This is how we imagine you and your admin. Photo by Mayur Gala on Unsplash

Security is good y’all. Stackspin offers optional 2-factor authentication for all users, which is great. Some of our partners prefer having mandatory 2FA for increased security, and we made it happen. But then we thought “what if a user loses their key?” so we made it easier for admins to reset the 2FA of their users directly from the UI. And if you’re rocking mandatory 2FA, your users will have to set up a new authentication on their next login. There’s nothing like a warm, trustful relationship between an admin and their users.

We updated our Zulip to the latest 7.4 version with lots of really useful updates and a refreshed UI. We really like where Zulip is going, and we’re happy we chose them as our chat app of choice. Their commitment to open source, combined with a serious attention to UX detail, is a rare combination. How are you liking their threaded topics?

And last big thing: we squashed a bug that would sometimes cause an infinite loop on login which, you know, not great. We like our users logged in because that’s how they get to their things.

Release notes

For the full list of changes in this release, check the changelog.

Apps

  • Upgrade to Zulip 7.

Features

  • Make it possible to make 2FA mandatory.
  • Add a button to the Stackspin dashboard for admin users to reset 2FA of users. Also improve UX of this and other dangerous operations in the user edit screen.
  • We implemented a Prometheus alert to warn when disk space falls under a threshold (20%).

Fixes

  • Fix double user accounts in Hedgedoc. Because of an OIDC misconfiguration — and an unhelpful default setting in Hedgedoc — we accidentally used the Stackspin username as user identifier for Hedgedoc. This is now rectified by switching to a stable identifier, and implementing a migration script that automatically repairs any double user accounts that may have been created in Hedgedoc.
  • Disable Nextcloud bulk upload, to prevent failures with the desktop client.
  • Fix some security and setup warnings in Nextcloud.
  • Increase memory limits for Velero, to allow backing up larger (Nextcloud) data sets.
  • Fix the SSO logout process to include hydra post-logout. This should prevent various issues we’ve seen when logging in as multiple users on the same device.
  • Do not show link to start account recovery on the 2FA (TOTP) form.
  • Fix css of the sign-up page (demo instance only).

Documentation

  • Document how to uninstall an app from Stackspin.

Updates

  • Update dependency nextcloud/polls to v5.4.1
  • Update helm release cert-manager to v1.13.2
  • Update helm release system-upgrade-controller to v0.3.1
  • Update dependency onlyoffice/onlyoffice-nextcloud to v8.2.4
  • Update helm release ingress-nginx to v4.8.3
  • Update dependency kubernetes to v28
  • Update helm release velero to v4.4.1
  • Update helm release metallb to v4.7.11
  • Update helm release ingress-nginx to v4.8.2
  • Update dependency nextcloud-releases/groupfolders to v15.3.1
  • Update dependency ansible to v8.5.0
  • Update dependency nextcloud-releases/contacts to v5.4.2
  • Update dependency nextcloud-releases/calendar to v4.5.2
  • Update helm release kratos to v0.36.0
    • This upgrades to kratos 1.0.
  • Update Nextcloud’s rabbitmq to v12.2.0.
  • Upgrade the python version used in the dashboard backend to 3.12.