App Suite Middleware

3rd Party Libraries/License Change

SCR-1420

Summary: Removed xmlbeans-2.6.0 library

The library xmlbeans-2.6.0 has known vulnerabilities. Since it is no longer used in the Middleware, the library is removed from target platform (com.openexchange.bundles)

SCR-1419

Summary: Upgraded ROME library for RSS and Atom feeds

Upgraded ROME library for RSS and Atom feeds from v1.0 to v1.19.0 in bundle com.openexchange.messaging.rss

SCR-1415

Summary: Updated Google Guava from v33.0.0 to v33.2.1

Updated Google Guava from v33.0.0 to v33.2.1 in bundle com.google.guava

API - Java

SCR-1421

Summary: Deprecation of "FilteringObjectStreamFactory" Service

The service com.openexchange.serialization.FilteringObjectStreamFactory has been introduced to secure serialization routines in the first version of the "Realtime" framework.

Therefore, it should now be considered as deprecated, and is scheduled to be removed along with its parent bundle com.openexchange.serialization in a future release.

Behavioral Changes

SCR-1390

Summary: Introduced an admin based rate limit for provisioning calls

Up until now the provisioning apis (soap, rmi, clt) were not rate limited which could lead to downtimes in case a client provisioned too fast. This is especially painful in case multiple customers are on the same platform and could influence each other.

To prevent such scenarios in the future we introduced a new rate limit which is applied per admin. It effects all provisioning apis and is checked during the authentication process.

The limit is applied in constant 1 minute timeframes and can be configured for all admins or a single ones in case one would like to introduce different limits for different admins.

For this the following lean properties were introduced as well:

com.openexchange.rmi.rate.limit.default=-1
com.openexchange.rmi.rate.limit.[admin]

See https://gitlab.open-xchange.com/app-suite-platform-1/provisioning/-/issues/1 for details

Configuration

SCR-1422

Summary: Removed unused cache regions from cache.ccf file

Removed unused cache regions from cache.ccf file since according caches are now held in Redis storage or refactored to a local (Guava) cache.

Removed regions are:

  • OXFolderCache
  • OXFolderQueryCache
  • GlobalFolderCache

SCR-1416

Summary: Changed default value for property "com.openexchange.net.ssl.protocols"

Changed default value for lean property "com.openexchange.net.ssl.protocols" from "TLSv1, TLSv1.1, TLSv1.2" to "TLSv1.2, TLSv1.3" following the recommendation to always use TLS 1.2 or higher