to run
Server CI / Compute Go Version (push) Waiting to run
Server CI / Check mocks (push) Blocked by required conditions
Server CI / Check go mod tidy (push) Blocked by required conditions
Server CI / check-style (push) Blocked by required conditions
Server CI / Check serialization methods for hot structs (push) Blocked by required conditions
Server CI / Vet API (push) Blocked by required conditions
Server CI / Check migration files (push) Blocked by required conditions
Server CI / Generate email templates (push) Blocked by required conditions
Server CI / Check store layers (push) Blocked by required conditions
Server CI / Check mmctl docs (push) Blocked by required conditions
Server CI / Postgres with binary parameters (push) Blocked by required conditions
Server CI / Postgres (push) Blocked by required conditions
Server CI / Postgres (FIPS) (push) Blocked by required conditions
Server CI / Generate Test Coverage (push) Blocked by required conditions
Server CI / Run mmctl tests (push) Blocked by required conditions
Server CI / Run mmctl tests (FIPS) (push) Blocked by required conditions
Server CI / Build mattermost server app (push) Blocked by required conditions
Web App CI / check-lint (push) Waiting to run
Web App CI / check-i18n (push) Blocked by required conditions
Web App CI / check-types (push) Blocked by required conditions
Web App CI / test (platform) (push) Blocked by required conditions
Web App CI / test (mattermost-redux) (push) Blocked by required conditions
Web App CI / test (channels shard 1/4) (push) Blocked by required conditions
Web App CI / test (channels shard 2/4) (push) Blocked by required conditions
Web App CI / test (channels shard 3/4) (push) Blocked by required conditions
Web App CI / test (channels shard 4/4) (push) Blocked by required conditions
Web App CI / upload-coverage (push) Blocked by required conditions
Web App CI / build (push) Blocked by required conditions
* Include log viewer (system console) in log root path validation
* Add informative message to log viewer when no logs are displayed

-----

Co-authored-by: Mattermost Build <build@mattermost.com>
2026-02-11 12:58:58 -05:00
Harrison Healey
6cd2df33ea
MM-67335 Fix export files having mismatched permissions (#35182)
* MM-67335 Fix export files having mismatched permissions

* Update test output when failing
2026-02-11 11:04:58 -05:00
Ben Schumacher
3064b74f81
[MM-64879] Allow System Admins to view and update User AuthData and Username in System Console (#33550)
Co-authored-by: Claude <noreply@anthropic.com>
2026-02-11 16:45:24 +01:00
Harrison Healey
1a4de869b3
MM-67538 Add ability for plugins to load asynchronously (#35238)
Some checks are pending
API / build (push) Waiting to run
Server CI / Compute Go Version (push) Waiting to run
Server CI / Check mocks (push) Blocked by required conditions
Server CI / Check go mod tidy (push) Blocked by required conditions
Server CI / check-style (push) Blocked by required conditions
Server CI / Check serialization methods for hot structs (push) Blocked by required conditions
Server CI / Vet API (push) Blocked by required conditions
Server CI / Check migration files (push) Blocked by required conditions
Server CI / Generate email templates (push) Blocked by required conditions
Server CI / Check store layers (push) Blocked by required conditions
Server CI / Check mmctl docs (push) Blocked by required conditions
Server CI / Postgres with binary parameters (push) Blocked by required conditions
Server CI / Postgres (push) Blocked by required conditions
Server CI / Postgres (FIPS) (push) Blocked by required conditions
Server CI / Generate Test Coverage (push) Blocked by required conditions
Server CI / Run mmctl tests (push) Blocked by required conditions
Server CI / Run mmctl tests (FIPS) (push) Blocked by required conditions
Server CI / Build mattermost server app (push) Blocked by required conditions
Web App CI / check-lint (push) Waiting to run
Web App CI / check-i18n (push) Blocked by required conditions
Web App CI / check-types (push) Blocked by required conditions
Web App CI / test (platform) (push) Blocked by required conditions
Web App CI / test (mattermost-redux) (push) Blocked by required conditions
Web App CI / test (channels shard 1/4) (push) Blocked by required conditions
Web App CI / test (channels shard 2/4) (push) Blocked by required conditions
Web App CI / test (channels shard 3/4) (push) Blocked by required conditions
Web App CI / test (channels shard 4/4) (push) Blocked by required conditions
Web App CI / upload-coverage (push) Blocked by required conditions
Web App CI / build (push) Blocked by required conditions
Automatic Merge
2026-02-11 08:23:28 +02:00
sabril
a711b22717
SEC-9513 feat: e2e tests on master and releases (#35205)
* feat: e2e tests on master and releases

* (for pipelines testing only, will be removed after)

* remove test pipelines
2026-02-11 13:02:25 +08:00
Christopher Poile
1ac14a9dfb
[MM-67140] Added session validation on logout (#34959)
Some checks are pending
API / build (push) Waiting to run
Server CI / Compute Go Version (push) Waiting to run
Server CI / Check mocks (push) Blocked by required conditions
Server CI / Check go mod tidy (push) Blocked by required conditions
Server CI / check-style (push) Blocked by required conditions
Server CI / Check serialization methods for hot structs (push) Blocked by required conditions
Server CI / Vet API (push) Blocked by required conditions
Server CI / Check migration files (push) Blocked by required conditions
Server CI / Generate email templates (push) Blocked by required conditions
Server CI / Check store layers (push) Blocked by required conditions
Server CI / Check mmctl docs (push) Blocked by required conditions
Server CI / Postgres with binary parameters (push) Blocked by required conditions
Server CI / Postgres (push) Blocked by required conditions
Server CI / Postgres (FIPS) (push) Blocked by required conditions
Server CI / Generate Test Coverage (push) Blocked by required conditions
Server CI / Run mmctl tests (push) Blocked by required conditions
Server CI / Run mmctl tests (FIPS) (push) Blocked by required conditions
Server CI / Build mattermost server app (push) Blocked by required conditions
Web App CI / check-lint (push) Waiting to run
Web App CI / check-i18n (push) Blocked by required conditions
Web App CI / check-types (push) Blocked by required conditions
Web App CI / test (platform) (push) Blocked by required conditions
Web App CI / test (mattermost-redux) (push) Blocked by required conditions
Web App CI / test (channels shard 1/4) (push) Blocked by required conditions
Web App CI / test (channels shard 2/4) (push) Blocked by required conditions
Web App CI / test (channels shard 3/4) (push) Blocked by required conditions
Web App CI / test (channels shard 4/4) (push) Blocked by required conditions
Web App CI / upload-coverage (push) Blocked by required conditions
Web App CI / build (push) Blocked by required conditions
* add authentication status to audit log for logouts

* improve audit log testing for other tests

---------

Co-authored-by: Mattermost Build <build@mattermost.com>
2026-02-10 15:12:14 -05:00
Christopher Poile
121b429b8e
[MM-65588] Fix OAuth login with redirect_to URL (#34944)
Co-authored-by: Mattermost Build <build@mattermost.com>
2026-02-10 15:06:28 -05:00
Daniel Espino García
1c7246da68
Autotranslation Frontend integration (#34717)
Some checks are pending
API / build (push) Waiting to run
Server CI / Compute Go Version (push) Waiting to run
Server CI / Check mocks (push) Blocked by required conditions
Server CI / Check go mod tidy (push) Blocked by required conditions
Server CI / check-style (push) Blocked by required conditions
Server CI / Check serialization methods for hot structs (push) Blocked by required conditions
Server CI / Vet API (push) Blocked by required conditions
Server CI / Check migration files (push) Blocked by required conditions
Server CI / Generate email templates (push) Blocked by required conditions
Server CI / Check store layers (push) Blocked by required conditions
Server CI / Check mmctl docs (push) Blocked by required conditions
Server CI / Postgres with binary parameters (push) Blocked by required conditions
Server CI / Postgres (push) Blocked by required conditions
Server CI / Postgres (FIPS) (push) Blocked by required conditions
Server CI / Generate Test Coverage (push) Blocked by required conditions
Server CI / Run mmctl tests (push) Blocked by required conditions
Server CI / Run mmctl tests (FIPS) (push) Blocked by required conditions
Server CI / Build mattermost server app (push) Blocked by required conditions
Web App CI / check-lint (push) Waiting to run
Web App CI / check-i18n (push) Blocked by required conditions
Web App CI / check-types (push) Blocked by required conditions
Web App CI / test (platform) (push) Blocked by required conditions
Web App CI / test (mattermost-redux) (push) Blocked by required conditions
Web App CI / test (channels shard 1/4) (push) Blocked by required conditions
Web App CI / test (channels shard 2/4) (push) Blocked by required conditions
Web App CI / test (channels shard 3/4) (push) Blocked by required conditions
Web App CI / test (channels shard 4/4) (push) Blocked by required conditions
Web App CI / upload-coverage (push) Blocked by required conditions
Web App CI / build (push) Blocked by required conditions
* AutoTranslate config settings

* comment out Agents provider

* Add auto translate timeout config validation

* i18n messages for autotranslation config validation

* fix test

* validate url for libreTranslate

* Feedback review

* Admin Console UI for Auto-Translation

* fix admin console conditional section display

* i18n

* removed unintentional change

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* update admin.general.localization.autoTranslateProviderDescription newline

* fix lint

* Fix types

* UX feedback review

* fix typo in i18n

* Fix AutoTranslation feature flag

* feedback review

* Fix test default values

* feedback review

* re-add isHidden property to feature discovery

* Database Migrations, Indexes and Methods for Auto-Translation

* i18n

* fix retrylayer and storetest

* Fix search query

* fix lint

* remove the request.CTX and modify Translation model

* fix lint and external url

* Add settings to playwright

* Add empty as a valid value for the Provider

* Update jsonb queries

* Fix queries and add model methods

* fix go lint

* go lint fix 2

* fix db migrations

* feedback review + store cache

* increase migration number

* cleanup autotranslation store cache

* use NULL as objectType for posts

* fix bad merge

* fix tests

* add missing i18n

* Active WebSocket Connection User Tracking

* copilot feedback and fix styles

* remove duplicate calls

* remove early return to mitigate timing attacks

* Switch prop bags column to boolean

* fix lint

* fix tests

* Remove database search

* use Builder methods

* review feedback

* AutoTranslation interface with Core Translation Logic

* update timeouts to use short/medium/long translations

* external exports

* add configured languages to autotranslations

* added post prop for detected language

* fix bugs for storing translation and call translation service

* clean up interface

* add translations to GetPost repsonses and in the create post response

* use metadata for translation information and add new column for state of a translation

* change websocket event name

* change metadata to a map

* single in memory queue in the cluster leader

* remove unused definition

* Revert "remove unused definition"

This reverts commit e3e50cef30.

* remove webhub changes

* remove last webhub bit

* tidy up interface

* Frontend integration

* tidy up

* fix api response for translations

* Add Agents provider for auto translations (#34706)

* Add LLM backed autotranslation support

* Remove AU changes

* Remove orphaned tests for deleted GetActiveUserIDsForChannel

The GetActiveUserIDsForChannel function was removed from PlatformService
as part of the autotranslations refactoring, but its tests were left behind
causing linter/vet errors. This removes the orphaned test code:
- BenchmarkGetActiveUserIDsForChannel
- TestGetActiveUserIDsForChannel
- waitForActiveConnections helper

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* Add missing i18n translations and fix linter errors

- Add 17 missing translation strings for autotranslation feature
- Fix shadow variable declarations in post.go and autotranslation.go
- Remove unused autoQueueMaxAge constant
- Remove unused setupWithFastIteration test function
- Use slices.Contains instead of manual loop
- Use maps.Copy instead of manual loop
- Remove empty if branch

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* Fix tests

* Fixes for PR review

* add files

* Update webapp/channels/src/components/admin_console/localization/localization.scss

Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>

* fixes

* Fixes

* Didn't save

* Add a translation

* Fix translations

* Fix shadow err

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>

* tidy up code for review

* add support for editing posts

* i18n-extract

* i18n

* Rename show translations and add util to get message

* Fix get posts, migrations, websockets and configuration styles

* Fix CI

* i18n-extract

* Fix webapp tests

* Address UX feedback

* i18n-extract

* Fix lint

* updated shimmer animation, fixed issue with the width on compact icon buttons

* fix migrations

* fix markdown masking for bold, italics and strikethrough

* Address feedback

* Add missing changes

* Fix and add tests

* Fix circular dependencies

* lint

* lint

* lint and i18n

* Fix lint

* Fix i18n

* Minor changes

* Add check for whether the channel is translated or not for this user

* Fix lint and add missing change

* Fix lint

* Fix test

* Remove uneeded console log

* Fix duplicated code

* Fix small screen show translation modal

* Remove interactions on show translation modal

* Disable auto translation when the language is not supported

* Fix typo

* Fix copy text

* Fix updating autotranslation for normal users

* Fix autotranslate button showing when it shouldn't

* Fix styles

* Fix test

* Fix frontend member related changes

* Revert post improvements and remove duplicated code from bad merge

* Address feedback

* Fix test and i18n

* Fix e2e tests

* Revert lingering change from post improvements

* Fix lint

---------

Co-authored-by: Elias Nahum <nahumhbl@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: BenCookie95 <benkcooke@gmail.com>
Co-authored-by: Nick Misasi <nick.misasi@mattermost.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Matthew Birtch <mattbirtch@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
2026-02-10 17:21:01 +01:00
Christopher Poile
24957f5e22
[MM-63393] Add support for preferred_username claims (#30852)
* rebased all prev commits into one (see commit desc)

add UsePreferredUsername support to gitlab; tests

resort en.json

update an out of date comment

webapp i18n

simplify username logic

new arguments needed in tests

debug statements -- revert

* merge conflicts

* fix i18n

---------

Co-authored-by: Mattermost Build <build@mattermost.com>
2026-02-10 10:10:27 -05:00
Harrison Healey
ecd16ec9ef
MM-67137 Fix references to window in client package (#35195)
* MM-67137 Fix references to window in client package

* Fix Client tests running on compiled code

* Mostly revert changes to limit the chance of accidental changes
2026-02-10 09:41:32 -05:00
Andre Vasconcelos
7d89d327ec
Bumping prepackaged version of GitHub plugin (#35223) 2026-02-10 15:11:09 +02:00
Ben Schumacher
cbc9406815
[MM-67114] Add mmctl license get command (#34878)
Some checks are pending
API / build (push) Waiting to run
Server CI / Compute Go Version (push) Waiting to run
Server CI / Check mocks (push) Blocked by required conditions
Server CI / Check go mod tidy (push) Blocked by required conditions
Server CI / check-style (push) Blocked by required conditions
Server CI / Check serialization methods for hot structs (push) Blocked by required conditions
Server CI / Vet API (push) Blocked by required conditions
Server CI / Check migration files (push) Blocked by required conditions
Server CI / Generate email templates (push) Blocked by required conditions
Server CI / Check store layers (push) Blocked by required conditions
Server CI / Check mmctl docs (push) Blocked by required conditions
Server CI / Postgres with binary parameters (push) Blocked by required conditions
Server CI / Postgres (push) Blocked by required conditions
Server CI / Postgres (FIPS) (push) Blocked by required conditions
Server CI / Generate Test Coverage (push) Blocked by required conditions
Server CI / Run mmctl tests (push) Blocked by required conditions
Server CI / Run mmctl tests (FIPS) (push) Blocked by required conditions
Server CI / Build mattermost server app (push) Blocked by required conditions
Web App CI / check-lint (push) Waiting to run
Web App CI / check-i18n (push) Blocked by required conditions
Web App CI / check-types (push) Blocked by required conditions
Web App CI / test (platform) (push) Blocked by required conditions
Web App CI / test (mattermost-redux) (push) Blocked by required conditions
Web App CI / test (channels shard 1/4) (push) Blocked by required conditions
Web App CI / test (channels shard 2/4) (push) Blocked by required conditions
Web App CI / test (channels shard 3/4) (push) Blocked by required conditions
Web App CI / test (channels shard 4/4) (push) Blocked by required conditions
Web App CI / upload-coverage (push) Blocked by required conditions
Web App CI / build (push) Blocked by required conditions
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-10 08:26:59 +01:00
Ben Schumacher
9e7cd64800
[MM-67502] Sanitize secret plugin settings inside sections (#35214) 2026-02-10 08:24:21 +01:00
Ben Cooke
76b3528c2b
[MM-67231] Etag fixes for autotranslations (#35196)
Some checks are pending
API / build (push) Waiting to run
Server CI / Compute Go Version (push) Waiting to run
Server CI / Check mocks (push) Blocked by required conditions
Server CI / Check go mod tidy (push) Blocked by required conditions
Server CI / check-style (push) Blocked by required conditions
Server CI / Check serialization methods for hot structs (push) Blocked by required conditions
Server CI / Vet API (push) Blocked by required conditions
Server CI / Check migration files (push) Blocked by required conditions
Server CI / Generate email templates (push) Blocked by required conditions
Server CI / Check store layers (push) Blocked by required conditions
Server CI / Check mmctl docs (push) Blocked by required conditions
Server CI / Postgres with binary parameters (push) Blocked by required conditions
Server CI / Postgres (push) Blocked by required conditions
Server CI / Postgres (FIPS) (push) Blocked by required conditions
Server CI / Generate Test Coverage (push) Blocked by required conditions
Server CI / Run mmctl tests (push) Blocked by required conditions
Server CI / Run mmctl tests (FIPS) (push) Blocked by required conditions
Server CI / Build mattermost server app (push) Blocked by required conditions
Web App CI / check-lint (push) Waiting to run
Web App CI / check-i18n (push) Blocked by required conditions
Web App CI / check-types (push) Blocked by required conditions
Web App CI / test (platform) (push) Blocked by required conditions
Web App CI / test (mattermost-redux) (push) Blocked by required conditions
Web App CI / test (channels shard 1/4) (push) Blocked by required conditions
Web App CI / test (channels shard 2/4) (push) Blocked by required conditions
Web App CI / test (channels shard 3/4) (push) Blocked by required conditions
Web App CI / test (channels shard 4/4) (push) Blocked by required conditions
Web App CI / upload-coverage (push) Blocked by required conditions
Web App CI / build (push) Blocked by required conditions
2026-02-09 18:32:26 -05:00
Pablo Vélez
74b5fb066c
MM-67022 - Implement ExpireAt handling for BoR sender to persist countdown (#34796)
* MM-67022 - Implement ExpireAt handling for BoR sender to persist countdown

* enhance read receipt caching, invalidate unread count cache and add GetUnreadCountForPost method

* Use dedicated cache for read receipt unread counts

* fix vet lint

* fix format

* Fix BoR sender countdown after reload in clustered setup

* Fix cache bypass for BoR sender countdown on clustered servers

---------

Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Harshil Sharma <harshilsharma63@gmail.com>
2026-02-09 15:47:27 -05:00
Asaad Mahmood
3a68fb9efc
MM-67430 - Removing artificial spacing from modal (#35173)
* MM-67430 - Removing artificial spacing from modal

* Updating forward post modal

---------

Co-authored-by: Mattermost Build <build@mattermost.com>
2026-02-09 21:48:21 +05:00
Weblate (bot)
bdbe2f1374
Translations update from Mattermost Weblate (#35213)
* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Translation: Mattermost/server
Translate-URL: https://translate.mattermost.com/projects/mattermost/server/

* Translated using Weblate (Italian)

Currently translated at 69.1% (2039 of 2947 strings)

Translation: Mattermost/server
Translate-URL: https://translate.mattermost.com/projects/mattermost/server/it/

* Translated using Weblate (Italian)

Currently translated at 47.2% (3291 of 6966 strings)

Translation: Mattermost/webapp
Translate-URL: https://translate.mattermost.com/projects/mattermost/webapp/it/

* Translated using Weblate (Chinese (Simplified Han script))

Currently translated at 100.0% (2947 of 2947 strings)

Translation: Mattermost/server
Translate-URL: https://translate.mattermost.com/projects/mattermost/server/zh_Hans/

* Translated using Weblate (Chinese (Simplified Han script))

Currently translated at 98.2% (6843 of 6966 strings)

Translation: Mattermost/webapp
Translate-URL: https://translate.mattermost.com/projects/mattermost/webapp/zh_Hans/

* Translated using Weblate (Dutch)

Currently translated at 97.7% (6811 of 6966 strings)

Translation: Mattermost/webapp
Translate-URL: https://translate.mattermost.com/projects/mattermost/webapp/nl/

* Translated using Weblate (Dutch)

Currently translated at 99.0% (2918 of 2947 strings)

Translation: Mattermost/server
Translate-URL: https://translate.mattermost.com/projects/mattermost/server/nl/

* Translated using Weblate (Czech)

Currently translated at 92.3% (2721 of 2947 strings)

Translation: Mattermost/server
Translate-URL: https://translate.mattermost.com/projects/mattermost/server/cs/

* Translated using Weblate (Czech)

Currently translated at 87.8% (6117 of 6966 strings)

Translation: Mattermost/webapp
Translate-URL: https://translate.mattermost.com/projects/mattermost/webapp/cs/

* Translated using Weblate (Norwegian Bokmål)

Currently translated at 78.3% (5459 of 6966 strings)

Translation: Mattermost/webapp
Translate-URL: https://translate.mattermost.com/projects/mattermost/webapp/nb_NO/

* Translated using Weblate (Swedish)

Currently translated at 92.6% (6452 of 6966 strings)

Translation: Mattermost/webapp
Translate-URL: https://translate.mattermost.com/projects/mattermost/webapp/sv/

* Translated using Weblate (Dutch)

Currently translated at 99.8% (2942 of 2947 strings)

Translation: Mattermost/server
Translate-URL: https://translate.mattermost.com/projects/mattermost/server/nl/

* Translated using Weblate (Dutch)

Currently translated at 97.9% (6824 of 6966 strings)

Translation: Mattermost/webapp
Translate-URL: https://translate.mattermost.com/projects/mattermost/webapp/nl/

* Translated using Weblate (German)

Currently translated at 100.0% (2947 of 2947 strings)

Translation: Mattermost/server
Translate-URL: https://translate.mattermost.com/projects/mattermost/server/de/

* Translated using Weblate (German)

Currently translated at 95.1% (6631 of 6966 strings)

Translation: Mattermost/webapp
Translate-URL: https://translate.mattermost.com/projects/mattermost/webapp/de/

* Translated using Weblate (Chinese (Simplified Han script))

Currently translated at 99.1% (6909 of 6966 strings)

Translation: Mattermost/webapp
Translate-URL: https://translate.mattermost.com/projects/mattermost/webapp/zh_Hans/

* Translated using Weblate (Dutch)

Currently translated at 98.3% (6853 of 6966 strings)

Translation: Mattermost/webapp
Translate-URL: https://translate.mattermost.com/projects/mattermost/webapp/nl/

---------

Co-authored-by: thePanz <thepanz@gmail.com>
Co-authored-by: Sharuru <mave@foxmail.com>
Co-authored-by: Tom De Moor <tom@controlaltdieliet.be>
Co-authored-by: Roman belda <roman@romanbelda.cz>
Co-authored-by: Frank Paul Silye <frankps@gmail.com>
Co-authored-by: Kristoffer Grundström <swedishsailfishosuser@tutanota.com>
Co-authored-by: jprusch <rs@schaeferbarthold.de>
2026-02-09 14:31:47 +00:00
Andre Vasconcelos
13a0d63b3c
MM-67372: Improve link preview metadata handling and filtering (#35178)
* MM-67372: Filter SVG images from OpenGraph metadata to prevent DoS

This commit adds server-side filtering of SVG images from OpenGraph
metadata to mitigate a DoS vulnerability where malicious SVG images
in og:image tags can crash Chromium-based browsers and Safari.

Changes:
- Add IsSVGImageURL() helper function in model package to detect SVG URLs
- Filter SVG images in parseOpenGraphMetadata() for regular HTML pages
- Filter SVG images in parseOpenGraphFromOEmbed() for oEmbed responses
- Add defense-in-depth filtering in TruncateOpenGraph() and getImagesForPost()
- Add comprehensive tests for all SVG filtering functionality

SVG detection is based on:
- File extension (.svg, .svgz) - case-insensitive
- MIME type (image/svg+xml)

Reference: https://issues.chromium.org/issues/40057345

* MM-67372: Filter SVG images from cache/DB and direct SVG URLs

This commit addresses remaining attack vectors for the SVG DoS vulnerability:

1. Cache/DB filtering: Apply TruncateOpenGraph when returning OpenGraph
   from cache or database to filter stale data that was stored before
   the initial fix was deployed.

2. Direct SVG URLs: Filter PostImage entries with Format="svg" to prevent
   browser crashes when someone posts a direct link to an SVG file.

3. Embed creation: Skip creating image embeds for SVG images and create
   link embeds instead.

4. New SVG detection: Return nil instead of creating PostImage when
   fetching direct SVG URLs to prevent storing them in the database.

These changes ensure that even environments with pre-existing malicious
link metadata will be protected after a server restart.

* MM-67372: Fix test expectation for SVG image handling

* Removed duplicate logic in favor of already implemented FilterSVGImages in model

* Addressing PR comments

* Replacing exact match comparison with prefix check

* Added new test cases for unit tests
2026-02-09 16:26:14 +02:00
Ibrahim Serdar Acikgoz
b947f1c38a
Add fileSize limit to extractors (#35200) 2026-02-09 15:22:30 +01:00
sabril
bffe406e9f
(chore): upgrade playwright and its dependencies (#35175) 2026-02-09 21:30:07 +08:00
Alejandro García Montoro
139ff4ded2
Fix permissions in GetGroupsByNames (#35119)
The reliance on ViewUsersRestrictions was causing a SQL bug, since the
original query did not join with the Users table. Instead, use
model.GroupSearchOpts to rely on AllowReference, which should be used to
filter the results in all cases, except when the user is a sysadmin (has
the PermissionSysconsoleReadUserManagementGroups permission).

Co-authored-by: Mattermost Build <build@mattermost.com>
2026-02-09 10:13:48 +00:00
David Krauser
892492a0a8
[MM-66836] Add ability to delete orphaned protected fields from uninstalled plugins (#34867)
This change allows admins to delete protected property fields when the source plugin has been uninstalled, providing a cleanup mechanism for orphaned fields. If a field has the protected attribute set to true, but the associated source plugin is not installed, an admin can remove that field from the admin console.
2026-02-06 20:45:27 -05:00
David Krauser
a995682464
[MM-66836] Add UI support for protected and source_only property fields (#34860)
- Disable editing of protected fields in admin console and user profiles
- Show "Managed by: {pluginId}" indicator for protected fields in admin panel
- Disable dot menu button for protected fields in property management table
- Hide source_only fields from all user/profile views (user settings, profile popover, admin user management)
- source_only fields remain visible only in the field management configuration view
- Add i18n messages for protected field indicators
2026-02-06 19:21:25 -05:00
David Krauser
1cfe3d92b6
[MM-66836] Integrate PropertyAccessService into API and app layers (#34818)
Updates all Custom Profile Attribute endpoints and app layer methods to pass caller user IDs through to the PropertyAccessService. This connects the access control service introduced in #34812 to the REST API, Plugin API, and internal app operations.

Also updates the OpenAPI spec to document the new field attributes (protected, source_plugin_id, access_mode) and adds notes about protected field restrictions.
2026-02-06 18:06:51 -05:00
David Krauser
63c3c70fe9
[MM-66836] Add some access control mechanisms with a wrapper around the property service (#34812)
Custom profile attributes (properties) in Mattermost need to support security-critical use cases like Attribute-Based Access Control (ABAC), external identity system synchronization, and privacy-preserving collaboration. Without access controls on these properties, any user or component could modify property fields and values, making them unsuitable for security decisions. Additionally, different properties require different visibility patterns - some need to be publicly readable, some should only be visible to their managing system, and some require privacy-preserving visibility where users can only see shared values.

This change introduces the PropertyAccessService, a wrapper around PropertyService that enforces access control for all property operations. This service is introduced in isolation and is not yet hooked up to the Plugin API, REST API, or app layer. It provides the foundation for a single enforcement point that will apply access restrictions consistently across all code paths once integrated.
2026-02-06 16:21:51 -05:00
David Krauser
9f40d051ee
[MM-66942] Ensure consistent option ID generation across all field creation paths (#34725)
Option IDs are automatically generated for fields in the REST API, but plugins creating fields directly don't get this behavior. This change makes option ID generation consistent by automatically generating IDs for all select/multiselect options, regardless of whether they're created via REST API or plugin code. The option IDs are generated (if necessary) in the store layer right before saving, which is the same place we generate Field IDs if they don't exist.
2026-02-06 16:19:42 -05:00
Daniel Espino García
2bd29c0359
Add the ability to patch channel autotranslations (#35078)
* Add the ability to patch channel autotranslations

* Fix lint

* Update docs

* Fix CI

* Fix CI

* Fix mmctl test

* Check whether the channel is translated for the user when checking user enabled

* Fix wrong uses of patch acrros e2e and frontend

* Fix test

* Fix wording

* Fix tests and column name

* Move group constrained test so they don't mess with the basic entities

* Fix patch sending too much information
2026-02-06 18:19:06 +01:00
Alejandro García Montoro
f6574143a8
Document URL search in Postgres through tests (#35194)
* Document URL search in Postgres through test

* Use the length of the expectedIDs slice

* Simplify creation of posts
2026-02-06 13:25:21 +01:00
Ibrahim Serdar Acikgoz
197fa160b4
[MM-67126] harden checks (#35171) 2026-02-05 21:48:36 +01:00
Ibrahim Serdar Acikgoz
c31fe3f244
invalidate channel cache after deleting a channel access control policy (#35174) 2026-02-05 21:45:11 +01:00
Ben Cooke
9ac02ecfdd
Update translation primary key to include objectType (#35040) 2026-02-05 15:00:08 -05:00
Ibrahim Serdar Acikgoz
22e4e9c171
Improve mmctl output by filtering escape sequences (#35191) 2026-02-05 15:32:35 +01:00
Daniel Espino García
1273632d1a
Add endpoint to update channel member autotranslations (#35072)
* Add endpoint to update channel member autotranslations

* Add several improvements and remove unneeded functions

* Add user id to audit record

* Ensure autotranslation is defined

* Update texts

* Fix merge

* Add new column for channel member autotranslations (#35111)

* Minor renamings

---------

Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Ben Cooke <benkcooke@gmail.com>
2026-02-05 13:43:50 +01:00
Ibrahim Serdar Acikgoz
a06d5065e7
apply view restrcitions while fetching group members (#35172) 2026-02-05 12:45:57 +01:00
Amy Blais
444ada7251
Update en.json (#35160)
Automatic Merge
2026-02-05 09:23:28 +02:00
sabril
5a408b757c
(fix): verified by label and playwright rerun on failed specs (#35161) 2026-02-05 08:48:29 +08:00
Just Nev
4887c501e1
chore: Update zoom version to 1.12.0 (#35167)
Co-authored-by: Nevyana Angelova <nevyangelova@Nevy-Macbook-16-2025.local>
Co-authored-by: Mattermost Build <build@mattermost.com>
2026-02-04 18:03:04 +07:00
Alejandro García Montoro
67226f32a4
Avoid simple config when doing FTS in Postgres (#35063)
This commit reverts PR #30214, which addressed bug MM-60790 but caused a
performance regression tracked by MM-66782.

This revert has two implications:

1. The performance issue is solved.
2. The original bug is re-introduced.

Re-introducing the original bug seems not to be ideal, but I argue that
the original PR did not actually fix the bug:

- Before that PR, looking for a quoted string would return additional
  results: the UX was slightly confusing, because when the user looked
  for the word "stateful", the results would contain matches like
  "states" (see MM-60790).
- After that PR, looking for a quoted string can timeout, so that the
  list of results becomes empty. The UX here may be less confusing,
  since the user simply doesn't find what they're looking for, and they
  may assume that string is not present in any post, but it's completely
  wrong: the result list is empty because the SQL query timed out and
  thus the endpoint returned 0 results.

The solution to the original issue should be addressed via
Elasticsearch, which should provide a more refined and precise search
results.

For more information on the investigation on this issue and the
motivation behind the revert, see
https://mattermost.atlassian.net/wiki/x/IYAk_w

Co-authored-by: Mattermost Build <build@mattermost.com>
2026-02-04 12:02:02 +01:00
unified-ci-app[bot]
030a4e1921
Update latest minor version to 11.5.0 (#35176)
Automatic Merge
2026-02-04 12:23:27 +02:00
sabril
e499decea0
(test): fix flaky and migrate to playwright (#35156) 2026-02-04 12:21:17 +08:00
sabril
51e6431275
MM-67328 Bulk migrate Enzyme to RTL (M2 to M6) (#35068)
* migrate(enzyme): bulk migration to rtl

* updated per suggestion

---------

Co-authored-by: Mattermost Build <build@mattermost.com>
2026-02-04 01:42:48 +00:00
Nick Misasi
0263262ef4
MM-66577 Preserve locale in rewrite prompt (#35013)
Some checks failed
API / build (push) Has been cancelled
Server CI / Compute Go Version (push) Has been cancelled
Web App CI / check-lint (push) Has been cancelled
Server CI / Check mocks (push) Has been cancelled
Server CI / Check go mod tidy (push) Has been cancelled
Server CI / check-style (push) Has been cancelled
Server CI / Check serialization methods for hot structs (push) Has been cancelled
Server CI / Vet API (push) Has been cancelled
Server CI / Check migration files (push) Has been cancelled
Server CI / Generate email templates (push) Has been cancelled
Server CI / Check store layers (push) Has been cancelled
Server CI / Check mmctl docs (push) Has been cancelled
Server CI / Postgres with binary parameters (push) Has been cancelled
Server CI / Postgres (push) Has been cancelled
Server CI / Postgres (FIPS) (push) Has been cancelled
Server CI / Generate Test Coverage (push) Has been cancelled
Server CI / Run mmctl tests (push) Has been cancelled
Server CI / Run mmctl tests (FIPS) (push) Has been cancelled
Server CI / Build mattermost server app (push) Has been cancelled
Web App CI / check-i18n (push) Has been cancelled
Web App CI / check-types (push) Has been cancelled
Web App CI / test (platform) (push) Has been cancelled
Web App CI / test (mattermost-redux) (push) Has been cancelled
Web App CI / test (channels shard 1/4) (push) Has been cancelled
Web App CI / test (channels shard 2/4) (push) Has been cancelled
Web App CI / test (channels shard 3/4) (push) Has been cancelled
Web App CI / test (channels shard 4/4) (push) Has been cancelled
Web App CI / upload-coverage (push) Has been cancelled
Web App CI / build (push) Has been cancelled
* Preserve rewrite locale in prompt

* Add license header to rewrite tests
2026-02-03 11:32:03 -05:00
Nick Misasi
aa5d51131d
Register product icon change (#34883)
* Adjust registerProduct to accept generic icon

* Undo unnecessary changes

* Anotha one

* Fix linting errors in product menu tests

- Fix jsx-quotes to use single quotes instead of double quotes
- Fix react/jsx-max-props-per-line by placing props on separate lines
- Fix react/jsx-no-literals by wrapping literal strings in JSX expression containers
- Fix react/jsx-wrap-multilines by wrapping multiline JSX in parentheses
- Fix react/jsx-closing-bracket-location for proper bracket alignment

* don't use snapshots or enzyme

* Fix pipelines?
2026-02-03 10:45:02 -05:00
Erwan Martin
f3c6602725
Allow building the server on FreeBSD (#25838)
* Allow building the server on FreeBSD

* Fix merge

---------

Co-authored-by: Erwan Martin <erwan@pepper.com>
Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com>
2026-02-03 14:05:16 +00:00
Ben Cooke
36479bd721
Configurable workers and move sweeper job to job infra (#35007)
Some checks are pending
API / build (push) Waiting to run
Server CI / Compute Go Version (push) Waiting to run
Server CI / Check mocks (push) Blocked by required conditions
Server CI / Check go mod tidy (push) Blocked by required conditions
Server CI / check-style (push) Blocked by required conditions
Server CI / Check serialization methods for hot structs (push) Blocked by required conditions
Server CI / Vet API (push) Blocked by required conditions
Server CI / Check migration files (push) Blocked by required conditions
Server CI / Generate email templates (push) Blocked by required conditions
Server CI / Check store layers (push) Blocked by required conditions
Server CI / Check mmctl docs (push) Blocked by required conditions
Server CI / Postgres with binary parameters (push) Blocked by required conditions
Server CI / Postgres (push) Blocked by required conditions
Server CI / Postgres (FIPS) (push) Blocked by required conditions
Server CI / Generate Test Coverage (push) Blocked by required conditions
Server CI / Run mmctl tests (push) Blocked by required conditions
Server CI / Run mmctl tests (FIPS) (push) Blocked by required conditions
Server CI / Build mattermost server app (push) Blocked by required conditions
Web App CI / check-lint (push) Waiting to run
Web App CI / check-i18n (push) Blocked by required conditions
Web App CI / check-types (push) Blocked by required conditions
Web App CI / test (platform) (push) Blocked by required conditions
Web App CI / test (mattermost-redux) (push) Blocked by required conditions
Web App CI / test (channels shard 1/4) (push) Blocked by required conditions
Web App CI / test (channels shard 2/4) (push) Blocked by required conditions
Web App CI / test (channels shard 3/4) (push) Blocked by required conditions
Web App CI / test (channels shard 4/4) (push) Blocked by required conditions
Web App CI / upload-coverage (push) Blocked by required conditions
Web App CI / build (push) Blocked by required conditions
2026-02-02 15:52:42 -05:00
Matthew Birtch
95ba2db4f0
[MM-66862] Channel Info RHS: add ability to rename and open channel settings (#34708)
* Channel Info RHS: add rename-from-info and settings access

Add channel name editable area with pencil hover and wire to a lightweight Rename Channel modal; add Channel Settings item to RHS menu with permission checks; ensure navigation after rename uses relative path to avoid 404.

* linter changes

* add padding so field labels don't get cut off

* fixes for keyboard accessibility and tooltips

* don't show channel settings for DMs and GMs

* chore(i18n): run extract to reorder new keys and fix CI

Re-extracted webapp i18n to place newly added keys (editable tooltips and rename modal) in canonical order expected by translation tooling.

* use generic_btn.cancel/save for rename modal buttons

* chore(i18n): remove unused rename_channel.cancel/save keys

* updated tests to account for new elements in the info rhs

* add cypress test for new rhs info function

* fix linting issues

* fixed tests

* linter fixes

* tweak position of edit button

* style tweaks, remove subtitle from info rhs head (redundant now), update archived state

* added 'unarchive' button to archived notice, updated translations

* fixed tests that I broke in channel info header

* add url name to channel info view

* update to 'channel handle' instead of url name'

* change order of channel handle

* add copy button

* Update about_area_channel.test.tsx

* fixed test and brought back channel subtitle in header for consistency

* fixed header test

* make channel info rhs scrollable

* fix merge issue

* Fix lint

---------

Co-authored-by: yasserfaraazkhan <attitude3cena.yf@gmail.com>
2026-02-02 17:34:32 +00:00
Harrison Healey
4049300129
Change moduleResolution to bundler for web app (#35081)
This tells the TypeScript compiler (only used for type checking in the web app)
to use the `imports` and `exports` field of a package's `package.json` to find
modules. Those fields are standard in newer versions of Node.js, and hopefully
supporting them means that we'll have to do less work to configure tooling in
the future.

We could also get similar behaviour by using the `nodenext` option, but that
adds some additional requirements to include file extensions which ES Modules
technically require, but I don't think we need to enforce because other tooling
doesn't require them.

I wanted to make that change in all of the subpackages as well, but we can't do
that without having TypeScript output ES Modules which, unless we change their
build processes to generate multiple formats (like the shared package in
client package, or the types package which is more than I want to do at the
moment.

The changes to other files are either because they incorrectly imported types
from a file that isn't intentionally exposed by the plugin or it's because we
had a typo in a file path.
2026-02-02 12:08:04 -05:00
Weblate (bot)
6f9b6f3364
Translations update from Mattermost Weblate (#35159)
Some checks are pending
API / build (push) Waiting to run
Server CI / Compute Go Version (push) Waiting to run
Server CI / Check mocks (push) Blocked by required conditions
Server CI / Check go mod tidy (push) Blocked by required conditions
Server CI / check-style (push) Blocked by required conditions
Server CI / Check serialization methods for hot structs (push) Blocked by required conditions
Server CI / Vet API (push) Blocked by required conditions
Server CI / Check migration files (push) Blocked by required conditions
Server CI / Generate email templates (push) Blocked by required conditions
Server CI / Check store layers (push) Blocked by required conditions
Server CI / Check mmctl docs (push) Blocked by required conditions
Server CI / Postgres with binary parameters (push) Blocked by required conditions
Server CI / Postgres (push) Blocked by required conditions
Server CI / Postgres (FIPS) (push) Blocked by required conditions
Server CI / Generate Test Coverage (push) Blocked by required conditions
Server CI / Run mmctl tests (push) Blocked by required conditions
Server CI / Run mmctl tests (FIPS) (push) Blocked by required conditions
Server CI / Build mattermost server app (push) Blocked by required conditions
Web App CI / check-lint (push) Waiting to run
Web App CI / check-i18n (push) Blocked by required conditions
Web App CI / check-types (push) Blocked by required conditions
Web App CI / test (platform) (push) Blocked by required conditions
Web App CI / test (mattermost-redux) (push) Blocked by required conditions
Web App CI / test (channels shard 1/4) (push) Blocked by required conditions
Web App CI / test (channels shard 2/4) (push) Blocked by required conditions
Web App CI / test (channels shard 3/4) (push) Blocked by required conditions
Web App CI / test (channels shard 4/4) (push) Blocked by required conditions
Web App CI / upload-coverage (push) Blocked by required conditions
Web App CI / build (push) Blocked by required conditions
* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Translation: Mattermost/server
Translate-URL: https://translate.mattermost.com/projects/mattermost/server/

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Translation: Mattermost/webapp
Translate-URL: https://translate.mattermost.com/projects/mattermost/webapp/

* Translated using Weblate (Polish)

Currently translated at 99.0% (2924 of 2951 strings)

Translation: Mattermost/server
Translate-URL: https://translate.mattermost.com/projects/mattermost/server/pl/

* Translated using Weblate (Norwegian Bokmål)

Currently translated at 78.3% (5457 of 6963 strings)

Translation: Mattermost/webapp
Translate-URL: https://translate.mattermost.com/projects/mattermost/webapp/nb_NO/

* Translated using Weblate (Polish)

Currently translated at 95.2% (6630 of 6963 strings)

Translation: Mattermost/webapp
Translate-URL: https://translate.mattermost.com/projects/mattermost/webapp/pl/

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Translation: Mattermost/server
Translate-URL: https://translate.mattermost.com/projects/mattermost/server/

---------

Co-authored-by: master7 <marcin.karkosz@rajska.info>
Co-authored-by: Frank Paul Silye <frankps@gmail.com>
2026-02-02 14:04:07 +00:00
Jesse Hallam
70a50edcf2
[MM-67021] Fix 500 errors on check-cws-connection in non-Cloud environments (#34786)
* Fix 500 errors on check-cws-connection in non-Cloud environments

The check-cws-connection endpoint was returning 500 errors in
self-hosted enterprise environments because:

1. The client only checked BuildEnterpriseReady before making the
   request, which is true for all enterprise builds
2. The server handler didn't check for a Cloud license before
   attempting to connect to CWS
3. The CWS URL is not configured in non-Cloud environments, causing
   the connection check to fail

This fix:
- Server: Add IsCloud() license check to match other cloud endpoints,
  returning 403 instead of 500 for non-Cloud licenses
- Client: Add Cloud license check to skip the request entirely in
  non-Cloud environments

* Add unit tests for check-cws-connection license check

* Return JSON status from check-cws-connection endpoint

Change the check-cws-connection endpoint to return 200 with a JSON body
containing status (available/unavailable) instead of using HTTP error
codes. This allows the endpoint to be used for air-gap detection on
self-hosted instances, not just Cloud deployments.

* i18n

---------

Co-authored-by: Mattermost Build <build@mattermost.com>
2026-02-02 13:41:14 +00:00