Merge branch hotfix/v8.3.1 into master

Fix issue with building documentserver-ucs
Merge branch release/v8.3.0 into master
2026-04-07 14:01:38 +08:00 · 2025-02-27 13:24:28 +00:00 · 2025-02-10 07:38:11 +00:00 · 2025-02-05 17:25:46 +00:00 · 2025-01-13 15:34:29 +05:00 · 2025-01-10 13:35:29 +00:00
26 changed files with 676 additions and 173 deletions
--- a/.github/workflows/4testing-build.yml
+++ b/.github/workflows/4testing-build.yml
@ -47,25 +47,31 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - id: matrix
+        env:
+          BRANCH_NAME: ${{ github.ref_name }}
+          AMD64: ${{ github.event.inputs.amd64 }}
+          ARM64: ${{ github.event.inputs.arm64 }}
+          COMMUNITY: ${{ github.event.inputs.community }}
+          ENTERPRISE: ${{ github.event.inputs.enterprise }}
+          DEVELOPER: ${{ github.event.inputs.developer }}
        run: |
          set -ex

-          BRANCH_NAME=${GITHUB_REF#refs/heads/}
-          if ! [[ $BRANCH_NAME == develop || $BRANCH_NAME =~ hotfix || $BRANCH_NAME =~ release ]]; then
+          if ! [[ "$BRANCH_NAME" == develop || "$BRANCH_NAME" =~ hotfix || "$BRANCH_NAME" =~ release ]]; then
            echo "Wrong branch."
            exit 1
          fi

-          [ ${{ github.event.inputs.amd64 }} = true ] && PLATFORMS+=("amd64")
-          [ ${{ github.event.inputs.arm64 }} = true ] && PLATFORMS+=("arm64")
+          [ "${AMD64}" = true ] && PLATFORMS+=("amd64")
+          [ "${ARM64}" = true ] && PLATFORMS+=("arm64")
          if [ -z ${PLATFORMS} ]; then
            echo "None of the platforms are selected."
            exit 1
          fi

-          [ ${{ github.event.inputs.community }} = true ] && EDITIONS+=("community")
-          [ ${{ github.event.inputs.enterprise }} = true ] && EDITIONS+=("enterprise")
-          [ ${{ github.event.inputs.developer }} = true ] && EDITIONS+=("developer")
+          [ "${COMMUNITY}" = true ] && EDITIONS+=("community")
+          [ "${ENTERPRISE}" = true ] && EDITIONS+=("enterprise")
+          [ "${DEVELOPER}" = true ] && EDITIONS+=("developer")
          if [ -z ${EDITIONS} ]; then
            echo "None of the editions are selected."
            exit 1
@ -102,12 +108,20 @@ jobs:

      - name: Build 4testing
        id: build-ds
+        env:
+          BRANCH_NAME: ${{ github.ref_name }}
+          AMD64: ${{ github.event.inputs.amd64 }}
+          ARM64: ${{ github.event.inputs.arm64 }}
+          BUILD_NUMBER: ${{ github.event.inputs.build }}
+          EDITION: ${{ matrix.edition }}
+          IMAGE: ${{ matrix.image }}
+          PACKAGE_BASEURL: ${{ secrets.REPO_BASEURL }}
        run: |
          set -eux

          ### ==>> At this step build variable declaration ###

-          case ${{ matrix.edition }} in
+          case "${EDITION}" in
            community)
              PRODUCT_EDITION=""
              ;;
@ -119,23 +133,20 @@ jobs:
              ;;
          esac

-          [ ${{ github.event.inputs.amd64 }} = true ] && PLATFORMS+=("amd64")
-          [ ${{ github.event.inputs.arm64 }} = true ] && PLATFORMS+=("arm64")
+          [ "${AMD64}" = true ] && PLATFORMS+=("amd64")
+          [ "${ARM64}" = true ] && PLATFORMS+=("arm64")
          PLATFORM=$(echo ${PLATFORMS[*]/#/linux/} | tr ' ' ',')

-          BRANCH_NAME=${GITHUB_REF#refs/heads/}
-          if [ $BRANCH_NAME = develop ]; then
+          if [ "$BRANCH_NAME" = develop ]; then
            BUILD_CHANNEL=nightly
            PRODUCT_VERSION=99.99.99
-          elif [[ $BRANCH_NAME =~ hotfix || $BRANCH_NAME =~ release ]]; then
+          elif [[ "$BRANCH_NAME" =~ hotfix || "$BRANCH_NAME" =~ release ]]; then
            BUILD_CHANNEL=test
            PRODUCT_VERSION=${BRANCH_NAME#*/v}
          fi
-          BUILD_NUMBER=${{ github.event.inputs.build }}

          export PRODUCT_EDITION
          export PACKAGE_VERSION=${PRODUCT_VERSION}-${BUILD_NUMBER}
-          export PACKAGE_BASEURL=${{ secrets.REPO_BASEURL }}
          export BUILD_CHANNEL
          export PLATFORM
          export DOCKERFILE=Dockerfile
@ -144,7 +155,7 @@ jobs:

          ### ==>> Build and push images at this step ###

-          docker buildx bake -f docker-bake.hcl ${{ matrix.image }} --push
+          docker buildx bake -f docker-bake.hcl "${IMAGE}" --push
          echo "DONE: Build success"

          ### Set output for Zap scanner
@ -165,10 +176,11 @@ jobs:
          VERSION: ${{ steps.build-ds.outputs.version }}
          BRANCH: ${{ steps.build-ds.outputs.branch }}
          GITHUB_TOKEN: ${{ secrets.TOKEN }}
+          REPO: ${{ github.repository }}
        run: |
            gh workflow run zap-ds.yaml \
-                 --repo ${{ github.repository }} \
-                 -f branch=${BRANCH} \
-                 -f version=${VERSION}
+                 --repo "${REPO}" \
+                 -f branch="${BRANCH}" \
+                 -f version="${VERSION}"
        shell: bash

--- a/.github/workflows/stable-build.yml
+++ b/.github/workflows/stable-build.yml
@ -17,7 +17,9 @@ on:

 env:
  COMPANY_NAME: "onlyoffice"
-  PRODUCT_NAME: "documentserver" 
+  PRODUCT_NAME: "documentserver"
+  VERSION: ${{ github.event.inputs.tag }}
+  RELEASE_NUMBER: ${{ github.event.inputs.release_number }}

 jobs:
  build:
@ -45,18 +47,18 @@ jobs:
          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}

      - name: Build documentserver-release
+        env:
+          TARGET: ${{ matrix.images }}
+          PRODUCT_EDITION: ${{ matrix.edition }}
        run: |
          set -eux
-          VERSION=${{ github.event.inputs.tag }}
-          RELEASE_NUMBER=${{ github.event.inputs.release_number }}
-          PRODUCT_EDITION=${{ matrix.edition }}
          TESTING_IMAGE=${COMPANY_NAME}/4testing-${PRODUCT_NAME}${PRODUCT_EDITION}
            export PRODUCT_EDITION
            export PULL_TAG=${VERSION}
            export TAG=${VERSION%.*}.${RELEASE_NUMBER}
            export SHORTER_TAG=${VERSION%.*}
            export SHORTEST_TAG=${VERSION%.*.*}
-            docker buildx bake -f docker-bake.hcl ${{ matrix.images }} --push
+            docker buildx bake -f docker-bake.hcl "${TARGET}" --push
            echo "DONE: Build success >> exit with 0"
            exit 0
        shell: bash
@ -88,14 +90,14 @@ jobs:
          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}

      - name: build image
+        env:
+          TARGET: ${{ matrix.images }}
+          PRODUCT_EDITION: ${{ matrix.edition }}
        run: |
          set -eux
-          VERSION=${{ github.event.inputs.tag }}
-          RELEASE_NUMBER=${{ github.event.inputs.release_number }}
          export PULL_TAG=${VERSION%.*}.${RELEASE_NUMBER}
-          export PRODUCT_EDITION=${{ matrix.edition }}
          export TAG=${VERSION%.*}.${RELEASE_NUMBER}
-          docker buildx bake -f docker-bake.hcl ${{ matrix.images }} --push
+          docker buildx bake -f docker-bake.hcl "${TARGET}" --push
        shell: bash

  build-ucs-ubuntu20:
@ -122,15 +124,15 @@ jobs:
          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}

      - name: build UCS
+        env:
+          PACKAGE_BASEURL: ${{ secrets.REPO_BASEURL }}
+          PRODUCT_EDITION: ${{ matrix.edition }}
        run: |
           set -eux
-           VERSION=${{ github.event.inputs.tag }}
-           RELEASE_NUMBER=${{ github.event.inputs.release_number }}
-           export PRODUCT_EDITION=${{ matrix.edition }}
-           export PACKAGE_BASEURL=${{ secrets.REPO_BASEURL }}
           export DOCKERFILE=Dockerfile
-           export BASE_IMAGE=ubuntu:20.04
+           export BASE_VERSION=20.04
           export PG_VERSION=12
+           export PACKAGE_SUFFIX=
           export TAG=${VERSION%.*}.${RELEASE_NUMBER}
           export PACKAGE_VERSION=$( echo ${VERSION} |  sed -E 's/(.*)\./\1-/')
           docker buildx bake -f docker-bake.hcl documentserver-ucs --push
--- a/.github/workflows/zap-ds.yaml
+++ b/.github/workflows/zap-ds.yaml
@ -0,0 +1,70 @@
+---
+name: Scanning DocumentServer with ZAP
+
+run-name: > 
+      ZAP DocumentServer ver: ${{ github.event.inputs.version }} from branch: ${{ github.event.inputs.branch }}
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Set DocumentServer version that will be deployed'
+        type: string
+        required: true
+      branch:
+        description: 'The branch from which the scan will be performed'
+        type: string
+        required: true
+jobs:
+  zap:
+    name: "Zap scanning DocumentServer"
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Run DS
+        id: run-ds
+        env:
+          TAG: ${{ github.event.inputs.version }}
+        run: |
+           # Create ssl certs
+           openssl genrsa -out tls.key 2048
+           openssl req -new -key tls.key -out tls.csr -subj "/C=RU/ST=NizhObl/L=NizhNov/O=RK-Tech/OU=TestUnit/CN=TestName"
+           openssl x509 -req -days 365 -in tls.csr -signkey tls.key -out tls.crt
+           openssl dhparam -out dhparam.pem 2048
+           sudo mkdir -p /app/onlyoffice/DocumentServer/data/certs
+           sudo cp ./tls.key /app/onlyoffice/DocumentServer/data/certs/
+           sudo cp ./tls.crt /app/onlyoffice/DocumentServer/data/certs/
+           sudo cp ./dhparam.pem /app/onlyoffice/DocumentServer/data/certs/
+           sudo chmod 400 /app/onlyoffice/DocumentServer/data/certs/tls.key
+           rm ./tls.key ./tls.crt ./dhparam.pem
+
+           # Run Ds with enabled ssl
+           export CONTAINER_NAME="documentserver"
+           sudo docker run -itd \
+                           --name ${CONTAINER_NAME} \
+                           -p 80:80 \
+                           -p 443:443 \
+                           -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
+                           onlyoffice/4testing-documentserver:${TAG}
+           sleep 60
+           sudo docker exec ${CONTAINER_NAME} sudo supervisorctl start ds:example
+           LOCAL_IP=$(hostname -I | awk '{print $1}')
+           echo "local-ip=${LOCAL_IP}" >> "$GITHUB_OUTPUT"
+
+      # Scan DocumentServer with ZAP.
+      # NOTE: Full scan get a lot of time.
+      # If you want make scan more faster (but less accurate) remove `cmd options` field
+      # -j mean that scanning use AJAX Spider, with this spider the scan takes approximately an hour
+      # Without any cmd options will be used default spider and the scan takes approximately ~10-15 minutes
+      - name: ZAP Scan
+        uses: zaproxy/action-full-scan@v0.8.0
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
+          target: 'https://${{ steps.run-ds.outputs.local-ip }}/'
+          allow_issue_writing: false
+          cmd_options: '-j'
--- a/52
+++ b/52
@ -1,27 +1,48 @@
-ARG BASE_IMAGE=ubuntu:22.04
+ARG BASE_VERSION=24.04

-FROM ${BASE_IMAGE} as documentserver
+ARG BASE_IMAGE=ubuntu:$BASE_VERSION
+
+FROM ${BASE_IMAGE} AS documentserver
 LABEL maintainer Ascensio System SIA <support@onlyoffice.com>

-ARG PG_VERSION=14
+ARG BASE_VERSION
+ARG PG_VERSION=16
+ARG PACKAGE_SUFFIX=t64

-ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive PG_VERSION=${PG_VERSION}
+ENV OC_RELEASE_NUM=21
+ENV OC_RU_VER=12
+ENV OC_RU_REVISION_VER=0
+ENV OC_RESERVED_NUM=0
+ENV OC_RU_DATE=0
+ENV OC_PATH=${OC_RELEASE_NUM}${OC_RU_VER}000
+ENV OC_FILE_SUFFIX=${OC_RELEASE_NUM}.${OC_RU_VER}.${OC_RU_REVISION_VER}.${OC_RESERVED_NUM}.${OC_RU_DATE}${OC_FILE_SUFFIX}dbru
+ENV OC_VER_DIR=${OC_RELEASE_NUM}_${OC_RU_VER}
+ENV OC_DOWNLOAD_URL=https://download.oracle.com/otn_software/linux/instantclient/${OC_PATH}
+
+ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive PG_VERSION=${PG_VERSION} BASE_VERSION=${BASE_VERSION}

 ARG ONLYOFFICE_VALUE=onlyoffice

 RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
    apt-get -y update && \
    apt-get -yq install wget apt-transport-https gnupg locales lsb-release && \
+    wget -q -O /etc/apt/sources.list.d/mssql-release.list "https://packages.microsoft.com/config/ubuntu/$BASE_VERSION/prod.list" && \
+    wget -q -O /tmp/microsoft.asc https://packages.microsoft.com/keys/microsoft.asc && \
+    apt-key add /tmp/microsoft.asc && \
+    gpg --dearmor -o /usr/share/keyrings/microsoft-prod.gpg < /tmp/microsoft.asc && \
+    apt-get -y update && \
    locale-gen en_US.UTF-8 && \
    echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \
-    apt-get -yq install \
+    ACCEPT_EULA=Y apt-get -yq install \
        adduser \
        apt-utils \
        bomstrip \
        certbot \
+        cron \
        curl \
        htop \
-        libasound2 \
+        libaio1${PACKAGE_SUFFIX} \
+        libasound2${PACKAGE_SUFFIX} \
        libboost-regex-dev \
        libcairo2 \
        libcurl3-gnutls \
@ -33,6 +54,7 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
        libxml2 \
        libxss1 \
        libxtst6 \
+        mssql-tools18 \
        mysql-client \
        nano \
        net-tools \
@ -43,12 +65,15 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
        pwgen \
        rabbitmq-server \
        redis-server \
-        software-properties-common \
        sudo \
        supervisor \
        ttf-mscorefonts-installer \
+        unixodbc-dev \
+        unzip \
        xvfb \
-        zlib1g && \
+        xxd \
+        zlib1g || dpkg --configure -a && \
+    # Added dpkg --configure -a to handle installation issues with rabbitmq-server on arm64 architecture
    if [  $(ls -l /usr/share/fonts/truetype/msttcorefonts | wc -l) -ne 61 ]; \
        then echo 'msttcorefonts failed to download'; exit 1; fi  && \
    echo "SERVER_ADDITIONAL_ERL_ARGS=\"+S 1:1\"" | tee -a /etc/rabbitmq/rabbitmq-env.conf && \
@ -58,6 +83,11 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
    service postgresql restart && \
    sudo -u postgres psql -c "CREATE USER $ONLYOFFICE_VALUE WITH password '$ONLYOFFICE_VALUE';" && \
    sudo -u postgres psql -c "CREATE DATABASE $ONLYOFFICE_VALUE OWNER $ONLYOFFICE_VALUE;" && \
+    wget -O basic.zip ${OC_DOWNLOAD_URL}/instantclient-basic-linux.x64-${OC_FILE_SUFFIX}.zip && \
+    wget -O sqlplus.zip ${OC_DOWNLOAD_URL}/instantclient-sqlplus-linux.x64-${OC_FILE_SUFFIX}.zip && \
+    unzip -d /usr/share basic.zip && \
+    unzip -d /usr/share sqlplus.zip && \
+    mv /usr/share/instantclient_${OC_VER_DIR} /usr/share/instantclient && \
    service postgresql stop && \
    service redis-server stop && \
    service rabbitmq-server stop && \
@ -68,6 +98,7 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
 COPY config/supervisor/supervisor /etc/init.d/
 COPY config/supervisor/ds/*.conf /etc/supervisor/conf.d/
 COPY run-document-server.sh /app/ds/run-document-server.sh
+COPY oracle/sqlplus /usr/bin/sqlplus

 EXPOSE 80 443

@ -81,6 +112,7 @@ ARG PACKAGE_BASEURL="http://download.onlyoffice.com/install/documentserver/linux
 ENV COMPANY_NAME=$COMPANY_NAME \
    PRODUCT_NAME=$PRODUCT_NAME \
    PRODUCT_EDITION=$PRODUCT_EDITION \
+    DS_PLUGIN_INSTALLATION=false \
    DS_DOCKER_INSTALLATION=true

 RUN PACKAGE_FILE="${COMPANY_NAME}-${PRODUCT_NAME}${PRODUCT_EDITION}${PACKAGE_VERSION:+_$PACKAGE_VERSION}_${TARGETARCH:-$(dpkg --print-architecture)}.deb" && \
@ -93,6 +125,10 @@ RUN PACKAGE_FILE="${COMPANY_NAME}-${PRODUCT_NAME}${PRODUCT_EDITION}${PACKAGE_VER
    sed "s/COMPANY_NAME/${COMPANY_NAME}/g" -i /etc/supervisor/conf.d/*.conf && \
    service supervisor stop && \
    chmod 755 /app/ds/*.sh && \
+    printf "\nGO" >> "/var/www/$COMPANY_NAME/documentserver/server/schema/mssql/createdb.sql" && \
+    printf "\nGO" >> "/var/www/$COMPANY_NAME/documentserver/server/schema/mssql/removetbl.sql" && \
+    printf "\nexit" >> "/var/www/$COMPANY_NAME/documentserver/server/schema/oracle/createdb.sql" && \
+    printf "\nexit" >> "/var/www/$COMPANY_NAME/documentserver/server/schema/oracle/removetbl.sql" && \
    rm -f /tmp/$PACKAGE_FILE && \
    rm -rf /var/log/$COMPANY_NAME && \
    rm -rf /var/lib/apt/lists/*
--- a/README.md
+++ b/README.md
@ -178,7 +178,8 @@ Below is the complete list of parameters that can be set using environment varia
 - **SSL_KEY_PATH**: The path to the SSL certificate's private key. Defaults to `/var/www/onlyoffice/Data/certs/tls.key`.
 - **SSL_DHPARAM_PATH**: The path to the Diffie-Hellman parameter. Defaults to `/var/www/onlyoffice/Data/certs/dhparam.pem`.
 - **SSL_VERIFY_CLIENT**: Enable verification of client certificates using the `CA_CERTIFICATES_PATH` file. Defaults to `false`
- **DB_TYPE**: The database type. Supported values are `postgres`, `mariadb` or `mysql`. Defaults to `postgres`.
+- **NODE_EXTRA_CA_CERTS**: The [NODE_EXTRA_CA_CERTS](https://nodejs.org/api/cli.html#node_extra_ca_certsfile "Node.js documentation") to extend CAs with the extra certificates for Node.js. Defaults to `/var/www/onlyoffice/Data/certs/extra-ca-certs.pem`.
+- **DB_TYPE**: The database type. Supported values are `postgres`, `mariadb`, `mysql`, `mssql` or `oracle`. Defaults to `postgres`.
 - **DB_HOST**: The IP address or the name of the host where the database server is running.
 - **DB_PORT**: The database server port number.
 - **DB_NAME**: The name of a database to use. Should be existing on container startup.
@ -207,6 +208,7 @@ Below is the complete list of parameters that can be set using environment varia
 - **METRICS_PREFIX**: Defines StatsD metrics prefix for backend services. Defaults to `ds.`.
 - **LETS_ENCRYPT_DOMAIN**: Defines the domain for Let's Encrypt certificate.
 - **LETS_ENCRYPT_MAIL**: Defines the domain administator mail address for Let's Encrypt certificate.
+- **PLUGINS_ENABLED**: Defines whether to enable default plugins. Defaults to `true`.

 ## Installing ONLYOFFICE Document Server integrated with Community and Mail Servers

--- a/cluster.yml
+++ b/cluster.yml
@ -1,108 +0,0 @@
-version: '2.1'
-
-x-ds-image:
-  &ds-image
-  ${COMPANY_NAME:-onlyoffice}/${PRODUCT_NAME:-documentserver-de}:${PRODUCT_VERSION:-latest}
-
-services:
-  onlyoffice-documentserver-data:  
-    container_name: onlyoffice-documentserver-data
-    image: *ds-image
-    environment:
-      - ONLYOFFICE_DATA_CONTAINER=true
-      - DB_HOST=onlyoffice-postgresql
-      - DB_PORT=5432
-      - DB_NAME=onlyoffice
-      - DB_USER=onlyoffice
-      - AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq
-      - REDIS_SERVER_HOST=onlyoffice-redis
-      - REDIS_SERVER_PORT=6379
-      # Uncomment strings below to enable the JSON Web Token validation.
-      #- JWT_ENABLED=true
-      #- JWT_SECRET=secret
-      #- JWT_HEADER=Authorization
-      #- JWT_IN_BODY=true
-    stdin_open: true
-    restart: always
-    volumes:
-       - /etc/onlyoffice
-       - /var/www/onlyoffice/Data
-       - /var/log/onlyoffice
-       - /var/lib/onlyoffice/documentserver/App_Data/cache/files
-       - /var/www/onlyoffice/documentserver-example/public/files
-       - /usr/share/fonts
-       
-  onlyoffice-documentserver:
-    image: *ds-image
-    depends_on:
-      - onlyoffice-documentserver-data
-      - onlyoffice-postgresql
-      - onlyoffice-redis
-      - onlyoffice-rabbitmq
-    environment:
-      - ONLYOFFICE_DATA_CONTAINER_HOST=onlyoffice-documentserver-data
-      - BALANCE=uri depth 3
-      - EXCLUDE_PORTS=443
-      - HTTP_CHECK=GET /healthcheck
-      - EXTRA_SETTINGS=http-check expect string true
-      # Uncomment the string below to redirect HTTP request to HTTPS request.
-      #- FORCE_SSL=true
-    stdin_open: true
-    restart: always
-    expose:
-      - '80'
-    volumes_from:
-     - onlyoffice-documentserver-data
-
-  onlyoffice-haproxy:
-    container_name: onlyoffice-haproxy
-    image: dockercloud/haproxy:1.5.1
-    depends_on:
-      - onlyoffice-documentserver
-    environment:
-      - MODE=http
-      # Uncomment the string below to specify the path of ssl certificates
-      #- CERT_FOLDER=/certs/
-    stdin_open: true
-    links:
-     - onlyoffice-documentserver
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-      # Uncomment the string below to map a ssl certificate from host
-      # to the proxy container
-      #- /app/onlyoffice/DocumentServer/data/certs/onlyoffice.pem:/certs/cert1.pem
-    restart: always
-    ports:
-      - '80:80'
-      - '443:443'
-      - '1936:1936'
-       
-  onlyoffice-redis:
-    container_name: onlyoffice-redis
-    image: redis
-    restart: always
-    expose:
-      - '6379'
-
-  onlyoffice-rabbitmq:
-    container_name: onlyoffice-rabbitmq
-    image: rabbitmq
-    restart: always
-    expose:
-      - '5672'
-
-  onlyoffice-postgresql:
-    container_name: onlyoffice-postgresql
-    image: postgres:9.5
-    environment:
-      - POSTGRES_DB=onlyoffice
-      - POSTGRES_USER=onlyoffice
-      - POSTGRES_HOST_AUTH_METHOD=trust
-    restart: always
-    expose:
-      - '5432'
-    volumes:
-      - postgresql_data:/var/lib/postgresql
-
-volumes:
-  postgresql_data:
--- a/config/supervisor/ds/ds-converter.conf
+++ b/config/supervisor/ds/ds-converter.conf
@ -2,7 +2,7 @@
 command=/var/www/COMPANY_NAME/documentserver/server/FileConverter/converter
 directory=/var/www/COMPANY_NAME/documentserver/server/FileConverter
 user=ds
-environment=NODE_ENV=production-linux,NODE_CONFIG_DIR=/etc/COMPANY_NAME/documentserver,NODE_DISABLE_COLORS=1,APPLICATION_NAME=COMPANY_NAME
+environment=NODE_ENV=production-linux,NODE_CONFIG_DIR=/etc/COMPANY_NAME/documentserver,NODE_DISABLE_COLORS=1,APPLICATION_NAME=COMPANY_NAME,LD_LIBRARY_PATH=/var/www/COMPANY_NAME/documentserver/server/FileConverter/bin
 stdout_logfile=/var/log/COMPANY_NAME/documentserver/converter/out.log
 stdout_logfile_backups=0
 stdout_logfile_maxbytes=0
--- a/config/supervisor/ds/ds-docservice.conf
+++ b/config/supervisor/ds/ds-docservice.conf
@ -2,7 +2,7 @@
 command=/var/www/COMPANY_NAME/documentserver/server/DocService/docservice
 directory=/var/www/COMPANY_NAME/documentserver/server/DocService
 user=ds
-environment=NODE_ENV=production-linux,NODE_CONFIG_DIR=/etc/COMPANY_NAME/documentserver,NODE_DISABLE_COLORS=1
+environment=NODE_ENV=production-linux,NODE_CONFIG_DIR=/etc/COMPANY_NAME/documentserver,NODE_DISABLE_COLORS=1,APPLICATION_NAME=COMPANY_NAME
 stdout_logfile=/var/log/COMPANY_NAME/documentserver/docservice/out.log
 stdout_logfile_backups=0
 stdout_logfile_maxbytes=0
--- a/config/supervisor/ds/ds-metrics.conf
+++ b/config/supervisor/ds/ds-metrics.conf
@ -9,5 +9,5 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/var/log/COMPANY_NAME/documentserver/metrics/err.log
 stderr_logfile_backups=0
 stderr_logfile_maxbytes=0
-autostart=true
-autorestart=true
+autostart=false
+autorestart=false
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@ -64,7 +64,11 @@ variable "LATEST" {

 ### ↓ Variables for UCS build ↓

-variable "BASE_IMAGE" {
+variable "BASE_VERSION" {
+    default     = ""
+}
+
+variable "PACKAGE_SUFFIX" {
    default     = ""
 }

@ -130,7 +134,8 @@ target "documentserver-ucs" {
        "COMPANY_NAME": "${COMPANY_NAME}"
        "PACKAGE_VERSION": "${PACKAGE_VERSION}"
        "PACKAGE_BASEURL": "${PACKAGE_BASEURL}"
-        "BASE_IMAGE": "${BASE_IMAGE}"
+        "PACKAGE_SUFFIX": "${PACKAGE_SUFFIX}"
+        "BASE_VERSION": "${BASE_VERSION}"
        "PG_VERSION": "${PG_VERSION}"
    }
 }
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,4 +1,3 @@
-version: '2'
 services:
  onlyoffice-documentserver:
    build:
--- a/oracle/sqlplus
+++ b/oracle/sqlplus
@ -0,0 +1,6 @@
+#!/bin/sh
+
+CLIENTDIR=/usr/share/instantclient
+export LD_LIBRARY_PATH=$CLIENTDIR
+$CLIENTDIR/sqlplus $@
+
--- a/run-document-server.sh
+++ b/run-document-server.sh
@ -2,14 +2,21 @@

 umask 0022

+start_process() {
+  "$@" &
+  CHILD=$!; wait "$CHILD"; CHILD="";
+}
+
 function clean_exit {
+  [[ -z "$CHILD" ]] || kill -s SIGTERM "$CHILD" 2>/dev/null
  if [ ${ONLYOFFICE_DATA_CONTAINER} == "false" ] && \
  [ ${ONLYOFFICE_DATA_CONTAINER_HOST} == "localhost" ]; then
    /usr/bin/documentserver-prepare4shutdown.sh
  fi
+  exit
 }

-trap clean_exit SIGTERM
+trap clean_exit SIGTERM SIGQUIT SIGABRT SIGINT

 # Define '**' behavior explicitly
 shopt -s globstar
@ -23,7 +30,9 @@ DS_LOG_DIR="${LOG_DIR}/documentserver"
 LIB_DIR="/var/lib/${COMPANY_NAME}"
 DS_LIB_DIR="${LIB_DIR}/documentserver"
 CONF_DIR="/etc/${COMPANY_NAME}/documentserver"
+SUPERVISOR_CONF_DIR="/etc/supervisor/conf.d"
 IS_UPGRADE="false"
+PLUGINS_ENABLED=${PLUGINS_ENABLED:-true}

 ONLYOFFICE_DATA_CONTAINER=${ONLYOFFICE_DATA_CONTAINER:-false}
 ONLYOFFICE_DATA_CONTAINER_HOST=${ONLYOFFICE_DATA_CONTAINER_HOST:-localhost}
@ -44,10 +53,10 @@ fi

 SSL_CERTIFICATES_DIR="/usr/share/ca-certificates/ds"
 mkdir -p ${SSL_CERTIFICATES_DIR}
-if [[ -d ${DATA_DIR}/certs ]] && [ -e ${DATA_DIR}/certs/*.crt ]; then
+if find "${DATA_DIR}/certs" -type f \( -name "*.crt" -o -name "*.pem" \) -print -quit >/dev/null 2>&1; then
  cp -f ${DATA_DIR}/certs/* ${SSL_CERTIFICATES_DIR}
-  chmod 644 ${SSL_CERTIFICATES_DIR}/*.crt ${SSL_CERTIFICATES_DIR}/*.pem
-  chmod 400 ${SSL_CERTIFICATES_DIR}/*.key
+  chmod 644 ${SSL_CERTIFICATES_DIR}/*.{crt,pem} 2>/dev/null
+  chmod 400 ${SSL_CERTIFICATES_DIR}/*.key 2>/dev/null
 fi

 if [[ -z $SSL_CERTIFICATE_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.crt ]]; then
@ -60,6 +69,25 @@ if [[ -z $SSL_KEY_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.key ]
 else
  SSL_KEY_PATH=${SSL_KEY_PATH:-${SSL_CERTIFICATES_DIR}/tls.key}
 fi
+
+#When set, the well known "root" CAs will be extended with the extra certificates in file
+NODE_EXTRA_CA_CERTS=${NODE_EXTRA_CA_CERTS:-${SSL_CERTIFICATES_DIR}/extra-ca-certs.pem}
+if [[ -f ${NODE_EXTRA_CA_CERTS} ]]; then
+  NODE_EXTRA_ENVIRONMENT="${NODE_EXTRA_CA_CERTS}"
+elif [[ -f ${SSL_CERTIFICATE_PATH} ]]; then
+  SSL_CERTIFICATE_SUBJECT=$(openssl x509 -subject -noout -in "${SSL_CERTIFICATE_PATH}" | sed 's/subject=//')
+  SSL_CERTIFICATE_ISSUER=$(openssl x509 -issuer -noout -in "${SSL_CERTIFICATE_PATH}" | sed 's/issuer=//')
+
+  #Add self-signed certificate to trusted list for validating Docs requests to the test example 
+  if [[ -n $SSL_CERTIFICATE_SUBJECT && $SSL_CERTIFICATE_SUBJECT == $SSL_CERTIFICATE_ISSUER ]]; then
+    NODE_EXTRA_ENVIRONMENT="${SSL_CERTIFICATE_PATH}"
+  fi
+fi
+
+if [[ -n $NODE_EXTRA_ENVIRONMENT ]]; then
+  sed -i "s|^environment=.*$|&,NODE_EXTRA_CA_CERTS=${NODE_EXTRA_ENVIRONMENT}|" /etc/supervisor/conf.d/*.conf
+fi
+
 CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-${SSL_CERTIFICATES_DIR}/ca-certificates.pem}
 SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-${SSL_CERTIFICATES_DIR}/dhparam.pem}
 SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off}
@ -77,7 +105,9 @@ NGINX_ONLYOFFICE_EXAMPLE_CONF="${NGINX_ONLYOFFICE_EXAMPLE_PATH}/includes/ds-exam
 NGINX_CONFIG_PATH="/etc/nginx/nginx.conf"
 NGINX_WORKER_PROCESSES=${NGINX_WORKER_PROCESSES:-1}
 # Limiting the maximum number of simultaneous connections due to possible memory shortage
-[ $(ulimit -n) -gt 1048576 ] && NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-1048576} || NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)}
+LIMIT=$(ulimit -n); [ $LIMIT -gt 1048576 ] && LIMIT=1048576
+NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$LIMIT}
+RABBIT_CONNECTIONS=${RABBIT_CONNECTIONS:-$LIMIT}

 JWT_ENABLED=${JWT_ENABLED:-true}

@ -154,6 +184,15 @@ read_setting(){
    "mariadb"|"mysql")
      DB_PORT=${DB_PORT:-"3306"}
      ;;
+    "dameng")
+      DB_PORT=${DB_PORT:-"5236"}
+      ;;
+    "mssql")
+      DB_PORT=${DB_PORT:-"1433"}
+      ;;
+    "oracle")
+      DB_PORT=${DB_PORT:-"1521"}
+      ;;
    "")
      DB_PORT=${DB_PORT:-${POSTGRESQL_SERVER_PORT:-$(${JSON} services.CoAuthoring.sql.dbPort)}}
      ;;
@ -232,8 +271,31 @@ waiting_for_connection(){
  done
 }

+waiting_for_db_ready(){
+  case $DB_TYPE in
+    "oracle")
+      PDB="XEPDB1"
+      ORACLE_SQL="sqlplus $DB_USER/$DB_PWD@//$DB_HOST:$DB_PORT/$PDB"
+      DB_TEST="echo \"SELECT version FROM V\$INSTANCE;\" | $ORACLE_SQL 2>/dev/null | grep \"Connected\" | wc -l"
+      ;;
+    *)
+      return
+      ;;
+  esac
+
+  for (( i=1; i <= 10; i++ )); do
+    RES=$(eval $DB_TEST)
+    if [ "$RES" -ne "0" ]; then
+      echo "Database is ready"
+      break
+    fi
+    sleep 5
+  done
+}
+
 waiting_for_db(){
  waiting_for_connection $DB_HOST $DB_PORT
+  waiting_for_db_ready
 }

 waiting_for_amqp(){
@ -253,6 +315,7 @@ update_statsd_settings(){
  ${JSON} -I -e "this.statsd.host = '${METRICS_HOST}'"
  ${JSON} -I -e "this.statsd.port = '${METRICS_PORT}'"
  ${JSON} -I -e "this.statsd.prefix = '${METRICS_PREFIX}'"
+  sed -i -E "s/(autostart|autorestart)=.*$/\1=${METRICS_ENABLED}/g" ${SUPERVISOR_CONF_DIR}/ds-metrics.conf
 }

 update_db_settings(){
@ -345,10 +408,24 @@ update_ds_settings(){
    ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults.rejectUnauthorized===undefined)this.services.CoAuthoring.requestDefaults.rejectUnauthorized=false"
  fi

-  if [ "${WOPI_ENABLED}" == "true" ]; then
-    ${JSON} -I -e "if(this.wopi===undefined)this.wopi={}"
-    ${JSON} -I -e "this.wopi.enable = true"
-  fi
+  WOPI_PRIVATE_KEY="${DATA_DIR}/wopi_private.key"
+  WOPI_PUBLIC_KEY="${DATA_DIR}/wopi_public.key"
+
+  [ ! -f "${WOPI_PRIVATE_KEY}" ] && echo -n "Generating WOPI private key..." && openssl genpkey -algorithm RSA -outform PEM -out "${WOPI_PRIVATE_KEY}" >/dev/null 2>&1 && echo "Done"
+  [ ! -f "${WOPI_PUBLIC_KEY}" ] && echo -n "Generating WOPI public key..." && openssl rsa -RSAPublicKey_out -in "${WOPI_PRIVATE_KEY}" -outform "MS PUBLICKEYBLOB" -out "${WOPI_PUBLIC_KEY}" >/dev/null 2>&1  && echo "Done"
+  WOPI_MODULUS=$(openssl rsa -pubin -inform "MS PUBLICKEYBLOB" -modulus -noout -in "${WOPI_PUBLIC_KEY}" | sed 's/Modulus=//' | xxd -r -p | openssl base64 -A)
+  WOPI_EXPONENT=$(openssl rsa -pubin -inform "MS PUBLICKEYBLOB" -text -noout -in "${WOPI_PUBLIC_KEY}" | grep -oP '(?<=Exponent: )\d+')
+  
+  ${JSON} -I -e "if(this.wopi===undefined)this.wopi={};"
+  ${JSON} -I -e "this.wopi.enable = ${WOPI_ENABLED}"
+  ${JSON} -I -e "this.wopi.privateKey = '$(awk '{printf "%s\\n", $0}' ${WOPI_PRIVATE_KEY})'"
+  ${JSON} -I -e "this.wopi.privateKeyOld = '$(awk '{printf "%s\\n", $0}' ${WOPI_PRIVATE_KEY})'"
+  ${JSON} -I -e "this.wopi.publicKey = '$(openssl base64 -in ${WOPI_PUBLIC_KEY} -A)'"
+  ${JSON} -I -e "this.wopi.publicKeyOld = '$(openssl base64 -in ${WOPI_PUBLIC_KEY} -A)'"
+  ${JSON} -I -e "this.wopi.modulus = '${WOPI_MODULUS}'"
+  ${JSON} -I -e "this.wopi.modulusOld = '${WOPI_MODULUS}'"
+  ${JSON} -I -e "this.wopi.exponent = ${WOPI_EXPONENT}"
+  ${JSON} -I -e "this.wopi.exponentOld = ${WOPI_EXPONENT}"

  if [ "${ALLOW_META_IP_ADDRESS}" = "true" ] || [ "${ALLOW_PRIVATE_IP_ADDRESS}" = "true" ]; then
    ${JSON} -I -e "if(this.services.CoAuthoring['request-filtering-agent']===undefined)this.services.CoAuthoring['request-filtering-agent']={}"
@ -373,6 +450,12 @@ create_postgresql_db(){
  sudo -u postgres psql -c "CREATE DATABASE $DB_NAME OWNER $DB_USER;"
 }

+create_mssql_db(){
+  MSSQL="/opt/mssql-tools18/bin/sqlcmd -S $DB_HOST,$DB_PORT"
+
+  $MSSQL -U $DB_USER -P "$DB_PWD" -C -Q "IF NOT EXISTS (SELECT * FROM sys.databases WHERE name = '$DB_NAME') BEGIN CREATE DATABASE $DB_NAME; END"
+}
+
 create_db_tbl() {
  case $DB_TYPE in
    "postgres")
@ -381,6 +464,12 @@ create_db_tbl() {
    "mariadb"|"mysql")
      create_mysql_tbl
    ;;
+    "mssql")
+      create_mssql_tbl
+    ;;
+    "oracle")
+      create_oracle_tbl
+    ;;
  esac
 }

@ -392,6 +481,12 @@ upgrade_db_tbl() {
    "mariadb"|"mysql")
      upgrade_mysql_tbl
    ;;
+    "mssql")
+      upgrade_mssql_tbl
+    ;;
+    "oracle")
+      upgrade_oracle_tbl
+    ;;
  esac
 }

@ -414,6 +509,22 @@ upgrade_mysql_tbl() {
  $MYSQL $DB_NAME < "$APP_DIR/server/schema/mysql/createdb.sql" >/dev/null 2>&1
 }

+upgrade_mssql_tbl() {
+  CONN_PARAMS="-U $DB_USER -P "$DB_PWD" -C"
+  MSSQL="/opt/mssql-tools18/bin/sqlcmd -S $DB_HOST,$DB_PORT $CONN_PARAMS"
+
+  $MSSQL < "$APP_DIR/server/schema/mssql/removetbl.sql" >/dev/null 2>&1
+  $MSSQL < "$APP_DIR/server/schema/mssql/createdb.sql" >/dev/null 2>&1
+}
+
+upgrade_oracle_tbl() {
+  PDB="XEPDB1"
+  ORACLE_SQL="sqlplus $DB_USER/$DB_PWD@//$DB_HOST:$DB_PORT/$PDB"
+
+  $ORACLE_SQL @$APP_DIR/server/schema/oracle/removetbl.sql >/dev/null 2>&1
+  $ORACLE_SQL @$APP_DIR/server/schema/oracle/createdb.sql >/dev/null 2>&1
+}
+
 create_postgresql_tbl() {
  if [ -n "$DB_PWD" ]; then
    export PGPASSWORD=$DB_PWD
@ -433,6 +544,22 @@ create_mysql_tbl() {
  $MYSQL $DB_NAME < "$APP_DIR/server/schema/mysql/createdb.sql" >/dev/null 2>&1
 }

+create_mssql_tbl() {  
+  create_mssql_db
+
+  CONN_PARAMS="-U $DB_USER -P "$DB_PWD" -C"
+  MSSQL="/opt/mssql-tools18/bin/sqlcmd -S $DB_HOST,$DB_PORT $CONN_PARAMS"
+
+  $MSSQL < "$APP_DIR/server/schema/mssql/createdb.sql" >/dev/null 2>&1
+}
+
+create_oracle_tbl() {
+  PDB="XEPDB1"
+  ORACLE_SQL="sqlplus $DB_USER/$DB_PWD@//$DB_HOST:$DB_PORT/$PDB"
+
+  $ORACLE_SQL @$APP_DIR/server/schema/oracle/createdb.sql >/dev/null 2>&1
+}
+
 update_welcome_page() {
  WELCOME_PAGE="${APP_DIR}-example/welcome/docker.html"
  if [[ -e $WELCOME_PAGE ]]; then
@ -499,7 +626,7 @@ update_nginx_settings(){
    sed 's/linux/docker/' -i ${NGINX_ONLYOFFICE_EXAMPLE_CONF}
  fi

-  documentserver-update-securelink.sh -s ${SECURE_LINK_SECRET:-$(pwgen -s 20)} -r false
+  start_process documentserver-update-securelink.sh -s ${SECURE_LINK_SECRET:-$(pwgen -s 20)} -r false
 }

 update_log_settings(){
@ -528,7 +655,7 @@ for i in ${DS_LIB_DIR}/App_Data/cache/files ${DS_LIB_DIR}/App_Data/docbuilder ${
 done

 # change folder rights
-for i in ${LOG_DIR} ${LIB_DIR}; do
+for i in ${DS_LOG_DIR} ${DS_LOG_DIR}-example ${LIB_DIR}; do
  chown -R ds:ds "$i"
  chmod -R 755 "$i"
 done
@ -575,6 +702,8 @@ if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then
        chmod 400 ${RABBITMQ_DATA}/.erlang.cookie
    fi

+    echo "ulimit -n $RABBIT_CONNECTIONS" >> /etc/default/rabbitmq-server
+
    LOCAL_SERVICES+=("rabbitmq-server")
    # allow Rabbitmq startup after container kill
    rm -rf /var/run/rabbitmq
@ -635,23 +764,32 @@ if [ ${ONLYOFFICE_DATA_CONTAINER} != "true" ]; then
  service cron start
 fi

+# Fix to resolve the `unknown "cache_tag" variable` error
+start_process documentserver-flush-cache.sh -r false
+
 # nginx used as a proxy, and as data container status service.
 # it run in all cases.
 service nginx start

 if [ "${LETS_ENCRYPT_DOMAIN}" != "" -a "${LETS_ENCRYPT_MAIL}" != "" ]; then
  if [ ! -f "${SSL_CERTIFICATE_PATH}" -a ! -f "${SSL_KEY_PATH}" ]; then
-    documentserver-letsencrypt.sh ${LETS_ENCRYPT_MAIL} ${LETS_ENCRYPT_DOMAIN}
+    start_process documentserver-letsencrypt.sh ${LETS_ENCRYPT_MAIL} ${LETS_ENCRYPT_DOMAIN}
  fi
 fi

 # Regenerate the fonts list and the fonts thumbnails
 if [ "${GENERATE_FONTS}" == "true" ]; then
-  documentserver-generate-allfonts.sh ${ONLYOFFICE_DATA_CONTAINER}
+  start_process documentserver-generate-allfonts.sh ${ONLYOFFICE_DATA_CONTAINER}
 fi
-documentserver-static-gzip.sh ${ONLYOFFICE_DATA_CONTAINER}
+
+if [ "${PLUGINS_ENABLED}" = "true" ]; then
+  echo -n Installing plugins, please wait...
+  start_process documentserver-pluginsmanager.sh -r false --update=\"${APP_DIR}/sdkjs-plugins/plugin-list-default.json\" >/dev/null
+  echo Done
+fi
+
+start_process documentserver-static-gzip.sh ${ONLYOFFICE_DATA_CONTAINER}

 echo "${JWT_MESSAGE}" 

-tail -f /var/log/${COMPANY_NAME}/**/*.log &
-wait $!
+start_process tail -f /var/log/${COMPANY_NAME}/**/*.log
--- a/tests/README.md
+++ b/tests/README.md
@ -0,0 +1,3 @@
+The files in this folder are intended for use in integration auto-tests.
+
+All credentials are strictly for testing purposes only.
--- a/tests/damengdb/.env
+++ b/tests/damengdb/.env
@ -0,0 +1 @@
+VERSION=latest
--- a/tests/damengdb/README.md
+++ b/tests/damengdb/README.md
@ -0,0 +1,19 @@
+## Stand Documentserver with damengdb
+
+### How it works
+
+For deploy stand, you need:
+
+**STEP 1**: Build you own images, do it with command:
+   
+```bash
+docker compose build
+```
+
+**STEP 2**: Wait build and when it finish deploy with command:
+
+```bash
+docker compose up -d 
+```
+
+Thats all.
--- a/tests/damengdb/damengdb.Dockerfile
+++ b/tests/damengdb/damengdb.Dockerfile
@ -0,0 +1,57 @@
+FROM onlyoffice/damengdb:8.1.2 as damengdb
+
+ARG DM8_USER="SYSDBA"
+ARG DM8_PASS="SYSDBA001"
+ARG DB_HOST="localhost"
+ARG DB_PORT="5236"
+ARG DISQL_BIN="/opt/dmdbms/bin"
+
+SHELL ["/bin/bash", "-c"]
+
+COPY <<"EOF" /wait_dm_ready.sh
+#!/usr/bin/env bash
+
+function wait_dm_ready() {
+  cd /opt/dmdbms/bin
+  for i in `seq 1  10`; do
+    echo `./disql /nolog <<EOF
+CONN SYSDBA/SYSDBA001@localhost
+exit
+EOF` | grep  "connection failure" > /dev/null 2>&1
+    if [ $? -eq 0 ]; then
+      echo "DM Database is not OK, please wait..."
+      sleep 10
+    else
+      echo "DM Database is OK"
+      break
+    fi
+  done
+}
+
+wait_dm_ready
+
+EOF
+
+COPY <<"EOF" /permissions.sql
+
+CREATE SYNONYM onlyoffice.DOC_CHANGES FOR sysdba.DOC_CHANGES;
+CREATE SYNONYM onlyoffice.TASK_RESULT FOR sysdba.TASK_RESULT;
+GRANT ALL PRIVILEGES ON sysdba.DOC_CHANGES TO onlyoffice;
+GRANT ALL PRIVILEGES ON sysdba.TASK_RESULT TO onlyoffice;
+
+EOF
+
+RUN   bash /opt/startup.sh > /dev/null 2>&1 \
+   &  mkdir -p /schema/damengdb \
+   && apt update -y ; apt install wget -y \
+   && wget https://raw.githubusercontent.com/ONLYOFFICE/server/master/schema/dameng/createdb.sql -P /schema/dameng/ \
+   && bash ./wait_dm_ready.sh \
+   && cd ${DISQL_BIN} \
+   && ./disql $DM8_USER/$DM8_PASS@$DB_HOST:$DB_PORT -e \
+      "create user "onlyoffice" identified by "onlyoffice" password_policy 0;" \
+   && ./disql $DM8_USER/$DM8_PASS@$DB_HOST:$DB_PORT -e \
+      "GRANT SELECT ON DBA_TAB_COLUMNS TO onlyoffice;" \
+   && echo "EXIT" | tee -a /schema/dameng/createdb.sql \
+   && ./disql $DM8_USER/$DM8_PASS@$DB_HOST:$DB_PORT \`/schema/dameng/createdb.sql \
+   && ./disql $DM8_USER/$DM8_PASS@$DB_HOST:$DB_PORT \`/permissions.sql \
+   && sleep 10
--- a/tests/damengdb/docker-compose.yml
+++ b/tests/damengdb/docker-compose.yml
@ -0,0 +1,67 @@
+version: '2'
+services:
+  onlyoffice-documentserver:
+    build:
+      context: ../../.
+      dockerfile: Dockerfile
+      target: documentserver
+    container_name: onlyoffice-documentserver
+    depends_on:
+      - onlyoffice-dameng
+      - onlyoffice-rabbitmq
+    environment:
+      - DB_TYPE=dameng
+      - DB_HOST=onlyoffice-dameng
+      - DB_PORT=5236
+      - DB_NAME=onlyoffice
+      - DB_USER=onlyoffice
+      - AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq
+      # Costomize the JSON Web Token validation parameters if needed.
+      #- JWT_ENABLED=false
+      #- JWT_SECRET=secret
+      #- JWT_HEADER=Authorization
+      #- JWT_IN_BODY=true
+    ports:
+      - '80:80'
+      - '443:443'
+    stdin_open: true
+    restart: always
+    stop_grace_period: 60s
+    volumes:
+       - /var/www/onlyoffice/Data
+       - /var/log/onlyoffice
+       - /var/lib/onlyoffice/documentserver/App_Data/cache/files
+       - /var/www/onlyoffice/documentserver-example/public/files
+       - /usr/share/fonts
+       
+  onlyoffice-rabbitmq:
+    container_name: onlyoffice-rabbitmq
+    image: rabbitmq
+    restart: always
+    expose:
+      - '5672'
+
+  onlyoffice-dameng:
+    container_name: onlyoffice-dameng
+    build:
+      context: .
+      dockerfile: damengdb.Dockerfile
+      target: damengdb
+      args:
+        DM8_USER: SYSDBA
+        DM8_PASS: SYSDBA001
+        DB_HOST: localhost
+        DB_PORT: 5236
+    environment:
+      - PAGE_SIZE=16
+      - LD_LIBRARY_PATH=/opt/dmdbms/bin
+      - INSTANCE_NAME=dm8_01
+    restart: always
+    expose:
+      - '5236'
+    volumes:
+      - dameng_data:/opt/dmdbms/data
+
+volumes:
+  dameng_data:
+  
--- a/tests/mssql/README.md
+++ b/tests/mssql/README.md
@ -0,0 +1,17 @@
+## Stand Documentserver with mssql
+
+### How it works
+
+For deploy stand:
+
+**STEP 1**: Build you own images:
+   
+```bash
+sudo docker-compose build
+```
+
+**STEP 2**: Wait build complete and when:
+
+```bash
+sudo docker-compose up -d 
+```
--- a/tests/mssql/create_db_user.sh
+++ b/tests/mssql/create_db_user.sh
@ -0,0 +1,32 @@
+#!/bin/bash
+
+#generate SA password
+SYMBOLS='!#$%&*+,-.:;=?@^_~'
+for (( i=1; i <= 20; i++ )); do
+  PASS=$(tr -dc "A-Za-z0-9$SYMBOLS" </dev/urandom | head -c 15)
+  if [[ $PASS == *[0-9]* && 
+        $PASS != $(echo "$PASS" | tr [:upper:] ' ') && 
+        $PASS != $(echo "$PASS" | tr [:lower:] ' ') && 
+        $PASS != $(echo "$PASS" | tr "$SYMBOLS" ' ') ]]; then
+    break
+  fi
+done
+export MSSQL_SA_PASSWORD=$PASS
+
+CONNECTION_STR="/opt/mssql-tools/bin/sqlcmd -S localhost,1433 -U SA -P "$MSSQL_SA_PASSWORD" -C -Q"
+
+#start db
+/opt/mssql/bin/sqlservr &
+
+#wait for db up
+for (( i=1; i <= 10; i++ )); do
+  RES=$($CONNECTION_STR "SELECT @@VERSION;" 2>/dev/null | grep "affected" | wc -l)
+  if [ "$RES" -eq "1" ]; then
+    echo "Database is ready"
+    break
+  fi
+  sleep 10
+done
+
+#create new db user
+$CONNECTION_STR "IF NOT EXISTS (SELECT * FROM sys.sql_logins WHERE name = '$MSSQL_USER') BEGIN CREATE LOGIN $MSSQL_USER WITH PASSWORD = '$MSSQL_PASSWORD' , CHECK_POLICY = OFF; ALTER SERVER ROLE [dbcreator] ADD MEMBER [$MSSQL_USER]; END"
--- a/tests/mssql/docker-compose.yml
+++ b/tests/mssql/docker-compose.yml
@ -0,0 +1,38 @@
+version: '2.1'
+services:
+  onlyoffice-documentserver:
+    container_name: onlyoffice-documentserver
+    build:
+      context: ../../.
+      dockerfile: Dockerfile
+    depends_on:
+      - onlyoffice-mssql
+    environment:
+      - DB_TYPE=${DB_TYPE:-mssql}
+      - DB_HOST=${DB_HOST:-onlyoffice-mssql}
+      - DB_PORT=${DB_PORT:-1433}
+      - DB_NAME=${DB_NAME:-onlyoffice}
+      - DB_USER=${DB_USER:-onlyoffice}
+      - DB_PWD=${DB_PWD:-onlyoffice}
+    stdin_open: true
+    restart: always
+    ports:
+      - '80:80'
+
+  onlyoffice-mssql:
+    container_name: onlyoffice-mssql
+    build:
+      context: .
+      dockerfile: mssql.Dockerfile
+      args:
+        - MSSQL_DATABASE=${DB_NAME:-onlyoffice}
+        - MSSQL_USER=${DB_USER:-onlyoffice}
+        - MSSQL_PASSWORD=${DB_PWD:-onlyoffice}
+    restart: always
+    volumes:
+      - mssql_data:/var/opt/mssql
+    expose:
+      - '1433'
+
+volumes:
+  mssql_data:
--- a/tests/mssql/mssql.Dockerfile
+++ b/tests/mssql/mssql.Dockerfile
@ -0,0 +1,9 @@
+FROM mcr.microsoft.com/mssql/server:2022-latest as onlyoffice-mssql
+
+ENV ACCEPT_EULA=Y
+
+SHELL ["/bin/bash", "-c"]
+
+COPY create_db_user.sh /tmp/create_db_user.sh
+
+RUN bash /tmp/create_db_user.sh
--- a/tests/oracle/README.md
+++ b/tests/oracle/README.md
@ -0,0 +1,17 @@
+## Stand Documentserver with oracle
+
+### How it works
+
+For deploy stand:
+
+**STEP 1**: Build you own images:
+   
+```bash
+sudo docker-compose build
+```
+
+**STEP 2**: Wait build complete and when:
+
+```bash
+sudo docker-compose up -d 
+```
--- a/tests/oracle/create_db_user.sh
+++ b/tests/oracle/create_db_user.sh
@ -0,0 +1,28 @@
+#!/bin/bash
+
+CONNECTION_STR="sqlplus sys/$ORACLE_PASSWORD@//localhost:1521/$ORACLE_DATABASE as sysdba"
+
+export ORACLE_PWD=$ORACLE_PASSWORD
+
+#start db
+/opt/oracle/runOracle.sh &
+
+#wait for db up
+for (( i=1; i <= 20; i++ )); do
+  RES=$(echo "SELECT version FROM V\$INSTANCE;" | $CONNECTION_STR 2>/dev/null | grep "Connected" | wc -l)
+  if [ "$RES" -ne "0" ]; then
+    echo "Database is ready"
+    break
+  fi
+  sleep 10
+done
+
+sleep 1
+
+#create new db user
+$CONNECTION_STR <<EOF
+CREATE USER $ORACLE_USER IDENTIFIED BY $ORACLE_PASSWORD;
+GRANT CREATE SESSION TO $ORACLE_USER;
+GRANT CREATE TABLE TO $ORACLE_USER; 
+ALTER USER $ORACLE_USER quota unlimited on USERS;
+EOF
--- a/tests/oracle/docker-compose.yml
+++ b/tests/oracle/docker-compose.yml
@ -0,0 +1,38 @@
+version: '2.1'
+services:
+  onlyoffice-documentserver:
+    container_name: onlyoffice-documentserver
+    build:
+      context: ../../.
+      dockerfile: Dockerfile
+    depends_on:
+      - onlyoffice-oracle
+    environment:
+      - DB_TYPE=${DB_TYPE:-oracle}
+      - DB_HOST=${DB_HOST:-onlyoffice-oracle}
+      - DB_PORT=${DB_PORT:-1521}
+      - DB_NAME=${DB_NAME:-xepdb1}
+      - DB_USER=${DB_USER:-onlyoffice}
+      - DB_PWD=${DB_PWD:-onlyoffice}
+    stdin_open: true
+    restart: always
+    ports:
+      - '80:80'
+
+  onlyoffice-oracle:
+    container_name: onlyoffice-oracle
+    build:
+      context: .
+      dockerfile: oracle.Dockerfile
+      args:
+        - ORACLE_DATABASE=${DB_NAME:-xepdb1}
+        - ORACLE_USER=${DB_USER:-onlyoffice}
+        - ORACLE_PASSWORD=${DB_PWD:-onlyoffice}
+    restart: always
+    volumes:
+      - oracle_data:/opt/oracle/oradata
+    expose:
+      - '1521'
+
+volumes:
+  oracle_data:
--- a/tests/oracle/oracle.Dockerfile
+++ b/tests/oracle/oracle.Dockerfile
@ -0,0 +1,15 @@
+FROM container-registry.oracle.com/database/express:21.3.0-xe as onlyoffice-oracle
+
+ARG ORACLE_DATABASE=
+ARG ORACLE_PASSWORD=
+ARG ORACLE_USER=
+
+ENV ORACLE_DATABASE=$ORACLE_DATABASE \
+    ORACLE_PASSWORD=$ORACLE_PASSWORD \
+    ORACLE_USER=$ORACLE_USER
+
+SHELL ["/bin/bash", "-c"]
+
+COPY create_db_user.sh /tmp/create_db_user.sh
+
+RUN bash /tmp/create_db_user.sh
Author	SHA1	Message	Date
papacarlo	22f8a1004f	Merge branch hotfix/v8.3.1 into master	2025-02-27 13:24:28 +00:00
Nasrullo Nurullaev	c867cf5eb7	Fix issue with building documentserver-ucs	2025-02-10 07:38:11 +00:00
papacarlo	0de571477f	Merge branch release/v8.3.0 into master	2025-02-05 17:25:46 +00:00
Nasrullo Nurullaev	a8b1256d87	fix Bug 72356 - Fix security issue with shell variables	2025-01-13 15:34:29 +05:00
Alexey Golubev	a349692e60	Add folder description (#16 )	2025-01-10 13:35:29 +00:00
danilapog	4ed8027cbe	Fix bug 72341 - Injections with operating system commands (#15 ) Co-authored-by: danilapog <danil.titarenko@onlyoffice.com> Co-committed-by: danilapog <danil.titarenko@onlyoffice.com>	2025-01-09 14:34:43 +00:00
Alexey Golubev	e9f55325d9	Fixbug #72289	2024-12-28 08:44:33 +00:00
Nasrullo Nurullaev	9b55149e51	Fix issue with building Dockerfile for arm64 arch	2024-12-20 09:47:22 +05:00
Nasrullo Nurullaev	2e4c0e7ebc	Update base image to 24.04 (#13 ) Reviewed-on: https://git.onlyoffice.com/ONLYOFFICE/Docker-DocumentServer/pulls/13 Reviewed-by: Alexey Golubev <Alexey.Golubev@onlyoffice.com> Co-authored-by: Nasrullo Nurullaev <nasrullo.nurullaev@onlyoffice.com> Co-committed-by: Nasrullo Nurullaev <nasrullo.nurullaev@onlyoffice.com>	2024-12-16 07:38:40 +00:00
papacarlo	19c2c0bf7d	Merge branch hotfix/v8.2.2 into release/v8.3.0	2024-12-09 12:10:33 +00:00
papacarlo	c53b6dc6be	Merge branch hotfix/v8.2.2 into master	2024-11-28 12:25:15 +00:00
Evgeniy Antonyuk	330f5a4969	fix Bug 71832 - Fix the handling for .pem certificates	2024-11-25 14:37:52 +03:00
papacarlo	3d89aae7ee	Merge branch hotfix/v8.2.1 into develop	2024-11-22 10:55:47 +00:00
papacarlo	0b670630f5	Merge branch release/v8.2.0 into develop	2024-10-21 11:56:45 +00:00
papacarlo	0052a31583	Merge branch release/v8.2.0 into master	2024-10-17 11:16:26 +00:00
Evgeniy Antonyuk	510128a3cc	Fix to resolve the `unknown "cache_tag" variable` error	2024-10-16 16:01:14 +07:00
Evgeniy Antonyuk	84443a0095	fix Bug 70772 - Add the APPLICATION_NAME variable to ds-docservice	2024-10-11 15:46:53 +07:00
Evgeniy Antonyuk	a1b238d180	Fix the option to enable plugins to true by default	2024-10-07 16:29:01 +07:00
RomanDemidov	85a678008a	Merge pull request 'Replace library symlinks with LD_LIBRARY_PATH env' (#7 ) from feature/library-path into release/v8.2.0 Reviewed-on: https://git.onlyoffice.com/ONLYOFFICE/Docker-DocumentServer/pulls/7	2024-09-23 14:42:52 +00:00
Evgeniy Antonyuk	e815a55687	Replace library symlinks with LD_LIBRARY_PATH env	2024-09-23 20:22:05 +07:00
Nasrullo Nurullaev	1581d5b3fb	fix Bug 69800 - Fix warning in casing mismatch	2024-09-18 07:34:43 +00:00
danilapog	cf34136b58	Fix bug 70234 - getTableColumnsError Error on damengdb connect	2024-09-16 22:39:48 +03:00
Evgeniy Antonyuk	5a1597b6ed	Merge branch 'hotfix/v8.1.3' into release/v8.2.0	2024-09-13 18:58:49 +07:00
papacarlo	ed000589d4	Merge branch hotfix/v8.1.3 into develop	2024-09-13 11:41:33 +00:00
papacarlo	aeba194cf1	Merge branch hotfix/v8.1.3 into master	2024-09-13 11:41:32 +00:00
Evgeniy Antonyuk	ca1a38e440	Disable plugin installation when building the docker image (#3 ) Co-authored-by: Evgeniy Antonyuk <antonyuk.evgenyiy@onlyoffice.com> Co-committed-by: Evgeniy Antonyuk <antonyuk.evgenyiy@onlyoffice.com>	2024-09-05 11:47:11 +00:00
Evgeniy Antonyuk	bf55775663	Add an optional option to enable plugins (#1 ) Co-authored-by: Evgeniy Antonyuk <antonyuk.evgenyiy@onlyoffice.com> Co-committed-by: Evgeniy Antonyuk <antonyuk.evgenyiy@onlyoffice.com>	2024-09-05 14:31:36 +03:00
Alexey Golubev	bef214b20e	Merge hotfix/v8.1.1 into master	2024-09-05 11:28:21 +00:00
Evgeniy Antonyuk	b8f4133434	Add an optional option to enable plugins (#1 ) Co-authored-by: Evgeniy Antonyuk <antonyuk.evgenyiy@onlyoffice.com> Co-committed-by: Evgeniy Antonyuk <antonyuk.evgenyiy@onlyoffice.com>	2024-09-05 07:57:32 +00:00
Nasrullo Nurullaev	7de5df8df9	fix Bug 69609 - Fix issue with automatic updates (#766 )	2024-08-20 12:40:12 +03:00
Nasrullo Nurullaev	76e9400bde	fix Bug 69596 - Fix warning during Docker Compose execution (#765 )	2024-08-20 12:21:19 +03:00
Elbakyan Shirak	fbc1868597	fix Bug 66631 - Correct RabbitMQ connections limit (#759 )	2024-08-14 11:18:03 +03:00
Evgeniy Antonyuk	893de2e916	fix Bug 66601 - Add fixes to WOPI modulus configuration (#756 )	2024-08-13 13:04:06 +03:00
Elbakyan Shirak	080f06c9b6	Fix bug 67970 - SIGTERM processing (#753 )	2024-08-06 16:33:06 +03:00
Evgeniy Antonyuk	d310412e8f	fix Bug 66601 - Add fixes to WOPI modulus configuration (#756 )	2024-08-01 18:40:47 +03:00
papacarlo	454122d598	Merge branch hotfix/v8.1.1 into release/v8.2.0	2024-07-26 08:13:33 +00:00
papacarlo	67578bb016	Merge branch hotfix/v8.1.1 into develop	2024-07-26 08:13:31 +00:00
papacarlo	7d78233879	Merge branch release/v8.1.0 into develop	2024-06-26 10:50:52 +00:00
papacarlo	0d5588d03a	Merge branch release/v8.1.0 into master	2024-06-19 08:29:43 +00:00
Semyon Bezrukov	b2c9221d48	Fix branding paths (#745 )	2024-06-11 11:16:38 +03:00
Evgeniy Antonyuk	3b60bc3c6e	Fix changing permissions for log directories (#744 )	2024-06-10 17:28:48 +03:00
Evgeniy Antonyuk	275719d078	Add fixes to WOPI configuration (#742 )	2024-06-03 17:35:29 +03:00
Evgeniy Antonyuk	cf29c757a2	fix Bug 68320 - Fix output during WOPI configuration (#741 )	2024-06-03 17:33:07 +03:00
Evgeniy Antonyuk	85ddd66d9f	fix Bug 66601 - Add additional parameters for WOPI configuration (#738 )	2024-05-29 16:05:22 +03:00
Roman Demidov	bbfc86a1e0	Add ORACLE support (#734 )	2024-05-27 13:57:11 +03:00
Evgeniy Antonyuk	b4e29f9695	Add configuration of WOPI parameters (#735 )	2024-05-21 14:13:54 +03:00
Roman Demidov	b665c004da	Use mssql-tools version from BASE_IMAGE (#731 ) * Use mssql-tools version from BASE_IMAGE * Small changes * Small changes * Small changes * Small changes * Small changes	2024-05-03 11:23:12 +03:00
Roman Demidov	a571bd0d1a	Add MSSQL support (#728 )	2024-04-23 13:04:49 +03:00
Evgeniy Antonyuk	12eb20a61b	fix Bug 65410 - Disable ds:metrics service when METRICS_ENABLED=false (#726 )	2024-04-10 10:49:31 +03:00
Danil Titarenko	3fe861b1a4	Add damengdb stand (#712 ) * Add dameng stand * Rename compose file * Move damengdb files in tests folder * Remove copy bin disql command * Refactoring damengdb stand * Update readme instructions * Refactor: update readme * Refactor: add note * Update run command for disql copy * Remove scripts and add volumes in compose file Stand was updated. Main changes that scripts for prepare environment was removed.Now damengdb image can be pulled from hub.docker, also disql will be mounted from damengdb container in documentserver container. * Update damengdb image version * Actualized damengdb compose file Use damengdb image from onlyoffice repo. Also do not use develop documentserver build anymore * Don't mount entrypoint script anymore After release it will be inside the image with the necessary edits * Add the ability to build an image before compose is started * Dameng: Execute schema on build stage Now if you want use damengdb, you nedd build own image, schema for Documentserver will be create on build stage. Add dockerfile for the build dameng image. Also disql bin file don't share between containers * Actualize readme for damengdb stand * Editing typos * Remove useless lines * Small cosmetic change * Remove useless volume from compose file * Use default password for check connection * Remove `image` filed from compose	2024-03-25 17:13:26 +03:00
Evgeniy Antonyuk	eb1706e3b7	fix Bug 62253 - NODE_EXTRA_CA_CERTS substitution error (#721 )	2024-03-19 15:37:55 +03:00
papacarlo	184a07a2b3	Merge branch hotfix/v8.0.1 into release/v8.1.0	2024-03-15 11:20:06 +00:00
papacarlo	34a80e08da	Merge branch hotfix/v8.0.1 into develop	2024-03-15 11:20:03 +00:00
Evgeniy Antonyuk	5e9c269d86	fix Bug 62253 - self-signed SSL issue (#714 )	2024-03-13 16:00:05 +03:00
papacarlo	c4cd0a1417	Merge branch release/v8.0.0 into develop	2024-02-05 08:48:59 +00:00
papacarlo	40efc5bea9	Merge branch release/v8.0.0 into master	2024-01-30 11:32:11 +00:00
Alexey Golubev	0a42ee66b0	Fix bug #60688 (#703 )	2024-01-18 10:20:37 +03:00
Danil Titarenko	6416c2c32a	Action small fixes (#697 )	2023-12-21 13:22:02 +03:00
Danil Titarenko	016440fd4b	Disable issue creation from zap scanner (#695 )	2023-12-20 11:22:37 +03:00
Danil Titarenko	84a8191de9	Add DocumentServer zap scanner (#685 ) * Add DocumentServer zap scanner * Fix zap target url from `http` to `https`	2023-12-19 11:24:58 +03:00
papacarlo	f67284582f	Merge branch hotfix/v7.5.1 into develop	2023-11-15 12:57:39 +00:00