v2.9 🐍

Breaking changes ⚠

• Rework Tobira permission roles: remove "Tobira moderator", add "Tobira admin", add granular roles in #1137
  • You have to adjust your auth integration to give the appropriate new roles to your privileged users. In the easiest case you just have to replace ROLE_TOBIRA_MODERATOR with ROLE_TOBIRA_ADMIN. But please see the PR or the documentation for more information.
• Improve logging: switch to tracing & make filters more powerful in #1145
  • This is only a configuration-breaking-change. The log.level config value is replaced by log.filters. To get the previous behavior, just replace level = "$yourLevel" in config.toml with filters.tobira = "$yourLevel".

User-facing changes

• Add quality selector for progressive download videos in #1143
• Add series to search results in #1144
• Adjust paella progress bar color in #1149
• Adjust spacing of forwards and backwards button text in #1150
• Use new Paella icons and proper translations in #1162

Changes primarily for developers

• Dependency updates (only patch versions)
• Adjust sync code for series metadata in #1160

Changes primarily for developers

• Add basic search filters (experimental) in #1080
• Update loadtest utility with new GraphQL requests in #1142
• Add "danger zone" UI tests in #1151

Full Changelog: v2.8...v2.9

v2.8 🐻‍❄️

🟢 There are no breaking changes.

Changes primarily for admins

• Fix deadlock in auth cache (solves Tobira freezing problem) in #1141
  • See this issue for more details. This bug was introduced in v2.4, occurring randomly depending on a few factors.
• Fix behavior when auth.callback.cache_duration is set to 0 in #1141
  • Tobira went into a kind of busy loop, using CPU resources needlessly. This bug seems to use up to roughly 1/4 of a single CPU core.
• Pass more metadata to Paella (mainly for Matomo integration) in #1140

Full Changelog: v2.7...v2.8

v2.7 🦦

🟢 There are no breaking changes.

What's Changed

User-facing changes

• Fix broken Quality selector UI in Paella in #1122 (note: currently only used for live videos)
• Fix bug where event search was not returning all events for ROLE_ADMIN in #1134
• Improve some button/link descriptions for screen reader accessibility in #1136

Changes primarily for admins

• Add i18ned footer links by @geichelberger in #1119
• Release authkit 0.2.0 in #1124
• Update paella-user-tracking to fix Matomo's customDimensions and media analytics in #1139
• Dependency updates
  • Note: due to this, the glibc requirement of our pre-built x86_64-unknown-linux-gnu has increased to 2.29. If you are using an old OS that does not satisfy this requirement, use the -musl pre-built binary or build the binary yourself in the system in question. Again: Tobira does not require a newer glibc version, just this one pre-built binary.

Changes primarily for developers

• Switch to login callback for local development & deployment server in #1123
• Improve UI tests by running each in isolation (separate Tobira process & DB) with fixed offline data in #1093
• Use secret password for admin user on test deployment in #1135

Full Changelog: v2.6...v2.7

v2.6 🦣

What's Changed

Breaking changes ⚠

With this release, the auth system was restructured to be more flexible, convenient and powerful. All previous "auth modes" are still supported and you don't have to change anything apart from the Tobira config file! See the "Migration" section at the bottom of these release notes. As part of this, the documentation about auth was reworked. See those new docs or this PR for more information.

• Remove auth.mode in favor of auth.source plus auth.session.*
• Move auth.session_duration to auth.session.duration
• Remove a auth.*_header configs. These were not useful, see this commit for the reasoning.
• Move role-related configs into auth.roles. That's moderator_role, upload_role, studio_role, editor_role, user_realm_role, and user_role_prefixes.
• Always add ROLE_ANONYMOUS and ROLE_USER to logged in users. Technically a breaking change, but this should always be the case. It might not have been in the past if fauly auth integrations forgot to add those roles.

Apart from the auth related changes, there are two other breaking changes:

• Tobira moderators (ROLE_TOBIRA_MODERATOR) cannot edit all pages anymore. Only ROLE_ADMIN can do that implicitly. To retain the old behavior, add ROLE_TOBIRA_MODERATOR as "page admin" to the home page. (You might have to add a "known group" for that purpose.)
• The libc requirement for the tobira-x86_64-unknown-linux-gnu binary increased to 2.31 (which is Ubuntu 20.04 kind of old). If this is a problem for you, you an always use the -musl build.

User-facing changes

• Add granular permissions to the page tree in #1097
  • This allows you to give users access to only parts of the page tree. Access is inherited down the tree, meaning that giving a user access to one page means that user also has access to all sub-pages. There are two levels of permissions: page admin (can do everything) and moderator (cannot delete the page, change its path, or change access rules).
• Add configurable "terms and conditions" popup in #1112
  • Useful in combination with the added basic Matomo integration.
• Update Paella and add support for fallback fullscreen mode on iOS in #1113
• Revise download menu listitems in #1111
• Add arrow navigation to remaining popover menus in #1001
• Fix overlarge thumbnails in series slider view in #1078
• Group edit series options by @geichelberger in #1079
• Left align "about tobira" page content in #1084
• Add breadcrumbs to series pages in #1085
• Make logout button work with keyboard in #1083
• Hide child list in "change order" UI if sorted alphabetically in #1105
• Fix login page redirect when login_link is not configured in #1117
• Extend edit series block by @geichelberger in #1058
• Change edit series block label "layout" to "Metadata" in #1076

Changes primarily for admins

• Add auth callbacks in #1032
  • This is a new way to include your custom auth logic with Tobira. It is preferred over the existing "auth header" solution for several reasons. It usually makes setup a lot easier and the whole system faster. See the new auth docs for more information.
• Add initial support for Matomo data collection via Paella player in #1099
• Fix bug in auth.mode = "opencast" in #1109
• Fix deserialization bug for harvesting in special cases in #1109
• Add logging of useful DB server information in #1089
• Future proof harvest sync code for new items in #1115

Changes primarily for developers

• Add url field to routes to build path and use it everywhere in #1035
• Split ci action into two jobs to start deploy faster in #1073
• Actually pass relevant options through to start-dev.sh by @JulianKniephoff in #1104
• Stop using non-existent Roboto fonts in Paella in #1106
• Add realm ACL roles to db dump in #1110

Full Changelog: v2.5...v2.6

Migration

This section should make the it easy to adjust to the auth system changes that replace auth.mode. Be sure to check the other breaking changes as well.

You currently have auth.mode = ...

"opencast"

[auth]
source = "tobira-session"
session.from_login_credentials = "opencast"

"login-proxy"

[auth]
source = "tobira-session"
session.from_session_endpoint = "trust-auth-headers"

Consider migrating to login callbacks.

"full-auth-proxy"

[auth]
source = "trust-auth-headers"

Consider migrating to auth callbacks.

v2.5 🦔

🟢 There are no breaking changes.

User-facing changes

• Fix router bug to prevent critical errors when redirecting internally in #1060
• Filter out past live events from search results in #1062
• Implement several minor UI improvements in #1061
• Unify series block layouts by always placing the description inside the block in #1020
• Improve video item spacing in series blocks for certain screen widths in #1071
• Replace radio buttons in edit series form with simple radio/checkboxes the in #1021

Full Changelog: v2.4...v2.5

v2.4 🐢

This is quite a big release which adds a UI for editing ACLs, switches to the new and much improved Paella design, includes a redesign of the search page, and much more. Unfortunately, there are also a number of breaking changes.

What's Changed

Breaking changes ⚠

• Tobira now requires MeiliSearch ≥ 1.4 (see our docs on how to update)
• Tobira now requires PostgreSQL ≥ 12
• Tobira now requires the hstore extension in the PostgreSQL DB. For PG12 you have to manually install that extension. For PG13 and newer, you don't have to do anything.
• A required config value general.tobira_url was added. You have to specify the public URL under which Tobira is available.
• It is now required that the roles for a user (returned by the auth integration) contain exactly one user role (that is: a role starting with the configured auth.user_role_prefixes, ROLE_USER_ by default). This is almost certainly already the case for almost everyone, but we are now officially requiring this property.

User-facing changes

• Add UI to set ACLs/access rules.
  • Currently this is only used in the uploader, but in the future, the same UI will be used to edit the ACL of events/series or to give granular editing permissions for pages. Developing this UI unblocks quite a few features.
  • The functionality is quite flexible, allowing you to configure "groups" that users can select from. Individual users can also be added by specifying their exact username/email or searching for their name (configurable).
  • There are still some limitations that we plan on addressing in the near future: custom actions, possible to disable, ACL merge support.
• Use new Paella skin and improve player UX
  • Tobira finally uses the new Paella skin, making the player (and by extension the video page) look a lot more modern. Paella uses the configured primary color for accents.
  • The UX was improved by making the Paella UI disappear more quickly while the video is playing, and by showing a more appropriate icon when hovering over elements that can be clicked.
  • Updates: paella-core (1.41.0 -> 1.46.1), paella-basic-plugins (1.31.2 -> 1.44.2), paella-zoom-plugin (1.29.0 -> 1.41.1)
• Improve search page in #1025.
  • This is the start of us finally giving some love to the search functionality, improving the design and adding more feature in the future.
• Add timestamp support via ?t=1m23s parameter and "start at:" option to share menu in #943
• Adjust Paella scaling and background in #984
• Fix paella dual stream layout in #985
• Auto pause videos when playing a different one on the same page in #973
• Retain volume setting across all videos in #983
• Let textarea inputs grow dynamically in #970
• Unify focus style on miscellaneous elements in #962
• Disable automatic font size adjustment in iOS safari in #989
• Wrap delete realm button text in #993
• Adjust some translations in #987
• Stop radio buttons from shrinking in #992
• Add contextual video link to "referencing pages" in #995
• Fix scrolling footer in #1022
• Fix text color in text blocks in #1034
• Hide information on "add child" page behind tooltips in #1030
• Use fixed background/color for inputs and textareas in #939

Changes primarily for admins

• Make user role prefixes configurable in #974
• Add docs with general info about Tobira in #935
• Do not include "email": null in JWT (if there is no email) in #964
• Improve error message in case sync.{user/password} are incorrect in #1000
• Update dependencies

Changes primarily for developers

• Add utility functions for building GraphQL event and series IDs in #981
• Change type of event duration in DB from i32 to i64 in #986
• Forward ExternalLink component ref in #997
• Replace most Hero icons by ones from Lucide in #936
• Replace feather icons with lucide icons in #994
• Add musl release builds and basic load testing scripts in #940
• Add compile target to adopter registration stats in #942
• Replace manual DOM ids with "useId()" hook in #980
• Improve homepage of test deployment in #1051

Full Changelog: v2.3...v2.4

v2.3 🙈

🟢 There are no breaking changes.

• Fixes a security vulnerability allowing non-authorized users to see metadata and the thumbnail of listed events via one API. See the advisory for more information.

Full Changelog: v2.2...v2.3

v2.2 🦆

⚠️ Use v2.3 instead, as that contains a security fix.

🟢 There are no breaking changes.

What's Changed

User-facing changes

• Add video-page-link beneath video in video blocks (can be configured per block) in #926
• Add return label to studio link in #928
• Increase dashboad coherence in #896
• Remove highlight when clicking external studio link in #925
• Add scrollbar to multiline copyable inputs (e.g. embed code) in #915
• Close burger menu when clicking specific items in #916
• Fix cut-off thumbails on vertically narrow screens in #919

Changes primarily for admins

• Reduce log noise when the /tobira/stats endpoint does not exist in OC in #912
• Update Paella (paella-core 1.39.3 -> 1.41.0)
• Dependency upgrades

Changes primarily for developers

• Add playwright e2e tests in #868
• Change debug info to "line-tables-only" in #913
• Switch to GitHub LFS for DB dumps in #931
• Clean up translations in #930

Full Changelog: v2.1...v2.2

v2.1 🐑

User-facing changes

• Introduce dark mode (#871)
  • Important: Check if your logo also works (i.e. looks good) in dark mode. If not, you can add a logo variant to be used in dark mode instead of your regular logo (see https://elan-ev.github.io/tobira/setup/theme for reference)
• Update Paella player to fix portrait videos (#867)
• Fix page redirection after external logins (#890)
• Check upload permission for upload route and "upload" nav item by @geichelberger (#903)
• Add note to clarify that selecting a series for uploads is required (if configured that way) (#887)
• Adjust metadata and description layout (#853)
• Adjust grey tones (add new ones and change brightness values) (#900)
• Close QR-modal on outside click (#892)
• Show warning when clicking outside editing block (#891)
• Many smaller fixes:
  • Fix margin around user realm disclaimer on narrow screens (#837)
  • Fix tooltips not opening on mobile (still broken on iOS) (#851)
  • Fix add button tooltip overflow (#852)
  • Fix setting a page name for user root realms (#860)
  • Fix some links that wouldn't work after changing paths or re-adding previously deleted pages (#866)
  • Fix error text color (#894)
  • Change default font of copyable input (#889)
  • Correct quantity wording for uploads (#888)

Changes primarily for admins

• Improve "update" docs (#873)
• Fix db clear by not dropping automatically created array types (#893)
• Add code to regularly send basic statistics to Opencast for adopter registration (#878)
  • Note: The data is just sent to your connected Opencast (via secured connection) and Opencast will only send it out if you registered as an adopter and agreed to that basic data collection. Further, the data only contains very basic statistics that are considered public anyway.
• Add optional email user property by @geichelberger (#899)

Changes primarily for developers

• Fix import-realm-tree command (#861)
• Use shared ESLint config (#876)
• Use @opencast/appkit (#902)

Full Changelog: v2.0...v2.1

v2.0 🐿️

We are happy to announce Tobira 2.0!

This is a major release as it contains a large number of user facing changes and new features. Most notably, almost every aspect of the design was somewhat reworked and polished. Nothing major changed, certainly no major layout changes, but everything looks a lot neater now. The main new feature is the addition of user pages: each user (who is allowed to) can create and manage their own set of pages which are completely independent from the main video portal. Additionally, the uploader allows users to select a series now, the share menu was improved, and the series block has three different display modes now. Finally, setting up Tobira is easier now as administrators don't need to configure a JWT key in most situations anymore.

These are just the highlights of the release. For everything else, check out the detailed changelog below.

As per our versioning policy, major/minor versions don't really mean anything specific. Breaking changes are allowed in minor versions as well. However, this release does include a number of breaking changes that you need to look out for when upgrading. See the migration guide at the bottom of this release announcment.

Finally, a big thanks to the institutions which make Tobira possible! This is primarily the ETH Zürich, which sponsored most of Tobira's development from the very start. More recently, Bern university and the TU Wien made large contributions to the project as well. Thanks!

Detailed changelog

User-facing changes

• Redesign/polishing:
  • Redesign series block (#706)
  • Redesign header and navigation (#702)
  • Apply login page redesign (#721)
  • Apply redesign of ~manage/realm/ pages (#772)
  • Improve video page layout for metadata (#792)
• Add user realms (a page tree for each user) (#727)
• Add series selection to uploader (#705)
• Add new share menu on video page (#792)
• Add download button on video page (#792)
• Rework colors (#796)
• Use thumbnail as player preview image (#710)
• Use searchable series select in series block edit UI (#729)
• Improve "gallery view" of series block (#737)
• Accessibility
  • Replace "home" link title with aria-label (#722)
  • Add and apply focusStyle function (#726)
  • Add specific descriptions to copyable inputs (#769)
  • Improve player link description for screen readers (#771)
  • Add focus trap to popup modals (#773)
  • Underline specific kinds of links (#811)
  • Add current language to language selection label (#774)
  • Improve accessibility of various elements (#636)
• Add alphabetical ordering options to series blocks (#742)
• Limit allowed file formats for upload to audio/video (#739)
• Make uploader show error when selecting non-video or -audio files (#717)
• Disable spellcheck and autocapitalize on username and path inputs (#738)
• Fix breadcrumbs order (#709)
• Fix breadcrumbs for realms with missing names (#728)
• Add breadcrumbs to all pages (excluding homepage) (#780)
• Improve logo sizing & other small header-related improvements (#734)
• Fix max-width and padding of description text of series blocks (#764)
• Add navigation elements to upload page (#778)
• Add more space below heading (#785)
• Add remaining dashboard items to user menu (#787)
• Fix edit form of series blocks (#790)
• Fix audio-only playablility (#798)
• Add redirect from video routes to direct video routes if realm does not exist (#818)
• Rearrange dashboard items (#819)
• Adjust some borders of user menu items (#824)
• Small video page adjustments (#825)
• Prevent overflow of git hash on small screens (#826)
• Show triangle instead of spinner if user data could not be loaded (40137fb)
• Improve tooltips & popovers (#636)
• Replace title attribute with real tooltip (#636)

Changes primarily for admins

• Make JWT key optional by generating it on the fly if unspecified (#820)
• Drop PostgreSQL 10 support and fix user session query (#783)
• Update MeiliSearch to v1.1 (#789)
• Add docs (configuring the theme & various information for devs) (#813)
• Fix db clear and search series view (#714)
• Minor improvements to logging (#766)
• Remove outdated docs from auth.mod config (#711)
• Add error context to opening log file (#782)
• Enable backtraces for errors (#812)
• Update dependencies (various PRs)

Changes primarily for developers

• Improve API error handling (#730)
• Use React.StrictMode and type-safe translation keys with i18next (#708)
• Expand and change dummy users (#745)
• Improve dummy-blocks for better test data (#736)

Full Changelog: v1.7...v2.0

---

Upgrade guide

Please read our upgrade guide, but also pay special attention to these points:

• The color system was reworked quite a bit. You have to adjust your color configuration. See our "theme" docs on more information.
• Similarly, some logo sizing and margin logic was changed, so make sure your logo file still works well! Again, check the "theme" docs for more information.
• Tobira requires at least PostgreSQL 11 now.
• Tobira requires MeiliSearch 1.1 now. You most certainly need to update this.
• By default, users are allowed to download videos. If you don't want that, change general.show_download_button. In the future, it can be selected per video whether download is allowed or not.
• By default, all users (ROLE_USER) are allowed to create their own pages. If you want to change that, check auth.user_realm_role.