App Suite Middleware

8.12.0 - 2023-04-03

Added

• MW-1747: Introduce Redis-backed sessions service
• MW-2029: Introduced metrics for Redis session storage
• MW-1841: Allow enforcing 'STARTTLS' for IMAP, POP3, SMTP & sieve
  • SCR-1120
• MW-2029: Introduced metrics for Redis session storage
• MW-2023: introduced possibility to block commands from apply
• MW-1986: added login_hint and target_link_uri as parameter for oidc login
• made multiple servlet oauth capable
• MWB-2073: Introduced new property to disable adding a Sproxyd end-point to blacklist
• SCR-1181: New Properties to Control 'used-for-sync" Behavior of Calendar Folders
• MW-2002: Publish Changelog at documentation.open-xchange.com

Changed

• MW-1864: lost and found tests
  • fixed, refactored or deleted several tests
  • refactored SoapUserService and linked classes
  • deleted outdated indexedSearch
• MW-1516: Use IDBasedContactsAccess for CardDAV
  • SCR-1145: Refactored CardDAV to use IDBasedContactsAccess
  • SCR-1146: External contacts providers are now synced via CardDAV
• Refactored to have gnu.trove as a bundle in target platform
• MW-1947: Updated vulnerable libraries
  • SCR-1176: Updated vulnerable 3rd party libraries
• MW-1955: Hand-through possible Redis connectivity/communication errors to client during runtime & probe Redis end-point until available during start-up
• MW-1955: Disable max. number of sessions by default for Redis session storage
• MW-1947: Updated vulnerable libraries
• MWB-2059: Removed corrupt sort by UID
• MWB-2059: Fast sorting by IMAP UID in case sort by received date (INTERNALDATE) is requested
  • Moved JCTools as bundle to traget platform & updated it from v3.3.0 to v4.0.1
  • Refactored to have gnu.trove as a bundle in target platform

Fixed

• MWB-1982: Timeouts for external content do not cancel the connection
  • The fix allows to interrupt client connects and InputStream reads by having hardConnectTimeout and hardReadTimeout parameters that are used for external connections
  • Defaults to 0 (disabled)
  • The following services have a defined default of 120000 for 'hardReadTimeout' and 30000 for 'hardConnectTimeout': autoconfig-server, davsub, icalfeed, rssfeed, snippetimg, vcardphoto
• MWB-2040: Concurrency issue when moving a touched session to first session container. The moved session might not be "visible" for a short time.
• MWB-2061: Organizer URI not preserved when creating Appointment
• MWB-2094: Yield a modifiable list instance from messages to copy
• MWB-2056: Include all overridden instances in scheduling object resource
• MWB-1975: start report generation in parallel to task generation
• MWB-2101: Unnecessary Data Retrieved from Filestore when Serving
• MWB-2081: Check table existence prior to deletion attempt (and recognize if developer accidentally passed the cause as last argument)
• MWB-2054: Auto-delete guests when owner of per-user filestore is deleted (SCR-1193)
• MWB-1985: delete all tasks in folders owned by deleted user
• MWB-2055: Skip unrelated events when iterating events needing
• MWB-2086: Potentially malicious SQL injection when using full-text autocomplete
• MWB-2022: Generate a generic error response providing SMTP server response information in case an SMTP error code occurs while attempting to send a message
• MWB-2091: Mark each messages of a multiple mail forward as forwarded
• MWB-2089: Quite old 3rd party library uses weakly accessible sun.nio.ch package. User newer library making use of up-to-date JRE tools instead.
• Fixed reading alias from settings
• MWB-2080: Added details about 'baseDN' setting in LDAP client configuration
• MWB-2058: Populate 'uuid' column when registering a new server as
• MWB-1982: Timeouts for external content do not cancel the connection
• MWB-2030: Orderly do set session- and share-cookie when resolving share link
• MWB-2116: Use command instead of object reference
• MWB-2093: iTIP mail does not show user alias
• MWB-2110: Proper imports of Netty IO packages

Security

• MWB-2102: CVE-2023-26451