chore: update changelog

[owncloud-calens-bot]

Automated changelog update via Calens. This pull request is updated on each push to master — merging it will close it and a fresh one will be opened on the next change.

[update-docs]

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

[DeepDiver1975]

Code Review — chore: update changelog

Automated changelog update from the Calens bot. Adds the #41574 subadmin email fix entry to both the Summary and Details sections of CHANGELOG.md.

Verdict: Ready to merge. Automated changelog PR — no code review required.

[DeepDiver1975]

Code Review — chore: update changelog (updated)

Automated changelog update from the Calens bot. Now includes entries for #41574 (subadmin email fix), #41597 (PHP8 messages), and #41599 (federation subdirectories). Minor: the Details section capitalises "Mydomain.com/cloud" — cosmetic only, not blocking.

Verdict: Ready to merge.

[phil-davis]

Note: when we have more CI workflows running, it might be worth investigating how to skip all the unit and acceptance test workflows for these changelog PRs.

[DeepDiver1975]

Automated changelog update via Calens — adds four new bugfix entries to CHANGELOG.md:

• htaccess RewriteBase fix for API requests blocked by file extension (#41418)
• Subadmin email change updating caller instead of target (#41574)
• PHP 8 deprecation notices in encryption storage and federation (#41597)
• Federation with subdirectory-installed servers (#41599)

All entries follow the existing format and the descriptions are accurate and well-written. No concerns — this is a pure documentation update, safe to merge.

[DeepDiver1975]

Automated Calens changelog update — same four bugfix entries as the previous revision, no new content added. Pure documentation update, safe to merge.

[DeepDiver1975]

Automated Calens changelog update — same four bugfix entries as prior revisions, no new content. Pure documentation update, safe to merge.

[DeepDiver1975]

Automated Calens changelog update — same four bugfix entries as prior revisions, no new content. Pure documentation update, safe to merge.

[DeepDiver1975]

Automated Calens changelog update — same four bugfix entries as prior revisions, no new content. Pure documentation update, safe to merge.

[DeepDiver1975]

Automated Calens changelog update. This revision adds the same four prior bugfix entries plus an expanded PHP dependency update list under "Update PHP dependencies" (#41450 et al.), including new bumps for google/apiclient-services, google/auth, guzzlehttp/guzzle, phpseclib/phpseclib, several symfony packages, and sabre/event/sabre/vobject. All entries follow the established format. Pure documentation update — safe to merge.

[DeepDiver1975]

Code Review

Automated changelog update adding 5 new bugfix entries and additional PHP dependency bumps to the next-release section.

New bugfix entries:

• #41418 — htaccess RewriteBase fix: replaces extension-based URI condition with !-f filesystem check, fixing 405 Method Not Allowed on API calls to paths ending in file extensions (e.g. /api/v1/files/photo.jpg). Well-explained entry.
• #41574 — Subadmin email change: verification token was associated with the caller instead of the target user. Clear description of the bug and fix.
• #41597 — PHP 8 compatibility: array offset on false in encryption wrapper, null to normalizeUrl in federation DbHandler.
• #41599 — Federation subdirectory support: server health checks failed when the federated server was installed at a sub-path.
• #41616 — JS test isolation: Jasmine 5 random ordering exposed shared singleton state leaks in fileactionsmenuSpec, files_sharing/appSpec, and two systemtags specs.

Dependency updates: Additional Symfony packages (console, process, routing, string, translation, translation-contracts), sabre/event, phpseclib (3.0.49 → 3.0.53), guzzle (7.11.0 → 7.11.1), google/apiclient-services (0.441.1 → 0.444.0), google/auth (1.50.1 → 1.51.0). All routine version bumps.

No issues.

[DeepDiver1975]

Code Review

Automated changelog update. Since the previous review, one new bugfix entry has been added:

• #41608 — Remove owncloud.com/federation link from federated cloud settings: explains that the "Add to your website" badge was linking to https://owncloud.com/federation# which no longer resolves after the site restructure, and that the Cloud ID is now shown directly.

The dependency update section is unchanged from the prior iteration. No issues.

[DeepDiver1975]

Code Review

Automated changelog update. Two new entries since the prior review:

• Security #41586 — Prevent user enumeration via differential password reset UI: promoted to a Security entry (previously listed as Bugfix in the last iteration). The description accurately explains the enumeration vector and the fix.
• Bugfix #41364 / #41617 — Add missing space to mail footer signature delimiter: new entry documenting the -- RFC 3676 fix, with both the issue and PR linked.

All previously reviewed entries are unchanged. No issues.

[DeepDiver1975]

Code Review

Automated changelog update. One new entry since the prior review:

• Security #41585 — Sanitize storage connection error messages returned to clients: added alongside the existing #41586 user enumeration entry, correctly categorised as Security. Description accurately describes the SSRF oracle vector and the server-side logging fix.

All previously reviewed entries are unchanged. No issues.