App Suite Middleware
3rd Party Libraries/License Change
SCR-1451
Summary: Updated Google Guava from v33.2.1 to v33.3.0
Updated Google Guava from v33.2.1 to v33.3.0 in bundle com.google.guava
SCR-1450
Summary: Removed org.eclipse.osgi.services helper bundle
Removed org.eclipse.osgi.services helper bundle in favor of individual org.osgi.service.X bundles
SCR-1448
Summary: Upgraded dnsjava (an implementation of DNS in Java)
Upgraded dnsjava from v3.5.3 to v3.6.1 in target platform (com.openexchange.bundles
)
SCR-1440
Summary: Updated OSGi target platform bundles
Updated the following OSGi target platform bundles
org.apache.felix.gogo.runtime_1.1.4.v20210111-1007.jar
updated toorg.apache.felix.gogo.runtime_1.1.6.jar
org.eclipse.osgi.util_3.7.200.v20230103-1101.jar
updated toorg.eclipse.osgi.util_3.7.300.v20231104-1118.jar
org.eclipse.osgi_3.18.400.v20230509-2241.jar
updated toorg.eclipse.osgi_3.20.0.v20240509-1421.jar
SCR-1433
Summary: Updated lettuce library from v6.3.2 to v6.4.0
Updated lettuce library from v6.3.2 to v6.4.0in bundle io.lettuce
- lettuce-core-6.4.0.RELEASE.jar
SCR-1432
Summary: Updated Netty libraries from v4.1.111 to v4.1.112
Updated Netty libraries from v4.1.111 to v4.1.112 in bundle io.netty
- netty-buffer-4.1.112.Final.jar
- netty-codec-4.1.112.Final.jar
- netty-codec-dns-4.1.112.Final.jar
- netty-codec-http2-4.1.112.Final.jar
- netty-codec-http-4.1.112.Final.jar
- netty-codec-socks-4.1.112.Final.jar
- netty-common-4.1.112.Final.jar
- netty-handler-4.1.112.Final.jar
- netty-handler-proxy-4.1.112.Final.jar
- netty-resolver-4.1.112.Final.jar
- netty-resolver-dns-4.1.112.Final.jar
- netty-transport-4.1.112.Final.jar
- netty-transport-native-unix-common-4.1.112.Final.jar
API - HTTP-API
SCR-1406
Summary: Added an client defined expiration time to /token?action=acquireToken
The parameter expiry
was added to the request acquireToken
. Thus, a client is able to define an individual expiry for a login token, see also /login?action=redeemToken
. The expiry parameter will only be considered if the value is less the configured value through com.openexchange.tokenlogin.maxIdleTime
SCR-1405
Summary: Renamed parameter in '/login?action=redeemToken'
The parameter secret
has been renamed to appId
since it is more fitting to the nature of the parameter. secret
can still be used, but is deprecated from now on. It will be removed in upcoming releases.
API - Java
SCR-1428
Summary: Deprecation of JCS-based "CacheService"
After a new caching implementation has been introduced with com.openexchange.cache.v2.CacheService
, the previously used, JCS-based com.openexchange.caching.CacheService
is now deprecated and is scheduled for removal in a later release. Until then, the interfaces are available and the service is basically still usable, however, without remote cache invalidation features.
SCR-1192
Summary: Removed com.openexchange.cluster.timer.ClusterTimerService
Removed com.openexchange.cluster.timer.ClusterTimerService
API - RMI
SCR-1430
Summary: Added new RMI API for deputy permissions management
Added new RMI API "com.openexchange.admin.rmi.OXDeputyPermissionsInterface
" for deputy permissions management offering methods:
grantDeputyPermission()
Grants a new deputy permissionupdateDeputyPermission()
Updates an existent deputy permissionrevokeDeputyPermission()
Revokes/deletes an existent deputy permissiongetDeputyPermission()
Retrieves a certain deputy permissionlistAll()
Lists all deputy permissions for a given context
API - SOAP
SCR-1431
Summary: Added new SOAP API for deputy permissions management
Added new SOAP API "http://soap.admin.openexchange.com/OXDeputyPermissionsService
" for deputy permissions management offering methods:
grant()
Grants a new deputy permissionupdate()
Updates an existent deputy permissionrevoke()
Revokes/deletes an existent deputy permissionget()
Retrieves a certain deputy permissionlist()
Lists all deputy permissions for a given context
Behavioral Changes
SCR-1425
Summary: Removed Replacement of "email 1" by "default sender address"
Previously, the middleware implicitly injected the configured "default sender address" into the "email 1" field of contacts representing internal users, in case com.openexchange.notification.fromSource
was set to defaultSenderAddress
. This handling goes back to a workaround that was introduced to make this mail address available in Outlook through the former OXtender integration.
This caused different issues in the past, e.g. unexpected values in the global address book, incorrect search results, multiple users with apparently the same mail addresses etc.
As the client for which the workaround has been introduced has passed away a long time ago, this implicit mail address replacement is now removed, as it is obviously no longer necessary. Consequently, the provisioned "email 1" address is now always exposed in user contact objects through all APIs, regardless of aforementioned configuration setting com.openexchange.notification.fromSource
.
So for cases where a different default sender address has been set before in a user's mail settings, the behavioral change would be that this address will now no longer be displayed for the associated contact object, but the actually stored value for "email 1".
Configuration
SCR-1449
Summary: Added DNS configuration options for MX records look-up on ISPDB auto-config detection
Added new lean DNS configuration options for MX records look-up on ISPDB auto-config detection
com.openexchange.mail.autoconfig.ispdb.dns.resolverHost
The optional host name for the DNS server on MX record look-up. If not specified system's default DNS service is used.com.openexchange.mail.autoconfig.ispdb.dns.resolverPort
The optional port number for the DNS server on MX record look-up. If not specified default port (53 UDP) is used.
SCR-1441
Summary: New Configuration Property "com.openexchange.oidc.staySignedIn"
If the default OIDC backend implementation is used, sessions created through OpenID Connect have the "stay signed in" marker set to false
by default.
This can now be changed through configuration parameter com.openexchange.oidc.staySignedIn, and has an impact on the cookie- and OX session lifetime. If true
, cookies will be decorated with the max. age as configured via com.openexchange.cookie.ttl. Also, the maximum idle time of OX sessions will be aligned to com.openexchange.sessiond.sessionLongLifeTime. If set to false
, cookies will use session lifetime, and the maximum OX session idle time follows com.openexchange.sessiond.sessionDefaultLifeTime.
The lean property defaults to false
, is reloadable, and not config-cascade aware.
SCR-1438
Summary: Removed all xing properties
The following xing properties have been removed:
- com.openexchange.oauth.xing
- com.openexchange.oauth.xing.apiKey
- com.openexchange.oauth.xing.apiSecret
- com.openexchange.oauth.xing.consumerKey
- com.openexchange.oauth.xing.consumerSecret
- com.openexchange.subscribe.socialplugin.xing
- com.openexchange.subscribe.socialplugin.xing.autorunInterval
SCR-1435
Summary: Removed option from Redis configuration
Removed option "com.openexchange.redis.resilientDatabase"
from Redis configuration in favor of possibility to specify a dedicated Redis instance for volatile (cache) data; see SCR-1434.
Thus instead of specifying a dedicated database for resilient data (such as sessions), the administrator is supposed to deploy dedicated Redis instance for volatile (cache) data.
SCR-1434
Summary: Added option to Redis configuration to specify a separate instance
Added new lean option "com.openexchange.redis.cache.enabled"
to Redis configuration to specify a separate instance dedicated for volatile (cache) data. This option is neither reloadable nor config-cascade aware.
With that option set to "true"
, the administrator may specify further Redis options for that special Redis instance through using the "cache"
infix; e.g.
com.openexchange.redis.cache.enabled=true
com.openexchange.redis.cache.mode=standalone
com.openexchange.redis.cache.hosts=localhost:6379
...
SCR-1407
Summary: Replaced 'tokenlogin-secrets' file with lean configuration
The file `tokenlogin-secrets` was used to define "secret" applications for which a token login was allowed. Such "secrets" could be enriched with parameters, controlling flows in the middleware. The file was not reloadable nor config cascade aware. Therefore, replaced the file with config cascade aware and reloadable properties. The properties are defined as followed:com.openexchange.tokenlogin.applications
specifies the application identifiers to use, split by comma. These IDs were formerly knwon as "secrets". No default value is defined. The IDs are used to define application specific behaviour through the other propertiescom.openexchange.tokenlogin.[applicationId].accessPassword
specifies whether or not the user's password is part of the response when redeeming the token. Default isfalse
.com.openexchange.tokenlogin.[applicationId].copyParameters
specifies whether or not to copy all session parameters into the cloned session, that is created during the token login action. Default isfalse
com.openexchange.tokenlogin.[applicationId].announceId
specifies whether or not to announce the application identifier to a client within the JSLob. Default isfalse
.com.openexchange.tokenlogin.[applicationId].parameters
specifies additional key-value pairs for the application, paired by equals, split by semicolon. Default is empty. Mainly kept for legacy reasons.
Database
SCR-1436
Summary: Introduced update task for removing xing accounts
Introduced the update task com.openexchange.oauth.impl.internal.groupware.RemoveXingAccountsUpdateTask
for removing xing accounts.
Packaging/Bundles
SCR-1437
Summary: Removed xing bundles
Removed xing bundles:
- com.openexchange.xing
- com.openexchange.xing.access
- com.openexchange.xing.json
- com.openexchange.subscribe.xing
- com.openexchange.oauth.xing
- com.openexchange.halo.xing
Package definitions have been removed as well:
- open-xchange-xing-json
SCR-1429
Summary: Added new bundle for deputy permissions management via SOAP
Added new bundle "com.openexchange.admin.soap.deputy
" for deputy permissions management via SOAP. That new bundle has been added to "open-xchange-admin-soap
" package.
SCR-1426
Summary: Removed "FilteringObjectStreamFactory" Service and parent Bundle "com.openexchange.serialization"
The service com.openexchange.serialization.FilteringObjectStreamFactory
as well as its parent bundle com.openexchange.serialization
are no longer used and had been deprecated along with SCR-1421. Now they're removed from middleware core.