Release Notes Version 3.7.x

Major changes from version 3.6 to version 3.7

• Added Web based API authentication — this enables all authentication requirements same as for web logins when authenticating to the API such as Strong 2-Factor Authentication.
• Expiring API Keys — when using the Web based API authentication, the API keys will be configured to expire after a default of 30 days which will prompt users to re-authenticate in the Outlook plugin, Windows and Mac Agent and the IOS app.
• Added Support Address with link in the Menubar.
• Added Recipient and Sender Aliases, including support for added Recipient and Sender aliases through LDAP.
• Improved Secure Message View to make it easier to access and download when there's many attachments.
• Filedrop API now uses expiring API keys.
• Added Filedrop API functions for User Filedrops.
• User Filedrops can now set Email Validation Requirements and send receipts to Senders.
• File Upload API changes from /attachments to individual upload actions per function /message/attachments/upload,...
• Added Email Sender Address Policy — a more flexible way to set sender addresses enabling users in local domains to send emails with their real emails while still sending external email accounts using the Email Sender Address.
• Redesigned the Email Templates — all emails will look nicer and if you've previously changed any of the email templates you will most likely have to start over with the new templates.
• Updated the HTML editor and removed a lot of incompatible tags. Previously it was possible to use things like font color but this did not render reliably so from now onwards, the HTML editor will only show tags that can be styled correctly in the emails and web interface.
• Added html cleaner when pasting texts primarily from MS Word or similar.
• Enabled HTTP/2 which will speed up subsequent page-loads in LiquidFiles and will provide a substantial improvement when using reverse proxies (please note that HTTP/2 only works over HTTPs).
• Added Permission Policy Header
• Added autocomplete username and current-password where applicable..
• Don't log /404's as user activity in Admin → System → User Acitivity.
• Added a function to redirect the browser if they connect using http to a https port.
• Postfix (Emaildrops incoming and sending emails) now require TLSv1.2 for both incoming and outgoing connections.
• Updated libraries and functions such as Ruby on Rails, Ruby, Nginx, Bootstrap, PostgreSQL...

Version 3.7.5 (released 2023-03-15)

• Don't detect Content-Type until file has been assembled.
• Fixes an issue where sometimes when uploads fail the progressbar hangs with no feedback.
• Require authentication to be required when sending private messages.
• Removed email relay password from being logged.
• Fixes an issue where SAML errors would cause an internal server error.
• Fixes an issue where saving the External Users group would disable send Secure Message feature.
• Fixes an issue for Terms of Service for users without accounts.
• Fixes an issue where sending emails would sometimes set the incorrect Envelope From address.

Version 3.7.4 (released 2023-03-07)

• Added configuration to enable/disable recipient aliases in Admin → Groups.
• Added Certificate Chain upload option when uploading a PFX certificate.
• Moved attachment details CSV download to the web interface instead of attaching in email.
• Fixed editing users with automatically assigned groups.
• Fixed an issue setting max_file_size using the Admin User API.

Version 3.7.3 (released 2023-02-28)

• Fixes Message API sending messages with Base64 encoded attachments.
• Fixes an issue where setting passwords in a Filedrop would require authentication when it shouldn't.
• Record downloads (but not send emails) when owners download their own attachments.
• Adds a CSV attachment with attachment details when sending a Secure Message through the web interface.
• Removes Checksum from the default email template when sending Secure Messages through the web interface.
• Fixes an issue when sending emails from usernames with commas in them.
• Fixes a couple of strings that wheren't translatable.
• Security: Adds a restrictive Content-Security-Policy for downloaded files (should never be used).
• Security: URL Encode filenames during downloads. Fixes a potential XSS attack.
• Security: Removed legacy Form Based file uploads in Shares.

Version 3.7.2 (released 2023-02-21)

• Changed the low disk notification email to send directly, not by the nightly notification.
• Fixes an issue showing download map.
• Fixes an issue with temporary files permissions that affected some updates from v3.6.
• Fixes an issue with database migration that affected some updates from v3.6.

Version 3.7.1 (released 2023-02-16)

• Fixing an issue uploading files with many chunks.

Version 3.7.0 (released 2023-02-14)

• Initial Release of v3.7.

Incompatibilities and Warnings

These are a few things you need to be aware of when updating to LiquidFiles v3.7.

API Deprecations

Form Based API uploads

It's no longer possible to use Form based file uploads. Form based file uploads have been listed as being deprecated for a few years now in favour of binary file uploads. Up until v3.6 it was still possible to use Form base file uploads but starting with v3.7 it's no longer possible.

Previous Attachment Upload API will be deprecated after v3.7

Up until v3.6, the /attachments and /attachments/binary_uploads API functions have been global functions for most (all except shares) uploads. The Form based /attachments upload function was deprecated in this release and the /attachments/binary_uploads API will be deprecated in the next major release. The supported way moving is to use individual functions such as /message/attachments/upload moving forward.

XML API will be removed after v3.7

From LiquidFiles v3.0.x, LiquidFiles has migrated from XML towards JSON for all API functions. There's still some old functions that have been kept around since they where there and working. After this release all XML API functions will be removed and you will be required to use JSON for the LiquidFiles API moving forward.