ReleaseNotes deprecated
Aggregated Release Notes for 7.8.3
Last Update: 2017-11-06
- Patch Release 4426 (2017-10-24)
- Patch Release 4414 (2017-10-30)
- Patch Release 4393 (2017-10-17)
- Patch Release 4376 (2017-10-04)
- Patch Release 4353 (2017-09-18)
- Patch Release 4327 (2017-09-04)
- Patch Release 4317 (2017-08-21)
- Patch Release 4303 (2017-08-07)
- Patch Release 4284 (2017-07-24)
- Patch Release 4256 (2017-07-10)
- Patch Release 4223 (2017-06-26)
- Patch Release 4186 (2017-06-12)
- Patch Release 4176 (2017-05-19)
- Patch Release 4161 (2017-05-29)
- Patch Release 4138 (2017-05-18)
- Patch Release 4132 (2017-05-18)
- Patch Release 4113 (2017-05-02)
- Patch Release 4084 (2017-04-18)
- Patch Release 4078 (2017-04-04)
- Patch Release 4050 (2017-04-03)
- Patch Release 4016 (2017-03-20)
- Patch Release 3994 (2017-02-24)
- Patch Release 3985 (2017-03-08)
- Patch Release 3952 (2017-02-20)
- Patch Release 3925 (2017-01-26)
- Patch Release 3918 (2017-02-06)
- Patch Release 3879 (2017-01-23)
- Patch Release 3849 (2017-01-09)
- Patch Release 3814 (2016-12-19)
- Patch Release 3775 (2016-12-07)
- Release 7.8.3 (2016-11-30)
Patch Release 4426 (2017-10-24)
Shipped Components and Versions
- Open-Xchange AppSuite backend 7.8.3-rev33
Fixed Bugs
55881 Inbox not loading
The yielded 'javax.mail.internet.AddressException' in case of a parsing error may return 'null' when invoking its 'getRef()' method.
Patch Release 4414 (2017-10-30)
Shipped Components and Versions
- Open-Xchange AppSuite backend 7.8.3-rev38
- Open-Xchange AppSuite frontend 7.8.3-rev33
Fixed Bugs
55692 Mobile UI changes layout in jslob
Jslob saves also stores fixed settings that are applied for smartphones only.
55362 Translation missing on upload timeout error
Added missing translation.
55298 Maximum configured sized needs to be fixed for Japanese Error message
Fixed translation for "Maximum configured sized".
55284 Possible to change threadSupport if protected
We had no consistently check if threadSupport was enabled.
52478 Duplicate service instance for singleton service "com.openexchange.session.ObfuscatorService" detected
Accidental duplicate registration for the same service instance.
Patch Release 4393 (2017-10-17)
Shipped Components and Versions
- Open-Xchange AppSuite backend 7.8.3-rev36
- Open-Xchange AppSuite frontend 7.8.3-rev32
- Open-Xchange AppSuite Office 7.8.3-rev11
- Open-Xchange AppSuite Office-Web 7.8.3-rev10
Fixed Vulnerabilities
55703 CVE-2017-15029
CVSS: 3.1 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)
55651 CVE-2017-15030
CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)
55603 CVE-2017-15030
CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)
55602 CVE-2017-15030
CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)
55600 CVE-2017-15030
CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)
55090 CVE-2017-13667
CVSS: 6.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L)
55068 CVE-2017-13668
CVSS: 3.7 (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N)
Fixed Bugs
55409 Contact sort orders are inconsistent between "address book" and "select address dialog"
Contacts were just sorted by the first character. This has been fixed by adding recursion when letters are equal.
55362 Translation missing on upload timeout error
Missing string in i18n.
55360 Potential XSS-Bug while handling Mail From
Possible control and/or white-space characters returned to clients. This has been fixed by dropping control and/or white-space characters from E-Mail addresses.
55271 File name incorrect Japanese characters
Fullwidth digits were replaced in file names. This has been solved by allowing fullwidth digits in file names.
Patch Release 4376 (2017-10-04)
Shipped Components and Versions
- Open-Xchange AppSuite backend 7.8.3-rev35
- Open-Xchange AppSuite frontend 7.8.3-rev31
Fixed Bugs
55455 Contacts export and have EOL
LF character was used as line terminator in exported CSV files. Outlook was not able to handle those files. This has been solved by using CRLF sequence as line terminator in exported CSV files.
55425 Unclear behaviour on versioning when uploading files upper/lower case
File name check was case-sensitive.
55175 Mail Module does not render thumbnails for .txt
This has been solved by adding txt to regex of supported file extensions for preview.
54750 TO: with IDN scrambled after reply
The mail sent by thunderbird does not contain the ASCII representation of the mail address. Instead it contains the unexpected IDN representation. This was fixed in javax.mail as it deals with unexpected mail content. Try to parse with the default java charset. If ASCII is provided (as expected) nothing will change.
Patch Release 4353 (2017-09-18)
Shipped Components and Versions
- Open-Xchange AppSuite backend 7.8.3-rev34
- Open-Xchange AppSuite frontend 7.8.3-rev30
- Open-Xchange AppSuite documentconverter 7.8.3-rev8
Fixed Bugs
55265 High load on configdb DB ReadSlave
Excessive querying of all context identifiers, likely caused by unnecessarily "per node" initialization of default attachment storage cleaner. Solution: Efficient retrieval of distinct context identifiers per schema and refactored default attach- ment storage cleaner to be managed as cluster task (runs only once, no more per node).
55254 Rename / delete folders in OX Drive not possible
Creation of trash and public folders on demand was removed. This has been solved by reenabling the creation of trash and public folder on demand.
55229 Japanese text is garbled in App Suite
Some Japanese characters are not display correctly (garbled) in emails. This has been fixed by using "x-windows-iso2022jp" charset in case Javas "iso-2022-jp" charset yields unmapped characters.
55175 Mail Module does not render thumbnails for .txt
This has been solved by adding txt to regex of supported file extensions for preview.
55162 Inline images at HTML mails disappear after a short time
Sometimes added Inline images disappered while composing a new email. This got solved by not advertising the Content-Length header for retrieved images from mail storage as associated MIME part does not provide exact size to solve this issue.
51093 "Switch to parent folder" leads to hidden root for external storages
In case the com.openexchange.java-commons.logback-extensions bundle has not been started an attempt to register its MBean failed. Await availability of Logstash Socket Appender instance prior to attempting to register its MBean to solve this issue.
Patch Release 4327 (2017-09-04)
Shipped Components and Versions
- Open-Xchange AppSuite backend 7.8.3-rev33
- Open-Xchange AppSuite frontend 7.8.3-rev29
Fixed Bugs
55251 Unused libraries were shipped
Removed unused libraries from com.openexchange.preview bundle.
55171 Mail Modules does not render thumbnails for TIFF and PSD
Missing handling for .psd and .tiff in mail preview. This has been solved by adding PSD and TIFF support to preview list.
55096 Dragging a folder into Drive in App Suite UI results in unspecific error
UI changed response so it looked like the currently logged in user confirmed the appointment. This has been fixed by using the actual user that confirmed instead of the currently logged in user.
55012 "Email has no recipient" message is shown after deleting a duplicated recipient
This was caused by same identifier in collection and has been fixed by using unique identifiers so there are no duplicates anymore.
54879 Quotes in email local part not allowed
Possible quotes (") in local part of an E-Mail address were handled as special characters. Now orderly handle quotes in local part of an E-Mail address to solve this issue.
54232 File names are case sensitive
The filename reservation logic recorded possibly conflicting filenames in a map using case-sensitive keys. This has been solved by tracking possibly conflicting filenames ignoring case.
Patch Release 4317 (2017-08-21)
Shipped Components and Versions
- Open-Xchange AppSuite backend 7.8.3-rev32
- Open-Xchange AppSuite frontend 7.8.3-rev28
Fixed Vulnerabilities
54915 CVE-2017-12885
CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)
54838 CVE-2017-12885
CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)
54592 CVE-2017-12885
CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)
54579 CVE-2017-12884
CVSS: 3.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
54578 CVE-2017-12885
CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)
Fixed Bugs
54944 Subject line with UTF-8 characters are jumbled up
Mixed encoded values are not properly combined. Properly combine mixed encoded values to solve this issue.
54894 E-mail gets only displayed partly
Mail uses absolute positioning. Email exceeded internal limit (32KB) for specific post-processing. Raise size limit for that particular post-processing to 128KB for Chrome, 64KB for other browsers to display those emails.
54877 Tasks cannot be deleted
Duplicate entries were written to the del_task folder table. This has been fixed by only writing the most current ones.
54863 Restart of more than one middleware nodes take a long time
This has been solved by avoiding too many request to all possible DB-Schemas and improving start-up of middleware nodes for setups holding millions of contexts.
54534 Socket monitoring support
To allow debugging potential network and remote service issues more efficiently, we added sup- port to log connection status and usage metrics for each socket that gets opened to an external system (e.g. Database, IMAP). See Change SCR-24 for more information.
53947 Monthly calendar view does not scroll to previous month
Previous month scrollposition was unreachable due to endless scrolling. This has been fixed by drawing an additional month if trying to scroll to the first drawn month.
53454 A IMAP folder called "user" is visible
"user" folder remained in child listing of root folder. Orderly drop single namespace folders from LSUB collection to solve this issue.
Patch Release 4303 (2017-08-07)
Shipped Components and Versions
- Open-Xchange AppSuite backend 7.8.3-rev31
- Open-Xchange AppSuite frontend 7.8.3-rev27
Fixed Bugs
54808 CacheAware does not work for Drive folders
When programmatically working with Drive folders, they could be declared to be CacheAware but this property did not change the folders behavior in terms of cache handling. This has been resolved and needs to he validated at the specific implementation.
54790 Getting quota does not work anymore
When requesting quota information for non-existing file storage accounts a runtime exception was thrown instead of properly handling the case. This has now been corrected.
54702 Rename folder pop-up not closing
The dialog to rename a folder in App Suite would not close under very special conditions. This has been researched and a potential workaround got applied. The effectiveness of this solutions needs to be validated for the environment in question.
54701 Unable to copy raw image content to mail compose with IE11
When copying raw image content from apps like MS Paint to mail compose, rather than just adding that image via drag&drop or the provided composer options, its content did not get pasted when using IE11. This has been corrected for this particular case, however note that copy&paste is implemented very inconsistently across browsers and operating systems, other cases will potentially not work as expected since the browser does not provide necessary information to web applications.
54586 Inconsistency for saving drafts when using attachments from Drive
When adding attachments to a Mail from OX Drive, they were added when saving a mail as draft but not removed when removing the attachment. This behavior has been corrected in a way that mail attachments are never stored when saving as draft.
54453 Account help page missing
A particular help page for external accounts was incorrectly linked, this has been corrected.
54437 Contact collector not working
Collecting contact information while reading mail was not working when combining specific mail handling (seen/unseen) in combination with contact collection. This has been solved.
51742 Usability improvement when handling appointment invitations
When receiving invitations or modifications of an appointment, we did show a very prominent pane that allows users to accept/decline. However some users still tried to manually import the attached ICS file which led to a series of problems. This is now being avoided by hiding ICS attachments in cases where we already show the accept/decline pane.
51194 Ability to disable adding attachments to PIM apps via configuration
A new frontend-side configuration option has been added to disable the "add attachment" area when creating or editing PIM objects. Note that this is purely cosmetic and does not affect other clients than OX App Suite. See Change #4301 for more information.
Patch Release 4284 (2017-07-24)
Shipped Components and Versions
- Open-Xchange AppSuite backend 7.8.3-rev30
- Open-Xchange AppSuite frontend 7.8.3-rev26
Fixed Bugs
54723 Busy circle never stops on attachment uploads
Tried to create previews for documents for local files. This has been solved by not trying to create previews for documents for local files.
54593 No error message if import limit is reached
No warning given in case number of imported items were truncated. This has been fixed by adding warning if number of imported objects were truncated.
54529 Drive mail drive attachment counting filesize against upload limit
Any mail attachment appended to the new message has been checked against upload quota limitation. Only consider uploaded file (mail attachments) when checking upload quota limitation to solve this issue.
Patch Release 4256 (2017-07-10)
Shipped Components and Versions
- Open-Xchange AppSuite backend 7.8.3-rev29
- Open-Xchange AppSuite frontend 7.8.3-rev25
- Open-Xchange EAS 7.8.3-rev9
- Open-Xchange Office 7.8.3-rev10
- Open-Xchange Office-Web 7.8.3-rev9
Fixed Vulnerabilities
54403 CVE-2017-9809
CVSS: 3.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)
54402 CVE-2017-9808
CVSS: 3.3 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)
54321 CVE-2017-9808
CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)
54320 CVE-2017-9808
CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)
Fixed Bugs
54532 Confusing error message "Folder INBOX has been closed on mail server"
Confusing displayed error message. Solution: Rephrased error messages dealing about connectivity issues to mail server to have a more user-friendly information. Moreover added the "Please try again later." suffix to hint to a possibly temporary nature of the issue.
54377 Generating missing MD5 sums on filestore Objects causes high read load
There might be situations where the metadata for stored infostore documents does not indicate the referenced files MD5 checksum. This may be the case for files that were stored more than 4 years ago, or for files that have been uploaded in chunks, e.g. during a migration. When synchronizing via OX Drive, the missing checksums for those files are calculated on demand, which requires the files to be retrieved from the underlying storage. When having many or very large files where the checksum needs to be calculated for, this may lead to an increased read load which may impact other processes and systems in the installation. This has been fixed by providing functionality to calculate missing file checksums on demand.
54349 Edge crashes on large attachments
Too much memory and CPU usage by canvas resize. Integrate canvas resize into our lazyload mechanism so not every picture is processed simultaniously to solve this issue.
54348 Attachment filename wrong when forward email
Building the forwarded mail calling setHeader erased the header information about file name. This has been solved by calling setHeader first and set the file name header afterwards.
54311 Unable to send mail with onboard external account as sender
A SMTP server which responds with non standards-compliant multi-line greeting on socket connect messed up parsing of server’s capabilities. This has been solved by dealing with multi-line greetings from SMTP server.
54262 No timeout message if loading modules fails
No error message on require timeout. This has been fixed by adding timeout message and reload option with longer timeout (30 seconds).
54177 Creating folders or renaming folders to prefix A- or B- does not show
The folder title gets not re-rendered after a title change. Now after a title change also the folder title gets re-rendered.
53454 A IMAP folder called "user" is visible
"user" folder remained in child listing of root folder. Orderly drop single namespace folders from LSUB collection to solve this issue.
Patch Release 4223 (2017-06-26)
Shipped Components and Versions
- Open-Xchange AppSuite backend 7.8.3-rev27
- Open-Xchange AppSuite frontend 7.8.3-rev24
Fixed Bugs
54315 Incompatibility with SIEVE rules
When running OX App Suite 7.8.3 and 7.8.4 against a shared mail environment, SIEVE filter rules could unintentionally affect each other, for example auto-forward and vacation notice. This got fixed by retaining commented script content which is unknown to the 7.8.4 implementation.
54309 Re-authorizing a oAuth account led to errors
When re-authorizing a oAuth account, for example after changing its password or revoking access, a runtime exception was thrown. This got fixed by considering empty authorization tokens.
54181 Config-cascade inconsistency for value pairs
Certain value pairs where not correctly distributed by the config cascade mechanism, especially those related to services that use oAuth for authentication. We solved this by making those properties config-cascade aware.
54174 Unexpected oAuth option for external accounts
When having external mail access via oAuth disabled, the corresponding option was not properly hidden. This got solved to immediately start the non-oAuth wizard instead.
54136 Incorrect permission restriction when moving folders in Drive
When moving/copying a folder from a external storage service to folder of the primary OX Drive storage service, a permission related error was thrown. This got solved by properly setting administrator privileges to the creator of a OX Drive folder while copying/moving in folders from external services.
54133 Sharing dialog stuck when sharing locked file
When attempting to share a file which is locked, the sharing dialog did not close when canceling the operation. This got solved by handling potential errors related to locks when trying to share a file.
54069 Fuzzy fallback for unsupported languages
In certain cases the frontend language did fall back to german instead of english. This got fixed by setting a explicit fallback to en_US if the browser provides a unsupported language and no previously set OX language cookie.
54067 Outdated "unsupported browsers" message
OX App Suite UI did display incorrect recommendations for mobile browsers when using such as a desktop browser. This has been solved and we're now showing recommendations for mobile browsers only when using a mobile device.
54042 Unable to update dates with Japanese locale
When defining start/end dates at the calendar on mobile browsers, the supplied data did not get taken over to the appointment. This was caused by incompatibility of a date/time format library with specific languages and has been fixed by making sure the same date/time format is used at all related components.
54041 Missing schema information for database timeout errors
In case a database connection reported a communication failure or timeout, the specific database schema was not part of the exception. This has now been added to allow simple debugging of affected database clusters.
53958 More debug background for exceptions related to closed IMAP folders
In case a IMAP backend did close a connection due to technical issues or timeouts, the resulting stack-trace at OX App Suite middleware was rather generic. This has been improved in a way that we now show the related IMAP command to allow better debugging. This issue has to be validated in production environments that show such unexpected behavior.
53945 Duplicate paste on certain systems
On few macOS based systems images were pasted twice to mail compose when using the operating systems copy&paste feature and hitting a specific timing pattern. Additional checks were added to avoid importing duplicate content.
53923 Quick reply disappears after the first reply
When using "quick reply" to answer a mail, this option will disappear. We changed the behavior in a way that the option stays available after using it.
53916 Adding local files opens camera App on iOS
When using OX App Suite UI with Safari on iOS, the action to add a local attachment resulted in immediate launch of the camera App. We now trigger a selection menu which offers to either use the camera or access existing photos on the device.
53688 Contacts with Katakana "yomi" fields were sorted as "other"
When using Japanese language settings and subsequently "yomi" contact fields, those contacts were sorted incorrectly as "other", which got solved.
53671 Specific mails produced empty printouts
When printing specific mails that define CSS, the created print version did not show substantial content. This got fixed by dropping certain CSS elements from our whitelist that could lead to broken layouts. See Change #4204.
53649 Folder IDs were shown in PIM objects attachment details
For PIM objects with attachments we did show the hyperlinks pointing to OX Drive instead of the corresponding App. To avoid confusion we did visually remove those links as they provide almost no functionality.
53474 Duplicate recipients when sending mail
When sending a mail to all appointment participants the resulting mail compose did contain duplicates of the expected recipients. This got solved by detecting and removing the currently logged in user from that list.
53437 Inconsistency for thumbnails and image preview
Certain file formats (tiff, psd, pbm) were shown as thumbnail preview while not being supported in image preview. To ensure consistency we added support for tiff and psd files to image preview.
52633 Adding huge photos to HTML mail led to high CPU load
When checking for validity of a uploaded image, the size limitations were not considered, which in turn led to higher than expected processing effort. The logic got changed to apply limitations prior to analyze validity of an image. If that action fails, the affected image is being removed from mail compose and a error is logged.
Patch Release 4186 (2017-06-12)
Shipped Components and Versions
- Open-Xchange AppSuite backend 7.8.3-rev26
- Open-Xchange AppSuite frontend 7.8.3-rev23
- Open-Xchange EAS 7.8.3-rev8
Fixed Bugs
53900 1st (out of two) Google Mail Account does not work after adding 2nd (out of two) Google Calender Abo
When updating an OAuth account (applying a new name), the enabled scopes was accidentally reseted.
53795 POP3 External account: messages retrieved are duplicated
Certain POP3 server's do not obey to advertise UIDLs with at max. 70 characters.
53690 Fields considered for sorting / categorizing contacts inconsistent
A contact's (yomi-) firstname was not taken into account during sort name generation in case no (yomi-) lastname was set.
53689 Yomi fields not available / visible with non-Japanese language setting
Missing feature for other languages.
53688 Contacts with Katakana "yomi" fields are sorted and categorized as "other"
Only hiragana in sorting table.
53674 Japanese attachment filenames broken for some sender MUAs
"name" and "filename" values were parsed in a wrong way from parameter list of Content-Type and Content-Disposition headers.
53524 Japanese translation: Inconsistent translation for the word "all"
Some are translated with Kanji and the others with Hiragana, which gives the end users inconsistent look and feel.
53340 Appointment status of participant not updated via EAS
The list of confirmations was not part of the USM sync-state.
53233 No appropriate folder storage for tree identifier "0" and folder identifier "label"
Used dummy folder_id 'label'.
Patch Release 4176 (2017-05-19)
Shipped Components and Versions
- Open-Xchange AppSuite backend 7.8.3-rev24
Fixed Bugs
53833 After latest OX update the documentconverter-server is no longer working
Due to unnecessary package imports the documentconverter was not running.
Patch Release 4161 (2017-05-29)
Shipped Components and Versions
- Open-Xchange AppSuite backend 7.8.3-rev25
- Open-Xchange AppSuite frontend 7.8.3-rev22
Fixed Bugs
53790 Problem with executing SQL: Deadlock found when trying to get lock
Possible dead lock situation through concurrent context create operations that imply to add data to "contextAttribute" table in context-associated payload database.
53521 Japanese translation for "Save to Drive" has superfluous letters "()"
Fixed superfluous trailing letters for Japanese.
53456 Mail content not displayed with broken content type
Corrupt/broken Content-Type header in a MIME part breaks parsing of a mail message.
53267 Folder-mapping for external IMAP accounts won't be temporary shown after password change and a new 'Sent objects' folder gets created
Wrong look-up of standard folder in session-associated cache, which contains wrong entries in case password has been changed.
53249 Not possible to delete pop3 account
The server tried to remove the pop3 folders multiple times.
53095 OAuth accounts broken after downgrade from Groupware to PIM role
Need of improvement in case access to OAuth-backed data is not/should not be possible as per configuration and missing scope authorization.
52633 Drag & drop of a huge picture into a HTML-Mail will cause the JVM to OOM/ up until OS swapped
Improved logging behavior in case image upload gets denied due to size/resolution restrictions.
50804 vCard Attachment can not be deselected
Unported API change in Dropdown mini-views let to this behavior.
Patch Release 4138 (2017-05-18)
Shipped Components and Versions
- Open-Xchange Updater 7.8.3-rev6
- Connector for Microsoft Outlook 7.2.25
Fixed Bugs
53115 OLOX20: saving a mailfilter rule with no condition, no action but only a stop rule is not possible
It was not possible to create a stop mailfilter rule.
Patch Release 4132 (2017-05-18)
Shipped Components and Versions
- Open-Xchange AppSuite backend 7.8.3-rev23
- Open-Xchange AppSuite frontend 7.8.3-rev21
- Open-Xchange Office 7.8.3-rev9
- Open-Xchange Office-web 7.8.3-rev8
Fixed Vulnerabilities
53077 CVE-2017-8340
CVSS: 3.1 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
53073 CVE-2017-8340
CVSS: 3.1 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
52843 CVE-2017-8340
CVSS: 3.1 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)
52066 CVE-2017-8341
CVSS: 3.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)
52040 CVE-2017-6913
CVSS: 5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Fixed Bugs
53368 UI does not load but also not redirect to unsupported.html for MSIE 9.0
Latest code changes make IE9 unusable.
53352 OX address book image does not load on connect voice portal
Image content were not accessible via OAuth.
53188 IMAP plugin improvements
Appsuite had no support/failover strategy in case an IMAP host is resolvable to multiple IP addresses.
53168 Twitter account not shown
If mail account and twitter account had the same id the twitter account was not displayed.
53127 DAV Links for Tasks (and maybe for others too) are displayed although they are not accessible at all
Missing check if task folder is private.
53087 Second Google calendar subscription does not show calendar contents
The actual OAuth account associated with a subscription has not been considered, but always the default Google OAuth account was referenced.
52712 Twitter stream not shown after configuration
Missing event in Keychain api led to this issue.
52123 Not possible to change name in email settings with custom MAL bundle
Wrong mail provider was initialized for this special case.
51755 Long running script on huge list of TO: addresses in compose
Too many unnecessary request while adding huge distribution lists.
Patch Release 4113 (2017-05-02)
Shipped Components and Versions
- Open-Xchange AppSuite backend 7.8.3-rev22
- Open-Xchange AppSuite frontend 7.8.3-rev20
Fixed Bugs
53100 Mail is not beeing displayed, blocking other from beeing displayed in INBOX
This was due to missing recovery for an unsupported character-encoding.
53023 Message with truncated subject
Subsequent base64-encoded strings are not combineable if individual values end with padding '=' character.
53008 HTML content is invalid and cannot be displayed
Weird start tag segments in real-world HTML messes-up HTML parser refusing to process the content any further.
52928 Attachment not shown
In email with attachments which have different cid and id it was not possible to show all attachments.
52797 Autoconfiguration fails for hotmail/yahoo/live domains
Thunderbird's ISPDB for auto-configuration changed.
"https://autoconfig.thunderbird.net/v1.1/".
52727 UI/Browser blocked / stalled when dealig with huge amounts of appointments
To many operations in domtree if having much appointments.
52633 Drag & drop of a huge picture into a HTML-Mail will cause the JVM to OOM/ up until OS swapped
Configured image limitations were not tested when checking for validity of an uploaded image.
51801 "Drop inline images here" not translated
Added missing translation.
50759 All messages in unified inbox say "No subject" when using threads
With this fix the Subject is displayed for unified inbox conversations.
Patch Release 4084 (2017-04-18)
Shipped Components and Versions
- Open-Xchange AppSuite backend 7.8.3-rev21
- Open-Xchange AppSuite frontend 7.8.3-rev19
- Open-Xchange Office 7.8.3-rev8
- Open-Xchange Documentconverter 7.8.3-rev8
- Open-Xchange USM 7.8.3-rev8
- Open-Xchange EAS 7.8.3-rev7
Fixed Bugs
52756 Twitter can not be configured anymore;Case-sensitive look-up for an OAuth API: "Twitter" is not equal to "twitter"
Case-sensitive look-up for an OAuth API: "Twitter" is not equal to "twitter".
52751 Creating external accounts does not work anymore
Wrong detection if a mail account action was targeted for primary mail account.
52675 Html mail not displayed at all
Some mails were not displayed because
52606 Show hidden files setting does not work at all
Hidden files were not displayed because filter extensions for files were never called.
52534 Disableschema: SessiondService is used but not registered in the activator
Required SessionD service was not orderly tracked.
52530 Pop3 access to external account is not logged by AuditLog
The tracked instance of AuditLogService was not orderly put into utilized service registry.
52402 Drag and Drop not working with chrome on windows 10 Touch
It was recognized as a touch device and DND was disabled.
52391 Empty Page in UI settings section after update
Js error in yell function and only a empty settings page were displayed.
52348 Logging issue after appsuite update
Open-xchange-osgi didn´t conatin the latest logback extension.
52101 'Folder "9" is not visible to user "X" in context "YY"
Caused by the changes for favorite folders, where favorite folders for every module were added to the collection pool. The favorite folder for drive has the parent with id "9". When the ui is refreshed, all parents of all folders are listed. That causes every refresh to request the folder with id "9".
51757 When the first mail filter rule is created for a user, it does not show in the mail filter list
The filter collection does not handle an initial add correctly.
50798 Renaming a root level folder which contains a Favorite Folder will lead to "Mailfolder not found on IMAP Server"
Caused by missing checks if parent folders get renamed or removed.
50478 Impossible to add two or more different Gmail accounts
Initial assumption to re-use OAuth credentials was wrong.
Patch Release 4078 (2017-04-04)
Shipped Components and Versions
- Open-Xchange usm 7.8.3-rev7
Fixed Bugs
51967 Missing distribution lists in Outlook
When syncing Outlook using USM, certain amounts and combinations of contacts and distribution lists could lead to a situation where only a subset of contacts but not all distribution lists got synced. This has been solved by sorting the type of object (contact, distribution list) prior to performing the sync operation. This way the kind of objects retrieved at the client side stays consistent in case the total amount of objects exceeds the chunk size for one sync operation.
51399 Repeated mail sending when using Outlook
In case a backend error did occur, like downtime of the mail storage, there could be situations where Outlook clients using USM get into a sending-loop, resulting to duplicated E-Mail. Those kind of errors are now handled by the USM API in accordance to the OX App Suite middleware error code. Backend version 7.8.3-rev20 or higher is needed for this fix.
Patch Release 4050 (2017-04-03)
Shipped Components and Versions
- Open-Xchange AppSuite backend 7.8.3-rev20
- Open-Xchange AppSuite frontend 7.8.3-rev18
- Open-Xchange Office 7.8.3-rev7
Fixed Vulnerabilities
52255 CVE-2017-6912
CVSS: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
51863 CVE-2017-6913
CVSS: 5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
51667 CVE-2016-10078
CVSS: 3.6 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/CR:L)
51622 CVE-2017-6912
CVSS: 6.5 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
Fixed Bugs
52518 Compatibility fix for Debian and systemd
The Debian project did rename the initial process from systemd to init when moving to Debian 8.7. Some areas of our startup scripts depend on this name to determine whether systemd is used or not. We're now querying /proc/1/comm to figure out the kind and name of process that takes care about inits.
52437 oxsysreport tries to read nonexisting files
When running oxsysreport while having OX Guard installed, false-positives for password blacklisting could occur. As a result errors were reported by the oxsysreport tool, which has been solved by adjusting the regular expression for parameter blacklisting.
52314 Unicode decoding fails for multi-line mail subjects
In case a E-Mail subject spans multiple lines where each consists of UTF-8 mail-safe base64 encoded characters, decoding partly failed and Unicode characters were displayed in a scrambled way. This has been solved by properly handling such split subjects and encoding each part independently.
52238 Typo at NRFILES property at startscript
A typo at the /opt/open-xchange/sbin/open-xchange script led to a situation where custom configured "nofiles" limits where not correctly applied to the process. This has been solved by correcting the properties name and adding a log message to open-xchange-console.log in case the process fails to set this limit.
52235 Missing custom favicons
Newer versions of Firefox use the largest icon presented as as favicon, which defaults to a unbranded OX icon. Originally this handling was introduced to set a "homescreen" icon when using the appropriate functionality on mobile operating systems. This was solved by removing the corresponding tag when using desktop operating systems.
52198 Applying OX Drive folder permissions recursively
A feature backport has been performed to allow recursive inheritance of OX Drive folder permissions when changing a parent folder.
52181 Firefox drop-zone overlaps mail list
When using a specific series of gestures while importing a .eml file to a mailbox, a Firefox bug on Windows and macOS got triggered which kept the "drop zone" visible after dropping the file outside of the browser window. This subsequently blocked other user interaction with the mail list. We added a workaround for this browser bug in a way that clicking outside the drop zone will revert its state.
52161 Missing mails on mobile devices when using mail categories
When using mail categories with a desktop browser and moving mails to specific categories, those mails would not be displayed at Inbox anymore when using the same account using a mobile browser. We solved this by avoiding categorization Inbox if the corresponding feature set is not available on the currently used platforms.
52157 IMAP master-auth user name provided to client
In case of specific IMAP errors related to EXPUNGE commands, a detailed error message was returned to the user, which could contain a user-name for IMAP master authentication. This was solved by removing detailed error message contents for that IMAP command.
52151 Drop zone for .eml not disappearing if a file is not dropped with firefox on Windows
Firefox does not trigger dragleave or mouseout correctly.
52123 Unable to change mail account name with certain mail configurations
If a user was changing its mail account displayname while the middleware uses a "global" mailServerSource setting, incorrect host names were applied. As a result the displayname could not be changed. We solved this by applying the appropriate host name to avoid erroneous responses during the operation.
52104 Untraceable database timeouts during share cleanup
Once the PeriodicCleaner task for shares was executed, potential SQL errors could not be traced since the related schema name was unknown. To allow further debugging we addedcom.openexchange.database.schema as parameter for this cleanup run. It will highlight which database schema triggered timeouts or other errors.
51997 Shares created via Drivemail requested credentials
When sending a mail attachment and using "Drive Mail" a password was requested even though a user did not enable this option. This could happen in cases where a user first specified a password but then un-ticked the related option. We solved this by checking the options state more carefully prior to creating the related share.
51967 Missing distribution lists in Outlook
When syncing Outlook using USM, certain amounts and combinations of contacts and distribution lists could lead to a situation where only a subset of contacts but not all distribution lists got synced. This has been solved by sorting the type of object (contact, distribution list) prior to performing the sync operation. This way the kind of objects retrieved at the client side stays consistent in case the total amount of objects exceeds the chunk size for one sync operation.
51918 Calendar conflicts with UTC+12 timezones
During conflict detection, the floating time-span of full-day appointments was calculated using the servers timezone (usually UTC) while other appointments used the timezone configured by the user. In cases where a large offset to UTC is present, there has been a 50/50 chance that appointments would conflict with full-day appointments at the previous or next day. We're now calculating both values using the users specific timezone for conflict handling. This should bring down the probability of incorrect conflicts considerably.
51839 Certain serious (non UCE/UBE) HTML mail is not displayed
Too greedy check for possibly malicious content led to this issue.
51462 Full-day appointments could not be converted with Lightning
When using Thunderbird/Lightning and CalDAV of OX App Suite, full-day appointments could not be converted back to normal appointments using the CalDAV client. The reason for this was a client-specific CalDAV header used to indicate full-day appointments which caused issues with Lightning. We removed this header if the associated user-agent does not expect it.
51399 Repeated mail sending when using Outlook
In case a backend error did occur, like downtime of the mail storage, there could be situations where Outlook clients using USM get into a sending-loop, resulting to duplicated E-Mail. Those kind of errors are now handled by the USM API in accordance to the OX App Suite middleware error code.
51222 Long loading times for documents with certain storages
In case a large document gets requested off a slow cloud storage, very long loading times could happen and expected timeouts were not considered. This has been solved by adding additional timeouts that will kick in if a API request to the storage layer takes longer than anticipated.
51074 Encoding issues with passwords
In case certain operating systems got configured incorrectly, specifically RHEL6 and SLES11, usage of the open-xchange-passwordchange-script plugin could lead to incorrectly encoded passwords passed over to a script. This has been solved by adding an optional parameter as described by Change #4022 to allow base64 encoded transfer. Additionally, unexpected encoding configurations will get logged to open-xchange-console.log to alert operators about potential follow-up issues.
50918 Timezone issues with task start/due dates on negative timezone offsets
When defining a start or due date for tasks while using a negative UTC offset, the selected date would be reported incorrectly. This has been solved by adjusting the full-day handling for tasks to the calendar implementation which uses UTC.
49236 Messages regarding missing E-Mail
Some OX App Suite UI requests did lead to error messages regarding E-Mail which could not be found. After analyzing the situation, we suspect that there is a issue with obfuscated folder names. A fallback has been added in case decoding a folder name failed.
Patch Release 4016 (2017-03-20)
Shipped Components and Versions
- Open-Xchange AppSuite backend 7.8.3-rev18
- Open-Xchange AppSuite frontend 7.8.3-rev17
Fixed Bugs
52013 Enhancements to IMAP host detection and logging
To allow better debugging and monitoring of interaction between OX App Suite and IMAP backends, a new parameter was added to parse the IMAP backends "greeting" and provide it as part of the OX App Suite log. This behaviour is configurable and described within release notes. When rolling out this Patch Release.
51910 Optimizing IMAP IDLE handling and Hazelcast lookups
When using IMAP IDLE in larger deployments (which OX does not recommend) it might happen that threads are getting blocked by attempts to look up and close associated push listeners in a cluster once a user closes a session. Using synchonization protocols like Exchange Active Sync triggers many sessions to be opened and closed in a relatively short period of time. While there might be configurations where only one IMAP IDLE push listener per user is allowed, in many cases this level of consistency is excessive and could lead to outages. Therefor we changed the behaviour to only look up "local" sessions rather than querying the whole cluster. This behaviour is configurable and described within release notes. When rolling out this Patch Release please have a close look to IMAP IDLE session count and modify the configuration in accordance to the environments requirements. To enhance overall performance of session lookups, a index has been added to the Hazelcast "sessions" map. As a result, clusters need to be completely updated and restarted when applying this patch release, the "sessions" map is not compatible with its earlier version.
51847 Enhanced IMAP request tracking
Logging has been extended to allow tracking individual IMAP activities/requests for a OX App Suite session which might use several IMAP connections. The new logging property is com.openexchange.mail.session.
51772 Unable to modify users own data
In cases where the contact associated to the user account was created by the "oxadmin" account rather than the user itself, the user was unable to change its own contact data. Such situations may arise in specific provisioning implementations. Changing the contacts data is now possible again by correcting the mechanism to look up the oxadmin account as potential creator for the own contact.
51755 Long-running script warnings when sending mail to huge recipient list
When composing a mail to a list of several hundreds of recipients, browser warnings about unresponsive scripts occurred when trying to parse and tokenize the recipient list. The handling has been improved by 2-3x to allow a larger number of recipients.
51610 Desktop notifications are not shown for negative timezone offsets
When configuring a negative timezone offset (e.g. UTC-5), desktop notifications would not be shown since the timestamp of newly received mails was checked against UTC rather than the users timezone.
51602 Incorrect encoding when using IMAP "plain" authentication
In case mailbox login names allow multi-byte unicode characters, the login process would fail when using OX App Suite. This has been solved by applying the correct charset when performing the login procedure for mailboxes.
51207 Error message shown if "default app" setting is empty
In cases where a users configuration was damaged and the default app "none" has been selected, subsequent logins led to error messages. We're now falling back to the global default app if the provided app cannot be found.
50982 Empty "file count" for external cloud storage folders
Some external cloud storage providers do not provide the amount of files within a folder, in such cases OX App Suite would should "0" for any folder at that storage. A new internal capability per storage has been added to signal wether the storage does provide that information without executing expensive computation or storage access. According to that capability, OX App Suite UI will remove the "object count" indicator at folder details.
Patch Release 3994 (2017-02-24)
Shipped Components and Versions
- Open-Xchange AppSuite backend 7.8.3-rev16
Fixed Bugs
51859 Changed API behaviour leads to issues with file uploads
An earlier bugfix introduced a significant change to HTTP API behaviour, any change to the MIME-Type parameter has been rejected as a result. While OX clients were unaffected, this led to an incompatibility with third-party clients when using the "infostore" API for uploading and modifying files. We reduced the scope of the change to block MIME-Types that start with "multipart" instead, this should not affect the vast majority of use-cases for this API.
Patch Release 3985 (2017-03-08)
Shipped Components and Versions
- Open-Xchange AppSuite backend 7.8.3-rev17
- Open-Xchange AppSuite frontend 7.8.3-rev15
- Open-Xchange Office-Web 7.8.3-rev7
Fixed Bugs
51910 Huge amount of threads stops OX
Did some improvemnts to avoid a crashing OX. Utilize a user-scoped lock mechanism to avoid having a global lock that might affect unrelated threads unnecessarily. Avoid duplicate remote session look-up.
51898 Mail with invalid MIME type attachment cannot be displayed
When you try to display or import an email which contains an attachment with an invalid MIME type as content type, an error was thrown.
51727 Mail icon stills appears in UI even though mail is not enabled
Caused by missing capability check for disabling and hiding.
51572 Moving files with and without description not working in drive
Appsuite UI just redid the same operation.
51570 Only one warning for copy multiple files with description in drive
Multiple response was not fully processed.
51569 Primary mail address and aliases cannot be changed at the same time if the old primary mail address should be an alias
During the createuser command an alias for the primary mail account is already added. This alias is equal to the upper case notation used in the create command. The change command now tries to add the same alias but with only lower case letters. This isn't recognized and therefore the middleware tries to insert this alias to the db again which results in the duplicate entry error.
51548 Moving files which already exist result in duplicate files with google drive
There was no name check performed for the move operations.
51357 After last update to 7.8.3 no participants can be added in Scheduling with IE11
IE has problems with flexbox styles.
51222 Big text file load endless with the UI
The client request didn't get a response.
Patch Release 3952 (2017-02-20)
Shipped Components and Versions
- Open-Xchange AppSuite backend 7.8.3-rev14
- Open-Xchange AppSuite frontend 7.8.3-rev13
- Open-Xchange Office 7.8.3-rev6
- Open-Xchange Office-Web 7.8.3-rev6
Fixed Vulnerabilities
51480 CVE-2017-5864
CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)
51474 CVE-2017-5864
CVSS: 4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
51464 CVE-2017-5864
CVSS: 3.5 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)
51219 CVE-2017-5864
CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)
51202 CVE-2017-5864
CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)
51164 CVE-2017-5210
CVSS: 3.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
51069 CVE-2017-5863
CVSS: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
51058 CVE-2016-10078
CVSS: 3.6 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/CR:L)
51039 CVE-2017-5864
CVSS: 3.3 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)
51038 CVE-2017-5863
CVSS: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
50849 CVE-2017-5213
CVSS: 3.1 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
50716 CVE-2016-10077
CVSS: 4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
50715 CVE-2016-10078
CVSS: 5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Fixed Bugs
51700 Guided tours showing for users even though the package was not installed
Document tours are contained in documents-ui package, existence of standard tours package was not checked there.
51368 Bursts of WARN Messages: filemanagement.internal.ManagedFileManagementImpl ..Temporary file could not be deleted about 800-1000/day
Delete attempt does not check whether file is non-existing.
51357 No participants can be added in Scheduling with ie11 after an update
IE has problems with flexbox styles.
51101 Showruntimestats -a errors: No suche cache: OXIMAPConCache
OXIMAPConCache is an obsolete JCS cache. The StatisticTools was querying the JCSCacheInformation for that particular non existing cache. The same applies for MailConnectionCache and SessionCache.
51091 Upload to external filestorage account folder does not abort if overquota and fails
Missing error handling for overquota in multiple file upload.
51053 Appointment invitations get duplicated by adding attachments
Deactivated Notification pool combined with multiple uploads of attachments result in a single notification mail for each attachment.
50693 Content pane folder name not refreshed when renamed on external storage
Error handling is now done inside the apps. If errors with external storages (or other folder errors) appear and that folder is currently selected, the app will change to the default folder and reload the parent folder.
50689 Possible to lock files in external storages when not supported
The 'locks' capability was not correct for some external storages.
50414 Birthdays in the portal widget/sidepopup are sometimes a day off
Birthday calculation was slightly different in both views and apart from that even not correct for all cases.
50039 Problem with folder rename of external storage providers
Dropbox identifies the folder through the path. New Files create all folders in their path by default. This is a special Dropbox behavior.
48361 Login not possible if folder limit is reached
This has been fixed by adding missing handling for this special case. Now the login is working and the user gets notified about this error.
Patch Release 3925 (2017-01-26)
Shipped Components and Versions
- Open-Xchange AppSuite backend 7.8.3-rev12
Fixed Bugs
51263 Missing function returned in case requested files could not be found
A earlier fix changed the response content when requesting a frontend related file. Instead of a function and a error message, just a error message was returned. As a result the web frontend could get stuck in case a file was not found. This has been solved by providing a similar response than earlier, just with obfuscated payload.
Patch Release 3918 (2017-02-06)
Shipped Components and Versions
- Open-Xchange AppSuite backend 7.8.3-rev13
- Open-Xchange AppSuite frontend 7.8.3-rev12
- Open-Xchange USM 7.8.3-rev6
Fixed Bugs
51018 Munin warning updating config_ox_java_heap
Non-existing mbean raised an error.
51017 Munin error updating last-error in ox_grizzly_TCPNIOTransport
Last error value was not a simple signed integer.
50997 Searching inside of sent mail folder always shows senders name in results column
This has been solved by adding special handling in find app.
50991 Exception generating imap URI
A possible scheme/port information in "com.openexchange.mail.mailServer" or
50987 AutoStart is not working with io.ox/settings or portal
Settings is not a favorite app and is therefore ignored as autolaunch.
50982 External Cloud Storage: number of Items in folder not displayed - '0' all the time
Some file storage implementations are not returning a file count.
50965 Restore compose application pop up not loading with 7.8.3 upgrade
Introduced new value for ox.serverConfig.persistence: "always". Only works with adjustment in custom bundles.
50837 Birthday on 1.1.1970 not displayed
Timestamp for 1.1.1970 were interpreted as timestamp 0. Adjusted calculation from Birth Dates to solve this issue.
50798 Renaming a root level folder which contains a Favorite Folder will lead to "Mailfolder not found on IMAP Server"
Missing checks if parent folders get renamed or removed.
50714 OXtender synchronization fails with Couldn't determine extra fields in object with errors
The ical analysis of an external invitation delivers an json object "users" without sub fields, especially without confirmation. This was unexpected by USM and produced an error, which led to a general sync error with OLOX.
50674 Deleting 2 Users at a time via SOAP results in a database deadlock
Possible database deadlock on concurrent delete attempts for users in the same context.
50258 Categories - select all in one of the tabs - info message that not all mails are selected is missing
Missing translations were added.
50041 Moving files with description to external storage not working
Missing translations were added.
50016 When composing an email, the signatures do not get refreshed, when adding initial/new one
This has been fixed by using standard listener.
Patch Release 3879 (2017-01-23)
Shipped Components and Versions
- Open-Xchange AppSuite backend 7.8.3-rev11
- Open-Xchange AppSuite frontend 7.8.3-rev11
Fixed Vulnerabilities
50943 CVE-2016-10077
CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)
50940 CVE-2017-5211
CVSS: 7.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)
50893 CVE-2017-5211
CVSS: 4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
50764 CVE-2017-5210
CVSS: 4.8 (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N)
50760 CVE-2017-5211
CVSS: 7.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)
50748 CVE-2017-5213
CVSS: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
50739 CVE-2017-5212
CVSS: 6.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
50737 CVE-2017-5213
CVSS: 2.2 (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N)
50734 CVE-2016-10077
CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)
50733 CVE-2016-10078
CVSSv3: 3.6 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/CR:L)
50723 CVE-2016-10077
CVSS: 4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
50721 CVE-2017-5211
CVSS: 4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
50382 CVE-2016-10077
CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)
Fixed Bugs
50835 Report doesn't terminate if contexts are broken
In case of a context that never existed on the system, a lookup for all contexts in the same schema lead to endless attempts to get those contexts.
50738 Not possible to import multiple mappings with csv file
Addmapping value was not split by comma when supplying multiple login mappings via csv file at create context.
50706 OX APP Creates too many IMAP connections and not closing them
Unnecessary global lock that leads to stacking up threads.
50625 Setting "Automatically delete the invitation email after the appointment has been accepted or declined" has no impact on the email
The mails were only deleted for internal appointment invitations.
50258 Categories - select all in one of the tabs - info message that no all mails all selected is missing
Added new message for "select all" in tabbed inbox, some translation will be provided with the next patch.
50176 Dragging an email from desktop to mail-category tab is not working
No Handling for Drag & Drop in mail-categories.
Patch Release 3849 (2017-01-09)
Shipped Components and Versions
- Open-Xchange AppSuite backend 7.8.3-rev10
- Open-Xchange AppSuite frontend 7.8.3-rev9
Fixed Bugs
50627 Mail content not displayed
Malformed conditional comment (CC) causes to greedy detection of such a CC pattern in HTML content during sanitizing.
50621 OX crashed - one node/JVM permanently on GC/100% CPU - after creating an heapdump error looked different but OX still does not react
Really weird HTML content inside a mail containing over 700 nested
50570 Not possible to change name in email settings if global configuration is used
MailConfig values were overwritten with wrong values.
50527 MySQL databases refuses connection because of Too Many connections from single groupware servers
Incrementing use-count for a lot of contacts associated with a certain E-Mail address causes too many INSERT statements to be issued, that do flood the MySQL service.
50519 Not possible to find group in calendar permissions dialog
Groups where not drawn due to a limit.
50518 Email module - Burger Menu - Create filter rule is not responding
Due to the deactivation of the "address" mailfilter the default values were not available.
50514 MoveDBSchemas replayschema step, the migrated contexts have 'read_db_pool_id' set to '0'
The read-write pool is not set as read-only one as fall-back in case no dedicated read-only pool is set in associated DB cluster.
50466 CC Button Link misplaced in eMail composer when language set to chinese
Inputfield overlapps cc/bcc buttons and the links were not placed correctly.
50342 Calendar colors get lost on printouts
No custom label colors applied to template.
50303 No error message regarding "No such snippet found for identifier:" when filestore not available on login
This was caused by a missing hint that a file associated with a snippet/signature is (temporary) not available.
50300 Mail "burger" context menu in H-View not on top of all layers
Mail "burger" context menu was partially hidden by the upper layer.
50213 Edit draft loads endlessly
Recognizing HTML input wasn´t working correctly in all cases.
49265 Dropbox Integration - "Add description" can be used, but is useless
Requirements were not requested before drawing.
Patch Release 3814 (2016-12-19)
Shipped Components and Versions
- Open-Xchange AppSuite backend 7.8.3-rev8
- Open-Xchange AppSuite frontend 7.8.3-rev8
- Open-Xchange Driverestricted 7.8.3-rev6
Fixed Bugs
50461 HTTPClientActivator never calls Services#setServiceRegistry
Services class was not initialized.
50412 Edit incorrect email address in to or cc generates duplicate entries and phantom entries
Collection and tokenfield state gets messed up cause models ‘token’ attribute get updated within the ‘tokenfield:createtoken’ handler.
50244 Task title truncated / does not use all available space
Media queries were not flexible enough.
50232 Renaming a folder which is present in Favorites removes it from Favorites
The folder ID changes, therefore the folder was lost on page reload.
50135 Help not context sensitive in settings
The app did not contain any information about contextual help.
50043 Possible to add version info to external storage files
Was caused by missing capability check for version comments.
50040 Content pane not refreshed
After deleting a folder in a external storage account the view wasn´t updated.
49083 E-Mail-Folder Action 'delete all messages' ignores OVERQUOTA
Move command not used in case msg count greater than block size.
Patch Release 3775 (2016-12-07)
Shipped Components and Versions
- Open-Xchange AppSuite backend 7.8.3-rev6
- Open-Xchange AppSuite frontend 7.8.3-rev6
- Open-Xchange EAS 7.8.3-rev6
- Open-Xchange Documentconverter 7.8.3-rev6
Fixed Bugs
49989 Onboarding Wizard Connect Device Tile does not fit into frame
Max-width were applied on whole container.
49979 Guest users don't get deleted
Guest user deletion triggers push listener removal for guests even if they might not have any push listener registered.
49864 Full-day appointment will be displayed as a regular 24h appointment on Android
Specific clients rely on a certain order of the EAS protocol elements.
49781 Email list: email address displayed instead of display name when DISPLAYFROM is enabled
Now show display name if DISPLAYFROM is set.
49091 Show requests for read receipts setting is not hidden when protected
Configurability for all settings is not available.
Release 7.8.3 (2016-11-30)
Shipped Components and Versions
- Open-Xchange middleware 7.8.3-rev5
- Open-Xchange AppSuite frontend 7.8.3-rev5
- Open-Xchange OX6 frontend 6.22.13-rev5
- Open-Xchange USM 7.8.3-rev5
- Open-Xchange EAS 7.8.3-rev5
- Open-Xchange Updater 7.8.3-rev5 (6.18.33)
- Open-Xchange Drive restricted 7.8.3-rev5
- Open-Xchange Documents 7.8.3-rev5
- Open-Xchange Documents Frontend 7.8.3-rev5
- Open-Xchange Readerengine 7.8.3-rev5 (5.2.3)
- Open-Xchange Documentconverter 7.8.3-rev5
- Open-Xchange Documentconverter API 7.8.3-rev5
- Open-Xchange OXtender for Microsoft Outlook 7.2.24
- Open-Xchange Notifier 1.0.6
Fixed Vulnerabilities
49912 CVE-2016-9309
CVSS: 4.3, Credits to Lukas Reschke
49848 CVE-2016-9308
CVSS: 5.7, Credits to Hugh Davenport (allthethings.co.nz)
49847 CVE-2016-9309
CVSS: 3.7, Credits to Hugh Davenport (allthethings.co.nz)
49639 CVE-2016-9308
CVSS: 2.5
49439 CVE-2016-9308
CVSS: 4.1
49159 CVE-2016-8857
CVSS: 5.3
49015 CVE-2016-8857
CVSS: 3.5, Credits to secator
49014 CVE-2016-8857
CVSS: 5.3, Credits to Zeeshan (@z33_5h4n)
49005 CVE-2016-8857
CVSS: 5.3
48843 CVE-2016-7546
CVSS: 3.1, Credits to Abdullah Hussam (@Abdulahhusam)
48559 XSS with SVG when altering media-type
A bypass for existing sanitizer rules were found by modifying the media-type of a stored SVG file. This got solved by letting the sanitizer detect the files media-type regardless of the user-provided media-type. CVE-2016-7546, Credits to secator.
48282 Self-XSS when pasting script code to OX Text
Fixed the regex to control pasted content, made it more generic to capture script code. CVE-2016-7546, Credits to Sumit Sahoo.
48282 Self-XSS with pasted HTML content
When copying a specific pattern of script code to mail compose, included script code gets executed. This has been solved by extending the frontend-side sanitizer at OX Documents. CVE-2016-7546, Credits to Sumit Sahoo.
48231 Self-XSS with pasted HTML content
When copying a specific pattern of script code to mail compose, included script code gets executed. This has been solved by extending the frontend-side sanitizer. CVE-2016-7546, Credits to Joel Melegrito.
48230 XSS for Mail and Drive files
A bypass has been found for the existing sanitizer, using malformed content-types and base64 encoded payload of "data:" references. This was solved by extending the sanitizer and removing certain types of hyperlinks. CVE-2016-7546, Credits to Zeeshan (@z33_5h4n).
48173 Self-XSS with signature source-code
When creating signatures its possible to enter HTML code straight away. Since that code did not get sanitized by the frontend it allows to execute script code as well. We're now sanitizing the content at the frontend in addition to the existing sanitizer at the middleware. CVE-2016-7546, Credits to XSS01.
48083 XSS for Drive and Mail attachments
A new pattern was discovered that allowed a bypass of the existing sanitizer and execute script code payload within HTML files. It got fixed by adapting the sanitizer. CVE-2016-6850, Credits to kltdwd.
48061 XSS when pasting a hyperlink with script code to OX Text
Check for valid URL schemes when pasting hyperlinks to avoid inclusion of malicious links.
47916 Tabnapping in OX Documents
Added rel="noopener" when creating button markup for external links at OX Text and Spreadsheet. CVE-2016-6849.
47898 XSS with mp3 album covers
MP3 audio files allow to store inline images to represent album covers. When using SVG with included Javascript it was possible to create links to malicious files that would execute script code. This got solved by sanitizing album cover images. CVE-2016-6847, Credits to mateuszg.
47891 RSS reader allows local file discovery
By providing local paths as RSS resource, attackers could validate the existence of arbitrary files based on the returned error code. This has been solved by adding a whitelist for valid protocols and also returning uniform error codes. CVE-2016-6852, Credits to mateuszg.
47824 XSS with user pictures
When using SVG images as user picture, script code may get embedded and executed when forging specific links. This got solved by denying SVG content as picture and sanitizing existing data. CVE-2016-6850, Credits to kltdwd.
47822 Reflected file download for API calls
GET requests to API endpoints can be modified in a way that a download is triggered that contains reflected content from the request. This may be used to run malicious code on client devices and got solved by removing the ability to trigger such downloads. CVE-2016-6848, Credits to Abdullah Hussam (@Abdulahhusam).
47790 Tabnapping for mail and drive
Hyperlinks within user-generated content can be used to influct tabnapping attacks. We solved that by adding parameters like rel="noopener" to links. CVE-2016-6849, Credits to Zeeshan (@z33_5h4n).
47781 XSS for base64 encoded data links in mail
Malicious hyperlinks containing JavaScript as payload were not correctly sanitized, this has been solved by also inspecting encoded content for malicious code and dropping support for certain types of hyperlinks. CVE-2016-6845, Credits to Zeeshan (@z33_5h4n).
47779 Content-spoofing at App loader
When triggering a direct request to the app loader, provided input gets reflected to the requesting client. This can be used for content spoofing and got fixed by removing user input at error responses. Credits to Ahmed Abdalla.
47774 URL input gets reflected on error pages
When requesting a API path that does not exist, the requested path is returned as an error page. That could be used for content-spoofing attacks and has been fixed in a way that we don't return user input on such error pages. CVE-2016-6846, Credits to hackys.
47770 XSS for SVG attachments in mail
Nested JavaScript code within a SVG "image" file was executed when opening those files within the browser. We've extended sanitizing of SVG content. CVE-2016-6844, Credits to bugdisclose.
47602 XSS when creating a group
When changing a users name parameter to contain script code, that code got executed when creating a group. The corresponding place now uses a sanitized representation of the users data. CVE-2016-6843.
47601 XSS on the document setting
Useing a escepape method when loading data for OX Documents settings. CVE-2016-6842.
46897 Using log sanitization methods
Enabling LogSanitisingConverter by setting the %sanitisedMessage token for OX Documents. Use CVE-2016-5741.
46025 XSS at Charts
HTML-signs replaced with the respective HTML entities at OX Spreadsheet. CVE-2016-5124, Credits to sasi2103.
45811 XSS when dropping external content
Removed insecure mark-up from incoming HTML before processing it in OX Text. CVE-2016-5124.
45386 XXE while opening doc files in Drive
Now explicitly using own XMLStreamReader to avoid entity expansion when converting and working with spreadsheets. CVE-2016-4047, Credits to Deepanker Chawla.
45363 XSS at user name in Review Comments
Adding HTML escaping for date, uid and author in HTML fast load string for OX Text. CVE-2016-4045, Credits to Saeed Hashem (@SaeedHashem4).
Fixed Bugs
50203 Too many open files
When using systemd instead of sysv, the configurable limit of "open files" was not correctly applied. This has been solved in combination with Change #3773.
50174 Empty mail addresses lead to validation errors
When storing empty values as mail address, certain provisioning code failed when changing a different parameter. This has been solved by allowing empty values in addition of NULL values when validating a change.
50101 Vague error messages when uploading versions to Dropbox
Some storage providers use file path as that files unique identifier. When adding a new version of the same file but with a different filename in OX Drive, that version will be created as a new file at the storage service and return vague error messages. We solved this by using unique names of additional files when adding a version. At the same time we dropped support for versioning, see Change #3756.
50094 IMAP ghost-folders cannot be unsubscribed
Depending on the mailbox format, folders might contain only other folders but no mails. When subscribing a subfolder and then deleting the parent folder, the subfolders remain subscribed and cannot be removed in App Suite. This has been solved by extending the IMAP folder consistency check.
50091 Parsing errors for broken HTML mails
Converting certain broken HTML mail to their plain-text representation failed due to compatibility issues with the used library. This has been solved by extending conversion support for that kind of mail.
50078 Exception when changing passwords using override
In case the oxadminmaster account is configured to override oxadmin accounts, changing the password for oxadmin failed with a NPE. This was caused by incorrect cache invalidation in case oxadminmaster credentials werde used and got fixed accordingly.
50073 Issues with specific sharing link configuration
When using sharing links that contain a expiration date, recipient and password, some links fail to generate and are not sent. This was caused by a incompatible order of database statements and has been solved.
50038 Incorrect expires header for fallback pictures
When requesting a fallback image for a contact, for example when reading mail, the corresponding value of the expires response header was incorrectly set to a past date. This disabled caching of the response and led to unnecessary resource consumption. The problem has been solved by setting a future (+1 hour) date as value for the expires header.
49964 Drive mails using main account name instead of alias
Display name is always determined by associated user.
49958 Print preview of mail is always HTML
Despite the users configuration print previews for mails were always using the HTML part of the message. This has been changed to respect the users configuration with regards to displaying HTML mail.
49937 Pasting multiple address result in single recipient
When taking over Email addresses from popular Office productivity suites by copy&paste, those were detected as single recipient. This happened since that software does not detect the kind of data but simply provides a string without delimiters. We've added support for more delimiters than comma and semicolon to work around this issue.
49920 Quote get single lined when using drive mail
Wrong text formatting on explicit plain text transport.
49909 Filenname encoding wrong in drive mail
File name contains possible mail-safe encoding rendering shared item unreadable to user.
49903 Recipient missing in to: on reply-to action the second time
If the lastname of the user is set to a single whitespace, the displayname was set to a single whitespace too. Tokens are trimmed and therefore, this token was not shown but still attached to the mail.
49869 Upsell not triggered in onboard wizard for updater
No handling for caps with digits.
49832 Geotagging issues for CalDAV
When importing CalDAV events with geolocation information, parsing failed in case float values were used for longitude and latitude. We made parsing less strict in this regard to allow importing.
49799 Accept/decline buttons are preserved in Mail
When using the "Accept/Decline" buttons in mail and switching mails, those buttons kept showing up despite the appointments status has already been updated. This was solved by properly redrawing mails that offer those buttons.
49693 OX error- Message could not be found in the folder
Adjusted logging to not flood log files and have a more adequate log level for common cases in which an image cannot be retrieved.
49575 Google drive: filename in version info not updated
Wrong file-name/title advertised to client when querying version/revision history for a file.
49572 Dropbox/box.com: upload a new version overwrites file
Add new version overwrote the original file.
49543 Show hidden files and folders is not hidden when protected
No generic support to hide each user setting.
49491 IMAP session Timeouts after switching the IMAP backends
Mutually exclusive access to shared instances of 'javax.mail.internet.MailDateFormat' prevent concurrent threads to parse IMAP INTERNALDATE/ENVELOPE fetch responses.
49417 IMAP issue with empty x-originating-ip content
When sending NIL values for the "x-originating-ip" parameter, certain IMAP servers run into problems. This has been worked around to ensue no NIL values are sent by App Suite.
49374 Bad organizer mail address when inviting through the calendar
Under certain circumstances, the organizer value was built from the user's display name when serializing to iCal.
49304 Crash on all Groupware Nodes
A newly introduced login handler stored an user attribute on each login operation, and the corresponding cache invalidation event was distributed remotely throughout the cluster, which lead to an increased number of unnecessary events.
49265 Dropbox storage offers to add descriptions
When including Dropbox as a storage account, Drive did offer to add descriptions to files, which is unsupported by Dropbox. We're now adapting available Drive features in accordance to capabilities of those external storage providers.
49259 Attachment corrupted when open in browser
Generic detection for possible XML content leads to accidental XML escaping.
49254 ShareService not starting up
In certain cases the ShareService did shut down during bundle startup, this has been handled to avoid signalling "stop" events during startup.
49236 Huge amount of Mail folder could not be found on mail server messages for non-existing folders
The message for "Mail folder could not be found on mail server" were known, actually by design, but not expected to happen that often.
49231 Filter rules: From condition "is exactly" doesn't work on email addresses
To filter for email addresses in a more comfortable way "Sender address" were included as condition type.
49210 Marked mail(s) disappear when hitting # 1 key on Numpad
Appsuite using a shared keypress handler for the numpad key and the 'a'. In combination with ctrl or another special key all messages get selected. A missing check in archive action allowed to archive a message with the numpad key.
49207 Missing filenames for pasted screenshots
When passing a screenshot to mail compose, a attachment without filename got created. We now assign a default filename to such content to avoid compatibility issues.
49196 Users can not be added to group
It was not possible to add an user to a group containing a space in the name and were created by the command line tool.
49141 Mail content only displayed on reply/forward
Mail content were not visible in all mails, actual mail content nested inside
49103 No additional address books loaded in picker on mail compose
Too many contacts thus hitting the default limit of 10000 contacts.
49091 Show requests for read receipts setting is not hidden when protected
Configurability for all settings is not available.
49086 About 1600 Mails can not be deleted at once, Script Timeout in Browser
Removing the mails one by one takes very long.
49083 E-Mail-Folder Action 'delete all messages' ignores OVERQUOTA
Copy command was able to run into overquota.
49074 Appointment cancellation mail loop with iOS
In rare cases the iOS Mail/Calendar clients decide to send out repeated cancellation mails. While the behaviour is triggered by the client we try to counter this behaviour by blocking cancellation mails at replies at OX App Suite when synchronizing.
49057 Incorrect dates provided by WebDAV clients
When mounting Drive using WebDAV, some clients provide incorrect creation times for files. This was caused by a incompatible date format and has been fixed by providing RFC1123 dates instead.
49055 FLD-0008 exception 'Folder 0 does not exist in context 1'
Appointment object is missing the action folder id.
49007 Address picker shows inaccessible folders
When using the recipient picker for Email the second time while not having access to public and shared folders, those were shown as an option nonetheless. We fixed that by cleaning caches so the correct folders are provided as options.
48949 Sometimes printing fails with "Drucken ist beim Starten des Druckvorgangs fehlgeschlagen." on Preview
Only affects calendar views as they are external, i.e. loaded from the server and was quite rare.
48940 Autologout setting is not hidden when protected
Not all settings are implemented to configure via yml-File.
48928 Customization for contacts identity circle
In order keep the list at the address-book picker in sync with the Contacts app, identity circles can now be customized with regards to color. See SCR #3602.
48927 Customization for contacts identity circle
In order keep the list at the address-book picker in sync with the Contacts app, identity circles can now be customized with regards to name initials. See SCR #3602.
48883 logconf -l com.openexchange.usm does not filter for UID/CID
The logback filtering works in conjunction with the MDC properties, meaning that in order for a log filter to work, the userId, contextId and (optionally) sessionId have to be present in the MDC. In this case, the previous mentioned MDC properties were only applied upon a login request, hence the only DEBUG log entry that was visible in the log was that of the login request.
48851 Zero-minute reminders not respected in public calendars
When using public calendars and setting reminders to "0", this value is treated as "no reminder". This has been solved by signalling 0 as a legal value for appointments at such folders.
48778 Contacts tab opens with ~20 Seconds Delay, Display-Errors after Tab Change Contacts to Calendar and back
The new user setting "Start in global address book" (default: true) conflicts with an extremely slow loading of address book.
48748 Distribution list view inconsistent, saving such a list does not work
The error is cause by two update operations on a contact off the distribution list. If a contact off the distribution list is within the address-book of the user, then the entry within the distribution list will reference this contact. In case the email address referenced by the distribution list is removed the entry within the distribution list is also updated (now empty). If then in a next step the contact is deleted the entry within the distribution list will be changed to a contact without a reference. In this case the mail address within the distribution list will be used, which is still be empty. In this case the distribution list is invalid because of this missing mail address.
48729 Archive folder visibility
In case users got provisioned with a specific name for the "Archive" folder, there was no way to remove that information afterwards. We've removed a sanitiy check for empty folder names and instead add "null" to the users mail configuration in case that folder shall be empty. As a result no folder will show up as "Archive" anymore. Note that using this functionality makes it mandatory to disable archive functionality as a capability for the user. Otherwise there will be inconsistencies and unexpected behaviour on the user-interface level, including re-creation of the "Archive" folder with its default values.
48687 Carddav data with xD at the end of all lines
The underlying org.jdom library adjusts line endings during serialization, for inline vCards in multistatus responses this led to duplicated carriage return characters. While usually the receiving side is in charge to normalize line endings during parsing, one particular client is not able to do so.
48681 Mail not displayed correctly on Android
The mail contains two parts of type text/plain. The second part contains the greetings. USM handles only the first part for sending the mail in plain text format to the client (used by Android).
48663 No signature selected in settings after upgrade
Missing signature handling for update.
48654 SpamExperts GUI page not displaying fully for SpamPanel
The container element of settings pages doesn't have a fixed height. This broke percentage-based height specification of its children.
48631 Unexpected compression headers for SAML
When using HTTP redirect bindings for single logout responses, our implementation did expect zlib headers while raw gzip was returned. This has been solved by handling this kind of input.
48630 Missing attachment preview for very special mails
When sending a mail to a mailing list and using a X.509 signature plus another attachment, that attachment could not get previewed in App Suite. This has been solved by avoiding to fetch ignorable parts of the mail.
48629 Appointment jumps one day back if time changed more than 12h
Local date instead of internal utc date were used in one calculation.
48618 Portal tiles show hidden files
After displaying "hidden" files was disabled, they did still show up at the Drive portal tile of App Suite. This got solved by applying the correct filter to the tile as well.
48598 Incomplete delete events sent when removing appointment series
When deleting a recurring appointment, the related event mechanism did distribute events which refer to the recurring appointment but did not contain any pointers to exceptions of that series. We're now sending more sophisticated objects that allow to gather references to exceptions of that recurring appointment.
48495 New arriving mails are sorted somewhere into existing mails in list view
Sort handler was called before models were drawn and list were messed up.
48463 Multiple honorific prefixes are comma-separated
When using honorific prefixes, suffices or additional names at contacts, those details were transferred and serialized as individual attributes which led to display issues on some CardDAV clients. This has been solved by putting this information to single attribute.
48438 Inconcistent folder order in Archive
The Archive folder did list subfolders in descending date order to make sure the most recent folders are on top. However this did conflict with certain use-cases and added inconsistency, therefor we switched to alphabetically ascending order for all folders except numeric ones.
48394 DOS encoding for paths.perfMap
The file paths.perfMap was delivered with CRLF linebreaks, which of course does not make sense on Unix-style environments. We applied proper linebreaks again.
48380 Unable to remove a directory in Drive
In case a directory contained a hidden subfolder without permissions to the deleting users, removal of that enclosing folder failed without a sufficient error message. We've extended the OX Drive protocol to handle this situation and make clients aware of the root cause.
48364 Unable to save mail to "Sent" folder after sending
Getting the standard folders (e.g. for "Sent") failed in case a spam/ham folders where absent but expected. The code has been hardened to deal with situations like this, which may occur when using custom spam handler implementations or configuration.
48349 'AVERAGE_USER_SIZE' not found in file /opt/open-xchange/etc
The method getProperties was used.
48348 Reporting issues with multiple registered servers
When having contexts spread across different middleware clusters but using the same database backends, the report client did not finish its execution. This has been solved by considering such configurations and general hardening of the report functionality in this regard.
48344 User is not able to sent email to users on the same cluster after account is added as external
No filtering based on transport_url for added email accounts.
48292 Usercopy fails with "Unexpected problem occurred"
UseCountCopyTask used a wrong mapping object and tried to copy use counts of internal users and usercopy failed.
48248 Unable to copy/move mail if target lacks flag compatibility
When copying or moving a mail from a mail backend that supports more IMAP user-flags than the target backend, an error was raised. This has been solved by checking existing flags and convert them in a compatible way.
48243 Report clients stops for corrupt guest users
In case a guest user has a reference to a deleted user, running reports did not deliver any results. This has been solved by handling the absence of the referenced user.
48242 Unable to delete appointment from cancelation mail
When using a CalDAV client like eMClient, some cancellation mails could not be used to delete the related appointment since their ID was missing. We solved that by avoiding a fallback to the "Publish" method when synchronizing.
48205 Issues when switching SMTP-Auth
When configuring a external mail accounts SMTP credentials as "As incoming mail server" and changing this configuration to specific credentials, the old credentials were maintained. This has been fixed.
48195 External appointment "You have confirmed this appointment", but is not accepted
New external appointments were displayed as accepted, but are nor accepted.
48133 Malformed mail causes warnings
In case a E-Mail contains illegal references to multiparts, such as attachments, a warning was raised at the log. To avoid log flooding the situation is being handled in the code without logging a verbose message.
48118 Upsell I-Frame does not open in Firefox and IE
Click delegate on premium container didn't worked as expecting.
48109 Special IMAP folders are re-set on first login
When defining special-use flags for IMAP folders, those were not considered when logging in for the first time. The behaviour has been made configurable by change #3524. Now we're considering those pre-defined special-use folders.
48089 Weekend days were hardly readable
In case the current day is a Sunday, the date label was hardly readable since several shades of red were applied. This has been solved by correcting the priority of shades when displaying the calendar month view.
48075 vCard export fails when missing references
In case vCard data information is stored to a external service and that service becomes unavailable, exporting fails. This has been addressed by adding a check if all referenced information is present and accessible before starting to export.
48073 Hover on mail folders is missing after update to 7.8.2
No hover message reporting the total messages and unread messages in email folder.
48047 Random OOM during parsing mail
This was caused by excessive creation of (sub-)strings while trying to re-parse a weird, but possible start tag segment.
48006 IMAP ID is sent after login instead of before
"ID" command gets issued after login happened, breaking Dovecot's session tracing.
47992 Mail content incorrectly displayed
As a side-effect of content sanitization certain invalid E-Mail structures, in this case broken tags were removed which led to follow-up issues when displaying the mail. We've made the sanitizer more flexible to avoid such false-positive cases.
47967 High CPU usage by Java process
An infinite loop while trying to determine a folder's reverse path to root folder caused the excessive creation of folder instances all kept in a wrapping java.util.ArrayList instance. It turned out that while loading the path for a folder from a subscribed external IMAP account, the special INBOX folder references itself as parent, consequently rendering the traversing loop infinite.
47944 Error when storing data to Swift backend
When creating a file on a Swift storage backend, the service might respond with HTTP Status 201 instead of 200 which was unexpected. This got fixed by handling this status as well.
47932 No free mailstore found causes configdb inconsitencies
When deploying a new cluster, having not yet registered a mailstore, creating a context caused inconsistencies in the configdb.
47893 Folders with dots in their names are not queried correctly
It was not possible to retrieving informations from cloud storage folder if they contain a dot in foldername.
47888 NPE when trying to edit the description of a file in a Dropbox account within the AppSuite
Edit the description of a file in a Dropbox account were not possible with the Appsuite-UI.
47873 Filename information is lost when moving files between different file storages
Now setting the filename when moving files across different file storages to solve this issue.
47785 Rate-limit triggered when handling huge distribution list
When working with large distribution lists, usually more than 500 members, OX App Suite UI triggered a lot of unnecessary requests to get member information. Depending on the workflow and amount of members this could exceed the default rate-limit and effectively lock-out a user for several minutes. We have optimized which and how many calls are triggered when editing distribution lists to avoid this scenario.
47720 Missing check for filter rules capability
In case the mailfilter package is not installed, the frontend was missing a capability check and offered to create mailfilters based on existing E-Mail nonetheless. This was fixed by considering those capabilities.
47683 Mail is not displayed correctly - 2 instead of three attachments
The regex pattern to identify the uuencoding wasn't able to handle umlauts.
47678 OX Drive standalone: Remove "Add to Portal"
added permission for portal
47676 Contact related content shown for drive-only configurations
In case a user account is configured to only use OX Drive, some functionality was offered that would require the Contacts app to be present, for example contact details. These issues have been resolved by removing links at invite guests or permission dialogs.
47664 Empty object_permission table causes stale RDBMS connections
A database connection was not returned to the pool under specific circumstances.
47656 Sort menu not fully visible in horizontal mode
Sort menu was hidden by mail detail view if this part was to small.
47587 Cancelled appointment in Outlook not updated
When cancelling a group appointment in Outlook as organizer, the appointment for participants was not removed in case those participants did have "PIM" access permissions. This was caused by a server-client state conflict and has been solved.
47576 Rename of OX6 distribution lists not fully working in appsuite
OX6 sets display name and last name while creating a new distribution list.
47575 Modifications to logback configuration re-set
When updating OX App Suite, recent default configurations changes to logback.xml were reset. Packaging now considers those changes and makes sure the defaults are maintained when updating.
47510 Mobile Web uI only: Mail folder can not be added on Root-Level
Adding an IMAP folder via Mobile Web UI on root level (beside INBOX) does not work.
47504 OX Documents offers contacts functionality even if contacts are disabled; If contacts is not available the usernames are not longer clickable
47503 OX Documents offers email functionality even if webmail is disabled
sendmail button and/or send mail sub items of button group will be disabled from now as soon as there is webmail not available.
47467 Menu is displayed wrong
Email option menu was displayed wrong if the topbanner was active.
47438 Standard group guest delete and edit buttons active
Standard group guest delete and edit buttons were active.
47429 Vacation rule jumps to top
The position of the vacation notice was reseted to the top if this rule has changed.
47417 Listing large folders results in IE11 issues
When listing folders with more than 10.000 E-Mails and scrolling through them, IE11 did report script warnings. Those warnings were triggered by long-running JS actions. We optimized the handling of pagination when dealing with lots of mails to avoid triggering those warnings. On very slow machines this might still happen though.
47378 Contact csv import: error message very vague
The csv parser is configured to be tolerant and accepts rows in csv files with columns sizes lower than the number of title columns. If a row does not contain enough columns it will add empty columns at the end of the row. If a column in the middle of the row is missing all other entries will be shifted to the left. This leads to an error for the distribution list column, because the importer uses the data of another column for this field.
47348 Password dialog for external accounts after update
For some users the "recovery/secret?action=check" call permanently signals that the currently used password is outdated and the new one is prompted.
47325 User-fields not mentioned as option for search facet
It's now possible to include "optional" fields at contacts to the search facet. This allows searching for those parameters values.
47279 Incorrect findings of checkconfigconsistency
The checkconfigconsistency tool did report some incorrect findings at cache.ccf. This has been solved by considering directories when comparing configuration file content.
47184 Forwarding mails with cc-recipients automatically opens cc field in mail compose
On model creation data from the original mail was propagated that should have been omitted.
47182 Separate email addresses with semicolon not working
Separate email addresses with semicolon after two or more were added as one didn't work.
47166 Redirect to logoutLocation does not work anymore
Redirect to loginLocation and logoutLocation does not work.
47157 SOAP API does not list guest users
includeGuests and excludeUsers parameters was missing in soap interfaces.
47101 Misleading information on truncated HTML messages
If a HTML Email message exceeds limits for processing, a truncated representation is provided to the user. We added some more details and less confusing description about why this is the case and how a user can handle the situation.
47083 Incorrect translation for mail filter rules
The polish translation for mail filter rules had some flaws, those were solved by updating the specific translation.
47025 Shared mail folders are not displayed
When applying very specific folder permissions, a issue was observed that folders are not show via OX App Suite while being expected to show up. This was caused by a incomplete permission check and got solved by correcting this check.
46970 Linked appointment and task within an email cannot be displayed
If an user click on an invalid appointment/task link, he got the spinner.
46968 Upsell-Trigger within "onboarding-wizard" not working
Upsell i-Frame for onboarding wizard didn't working.
46837 Incorrect translation for quota
The polish translation for quota levels had some flaws, those were solved by updating the specific translation.
46677 While subscribing to mail-folders not all "subscribable" folders get displayed
After a Appsuite refresh some "subscribable" folders disappeared.
46482 Unable to read mail in Outlook
Email messages with multiple different Content-Transfer-Encoding headers did cause errors with Outlook. Such malformed messages are now sanitized before delivering them to the client.
46443 Unable to view specific mails
When forwarding a specific mail structure multiple times, the corresponding sequence ID was miscalculated. As a result some mails could not be displayed anymore. This glitch has been solved by correcting the calculation for nested messages and attachments.
46346 Smtp account information not shown
In the account settings for mail the smtp settings are displayed, but username and password were not shown.
46285 docx failed to load for editing, Binder not available for this docx,
java.lang.NumberFormatException
ignoring this attribute via xslt transformation
46189 Unable to see Halo or who reserved a resource within the Scheduling tool
No single general solution for all different use cases in this scenario.'io.ox/calendar//freeBusyStrict' (default: true), when NOT in strict mode detail view is available, details for appointments are not displayed.
46098 Logging of invalid cookies on autologin
When enabling the "auto login" functionality, error messages were logged regarding incorrect cookie information. Since users that have not been logged in before will accidentally trigger this message, it has been removed from the default loglevel.
45457 Incomplete documentation on "filestorage"
Existing documentation about the topic of filestores was party missing and inconclusive. This has been solved by migrating to a new documentation system and workflow. Please use
45101 pdf2svg using boundless memory
Added a new config item 'com.openexchange.documentconverter.pdftoolMaxVMemMB' has been added to the 'documentconverter.properties' configuration file. The implementation uses this value to limit the amount of memory for the PDF tool
44943 Instant termination of DC backend processes when OSGi bundle is stopped;When stopping the DC server bundle, every single, currently running job is interrupted and terminated
in addition, all DC joib queues are cleared
44275 Improved queue handling for DocumentConverter to avoid pending jobs
Some DocumentConverter jobs never got processed by the DocumentConverter backend and remained within the job queue forever due to a missing unlock of the job after the first conversion. This happened under certain conditions like same job conversions for the same source document in parallel. When pending or blocked jobs are within the DocumentConverter queue due to a parallel processing of the same conversion, it is ensured, that those jobs get unlocked after the first conversion of this kind of jobs happened, giving a fast processing and removal of all pending jobs with the same characteristics.
43342 Resources are not handled with ActiveSync
We've added rudimentary support for resources when using the Exchange ActiveSync (EAS) protocol. The Email address of a resource will be delivered to the client to allow scheduling.
31404 Incomplete documentation on "quota"
Existing documentation about the topic of different quota levels and configuration was party missing and inconclusive. This has been solved by migrating to a new documentation system and workflow. Please use
23639 Messaging accounts not removed instantly
When removing oAuth credentials for a messaging account, e.g. Twitter, the related entry at the main menu did not get removed. This has been solved by refactoring the oAuth implementation.