Aggregated bug-fixes for 7.10.1

Last Update: 2019-05-21

Patch Release 5248 (2019-05-14)

Shipped Components and Versions

Fixed Bugs

65073 Java JVM Crash on spell check with emoji Emojis U+1F60A

There is an issue in the hunspell library which cannot cope with composed utf-16 characters. As we use the library in-process the SIGSEGV causes a complete crash of the process.This has been fixed by filtering out all composed utf-16 characters to prevent possible crashes in the hunspell library.

Patch Release 5247 (2019-05-16)

Shipped Components and Versions

Fixed Bugs

62453 Failed deletecontext leaves context in an inconsistent state

Invoke a “post deletion” call-back to reseller plug-in to let reseller information being cleared when context has been successfully removed.

Patch Release 5235 (2019-05-13)

Shipped Components and Versions

Fixed Vulnerabilities

64703 CVE-2019-11522

CVSS: 5.4

64682 CVE-2019-11522

CVSS: 5.4

64680 CVE-2019-11521

CVSS: 6.5

62465 CVE-2019-11806

CVSS: 3.3

Fixed Bugs

64722 With categories, Drag and Drop from one tab to another doesn’t update unread count

This has been solved by fixing broken collection invalidation.

Patch Release 5211 (2019-04-29)

Shipped Components and Versions

Fixed Bugs

63965 SQLException: Duplicate entry for key ‘PRIMARY’ after upgrade to the latest version

IMAP server advertises multiple public namespaces, but Open-Xchange Middleware only checks for one.This has been solved by paying respect to possibly multiple public namespaces when determining proper ACL identifier.

63767 Error when creating an appointment from email

Util function sent undefined instead of empty object.This has been fixed by returning the correct value. Now it is possible to create an appointment from email without getting an error.

63482 Address picker displays incorrect items for “All folders”

During the closing process the Address Picker was not properly reseted.Now the folder selection is reseted during the closing of the address picker.

63477 About model shows old copyright date

The default copyright is now displayed correctly.

63443 Feedback Module: Text message is not aligned properly when the mouse is hovered on the rating/selecting rating icon in IE browser

Some misinterpretation of CSS from IE 11 caused this issue.This has been solved by adding a CSS fix only for IE11 to handle this issue.

63387 Additional empty line on signature

This is just an improvement for signatures: Signature with empty content (only whitespace) will not be added anymore.

63211 Expired Vacation notice shows up “active” within the popup of the settings area

In contrast to the main activation button the little toggle is considering the date range.The little toggle now only depends on the active state of the rule.

62794 No drag and drop of pictures while composing a new mail

Dropping images to an iframe caused the browser to reload the whole view which might lead to data loss. Since no easy fix was found, we disabled drag and drop.Reenable drag and drop by attaching listeners inside the iframe which will prevent reload of the page with the dropped content on the one hand and on the other hand correctly uploads image based on the previous mechanisms.

61167 Mail folder could not be found: confirmed-spam

Spam/ham information advertised mail account data even though no spam handler was available or concrete spam handler tells to not create such folders.This has been fixed by suppressing spam/ham information in mail account data if spam is disabled or no such folders are supposed to be created according to spam handler specification.

55298 Maximum configured sized needs to be fixed for Japanese Error message

Response format was strangely encoded HTML.This has been solved by forcing response format to be correct HTML with JSON data.

Patch Release 5180 (2019-04-02)

Shipped Components and Versions

Fixed Bugs

63965 SQLException Duplicate entry ‘3-3’ for key ‘PRIMARY’

The fix for this bug ensures that no duplicate entries are left in “filestore2user” table when trying to change its PRIMARY KEY.

63452 Sharing Links / What’s New Tour Errors

The menu entry for “What’s new” and “Guided Tour” wasn’t disabled for guest.

63435 vacation notice cannot be changed after migration to 7.10

This was caused by a vacation notice which makes use of the date range (current date test) and the zone option in this test is missing. This happens if the vacation notice was created with a older appsuite version. A missing zone option will now be compensated based on the current values.

63386 google calendar 410 gone

The root cause seems to be a bad token used for list query against the google api. Now a full sync as fallback is done in case of bad sync tokens.

63222 not possible to switch appointment visibility from private to secret

Fixed wrong comparing on server side.

62794 no drag and drop of pictures while composing a new mail

Reenable drag and drop which was disabled because dropping images to an iframe caused the browser to reload the whole view.

62755 Guided Tours for document apps called two times without any user interaction

Backend writes configuration for recently opened documents while the tour is running. This (wrongly) deletes the “shown” flag of the tour. After the tour has been finished, the “shown” flag will be saved again to the configuration now.

62746 changes in custom theme #2

Added a workaround for IE11 in the appcontrol.

Patch Release 5149 (2019-03-13)

Shipped Components and Versions

Fixed Vulnerabilities

63411 CVE-2019-9739

47790 CVE-2016-6849

CVSS: 7.1

Fixed Bugs

63333 [L3] periodic Cleaners triggers update tasks

Update process is triggered automatically when loading a context and context-associated DB schema has pending update tasks. Solution: Do not trigger update if context is disabled.

63331 [L3] redirection if schemata is disabled

In case context-associated server does not match the server associated with target node a CTX-0012 error is thrown, which initiates automatic redirection to another node (as configured through “com.openexchange.server.migrationRedirectURL” property).Solution: Do not throw CTX-0012 error in case context is disabled to avoid automatic redirection to another node. Instead, outer logic recognizes tat context is disabled through authorization service.

63240 [L3] cannot open newsletters with new google chrome 72

Links opened by blankshield are blocked due to security reasons.Solution: Open links with rel=“noopener” directly in chrome 72 and above. Note that this is just an intermediate fix and will be replaced as soon as the issue is fixed in blankshield.

63216 [L3] update task fails: UPD-0014 Duplicate key name action

UpdateTask was missing an index exists check.Solution: Added an index exists check.

63184 [L3] Recipient disappears if double-clicked then click away

Bundling orginal tokenfield file (static) lead to loading it’s content twice and custom ‘prototype’ fixes in our tokenfiled.js was overwritten by the second load.Solution: Clean up bundle.

63135 Tasks not working correctly

The reminder was not parsed properly since a recent change.

62970 Display Name incorrect in calendar event

Fallback name was html encoded.Solution: Use available attendee data as fallback.

62835 [L3] Edit Copy Button in Draft folder does not work as expected for externally linked accounts

The unified mail storage returned normal mail ids instead of unified ones for copy/move commands.Solution: Return proper unified mail ids.

62216 [L3] Task section > progress bar doesn’t work on Chrome, Opera and Safari

CSS background-size’s implicit height value ‘auto’.Solution: Use 100% as value for height.

61388 [L3] Signatures not above quoted text

If in ‘Settings -> Mail -> Signatures’ the option “Add signature above quoted text” is selected, the signature in forwarded mail is not above, it’s placed at the bottom of mail.Solution: Added “com.openexchange.mail.forwardUnquoted” setting to JSlob under path
“io.ox/mail//forwardunquoted” and use different ‘selector’ in forwarding context when mail are forwarded unquoted.

Patch Release 5133 (2019-02-25)

Shipped Components and Versions

Fixed Bugs

62770 In IE11 opening multiple compose windows can make subject field uneditable

Web accessibility steals the focus on clicking into the subject field on Internet Explorer.Do not apply refocus on click because this should only happen with keyboard navigation to solve this issue.

62761 Moving an appointment from an invitation to a private calendar is not possible

UI was too restrictive regarding move action.This has been solved by enabling move action but grey out unsupported folders.

62730 Wrong weekly view with appointments over several days

Only checked weekdays and not if it’s the same week.This has been solved by adding check if it overlapps into next week.

62609 Translation issue in Tasks on mobile

Wrong use of plural form.This has been fixed by using singular form now.

62212 All day event uses multiple days when printed from monthly view

Not considered the special case for all-day events which were then printed the day before they started and the day after.This has been solved by filtering correctly for all-day appointments.

Patch Release 5076 (2019-01-28)

Shipped Components and Versions

Fixed Bugs

62345 Html part of mail always shown

UI accidentally used ‘noimg’ or ‘trusted’ as value for api parameter ‘view’. In case ‘Allow html formatted emails’ is disabled the only valid value is ‘text’, this was adjusted to fix this issue.

62305 Vacation alias settings are broken and no autoresponder for all mail addresses

The “select all” button has no effect on the vacation notice model due to a wrong naming.This has been fixed by changing the attribute name accordingly so the model can be handled correctly.

62263 Add mail account on mobile: buttons hide text field for input

Removes button ‘manual’ cause is it used as fallback in case autodiscover fails and should not be handled as a separate option for ux reasons.

62106 Ical import fails with 503 error

Out Of Memory when importing large iCal files.This has been solved by reducing the used heap space. Detailed informations about the import limit “com.openexchange.imort.ical.limit” are available here:See https://documentation.open-xchange.com/components/middleware/config/7.10.1/index.html#mode=features&feature=Import/Export .

60826 Sharing is not fully capable to deal with “segmented updates”

This has been improved by some adjustments: For guest users first try the com.openexchange.share.migrationRedirectURL property and then fall-back (if necessary) to com.openexchange.server.migrationRedirectURL. Moved the check of the potentially absent c.o.share.migrationRedirectURL in the SegmentedUpdateService.

Patch Release 5030 (2019-01-10)

Shipped Components and Versions

Fixed Bugs

253 New server key and new Push certificate

This driverestricted patch includes a new server key to enable fcm Push for Drive Android and a new iOS Push certificate.

Patch Release 5023 (2019-01-16)

Shipped Components and Versions

Fixed Bugs

62240 Creating tasks while on a different time zone with a yearly or monthly repeat leads to wrong dates

Too generic approach in the recurrence view. All timezones with negative offset are affected. In detail, the timezone of a task (utc) wasn’t considered when creating the recurrence rule.This has been solved by considering different timezones when using calendar or task. StartDate of calendar knows its timezone whereas tasks are always in utc.

62237 Maileditor shows ‘0’ as size for drive attachments

Size calculation was not correctly taking external files into account.This has been fixed by changing the calculation to respect all sizes of the attached files including external files.

62218 Basic Accounts can still use Drive as a Standard App although it is disabled

Settings considered all apps which where rendered in the launcher and did no dedicated capability check.Filter for apps, which are disabled by capabilities but might be visible due to upsell to solve this issue.

62201 Unable to determine next update task

The defined dependency of the update task (com.openexchange.groupware.update.tasks.ContextAttributeConvertUtf8ToUtf8mb4Task) might be excluded and could not be solved.This has been fixed by setting dependency to com.openexchange.groupware.update.tasks.CreateIndexOnContextAttributesTask.

62178 Translation issue for “autoforward” in Filter Rules

The rule title was missing the translation capability.This has been solved by adding the translation capability.

62074 WebGUI E-Mail “My Folders” (“meine Ordner”) are changed to URL of Mail which does not work for some customer

Account name may be cryptic in special mail environments.Added a new feature toggle to explicitly use the “My Folders” string for private mail folders. This solves an issue for customers where the account name is generated during provisioning and may not match the real user name/mail. Added new feature toggle ‘io.ox/mail//features/usePrimaryAccountNameInTree’, default is “true”.

62034 Appointment series ends one day to early

UNTIL in the recurrence rule has been interpreted as a date value by the UI, whereas it should be a datetime value.The UNTIL part of the recurrence rule now contain as a datetime value. Therefore, the zulu timestamp in UNTIL is now after the startdate of the last occurrence.

61823 Drive shows main folder content instead of content from selected folder

Wrong root folder selected after removing a folder.This has been solved by removing superfluous event trigger and fixed regular expression.

61777 Out of office information in Mail module not wrapped

The three dots shown at the end of the shortened message were hidden by the close icon.This has been solved by adjusting the padding to prevent the overlapping.

61427 Wrong hint in the Settings page for reload or relogin

Adjusted reload/relogin hint and added translations.

Release 7.10.1 (2018-11-28)

Shipped Components and Versions

Fixed Vulnerabilities

61315 Cookies maintained when autlogin fails

In cases where the user did not enable “stay signed in” but did reload the browser it appeared as if the session would have been terminated since a login prompt was shown. However, existing cookies were maintained and allow API actions for the users account. This situation was caused by trying to automatically login, which fails in this scenario, but not removing existing cookies in case the login failed. Thanks to amalyoman.

60241 Direct references for iCal “ATTACH” exposes data

Importing iCal files allowed to reference attachments at other users appointments. Those references were not correctly checked for permissions, which could be exploited to extract confidential data from other users within the same context. CVE-2018-18464, thanks to stemcloud.

60089 Media-type modification through Drive API

The API to sync mobile and desktop OX Drive clients allowed to modify a files media-type to an arbitrary value. This could be used to bypass sanitizers that apply rules based on a files media-type. We added a method to recognize and reject such changes using the Drive API. CVE-2018-18462, thanks to secator.

60088 Sanitizer bypass for script code at plain-text content

When using a specific set of quotes and links at plain-text mails, those would be converted to HTML entities but not sanitized. Opening the content could then execute mailicious script code. We now make sure to sanitize and purify such content after processing plain-text mails. CVE-2018-18462, thanks to secator.

60025 CSRF for PDF conversion

As random parameters at requests to the Documentconverter components were not checked, a client-side request forgery attack was possible. This could be used to extract confidential information from documents when being used in combination with a social engineering attack. CVE-2018-18463, thanks to stemcloud.

59798 Information about secret appointments could be extracted

The calendar API did expose unnecessary information about appointments flagged as “secret” at shared folders. When haing access to a shared calendar, this could be used to get metadata about this kind of appointment. We reduced the amount of information provided for such appointments significantly so that no actual information is leaked. CVE-2018-18464, thanks to stemcloud.

59653 Script gadgets could lead to XSS

Certain HTML content at mail attachment file names was detected and used as parameter by the “bootstrap” frontend component. This could lead to script execution when hovering the attachment as the file name would be injected to DOM (to show a tooltip) but not be sanitized. CVE-2018-13104, thanks to s1ck-sec.

59507 PIM attachments could inject script code

Attachment file names for PIM objects (like appointments, contacts) were appended without ensuring they do not contain any markup. This could lead to script execution when checking the objects attachments. We now transform attachment names to text nodes before using them as dropdown labels to prevent markup injection into the DOM. CVE-2018-13104, thanks to Zhihua Yao.

59365 Appointment description could inject script code

Plain-text URLs at appointment descriptions were injected as HTML without further processing, which could lead to script execution if those URLs contain script code. We now use existing mechanisms to generate safe URLs.

Fixed Bugs

61720 High load during mail parsing

HTML-to-text conversion of mail bodies could take a long time, potentially leading to excessively long running threads. We added a new timeout for this operation which defaults to 10 seconds.

61667 OIDC implementation not standard compliant

The oAuth2 spec defines the “scope” parameter as optional in case the grant type is authorization_code. We adjusted our implementation to be compliant to this.

61655 Unable to unlock databases while migrating

In some cases database updates to the calendar could leave a schema in “locked” state. Unlocking such schemas could fail due to database read timeouts. We now detect such timeouts and invalidate context cache nevertheless, which means schemas would get unlocked properly.

61615 Unable to export certain calendars

We added improvements to avoid empty calendar exports in some special cases and find the actual root cause.

61613 Issues with syncing calendars using CalDAV

A fallback path mapping for CalDAV clients that synchronize a single static collection causes calendars to appear duplicated in another 3rd party client that does not remove no longer advertised collections automatically. We now try a fallback to legacy collection name only for Thunderbird/Lightning but not all clients.

61465 Errors during database update

When running database update-tasks with long duration, errors could be thrown as it was attempted to commit to an idle database connection that was already closed on database side in the meantime. We removed the need for this commit command and don’t use any surrounding database connection if the intermediateCommits setting is enabled.

61420 Missing profile picture when using PIM configuration

In cases where the global address book was disabled, the users profile picture was not shown. This has been solved by de-coupling access to the own contact picture from GAB permissions.

61385 Automatic logout not using custom locations

The automatic sign-out feature redirects the user to the default login page and was not considering a custom logout location configuration. This got fixed.

61293 Moveuserfilestore inserts duplicate entry in table filestore2user

Wrong PRIMARY KEY specified for “filestore2user” table, which allows duplicate entries per user.This has been solved by avoiding duplicate entries in “filestore2user” table when moving user’s file storage.

61254 Errors when syncing iOS Calendar using CalDAV

When a CalDAV client performs a listing of all child resources in an event collection, some specific event properties need to be queried from the storage that were not yet whitelisted when checking against the configured maximum list of returned results. This led to an internal error, which was indicated as HTTP 400 for the client. We now allow unlimited result lists when getting CalDAV-specific meta properties from events.

61240 DAV sessions are maintained until restart

When removing a DAV client as active session, using closesession or changing the users password, DAV sessions were maintained until service restart even though they are expected to be invalidated. We now look up those sessions and close them properly.

61200 Duplicate column name when running database update

The AddOriginColumnToInfostoreDocumentTable database update-task had an incomplete check for existing table columns. This could lead to situations where a column would be added again, leading to SQL errors. We added a check for this.

61044 Dav account shows up multiple times in security active clients

Missing conversion when receiving clients of family webdav. Until now, the CalDAV/CardDAV fallback was used.This has been solved by showing WebDAV for webdav clients in the UI.

61026 Setting menu does not move when browser windows get maximized

No closing on resizing let to this issue.This has been fixed by adding event handler to close dropdowns on resize.

61023 Translation error on tooltip

Wrong function was used to get the translated text.Now using correct function to get the right translation.

61017 Missing units for “size” related mail filter conditions

The dialog to define size related mail filter conditions has been updated to be more usable and specific with regards to size units.

60936 Webdav mount shown as caldav

Also fixed by the Bugfix from #61044.

60936 Webdav mount shown as caldav

Also fixed by the Bugfix from #61044.

60928 Calendar export 0 bytes

It was not possible to export a calendar.This has been fixed by avoiding IAE when TimeZone can’t be found by adding NullGuard.

60901 createModuleAccessByName is not backward compatible

Transferring deprecated “clusterWeight” element leads to a SOAP fault.This has been solved by ignoring deprecated “clusterWeight” element in incoming SOAP request.

60895 Errors when moving context to database schema

In case the malpoll bundle was installed earlier, certain database tables would be created. After removing this component, the context mover routine would stumble upon those now unknown tables. We solved that by catching the error and warn about unknown tables that would not be moved instead of failing.

60889 Provisioning calls do not always consider server name/ID when looking up contexts

Missed possibility to check if a context exists in a certain server.This has been solved by adding possibility to check a context’s existence in the scope of the registered server, in which the called provisioning node is running in. Thus the client is able to check before-hand, in which setup a context exists.

60874 SOAP “user change” method is not backward compatible

Naming changed from drive_folder_mode to drive_user_folder_mode. Solution: Accept and output alternative drive_folder_mode element for passing drive_user_folder_mode.

60850 Mail windows not usable after re-login

Missing fail handler for savepoints.Solution: Being robust when savepoints are incomplete and remove savepoints of deleted draft mails.

60828 Segmented updates doesn’t work with multiple domains

The feature has been designed to only serve one migrationRedirect URL. This has been solved by adding the possibility to configure the migrationRedirectURL on a per-host basis via as-config.yml.

60826 Sharing is not fully capable to deal with “segmented updates”

The LOCATED_IN_ANOTHER_SERVER exception was not properly handled in the ShareServlet. This has been fixed by handling the exception properly, i.e. redirect the client to the appropriate node. Introduced a new migrationRedirectURL property for the servlet to use in order to send a redirect to the correct node.

60789 Inconsistent “Chronos” update task dependencies

Documentation was not up to date about newly added update tasks. Updated Documentation.

60745 Database migration fails with “max key length” error

No explicit change of column length in keys on liquibase changesets. This has been fixed by changing key definition.

60718 Strange error message when Quota is exceeded

Simplified the message when quota was exceeded. Message may not be translated in every language yet.

60698 Contact list selected, contacts get deselected when clicking on group header

No differentiation between keyboard “clicks” and touch/mouse “clicks”.Support autoselect only for keyboard navigation to solve this.

60668 Removing user fails due to calendar error

When running in legacy calendar mode, certain user accounts could not be deleted due to constraints at their calendar data. This was solved by handling half-migrated data on the legacy storage.

60619 Drive shown although disabled

When disabling a capability to access Drive, the corresponding icon was shown at the top bar (used for upsell) but the settings area was available too. We removed the ability to access settings for “upsell” features.

60602 Missing translation for vacation notice

The vacation notice rule was not properly translated and sorted (should always be on top) when viewing the mail filter overview. This has been fixed.

60565 No UI message if pop account not working

The error handler for errors like this was missing.This has been solved by adding the missing error handler. If an account is unfunctional a popup appears announcing the error. In case of a pop3 account this happens after the configured refresh interval.

60460 Error message while composing mail

When composing mail and selecting specific mail addresses through autocomplete, an error was thrown. This was related to the sort order for relevancy of individual contacts. We solved that by using a fall-back sort order in such cases.

60457 Search intermittently displays no folder information with results

Increase robustness for mail by using loader information directly instead of a derived property value. Now the folder is always displayed in a search result.

60418 Calendar not displayed

When the same email address is set as an alias for multiple users, a calendar user address URI may get resolved to the wrong user. We now prefer the referenced users addresses when resolving calendar user addresses to solve this issue.

60388 “Forgotten attachment?” message displays by sending e-mail in NL

Dutch translation contained a double pipe (||) which was used in a regular expression which matches all strings.This has been solved by making the code more robust against empty strings.

60382 Incorrect copyright holder

OX changed its headquarter to lovely Cologne, we updated this information at the “About” dialog as well.

60380 Address book sort order is different based on the number of contacts

Sortname was the same with multiple contacts, so no clear sorting order.This has been fixed by adding the first valid mail address as second sorting criteria, if sortnames are the same.

60346 Attempted password recovery for Unified Mail

Even though password recovery was disabled, the process was launched in some cases where we incorrectly detected “Unified Mail” constructs as external mail accounts. This has been solved by ignoring such constructs when checking for external accounts.

60277 vCard gets attached multiple times

Wrong vCard file name representations are compared. This has been solved by checking proper vCard file name representations.

60274 Login - password length restricted to 100 characters (maxlength=“100”)

This has been solved by increasing MaxLength for password.

60262 Changing a user’s email address leads to calendar errors

Changing the email address with the command line tools led to error messages. This has been solved by checking if passed user reference contains updated email addresses or aliases.

60161 IP change detected with X-Forward

Websocket request didn’t consider the X-Forward header. We’re now properly considering the header and configured whitelisted IPs.

60140 Mail content not displayed

Sanitizer removed attributes needed for mail styling.This has been solved by improving sanitizer so styles are preserved.

60115 Read receipt sent for Draft mails

When working with mails saved as draft, the read receipt setting was not considered. This could lead to unexpected read receipts.

60097 Legacy 3-byte UTF-8 used for oauthAccounts

The oauthAccounts table of new database schemas was still using the legacy 3-byte UTF-8 encoding default. This has been updated to utf8mb4 by adding explicit assignments of CHARSET and COLLATION.

60017 WebDAV upload overrides context quota and can thus fill up underlying filestore

Proper cleanup in case of runtime exceptions while writing to filestore.

60013 Attachment actions not shown on certain mail

Content type with upper case letters do not pass the attachment check for inlineimages.Made content type check case-insensitve for inline images to solve this issue.

60011 End Date is displaying off by one after saving calendar recurrence

The date is stored in UTC but was converted to a localized date by momentjs which could lead to a wrong date in some cases.This has been fixed by converting the rule to a date in utc time to prevent timezone offsets to display a different date.

59957 Mail selected after login, might not be visible to user

Selected mail not scrolled into view.Now scroll selected mail into view to have this mail displayed.

59914 Compromised account mail headers

Frontend passed wrong information to middleware in case personal part of “From” address contains brackets as a workaround for another old issue. This has been solved by removing the workaround.

59899 Unable to change “anniversary” attribute via CLI

It was not possible to update the “anniversary” parameter for contacts when using the changeuser command-line tool. This has been updated to mimic the “birthday” parameter in terms of date format.

59860 Missing translation for empty mail bodies

When leaving the mail body empty and using Dutch translation, an empty string was part of the warning message. This has been solved by updating the related translation.

59851 Incorrect documentation on theming

Documentation for theming was incorrect with regards to a background image. This has been updated.

59773 Incorrect rotation pattern for Grizzly logs

Grizzly access logging did incorrectly use day of year instead of day of month. This has been fixed by adjusting the corresponding libraries date pattern.

59756 Sieve Rule with “redirect” and “keep” are changed to “redirect :copy”

When creating the auto-forward rule it was not checked if the used sieve action “copy” exists.Now, if the sieve action “copy” is not available the combination “redirect” / “keep” is retained to solve this issue.

59753 Error when dragging mail from an externally linked account

The lsub entry couldn’t be resolved because of a naming mismatch: “Inbox” vs “INBOX”. This has been fixed by storing lsub entries also under the original fullname, so no error is displayed while moving mails from external accounts.

59711 Grizzly not starting if IP range can’t be resolved

The hostname was is used to create the octets. If the hostname is not an IP address the conversion failed. This has been solved by using host address instead of hostname to calculate octets.

59692 Archive folder not created automatically

Trying to issue an EXAMINE command against a non-existent folder yields a FolderNotFoundException. This has been fixed by treating a possible exception as folder cannot be opened.

59684 Sending draft email with vcard fails

The “vcard” parameter was parsed and written differently when dealing with draft mails. Solution: Lenient evaluation of “vcard” parameter.

59651 Unnecessary SIEVE connections

Mailfilter information was requested on each automatic or manual global refresh. We modified this to save some connections and reduce latency, mailfilter information will now be updated only when working at the respective settings page.

59528 Error loading corrupt mails

It was not possible to display messages fetched from IMAP having a corrupt BODYSTRUCTURE information. More robust handling with IMAP messages having a corrupt BODYSTRUCTURE information solves this issue.

59454 Empty list in case search returns no results

When a search for contacts or other objects would not return a result, the corresponding list would just be empty. We changed that in a way that a descriptive text is used to inform that no items were found.

59419 Issues accessing mailboxes with specific password char

Due to a library update, credentials were sent in a different encoding. This led to a compatibility issue with a former workaround, which now got removed.

59339 Missing labels for appointment modification dialog

Buttons for contact selection and appointment visibility were lacking aria labels. This has been fixed.

59336 Mail buttons where reported as menu items to screen readers

We added new roles and attributes to the mail toolbar, enabling actions to be identified as buttons.

59333 Error when migrating calendar database

Malformed organizer/principal data in the legacy calendar storage caused a runtime exception when encoding extended organizer properties for the new storage. This has been solved by detecting and omitting invalid organizer “SENT-BY” data.

59307 Screen reader improvements for tasks

The tasks toolbar and its buttons were not providing correct aria information, this has been solved by adding a new role and handling the case where no button would be visible.

59306 Min/Max/Close buttons lack aria-label

The buttons to minimize, maximize or close a floating window were using generic “Button” aria-label attributes instead of defining their actual usage. This has been changed and we now provide information what those buttons would do.

59291 Mail from “phpmailer” not displayed

Loading IMAP part by reference failed for mails generated by certain scripts. The IMAP server did signal zero bytes when using relative section identifier “TEXT” in such cases. This has been solved by retrying to fetch IMAP part in case no specific section identifier was used. Using specific section identifier works without problems.

59252 Screenreader won’t return to message list

When using a screen reader and focusing the message body frame, “escape” would not return to the message list. This has been solved.

59251 Incorrect plural form for screen readers

When using a screen reader, the “unread” counter for mailboxes would contain a msgstr placeholder instead of the actual number of unread messages. We solved this by updating the translation file.

59211 Missing contact images

When using upper-case mail addresses the referenced contact image was not always shown. We solved this by matching addresses in a case insensitive way.

59206 Custom logo doesn’t display if logoAction is set

Custom logo was intentionally hidden on smartphones.Show logo on smartphone again to solve this issue.

59183 Multiple push notifications generated

Multiple IMAP-IDLE listeners spawned for a user in a cluster for unknown reason. This has been solved by changing handling of IMAP-IDLE listeners: Extended logging to check why a new IMAP-IDLE listener was spawned, more aggressive refreshing of acquired cluster lock and avoiding (remotely) checking existence of sessions for existing cluster lock entries and immediately tear-down of an IMAP-IDLE listener once it times out.

59113 Unexpected messages within threads

In cases where mails contained empty strings as reference headers, such mails could be sorted into conversations where they don’t belong. We solved this by only considering non-empty references headers when building mail threads.

59060 Unexpected mailbox ordering

Mailbox order was off in case a user defined “Inbox” to be the archive folder. We added some robustness to make sure folders cannot be duplicates and lead to odd sort decisions.

59057 Error when exporting Birthday calendar

When trying to export the “birthday” calendar, a exception was raised in some edge cases. We have added additional logging to find the root cause for this.

59054 Mail with 2 or more attachments - only 1 attachment gets forwarded

When using reset on a backbone collection with plain js objects, the reset function removes objects which looks like to have the same identifier and only one attachment was displayed.Prevent this by creating models first and then use reset.

59051 View will vanish for HTML and other not supported file types

Root cause: The concept has changed. If the view button is shown now depends on if the Viewer can display the file.

59051 Unable to preview HTML attachments

We added a check to make sure the “View” button for attachments only gets displayed if the Viewer can display the file.

58938 Checks not case sensitive when moving folder in Drive

The cause of this issue was that the origin folder was used for capability checks instead of the destination folder. This has been solved by using the destination folder instead when doing “move” operations.

58913 Error when searching at external Drive account

When using search at external drive accounts for the first time, an error could occur. This has been solved by always adding a “account” facet to be sure the right account is provided for the search request.

58895 Contacts with Email 2 field in distribution list do not populate

No filtering and yells for those emails.This has been solved by adding yells and filtering.

58857 IMAP “special use” flag ignored

The wrong name has been stored as the fullname (e.g. ‘Spam123’ instead of ‘subfolder.Spam123’) and this folder was created on the root level. This has been solved by using the proper fullname instead of the short name.

58849 Recursive folders in Trash get not unsubscribed when deleting

Only direct subfolders were unsubscribed. We now properly unsubscribe all subfolders to solve this issue.

58733 Deleting user causes high load

Concurrent loading of stale data into cache while deletion is not yet committed caused a problem. This has been fixed by introducing a cache eviction listener and its respective registry. Implemented listeners to evict folder cache entries after the database transaction is committed.

58586 Contacts scrollbar cannot be used with IE

We added a workaround for IE11 to enable scrollbars for contacts.

58532 Garbled attachment names in JIS encoding

In cases where a plain-text attachment name was too short to allow reliable charset detection (8bytes), a fallback to ANSI was used. We improved this by always advertising the charset parameter for such attachments as a more likely fallback.

58419 Illegal charsets led to error when browsing mail folders

Specific broken mails contain broken encodings for senders, this led to user-facing error messages even though users can’t solve the issue. We improved the check for illegal charsets in such cases and now catch the error.

58329 Multiple taxonomyTypes definitions possible for one context

Changes that were made for release 7.10.0 to improve provisioning have been made on the wrong assumption that the primary key for the table contextAttribute is defined as (cid,name) but it was configured to be (cid,name,value) which allowed to specify multiple values. This has been fixed by adjusting primary key to be (cid,name) and properly prepare content before.

58142 IAE for UserSettingMail at MailUploadQuotaChecker

Failed to read value for config-tree path warnings when opening share links. We no longer apply shared compose settings if not available to solve this issue.

57850 Logging out as test user (sometimes) not possible

Mail compose did not unregister its logout extension point if startup fails. This causes the logout to abort as the extension is still there for a non-existing mail compose instance.This has been fixed by removing logout extension if app startup fails.

57529 Deadlock when registering push listeners

In case permanent mail push listeners get registered at an excessive rate, for example when redirecting proxy traffic, deadlocks could occur. We reduced the need for locking to prevent this situation.

56589 Decline appointment as a secretary deletes the appointment for everyone

A missing “participants” array in the updated appointment data was misinterpreted so that participants got removed.Take over original participant data in case they’re not explicitly set by the client.

56342 Show and hide name while mail compose

After hiding and showing your name, it is was still hidden.This has been fixed by storing current account “displayname” right from the start and keep in updated every time a instance of mail compose is created.

54765 Guest quota not working as expected

Guest quota was not working as expected.This has been solved by removing frontend quota check.

54765 Guest quota not working as expected

Guest quota was not working as expected. This has been solved by removing a frontend quota check.