App Suite Middleware

General

SCR-1473

Summary: Updated lettuce library from v6.4.0 to v6.5.0

Updated lettuce library from v6.4.0 to v6.5.0in bundle io.lettuce

  • lettuce-core-6.5.0.RELEASE.jar

3rd Party Libraries/License Change

SCR-1476

Summary: Updated Jackson libraries from v2.16.1 to v2.18.1 in target platfom

Updated several libraries to update Jackson libraries from v2.16.1 to v2.18.1

Target platform bundles (com.open-xchange.bundles)

  • stax2-api-4.2.1.jar replaced with stax2-api-4.2.2.jar
  • jackson-annotations-2.16.1.jar replaced with jackson-annotations-2.18.1.jar
  • jackson-core-2.16.1.jar replaced with jackson-core-2.18.1.jar
  • jackson-databind-2.16.1.jar replaced with jackson-databind-2.18.1.jar
  • jackson-dataformat-cbor-2.16.1.jar replaced with jackson-dataformat-cbor-2.18.1.jar
  • jackson-dataformat-xml-2.16.1.jar replaced with jackson-dataformat-xml-2.18.1.jar
  • jackson-datatype-jsr310-2.16.1.jar replaced with jackson-datatype-jsr310-2.18.1.jar
  • jackson-datatype-jsr310-2.16.1.jar replaced with jackson-datatype-jsr310-2.18.1.jar
  • jackson-datatype-jsr353-2.16.1.jar replaced with jackson-datatype-jsr353-2.18.1.jar
  • jackson-jakarta-rs-base-2.16.1.jar replaced with jackson-jakarta-rs-base-2.18.1.jar
  • jackson-jakarta-rs-json-provider-2.16.1.jar replaced with jackson-jakarta-rs-json-provider-2.18.1.jar
  • jackson-jakarta-rs-xml-provider-2.16.1.jar replaced with jackson-jakarta-rs-xml-provider-2.18.1.jar
  • jackson-module-jakarta-xmlbind-annotations-2.16.1.jar replaced with jackson-module-jakarta-xmlbind-annotations-2.18.1.jar
  • jackson-module-jaxb-annotations-2.16.1.jar replaced with jackson-module-jaxb-annotations-2.18.1.jar

Bundle com.ctc.wstx

  • woodstox-core-6.5.1.jar replaced with woodstox-core-7.0.0.jar

Bundle org.yaml.snakeyaml

  • snakeyaml-2.2.jar replaced with snakeyaml-2.3.jar

SCR-1472

Summary: Updated Netty libraries from v4.1.112 to v4.1.114

Updated Netty libraries from v4.1.112 to v4.1.114 in bundle io.netty

  • netty-buffer-4.1.112.Final.jar
  • netty-codec-4.1.112.Final.jar
  • netty-codec-dns-4.1.112.Final.jar
  • netty-codec-http2-4.1.112.Final.jar
  • netty-codec-http-4.1.112.Final.jar
  • netty-codec-socks-4.1.112.Final.jar
  • netty-common-4.1.112.Final.jar
  • netty-handler-4.1.112.Final.jar
  • netty-handler-proxy-4.1.112.Final.jar
  • netty-resolver-4.1.112.Final.jar
  • netty-resolver-dns-4.1.112.Final.jar
  • netty-transport-4.1.112.Final.jar
  • netty-transport-native-unix-common-4.1.112.Final.jar

Configuration

SCR-1475

Summary: New property to configure SSO Logout when OX Sessions are closed

In order to configure after which session removal events an OpenID Connect session is also closed on the provider side, the following lean configuration property is introduced:

com.openexchange.oidc.opLogoutOnSessionRemoval

It specifies an optional comma-separated list of certain session removal events for which the logout endpoint of the OP should be invoked as well to terminate the OIDC session. This does not affect regular/explicit, client-initiated logout flows where the OP is always included as per com.openexchange.oidc.ssoLogout. Also, sessions spawned using the Resource Owner Password Credentials Grant are not considered.

Configurable removal events include:

  • expired - The session is removed after being idle/unused for a certain duration
  • user_closed - Another session is removed explicitly by the user (usually via session management API)
  • admin_closed - A session is removed explicitly via an administrative interface (e.g. close sessions commandline utility or REST API)

The property is empty by default, reloadable, and not config-cascade-aware. See also the documentation for further details.

SCR-1470

Summary: Added new lean property to control detection of inline images

Added new lean property com.openexchange.mail.detectInlineImageByDispositionOnly that controls whether to detect inline images solely by its value for "Content-Disposition" header (required to be "inline") and to ignore any file name information (e.g through "filename" parameter).

SCR-1462

Summary: Added new property to track Redis operation taking longer than a configured threshold

Added new lean property com.openexchange.redis.operationExecutionTimeThreshold to track Redis operation taking longer than a configured threshold. Default value is 0 (zero), therefore disabled by default. Not reloadable and not config-cascade aware.