App Suite Releases
  • 8.35
  • 7.10.6
Imprint
  • 8.35
  • 7.10.6
Imprint
  • Release 8.38
  • Release 8.37
  • Release 8.36
  • Release 8.35
  • Release 8.34
  • Release 8.33
  • Release 8.32
  • Release 8.31
  • Release 8.30
  • Release 8.29
    • Noteworthy Changes
      • Important Changes
      • App Suite Middleware
    • Changelogs
      • App Suite UI
      • App Suite Middleware
      • Additional Components
        • AI Service
        • OX Guard UI
        • OX Guard
  • Release 8.28
  • Release 8.27
  • Release 8.26
  • Release 8.25
  • Release 8.24
  • Release 8.23
  • Release 8.22
  • Release 8.21
  • Release 8.20
  • Release 8.19
  • Release 8.18
  • Release 8.17
  • Release 8.16
  • Release 8.15
  • Release 8.14
  • Release 8.13
  • Release 8.12
  • Release 8.11
  • Release 8.10

App Suite Middleware

3rd Party Libraries/License Change

SCR-1451

Summary: Updated Google Guava from v33.2.1 to v33.3.0

Updated Google Guava from v33.2.1 to v33.3.0 in bundle com.google.guava

SCR-1450

Summary: Removed org.eclipse.osgi.services helper bundle

Removed org.eclipse.osgi.services helper bundle in favor of individual org.osgi.service.X bundles

SCR-1448

Summary: Upgraded dnsjava (an implementation of DNS in Java)

Upgraded dnsjava from v3.5.3 to v3.6.1 in target platform (com.openexchange.bundles)

SCR-1440

Summary: Updated OSGi target platform bundles

Updated the following OSGi target platform bundles

  • org.apache.felix.gogo.runtime_1.1.4.v20210111-1007.jar updated to org.apache.felix.gogo.runtime_1.1.6.jar
  • org.eclipse.osgi.util_3.7.200.v20230103-1101.jar updated to org.eclipse.osgi.util_3.7.300.v20231104-1118.jar
  • org.eclipse.osgi_3.18.400.v20230509-2241.jar updated to org.eclipse.osgi_3.20.0.v20240509-1421.jar

SCR-1433

Summary: Updated lettuce library from v6.3.2 to v6.4.0

Updated lettuce library from v6.3.2 to v6.4.0in bundle io.lettuce

  • lettuce-core-6.4.0.RELEASE.jar

SCR-1432

Summary: Updated Netty libraries from v4.1.111 to v4.1.112

Updated Netty libraries from v4.1.111 to v4.1.112 in bundle io.netty

  • netty-buffer-4.1.112.Final.jar
  • netty-codec-4.1.112.Final.jar
  • netty-codec-dns-4.1.112.Final.jar
  • netty-codec-http2-4.1.112.Final.jar
  • netty-codec-http-4.1.112.Final.jar
  • netty-codec-socks-4.1.112.Final.jar
  • netty-common-4.1.112.Final.jar
  • netty-handler-4.1.112.Final.jar
  • netty-handler-proxy-4.1.112.Final.jar
  • netty-resolver-4.1.112.Final.jar
  • netty-resolver-dns-4.1.112.Final.jar
  • netty-transport-4.1.112.Final.jar
  • netty-transport-native-unix-common-4.1.112.Final.jar

API - HTTP-API

SCR-1406

Summary: Added an client defined expiration time to /token?action=acquireToken

The parameter expiry was added to the request acquireToken. Thus, a client is able to define an individual expiry for a login token, see also /login?action=redeemToken. The expiry parameter will only be considered if the value is less the configured value through com.openexchange.tokenlogin.maxIdleTime

SCR-1405

Summary: Renamed parameter in '/login?action=redeemToken'

The parameter secret has been renamed to appId since it is more fitting to the nature of the parameter. secret can still be used, but is deprecated from now on. It will be removed in upcoming releases.

API - Java

SCR-1428

Summary: Deprecation of JCS-based "CacheService"

After a new caching implementation has been introduced with com.openexchange.cache.v2.CacheService, the previously used, JCS-based com.openexchange.caching.CacheService is now deprecated and is scheduled for removal in a later release. Until then, the interfaces are available and the service is basically still usable, however, without remote cache invalidation features.

SCR-1192

Summary: Removed com.openexchange.cluster.timer.ClusterTimerService

Removed com.openexchange.cluster.timer.ClusterTimerService

API - RMI

SCR-1430

Summary: Added new RMI API for deputy permissions management

Added new RMI API "com.openexchange.admin.rmi.OXDeputyPermissionsInterface" for deputy permissions management offering methods:

  • grantDeputyPermission() Grants a new deputy permission

  • updateDeputyPermission() Updates an existent deputy permission

  • revokeDeputyPermission() Revokes/deletes an existent deputy permission

  • getDeputyPermission() Retrieves a certain deputy permission

  • listAll() Lists all deputy permissions for a given context

API - SOAP

SCR-1431

Summary: Added new SOAP API for deputy permissions management

Added new SOAP API "http://soap.admin.openexchange.com/OXDeputyPermissionsService" for deputy permissions management offering methods:

  • grant() Grants a new deputy permission

  • update() Updates an existent deputy permission

  • revoke() Revokes/deletes an existent deputy permission

  • get() Retrieves a certain deputy permission

  • list() Lists all deputy permissions for a given context

Behavioral Changes

SCR-1425

Summary: Removed Replacement of "email 1" by "default sender address"

Previously, the middleware implicitly injected the configured "default sender address" into the "email 1" field of contacts representing internal users, in case com.openexchange.notification.fromSource was set to defaultSenderAddress. This handling goes back to a workaround that was introduced to make this mail address available in Outlook through the former OXtender integration.

This caused different issues in the past, e.g. unexpected values in the global address book, incorrect search results, multiple users with apparently the same mail addresses etc.

As the client for which the workaround has been introduced has passed away a long time ago, this implicit mail address replacement is now removed, as it is obviously no longer necessary. Consequently, the provisioned "email 1" address is now always exposed in user contact objects through all APIs, regardless of aforementioned configuration setting com.openexchange.notification.fromSource.

So for cases where a different default sender address has been set before in a user's mail settings, the behavioral change would be that this address will now no longer be displayed for the associated contact object, but the actually stored value for "email 1".

Configuration

SCR-1449

Summary: Added DNS configuration options for MX records look-up on ISPDB auto-config detection

Added new lean DNS configuration options for MX records look-up on ISPDB auto-config detection

  • com.openexchange.mail.autoconfig.ispdb.dns.resolverHost The optional host name for the DNS server on MX record look-up. If not specified system's default DNS service is used.

  • com.openexchange.mail.autoconfig.ispdb.dns.resolverPort The optional port number for the DNS server on MX record look-up. If not specified default port (53 UDP) is used.

SCR-1441

Summary: New Configuration Property "com.openexchange.oidc.staySignedIn"

If the default OIDC backend implementation is used, sessions created through OpenID Connect have the "stay signed in" marker set to false by default.

This can now be changed through configuration parameter com.openexchange.oidc.staySignedIn, and has an impact on the cookie- and OX session lifetime. If true, cookies will be decorated with the max. age as configured via com.openexchange.cookie.ttl. Also, the maximum idle time of OX sessions will be aligned to com.openexchange.sessiond.sessionLongLifeTime. If set to false, cookies will use session lifetime, and the maximum OX session idle time follows com.openexchange.sessiond.sessionDefaultLifeTime.

The lean property defaults to false, is reloadable, and not config-cascade aware.

SCR-1438

Summary: Removed all xing properties

The following xing properties have been removed:

  • com.openexchange.oauth.xing
  • com.openexchange.oauth.xing.apiKey
  • com.openexchange.oauth.xing.apiSecret
  • com.openexchange.oauth.xing.consumerKey
  • com.openexchange.oauth.xing.consumerSecret
  • com.openexchange.subscribe.socialplugin.xing
  • com.openexchange.subscribe.socialplugin.xing.autorunInterval

SCR-1435

Summary: Removed option from Redis configuration

Removed option "com.openexchange.redis.resilientDatabase" from Redis configuration in favor of possibility to specify a dedicated Redis instance for volatile (cache) data; see SCR-1434.

Thus instead of specifying a dedicated database for resilient data (such as sessions), the administrator is supposed to deploy dedicated Redis instance for volatile (cache) data.

SCR-1434

Summary: Added option to Redis configuration to specify a separate instance

Added new lean option "com.openexchange.redis.cache.enabled" to Redis configuration to specify a separate instance dedicated for volatile (cache) data. This option is neither reloadable nor config-cascade aware.

With that option set to "true", the administrator may specify further Redis options for that special Redis instance through using the "cache" infix; e.g.

com.openexchange.redis.cache.enabled=true
com.openexchange.redis.cache.mode=standalone
com.openexchange.redis.cache.hosts=localhost:6379
 ...

SCR-1407

Summary: Replaced 'tokenlogin-secrets' file with lean configuration

The file `tokenlogin-secrets` was used to define "secret" applications for which a token login was allowed. Such "secrets" could be enriched with parameters, controlling flows in the middleware. The file was not reloadable nor config cascade aware. Therefore, replaced the file with config cascade aware and reloadable properties. The properties are defined as followed:
  • com.openexchange.tokenlogin.applications specifies the application identifiers to use, split by comma. These IDs were formerly knwon as "secrets". No default value is defined. The IDs are used to define application specific behaviour through the other properties
  • com.openexchange.tokenlogin.[applicationId].accessPassword specifies whether or not the user's password is part of the response when redeeming the token. Default is false.
  • com.openexchange.tokenlogin.[applicationId].copyParameters specifies whether or not to copy all session parameters into the cloned session, that is created during the token login action. Default is false
  • com.openexchange.tokenlogin.[applicationId].announceId specifies whether or not to announce the application identifier to a client within the JSLob. Default is false.
  • com.openexchange.tokenlogin.[applicationId].parameters specifies additional key-value pairs for the application, paired by equals, split by semicolon. Default is empty. Mainly kept for legacy reasons.

Database

SCR-1436

Summary: Introduced update task for removing xing accounts

Introduced the update task com.openexchange.oauth.impl.internal.groupware.RemoveXingAccountsUpdateTask for removing xing accounts.

Packaging/Bundles

SCR-1437

Summary: Removed xing bundles

Removed xing bundles:

  • com.openexchange.xing
  • com.openexchange.xing.access
  • com.openexchange.xing.json
  • com.openexchange.subscribe.xing
  • com.openexchange.oauth.xing
  • com.openexchange.halo.xing

Package definitions have been removed as well:

  • open-xchange-xing-json

SCR-1429

Summary: Added new bundle for deputy permissions management via SOAP

Added new bundle "com.openexchange.admin.soap.deputy" for deputy permissions management via SOAP. That new bundle has been added to "open-xchange-admin-soap" package.

SCR-1426

Summary: Removed "FilteringObjectStreamFactory" Service and parent Bundle "com.openexchange.serialization"

The service com.openexchange.serialization.FilteringObjectStreamFactory as well as its parent bundle com.openexchange.serialization are no longer used and had been deprecated along with SCR-1421. Now they're removed from middleware core.

Important Changes