Release Notes Version 3.4.x
Version 3.4.15 (released 2020-12-28)
- Fixed an issue where freshclam wouldn't start after a recent clamav update.
Version 3.4.14 (released 2020-11-19)
- Better sanitizing of filenames.
- Don't allow percent and double at in email recipients.
- The license info page was sometimes visible where it shouldn't.
- Added rel noopener and noreferrer to all external links.
- Added X-Robots-Tag.
Version 3.4.13 (released 2020-09-21)
- Always permit message replies with no attachments.
- Fixed an issue where Share Notifications on non-default domains would use the default domain template.
- Added Created Time to User CSV exports.
- Set autocomplete hints (new-password, current-password, name, email, ...) where appropriate.
- Permit Host Based Static Routes.
- Updated Rails to latest version (security).
Version 3.4.12 (released 2020-09-01)
- Don't enable Replies to File Request, Filedrop, FTPdrop or Emaildrop messages.
- Fixed an issue with filenames for files downloaded using older Microsoft Edge browsers.
- Fixed an issue where filenames from shares would sometimes be incorrect.
- Added minimal SSL/TLS versions for Emaildrops to TLSv1 (higher doesn't make much sense since we're also accepting cleartext emails).
- Don't display message BCC for replied to messages.
- Fixed incorrect quote calculation for shares.
- Removed sorting by Message Size in Admin → Data. This feature will be returned in the next major version when we've updated the database schema to make this work with sufficient speed.
Version 3.4.11 (released 2020-08-11)
- Avoid similar looking characters when generating AccessPasses.
- Fixed SAML authentication for auto-login networks that used to redirect to the message compose page.
- Added SMTP TLS to Emaildrops.
- Ensure port 25 is closed after the last Emaildrop is deleted.
- Fixed the download filename issue for IE and Firefox.
- Update the kernel for the recent Grub2 vulnerability.
- Less Restrictive validation for Filedrop Custom help text.
- Updated Admin navigation links.
Version 3.4.10 (released 2020-07-21)
- Added additional brute force protection for password reset post action.
- Added inline table sorting for add existing files, pool files, add files in FileLinks and File Requests.
- Added duofederal fixes.
- Updated Content-Disposition header to enable filenames with semicolon in Chrome.
- Fixed an issue with sorting on domain names in Admin → System Log and Admin → Activity Log.
- Updated Systemlog and Activitylog views with better escaping of html characters.
- Added localisation to the contact email label, reply options description and FileLink download button.
Version 3.4.9 (released 2020-07-06)
- Security: Latest version of the puma web application server.
- Security: Fixed an issue with a SMS delivery command that wasn't properly escaped.
- Fixed an issue where some strftime codes (%Z) wasn't parsed properly in email templates.
Version 3.4.8 (released 2020-06-09)
- Updated system and activity log time zone.
- Updated SSH Rate Limit to permit removing the limit and set max limit hitcount to 99.
- Fixed CSR generation with email address.
- Fixed race condition in ActionScript Message Received Job.
- Added application + security autoupdate option.
- Added TLSv1.2, TLSv1.3 compatibility configuration.
- Updated SAML authentication that sometimes wouldn't redirect the user back to the previously visited URL.
- Updated the /help pages with current FileLinks.
- Fixed an issue where emails in non-default domains sometimes wouldn't use the correct domain configuration.
- Updated Ruby on Rails
Version 3.4.7 (released 2020-05-11)
- If there are no access pass users, go to the message authorize page instead of the Access Pass validation page.
- Added access_pass_url to the message_access_pass template for direct authentication.
- Fixed an issue relating to automatically applying the April 28 hotfix for v3.4.x systems.
Version 3.4.6 (released 2020-05-04)
- Enabling Automatic Updates will no longer update the system daily. The system will only be updated if there's an application update.
- Fixed a problem where sometimes an incorrect version of the Postfix Mail Transfer Agent was installed.
- Removed dependencies for enabling support access from the console.
- Added a web based function to enable support access if the system doesn't start properly after a reboot.
- Fixed an issue with the restoring backup function.
- Updated the kernel update mechanism to disable the i2c-piix4 kernel module that has caused some systems to boot in emergency mode.
Version 3.4.5 (released 2020-04-28)
- Added setting in Admin → Groups to limit sending messages to only users that already exist on the system.
- Attachments API updates to make it clearer if an attached file has been processed by the server.
- Added SSH Admin Rate Limit, defaulting to 5 connections in 5 minutes, the make brute force login much harder.
- Added a setting in Admin → Groups to control Message Reply settings.
- Fixed an issue authenticating with passwords on FileLinks.
- Fixed an issue creating FileLinks using existing files.
- Added client side validation of message body when using private message Filedrops.
- Fixed an issue where users created from a SAML login wasn't redirected back to the correct URL.
- Fixed an issue with the traffic shaper for multiple interfaces.
- Added the recent ImageMagick Library Hotfix.
Version 3.4.4 (released 2020-04-06)
- Added TLS Protocols and Ciphers in the webserver log (in Admin → System Log).
- Fixed an issue where the Public Hostname in URL configuration didn't work on non-default domains.
- Fixed an issue where the Admin → System → Network configuration didn't work on non-default domains.
Version 3.4.3 (released 2020-03-23)
- Fixed an issue where the Share Files cache caused moved files to not be accessible.
- Fixed an issue where Download Notifications sometimes wouldn't be sent.
- Fixed an issue where Non-default domains wasn't accessible if Use Hostname in URL's was enabled.
- Updated Rails version.
Version 3.4.2 (released 2020-03-10)
- Fixed an issue where Share Files sometimes wasn't accessible.
- Added Access Pass to the Email Template Editor
Version 3.4.1 (released 2020-03-02)
- Fixed an issue where it was possible for users to update other users contacts.
- Use Referrer validation of uploads and only permit session logins from valid Referrer location (potential CSRF issue).
- Fixed an issue with LDAPs authentication where validate certificate and validate hostname was sometimes not used properly.
- Fixed an issue with Filedrop Pre-Fill parameters.
- Fixed an issue where the Use Maps setting wasn't always honoured when disabled.
- Removed beta expiration (should have been removed in v3.4.0).
Version 3.4.0 (released 2020-02-27)
- Version 3.4.0, please see the major change list below to see what's changed since v3.3.x.
Major changes from version 3.3 to version 3.4
- Added Reply function to Secure Messages.
- Reworked external user authentication using a new function: Access Passes.
- Updated Admin/Activity Log and Admin/System Log to be searchable on domain names.
- Added Filedrop Delivery Actionscript
- Added Group Based Message Delivery Actionscript
- Added Message Parameters Actionscript
- Added Terms of Service Application log.
- Added a setting to enable external users to send files to non-local users (requires license).
- Reworked the Application Log (Admin → Activity Log) to display log in JSON format.
- Reworked the underlying log functions to do reverse DNS lookups in the backgroup unless results are cached.
- Reworked System Log and Activity Log to store only the last X number of records, instead of keeping everything for 3 months (System Log) or 1 year (Activity Log).
- Added configuration for number of System and Activity Log records to store.
- Added Brute Force Protection to FTP/SFTP logins.
- Added IP based/Firewall blocking of specified Hosts/IP addresses or Networks.
- Reworked the interface and all Brute Force and Firewall blocking is now visible in Admin → System → Firewall.
- New systems created from v3.4 and onwards will have a simplified disk partitioning layout.
- Automatic disk expansion of root and data disk partitions (automatic root disk expansion requires the simplified disk partitioning from v3.4).
- Improved Ingress traffic shaping.
- Updated Public Hostname configuration with better hostname redirect URL and hostname matching configuration.
- Use relative redirect URLs in nginx (prevents ip address leakage).
- Added LDAP Configuration to validate the server certificate when using LDAPs.
- Updated Strict Transport Security timeout to 2 years.
- TLSv1.3 and TLS cipher updates.
- X-Frame-Options -> CSP Frame Ancestors.
- Internal code cleanup and reoorganization.
- Updated Ruby, Ruby on Rails, Postgres and various libraries to later versions.