Last Update: 2019-05-21
There is an issue in the hunspell library which cannot cope with composed utf-16 characters. As we use the library in-process the SIGSEGV causes a complete crash of the process.This has been fixed by filtering out all composed utf-16 characters to prevent possible crashes in the hunspell library.
Invoke a “post deletion” call-back to reseller plug-in to let reseller information being cleared when context has been successfully removed.
This has been solved by fixing broken collection invalidation.
IMAP server advertises multiple public namespaces, but Open-Xchange Middleware only checks for one.This has been solved by paying respect to possibly multiple public namespaces when determining proper ACL identifier.
Util function sent undefined instead of empty object.This has been fixed by returning the correct value. Now it is possible to create an appointment from email without getting an error.
During the closing process the Address Picker was not properly reseted.Now the folder selection is reseted during the closing of the address picker.
The default copyright is now displayed correctly.
Some misinterpretation of CSS from IE 11 caused this issue.This has been solved by adding a CSS fix only for IE11 to handle this issue.
This is just an improvement for signatures: Signature with empty content (only whitespace) will not be added anymore.
In contrast to the main activation button the little toggle is considering the date range.The little toggle now only depends on the active state of the rule.
Dropping images to an iframe caused the browser to reload the whole view which might lead to data loss. Since no easy fix was found, we disabled drag and drop.Reenable drag and drop by attaching listeners inside the iframe which will prevent reload of the page with the dropped content on the one hand and on the other hand correctly uploads image based on the previous mechanisms.
Spam/ham information advertised mail account data even though no spam handler was available or concrete spam handler tells to not create such folders.This has been fixed by suppressing spam/ham information in mail account data if spam is disabled or no such folders are supposed to be created according to spam handler specification.
Response format was strangely encoded HTML.This has been solved by forcing response format to be correct HTML with JSON data.
The fix for this bug ensures that no duplicate entries are left in “filestore2user” table when trying to change its PRIMARY KEY.
The menu entry for “What’s new” and “Guided Tour” wasn’t disabled for guest.
This was caused by a vacation notice which makes use of the date range (current date test) and the zone option in this test is missing. This happens if the vacation notice was created with a older appsuite version. A missing zone option will now be compensated based on the current values.
The root cause seems to be a bad token used for list query against the google api. Now a full sync as fallback is done in case of bad sync tokens.
Fixed wrong comparing on server side.
Reenable drag and drop which was disabled because dropping images to an iframe caused the browser to reload the whole view.
Backend writes configuration for recently opened documents while the tour is running. This (wrongly) deletes the “shown” flag of the tour. After the tour has been finished, the “shown” flag will be saved again to the configuration now.
Added a workaround for IE11 in the appcontrol.
Update process is triggered automatically when loading a context and context-associated DB schema has pending update tasks. Solution: Do not trigger update if context is disabled.
In case context-associated server does not match the server associated with target node a CTX-0012 error is thrown, which initiates automatic redirection to another node (as configured through
“com.openexchange.server.migrationRedirectURL” property).Solution: Do not throw CTX-0012 error in case context is disabled to avoid automatic redirection to another node. Instead, outer logic recognizes tat context is disabled through authorization service.
Links opened by blankshield are blocked due to security reasons.Solution: Open links with rel=“noopener” directly in chrome 72 and above. Note that this is just an intermediate fix and will be replaced as soon as the issue is fixed in blankshield.
UpdateTask was missing an index exists check.Solution: Added an index exists check.
Bundling orginal tokenfield file (static) lead to loading it’s content twice and custom ‘prototype’ fixes in our tokenfiled.js was overwritten by the second load.Solution: Clean up bundle.
The reminder was not parsed properly since a recent change.
Fallback name was html encoded.Solution: Use available attendee data as fallback.
The unified mail storage returned normal mail ids instead of unified ones for copy/move commands.Solution: Return proper unified mail ids.
CSS background-size’s implicit height value ‘auto’.Solution: Use 100% as value for height.
If in ‘Settings -> Mail -> Signatures’ the option “Add signature above quoted text” is selected, the signature in forwarded mail is not above, it’s placed at the bottom of mail.Solution: Added
“com.openexchange.mail.forwardUnquoted” setting to JSlob under path
“io.ox/mail//forwardunquoted” and use different ‘selector’ in forwarding context when mail are forwarded unquoted.
Web accessibility steals the focus on clicking into the subject field on Internet Explorer.Do not apply refocus on click because this should only happen with keyboard navigation to solve this issue.
UI was too restrictive regarding move action.This has been solved by enabling move action but grey out unsupported folders.
Only checked weekdays and not if it’s the same week.This has been solved by adding check if it overlapps into next week.
Wrong use of plural form.This has been fixed by using singular form now.
Not considered the special case for all-day events which were then printed the day before they started and the day after.This has been solved by filtering correctly for all-day appointments.
UI accidentally used ‘noimg’ or ‘trusted’ as value for api parameter ‘view’. In case ‘Allow html formatted emails’ is disabled the only valid value is ‘text’, this was adjusted to fix this issue.
The “select all” button has no effect on the vacation notice model due to a wrong naming.This has been fixed by changing the attribute name accordingly so the model can be handled correctly.
Removes button ‘manual’ cause is it used as fallback in case autodiscover fails and should not be handled as a separate option for ux reasons.
Out Of Memory when importing large iCal files.This has been solved by reducing the used heap space. Detailed informations about the import limit “com.openexchange.imort.ical.limit” are available here:See https://documentation.open-xchange.com/components/middleware/config/7.10.1/index.html#mode=features&feature=Import/Export .
This has been improved by some adjustments: For guest users first try the com.openexchange.share.migrationRedirectURL property and then fall-back (if necessary) to com.openexchange.server.migrationRedirectURL. Moved the check of the potentially absent c.o.share.migrationRedirectURL in the SegmentedUpdateService.
This driverestricted patch includes a new server key to enable fcm Push for Drive Android and a new iOS Push certificate.
Too generic approach in the recurrence view. All timezones with negative offset are affected. In detail, the timezone of a task (utc) wasn’t considered when creating the recurrence rule.This has been solved by considering different timezones when using calendar or task. StartDate of calendar knows its timezone whereas tasks are always in utc.
Size calculation was not correctly taking external files into account.This has been fixed by changing the calculation to respect all sizes of the attached files including external files.
Settings considered all apps which where rendered in the launcher and did no dedicated capability check.Filter for apps, which are disabled by capabilities but might be visible due to upsell to solve this issue.
The defined dependency of the update task (com.openexchange.groupware.update.tasks.ContextAttributeConvertUtf8ToUtf8mb4Task) might be excluded and could not be solved.This has been fixed by setting dependency to com.openexchange.groupware.update.tasks.CreateIndexOnContextAttributesTask.
The rule title was missing the translation capability.This has been solved by adding the translation capability.
Account name may be cryptic in special mail environments.Added a new feature toggle to explicitly use the “My Folders” string for private mail folders. This solves an issue for customers where the account name is generated during provisioning and may not match the real user name/mail. Added new feature toggle ‘io.ox/mail//features/usePrimaryAccountNameInTree’, default is “true”.
UNTIL in the recurrence rule has been interpreted as a date value by the UI, whereas it should be a datetime value.The UNTIL part of the recurrence rule now contain as a datetime value. Therefore, the zulu timestamp in UNTIL is now after the startdate of the last occurrence.
Wrong root folder selected after removing a folder.This has been solved by removing superfluous event trigger and fixed regular expression.
The three dots shown at the end of the shortened message were hidden by the close icon.This has been solved by adjusting the padding to prevent the overlapping.
Adjusted reload/relogin hint and added translations.
In cases where the user did not enable “stay signed in” but did reload the browser it appeared as if the session would have been terminated since a login prompt was shown. However, existing cookies were maintained and allow API actions for the users account. This situation was caused by trying to automatically login, which fails in this scenario, but not removing existing cookies in case the login failed. Thanks to amalyoman.
Importing iCal files allowed to reference attachments at other users appointments. Those references were not correctly checked for permissions, which could be exploited to extract confidential data from other users within the same context. CVE-2018-18464, thanks to stemcloud.
The API to sync mobile and desktop OX Drive clients allowed to modify a files media-type to an arbitrary value. This could be used to bypass sanitizers that apply rules based on a files media-type. We added a method to recognize and reject such changes using the Drive API. CVE-2018-18462, thanks to secator.
When using a specific set of quotes and links at plain-text mails, those would be converted to HTML entities but not sanitized. Opening the content could then execute mailicious script code. We now make sure to sanitize and purify such content after processing plain-text mails. CVE-2018-18462, thanks to secator.
As random parameters at requests to the Documentconverter components were not checked, a client-side request forgery attack was possible. This could be used to extract confidential information from documents when being used in combination with a social engineering attack. CVE-2018-18463, thanks to stemcloud.
The calendar API did expose unnecessary information about appointments flagged as “secret” at shared folders. When haing access to a shared calendar, this could be used to get metadata about this kind of appointment. We reduced the amount of information provided for such appointments significantly so that no actual information is leaked. CVE-2018-18464, thanks to stemcloud.
Certain HTML content at mail attachment file names was detected and used as parameter by the “bootstrap” frontend component. This could lead to script execution when hovering the attachment as the file name would be injected to DOM (to show a tooltip) but not be sanitized. CVE-2018-13104, thanks to s1ck-sec.
Attachment file names for PIM objects (like appointments, contacts) were appended without ensuring they do not contain any markup. This could lead to script execution when checking the objects attachments. We now transform attachment names to text nodes before using them as dropdown labels to prevent markup injection into the DOM. CVE-2018-13104, thanks to Zhihua Yao.
Plain-text URLs at appointment descriptions were injected as HTML without further processing, which could lead to script execution if those URLs contain script code. We now use existing mechanisms to generate safe URLs.
HTML-to-text conversion of mail bodies could take a long time, potentially leading to excessively long running threads. We added a new timeout for this operation which defaults to 10 seconds.
The oAuth2 spec defines the “scope” parameter as optional in case the grant type is
authorization_code. We adjusted our implementation to be compliant to this.
In some cases database updates to the calendar could leave a schema in “locked” state. Unlocking such schemas could fail due to database read timeouts. We now detect such timeouts and invalidate context cache nevertheless, which means schemas would get unlocked properly.
We added improvements to avoid empty calendar exports in some special cases and find the actual root cause.
A fallback path mapping for CalDAV clients that synchronize a single static collection causes calendars to appear duplicated in another 3rd party client that does not remove no longer advertised collections automatically. We now try a fallback to legacy collection name only for Thunderbird/Lightning but not all clients.
When running database update-tasks with long duration, errors could be thrown as it was attempted to commit to an idle database connection that was already closed on database side in the meantime. We removed the need for this commit command and don’t use any surrounding database connection if the
intermediateCommits setting is enabled.
In cases where the global address book was disabled, the users profile picture was not shown. This has been solved by de-coupling access to the own contact picture from GAB permissions.
The automatic sign-out feature redirects the user to the default login page and was not considering a custom logout location configuration. This got fixed.
Wrong PRIMARY KEY specified for “filestore2user” table, which allows duplicate entries per user.This has been solved by avoiding duplicate entries in “filestore2user” table when moving user’s file storage.
When a CalDAV client performs a listing of all child resources in an event collection, some specific event properties need to be queried from the storage that were not yet whitelisted when checking against the configured maximum list of returned results. This led to an internal error, which was indicated as HTTP 400 for the client. We now allow unlimited result lists when getting CalDAV-specific meta properties from events.
When removing a DAV client as active session, using
closesession or changing the users password, DAV sessions were maintained until service restart even though they are expected to be invalidated. We now look up those sessions and close them properly.
AddOriginColumnToInfostoreDocumentTable database update-task had an incomplete check for existing table columns. This could lead to situations where a column would be added again, leading to SQL errors. We added a check for this.
Missing conversion when receiving clients of family webdav. Until now, the CalDAV/CardDAV fallback was used.This has been solved by showing WebDAV for webdav clients in the UI.
No closing on resizing let to this issue.This has been fixed by adding event handler to close dropdowns on resize.
Wrong function was used to get the translated text.Now using correct function to get the right translation.
The dialog to define size related mail filter conditions has been updated to be more usable and specific with regards to size units.
Also fixed by the Bugfix from #61044.
Also fixed by the Bugfix from #61044.
It was not possible to export a calendar.This has been fixed by avoiding IAE when TimeZone can’t be found by adding NullGuard.
Transferring deprecated “clusterWeight” element leads to a SOAP fault.This has been solved by ignoring deprecated “clusterWeight” element in incoming SOAP request.
In case the
malpoll bundle was installed earlier, certain database tables would be created. After removing this component, the context mover routine would stumble upon those now unknown tables. We solved that by catching the error and warn about unknown tables that would not be moved instead of failing.
Missed possibility to check if a context exists in a certain server.This has been solved by adding possibility to check a context’s existence in the scope of the registered server, in which the called provisioning node is running in. Thus the client is able to check before-hand, in which setup a context exists.
Naming changed from
drive_user_folder_mode. Solution: Accept and output alternative
drive_folder_mode element for passing
Missing fail handler for savepoints.Solution: Being robust when savepoints are incomplete and remove savepoints of deleted draft mails.
The feature has been designed to only serve one
migrationRedirect URL. This has been solved by adding the possibility to configure the
migrationRedirectURL on a per-host basis via
LOCATED_IN_ANOTHER_SERVER exception was not properly handled in the
ShareServlet. This has been fixed by handling the exception properly, i.e. redirect the client to the appropriate node. Introduced a new
migrationRedirectURL property for the servlet to use in order to send a redirect to the correct node.
Documentation was not up to date about newly added update tasks. Updated Documentation.
No explicit change of column length in keys on liquibase changesets. This has been fixed by changing key definition.
Simplified the message when quota was exceeded. Message may not be translated in every language yet.
No differentiation between keyboard “clicks” and touch/mouse “clicks”.Support autoselect only for keyboard navigation to solve this.
When running in legacy calendar mode, certain user accounts could not be deleted due to constraints at their calendar data. This was solved by handling half-migrated data on the legacy storage.
When disabling a capability to access Drive, the corresponding icon was shown at the top bar (used for upsell) but the settings area was available too. We removed the ability to access settings for “upsell” features.
The vacation notice rule was not properly translated and sorted (should always be on top) when viewing the mail filter overview. This has been fixed.
The error handler for errors like this was missing.This has been solved by adding the missing error handler. If an account is unfunctional a popup appears announcing the error. In case of a pop3 account this happens after the configured refresh interval.
When composing mail and selecting specific mail addresses through autocomplete, an error was thrown. This was related to the sort order for relevancy of individual contacts. We solved that by using a fall-back sort order in such cases.
Increase robustness for mail by using loader information directly instead of a derived property value. Now the folder is always displayed in a search result.
When the same email address is set as an alias for multiple users, a calendar user address URI may get resolved to the wrong user. We now prefer the referenced users addresses when resolving calendar user addresses to solve this issue.
Dutch translation contained a double pipe (||) which was used in a regular expression which matches all strings.This has been solved by making the code more robust against empty strings.
OX changed its headquarter to lovely Cologne, we updated this information at the “About” dialog as well.
Sortname was the same with multiple contacts, so no clear sorting order.This has been fixed by adding the first valid mail address as second sorting criteria, if sortnames are the same.
Even though password recovery was disabled, the process was launched in some cases where we incorrectly detected “Unified Mail” constructs as external mail accounts. This has been solved by ignoring such constructs when checking for external accounts.
Wrong vCard file name representations are compared. This has been solved by checking proper vCard file name representations.
This has been solved by increasing MaxLength for password.
Changing the email address with the command line tools led to error messages. This has been solved by checking if passed user reference contains updated email addresses or aliases.
Websocket request didn’t consider the
X-Forward header. We’re now properly considering the header and configured whitelisted IPs.
Sanitizer removed attributes needed for mail styling.This has been solved by improving sanitizer so styles are preserved.
When working with mails saved as draft, the read receipt setting was not considered. This could lead to unexpected read receipts.
oauthAccounts table of new database schemas was still using the legacy 3-byte UTF-8 encoding default. This has been updated to
utf8mb4 by adding explicit assignments of
Proper cleanup in case of runtime exceptions while writing to filestore.
Content type with upper case letters do not pass the attachment check for inlineimages.Made content type check case-insensitve for inline images to solve this issue.
The date is stored in UTC but was converted to a localized date by momentjs which could lead to a wrong date in some cases.This has been fixed by converting the rule to a date in utc time to prevent timezone offsets to display a different date.
Selected mail not scrolled into view.Now scroll selected mail into view to have this mail displayed.
Frontend passed wrong information to middleware in case personal part of “From” address contains brackets as a workaround for another old issue. This has been solved by removing the workaround.
It was not possible to update the “anniversary” parameter for contacts when using the
changeuser command-line tool. This has been updated to mimic the “birthday” parameter in terms of date format.
When leaving the mail body empty and using Dutch translation, an empty string was part of the warning message. This has been solved by updating the related translation.
Documentation for theming was incorrect with regards to a background image. This has been updated.
Grizzly access logging did incorrectly use day of year instead of day of month. This has been fixed by adjusting the corresponding libraries date pattern.
When creating the auto-forward rule it was not checked if the used sieve action “copy” exists.Now, if the sieve action “copy” is not available the combination “redirect” / “keep” is retained to solve this issue.
lsub entry couldn’t be resolved because of a naming mismatch: “Inbox” vs “INBOX”. This has been fixed by storing
lsub entries also under the original fullname, so no error is displayed while moving mails from external accounts.
The hostname was is used to create the octets. If the hostname is not an IP address the conversion failed. This has been solved by using host address instead of hostname to calculate octets.
Trying to issue an
EXAMINE command against a non-existent folder yields a
FolderNotFoundException. This has been fixed by treating a possible exception as folder cannot be opened.
The “vcard” parameter was parsed and written differently when dealing with draft mails. Solution: Lenient evaluation of “vcard” parameter.
Mailfilter information was requested on each automatic or manual global refresh. We modified this to save some connections and reduce latency, mailfilter information will now be updated only when working at the respective settings page.
It was not possible to display messages fetched from IMAP having a corrupt
BODYSTRUCTURE information. More robust handling with IMAP messages having a corrupt
BODYSTRUCTURE information solves this issue.
When a search for contacts or other objects would not return a result, the corresponding list would just be empty. We changed that in a way that a descriptive text is used to inform that no items were found.
Due to a library update, credentials were sent in a different encoding. This led to a compatibility issue with a former workaround, which now got removed.
Buttons for contact selection and appointment visibility were lacking aria labels. This has been fixed.
We added new roles and attributes to the mail toolbar, enabling actions to be identified as buttons.
Malformed organizer/principal data in the legacy calendar storage caused a runtime exception when encoding extended organizer properties for the new storage. This has been solved by detecting and omitting invalid organizer “SENT-BY” data.
The tasks toolbar and its buttons were not providing correct aria information, this has been solved by adding a new role and handling the case where no button would be visible.
The buttons to minimize, maximize or close a floating window were using generic “Button” aria-label attributes instead of defining their actual usage. This has been changed and we now provide information what those buttons would do.
Loading IMAP part by reference failed for mails generated by certain scripts. The IMAP server did signal zero bytes when using relative section identifier “TEXT” in such cases. This has been solved by retrying to fetch IMAP part in case no specific section identifier was used. Using specific section identifier works without problems.
When using a screen reader and focusing the message body frame, “escape” would not return to the message list. This has been solved.
When using a screen reader, the “unread” counter for mailboxes would contain a msgstr placeholder instead of the actual number of unread messages. We solved this by updating the translation file.
When using upper-case mail addresses the referenced contact image was not always shown. We solved this by matching addresses in a case insensitive way.
Custom logo was intentionally hidden on smartphones.Show logo on smartphone again to solve this issue.
Multiple IMAP-IDLE listeners spawned for a user in a cluster for unknown reason. This has been solved by changing handling of IMAP-IDLE listeners: Extended logging to check why a new IMAP-IDLE listener was spawned, more aggressive refreshing of acquired cluster lock and avoiding (remotely) checking existence of sessions for existing cluster lock entries and immediately tear-down of an IMAP-IDLE listener once it times out.
In cases where mails contained empty strings as reference headers, such mails could be sorted into conversations where they don’t belong. We solved this by only considering non-empty
references headers when building mail threads.
Mailbox order was off in case a user defined “Inbox” to be the archive folder. We added some robustness to make sure folders cannot be duplicates and lead to odd sort decisions.
When trying to export the “birthday” calendar, a exception was raised in some edge cases. We have added additional logging to find the root cause for this.
When using reset on a backbone collection with plain js objects, the reset function removes objects which looks like to have the same identifier and only one attachment was displayed.Prevent this by creating models first and then use reset.
Root cause: The concept has changed. If the view button is shown now depends on if the Viewer can display the file.
We added a check to make sure the “View” button for attachments only gets displayed if the Viewer can display the file.
The cause of this issue was that the origin folder was used for capability checks instead of the destination folder. This has been solved by using the destination folder instead when doing “move” operations.
When using search at external drive accounts for the first time, an error could occur. This has been solved by always adding a “account” facet to be sure the right account is provided for the search request.
No filtering and yells for those emails.This has been solved by adding yells and filtering.
The wrong name has been stored as the fullname (e.g. ‘Spam123’ instead of ‘subfolder.Spam123’) and this folder was created on the root level. This has been solved by using the proper fullname instead of the short name.
Only direct subfolders were unsubscribed. We now properly unsubscribe all subfolders to solve this issue.
Concurrent loading of stale data into cache while deletion is not yet committed caused a problem. This has been fixed by introducing a cache eviction listener and its respective registry. Implemented listeners to evict folder cache entries after the database transaction is committed.
We added a workaround for IE11 to enable scrollbars for contacts.
In cases where a plain-text attachment name was too short to allow reliable charset detection (8bytes), a fallback to ANSI was used. We improved this by always advertising the charset parameter for such attachments as a more likely fallback.
Specific broken mails contain broken encodings for senders, this led to user-facing error messages even though users can’t solve the issue. We improved the check for illegal charsets in such cases and now catch the error.
Changes that were made for release 7.10.0 to improve provisioning have been made on the wrong assumption that the primary key for the table
contextAttribute is defined as
( but it was configured to be
( which allowed to specify multiple values. This has been fixed by adjusting primary key to be
( and properly prepare content before.
Failed to read value for config-tree path warnings when opening share links. We no longer apply shared compose settings if not available to solve this issue.
Mail compose did not unregister its logout extension point if startup fails. This causes the logout to abort as the extension is still there for a non-existing mail compose instance.This has been fixed by removing logout extension if app startup fails.
In case permanent mail push listeners get registered at an excessive rate, for example when redirecting proxy traffic, deadlocks could occur. We reduced the need for locking to prevent this situation.
A missing “participants” array in the updated appointment data was misinterpreted so that participants got removed.Take over original participant data in case they’re not explicitly set by the client.
After hiding and showing your name, it is was still hidden.This has been fixed by storing current account “displayname” right from the start and keep in updated every time a instance of mail compose is created.
Guest quota was not working as expected.This has been solved by removing frontend quota check.
Guest quota was not working as expected. This has been solved by removing a frontend quota check.