Pull Request Explorer

Summary

Fix config sanitize/desanitize field masking

Prevents accidental overwriting of sensitive config fields, ensuring system integrity and security.

Health Assessment

• • Quick fix with minimal rework, merged within 2 hours, indicating low complexity and high confidence.

Summary

Fix config sanitize/desanitize field masking

Ensures admin configuration changes persist correctly, preventing accidental data loss of sensitive settings.

Health Assessment

• • Quick, single-commit fix with fast review and merge, indicating low complexity and minimal risk.

Summary

Automated cherry pick of flaky E2E test fix

Applies a previously approved fix for flaky end‑to‑end tests, ensuring stable test runs.

Health Assessment

• • Quick automated cherry pick with no review, minimal changes, low risk.

Summary

Fix config sanitize/desanitize missing fields

Prevents accidental overwriting of secret configuration values when saving via API, ensuring secure configuration persistence.

Health Assessment

• • Quick, single-commit fix with minimal code churn and no review back‑and‑forth.

Summary

Fix config sanitize/desanitize missing fields

Ensures sensitive config fields are correctly sanitized and not overwritten with placeholder values when saved via API, preventing accidental exposure of secrets.

Health Assessment

• • Fast merge with minimal review; the change was straightforward and addressed a clear bug.

Summary

Fix config sanitization bug in release-11.6

Corrects persistence of sensitive config fields by ensuring desanitize removes FakeSetting placeholders, preventing accidental exposure of credentials.

Health Assessment

• • Quick fix with minimal changes, merged within an hour, indicating low complexity and high confidence.

Summary

Upgrade Go to 1.26.3 in build containers

This PR updates the Go runtime used for building Mattermost server images to the latest patch version, ensuring security and bug fixes without affecting application behavior. The change is low risk and requires minimal QA.

Health Assessment

• • The PR was merged quickly with minimal review, indicating a straightforward, low‑risk update.

Summary

Update Jira prepackaged version

Bumps the prepackaged Jira plugin to v4.7.0 for release-11.6.

Health Assessment

• • Manual cherry-pick due to auto cherry-pick failure. No significant changes or conflicts.

Summary

Fix config sanitize/desanitize missing fields

Ensures admin config changes preserve secret values and file paths, preventing data loss and authentication failures.

Health Assessment

• • PR fixed a regression in config sanitization, added a comprehensive test to catch future omissions, and required a single review with minimal changes.

Summary

Update latest patch version to 11.7.2

Automated release pipeline update to bump patch version, ensuring consistency across backend and webapp dependencies.

Health Assessment

• • Fast merge with minimal changes, automated release pipeline, low risk.

Summary

Cherry pick of Desktop app UI changes

Adds UI changes to hide the Download Apps link in the Desktop app and corrects linting order for the new visibility logic.

Health Assessment

• • Merged within 1.3 hours with no review comments, indicating a straightforward, low-risk change.

Summary

Cherry pick access control enhancements

Integrates updated access control logic and UI components into the 11.8 release, ensuring consistent security behavior across the platform.

Health Assessment

• • Quick turnaround with single review, minimal rework, large code addition.

Summary

Reject demoting bot accounts to guest

Prevents user managers from downgrading bot accounts to guest, preserving bot capabilities and ensuring bot integrity.

Health Assessment

• • Cherry‑pick was applied quickly with minimal code changes and no review friction, indicating a straightforward bug fix.

Summary

Cherry pick of #36332 for release-10.11

Adds session cache invalidation on global session revocation, improving security and consistency across clusters.

Health Assessment

• • Quick turnaround with minimal rework; AI-assisted code generation accelerated the process.

Summary

Fix flaky E2E tests for Cypress and Playwright

This PR resolves intermittent failures in end‑to‑end tests, ensuring reliable CI pipelines and consistent user experience across Cypress and Playwright test suites.

Health Assessment

• • Quick resolution with minimal changes and fast review indicates low risk and efficient process.

Summary

Add auth token to flaky test webhook

Enhances CI reliability by adding a bearer token to flaky test webhook requests, ensuring only authorized endpoints receive failure reports.

Health Assessment

• • Quick review and merge, minimal changes to CI workflow, low risk.

Summary

Add attribute-value masking UI and tests

Provides UI for masked policy values, read‑only editors, and E2E coverage, improving admin experience and security.

Health Assessment

• • The PR required extensive review and multiple iterations, resulting in a long cycle time but ultimately delivering a complex feature with broad impact.

Summary

Cherry-pick imaging library update to v11.7

Integrates updated imaging library and associated tests into v11.7, ensuring image processing functions work correctly.

Health Assessment

• • Cherry-pick of imaging library update; review took over a day but only one round; low risk to production.

Summary

Add Docker Hub auth to Cloud Agent start hook

Adds optional Docker Hub login to the Cloud Agent startup script, enabling authenticated pulls and preventing anonymous rate limits using Cursor dashboard secrets.

Health Assessment

• • Fast review and merge with no rework; AI-assisted code added smoothly.

Summary

Invalidate shard-timing cache and guard saves

Prevents stale shard-timing cache from causing test failures, ensuring reliable CI runs. This change improves CI stability and reduces false positives.

Health Assessment

• • Fast review and merge cycle (under 1 hour) with a single commit indicates low complexity and high confidence in the change. The update improves CI reliability by addressing cache poisoning without introducing new features or breaking existing functionality.

Summary

Backport shared channel API fixes to release-11.7

Adds critical shared channel API improvements, enabling multi-remote registration, better stability, and correct UI display for admins, ensuring reliable cross-cluster communication for customers.

Health Assessment

• • The PR required a review after 48 hours and a second approval before merge, indicating moderate complexity and some friction, but the overall cycle time remained within a few days.

Summary

Ping restored plugin remote immediately on re-register

Ensures that a plugin’s remote cluster is considered online immediately after re‑registration, eliminating a 30‑90 second cold start and preventing sync failures during plugin restarts.

Health Assessment

• • The PR had a long cycle time but a quick review; AI review helped surface timing and error‑marshaling issues, and the changes touch inter‑cluster liveness logic, warranting moderate risk.

Summary

Hide Download Apps link in Desktop app

This PR removes redundant download links and onboarding prompts when Mattermost runs inside the Desktop app, improving UI clarity for desktop users.

Health Assessment

• • Quick approval with minimal changes; UI visibility tweak with comprehensive tests.

Summary

Automated cherry pick of #36487

Adds logic to prevent demoting bot accounts to guest, ensuring bot integrity and system stability.

Health Assessment

• • Cherry pick merged quickly with no review needed, minimal code changes.

Summary

Reject bot account demotion to guest

Prevents user managers from downgrading bot accounts to guest, ensuring bot capabilities remain intact.

Health Assessment

• • Fast merge with minimal changes indicates low complexity and quick validation.

Summary

Add classification banners to web and desktop apps

Enables system admins to define classification levels and display banners in channels, improving compliance and user awareness.

Health Assessment

• • Fast merge with minimal review, indicating straightforward cherry pick of a previously reviewed feature.

Summary

Cherry pick of Mobile Ephemeral Mode feature

Adds feature flag and UI for Mobile Ephemeral Mode, enabling enterprise customers to control mobile session persistence.

Health Assessment

• • Fast 9‑hour cycle with a single review and minimal rework, indicating low complexity and low risk.

Summary

Refactor E2E test workflows to improve cache

Centralizes dependency installation and uses cache restores to eliminate flaky npm failures, speeding up test runs and improving reliability.

Health Assessment

• • The PR streamlined E2E test workflows, reducing npm install overhead and eliminating flaky cache failures, with minimal review friction and moderate scope.

Summary

Update reusable workflows to specific commit SHA

Pin reusable GitHub Actions to specific commit SHAs to ensure stable CI/CD pipelines, reducing risk of unexpected changes.

Health Assessment

• • Fast review and merge with minimal changes to CI configuration, indicating low complexity and risk.

Summary

Add classification banners to web and desktop

Enables administrators to define classification levels with colors and ordering, improving data security and compliance across web and desktop clients.

Health Assessment

• • The PR involved extensive AI-assisted code changes, multiple review rounds, and a large diff, resulting in a long cycle time and high risk of regression.

Summary

Cherry pick of #36513 for release

This cherry pick brings updated access control logic and tests from PR #36513 into the 11.8 release. It enhances security and ensures compatibility with the new release.

Health Assessment

• • Fast cycle time and immediate review indicate an efficient process. The large scope but minimal review rounds suggest confidence in the changes.

Summary

Cherry pick of content flagging report feature

Adds content flagging report UI and backend logic to the 11.8 release, enabling users to view and manage flagged content reports.

Health Assessment

• • The PR was merged quickly after a single commit, indicating minimal review friction, but the large number of lines added suggests significant code changes were incorporated.

Summary

Reject demoting bot accounts to guest

Prevents user managers from demoting bot accounts to guests, ensuring bot capabilities remain intact.

Health Assessment

• • PR had a quick initial review but a long cycle time due to approvals; the change is small and low risk.

Summary

Implement ABAC mask enforcement on policy save/delete

Adds secure masking of sensitive attribute values during policy creation, update, and deletion, preventing unauthorized visibility and enforcing strict access controls for administrators.

Health Assessment

• • The PR required extensive review with multiple AI‑assisted comments and several iterations, indicating complex changes to core authorization logic. The long cycle time and large code churn suggest a high‑risk, slow integration process.

Summary

Add leave confirmation modal for policy-added public channels

Adds a confirmation modal to prevent accidental leaving of policy‑added public channels, improving user experience.

Health Assessment

• • Quick automated cherry pick with minimal review, indicating low complexity and high confidence in the change.

Summary

Update NOTICE.txt with new dependencies

Updated NOTICE.txt to reflect new dependency versions, ensuring compliance and accurate licensing information.

Health Assessment

• • Fast merge with minimal changes and no review, indicating straightforward documentation update.

Summary

Update NOTICE.txt file with updated dependencies

Updates third‑party attribution notices to reflect current dependencies, ensuring compliance and accurate licensing information.

Health Assessment

• • PR completed quickly with minimal review, indicating a straightforward documentation update.

Summary

Add leave confirmation modal for policy channels

Adds a confirmation modal when leaving a public channel added via policy, offering a mute alternative to prevent accidental exits and improve user experience.

Health Assessment

• • The PR introduced a new modal for policy‑enforced public channels, required a review with changes, and had a long cycle time due to extensive testing and integration across multiple UI components.

Summary

App-layer plugin hook wiring for MBE Phase 4

Adds new plugin hook wiring for channel events, enabling richer plugin integration and extensibility in Mattermost.

Health Assessment

• • The PR had a long cycle time but was reviewed immediately and required only a few review rounds, indicating efficient communication. However, the large number of files and lines added suggests a complex change that could pose integration risks.

Summary

Channel-guard enforcement and two-phase dispatch

Adds runtime enforcement of channel guard rules, improving security and reliability of message handling.

Health Assessment

• • The PR took over 10 days to merge with a single review, indicating a slow but straightforward review process.
• • The large number of lines added and files changed suggests a significant code change that could impact stability.

Summary

Enable MessagesWillBeConsumed hook on edit

Ensures plugin message transformations are applied when posts are edited, matching the documented hook behavior and preventing silent failures for plugins. This improves consistency and reliability for plugins that modify message content.

Health Assessment

• • The PR had a long cycle time due to a single review after several days, but the change was small and straightforward, resulting in low risk.

Summary

Hide empty content-flagging section in reviewer DM

Fixes an issue where the content review bot DM displayed an empty block under 'With comment' when the reporter or reviewer did not enter a comment.

Health Assessment

• • The PR was reviewed and merged quickly, indicating a straightforward fix.

Summary

Update bot checks

Fixes permission checks for bot session revocation and password updates, ensuring correct authorization and preventing unauthorized access.

Health Assessment

• • The PR required multiple review cycles and several commits to address bot permission logic, indicating moderate complexity and potential for side effects.
• • Despite a slow overall cycle time, the first review was quick, showing efficient initial feedback.

Summary

Fix webhook list ordering instability when paginating

Ensures consistent alphabetical ordering of webhook lists across pagination, improving UI reliability and preventing accidental reordering bugs for users.

Health Assessment

• • The PR required over 10 days to receive its first review, indicating slow feedback, but the changes span multiple backend SQL queries and frontend components, raising moderate risk of unintended side effects.

Summary

Remove global login mutex, use DB serialization

By replacing a cluster‑wide in‑memory lock with per‑user database serialization, the PR eliminates contention on login attempts, improves throughput, and ensures consistent lockout semantics across all nodes.

Health Assessment

• • The PR required multiple rounds of review and several re‑bases, with a total of 642 lines changed across 10 files, indicating a complex, high‑risk change that demanded extensive load testing and careful validation of authentication logic.

Summary

Refactor E2E test workflows to remove redundant status jobs

Simplifies E2E test workflows by removing redundant status update jobs, reducing maintenance overhead while shifting commit status reporting to an external integration. This change improves CI efficiency but requires coordination with the external system to ensure PR status updates continue to function.

Health Assessment

• • The PR was reviewed quickly with minimal back‑and‑forth, indicating a straightforward refactor of CI workflows.
• • The change reduces maintenance overhead but introduces a dependency on an external system for status reporting.

Summary

Add discoverable private channel data layer

Adds database schema, models, permissions, and store logic for discoverable private channels, enabling future feature rollout without affecting current behavior.

Health Assessment

• • PR introduced extensive schema changes and new store logic, but was reviewed quickly with minimal back‑and‑forth, indicating a well‑structured change.

Summary

Add detailed error messages for role validation

This PR replaces boolean validation with detailed error messages for role validation, enabling clearer diagnostics and reducing silent failures in role creation and permission migration workflows.

Health Assessment

• • Fast cycle time and minimal rework indicate efficient review; the change introduces a breaking API but is well-tested with extensive unit tests.

Summary

Add Display Name to User Properties in Webapp

Adds display name support for user attributes in the admin console, including client‑side validation and UI updates across profile popover, account settings, and ABAC selector, improving user experience and consistency.

Health Assessment

• • The PR required extensive review with multiple AI‑assisted comments and several iterations, leading to a slow cycle time and high risk due to large scope and many changes across UI components and tests.

Summary

Add flaky test webhook notification

Adds a non‑blocking CI webhook that alerts a cursor automation when flaky tests succeed, enabling automated triage and ticket creation.

Health Assessment

• • Fast review cycle with minimal changes; AI assistance streamlined the process.