Merge branch 'feature/PB-38300_52-Publish-production-API-CE' into 'master'

PB-38300 Prepare v4.11.0 production API release

See merge request passbolt/passbolt-ce-api!329

Author: cedricalfonsi

.gitlab-ci/jobs/php_unit_tests/php_73.yml

@@ -59,6 +59,14 @@ php7.3-mariadb10.6:
   extends:
     - .test-template-parallel-scheduled
 
+php7.3-mariadb11.5:
+  variables:
+    PHP_VERSION: "7.3"
+    DATABASE_ENGINE_VERSION: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/mariadb:11.5"
+  extends:
+    - .test-template-parallel-scheduled
+  allow_failure: true
+
 #################
 # PHP 7.3 MySQL #
 #################

.gitlab-ci/jobs/php_unit_tests/php_74.yml

@@ -61,6 +61,14 @@ php7.4-mariadb10.6:
   extends:
     - .test-template-parallel-scheduled
 
+php7.4-mariadb11.5:
+  variables:
+    PHP_VERSION: "7.4"
+    DATABASE_ENGINE_VERSION: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/mariadb:11.5"
+  extends:
+    - .test-template-parallel-scheduled
+  allow_failure: true
+
 #################
 # PHP 7.4 MySQL #
 #################

.gitlab-ci/jobs/php_unit_tests/php_81.yml

@@ -63,6 +63,15 @@ php8.1-mariadb10.6:
   extends:
     - .test-template-parallel
 
+php8.1-mariadb11.5:
+  variables:
+    PHP_VERSION: "8.1"
+    DATABASE_ENGINE_VERSION: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/mariadb:11.5"
+  extends:
+    - .test-template-parallel-scheduled
+  allow_failure: true
+
+
 #################
 # PHP 8.1 MySQL #
 #################

.gitlab-ci/jobs/php_unit_tests/php_82.yml

@@ -56,6 +56,14 @@ php8.2-mariadb10.6:
   extends:
     - .test-template-parallel
 
+php8.2-mariadb11.5:
+  variables:
+    PHP_VERSION: "8.2"
+    DATABASE_ENGINE_VERSION: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/mariadb:11.5"
+  extends:
+    - .test-template-parallel-scheduled
+  allow_failure: true
+
 #################
 # PHP 8.2 MySQL #
 #################

.gitlab-ci/jobs/php_unit_tests/sequential/php_unit_tests.yml

@@ -27,6 +27,35 @@
     - mysql -h $DATASOURCES_DEFAULT_HOST -u root -p$MYSQL_ROOT_PASSWORD -e "ALTER USER '$DATASOURCES_TEST_USERNAME'@'%' identified by '$DATASOURCES_TEST_PASSWORD';" mysql
     - mysql -h $DATASOURCES_DEFAULT_HOST -u root -p$MYSQL_ROOT_PASSWORD -e "GRANT ALL ON *.* to $DATASOURCES_TEST_USERNAME;" mysql
 
+.mariadb-template:
+  services:
+    - name: $DATABASE_ENGINE_VERSION
+      command:
+        - /bin/bash
+        - -c
+        - |
+          mount -t tmpfs -o size=1024m tmpfs /var/lib/mysql
+          docker-entrypoint.sh mariadbd --default-authentication-plugin=mysql_native_password --log-bin-trust-function-creators=1
+  # MySQL services variables
+  variables:
+    MARIADB_USER: user
+    MARIADB_PASSWORD: testing-password
+    MARIADB_ROOT_PASSWORD: testing-password2
+    MARIADB_DATABASE: test
+    DATASOURCES_DEFAULT_DATABASE: non_existing_database # to ensure that all tests run on the test datasource
+    DATASOURCES_DEFAULT_USERNAME: $MARIADB_USER
+    DATASOURCES_DEFAULT_PASSWORD: $MARIADB_PASSWORD
+    DATASOURCES_DEFAULT_HOST: 127.0.0.1
+    DATASOURCES_TEST_DATABASE: $MARIADB_DATABASE
+    DATASOURCES_TEST_USERNAME: $MARIADB_USER
+    DATASOURCES_TEST_PASSWORD: $MARIADB_PASSWORD
+    DATASOURCES_TEST_HOST: 127.0.0.1
+  before_script:
+    - mariadb --version
+    - while ! mariadb-admin -u root -h $DATASOURCES_DEFAULT_HOST -p$MARIADB_ROOT_PASSWORD ping; do sleep 1; done
+    - mariadb -h $DATASOURCES_DEFAULT_HOST -u root -p$MARIADB_ROOT_PASSWORD -e "ALTER USER '$DATASOURCES_TEST_USERNAME'@'%' identified by '$DATASOURCES_TEST_PASSWORD';" mysql
+    - mariadb -h $DATASOURCES_DEFAULT_HOST -u root -p$MARIADB_ROOT_PASSWORD -e "GRANT ALL ON *.* to $DATASOURCES_TEST_USERNAME;" mysql
+
 .postgres-template:
   services:
     - $DATABASE_ENGINE_VERSION # should be DATABASE_ENGINE_VERSION
@@ -273,3 +302,57 @@ seq-php8.3-mariadb10.5:
     - .test-template
   rules:
     - if: "$TEST_DISABLED == null"
+
+
+# Mariadb 11.5 tests
+
+seq-php8.0-mariadb11.5:
+  variables:
+    PHP_VERSION: "8.0"
+    DATABASE_ENGINE_VERSION: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/mariadb:11.5"
+  extends:
+    - .mariadb-template
+    - .test-template
+  rules:
+    - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "master"'
+    - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "develop"'
+    - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "release"'
+  allow_failure: true
+
+seq-php8.1-mariadb11.5:
+  variables:
+    PHP_VERSION: "8.1"
+    DATABASE_ENGINE_VERSION: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/mariadb:11.5"
+  extends:
+    - .mariadb-template
+    - .test-template
+  rules:
+      - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "master"'
+      - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "develop"'
+      - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "release"'
+  allow_failure: true
+
+  # This is what we ship with the docker image as of 14 Nov 2024
+seq-php8.2-mariadb11.5:
+  variables:
+    PHP_VERSION: "8.2"
+    DATABASE_ENGINE_VERSION: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/mariadb:11.5"
+  extends:
+    - .mariadb-template
+    - .test-template
+  rules:
+    - if: "$TEST_DISABLED == null"
+  allow_failure: true
+
+seq-php8.3-mariadb11.5:
+  variables:
+    PHP_VERSION: "8.3"
+    DATABASE_ENGINE_VERSION: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/mariadb:11.5"
+  extends:
+    - .mariadb-template
+    - .test-template
+  rules:
+      - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "master"'
+      - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "develop"'
+      - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "release"'
+  allow_failure: true

CHANGELOG.md

@@ -2,6 +2,182 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## [4.11.0] - 2025-01-30
+### Added
+- PB-35761 As an administrator I receive an email if zero_knowledge_key_share is set to true and a new user completed the setup
+- PB-36558 As an administrator I can mark metadata_keys as expired
+- PB-35986 As an administrator I can share missing metadata private keys for users that needs them
+- PB-35925 As an administrator I can see if users are missing access to metadata keys
+- PB-37069 As an administration I can run a command to share metadata private keys with users that need them
+- PB-37068 As a user I can see if I am missing metadata keys
+- PB-36600 As an administrator I should be notified when an administrator expires a metadata key
+- PB-35418 As an administrator I should receive an email notification when a metadata key is deleted
+- PB-37361 As an administrator I can rotate metadata keys encrypting resources metadata
+- PB-37697 As an administrator I can upgrade resources to v5 format
+- PB-35927 As an administrator I can define an allow_v4_v5_upgrade metadata type settings
+- PB-35923 As an administrator I cannot add a new metadata key if there is only 2 that are active
+- PB-34463 As an administrator I cannot reuse metadata keys as the account recovery key
+- PB-35929 Update edit resource to support allow_v4_v5_upgrade settings
+- PB-35932 Update edit folders to support allow_v4_v5_upgrade settings
+
+### Fixed
+- PB-37719 Fix resource types index controller should not return deleted resource types per default
+- PB-36925 Cast configure usage to avoid fatal type error on missing fullBaseUrl
+- PB-36576 Fix as a user I cannot create or edit a tag with an expired or deleted metadata key
+- PB-37097 Fix prevent to use v5 resource_type_ids if v5 flag is off
+- PB-36930 Fix some email sentences not translated and markers errors in translation
+- PB-37096 Fix healthcheck relying on symfony/process should fail gracefully in case of process run exception (GITHUB #531)
+- PB-36989 Fix namespace composer warnings
+- PB-37343 Fixes postgres dump by adding PGPASSWORD env since .pgpass is not generated on the passbolt installation
+- PB-38026 As an administrator running the cleanup command I should not see issues on soft deleted groups
+- PB-38261 Fix always failing IsNotAccountRecoveryFingerprintRule for metadata keys
+- PB-38262 Fix always failing metadata key creation when zero-knowledge is disabled, and no metadata keys are present
+
+### Security
+- PB-37974 Upgrade CakePHP to v4.5.9
+- PB-38166 Passbolt app router should not fall back on Host header if full-base url is not set
+
+### Maintenance
+- PB-35785 Upgrade psalm/phpstan to latest version as applicable
+- PB-35119 Fix tests failing when full base url is not-https
+- PB-37000 Fix bug of wrong relation for Rbacs to Log.Actions.
+- PB-37072 Fix LatestVersionApplicationHealthcheck test failing due to github not reachable
+- PB-37071 Fix PHPUnit 10 deprecations
+- PB-36237 Fix frequently failing TOTP setup/verify tests
+- PB-38184 Fix synk vulnerability for nesbot/carbon PHP Remote File Inclusion
+
+## [4.11.0-test.3] - 2025-01-30
+### Added
+- PB-35761 As an administrator I receive an email if zero_knowledge_key_share is set to true and a new user completed the setup
+- PB-36558 As an administrator I can mark metadata_keys as expired
+- PB-35986 As an administrator I can share missing metadata private keys for users that needs them
+- PB-35925 As an administrator I can see if users are missing access to metadata keys
+- PB-37069 As an administration I can run a command to share metadata private keys with users that need them
+- PB-37068 As a user I can see if I am missing metadata keys
+- PB-36600 As an administrator I should be notified when an administrator expires a metadata key
+- PB-35418 As an administrator I should receive an email notification when a metadata key is deleted
+- PB-37361 As an administrator I can rotate metadata keys encrypting resources metadata
+- PB-37697 As an administrator I can upgrade resources to v5 format
+- PB-35927 As an administrator I can define an allow_v4_v5_upgrade metadata type settings
+- PB-35923 As an administrator I cannot add a new metadata key if there is only 2 that are active
+- PB-34463 As an administrator I cannot reuse metadata keys as the account recovery key
+- PB-35929 Update edit resource to support allow_v4_v5_upgrade settings
+- PB-35932 Update edit folders to support allow_v4_v5_upgrade settings
+
+### Fixed
+- PB-37719 Fix resource types index controller should not return deleted resource types per default
+- PB-36925 Cast configure usage to avoid fatal type error on missing fullBaseUrl
+- PB-36576 Fix as a user I cannot create or edit a tag with an expired or deleted metadata key
+- PB-37097 Fix prevent to use v5 resource_type_ids if v5 flag is off
+- PB-36930 Fix some email sentences not translated and markers errors in translation
+- PB-37096 Fix healthcheck relying on symfony/process should fail gracefully in case of process run exception
+- PB-36989 Fix namespace composer warnings
+- PB-37343 Fixes postgres dump by adding PGPASSWORD env since .pgpass is not generated on the passbolt installation
+- PB-38026 As an administrator running the cleanup command I should not see issues on soft deleted groups
+- PB-38261 Fix always failing IsNotAccountRecoveryFingerprintRule for metadata keys
+- PB-38262 Fix always failing metadata key creation when zero-knowledge is disabled, and no metadata keys are present
+- PB-38166 Passbolt app router should not fall back on Host header if full-base url is not set
+
+### Security
+- PB-37974 Upgrade CakePHP to v4.5.9
+
+### Maintenance
+- PB-35785 Upgrade psalm/phpstan to latest version as applicable
+- PB-35119 Fix tests failing when full base url is not-https
+- PB-37000 Fix bug of wrong relation for Rbacs to Log.Actions.
+- PB-37072 Fix LatestVersionApplicationHealthcheck test failing due to github not reachable
+- PB-37071 Fix PHPUnit 10 deprecations
+- PB-36237 Fix frequently failing TOTP setup/verify tests
+- PB-38184 Fix synk vulnerability for nesbot/carbon PHP Remote File Inclusion
+
+## [4.11.0-test.2] - 2025-01-29
+### Added
+- PB-35761 As an administrator I receive an email if zero_knowledge_key_share is set to true and a new user completed the setup
+- PB-36558 As an administrator I can mark metadata_keys as expired
+- PB-35986 As an administrator I can share missing metadata private keys for users that needs them
+- PB-35925 As an administrator I can see if users are missing access to metadata keys
+- PB-37069 As an administration I can run a command to share metadata private keys with users that need them
+- PB-37068 As a user I can see if I am missing metadata keys
+- PB-36600 As an administrator I should be notified when an administrator expires a metadata key
+- PB-35418 As an administrator I should receive an email notification when a metadata key is deleted
+- PB-37361 As an administrator I can rotate metadata keys encrypting resources metadata
+- PB-37697 As an administrator I can upgrade resources to v5 format
+- PB-35927 As an administrator I can define an allow_v4_v5_upgrade metadata type settings
+- PB-35923 As an administrator I cannot add a new metadata key if there is only 2 that are active
+- PB-34463 As an administrator I cannot reuse metadata keys as the account recovery key
+- PB-35929 Update edit resource to support allow_v4_v5_upgrade settings
+- PB-35932 Update edit folders to support allow_v4_v5_upgrade settings
+
+### Fixed
+- PB-37719 Fix resource types index controller should not return deleted resource types per default
+- PB-36925 Cast configure usage to avoid fatal type error on missing fullBaseUrl
+- PB-36576 Fix as a user I cannot create or edit a tag with an expired or deleted metadata key
+- PB-37097 Fix prevent to use v5 resource_type_ids if v5 flag is off
+- PB-36930 Fix some email sentences not translated and markers errors in translation
+- PB-37096 Fix healthcheck relying on symfony/process should fail gracefully in case of process run exception
+- PB-36989 Fix namespace composer warnings
+- PB-37343 Fixes postgres dump by adding PGPASSWORD env since .pgpass is not generated on the passbolt installation
+- PB-38026 As an administrator running the cleanup command I should not see issues on soft deleted groups
+- PB-38261 Fix always failing IsNotAccountRecoveryFingerprintRule for metadata keys
+- PB-38262 Fix always failing metadata key creation when zero-knowledge is disabled, and no metadata keys are present
+- PB-38166 Passbolt app router should not fall back on Host header if full-base url is not set
+
+### Security
+- PB-37974 Upgrade CakePHP to v4.5.9
+
+### Maintenance
+- PB-35785 Upgrade psalm/phpstan to latest version as applicable
+- PB-35119 Fix tests failing when full base url is not-https
+- PB-37000 Fix bug of wrong relation for Rbacs to Log.Actions.
+- PB-37072 Fix LatestVersionApplicationHealthcheck test failing due to github not reachable
+- PB-37071 Fix PHPUnit 10 deprecations
+- PB-36237 Fix frequently failing TOTP setup/verify tests
+- PB-38184 Fix synk vulnerability for nesbot/carbon PHP Remote File Inclusion
+
+## [4.11.0-test.1] - 2025-01-29
+### Added
+- PB-35761 As an administrator I receive an email if zero_knowledge_key_share is set to true and a new user completed the setup
+- PB-36558 As an administrator I can mark metadata_keys as expired
+- PB-35986 As an administrator I can share missing metadata private keys for users that needs them
+- PB-35925 As an administrator I can see if users are missing access to metadata keys
+- PB-37069 As an administration I can run a command to share metadata private keys with users that need them
+- PB-37068 As a user I can see if I am missing metadata keys
+- PB-36600 As an administrator I should be notified when an administrator expires a metadata key
+- PB-35418 As an administrator I should receive an email notification when a metadata key is deleted
+- PB-37361 As an administrator I can rotate metadata keys encrypting resources metadata
+- PB-37697 As an administrator I can upgrade resources to v5 format
+- PB-35927 As an administrator I can define an allow_v4_v5_upgrade metadata type settings
+- PB-35923 As an administrator I cannot add a new metadata key if there is only 2 that are active
+- PB-34463 As an administrator I cannot reuse metadata keys as the account recovery key
+- PB-35929 Update edit resource to support allow_v4_v5_upgrade settings
+- PB-35932 Update edit folders to support allow_v4_v5_upgrade settings
+
+### Fixed
+- PB-37719 Fix resource types index controller should not return deleted resource types per default
+- PB-36925 Cast configure usage to avoid fatal type error on missing fullBaseUrl
+- PB-36576 Fix as a user I cannot create or edit a tag with an expired or deleted metadata key
+- PB-37097 Fix prevent to use v5 resource_type_ids if v5 flag is off
+- PB-36930 Fix some email sentences not translated and markers errors in translation
+- PB-37096 Fix healthcheck relying on symfony/process should fail gracefully in case of process run exception
+- PB-36989 Fix namespace composer warnings
+- PB-37343 Fixes postgres dump by adding PGPASSWORD env since .pgpass is not generated on the passbolt installation
+- PB-38026 As an administrator running the cleanup command I should not see issues on soft deleted groups
+- PB-38261 Fix always failing IsNotAccountRecoveryFingerprintRule for metadata keys
+- PB-38262 Fix always failing metadata key creation when zero-knowledge is disabled, and no metadata keys are present
+- PB-38166 Passbolt app router should not fall back on Host header if full-base url is not set
+
+### Security
+- PB-37974 Upgrade CakePHP to v4.5.9
+
+### Maintenance
+- PB-35785 Upgrade psalm/phpstan to latest version as applicable
+- PB-35119 Fix tests failing when full base url is not-https
+- PB-37000 Fix bug of wrong relation for Rbacs to Log.Actions.
+- PB-37072 Fix LatestVersionApplicationHealthcheck test failing due to github not reachable
+- PB-37071 Fix PHPUnit 10 deprecations
+- PB-36237 Fix frequently failing TOTP setup/verify tests
+- PB-38184 Fix synk vulnerability for nesbot/carbon PHP Remote File Inclusion
+
 ## [4.10.1] - 2024-11-26
 ### Fixed
 - PB-37010 Fix v5 resource types should not be returned if v5 flag is disabled