From c88d4012d568d62612385de1e8c47196845db23f Mon Sep 17 00:00:00 2001
From: Christian Richter <crichter@owncloud.com>
Date: Tue, 11 Jun 2024 16:35:15 +0200
Subject: [PATCH 1/2] Add disallowed filenames validator

Co-authored-by: Julian Koberg <jkoberg@owncloud.com>
Co-authored-by: Ralf Haferkamp <rhaferkamp@owncloud.com>

Signed-off-by: Christian Richter <crichter@owncloud.com>
---
 changelog/unreleased/filename-validator.md          |  6 ++++++
 internal/grpc/services/gateway/storageprovider.go   |  2 +-
 .../http/services/owncloud/ocdav/config/config.go   |  5 +++++
 internal/http/services/owncloud/ocdav/tus.go        |  1 +
 internal/http/services/owncloud/ocdav/validation.go | 13 +++++++++++++
 5 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 changelog/unreleased/filename-validator.md

diff --git a/changelog/unreleased/filename-validator.md b/changelog/unreleased/filename-validator.md
new file mode 100644
index 0000000000..cad98c384b
--- /dev/null
+++ b/changelog/unreleased/filename-validator.md
@@ -0,0 +1,6 @@
+Bugfix: Disallow illegal filenames filter
+
+We have created a validator that checks if a filename is in a list of forbidden filenames.
+This list is defined in the config file and can be extended by the administrator.
+
+https://github.com/owncloud/ocis/issues/1002
\ No newline at end of file
diff --git a/internal/grpc/services/gateway/storageprovider.go b/internal/grpc/services/gateway/storageprovider.go
index 1541fff874..6f57daec9f 100644
--- a/internal/grpc/services/gateway/storageprovider.go
+++ b/internal/grpc/services/gateway/storageprovider.go
@@ -549,7 +549,7 @@ func (s *svc) InitiateFileDownload(ctx context.Context, req *provider.InitiateFi
 func (s *svc) InitiateFileUpload(ctx context.Context, req *provider.InitiateFileUploadRequest) (*gateway.InitiateFileUploadResponse, error) {
 	var c provider.ProviderAPIClient
 	var err error
-	c, _, req.Ref, err = s.findAndUnwrap(ctx, req.Ref)
+	c, _, req.Ref, err = s.findAndUnwrapUnique(ctx, req.Ref)
 	if err != nil {
 		return &gateway.InitiateFileUploadResponse{
 			Status: status.NewStatusFromErrType(ctx, fmt.Sprintf("gateway could not find space for ref=%+v", req.Ref), err),
diff --git a/internal/http/services/owncloud/ocdav/config/config.go b/internal/http/services/owncloud/ocdav/config/config.go
index 77c0153d78..301a876cdf 100644
--- a/internal/http/services/owncloud/ocdav/config/config.go
+++ b/internal/http/services/owncloud/ocdav/config/config.go
@@ -43,6 +43,7 @@ type Config struct {
 // NameValidation is the validation configuration for file and folder names
 type NameValidation struct {
 	InvalidChars []string `mapstructure:"invalid_chars"`
+	InvalidNames []string `mapstructure:"invalid_names"`
 	MaxLength    int      `mapstructure:"max_length"`
 }
 
@@ -83,6 +84,10 @@ func (c *Config) Init() {
 		c.NameValidation.InvalidChars = []string{"\f", "\r", "\n", "\\"}
 	}
 
+	if c.NameValidation.InvalidNames == nil {
+		c.NameValidation.InvalidNames = []string{"..", "."}
+	}
+
 	if c.NameValidation.MaxLength == 0 {
 		c.NameValidation.MaxLength = 255
 	}
diff --git a/internal/http/services/owncloud/ocdav/tus.go b/internal/http/services/owncloud/ocdav/tus.go
index c22651978a..1525fa773a 100644
--- a/internal/http/services/owncloud/ocdav/tus.go
+++ b/internal/http/services/owncloud/ocdav/tus.go
@@ -253,6 +253,7 @@ func (s *svc) handleTusPost(ctx context.Context, w http.ResponseWriter, r *http.
 			w.WriteHeader(http.StatusPreconditionFailed)
 			return
 		}
+		log.Error().Interface("status", uRes.Status).Msg("error initiating file upload")
 		errors.HandleErrorStatus(&log, w, uRes.Status)
 		return
 	}
diff --git a/internal/http/services/owncloud/ocdav/validation.go b/internal/http/services/owncloud/ocdav/validation.go
index 168b3106b5..50e624f5f6 100644
--- a/internal/http/services/owncloud/ocdav/validation.go
+++ b/internal/http/services/owncloud/ocdav/validation.go
@@ -22,6 +22,8 @@ func ValidatorsFromConfig(c *config.Config) []Validator {
 	// max length
 	vals = append(vals, isShorterThan(c.NameValidation.MaxLength))
 
+	vals = append(vals, invalidNames(c.NameValidation.InvalidNames))
+
 	return vals
 }
 
@@ -35,6 +37,17 @@ func ValidateName(name string, validators []Validator) error {
 	return nil
 }
 
+func invalidNames(bad []string) Validator {
+	return func(s string) error {
+		for _, b := range bad {
+			if s == b {
+				return fmt.Errorf("must not be %s", b)
+			}
+		}
+		return nil
+	}
+}
+
 func notEmpty() Validator {
 	return func(s string) error {
 		if strings.TrimSpace(s) == "" {

From 92df52a736942960a4c95f716906d2c1d02e7ff9 Mon Sep 17 00:00:00 2001
From: Christian Richter <crichter@owncloud.com>
Date: Wed, 19 Jun 2024 16:47:17 +0200
Subject: [PATCH 2/2] Release 2.19.8

Co-authored-by: Roman Perekhod <rperekhod@owncloud.com>

Signed-off-by: Christian Richter <crichter@owncloud.com>
---
 CHANGELOG.md                                  | 555 +++++++++++++++++-
 RELEASE_DATE                                  |   2 +-
 VERSION                                       |   2 +-
 .../add-error-translation-utils.md            |   0
 .../add-list-method-to-blobsstore.md          |   0
 .../add-mimetype-for-sb3-files.md             |   0
 .../add-path-method-to-blobstore.md           |   0
 .../add-photo-and-image-props.md              |   0
 .../add-providerinfo-secure-view-flag.md      |   0
 .../add-remaining-manager-check.md            |   0
 .../add-theme-capability.md                   |   0
 .../add-virus-filter.md                       |   0
 .../align-logs.md                             |   0
 .../bump-mockery.md                           |   0
 .../change-cache-default-store.md             |   0
 .../check-parent-on-copy.md                   |   0
 .../clean-trash-node-path.md                  |   0
 .../context-for-utils.md                      |   0
 .../dav-expose-secureview.md                  |   0
 .../enhance-removespacemember-returncode.md   |   0
 .../enhance-unique-share-mountpoint-name.md   |   0
 .../extend-service-account-permissions-2.md   |   0
 .../extend-service-account-permissions.md     |   0
 .../extensible-decomposedfs.md                |   0
 .../file-unlocked-events.md                   |   0
 .../filename-validator.md                     |   0
 .../fix-authprovider-error-message.md         |   0
 .../fix-blobstore.md                          |   0
 .../fix-ceph-build.md                         |   0
 .../fix-dav-headers.md                        |   0
 .../fix-graph-invite-virtual.md               |   0
 .../fix-graph-invite.md                       |   0
 .../fix-initiator-ids.md                      |   0
 .../fix-jsoncs3-gateway-client-and-logging.md |   0
 .../fix-mount-points-naming.md                |   0
 .../fix-nats-encoding.md                      |   0
 .../fix-ocm-share-id.md                       |   0
 .../fix-public-link-lock.md                   |   0
 .../fix-public-share-update.md                |   0
 .../fix-publiclink-previews.md                |   0
 .../fix-publiclink-upload.md                  |   0
 .../fix-publicshare-nested-appnew.md          |   0
 .../fix-remove-group-from-share.md            |   0
 .../fix-share-update.md                       |   0
 .../fix-spase-share-update-ocs.md             |   0
 .../fix-spase-share-update.md                 |   0
 .../fix-stat-recreated-share.md               |   0
 .../fix-user-group-index.md                   |   0
 .../fix_public_share_space_root.md            |   0
 .../improve-posixfs.md                        |   0
 .../initiator_id.md                           |   0
 .../kill-service-spanning-stat-cache.md       |   0
 .../linkremoved-itemid.md                     |   0
 .../mask-user-email-in-output.md              |   0
 .../mint-view-only-token.md                   |   0
 .../remove-resharing.md                       |   0
 .../secure-view-share-role.md                 |   0
 .../space-share-updated.md                    |   0
 .../support-tx-in-aces.md                     |   0
 .../test-async-processing-corner-cases.md     |   0
 .../tokenInfo-endpoint-replacement.md         |   0
 .../upload-scandata.md                        |   0
 changelog/NOTE.md                             | 495 +++++++++++++++-
 .../en/docs/changelog/2.19.8/_index.md        | 508 ++++++++++++++++
 .../grpc/services/storageprovider/_index.md   |  30 +-
 65 files changed, 1534 insertions(+), 58 deletions(-)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/add-error-translation-utils.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/add-list-method-to-blobsstore.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/add-mimetype-for-sb3-files.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/add-path-method-to-blobstore.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/add-photo-and-image-props.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/add-providerinfo-secure-view-flag.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/add-remaining-manager-check.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/add-theme-capability.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/add-virus-filter.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/align-logs.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/bump-mockery.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/change-cache-default-store.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/check-parent-on-copy.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/clean-trash-node-path.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/context-for-utils.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/dav-expose-secureview.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/enhance-removespacemember-returncode.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/enhance-unique-share-mountpoint-name.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/extend-service-account-permissions-2.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/extend-service-account-permissions.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/extensible-decomposedfs.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/file-unlocked-events.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/filename-validator.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/fix-authprovider-error-message.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/fix-blobstore.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/fix-ceph-build.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/fix-dav-headers.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/fix-graph-invite-virtual.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/fix-graph-invite.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/fix-initiator-ids.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/fix-jsoncs3-gateway-client-and-logging.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/fix-mount-points-naming.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/fix-nats-encoding.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/fix-ocm-share-id.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/fix-public-link-lock.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/fix-public-share-update.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/fix-publiclink-previews.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/fix-publiclink-upload.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/fix-publicshare-nested-appnew.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/fix-remove-group-from-share.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/fix-share-update.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/fix-spase-share-update-ocs.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/fix-spase-share-update.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/fix-stat-recreated-share.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/fix-user-group-index.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/fix_public_share_space_root.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/improve-posixfs.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/initiator_id.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/kill-service-spanning-stat-cache.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/linkremoved-itemid.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/mask-user-email-in-output.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/mint-view-only-token.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/remove-resharing.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/secure-view-share-role.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/space-share-updated.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/support-tx-in-aces.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/test-async-processing-corner-cases.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/tokenInfo-endpoint-replacement.md (100%)
 rename changelog/{unreleased => 2.19.8_2024-06-19}/upload-scandata.md (100%)
 create mode 100644 docs/content/en/docs/changelog/2.19.8/_index.md

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a9e9854dcc..56319eb414 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,502 @@
+Changelog for reva 2.19.8 (2024-06-19)
+=======================================
+
+The following sections list the changes in reva 2.19.8 relevant to
+reva users. The changes are ordered by importance.
+
+Summary
+-------
+
+*   Fix #4623: Consistently use spaceid and nodeid in logs
+*   Fix #4584: Prevent copying a file to a parent folder
+*   Fix #4700: Clean empty trash node path on delete
+*   Fix #1002: Disallow illegal filenames filter
+*   Fix #4567: Fix error message in authprovider if user is not found
+*   Fix #4615: Write blob based on session id
+*   Fix #4557: Fix ceph build
+*   Fix #4711: Duplicate headers in DAV responses
+*   Fix #4568: Fix sharing invite on virtual drive
+*   Fix #4559: Fix graph drive invite
+*   Fix #4593: Make initiatorIDs also work on uploads
+*   Fix #4608: Use gateway selector in jsoncs3
+*   Fix #4546: Fix the mount points naming
+*   Fix #4678: Fix nats encoding
+*   Fix #4630: Fix ocm-share-id
+*   Fix #4518: Fix an error when lock/unlock a file
+*   Fix #4622: Fix public share update
+*   Fix #4566: Fix public link previews
+*   Fix #4589: Fix uploading via a public link
+*   Fix #4660: Fix creating documents in nested folders of public shares
+*   Fix #4635: Fix nil pointer when removing groups from space
+*   Fix #4709: Fix share update
+*   Fix #4661: Fix space share update for ocs
+*   Fix #4656: Fix space share update
+*   Fix #4561: Fix Stat() by Path on re-created resource
+*   Fix #4710: Tolerate missing user space index
+*   Fix #4632: Fix access to files withing a public link targeting a space root
+*   Fix #4603: Mask user email in output
+*   Chg #4542: Drop unused service spanning stat cache
+*   Enh #4712: Add the error translation to the utils
+*   Enh #4696: Add List method to ocis and s3ng blobstore
+*   Enh #4693: Add mimetype for sb3 files
+*   Enh #4699: Add a Path method to blobstore
+*   Enh #4695: Add photo and image props
+*   Enh #4706: Add secureview flag when listing apps via http
+*   Enh #4585: Move more consistency checks to the usershare API
+*   Enh #4702: Added theme capability
+*   Enh #4672: Add virus filter to list uploads sessions
+*   Enh #4614: Bump mockery to v2.40.2
+*   Enh #4621: Use a memory cache for the personal space creation cache
+*   Enh #4556: Allow tracing requests by giving util functions a context
+*   Enh #4694: Expose SecureView in WebDAV permissions
+*   Enh #4652: Better error codes when removing a space member
+*   Enh #4725: Unique share mountpoint name
+*   Enh #4689: Extend service account permissions
+*   Enh #4545: Extend service account permissions
+*   Enh #4581: Make decomposedfs more extensible
+*   Enh #4564: Send file locked/unlocked events
+*   Enh #4730: Improve posixfs storage driver
+*   Enh #4587: Allow passing a initiator id
+*   Enh #4645: Add ItemID to LinkRemoved
+*   Enh #4686: Mint view only token for open in app requests
+*   Enh #4606: Remove resharing
+*   Enh #4643: Secure viewer share role
+*   Enh #4631: Add space-share-updated event
+*   Enh #4685: Support t and x in ACEs
+*   Enh #4625: Test async processing cornercases
+*   Enh #4653: Allow to resolve public shares without the ocs tokeninfo endpoint
+*   Enh #4657: Add ScanData to Uploadsession
+
+Details
+-------
+
+*   Bugfix #4623: Consistently use spaceid and nodeid in logs
+
+   Sometimes we tried to log a node which led to a JSON recursion error because it contains a
+   reference to the space root, which references itself. We now always log `spaceid` and
+   `nodeid`.
+
+   https://github.com/cs3org/reva/pull/4623
+
+*   Bugfix #4584: Prevent copying a file to a parent folder
+
+   When copying a file to its parent folder, the file would be copied onto the parent folder, moving
+   the original folder to the trash-bin.
+
+   https://github.com/owncloud/ocis/issues/1230
+   https://github.com/cs3org/reva/pull/4584
+   https://github.com/cs3org/reva/pull/4582
+   https://github.com/cs3org/reva/pull/4571
+
+*   Bugfix #4700: Clean empty trash node path on delete
+
+   We now delete empty directories in the trash when an item is purged or restored. This prevents
+   old empty directories from slowing down the globbing of trash items.
+
+   https://github.com/cs3org/reva/pull/4700
+
+*   Bugfix #1002: Disallow illegal filenames filter
+
+   We have created a validator that checks if a filename is in a list of forbidden filenames. This
+   list is defined in the config file and can be extended by the administrator.
+
+   https://github.com/owncloud/ocis/issues/1002
+
+*   Bugfix #4567: Fix error message in authprovider if user is not found
+
+   https://github.com/cs3org/reva/pull/4567
+
+*   Bugfix #4615: Write blob based on session id
+
+   Decomposedfs now uses the session id and size when moving an uplode to the blobstore. This fixes
+   a cornercase that prevents an upload session from correctly being finished when another
+   upload session to the file was started and already finished.
+
+   https://github.com/cs3org/reva/pull/4615
+
+*   Bugfix #4557: Fix ceph build
+
+   https://github.com/cs3org/reva/pull/4557
+
+*   Bugfix #4711: Duplicate headers in DAV responses
+
+   We fixed an issue where the DAV response headers were duplicated. This was caused by the WebDav
+   handler which copied over all headers from the datagateways response. Now, only the relevant
+   headers are copied over to the DAV response to prevent duplication.
+
+   https://github.com/cs3org/reva/pull/4711
+
+*   Bugfix #4568: Fix sharing invite on virtual drive
+
+   We fixed the issue when sharing of virtual drive with other users was allowed
+
+   https://github.com/owncloud/ocis/issues/8495
+   https://github.com/cs3org/reva/pull/4568
+
+*   Bugfix #4559: Fix graph drive invite
+
+   We fixed the issue when sharing of personal drive is allowed via graph
+
+   https://github.com/owncloud/ocis/issues/8494
+   https://github.com/cs3org/reva/pull/4559
+
+*   Bugfix #4593: Make initiatorIDs also work on uploads
+
+   One needs to pass them on initateupload already.
+
+   https://github.com/cs3org/reva/pull/4593
+
+*   Bugfix #4608: Use gateway selector in jsoncs3
+
+   The jsoncs3 user share manager now uses the gateway selector to get a fresh client before making
+   requests and uses the configured logger from the context.
+
+   https://github.com/cs3org/reva/pull/4608
+
+*   Bugfix #4546: Fix the mount points naming
+
+   We fixed a bug that caused inconsistent naming when multiple users share the resource with same
+   name to another user.
+
+   https://github.com/owncloud/ocis/issues/8471
+   https://github.com/cs3org/reva/pull/4546
+
+*   Bugfix #4678: Fix nats encoding
+
+   Encode nats-js-kv keys. This got lost by a dependency bump.
+
+   https://github.com/cs3org/reva/pull/4678
+
+*   Bugfix #4630: Fix ocm-share-id
+
+   We now use the share id to correctly identify ocm shares.
+
+   https://github.com/cs3org/reva/pull/4630
+
+*   Bugfix #4518: Fix an error when lock/unlock a file
+
+   We fixed a bug when anonymous user with viewer role in public link of a folder can lock/unlock a
+   file inside it
+
+   https://github.com/owncloud/ocis/issues/7785
+   https://github.com/cs3org/reva/pull/4518
+
+*   Bugfix #4622: Fix public share update
+
+   We fixed the permission check for updating public shares. When updating the permissions of a
+   public share while not providing a password, the check must be against the new permissions to
+   take into account that users can opt out only for view permissions.
+
+   https://github.com/cs3org/reva/pull/4622
+
+*   Bugfix #4566: Fix public link previews
+
+   Fixes previews for public links
+
+   https://github.com/cs3org/reva/pull/4566
+
+*   Bugfix #4589: Fix uploading via a public link
+
+   Fix http error when uploading via a public link
+
+   https://github.com/owncloud/ocis/issues/8699
+   https://github.com/cs3org/reva/pull/4589
+
+*   Bugfix #4660: Fix creating documents in nested folders of public shares
+
+   We fixed a bug that prevented creating new documented in a nested folder of a public share.
+
+   https://github.com/owncloud/ocis/issues/8957
+   https://github.com/cs3org/reva/pull/4660
+
+*   Bugfix #4635: Fix nil pointer when removing groups from space
+
+   We fixed the nil pointer when removing groups from space via graph
+
+   https://github.com/owncloud/ocis/issues/8768
+   https://github.com/cs3org/reva/pull/4635
+
+*   Bugfix #4709: Fix share update
+
+   We fixed the response code when the role/permission is empty on the share update
+
+   https://github.com/owncloud/ocis/issues/8747
+   https://github.com/cs3org/reva/pull/4709
+
+*   Bugfix #4661: Fix space share update for ocs
+
+   We fixed the space share update for ocs.
+
+   https://github.com/owncloud/ocis/issues/8905
+   https://github.com/cs3org/reva/pull/4661
+
+*   Bugfix #4656: Fix space share update
+
+   We fixed the permission check for updating the space shares when update an expirationDateTime
+   only.
+
+   https://github.com/owncloud/ocis/issues/8905
+   https://github.com/cs3org/reva/pull/4656
+
+*   Bugfix #4561: Fix Stat() by Path on re-created resource
+
+   We fixed bug that caused Stat Requests using a Path reference to a mount point in the sharejail to
+   not resolve correctly, when a share using the same mount point to an already deleted resource
+   was still existing.
+
+   https://github.com/owncloud/ocis/issues/7895
+   https://github.com/cs3org/reva/pull/4561
+
+*   Bugfix #4710: Tolerate missing user space index
+
+   We fixed a bug where the spaces for a user were not listed if the user had no space index by user.
+   This happens when a user has the role "User Light" and has been invited to a project space via a
+   group.
+
+   https://github.com/cs3org/reva/pull/4710
+
+*   Bugfix #4632: Fix access to files withing a public link targeting a space root
+
+   We fixed an issue that prevented users from opening documents within a public share that
+   targets a space root.
+
+   https://github.com/owncloud/ocis/issues/8691
+   https://github.com/cs3org/reva/pull/4632/
+
+*   Bugfix #4603: Mask user email in output
+
+   We have fixed a bug where the user email was not masked in the output and the user emails could be
+   enumerated through the sharee search.
+
+   https://github.com/owncloud/ocis/issues/8726
+   https://github.com/cs3org/reva/pull/4603
+
+*   Change #4542: Drop unused service spanning stat cache
+
+   We removed the stat cache shared between gateway and storage providers. It is constantly
+   invalidated and needs a different approach.
+
+   https://github.com/cs3org/reva/pull/4542
+
+*   Enhancement #4712: Add the error translation to the utils
+
+   We've added the error translation from the statusCodeError type to CS3 Status
+
+   https://github.com/owncloud/ocis/issues/9151
+   https://github.com/cs3org/reva/pull/4712
+
+*   Enhancement #4696: Add List method to ocis and s3ng blobstore
+
+   Allow listing blobstores for maintenance
+
+   https://github.com/cs3org/reva/pull/4696
+
+*   Enhancement #4693: Add mimetype for sb3 files
+
+   We've added the matching mimetype for sb3 files
+
+   https://github.com/cs3org/reva/pull/4693
+
+*   Enhancement #4699: Add a Path method to blobstore
+
+   Add a method to get the path of a blob to the ocis and s3ng blobstores.
+
+   https://github.com/cs3org/reva/pull/4699
+
+*   Enhancement #4695: Add photo and image props
+
+   Add `oc:photo` and `oc:image` props to PROPFIND responses for propall requests or when they
+   are explicitly requested.
+
+   https://github.com/cs3org/reva/pull/4695
+   https://github.com/cs3org/reva/pull/4684
+
+*   Enhancement #4706: Add secureview flag when listing apps via http
+
+   To allow clients to see which application supports secure view we add a flag to the http response
+   when the app address matches a configured secure view app address.
+
+   https://github.com/cs3org/reva/pull/4706
+   https://github.com/cs3org/reva/pull/4703
+
+*   Enhancement #4585: Move more consistency checks to the usershare API
+
+   The gateway now checks if there will be at least one space manager remaining before deleting a
+   space member. The legacy ocs based sharing implementaion already does this on its own. But for
+   the future graph based sharing implementation it is better to have the check in a more central
+   place.
+
+   https://github.com/cs3org/reva/pull/4585
+
+*   Enhancement #4702: Added theme capability
+
+   The ocs capabilities now contain a theme capability that exposes theme related configuration
+   options to the clients. As part of this change, the ocs capabilities are now exposed and can be
+   used externally.
+
+   https://github.com/cs3org/reva/pull/4702
+
+*   Enhancement #4672: Add virus filter to list uploads sessions
+
+   Adds a filter for filtering for infected uploads
+
+   https://github.com/cs3org/reva/pull/4672
+
+*   Enhancement #4614: Bump mockery to v2.40.2
+
+   We switched to the latest mockery and changed to .mockery.yaml based mock generation.
+
+   https://github.com/cs3org/reva/pull/4614
+
+*   Enhancement #4621: Use a memory cache for the personal space creation cache
+
+   Memory is a safe default and ensures that superfluous calls to CreateStorageSpace are
+   prevented.
+
+   https://github.com/cs3org/reva/pull/4621
+
+*   Enhancement #4556: Allow tracing requests by giving util functions a context
+
+   We deprecated GetServiceUserContext with GetServiceUserContextWithContext and GetUser
+   with GetUserWithContext to allow passing in a trace context.
+
+   https://github.com/cs3org/reva/pull/4556
+
+*   Enhancement #4694: Expose SecureView in WebDAV permissions
+
+   When a file or folder can be securely viewed we now add an `X` to the permissions.
+
+   https://github.com/cs3org/reva/pull/4694
+
+*   Enhancement #4652: Better error codes when removing a space member
+
+   The gateway returns more specific error codes when removing a space member fails.
+
+   https://github.com/owncloud/ocis/issues/8819
+   https://github.com/cs3org/reva/pull/4652
+
+*   Enhancement #4725: Unique share mountpoint name
+
+   Accepting a received share with a mountpoint name that already exists will now append a unique
+   suffix to the mountpoint name.
+
+   https://github.com/owncloud/ocis/issues/8961
+   https://github.com/cs3org/reva/pull/4725
+   https://github.com/cs3org/reva/pull/4723
+   https://github.com/cs3org/reva/pull/4714
+
+*   Enhancement #4689: Extend service account permissions
+
+   Adds AddGrant permisson
+
+   https://github.com/cs3org/reva/pull/4689
+
+*   Enhancement #4545: Extend service account permissions
+
+   Adds CreateContainer permisson and improves cs3 storage pkg
+
+   https://github.com/cs3org/reva/pull/4545
+
+*   Enhancement #4581: Make decomposedfs more extensible
+
+   We refactored decomposedfs to make it more extensible, e.g. for the posixfs storage driver.
+
+   https://github.com/cs3org/reva/pull/4581
+
+*   Enhancement #4564: Send file locked/unlocked events
+
+   Emit an event when a file is locked or unlocked
+
+   https://github.com/cs3org/reva/pull/4564
+
+*   Enhancement #4730: Improve posixfs storage driver
+
+   Improve the posixfs storage driver by fixing several issues and adding missing features.
+
+   https://github.com/cs3org/reva/pull/4730
+   https://github.com/cs3org/reva/pull/4719
+   https://github.com/cs3org/reva/pull/4708
+   https://github.com/cs3org/reva/pull/4562
+
+*   Enhancement #4587: Allow passing a initiator id
+
+   Allows passing an initiator id on http request as `Initiator-ID` header. It will be passed down
+   though ocis and returned with sse events (clientlog events, as userlog has its own logic)
+
+   https://github.com/cs3org/reva/pull/4587
+
+*   Enhancement #4645: Add ItemID to LinkRemoved
+
+   Add itemID to linkremoved response and event
+
+   https://github.com/cs3org/reva/pull/4645
+
+*   Enhancement #4686: Mint view only token for open in app requests
+
+   When a view only mode is requested for open in app requests the gateway now mints a view only token
+   scoped to the requested resource. This token can be used by trusted app providers to download
+   the resource even if the user has no download permission.
+
+   https://github.com/cs3org/reva/pull/4686
+
+*   Enhancement #4606: Remove resharing
+
+   Removed all code related to resharing
+
+   https://github.com/cs3org/reva/pull/4606
+
+*   Enhancement #4643: Secure viewer share role
+
+   A new share role "Secure viewer" has been added. This role only allows viewing resources, no
+   downloading, editing or deleting.
+
+   https://github.com/cs3org/reva/pull/4643
+
+*   Enhancement #4631: Add space-share-updated event
+
+   This event is triggered when a share on a space root (aka space membership) is changed
+
+   https://github.com/cs3org/reva/pull/4631
+
+*   Enhancement #4685: Support t and x in ACEs
+
+   To support view only shares (dowload forbidden) we added t (read attrs) and x (directory
+   traversal) permissions to the decomposed FS ACEs.
+
+   https://github.com/cs3org/reva/pull/4685
+
+*   Enhancement #4625: Test async processing cornercases
+
+   We added tests to cover several bugs where file metadata or parent treesize might get corrupted
+   when postprocessing errors occur in specific order. For now, the added test cases test the
+   current behavior but contain comments and FIXMEs for the expected behavior.
+
+   https://github.com/cs3org/reva/pull/4625
+
+*   Enhancement #4653: Allow to resolve public shares without the ocs tokeninfo endpoint
+
+   Instead of querying the /v1.php/apps/files_sharing/api/v1/tokeninfo/ endpoint, a client
+   can now resolve public and internal links by sending a PROPFIND request to
+   /dav/public-files/{sharetoken}
+
+   * authenticated clients accessing an internal link are redirected to the "real" resource
+   (`/dav/spaces/{target-resource-id} * authenticated clients are able to resolve public
+   links like before. For password protected links they need to supply the password even if they
+   have access to the underlying resource by other means. * unauthenticated clients accessing an
+   internal link get a 401 returned with WWW-Authenticate set to Bearer (so that the client knows
+   that it need to get a token via the IDP login page. * unauthenticated clients accessing a
+   password protected link get a 401 returned with an error message to indicate the requirement
+   for needing the link's password.
+
+   https://github.com/owncloud/ocis/issues/8858
+   https://github.com/cs3org/reva/pull/4653
+
+*   Enhancement #4657: Add ScanData to Uploadsession
+
+   Adds virus scan results to the upload session.
+
+   https://github.com/cs3org/reva/pull/4657
+
 Changelog for reva 2.19.1 (2024-02-29)
 =======================================
 
@@ -3722,34 +4221,6 @@ Details
 
    https://github.com/cs3org/reva/pull/3083
 
-Changelog for reva 2.7.1 (2022-07-15)
-=======================================
-
-The following sections list the changes in reva 2.7.1 relevant to
-reva users. The changes are ordered by importance.
-
-Summary
--------
-
-*   Fix #3080: Make dataproviders return more headers
-*   Enh #3046: Add user filter
-
-Details
--------
-
-*   Bugfix #3080: Make dataproviders return more headers
-
-   Instead of ocdav doing an additional Stat request we now rely on the dataprovider to return the
-   necessary metadata information as headers.
-
-   https://github.com/owncloud/reva/issues/3080
-
-*   Enhancement #3046: Add user filter
-
-   This PR adds the ability to filter spaces by user-id
-
-   https://github.com/cs3org/reva/pull/3046
-
 Changelog for reva 2.7.0 (2022-07-15)
 =======================================
 
@@ -3882,6 +4353,34 @@ Details
    https://github.com/owncloud/ocis/issues/3073
    https://github.com/cs3org/reva/pull/2977
 
+Changelog for reva 2.7.1 (2022-07-15)
+=======================================
+
+The following sections list the changes in reva 2.7.1 relevant to
+reva users. The changes are ordered by importance.
+
+Summary
+-------
+
+*   Fix #3080: Make dataproviders return more headers
+*   Enh #3046: Add user filter
+
+Details
+-------
+
+*   Bugfix #3080: Make dataproviders return more headers
+
+   Instead of ocdav doing an additional Stat request we now rely on the dataprovider to return the
+   necessary metadata information as headers.
+
+   https://github.com/owncloud/reva/issues/3080
+
+*   Enhancement #3046: Add user filter
+
+   This PR adds the ability to filter spaces by user-id
+
+   https://github.com/cs3org/reva/pull/3046
+
 Changelog for reva 2.6.1 (2022-06-27)
 =======================================
 
diff --git a/RELEASE_DATE b/RELEASE_DATE
index 8c196ce344..a20358af06 100644
--- a/RELEASE_DATE
+++ b/RELEASE_DATE
@@ -1 +1 @@
-2024-02-29
\ No newline at end of file
+2024-06-19
\ No newline at end of file
diff --git a/VERSION b/VERSION
index 7965242b30..e946730a60 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.19.1
\ No newline at end of file
+2.19.8
\ No newline at end of file
diff --git a/changelog/unreleased/add-error-translation-utils.md b/changelog/2.19.8_2024-06-19/add-error-translation-utils.md
similarity index 100%
rename from changelog/unreleased/add-error-translation-utils.md
rename to changelog/2.19.8_2024-06-19/add-error-translation-utils.md
diff --git a/changelog/unreleased/add-list-method-to-blobsstore.md b/changelog/2.19.8_2024-06-19/add-list-method-to-blobsstore.md
similarity index 100%
rename from changelog/unreleased/add-list-method-to-blobsstore.md
rename to changelog/2.19.8_2024-06-19/add-list-method-to-blobsstore.md
diff --git a/changelog/unreleased/add-mimetype-for-sb3-files.md b/changelog/2.19.8_2024-06-19/add-mimetype-for-sb3-files.md
similarity index 100%
rename from changelog/unreleased/add-mimetype-for-sb3-files.md
rename to changelog/2.19.8_2024-06-19/add-mimetype-for-sb3-files.md
diff --git a/changelog/unreleased/add-path-method-to-blobstore.md b/changelog/2.19.8_2024-06-19/add-path-method-to-blobstore.md
similarity index 100%
rename from changelog/unreleased/add-path-method-to-blobstore.md
rename to changelog/2.19.8_2024-06-19/add-path-method-to-blobstore.md
diff --git a/changelog/unreleased/add-photo-and-image-props.md b/changelog/2.19.8_2024-06-19/add-photo-and-image-props.md
similarity index 100%
rename from changelog/unreleased/add-photo-and-image-props.md
rename to changelog/2.19.8_2024-06-19/add-photo-and-image-props.md
diff --git a/changelog/unreleased/add-providerinfo-secure-view-flag.md b/changelog/2.19.8_2024-06-19/add-providerinfo-secure-view-flag.md
similarity index 100%
rename from changelog/unreleased/add-providerinfo-secure-view-flag.md
rename to changelog/2.19.8_2024-06-19/add-providerinfo-secure-view-flag.md
diff --git a/changelog/unreleased/add-remaining-manager-check.md b/changelog/2.19.8_2024-06-19/add-remaining-manager-check.md
similarity index 100%
rename from changelog/unreleased/add-remaining-manager-check.md
rename to changelog/2.19.8_2024-06-19/add-remaining-manager-check.md
diff --git a/changelog/unreleased/add-theme-capability.md b/changelog/2.19.8_2024-06-19/add-theme-capability.md
similarity index 100%
rename from changelog/unreleased/add-theme-capability.md
rename to changelog/2.19.8_2024-06-19/add-theme-capability.md
diff --git a/changelog/unreleased/add-virus-filter.md b/changelog/2.19.8_2024-06-19/add-virus-filter.md
similarity index 100%
rename from changelog/unreleased/add-virus-filter.md
rename to changelog/2.19.8_2024-06-19/add-virus-filter.md
diff --git a/changelog/unreleased/align-logs.md b/changelog/2.19.8_2024-06-19/align-logs.md
similarity index 100%
rename from changelog/unreleased/align-logs.md
rename to changelog/2.19.8_2024-06-19/align-logs.md
diff --git a/changelog/unreleased/bump-mockery.md b/changelog/2.19.8_2024-06-19/bump-mockery.md
similarity index 100%
rename from changelog/unreleased/bump-mockery.md
rename to changelog/2.19.8_2024-06-19/bump-mockery.md
diff --git a/changelog/unreleased/change-cache-default-store.md b/changelog/2.19.8_2024-06-19/change-cache-default-store.md
similarity index 100%
rename from changelog/unreleased/change-cache-default-store.md
rename to changelog/2.19.8_2024-06-19/change-cache-default-store.md
diff --git a/changelog/unreleased/check-parent-on-copy.md b/changelog/2.19.8_2024-06-19/check-parent-on-copy.md
similarity index 100%
rename from changelog/unreleased/check-parent-on-copy.md
rename to changelog/2.19.8_2024-06-19/check-parent-on-copy.md
diff --git a/changelog/unreleased/clean-trash-node-path.md b/changelog/2.19.8_2024-06-19/clean-trash-node-path.md
similarity index 100%
rename from changelog/unreleased/clean-trash-node-path.md
rename to changelog/2.19.8_2024-06-19/clean-trash-node-path.md
diff --git a/changelog/unreleased/context-for-utils.md b/changelog/2.19.8_2024-06-19/context-for-utils.md
similarity index 100%
rename from changelog/unreleased/context-for-utils.md
rename to changelog/2.19.8_2024-06-19/context-for-utils.md
diff --git a/changelog/unreleased/dav-expose-secureview.md b/changelog/2.19.8_2024-06-19/dav-expose-secureview.md
similarity index 100%
rename from changelog/unreleased/dav-expose-secureview.md
rename to changelog/2.19.8_2024-06-19/dav-expose-secureview.md
diff --git a/changelog/unreleased/enhance-removespacemember-returncode.md b/changelog/2.19.8_2024-06-19/enhance-removespacemember-returncode.md
similarity index 100%
rename from changelog/unreleased/enhance-removespacemember-returncode.md
rename to changelog/2.19.8_2024-06-19/enhance-removespacemember-returncode.md
diff --git a/changelog/unreleased/enhance-unique-share-mountpoint-name.md b/changelog/2.19.8_2024-06-19/enhance-unique-share-mountpoint-name.md
similarity index 100%
rename from changelog/unreleased/enhance-unique-share-mountpoint-name.md
rename to changelog/2.19.8_2024-06-19/enhance-unique-share-mountpoint-name.md
diff --git a/changelog/unreleased/extend-service-account-permissions-2.md b/changelog/2.19.8_2024-06-19/extend-service-account-permissions-2.md
similarity index 100%
rename from changelog/unreleased/extend-service-account-permissions-2.md
rename to changelog/2.19.8_2024-06-19/extend-service-account-permissions-2.md
diff --git a/changelog/unreleased/extend-service-account-permissions.md b/changelog/2.19.8_2024-06-19/extend-service-account-permissions.md
similarity index 100%
rename from changelog/unreleased/extend-service-account-permissions.md
rename to changelog/2.19.8_2024-06-19/extend-service-account-permissions.md
diff --git a/changelog/unreleased/extensible-decomposedfs.md b/changelog/2.19.8_2024-06-19/extensible-decomposedfs.md
similarity index 100%
rename from changelog/unreleased/extensible-decomposedfs.md
rename to changelog/2.19.8_2024-06-19/extensible-decomposedfs.md
diff --git a/changelog/unreleased/file-unlocked-events.md b/changelog/2.19.8_2024-06-19/file-unlocked-events.md
similarity index 100%
rename from changelog/unreleased/file-unlocked-events.md
rename to changelog/2.19.8_2024-06-19/file-unlocked-events.md
diff --git a/changelog/unreleased/filename-validator.md b/changelog/2.19.8_2024-06-19/filename-validator.md
similarity index 100%
rename from changelog/unreleased/filename-validator.md
rename to changelog/2.19.8_2024-06-19/filename-validator.md
diff --git a/changelog/unreleased/fix-authprovider-error-message.md b/changelog/2.19.8_2024-06-19/fix-authprovider-error-message.md
similarity index 100%
rename from changelog/unreleased/fix-authprovider-error-message.md
rename to changelog/2.19.8_2024-06-19/fix-authprovider-error-message.md
diff --git a/changelog/unreleased/fix-blobstore.md b/changelog/2.19.8_2024-06-19/fix-blobstore.md
similarity index 100%
rename from changelog/unreleased/fix-blobstore.md
rename to changelog/2.19.8_2024-06-19/fix-blobstore.md
diff --git a/changelog/unreleased/fix-ceph-build.md b/changelog/2.19.8_2024-06-19/fix-ceph-build.md
similarity index 100%
rename from changelog/unreleased/fix-ceph-build.md
rename to changelog/2.19.8_2024-06-19/fix-ceph-build.md
diff --git a/changelog/unreleased/fix-dav-headers.md b/changelog/2.19.8_2024-06-19/fix-dav-headers.md
similarity index 100%
rename from changelog/unreleased/fix-dav-headers.md
rename to changelog/2.19.8_2024-06-19/fix-dav-headers.md
diff --git a/changelog/unreleased/fix-graph-invite-virtual.md b/changelog/2.19.8_2024-06-19/fix-graph-invite-virtual.md
similarity index 100%
rename from changelog/unreleased/fix-graph-invite-virtual.md
rename to changelog/2.19.8_2024-06-19/fix-graph-invite-virtual.md
diff --git a/changelog/unreleased/fix-graph-invite.md b/changelog/2.19.8_2024-06-19/fix-graph-invite.md
similarity index 100%
rename from changelog/unreleased/fix-graph-invite.md
rename to changelog/2.19.8_2024-06-19/fix-graph-invite.md
diff --git a/changelog/unreleased/fix-initiator-ids.md b/changelog/2.19.8_2024-06-19/fix-initiator-ids.md
similarity index 100%
rename from changelog/unreleased/fix-initiator-ids.md
rename to changelog/2.19.8_2024-06-19/fix-initiator-ids.md
diff --git a/changelog/unreleased/fix-jsoncs3-gateway-client-and-logging.md b/changelog/2.19.8_2024-06-19/fix-jsoncs3-gateway-client-and-logging.md
similarity index 100%
rename from changelog/unreleased/fix-jsoncs3-gateway-client-and-logging.md
rename to changelog/2.19.8_2024-06-19/fix-jsoncs3-gateway-client-and-logging.md
diff --git a/changelog/unreleased/fix-mount-points-naming.md b/changelog/2.19.8_2024-06-19/fix-mount-points-naming.md
similarity index 100%
rename from changelog/unreleased/fix-mount-points-naming.md
rename to changelog/2.19.8_2024-06-19/fix-mount-points-naming.md
diff --git a/changelog/unreleased/fix-nats-encoding.md b/changelog/2.19.8_2024-06-19/fix-nats-encoding.md
similarity index 100%
rename from changelog/unreleased/fix-nats-encoding.md
rename to changelog/2.19.8_2024-06-19/fix-nats-encoding.md
diff --git a/changelog/unreleased/fix-ocm-share-id.md b/changelog/2.19.8_2024-06-19/fix-ocm-share-id.md
similarity index 100%
rename from changelog/unreleased/fix-ocm-share-id.md
rename to changelog/2.19.8_2024-06-19/fix-ocm-share-id.md
diff --git a/changelog/unreleased/fix-public-link-lock.md b/changelog/2.19.8_2024-06-19/fix-public-link-lock.md
similarity index 100%
rename from changelog/unreleased/fix-public-link-lock.md
rename to changelog/2.19.8_2024-06-19/fix-public-link-lock.md
diff --git a/changelog/unreleased/fix-public-share-update.md b/changelog/2.19.8_2024-06-19/fix-public-share-update.md
similarity index 100%
rename from changelog/unreleased/fix-public-share-update.md
rename to changelog/2.19.8_2024-06-19/fix-public-share-update.md
diff --git a/changelog/unreleased/fix-publiclink-previews.md b/changelog/2.19.8_2024-06-19/fix-publiclink-previews.md
similarity index 100%
rename from changelog/unreleased/fix-publiclink-previews.md
rename to changelog/2.19.8_2024-06-19/fix-publiclink-previews.md
diff --git a/changelog/unreleased/fix-publiclink-upload.md b/changelog/2.19.8_2024-06-19/fix-publiclink-upload.md
similarity index 100%
rename from changelog/unreleased/fix-publiclink-upload.md
rename to changelog/2.19.8_2024-06-19/fix-publiclink-upload.md
diff --git a/changelog/unreleased/fix-publicshare-nested-appnew.md b/changelog/2.19.8_2024-06-19/fix-publicshare-nested-appnew.md
similarity index 100%
rename from changelog/unreleased/fix-publicshare-nested-appnew.md
rename to changelog/2.19.8_2024-06-19/fix-publicshare-nested-appnew.md
diff --git a/changelog/unreleased/fix-remove-group-from-share.md b/changelog/2.19.8_2024-06-19/fix-remove-group-from-share.md
similarity index 100%
rename from changelog/unreleased/fix-remove-group-from-share.md
rename to changelog/2.19.8_2024-06-19/fix-remove-group-from-share.md
diff --git a/changelog/unreleased/fix-share-update.md b/changelog/2.19.8_2024-06-19/fix-share-update.md
similarity index 100%
rename from changelog/unreleased/fix-share-update.md
rename to changelog/2.19.8_2024-06-19/fix-share-update.md
diff --git a/changelog/unreleased/fix-spase-share-update-ocs.md b/changelog/2.19.8_2024-06-19/fix-spase-share-update-ocs.md
similarity index 100%
rename from changelog/unreleased/fix-spase-share-update-ocs.md
rename to changelog/2.19.8_2024-06-19/fix-spase-share-update-ocs.md
diff --git a/changelog/unreleased/fix-spase-share-update.md b/changelog/2.19.8_2024-06-19/fix-spase-share-update.md
similarity index 100%
rename from changelog/unreleased/fix-spase-share-update.md
rename to changelog/2.19.8_2024-06-19/fix-spase-share-update.md
diff --git a/changelog/unreleased/fix-stat-recreated-share.md b/changelog/2.19.8_2024-06-19/fix-stat-recreated-share.md
similarity index 100%
rename from changelog/unreleased/fix-stat-recreated-share.md
rename to changelog/2.19.8_2024-06-19/fix-stat-recreated-share.md
diff --git a/changelog/unreleased/fix-user-group-index.md b/changelog/2.19.8_2024-06-19/fix-user-group-index.md
similarity index 100%
rename from changelog/unreleased/fix-user-group-index.md
rename to changelog/2.19.8_2024-06-19/fix-user-group-index.md
diff --git a/changelog/unreleased/fix_public_share_space_root.md b/changelog/2.19.8_2024-06-19/fix_public_share_space_root.md
similarity index 100%
rename from changelog/unreleased/fix_public_share_space_root.md
rename to changelog/2.19.8_2024-06-19/fix_public_share_space_root.md
diff --git a/changelog/unreleased/improve-posixfs.md b/changelog/2.19.8_2024-06-19/improve-posixfs.md
similarity index 100%
rename from changelog/unreleased/improve-posixfs.md
rename to changelog/2.19.8_2024-06-19/improve-posixfs.md
diff --git a/changelog/unreleased/initiator_id.md b/changelog/2.19.8_2024-06-19/initiator_id.md
similarity index 100%
rename from changelog/unreleased/initiator_id.md
rename to changelog/2.19.8_2024-06-19/initiator_id.md
diff --git a/changelog/unreleased/kill-service-spanning-stat-cache.md b/changelog/2.19.8_2024-06-19/kill-service-spanning-stat-cache.md
similarity index 100%
rename from changelog/unreleased/kill-service-spanning-stat-cache.md
rename to changelog/2.19.8_2024-06-19/kill-service-spanning-stat-cache.md
diff --git a/changelog/unreleased/linkremoved-itemid.md b/changelog/2.19.8_2024-06-19/linkremoved-itemid.md
similarity index 100%
rename from changelog/unreleased/linkremoved-itemid.md
rename to changelog/2.19.8_2024-06-19/linkremoved-itemid.md
diff --git a/changelog/unreleased/mask-user-email-in-output.md b/changelog/2.19.8_2024-06-19/mask-user-email-in-output.md
similarity index 100%
rename from changelog/unreleased/mask-user-email-in-output.md
rename to changelog/2.19.8_2024-06-19/mask-user-email-in-output.md
diff --git a/changelog/unreleased/mint-view-only-token.md b/changelog/2.19.8_2024-06-19/mint-view-only-token.md
similarity index 100%
rename from changelog/unreleased/mint-view-only-token.md
rename to changelog/2.19.8_2024-06-19/mint-view-only-token.md
diff --git a/changelog/unreleased/remove-resharing.md b/changelog/2.19.8_2024-06-19/remove-resharing.md
similarity index 100%
rename from changelog/unreleased/remove-resharing.md
rename to changelog/2.19.8_2024-06-19/remove-resharing.md
diff --git a/changelog/unreleased/secure-view-share-role.md b/changelog/2.19.8_2024-06-19/secure-view-share-role.md
similarity index 100%
rename from changelog/unreleased/secure-view-share-role.md
rename to changelog/2.19.8_2024-06-19/secure-view-share-role.md
diff --git a/changelog/unreleased/space-share-updated.md b/changelog/2.19.8_2024-06-19/space-share-updated.md
similarity index 100%
rename from changelog/unreleased/space-share-updated.md
rename to changelog/2.19.8_2024-06-19/space-share-updated.md
diff --git a/changelog/unreleased/support-tx-in-aces.md b/changelog/2.19.8_2024-06-19/support-tx-in-aces.md
similarity index 100%
rename from changelog/unreleased/support-tx-in-aces.md
rename to changelog/2.19.8_2024-06-19/support-tx-in-aces.md
diff --git a/changelog/unreleased/test-async-processing-corner-cases.md b/changelog/2.19.8_2024-06-19/test-async-processing-corner-cases.md
similarity index 100%
rename from changelog/unreleased/test-async-processing-corner-cases.md
rename to changelog/2.19.8_2024-06-19/test-async-processing-corner-cases.md
diff --git a/changelog/unreleased/tokenInfo-endpoint-replacement.md b/changelog/2.19.8_2024-06-19/tokenInfo-endpoint-replacement.md
similarity index 100%
rename from changelog/unreleased/tokenInfo-endpoint-replacement.md
rename to changelog/2.19.8_2024-06-19/tokenInfo-endpoint-replacement.md
diff --git a/changelog/unreleased/upload-scandata.md b/changelog/2.19.8_2024-06-19/upload-scandata.md
similarity index 100%
rename from changelog/unreleased/upload-scandata.md
rename to changelog/2.19.8_2024-06-19/upload-scandata.md
diff --git a/changelog/NOTE.md b/changelog/NOTE.md
index 3f06639966..d97f136d79 100644
--- a/changelog/NOTE.md
+++ b/changelog/NOTE.md
@@ -1,30 +1,499 @@
-Changelog for reva 2.19.1 (2024-02-29)
+Changelog for reva 2.19.8 (2024-06-19)
 =======================================
 
-The following sections list the changes in reva 2.19.1 relevant to
+The following sections list the changes in reva 2.19.8 relevant to
 reva users. The changes are ordered by importance.
 
 Summary
 -------
 
-*   Fix #4534: Fix remove/update share permissions
-*   Fix #4539: Fix a typo
+*   Fix #4623: Consistently use spaceid and nodeid in logs
+*   Fix #4584: Prevent copying a file to a parent folder
+*   Fix #4700: Clean empty trash node path on delete
+*   Fix #1002: Disallow illegal filenames filter
+*   Fix #4567: Fix error message in authprovider if user is not found
+*   Fix #4615: Write blob based on session id
+*   Fix #4557: Fix ceph build
+*   Fix #4711: Duplicate headers in DAV responses
+*   Fix #4568: Fix sharing invite on virtual drive
+*   Fix #4559: Fix graph drive invite
+*   Fix #4593: Make initiatorIDs also work on uploads
+*   Fix #4608: Use gateway selector in jsoncs3
+*   Fix #4546: Fix the mount points naming
+*   Fix #4678: Fix nats encoding
+*   Fix #4630: Fix ocm-share-id
+*   Fix #4518: Fix an error when lock/unlock a file
+*   Fix #4622: Fix public share update
+*   Fix #4566: Fix public link previews
+*   Fix #4589: Fix uploading via a public link
+*   Fix #4660: Fix creating documents in nested folders of public shares
+*   Fix #4635: Fix nil pointer when removing groups from space
+*   Fix #4709: Fix share update
+*   Fix #4661: Fix space share update for ocs
+*   Fix #4656: Fix space share update
+*   Fix #4561: Fix Stat() by Path on re-created resource
+*   Fix #4710: Tolerate missing user space index
+*   Fix #4632: Fix access to files withing a public link targeting a space root
+*   Fix #4603: Mask user email in output
+*   Chg #4542: Drop unused service spanning stat cache
+*   Enh #4712: Add the error translation to the utils
+*   Enh #4696: Add List method to ocis and s3ng blobstore
+*   Enh #4693: Add mimetype for sb3 files
+*   Enh #4699: Add a Path method to blobstore
+*   Enh #4695: Add photo and image props
+*   Enh #4706: Add secureview flag when listing apps via http
+*   Enh #4585: Move more consistency checks to the usershare API
+*   Enh #4702: Added theme capability
+*   Enh #4672: Add virus filter to list uploads sessions
+*   Enh #4614: Bump mockery to v2.40.2
+*   Enh #4621: Use a memory cache for the personal space creation cache
+*   Enh #4556: Allow tracing requests by giving util functions a context
+*   Enh #4694: Expose SecureView in WebDAV permissions
+*   Enh #4652: Better error codes when removing a space member
+*   Enh #4725: Unique share mountpoint name
+*   Enh #4689: Extend service account permissions
+*   Enh #4545: Extend service account permissions
+*   Enh #4581: Make decomposedfs more extensible
+*   Enh #4564: Send file locked/unlocked events
+*   Enh #4730: Improve posixfs storage driver
+*   Enh #4587: Allow passing a initiator id
+*   Enh #4645: Add ItemID to LinkRemoved
+*   Enh #4686: Mint view only token for open in app requests
+*   Enh #4606: Remove resharing
+*   Enh #4643: Secure viewer share role
+*   Enh #4631: Add space-share-updated event
+*   Enh #4685: Support t and x in ACEs
+*   Enh #4625: Test async processing cornercases
+*   Enh #4653: Allow to resolve public shares without the ocs tokeninfo endpoint
+*   Enh #4657: Add ScanData to Uploadsession
 
 Details
 -------
 
-*   Bugfix #4534: Fix remove/update share permissions
+*   Bugfix #4623: Consistently use spaceid and nodeid in logs
 
-   This is a workaround that should prevent removing or changing the share permissions when the
-   file is locked. These limitations have to be removed after the wopi server will be able to unlock
-   the file properly. These limitations are not spread on the files inside the shared folder.
+   Sometimes we tried to log a node which led to a JSON recursion error because it contains a
+   reference to the space root, which references itself. We now always log `spaceid` and
+   `nodeid`.
 
-   https://github.com/owncloud/ocis/issues/8273
-   https://github.com/cs3org/reva/pull/4534
+   https://github.com/cs3org/reva/pull/4623
 
-*   Bugfix #4539: Fix a typo
+*   Bugfix #4584: Prevent copying a file to a parent folder
 
-   We fixed a typo
+   When copying a file to its parent folder, the file would be copied onto the parent folder, moving
+   the original folder to the trash-bin.
 
-   https://github.com/cs3org/reva/pull/4539
+   https://github.com/owncloud/ocis/issues/1230
+   https://github.com/cs3org/reva/pull/4584
+   https://github.com/cs3org/reva/pull/4582
+   https://github.com/cs3org/reva/pull/4571
+
+*   Bugfix #4700: Clean empty trash node path on delete
+
+   We now delete empty directories in the trash when an item is purged or restored. This prevents
+   old empty directories from slowing down the globbing of trash items.
+
+   https://github.com/cs3org/reva/pull/4700
+
+*   Bugfix #1002: Disallow illegal filenames filter
+
+   We have created a validator that checks if a filename is in a list of forbidden filenames. This
+   list is defined in the config file and can be extended by the administrator.
+
+   https://github.com/owncloud/ocis/issues/1002
+
+*   Bugfix #4567: Fix error message in authprovider if user is not found
+
+   https://github.com/cs3org/reva/pull/4567
+
+*   Bugfix #4615: Write blob based on session id
+
+   Decomposedfs now uses the session id and size when moving an uplode to the blobstore. This fixes
+   a cornercase that prevents an upload session from correctly being finished when another
+   upload session to the file was started and already finished.
+
+   https://github.com/cs3org/reva/pull/4615
+
+*   Bugfix #4557: Fix ceph build
+
+   https://github.com/cs3org/reva/pull/4557
+
+*   Bugfix #4711: Duplicate headers in DAV responses
+
+   We fixed an issue where the DAV response headers were duplicated. This was caused by the WebDav
+   handler which copied over all headers from the datagateways response. Now, only the relevant
+   headers are copied over to the DAV response to prevent duplication.
+
+   https://github.com/cs3org/reva/pull/4711
+
+*   Bugfix #4568: Fix sharing invite on virtual drive
+
+   We fixed the issue when sharing of virtual drive with other users was allowed
+
+   https://github.com/owncloud/ocis/issues/8495
+   https://github.com/cs3org/reva/pull/4568
+
+*   Bugfix #4559: Fix graph drive invite
+
+   We fixed the issue when sharing of personal drive is allowed via graph
+
+   https://github.com/owncloud/ocis/issues/8494
+   https://github.com/cs3org/reva/pull/4559
+
+*   Bugfix #4593: Make initiatorIDs also work on uploads
+
+   One needs to pass them on initateupload already.
+
+   https://github.com/cs3org/reva/pull/4593
+
+*   Bugfix #4608: Use gateway selector in jsoncs3
+
+   The jsoncs3 user share manager now uses the gateway selector to get a fresh client before making
+   requests and uses the configured logger from the context.
+
+   https://github.com/cs3org/reva/pull/4608
+
+*   Bugfix #4546: Fix the mount points naming
+
+   We fixed a bug that caused inconsistent naming when multiple users share the resource with same
+   name to another user.
+
+   https://github.com/owncloud/ocis/issues/8471
+   https://github.com/cs3org/reva/pull/4546
+
+*   Bugfix #4678: Fix nats encoding
+
+   Encode nats-js-kv keys. This got lost by a dependency bump.
+
+   https://github.com/cs3org/reva/pull/4678
+
+*   Bugfix #4630: Fix ocm-share-id
+
+   We now use the share id to correctly identify ocm shares.
+
+   https://github.com/cs3org/reva/pull/4630
+
+*   Bugfix #4518: Fix an error when lock/unlock a file
+
+   We fixed a bug when anonymous user with viewer role in public link of a folder can lock/unlock a
+   file inside it
+
+   https://github.com/owncloud/ocis/issues/7785
+   https://github.com/cs3org/reva/pull/4518
+
+*   Bugfix #4622: Fix public share update
+
+   We fixed the permission check for updating public shares. When updating the permissions of a
+   public share while not providing a password, the check must be against the new permissions to
+   take into account that users can opt out only for view permissions.
+
+   https://github.com/cs3org/reva/pull/4622
+
+*   Bugfix #4566: Fix public link previews
+
+   Fixes previews for public links
+
+   https://github.com/cs3org/reva/pull/4566
+
+*   Bugfix #4589: Fix uploading via a public link
+
+   Fix http error when uploading via a public link
+
+   https://github.com/owncloud/ocis/issues/8699
+   https://github.com/cs3org/reva/pull/4589
+
+*   Bugfix #4660: Fix creating documents in nested folders of public shares
+
+   We fixed a bug that prevented creating new documented in a nested folder of a public share.
+
+   https://github.com/owncloud/ocis/issues/8957
+   https://github.com/cs3org/reva/pull/4660
+
+*   Bugfix #4635: Fix nil pointer when removing groups from space
+
+   We fixed the nil pointer when removing groups from space via graph
+
+   https://github.com/owncloud/ocis/issues/8768
+   https://github.com/cs3org/reva/pull/4635
+
+*   Bugfix #4709: Fix share update
+
+   We fixed the response code when the role/permission is empty on the share update
+
+   https://github.com/owncloud/ocis/issues/8747
+   https://github.com/cs3org/reva/pull/4709
+
+*   Bugfix #4661: Fix space share update for ocs
+
+   We fixed the space share update for ocs.
+
+   https://github.com/owncloud/ocis/issues/8905
+   https://github.com/cs3org/reva/pull/4661
+
+*   Bugfix #4656: Fix space share update
+
+   We fixed the permission check for updating the space shares when update an expirationDateTime
+   only.
+
+   https://github.com/owncloud/ocis/issues/8905
+   https://github.com/cs3org/reva/pull/4656
+
+*   Bugfix #4561: Fix Stat() by Path on re-created resource
+
+   We fixed bug that caused Stat Requests using a Path reference to a mount point in the sharejail to
+   not resolve correctly, when a share using the same mount point to an already deleted resource
+   was still existing.
+
+   https://github.com/owncloud/ocis/issues/7895
+   https://github.com/cs3org/reva/pull/4561
+
+*   Bugfix #4710: Tolerate missing user space index
+
+   We fixed a bug where the spaces for a user were not listed if the user had no space index by user.
+   This happens when a user has the role "User Light" and has been invited to a project space via a
+   group.
+
+   https://github.com/cs3org/reva/pull/4710
+
+*   Bugfix #4632: Fix access to files withing a public link targeting a space root
+
+   We fixed an issue that prevented users from opening documents within a public share that
+   targets a space root.
+
+   https://github.com/owncloud/ocis/issues/8691
+   https://github.com/cs3org/reva/pull/4632/
+
+*   Bugfix #4603: Mask user email in output
+
+   We have fixed a bug where the user email was not masked in the output and the user emails could be
+   enumerated through the sharee search.
+
+   https://github.com/owncloud/ocis/issues/8726
+   https://github.com/cs3org/reva/pull/4603
+
+*   Change #4542: Drop unused service spanning stat cache
+
+   We removed the stat cache shared between gateway and storage providers. It is constantly
+   invalidated and needs a different approach.
+
+   https://github.com/cs3org/reva/pull/4542
+
+*   Enhancement #4712: Add the error translation to the utils
+
+   We've added the error translation from the statusCodeError type to CS3 Status
+
+   https://github.com/owncloud/ocis/issues/9151
+   https://github.com/cs3org/reva/pull/4712
+
+*   Enhancement #4696: Add List method to ocis and s3ng blobstore
+
+   Allow listing blobstores for maintenance
+
+   https://github.com/cs3org/reva/pull/4696
+
+*   Enhancement #4693: Add mimetype for sb3 files
+
+   We've added the matching mimetype for sb3 files
+
+   https://github.com/cs3org/reva/pull/4693
+
+*   Enhancement #4699: Add a Path method to blobstore
+
+   Add a method to get the path of a blob to the ocis and s3ng blobstores.
+
+   https://github.com/cs3org/reva/pull/4699
+
+*   Enhancement #4695: Add photo and image props
+
+   Add `oc:photo` and `oc:image` props to PROPFIND responses for propall requests or when they
+   are explicitly requested.
+
+   https://github.com/cs3org/reva/pull/4695
+   https://github.com/cs3org/reva/pull/4684
+
+*   Enhancement #4706: Add secureview flag when listing apps via http
+
+   To allow clients to see which application supports secure view we add a flag to the http response
+   when the app address matches a configured secure view app address.
+
+   https://github.com/cs3org/reva/pull/4706
+   https://github.com/cs3org/reva/pull/4703
+
+*   Enhancement #4585: Move more consistency checks to the usershare API
+
+   The gateway now checks if there will be at least one space manager remaining before deleting a
+   space member. The legacy ocs based sharing implementaion already does this on its own. But for
+   the future graph based sharing implementation it is better to have the check in a more central
+   place.
+
+   https://github.com/cs3org/reva/pull/4585
+
+*   Enhancement #4702: Added theme capability
+
+   The ocs capabilities now contain a theme capability that exposes theme related configuration
+   options to the clients. As part of this change, the ocs capabilities are now exposed and can be
+   used externally.
+
+   https://github.com/cs3org/reva/pull/4702
+
+*   Enhancement #4672: Add virus filter to list uploads sessions
+
+   Adds a filter for filtering for infected uploads
+
+   https://github.com/cs3org/reva/pull/4672
+
+*   Enhancement #4614: Bump mockery to v2.40.2
+
+   We switched to the latest mockery and changed to .mockery.yaml based mock generation.
+
+   https://github.com/cs3org/reva/pull/4614
+
+*   Enhancement #4621: Use a memory cache for the personal space creation cache
+
+   Memory is a safe default and ensures that superfluous calls to CreateStorageSpace are
+   prevented.
+
+   https://github.com/cs3org/reva/pull/4621
+
+*   Enhancement #4556: Allow tracing requests by giving util functions a context
+
+   We deprecated GetServiceUserContext with GetServiceUserContextWithContext and GetUser
+   with GetUserWithContext to allow passing in a trace context.
+
+   https://github.com/cs3org/reva/pull/4556
+
+*   Enhancement #4694: Expose SecureView in WebDAV permissions
+
+   When a file or folder can be securely viewed we now add an `X` to the permissions.
+
+   https://github.com/cs3org/reva/pull/4694
+
+*   Enhancement #4652: Better error codes when removing a space member
+
+   The gateway returns more specific error codes when removing a space member fails.
+
+   https://github.com/owncloud/ocis/issues/8819
+   https://github.com/cs3org/reva/pull/4652
+
+*   Enhancement #4725: Unique share mountpoint name
+
+   Accepting a received share with a mountpoint name that already exists will now append a unique
+   suffix to the mountpoint name.
+
+   https://github.com/owncloud/ocis/issues/8961
+   https://github.com/cs3org/reva/pull/4725
+   https://github.com/cs3org/reva/pull/4723
+   https://github.com/cs3org/reva/pull/4714
+
+*   Enhancement #4689: Extend service account permissions
+
+   Adds AddGrant permisson
+
+   https://github.com/cs3org/reva/pull/4689
+
+*   Enhancement #4545: Extend service account permissions
+
+   Adds CreateContainer permisson and improves cs3 storage pkg
+
+   https://github.com/cs3org/reva/pull/4545
+
+*   Enhancement #4581: Make decomposedfs more extensible
+
+   We refactored decomposedfs to make it more extensible, e.g. for the posixfs storage driver.
+
+   https://github.com/cs3org/reva/pull/4581
+
+*   Enhancement #4564: Send file locked/unlocked events
+
+   Emit an event when a file is locked or unlocked
+
+   https://github.com/cs3org/reva/pull/4564
+
+*   Enhancement #4730: Improve posixfs storage driver
+
+   Improve the posixfs storage driver by fixing several issues and adding missing features.
+
+   https://github.com/cs3org/reva/pull/4730
+   https://github.com/cs3org/reva/pull/4719
+   https://github.com/cs3org/reva/pull/4708
+   https://github.com/cs3org/reva/pull/4562
+
+*   Enhancement #4587: Allow passing a initiator id
+
+   Allows passing an initiator id on http request as `Initiator-ID` header. It will be passed down
+   though ocis and returned with sse events (clientlog events, as userlog has its own logic)
+
+   https://github.com/cs3org/reva/pull/4587
+
+*   Enhancement #4645: Add ItemID to LinkRemoved
+
+   Add itemID to linkremoved response and event
+
+   https://github.com/cs3org/reva/pull/4645
+
+*   Enhancement #4686: Mint view only token for open in app requests
+
+   When a view only mode is requested for open in app requests the gateway now mints a view only token
+   scoped to the requested resource. This token can be used by trusted app providers to download
+   the resource even if the user has no download permission.
+
+   https://github.com/cs3org/reva/pull/4686
+
+*   Enhancement #4606: Remove resharing
+
+   Removed all code related to resharing
+
+   https://github.com/cs3org/reva/pull/4606
+
+*   Enhancement #4643: Secure viewer share role
+
+   A new share role "Secure viewer" has been added. This role only allows viewing resources, no
+   downloading, editing or deleting.
+
+   https://github.com/cs3org/reva/pull/4643
+
+*   Enhancement #4631: Add space-share-updated event
+
+   This event is triggered when a share on a space root (aka space membership) is changed
+
+   https://github.com/cs3org/reva/pull/4631
+
+*   Enhancement #4685: Support t and x in ACEs
+
+   To support view only shares (dowload forbidden) we added t (read attrs) and x (directory
+   traversal) permissions to the decomposed FS ACEs.
+
+   https://github.com/cs3org/reva/pull/4685
+
+*   Enhancement #4625: Test async processing cornercases
+
+   We added tests to cover several bugs where file metadata or parent treesize might get corrupted
+   when postprocessing errors occur in specific order. For now, the added test cases test the
+   current behavior but contain comments and FIXMEs for the expected behavior.
+
+   https://github.com/cs3org/reva/pull/4625
+
+*   Enhancement #4653: Allow to resolve public shares without the ocs tokeninfo endpoint
+
+   Instead of querying the /v1.php/apps/files_sharing/api/v1/tokeninfo/ endpoint, a client
+   can now resolve public and internal links by sending a PROPFIND request to
+   /dav/public-files/{sharetoken}
+
+   * authenticated clients accessing an internal link are redirected to the "real" resource
+   (`/dav/spaces/{target-resource-id} * authenticated clients are able to resolve public
+   links like before. For password protected links they need to supply the password even if they
+   have access to the underlying resource by other means. * unauthenticated clients accessing an
+   internal link get a 401 returned with WWW-Authenticate set to Bearer (so that the client knows
+   that it need to get a token via the IDP login page. * unauthenticated clients accessing a
+   password protected link get a 401 returned with an error message to indicate the requirement
+   for needing the link's password.
+
+   https://github.com/owncloud/ocis/issues/8858
+   https://github.com/cs3org/reva/pull/4653
+
+*   Enhancement #4657: Add ScanData to Uploadsession
+
+   Adds virus scan results to the upload session.
+
+   https://github.com/cs3org/reva/pull/4657
 
diff --git a/docs/content/en/docs/changelog/2.19.8/_index.md b/docs/content/en/docs/changelog/2.19.8/_index.md
new file mode 100644
index 0000000000..a2643c72e9
--- /dev/null
+++ b/docs/content/en/docs/changelog/2.19.8/_index.md
@@ -0,0 +1,508 @@
+
+---
+title: "v2.19.8"
+linkTitle: "v2.19.8"
+weight: 40
+description: >
+  Changelog for Reva v2.19.8 (2024-06-19)
+---
+
+Changelog for reva 2.19.8 (2024-06-19)
+=======================================
+
+The following sections list the changes in reva 2.19.8 relevant to
+reva users. The changes are ordered by importance.
+
+Summary
+-------
+
+*   Fix #4623: Consistently use spaceid and nodeid in logs
+*   Fix #4584: Prevent copying a file to a parent folder
+*   Fix #4700: Clean empty trash node path on delete
+*   Fix #1002: Disallow illegal filenames filter
+*   Fix #4567: Fix error message in authprovider if user is not found
+*   Fix #4615: Write blob based on session id
+*   Fix #4557: Fix ceph build
+*   Fix #4711: Duplicate headers in DAV responses
+*   Fix #4568: Fix sharing invite on virtual drive
+*   Fix #4559: Fix graph drive invite
+*   Fix #4593: Make initiatorIDs also work on uploads
+*   Fix #4608: Use gateway selector in jsoncs3
+*   Fix #4546: Fix the mount points naming
+*   Fix #4678: Fix nats encoding
+*   Fix #4630: Fix ocm-share-id
+*   Fix #4518: Fix an error when lock/unlock a file
+*   Fix #4622: Fix public share update
+*   Fix #4566: Fix public link previews
+*   Fix #4589: Fix uploading via a public link
+*   Fix #4660: Fix creating documents in nested folders of public shares
+*   Fix #4635: Fix nil pointer when removing groups from space
+*   Fix #4709: Fix share update
+*   Fix #4661: Fix space share update for ocs
+*   Fix #4656: Fix space share update
+*   Fix #4561: Fix Stat() by Path on re-created resource
+*   Fix #4710: Tolerate missing user space index
+*   Fix #4632: Fix access to files withing a public link targeting a space root
+*   Fix #4603: Mask user email in output
+*   Chg #4542: Drop unused service spanning stat cache
+*   Enh #4712: Add the error translation to the utils
+*   Enh #4696: Add List method to ocis and s3ng blobstore
+*   Enh #4693: Add mimetype for sb3 files
+*   Enh #4699: Add a Path method to blobstore
+*   Enh #4695: Add photo and image props
+*   Enh #4706: Add secureview flag when listing apps via http
+*   Enh #4585: Move more consistency checks to the usershare API
+*   Enh #4702: Added theme capability
+*   Enh #4672: Add virus filter to list uploads sessions
+*   Enh #4614: Bump mockery to v2.40.2
+*   Enh #4621: Use a memory cache for the personal space creation cache
+*   Enh #4556: Allow tracing requests by giving util functions a context
+*   Enh #4694: Expose SecureView in WebDAV permissions
+*   Enh #4652: Better error codes when removing a space member
+*   Enh #4725: Unique share mountpoint name
+*   Enh #4689: Extend service account permissions
+*   Enh #4545: Extend service account permissions
+*   Enh #4581: Make decomposedfs more extensible
+*   Enh #4564: Send file locked/unlocked events
+*   Enh #4730: Improve posixfs storage driver
+*   Enh #4587: Allow passing a initiator id
+*   Enh #4645: Add ItemID to LinkRemoved
+*   Enh #4686: Mint view only token for open in app requests
+*   Enh #4606: Remove resharing
+*   Enh #4643: Secure viewer share role
+*   Enh #4631: Add space-share-updated event
+*   Enh #4685: Support t and x in ACEs
+*   Enh #4625: Test async processing cornercases
+*   Enh #4653: Allow to resolve public shares without the ocs tokeninfo endpoint
+*   Enh #4657: Add ScanData to Uploadsession
+
+Details
+-------
+
+*   Bugfix #4623: Consistently use spaceid and nodeid in logs
+
+   Sometimes we tried to log a node which led to a JSON recursion error because it contains a
+   reference to the space root, which references itself. We now always log `spaceid` and
+   `nodeid`.
+
+   https://github.com/cs3org/reva/pull/4623
+
+*   Bugfix #4584: Prevent copying a file to a parent folder
+
+   When copying a file to its parent folder, the file would be copied onto the parent folder, moving
+   the original folder to the trash-bin.
+
+   https://github.com/owncloud/ocis/issues/1230
+   https://github.com/cs3org/reva/pull/4584
+   https://github.com/cs3org/reva/pull/4582
+   https://github.com/cs3org/reva/pull/4571
+
+*   Bugfix #4700: Clean empty trash node path on delete
+
+   We now delete empty directories in the trash when an item is purged or restored. This prevents
+   old empty directories from slowing down the globbing of trash items.
+
+   https://github.com/cs3org/reva/pull/4700
+
+*   Bugfix #1002: Disallow illegal filenames filter
+
+   We have created a validator that checks if a filename is in a list of forbidden filenames. This
+   list is defined in the config file and can be extended by the administrator.
+
+   https://github.com/owncloud/ocis/issues/1002
+
+*   Bugfix #4567: Fix error message in authprovider if user is not found
+
+   https://github.com/cs3org/reva/pull/4567
+
+*   Bugfix #4615: Write blob based on session id
+
+   Decomposedfs now uses the session id and size when moving an uplode to the blobstore. This fixes
+   a cornercase that prevents an upload session from correctly being finished when another
+   upload session to the file was started and already finished.
+
+   https://github.com/cs3org/reva/pull/4615
+
+*   Bugfix #4557: Fix ceph build
+
+   https://github.com/cs3org/reva/pull/4557
+
+*   Bugfix #4711: Duplicate headers in DAV responses
+
+   We fixed an issue where the DAV response headers were duplicated. This was caused by the WebDav
+   handler which copied over all headers from the datagateways response. Now, only the relevant
+   headers are copied over to the DAV response to prevent duplication.
+
+   https://github.com/cs3org/reva/pull/4711
+
+*   Bugfix #4568: Fix sharing invite on virtual drive
+
+   We fixed the issue when sharing of virtual drive with other users was allowed
+
+   https://github.com/owncloud/ocis/issues/8495
+   https://github.com/cs3org/reva/pull/4568
+
+*   Bugfix #4559: Fix graph drive invite
+
+   We fixed the issue when sharing of personal drive is allowed via graph
+
+   https://github.com/owncloud/ocis/issues/8494
+   https://github.com/cs3org/reva/pull/4559
+
+*   Bugfix #4593: Make initiatorIDs also work on uploads
+
+   One needs to pass them on initateupload already.
+
+   https://github.com/cs3org/reva/pull/4593
+
+*   Bugfix #4608: Use gateway selector in jsoncs3
+
+   The jsoncs3 user share manager now uses the gateway selector to get a fresh client before making
+   requests and uses the configured logger from the context.
+
+   https://github.com/cs3org/reva/pull/4608
+
+*   Bugfix #4546: Fix the mount points naming
+
+   We fixed a bug that caused inconsistent naming when multiple users share the resource with same
+   name to another user.
+
+   https://github.com/owncloud/ocis/issues/8471
+   https://github.com/cs3org/reva/pull/4546
+
+*   Bugfix #4678: Fix nats encoding
+
+   Encode nats-js-kv keys. This got lost by a dependency bump.
+
+   https://github.com/cs3org/reva/pull/4678
+
+*   Bugfix #4630: Fix ocm-share-id
+
+   We now use the share id to correctly identify ocm shares.
+
+   https://github.com/cs3org/reva/pull/4630
+
+*   Bugfix #4518: Fix an error when lock/unlock a file
+
+   We fixed a bug when anonymous user with viewer role in public link of a folder can lock/unlock a
+   file inside it
+
+   https://github.com/owncloud/ocis/issues/7785
+   https://github.com/cs3org/reva/pull/4518
+
+*   Bugfix #4622: Fix public share update
+
+   We fixed the permission check for updating public shares. When updating the permissions of a
+   public share while not providing a password, the check must be against the new permissions to
+   take into account that users can opt out only for view permissions.
+
+   https://github.com/cs3org/reva/pull/4622
+
+*   Bugfix #4566: Fix public link previews
+
+   Fixes previews for public links
+
+   https://github.com/cs3org/reva/pull/4566
+
+*   Bugfix #4589: Fix uploading via a public link
+
+   Fix http error when uploading via a public link
+
+   https://github.com/owncloud/ocis/issues/8699
+   https://github.com/cs3org/reva/pull/4589
+
+*   Bugfix #4660: Fix creating documents in nested folders of public shares
+
+   We fixed a bug that prevented creating new documented in a nested folder of a public share.
+
+   https://github.com/owncloud/ocis/issues/8957
+   https://github.com/cs3org/reva/pull/4660
+
+*   Bugfix #4635: Fix nil pointer when removing groups from space
+
+   We fixed the nil pointer when removing groups from space via graph
+
+   https://github.com/owncloud/ocis/issues/8768
+   https://github.com/cs3org/reva/pull/4635
+
+*   Bugfix #4709: Fix share update
+
+   We fixed the response code when the role/permission is empty on the share update
+
+   https://github.com/owncloud/ocis/issues/8747
+   https://github.com/cs3org/reva/pull/4709
+
+*   Bugfix #4661: Fix space share update for ocs
+
+   We fixed the space share update for ocs.
+
+   https://github.com/owncloud/ocis/issues/8905
+   https://github.com/cs3org/reva/pull/4661
+
+*   Bugfix #4656: Fix space share update
+
+   We fixed the permission check for updating the space shares when update an expirationDateTime
+   only.
+
+   https://github.com/owncloud/ocis/issues/8905
+   https://github.com/cs3org/reva/pull/4656
+
+*   Bugfix #4561: Fix Stat() by Path on re-created resource
+
+   We fixed bug that caused Stat Requests using a Path reference to a mount point in the sharejail to
+   not resolve correctly, when a share using the same mount point to an already deleted resource
+   was still existing.
+
+   https://github.com/owncloud/ocis/issues/7895
+   https://github.com/cs3org/reva/pull/4561
+
+*   Bugfix #4710: Tolerate missing user space index
+
+   We fixed a bug where the spaces for a user were not listed if the user had no space index by user.
+   This happens when a user has the role "User Light" and has been invited to a project space via a
+   group.
+
+   https://github.com/cs3org/reva/pull/4710
+
+*   Bugfix #4632: Fix access to files withing a public link targeting a space root
+
+   We fixed an issue that prevented users from opening documents within a public share that
+   targets a space root.
+
+   https://github.com/owncloud/ocis/issues/8691
+   https://github.com/cs3org/reva/pull/4632/
+
+*   Bugfix #4603: Mask user email in output
+
+   We have fixed a bug where the user email was not masked in the output and the user emails could be
+   enumerated through the sharee search.
+
+   https://github.com/owncloud/ocis/issues/8726
+   https://github.com/cs3org/reva/pull/4603
+
+*   Change #4542: Drop unused service spanning stat cache
+
+   We removed the stat cache shared between gateway and storage providers. It is constantly
+   invalidated and needs a different approach.
+
+   https://github.com/cs3org/reva/pull/4542
+
+*   Enhancement #4712: Add the error translation to the utils
+
+   We've added the error translation from the statusCodeError type to CS3 Status
+
+   https://github.com/owncloud/ocis/issues/9151
+   https://github.com/cs3org/reva/pull/4712
+
+*   Enhancement #4696: Add List method to ocis and s3ng blobstore
+
+   Allow listing blobstores for maintenance
+
+   https://github.com/cs3org/reva/pull/4696
+
+*   Enhancement #4693: Add mimetype for sb3 files
+
+   We've added the matching mimetype for sb3 files
+
+   https://github.com/cs3org/reva/pull/4693
+
+*   Enhancement #4699: Add a Path method to blobstore
+
+   Add a method to get the path of a blob to the ocis and s3ng blobstores.
+
+   https://github.com/cs3org/reva/pull/4699
+
+*   Enhancement #4695: Add photo and image props
+
+   Add `oc:photo` and `oc:image` props to PROPFIND responses for propall requests or when they
+   are explicitly requested.
+
+   https://github.com/cs3org/reva/pull/4695
+   https://github.com/cs3org/reva/pull/4684
+
+*   Enhancement #4706: Add secureview flag when listing apps via http
+
+   To allow clients to see which application supports secure view we add a flag to the http response
+   when the app address matches a configured secure view app address.
+
+   https://github.com/cs3org/reva/pull/4706
+   https://github.com/cs3org/reva/pull/4703
+
+*   Enhancement #4585: Move more consistency checks to the usershare API
+
+   The gateway now checks if there will be at least one space manager remaining before deleting a
+   space member. The legacy ocs based sharing implementaion already does this on its own. But for
+   the future graph based sharing implementation it is better to have the check in a more central
+   place.
+
+   https://github.com/cs3org/reva/pull/4585
+
+*   Enhancement #4702: Added theme capability
+
+   The ocs capabilities now contain a theme capability that exposes theme related configuration
+   options to the clients. As part of this change, the ocs capabilities are now exposed and can be
+   used externally.
+
+   https://github.com/cs3org/reva/pull/4702
+
+*   Enhancement #4672: Add virus filter to list uploads sessions
+
+   Adds a filter for filtering for infected uploads
+
+   https://github.com/cs3org/reva/pull/4672
+
+*   Enhancement #4614: Bump mockery to v2.40.2
+
+   We switched to the latest mockery and changed to .mockery.yaml based mock generation.
+
+   https://github.com/cs3org/reva/pull/4614
+
+*   Enhancement #4621: Use a memory cache for the personal space creation cache
+
+   Memory is a safe default and ensures that superfluous calls to CreateStorageSpace are
+   prevented.
+
+   https://github.com/cs3org/reva/pull/4621
+
+*   Enhancement #4556: Allow tracing requests by giving util functions a context
+
+   We deprecated GetServiceUserContext with GetServiceUserContextWithContext and GetUser
+   with GetUserWithContext to allow passing in a trace context.
+
+   https://github.com/cs3org/reva/pull/4556
+
+*   Enhancement #4694: Expose SecureView in WebDAV permissions
+
+   When a file or folder can be securely viewed we now add an `X` to the permissions.
+
+   https://github.com/cs3org/reva/pull/4694
+
+*   Enhancement #4652: Better error codes when removing a space member
+
+   The gateway returns more specific error codes when removing a space member fails.
+
+   https://github.com/owncloud/ocis/issues/8819
+   https://github.com/cs3org/reva/pull/4652
+
+*   Enhancement #4725: Unique share mountpoint name
+
+   Accepting a received share with a mountpoint name that already exists will now append a unique
+   suffix to the mountpoint name.
+
+   https://github.com/owncloud/ocis/issues/8961
+   https://github.com/cs3org/reva/pull/4725
+   https://github.com/cs3org/reva/pull/4723
+   https://github.com/cs3org/reva/pull/4714
+
+*   Enhancement #4689: Extend service account permissions
+
+   Adds AddGrant permisson
+
+   https://github.com/cs3org/reva/pull/4689
+
+*   Enhancement #4545: Extend service account permissions
+
+   Adds CreateContainer permisson and improves cs3 storage pkg
+
+   https://github.com/cs3org/reva/pull/4545
+
+*   Enhancement #4581: Make decomposedfs more extensible
+
+   We refactored decomposedfs to make it more extensible, e.g. for the posixfs storage driver.
+
+   https://github.com/cs3org/reva/pull/4581
+
+*   Enhancement #4564: Send file locked/unlocked events
+
+   Emit an event when a file is locked or unlocked
+
+   https://github.com/cs3org/reva/pull/4564
+
+*   Enhancement #4730: Improve posixfs storage driver
+
+   Improve the posixfs storage driver by fixing several issues and adding missing features.
+
+   https://github.com/cs3org/reva/pull/4730
+   https://github.com/cs3org/reva/pull/4719
+   https://github.com/cs3org/reva/pull/4708
+   https://github.com/cs3org/reva/pull/4562
+
+*   Enhancement #4587: Allow passing a initiator id
+
+   Allows passing an initiator id on http request as `Initiator-ID` header. It will be passed down
+   though ocis and returned with sse events (clientlog events, as userlog has its own logic)
+
+   https://github.com/cs3org/reva/pull/4587
+
+*   Enhancement #4645: Add ItemID to LinkRemoved
+
+   Add itemID to linkremoved response and event
+
+   https://github.com/cs3org/reva/pull/4645
+
+*   Enhancement #4686: Mint view only token for open in app requests
+
+   When a view only mode is requested for open in app requests the gateway now mints a view only token
+   scoped to the requested resource. This token can be used by trusted app providers to download
+   the resource even if the user has no download permission.
+
+   https://github.com/cs3org/reva/pull/4686
+
+*   Enhancement #4606: Remove resharing
+
+   Removed all code related to resharing
+
+   https://github.com/cs3org/reva/pull/4606
+
+*   Enhancement #4643: Secure viewer share role
+
+   A new share role "Secure viewer" has been added. This role only allows viewing resources, no
+   downloading, editing or deleting.
+
+   https://github.com/cs3org/reva/pull/4643
+
+*   Enhancement #4631: Add space-share-updated event
+
+   This event is triggered when a share on a space root (aka space membership) is changed
+
+   https://github.com/cs3org/reva/pull/4631
+
+*   Enhancement #4685: Support t and x in ACEs
+
+   To support view only shares (dowload forbidden) we added t (read attrs) and x (directory
+   traversal) permissions to the decomposed FS ACEs.
+
+   https://github.com/cs3org/reva/pull/4685
+
+*   Enhancement #4625: Test async processing cornercases
+
+   We added tests to cover several bugs where file metadata or parent treesize might get corrupted
+   when postprocessing errors occur in specific order. For now, the added test cases test the
+   current behavior but contain comments and FIXMEs for the expected behavior.
+
+   https://github.com/cs3org/reva/pull/4625
+
+*   Enhancement #4653: Allow to resolve public shares without the ocs tokeninfo endpoint
+
+   Instead of querying the /v1.php/apps/files_sharing/api/v1/tokeninfo/ endpoint, a client
+   can now resolve public and internal links by sending a PROPFIND request to
+   /dav/public-files/{sharetoken}
+
+   * authenticated clients accessing an internal link are redirected to the "real" resource
+   (`/dav/spaces/{target-resource-id} * authenticated clients are able to resolve public
+   links like before. For password protected links they need to supply the password even if they
+   have access to the underlying resource by other means. * unauthenticated clients accessing an
+   internal link get a 401 returned with WWW-Authenticate set to Bearer (so that the client knows
+   that it need to get a token via the IDP login page. * unauthenticated clients accessing a
+   password protected link get a 401 returned with an error message to indicate the requirement
+   for needing the link's password.
+
+   https://github.com/owncloud/ocis/issues/8858
+   https://github.com/cs3org/reva/pull/4653
+
+*   Enhancement #4657: Add ScanData to Uploadsession
+
+   Adds virus scan results to the upload session.
+
+   https://github.com/cs3org/reva/pull/4657
+
diff --git a/docs/content/en/docs/config/grpc/services/storageprovider/_index.md b/docs/content/en/docs/config/grpc/services/storageprovider/_index.md
index cf26624027..fe6e717d5f 100644
--- a/docs/content/en/docs/config/grpc/services/storageprovider/_index.md
+++ b/docs/content/en/docs/config/grpc/services/storageprovider/_index.md
@@ -9,7 +9,7 @@ description: >
 # _struct: config_
 
 {{% dir name="driver" type="string" default="localhome" %}}
-The storage driver to be used. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L62)
+The storage driver to be used. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L63)
 {{< highlight toml >}}
 [grpc.services.storageprovider]
 driver = "localhome"
@@ -17,7 +17,7 @@ driver = "localhome"
 {{% /dir %}}
 
 {{% dir name="drivers" type="map[string]map[string]interface{}" default="localhome" %}}
- [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L63)
+ [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L64)
 {{< highlight toml >}}
 [grpc.services.storageprovider.drivers.localhome]
 root = "/var/tmp/reva/"
@@ -28,7 +28,7 @@ user_layout = "{{.Username}}"
 {{% /dir %}}
 
 {{% dir name="data_server_url" type="string" default="http://localhost/data" %}}
-The URL for the data server. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L64)
+The URL for the data server. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L65)
 {{< highlight toml >}}
 [grpc.services.storageprovider]
 data_server_url = "http://localhost/data"
@@ -36,7 +36,7 @@ data_server_url = "http://localhost/data"
 {{% /dir %}}
 
 {{% dir name="expose_data_server" type="bool" default=false %}}
-Whether to expose data server. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L65)
+Whether to expose data server. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L66)
 {{< highlight toml >}}
 [grpc.services.storageprovider]
 expose_data_server = false
@@ -44,7 +44,7 @@ expose_data_server = false
 {{% /dir %}}
 
 {{% dir name="available_checksums" type="map[string]uint32" default=nil %}}
-List of available checksums. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L66)
+List of available checksums. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L67)
 {{< highlight toml >}}
 [grpc.services.storageprovider]
 available_checksums = nil
@@ -52,7 +52,7 @@ available_checksums = nil
 {{% /dir %}}
 
 {{% dir name="custom_mimetypes_json" type="string" default="nil" %}}
-An optional mapping file with the list of supported custom file extensions and corresponding mime types. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L67)
+An optional mapping file with the list of supported custom file extensions and corresponding mime types. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L68)
 {{< highlight toml >}}
 [grpc.services.storageprovider]
 custom_mimetypes_json = "nil"
@@ -60,7 +60,7 @@ custom_mimetypes_json = "nil"
 {{% /dir %}}
 
 {{% dir name="upload_expiration" type="int64" default=0 %}}
-Duration for how long uploads will be valid. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L69)
+Duration for how long uploads will be valid. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L70)
 {{< highlight toml >}}
 [grpc.services.storageprovider]
 upload_expiration = 0
@@ -68,7 +68,7 @@ upload_expiration = 0
 {{% /dir %}}
 
 {{% dir name="events" type="eventconfig" default=0 %}}
-Event stream configuration [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L70)
+Event stream configuration [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L71)
 {{< highlight toml >}}
 [grpc.services.storageprovider]
 events = 0
@@ -78,7 +78,7 @@ events = 0
 # _struct: eventconfig_
 
 {{% dir name="nats_address" type="string" default="address of the nats server" %}}
- [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L74)
+ [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L75)
 {{< highlight toml >}}
 [grpc.services.storageprovider]
 nats_address = "address of the nats server"
@@ -86,7 +86,7 @@ nats_address = "address of the nats server"
 {{% /dir %}}
 
 {{% dir name="nats_clusterid" type="string" default="clusterid of the nats server" %}}
- [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L75)
+ [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L76)
 {{< highlight toml >}}
 [grpc.services.storageprovider]
 nats_clusterid = "clusterid of the nats server"
@@ -94,7 +94,7 @@ nats_clusterid = "clusterid of the nats server"
 {{% /dir %}}
 
 {{% dir name="tls_insecure" type="bool" default=Whether to verify the server TLS certificates. %}}
- [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L76)
+ [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L77)
 {{< highlight toml >}}
 [grpc.services.storageprovider]
 tls_insecure = Whether to verify the server TLS certificates.
@@ -102,7 +102,7 @@ tls_insecure = Whether to verify the server TLS certificates.
 {{% /dir %}}
 
 {{% dir name="tls_root_ca_cert" type="string" default="The root CA certificate used to validate the server's TLS certificate." %}}
- [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L77)
+ [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L78)
 {{< highlight toml >}}
 [grpc.services.storageprovider]
 tls_root_ca_cert = "The root CA certificate used to validate the server's TLS certificate."
@@ -110,7 +110,7 @@ tls_root_ca_cert = "The root CA certificate used to validate the server's TLS ce
 {{% /dir %}}
 
 {{% dir name="nats_enable_tls" type="bool" default=events tls switch %}}
- [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L78)
+ [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L79)
 {{< highlight toml >}}
 [grpc.services.storageprovider]
 nats_enable_tls = events tls switch
@@ -118,7 +118,7 @@ nats_enable_tls = events tls switch
 {{% /dir %}}
 
 {{% dir name="nats_username" type="string" default="event stream username" %}}
- [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L79)
+ [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L80)
 {{< highlight toml >}}
 [grpc.services.storageprovider]
 nats_username = "event stream username"
@@ -126,7 +126,7 @@ nats_username = "event stream username"
 {{% /dir %}}
 
 {{% dir name="nats_password" type="string" default="event stream password" %}}
- [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L80)
+ [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/storageprovider/storageprovider.go#L81)
 {{< highlight toml >}}
 [grpc.services.storageprovider]
 nats_password = "event stream password"