Pull Request Explorer

Summary

Cherry pick of feature flag commit

Enables the ClassificationMarkings feature flag by default, ensuring the new functionality is available in the release.

Health Assessment

• • Quick cherry pick with minimal changes, merged within 0.7 hours, indicating low complexity and high confidence.

Summary

Enable ClassificationMarkings feature flag by default

Enables the ClassificationMarkings feature by default, allowing users to access classification UI and API endpoints without manual flag activation, improving usability and reducing configuration overhead.

Health Assessment

• • Rapid approval with no review friction; minimal code changes; AI-assisted authoring; low risk but moderate regression potential due to feature flag default change.

Summary

Apply team sanitization on scheme teams endpoint

This change sanitizes team data returned by the schemes endpoint, ensuring non-admin users only see permitted information and reducing potential data exposure. The regression test confirms correct behavior for both non-admin and system admin callers.

Health Assessment

Summary

Tighten authorization on /share-channel autocomplete

Adds a permission check to the /share-channel autocomplete so only users with manage_shared_channels can see suggestions, aligning with existing command authorization and improving security.

Health Assessment

• • The PR introduced a security authorization check with a modest code change, received a quick initial review but required extended discussion before final approval, resulting in a 185‑hour cycle time.

Summary

Validate user auth update requests

Adds validation to the user auth update endpoint to reject unknown auth services and prevent storing auth data for email/password users, improving security and preventing data corruption.

Health Assessment

• • The PR was reviewed quickly but required multiple rounds of feedback, indicating complex validation logic and potential integration impact.

Summary

Stop logging email subject when sending mail

Removes PII from mail logs by dropping the subject field, preserving only the recipient address for operational visibility.

Health Assessment

• • Rapid review and merge with minimal changes, indicating low complexity and risk.

Summary

Return error for deprecated plugin group name

Plugin API now returns an explicit error when plugins use the deprecated custom_profile_attributes group, improving developer experience and preventing silent redirects.

Health Assessment

• • Quick cherry pick with minimal changes, no review needed, fast merge.

Summary

Add SchemaVersion to PropertyGroup for group-specific field schema versioning

Adds a schema_version field to property groups to track changes to group field definitions, enabling consumers to detect schema changes and handle them appropriately.

Health Assessment

• • T
• • h
• • e
• •
• • P
• • R
• •
• • h
• • a
• • d
• •
• • a
• •
• • q
• • u
• • i
• • c
• • k
• •
• • r
• • e
• • v
• • i
• • e
• • w
• •
• • c
• • y
• • c
• • l
• • e
• •
• • w
• • i
• • t
• • h
• •
• • m
• • i
• • n
• • i
• • m
• • a
• • l
• •
• • r
• • e
• • w
• • o
• • r
• • k
• • ,
• •
• • a
• •
• • m
• • o
• • d
• • e
• • r
• • a
• • t
• • e
• •
• • c
• • o
• • d
• • e
• •
• • c
• • h
• • a
• • n
• • g
• • e
• •
• • s
• • i
• • z
• • e
• • ,
• •
• • a
• • n
• • d
• •
• • a
• •
• • s
• • a
• • f
• • e
• •
• • d
• • a
• • t
• • a
• • b
• • a
• • s
• • e
• •
• • m
• • i
• • g
• • r
• • a
• • t
• • i
• • o
• • n
• • ,
• •
• • i
• • n
• • d
• • i
• • c
• • a
• • t
• • i
• • n
• • g
• •
• • a
• •
• • l
• • o
• • w
• •
• • t
• • o
• •
• • m
• • e
• • d
• • i
• • u
• • m
• •
• • r
• • i
• • s
• • k
• •
• • f
• • e
• • a
• • t
• • u
• • r
• • e
• •
• • a
• • d
• • d
• • i
• • t
• • i
• • o
• • n
• • .

Summary

Cherry pick bug fix for deleted post broadcast

Fixes a bug where deleted posts were incorrectly broadcasted, ensuring accurate post visibility and preventing stale data from appearing to users.

Health Assessment

• • Quick merge with minimal rework indicates a straightforward bug fix; cherry pick streamlined release process.

Summary

Return error for deprecated custom_profile_attributes group

Provides an explicit error for the deprecated property group, giving plugin developers a clear signal and preventing silent failures that could lead to subtle bugs.

Health Assessment

• • Fast review and minimal changes indicate low friction; however, the breaking change introduces moderate risk to third‑party plugins.

Summary

Cherry pick of #36684 on release-11.8

Fixes clipped policy editor tooltips and allows CEL editor tooltips to overflow

Health Assessment

• • This PR was an automated cherry pick with a very short cycle time, indicating a straightforward and low-risk change.

Summary

Fix clipped policy editor tooltips

Ensures tooltips in the advanced data masking policy editor stay within the viewport, preventing them from being clipped. This improves clarity and usability for administrators configuring data masking policies.

Health Assessment

Summary

Fix deleted post broadcast bug

Ensures restored posts appear correctly in channels, preventing missing content after deletion and restoration for users.

Health Assessment

• • The PR had a long cycle time but low review friction, with moderate scope and a moderate risk due to multiple merges and rework.

Summary

Add DefaultAzureCredential auth for Azure Blob Storage

Adds a new authentication mode using Microsoft Entra ID, enabling managed identity and other Azure identity options for Blob Storage, improving security and simplifying configuration.

Health Assessment

• • The PR had a quick initial review but required several follow‑up commits to address feedback, indicating moderate review friction but an overall healthy cycle time.

Summary

Update latest patch version to 10.11.20

Updates the application version to 10.11.20, ensuring accurate version reporting for deployments.

Health Assessment

• • Rapid automated version bump with minimal review, indicating low risk and high confidence in release pipeline.

Summary

Update latest patch version to 11.5.8

Updates the Mattermost server to patch version 11.5.8, ensuring the latest bug fixes and security patches are included.

Health Assessment

• • Automated patch update with minimal code change, quick review and merge.

Summary

Update latest patch version to 11.6.5

Automated version bump for release 11.6.5, ensuring all components use the latest patch.

Health Assessment

• • Fast cycle time, minimal changes, automated PR, quick review, low risk.

Summary

Cherry pick of data spillage report API

Adds data spillage report API usage to improve monitoring of data leaks.

Health Assessment

• • Quick merge with minimal review indicates low complexity and high confidence in the change.

Summary

Update data spillage report API

Enhances report generation with persisted actor details and improved logic for handling incoming values.

Health Assessment

• • The PR had a fast initial review but a longer overall cycle time, indicating some complexity in the changes or discussions.

Summary

Improve diagnostics.yaml readability

Reorders server fields for clearer diagnostics output and adds inline comments to aid support engineers, without changing functionality.

Health Assessment

• • Quick review and minimal rework; cosmetic changes with low risk.

Summary

Cherry pick of data spillage UI changes

Applies UI styling updates for data spillage action buttons, ensuring consistent look and feel.

Health Assessment

• • Fast merge with minimal changes; automated cherry pick indicates low complexity and high confidence.

Summary

Update Agents plugin to v1.14.2

Updates the Agents plugin to the latest v1.14.2 release, ensuring compatibility and bug fixes.

Health Assessment

• • Quick update with minimal changes, approved after smoke testing.

Summary

Wrap data spillage RHS action buttons

Improves user experience by ensuring action buttons in the data spillage report wrap correctly, preventing horizontal overflow and maintaining layout consistency. This change enhances readability and aligns with design specifications.

Health Assessment

• • The PR had a long cycle time due to a late review request, but the change was small and CSS-only, resulting in low risk.

Summary

Fix missing peer fields in package-lock.json

Corrects the dependency lock file to ensure peer dependencies are properly recorded, preventing potential runtime issues in the web application.

Health Assessment

• • Quick fix with minimal changes and immediate merge indicates low risk and efficient review process.

Summary

Support sovereign-cloud endpoints for Azure Blob Storage

Adds AzureCloud enum to support commercial, government, and custom endpoints for Azure Blob Storage, enabling users to select appropriate cloud and configure custom endpoints.

Health Assessment

• • Fast cycle time and minimal review iterations indicate smooth integration; moderate risk due to new validation logic.

Summary

Cherry-pick #36511 to release-11.8

Integrates recent access control and session attribute improvements into the 11.8 release, ensuring updated security and performance.

Health Assessment

• • Quick cherry-pick with minimal review, indicating confidence in the upstream changes and streamlined release process.

Summary

Offset onboarding checklist above bottom banner

Fixes positioning of the onboarding checklist button to prevent overlap with the bottom classification banner, improving user interface clarity.

Health Assessment

• • Minimal code changes with a quick review, but the long cycle time suggests the PR was held for a scheduled release rather than an urgent fix.

Summary

Update latest patch version to 11.7.3

Automated patch version bump to 11.7.3, ensuring consistency across backend and webapp dependencies for the upcoming release.

Health Assessment

• • Quick automated PR with minimal changes, merged within minutes, indicating low risk and high confidence in the release pipeline.

Summary

Cherry pick of #36685

Ensures the latest bug fix from #36685 is included in the 11.8 release, maintaining consistency across releases.

Health Assessment

• • Cherry pick was merged quickly with no review, indicating automated process and low risk.

Summary

Fix data spillage report affordances

Corrects misleading UI cues in data spillage reports, improving user clarity and reducing confusion.

Health Assessment

• • The PR had a long cycle time due to a late review request, but the initial review was quick and the changes were small, resulting in moderate risk because of a touch to authorization logic.

Summary

Update golang.org/x/image dependency to v0.40.0

Bumps the image library to the latest patch, improving security and compatibility for the release-11.7 branch.

Health Assessment

• • Quick dependency bump with minimal changes and fast review, indicating low risk.

Summary

Remove unused notification and modal components

Clean up obsolete code, reducing maintenance overhead and potential confusion, ensuring the codebase remains focused on current features.

Health Assessment

• • The PR performed a substantial cleanup of unused components with minimal review, but the large removal scope and long cycle time indicate a need for earlier detection of dead code to streamline future maintenance.

Summary

Upgrade imagemeta dependency to v0.17.2

Upgrades the imagemeta library to a newer version, improving EXIF parsing and error handling while adding tests for edge cases, ensuring more robust image processing.

Health Assessment

• • The PR required a lengthy review and extended cycle time due to a dependency upgrade, but involved minimal rework and a moderate risk of regression in image handling.

Summary

Fix DM/GM channel member import defaulting

Ensures imported direct/group messages have correct user roles, preventing message input failures on the web client.

Health Assessment

• • Quick review and minimal changes led to fast resolution; only one review comment and two subsequent commits.

Summary

Generate default_roles_permissions.js from a live server snapshot

Replace hand‑maintained default_roles_permissions.js with a generated file that boots a real server and snapshots roles, eliminating drift and keeping test fixtures up‑to‑date.

Health Assessment

Summary

Bump Go to 1.25.10

Updates the Go runtime to 1.25.10, ensuring compatibility and security fixes for the Mattermost server.

Health Assessment

• • Long review time indicates a low-priority change or slow review process; minimal code changes reduce risk.

Summary

Update Agents plugin to v1.14.2

Updates the Agents plugin to the latest v1.14.2 release, incorporating bug fixes and performance improvements.

Health Assessment

• • Long review cycle indicates delayed feedback, but the minimal code change reduces overall risk.

Summary

Update Agents plugin to v1.14.2

Updates the Agents plugin to the latest v1.14.2 release, incorporating bug fixes and security improvements.

Health Assessment

Summary

Fix HTML encoding bug in proxied image URLs

Ensures images with query parameters are correctly displayed when using the image proxy, preventing broken image links and improving user experience.

Health Assessment

• • The PR had a long cycle time but was reviewed immediately and required no further commits, indicating a straightforward bug fix with minimal complexity.

Summary

Update NOTICE.txt file with updated dependencies

Documentation-only update to licensing/attribution information with no impact on application functionality.

Health Assessment

• • Fast merge with minimal changes, no risk to functionality.

Summary

Add Azure Blob Storage support and generic Test Connection

Enables Azure Blob Storage as a selectable backend in the File Storage and Export Storage admin panels, and generalizes the Test Connection endpoint to support all storage drivers, improving admin flexibility and reducing duplicated code.

Health Assessment

• • The PR required several rounds of review and extensive changes across backend, frontend, and config, indicating high complexity and potential regression risk.

Summary

Add Edit Attachments Permission

Adds a new permission to control who can edit post attachments when editing a post, defaulting to users with edit post permission.

Health Assessment

• • Fast review and merge with minimal rework indicates high confidence in the changes.

Summary

Add Edit Attachments Permission

Adds a new permission to control editing of post attachments, defaulting to users with edit post permission.

Health Assessment

• • Rapid merge with minimal review, but large number of test and code changes indicates significant refactoring of the permission system.

Summary

Cherry pick of attachment permission changes

Integrates attachment permission edits from PR #36227 into release 11.7, updating backend and frontend permission logic.

Health Assessment

Summary

Edit attachment permission

Adds a new permission to control editing of post attachments, giving admins finer control over content modification.

Health Assessment

• • Fast review cycle (3h) and single review round indicate efficient process. Despite large code changes (~600 lines), the impact is low risk as it only adds a permission.

Summary

Reconcile partial GM membership in bulk import

Fixes bulk import failures caused by incomplete group channel membership, ensuring data integrity and preventing import crashes.

Health Assessment

Summary

Cherry pick admin property field permission

Adds admin property field permission level to channel API, enabling finer-grained access control for admins and improving security management.

Health Assessment

• • PR merged after 65 hours with no review comments, indicating a straightforward cherry pick but delayed review. The large code change and extended cycle time suggest a high-risk merge that could benefit from earlier review.

Summary

Cherry pick CI workflow change for release branch

Updates the build-server-image workflow to support building and pushing images from release branches, ensuring CI continuity for the v11.8.0 release.

Health Assessment

• • PR merged quickly with minimal changes, indicating a straightforward CI update with no significant risk.

Summary

Fix spacing issue in data spillage report

Corrects layout spacing in the data spillage report component, improving UI consistency.

Health Assessment

• • Quick fix with minimal changes, merged within 2 hours, indicating low complexity and high confidence.

Summary

Fix team icon active styling

Prevents decorative team icons from showing active sidebar highlight when clicked, improving UI consistency.

Health Assessment

• • Automated cherry pick with minimal changes and no review discussion.