Skip to main content

Diskover 2.5.0 Release Notes

Brandon Langley
Updated

Diskover 2.5.0 Release Notes

Release Date: March 2026

Overview

Diskover 2.5.0 delivers significant improvements across performance, security, usability, and platform capabilities. Key highlights include Phase 1 of the Diskover UI Refresh, JWT bearer token authentication for MCP API access, the new Volume Discovery feature, the Diskover MCP Server for AI integration, enhanced OIDC group support, and critical security hardening against LDAP vulnerabilities.

New Features

Volume Discovery

[DEV-433]

Diskover now includes a fully operational Volume Discovery feature, enabling automated storage volume detection and management. Volume Discovery leverages the existing RabbitMQ/Celery task framework to coordinate mounting storage across Task Workers, streamlining the process of onboarding new storage volumes for indexing.

JWT Bearer Token Authentication for MCP API Access

[DEV-599]

A new JWT bearer token authentication system has been added to the Diskover API, providing secure, token-based access for MCP server integrations. The implementation includes the same group-based filtering that exists in the web UI, ensuring users only see data they are authorized to access. Users can self-service generate tokens, while administrators retain the ability to manage all tokens across the platform.

Diskover MCP Server (AI Connector)

[DEV-497]

Diskover 2.5.0 introduces the Diskover MCP Server, a new integration that enables AI assistants such as Claude, Microsoft Copilot Studio, and n8n to interact directly with Diskover's indexed data through the Model Context Protocol (MCP) standard. The MCP Server provides a suite of AI-accessible tools including:

  • Index Discovery — List and browse available Diskover indices.
  • File Search — Full Elasticsearch query support with smart search shortcuts (e.g., !img, !vid, !aud) for common file types, pagination, and path-based filtering.
  • File & Directory Tagging — Add, remove, and manage tags on files and directories with batch and recursive tagging options.
  • Metrics & Analytics — Retrieve storage analytics aggregated by any field (extension, owner, tags, size, etc.) using the same query syntax as the Diskover Web UI.

The MCP Server supports multiple deployment modes: local stdio for Claude Desktop, remote Streamable HTTP for cloud-hosted AI platforms, and Docker for production environments. Authentication leverages the same JWT bearer tokens introduced in DEV-599, ensuring group-based access controls and audit trails are enforced consistently across both the Web UI and AI integrations. A Claude Desktop Extension (.dxt) package is also available for one-click installation.

OIDC User Group Feature & Userinfo Endpoint

[DEV-684]

OIDC authentication has been enhanced with expanded user group support and a new userinfo endpoint lookup method. Key additions include:

  • A feature flag to restrict inbound OIDC requests to only users/groups explicitly assigned a role within the Diskover Admin OIDC configuration panel.
  • Introduction of an OIDC "user group" concept for basic read-only users, in addition to existing elevated roles (Task Panel User & Admin).
  • A third OIDC group lookup option via the userinfo endpoint, enabling compatibility with ServiceNow, Keycloak, Azure AD, and other providers that do not use Okta API tokens or pass groups through JWT claims.
  • New configuration options: OAUTH2_USE_USERINFO_GROUPS, OAUTH2_USERINFO_ENDPOINT, and OAUTH2_USERINFO_GROUPS_FIELD.
  • Group resolution follows a priority hierarchy: Okta API → Userinfo Endpoint → JWT Token Claims.

Elasticsearch JSON Document Viewer

[DEV-658]

A new "Fetch ES JSON Blob" button has been added to the File View page (view.php), allowing users to retrieve and view the complete Elasticsearch document for any file or directory directly from the Diskover Web UI. The modal displays the full JSON document with formatted output and includes a "Copy JSON" button for quick clipboard access. This is particularly useful for inspecting metadata fields that may not yet be exposed through Diskover Admin configuration.

UI/UX Improvements

Redesigned Indices Page

[DEV-655]

The Indices page has been comprehensively redesigned for improved usability and a modern look:

  • Compact pagination replaces numbered page buttons with a streamlined < [page] > format with previous/next arrows.
  • Gmail-style Select All/Unselect All dropdown in the table header with dynamic icon updates based on selection state.
  • Selection mode radio buttons replace the previous checkbox, offering clear "Manual Selection" and "Always use latest indices (auto select)" options with collapsible help tooltips.
  • Improved filter controls grouped to the right using flexbox layout, with the "Go" button renamed to "Apply."
  • Reorganized toolbar with selection buttons on the left and DataTables controls on the right.
  • Dark theme scrollbar styling fixes for both Chromium-based browsers and Firefox.

Improved Search Results Chart Visibility Logic

[DEV-511]

Search result charts now intelligently show or hide based on search scope. Charts are only displayed when the search is scoped to a specific path (via "Current Dir" toggle or an explicit parent_path: filter in the query). This prevents misleading chart data when search results span multiple top paths.

Navigation and Layout Refinements

[DEV-643]

The "System Configuration" button in the navigation menu has been renamed to "Diskover Admin" for improved discoverability and clarity for new users.

[DEV-693]

Action buttons on the File View page (name/path copy and related actions) now render inline to the right of their respective text fields, reducing unnecessary vertical scrolling.

[DEV-692]

Fixed a scrolling behavior issue on the search results page that caused unintended page jumps or erratic scroll behavior.

Performance Improvements

Optimized Scan and Ingest Performance

[DEV-549]

The Diskover scanner has been refactored to separate scanning threads from bulk upload/ingest threads. Previously, the same threads handled both file system scanning and Elasticsearch bulk uploading. Scan and ingest operations now use dedicated threads and queues, resulting in improved overall indexing performance and clearer logging separation between scan speed and bulk upload times.

Security Enhancements

LDAP Injection Prevention

[DEV-685]

LDAP usernames and distinguished names are now properly escaped in the login process to prevent LDAP injection attacks. This resolves a vulnerability identified via Nessus security scanning where specially crafted input in the login form's username and password fields could potentially manipulate LDAP search queries.

License Validation Public Key Fetch Fix

[DEV-675]

Resolved an issue where the license validation process could not retrieve the public key, causing a persistent validation error to display in the System Configuration > License panel. While the error did not block access to the system, it caused confusion for users. The public key fetch mechanism has been corrected to eliminate these spurious validation warnings.

Bug Fixes

[DEV-715]

Fixed an issue where using OR operators in search queries returned unexpected results. The root cause was that AND type:(file OR directory) was being appended to the end of the search string without wrapping the user's original query in parentheses, causing operator precedence issues. User search queries are now properly wrapped in parentheses before the type filter is appended.

[DEV-695]

Fixed a bug where AND type:(file OR directory) was duplicated and appended repeatedly to the search query each time the search button in the navigation bar was clicked, leading to malformed queries and unexpected results.

[DEV-694]

Fixed the smart search shortcut (! prefix) to correctly trigger a smart search query. Previously, using ! in front of a search term (e.g., !tmp) did not properly invoke the smart search functionality.

[DEV-714]

Fixed duplicate entries appearing in the search input autocomplete dropdown. Missing hidden fields in the navigation form (nav.php) caused the search state to not carry over correctly, resulting in duplicate suggestions.

Indices Page

[DEV-671]

Fixed a 404 error that occurred when toggling "Always Use Latest Indices" on the Indices page. The issue was caused by a missing ? character when appending the reloadindices query parameter to the URL.

[DEV-705]

Fixed an issue where the Top Path was not correctly displayed when switching from manual index selection mode to auto select (always use latest) mode.

Task Management

[DEV-704]

Fixed an issue where manually creating a new task with cron schedule values selected from dropdowns would produce validation errors, blocking task creation. Subsequent attempts to modify and save the task showed duplicate values in the schedule dropdowns.

File Search & Selection

[DEV-688]

Fixed the "Select All" checkbox in the top-left corner of the File Search results table, which was not correctly selecting or deselecting all visible file entries.

Authentication

[DEV-703]

Fixed an issue where the Active Directory login logic was too restrictive, only supporting one of sAMAccountName or userPrincipalName for LDAP searches. The login form now accounts for both attribute types in the AD path, ensuring broader compatibility across different Active Directory configurations.

Plugin System

[DEV-701]

Fixed a critical issue where an unhandled exception in a plugin's __init__.py file during registration would cause the Diskover Admin and Celery worker services to fail on startup. Plugin registration now properly catches exceptions during the pkgutil.walk_packages directory traversal, allowing services to start even if individual plugins contain errors.

Licensing

[DEV-682]

Removed remaining references to the legacy Media Edition (ME) license tier in the Diskover Web UI. Media info columns and data are now displayed based solely on whether the data exists in the index and the corresponding fields are exposed in EXTRA_FIELDS, rather than being gated behind the deprecated ME edition check.

Upgrade Notes

  • Volume Discovery Migration: The required SQL migration for Volume Discovery (DEV-690) runs automatically on Diskover Admin service restart after upgrading to 2.5.0. No manual database changes are required.
  • OIDC Configuration: If using OIDC authentication, review the new group feature flag and userinfo endpoint settings in Diskover Admin. The default behavior (without the feature flag enabled) remains unchanged to avoid disrupting existing OIDC integrations.
  • Active Directory Users: The login form now supports both sAMAccountName and userPrincipalName search paths. No configuration changes are required; existing AD setups will continue to function normally.

Related articles

Comments

0 comments

Article is closed for comments.

Powered by Zendesk