===================== Release Notes for version 2.7.0 ===================== GENERAL: Version 2.7.0 migrates to the new Google messaging API. Upgrade script is provided to migrate from v2.6.0 to v2.7.0. CONFIGURATION FILE: No configuration file changes are introduced with this version. POSTGRESQL DATABASE STRUCTURE: No PostgreSQL database structure changes are introduced with this version. SCYLLADB DATABASE STRUCTURE: No ScyllaDB database structure changes are introduced with this version. DIRECTORY STRUCTURE: No directory structure changes are introduced in this version. CHANGES: - support of the new Google's HTTP v1 API UPGRADE: The following procedure describes upgrade from v2.6.0 to v2.7.0. if you run an older version, be sure to upgrade to v2.6.0 at first. 1. Copy the newest jar file to /home/shadow/shadowserver/ 2. From the Firebase console, download your default service account JSON file of your project. Rename it to service-account.json and place it to /home/shadow/shadowserver/config/ 3. Stop the Shadow service: systemctl stop shadow 4. Download the relevant installer package (installer-16062023.zip) and unzip it. Execute the script named upgrade-2.6.0-to-2.7.0.sh. 5. Start shadow: systemctl start shadow ===================== Release Notes for version 2.6.0 ===================== GENERAL: Version 2.6.0 enables support for cryptocurrency payments. No upgrade script is provided. CONFIGURATION FILE: Configuration file changes are introduced with this version. You have to update your configuration file prior to launching the server. POSTGRESQL DATABASE STRUCTURE: No PostgreSQL database structure changes are introduced with this version. SCYLLADB DATABASE STRUCTURE: No ScyllaDB database structure changes are introduced with this version. DIRECTORY STRUCTURE: No directory structure changes are introduced in this version. CHANGES: - cryptocurrency payments support ===================== Release Notes for version 2.5.0 ===================== GENERAL: Version 2.5.0 introduces support for secure audio/video conferencing and some directory changes. Upgrade script is provided to migrate from v2.4.0 to v2.5.0. CONFIGURATION FILE: Configuration file changes are introduced with this version. You have to update your configuration file prior to launching the server. POSTGRESQL DATABASE STRUCTURE: PostgreSQL database structure changes are introduced with this version. There is no need for manual intervention, database markup is performed as part of the upgrade script. SCYLLADB DATABASE STRUCTURE: ScyllaDB database structure changes are introduced with this version. There is no need for manual intervention, database markup is performed as part of the upgrade script. DIRECTORY STRUCTURE: Directory structure changes are introduced in this version. There is no need for manual intervention, directory rebuild is performed as part of the upgrade script. CHANGES: - support for secure audio/video conferencing through Signal-Calling-Service selective forwarding unit (SFU) which in the signaling plane is placed behind TLS termination point (nginx) - soft-deleted accounts are now removed from directory - possibility to restore a previously deleted account - preliminary support of badges - bug fixes UPGRADE: The following procedure describes upgrade from v2.4.0 to v2.5.0. if you run an older version, be sure to upgrade to v2.4.0 at first. 1. Copy the newest jar file to /home/shadow/shadowserver 2. Stop the Shadow service: systemctl stop shadow 3. Update the shadow.yml configuration file to the latest version. Refer to step 5 below in regard of the serviceConfiguration:sfuUri parameter. Execute java -jar ShadowServer-2.5.0.jar check ./config/shadow.yml to check whether the config file syntax is correct. 4. Download the relevant installer package (installer-17112023.zip) and unzip it. Execute the script named upgrade-2.4.0-to-2.5.0.sh. 5. If you decided to install SFU on the same machine, the SFU certificate will be automatically added to the auxiliary keystore as part of the upgrade script. Likewise, the SFU URL will be automatically inserted to the shadow.yml configuration file. Otherwise you have to do both things manually. 6. Start shadow: systemctl start shadow ===================== Release Notes for version 2.4.0 ===================== GENERAL: Version 2.4.0 introduces support for TURNS and the autonomous Shadow proxy module. Also, starting with v2.4.0 gradual migration of PostgreSQL data to ScyllaDB will take place. Upgrade script is provided to migrate from v2.03 to v2.4.0. CONFIGURATION FILE: Configuration file changes are introduced with this version. You have to update your configuration file prior to launching the server. POSTGRESQL DATABASE STRUCTURE: No PostgreSQL database structure changes are introduced with this version. SCYLLADB DATABASE STRUCTURE: New ScyllaDB tables are introduced with this version. Those tables will be created as part of the upgrade script. DIRECTORY STRUCTURE: No directory structure changes are introduced in this version. CHANGES: - support for TURNS with automatic procurement of ZeroSSL certificate - autonomous Shadow proxy module included as proxy package - a new server command for showing activation key information - new bucket named "service" for auxiliary Minio objects - upgrade script to partially automate the upgrade process included as part of the installer package - dockerfile for reproducible building now included as part of the installer package UPGRADE: The following procedure describes upgrade from v2.03 to v2.4.0. if you run an older version, be sure to upgrade to v2.03 at first. 1. Copy the newest jar file to /home/shadow/shadowserver 2. Stop the Shadow service: systemctl stop shadow 3. Update the shadow.yml configuration file to the latest version. Execute java -jar ShadowServer-2.4.0.jar check ./config/shadow.yml to check whether the config file syntax is correct. 4. Download the relevant installer package (installer-09092023.zip) and unzip it. Execute the script named upgrade.sh. 5. Start shadow: systemctl start shadow ===================== Release Notes for version 2.03 ===================== GENERAL: Version 2.03 introduces zero knowledge group support directly in the Shadow server. CONFIGURATION FILE: Configuration file changes are introduced with this version. You have to update your configuration file prior to launching the server. Pay attention to the serviceConfiguration:storageUri parameter, henceforth it shall be set to the Shadow server URL as accessible from the Internet. POSTGRESQL DATABASE STRUCTURE: No PostgreSQL database structure changes are introduced with this version. SCYLLADB DATABASE STRUCTURE: Two new ScyllaDB tables are introduced with this version. Prior to launching the server, execute the following commands to create those tables in Scylla: java -jar ShadowServer-2.03.jar creategroupdb ./config/shadow.yml java -jar ShadowServer-2.03.jar creategrouplogsdb ./config/shadow.yml DIRECTORY STRUCTURE: No directory structure changes are introduced in this version. CHANGES: - ZK group support - initial support for setting attachment size limits - initial support for controllable updates - improvements of the installer script ===================== Release Notes for version 2.02 ===================== GENERAL: Version 2.02 is a maintenance release. CONFIGURATION FILE: No configuration file changes are introduced with this version. DATABASE STRUCTURE: No database structure changes are introduced with this version. DIRECTORY STRUCTURE: Directory structure changes are introduced in this version. Prior to launching the server, perform directory refresh by executing: java -jar ShadowServer-2.02.jar directory ./config/shadow.yml CHANGES: - fixes and minor improvements ===================== Release Notes for version 2.01 ===================== GENERAL: Version 2.01 enhances server administration UX and also introduces support for newly created user accounts to have usernames previously used in the system. CONFIGURATION FILE: Configuration file changes are introduced with this version. You have to update your configuration file prior to launching the server. DATABASE STRUCTURE: No database structure changes are introduced with this version. DIRECTORY STRUCTURE: Directory structure changes are introduced in this version. Prior to launching the server, perform directory refresh by executing: java -jar ShadowServer-2.01.jar directory ./config/shadow.yml CHANGES: - reworked the way incremental directory updates are generated, which allows to use old usernames when creating new user accounts (e.g. when a previously deleted user needs to be added back to the system). Previously, with hard deletion of accounts introduced in v2.00, this created a cornercase when a client could use the old UUID associated with the username in question - which rendered communication impossible - added a command to generate registration QR codes - removed the command used to generate server certificate hashes - increased flexibility of the account cleaning logic, providing options to disable account cleaning or to use it in logging-only mode - minor cleanup and fixes ===================== Release Notes for version 2.00 ===================== GENERAL: New major version with several significant changes. See the CHANGES section for details. ATTENTION: Migration from v1.13 requires considerable amount of manual intervention. See the MIGRATION section for details. CONFIGURATION FILE: Configuration file changes are introduced with this version. You have to update your configuration file prior to launching the server. POSTGRESQL DATABASE STRUCTURE: accountsdb structure changes are introduced with this version. You have to perform migration of this database prior to launching the server: java -jar ShadowServer-2.00.jar accountdb migrate ./config/shadow.yml No changes of abusedb are introduced with v2.00. messagedb is removed with v2.00. No related action is required. SCYLLADB DATABASE STRUCTURE: In addition to PostgreSQL, v2.00 relies on ScyllaDB for persistent storage. You have to install and tune ScyllaDB on your Shadow server machine. After that, use the following Shadow commands to create message and key tables in Scylla: java -jar ShadowServer-2.00.jar createmessagedb ./config/shadow.yml java -jar ShadowServer-2.00.jar createkeysdb ./config/shadow.yml DIRECTORY STRUCTURE: No directory structure changes are introduced in v2.00. However, directory enhancements require administrator action prior to launching the server. See the MIGRATION section for details. CHANGES: - new activation paradigm wherein there is no more need for activating each Shadow client individually. Instead, a single activation key related to the Shadow server itself has to be placed into the license folder on the server. Currently, the only parameter "activated" is the number of user accounts (active and pending) provisioned on the server. This parameter is completely deindividualized in relation to usernames or client devices - only the total number matters. The old client activation API will still be supported for some time for backward compatibility. IMPORTANT: No activation (hence no key) is required if the number of accounts is three or less - the way the account is removed from the system with the rmuser command is changed. From v2.00 onwards, there is no admin-side "soft deletion"; a removed account is not simply inactivated, but removed from the server completely - active accounts not seen for 365 days are now deleted from the server - Redis is now required to be run in cluster mode - even for single-node installations. Also, certain Redis keyspace notifications must be enabled - ScyllaDB is introduced. It is expected that ScyllaDB will eventually completely replace PostgreSQL for persistent storage; at the moment both are used - each one for its own purpose. - functionality updates and bug fixes - JUnit test fixes MIGRATION: The following procedure describes migration from v1.13 to v2.00. if you run an older version, be sure to upgrade to v1.13 at first. 1. Copy the newest jar file to /home/shadow/shadowserver and adjust permissions if needed: chown shadow /home/shadow/shadowserver/ShadowServer-2.00.jar 2. (Optional, for systems with four or more accounts): Generate the activation token, substituting your domain name: java -jar ShadowServer-2.00.jar token -d your_domain_name Using this token, obtain the activation key from your distributor and place it into your license folder (/home/shadow/shadowserver/license by default) 3. Stop the Shadow service: systemctl stop shadow 4. Query the Directory Version as stored in Redis: redis-cli get DirectoryVersion (type "quit" to exit) Then query the Directory Version as stored in PostgreSQL: su postgres psql \c accountdb; SELECT COALESCE(MAX(directory_version),0) FROM accounts; 5. If the Directory Version value as stored in Redis was LOWER than that in PostgreSQL, update the Directory Version in Redis: redis-cli set DirectoryVersion (substitute the actual value for ) (type "quit" to exit) 6. In redis.conf, enable keyspace notifications: notify-keyspace-events "K$lz" 7. In redis.conf, enable clustering for Redis: cluster-enabled=yes 8. Restart Redis: systemctl restart redis-server 9. Check the Redis cluster health: redis-cli --cluster check (substitute your address and port) 10. If errors are reported, fix the cluster: redis-cli --cluster fix (substitute your address and port) Ensure that the cluster check of this node (refer to step 10 above) reports no more errors. 11. Install ScyllaDB: a) download the installation script from: get.scylladb.com/server b) in the installation script, replace RPM_INSTALL_TOOL="yum" with RPM_INSTALL_TOOL="dnf" c) in case you already run on AlmaLinux, in the installation script replace centos"|"rocky" with "centos"|"rocky"|"almalinux" d) execute the installation script e) in the configuration file /etc/scylla/scylla.yaml ensure the following settings: developer_mode: true authorizer: CassandraAuthorizer authenticator: PasswordAuthenticator alternator_enforce_authorization: true alternator_port: 8083 alternator_write_isolation: always_use_lwt f) enable and start the service: systemctl enable scylla-server systemctl start scylla-server g) create the shadow user and set its password: cqlsh -u cassandra -p cassandra CREATE ROLE shadow WITH PASSWORD = 'set_your_password_here'; SELECT salted_hash from system_auth.roles WHERE role='shadow'; Record the output for further proceedings. If you would like to change the default password of the superuser "cassandra" (highly recommended), execute: ALTER ROLE cassandra WITH PASSWORD = 'new_password_here' (type "quit" to exit) h) restart Scylla: systemctl restart scylla-server 12. Execute: update-alternatives --config java and ensure that Java 11 is selected 13. Update the shadow.yml configuration file to the latest version. Paarmeters messageScyllaDb:accessSecret and keysScyllaDb:accessSecret shall be filled with the salted hash value obtained at the step 11g above. Execute java -jar ShadowServer-2.00.jar check ./config/shadow.yml to check whether the config file syntax is correct. 14. Migrate the accounts database: java -jar ShadowServer-2.00.jar accountdb migrate ./config/shadow.yml 15. Insert the Directory Version value (or the LARGEST of the two, if they differ) into Postgres: update miscellaneous set parameter_value = where parameter = 'directory_version'; (substitute the actual value for ) (type "q", then "exit" to exit) 16. Refresh the directory: java -jar ShadowServer-2.00.jar directory ./config/shadow.yml 17. Create the messages and keys databases: java -jar ShadowServer-2.00.jar createmessagedb ./config/shadow.yml java -jar ShadowServer-2.00.jar createkeysdb ./config/shadow.yml 18. (Optionally - if you run Minio RELEASE.2021-04-22T15-44-28Z or later) Change MINIO_ACCESS_KEY to MINIO_ROOT_USER and MINIO_SECRET_KEY to MINIO_ROOT_PASSWORD in /etc/default/minio_env and in /home/shadow/.bashrc Then restart minio: systemctl restart minio 19. In the /etc/systemd/system/shadow.service file, update the Shadow server version in the ExecStart directive. Then execute: systemctl daemon-reload 20. Start shadow: systemctl start shadow