V11.6 Docs

[amyblais]

No description provided.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Documentation updates across multiple configuration and setup guides, including version bump to Sphinx 11.6, new OpenID Connect preferred_username claim support settings, security notes about 7zip file blocking, Google SSO synchronization clarification, and sanitized field additions for Support Packet generation.

Changes

Cohort / File(s)	Summary
Version Management source/conf.py	Bumped documented Sphinx version from 11.5 to 11.6 in version and release metadata.
OpenID Connect Configuration source/administration-guide/configure/authentication-configuration-settings.rst, source/administration-guide/onboard/sso-openidconnect.rst	Added new OIDC configuration settings for using upstream preferred_username claim as Mattermost username for GitLab, Google, Entra ID, and generic OpenID Connect providers, with provider-specific config paths and environment variables.
File Search Security Notes source/administration-guide/configure/environment-configuration-settings.rst, source/end-user-guide/collaborate/search-for-messages.rst	Added documentation clarifying that 7zip (.7z) files are blocked for security reasons and not searchable, while standard ZIP files remain supported.
SSO Documentation source/administration-guide/onboard/sso-google.rst	Added note stating that username and email changes in Google Workspace are not automatically synced to Mattermost.
Support Packet Generation source/administration-guide/manage/admin/generating-support-packet.rst	Updated sanitized configuration fields list to include FileSettings.ExportAmazonS3SecretAccessKey, ElasticsearchSettings.ClientKey, ServiceSettings.GoogleDeveloperKey, and ServiceSettings.GiphySdkKey (v11.6.0).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related issues

• Added FakeSetting for keys generation for support package #8873: Addresses the same Support Packet documentation update adding four newly sanitized configuration fields in v11.6.0.
• docs(auth): Clarify Google SSO username/email sync behavior #8831: Covers the identical Google SSO documentation note clarifying username and email synchronization behaviour.

Possibly related PRs

• docs(auth): Clarify Google SSO username/email sync behavior #8832: Modifies the same Google SSO file to add the synchronization note.
• Add support for preferred_username claims #8838: Adds identical OpenID Connect preferred_username configuration settings and documentation across multiple OIDC provider types.
• [MM-65701] Document 7zip file blocking in file content search #8836: Updates the same documentation files with 7zip security blocking notes for file content search.

Suggested labels

Guidance

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (2 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'V11.6 Docs' is vague and generic, using non-descriptive terms that don't convey meaningful information about the specific documentation changes in the changeset.	Consider using a more descriptive title that highlights the main documentation updates, such as 'Add V11.6 OpenID Connect username configuration and security documentation' or 'Document V11.6 features and security improvements'.
Description check	❓ Inconclusive	No pull request description was provided by the author, making it impossible to assess whether any description relates to the changeset.	Add a pull request description that outlines the main documentation changes, such as new OpenID Connect settings, security-related updates, and version bumps included in this release.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch v11.6-documentation

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA c2a1f0b

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA 94e2caf

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA 8ba0a05

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA d96cfdf

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA 400979b

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA e7cf770

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA acc073c

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA 079e105

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA 8fe3cb9

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA 0dd3511

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

source/administration-guide/configure/authentication-configuration-settings.rst (1)

2249-2266: Consider adding contextual guidance on when to enable "Use preferred username".

The documentation clearly describes the configuration settings for enabling preferred_username claim usage across all four OpenID Connect providers (GitLab, Google, Entra ID, and Other). However, it lacks guidance on:

1. When administrators should enable this feature versus using the default behaviour
2. What the fallback behaviour is if the preferred_username claim is unavailable or empty
3. Potential username conflicts or implications when enabling this after users have already been created

Consider adding a general note at the beginning of the OpenID Connect section (around line 2117-2140) that explains:

• The default username claim behaviour (what attribute is used when this setting is false)
• Use cases for enabling preferred_username (e.g., organizational naming conventions, compatibility with other systems)
• Behaviour if the claim is missing (does login fail, or does it fall back to another claim?)
• Impact on existing users (are usernames updated on next login?)

This would help administrators make informed decisions about enabling these settings.

📋 Suggested addition for better context

Consider adding a note similar to this before the provider-specific sections:

 OpenID Connect
 ---------------

 Access the following configuration settings in the System Console by going to **Authentication > OpenID Connect**.

+.. note::
+  By default, Mattermost derives usernames from the email or sub claims in OpenID Connect tokens. The **Use preferred username** 
+  setting allows you to use the ``preferred_username`` claim instead, which may better match your organization's naming conventions.
+  Ensure your OpenID Connect provider includes this claim in the token before enabling this setting.

 .. config:setting:: select-openid-connect-service-provider

Also applies to: 2344-2361, 2459-2479, 2596-2615

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@source/administration-guide/configure/authentication-configuration-settings.rst`
around lines 2249 - 2266, Add a short general note at the start of the OpenID
Connect section (before the provider-specific blocks) explaining the default
username-claim behaviour and guidance for admins: state that when
oidc-gitlabusepreferredusername / GitLabSettings.UsePreferredUsername (and the
equivalent settings for Google, Entra ID, Other) is false the server uses the
provider's default username claim (e.g., email or sub) for account names; list
common use cases for enabling preferred_username (organizational naming
conventions, SSO compatibility); describe fallback behaviour if
preferred_username is missing or empty (fall back to the provider's default
claim rather than failing login); and warn about impact on existing users
(usernames are not retroactively renamed but may influence new/linked accounts
or username conflicts on next login), so admins can decide whether to enable
MM_GITLABSETTINGS_USEPREFERREDUSERNAME (and the corresponding env/config
settings for other providers).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@source/end-user-guide/collaborate/search-for-messages.rst`:
- Line 89: Replace the nonstandard product name "7zip" in the sentence that
currently reads "7zip (``.7z``) files are not supported…" with the correct
branding "7-Zip" or rephrase to ".7z archives" so the sentence reads e.g. "7-Zip
(``.7z``) files are not supported for file content search…" or "`.7z` archives
are not supported for file content search…"; update the instance of "7zip" and
keep the existing mention of ".7z" and the rest of the sentence intact.

---

Nitpick comments:
In
`@source/administration-guide/configure/authentication-configuration-settings.rst`:
- Around line 2249-2266: Add a short general note at the start of the OpenID
Connect section (before the provider-specific blocks) explaining the default
username-claim behaviour and guidance for admins: state that when
oidc-gitlabusepreferredusername / GitLabSettings.UsePreferredUsername (and the
equivalent settings for Google, Entra ID, Other) is false the server uses the
provider's default username claim (e.g., email or sub) for account names; list
common use cases for enabling preferred_username (organizational naming
conventions, SSO compatibility); describe fallback behaviour if
preferred_username is missing or empty (fall back to the provider's default
claim rather than failing login); and warn about impact on existing users
(usernames are not retroactively renamed but may influence new/linked accounts
or username conflicts on next login), so admins can decide whether to enable
MM_GITLABSETTINGS_USEPREFERREDUSERNAME (and the corresponding env/config
settings for other providers).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a632a923-d546-4fa6-9a5a-14b43c700ddb

📥 Commits

Reviewing files that changed from the base of the PR and between c2a1f0b and 0dd3511.

📒 Files selected for processing (4)

• source/administration-guide/configure/authentication-configuration-settings.rst
• source/administration-guide/configure/environment-configuration-settings.rst
• source/administration-guide/onboard/sso-openidconnect.rst
• source/end-user-guide/collaborate/search-for-messages.rst

✅ Files skipped from review due to trivial changes (2)

• source/administration-guide/onboard/sso-openidconnect.rst
• source/administration-guide/configure/environment-configuration-settings.rst

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA d00703a

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA 80e718a

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA f7ab14f

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA a86bfc5

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA 83bc2eb

[Copilot]

Pull request overview

Updates the Mattermost documentation set for the v11.6 release, including release notes/changelogs, version/support tables, and several end-user/admin guides reflecting new UI and configuration capabilities.

Changes:

• Add v11.6 release notes/changelog entries and update release/support timelines.
• Document new/updated features (e.g., OIDC preferred username, anonymous URLs, search popouts, data spillage terminology) across end-user and admin docs.
• Bump various version references (server download links, macOS minimum) and extend upgrade/support guidance.

Reviewed changes

Copilot reviewed 23 out of 23 changed files in this pull request and generated 9 comments.

Show a summary per file

File	Description
source/product-overview/ui-ada-changelog.rst	Adds v11.6 UI/ADA changelog entries.
source/product-overview/release-policy.md	Marks v11.3 as done in the release timeline.
source/product-overview/mattermost-v11-changelog.md	Adds the v11.6 release notes section.
source/product-overview/mattermost-server-releases.md	Adds v11.6 to the server releases table with download/SBOM links.
source/product-overview/mattermost-desktop-releases.md	Updates desktop compatibility list to include v11.6.
source/end-user-guide/collaborate/send-messages.rst	Consolidates AI Rewrite instructions across clients.
source/end-user-guide/collaborate/search-for-messages.rst	Updates search guidance and adds file search/archive notes.
source/end-user-guide/collaborate/flag-messages.rst	Renames/reframes end-user guidance around quarantine/data spillage.
source/deployment-guide/software-hardware-requirements.rst	Updates client OS/browser requirements (macOS/Safari).
source/deployment-guide/server/preparations.rst	Updates server preparation wording and section structure.
source/deployment-guide/server/linux/deploy-tar.rst	Updates “Latest release” tarball URL to 11.6.0.
source/deployment-guide/server/linux/deploy-rhel.rst	Updates “Latest release” tarball URL to 11.6.0.
source/conf.py	Updates commented version/release references to 11.6.
source/administration-guide/upgrade/open-source-components.rst	Adds v11.6.0 server and v2.39.0 mobile NOTICE links.
source/administration-guide/upgrade/important-upgrade-notes.rst	Adds a v11.6 upgrade note row.
source/administration-guide/onboard/sso-openidconnect.rst	Documents preferred_username mapping option.
source/administration-guide/onboard/sso-google.rst	Adds a note about Google Workspace username/email sync behavior.
source/administration-guide/manage/admin/generating-support-packet.rst	Expands the list of fields sanitized in support packets (v11.6).
source/administration-guide/manage/admin/content-flagging.rst	Renames “Content Flagging” to “Data Spillage Handling” and updates workflow text.
source/administration-guide/configure/user-management-configuration-settings.rst	Documents updating Username/AuthData via System Console.
source/administration-guide/configure/environment-configuration-settings.rst	Adds .7z clarification for ZIP content search setting.
source/administration-guide/configure/authentication-configuration-settings.rst	Adds UsePreferredUsername settings for OIDC providers.
Makefile	Adjusts sphinx-autobuild options.

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA 047e01d

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA 35c6138