Release Notes Version 2.4.x
Version 2.4.18 (released 2014-08-15)
- Added menubar title, page title and delete expiration information to user info API.
- Fixed a problem where a users group wasn't properly assigned when the default LDAP group was set to disable login.
- Set the default group to the system default group if the current default group is deleted.
- Fixed incorrect license count on the status page.
Version 2.4.17 (released 2014-08-01)
- Updated to a later version of the SAML2 library.
- Set expires after to the max value if the max value is set and user entry blank or 0.
- Update last login at and last login ip when logging in using the API.
- Better logging of CSRF issues.
- Fixed a problem where ClamAV stopped working on EC2 after a recent Amazon update.
- Fixed a problem accessing files if AV scans a disabled for local users.
- Fixed a problem setting the default LDAP group to login disabled.
- Fixed a problem where FileLinks couldn't be deleted.
- Fixed older and legacy migration problems.
Version 2.4.16 (released 2014-07-10)
- Fixed a problem where email relay configuration could be reset when using multi-domain configuration.
- Fixed a problem where crafting a special URL could delete FileLinks.
- Fixed a CSRF problem where a user could potentially be tricked into changing their API key and random Filedrop URL.
- Fixed a CSRF problem where a user could potentially be tricked into sending a message.
- Ensure that the content-disposition header is set when downloading zip archives.
- Improved imput validation for user name and email fields.
Version 2.4.15 (released 2014-07-03)
- Fixed a problem where old internal database backups wasn't removed properly.
- Check if cookies are enabled and warn on the front page if they are not.
- Capture cookie related issues and direct users to enable cookies if they are not.
- Added user interface permission settings to the user account API call.
- Use p tags instead of pre tags in the default validate_email temaplate as there's been reports of the default email getting caught in spam filters.
- Updated the web application framework rails to latest stable release.
Version 2.4.14 (released 2014-06-16)
- Fixed a problem removing remote syslog server if configured.
- Fixed incorrect user license count in the admin interface when using domains.
- Only test certificates for the default domain.
- Fixed a problem loading certificates from other domains than the default domain.
Version 2.4.13 (released 2014-06-06)
- Restart all components that's loading OpenSSL after the recent OpenSSL vulnerability.
- Disable the login button on submit, preventing doubleclicking on the login button.
- Fixed a problem with URL encoding for FileLinks.
- Fixed a problem downloading beta releases.
Version 2.4.12 (released 2014-05-23)
- Enabled having external and sending disabled enabled at the same time.
- Show Message ID or FileLink in the Download log expanded view.
Version 2.4.11 (released 2014-05-19)
- Updated email authentication pages for legacy browsers and added client side validations.
- Added LDAP server Base DN detection (for new servers) and syntax checker.
- Warn if Sysadmins are authenticated via LDAP.
- Fixed a SSL connection problem when using the domains feature.
- Fixed a file system location issue when using the domains feature.
- Updated Rails version (fix for potential security issue).
Version 2.4.10 (released 2014-05-01)
- New Feature: Password Expirations, configurable on a per group basis.
- Added Certificate Validity Checking and displaying of the Certificate Chain.
- Changed the Certificate Chain to a separate text field in Admin → Certificate → Upload.
- Increased the Strict Transport Security policy to 1 year, in line with current security recommendations.
Version 2.4.9 (released 2014-04-28)
- Allow backspace in the backup username for SMB backups.
- Fixed a problem with the EC2 installer.
- Fixed a problem to Static SSO Logins.
- Fixed a problem with LDAP search order when using multiple LDAP servers.
Version 2.4.8 (released 2014-04-22)
- Fixed a problem with UTF-8 characters in emails (problem occurred in v2.4.7).
- Better handling and error message for CSRF errors.
- Updated client side validation for network range configurations, backup configuration and group configuration.
- Updated server side validations.
- Fixed a problem with migrating from legacy systems.
Version 2.4.7 (released 2014-04-15)
- Restart LiquidFiles daemons to ensure they load versions of OpenSSL that are not vulnerable to Heartbleed. Please note that any LiquidFiles system updated after the 8th of April has installed a non-vulnerable version of OpenSSL, but the system needed to be rebooted. This update restarts the functions without the need to reboot.
- Enabled a function to generate a new certificate private key from the web interface.
- Set the top margin based on the size of the menubar, for custom logos that are much larger than the menubar and caused the logout button to be hidden.
- Added beta updates functionality.
- Better validation of the email and backup configuration.
- Updated LDAP character validation for the LDAP admin pages.
- Fixed a couple of problems with the domains feature.
- Fixed a problem uploading support requests.
Version 2.4.6 (released 2014-04-01)
- Prevent Secure Messages from being selected if the group's only available download permission is that Anyone can download, which doesn't make sense for a Secure Message.
- Fixed a problem with updates which sometimes caused Messages and Download log to not be visible.
- Fixed a problem with email validation if the recipient enters mixed case emails.
- Updated delete message function in the admin section to use Ajax and not cause the interface to reload so sort options are preserved.
- Fixed a problem creating a new admin group.
- Fixed a problem displaying FileLinks with non-standard file extensions.
- Permit dollar sign ($) in the Windows Share/SMB share name, enabling hidden Windows shares.
- Added Disk Space warning email if usage is above 90%.
Version 2.4.5 (released 2014-03-17)
- Remove progress bar placeholder for File Requests.
- Fixes for quota calculations and display.
- Updated login logging.
- Added Filedrop API/XML delivered status message.
- Fixes for migration from legacy Filetransfer appliance.
- Remove HTML comments from messages.
- Updated email token verification authentication.
- Added Filelink and Filelink email URL to CSV user exports.
- Fixed a problem with the nightly maintenance script that caused expired files to not be deleted as expected (since v2.4.0).
Version 2.4.4 (released 2014-03-11)
- Fixed a problem that would sometimes prevent downloads from working properly.
- Fixed a problem authenticating FileLinks with Internet Explorer 8 and below.
Version 2.4.3 (released 2014-03-10)
- Fixed a problem with filenames for backups with Windows Share (SMB) backups.
- Removed System and Auth log view from the Admin → System Log. These logs had nothing to do with the LiquidFiles application and could in same cases generete a lot of logs. Please use an external Syslog system or log into the console if you need to view these logs.
- Added authenticating to Filelinks with the authentication token instead of the link in the email.
- Fixed a problem authenticating with authentication tokens when the system requires users to create accounts.
- Added FileLink and Secure Message documentation to the Help menu.
- Removed admin groups from the possible default groups in Admin → Groups.
- Fixed a problem updating default groups when no LDAP configuration was present.
Version 2.4.2 (released 2014-03-05)
- Fixed a problem with server side password validation.
- Fixed a problem where empty attachments was sometimes added.
- Updated the display of HTML messages.
- Updated email validation.
- Fixed a problem where Secure Message wouldn't be allowed to send without an attachment.
- Relaxed email address validation to allow for new TLD's such as .museum.
- In the FileLink window, list the FileLink URL if there's no Flash installed (or Flash too old) that can run the "Copy to Clipboard" button.
Version 2.4.1 (released 2014-02-26)
- Fixed a problem displaying some messages on the message list.
- Fixed a problem where some Filedrop users wasn't recognised properly.
Version 2.4.0 (released 2014-02-25)
- New Feature: FileLink - quick direct links to files without sending messages.
- New Feature: HTML editor to messages and Filedrops.
- New Feature: Secure Messages - sending messages without the message being copied in the email and get confirmation when someone views the message as well as downloads the files.
- New Feature: Quota Support - having the ability to limit the number of Megabytes a user, group or domain can store on the system.
- New Feature: Multi-Tenancy/Multi-Domain - LiquidFiles now supports running multiple URLs/Domains on a single instance, each domain with it's own URL, Certificate, Branding, Users, Groups, Messages, ...
- Backup option to only backup configuration.
- Backup option to backup to a Windows File Share (SMB protocol).
- New versions of Nginx, Rails, ...