chore: update changelog

Author: owncloud-calens-bot[bot]

CHANGELOG.md

@@ -38,6 +38,11 @@ ownCloud admins and users.
 
 ## Summary
 
+* Bugfix - Fix htaccess RewriteBase rules blocking API requests by file extension: [#41418](https://github.com/owncloud/core/issues/41418)
+* Bugfix - Fix subadmin email change updating caller's address instead of target's: [#41574](https://github.com/owncloud/core/pull/41574)
+* Bugfix - Adjust code to avoid PHP8 messages: [#41597](https://github.com/owncloud/core/pull/41597)
+* Bugfix - Support federation between systems in subdirectories: [#41599](https://github.com/owncloud/core/pull/41599)
+* Bugfix - Fix JS test isolation bugs exposed by Jasmine 5 random test ordering: [#41616](https://github.com/owncloud/core/pull/41616)
 * Change - Update M$ Office icons: [#41347](https://github.com/owncloud/core/pull/41347)
 * Change - No longer store auto loader information in any memory cache: [#41376](https://github.com/owncloud/core/pull/41376)
 * Change - Update PHP dependencies: [#41450](https://github.com/owncloud/core/pull/41450)
@@ -47,6 +52,60 @@ ownCloud admins and users.
 
 ## Details
 
+* Bugfix - Fix htaccess RewriteBase rules blocking API requests by file extension: [#41418](https://github.com/owncloud/core/issues/41418)
+
+   Files whose names end in extensions like .jpg, .png, .svg, .json and others
+   could not be marked as favorites or have their tags updated via the files API
+   when htaccess.RewriteBase was configured. The .htaccess rules generated by `occ
+   maintenance:update:htaccess` used a URI extension check to skip routing through
+   index.php, which inadvertently blocked API requests to paths like
+   `/apps/files/api/v1/files/photo.jpg`, returning 405 Method Not Allowed.
+
+   The fix replaces the extension-based condition with `RewriteCond
+   %{REQUEST_FILENAME} !-f`, which correctly routes virtual API paths through
+   index.php while still serving actual static files directly.
+
+   https://github.com/owncloud/core/issues/41418
+
+* Bugfix - Fix subadmin email change updating caller's address instead of target's: [#41574](https://github.com/owncloud/core/pull/41574)
+
+   The verification token and confirmation link in the subadmin path of
+   setMailAddress were associated with the caller's account instead of the target
+   user's account. Clicking the confirmation link changed the subadmin's email
+   rather than the intended target's email.
+
+   https://github.com/owncloud/core/pull/41574
+
+* Bugfix - Adjust code to avoid PHP8 messages: [#41597](https://github.com/owncloud/core/pull/41597)
+
+   Avoid trying to access array offset on false in the encryption storage wrapper.
+
+   Handle passing null to normalizeUrl in the federation DbHandler.
+
+   https://github.com/owncloud/core/pull/41597
+
+* Bugfix - Support federation between systems in subdirectories: [#41599](https://github.com/owncloud/core/pull/41599)
+
+   If a federated server was installed in a subdirectory like:
+
+   Mydomain.com/cloud
+
+   Then checks to see that the server is up and responding would fail. This problem
+   has been corrected.
+
+   https://github.com/owncloud/core/pull/41599
+
+* Bugfix - Fix JS test isolation bugs exposed by Jasmine 5 random test ordering: [#41616](https://github.com/owncloud/core/pull/41616)
+
+   Several JS test specs left shared singleton state dirty between tests, causing
+   intermittent failures when Jasmine 5 ran tests in random order. Fixed
+   OC._currentMenu leak in fileactionsmenuSpec, stale OCA.Files.fileActions
+   reference causing infinite recursion in files_sharing/appSpec, and stale models
+   in the OC.SystemTags.collection singleton in systemtagsinfoviewSpec and
+   systemtagsinputfieldSpec.
+
+   https://github.com/owncloud/core/pull/41616
+
 * Change - Update M$ Office icons: [#41347](https://github.com/owncloud/core/pull/41347)
 
    Icons have been updated according to the M$ cloud storage partner program
@@ -67,35 +126,50 @@ ownCloud admins and users.
 
    * google/apiclient (v2.19.0 to v2.19.3)
 
-   * google/apiclient-services (v0.435.0 to v0.441.1)
+   * google/apiclient-services (v0.435.0 to v0.444.0)
 
-   * google/auth (v1.50.0 to v1.50.1)
+   * google/auth (v1.50.0 to v1.51.0)
 
    * guzzlehttp/psr7 (2.8.0 to 2.10.4)
 
-   * guzzlehttp/guzzle (7.10.0 to 7.11.0)
+   * guzzlehttp/guzzle (7.10.0 to 7.11.1)
 
    * guzzlehttp/promises (2.3.0 to 2.4.1)
 
    * laravel/serializable-closure (v2.0.10 to v2.0.13)
 
-   * phpseclib/phpseclib (3.0.49 to 3.0.50)
+   * phpseclib/phpseclib (3.0.49 to 3.0.53)
 
    * pimple/pimple (3.6.1 to 3.6.2)
 
+   * sabre/event (5.1.7 to 5.1.8)
+
    * sabre/vobject (4.5.8 to 4.6.0)
 
-   * symfony/deprecation-contracts (v3.6.0 to v3.7.0)
+   * symfony/console (v7.4.7 to v7.4.13)
 
    * symfony/mailer (v7.4.6 to v7.4.12)
 
+   * symfony/process (v7.4.5 to v7.4.13)
+
+   * symfony/routing (v7.4.6 to v7.4.13)
+
+   * symfony/string (v7.4.6 to v7.4.13)
+
+   * symfony/translation (v7.4.6 to v7.4.10)
+
+   * symfony/deprecation-contracts (v3.6.0 to v3.7.0)
+
+   * symfony/translation-contracts (v3.6.1 to v3.7.0)
+
    https://github.com/owncloud/core/pull/41450
    https://github.com/owncloud/core/pull/41477
    https://github.com/owncloud/core/pull/41495
    https://github.com/owncloud/core/pull/41561
    https://github.com/owncloud/core/pull/41564
    https://github.com/owncloud/core/pull/41569
    https://github.com/owncloud/core/pull/41590
+   https://github.com/owncloud/core/pull/41613
 
 * Change - Drop command db:convert-type: [#41451](https://github.com/owncloud/core/pull/41451)