Aggregated Release Notes for 7.8.4
Last Update: 2017-10-01
Shipped Components and Versions
- Open-Xchange AppSuite backend 7.8.4-rev5
- Open-Xchange AppSuite frontend 7.8.4-rev5
- Open-Xchange documentconverter 7.8.4-rev4
54315 Incompatibility with SIEVE rules
When running OX App Suite 7.8.3 and 7.8.4 against a shared mail environment, SIEVE filter rules could unintentionally affect each other, for example auto-forward and vacation notice. This got fixed by retaining commented script content which is unknown to the 7.8.4 implementation.
54181 Config-cascade inconsistency for value pairs
Certain value pairs where not correctly distributed by the config cascade mechanism, especially those related to services that use oAuth for authentication. We solved this by making those properties config-cascade aware.
54136 Incorrect permission restriction when moving folders in Drive
When moving/copying a folder from a external storage service to folder of the primary OX Drive storage service, a permission related error was thrown. This got solved by properly setting administrator privileges to the creator of a OX Drive folder while copying/moving in folders from external services.
54133 Sharing dialog stuck when sharing locked file
When attempting to share a file which is locked, the sharing dialog did not close when canceling the operation. This got solved by handling potential errors related to locks when trying to share a file.
54069 Fuzzy fallback for unsupported languages
In certain cases the frontend language did fall back to german instead of english. This got fixed by setting a explicit fallback to en_US if the browser provides a unsupported language and no previously set OX language cookie.
54067 Outdated "unsupported browsers" message
OX App Suite UI did display incorrect recommendations for mobile browsers when using such as a desktop browser. This has been solved and we're now showing recommendations for mobile browsers only when using a mobile device.
54042 Unable to update dates with Japanese locale
When defining start/end dates at the calendar on mobile browsers, the supplied data did not get taken over to the appointment. This was caused by incompatibility of a date/time format library with specific languages and has been fixed by making sure the same date/time format is used at all related components.
54041 Missing schema information for database timeout errors
In case a database connection reported a communication failure or timeout, the specific database schema was not part of the exception. This has now been added to allow simple debugging of affected database clusters.
54034 Missing recipient when removing and modifying recipients
In cases where the original recipients (To, Cc) of a mail got removed during compose and re-added later, the resulting mail was sent without recipient information. This got fixed by properly handling events related to tokens that display participants.
53980 High CPU load caused by documentconverter
Changes to documentconverter led to higher than usual base CPU load. This impact got reduced by lowering a queue polling time to a value which offers a good compromise between queue responsiveness and "idle" CPU load.
53958 More debug background for exceptions related to closed IMAP folders
In case a IMAP backend did close a connection due to technical issues or timeouts, the resulting stack-trace at OX App Suite middleware was rather generic. This has been improved in a way that we now show the related IMAP command to allow better debugging. This issue has to be validated in production environments that show such unexpected behavior.
53923 Quick reply disappears after the first reply
When using "quick reply" to answer a mail, this option will disappear. We changed the behavior in a way that the option stays available after using it.
53916 Adding local files opens camera App on iOS
When using OX App Suite UI with Safari on iOS, the action to add a local attachment resulted in immediate launch of the camera App. We now trigger a selection menu which offers to either use the camera or access existing photos on the device.
53913 Vacation notices could not be activated for aliases
When setting a vacation notice, it was not possible to define a alias address for the notice instead of the primary address. This got fixed by more consistent checks for mail aliases.
53688 Contacts with Katakana "yomi" fields were sorted as "other"
When using Japanese language settings and subsequently "yomi" contact fields, those contacts were sorted incorrectly as "other", which got solved.
53671 Specific mails produced empty printouts
When printing specific mails that define CSS, the created print version did not show substantial content. This got fixed by dropping certain CSS elements from our whitelist that could lead to broken layouts. See Change #4204.
53649 Folder IDs were shown in PIM objects attachment details
For PIM objects with attachments we did show the hyperlinks pointing to OX Drive instead of the corresponding App. To avoid confusion we did visually remove those links as they provide almost no functionality.
53474 Duplicate recipients when sending mail
When sending a mail to all appointment participants the resulting mail compose did contain duplicates of the expected recipients. This got solved by detecting and removing the currently logged in user from that list.
53437 Inconsistency for thumbnails and image preview
Certain file formats (tiff, psd, pbm) were shown as thumbnail preview while not being supported in image preview. To ensure consistency we added support for tiff and psd files to image preview.
53313 Unable to edit name used for mail on mobile
When using OX App Suite UI on a mobile browser, updates to a E-Mail addresses "personal part" at mail compose were not reflected to the selected mail address. This got solved by updating the corresponding element after the change has happened.
Shipped Components and Versions
- Open-Xchange AppSuite backend 7.8.4-rev4
- Open-Xchange AppSuite frontend 7.8.4-rev4
- Open-Xchange EAS 7.8.4-rev4
53900 1st (out of two) Google Mail Account does not work after adding 2nd (out of two) Google Calender Abo
When updating an OAuth account (applying a new name), the enabled scopes was accidentally reseted.
53795 POP3 External account: messages retrieved are duplicated
Certain POP3 server's do not obey to advertise UIDLs with at max. 70 characters.
53690 Fields considered for sorting / categorizing contacts inconsistent
A contact's (yomi-) firstname was not taken into account during sort name generation in case no (yomi-) lastname was set.
53689 Yomi fields not available / visible with non-Japanese language setting
Missing feature for other languages.
53688 Contacts with Katakana "yomi" fields are sorted and categorized as "other"
Only hiragana in sorting table.
53340 Appointment status of participant not updated via EAS
The list of confirmations was not part of the USM sync-state.
53233 No appropriate folder storage for tree identifier "0" and folder identifier "label"
Used dummy folder_id 'label'.
Shipped Components and Versions
- Open-Xchange AppSuite middleware 7.8.4-rev3
- Open-Xchange AppSuite frontend 7.8.4-rev3
- Open-Xchange USM 7.8.4-rev3
- Open-Xchange EAS 7.8.4-rev3
- Open-Xchange Updater 7.8.4-rev3 (6.18.33)
- Open-Xchange Drive restricted 7.8.4-rev3
- Open-Xchange Documents 7.8.4-rev3
- Open-Xchange Documents Frontend 7.8.4-rev3
- Open-Xchange Readerengine 7.8.4-rev3 (5.2.3)
- Open-Xchange Documentconverter 7.8.4-rev3
- Open-Xchange Documentconverter API 7.8.4-rev3
- Open-Xchange OXtender for Microsoft Outlook 7.2.25
- Open-Xchange Notifer 1.0.6
CVSS: 3.1 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVSS: 3.1 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVSS: 3.1 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)
CVSS: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVSS: 3.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)
CVSS: 5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
51863 Script code execution for text comments
Replacing single quotes in fast load string of OX Text. CVE-2017-6913.
51667 Task folder names exposed in error cases
Adjusting error messages to avoid exposing folder names when triggering errors based on folder IDs. CVE-2016-10078.
51622 PIM attachment permissions are not evaluated on saveAs
Fixed folder/object permission plausibility checks when using certain API calls to move data internally. CVE-2017-6912, credits to Iordache Cosmin.
51480 XSS filter bypass using HTML comments
Improved detection for corrupt HTML with regards to HTML comments. CVE-2017-5864, credits to Zoczus.
51474 @import style references are not sanitized from HTML mail
Allow only valid CSS elements at HTML mail and removing external references. CVE-2017-5864, credits to Secator.
51464 Bypass for "safe file" detection using multipart mimetypes
Disallow to manually specify a file's MIME type when uploading such content. CVE-2017-5864, credits to Secator.
51407 Stored XSS for custom calendar timezones
We're handling timezone information more carefully now since it's potentially user-provided data. CVE-2017-5864, credits to R00trus.
51219 XSS filter bypass using multiple levels of open tags
Hard error in case HTML cannot be parsed to its individual segments/tags. Content which cannot be parsed and sanitized will no longer be delivered to the client. This might affect broken/malformed legitimate mails but also attempts to bypass HTML filters. CVE-2017-5864, credits to ZeeShan.
51202 XSS filter bypass using HTML comments
Hard error in case HTML cannot be parsed to its individual segments/tags. Content which cannot be parsed and sanitized will no longer be delivered to the client. This might affect broken/malformed legitimate mails but also attempts to bypass HTML filters. CVE-2017-5864, credits to Zoczus.
51164 External image protection bypass via CSS
Disallow 'list-style-image' style element which can be used to include external content and track users. CVE-2017-5210, credits to Iordache Cosmin.
51069 Missing permission checks for snippets
Check if snippet/signature is either shared or owned by the user that attempts to delete/modify it. Deny operation if condition is not satisfied and return with an error. CVE-2017-5863, credits to Iordache Cosmin.
51058 Folder names exposed via ical import
Sanitized error message by dropping folder name from user-visible error message and replaced name by numeric identifier for the technical log message. CVE-2016-10078, credits to Iordache Cosmin.
51039 XSS at RSS feed content
RSS "text/xhtml" content is now being pre-processed by sanitizer. CVE-2017-5864, credits to Iordache Cosmin.
51038 Missing permission check when deleting reminders
Added an additional layer for reminders between JSON and SQL which performs permission checks. CVE-2017-5863, credits to Iordache Cosmin.
50943 XSS at E-Mail
We're now handling global event handlers (onerror, onabort, etc.) as unsafe and remove them during sanitizing. CVE-2016-10077, credits to Zoczus.
50940 HTML "map" element can be used for tabnabbing
Added area elements to "noopener" mechanism. CVE-2017-5211, credits to Zoczus.
50893 Reflected content for /api/account
Removed user input at the response of the Accounts API which could be used for content spoofing. CVE-2017-5211, credits to Ahmed Abdalla.
50849 Self-XSS at mail signature editor
We added client-side sanitizers at the mail signature editor to avoid self-XSS in addition to server-side filters that remove malicious code at persistent data. CVE-2017-5213.
50764 Autofill on "form" areas can be used to steal credentials
We removed "form" and "input" elements from the HTML sanitizing white-list. Note that this will remove such kind of content in legitimate mails. CVE-2017-5210, credits to Zoczus.
50760 Tabnabbing using "form" tags
We now prevent form submit, open a new window manually, nulling window.opener, redirect the form to the new window and then manually submit the form. In addition we removed "form" and "input" elements from the HTML sanitizing white-list. Note that this will remove such kind of content in legitimate mails. CVE-2017-5211, credits to Zoczus.
50748 SVG can be used to set cookies
Perform sanitizing on SVG files to remove meta tags that can be used to set/overwrite cookies. CVE-2017-5213, credits to Abiral Shrestha.
50739 Permissions for task attachments not correctly evaluated
Check if underlying task is accessible in the parent folder when accessing attachments. CVE-2017-5212, credits to Iordache Cosmin.
50737 XSS with Snippets
50734 XSS via "isindex" tags
Proper handling of combined characters during HTML sanitizing. CVE-2016-10077, credits to Zoczus.
50733 Task folder names leaked to arbitrary users
Removed the task folder name at error responses when calling a folder by its ID. CVE-2016-10078, credits to Iordache Cosmin.
50723 XSS at mail body
Proper handling of combined characters during HTML sanitizing. CVE-2016-10077, credits to Zoczus.
50721 Reflected content for /api/apps/load
Removed user input at the response of the Apps API which could be used for content spoofing. CVE-2017-5211, credits to Ahmed Abdalla.
50715 Uploaded images are available to all users
Adding user-based permission checks in addition to UUIDs to avoid access to foreign images at OX Documents. CVE-2016-10078, credits to Secator.
50382 XSS filter bypass at mail
Added greedy/repetitive detection of possibly malformed HTML-tags to avoid follow-up issues with HTML sanitizing. CVE-2016-10077, credits to ZeeShan.
53674 Broken filenames for certain Japanese file attachments
The "name" and "filename" attributes of Content-Type were incorrectly parsed, which led to broken attachment file names when using certain encodings. This got solved.
53457 Unread counter not updating correctly
When moving a mail to the "Trash" folder, in some cases the unread counter was incorrectly updated. This has been solved by making such "move" operations more robust for the counter.
53456 Unable to parse certain broken mails
Mails with broken Content-Type headers at their MIME part could not always be rendered. We added some workarounds in order to attempt parsing and displaying such mails.
53451 Errors when importing specific CSV
Some CSV data did trigger errors during import, caused by incorrect mappings for "Marital status" and "Employee ID" and the attempt to import read-only values like "Object ID". This got solved by adjusting the mapping and skip list.
53434 Database timeouts when executing "logincounter" CLT
The "logincounter" CLT did use excessive and unoptimized queries when generating statistics. In combination with millions of data sets this could lead to database timeouts and subsequently unusable output. We enhanced that function to use chunk-wise querying and processing of such kind of data.
53368 UI does not load but also not redirect to unsupported.html for MSIE 9.0
Latest code changes make IE9 unusable.
53267 Folder inconsistencies when changing a users password
Parts of the folder representation is cached and in cases where the users password got changed without terminating its session this cache was outdated and led to problems with standard folders like "Sent". This got solved by looking up those folders via mail accounts API rather than using a cache.
53249 Unable to remove POP3 accounts
In special cases where the corresponding IMAP folder of a POP3 account got manually deleted, there were issues removing the associated POP3 account. Other issues were related to the attempt of deleting the same account multiple times. Those got fixed.
53216 Slow rendering when composing mails to many recipients
In case of more than 50 recipients for a mail, the mail compose dialog became a bit unresponsive. This was caused by unnecessary requests to contact images and got solved by allowing to asynchronously load such images as well as reducing the amount of requests.
53158 Missing documentation for oAuth scope configuration
Configuration description about oAuth and related scopes got added at
53139 Google oAuth subscriptions were not assigned
In some cases the assignment of a Google oAuth account did break, usually when adding multiple accounts. In such cases the reference was made to the default Google account rather than the account associated to a subscription. This got fixed and the correct account is referenced now.
53127 DAV Links for Tasks (and maybe for others too) are displayed although they are not accessible at all
Missing check if task folder is private.
53100 Mail is not being displayed, blocking other from being displayed in INBOX
This was due to missing recovery for an unsupported character-encoding.
53095 Unable to use oAuth accounts after permission downgrade
If a scope for a oAuth account got defined (e.g. to access a external calendar) and the corresponding OX account got downgraded to lose access to calendar, accessing the oAuth account was not possible anymore. This got improved by handling unexpected absence of scope and corresponding Apps.
53087 Second Google calendar subscription does not show calendar contents
The actual OAuth account associated with a subscription has not been considered, but always the default Google OAuth account was referenced.
53023 Message with truncated subject
Subsequent base64-encoded strings are not combinable if individual values end with padding '=' character.
53008 HTML content is invalid and cannot be displayed
Weird start tag segments in real-world HTML messes-up HTML parser refusing to process the content any further.
52959 Layout issue with sharing on mobile
When sharing a link on smartphone devices, the dialog was displayed in a way that the input field for recipients of the link was not shown. This has been solved by allowing to scroll that section into the viewport on small screens.
52928 Attachment not shown
In email with attachments which have different cid and id it was not possible to show all attachments.
52798 Missing appointments in Outlook
In special cases, a list of deleted change exceptions for recurring appointments was provided by Outlook to USM, which led to an exception and subsequently incomplete sync. This got fixed by considering this case.
52797 Autoconfiguration fails for hotmail/yahoo/live domains
Thunderbird's ISPDB for auto-configuration changed.
52764 Document conversion triggered without capability
Even though a users did not have the "document_preview" capability assigned, calls to the Documentconverter API were made. This got solved by considering the users capability before executing such requests, for example when generating thumbnail previews for mail attachments.
52756 Twitter can not be configured anymore;Case-sensitive look-up for an OAuth API: "Twitter" is not equal to "twitter"
Case-sensitive look-up for an OAuth API: "Twitter" is not equal to "twitter".
52751 Creating external accounts does not work anymore
Wrong detection if a mail account action was targeted for primary mail account.
52730 Misleading indication that IMAP folder is shared
In case IMAP ACLs just for "see folder" are granted, the "this folder is shared" indicator was displayed. While technically correct this is misleading to users since no content is actually shared. The handling has been changed to avoid displaying the indicator for this kind of ACL.
52729 Missing reload when clearing Trash manually
When removing all mails within the Trash folder manually (select all, delete) instead of using the explicit function, the folder list was not reloaded. This got fixed by triggering a reload in such cases.
52727 UI/Browser blocked / stalled when dealing with huge amounts of appointments
To many operations in DOM-tree if having much appointments.
52712 Twitter stream not shown after configuration
Missing event in Keychain API led to this issue.
52675 HTML mail not displayed at all
Some mails were not displayed because
52633 Drag & drop of a huge picture into a HTML-Mail will cause the JVM to OOM/ up until OS swapped
Configured image limitations were not tested when checking for validity of an uploaded image.
52607 Inconsistent naming of recurring appointment dialogs
When changing or editing a recurring appointment, different dialogs with different naming were displayed. This got unified and changed to shorter naming in favor of small screen devices.
52606 Show hidden files setting does not work at all
Hidden files were not displayed because filter extensions for files were never called.
52534 Disableschema: SessiondService is used but not registered in the activator
Required SessionD service was not orderly tracked.
52530 POP3 access to external account is not logged by AuditLog
The tracked instance of AuditLogService was not orderly put into utilized service registry.
52478 Duplicate registration of ObfuscatorService
Even though ObfuscatorService is implemented as a singleton, it got registered multiple times which led to error messages. Those did not affect functionality but led to higher log traffic than necessary. The problem got fixed by making sure ObfuscatorService gets registered just once.
52470 Incorrect detection of users USM capabilities
In certain cases a users capabilities to use USM and related sync implementations got incorrectly detected. We solved that by sticking to the advertised module access permissions instead of dynamically resolving it.
52435 running processes/instances after the open-xchange-documentconverter-server stop script on RHEL6
init script problems according to title / shutdown of ReaderEngine instances not reliable during DC server bundle shutdown, fixed init scripts, cleanup after migration for 7.8.2 / catching spurious exception during RE instance kill in Java bundle shut.
52433 Incomplete parsing of "mailto" handler at mails
In cases where a regular HTTP/HTTPS resource contains the subtring "mailto" like
"www.mailtool.invalid", that link was incorrectly detected as mailto: handler and mail compose got opened rather than the URL. This got solved by just looking for mailto: at the beginning of a URL.
52391 Empty Page in UI settings section after update
JS error in yell function and only a empty settings page were displayed.
52314 Unicode decoding fails for multi-line mail subjects
In case a E-Mail subject spans multiple lines where each consists of UTF-8 mail-safe base64 encoded characters, decoding partly failed and Unicode characters were displayed in a scrambled way. This has been solved by properly handling such split subjects and encoding each part independently.
52280 Read timeout log entries when using folders that were already closed
Several log messages referred to a situation where access to a IMAP folder is attempted which got closed already. We added optimizations to lower the probability of such cases and handle them correctly instead of throwing an error.
52277 Wrong log level for concurrent updates to last-login
In case two threads update a users "last login" information, a log message of level "ERROR" was logged. Since this is rather a temporary issue and can't be solved in retrospect we lowered its log level. Further optimizations made it less likely that this kind of issue would happen at all.
52238 Typo at NRFILES property at startscript
A typo at the
/opt/open-xchange/sbin/open-xchange script led to a situation where custom configured "nofiles" limits where not correctly applied to the process. This has been solved by correcting the properties name and adding a log message to
open-xchange-console.log in case the process fails to set this limit.
52231 open-xchange-documentconverter-jolokia needs open-xchange-documentconverter-client package to be installed
Changed required packages from open-xchange-documentconverter to open-xchange-documentconverter-server in spec file
52161 Missing mails on mobile devices when using mail categories
When using mail categories with a desktop browser and moving mails to specific categories, those mails would not be displayed at Inbox anymore when using the same account using a mobile browser. We solved this by avoiding categorization Inbox if the corresponding feature set is not available on the currently used platforms.
52157 IMAP master-auth user name provided to client
In case of specific IMAP errors related to
EXPUNGE commands, a detailed error message was returned to the user, which could contain a user-name for IMAP master authentication. This was solved by removing detailed error message contents for that IMAP command.
52156 IMAP folder names shown different after update
Due to external account refactoring in 7.8.3, the "default0" prefix for "standard" IMAP folders was shown at the frontend. This got fixed by stripping that prefix in places where users would expect just the folder name.
52151 Drop zone for .eml not disappearing if a file is not dropped with firefox on Windows
Firefox does not trigger
mouseenter to remove the dropzone when the mouse enter the window without dragged files.
52123 Unable to change mail account name with certain mail configurations
If a user was changing its mail account displayname while the middleware uses a "global"
mailServerSource setting, incorrect host names were applied. As a result the displayname could not be changed. We solved this by applying the appropriate host name to avoid erroneous responses during the operation.
52119 Technical messages if HTML mail exceeds limits
If a HTML mail exceeds pre-defined limits, a rather harsh message is displayed at the frontend. This got polished in order to show a user friendly representation.
52114 Empty page printed by browser in thread view
Single mails are printed correctly when using native browser printing (CTRL+p) but mail threads were not printed. This got fixed by handling mail threads in a more compatible way and allowing native functions to get their relevant content.
52107 Inconsistency in naming order for external accounts
When changing the account name syntax of an external mail account, this change is not reflected to mail lists when reading mail sent and received by the same user. This got fixed by honoring a naming scheme which uses commas to separate last and firstname.
52104 Untraceable database timeouts during share cleanup
PeriodicCleaner task for shares was executed, potential SQL errors could not be traced since the related schema name was unknown. To allow further debugging we added
com.openexchange.database.schema as parameter for this cleanup run. It will highlight which database schema triggered timeouts or other errors.
52101 'Folder "9" is not visible to user "X" in context "YY"
Caused by the changes for favorite folders, where favorite folders for every module were added to the collection pool. The favorite folder for drive has the parent with id "9". When the UI is refreshed, all parents of all folders are listed. That causes every refresh to request the folder with id "9".
52100 Permission checks avoid changing corrupt users signatures
In case a users signature contains a faulty "createdby" header on file-level, subsequent changes to that signature were rejected based on a permission evaluation. In order to accept inconsistent data within in the system, the permission check has been removed.
52095 Missing private appointments in shared folders via CalDAV
When sharing calendar folders and accessing them via CalDAV, appointments marked as "private" were not correctly synced. The same use-case works fine when using the HTTP API. This got fixed for CalDAV by considering this kind of appointment when creating responses.
52067 Enter a text in the Search bar. Click on the close option but still the pop up with the text is not closed
Now clear and close dropdown on cancel to solve this issue.
52022 Incorrect App launched from external accounts page
When using the hyperlink for a external storage account at the Settings-
52013 Enhancements to IMAP host detection and logging
To allow better debugging and monitoring of interaction between OX App Suite and IMAP backends, a new parameter was added to parse the IMAP backends "greeting" and provide it as part of the OX App Suite log. This behavior is configurable and described within release notes. When rolling out this Patch Release.
51967 Missing distribution lists in Outlook
When syncing Outlook using USM, certain amounts and combinations of contacts and distribution lists could lead to a situation where only a subset of contacts but not all distribution lists got synced. This has been solved by sorting the type of object (contact, distribution list) prior to performing the sync operation. This way the kind of objects retrieved at the client side stays consistent in case the total amount of objects exceeds the chunk size for one sync operation.
51960 Incorrect font for mail attachment on mobile
When using OX App Suite UI on a smartphone, the "Attachments" link within mail compose has been shown with incorrect font and color. This got fixed by applying proper mobile styles to this link.
51918 Calendar conflicts with UTC+12 timezones
During conflict detection, the floating time-span of full-day appointments was calculated using the servers timezone (usually UTC) while other appointments used the timezone configured by the user. In cases where a large offset to UTC is present, there has been a 50/50 chance that appointments would conflict with full-day appointments at the previous or next day. We're now calculating both values using the users specific timezone for conflict handling. This should bring down the probability of incorrect conflicts considerably.
51910 Huge amount of threads stops OX
Did some improvements to avoid a crashing OX. Utilize a user-scoped lock mechanism to avoid having a global lock that might affect unrelated threads unnecessarily. Avoid duplicate remote session look-up.
51859 Changed API behavior leads to issues with file uploads
An earlier bugfix introduced a significant change to HTTP API behavior, any change to the MIME-Type parameter has been rejected as a result. While OX clients were unaffected, this led to an incompatibility with third-party clients when using the "infostore" API for uploading and modifying files. We reduced the scope of the change to block MIME-Types that start with "multipart" instead, this should not affect the vast majority of use-cases for this API.
51839 Certain serious (non UCE/UBE) HTML mail is not displayed
Too greedy check for possibly malicious content led to this issue.
51772 Unable to modify users own data
In cases where the contact associated to the user account was created by the "oxadmin" account rather than the user itself, the user was unable to change its own contact data. Such situations may arise in specific provisioning implementations. Changing the contacts data is now possible again by correcting the mechanism to look up the oxadmin account as potential creator for the own contact.
51755 Long-running script warnings when sending mail to huge recipient list
When composing a mail to a list of several hundreds of recipients, browser warnings about unresponsive scripts occurred when trying to parse and tokenize the recipient list. The handling has been improved by 2-3x to allow a larger number of recipients.
51727 Mail icon stills appears in UI even though mail is not enabled
Caused by missing capability check for disabling and hiding.This has been fixed by adding the missing check.
51700 Guided tours showing for users even though the package was not installed
Document tours are contained in documents-ui package, existence of standard tours package was not checked there.This has been solved by adding check for existence of standard tours package, do not show tours automatically if missing, hide settings menu entry.
51610 Desktop notifications are not shown for negative timezone offsets
When configuring a negative timezone offset (e.g. UTC-5), desktop notifications would not be shown since the timestamp of newly received mails was checked against UTC rather than the users timezone.
51602 Incorrect encoding when using IMAP "plain" authentication
In case mailbox login names allow multi-byte Unicode characters, the login process would fail when using OX App Suite. This has been solved by applying the correct charset when performing the login procedure for mailboxes.
51594 Drive opens wrong files directly after upload - wrong link in UI
indexing mismatch between the DOM nodes representing the file items and the model entries holding the file data.
51572 Moving files with and without description not working in drive
App Suite UI just redid the same operation.
51570 Only one warning for copy multiple files with description in drive
Multiple response was not fully processed.
51569 Primary mail address and aliases cannot be changed at the same time if the old primary mail address should be an alias
During the createuser command an alias for the primary mail account is already added. This alias is equal to the upper case notation used in the create command. The change command now tries to add the same alias but with only lower case letters. This isn't recognized and therefore the middleware tries to insert this alias to the db again which results in the duplicate entry error.
51548 Moving files which already exist result in duplicate files with Google Drive
There was no name check performed for the move operations.
51468 Failing to parse pre-auth from configuration
Inappropriate invocation of 'MailConfig.doCustomParsing()' lets Zimbra MAL connector fail to perform its own parsing of access information.
51462 Full-day appointments could not be converted with Lightning
When using Thunderbird/Lightning and CalDAV of OX App Suite, full-day appointments could not be converted back to normal appointments using the CalDAV client. The reason for this was a client-specific CalDAV header used to indicate full-day appointments which caused issues with Lightning. We removed this header if the associated user-agent does not expect it.
51399 Repeated mail sending when using Outlook
In case a backend error did occur, like downtime of the mail storage, there could be situations where Outlook clients using USM get into a sending-loop, resulting to duplicated E-Mail. Those kind of errors are now handled by the USM API in accordance to the OX App Suite middleware error code.
51388 If email is disabled, OX Docs tour should not show "Send as email" icon
Guided tour for OX Text does not display info about mail,if mail is not available
51368 Bursts of WARN Messages: filemanagement.internal.ManagedFileManagementImpl ..Temporary file could not be deleted about 800-1000/day
Delete attempt does not check whether file is non-existing.
51357 No participants can be added in Scheduling with IE11 after an update
IE has problems with flexbox styles.
51356 Missing support for custom login sources for onboarding
When using the "onboarding wizard" while having a custom login implementation running, some configuration templates could not be properly created since access to the correct credentials (e.g. mail address, login name) is not possible. This has been solved by offering the ability to integrate custom login sources.
51313 Errors when adding invitations to calendar while tasks are disabled
There has been a dependency between the calendar and tasks App with regards to handling iCal files, which led to a situation that appointments could not be imported if tasks are disabled. This dependency has been relaxed to allow cases where either App is disabled.
51263 Missing function returned in case requested files could not be found
A earlier fix changed the response content when requesting a frontend related file. Instead of a function and a error message, just a error message was returned. As a result the web frontend could get stuck in case a file was not found. This has been solved by providing a similar response than earlier, just with obfuscated payload.
51222 Big text file load endless with the UI
The client request didn't get a response.
51207 Error message shown if "default app" setting is empty
In cases where a users configuration was damaged and the default App "none" has been selected, subsequent logins led to error messages. We're now falling back to the global default App if the provided App cannot be found.
showruntimestats -a errors: No such cache: OXIMAPConCache
OXIMAPConCache is an obsolete JCS cache. The StatisticTools was querying the JCSCacheInformation for that particular non existing cache. The same applies for MailConnectionCache and SessionCache.
51091 Upload to external filestorage account folder does not abort if overquota and fails
Missing error handling for overquota in multiple file upload.
51075 Missing translation for upload progress bar
When uploading files as Mail attachment or Drive object, the corresponding progress bar offered a "Cancel" button that was not translated.
51074 Encoding issues with passwords
In case certain operating systems got configured incorrectly, specifically RHEL6 and SLES11, usage of the
open-xchange-passwordchange-script plugin could lead to incorrectly encoded passwords passed over to a script. This has been solved by adding an optional parameter as described by Change #4022 to allow base64 encoded transfer. Additionally, unexpected encoding configurations will get logged to
open-xchange-console.log to alert operators about potential follow-up issues.
51053 Appointment invitations get duplicated by adding attachments
Deactivated Notification pool combined with multiple uploads of attachments result in a single notification mail for each attachment.
51018 Munin warning updating config_ox_java_heap
Non-existing mbean raised an error.
51017 Munin error updating last-error in ox_grizzly_TCPNIOTransport
Last error value was not a simple signed integer.
50997 Searching inside of sent mail folder always shows senders name in results column
This has been solved by adding special handling in find App.
50991 Exception generating IMAP URI
A possible scheme/port information in "com.openexchange.mail.mailServer" or
50987 AutoStart is not working with io.ox/settings or portal
Settings is not a favorite App and is therefore ignored as autolaunch.
50982 External Cloud Storage: number of Items in folder not displayed - '0' all the time
Some file storage implementations are not returning a file count.
50965 Restore compose application pop up not loading with 7.8.3 upgrade
Introduced new value for ox.serverConfig.persistence: "always". Only works with adjustment in custom bundles.
50964 Enable Notification sounds - Play sound on incoming mail not working
Settings pane for message sound was displayed when no websocket support was available.
50951 In a 'Drive with Documents' environment drive offers to send by mail
OXGuard extends "send as mail" ext.point, but the capabilities are NOT extended – now with manual check for capabilities.
50947 OX Documents Portals don't work for users without default folders
The implementation now checks the default template folder and use the user's default folder as a fallback.
50939 Missing context menu for conversation thread view
When using conversation (thread) view, the context menu was not added for each individual mail but for the whole thread and the first mail. This makes it hard to handle individual mails and got solved.
50918 Timezone issues with task start/due dates on negative timezone offsets
When defining a start or due date for tasks while using a negative UTC offset, the selected date would be reported incorrectly. This has been solved by adjusting the full-day handling for tasks to the calendar implementation which uses UTC.
50868 Missing translation for external accounts
The "My accounts" page at "Settings" did contain untranslated strings for external account names, this got solved by making use of existing translation strings.
50837 Birthday on 1.1.1970 not displayed
Timestamp for 1.1.1970 were interpreted as timestamp 0. Adjusted calculation from Birth Dates to solve this issue.
50835 Report doesn't terminate if contexts are broken
In case of a context that never existed on the system, a lookup for all contexts in the same schema lead to endless attempts to get those contexts.
50804 Attached vCards could not be removed again
When adding own contact information to a Mail as vCard, that virtual attachment could not be removed afterwards. This was caused by an API change which is now reflected to mail compose.
50798 Renaming a root level folder which contains a Favorite Folder will lead to "Mailfolder not found on IMAP Server"
Missing checks if parent folders get renamed or removed.
50738 Not possible to import multiple mappings with CSV file
"Addmapping" value was not split by comma when supplying multiple login mappings via csv file at create context.
50714 OXtender synchronization fails with Couldn't determine extra fields in object with errors
The ical analysis of an external invitation delivers an JSON object "users" without sub fields, especially without confirmation. This was unexpected by USM and produced an error, which led to a general sync error with OLOX.
50706 OX APP Creates too many IMAP connections and not closing them
Unnecessary global lock that leads to stacking up threads.
50693 Content pane folder name not refreshed when renamed on external storage
Error handling is now done inside the apps. If errors with external storages (or other folder errors) appear and that folder is currently selected, the App will change to the default folder and reload the parent folder.
50691 Shared links to external storage accounts don't work
It was possible to share folders of an external storage account as link to other internal users. Since those accounts are per-account, that link would not work though. Therefor we removed the option to send a link to such folders to other internal users.
50689 Possible to lock files in external storages when not supported
The 'locks' capability was not correct for some external storages.
50674 Deleting 2 Users at a time via SOAP results in a database deadlock
Possible database deadlock on concurrent delete attempts for users in the same context.
50627 Mail content not displayed
Malformed conditional comment (CC) causes to greedy detection of such a CC pattern in HTML content during sanitizing.
50621 OX crashed - one node/JVM permanently on GC/100% CPU - after creating an heap dump error looked different but OX still does not react
Really weird HTML content inside a mail containing over 700 nested
50598 Missing warnings for account failures at unified mail
In case a external mail account cannot be used (e.g. because the password changed), there has not been a notification to the user in order to resolve the situation. This has been changed to provide warning messages when trying to accessing a unavailable account.
50574 Expiry dates for shares cannot be changed directly
When sharing a object with expiry date, that expiry date was set to "one month" when editing the share afterwards. We solved that by no longer applying the default value when editing a share.
50570 Not possible to change name in email settings if global configuration is used
MailConfig values were overwritten with wrong values.
50527 MySQL databases refuses connection because of Too Many connections from single groupware servers
Incrementing use-count for a lot of contacts associated with a certain E-Mail address causes too many INSERT statements to be issued, that do flood the MySQL service.
50519 Not possible to find group in calendar permissions dialog
Groups where not drawn due to a limit.
50518 Email module - Burger Menu - Create filter rule is not responding
Due to the deactivation of the "address" mailfilter the default values were not available.
50495 Adjust “hover” color in OX Text and OX Spreadsheet.
Use the actual hover fade value as defined in current UI theme.
50478 Impossible to add two or more different Gmail accounts
Initial assumption to re-use OAuth credentials was wrong.
50461 HTTPClientActivator never calls Services#setServiceRegistry
Services class was not initialized.
50414 Birthdays in the portal widget/side-popup are sometimes a day off
Birthday calculation was slightly different in both views and apart from that even not correct for all cases.
50412 Edit incorrect email address in to or cc generates duplicate entries and phantom entries
Collection and token field state gets messed up cause models ‘token’ attribute get updated within the ‘tokenfield:createtoken’ handler.
50407 Missing hints for incorrect server startup
In case syntax errors are present at YAML-style configuration files, the middleware did start up partly but apparently was not logging this situation clear enough for some operators. We improved error messages that are thrown once this happens to make it more clear.
50404 If Sharing is disabled, the sharing button is still available in OX Documents
linked caps and implemented "hide disabled elements" feature
50381 Further E-Mail fields not shown in case primary mail is missing
If multiple E-Mail addresses are stored for a contact but not "E-Mail 1" and neither Company nor Position are available a blank second line at the contacts list was displayed. This has been adjusted to fall back to "E-Mail 2" and "E-Mail 3" in case "E-Mail 1" is unavailable.
50342 Calendar colors get lost on printouts
No custom label colors applied to template.
50328 Incorrect cursor placement for plain-text signatures
When using default plain-text signatures and navigating with the TAB key, the cursor would be set at the end of the signature. This has been solved in a way that the cursor will be set to the beginning of the message.
50307 Incorrect translation for maximum upload size
When uploading several files which combined size exceed the maximum upload size, the related error message was related to the last file which got added. However, in such cases the error is related to the combined file size, therefor the wording has been adjusted.
50303 No error message regarding "No such snippet found for identifier:" when filestore not available on login
This was caused by a missing hint that a file associated with a snippet/signature is (temporary) not available.
50258 Categories - select all in one of the tabs - info message that no all mails all selected is missing
Added new message for "select all" in tabbed inbox, some translation will be provided with the next patch.
50244 Task title truncated / does not use all available space
Media queries were not flexible enough.
50232 Renaming a folder which is present in Favorites removes it from Favorites
The folder ID changes, therefore the folder was lost on page reload.
50230 Connection losses to Logstash go unnoticed
In case connection to a Logstash server gets interrupted, log messages will be lost. We introduced a buffer for such messages that gets filled in case the connection is temporarily unavailable.
50213 Edit draft loads endlessly
Recognizing HTML input was not working correctly in all cases.
50176 Dragging an email from desktop to mail-category tab is not working
No Handling for Drag & Drop in mail-categories.
50135 Help not context sensitive in settings
The app did not contain any information about contextual help.
50093 Date or size where not shown as column headers for mail attachment view
When sorting mail attachments by Size or Date, the corresponding column header was not show, this is now the case.
50043 Possible to add version info to external storage files
Was caused by missing capability check for version comments.
50041 Moving files with description to external storage not working
Missing translations were added.
50040 Content pane not refreshed
After deleting a folder in a external storage account the view was not updated.
50039 Problem with folder rename of external storage providers
Dropbox identifies the folder through the path. New Files create all folders in their path by default. This is a special Dropbox behavior.
50016 When composing an email, the signatures do not get refreshed, when adding initial/new one
This has been fixed by using standard listener.
49989 Onboarding Wizard Connect Device Tile does not fit into frame
Max-width were applied on whole container.
49979 Guest users don't get deleted
Guest user deletion triggers push listener removal for guests even if they might not have any push listener registered.
49864 Full-day appointment will be displayed as a regular 24h appointment on Android
Specific clients rely on a certain order of the EAS protocol elements.
49781 Email list: email address displayed instead of display name when DISPLAYFROM is enabled
Now show display name if DISPLAYFROM is set.
49731 Missing event data when deleting an appointment after accepting it
Appointment object at the
deleteDateFromNotoficationQueue event was missing some typically unused data in cases where a participant deletes the appointment after accepting it. To allow compatibility with certain calendaring implementations, we now add a full
Appointment object to the queue in such cases.
49236 Huge amount of Mail folder could not be found on mail server messages for non-existing folders
The message for "Mail folder could not be found on mail server" were known, actually by design, but not expected to happen that often.
49099 sporadic crashes in UNO bridge when loading CSV files via UNO with format string given via FilterOptions string property
setting field delimter and text separators in RE SC code instead via UNO on DC server side
49083 E-Mail-Folder Action 'delete all messages' ignores OVERQUOTA
Copy command was able to run into over-quota.
48361 Login not possible if folder limit is reached
Adjusted login- and error-handling to solve this issue.
47616 Interval setting in calendar not used
When setting a interval for calendar time scales, that interval was applied for time pickers and drag-lasso. Now this interval is also used for the calendar views time scale.
47229 Mail folder menu contains "Sharing" and "Permissions"
Capabilities of mail folders were incorrectly checked in case the mail system did not support permissions. As a result the context menu contained permission related actions which were not working as expected. We added a explicit check for environment where permission handling of own mailbox folders is disabled.
40632 Collected addresses does not work for users from the same context
In cases where multiple users are provisioned to the same context with the Global Address Book disabled, automatic contact collection of addresses that are present at the Global Address Book has not been performed. We changed the behavior to consider cases where the Global Address Book exists but cannot be accessed.