ocm fixes

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
2025-12-25 15:19:48 -05:00 · 2025-11-28 15:10:40 +01:00
110 changed files with 464 additions and 1228 deletions
--- a/.make/go.mk
+++ b/.make/go.mk
@@ -36,18 +36,8 @@ ifndef DATE
 	DATE := $(shell date -u '+%Y%m%d')
 endif

-LDFLAGS += -X google.golang.org/protobuf/reflect/protoregistry.conflictPolicy=warn -s -w \
-	-X "$(OC_REPO)/pkg/version.Edition=$(EDITION)" \
-	-X "$(OC_REPO)/pkg/version.String=$(STRING)" \
-	-X "$(OC_REPO)/pkg/version.Tag=$(VERSION)" \
-	-X "$(OC_REPO)/pkg/version.Date=$(DATE)"
-
-DEBUG_LDFLAGS += -X google.golang.org/protobuf/reflect/protoregistry.conflictPolicy=warn \
-	-X "$(OC_REPO)/pkg/version.Edition=$(EDITION)" \
-	-X "$(OC_REPO)/pkg/version.String=$(STRING)" \
-	-X "$(OC_REPO)/pkg/version.Tag=$(VERSION)" \
-	-X "$(OC_REPO)/pkg/version.Date=$(DATE)"
-
+LDFLAGS += -X google.golang.org/protobuf/reflect/protoregistry.conflictPolicy=warn -s -w -X "$(OC_REPO)/pkg/version.String=$(STRING)" -X "$(OC_REPO)/pkg/version.Tag=$(VERSION)" -X "$(OC_REPO)/pkg/version.Date=$(DATE)"
+DEBUG_LDFLAGS += -X google.golang.org/protobuf/reflect/protoregistry.conflictPolicy=warn -X "$(OC_REPO)/pkg/version.String=$(STRING)" -X "$(OC_REPO)/pkg/version.Tag=$(VERSION)" -X "$(OC_REPO)/pkg/version.Date=$(DATE)"
 DOCKER_LDFLAGS += -X "$(OC_REPO)/pkg/config/defaults.BaseDataPathType=path" -X "$(OC_REPO)/pkg/config/defaults.BaseDataPathValue=/var/lib/opencloud"
 DOCKER_LDFLAGS += -X "$(OC_REPO)/pkg/config/defaults.BaseConfigPathType=path" -X "$(OC_REPO)/pkg/config/defaults.BaseConfigPathValue=/etc/opencloud"

--- a/.woodpecker.env
+++ b/.woodpecker.env
@@ -1,4 +1,4 @@
 # The test runner source for UI tests
-WEB_COMMITID=50e3fff6a518361d59cba864a927470f313b6f91
+WEB_COMMITID=3d7367cfb1abe288d0fc0b0b1cc494a7747bcaf6
 WEB_BRANCH=stable-4.2

--- a/.woodpecker.star
+++ b/.woodpecker.star
@@ -18,7 +18,7 @@ OC_CI_ALPINE = "owncloudci/alpine:latest"
 OC_CI_BAZEL_BUILDIFIER = "owncloudci/bazel-buildifier:latest"
 OC_CI_CLAMAVD = "owncloudci/clamavd"
 OC_CI_DRONE_ANSIBLE = "owncloudci/drone-ansible:latest"
-OC_CI_GOLANG = "registry.heinlein.group/opencloud/golang-ci:1.25"
+OC_CI_GOLANG = "docker.io/golang:1.24"
 OC_CI_NODEJS = "owncloudci/nodejs:%s"
 OC_CI_PHP = "owncloudci/php:%s"
 OC_CI_WAIT_FOR = "owncloudci/wait-for:latest"
@@ -27,7 +27,6 @@ OC_LITMUS = "owncloudci/litmus:latest"
 OC_UBUNTU = "owncloud/ubuntu:20.04"
 ONLYOFFICE_DOCUMENT_SERVER = "onlyoffice/documentserver:7.5.1"
 PLUGINS_DOCKER_BUILDX = "woodpeckerci/plugin-docker-buildx:latest"
-PLUGINS_NOTATION = "registry.heinlein.group/opencloud/notation-wp-plugin:latest"
 PLUGINS_GITHUB_RELEASE = "woodpeckerci/plugin-release"
 PLUGINS_GIT_ACTION = "quay.io/thegeeklab/wp-git-action"
 PLUGINS_S3 = "plugins/s3:1"
@@ -41,6 +40,7 @@ DEFAULT_PHP_VERSION = "8.2"
 DEFAULT_NODEJS_VERSION = "20"

 CACHE_S3_SERVER = "https://s3.ci.opencloud.eu"
+INSTALL_LIBVIPS_COMMAND = "apt-get update; apt-get install libvips42 -y"

 dirs = {
    "base": "/woodpecker/src/github.com/opencloud-eu/opencloud",
@@ -74,11 +74,11 @@ OC_FED_DOMAIN = "%s:10200" % FED_OC_SERVER_NAME
 event = {
    "base": {
        "event": ["push", "manual"],
-        "branch": "stable-*",
+        "branch": "main",
    },
    "cron": {
        "event": "cron",
-        "branch": "stable-*",
+        "branch": "main",
    },
    "pull_request": {
        "event": "pull_request",
@@ -387,7 +387,7 @@ config = {
        "architectures": ["arm64", "amd64"],
        "production": {
            # NOTE: need to be updated if new production releases are determined
-            "tags": ["2.0", "4.0"],
+            "tags": ["2.0"],
            "repo": docker_repo_slug,
            "build_type": "production",
        },
@@ -479,10 +479,6 @@ def main(ctx):
    if ctx.build.event == "cron" and ctx.build.sender == "translation-sync":
        return translation_sync(ctx)

-    is_release_pr = (ctx.build.event == "pull_request" and ctx.build.sender == "openclouders" and "🎉 release" in ctx.build.title.lower())
-    if is_release_pr:
-        return [licenseCheck(ctx)]
-
    build_release_helpers = \
        readyReleaseGo()

@@ -709,7 +705,7 @@ def restoreGoBinCache():
            "name": "extract-go-bin-cache",
            "image": OC_UBUNTU,
            "commands": [
-                "tar -xvmf %s -C /" % dirs["gobinTarPath"],
+                "tar -xmf %s -C /" % dirs["gobinTarPath"],
            ],
        },
    ]
@@ -1656,18 +1652,17 @@ def dockerRelease(ctx, repo, build_type):
    build_args = {
        "REVISION": "%s" % ctx.build.commit,
        "VERSION": "%s" % (ctx.build.ref.replace("refs/tags/", "") if ctx.build.event == "tag" else "daily"),
-        "EDITION": "stable" if build_type == "production" else "rolling",
    }

    # if no additional tag is given, the build-plugin adds latest
    hard_tag = "daily"
    if ctx.build.event == "tag":
-        tag_version = ctx.build.ref.replace("refs/tags/v", "")
+        tag_version = ctx.build.ref.replace("refs/tags/", "")
        tag_parts = tag_version.split("-")

        # if a tag has something appended with "-" i.e. alpha, beta, rc1...
-        # set the entire string as tag, else tag with latest (same as empty with current plugin)
-        hard_tag = tag_version if len(tag_parts) > 1 else "latest"
+        # set the entire string as tag, else leave empty to autotag with latest
+        hard_tag = tag_version if len(tag_parts) > 1 else ""

    depends_on = getPipelineNames(getGoBinForTesting(ctx))

@@ -1756,36 +1751,6 @@ def dockerRelease(ctx, repo, build_type):
                    event["tag"],
                ],
            },
-            {
-                "name": "notation-signing",
-                "image": PLUGINS_NOTATION,
-                "settings": {
-                    "key": {
-                        "from_secret": "notation_key",
-                    },
-                    "crt": {
-                        "from_secret": "notation_cert",
-                    },
-                    "target": "registry.heinlein.group/%s:%s" % (repo, hard_tag),
-                    "pull_image": True,
-                    "logins": [
-                        {
-                            "registry": "https://registry.heinlein.group",
-                            "username": {
-                                "from_secret": "harbor_opencloudeu_user",
-                            },
-                            "password": {
-                                "from_secret": "harbor_opencloudeu_password",
-                            },
-                        },
-                    ],
-                },
-                "when": [
-                    event["cron"],
-                    event["base"],
-                    event["tag"],
-                ],
-            },
        ],
        "depends_on": depends_on,
        "when": [
@@ -1820,7 +1785,6 @@ def binaryRelease(ctx, arch, depends_on = []):
                "image": OC_CI_GOLANG,
                "environment": {
                    "VERSION": (ctx.build.ref.replace("refs/tags/", "") if ctx.build.event == "tag" else "daily"),
-                    "EDITION": "rolling",
                    "HTTP_PROXY": {
                        "from_secret": "ci_http_proxy",
                    },
@@ -1953,7 +1917,6 @@ def readyReleaseGo():
                "image": READY_RELEASE_GO,
                "settings": {
                    "git_email": "devops@opencloud.eu",
-                    "release_branch": "stable-4.0",
                    "forge_type": "github",
                    "forge_token": {
                        "from_secret": "github_token",
@@ -2067,9 +2030,7 @@ def notifyMatrix(ctx):
                    },
                    "QA_REPO": "https://github.com/opencloud-eu/qa.git",
                    "QA_REPO_BRANCH": "main",
-                    "CI_WOODPECKER_URL": {
-                        "from_secret": "oc_ci_url",
-                    },
+                    "CI_WOODPECKER_URL": "https://ci.opencloud.eu/",
                    "CI_REPO_ID": "3",
                    "CI_WOODPECKER_TOKEN": "no-auth-needed-on-this-repo",
                },
@@ -2231,6 +2192,9 @@ def opencloudServer(storage = "decomposed", accounts_hash_difficulty = 4, depend
            },
        },
        "commands": [
+            "apt-get update",
+            "apt-get install -y inotify-tools xattr",
+            INSTALL_LIBVIPS_COMMAND,
            "%s init --insecure true" % dirs["opencloudBin"],
            "cat $OC_CONFIG_DIR/opencloud.yaml",
            "cp tests/config/woodpecker/app-registry.yaml $OC_CONFIG_DIR/app-registry.yaml",
@@ -2274,6 +2238,7 @@ def startOpenCloudService(service = None, name = None, environment = {}):
            "detach": True,
            "environment": environment,
            "commands": [
+                INSTALL_LIBVIPS_COMMAND,
                "%s %s server" % (dirs["opencloudBin"], service),
            ],
        },
@@ -2299,6 +2264,7 @@ def build():
            "name": "build",
            "image": OC_CI_GOLANG,
            "commands": [
+                "apt-get update; apt-get install libvips-dev -y",
                "for i in $(seq 3); do make -C opencloud build ENABLE_VIPS=1 && break || sleep 1; done",
            ],
            "environment": CI_HTTP_PROXY_ENV,
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,96 +1,5 @@
 # Changelog

-## [4.0.1](https://github.com/opencloud-eu/opencloud/releases/tag/v4.0.1) - 2025-12-15
-
-### ❤️ Thanks to all contributors! ❤️
-
-@ScharfViktor, @fschade, @kulmann, @micbar, @prashant-gurung899
-
-### ✅ Tests
-
- [stable-4.0] Port #2011 [[#2018](https://github.com/opencloud-eu/opencloud/pull/2018)]
-
-### 🐛 Bug Fixes
-
- [stable-4.0] fix: build time edition channels #2001 [[#2010](https://github.com/opencloud-eu/opencloud/pull/2010)]
- [stable-4.0] fix: enforce trailing slash for server url [[#2002](https://github.com/opencloud-eu/opencloud/pull/2002)]
- [stable-4.0] fix: enhance resource creation with detailed process information (#1978) [[#2000](https://github.com/opencloud-eu/opencloud/pull/2000)]
-
-## [4.0.0](https://github.com/opencloud-eu/opencloud/releases/tag/v4.0.0) - 2025-12-01
-
-### ❤️ Thanks to all contributors! ❤️
-
-@AlexAndBear, @MahdiBaghbani, @ScharfViktor, @butonic, @dragonchaser, @flimmy, @fschade, @individual-it, @jnweiger, @kulmann, @micbar, @mikelolasagasti, @pbleser-oc, @rhafer, @schweigisito
-
-### 💥 Breaking changes
-
- collaboration: Enable `InsertRemoteImage` option [[#1692](https://github.com/opencloud-eu/opencloud/pull/1692)]
-
-### 📚 Documentation
-
- Fix typos in antivirus README documentation [[#1940](https://github.com/opencloud-eu/opencloud/pull/1940)]
- fix: add missing service README.md files with basic description [[#1859](https://github.com/opencloud-eu/opencloud/pull/1859)]
- Fix README.md files which contain broken or missing links [[#1854](https://github.com/opencloud-eu/opencloud/pull/1854)]
-
-### 🐛 Bug Fixes
-
- introduce OC_EVENTS_TLS_INSECURE [[#1936](https://github.com/opencloud-eu/opencloud/pull/1936)]
- kill unused env vars [[#1888](https://github.com/opencloud-eu/opencloud/pull/1888)]
- rc-handling was only active for the dryrun, not the real build-and-push [[#1919](https://github.com/opencloud-eu/opencloud/pull/1919)]
- handle objectguid endianess [[#1901](https://github.com/opencloud-eu/opencloud/pull/1901)]
- fix: add update server to default csp rules [[#1875](https://github.com/opencloud-eu/opencloud/pull/1875)]
- fix: add missing capability flag support-radicale [[#1891](https://github.com/opencloud-eu/opencloud/pull/1891)]
- fix opensearch client certificate [[#1890](https://github.com/opencloud-eu/opencloud/pull/1890)]
- Bump reva [[#1882](https://github.com/opencloud-eu/opencloud/pull/1882)]
- load two yaml configs [[#1617](https://github.com/opencloud-eu/opencloud/pull/1617)]
- make user cache tenant aware [[#1732](https://github.com/opencloud-eu/opencloud/pull/1732)]
- fix: sanitise markdow code to make docusaurus happy [[#1851](https://github.com/opencloud-eu/opencloud/pull/1851)]
- update launch.json [[#1843](https://github.com/opencloud-eu/opencloud/pull/1843)]
- docs: Fix auth-app examples in README [[#1844](https://github.com/opencloud-eu/opencloud/pull/1844)]
- fix: fix typo in treesize logging [[#1826](https://github.com/opencloud-eu/opencloud/pull/1826)]
- fix: set global signing secret fallback correctly [[#1781](https://github.com/opencloud-eu/opencloud/pull/1781)]
-
-### 📈 Enhancement
-
- feat(ocm): add WAYF configuration for reva OCM service [[#1714](https://github.com/opencloud-eu/opencloud/pull/1714)]
- log missing name or id attributes [[#1914](https://github.com/opencloud-eu/opencloud/pull/1914)]
- collabora: Set IsAdminUser and IsAnonymousUser in CheckFileInfo [[#1745](https://github.com/opencloud-eu/opencloud/pull/1745)]
-
-### ✅ Tests
-
- [full-ci] disable running ci with watch fs when full-ci [[#1902](https://github.com/opencloud-eu/opencloud/pull/1902)]
- api-tests: delete spaces before users [[#1877](https://github.com/opencloud-eu/opencloud/pull/1877)]
- update tika version [[#1872](https://github.com/opencloud-eu/opencloud/pull/1872)]
- add share sync to collaborativePosix suite [[#1806](https://github.com/opencloud-eu/opencloud/pull/1806)]
- removed test virus files from repo [[#1812](https://github.com/opencloud-eu/opencloud/pull/1812)]
- increase timeouts waiting for notification & search [[#1802](https://github.com/opencloud-eu/opencloud/pull/1802)]
- Sync share before action [[#1795](https://github.com/opencloud-eu/opencloud/pull/1795)]
- correct STORAGE_USERS_POSIX_WATCH_FS env typo in CI [[#1746](https://github.com/opencloud-eu/opencloud/pull/1746)]
-
-### 📦️ Dependencies
-
- [full-ci] revaBump-v2.40.1 [[#1927](https://github.com/opencloud-eu/opencloud/pull/1927)]
- [full-ci] chore: bump web to v4.2.1 [[#1938](https://github.com/opencloud-eu/opencloud/pull/1938)]
- build(deps): bump google.golang.org/grpc from 1.76.0 to 1.77.0 [[#1923](https://github.com/opencloud-eu/opencloud/pull/1923)]
- build(deps): bump github.com/nats-io/nats-server/v2 from 2.12.1 to 2.12.2 [[#1922](https://github.com/opencloud-eu/opencloud/pull/1922)]
- build(deps): bump github.com/kovidgoyal/imaging from 1.7.2 to 1.8.17 [[#1912](https://github.com/opencloud-eu/opencloud/pull/1912)]
- build(deps): bump golang.org/x/crypto from 0.44.0 to 0.45.0 [[#1911](https://github.com/opencloud-eu/opencloud/pull/1911)]
- [decomposed]Update version 4.0.0 rc.2 [[#1917](https://github.com/opencloud-eu/opencloud/pull/1917)]
- chore: bump web to v4.2.1-rc.1 [[#1900](https://github.com/opencloud-eu/opencloud/pull/1900)]
- revaBump-getting#428 [[#1887](https://github.com/opencloud-eu/opencloud/pull/1887)]
- build(deps): bump github.com/blevesearch/bleve/v2 from 2.5.4 to 2.5.5 [[#1884](https://github.com/opencloud-eu/opencloud/pull/1884)]
- build(deps): bump github.com/olekukonko/tablewriter from 1.1.0 to 1.1.1 [[#1869](https://github.com/opencloud-eu/opencloud/pull/1869)]
- build(deps): bump golang.org/x/term from 0.36.0 to 0.37.0 [[#1845](https://github.com/opencloud-eu/opencloud/pull/1845)]
- reva-bump-2.39.2. update opencloud 4.0.0-rc.1 [[#1849](https://github.com/opencloud-eu/opencloud/pull/1849)]
- build(deps): bump golang.org/x/sync from 0.17.0 to 0.18.0 [[#1836](https://github.com/opencloud-eu/opencloud/pull/1836)]
- build(deps): bump golang.org/x/oauth2 from 0.32.0 to 0.33.0 [[#1828](https://github.com/opencloud-eu/opencloud/pull/1828)]
- build(deps): bump github.com/KimMachineGun/automemlimit from 0.7.4 to 0.7.5 [[#1787](https://github.com/opencloud-eu/opencloud/pull/1787)]
- build(deps): bump github.com/open-policy-agent/opa from 1.9.0 to 1.10.1 [[#1788](https://github.com/opencloud-eu/opencloud/pull/1788)]
- Bump reva [[#1786](https://github.com/opencloud-eu/opencloud/pull/1786)]
- build(deps): bump github.com/gabriel-vasile/mimetype from 1.4.10 to 1.4.11 [[#1775](https://github.com/opencloud-eu/opencloud/pull/1775)]
- build(deps): bump github.com/nats-io/nats-server/v2 from 2.12.0 to 2.12.1 [[#1706](https://github.com/opencloud-eu/opencloud/pull/1706)]
- build(deps): bump github.com/onsi/ginkgo/v2 from 2.27.1 to 2.27.2 [[#1754](https://github.com/opencloud-eu/opencloud/pull/1754)]
-
 ## [3.7.0](https://github.com/opencloud-eu/opencloud/releases/tag/v3.7.0) - 2025-11-03

 ### ❤️ Thanks to all contributors! ❤️
--- a/go.mod
+++ b/go.mod
@@ -64,7 +64,7 @@ require (
 	github.com/open-policy-agent/opa v1.10.1
 	github.com/opencloud-eu/icap-client v0.0.0-20250930132611-28a2afe62d89
 	github.com/opencloud-eu/libre-graph-api-go v1.0.8-0.20250724122329-41ba6b191e76
-	github.com/opencloud-eu/reva/v2 v2.40.1
+	github.com/opencloud-eu/reva/v2 v2.39.3
 	github.com/opensearch-project/opensearch-go/v4 v4.5.0
 	github.com/orcaman/concurrent-map v1.0.0
 	github.com/pkg/errors v0.9.1
@@ -372,9 +372,9 @@ require (
 	github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
 	github.com/yashtewari/glob-intersection v0.2.0 // indirect
 	github.com/yusufpapurcu/wmi v1.2.4 // indirect
-	go.etcd.io/etcd/api/v3 v3.6.6 // indirect
-	go.etcd.io/etcd/client/pkg/v3 v3.6.6 // indirect
-	go.etcd.io/etcd/client/v3 v3.6.6 // indirect
+	go.etcd.io/etcd/api/v3 v3.6.5 // indirect
+	go.etcd.io/etcd/client/pkg/v3 v3.6.5 // indirect
+	go.etcd.io/etcd/client/v3 v3.6.5 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 // indirect
--- a/go.sum
+++ b/go.sum
@@ -963,8 +963,8 @@ github.com/opencloud-eu/inotifywaitgo v0.0.0-20251111171128-a390bae3c5e9 h1:dIft
 github.com/opencloud-eu/inotifywaitgo v0.0.0-20251111171128-a390bae3c5e9/go.mod h1:JWyDC6H+5oZRdUJUgKuaye+8Ph5hEs6HVzVoPKzWSGI=
 github.com/opencloud-eu/libre-graph-api-go v1.0.8-0.20250724122329-41ba6b191e76 h1:vD/EdfDUrv4omSFjrinT8Mvf+8D7f9g4vgQ2oiDrVUI=
 github.com/opencloud-eu/libre-graph-api-go v1.0.8-0.20250724122329-41ba6b191e76/go.mod h1:pzatilMEHZFT3qV7C/X3MqOa3NlRQuYhlRhZTL+hN6Q=
-github.com/opencloud-eu/reva/v2 v2.40.1 h1:QwMkbGMhwDSwfk2WxbnTpIig2BugPBaVFjWcy2DSU3U=
-github.com/opencloud-eu/reva/v2 v2.40.1/go.mod h1:DGH08n2mvtsQLkt8o15FV6m51FwSJJGhjR8Ty+iIJww=
+github.com/opencloud-eu/reva/v2 v2.39.3 h1:/9NW08Bpy1GaNAPo8HrlyT21Flj8uNnOUyWLud1ehGc=
+github.com/opencloud-eu/reva/v2 v2.39.3/go.mod h1:kkGiMeEVR59VjDsmWIczWqRcwK8cy9ogTd/u802U3NI=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
@@ -1275,12 +1275,12 @@ github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQ
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.4.3 h1:dEadXpI6G79deX5prL3QRNP6JB8UxVkqo4UPnHaNXJo=
 go.etcd.io/bbolt v1.4.3/go.mod h1:tKQlpPaYCVFctUIgFKFnAlvbmB3tpy1vkTnDWohtc0E=
-go.etcd.io/etcd/api/v3 v3.6.6 h1:mcaMp3+7JawWv69p6QShYWS8cIWUOl32bFLb6qf8pOQ=
-go.etcd.io/etcd/api/v3 v3.6.6/go.mod h1:f/om26iXl2wSkcTA1zGQv8reJRSLVdoEBsi4JdfMrx4=
-go.etcd.io/etcd/client/pkg/v3 v3.6.6 h1:uoqgzSOv2H9KlIF5O1Lsd8sW+eMLuV6wzE3q5GJGQNs=
-go.etcd.io/etcd/client/pkg/v3 v3.6.6/go.mod h1:YngfUVmvsvOJ2rRgStIyHsKtOt9SZI2aBJrZiWJhCbI=
-go.etcd.io/etcd/client/v3 v3.6.6 h1:G5z1wMf5B9SNexoxOHUGBaULurOZPIgGPsW6CN492ec=
-go.etcd.io/etcd/client/v3 v3.6.6/go.mod h1:36Qv6baQ07znPR3+n7t+Rk5VHEzVYPvFfGmfF4wBHV8=
+go.etcd.io/etcd/api/v3 v3.6.5 h1:pMMc42276sgR1j1raO/Qv3QI9Af/AuyQUW6CBAWuntA=
+go.etcd.io/etcd/api/v3 v3.6.5/go.mod h1:ob0/oWA/UQQlT1BmaEkWQzI0sJ1M0Et0mMpaABxguOQ=
+go.etcd.io/etcd/client/pkg/v3 v3.6.5 h1:Duz9fAzIZFhYWgRjp/FgNq2gO1jId9Yae/rLn3RrBP8=
+go.etcd.io/etcd/client/pkg/v3 v3.6.5/go.mod h1:8Wx3eGRPiy0qOFMZT/hfvdos+DjEaPxdIDiCDUv/FQk=
+go.etcd.io/etcd/client/v3 v3.6.5 h1:yRwZNFBx/35VKHTcLDeO7XVLbCBFbPi+XV4OC3QJf2U=
+go.etcd.io/etcd/client/v3 v3.6.5/go.mod h1:ZqwG/7TAFZ0BJ0jXRPoJjKQJtbFo/9NIY8uoFFKcCyo=
 go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
 go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
--- a/opencloud/docker/Dockerfile.multiarch
+++ b/opencloud/docker/Dockerfile.multiarch
@@ -3,7 +3,6 @@ ARG TARGETOS
 ARG TARGETARCH
 ARG VERSION
 ARG STRING
-ARG EDITION

 RUN apk add bash make git curl gcc musl-dev libc-dev binutils-gold inotify-tools vips-dev

--- a/pkg/tracing/tracing.go
+++ b/pkg/tracing/tracing.go
@@ -105,19 +105,9 @@ func createResource(ctx context.Context, serviceName string) (*resource.Resource
 	return resource.New(ctx,
 		// Reads OTEL_RESOURCE_ATTRIBUTES and OTEL_SERVICE_NAME
 		resource.WithFromEnv(),
-		// Host Information
+		// Host and process information
 		resource.WithHost(),
-		// Process Information
-		// Resource WithProcessOwner is deliberately omitted because
-		// inside containers where process might run as an arbitrary
-		// uid without a username associated this would fail.
-		resource.WithProcessPID(),
-		resource.WithProcessCommandArgs(),
-		resource.WithProcessExecutableName(),
-		resource.WithProcessExecutablePath(),
-		resource.WithProcessRuntimeDescription(),
-		resource.WithProcessRuntimeName(),
-		resource.WithProcessRuntimeVersion(),
+		resource.WithProcess(),
 		// Service attributes
 		resource.WithAttributes(
 			semconv.ServiceName(serviceName),
--- a/pkg/version/export_test.go
+++ b/pkg/version/export_test.go
@@ -1,4 +0,0 @@
-package version
-
-// InitEdition exports the private edition initialization func for testing
-var InitEdition = initEdition
--- a/pkg/version/version.go
+++ b/pkg/version/version.go
@@ -1,27 +1,9 @@
 package version

 import (
-	"fmt"
-	"slices"
-	"strings"
 	"time"

 	"github.com/Masterminds/semver"
-	"github.com/opencloud-eu/reva/v2/pkg/logger"
-)
-
-const (
-
-	// Dev is used as a placeholder.
-	Dev = "dev"
-	// EditionDev indicates the development build channel was used to build the binary.
-	EditionDev = Dev
-	// EditionRolling indicates the rolling release build channel was used to build the binary.
-	EditionRolling = "rolling"
-	// EditionStable indicates the stable release build channel was used to build the binary.
-	EditionStable = "stable"
-	// EditionLTS indicates the lts release build channel was used to build the binary.
-	EditionLTS = "lts"
 )

 var (
@@ -34,61 +16,22 @@ var (
 	// LatestTag is the latest released version plus the dev meta version.
 	// Will be overwritten by the release pipeline
 	// Needs a manual change for every tagged release
-	LatestTag = "4.0.1+dev"
+	LatestTag = "4.0.0-rc.2+dev"

 	// Date indicates the build date.
 	// This has been removed, it looks like you can only replace static strings with recent go versions
 	//Date = time.Now().Format("20060102")
-	Date = Dev
+	Date = "dev"

 	// Legacy defines the old long 4 number OpenCloud version needed for some clients
 	Legacy = "0.1.0.0"
 	// LegacyString defines the old OpenCloud version needed for some clients
 	LegacyString = "0.1.0"
-
-	// Edition describes the build channel (stable, rolling, nightly, daily, dev)
-	Edition = Dev // default for self-compiled builds
 )

-func init() { //nolint:gochecknoinits
-	if err := initEdition(); err != nil {
-		logger.New().Error().Err(err).Msg("falling back to dev")
-	}
-}
-
-func initEdition() error {
-	regularEditions := []string{EditionDev, EditionRolling, EditionStable}
-	versionedEditions := []string{EditionLTS}
-	if !slices.ContainsFunc(slices.Concat(regularEditions, versionedEditions), func(s string) bool {
-		isRegularEdition := slices.Contains(regularEditions, Edition)
-		if isRegularEdition && s == Edition {
-			return true
-		}
-
-		// handle editions with a version
-		editionParts := strings.Split(Edition, "-")
-		if len(editionParts) != 2 { // a versioned edition channel must consist of exactly 2 parts.
-			return false
-		}
-
-		isVersionedEdition := slices.Contains(versionedEditions, editionParts[0])
-		if !isVersionedEdition { // not all channels can contain version information
-			return false
-		}
-
-		_, err := semver.NewVersion(editionParts[1])
-		return err == nil
-	}) {
-		Edition = Dev
-		return fmt.Errorf(`unknown edition channel "%s"`, Edition)
-	}
-
-	return nil
-}
-
 // Compiled returns the compile time of this service.
 func Compiled() time.Time {
-	if Date == Dev {
+	if Date == "dev" {
 		return time.Now()
 	}
 	t, _ := time.Parse("20060102", Date)
--- a/pkg/version/version_test.go
+++ b/pkg/version/version_test.go
@@ -1,65 +0,0 @@
-package version_test
-
-import (
-	"fmt"
-	"testing"
-
-	"github.com/opencloud-eu/opencloud/pkg/version"
-)
-
-func TestChannel(t *testing.T) {
-	tests := map[string]struct {
-		got   string
-		valid bool
-	}{
-		"no channel, defaults to dev": {
-			got:   "",
-			valid: false,
-		},
-		"dev channel": {
-			got:   version.EditionDev,
-			valid: true,
-		},
-		"rolling channel": {
-			got:   version.EditionRolling,
-			valid: true,
-		},
-		"stable channel": {
-			got:   version.EditionStable,
-			valid: true,
-		},
-		"lts channel without version": {
-			got:   version.EditionLTS,
-			valid: false,
-		},
-		"lts-1.0.0 channel": {
-			got:   fmt.Sprintf("%s-1", version.EditionLTS),
-			valid: true,
-		},
-		"lts-one invalid version": {
-			got:   fmt.Sprintf("%s-one", version.EditionLTS),
-			valid: false,
-		},
-		"known channel with version": {
-			got:   fmt.Sprintf("%s-1", version.EditionStable),
-			valid: false,
-		},
-		"unknown channel": {
-			got:   "foo",
-			valid: false,
-		},
-	}
-
-	for name, test := range tests {
-		t.Run(name, func(t *testing.T) {
-			version.Edition = test.got
-
-			switch err := version.InitEdition(); {
-			case err != nil && !test.valid && version.Edition != version.Dev: // if a given edition is unknown, the value is always dev
-				fallthrough
-			case test.valid != (err == nil):
-				t.Fatalf("invalid edition: %s", version.Edition)
-			}
-		})
-	}
-}
--- a/services/activitylog/pkg/config/config.go
+++ b/services/activitylog/pkg/config/config.go
@@ -40,7 +40,7 @@ type Config struct {
 type Events struct {
 	Endpoint             string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
 	Cluster              string `yaml:"cluster" env:"OC_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system." introductionVersion:"1.0.0"`
-	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
+	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
 	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS            bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername         string `yaml:"username" env:"OC_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
--- a/services/activitylog/pkg/service/l10n/locale/ca/LC_MESSAGES/activitylog.po
+++ b/services/activitylog/pkg/service/l10n/locale/ca/LC_MESSAGES/activitylog.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Ivan Fustero, 2025\n"
 "Language-Team: Catalan (https://app.transifex.com/opencloud-eu/teams/204053/ca/)\n"
--- a/services/activitylog/pkg/service/l10n/locale/de/LC_MESSAGES/activitylog.po
+++ b/services/activitylog/pkg/service/l10n/locale/de/LC_MESSAGES/activitylog.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Jörn Friedrich Dreyer <jfd@butonic.de>, 2025\n"
 "Language-Team: German (https://app.transifex.com/opencloud-eu/teams/204053/de/)\n"
--- a/services/activitylog/pkg/service/l10n/locale/es/LC_MESSAGES/activitylog.po
+++ b/services/activitylog/pkg/service/l10n/locale/es/LC_MESSAGES/activitylog.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Elías Martín, 2025\n"
 "Language-Team: Spanish (https://app.transifex.com/opencloud-eu/teams/204053/es/)\n"
--- a/services/activitylog/pkg/service/l10n/locale/fr/LC_MESSAGES/activitylog.po
+++ b/services/activitylog/pkg/service/l10n/locale/fr/LC_MESSAGES/activitylog.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: eric_G <junk.eg@free.fr>, 2025\n"
 "Language-Team: French (https://app.transifex.com/opencloud-eu/teams/204053/fr/)\n"
--- a/services/activitylog/pkg/service/l10n/locale/it/LC_MESSAGES/activitylog.po
+++ b/services/activitylog/pkg/service/l10n/locale/it/LC_MESSAGES/activitylog.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Simone Broglia, 2025\n"
 "Language-Team: Italian (https://app.transifex.com/opencloud-eu/teams/204053/it/)\n"
--- a/services/activitylog/pkg/service/l10n/locale/ko/LC_MESSAGES/activitylog.po
+++ b/services/activitylog/pkg/service/l10n/locale/ko/LC_MESSAGES/activitylog.po
@@ -12,7 +12,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Junghyuk Kwon <kwon@junghy.uk>, 2025\n"
 "Language-Team: Korean (https://app.transifex.com/opencloud-eu/teams/204053/ko/)\n"
--- a/services/activitylog/pkg/service/l10n/locale/sv/LC_MESSAGES/activitylog.po
+++ b/services/activitylog/pkg/service/l10n/locale/sv/LC_MESSAGES/activitylog.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-29 00:01+0000\n"
+"POT-Creation-Date: 2025-11-08 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Daniel Nylander <po@danielnylander.se>, 2025\n"
 "Language-Team: Swedish (https://app.transifex.com/opencloud-eu/teams/204053/sv/)\n"
--- a/services/activitylog/pkg/service/l10n/locale/zh/LC_MESSAGES/activitylog.po
+++ b/services/activitylog/pkg/service/l10n/locale/zh/LC_MESSAGES/activitylog.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: YQS Yang, 2025\n"
 "Language-Team: Chinese (https://app.transifex.com/opencloud-eu/teams/204053/zh/)\n"
--- a/services/antivirus/README.md
+++ b/services/antivirus/README.md
@@ -36,13 +36,13 @@ Several factors can make it necessary to limit the maximum filesize the antiviru
 Use the `ANTIVIRUS_MAX_SCAN_SIZE` environment variable to scan only a given number of bytes,
 or to skip the whole resource.

-Even if it is recommended to scan the whole file, several factors like scanner type and version,
+Even if it's recommended to scan the whole file, several factors like scanner type and version,
 bandwidth, performance issues, etc. might make a limit necessary.

-In such cases, the antivirus max scan size mode can be handy, the following modes are available:
+In such cases, the antivirus the max scan size mode can be handy, the following modes are available:

-  -   `partial`: The file is scanned up to the given size. The rest of the file is not scanned. This is the default mode `ANTIVIRUS_MAX_SCAN_SIZE_MODE=partial`
-  -   `skip`: The file is skipped and not scanned. `ANTIVIRUS_MAX_SCAN_SIZE_MODE=skip`
+  -   `partial`: The file is scanned up to the given size. The rest of the file is not scanned. This is the default mode `ANTIVIRUS_MAX_SCAN_SIZE=partial`
+  -   `skip`: The file is skipped and not scanned. `ANTIVIRUS_MAX_SCAN_SIZE=skip`

 **IMPORTANT**
 > Streaming of files to the virus scan service still [needs to be implemented](https://github.com/owncloud/ocis/issues/6803).
--- a/services/antivirus/pkg/config/config.go
+++ b/services/antivirus/pkg/config/config.go
@@ -75,7 +75,7 @@ type Debug struct {
 type Events struct {
 	Endpoint             string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT;ANTIVIRUS_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
 	Cluster              string `yaml:"cluster" env:"OC_EVENTS_CLUSTER;ANTIVIRUS_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system." introductionVersion:"1.0.0"`
-	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;ANTIVIRUS_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
+	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;ANTIVIRUS_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
 	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;ANTIVIRUS_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided ANTIVIRUS_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS            bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;ANTIVIRUS_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername         string `yaml:"username" env:"OC_EVENTS_AUTH_USERNAME;ANTIVIRUS_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
--- a/services/audit/pkg/config/config.go
+++ b/services/audit/pkg/config/config.go
@@ -25,7 +25,7 @@ type Config struct {
 type Events struct {
 	Endpoint             string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT;AUDIT_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
 	Cluster              string `yaml:"cluster" env:"OC_EVENTS_CLUSTER;AUDIT_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system." introductionVersion:"1.0.0"`
-	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;AUDIT_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
+	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;AUDIT_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
 	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;AUDIT_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided AUDIT_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS            bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;AUDIT_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername         string `yaml:"username" env:"OC_EVENTS_AUTH_USERNAME;AUDIT_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
--- a/services/clientlog/pkg/config/config.go
+++ b/services/clientlog/pkg/config/config.go
@@ -31,7 +31,7 @@ type Config struct {
 type Events struct {
 	Endpoint             string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT;CLIENTLOG_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
 	Cluster              string `yaml:"cluster" env:"OC_EVENTS_CLUSTER;CLIENTLOG_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system." introductionVersion:"1.0.0"`
-	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;CLIENTLOG_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
+	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;CLIENTLOG_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
 	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;CLIENTLOG_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS            bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;CLIENTLOG_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername         string `yaml:"username" env:"OC_EVENTS_AUTH_USERNAME;CLIENTLOG_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
--- a/services/eventhistory/pkg/config/config.go
+++ b/services/eventhistory/pkg/config/config.go
@@ -49,7 +49,7 @@ type Store struct {
 type Events struct {
 	Endpoint             string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT;EVENTHISTORY_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
 	Cluster              string `yaml:"cluster" env:"OC_EVENTS_CLUSTER;EVENTHISTORY_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system." introductionVersion:"1.0.0"`
-	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;EVENTHISTORY_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
+	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;EVENTHISTORY_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
 	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;EVENTHISTORY_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. Will be seen as empty if NOTIFICATIONS_EVENTS_TLS_INSECURE is provided." introductionVersion:"1.0.0"`
 	EnableTLS            bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;EVENTHISTORY_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername         string `yaml:"username" env:"OC_EVENTS_AUTH_USERNAME;EVENTHISTORY_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
--- a/services/frontend/pkg/config/config.go
+++ b/services/frontend/pkg/config/config.go
@@ -33,7 +33,7 @@ type Config struct {
 	EnableFederatedSharingIncoming bool   `yaml:"enable_federated_sharing_incoming" env:"OC_ENABLE_OCM;FRONTEND_ENABLE_FEDERATED_SHARING_INCOMING" desc:"Changing this value is NOT supported. Enables support for incoming federated sharing for clients. The backend behaviour is not changed." introductionVersion:"1.0.0"`
 	EnableFederatedSharingOutgoing bool   `yaml:"enable_federated_sharing_outgoing" env:"OC_ENABLE_OCM;FRONTEND_ENABLE_FEDERATED_SHARING_OUTGOING" desc:"Changing this value is NOT supported. Enables support for outgoing federated sharing for clients. The backend behaviour is not changed." introductionVersion:"1.0.0"`
 	SearchMinLength                int    `yaml:"search_min_length" env:"FRONTEND_SEARCH_MIN_LENGTH" desc:"Minimum number of characters to enter before a client should start a search for Share receivers. This setting can be used to customize the user experience if e.g too many results are displayed." introductionVersion:"1.0.0"`
-	Edition                        string `desc:"Edition of OpenCloud. Used for branding purposes." introductionVersion:"1.0.0"`
+	Edition                        string `yaml:"edition" env:"OC_EDITION;FRONTEND_EDITION" desc:"Edition of OpenCloud. Used for branding purposes." introductionVersion:"1.0.0"`
 	DisableSSE                     bool   `yaml:"disable_sse" env:"OC_DISABLE_SSE;FRONTEND_DISABLE_SSE" desc:"When set to true, clients are informed that the Server-Sent Events endpoint is not accessible." introductionVersion:"1.0.0"`
 	DisableRadicale                bool   `yaml:"disable_radicale" env:"FRONTEND_DISABLE_RADICALE" desc:"When set to true, clients are informed that the Radicale (CalDAV/CardDAV) is not accessible." introductionVersion:"4.0.0"`
 	DefaultLinkPermissions         int    `yaml:"default_link_permissions" env:"FRONTEND_DEFAULT_LINK_PERMISSIONS" desc:"Defines the default permissions a link is being created with. Possible values are 0 (= internal link, for instance members only) and 1 (= public link with viewer permissions). Defaults to 1." introductionVersion:"1.0.0"`
@@ -174,8 +174,8 @@ type Checksums struct {
 type Events struct {
 	Endpoint             string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT;FRONTEND_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
 	Cluster              string `yaml:"cluster" env:"OC_EVENTS_CLUSTER;FRONTEND_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system." introductionVersion:"1.0.0"`
-	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;FRONTEND_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
-	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;FRONTEND_EVENTS_TLS_ROOT_CA_CERTIFICATE;OCS_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
+	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;FRONTEND_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
+	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"FRONTEND_EVENTS_TLS_ROOT_CA_CERTIFICATE;OCS_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS            bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;FRONTEND_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername         string `yaml:"username" env:"OC_EVENTS_AUTH_USERNAME;FRONTEND_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthPassword         string `yaml:"password" env:"OC_EVENTS_AUTH_PASSWORD;FRONTEND_EVENTS_AUTH_PASSWORD" desc:"The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
--- a/services/frontend/pkg/config/defaults/defaultconfig.go
+++ b/services/frontend/pkg/config/defaults/defaultconfig.go
@@ -5,7 +5,6 @@ import (

 	"github.com/opencloud-eu/opencloud/pkg/shared"
 	"github.com/opencloud-eu/opencloud/pkg/structs"
-	"github.com/opencloud-eu/opencloud/pkg/version"
 	"github.com/opencloud-eu/opencloud/services/frontend/pkg/config"
 )

@@ -88,7 +87,7 @@ func DefaultConfig() *config.Config {
 		DefaultUploadProtocol:    "tus",
 		DefaultLinkPermissions:   1,
 		SearchMinLength:          3,
-		Edition:                  version.Edition,
+		Edition:                  "",
 		CheckForUpdates:          true,
 		Checksums: config.Checksums{
 			SupportedTypes:      []string{"sha1", "md5", "adler32"},
--- a/services/frontend/pkg/revaconfig/config.go
+++ b/services/frontend/pkg/revaconfig/config.go
@@ -346,7 +346,7 @@ func FrontendConfigFromStruct(cfg *config.Config, logger log.Logger) (map[string
 						},
 						"version": map[string]interface{}{
 							"product":        "OpenCloud",
-							"edition":        version.Edition,
+							"edition":        "",
 							"major":          version.ParsedLegacy().Major(),
 							"minor":          version.ParsedLegacy().Minor(),
 							"micro":          version.ParsedLegacy().Patch(),
--- a/services/graph/pkg/config/config.go
+++ b/services/graph/pkg/config/config.go
@@ -129,7 +129,7 @@ type API struct {
 type Events struct {
 	Endpoint             string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT;GRAPH_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Set to a empty string to disable emitting events." introductionVersion:"1.0.0"`
 	Cluster              string `yaml:"cluster" env:"OC_EVENTS_CLUSTER;GRAPH_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
-	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;GRAPH_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
+	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;GRAPH_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
 	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;GRAPH_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided GRAPH_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS            bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;GRAPH_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername         string `yaml:"username" env:"OC_EVENTS_AUTH_USERNAME;GRAPH_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
--- a/services/graph/pkg/l10n/locale/ca/LC_MESSAGES/graph.po
+++ b/services/graph/pkg/l10n/locale/ca/LC_MESSAGES/graph.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Ivan Fustero, 2025\n"
 "Language-Team: Catalan (https://app.transifex.com/opencloud-eu/teams/204053/ca/)\n"
--- a/services/graph/pkg/l10n/locale/de/LC_MESSAGES/graph.po
+++ b/services/graph/pkg/l10n/locale/de/LC_MESSAGES/graph.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Jörn Friedrich Dreyer <jfd@butonic.de>, 2025\n"
 "Language-Team: German (https://app.transifex.com/opencloud-eu/teams/204053/de/)\n"
--- a/services/graph/pkg/l10n/locale/es/LC_MESSAGES/graph.po
+++ b/services/graph/pkg/l10n/locale/es/LC_MESSAGES/graph.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Elías Martín, 2025\n"
 "Language-Team: Spanish (https://app.transifex.com/opencloud-eu/teams/204053/es/)\n"
--- a/services/graph/pkg/l10n/locale/fr/LC_MESSAGES/graph.po
+++ b/services/graph/pkg/l10n/locale/fr/LC_MESSAGES/graph.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: eric_G <junk.eg@free.fr>, 2025\n"
 "Language-Team: French (https://app.transifex.com/opencloud-eu/teams/204053/fr/)\n"
--- a/services/graph/pkg/l10n/locale/it/LC_MESSAGES/graph.po
+++ b/services/graph/pkg/l10n/locale/it/LC_MESSAGES/graph.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Simone Broglia, 2025\n"
 "Language-Team: Italian (https://app.transifex.com/opencloud-eu/teams/204053/it/)\n"
--- a/services/graph/pkg/l10n/locale/ko/LC_MESSAGES/graph.po
+++ b/services/graph/pkg/l10n/locale/ko/LC_MESSAGES/graph.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: gapho shin, 2025\n"
 "Language-Team: Korean (https://app.transifex.com/opencloud-eu/teams/204053/ko/)\n"
--- a/services/graph/pkg/l10n/locale/sv/LC_MESSAGES/graph.po
+++ b/services/graph/pkg/l10n/locale/sv/LC_MESSAGES/graph.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-29 00:01+0000\n"
+"POT-Creation-Date: 2025-11-08 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Daniel Nylander <po@danielnylander.se>, 2025\n"
 "Language-Team: Swedish (https://app.transifex.com/opencloud-eu/teams/204053/sv/)\n"
--- a/services/graph/pkg/l10n/locale/zh/LC_MESSAGES/graph.po
+++ b/services/graph/pkg/l10n/locale/zh/LC_MESSAGES/graph.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: YQS Yang, 2025\n"
 "Language-Team: Chinese (https://app.transifex.com/opencloud-eu/teams/204053/zh/)\n"
--- a/services/graph/pkg/service/v0/users_test.go
+++ b/services/graph/pkg/service/v0/users_test.go
@@ -1354,7 +1354,6 @@ var _ = Describe("Users", func() {
 							Username: "federated",
 							Id: &userv1beta1.UserId{
 								OpaqueId: "federated",
-								Idp:      "provider",
 								Type:     userv1beta1.UserType_USER_TYPE_FEDERATED,
 							},
 						},
@@ -1378,7 +1377,7 @@ var _ = Describe("Users", func() {
 				Expect(err).ToNot(HaveOccurred())

 				Expect(len(res.Value)).To(Equal(1))
-				Expect(res.Value[0].GetId()).To(Equal("federated@provider"))
+				Expect(res.Value[0].GetId()).To(Equal("federated"))
 				Expect(res.Value[0].GetUserType()).To(Equal("Federated"))
 			})
 			It("does not list federated users when filtering for 'Member' users", func() {
--- a/services/notifications/pkg/config/config.go
+++ b/services/notifications/pkg/config/config.go
@@ -55,7 +55,7 @@ type SMTP struct {
 type Events struct {
 	Endpoint             string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT;NOTIFICATIONS_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
 	Cluster              string `yaml:"cluster" env:"OC_EVENTS_CLUSTER;NOTIFICATIONS_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system." introductionVersion:"1.0.0"`
-	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;NOTIFICATIONS_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
+	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;NOTIFICATIONS_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
 	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;NOTIFICATIONS_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS            bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;NOTIFICATIONS_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername         string `yaml:"username" env:"OC_EVENTS_AUTH_USERNAME;NOTIFICATIONS_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
--- a/services/notifications/pkg/email/l10n/locale/ca/LC_MESSAGES/notifications.po
+++ b/services/notifications/pkg/email/l10n/locale/ca/LC_MESSAGES/notifications.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Ivan Fustero, 2025\n"
 "Language-Team: Catalan (https://app.transifex.com/opencloud-eu/teams/204053/ca/)\n"
--- a/services/notifications/pkg/email/l10n/locale/de/LC_MESSAGES/notifications.po
+++ b/services/notifications/pkg/email/l10n/locale/de/LC_MESSAGES/notifications.po
@@ -12,7 +12,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Jonas, 2025\n"
 "Language-Team: German (https://app.transifex.com/opencloud-eu/teams/204053/de/)\n"
--- a/services/notifications/pkg/email/l10n/locale/fr/LC_MESSAGES/notifications.po
+++ b/services/notifications/pkg/email/l10n/locale/fr/LC_MESSAGES/notifications.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: eric_G <junk.eg@free.fr>, 2025\n"
 "Language-Team: French (https://app.transifex.com/opencloud-eu/teams/204053/fr/)\n"
--- a/services/notifications/pkg/email/l10n/locale/it/LC_MESSAGES/notifications.po
+++ b/services/notifications/pkg/email/l10n/locale/it/LC_MESSAGES/notifications.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Simone Broglia, 2025\n"
 "Language-Team: Italian (https://app.transifex.com/opencloud-eu/teams/204053/it/)\n"
--- a/services/notifications/pkg/email/l10n/locale/ko/LC_MESSAGES/notifications.po
+++ b/services/notifications/pkg/email/l10n/locale/ko/LC_MESSAGES/notifications.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: gapho shin, 2025\n"
 "Language-Team: Korean (https://app.transifex.com/opencloud-eu/teams/204053/ko/)\n"
--- a/services/notifications/pkg/email/l10n/locale/sv/LC_MESSAGES/notifications.po
+++ b/services/notifications/pkg/email/l10n/locale/sv/LC_MESSAGES/notifications.po
@@ -12,7 +12,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-29 00:01+0000\n"
+"POT-Creation-Date: 2025-11-08 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Daniel Nylander <po@danielnylander.se>, 2025\n"
 "Language-Team: Swedish (https://app.transifex.com/opencloud-eu/teams/204053/sv/)\n"
--- a/services/notifications/pkg/email/l10n/locale/zh/LC_MESSAGES/notifications.po
+++ b/services/notifications/pkg/email/l10n/locale/zh/LC_MESSAGES/notifications.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: YQS Yang, 2025\n"
 "Language-Team: Chinese (https://app.transifex.com/opencloud-eu/teams/204053/zh/)\n"
--- a/services/ocdav/pkg/config/config.go
+++ b/services/ocdav/pkg/config/config.go
@@ -80,5 +80,5 @@ type Status struct {
 	Product        string
 	ProductName    string
 	ProductVersion string
-	Edition        string `desc:"Edition of OpenCloud. Used for branding purposes." introductionVersion:"1.0.0"`
+	Edition        string `yaml:"edition" env:"OC_EDITION;OCDAV_EDITION" desc:"Edition of OpenCloud. Used for branding purposes." introductionVersion:"1.0.0"`
 }
--- a/services/ocdav/pkg/config/defaults/defaultconfig.go
+++ b/services/ocdav/pkg/config/defaults/defaultconfig.go
@@ -92,7 +92,7 @@ func DefaultConfig() *config.Config {
 			ProductVersion: version.GetString(),
 			Product:        "OpenCloud",
 			ProductName:    "OpenCloud",
-			Edition:        version.Edition,
+			Edition:        "",
 		},
 	}
 }
--- a/services/ocm/pkg/config/config.go
+++ b/services/ocm/pkg/config/config.go
@@ -154,7 +154,7 @@ type OCMShareProviderJSONDriver struct {
 type Events struct {
 	Endpoint             string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT;OCM_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
 	Cluster              string `yaml:"cluster" env:"OC_EVENTS_CLUSTER;OCM_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system." introductionVersion:"1.0.0"`
-	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;OCM_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
+	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OCM_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
 	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;OCM_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided OCM_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS            bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;OCM_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername         string `yaml:"username" env:"OC_EVENTS_AUTH_USERNAME;OCM_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
--- a/services/policies/pkg/config/config.go
+++ b/services/policies/pkg/config/config.go
@@ -50,7 +50,7 @@ type Postprocessing struct {
 type Events struct {
 	Endpoint             string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT;POLICIES_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
 	Cluster              string `yaml:"cluster" env:"OC_EVENTS_CLUSTER;POLICIES_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system." introductionVersion:"1.0.0"`
-	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;POLICIES_EVENTS_TLS_INSECURE" desc:"Whether the server should skip the client certificate verification during the TLS handshake." introductionVersion:"1.0.0"`
+	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;POLICIES_EVENTS_TLS_INSECURE" desc:"Whether the server should skip the client certificate verification during the TLS handshake." introductionVersion:"1.0.0"`
 	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;POLICIES_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided POLICIES_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS            bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;POLICIES_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername         string `yaml:"username" env:"OC_EVENTS_AUTH_USERNAME;POLICIES_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
--- a/services/postprocessing/pkg/config/config.go
+++ b/services/postprocessing/pkg/config/config.go
@@ -39,7 +39,7 @@ type Events struct {
 	Endpoint string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT;POSTPROCESSING_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
 	Cluster  string `yaml:"cluster" env:"OC_EVENTS_CLUSTER;POSTPROCESSING_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system." introductionVersion:"1.0.0"`

-	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;POSTPROCESSING_EVENTS_TLS_INSECURE" desc:"Whether the OpenCloud server should skip the client certificate verification during the TLS handshake." introductionVersion:"1.0.0"`
+	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;POSTPROCESSING_EVENTS_TLS_INSECURE" desc:"Whether the OpenCloud server should skip the client certificate verification during the TLS handshake." introductionVersion:"1.0.0"`
 	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;POSTPROCESSING_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided POSTPROCESSING_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS            bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;POSTPROCESSING_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername         string `yaml:"username" env:"OC_EVENTS_AUTH_USERNAME;POSTPROCESSING_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
--- a/services/proxy/pkg/config/config.go
+++ b/services/proxy/pkg/config/config.go
@@ -227,7 +227,7 @@ type ServiceAccount struct {
 type Events struct {
 	Endpoint             string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT;PROXY_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Set to a empty string to disable emitting events." introductionVersion:"1.0.0"`
 	Cluster              string `yaml:"cluster" env:"OC_EVENTS_CLUSTER;PROXY_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
-	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;PROXY_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
+	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;PROXY_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
 	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;PROXY_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided PROXY_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS            bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;PROXY_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername         string `yaml:"username" env:"OC_EVENTS_AUTH_USERNAME;PROXY_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
--- a/services/search/pkg/config/search.go
+++ b/services/search/pkg/config/search.go
@@ -11,7 +11,7 @@ type Events struct {
 	NumConsumers     int    `yaml:"num_consumers" env:"SEARCH_EVENTS_NUM_CONSUMERS" desc:"The amount of concurrent event consumers to start. Event consumers are used for searching files. Multiple consumers increase parallelisation, but will also increase CPU and memory demands." introductionVersion:"1.0.0"`
 	DebounceDuration int    `yaml:"debounce_duration" env:"SEARCH_EVENTS_REINDEX_DEBOUNCE_DURATION" desc:"The duration in milliseconds the reindex debouncer waits before triggering a reindex of a space that was modified." introductionVersion:"1.0.0"`

-	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;SEARCH_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
+	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;SEARCH_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
 	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;SEARCH_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided SEARCH_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS            bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;SEARCH_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername         string `yaml:"username" env:"OC_EVENTS_AUTH_USERNAME;SEARCH_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
--- a/services/settings/pkg/service/v0/l10n/locale/ca/LC_MESSAGES/settings.po
+++ b/services/settings/pkg/service/v0/l10n/locale/ca/LC_MESSAGES/settings.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Ivan Fustero, 2025\n"
 "Language-Team: Catalan (https://app.transifex.com/opencloud-eu/teams/204053/ca/)\n"
--- a/services/settings/pkg/service/v0/l10n/locale/de/LC_MESSAGES/settings.po
+++ b/services/settings/pkg/service/v0/l10n/locale/de/LC_MESSAGES/settings.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Jörn Friedrich Dreyer <jfd@butonic.de>, 2025\n"
 "Language-Team: German (https://app.transifex.com/opencloud-eu/teams/204053/de/)\n"
--- a/services/settings/pkg/service/v0/l10n/locale/es/LC_MESSAGES/settings.po
+++ b/services/settings/pkg/service/v0/l10n/locale/es/LC_MESSAGES/settings.po
@@ -12,7 +12,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Alejandro Robles, 2025\n"
 "Language-Team: Spanish (https://app.transifex.com/opencloud-eu/teams/204053/es/)\n"
--- a/services/settings/pkg/service/v0/l10n/locale/fr/LC_MESSAGES/settings.po
+++ b/services/settings/pkg/service/v0/l10n/locale/fr/LC_MESSAGES/settings.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: eric_G <junk.eg@free.fr>, 2025\n"
 "Language-Team: French (https://app.transifex.com/opencloud-eu/teams/204053/fr/)\n"
--- a/services/settings/pkg/service/v0/l10n/locale/it/LC_MESSAGES/settings.po
+++ b/services/settings/pkg/service/v0/l10n/locale/it/LC_MESSAGES/settings.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Simone Pagano, 2025\n"
 "Language-Team: Italian (https://app.transifex.com/opencloud-eu/teams/204053/it/)\n"
--- a/services/settings/pkg/service/v0/l10n/locale/ko/LC_MESSAGES/settings.po
+++ b/services/settings/pkg/service/v0/l10n/locale/ko/LC_MESSAGES/settings.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: gapho shin, 2025\n"
 "Language-Team: Korean (https://app.transifex.com/opencloud-eu/teams/204053/ko/)\n"
--- a/services/settings/pkg/service/v0/l10n/locale/ru/LC_MESSAGES/settings.po
+++ b/services/settings/pkg/service/v0/l10n/locale/ru/LC_MESSAGES/settings.po
@@ -12,7 +12,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Lulufox, 2025\n"
 "Language-Team: Russian (https://app.transifex.com/opencloud-eu/teams/204053/ru/)\n"
--- a/services/settings/pkg/service/v0/l10n/locale/sv/LC_MESSAGES/settings.po
+++ b/services/settings/pkg/service/v0/l10n/locale/sv/LC_MESSAGES/settings.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Davis Kaza, 2025\n"
 "Language-Team: Swedish (https://app.transifex.com/opencloud-eu/teams/204053/sv/)\n"
--- a/services/settings/pkg/service/v0/l10n/locale/zh/LC_MESSAGES/settings.po
+++ b/services/settings/pkg/service/v0/l10n/locale/zh/LC_MESSAGES/settings.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: YQS Yang, 2025\n"
 "Language-Team: Chinese (https://app.transifex.com/opencloud-eu/teams/204053/zh/)\n"
--- a/services/sharing/pkg/config/config.go
+++ b/services/sharing/pkg/config/config.go
@@ -149,7 +149,7 @@ type PublicSharingJSONCS3Driver struct {
 type Events struct {
 	Addr              string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT;SHARING_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
 	ClusterID         string `yaml:"cluster" env:"OC_EVENTS_CLUSTER;SHARING_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system." introductionVersion:"1.0.0"`
-	TLSInsecure       bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;SHARING_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
+	TLSInsecure       bool   `yaml:"tls_insecure" env:"OC_INSECURE;SHARING_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
 	TLSRootCaCertPath string `yaml:"tls_root_ca_cert_path" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;SHARING_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided SHARING_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS         bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;SHARING_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername      string `yaml:"auth_username" env:"OC_EVENTS_AUTH_USERNAME;SHARING_EVENTS_AUTH_USERNAME" desc:"Username for the events broker." introductionVersion:"1.0.0"`
--- a/services/sse/pkg/config/config.go
+++ b/services/sse/pkg/config/config.go
@@ -49,7 +49,7 @@ type Debug struct {
 type Events struct {
 	Endpoint             string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT;SSE_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
 	Cluster              string `yaml:"cluster" env:"OC_EVENTS_CLUSTER;SSE_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system." introductionVersion:"1.0.0"`
-	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;SSE_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
+	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;SSE_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
 	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;SSE_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided SSE_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS            bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;SSE_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername         string `yaml:"username" env:"OC_EVENTS_AUTH_USERNAME;SSE_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
--- a/services/storage-users/pkg/config/config.go
+++ b/services/storage-users/pkg/config/config.go
@@ -224,7 +224,7 @@ type PosixDriver struct {
 type Events struct {
 	Addr              string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT;STORAGE_USERS_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
 	ClusterID         string `yaml:"cluster" env:"OC_EVENTS_CLUSTER;STORAGE_USERS_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system." introductionVersion:"1.0.0"`
-	TLSInsecure       bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;STORAGE_USERS_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
+	TLSInsecure       bool   `yaml:"tls_insecure" env:"OC_INSECURE;STORAGE_USERS_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
 	TLSRootCaCertPath string `yaml:"tls_root_ca_cert_path" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;STORAGE_USERS_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided STORAGE_USERS_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS         bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;STORAGE_USERS_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	NumConsumers      int    `yaml:"num_consumers" env:"STORAGE_USERS_EVENTS_NUM_CONSUMERS" desc:"The amount of concurrent event consumers to start. Event consumers are used for post-processing files. Multiple consumers increase parallelisation, but will also increase CPU and memory demands. The setting has no effect when the OC_ASYNC_UPLOADS is set to false. The default and minimum value is 1." introductionVersion:"1.0.0"`
--- a/services/userlog/pkg/config/config.go
+++ b/services/userlog/pkg/config/config.go
@@ -52,7 +52,7 @@ type Persistence struct {
 type Events struct {
 	Endpoint             string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT;USERLOG_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
 	Cluster              string `yaml:"cluster" env:"OC_EVENTS_CLUSTER;USERLOG_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system." introductionVersion:"1.0.0"`
-	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;USERLOG_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
+	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;USERLOG_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
 	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;USERLOG_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS            bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;USERLOG_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername         string `yaml:"username" env:"OC_EVENTS_AUTH_USERNAME;USERLOG_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
--- a/services/userlog/pkg/service/l10n/locale/ca/LC_MESSAGES/userlog.po
+++ b/services/userlog/pkg/service/l10n/locale/ca/LC_MESSAGES/userlog.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Ivan Fustero, 2025\n"
 "Language-Team: Catalan (https://app.transifex.com/opencloud-eu/teams/204053/ca/)\n"
--- a/services/userlog/pkg/service/l10n/locale/de/LC_MESSAGES/userlog.po
+++ b/services/userlog/pkg/service/l10n/locale/de/LC_MESSAGES/userlog.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Jörn Friedrich Dreyer <jfd@butonic.de>, 2025\n"
 "Language-Team: German (https://app.transifex.com/opencloud-eu/teams/204053/de/)\n"
--- a/services/userlog/pkg/service/l10n/locale/es/LC_MESSAGES/userlog.po
+++ b/services/userlog/pkg/service/l10n/locale/es/LC_MESSAGES/userlog.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Elías Martín, 2025\n"
 "Language-Team: Spanish (https://app.transifex.com/opencloud-eu/teams/204053/es/)\n"
--- a/services/userlog/pkg/service/l10n/locale/fr/LC_MESSAGES/userlog.po
+++ b/services/userlog/pkg/service/l10n/locale/fr/LC_MESSAGES/userlog.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: eric_G <junk.eg@free.fr>, 2025\n"
 "Language-Team: French (https://app.transifex.com/opencloud-eu/teams/204053/fr/)\n"
--- a/services/userlog/pkg/service/l10n/locale/it/LC_MESSAGES/userlog.po
+++ b/services/userlog/pkg/service/l10n/locale/it/LC_MESSAGES/userlog.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Simone Broglia, 2025\n"
 "Language-Team: Italian (https://app.transifex.com/opencloud-eu/teams/204053/it/)\n"
--- a/services/userlog/pkg/service/l10n/locale/ko/LC_MESSAGES/userlog.po
+++ b/services/userlog/pkg/service/l10n/locale/ko/LC_MESSAGES/userlog.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: gapho shin, 2025\n"
 "Language-Team: Korean (https://app.transifex.com/opencloud-eu/teams/204053/ko/)\n"
--- a/services/userlog/pkg/service/l10n/locale/ru/LC_MESSAGES/userlog.po
+++ b/services/userlog/pkg/service/l10n/locale/ru/LC_MESSAGES/userlog.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Lulufox, 2025\n"
 "Language-Team: Russian (https://app.transifex.com/opencloud-eu/teams/204053/ru/)\n"
--- a/services/userlog/pkg/service/l10n/locale/sv/LC_MESSAGES/userlog.po
+++ b/services/userlog/pkg/service/l10n/locale/sv/LC_MESSAGES/userlog.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-29 00:01+0000\n"
+"POT-Creation-Date: 2025-11-08 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Daniel Nylander <po@danielnylander.se>, 2025\n"
 "Language-Team: Swedish (https://app.transifex.com/opencloud-eu/teams/204053/sv/)\n"
--- a/services/userlog/pkg/service/l10n/locale/zh/LC_MESSAGES/userlog.po
+++ b/services/userlog/pkg/service/l10n/locale/zh/LC_MESSAGES/userlog.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-30 00:02+0000\n"
+"POT-Creation-Date: 2025-11-09 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: YQS Yang, 2025\n"
 "Language-Team: Chinese (https://app.transifex.com/opencloud-eu/teams/204053/zh/)\n"
--- a/services/web/Makefile
+++ b/services/web/Makefile
@@ -1,6 +1,6 @@
 SHELL := bash
 NAME := web
-WEB_ASSETS_VERSION = v4.2.1
+WEB_ASSETS_VERSION = v4.2.1-rc.1
 WEB_ASSETS_BRANCH = main

 ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
--- a/services/web/pkg/service/v0/service.go
+++ b/services/web/pkg/service/v0/service.go
@@ -136,9 +136,6 @@ func (p Web) getPayload() (payload []byte, err error) {
 		p.config.Web.Config.Apps = make([]string, 0)
 	}

-	// ensure that the server url has a trailing slash
-	p.config.Web.Config.Server = strings.TrimRight(p.config.Web.Config.Server, "/") + "/"
-
 	return json.Marshal(p.config.Web.Config)
 }

--- a/tests/acceptance/TestHelpers/GraphHelper.php
+++ b/tests/acceptance/TestHelpers/GraphHelper.php
@@ -120,12 +120,13 @@ class GraphHelper {
 	}

 	/**
-	 * Federated users have a string of {userid}@{provider} as their id
+	 * Federated users have a base64 encoded string of {remoteid}@{provider} as their id
+	 * This regex matches only non empty base64 encoded strings
 	 *
 	 * @return string
 	 */
 	public static function getFederatedUserRegex(): string {
-		return '^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}@https?://.+$';
+		return '(?=(.{4})*$)[A-Za-z0-9+/]*={0,2}$';
 	}

 	/**
--- a/tests/acceptance/bootstrap/CliContext.php
+++ b/tests/acceptance/bootstrap/CliContext.php
@@ -904,7 +904,7 @@ class CliContext implements Context {
 		$userUuid = $this->featureContext->getAttributeOfCreatedUser($user, 'id');
 		$storagePath = $this->getUsersStoragePath();
 		$body = [
-			"command" => "getfattr -n " . escapeshellarg($attribute) . " --only-values $storagePath/$userUuid/$file",
+			"command" => "xattr -p -slz " . escapeshellarg($attribute) . " $storagePath/$userUuid/$file",
 			"raw" => true
 		];
 		$this->featureContext->setResponse(CliHelper::runCommand($body));
--- a/tests/acceptance/bootstrap/FeatureContext.php
+++ b/tests/acceptance/bootstrap/FeatureContext.php
@@ -2440,6 +2440,14 @@ class FeatureContext extends BehatVariablesContext {
 				],
 				"parameter" => []
 			],
+			[
+				"code" => "%identities_issuer_id_pattern%",
+				"function" => [
+					__NAMESPACE__ . '\TestHelpers\GraphHelper',
+					"getFederatedUserRegex"
+				],
+				"parameter" => []
+			],
 			[
 				"code" => "%uuidv4_pattern%",
 				"function" => [
--- a/tests/acceptance/bootstrap/SharingNgContext.php
+++ b/tests/acceptance/bootstrap/SharingNgContext.php
@@ -327,11 +327,12 @@ class SharingNgContext implements Context {
 				if ($shareType === "user") {
 					$shareeId = $this->featureContext->getAttributeOfCreatedUser($sharee, 'id');
 					if ($federatedShare) {
-						$federatedUser = $this->featureContext->ocmContext->getAcceptedUserByName(
-							$user,
-							$sharee
-						);
-						$shareeId = $federatedUser['user_id'] . "@" . $federatedUser['idp'];
+						$shareeId = (
+							$this->featureContext->ocmContext->getAcceptedUserByName(
+								$user,
+								$sharee
+							)
+						)['user_id'];
 					}
 				} elseif ($shareType === "group") {
 					$shareeId = $this->featureContext->getAttributeOfCreatedGroup($sharee, 'id');
@@ -402,11 +403,7 @@ class SharingNgContext implements Context {
 			if ($shareType === "user") {
 				$shareeId = $this->featureContext->getAttributeOfCreatedUser($sharee, 'id');
 				if ($federatedShare) {
-					$federatedUser = $this->featureContext->ocmContext->getAcceptedUserByName(
-						$user,
-						$sharee
-					);
-					$shareeId = $federatedUser['user_id'] . "@" . $federatedUser['idp'];
+					$shareeId = ($this->featureContext->ocmContext->getAcceptedUserByName($user, $sharee))['user_id'];
 				}
 			} elseif ($shareType === "group") {
 				$shareeId = $this->featureContext->getAttributeOfCreatedGroup($sharee, 'id');
--- a/tests/acceptance/features/apiOcm/ocmEndpoint.feature
+++ b/tests/acceptance/features/apiOcm/ocmEndpoint.feature
@@ -26,7 +26,7 @@ Feature: ocm well-known URI
            "const": true
          },
          "apiVersion": {
-            "const": "1.2.0"
+            "const": "1.1.0"
          },
          "endPoint": {
            "pattern": "^%base_url%/ocm"
@@ -73,24 +73,10 @@ Feature: ocm well-known URI
          },
          "capabilities": {
            "type": "array",
-            "minItems": 4,
-            "maxItems": 4,
-            "uniqueItems": true,
+            "minItems": 1,
+            "maxItems": 1,
            "items": {
-              "oneOf": [
-                {
-                  "const": "invites"
-                },
-                {
-                  "const": "webdav-uri"
-                },
-                {
-                  "const": "protocol-object"
-                },
-                {
-                  "const": "invite-wayf"
-                }
-              ]
+              "const": "/invite-accepted"
            }
          }
        }
--- a/tests/acceptance/features/apiOcm/searchFederationUsers.feature
+++ b/tests/acceptance/features/apiOcm/searchFederationUsers.feature
@@ -68,7 +68,7 @@ Feature: search federation users
                      },
                      "issuerAssignedId": {
                        "type": "string",
-                        "pattern": "^%federated_user_id_pattern%$"
+                        "pattern": "^%identities_issuer_id_pattern%$"
                      }
                    }
                  }
@@ -130,7 +130,7 @@ Feature: search federation users
                      },
                      "issuerAssignedId": {
                        "type": "string",
-                        "pattern": "^%federated_user_id_pattern%$"
+                        "pattern": "^%identities_issuer_id_pattern%$"
                      }
                    }
                  }
@@ -198,7 +198,7 @@ Feature: search federation users
                      },
                      "issuerAssignedId": {
                        "type": "string",
-                        "pattern": "^%federated_user_id_pattern%$"
+                        "pattern": "^%identities_issuer_id_pattern%$"
                      }
                    }
                  }
@@ -260,7 +260,7 @@ Feature: search federation users
                      },
                      "issuerAssignedId": {
                        "type": "string",
-                        "pattern": "^%federated_user_id_pattern%$"
+                        "pattern": "^%identities_issuer_id_pattern%$"
                      }
                    }
                  }
@@ -484,7 +484,7 @@ Feature: search federation users
                      },
                      "issuerAssignedId": {
                        "type": "string",
-                        "pattern": "^%uuidv4_pattern%$"
+                        "pattern": "^%identities_issuer_id_pattern%$"
                      }
                    }
                  }
@@ -549,7 +549,7 @@ Feature: search federation users
                      },
                      "issuerAssignedId": {
                        "type": "string",
-                        "pattern": "^%uuidv4_pattern%$"
+                        "pattern": "^%identities_issuer_id_pattern%$"
                      }
                    }
                  }
@@ -696,7 +696,7 @@ Feature: search federation users
                          },
                          "issuerAssignedId": {
                            "type": "string",
-                            "pattern": "^%uuidv4_pattern%$"
+                            "pattern": "^%identities_issuer_id_pattern%$"
                          }
                        }
                      }
--- a/tests/acceptance/features/coreApiCapabilities/capabilities.feature
+++ b/tests/acceptance/features/coreApiCapabilities/capabilities.feature
@@ -202,7 +202,7 @@ Feature: capabilities
                    "properties": {
                      "edition": {
                        "type": "string",
-                        "enum": ["dev"]
+                        "enum": ["%edition%"]
                      },
                      "product": {
                        "type": "string",
@@ -240,7 +240,7 @@ Feature: capabilities
              },
              "edition": {
                "type": "string",
-                "enum": ["dev"]
+                "enum": ["%edition%"]
              },
              "product": {
                "type": "string",
--- a/tests/acceptance/features/coreApiCapabilities/capabilitiesWithNormalUser.feature
+++ b/tests/acceptance/features/coreApiCapabilities/capabilitiesWithNormalUser.feature
@@ -58,7 +58,7 @@ Feature: default capabilities for normal user
                        "const": "%versionstring%"
                      },
                      "edition": {
-                        "const": "dev"
+                        "const": "%edition%"
                      },
                      "productname": {
                        "const": "%productname%"
--- a/vendor/github.com/opencloud-eu/reva/v2/cmd/revad/runtime/runtime.go
+++ b/vendor/github.com/opencloud-eu/reva/v2/cmd/revad/runtime/runtime.go
@@ -62,9 +62,16 @@ func RunWithOptions(mainConf map[string]interface{}, pidFile string, opts ...Opt

 type coreConf struct {
 	MaxCPUs            string `mapstructure:"max_cpus"`
-	TracesExporter     string `mapstructure:"traces_exporter"`
+	TracingEnabled     bool   `mapstructure:"tracing_enabled"`
+	TracingInsecure    bool   `mapstructure:"tracing_insecure"`
+	TracingExporter    string `mapstructure:"tracing_exporter"`
+	TracingEndpoint    string `mapstructure:"tracing_endpoint"`
+	TracingCollector   string `mapstructure:"tracing_collector"`
 	TracingServiceName string `mapstructure:"tracing_service_name"`

+	// TracingService specifies the service. i.e OpenCensus, OpenTelemetry, OpenTracing...
+	TracingService string `mapstructure:"tracing_service"`
+
 	GracefulShutdownTimeout int `mapstructure:"graceful_shutdown_timeout"`
 }

@@ -142,8 +149,20 @@ func initServers(mainConf map[string]interface{}, log *zerolog.Logger, tp trace.
 }

 func initTracing(conf *coreConf) trace.TracerProvider {
-	if conf.TracesExporter != "none" && conf.TracesExporter != "" {
-		tp := rtrace.NewTracerProvider(conf.TracingServiceName, conf.TracesExporter)
+	if conf.TracingEnabled {
+		opts := []rtrace.Option{
+			rtrace.WithExporter(conf.TracingExporter),
+			rtrace.WithEndpoint(conf.TracingEndpoint),
+			rtrace.WithCollector(conf.TracingCollector),
+			rtrace.WithServiceName(conf.TracingServiceName),
+		}
+		if conf.TracingEnabled {
+			opts = append(opts, rtrace.WithEnabled())
+		}
+		if conf.TracingInsecure {
+			opts = append(opts, rtrace.WithInsecure())
+		}
+		tp := rtrace.NewTracerProvider(opts...)
 		rtrace.SetDefaultTracerProvider(tp)
 		return tp
 	}
@@ -262,9 +281,11 @@ func parseCoreConfOrDie(v interface{}) *coreConf {

 	// tracing defaults to enabled if not explicitly configured
 	if v == nil {
-		c.TracesExporter = "console"
-	} else if _, ok := v.(map[string]interface{})["traces_exporter"]; !ok {
-		c.TracesExporter = "console"
+		c.TracingEnabled = true
+		c.TracingEndpoint = "localhost:6831"
+	} else if _, ok := v.(map[string]interface{})["tracing_enabled"]; !ok {
+		c.TracingEnabled = true
+		c.TracingEndpoint = "localhost:6831"
 	}

 	return c
--- a/vendor/github.com/opencloud-eu/reva/v2/internal/grpc/services/ocminvitemanager/ocminvitemanager.go
+++ b/vendor/github.com/opencloud-eu/reva/v2/internal/grpc/services/ocminvitemanager/ocminvitemanager.go
@@ -174,9 +174,9 @@ func (s *service) ForwardInvite(ctx context.Context, req *invitepb.ForwardInvite
 	remoteUser, err := s.ocmClient.InviteAccepted(ctx, ocmEndpoint, &client.InviteAcceptedRequest{
 		Token:             req.InviteToken.GetToken(),
 		RecipientProvider: s.conf.ProviderDomain,
-		// The UserID is only a string here. To not lose the IDP information we use the LocalUserFederatedID encoding
-		// i.e. UserID@IDP
-		UserID: ocmuser.FormatOCMUser(user.GetId()),
+		// The UserID is only a string here. To not loose the IDP information we use the FederatedID encoding
+		// i.e. base64(UserID@IDP)
+		UserID: ocmuser.FederatedID(user.GetId(), "").GetOpaqueId(),
 		Email:  user.GetMail(),
 		Name:   user.GetDisplayName(),
 	})
@@ -217,9 +217,6 @@ func (s *service) ForwardInvite(ctx context.Context, req *invitepb.ForwardInvite
 		OpaqueId: remoteUser.UserID,
 	}

-	// we need to use a unique identifier for federated users
-	remoteUserID = ocmuser.LocalUserFederatedID(remoteUserID, "")
-
 	if err := s.repo.AddRemoteUser(ctx, user.Id, &userpb.User{
 		Id:          remoteUserID,
 		Mail:        remoteUser.Email,
@@ -279,8 +276,6 @@ func (s *service) AcceptInvite(ctx context.Context, req *invitepb.AcceptInviteRe
 	}

 	remoteUser := req.GetRemoteUser()
-	// we need to use a unique identifier for federated users
-	remoteUser.Id = ocmuser.LocalUserFederatedID(remoteUser.Id, "")

 	if err := s.repo.AddRemoteUser(ctx, token.GetUserId(), remoteUser); err != nil {
 		if !errors.Is(err, invite.ErrUserAlreadyAccepted) {
--- a/vendor/github.com/opencloud-eu/reva/v2/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
+++ b/vendor/github.com/opencloud-eu/reva/v2/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
@@ -324,11 +324,11 @@ func (s *service) CreateOCMShare(ctx context.Context, req *ocm.CreateOCMShareReq

 	// 2.b replace outgoing user ids with ocm user ids
 	// unpack the federated user id
-	shareWith := ocmuser.FormatOCMUser(ocmuser.LocalUserFederatedID(req.GetGrantee().GetUserId(), ""))
+	shareWith := ocmuser.FormatOCMUser(ocmuser.RemoteID(req.GetGrantee().GetUserId()))

-	// wrap the local user id in a local federated user id
-	owner := ocmuser.FormatOCMUser(ocmuser.LocalUserFederatedID(info.Owner, s.conf.ProviderDomain))
-	sender := ocmuser.FormatOCMUser(ocmuser.LocalUserFederatedID(user.Id, s.conf.ProviderDomain))
+	// wrap the local user id in a federated user id
+	owner := ocmuser.FormatOCMUser(ocmuser.FederatedID(info.Owner, s.conf.ProviderDomain))
+	sender := ocmuser.FormatOCMUser(ocmuser.FederatedID(user.Id, s.conf.ProviderDomain))

 	newShareReq := &client.NewShareRequest{
 		ShareWith:         shareWith,
--- a/vendor/github.com/opencloud-eu/reva/v2/internal/http/services/ocmd/client.go
+++ b/vendor/github.com/opencloud-eu/reva/v2/internal/http/services/ocmd/client.go
@@ -1,148 +0,0 @@
-// Copyright 2018-2025 CERN
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-//
-// In applying this license, CERN does not waive the privileges and immunities
-// granted to it by virtue of its status as an Intergovernmental Organization
-// or submit itself to any jurisdiction.
-
-package ocmd
-
-import (
-	"context"
-	"crypto/tls"
-	"encoding/json"
-	"io"
-	"net/http"
-	"net/url"
-	"time"
-
-	"github.com/opencloud-eu/reva/v2/internal/http/services/wellknown"
-	"github.com/opencloud-eu/reva/v2/pkg/appctx"
-	"github.com/opencloud-eu/reva/v2/pkg/errtypes"
-	"github.com/pkg/errors"
-)
-
-// OCMClient is the client for an OCM provider.
-type OCMClient struct {
-	client *http.Client
-}
-
-// NewClient returns a new OCMClient.
-func NewClient(timeout time.Duration, insecure bool) *OCMClient {
-	tr := &http.Transport{
-		TLSClientConfig: &tls.Config{InsecureSkipVerify: insecure},
-	}
-	return &OCMClient{
-		client: &http.Client{
-			Transport: tr,
-			Timeout:   timeout,
-		},
-	}
-}
-
-// Discover returns the OCM discovery information for a remote endpoint.
-// It tries /.well-known/ocm first, then falls back to /ocm-provider (legacy).
-// https://cs3org.github.io/OCM-API/docs.html?branch=develop&repo=OCM-API&user=cs3org#/paths/~1ocm-provider/get
-func (c *OCMClient) Discover(ctx context.Context, endpoint string) (*wellknown.OcmDiscoveryData, error) {
-	log := appctx.GetLogger(ctx)
-
-	remoteurl, _ := url.JoinPath(endpoint, "/.well-known/ocm")
-	body, err := c.discover(ctx, remoteurl)
-	if err != nil || len(body) == 0 {
-		log.Debug().Err(err).Str("sender", remoteurl).Str("response", string(body)).
-			Msg("invalid or empty response, falling back to legacy discovery")
-		remoteurl, _ := url.JoinPath(endpoint, "/ocm-provider") // legacy discovery endpoint
-
-		body, err = c.discover(ctx, remoteurl)
-		if err != nil || len(body) == 0 {
-			log.Warn().Err(err).Str("sender", remoteurl).Str("response", string(body)).
-				Msg("invalid or empty response")
-			return nil, errtypes.InternalError("Invalid response on OCM discovery")
-		}
-	}
-
-	var disco wellknown.OcmDiscoveryData
-	err = json.Unmarshal(body, &disco)
-	if err != nil {
-		log.Warn().Err(err).Str("sender", remoteurl).Str("response", string(body)).
-			Msg("malformed response")
-		return nil, errtypes.InternalError("Invalid payload on OCM discovery")
-	}
-
-	log.Debug().Str("sender", remoteurl).Any("response", disco).Msg("discovery response")
-	return &disco, nil
-}
-
-func (c *OCMClient) discover(ctx context.Context, url string) ([]byte, error) {
-	log := appctx.GetLogger(ctx)
-
-	req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
-	if err != nil {
-		return nil, errors.Wrap(err, "error creating OCM discovery request")
-	}
-	req.Header.Set("Content-Type", "application/json")
-
-	resp, err := c.client.Do(req)
-	defer func() {
-		if resp != nil && resp.Body != nil {
-			_ = resp.Body.Close()
-		}
-	}()
-
-	if err != nil {
-		return nil, errors.Wrap(err, "error doing OCM discovery request")
-	}
-	defer func(body io.ReadCloser) {
-		err := body.Close()
-		if err != nil {
-			log.Warn().Err(err).Msg("error closing response body")
-		}
-	}(resp.Body)
-	if resp.StatusCode != http.StatusOK {
-		log.Warn().Str("sender", url).Int("status", resp.StatusCode).Msg("discovery returned")
-		return nil, errtypes.NewErrtypeFromHTTPStatusCode(resp.StatusCode, "Remote does not offer a valid OCM discovery endpoint")
-	}
-
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return nil, errors.Wrap(err, "malformed remote OCM discovery")
-	}
-	return body, nil
-}
-
-// GetDirectoryService fetches a directory service listing from the given URL per OCM spec Appendix C.
-func (c *OCMClient) GetDirectoryService(ctx context.Context, directoryURL string) (*DirectoryService, error) {
-	log := appctx.GetLogger(ctx)
-
-	// TODO(@MahdiBaghbani): the discover() should be changed into a generic function that can be used to fetch any OCM endpoint. I'll do it in the security PR to minimize conflicts.
-	body, err := c.discover(ctx, directoryURL)
-	if err != nil {
-		return nil, errors.Wrap(err, "error fetching directory service")
-	}
-
-	var dirService DirectoryService
-	if err := json.Unmarshal(body, &dirService); err != nil {
-		log.Warn().Err(err).Str("url", directoryURL).Str("response", string(body)).Msg("malformed directory service response")
-		return nil, errors.Wrap(err, "invalid directory service payload")
-	}
-
-	// Validate required fields
-	if dirService.Federation == "" {
-		return nil, errtypes.InternalError("directory service missing required 'federation' field")
-	}
-	// Servers can be empty array, that's valid
-
-	log.Debug().Str("url", directoryURL).Str("federation", dirService.Federation).Int("servers", len(dirService.Servers)).Msg("fetched directory service")
-	return &dirService, nil
-}
--- a/vendor/github.com/opencloud-eu/reva/v2/internal/http/services/ocmd/invites.go
+++ b/vendor/github.com/opencloud-eu/reva/v2/internal/http/services/ocmd/invites.go
@@ -60,7 +60,7 @@ type acceptInviteRequest struct {
 	Email             string `json:"email"`
 }

-// AcceptInvite informs about an accepted invitation so that the users
+// AcceptInvite informs avout an accepted invitation so that the users
 // can initiate the OCM share creation.
 func (h *invitesHandler) AcceptInvite(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
@@ -73,7 +73,7 @@ func (h *invitesHandler) AcceptInvite(w http.ResponseWriter, r *http.Request) {
 	}

 	if req.Token == "" || req.UserID == "" || req.RecipientProvider == "" {
-		reqres.WriteError(w, r, reqres.APIErrorInvalidParameter, "token, userID and recipientProvider must not be null", nil)
+		reqres.WriteError(w, r, reqres.APIErrorInvalidParameter, "token, userID and recipiendProvider must not be null", nil)
 		return
 	}

@@ -146,7 +146,7 @@ func (h *invitesHandler) AcceptInvite(w http.ResponseWriter, r *http.Request) {
 	}

 	if err := json.NewEncoder(w).Encode(&user{
-		UserID: ocmuser.FormatOCMUser(acceptInviteResponse.UserId),
+		UserID: ocmuser.FederatedID(acceptInviteResponse.UserId, "").GetOpaqueId(),
 		Email:  acceptInviteResponse.Email,
 		Name:   acceptInviteResponse.DisplayName,
 	}); err != nil {
--- a/vendor/github.com/opencloud-eu/reva/v2/internal/http/services/ocmd/sepc.go
+++ b/vendor/github.com/opencloud-eu/reva/v2/internal/http/services/ocmd/sepc.go
@@ -1,33 +0,0 @@
-// Copyright 2025 CERN
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-//
-// In applying this license, CERN does not waive the privileges and immunities
-// granted to it by virtue of its status as an Intergovernmental Organization
-// or submit itself to any jurisdiction.
-
-package ocmd
-
-// DirectoryService represents a directory service listing per OCM spec Appendix C.
-type DirectoryService struct {
-	Federation string                   `json:"federation"`
-	Servers    []DirectoryServiceServer `json:"servers"`
-}
-
-// DirectoryServiceServer represents a single OCM server in a directory service.
-type DirectoryServiceServer struct {
-	DisplayName string `json:"displayName"`
-	URL         string `json:"url"`
-	// Added after discovery, not in raw response
-	InviteAcceptDialog string `json:"inviteAcceptDialog,omitempty"`
-}
--- a/vendor/github.com/opencloud-eu/reva/v2/internal/http/services/ocmd/shares.go
+++ b/vendor/github.com/opencloud-eu/reva/v2/internal/http/services/ocmd/shares.go
@@ -126,7 +126,7 @@ func (h *sharesHandler) CreateShare(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	shareWith, _, err := getLocalUserID(req.ShareWith)
+	shareWith, _, err := getIDAndMeshProvider(req.ShareWith)
 	if err != nil {
 		reqres.WriteError(w, r, reqres.APIErrorInvalidParameter, err.Error(), nil)
 		return
@@ -196,22 +196,6 @@ func (h *sharesHandler) CreateShare(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(http.StatusCreated)
 }

-func getLocalUserID(user string) (id, provider string, err error) {
-	idPart, provider, err := getIDAndMeshProvider(user)
-	if err != nil {
-		return "", "", err
-	}
-
-	// Handle nested @ in idPart (e.g. "user@idp@provider")
-	if inner := strings.LastIndex(idPart, "@"); inner != -1 {
-		id = idPart[:inner]
-	} else {
-		id = idPart
-	}
-
-	return id, provider, nil
-}
-
 func getUserIDFromOCMUser(user string) (*userpb.UserId, error) {
 	id, idp, err := getIDAndMeshProvider(user)
 	if err != nil {
@@ -225,18 +209,13 @@ func getUserIDFromOCMUser(user string) (*userpb.UserId, error) {
 	}, nil
 }

-func getIDAndMeshProvider(user string) (id, provider string, err error) {
-	last := strings.LastIndex(user, "@")
-	if last == -1 {
+func getIDAndMeshProvider(user string) (string, string, error) {
+	// the user is in the form of dimitri@apiwise.nl
+	split := strings.Split(user, "@")
+	if len(split) < 2 {
 		return "", "", errors.New("not in the form <id>@<provider>")
 	}
-	if len(user[:last]) == 0 {
-		return "", "", errors.New("empty id")
-	}
-	if len(user[last+1:]) == 0 {
-		return "", "", errors.New("empty provider")
-	}
-	return user[:last], user[last+1:], nil
+	return strings.Join(split[:len(split)-1], "@"), split[len(split)-1], nil
 }

 func getCreateShareRequest(r *http.Request) (*createShareRequest, error) {
--- a/vendor/github.com/opencloud-eu/reva/v2/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/remote.go
+++ b/vendor/github.com/opencloud-eu/reva/v2/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/remote.go
@@ -244,30 +244,13 @@ func (h *Handler) mapUserIdsFederatedShare(ctx context.Context, gw gatewayv1beta
 	}
 }

-func getIDAndMeshProvider(user string) (id, provider string, err error) {
-	last := strings.LastIndex(user, "@")
-	if last == -1 {
-		return "", "", errors.New("not in the form <id>@<provider>")
-	}
-	if len(user[:last]) == 0 {
-		return "", "", errors.New("empty id")
-	}
-	if len(user[last+1:]) == 0 {
-		return "", "", errors.New("empty provider")
-	}
-	return user[:last], user[last+1:], nil
-}
-
 func (h *Handler) mustGetRemoteUser(ctx context.Context, gw gatewayv1beta1.GatewayAPIClient, id string) *userIdentifiers {
-	id, provider, err := getIDAndMeshProvider(id)
-	if err != nil {
-		return &userIdentifiers{}
-	}
+	s := strings.SplitN(id, "@", 2)
+	opaqueID, idp := s[0], s[1]
 	userRes, err := gw.GetAcceptedUser(ctx, &invitepb.GetAcceptedUserRequest{
 		RemoteUserId: &userpb.UserId{
-			Type:     userpb.UserType_USER_TYPE_FEDERATED,
-			Idp:      provider,
-			OpaqueId: id,
+			Idp:      idp,
+			OpaqueId: opaqueID,
 		},
 	})
 	if err != nil {
--- a/vendor/github.com/opencloud-eu/reva/v2/internal/http/services/sciencemesh/sciencemesh.go
+++ b/vendor/github.com/opencloud-eu/reva/v2/internal/http/services/sciencemesh/sciencemesh.go
@@ -60,15 +60,12 @@ func (s *svc) Close() error {
 }

 type config struct {
-	Prefix               string       `mapstructure:"prefix"`
-	GatewaySvc           string       `mapstructure:"gatewaysvc"         validate:"required"`
-	ProviderDomain       string       `mapstructure:"provider_domain"    validate:"required"`
-	MeshDirectoryURL     string       `mapstructure:"mesh_directory_url"`
-	OCMMountPoint        string       `mapstructure:"ocm_mount_point"`
-	DirectoryServiceURLs string       `mapstructure:"directory_service_urls"`
-	OCMClientTimeout     int          `mapstructure:"ocm_client_timeout"`
-	OCMClientInsecure    bool         `mapstructure:"ocm_client_insecure"`
-	Events               EventOptions `mapstructure:"events"`
+	Prefix           string       `mapstructure:"prefix"`
+	GatewaySvc       string       `mapstructure:"gatewaysvc"         validate:"required"`
+	ProviderDomain   string       `mapstructure:"provider_domain"    validate:"required"`
+	MeshDirectoryURL string       `mapstructure:"mesh_directory_url"`
+	OCMMountPoint    string       `mapstructure:"ocm_mount_point"`
+	Events           EventOptions `mapstructure:"events"`
 }

 // EventOptions are the configurable options for events
@@ -89,9 +86,6 @@ func (c *config) ApplyDefaults() {
 	if c.OCMMountPoint == "" {
 		c.OCMMountPoint = "/ocm"
 	}
-	if c.OCMClientTimeout == 0 {
-		c.OCMClientTimeout = 10
-	}

 	c.GatewaySvc = sharedconf.GetGatewaySVC(c.GatewaySvc)
 }
@@ -120,11 +114,6 @@ func (s *svc) routerInit() error {
 		return err
 	}

-	wayfHandler := new(wayfHandler)
-	if err := wayfHandler.init(s.conf); err != nil {
-		return err
-	}
-
 	s.router.Post("/generate-invite", tokenHandler.Generate)
 	s.router.Get("/list-invite", tokenHandler.ListInvite)
 	s.router.Post("/accept-invite", tokenHandler.AcceptInvite)
@@ -133,8 +122,6 @@ func (s *svc) routerInit() error {
 	s.router.Get("/list-providers", providersHandler.ListProviders)
 	s.router.Post("/create-share", sharesHandler.CreateShare)
 	s.router.Post("/open-in-app", appsHandler.OpenInApp)
-	s.router.Get("/federations", wayfHandler.GetFederations)
-	s.router.Post("/discover", wayfHandler.DiscoverProvider)
 	return nil
 }

@@ -143,7 +130,7 @@ func (s *svc) Prefix() string {
 }

 func (s *svc) Unprotected() []string {
-	return []string{"/federations", "/discover"}
+	return nil
 }

 func (s *svc) Handler() http.Handler {
--- a/vendor/github.com/opencloud-eu/reva/v2/internal/http/services/sciencemesh/wayf.go
+++ b/vendor/github.com/opencloud-eu/reva/v2/internal/http/services/sciencemesh/wayf.go
@@ -1,259 +0,0 @@
-// Copyright 2018-2024 CERN
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-//
-// In applying this license, CERN does not waive the privileges and immunities
-// granted to it by virtue of its status as an Intergovernmental Organization
-// or submit itself to any jurisdiction.
-
-package sciencemesh
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"net/url"
-	"strings"
-	"time"
-
-	"github.com/opencloud-eu/reva/v2/internal/http/services/ocmd"
-	"github.com/opencloud-eu/reva/v2/internal/http/services/reqres"
-	"github.com/opencloud-eu/reva/v2/pkg/appctx"
-)
-
-type wayfHandler struct {
-	directoryServices []ocmd.DirectoryService
-	ocmClient         *ocmd.OCMClient
-}
-
-type DiscoverRequest struct {
-	Domain string `json:"domain"`
-}
-
-type DiscoverResponse struct {
-	InviteAcceptDialog string `json:"inviteAcceptDialog"`
-}
-
-// makeAbsoluteURL takes a base URL and a path/URL and returns an absolute URL.
-// If dialogURL is already absolute (has scheme and host), it returns it as-is.
-// Otherwise, it joins the dialogURL with the baseURL to create an absolute URL.
-func makeAbsoluteURL(baseURL, dialogURL string) (string, error) {
-	if dialogURL == "" {
-		return "", nil
-	}
-
-	parsed, err := url.Parse(dialogURL)
-	if err == nil && parsed.Scheme != "" && parsed.Host != "" {
-		return dialogURL, nil
-	}
-
-	return url.JoinPath(baseURL, dialogURL)
-}
-
-func (h *wayfHandler) init(c *config) error {
-	log := appctx.GetLogger(context.Background())
-
-	// Create OCM client for discovery from config
-	h.ocmClient = ocmd.NewClient(time.Duration(c.OCMClientTimeout)*time.Second, c.OCMClientInsecure)
-	log.Debug().
-		Int("timeout_seconds", c.OCMClientTimeout).
-		Bool("insecure", c.OCMClientInsecure).
-		Msg("Created OCM client for discovery")
-
-	urls := strings.Fields(c.DirectoryServiceURLs)
-	if len(urls) == 0 {
-		log.Info().Msg("No directory service URLs configured, starting with empty list")
-		h.directoryServices = []ocmd.DirectoryService{}
-		return nil
-	}
-
-	log.Debug().Int("url_count", len(urls)).Strs("urls", urls).Msg("Initializing WAYF handler with directory service URLs")
-
-	ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute)
-	defer cancel()
-
-	h.directoryServices = []ocmd.DirectoryService{}
-	discoveryErrors := 0
-	validServersCount := 0
-	fetchErrors := 0
-
-	for _, directoryURL := range urls {
-		log.Debug().Str("url", directoryURL).Msg("Fetching directory service")
-
-		directoryService, err := h.ocmClient.GetDirectoryService(ctx, directoryURL)
-		if err != nil {
-			log.Info().Err(err).Str("url", directoryURL).Msg("Failed to fetch directory service, skipping")
-			fetchErrors++
-			continue
-		}
-
-		log.Debug().Str("federation", directoryService.Federation).Int("servers_count", len(directoryService.Servers)).Msg("Processing directory service")
-
-		var validServers []ocmd.DirectoryServiceServer
-		for _, srv := range directoryService.Servers {
-			if srv.DisplayName == "" || srv.URL == "" {
-				log.Debug().Str("federation", directoryService.Federation).
-					Str("displayName", srv.DisplayName).
-					Str("url", srv.URL).
-					Msg("Skipping server with missing displayName or url")
-				continue
-			}
-
-			log.Debug().Str("federation", directoryService.Federation).Str("server", srv.DisplayName).Str("url", srv.URL).Msg("Discovering server")
-
-			// Discover inviteAcceptDialog from OCM endpoint
-			disco, err := h.ocmClient.Discover(ctx, srv.URL)
-			if err != nil {
-				log.Debug().Err(err).
-					Str("federation", directoryService.Federation).
-					Str("server", srv.DisplayName).
-					Str("url", srv.URL).
-					Msg("Failed to discover server, skipping")
-				discoveryErrors++
-				continue
-			}
-
-			inviteDialog := disco.InviteAcceptDialog
-
-			if inviteDialog != "" {
-				absoluteURL, err := makeAbsoluteURL(srv.URL, inviteDialog)
-				if err != nil {
-					log.Debug().Err(err).
-						Str("federation", directoryService.Federation).
-						Str("server", srv.DisplayName).
-						Str("url", srv.URL).
-						Str("inviteDialog", disco.InviteAcceptDialog).
-						Msg("Failed to construct absolute URL, skipping server")
-					continue
-				}
-				if absoluteURL != inviteDialog {
-					log.Debug().Str("original", inviteDialog).Str("absolute", absoluteURL).Msg("Converted to absolute URL")
-				}
-				inviteDialog = absoluteURL
-			}
-
-			validServers = append(validServers, ocmd.DirectoryServiceServer{
-				DisplayName:        srv.DisplayName,
-				URL:                srv.URL,
-				InviteAcceptDialog: inviteDialog,
-			})
-			validServersCount++
-
-			log.Debug().
-				Str("federation", directoryService.Federation).
-				Str("server", srv.DisplayName).
-				Str("inviteAcceptDialog", inviteDialog).
-				Msg("Successfully discovered server")
-		}
-
-		if len(validServers) > 0 {
-			h.directoryServices = append(h.directoryServices, ocmd.DirectoryService{
-				Federation: directoryService.Federation,
-				Servers:    validServers,
-			})
-			log.Debug().Str("federation", directoryService.Federation).Int("valid_servers", len(validServers)).Msg("Added directory service with valid servers")
-		} else {
-			log.Info().Str("federation", directoryService.Federation).
-				Msg("Directory service has no valid servers, skipping entirely")
-		}
-	}
-
-	log.Info().
-		Int("directory_services", len(h.directoryServices)).
-		Int("valid_servers", validServersCount).
-		Int("fetch_errors", fetchErrors).
-		Int("discovery_errors", discoveryErrors).
-		Msg("WAYF handler initialization completed")
-
-	return nil
-}
-
-func (h *wayfHandler) GetFederations(w http.ResponseWriter, r *http.Request) {
-	w.Header().Set("Content-Type", "application/json")
-	w.WriteHeader(http.StatusOK)
-
-	if err := json.NewEncoder(w).Encode(h.directoryServices); err != nil {
-		reqres.WriteError(w, r, reqres.APIErrorServerError, "error encoding response", err)
-		return
-	}
-}
-
-func (h *wayfHandler) DiscoverProvider(w http.ResponseWriter, r *http.Request) {
-	ctx := r.Context()
-	log := appctx.GetLogger(ctx)
-
-	var req DiscoverRequest
-	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
-		reqres.WriteError(w, r, reqres.APIErrorInvalidParameter, "Invalid request body", err)
-		return
-	}
-
-	if req.Domain == "" {
-		reqres.WriteError(w, r, reqres.APIErrorInvalidParameter, "Domain is required", nil)
-		return
-	}
-
-	domain := req.Domain
-	if !strings.HasPrefix(domain, "http://") && !strings.HasPrefix(domain, "https://") {
-		domain = "https://" + domain
-	}
-
-	parsedURL, err := url.Parse(domain)
-	if err != nil || parsedURL.Host == "" {
-		reqres.WriteError(w, r, reqres.APIErrorInvalidParameter, "Invalid domain format", err)
-		return
-	}
-
-	log.Debug().Str("domain", domain).Msg("Attempting OCM discovery")
-	disco, err := h.ocmClient.Discover(ctx, domain)
-	if err != nil {
-		log.Info().Err(err).Str("domain", domain).Msg("Discovery failed")
-		reqres.WriteError(w, r, reqres.APIErrorNotFound,
-			fmt.Sprintf("Provider at '%s' does not support OCM discovery", req.Domain), err)
-		return
-	}
-
-	inviteDialog := disco.InviteAcceptDialog
-
-	if inviteDialog == "" {
-		log.Info().Str("domain", domain).Msg("Provider does not provide invite accept dialog")
-		reqres.WriteError(w, r, reqres.APIErrorNotFound,
-			fmt.Sprintf("Provider at '%s' does not provide an invite accept dialog", req.Domain), nil)
-		return
-	}
-
-	inviteDialog, err = makeAbsoluteURL(domain, inviteDialog)
-	if err != nil {
-		log.Info().Err(err).Str("domain", domain).Str("inviteDialog", disco.InviteAcceptDialog).Msg("Failed to construct invite accept dialog URL")
-		reqres.WriteError(w, r, reqres.APIErrorServerError, "Failed to construct invite accept dialog URL", err)
-		return
-	}
-
-	response := DiscoverResponse{
-		InviteAcceptDialog: inviteDialog,
-	}
-
-	log.Info().
-		Str("domain", req.Domain).
-		Str("inviteAcceptDialog", inviteDialog).
-		Msg("Discovery successful")
-
-	w.Header().Set("Content-Type", "application/json")
-	w.WriteHeader(http.StatusOK)
-
-	if err := json.NewEncoder(w).Encode(response); err != nil {
-		reqres.WriteError(w, r, reqres.APIErrorServerError, "Error encoding response", err)
-		return
-	}
-}
--- a/vendor/github.com/opencloud-eu/reva/v2/internal/http/services/wellknown/ocm.go
+++ b/vendor/github.com/opencloud-eu/reva/v2/internal/http/services/wellknown/ocm.go
@@ -27,27 +27,25 @@ import (
 	"github.com/opencloud-eu/reva/v2/pkg/appctx"
 )

-const OCMAPIVersion = "1.2.0"
+const OCMAPIVersion = "1.1.0"

 type OcmProviderConfig struct {
-	OCMPrefix          string `docs:"ocm;The prefix URL where the OCM API is served."                                            mapstructure:"ocm_prefix"`
-	Endpoint           string `docs:"This host's full URL. If it's not configured, it is assumed OCM is not available."          mapstructure:"endpoint"`
-	Provider           string `docs:"reva;A friendly name that defines this service."                                            mapstructure:"provider"`
-	WebdavRoot         string `docs:"/remote.php/dav/ocm;The root URL of the WebDAV endpoint to serve OCM shares."               mapstructure:"webdav_root"`
-	WebappRoot         string `docs:"/external/sciencemesh;The root URL to serve Web apps via OCM."                              mapstructure:"webapp_root"`
-	InviteAcceptDialog string `docs:"/open-cloud-mesh/accept-invite;The frontend URL where to land when receiving an invitation" mapstructure:"invite_accept_dialog"`
-	EnableWebapp       bool   `docs:"false;Whether web apps are enabled in OCM shares."                                          mapstructure:"enable_webapp"`
-	EnableDatatx       bool   `docs:"false;Whether data transfers are enabled in OCM shares."                                    mapstructure:"enable_datatx"`
+	OCMPrefix    string `docs:"ocm;The prefix URL where the OCM API is served."                                   mapstructure:"ocm_prefix"`
+	Endpoint     string `docs:"This host's full URL. If it's not configured, it is assumed OCM is not available." mapstructure:"endpoint"`
+	Provider     string `docs:"reva;A friendly name that defines this service."                                   mapstructure:"provider"`
+	WebdavRoot   string `docs:"/remote.php/dav/ocm;The root URL of the WebDAV endpoint to serve OCM shares."      mapstructure:"webdav_root"`
+	WebappRoot   string `docs:"/external/sciencemesh;The root URL to serve Web apps via OCM."                     mapstructure:"webapp_root"`
+	EnableWebapp bool   `docs:"false;Whether web apps are enabled in OCM shares."                                 mapstructure:"enable_webapp"`
+	EnableDatatx bool   `docs:"false;Whether data transfers are enabled in OCM shares."                           mapstructure:"enable_datatx"`
 }

 type OcmDiscoveryData struct {
-	Enabled            bool            `json:"enabled"            xml:"enabled"`
-	APIVersion         string          `json:"apiVersion"         xml:"apiVersion"`
-	Endpoint           string          `json:"endPoint"           xml:"endPoint"`
-	Provider           string          `json:"provider"           xml:"provider"`
-	ResourceTypes      []resourceTypes `json:"resourceTypes"      xml:"resourceTypes"`
-	Capabilities       []string        `json:"capabilities"       xml:"capabilities"`
-	InviteAcceptDialog string          `json:"inviteAcceptDialog" xml:"inviteAcceptDialog"`
+	Enabled       bool            `json:"enabled"       xml:"enabled"`
+	APIVersion    string          `json:"apiVersion"    xml:"apiVersion"`
+	Endpoint      string          `json:"endPoint"      xml:"endPoint"`
+	Provider      string          `json:"provider"      xml:"provider"`
+	ResourceTypes []resourceTypes `json:"resourceTypes" xml:"resourceTypes"`
+	Capabilities  []string        `json:"capabilities"  xml:"capabilities"`
 }

 type resourceTypes struct {
@@ -79,9 +77,6 @@ func (c *OcmProviderConfig) ApplyDefaults() {
 	if c.WebappRoot[len(c.WebappRoot)-1:] != "/" {
 		c.WebappRoot += "/"
 	}
-	if c.InviteAcceptDialog == "" {
-		c.InviteAcceptDialog = "/open-cloud-mesh/accept-invite"
-	}
 }

 func (h *wkocmHandler) init(c *OcmProviderConfig) {
@@ -128,13 +123,12 @@ func (h *wkocmHandler) init(c *OcmProviderConfig) {
 		ShareTypes: []string{"user"}, // so far we only support `user`
 		Protocols:  rtProtos,         // expose the protocols as per configuration
 	}}
-	// for now, we hardcoded the capabilities, as this is currently only advisory
-	d.Capabilities = []string{"invites", "webdav-uri", "protocol-object", "invite-wayf"}
-	d.InviteAcceptDialog, _ = url.JoinPath(c.Endpoint, c.InviteAcceptDialog)
+	// for now we hardcode the capabilities, as this is currently only advisory
+	d.Capabilities = []string{"/invite-accepted"}
 	h.data = d
 }

-// Ocm handles the OCM discovery endpoint specified in
+// This handler implements the OCM discovery endpoint specified in
 // https://cs3org.github.io/OCM-API/docs.html?repo=OCM-API&user=cs3org#/paths/~1ocm-provider/get
 func (h *wkocmHandler) Ocm(w http.ResponseWriter, r *http.Request) {
 	log := appctx.GetLogger(r.Context())
--- a/vendor/github.com/opencloud-eu/reva/v2/pkg/events/events.go
+++ b/vendor/github.com/opencloud-eu/reva/v2/pkg/events/events.go
@@ -85,19 +85,7 @@ type (
 // group defines the service type: One group will get exactly one copy of a event that is emitted
 // NOTE: uses reflect on initialization
 func Consume(s Consumer, group string, evs ...Unmarshaller) (<-chan Event, error) {
-	return ConsumeWithOptions(s, ConsumeOptions{Group: group}, evs...)
-}
-
-// ConsumeWithOptions returns a channel that will get all events that match the given evs
-// opts defines the options for the consumer
-func ConsumeWithOptions(s Consumer, opts ConsumeOptions, evs ...Unmarshaller) (<-chan Event, error) {
-	o := []events.ConsumeOption{
-		events.WithGroup(opts.Group),
-	}
-	if !opts.AutoAck {
-		o = append(o, events.WithAutoAck(false, opts.AckWait))
-	}
-	c, err := s.Consume(MainQueueName, o...)
+	c, err := s.Consume(MainQueueName, events.WithGroup(group))
 	if err != nil {
 		return nil, err
 	}
@@ -138,18 +126,7 @@ func ConsumeWithOptions(s Consumer, opts ConsumeOptions, evs ...Unmarshaller) (<

 // ConsumeAll allows consuming all events. Note that unmarshalling must be done manually in this case, therefore Event.Event will always be of type []byte
 func ConsumeAll(s Consumer, group string) (<-chan Event, error) {
-	return ConsumeAllWithOptions(s, ConsumeOptions{Group: group})
-}
-
-// ConsumeAllWithOptions allows consuming all events. Note that unmarshalling must be done manually in this case, therefore Event.Event will always be of type []byte
-func ConsumeAllWithOptions(s Consumer, opts ConsumeOptions) (<-chan Event, error) {
-	o := []events.ConsumeOption{
-		events.WithGroup(opts.Group),
-	}
-	if !opts.AutoAck {
-		o = append(o, events.WithAutoAck(false, opts.AckWait))
-	}
-	c, err := s.Consume(MainQueueName, o...)
+	c, err := s.Consume(MainQueueName, events.WithGroup(group))
 	if err != nil {
 		return nil, err
 	}
--- a/vendor/github.com/opencloud-eu/reva/v2/pkg/events/options.go
+++ b/vendor/github.com/opencloud-eu/reva/v2/pkg/events/options.go
@@ -1,12 +0,0 @@
-package events
-
-import (
-	"time"
-)
-
-// ConsumeOptions contains all the options which can be provided when consuming events
-type ConsumeOptions struct {
-	Group   string
-	AutoAck bool
-	AckWait time.Duration
-}
--- a/vendor/github.com/opencloud-eu/reva/v2/pkg/group/manager/ldap/ldap.go
+++ b/vendor/github.com/opencloud-eu/reva/v2/pkg/group/manager/ldap/ldap.go
@@ -22,7 +22,6 @@ import (
 	"context"
 	"fmt"
 	"strconv"
-	"strings"

 	grouppb "github.com/cs3org/go-cs3apis/cs3/identity/group/v1beta1"
 	userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
@@ -332,11 +331,7 @@ func (m *manager) ldapEntryToGroup(entry *ldap.Entry) (*grouppb.Group, error) {
 func (m *manager) ldapEntryToGroupID(entry *ldap.Entry) (*grouppb.GroupId, error) {
 	var id string
 	if m.c.LDAPIdentity.Group.Schema.IDIsOctetString {
-		attribute := m.c.LDAPIdentity.Group.Schema.ID
-		rawValue := entry.GetEqualFoldRawAttributeValue(attribute)
-		if strings.EqualFold(attribute, "objectguid") {
-			rawValue = ldapIdentity.SwapObjectGUIDBytes(rawValue)
-		}
+		rawValue := entry.GetEqualFoldRawAttributeValue(m.c.LDAPIdentity.Group.Schema.ID)
 		if value, err := uuid.FromBytes(rawValue); err == nil {
 			id = value.String()
 		} else {
@@ -355,16 +350,13 @@ func (m *manager) ldapEntryToGroupID(entry *ldap.Entry) (*grouppb.GroupId, error
 func (m *manager) ldapEntryToUserID(entry *ldap.Entry) (*userpb.UserId, error) {
 	var uid string
 	if m.c.LDAPIdentity.User.Schema.IDIsOctetString {
-		attribute := m.c.LDAPIdentity.User.Schema.ID
-		rawValue := entry.GetEqualFoldRawAttributeValue(attribute)
-		if strings.EqualFold(attribute, "objectguid") {
-			rawValue = ldapIdentity.SwapObjectGUIDBytes(rawValue)
-		}
-		if value, err := uuid.FromBytes(rawValue); err == nil {
-			uid = value.String()
-		} else {
+		rawValue := entry.GetEqualFoldRawAttributeValue(m.c.LDAPIdentity.User.Schema.ID)
+		var value uuid.UUID
+		var err error
+		if value, err = uuid.FromBytes(rawValue); err != nil {
 			return nil, err
 		}
+		uid = value.String()
 	} else {
 		uid = entry.GetEqualFoldAttributeValue(m.c.LDAPIdentity.User.Schema.ID)
 	}
--- a/vendor/github.com/opencloud-eu/reva/v2/pkg/micro/ocdav/option.go
+++ b/vendor/github.com/opencloud-eu/reva/v2/pkg/micro/ocdav/option.go
@@ -31,6 +31,7 @@ import (
 	"github.com/rs/zerolog"
 	"go-micro.dev/v4/broker"
 	"go.opentelemetry.io/otel/trace"
+	"google.golang.org/grpc/credentials"
 )

 // Option defines a single option function.
@@ -51,7 +52,10 @@ type Options struct {
 	FavoriteManager favorite.Manager
 	GatewaySelector pool.Selectable[gateway.GatewayAPIClient]

-	TracesExporter string
+	TracingEnabled              bool
+	TracingInsecure             bool
+	TracingEndpoint             string
+	TracingTransportCredentials credentials.TransportCredentials

 	TraceProvider trace.TracerProvider

@@ -229,10 +233,33 @@ func LockSystem(val ocdav.LockSystem) Option {
 	}
 }

-// WithTracesExporter option
-func WithTracesExporter(exporter string) Option {
+// Tracing enables tracing
+// Deprecated: use WithTracingEndpoint and WithTracingEnabled, Collector is unused
+func Tracing(endpoint, collector string) Option {
 	return func(o *Options) {
-		o.TracesExporter = exporter
+		o.TracingEnabled = true
+		o.TracingEndpoint = endpoint
+	}
+}
+
+// WithTracingEnabled option
+func WithTracingEnabled(enabled bool) Option {
+	return func(o *Options) {
+		o.TracingEnabled = enabled
+	}
+}
+
+// WithTracingEndpoint option
+func WithTracingEndpoint(endpoint string) Option {
+	return func(o *Options) {
+		o.TracingEndpoint = endpoint
+	}
+}
+
+// WithTracingInsecure option
+func WithTracingInsecure() Option {
+	return func(o *Options) {
+		o.TracingInsecure = true
 	}
 }

@@ -242,6 +269,13 @@ func WithTracingExporter(exporter string) Option {
 	return func(o *Options) {}
 }

+// WithTracingTransportCredentials option
+func WithTracingTransportCredentials(v credentials.TransportCredentials) Option {
+	return func(o *Options) {
+		o.TracingTransportCredentials = v
+	}
+}
+
 // WithTraceProvider option
 func WithTraceProvider(provider trace.TracerProvider) Option {
 	return func(o *Options) {
--- a/Show More
+++ b/Show More