Detailed software changes deprecated
This page contains detailed information about software changes.
8.33
General
SCR-1482
Summary: Added redis.tls chart value
Whether to use TLS to connect to the Redis endpoint can now be configured using redis.tls.enabled
and redis.cache.tls.enabled
.
SCR-1480
Summary: Updated lettuce library from v6.5.0 to v6.5.1
Updated lettuce library from v6.5.0 to v6.5.1 in bundle io.lettuce
- lettuce-core-6.5.1.RELEASE.jar
3rd Party Libraries/License Change
SCR-1481
Summary: Updated Fabric8 libraries from v6.10.0 to v6.13.4
Updated Fabric8 libraries from v6.10.0 to v6.13.4 in "io.fabric8.kubernetes" bundle
- kubernetes-client-6.13.4.jar
- kubernetes-client-api-6.13.4.jar
- kubernetes-httpclient-jdk-6.13.4.jar
- kubernetes-model-admissionregistration-6.13.4.jar
- kubernetes-model-apiextensions-6.13.4.jar
- kubernetes-model-apps-6.13.4.jar
- kubernetes-model-autoscaling-6.13.4.jar
- kubernetes-model-batch-6.13.4.jar
- kubernetes-model-certificates-6.13.4.jar
- kubernetes-model-common-6.13.4.jar
- kubernetes-model-coordination-6.13.4.jar
- kubernetes-model-core-6.13.4.jar
- kubernetes-model-discovery-6.13.4.jar
- kubernetes-model-events-6.13.4.jar
- kubernetes-model-extensions-6.13.4jar
- kubernetes-model-flowcontrol-6.13.4.jar
- kubernetes-model-gatewayapi-6.13.4.jar
- kubernetes-model-metrics-6.13.4.jar
- kubernetes-model-networking-6.13.4.jar
- kubernetes-model-node-6.13.4.jar
- kubernetes-model-policy-6.13.4.jar
- kubernetes-model-rbac-6.13.4.jar
- kubernetes-model-resource-6.13.4.jar
- kubernetes-model-scheduling-6.13.4.jar
- kubernetes-model-storageclass-6.13.4.jar
SCR-1479
Summary: Updated Netty libraries from v4.1.114 to v4.1.115
Updated Netty libraries from v4.1.114 to v4.1.115 in bundle io.netty
- netty-buffer-4.1.115.Final.jar
- netty-codec-4.1.115.Final.jar
- netty-codec-dns-4.1.115.Final.jar
- netty-codec-http2-4.1.115.Final.jar
- netty-codec-http-4.1.115.Final.jar
- netty-codec-socks-4.1.115.Final.jar
- netty-common-4.1.115.Final.jar
- netty-handler-4.1.115.Final.jar
- netty-handler-proxy-4.1.115.Final.jar
- netty-resolver-4.1.115.Final.jar
- netty-resolver-dns-4.1.115.Final.jar
- netty-transport-4.1.115.Final.jar
- netty-transport-native-unix-common-4.1.115.Final.jar
Configuration
SCR-1485
Summary: New options for Redis Connector
Added new lean options for the Redis connector
com.openexchange.redis.connection.pool.newConnectionIfWaitExceeded
Specifies whether to establish a new connection if waiting for an available connection in pool is exceeded. Default value is"true"
. Neither reloadable, nor config-cascade awarecom.openexchange.redis.cluster.periodicTopologyRefreshMillis
Defines the interval in milliseconds for periodic refreshing of the the cluster topology. Only effective if connecting against a Redis Cluster; e.g."com.openexchange.redis.mode"
is set to"cluster"
. Default value is"600000"
. Neither reloadable, nor config-cascade aware
SCR-1477
Summary: New property to select default collection for new contacts via iOS / CardDAV
In the Contacts App on iOS, it is not possible to pick a certain folder while creating a new contact within the CardDAV account. Instead, the iOS client creates new contacts in a somehow randomly chosen folder of the account, which could also be the "Global Address Book" or the "Collected Contacts" folder, or even folders that are shared from others. Therefore, as the user cannot influence the target folder, an implicit workaround is in place so that new contacts are always created within the user's default contacts folder on App Suite. Within the iOS client, this is reflected after the next synchronization cycle as well.
To influence the applied fallback logic, the following lean configuration property is introduced:
com.openexchange.carddav.iosFallbackToDefaultCollectionForNewResources
Possibly settings are:
{}always{
}: New contacts are always created within the user's default contacts folder on App Suite{}disabled{
}: Contacts are created within the folder targeted by the client, but rejected on insufficient permissions{}insufficientPermissions{
}: Contacts are created within the folder targeted by the client, falling back to the user's default folder on insufficient permissions
It defaults to always
so that contacts are created in the user's default contacts folder independently of which folder is targeted by the client.
The new property is reloadable and config-cascade-aware.
8.32
General
SCR-1473
Summary: Updated lettuce library from v6.4.0 to v6.5.0
Updated lettuce library from v6.4.0 to v6.5.0in bundle io.lettuce
- lettuce-core-6.5.0.RELEASE.jar
3rd Party Libraries/License Change
SCR-1476
Summary: Updated Jackson libraries from v2.16.1 to v2.18.1 in target platfom
Updated several libraries to update Jackson libraries from v2.16.1 to v2.18.1
Target platform bundles (com.open-xchange.bundles)
- stax2-api-4.2.1.jar replaced with stax2-api-4.2.2.jar
- jackson-annotations-2.16.1.jar replaced with jackson-annotations-2.18.1.jar
- jackson-core-2.16.1.jar replaced with jackson-core-2.18.1.jar
- jackson-databind-2.16.1.jar replaced with jackson-databind-2.18.1.jar
- jackson-dataformat-cbor-2.16.1.jar replaced with jackson-dataformat-cbor-2.18.1.jar
- jackson-dataformat-xml-2.16.1.jar replaced with jackson-dataformat-xml-2.18.1.jar
- jackson-datatype-jsr310-2.16.1.jar replaced with jackson-datatype-jsr310-2.18.1.jar
- jackson-datatype-jsr310-2.16.1.jar replaced with jackson-datatype-jsr310-2.18.1.jar
- jackson-datatype-jsr353-2.16.1.jar replaced with jackson-datatype-jsr353-2.18.1.jar
- jackson-jakarta-rs-base-2.16.1.jar replaced with jackson-jakarta-rs-base-2.18.1.jar
- jackson-jakarta-rs-json-provider-2.16.1.jar replaced with jackson-jakarta-rs-json-provider-2.18.1.jar
- jackson-jakarta-rs-xml-provider-2.16.1.jar replaced with jackson-jakarta-rs-xml-provider-2.18.1.jar
- jackson-module-jakarta-xmlbind-annotations-2.16.1.jar replaced with jackson-module-jakarta-xmlbind-annotations-2.18.1.jar
- jackson-module-jaxb-annotations-2.16.1.jar replaced with jackson-module-jaxb-annotations-2.18.1.jar
Bundle com.ctc.wstx
- woodstox-core-6.5.1.jar replaced with woodstox-core-7.0.0.jar
Bundle org.yaml.snakeyaml
- snakeyaml-2.2.jar replaced with snakeyaml-2.3.jar
SCR-1472
Summary: Updated Netty libraries from v4.1.112 to v4.1.114
Updated Netty libraries from v4.1.112 to v4.1.114 in bundle io.netty
- netty-buffer-4.1.112.Final.jar
- netty-codec-4.1.112.Final.jar
- netty-codec-dns-4.1.112.Final.jar
- netty-codec-http2-4.1.112.Final.jar
- netty-codec-http-4.1.112.Final.jar
- netty-codec-socks-4.1.112.Final.jar
- netty-common-4.1.112.Final.jar
- netty-handler-4.1.112.Final.jar
- netty-handler-proxy-4.1.112.Final.jar
- netty-resolver-4.1.112.Final.jar
- netty-resolver-dns-4.1.112.Final.jar
- netty-transport-4.1.112.Final.jar
- netty-transport-native-unix-common-4.1.112.Final.jar
Configuration
SCR-1475
Summary: New property to configure SSO Logout when OX Sessions are closed
In order to configure after which session removal events an OpenID Connect session is also closed on the provider side, the following lean configuration property is introduced:
com.openexchange.oidc.opLogoutOnSessionRemoval
It specifies an optional comma-separated list of certain session removal events for which the logout endpoint of the OP should be invoked as well to terminate the OIDC session. This does not affect regular/explicit, client-initiated logout flows where the OP is always included as per com.openexchange.oidc.ssoLogout
. Also, sessions spawned using the Resource Owner Password Credentials Grant are not considered.
Configurable removal events include:
expired
- The session is removed after being idle/unused for a certain durationuser_closed
- Another session is removed explicitly by the user (usually via session management API)admin_closed
- A session is removed explicitly via an administrative interface (e.g. close sessions commandline utility or REST API)
The property is empty by default, reloadable, and not config-cascade-aware. See also the documentation for further details.
SCR-1470
Summary: Added new lean property to control detection of inline images
Added new lean property com.openexchange.mail.detectInlineImageByDispositionOnly
that controls whether to detect inline images solely by its value for "Content-Disposition"
header (required to be "inline"
) and to ignore any file name information (e.g through "filename"
parameter).
SCR-1462
Summary: Added new property to track Redis operation taking longer than a configured threshold
Added new lean property com.openexchange.redis.operationExecutionTimeThreshold
to track Redis operation taking longer than a configured threshold. Default value is 0
(zero), therefore disabled by default. Not reloadable and not config-cascade aware.
8.31
Configuration
SCR-1462
Summary: Added new property to track Redis operation taking longer than a configured threshold
Added new lean property com.openexchange.redis.operationExecutionTimeThreshold
to track Redis operation taking longer than a configured threshold. Default value is 0
(zero), therefore disabled by default. Not reloadable and not config-cascade aware.
8.31
API - Java
SCR-1460
Summary: Constructor change in com.openexchange.passwordchange.common.AbstractPasswordChangeService
With dropping legacy caching bundles com.openexchange.caching.*
, the constructor in com.openexchange.passwordchange.common.AbstractPasswordChangeService
changed as c.o.caching.CacheService
is no longer available
CLT
SCR-1464
Summary: Dropped 'checkconfigconsistency' CLT
With removal of legacy com.openexchange.caching
bundles, the checkconfigconsistency
CLT is no longer needed
Configuration
SCR-1466
Summary: Allow specifying the name of the HTTP header that forwards the originating remote port
Introduced new lean property "com.openexchange.server.portHeader"
specifying the name of the HTTP header that forwards the originating remote port. Default value is "X-Forwarded-Port"
. It is neither reloadable nor config-cascade aware.
SCR-1465
Summary: New configuration property com.openexchange.push.dovecot.unregisterAfterDelete
Depending on the setup, it may not be suitable to attempt a de-registration of active push listeners on the mail server during user- or context deletion. Therefore, a new lean configuration property is introduced:
com.openexchange.push.dovecot.unregisterAfterDelete
It defaults to true
so that current semantics are not changed. The new configuration property is reloadable, yet not config-cascade aware.
SCR-1462
Summary: Added new property to track Redis operation taking longer than a configured threshold
Added new lean property com.openexchange.redis.operationExecutionTimeThreshold
to track Redis operation taking longer than a configured threshold. Default value is 0
(zero), therefore disabled by default. Not reloadable and not config-cascade aware.
SCR-1461
Summary: Dropped legacy cache service properties
Dropped properties (referenced in open-xchange-core/debian/postinst
):
com.openexchange.caching.jcs.remoteInvalidationForPersonalFolders
com.openexchange.caching.jcs.enabled
jcs.region.*
Dropped from system.properties
:
UserConfigurationStorage
Cache
Frontend
SCR-1469
Summary: New Setting for Preferred Calendar User Address
Introduced the JSLob entry io.ox/calendar/preferredAddress
to let the end user control which email address is assigned to the corresponding attendee in calendar events, to e.g. avoid exposing of an unwanted email address. The value of the entry can always be set by the user, however is limited to the known aliases of the user.
Packaging/Bundles
SCR-1459
Summary: Dropped com.openexchange.caching.* bundles
As all caches are transformed to com.openexchange.cache.v2
implementation, the legacy cache implementation in com.openexchange.caching
and com.openexchange.caching.events
bundles is dropped
8.30
3rd Party Libraries/License Change
SCR-1452
Summary: Moved Java Data Objects (JDO) API to target platform
Moved the Java Data Objects (JDO) API formerly held in bundle com.openexchange.common
to target platform bundles managed in com.openexchange.bundles
.
Therefore, the target platform (com.openexchange.bundles
) has been extended by the libraries:
glassfish-corba-omgapi-4.2.4.jar
jdo-api-3.2.1.jar
API - HTTP-API
SCR-1456
Summary: Removed "messaging"-related APIs
Removed HTTP-API paths
messaging/account
messaging/message
messaging/service
API - Java
SCR-1458
Summary: Upgrade to Java 21
Middleware core will be upgraded to Java 21. This means that each bundle's required execution environment will now be JaveSE-21, and a compatible runtime JRE must be used.
Configuration
SCR-1457
Summary: Removed "messaging"-related properties
Removed "messaging"-related properties
- "
com.openexchange.messaging.enabled
"
SCR-1454
Summary: New configuration property "com.openexchange.cache.v2.redis.disableHashExpiration"
A new lean configuration property com.openexchange.cache.v2.redis.disableHashExpiration
is temporarily introduced for increased compatibility with older versions of Redis.
The property optionally disables field expiration of hash keys. If set to true
, no HEXPIRE
commands are invoked after setting values in hashes, resulting in persistent values that will only be removed explicitly by the application, or due to a general maxmemory
eviction policy of Redis like allkeys-lru
.
It should therefore only be enabled if a dedicated Redis instance for cache-purposes is used (see com.openexchange.redis.cache.enabled
)!
The property is neither config-cascade aware nor reloadable. It is only available for a temporary grace period and will be removed again in a future version - therefore it should be considered as deprecated from the beginning.
SCR-1442
Summary: Removed 'hazelcast-data-holding' and 'hazelcast-lite-member' roles
Since the core middleware no longer depends on Hazelcast, the roles hazelcast-data-holding
and hazelcast-lite-member
defined in the core-mw
Helm chart are no longer needed. As a result, they will be removed in version 6.0.0.
However, OX Documents, which is still included in the middleware image, relies on Hazelcast and requires a headless service. Therefore, the headless service from the hazelcast-data-holding
role has been moved to a new role named documents
.
Please note that custom node definitions (scaling.nodes
) must include this new role. Otherwise, the headless service will not be deployed, and OX Documents bundles will fail to start.
For more information, refer to the chart documentation.
Packaging/Bundles
SCR-1455
Summary: Removed "messaging"-related functionality
Through removal of "messaging"-related functionality the following bundles and packages were dropped:
Bundles
com.openexchange.messaging
com.openexchange.messaging.generic
com.openexchange.messaging.json
com.openexchange.messaging.rss
com.openexchange.messaging.sms
Packages
open-xchange-messaging
open-xchange-messaging-sms
SCR-1427
Summary: Removed "MsService" and Parent Bundle "com.openexchange.ms"
The service com.openexchange.ms.MsService
as well as its parent bundle com.openexchange.ms
are no longer used and had been deprecated along with SCR-1342. Now they're removed from middleware core.
8.29
3rd Party Libraries/License Change
SCR-1451
Summary: Updated Google Guava from v33.2.1 to v33.3.0
Updated Google Guava from v33.2.1 to v33.3.0 in bundle com.google.guava
SCR-1450
Summary: Removed org.eclipse.osgi.services helper bundle
Removed org.eclipse.osgi.services helper bundle in favor of individual org.osgi.service.X bundles
SCR-1448
Summary: Upgraded dnsjava (an implementation of DNS in Java)
Upgraded dnsjava from v3.5.3 to v3.6.1 in target platform (com.openexchange.bundles
)
SCR-1440
Summary: Updated OSGi target platform bundles
Updated the following OSGi target platform bundles
org.apache.felix.gogo.runtime_1.1.4.v20210111-1007.jar
updated toorg.apache.felix.gogo.runtime_1.1.6.jar
org.eclipse.osgi.util_3.7.200.v20230103-1101.jar
updated toorg.eclipse.osgi.util_3.7.300.v20231104-1118.jar
org.eclipse.osgi_3.18.400.v20230509-2241.jar
updated toorg.eclipse.osgi_3.20.0.v20240509-1421.jar
SCR-1433
Summary: Updated lettuce library from v6.3.2 to v6.4.0
Updated lettuce library from v6.3.2 to v6.4.0in bundle io.lettuce
- lettuce-core-6.4.0.RELEASE.jar
SCR-1432
Summary: Updated Netty libraries from v4.1.111 to v4.1.112
Updated Netty libraries from v4.1.111 to v4.1.112 in bundle io.netty
- netty-buffer-4.1.112.Final.jar
- netty-codec-4.1.112.Final.jar
- netty-codec-dns-4.1.112.Final.jar
- netty-codec-http2-4.1.112.Final.jar
- netty-codec-http-4.1.112.Final.jar
- netty-codec-socks-4.1.112.Final.jar
- netty-common-4.1.112.Final.jar
- netty-handler-4.1.112.Final.jar
- netty-handler-proxy-4.1.112.Final.jar
- netty-resolver-4.1.112.Final.jar
- netty-resolver-dns-4.1.112.Final.jar
- netty-transport-4.1.112.Final.jar
- netty-transport-native-unix-common-4.1.112.Final.jar
API - HTTP-API
SCR-1406
Summary: Added an client defined expiration time to /token?action=acquireToken
The parameter expiry
was added to the request acquireToken
. Thus, a client is able to define an individual expiry for a login token, see also /login?action=redeemToken
. The expiry parameter will only be considered if the value is less the configured value through com.openexchange.tokenlogin.maxIdleTime
SCR-1405
Summary: Renamed parameter in '/login?action=redeemToken'
The parameter secret
has been renamed to appId
since it is more fitting to the nature of the parameter. secret
can still be used, but is deprecated from now on. It will be removed in upcoming releases.
API - Java
SCR-1428
Summary: Deprecation of JCS-based "CacheService"
After a new caching implementation has been introduced with com.openexchange.cache.v2.CacheService
, the previously used, JCS-based com.openexchange.caching.CacheService
is now deprecated and is scheduled for removal in a later release. Until then, the interfaces are available and the service is basically still usable, however, without remote cache invalidation features.
SCR-1192
Summary: Removed com.openexchange.cluster.timer.ClusterTimerService
Removed com.openexchange.cluster.timer.ClusterTimerService
API - RMI
SCR-1430
Summary: Added new RMI API for deputy permissions management
Added new RMI API "com.openexchange.admin.rmi.OXDeputyPermissionsInterface
" for deputy permissions management offering methods:
grantDeputyPermission()
Grants a new deputy permissionupdateDeputyPermission()
Updates an existent deputy permissionrevokeDeputyPermission()
Revokes/deletes an existent deputy permissiongetDeputyPermission()
Retrieves a certain deputy permissionlistAll()
Lists all deputy permissions for a given context
API - SOAP
SCR-1431
Summary: Added new SOAP API for deputy permissions management
Added new SOAP API "http://soap.admin.openexchange.com/OXDeputyPermissionsService
" for deputy permissions management offering methods:
grant()
Grants a new deputy permissionupdate()
Updates an existent deputy permissionrevoke()
Revokes/deletes an existent deputy permissionget()
Retrieves a certain deputy permissionlist()
Lists all deputy permissions for a given context
Behavioral Changes
SCR-1425
Summary: Removed Replacement of "email 1" by "default sender address"
Previously, the middleware implicitly injected the configured "default sender address" into the "email 1" field of contacts representing internal users, in case com.openexchange.notification.fromSource
was set to defaultSenderAddress
. This handling goes back to a workaround that was introduced to make this mail address available in Outlook through the former OXtender integration.
This caused different issues in the past, e.g. unexpected values in the global address book, incorrect search results, multiple users with apparently the same mail addresses etc.
As the client for which the workaround has been introduced has passed away a long time ago, this implicit mail address replacement is now removed, as it is obviously no longer necessary. Consequently, the provisioned "email 1" address is now always exposed in user contact objects through all APIs, regardless of aforementioned configuration setting com.openexchange.notification.fromSource
.
So for cases where a different default sender address has been set before in a user's mail settings, the behavioral change would be that this address will now no longer be displayed for the associated contact object, but the actually stored value for "email 1".
Configuration
SCR-1449
Summary: Added DNS configuration options for MX records look-up on ISPDB auto-config detection
Added new lean DNS configuration options for MX records look-up on ISPDB auto-config detection
com.openexchange.mail.autoconfig.ispdb.dns.resolverHost
The optional host name for the DNS server on MX record look-up. If not specified system's default DNS service is used.com.openexchange.mail.autoconfig.ispdb.dns.resolverPort
The optional port number for the DNS server on MX record look-up. If not specified default port (53 UDP) is used.
SCR-1441
Summary: New Configuration Property "com.openexchange.oidc.staySignedIn"
If the default OIDC backend implementation is used, sessions created through OpenID Connect have the "stay signed in" marker set to false
by default.
This can now be changed through configuration parameter com.openexchange.oidc.staySignedIn, and has an impact on the cookie- and OX session lifetime. If true
, cookies will be decorated with the max. age as configured via com.openexchange.cookie.ttl. Also, the maximum idle time of OX sessions will be aligned to com.openexchange.sessiond.sessionLongLifeTime. If set to false
, cookies will use session lifetime, and the maximum OX session idle time follows com.openexchange.sessiond.sessionDefaultLifeTime.
The lean property defaults to false
, is reloadable, and not config-cascade aware.
SCR-1438
Summary: Removed all xing properties
The following xing properties have been removed:
- com.openexchange.oauth.xing
- com.openexchange.oauth.xing.apiKey
- com.openexchange.oauth.xing.apiSecret
- com.openexchange.oauth.xing.consumerKey
- com.openexchange.oauth.xing.consumerSecret
- com.openexchange.subscribe.socialplugin.xing
- com.openexchange.subscribe.socialplugin.xing.autorunInterval
SCR-1435
Summary: Removed option from Redis configuration
Removed option "com.openexchange.redis.resilientDatabase"
from Redis configuration in favor of possibility to specify a dedicated Redis instance for volatile (cache) data; see SCR-1434.
Thus instead of specifying a dedicated database for resilient data (such as sessions), the administrator is supposed to deploy dedicated Redis instance for volatile (cache) data.
SCR-1434
Summary: Added option to Redis configuration to specify a separate instance
Added new lean option "com.openexchange.redis.cache.enabled"
to Redis configuration to specify a separate instance dedicated for volatile (cache) data. This option is neither reloadable nor config-cascade aware.
With that option set to "true"
, the administrator may specify further Redis options for that special Redis instance through using the "cache"
infix; e.g.
com.openexchange.redis.cache.enabled=true
com.openexchange.redis.cache.mode=standalone
com.openexchange.redis.cache.hosts=localhost:6379
...
SCR-1407
Summary: Replaced 'tokenlogin-secrets' file with lean configuration
tokelogin-secrets
has been removed.
The file tokenlogin-secrets
was used to define "secret" applications for which a token login was allowed. Such "secrets" could be enriched with parameters, controlling flows in the middleware. The file was not reloadable nor config cascade aware. Therefore, replaced the file with config cascade aware and reloadable properties. The properties are defined as followed:
com.openexchange.tokenlogin.applications
specifies the application identifiers to use, split by comma. These IDs were formerly knwon as "secrets". No default value is defined. The IDs are used to define application specific behaviour through the other propertiescom.openexchange.tokenlogin.[applicationId].accessPassword
specifies whether or not the user's password is part of the response when redeeming the token. Default isfalse
.com.openexchange.tokenlogin.[applicationId].copyParameters
specifies whether or not to copy all session parameters into the cloned session, that is created during the token login action. Default isfalse
com.openexchange.tokenlogin.[applicationId].announceId
specifies whether or not to announce the application identifier to a client within the JSLob. Default isfalse
.com.openexchange.tokenlogin.[applicationId].parameters
specifies additional key-value pairs for the application, paired by equals, split by semicolon. Default is empty. Mainly kept for legacy reasons.
Database
SCR-1436
Summary: Introduced update task for removing xing accounts
Introduced the update task com.openexchange.oauth.impl.internal.groupware.RemoveXingAccountsUpdateTask
for removing xing accounts.
Packaging/Bundles
SCR-1437
Summary: Removed xing bundles
Removed xing bundles:
- com.openexchange.xing
- com.openexchange.xing.access
- com.openexchange.xing.json
- com.openexchange.subscribe.xing
- com.openexchange.oauth.xing
- com.openexchange.halo.xing
Package definitions have been removed as well:
- open-xchange-xing-json
SCR-1429
Summary: Added new bundle for deputy permissions management via SOAP
Added new bundle "com.openexchange.admin.soap.deputy
" for deputy permissions management via SOAP. That new bundle has been added to "open-xchange-admin-soap
" package.
SCR-1426
Summary: Removed "FilteringObjectStreamFactory" Service and parent Bundle "com.openexchange.serialization"
The service com.openexchange.serialization.FilteringObjectStreamFactory
as well as its parent bundle com.openexchange.serialization
are no longer used and had been deprecated along with SCR-1421. Now they're removed from middleware core.
8.28
3rd Party Libraries/License Change
SCR-1420
Summary: Removed xmlbeans-2.6.0
library
The library xmlbeans-2.6.0
has known vulnerabilities. Since it is no longer used in the Middleware, the library is removed from target platform (com.openexchange.bundles
)
SCR-1419
Summary: Upgraded ROME library for RSS and Atom feeds
Upgraded ROME library for RSS and Atom feeds from v1.0
to v1.19.0
in bundle com.openexchange.messaging.rss
SCR-1415
Summary: Updated Google Guava from v33.0.0
to v33.2.1
Updated Google Guava from v33.0.0
to v33.2.1
in bundle com.google.guava
API - Java
SCR-1421
Summary: Deprecation of "FilteringObjectStreamFactory" Service
The service com.openexchange.serialization.FilteringObjectStreamFactory
has been introduced to secure serialization routines in the first version of the "Realtime" framework.
Therefore, it should now be considered as deprecated, and is scheduled to be removed along with its parent bundle com.openexchange.serialization
in a future release.
Behavioral Changes
SCR-1390
Summary: Introduced an admin based rate limit for provisioning calls
Up until now the provisioning apis (soap, rmi, clt) were not rate limited which could lead to downtimes in case a client provisioned too fast. This is especially painful in case multiple customers are on the same platform and could influence each other.
To prevent such scenarios in the future we introduced a new rate limit which is applied per admin. It effects all provisioning apis and is checked during the authentication process.
The limit is applied in constant 1 minute timeframes and can be configured for all admins or a single ones in case one would like to introduce different limits for different admins.
For this the following lean properties were introduced as well:
com.openexchange.rmi.rate.limit.default=-1
com.openexchange.rmi.rate.limit.[admin]
See https://gitlab.open-xchange.com/app-suite-platform-1/provisioning/-/issues/1 for details
Configuration
SCR-1422
Summary: Removed unused cache regions from cache.ccf file
Removed unused cache regions from cache.ccf
file since according caches are now held in Redis storage or refactored to a local (Guava) cache.
Removed regions are:
OXFolderCache
OXFolderQueryCache
GlobalFolderCache
SCR-1416
Summary: Changed default value for property "com.openexchange.net.ssl.protocols"
Changed default value for lean property "com.openexchange.net.ssl.protocols
" from "TLSv1, TLSv1.1, TLSv1.2
" to "TLSv1.2, TLSv1.3
" following the recommendation to always use TLS 1.2 or higher
8.27
3rd Party Libraries/License Change
SCR-1409
Summary: Apache Commons Lang 2.6 removed from target platform
The library Apache Commons Lang 2.6 has been removed from the target platform. The code should be migrated to Apache Commons Lang 3.x.
All known dependencies have already been resolved in previous releases.
SCR-1404
Summary: Updated JCTools in target platform
Updated JCTools (Java Concurrency Tools for the JVM) from v4.0.3 to v4.0.5 in target platform
SCR-1394
Summary: Updated lettuce library from v6.3.1 to v6.3.2
Updated lettuce library from v6.3.1 to v6.3.2 in bundle io.lettuce
- lettuce-core-6.3.2.RELEASE.jar
SCR-1393
Summary: Updated Netty libraries from v4.1.106 to v4.1.111
Updated Netty libraries from v4.1.106 to v4.1.111 in bundle io.netty
- netty-buffer-4.1.111.Final.jar
- netty-codec-4.1.111.Final.jar
- netty-codec-dns-4.1.111.Final.jar
- netty-codec-http2-4.1.111.Final.jar
- netty-codec-http-4.1.111.Final.jar
- netty-codec-socks-4.1.111.Final.jar
- netty-common-4.1.111.Final.jar
- netty-handler-4.1.111.Final.jar
- netty-handler-proxy-4.1.111.Final.jar
- netty-resolver-4.1.111.Final.jar
- netty-resolver-dns-4.1.111.Final.jar
- netty-transport-4.1.111.Final.jar
- netty-transport-native-unix-common-4.1.111.Final.jar
SCR-1389
Summary: Removed jboss library
The library jboss-jms-api.jar
is no longer needed. Therefore, it has been removed.
SCR-1212
Summary: Update BouncyCastle Libraries to Latest
Bouncy Castle Libraries have been updated to include several bug fixes. Want to update Bouncy Libraries to version 1.78.1
- bcmail-jdk18on-1.78.1.jar
- bcpg-jkd180n-1.78.1.jar
- pcpkix-jkd180n-1.78.1.jar
- bcprov-ext REMOVED, use bcprov. ext was extended support of old methods and no longer required
- bcprov-jkd180n-1.78.1.jar
- bcutil-jkd180n-1.78.1.jar
API - HTTP-API
SCR-1406
Summary: Added an client defined expiration time to /token?action=acquireToken
The parameter expiry
was added to the request acquireToken
. Thus, a client is able to define an individual expiry for a login token, see also /login?action=redeemToken
. The expiry parameter will only be considered if the value is less the configured value through com.openexchange.tokenlogin.maxIdleTime
SCR-1405
Summary: Renamed parameter in '/login?action=redeemToken'
The parameter secret
has been renamed to appId
since it is more fitting to the nature of the parameter. secret
can still be used, but is deprecated from now on. It will be removed in upcoming releases.
SCR-1403
Summary: New field 'priority' in Event model of HTTP API
The Event
model of the HTTP API is extended by a new field named priority
. Its value defines the relative priority of the calendar event with the following semantics (see RFC 5545, section 3.8.1.9 for further details):
This priority is specified as an integer in the range 0 to 9. A value of 0 specifies an undefined priority. A value of 1 is the highest priority. A value of 2 is the second highest priority. Subsequent numbers specify a decreasing ordinal priority. A value of 9 is the lowest priority.
SCR-1401
Summary: Removal of transport "websocket" from "pns" API
The transport "websocket" in "pns" API was marked as deprecated with SCR-1297. It is now removed with version 8.27.
Behavioral Changes
SCR-1412
Summary: Caches Transformed to Redis
In an iterative approach, more and more caches are being outsourced from middleware node-local caches (JCS), towards a centralized caching architecture using Redis.
Consequently, the memory requirements for the Redis pods are going to increase - with this, as well as in upcoming releases.
Therefore, it is recommended to increase the memory assigned to the Redis pods via Helm charts ({}resources.limits{
} and/or {}resources.requests{
}), and to monitor the memory consumption of the Redis pods closely, e.g. by utilizing the exposed metrics like {}redis_memory_used_dataset_bytes{
}.
Configuration
SCR-1408
Summary: Added new config option controlling whether to use HTML on reply/forward if preferred
Added new lean config option: * com.openexchange.mail.useHtmlOnReplyForwardIfPreferred
That boolean config option controls whether to use HTML on reply/forward to/of text-only E-Mails if HTML is chosen as preferred message format. Default value is false
. That property is both - reloadable and config-cascade aware.
SCR-1383
Summary: New Property com.openexchange.redis.resilientDatabase
In order to configure an alternative database number for Redis/KeyDB, the following lean configuration property is introduced:
com.openexchange.redis.resilientDatabase
This property allows to configure an alternative database number to use for unrecoverable data like sessions that might be replayed to remote sites in sharded environments with multiple data centers ("Active/Active").
Especially, data stored there would be resilient when flushing the default database after recovering from failover situations.
Databases are only available for Redis stand-alone and Redis Master/Slave.
A negative number means no specific database.
The property defaults to -1
, which means that no separate database number is used. It is neither reloadable, nor config-cascade-aware.
Database
SCR-1411
Summary: Added an account index to various calendar tables for improved look-up
Added an index for columns cid
and account
to following calendar tables for improved look-up:
calendar_event
calendar_event_tombstone
calendar_attendee
calendar_attendee_tombstone
calendar_alarm
calendar_alarm_trigger
calendar_conference
SCR-1402
Summary: New Column 'priority' for Database Tables 'calendar_event' and 'calendar_event_tombstone'
The database tables calendar_event
and calendar_event_tombstone
are extended with a new column as follows:
`priority` INT4 UNSIGNED DEFAULT NULL
This is done through the following update task:
com.openexchange.chronos.storage.rdb.groupware.CalendarEventAddPriorityColumnTask
Packaging/Bundles
SCR-1388
Summary: Removed obsolete bundle 'com.google.gdata'
The bundle com.google.gdata
is no longer in use and therefore is removed, along with its reference from package/feature {}open-xchange-oauth{
}.
8.26
API - HTTP-API
SCR-1399
Summary: Deprecate messaging
-related functionality and APIs
The middleware used to provide a generic messaging service for different use cases like SMS or data from RSS feeds. However, these are no longer in use by App Suite UI, or got replaced with an alternative solution in the meantime.
Therefore, corresponding functionality as well as the following modules of the HTTP API should be considered as deprecated, and will be removed in a future version:
messaging/account
messaging/message
messaging/service
Configuration
SCR-1382
Summary: Added new lean property to specify SMTP chunk size
Added new lean property com.openexchange.smtp.chunksize
(and com.openexchange.smtp.primary.chunksize
respectively) to specify SMTP chunk size to use the SMTP extension for transmission of large messages; see RFC 3030. Default is 131072
(128KB). Reloadbale and config-cascade aware.
SCR-1386
Summary: Added new config options for webhook-based password change service
In order to configure the webhook-based password change service, the following properties have been introduced:
com.openexchange.passwordchange.webhook.enabled
Enables the webhook-based password change service (default: false)
com.openexchange.passwordchange.webhook.endpoint
The webhook endpoint
com.openexchange.passwordchange.webhook.username
The optional basic auth username for the webhook endpoint
com.openexchange.passwordchange.webhook.password
The optional basic auth password for the webhook endpoint
All properties are reloadable and config-cascade aware.
Database
SCR-1387
Summary: Introduced a new count table users_per_filestore
for users using a certain file storage
Introduced users_per_context
table in ConfigDB to have a direct access how many users use a certain file storage:
Table layout is:
CREATE TABLE `users_per_filestore` (
`filestore_id` int(10) unsigned NOT NULL,
`count` int(10) unsigned NOT NULL,
PRIMARY KEY (`filestore_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci
SCR-1424
Summary: Changes for "infostore_document" and "infostore" that are required to support MySQL 8.4
Update task com.openexchange.groupware.update.tasks.InfostoreDocumentDropForeignKey
drops the foreign key from "infostore_document" table due to missing unique key in the referenced table "infostore" and adds an appropriate index instead.
8.25
3rd Party Libraries/License Change
SCR-1373
Summary: Deprecation of Apache Commons Lang 2.6
The Apache Commons Lang in version 2.6 will be removed from the target platform with version 8.26! As version 3.x (currently 3.14.0) of Apache Commons Lang is already available within the target platform please make sure to migrate your code to this version until the release of App Suite 8.26!
API - HTTP-API
SCR-1375
Summary: Added sort_first_name field to DistributionListMember
Each member of a distribution list now contains an additional field sort_first_name which provides a name which can be used for sorting by first name. This field works similar to the sort_first_name field of the contact itself.
Additionally the members are also sorted according to this field.
SCR-1372
Summary: Added virtual contact field column 'sort_first_name'
Added virtual contact field column sort_first_name
with the column identifier 623.
In analogy to the sort_name
column (607), which sorts by surname, this column id can be used to sort the contacts in a contact request by the first name, taking into account the YOMI names.
Configuration
SCR-1380
Summary: Added new config option to control if user's local part should be assumed
Added new lean config option com.openexchange.imap.assumeUserLocalPartForSharedFolderPath
to control if user's local part should be assumed when determining the path for a shared IMAP folder; e.g. assume "jane.doe" instead of "jane.doe@invalid.com". Default is false
. Reloadable and config-cascade aware.
SCR-1378
Summary: Removal of Property com.openexchange.redis.enabled
After Redis becoming mandatory for core middleware services (SCR-1310, SCR-1330, SCR-1342 and furthers), the previously available switch com.openexchange.redis.enabled
is no longer needed and therefore removed.
That means that the middleware will no longer start or work properly without configured Redis instance. By default, a standalone Redis instance on localhost:6379
, is used. See property documentation for further details.
Consequently, in the "core-mw" Helm chart, the previously available enabled
switch in the redis
section is removed as well. That means that, unless configured differently via hosts
, a fallback standalone Redis service is deployed by default.
Database
SCR-1319
Summary: Drop oauth-provider tables
Update tasks com.openexchange.groupware.update.tasks.DropOAuthGrantTableTask
and com.openexchange.groupware.update.tasks.DropAuthCodeTableTask
drop the tables oauth_grant
and authCode
from contextdb. The changesets 8.x:oauth_client:drop
and 8.x:oauth_client_uri:drop
drop the tables oauth_client
and oauth_client_uri
from globaldb.
8.24
3rd Party Libraries/License Change
SCR-1366
Summary: Updated Spring Framework
Updated Spring Framework from v5.3.21 to v6.1.4 in bundle com.openexchange.xml
spring-beans-6.1.4.jar
spring-core-6.1.4.jar
spring-jcl-6.1.4.jar
API - Java
SCR-1367
Summary: Slightly incompatible update to BasicAuthenticatorPluginInterface
In order to gain more flexibility in case of multiple Plugins implementing BasicAuthenticatorPluginInterface
and to introduce Context-Admin capability for regular users using the provisioning APIs, the return type of the three methods
isOwnerOfContext()
isMasterOfContext()
isMasterOfContext()
will be changed from the primitive type boolean to Optional<Boolean>
also supporting the third state empty to ignore the result and skip to the next plugin.
API - REST
SCR-1368
Summary: New REST API endpoint /admin/v1/contexts/pre-assemble to pre-assemble contexts
The concept of pre-assembled contexts consists of the asynchronous pre-creation of deactivated contexts that will be reused (and adapted to the provided settings) during the usual createcontext
call. Pre-assembled contexts are characterized by being deactivated with reason_id
equals 666
and their name beginning with the preassembled-
prefix followed by an UUID.
In order to pick up pre-assembled contexts during regular provisioning operations, context skeletons need to be inserted into the database first. This can be achieved in two ways, by calling a REST API or via a background job.
The REST API is located at http://oxhost:8009/admin/v1/contexts/pre-assemble
. Pre-assembled contexts can be generated by a POST request using master authentication with a body containing a JSON object describing the schema name and how many context skeletons should be created. Optionally you can add the id of the filestore that should be used for the pre-assembled context by defining filestore_id
parameter.
Example:
POST /admin/v1/contexts/pre-assemble HTTP/1.1
Content-Type: application/json
Authorization: Basic amFuOmphbg==
User-Agent: PostmanRuntime/7.36.3
Accept: */*
Cache-Control: no-cache
Postman-Token: 3992936c-9d95-43c6-beb7-8b110e0088e2
Host: devenv.oxmw.io:8009
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Length: 41
{
"number":4,"schema": "oxuserdb_5"
}
HTTP/1.1 200 OK
Server: grizzly/2.4.4
X-Robots-Tag: none
Content-Type: application/json; charset=UTF-8
Content-Length: 52
{
"contextIds": [
11832,
11833,
11834,
11835
],
"errors": []
}
The response contains a JSON array of identifiers of the created pre-assembled contexts at field contextIds
. Any errors that might have occurred when inserting the data are supplied in the errors
array as well. In case of fatal errors, a response status different from HTTP 200
will be returned depending on the error that occurred. Please have a look at the full REST API description of the endpoint for more details.
Configuration
SCR-1370
Summary: Added option to Redis configuration to specify a compression method
Added lean property to Redis configuration to specify a compression method
com.openexchange.redis.compressionType
The compression type to globally compress/decompress any data written to/read from Redis end-point according to specified type. Allowed type:snappy
,gzip
,deflate
andnone
. Enabling or disabling compression is backward-compatible; meaning any previously written uncompressed data can still be decoded as well as any previously compressed data (provided that compression gets turned off later on). Default value isnone
. Neither config-cascade aware nor reloadable.com.openexchange.redis.minimumCompressionSize
The minimum size for a data chunk in bytes for being considered for compression. Only effective if"com.openexchange.redis.compressionType"
is set to not"none"
.
SCR-1360
Summary: New lean properties for background job to create pre-assembled contexts
New lean and non-reloadable properties to configure the background job that creates pre-assembled contexts:
com.openexchange.admin.context.preassembly.job.enabled
, defaults tofalse
. Whether background job is active or notcom.openexchange.admin.context.preassembly.job.schedule
, defaults toMon-Sun 0-4
. The pattern specifying when to execute context the pre-assemble job. The default time zone of the Java virtual machine is assumed, which is typically the system's default time zone; unless theuser.timezone
property is set otherwise.com.openexchange.admin.context.preassembly.job.contextsPerSchema
, defaults to100
. Configures the number of pre-assembled contexts that should exist per schema after the job was executed. This number will never be exceeded by using the background job. Of course it is possible to exceed this limit by using the REST API.com.openexchange.admin.context.preassembly.job.contextLimitFactor
, defaults to0.9
. Configures the maximum filling level of schemas when adding pre-assembled contexts via periodic background job, as a factor of CONTEXTS_PER_SCHEMA. I. e. pre-assembly is only performed until the total number of contexts exceeds<factor> * <contexts_per_schema>
.com.openexchange.admin.context.preassembly.job.frequency
, defaults to3600000
(1 hour). The frequency in milliseconds when to check for new job executions within configured schedule.com.openexchange.admin.context.preassembly.job.executionDelay
, defaults to86400000
(1 day). The (minimum) delay between repeated executions of the pre-assembly job in milliseconds.
SCR-1331
Summary: Added lean property 'com.openexchange.admin.context.preassembly.enabled'
Added lean property com.openexchange.admin.context.preassembly.enabled
to enable using pre-assembled contexts instead of creating new contexts. Pre-assembled contexts must exist in database before enabling! Defaults to false
.
SCR-1292
Summary: Dropped the 'com.openexchange.drive.events.gcm.key' property
Dropped the com.openexchange.drive.events.gcm.key
property. Introduced the com.openexchange.drive.events.fcm.keyPath
property as a replacement.
SCR-1290
Summary: Dropped the 'key' attribute in the 'pushClientConfig'
Dropped the key
attribute in the pushClientConfig
config file for the _type
fcm
. Introduced the keyPath
attribute, which defines the full path of the FCM key file.
SCR-1289
Summary: Renamed .gcm. properties to .fcm.
Affected properties are:
com.openexchange.drive.events.gcm.enabled
com.openexchange.drive.events.gcm.clientId
com.openexchange.pns.transport.gcm.enabled.*
The new properties are now available under a new qualified name:
com.openexchange.drive.events.fcm.enabled
com.openexchange.drive.events.fcm.clientId
com.openexchange.pns.transport.fcm.enabled.*
Database
SCR-1288
Summary: Rename 'serviceId' and 'transport' values from GCM to FCM
Due to deprecation and end-of-life of GCM, we need to switch to FCM, hence the rename of the serviceId and transport values in the database.
Packaging/Bundles
SCR-1369
Summary: Removal of Kerberos Authentication
The Kerberos authentication integration that was available via supplementary package open-xchange-authentication-kerberos
was removed.
See SCR-1315 for the deprecation with version 8.19.
SCR-1314
Summary: Introduced new FCM bundles
Added the following FCM-related bundles:
com.google.firebase
com.openexchange.drive.events.fcm
com.openexchange.pns.transport.fcm
SCR-1313
Summary: Removed GCM bundles
Removed the following GCM-related bundles:
com.google.android.gcm
com.openexchange.drive.events.gcm
com.openexchange.pns.transport.gcm
8.23
3rd Party Libraries/License Change
SCR-1362
Summary: Updated metadata-extractor
Updated 3rd party library metadata-extractor from v2.18.0 to v2.19.0 in bundle com.drew
SCR-1361
Summary: Updated Pushy library
Updated Pushy library from v0.15.2 to v0.15.4 in bundle com.eatthepath.pushy
SCR-1359
Summary: Updated a bunch of bundles in target platform
Updated the following bundles in target platform (com.openexchange.bundles
):
Apache Mime4j
- apache-mime4j-core-0.8.7.jar -> apache-mime4j-core-0.8.10.jar
- apache-mime4j-dom-0.8.7.jar -> apache-mime4j-dom-0.8.10.jar
- apache-mime4j-storage-0.8.7.jar -> apache-mime4j-storage-0.8.10.jar
Apache Commons
- commons-net-3.9.0.jar -> commons-net-3.10.0.jar
- commons-pool2-2.11.1.jar -> commons-pool2-2.12.0.jar
- commons-text-1.10.0.jar -> commons-text-1.11.0.jar
- commons-validator-1.6.jar -> commons-validator-1.8.0.jar
Various/other
- dnsjava-3.5.2.jar -> dnsjava-3.5.3.jar
- expiringmap-0.5.11.jar
- fontbox-2.0.24.jar -> fontbox-2.0.30.jar
- jctools-core-4.0.1.jar -> jctools-core-4.0.3.jar
- joda-time-2.10.5.jar -> joda-time-2.12.7.jar
- jsoup-1.16.1.jar -> jsoup-1.17.2.jar
- pdfbox-2.0.24.jar -> pdfbox-2.0.30.jar
- snappy-java-1.1.10.3.jar -> snappy-java-1.1.10.5.jar
SCR-1358
Summary: Updated Apache Commons Lang3 library
Updated Apache Commons Lang3 library from v3.12.0 to v3.14.0 in target platform (com.openexchange.bundles
)
SCR-1357
Summary: Updated Apache Commons IO library
Updated Apache Commons IO library from v2.11.0 to v2.15.1 in target platform (com.openexchange.bundles
)
SCR-1356
Summary: Updated Apache Commons Exec library
Updated Apache Commons Exec library from v1.3 to v1.4.0 in target platform (com.openexchange.bundles
)
SCR-1355
Summary: Updated Apache Commons CLI library
Updated Apache Commons Codec library from v1.5.0 to v1.6.0 in target platform (com.openexchange.bundles
)
SCR-1354
Summary: Updated Apache Commons Codec library
Updated Apache Commons Codec library from v1.15 to v1.16.1 in target platform (com.openexchange.bundles
)
SCR-1353
Summary: Updated Apache Commons Compress library
Updated Apache Commons Compress library from v1.21 to v1.26.0 in target platform (com.openexchange.bundles
)
SCR-1349
Summary: Upgraded MaxMind GeoIP Libraries
The following 3rd party libraries in bundle com.openexchange.geolocation.maxmind.binary
are upgraded:
- MaxMind GeoIP2 API from v2.12.0 to v2.17.0 (
geoip2-2.12.0.jar
) - MaxMind DB Reader from v1.2.2 to v2.1.0 (
maxmind-db-2.1.0.jar
)
SCR-1348
Summary: Updated Amazon Java SDK
Updated Amazon Java SDK from v1.12.487 to v1.12.661 in bundle com.amazonaws
SCR-1345
Summary: Updated Google Guava from v32.1.3 to v33.0.0
Updated Google Guava from v32.1.3 to v33.0.0 in bundle com.google.guava
Configuration
SCR-1365
Summary: Support new property for Sproxyd connector to specify connection lease timeout
Support new property for Sproxyd connector to specify connection lease timeout:
com.openexchange.filestore.sproxyd.connectionLeaseTimeout
The connection lease timeout in milliseconds when waiting for a free connection in connection pool to become available. Default is 5 seconds (5000). Reloadable, but not config-cascade aware.
SCR-1351
Summary: New property com.openexchange.health.noServicesMissing.enabled
A new lean configuration property is introduced to activate an additional health check regarding internal service dependencies:
com.openexchange.health.noServicesMissing.enabled=false
It defaults to false
for now hence needs to be enabled explicitly. Once enabled, the overall health check will only yield an UP
result if all service/package dependencies are met. Therefore it is recommended to ensure that this is the case, i.e. the output of getmissingservices
utility is empty.
The property is not config-cascade-aware, and not reloadable.
SCR-1350
Summary: Added possibility to have ZIP archive compiled for a certain module during a data export being spooled to a local disk
Added possibility to have ZIP archive compiled for a certain module being spooled to a local disk. Therefore, the following new lean properties were added:
com.openexchange.gdpr.dataexport.spoolToFile
Whether to spool collected data to a ZIP archive held on local disk or to append directly to destination file storage. Default value:false
. Neither reloadable nor config-cascade awarecom.openexchange.gdpr.dataexport.spoolDirectory
The spool directory on disk to use for spooling. Requires that"com.openexchange.gdpr.dataexport.spoolToFile"
is set to "true". if not set or specifies a non-existent, non-writable directory path, the default upload directory is used instead. Neither reloadable nor config-cascade aware
Packaging/Bundles
SCR-1347
Summary: Added new bundles for Redis-backed cache
Added new bundles (interface/API & implementation) for Redis-backed cache to open-xchange-core
package:
com.openexchange.cache.v2
com.openexchange.cache.v2.redis
8.22
3rd Party Libraries/License Change
SCR-1344
Summary: Updated lettuce library from v6.2.6 to v6.3.1
Updated lettuce library from v6.2.6 to v6.3.1 in bundle io.lettuce
- lettuce-core-6.3.1.RELEASE.jar
SCR-1343
Summary: Updated Netty libraries from v4.1.97 to v4.1.106
Updated Netty libraries from v4.1.97 to v4.1.106 in bundle io.netty
- netty-buffer-4.1.106.Final.jar
- netty-codec-4.1.106.Final.jar
- netty-codec-dns-4.1.106.Final.jar
- netty-codec-http2-4.1.106.Final.jar
- netty-codec-http-4.1.106.Final.jar
- netty-codec-socks-4.1.106.Final.jar
- netty-common-4.1.106.Final.jar
- netty-handler-4.1.106.Final.jar
- netty-handler-proxy-4.1.106.Final.jar
- netty-resolver-4.1.106.Final.jar
- netty-resolver-dns-4.1.106.Final.jar
- netty-transport-4.1.106.Final.jar
- netty-transport-native-unix-common-4.1.106.Final.jar
SCR-1340
Summary: Updated Jackson & Fabric8 libraries
Updated Jackson libraries from v2.15.3 to v2.16.1 in target platfom
- jackson-annotations-2.16.1.jar
- jackson-core-2.16.1.jar
- jackson-databind-2.16.1.jar
- jackson-dataformat-cbor-2.16.1.jar
- jackson-dataformat-xml-2.16.1.jar
- jackson-dataformat-yaml-2.16.1.jar
- jackson-datatype-jsr310-2.16.1.jar
- jackson-datatype-jsr353-2.16.1.jar
- jackson-jakarta-rs-base-2.16.1.jar
- jackson-jakarta-rs-json-provider-2.16.1.jar
- jackson-jakarta-rs-xml-provider-2.16.1.jar
- jackson-module-jakarta-xmlbind-annotations-2.16.1.jar
- jackson-module-jaxb-annotations-2.16.1.jar
Updated Fabric8 ibraries from v6.9.0 to v6.10.0 in "io.fabric8.kubernetes
" bundle
- kubernetes-client-6.10.0.jar
- kubernetes-client-api-6.10.0.jar
- kubernetes-httpclient-jdk-6.10.0.jar
- kubernetes-model-admissionregistration-6.10.0.jar
- kubernetes-model-apiextensions-6.10.0.jar
- kubernetes-model-apps-6.10.0.jar
- kubernetes-model-autoscaling-6.10.0.jar
- kubernetes-model-batch-6.10.0.jar
- kubernetes-model-certificates-6.10.0.jar
- kubernetes-model-common-6.10.0.jar
- kubernetes-model-coordination-6.10.0.jar
- kubernetes-model-core-6.10.0.jar
- kubernetes-model-discovery-6.10.0.jar
- kubernetes-model-events-6.10.0.jar
- kubernetes-model-extensions-6.10.0.jar
- kubernetes-model-flowcontrol-6.10.0.jar
- kubernetes-model-gatewayapi-6.10.0.jar
- kubernetes-model-metrics-6.10.0.jar
- kubernetes-model-networking-6.10.0.jar
- kubernetes-model-node-6.10.0.jar
- kubernetes-model-policy-6.10.0.jar
- kubernetes-model-rbac-6.10.0.jar
- kubernetes-model-resource-6.10.0.jar
- kubernetes-model-scheduling-6.10.0.jar
- kubernetes-model-storageclass-6.10.0.jar
SCR-1337
Summary: Updated bucket4j library
Updated bucket4j library (Java rate-limiting library based on token-bucket algorithm) from v7.0.0 to v8.7.0
API - HTTP-API
SCR-1305
Summary: Completely removed the ramp-up action
Completely removed the ramp-up action handling
API - Java
SCR-1339
Summary: Added methods in 'com.openexchange.admin.storage.interfaces.OXUserStorageInterface' for using pre-assembled contexts
Added methods
com.openexchange.admin.storage.interfaces.OXUserStorageInterface.changeModuleAccess(Context, int[], UserModuleAccess, Connection)
- use an already established connection to change module access (already implemented with MW-2229)com.openexchange.admin.storage.interfaces.OXUserStorageInterface.change(Context, User, Connection)
- use an already established conntection to change user data (already implemented with MW-2229)com.openexchange.admin.storage.interfaces.OXUserStorageInterface.updatePreassembledLogin2UserData(Context, User, Connection)
- update pre-assembled dummy data inlogin2user
table (implemented with MWB-2470)
SCR-1306
Summary: Completely removed the ramp-up APIs and services
Completely removed the ramp-up APIs and services
Behavioral Changes
SCR-1342
Summary: Use Redis-based pub/sub functionality in favor over Hazelcast-based topics/queues
Using Redis-based pub/sub functionality in favor over Hazelcast-based topics/queues. API-wise the former com.openexchange.ms.MsService
is marked as deprecated and developers should use new com.openexchange.pubsub.PubSubService
instead.
SCR-1330
Summary: Redis becoming mandatory for cluster-wide functions
In our step-wise approach of integrating Redis-based services into the middleware, we already introduced the Redis-backed session storage. With completion of the story "Redis by Default: Configuration, Documentation" (MW-2144), Redis will be enabled by default.
With "Switch Hazelcast Map Usages to New Service" (MW-2145) Redis will now be mandatory for many advanced features that make use of distributed states, when multiple middleware nodes are used in the cluster.
CLT
SCR-1336
Summary: Dropped argument from oxinstaller command-line tool
Dropped argument "--jkroute"
from oxinstaller command-line tool
Configuration
SCR-1341
Summary: Added new lean property to possibly add Open-Xchange server information to HTTP responses
Added new lean property "com.openexchange.http.grizzly.addServerVersion
" to possibly add Open-Xchange server information as "X-Open-Xchange-Server
" HTTP header to responses. Default is "false
". Neither reloadable nor config-cascade aware.
SCR-1338
Summary: Added new configuration options for session look-ups at remote sites
Added new lean configuration options for session look-ups at remote sites
com.openexchange.sessiond.redis.remote.ratelimit.overallMaxAccesses
Specifies the max. number of overall remote site look-ups: not more than overallMaxAccesses per overallTimeWindowMillis. Default value is 60. Reloadable, but not config-cascade awarecom.openexchange.sessiond.redis.remote.ratelimit.overallTimeWindowMillis
Specifies the time window for overall remote site look-ups: not more than overallMaxAccesses per overallTimeWindowMillis. Default value is 60000. Reloadable, but not config-cascade awarecom.openexchange.sessiond.redis.remote.ratelimit.maxRatePerClient
Specifies the max. number of per-client remote site look-ups: not more than maxRatePerClient per timeWindowMillisPerClient. Default value is 10. Reloadable, but not config-cascade awarecom.openexchange.sessiond.redis.remote.ratelimit.timeWindowMillisPerClient
Specifies the time window for per-client remote site look-ups: not more than maxRatePerClient per timeWindowMillisPerClient. Default value is 60000. Reloadable, but not config-cascade aware
SCR-1335
Summary: Dropped legacy property com.openexchange.server.backendRoute
Dropped legacy property com.openexchange.server.backendRoute
from file server.properties
.
This was no lean property, thus that property needs to be removed the old way.
SCR-1331
Summary: Added lean property 'com.openexchange.admin.usePreAssembledContexts'
Added lean property com.openexchange.admin.usePreAssembledContexts
to enable using pre-assembled contexts instead of creating new contexts. Pre-assembled contexts musts exist in database before enabling! Defaults to false
.
Database
SCR-1332
Summary: Added table 'context_lock' to configdb
Added table context_lock
to configdb
, used for claiming/locking pre-assembled contexts.
CREATE TABLE `context_lock` (
`cid` INT(10) UNSIGNED NOT NULL,
`claim` BINARY(16) NOT NULL,
`timestamp` BIGINT(20) UNSIGNED NOT NULL,
PRIMARY KEY(`cid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci
Packaging/Bundles
SCR-1327
Summary: New soap request analyzer bundle
Introduced a new com.openexchange.admin.soap.request.analyzer
bundle
8.21
3rd Party Libraries/License Change
SCR-1279
Summary: Upgraded javacc to 7.10.12
Upgraded the javacc library to version 7.10.12
API - HTTP-API
SCR-1333
Summary: Added action chronos/itip?action=decline_party_crasher
A new action, chronos/itip?action=decline_party_crasher
, was added to the module chronos
. The action enables the end user to decline the participation of an unknown calendar user (aka. "party crasher"), that responded to a certain event. The action triggers a CANCEL mail to the unknown calendar user. The CANCEL mail can be used by the unknown calendar user to (automatically) remove the appointment from her calendar. The action is defined as followed:
REQUEST:
PUT http://example.org/appsuite/api/chronos/itip?action=decline_party_crasher&session=1234xyz
{
"com.openexchange.mail.conversion.fullname": "INBOX",
"com.openexchange.mail.conversion.mailid": "1337",
"com.openexchange.mail.conversion.sequenceid": "1.3"
}
RESPONSE:
{
"data":
{
"recipient":
{
"uri": "mailto:partyCrasher@example.org",
"cn": "Party Crasher",
"email": "partyCrasher@example.org"
},
"status": "SENT"
},
"timestamp": 1704188470824
}
API - HTTP-REST
SCR-1295
Summary: Introduced a new REST interface for managing logging configuration
New REST endpoints are introduced in order to manage logging configuration via HTTP: The REST endpoints are registered under the /admin path and requires admin BASIC AUTH.
The new API routes are.
/admin/v1/logconf/system/loggers
/admin/v1/logconf/system/logger/
/admin/v1/logconf/session//loggers/
/admin/v1/logconf/session//logger/
/admin/v1/logconf/context//loggers/
/admin/v1/logconf/context//logger/
/admin/v1/logconf/context//user//loggers/
/admin/v1/logconf/context//user//logger/
/admin/v1/logconf/suppressed/exception-categories
/admin/v1/logconf/context//user//stacktrace/include-on-error
Configuration
SCR-1329
Summary: Added config option to avoid using IMAP entity's display name when listing shared folders
Added new lean config option com.openexchange.imap.useIMAPEntityDisplayNameIfPossible
to control whether to use IMAP entity's display name when listing shared folders. Default is true
Packaging/Bundles
SCR-1293
Summary: New bundle com.openexchange.logging.rest
Introduced a new bundle com.openexchange.logging.rest
, as part of the open-xchange-core package, which provides a RESTful API for configuring logging behavior.
8.20
General
SCR-1328
Summary: Removed CPU Resource Limit
Removed CPU resource limit since it's not best practice to have it set, see https://home.robusta.dev/blog/stop-using-cpu-limits
SCR-1227
Summary: Enhanced existent SOAP end-points by standard "Scheduled" folder
Enhanced existent SOAP end-points by standard "Scheduled" folder. The folder that holds such E-Mails that are scheduled for being sent at a later time.
To do so, the "User"
data object contained in several SOAP end-points has been extended by "mail_folder_scheduled_full_name"
element to output/specify the standard "Scheduled" folder.
3rd Party Libraries/License Change
SCR-1326
Summary: Updated Hazelcast from v3.5.1 to v3.5.6
Updated Hazelcast from v3.5.1 to v3.5.6 in bundle com.hazelcast
SCR-1325
Summary: Updated Google Guava from v32.1.1 to v32.1.3
Updated Google Guava from v32.1.1 to v32.1.3 in bundle com.google.guava
API - HTTP-API
SCR-1302
Summary: Added context_id field to TokenLogin json response
Added integer field context_id
to tokenLogin JSON response, needed for successful request analyzing.
{
"jsessionid": "<JSESSIONID>",
"user":"<USER>",
"user_id":10,
"context_id":2,
"url":"https://path/to/redirect"
}
Behavioral Changes
SCR-1310
Summary: Enabled Redis-based session storage by default
Changed default value for properties
The already introduced Redis-based session storage is now enabled by default with this behavioral change. Precisely, the former added property
"com.openexchange.sessiond.redis.enabled"
is now assumed to be"true"
if not specified otherwise.Furthermore, the property
"com.openexchange.sessionstorage.hazelcast.enabled"
is now assumed to be"false"
if not specified otherwise.Please follow the instructions given at this article in order to set further config options for having the Middleware being orderly connected against running Redis backend.
Deprecation of former implementations
Moreover, the implementing classes for interface com.openexchange.sessiond.SessiondService
and com.openexchange.sessionstorage.SessionStorageService
are marked as deprecated. This applies to:
- The in-memory based
com.openexchange.sessiond.impl.SessiondServiceImpl
as well as - The Hazelcast-backed
com.openexchange.sessionstorage.hazelcast.HazelcastSessionStorageService
Configuration
SCR-1317
Summary: Added configuration options to enable debugging/profiling SQL queries
Added new lean configuration options to trace queries and their execution/fetch times
com.openexchange.database.profileSQL
Enables to trace queries and their execution/fetch times. Default isfalse
. Neither reloadable nor config-cascade aware.com.openexchange.database.logger
The name of a class that implements 'com.mysql.cj.log.Log' that will be used to log messages to. Default is'com.mysql.cj.log.Slf4JLogger'
. Neither reloadable nor config-cascade aware.
SCR-1316
Summary: New Default Value for "com.openexchange.tools.images.transformations.maxSize"
To better support practical use cases, the default value for the configuration property com.openexchange.tools.images.transformations.maxSize
is adjusted from 10485760
(10 MB) to 20971520
(20 MB).
SCR-1309
Summary: Added lean property com.openexchange.database.logWritesToNonLocalSegments
Added lean property com.openexchange.database.logWritesToNonLocalSegments
configuring whether to log writeable database accesses from non-local sites. Defaults to false
SCR-1284
Summary: Add parameters to drive jump redirect for request analyzing
Added context_id
and user_id
parameters to drive jump redirect url com.openexchange.drive.jumpLink
New default value is [protocol]://[hostname]/[uiwebpath]#[app]&[folder]&[id]&[context]&[user]
SCR-1211
Summary: Added several configuration options for scheduled mails
Added several lean configuration options for scheduled mails
com.openexchange.mail.scheduled.enabled
Switch to enable or disable the scheduled mail feature. Default istrue
. Both - reloadable and config-cascade aware.com.openexchange.mail.scheduled.maxNumberOfScheduledMails
The max. allowed number of scheduled mails per user. Default is1000
. Both - reloadable and config-cascade aware.com.openexchange.mail.scheduled.maxNumberOfScheduledMailsPerHour
The max. allowed number of scheduled mails being sent per hour for a user. Default is100
. Both - reloadable and config-cascade aware.com.openexchange.mail.scheduled.checkFrequencyMinutes
The frequency in minutes when to check for due scheduled mails. Default is30
. Reloadable, but not config-cascade aware.com.openexchange.mail.scheduled.lookAheadMinutes
The look-ahead in minutes specifies the extra time added to current time when a scheduled mail is considered as due. Default is35
. Reloadable, but not config-cascade aware.com.openexchange.mail.scheduled.lockExpiryMinutes
The time in minutes when the lock marking a scheduled mail as "in processing" is considered as expired and thus may be newly acquired by another process. Default is5
. Reloadable, but not config-cascade aware.com.openexchange.mail.scheduled.lockRefreshMinutes
The time in minutes when the lock marking a scheduled mail as "in processing" is refreshed by lock-holding process. Default is2
. Reloadable, but not config-cascade aware.
Database
SCR-1225
Summary: Added new tables for scheduled mail feature
Added new tables in user database for scheduled mail feature
CREATE TABLE scheduledMail(
uuid BINARY(16) NOT NULL,
cid INT4 unsigned NOT NULL,
user INT4 unsigned NOT NULL,
dateToSend BIGINT(64) unsigned NOT NULL,
mailPath TEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
processing BIGINT(64) unsigned NOT NULL DEFAULT 0,
meta TEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci DEFAULT NULL,
PRIMARY KEY (uuid),
KEY id (cid, user, uuid)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci
CREATE TABLE scheduledMailLock(
cid INT4 unsigned NOT NULL DEFAULT 0,
user INT4 unsigned NOT NULL DEFAULT 0,
name VARCHAR(16) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
stamp BIGINT(64) unsigned NOT NULL,
PRIMARY KEY (cid, user, name)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci
Packaging/Bundles
SCR-1226
Summary: Added new bundles for scheduled mail feature
8.19
3rd Party Libraries/License Change
SCR-1308
Summary: Update vulnerable 3rd party libraries
Target platform: New libraries:
- jackson-core-2.15.3.jar
- jackson-annotations-2.15.3.jar
- jackson-dataformat-xml-2.15.3.jar
- jackson-databind-2.15.3.jar
- jackson-dataformat-cbor-2.15.3.jar
- jackson-dataformat-yaml-2.15.3.jar
- jackson-datatype-jsr310-2.15.3.jar
- jackson-datatype-jsr353-2.15.3.jar
- jackson-jakarta-rs-base-2.15.3.jar
- jackson-jakarta-rs-json-provider-2.15.3.jar
- jackson-jakarta-rs-xml-provider-2.15.3.jar
- jackson-module-jakarta-xmlbind-annotations-2.15.3.jar
- jackson-module-jaxb-annotations-2.15.3.jar
- jakarta.activation-api-2.1.2.jar
- jakarta.json-api-2.1.2.jar
- jackrabbit-webdav-2.21.19-custom.jar
- snappy-java-1.1.10.3.jar
- commons-fileupload-1.5.jar
Removed libraries:
- jackson-core-2.14.2.jar
- jackson-annotations-2.14.2.jar
- jackson-dataformat-xml-2.14.2.jar
- jackson-databind-2.14.2.jar
- jackson-dataformat-cbor-2.14.2.jar
- jackson-dataformat-yaml-2.14.2.jar
- jackson-datatype-jsr310-2.14.2.jar
- jackson-datatype-jsr353-2.14.2.jar
- jackson-jakarta-rs-base-2.14.2.jar
- jackson-jakarta-rs-json-provider-2.14.2.jar
- jackson-jakarta-rs-xml-provider-2.14.2.jar
- jackson-module-jakarta-xmlbind-annotations-2.14.2.jar
- jackson-module-jaxb-annotations-2.14.2.jar
- jakarta.activation-api-2.1.0.jar
- jakarta.activation-2.0.1.jar
- jackrabbit-webdav-2.19.1.jar
- sqlite-jdbc-3.19.3.jar
- commons-fileupload-1.4.jar
Bundle com.squareup.okhttp3: New libraries:
- kotlin-stdlib-common-1.9.10.jar
- kotlin-stdlib-1.9.10.jar
- okio-jvm-3.5.0.jar
- okio-3.5.0.jar
- okhttp-4.11.0.jar
- logging-interceptor-4.11.0.jar
Removed libraries:
- kotlin-stdlib-common-1.7.22.jar
- kotlin-stdlib-1.7.22.jar
- okio-jvm-2.8.0.jar
- okhttp-4.9.3.jar
- logging-interceptor-4.9.3.jar
Bundle com.ctc.wstx: New library:
- woodstox-core-6.5.1.jar
Removed library:
- woodstox-core-6.5.0.jar
Bundle org.yaml.snakeyaml: New library:
- snakeyaml-2.2.jar
Removed library:
- snakeyaml-1.33.jar
Bundle com.nimbus: New libraries:
- json-smart-2.4.11.jar
- accessors-smart-2.4.11.jar
Removed libraries:
- json-smart-2.4.8.jar
- accessors-smart-2.4.8.jar
SCR-1266
Summary: Upgraded gson from 2.9.0 to 2.10.1
Upgraded the gson library from 2.9.0 to 2.10.1
API - HTTP-API
SCR-1304
Summary: Dropped shard
query parameter from SAML request
Dropped shard
query paramter from SAML request
Configuration
SCR-1307
Summary: New property to configure allowed URI schemes for external calendar attachments
In order to prevent inaccessible attachment references getting stored for appointments imported to App Suite, a new lean configuration property is introduced.
Its value can be configured to a comma-separated list of URI schemes that are allowed be stored for externally linked attachments of appointments. Attachments with other URI schemes will be rejected/ignored during import:
com.openexchange.calendar.allowedAttachmentSchemes=http,https,ftp,ftps
The property is reloadable, and can be defined through the config cascade sown to level "context".
SCR-1303
Summary: Dropped sharding related property
Dropped property com.openexchange.server.shardName
SCR-1277
Summary: New properties for Segmenter Client Service
For accessing a segmenter service in a sharded environment with multiple data centers ("Active/Active"), a new configuration property is introduced where the base URI to the service can be defined (empty by default):
com.openexchange.segmenter.baseUrl=
Also, a new configuration property is introduced through which the identifier of the 'local' site can be defined, defaulting to the value default
.
com.openexchange.segmenter.localSiteId=default
Both properties are reloadable. By default, if no segmenter service URI is defined, a non-sharded environment is assumed where all segments are served by the local site itself.
Packaging/Bundles
SCR-1315
Summary: Deprecation of Kerberos Authentication
The Kerberos authentication integration that was available via supplementary package open-xchange-authentication-kerberos
is now deprecated and subject for removal in a future release.
SCR-1312
Summary: Removed obsolete bundle com.openexchange.message.timeline
As it is no longer used, bundle com.openexchange.message.timeline
is removed, along with its reference in open-xchange-core
package.
SCR-1311
Summary: Removed obsolete Rhino Scripting
As they're no longer used, the following bundles are removed, along with their references in open-xchange-halo
package:
com.openexchange.scripting.rhino
com.openexchange.scripting.rhino.apiBridge
SCR-1241
Summary: Added new bundles for the request analyzer feature
The following new bundles are added to open-xchange-core
in order to support request routing in sharded environments with multiple data centers ("Active/Active"):
com.openexchange.request.analyzer
com.openexchange.request.analyzer.rest
com.openexchange.segmenter.client
8.18
3rd Party Libraries/License Change
SCR-1286
Summary: Updated lettuce library from v6.2.5 to v6.2.6
Updated lettuce library from v6.2.5 to v6.2.6 in bundle io.lettuce
SCR-1285
Summary: Updated Netty NIO libraries from v4.1.94 to v4.1.97
Updated Netty NIO libraries from v4.1.94 to v4.1.97 in bundle io.netty
API - HTTP-API
SCR-1300
Summary: Remove templating as valid format option
The publication and OXMF-based subscriptions features were removed with 7.10.2, see also MW-1089. Now, we remove a leftover within the API. The
&format=template
API parameter is no longer supported and will result in an error if used.
SCR-1297
Summary: Deprecate transport "websocket" in "pns" API
To get rid of the stateful socket between Frontend and App Suite MW, Switchboard will be the only service that maintains a socket connection to clients. Instead of pushing directly from MW to the Client, MW will just use a HTTP webhook of Switchboard to announce new events. Switchboard will then push to the client.
Therefore the websocket
transport identifier as used in actions subscribe
and unsubscribe
of the pns
module in the HTTP API is now deprecated and will finally be removed in a future version.
Behavioral Changes
SCR-1272
Summary: Convert mail user flags to UTF-8
Mail user flags are persisted in UTF-7 on the mail server. However, web clients like the App Suite UI do use UTF-8 as default encoding for strings in communication with the Middleware.
Instead of using user flags as-is, the Middleware now converts incoming or outgoing user flags as need, so web clients can use UTF-8 based strings for mail user flags as usual.
Configuration
SCR-1301
Summary: Remove properties regarding user templating
With 7.10.2, we removed the publications and OXMF-based subscriptions features, see MW-1089.
Now the last pieces of code belonging to those features were removed. Along the code, two properties that aren't needed anymore, have been removed:
com.openexchange.templating.trusted
com.openexchange.templating.usertemplating
SCR-1278
Summary: Added configuration option to enable/disable encoding of IMAP user flags
Added configuration option controlling whether IMAP user flags are supposed to be encoded using RFC2060's UTF-7 encoding. Thus allowing non-ascii strings being stored as user flags.
Added support for properties:
"com.openexchange.imap.useUTF7ForUserFlags"
Enables (or disables) whether IMAP user flags are supposed to be encoded/decoded using RFC2060's UTF-7 encoding. Default value is"false"
. Config-cascade aware."com.openexchange.imap.primary.useUTF7ForUserFlags"
Enables (or disables) whether IMAP user flags are supposed to be encoded/decoded only for the primary IMAP account using RFC2060's UTF-7 encoding. Default value is"false"
. Config-cascade aware. This property effectively overwrites"com.openexchange.imap.encodeUserFlagsAsUTF7"
for primary IMAP accounts
SCR-1229
Summary: Introduced new properties for Webhooks support
Introduced new lean properties for Webhooks support.
Webhook properties
com.openexchange.webhooks.enabledIds
Specifies a comma-separated list of Webhook identifiers that are considered as enabled. Reloadable and config-cascade aware.
Webhook PNS properties
com.openexchange.pns.transport.webhooks.enabled
Specifies whether the Webhook transport is enabled. Reloadable and config-cascade aware.com.openexchange.pns.transport.webhooks.httpsOnly
Whether only HTTPS is accepted when communicating with a Webhook. Reloadable and config-cascade aware.com.openexchange.pns.transport.webhooks.allowTrustAll
Whether SSL configuration for "trust all" is allowed. If set to "false" only valid certificates are accepted when communicating with a Webhook using a secure connection. Neither reloadable nor config-cascade aware.com.openexchange.pns.transport.webhooks.allowLocalWebhooks
Whether Webhooks having end-point set to an internal address are allowed. Neither reloadable nor config-cascade aware.
Webhook PNS HTTP properties
com.openexchange.pns.transport.webhooks.http.maxConnections
The number of total connections held in HTTP connection pool for communicating with a certain Webhook end-point. Reloadable and config-cascade aware.com.openexchange.pns.transport.webhooks.http.maxConnectionsPerHost
The number of connections per route held in HTTP connection pool for communicating with a certain Webhook end-point. Reloadable and config-cascade aware.com.openexchange.pns.transport.webhooks.http.connectionTimeout
Specifies the timeout in milliseconds until a connection is established to a certain Webhook end-point. Reloadable and config-cascade aware.com.openexchange.pns.transport.webhooks.http.socketReadTimeout
Specifies the socket timeout in milliseconds, which is the timeout for waiting for data when communicating with a certain Webhook end-point.. Reloadable and config-cascade aware.
Webhook configuration file
Added new configuration file webhooks.yml
containing the static configurations for known Webhook end-points. That file is in YAML notation and expects the following structure
<unique-identifier>:
uri: <URI>
String. The URI end-point of the Webhook. May be overridden during subscribe depending on "uriValidationMode".
uriValidationMode: <uri-validation-mode>
String. Specifies how the possible client-specified URI for a Webhook end-point is supposed to be validated against the URI
from configured Webhook end-point. Possible values: `none`, `prefix`, and `exact`. For `none` no requirements given.
Any client-specified URI is accepted. For `prefix` he client-specified and configured URI for a Webhook end-point are
required to start with same prefix. For `exact` the client-specified and configured URI for a Webhook end-point are
required to be exactly the same. `prefix` is default.
webhookSecret: <webhook-secret>
String. The value for the "Authorization" HTTP header to pass on calling Webhook's URI. May be overridden during subscribe.
login: <login>
String. The login part for HTTP Basic Authentication if no value for the "Authorization" HTTP header is specified. May be overridden during subscribe.
password: <password>
String. The password part for HTTP Basic Authentication if no value for the "Authorization" HTTP header is specified. May be overridden during subscribe.
signatureSecret: <signature-secret>
String. Specifies shared secret known by caller and Webhook host. Used for signing.
version: <version>
Integer. Specifies the version of the Webhook. Used for signing.
signatureHeaderName: <signature-header-name>
String. Specifies the name of the signature header that carries the signature.
maxTimeToLiveMillis: <max-time-to-live>
Number. The max. time to live in milliseconds for the Webhook before considered as expired. If absent Webhook "lives" forever.
maxNumberOfSubscriptionsPerUser: <max-number-per-user>
Number. The max. number of subscriptions for this Webhook allowed for a single user. Equal or less than 0 (zero) means infinite.
allowSharedUri: <allow-shared-uri>
Boolean. Whether the same URI can be used by multiple different users or not. Optional, defaults to `true`.
Example
webhooks.yml
mywebhook:
uri: https://my.endpoint.com:8080/webhook/event
webhookSecret: supersecret
signatureSecret: da39a3ee5e6b4b
version: 1
signatureHeaderName: X-OX-Signature
maxTimeToLiveMillis: 2678400000
maxNumberOfSubscriptionsPerUser: 2
uriValidationMode: prefix
Database
SCR-1296
Summary: Changed column 'propertyValue' of table 'subadmin_config_properties' to be of type TEXT
Modified Config-DB to have column 'propertyValue' of table 'subadmin_config_properties' to be of type TEXT
New table layout is therefore:
CREATE TABLE subadmin_config_properties (
sid INT4 UNSIGNED NOT NULL,
propertyKey VARCHAR(64) CHARACTER SET latin1 NOT NULL DEFAULT '',
propertyValue TEXT CHARACTER SET latin1 NOT NULL DEFAULT '',
PRIMARY KEY (sid, propertyKey)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4
COLLATE=utf8mb4_unicode_ci;
This database change contains no update task since this is a modification of the Config-DB, which is performed through liquibase framework on node start-up
SCR-1258
Summary: Added column meta
to table pns_subscription
Added TEXT
column meta
to table pns_subscription
:
meta TEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci DEFAULT NULL
Packaging/Bundles
SCR-1294
Summary: Added new bundle for Config-Cascade implementation
Added new bundle com.openexchange.config.cascade.impl
containing Config-Cascade implementation. This separates the API classes from actual implementation and allows less dependencies. That new bundle is added to open-xchange-core
package
SCR-1228
Summary: New bundles for Webhooks support
Introduced new bundles for Webhooks support
com.openexchange.webhooks
com.openexchange.pns.transport.webhooks
8.17
3rd Party Libraries/License Change
SCR-1275
Summary: Upgraded MySQL Connector for Java
Upgraded MySQL Connector for Java from v8.0.29 to v8.0.33 in OSGi target platform
SCR-1270
Summary: Updated Google Client API libraries
Updated Google Client API libraries
google-api-client-1.35.1.jar
togoogle-api-client-2.2.0.jar
google-api-client-appengine-1.35.1.jar
togoogle-api-client-appengine-2.2.0.jar
google-api-client-gson-1.35.1.jar
togoogle-api-client-gson-2.2.0.jar
google-api-client-jackson2-1.35.1.jar
togoogle-api-client-jackson2-2.2.0.jar
google-api-client-protobuf-1.35.1.jar
togoogle-api-client-protobuf-2.2.0.jar
google-api-client-servlet-1.35.1.jar
togoogle-api-client-servlet-2.2.0.jar
google-api-client-xml-1.35.1.jar
togoogle-api-client-xml-2.2.0.jar
google-api-services-calendar-v3-rev20220520-1.32.1.jar
togoogle-api-services-calendar-v3-rev20230602-2.0.0.jar
google-api-services-drive-v3-rev20220508-1.32.1.jar
togoogle-api-services-drive-v3-rev20230610-2.0.0.jar
google-api-services-gmail-v1-rev20220404-1.32.1.jar
togoogle-api-services-gmail-v1-rev20230612-2.0.0.jar
google-api-services-oauth2-v2-rev20200213-1.32.1.jar
togoogle-api-services-oauth2-v2-rev20200213-2.0.0.jar
google-api-services-people-v1-rev20220531-1.32.1.jar
togoogle-api-services-people-v1-rev20230103-2.0.0.jar
API - HTTP-API
SCR-1232
Summary: Extended updateAttendee
call with tranps
parameter
To allow per-attendee transparency for a certain event, the HTTP API call updateAttedee
was extended by the optional parameter transp
. Allowed values for the new parameter are:
TRANSPARENT
OPAQUE
If the transparency is set for a certain attendee, the event transparency for the corresponding event is adjusted implicitly, including all other chronos related calls.
Database
SCR-1264
Summary: Update task to insert missing references into 'filestore2user' table
To ensure the table filestore2user
(in config-db) holds all references to users with individual filestores in a groupware schema , a new update task named com.openexchange.groupware.update.tasks.Filestore2UserUpdateReferencesTask
is introduced.
API - SOAP
SCR-1280
Summary: Added possibility to manage user sessions through SOAP interface
Added the possibility to manage user sessions through the new OXSessionService SOAP interface
Packaging/Bundles
SCR-1281
Summary: Added new bundle/package to manage sessions via SOAP
Added new bundle com.openexchange.sessiond.soap
to manage sessions via SOAP. That new bundle is contained in newly introduced package open-xchange-sessiond-soap
8.16
General
SCR-1252
Summary: Updated Netty NIO libraries
Updated Netty NIO libraries from v4.1.89 to v4.1.94 in bundle io.netty
3rd Party Libraries/License Change
SCR-1256
Summary: Upgraded Javassist Library
Library Javasisst is upgraded to v3.29.2-GA in target platform com.openexchange.bundles
and bundle com.openexchange.test
.
SCR-1255
Summary: Updated Apache Tika library
Updated Apache Tika library from v2.6.0 to v2.8.0 in bundle com.openexchange.tika.util
SCR-1253
Summary: Updated lettuce library
Updated lettuce library from v6.2.3 to v6.2.5 in bundle io.lettuce
SCR-1247
Summary: Updated pushy library from v0.15.1 to v0.15.2
Updated pushy library from v0.15.1 to v0.15.2 in bundle com.eatthepath.pushy
SCR-1245
Summary: Updated metadata-extractor from v2.17.0 to v2.18.0
Updated 3rd party library metadata-extractor
from v2.17.0 to v2.18.0 in bundle com.drew
SCR-1244
Summary: Updated htmlcleaner from v2.22 to v2.29
Updated 3rd party library htmlcleaner
from v2.22 to v2.29 in target platform
SCR-1243
Summary: Updated dnsjava from v3.5.1 to v3.5.2
Updated 3rd party library dnsjava
from v3.5.1 to v3.5.2 in target platform
SCR-1242
Summary: Updated Apache HttpCore and HttpClient libraries
Updated Apache HttpCore and HttpClient libraries
- Updated HttpCore from v4.4.15 to v4.4.16
- Updated HttpClient from v4.5.13 to v4.5.14
SCR-1234
Summary: Updated Hazelcast Core Module
Updated Hazelcast Core Module from v5.2.1 to v5.3.1
SCR-1231
Summary: Updated OSGi target platform bundles
Updated OSGi target platform bundles
org.eclipse.osgi.services_3.10.200.v20210723-0643.jar
updated toorg.eclipse.osgi.services_3.11.100.v20221006-1531.jar
org.eclipse.osgi.util_3.6.100.v20210723-1119.jar
updated toorg.eclipse.osgi.util_3.7.200.v20230103-1101.jar
org.eclipse.osgi_3.18.0.v20220516-2155.jar
updated toorg.eclipse.osgi_3.18.400.v20230509-2241.jar
Added new OSGi bundles to target platform
Since content of shipped org.eclipse.osgi.services
bundle has been changed. Missing classes/interfaces are now contained in separate OSGi bundles.
- Added
org.osgi.annotation.bundle_2.0.0.202202082230.jar
- Added
org.osgi.annotation.versioning_1.1.2.202109301733.jar
- Added
org.osgi.service.cm_1.6.1.202109301733.jar
- Added
org.osgi.service.component_1.5.1.202212101352.jar
- Added
org.osgi.service.component.annotations_1.5.1.202212101352.jar
- Added
org.osgi.service.device_1.1.1.202109301733.jar
- Added
org.osgi.service.event_1.4.1.202109301733.jar
- Added
org.osgi.service.metatype_1.4.1.202109301733.jar
- Added
org.osgi.service.metatype.annotations_1.4.1.202109301733.jar
- Added
org.osgi.service.prefs_1.1.2.202109301733.jar
- Added
org.osgi.service.provisioning_1.2.0.201505202024.jar
- Added
org.osgi.service.repository_1.1.0.201505202024.jar
- Added
org.osgi.service.upnp_1.2.1.202109301733.jar
- Added
org.osgi.service.useradmin_1.1.1.202109301733.jar
- Added
org.osgi.service.wireadmin_1.0.2.202109301733.jar
- Added
org.osgi.util.function_1.2.0.202109301733.jar
- Added
org.osgi.util.measurement_1.0.2.201802012109.jar
- Added
org.osgi.util.position_1.0.1.201505202026.jar
- Added
org.osgi.util.promise_1.3.0.202212101352.jar
- Added
org.osgi.util.xml_1.0.2.202109301733.jar
API - HTTP-API
SCR-1235
Summary: Introduced a new action to the 'mail' module for exporting mails as PDFs
Introduced the action export_PDF
to the mail
module.
It is a PUT
request and has the following URL parameters:
folder
: defines the mail folder which holds the mail that shall be exportedid
: defines the mail id
The request also accepts a mandatory JSON body with the following attributes:
folder_id
: Defines the drive folder in which the exported PDF/A document will be saved. This option is required.pageFormat
: Defines the page format of the export document. It can either bea4
(which is the default behaviour) orletter
. This option is not required. If absent, the page format will be derived from the user's locale setting (forus
orca
the page format will beletter
and for anything elsea4
).preferRichText
: If this option is enabled then, if an e-mail message contains both text and HTML versions of the body, then the latter is preferred and converted to a PDF/A document before it is appended to the exported PDF/A document. If only the text version is available, and the option is enabled, then the text version is converted to a PDF/A document and appended to the exported PDF/A document. This option is not required and by default is set totrue
.includeExternalImages
: If this option is enabled then, and the e-mail contains any external inline images, then those images will be fetched from their respective sources and included to the exported PDF/A document at their supposed positions. This option is not required and is by defaultfalse
.appendAttachmentPreviews
: If this option is enabled, then any previewable attachment (i.e., documents and pictures) is converted from their original format, e.g., from docx or tiff, to a PDF/A document and is appended as one or more pages to the exported PDF/A document. This option is not required and isfalse
by default.embedAttachmentPreviews
: If this option is enabled, then any previewable attachment is converted from their original format to a PDF/A document and is embedded as an attachment to the exported PDF/A document. This option is not required and isfalse
by default.embedRawAttachments
: If this option is enabled, then all attachments are embedded without further processing to the exported PDF/A document as attachments. This option is not required and isfalse
by default.embedNonConvertibleAttachments
: If this option is enabled, then all attachments (previewable and non-previewable, i.e., zips, mp4s, etc.) are embedded without further processing to the exported PDF/A document as attachments. This option is not required and isfalse
by default.
Configuration
SCR-1240
Summary: Introduced a new capability to activate the PDF MailExportService
Introduced the capability mail_export_pdf
to activate the PDF MailExportService.
SCR-1239
Summary: Introduced new properties for the CollaboraPDFAConverter
Introduced the following properties to configure the `CollaboraPDFAConverter`:
com.openexchange.mail.exportpdf.pdfa.collabora.enabled
: Defines whether the collabora online converter is enabled. Defaults to falsecom.openexchange.mail.exportpdf.pdfa.collabora.url
: The Collabora URL to use: Allows to specify a dedicated Collabora service only for PDFA creation. By default is empty and uses the server configured via the property `com.openexchange.mail.exportpdf.collabora.url`.
SCR-1238
Summary: Introduced new properties for the GotenbergMailExportConverter
Introduced the following properties to configure the GotenbergMailExportConverter
:
com.openexchange.mail.exportpdf.gotenberg.enabled
: Defines whether the gotenberg online converter is enabled. Defaults to falsecom.openexchange.mail.exportpdf.gotenberg.url
: Defines the base URL of the Gotenberg Online server. Defaults tohttp://localhost:3000
com.openexchange.mail.exportpdf.gotenberg.fileExtensions
: Defines a comma separated list of file extensions that are handled by the gotenberg converter. Defaults tohtm, html
.com.openexchange.mail.exportpdf.gotenberg.pdfFormat
: Specifies which PDF format to use. "PDF/A-1a", "PDF/A-2b" and "PDF/A-3b" are supported formats, or "PDF" for regular PDF. Defaults to "PDF"
SCR-1237
Summary: Introduced new properties for the CollaboraMailExportConverter
Introduced the following properties to configure the CollaboraMailExportConverter
:
com.openexchange.mail.exportpdf.collabora.enabled
: Defines whether the collabora online converter is enabled. Defaults to falsecom.openexchange.mail.exportpdf.collabora.url
: Defines the base URL of the Collabora Online server. Defaults tohttp://localhost:9980
com.openexchange.mail.exportpdf.collabora.fileExtensions
: Defines a comma separated list of file extensions that are handled by the collabora converter. Defaults tosxw, odt, fodt, sxc, ods, fods, sxi, odp, fodp, sxd, odg, fodg, odc, sxg, odm, stw, ott, otm, stc, ots, sti, otp std, otg, odb, oxt, doc, dot xls, ppt, docx, docm, dotx, dotm, xltx, xltm, xlsx, xlsb, xlsm, pptx, pptm, potx, potm, wpd, pdb, hwp, wps, wri, wk1, cgm, dxf, emf, wmf, cdr, vsd, pub, vss, lrf, gnumeric, mw, numbers, p65, pdf, jpg, jpeg, gif, png, dif, slk, csv, dbf, oth, rtf, txt, html, htm, xml
.com.openexchange.mail.exportpdf.collabora.imageReplacementMode
: Defines the mode on how to handle/replace inline images. Defaults todistributedFile
.
SCR-1236
Summary: Introduced new properties for the MailExportService
Introduced the following properties to configure the MailExportService
:
com.openexchange.mail.exportpdf.concurrentExports
: Defines the maximum concurrent mail exports that the server is allowed to process. If the limit is reached an error will be returned to the client, advising it to retry again in a while. Defaults to 10.com.openexchange.mail.exportpdf.pageMarginTop
: Defines the top margin (in millimeters) of the exported pages. Defaults to 12.7 millimeters (0.5 inches).com.openexchange.mail.exportpdf.pageMarginBottom
: Defines the bottom margin (in millimeters) of the exported pages. Defaults to 12.7 millimeters (0.5 inches).com.openexchange.mail.exportpdf.pageMarginLeft
: Defines the left margin (in millimeters) of the exported pages. Defaults to 12.7 millimeters (0.5 inches).com.openexchange.mail.exportpdf.pageMarginRight
: Defines the right margin (in millimeters) of the exported pages. Defaults to 12.7 millimeters (0.5 inches).com.openexchange.mail.exportpdf.headerFontSize
: Defines the font size of the exported mail's headers. Defaults to 12 points.com.openexchange.mail.exportpdf.bodyFontSize
: Defines the font size of the exported mail's body. Defaults to 12 points.com.openexchange.mail.exportpdf.autoPageOrientation
: Defines whether PDF pages will be auto-oriented in landscape mode whenever a full page appended image is in landscape mode. Defaults to false
Database
SCR-1233
Summary: Update encryption for passwords of anonymous guest users
Update encryption for anonymous guest user passwords using newly introduced mechanisms with implicit salt
Table user
altered, extend column userPassword
from VARCHAR(128)
to VARCHAR(512)
8.15
General
SCR-1227
Summary: Enhanced existent SOAP end-points by standard "Scheduled" folder
Enhanced existent SOAP end-points by standard "Scheduled" folder. The folder that holds such E-Mails that are scheduled for being sent at a later time.
To do so, the "User"
data object contained in several SOAP end-points has been extended by "mail_folder_scheduled_full_name"
element to output/specify the standard "Scheduled" folder.
SCR-1201
Summary: Added separate bundle offering HTTP liveness end-point
Added separate bundle com.openexchange.http.liveness
part of open-xchange-core
package list that offers the HTTP liveness end-point at configured HTTP host name (default "127.0.0.1") and liveness port (default 8016).
Configuration
SCR-1224
Summary: Add property com.openexchange.log.extensionHttpHeaders
com.openexchange.log.extensionHttpHeaders
defines a comma separated list of HTTP headers that shall additionally be logged for incoming requests
Example com.openexchange.log.extensionHttpHeaders=X-custom-Header,X-host
The property is neither reloadable nor ConfigCascade-aware.
Database
SCR-1225
Summary: Added new tables for scheduled mail feature
Added new tables in user database for scheduled mail feature
CREATE TABLE scheduledMail(
uuid BINARY(16) NOT NULL,
cid INT4 unsigned NOT NULL,
user INT4 unsigned NOT NULL,
dateToSend BIGINT(64) unsigned NOT NULL,
mailPath TEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
processing BIGINT(64) unsigned NOT NULL DEFAULT 0,
meta TEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci DEFAULT NULL,
PRIMARY KEY (uuid),
KEY id (cid, user, uuid)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci
CREATE TABLE scheduledMailLock(
cid INT4 unsigned NOT NULL DEFAULT 0,
user INT4 unsigned NOT NULL DEFAULT 0,
name VARCHAR(16) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
stamp BIGINT(64) unsigned NOT NULL,
PRIMARY KEY (cid, user, name)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci
SCR-1223
Summary: Update task to add the "claim" column to "calendar_alarm_trigger" table
Adds the "claim" column to "calendar_alarm_trigger" table
8.14
3rd Party Libraries/License Change
SCR-1219
Summary: Upgraded JSoup library
Upgraded JSoup library in target platform (con.openexchange.bundles
) from v1.15.3 to v1.16.1
API - HTTP-API
SCR-1216
Summary: Accept parameter harddelete
for composition space's delete end-point
Accept boolean parameter "harddelete"
for composition space's delete end-point
DELETE /mailcompose/draft.xyz?harddelete=true
If set to "true"
any associated draft message for the denoted composition space gets hard-deleted. That is no copy is created in standard trash folder.
SCR-1213
Summary: New Flag all_others_declined
for Events
The "flags" enumeration for events in chronos
module of the HTTP API is extended by the value all_others_declined
. If set, all other individual attendees in the event have a participation status of declined, which could be used by clients to show a hint that one might be alone in a meeting.
See [https://documentation.open-xchange.com/latest/middleware/calendar/implementation_details.html#event-flags] for further details.
SCR-1198
Summary: New Settings for Free/Busy Visibility in JSlob
The io.ox/calendar
JSlob entry is extended by the following item which indicates the free/busy visibility of the user:
{
"id": "io.ox/calendar",
"tree": {
"chronos": {
"freeBusyVisibility": "all",
}
},
"meta": {
"chronos": {
"freeBusyVisibility": {
"possibleValues": [
"all",
"internal-only",
"none"
],
"configurable": true
}
}
}
}
Within the meta
section, clients are able to derive the possible values - the enumeration will only yield the value internal-only
if cross-context features are available. Also, the "configurable" flag will indicate whether the property is settable by the user or not.
Configuration
SCR-1220
Summary: Introduce new properties for DAV client matching
Once in a while, vendors like Apple decide to change the User Agents of their products in a way, we don't recognize the matching clients anymore. Thus, the Open Xchange server isn't able to apply special handling for those clients. This leads to subsequent problems and errors.
Until 8.14, the user agent matching was a static, programmatically pre-defined process. For every user agent's change, there needed to be a patch applied. Now, the mechanism is replaced by a more dynamically approach:
Administrators can define regular expressions for the known *DAV clients. In detail, the following properties are added for known *DAV clients:
com.openexchange.dav.useragent.mac_calendar
com.openexchange.dav.useragent.mac_contacts
com.openexchange.dav.useragent.ios
com.openexchange.dav.useragent.ios_reminders
com.openexchange.dav.useragent.thunderbird_lightning
com.openexchange.dav.useragent.thunderbird_cardbook
com.openexchange.dav.useragent.em_client
com.openexchange.dav.useragent.ox_sync
com.openexchange.dav.useragent.caldav_sync
com.openexchange.dav.useragent.carddav_sync
com.openexchange.dav.useragent.smooth_sync
com.openexchange.dav.useragent.davdroid
com.openexchange.dav.useragent.davx5
com.openexchange.dav.useragent.outlook_caldav_synchronizer
com.openexchange.dav.useragent.windows_phone
com.openexchange.dav.useragent.windwos
All properties have pre-defined default values and are reloadable.
SCR-1218
Summary: New config option for sanitizing CSV cell content on contact export
New lean config option "com.openexchange.export.csv.sanitize"
for sanitizing CSV cell content on contact export. Default is false
. Reloadable, but not config-cascade aware
SCR-1217
Summary: New property to limit number of considered filestore candidates
New lean property com.openexchange.admin.limitFilestoreCandidates
to limit number of considered filestore candidates to a reasonable amount when determining the filestore to use for a new context/user. Neither reloadable, nor config-cascade aware. Default is 100
.
SCR-1215
Summary: Accept specifying a max. running time that must not be exceeded by execution of an individual health check
Accept new lean property for specifying a max. running time that must not be exceeded by execution of an individual health check
com.openexchange.health.maxRunningTimeSeconds
The max. allowed running time in seconds for an individual health check. It a check's execution is canceled if it exceeds that running time. A value of equal to or less than zero 0 (zero) ignores this setting. Default is 5. Reloadbale, but not config-cascade aware.
SCR-1197
Summary: New Properties for Free/Busy Visibility
In order to define the default free/busy visibility setting of users, and to control whether it is changeable by end users, the following new lean configuration properties are introduced:
com.openexchange.calendar.freeBusyVisibility.default=all
: Defines the default free/busy visibility setting to assume unless overridden by the user. Possible values are:none
to not expose a user's availability to others at allinternal-only
to make the free/busy data available to other users within the same contextall
to expose availability data also beyond context boundaries (i.e. for cross-context- or other external access if configured)
com.openexchange.calendar.freeBusyVisibility.protected=false
: Configures if the default value that determines if public calendar folders from the default account are considered for synchronization may be overridden by the user or not.
More details are available at [https://documentation.open-xchange.com/components/middleware/config/latest/#mode=search&term=com.openexchange.calendar.freeBusyVisibility] .
8.13
General
SCR-1201
Summary: Added separate bundle offering HTTP liveness end-point
Added separate bundle com.openexchange.http.liveness
part of open-xchange-core
package list that offers the HTTP liveness end-point at configured HTTP host name (default "127.0.0.1") and liveness port (default 8016).
API - HTTP-API
SCR-1183
Summary: Deprecate delivery=view
and content_disposition=inline
options in HTTP API
The parameter options delivery=view
and content_disposition=inline
and the possibility to let the client define the content type of documents and attachments, can be used to inject executable scripts into data that is rendered in browsers. This lead to several bugs in the past. Therefore the usage of those options is deprecated and will be removed.
API - RMI
SCR-1207
Summary: Additional parameter 'auth' for data modification RMI services.
The following registered RMI services now require auth parameters for data modification interfaces. The parameter com.openexchange.auth.Credentials auth
needs to be provided.
DBMigrationRMIService
OXContextGroup
RemoteAdvertisementService
ExternalAccountRMIService
RemoteCompositionSpaceService
SocketLoggerRMIService
LoginCounterRMIService
GABRestorerRMIService
SessiondRMIService
ChronosRMIService
ContactStorageRMIService
DataExportRMIService
ConsistencyRMIService
ContextRMIService
FileChecksumsRMIService
ResourceCacheRMIService
ShareRMIService
PushRMIService
UpdateTaskRMIService
LogbackConfigurationRMIService -> java.lang.String user, java.lang.String password
Behavioral Changes
SCR-1208
Summary: Deprecation of Internal OAuth Authorization Server
Certain APIs of the App Suite middleware can be accessed via OAuth 2.0. In this scenario, the middleware typically acts as resource server only, and the whole client- / grant management is done by an external IDM acting as authorization server. See [the documentation|https://documentation.open-xchange.com/latest/middleware/login_and_sessions/oauth_2.0_provider/01_operator_guide.html] for further details.
Mainly as demo/showcase, it has also been possible to configure the middleware to act as OAuth authorization server itself, with integrated client- and grant management. Since this never was or meant to be used in production, this part of the OAuth provider is now deprecated, and will be removed in an upcoming version.
In practical terms, this means that the setting auth_server
for [com.openexchange.oauth.provider.mode|https://documentation.open-xchange.com/components/middleware/config/latest/#mode=search&term=com.openexchange.oauth.provider.mode] will no longer be available, along with dependent features and functionality.
Configuration
SCR-1203
Summary: New property com.openexchange.share.guestEmailCheckRegex
In order to prevent creation of guest users with certain email addresses, a new lean configuration property com.openexchange.share.guestEmailCheckRegex
is introduced. The property is empty by default, reloadable and config-cascade aware.
It allows the definition of a regular expression pattern for email addresses of invited guest users. If defined, the email address of newly invited named guest users must additionally match the pattern (besides regular RFC 822 syntax checks, which are always performed), otherwise creation of the guest user is denied. The pattern is used in a case-insensitive manner.
This may be used to prevent specific email address domains for guests, e.g. by defining a pattern like
^((?!(?:@example\.com\s*$)|(?:@example\.org\s*$)).)*$
See https://documentation.open-xchange.com/components/middleware/config/latest/#mode=search&term=com.openexchange.share.guestEmailCheckRegex for further details.
SCR-1191
Summary: New property to control format of internal scheduling mails
In order to control whether scheduling-related notification mails to other internal entities are sent as regular iMIP message (including iCalendar attachment) or not, a new lean configuration property named com.openexchange.calendar.useIMipForInternalUsers
is introduced. It defaults to false
, is reloadable, and can be set through the config-cascade down to "context" level.
Since automatic scheduling takes place within a context, attendee and organizer copies of appointments are in sync implicitly, and updates don't need to be distributed via iMIP. However, still enabling iMIP mails (in favor of notification messages only) also for internal users may be useful if external client applications are in use, or to ease forwarding invitations to others.
SCR-1158
Summary: Disable mail push implementations by default, made existing properties reloadable
Changed default value for enabled
properties for mail push features to false
: * com.openexchange.push.dovecot.enabled
* com.openexchange.push.imapidle.enabled
* com.openexchange.push.mail.notify.enabled
* com.openexchange.push.malpoll.enabled
Refactored mail push configuration, now all existing mail push related properties are lean and reloadable: * com.openexchange.push.dovecot.*
* com.openexchange.push.imapidle.*
* com.openexchange.push.mail.notify.*
* com.openexchange.push.malpoll.*
Database
SCR-1186
Summary: New column uuid
for table server
in Config-DB
The table server
in the config database will get extended by a new column named uuid
with the following column definition:
`uuid` BINARY(16) NOT NULL
This will happen through the Liquibase change set with id "8.12:server:addUuidColumn", using the custom change implemented in class com.openexchange.database.internal.change.custom.ServerAddUuidColumnCustomTaskChange
.
8.12
General
SCR-1195
Summary: New default value for com.openexchange.sessiond.maxSession
property
With introduction of Redis-backed session storage the property com.openexchange.sessiond.maxSession
specifying the max. allowed number of sessions becomes obsolete. That pretty old property's intention is to avoid memory problems on Middleware nodes hosting sessions node-local in memory. That is no more the case with Redis.
Hence, the old default value of "50000" for that property is changed to "0" (unlimited) in file /opt/open-xchange/etc/sessiond.properties
.
API - HTTP-API
SCR-1200
Summary: Extended the mailfilter?action=config response to include blocked action commands for the apply action
To allow a client to disable the apply button for filter rules with blocked action commands, the response of the action=config call has been extended so that the options object now contains a 'blockedApplyActions' field which contains a string array of all the blocked actions.
Configuration
SCR-1199
Summary: Introduced the new lean property 'com.openexchange.mail.filter.options.apply.blockedActions' which allows to block certain mail filter actions from the apply action
Introduced the new lean property 'com.openexchange.mail.filter.options.apply.blockedActions' which defaults to "redirect". This property accepts a comma separated lists of mail filter actions which will be denied from the apply mail filter action. This helps, for example, to prevent that a message delivery system is overwhelmed by a lot of simultanous redirect actions.
SCR-1120
Summary: Allow enforcing 'STARTTLS' for IMAP, POP3, SMTP, sieve
Added a few lean properties to enforce usage of STARTTLS
.
IMAP related properties: com.openexchange.imap.requireTls
com.openexchange.imap.primary.requireTls
POP3 related properties com.openexchange.pop3.requireTls
SMTP related properties: com.openexchange.smtp.requireTls
com.openexchange.smtp.primary.requireTls
Sieve related properties: com.openexchange.mail.filter.requireTls
All properties are reloadable and config-cascade aware. All properties default to true
8.11
API - Java
SCR-1145
Summary: Refactored CardDAV to use IDBasedContactsAccess
Interfaces changed due to refactoring CardDAV to use IDBasedContactsAccess
Added methods in com.openexchange.contact.provider.composition.IDBasedContactsAccess
: Map<String, UpdatesResult<Contact>> getUpdatedContacts(List<String>, Date)
- Gets lists of new and updated as well as deleted contacts since a specific timestamp in certain folders Map<String, SequenceResult> getSequenceNumbers(List<String>)
- Gets the sequence numbers of certain contacts folders, which is the highest timestamp of all contained items String getCTag(String)
- Retrieves the CTag (Collection Entity Tag) for a folder
Added methods in com.openexchange.contact.provider.folder.FolderSyncAware
: Map<String, UpdatesResult<Contact>> getUpdatedContacts(List<String>, Date)
- Gets lists of new and updated as well as deleted contacts since a specific timestamp in certain folders Map<String, SequenceResult> getSequenceNumbers(List<String>)
- Gets the sequence numbers of certain contacts folders, which is the highest timestamp of all contained items
Behavioral Changes
SCR-1146
Summary: External contacts providers are now synced via CardDAV
External contacts providers are now synced via CardDAV after refactoring to use IDBasedContactsAccess
Configuration
SCR-1193
Summary: New Property "com.openexchange.admin.autoDeleteGuestsUsingFilestore"
In case a per-user filestore is associated to a guest user, and the "parent" user owning this filestore is deleted, the guest account is purged implicitly as well by default. In order to prevent that, a new lean, reloadable and config-cascade-aware property is introduced: com.openexchange.admin.autoDeleteGuestsUsingFilestore
.
See https://documentation.open-xchange.com/components/middleware/config/latest/#mode=search&term=com.openexchange.admin.autoDeleteGuestsUsingFilestore for further details.
SCR-1190
Summary: Specify a timeout when reading responses from IMAP server after a command has been issued
Added new lean property "com.openexchange.imap.readResponsesTimeout"
accepting to define a timeout in milliseconds when reading responses from IMAP server after a command has been issued. That timeout does only apply to subscribed (not provisioned) IMAP accounts; neither primary nor secondary ones.
Default value is 60000 (one minute). A value equal to zero is infinite timeout. Reloadable and config-cascade aware.
SCR-1189
Summary: Option to enable/disable usage of XCLIENT sieve extension
Added new lean configuration option "com.openexchange.mail.filter.allowXCLIENT"
to explicitly enable (or disable) usage of the XCLIENT sieve extension. When a sieve server announces support for the XCLIENT command, a sieve client may send information that overrides one or more client-related session attributes.
Default is false (not enabled). Reloadable and config-cascade aware.
SCR-1188
Summary: Introduced a new lean property which allows to omit certain labels
Introduced the new lean property: com.openexchange.http.metrics.label.filter which allows to omit certain labels from http api metrics.
Packaging/Bundles
SCR-1184
Summary: Removed com.openexchange.hazelcast.upgrade* bundles
The following upgrade bundles are no longer needed in cloud environments after we introduced the new pre-upgrade framework (MW-1785): * com.openexchange.hazelcast.upgrade324 * com.openexchange.hazelcast.upgrade312 * com.openexchange.hazelcast.upgrade355 * com.openexchange.hazelcast.upgrade371 * com.openexchange.hazelcast.upgrade311 * com.openexchange.hazelcast.upgrade381 * com.openexchange.hazelcast.upgrade411 * com.openexchange.hazelcast.upgrade3100
Corresponding package definitions have been removed as well: * open-xchange-cluster-upgrade-from-76x * open-xchange-cluster-upgrade-from-780-782 * open-xchange-cluster-upgrade-from-783 * open-xchange-cluster-upgrade-from-784 * open-xchange-cluster-upgrade-from-7100-7101 * open-xchange-cluster-upgrade-from-7102 * open-xchange-cluster-upgrade-from-7103-7104 * open-xchange-cluster-upgrade-from-7105
8.10
3rd Party Libraries/License Change
SCR-1139
Summary: Upgraded Socket.IO server components
Upgraded Socket.IO server components in bundle "com.openexchange.socketio
" to support Engine.IO v4 and Socket.IO v3
- engine.io-server-1.3.5.jar --> engine.io-server-6.1.0.jar
- socket.io-server-1.0.3.jar --> socket.io-server-4.0.1.jar
API - HTTP-API
SCR-1180
Summary: Allow adding attachments from other mails during mail composition
The addAttachment
action from the module mailcompose
of the HTTP API is extended with an additional "origin" within the existing JSON form field of the multipart/form-data payload.
By specifying "mail" as "origin" the client is allowed to add a file attachment from an existing mail message to the composition space
Example:
POST /mailcompose?action=addAttachment
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryyhuRsdTCa7hO6MJ4
------WebKitFormBoundaryyhuRsdTCa7hO6MJ4
Content-Disposition: form-data; name="contentDisposition"
ATTACHMENT
------WebKitFormBoundaryyhuRsdTCa7hO6MJ4
Content-Disposition: form-data; name="JSON"
{"origin":"mail", "id":"40", "folderId":"default0/INBOX", "attachmentId":"2"}
------WebKitFormBoundaryyhuRsdTCa7hO6MJ4--
SCR-1166
Summary: New action "getRecurrence" in Module "chronos"
In order to supply clients with information whether a change exception is considered as rescheduled or overridden, the new action getRecurrence
is introduced in the chronos
module of the HTTP API. Prior chosing whether the whole series or just the actual recurrence should be changed by an update operation, this action can be performed to get all necessary information.
Further details are available at https://documentation.open-xchange.com/components/middleware/http/latest/index.html#!Chronos/getRecurrence .
SCR-1162
Summary: New Parameter "includeDelegates" for Action "needsAction" in Module "chronos"
The needsAction
action in the module chronos
of the HTTP API is extended by the new URL parameter indludeDelegates
.
If set to true
, an enhanced response is returned which includes the events needing action of the session user itself, along with the data for other attendees the user has delegate scheduling permissions for. This includes both resource attendees where the user may act as booking delegate for, as well as other attendees where the user has a shared calendar with write access. If the parameter is set to false
, only events for the current user are included in the response.
Whenever the parameter is set, an enhanced response in form of an array will be returned, where each element lists the attendee, together with the corresponding events needing action for that attendee. As before, for series events, overridden instances that are not considered as re-scheduled are hidden implicitly in the results. For backwards compatibility reasons, if the parameter includeDelegates
is not set in the request, the previous, 'flat' response is returned to clients for the time being.
Further details are available at https://documentation.open-xchange.com/components/middleware/http/latest/index.html#!Chronos/getEventsNeedingAction .
SCR-1154
Summary: Extended resource model with scheduling privileges
In order to store scheduling privileges for resources of users and groups, the resource
object of the HTTP API is extended with an array holding scheduling privileges per user names permissions
. Each array element holds a scheduling privilege object which has the following properties: * entity
, integer
: Internal identifier of the user or group to which this permission applies. * group
, boolean
: Set true
if entity refers to a group, false
if it refers to a user * privilege
, string
: One of ** none
- No privileges to book the resource ** ask_to_book
- May submit a request to book the resource if it is available ** book_directly
- May book the resource directly if it is available ** delegate
- Act as delegate of the resource and manage bookings
Additionally, the read-only field own_privilege
is introduced for resource objects, which indicates which effective privileges apply for the requesting user.
More details are available at https://documentation.open-xchange.com/components/middleware/http/latest/index.html#!Resources
API - Java
SCR-1170
Summary: Removed publication of TextXtractService and changed interface IMailMessageStorage
The use of Apache Tika within the Open-Xchange server was reduced to a possible minimum.
As a result there is no need to keep the publication of 'TextXtractService
'. All implementations and the interface will be removed. There was no need to adapt the usage as it just was used in obsolete code.
The last java related change was the removal of the following method from IMailMessageStorage
:
'public String[] getPrimaryContents(String folder, String[] mailIds) throws OXException;'
SCR-1167
Summary: New method "getRecurrenceInfo" within Chronos Stack
In order to drive the new action getRecurrence
of the HTTP API, the Chronos stack is extended with a corresponding method with the following signature:
RecurrenceInfo getRecurrenceInfo(EventID eventID) throws OXException;
Implementations are available for the default internal, as well as the cross-context provider.
SCR-1163
Summary: Adjusted Signature of "getEventsNeedingAction" Method throughout Chronos Stack
The method #getEventsNeedingAction
is adjusted throughout the calendar stack, which includes the compositing layer, as well as the interfaces of the implementing services. A new boolean
method parameter named includeDelegates
is introduced, and the method response type is now a Map
associating Attendee
s to their EventsResult
s.
API - SOAP
SCR-1161
Summary: Extended SOAP provisioning interface for managed resources
The resource object for SOAP webservices OXResourceServicePortType
and OXResellerResourceServicePortType
have been extended for provisioning managed resources. The resource object has now additional permissions
parameter:
<xsd:permissions>
<xsd:entity>2</xsd:entity>
<xsd:group>0</xsd:group>
<xsd:privilege>book_directly</xsd:privilege>
</xsd:permissions>
-Also SOAP webservices OXResourceServicePortType
and OXResellerResourceServicePortType
got new operation removePermissions
- Permissions are removed by not mentioning them in resource object
Behavioral Changes
SCR-1160
Summary: Removed direct link from notification mails
Within the internal notification mails for calendar events, there were direct links pointing to the appointment and (if those existed) for their attachments, for a quicker access.
Those direct links however are static and might be, shortly after the generation, out of date. For example, a user only had to move the appointment to a different calendar and the static link in the notification mail doesn't lead anywhere.
Further, the UI requests, renders and links the current event data on notification mails dynamically, efficiently solving the problem the direct links were created for much better. Thus, there is no need for the direct links anymore.
Configuration
SCR-1181
Summary: New Properties to Control 'used-for-sync" Behavior of Calendar Folders
In order to control whether public or shared calendar folders are considered for synchronization via CalDAV by default or not, the following new lean configuration properties are introduced with the indicated defaults:
# Configures if shared calendar folders from the default account are considered for
# synchronization by default or not. May still be set individually by the end user
# unless also marked as protected.
com.openexchange.calendar.usedForSync.shared.default=true
# Configures if the default value that determines if shared calendar folders from the
# default account are considered for synchronization may be overridden by the user or not.
com.openexchange.calendar.usedForSync.shared.protected=false
# Configures if public calendar folders from the default account are considered for
# synchronization by default or not. May still be set individually by the end user
# unless also marked as protected.
com.openexchange.calendar.usedForSync.public.default=true
# Configures if the default value that determines if public calendar folders from the
# default account are considered for synchronization may be overridden by the user or not.
com.openexchange.calendar.usedForSync.public.protected=false
All properties are reloadable and can be configured through the config cascade. With the implicit defaults, no existing semantics are changed, i.e. all shared/public folders of the default account continue to be used for sync by default, overridable by end users.
More details are available at [https://documentation.open-xchange.com/components/middleware/config/latest/#mode=search&term=com.openexchange.calendar.usedForSync] .
SCR-1148
Summary: Allow using multiple services for password-change functionality
Since we now allow different PasswordChangeServices
to be used in parallel, we must have some configuration that enables or disables certain services for certain context/users. Therefore, the following properties were introduced:
com.openexchange.passwordchange.script.enabled=false
com.openexchange.passwordchange.db.enabled=false
The database based password change is disabled by default, reflecting the status before the code changes. In older versions you had to actively install the packages.
SCR-1142
Summary: Helm: Configuration of sensitive mandatory properties
With MW-1814 we removed the default values for some sensitive properties. As some of those properties are still mandatory, we have updated the ox-common chart to generate secure random values, if no values have been specified (MW-1830). Those values are stored in a k8s secret called <RELEASE>-common-env
and will be used by multiple charts/services (e.g. core-mw, core-imageconverter, ...).
The following properties are affected:
com.openexchange.cookie.hash.salt
com.openexchange.share.cryptKey
com.openexchange.sessiond.encryptionKey
From now on, administrators should set those properties in the global section of the deployment's values.yaml
file.
Example:
global:
core:
cookieHashSalt: "KtLUTLKZrbXvCAOn"
shareCryptKey: "lJZEFPzUYfapWbXL"
sessiondEncryptionKey: "auw948cz,spdfgibcsp9e8ri+<#qawcghgifzign7c6gnrns9oysoeivn"
This will create the following k8s secret:
apiVersion: v1
kind: Secret
metadata:
name: <RELEASE>-common-env
namespace: <RELEASE>
annotations:
helm.sh/resource-policy: "keep"
labels:
helm.sh/chart: ox-common-1.0.22
data:
COOKIE_HASH_SALT: cHlDN3p5RU1kZ0FmT3Znag==
SHARE_CRYPT_KEY: Ujk5RFFVUGd4TWox
SESSIOND_ENCRYPTION_KEY: eTY2cGk4azdXdFNpZ1BzTkJhVVIwWm9rN1lHM0M1YTZGVGZLenJkRWd5eVlwMGRuVjVtWjloSDFJUw==
Those environment variables will then be injected into the service containers and written into the relevant .properties
files by the individual charts.
Packaging/Bundles
SCR-1182
Summary: Upgraded logback-extensions to 2.1.4
The logback-extensions library was upgraded to version 2.1.4 which includes some previously missing fields in the json logger.
SCR-1171
Summary: Removed bundles com.openexchange.textxtraction and org.apache.tika
The use of Apache Tika within the Open-Xchange server was reduced to a possible minimum. As a result the bundles org.apache.tika
and com.openexchange.textxtraction
will be removed.
SCR-1147
Summary: Allow multiple services for password-change functionality
With the new version 8.x of the Open Xchange App Suite we moved from package based installations to Docker/Kubernetes. For this, we need to be able to install all packages in parallel within the images we deliver. The different password change implementations however were conflicting. Therefore, we removed those packages and restructured the code.
Removed packages:
open-xchange-passwordchange-database
open-xchange-passwordchange-script
Removed bundles:
com.openexchange.passwordchange.database
com.openexchange.passwordchange.script
Added bundles:
com.openexchange.passwordchange
com.openexchange.passwordchange.common
com.openexchange.passwordchange.impl
The added bundles are now delivered within the open-xchange-core
package
The property files change_pwd_script.properties
and passwordchange.properties
were moved to the bundle com.openexchange.passwordchange.impl
alongside the restructuring.