Aggregated bug-fixes for 7.10.2

Last Update: 2025-07-08

Patch Release 5780 (2020-06-30)

Shipped Components and Versions

Fixed Vulnerabilities

OXUIB-308 CVE-2020-15004

CVSS:3.1

MWB-348 CVE-2020-15002

CVSS:3.1

MWB-289 CVE-2020-15003

CVSS:3.1

MWB-265 CVE-2020-15004

CVSS:3.1

DOCS-2437 CVE-2020-15004

CVSS:3.1

DOCS-2368 CVE-2020-15004

CVSS:3.1

DOCS-2148 CVE-2020-15002

CVSS:3.1

DOCS-2147 CVE-2020-15002

CVSS:3.1

Fixed Bugs

OXUIB-53 Error dialog calendar account not translated

In case of several broken calendars, the error of the second calendar will be overwritten by the error of the first one.It was ensured that the correct error is always displayed.

OXUIB-302 URL scrambled in Resource, when it contains numerical string

Regex to detect phone numbers was not strict enough.This has been fixed by reworking regex to detect phone numbers better.

MWB-359 External accounts can not be changed anymore

A mail account is not necessary linked to linked to a transport account. Thus no transport server information can be obtained.This has been solved by checking if mail account is linked to a transport account when testing if transport server settings are about to be updated.

68091 Found no such composition space

Existing mechanism to periodically perform a clean-up task for expired composition spaces might not trigger actual clean-up often enough.This has been solved by choosing another mechanism to periodically perform a clean-up task for expired composition spaces.

Patch Release 5764 (2020-06-19)

Shipped Components and Versions

Fixed Bugs

OXUIB-252 Same email search results in different options

When ‘search’ collection get’s expired via expire() the ‘expire’ property got reverted immediately.This has been solved by manipulating ‘expired’ property directly.

OXUIB-246 Reply-To field isn’t working at all

Missing support for “reply_to” field in new mail compose implementation.This has been fixed by adding support for “reply_to” field in new mail compose implementation.

OXUIB-183 Found no such composition space

There is a little time gap between the POST /compose/:id/attachment to state to have a progress of 100% and the fact, that the upload call resolves. This is the time, the server needs to finally store the attachment somewhere. If the mail is send in exactly this gap, a race condition between sending and attaching the image to the mail might occur.Wait until the attachment-upload has been resolved before the mail send process can be started is solving this issue.

MWB-323 “set” in sieve rule: mailfilter page not loading

Action command parser was missing.This has been solved by adding action command parser for set action.

MWB-311 Possible memory leak in middleware

Internal cache in IMAP bundle used to held in-memory structure of IMAP server’s LIST/LSUB output steadily fills up over several months as long as enough active session are present. Moreover, accumulation of unused/stale IMAP store containers managed in IMAP connection cache also due to vast number of active sessions.Let cached entries expire (and remove from cache) after reasonable amount of idle time as well as drop unused/stale IMAP store containers managed in IMAP connection cache to solve this issue.

MWB-292 Error: Unable to start local cleanup

Possible shutdown not detected and an annoying error message gets logged.This has been solved by detecting shutdown and avoid that error message.

Patch Release 5741 (2020-05-26)

Shipped Components and Versions

Fixed Bugs

OXUIB-183 Found no such composition space

There is a little time gap between the POST /compose/:id/attachment to state to have a progress of 100% and the fact, that the upload call resolves. This is the time, the server needs to finally store the attachment somewhere. If the mail is send in exactly this gap, a race condition between sending and attaching the image to the mail might occur.Wait until the attachment-upload has been resolved before the mail send process can be started.

MWB-31 not possible to add multiple totp accounts on same server

No unique information for the TOTP account.Added the user’s login to the TOTP account.

MWB-273 Unexpected error [Error performing calendar migration in context xxx] caused by NullPointerException

A missing value within the legacy series pattern causes an unhandled exception when trying to convert it into a recurrence rule.Fall back to “first” week when converting monthly_2/yearly_2 patterns if not specified.

66412 chronos migration “java.lang.IllegalStateException: too many empty recurrence sets”

A bogus series pattern was converted into a recurrence rule that produces no occurrences. Automatically correct invalid “yearly 2” and “monthly 2” patterns during conversion, handle possible IllegalStateException properly.

Patch Release 5719 (2020-05-12)

Shipped Components and Versions

Fixed Vulnerabilities

MWB-70 CVE-2020-12646

CVSS:3.1

MWB-226 CVE-2020-12644

CVSS:3.1

MWB-221 CVE-2020-12645

CVSS:3.1

MWB-190 CVE-2020-12646

CVSS:3.1

MWB-120 CVE-2020-12645

CVSS:3.1

MWB-108 CVE-2020-12643

CVSS:3.1

MWB-107 CVE-2020-12645

CVSS:3.1

DOCS-1886 CVE-2020-12646

CVSS:3.1

DOCS-1844 CVE-2020-8542

CVSS:3.1

Fixed Bugs

USM-4 Continuous “429 Too Many Requests HTTP error code” messages

Because the root cause is not known this is just an improvement: Handle symptom after the rate limiter has blocked further login requests and try to avoid retries by the client. Currently USM returns HTTP status 200 (with error status content in the EAS protocol response). Now USM returns 429 with header “Retry-After” with the same time period as returned by the backend.

USM-1 EAS can’t send mails when umlauts in loginname

The e-mail address of the user with umlauts in the domain name is directly used as from address for sending the e-mail. USM does replace the from address in the e-mail delivered by the client with the internally set e-mail address.This has been fixed by converting the domain part of the users e-mail address to punny code when building the EAS-configuration.

OXUIB-218 Wrong link creation for MS Teams invitation after adding to calendar

Caused by UI urlify function (detect links in plain text). This function did some wrong encoding.This has been fixed by removing useless encoding.

OXUIB-184 IE11 shows less columns in launcher pop-up

IE11 has sometimes issues with calculating dropdown dimensions.This has been fixed by using fixed width in IE11.

OXUIB-166 Signatures in Plain text mails are with a blank line

Was casued by wrong Blocknode detection.This has been solved by adjusting Blocknode detection.

OXUIB-148 App Launcher does not react on every second tap on smartphones

Backdrop added for dropdowns on mobile catches clicks and is not removed after dropdown closed.This has been solved by making sure backdrop element gets removed if dropdowns close.

OXUIB-131 Distribution list saves with invalid entry

Error message did not prevent saving, success message from saving overwrote the error message.This has been solved by stopping saving if there is an error so the user has a chance to notice the error message.

OXUIB-129 Composition spaces gets duplicated for some reasons

Remove handlers all work on same list of points regardless of the fact one of those handlers already removed a point, was caused by a race condition.This has been improved by maintaining a list of deleted ids and further removeRestorePoint calls remove those points again if needed.

MWB-202 Brute-force-logins from one IP leads to denial-of-service (reject with 500 for all logins) after some minutes

Accumulation of HTTP sessions through massive number of incoming HTTP requests steadily spawning a new HTTP session. For example, if the server used only cookie-based sessions, and the client had disabled the use of cookies, then a session would be new on each request.This has been solved by avoiding accumulation of HTTP sessions through massive number of incoming requests. Invalidate unused/unjoined as well as non-authenticated HTTP session. Moreover, ensure removal of invalid session cookies.

Patch Release 5676 (2020-04-14)

Shipped Components and Versions

Fixed Bugs

OXUIB-169 Edit screen is not showing up when updating contact image in Edge browser

Internal device helper function identifies Edge also as IE.This has been solved by adjusting check for ‘edit image’ feature to enable for chrome based edge (Version 79 >=).

OXUIB-144 Misleading error message on send if draft is not avaialble anymore

Second notification overwrote the first error message.Only show one proper error message to solve this issue.

OXUIB-142 Changing name in webmail not working

Current value of the From field not respected when checking for customized sender name.This has been fixed by only unsing fall back value if current value is empty.

OXUIB-131 Distribution list saves with invalid entry

Error message did not prevent saving, success message from saving overwrote the error message.Solution: Stop saving if there is an error so the user has a chance to notice the error message. This is not yet fixed for safari, will be fixed in upcomming public patch.

OXUIB-117 Loading mail draft breaks content

Sanitizer was only run for text/html type. The sanitizer strips the doctype part.This has been fixed by also using the sanitizer for multipart/alternative.

OXUIB-116 Deleting cookies on loginsite leads to timout on login

UI code did not check, if indexeddb is still present or in a closing state. Therefore, these error where not catched and the UI hung up.This has been fixed by catching error and continue without a indexeddb. This will not cache any files for the next page load but prevent the UI from stalling.

MWB-205 Possible re-distribution of remotely received cache events through aggregating into a local event

This has been solved by preventing remotely received being aggregated into another local event and thus re-distributed remotely again though immediate processing of remotely received events (with a separate thread).

MWB-161 Import of an ics file results in Error while reading/writing from/to the database

Event data was only stored partly when an unexpected error occurred during saving of supplementary data like alarms.This has been solved by importing each calendar object resource within separate transaction, extended alarm validity check.

MWB-149 Reply all on a mail from within unified inbox does not work

UnifiedInboxManagement OSGi service was not added to bundle’s needed/tracked services, which is required to check if an account is the special Unified Mail account.Solution: Orderly track UnifiedInboxManagement OSGi service to check if an account is the special Unified Mail account.

MWB-134 Email attachments from drive size checked not during “upload”

Drive document has been accounted to upload quota, but shouldn’t.This has been solved by do not throw upload quota exceeded error in case file attachment is a Drive document.

Patch Release 5652 (2020-03-25)

Shipped Components and Versions

Fixed Bugs

OXUIB-89 “Add to calendar” action for imip appointment invitation mails should not be shown

ToolbarView’s selection change did not trigger a redraw (strict: true).This has been fixed by just setting strict to false.

OXUIB-64 Can not remove root (system) folder from Favorites in Mail

Wrong module guessed from system folder (system does not have favorites).This has been solved by using module information from the actual folder view instead of the module information from the folder model. Only fall back to old behaviour if no information is available. This way it should always be possible to remove folders from the folder view directly.

OXUIB-136 Calendar Print View was missing a detail

Missing appointment list in day printing view.This has been fixed by adding list again (also includes location).

OXUIB-112 Throwing error while creating a filter rule with size > 2GB/2048MB/2097152KB

Wrong comparative operator was used.This has been fixed by adjusting the comparative operator.

MWB-69 Appointments exported from google and imported into Appsuite loose reminders

Error thrown Reply-To header can’t be parsed, actually the In-Reply-To header should be used.This has been solved by using the In-Reply-To header.

MWB-53 Spam and phishing errors

The problem is that SMTP server in question uses the reserved return code 552 “Exceeded storage allocation” incorrectly to advertise that message to send has been blocked due to spam/phishing detection. Unfortunately, there is no deterministic detection possible since the accompanying text for the 552 return code may be arbitrarily chosen. Only a heuristic can be used here.Check accompanying text for the 552 return code for occurrences of “virus” or “spam” to interpret message as being blocked e.g. due to triggering a filter such as a URL in the message being found in a domain black list.

MWB-143 Subscribe to address book is broken - Modal is placed off screen

In case less than 3 account types are available, the dialog was misplaced due to a broken selector.This has been solved by fixing selector for those cases.

MWB-130 File gets deleted when uploading new version and having autodelete_file_versions=true retentionDays=1 and maxVersions=1

Wrong version number for current version was assumed when auto-deleting file versions.This has been solved by passing proper current version number to auto-delete routine.

MWB-103 Recurring tasks can not be marked as done via EM Client

The caldav servlet doesn’t support operations on recurring tasks, but it also doesn’t filter recurring tasks out.This has been resolved by just filtering thoes recurring tasks.

68666 Connection refused nginx - appsuite

Websocket push using Socket.IO in combination with Grizzly TLS causes deadlocks in Grizzly selector threads.This has been solved by reducing lock scope in original implementation. Furthermore offer a whole different Socket.IO implementation that uses less locking overall.

68397 Tasks are reset iPhone

A NPE was triggered if start_time is not set(null).This has been fixed by using correct variable to determine UTC time difference.

68163 Letters with descenders (like p, g, y lowercase ) have bottom truncated

Firefox has some issues with visibility hidden and descenders.This has been fixed by adjusting css with padding and negative margins.

Patch Release 5622 (2020-03-05)

Shipped Components and Versions

Fixed Vulnerabilities

OXUIB-39 CVE-2020-8542

CVSS: 3.1

MWB-34 CVE-2020-8543

CVSS: 3.1

DOCS-1658 CVE-2020-8541

CVSS: 3.1

68681 CVE-2020-8542

CVSS: 2.2

68478 CVE-2020-8542

CVSS: 2.2

68454 CVE-2020-8544

CVSS: 5.0

68453 CVE-2019-18846

CVSS: 5.0

68441 CVE-2019-18846

CVSS: 5.0

Fixed Bugs

OXUIB-65 File size not checked upfront via drag and drop uploads

Drag and drop event handler was missing the quotacheck. Convert add local file function to a general helper function and also use it for drag and drop.This has been fixed by converting add local file function to a general helper function and also use it for drag and drop.

OXUIB-47 Parameter com.openexchange.mail.forwardUnquoted=true stopped working

Quoting has been done server side before mail compose rewrite and the mechanics were not transferred to the client side code.This has been solved by adding/removing quoting according to the setting in the UI.

OXUIB-27 Switch between conversation- and no conversation-view loses mail

During toggling between normal and thread view the collection gets reset but the complete flag stays on ‘true’. So no collection will be loaded as long there aren’t enough mails for pagination in the current folder that triggers the incompleteness.This has been solved by setting the complete flag to ‘false’ manually so that a reload will be triggered.

OXUIB-23 Timezone America/Sao Paulo is misconfigured

Timezone Lib needed update because of the change in dst handling in sao paolo. Seehttps://github.com/moment/moment-timezone/issues/805This has been solved by updating the moment-timezone Libary-File.

MWB-47 Task Sync via CalDAV not working properly between Apple products and OX

Sync-token property was not calculated correctly and a fallback to the folder’s last modification date was used, regardless of changes of the contents.This has been fixed by correctly determining sync-token for task collections.

68689 Script errors in IE and Firefox

Some model changes might trigger long running redraw actions, which block the browser and might even lead to “long running script”-warning.This has been solved by preventing browsers from redrawing the whole list where possible.

67883 OXUserCopyService.copyUser(): Unexpected problem occurred

Duplicate task leads to abortion of user copy operation.Solution: Do not hard fail on duplicate task, but handle it gracefully.

Patch Release 5571 (2020-02-12)

Shipped Components and Versions

Fixed Bugs

MWB-13 Some customers cannot sent emails with attachments - CacheLoader returned null for key

When using Google cache’s ´get(key, loader)´ method, the passed loader must not return null.Don’t return null in passed CacheLoader instance to solve this issue.

68803 OX drive dissappears

Actually undefined properties are cached at the “configuration” provider of the config cascade once they’ve been queried for the first time. This happens implicitly when the final scope is determined for a property that was picked up at another level of the config cascade. In case such properties are prefixed with “com.openexchange.capability.”, they’re also considered and evaluated to “false” when constructing the capability set for any other user, potentially overriding module permissions if they’ve been used in a discouraged way of using the permission identifier as capability property name.This has been fixed by ignoring undefined capability properties when building the capability set, added debug logging to reveal problematic configurations.

68762 Calendar can not be synced anymore to iPhone

A change exception where the series master event could no longer be looked caused a runtime exception when converting the data to an appointment as used by the legacy calendar API.Now do not fail if the recurrence identifier cannot be converted to the corresponding recurrence (date) position.

68744 Shared Calendar Abonnement Setting not kept for Google and Default Calender

Folder properties are protected, but the UI does not respect that.This has been solved by disabling the checkmark if the sync property is protected such that the user will not be able to sync google calendars for example.

68734 Subject Line Cyrillic encoding preview issue

Don’t attempt to re-encode subject string given by ENVELOPE fetch item to solve the cyrillic encoding issue.

68629 Appointment with the same start as end date/time cannot be viewed in month view

This has been fixed by adding missing handling for this special case.

68507 External Drive: Old name displays in Settings - Account for external drive after renaming in Drive

Accounts get’s refreshed now once a related folder get’s updated to solve this issue.

68444 Name of external account in mail compose

Name of external account name was not offered after adding a new external mailaccount.This has been solved by adding handling for an active mail compose window when a mail account get’s added/removed.

68397 Tasks are reset iPhone

iOS works with full day dates only. The different interpretation of full day dates for iOS and backend caused this issue.USM now reconstructs the time values of tasks known by the backend and translates the different interpretation. More improved Task handling will come with the next public patch.

68343 Emails are not sent as HTML and text

No support for contentType multipart/alternative with initial new compose api.This has been solved by adding support for it, Appsuite UI now send this as a parameter. The MW will then create a html/text part from the html part.

68163 Windows 10, firefox - mail - letters with descenders (like p, g, y lowercase ) have bottom truncated

Segoe UI Font baseline issue.This has been solved by changing line-height and margin value to fix this on windows.

67982 Not possible to switch to uppercase in OX Documents via mobile in Android

Virtual keyboard was restored to often.This has been fixed by checking for shift key to avoid restoring keyboard.

66315 Scrollbar lost in signature editor

Scrollbar on right side is gone in case editing text in signature editor.This has been solved by not applying overflow hidden for siganture editor.

66007 Wrong font is pre-selected when replying a mail

Default color is fixed with this bugfix. Other font issues will be handled in other bug fixes.

65398 No refresh of google accounts after adding new service

Was caused by missing cache update.This has been solved by always fetching up to date data.

Patch Release 5546 (2020-01-22)

Shipped Components and Versions

Fixed Bugs

68594 Appsuite dies with OOM

Too many messages loading into memory to perform in-application sorting.This has been solved by not loading all messages into memory but manage a sorted range instead.

68522 Mail settings not displayed when mailfilter package (API) not enabled

Missing capability check before sending requests to the API.This has been solved by adding “global” capability check in internal API module.

68516 Caldav Sync Problem - 500 CalDAVAccountRefreshQueueableOperation

URIs in href-elements within a PROPFIND request from a client may get decoded two times under certain circumstances, which might lead to a runtime exception whenever the original URI contains the percent sign ‘%’.Solution: Ensure to decode percent-encoded values only once.

68510 MAC contacts app does not allow to add new contacts to OX on Catalina

The contacts application in the latest macOS release introduced a bug where the current user’s privileges were derived from the virtual root, and not the actual contacts collection.This has been fixed by indicating privileges from default folder also for root collection for macOS client.

68435 Error occurs when moving mail from external account to default

Now a popup is displayed if maxlimit for the addresspicker is reached and “admin=false” parameter is respected if applying index range.

68424 AM1 & AM2 Sent Mail Listing Missing Recipients

Overlapping addresses were not correctly handled.This has been fixed by adjusting associated css.

68421 HTML and CSS problem in combination with media-queries

Every rule in the stylesheet was treated as a css rule.This has been solved by treating rules according to rule type.

68417 Email attachment thumbnail colors are changed

Chrome 77 and higher have a bug in the offscreenCanvas function causing a red-blue shift for all images resized with the canvas. This is the case for mail compose attachment previews and resized images.As long as the bug is not fixed we disable the offscreenCanvas which will make is slower on Chrome but prevent wrong colors.

68351 Google account after password change offers “Try again”

This has been adjusted and for error code OAUTH-0013 button “Try again” is replaced by “Edit accounts” that links to corresponding settings pane.

68318 Multiple external accounts added to App Suite the default sender does not switch in new email

Now the default sender is changed to the marked account.

68310 Vacation rule message is displayed in both available fields on Android

OX-vacation object does not support the EAS features “AppliesToInternal”, “AppliesToExternalKnown”, “AppliesToExternalUnknown”.This has been fixed by only transfering “AppliesToExternalUnknown” to server and only sending “AppliesToExternalKnown” and “AppliesToExternalUnknown” to client with same content.

68309 Unlimited vacation rule will always be changed to a 7 days rule on rule change

Client does not handle unlimited vacation, despite of the EAS protocol allows it.This has been solved by ignoring start and end dates from client if the server version has an unlimited vacation.

68306 Subject line of vacation rule removed after rule was edited on Android device

Subject of server variant was not treated.Now subject is copied from server variant into client variant and updated onto the server.

68304 Vacation rule created with Android does not have a rule name

No rule name was set.Now set rule name fix to “vacation notice”.

68285 Filter rules can have > 2GB if using GB/MB/KB

Unit was not considered when checking size.This has been solved by adjusting check accordingly.

68222 “yum update” on RHEL6 shows the following error: “warning: %post(open-xchange-oauth-7.10.2-17_17.1.noarch) scriptlet failed, exit status 1”

The exit status of the last command in a scriptlet determines its exit status and at the same time a return value of 1 from ox_scr_todo signals that there’s nothing left to do for a given SCR. For this bug ox_scr_todo was the last statement from the scriptlet and thus after the first update of open-xchange-oauth that contained SCR-316 there was nothing left to do at the end of the postinstall/update and rpm handled this like an error.This has been solved by switching from expressions and condititionals to if lists to get proper return value.

68150 Shift+Enter does not work with Firefox

Scroll behavior in enter key listener changed selection.This has been solved by checking shift key too and prevent execution in that case.

68145 Nested folder structure is created when external account is added

Deny support for folders carrying reserved name as full name.

68079 Displaying several thousand sieve rules takes more than 5 min with 100% CPU for browser

Sortable plugin from jquery-ui takes a lot of time to run.This has been fixed by replacing sortable with native drag and drop support.

67718 Vacation notice in UI available even if mail backend does not support this

Action command was not checked for drop down in mail toolbar.This has been solved by checking vacation action before rendering dropdown link.

66622 Confirmation mail of appointment ever in English and Coordinated Universal Time

For events where the (external) organizer is not attending, the timezone is not set explicitly and falls back to the system default.This has been solved by prefering event timezone in notification mails for external organizer that does not attend the meeting.

Patch Release 5509 (2019-12-11)

Shipped Components and Versions

Fixed Vulnerabilities

68258 CVE-2019-18846

CVSS: 5.0

68252 CVE-2019-18846

CVSS: 5.0

68136 CVE-2019-9853

CVSS: 7.7

67980 CVE-2019-18846

CVSS: 5.0

67931 CVE-2019-18846

CVSS: 5.0

67874 CVE-2019-18846

CVSS: 5.0

67871 CVE-2019-18846

CVSS: 6.5

Fixed Bugs

68346 IDN encoding incorrectly on send

Certain Hindi characters were dropped on Internet email address parsing.This has been solved by maintaining Hindi characters on Internet email address parsing.

68261 Follow up for appointments not possible on mobile

Was caused by missing backbone model.This has been solved by adding Backbone model.

68253 High CPU min. 3 Threads with >95% CPU in “WeakHashMap()”

DateFormatCache was not threadsafe.This has been fixed by using a synchronized map.

68243 With Android appointment color and participants not displayed correctly after organizer change

Organizer was replaced by creator and organizer was excluded from list of participants.List of participants contains now the organizer, organizer is not replaced by creator anymore.

68219 Appsuite Middleware not logging provisioning actions

Caused by changed logging behavior in v7.10.xThis has been solved by changing log level to INFO and include effective schema strategy in log message.

68181 Read emails are displayed in bold font independent of read/unread status on MacOS;On MacOS, the sender is always bold because it’s easier to read with many rows and MacOS and iOS users are well trained by this style anyhow. Bold doesn’t imply “unseen”. In this case, however, there was also a little CSS bug. The date stayed gray for unseen messages

that’s fixed. In addition, we set the sender now to extra-bold and dark black (#000) in order to have another visual decoration beyond the blue dot.

68139 Google Calendar Abo can not be renamed after custom color was set for it

This was caused by bugs in googles reconfiguration code.This has been fixed by adjusting google reconfiguration.

67286 Need for extended debug logging to trace registration/unregistration of permanent push listeners

Avoid loading context data when checking user validity.

66234 com.openexchange.usm.api.exceptions.OXCommunicationException: OX server returned error

A wrong check, in combination with a not updated sequence number led to the situation where a CalDAV client was re-creating change exceptions from the “detached” part of a previously split event series.Correctly check validity of recurrence identifiers, ensure to increment sequence number after series split.

Patch Release 5484 (2019-11-25)

Shipped Components and Versions

Fixed Bugs

68186 No scrolling in draft mail edit

Caused by missing ‘overflow:hidden’ rule.This has been fixed by adding ‘overflow:hidden’.

68177 Problem with add/remove members on OX groups

Members couldn’t be add to existing group.This has been fixed by using correct group when updating.

68097 HTML content will be returned un-sanitized

Unexpected null dereference when examining an HTML tag’s attribute value.Fixed possible null dereference when examining an HTML tag’s attribute value.

67994 SAML, OIDC : initService should add a JSESSIONID

Invoke javax.servlet.http.HttpServletRequest.getSession(boolean) in SAML and OIDC implementations to maintain route to the right Middleware node, which spawned the Open-Xchange session.

67991 Subscribe shared calendar Layout misplaced on mobile devices

Missing CSS rules for mobile devices.This has been solved by introducing some CSS rules for mobile devices (e.g. put checkbox in new line).

67887 OX calendar not showing appointments for some endusers

An error inside a single folder stopped UI from working.Solution: Only look for specific errors when stopping further processing of appointments. That will automatically trigger some error handling which will remove all failing folders.

67883 OXUserCopyService.copyUser(): Unexpected problem occurred

Duplicate task leads to abortion of user copy operation.Solution: Do not hard fail on duplicate task, but handle it gracefully.

67718 Vacation notice in UI available even if mail backend does not support this

Check if action ‘vacation’ exists was missing.This has been solved by calling mailfilter api to check for this vacation action before rendering the vacation notice button.

67650 Not able to add image to signature

This was caused by DOMPurify removes src=“blob:…”This has been solved by using data uri instead.

67641 High Memory Use in CentOS 7 with too many files open

Memory gets flooded with many regular untagged IMAP responses, which are actually of no use.This has been solved by adding mechanism to drop regular untagged IMAP responses on command execution to avoid flooding memory with unused IMAP responses.

67298 Visibility information not getting displayed correctly on mobile devices

Redundant online help information in popup.This has been solved by removing popup icon as information is also located in the online help.

67245 Forwarded mails from external clients without a displayname get NULL as name

Missing handling for empty display name (recipient) when quoting a message.This has been solved by adding handling for empty display name.

66771 Portal: Twitter does not work

Wrong “API” parameter was used.This has been fixed by adding correct API string to the request.

Patch Release 5473 (2019-11-11)

Shipped Components and Versions

Fixed Bugs

67425 Upper icon bar is missing

Feedback button pushed appsuite out of view when displayed on the left side.This has been fixed by changing css and moved feedback button up again.

66184 Quite a lot long running threads hanging in mail compose via sproxyd

When a concatenated input stream for the chunks of a document is not consumed entirely, and the reference to the next scality document was already initialized, resources were not released orderly.This has been fixed by ensuring to release underlying stream.

66088 Mail - Compose - Request read receipt flag checked by default

Expect at least a non-empt address string to solve this issue.

65958 Poor dutch translation

This has been solved by adjusting translation.

Patch Release 5461 (2019-10-28)

Shipped Components and Versions

Fixed Bugs

67650 Not able to add image to signature

This was caused by DOMPurify removes src=“blob:…”This has been solved by using data uri instead.

67542 com.openexchange.mail.remoteContentPerDefault not working

This is only not working for the context admin while being created with ‘createcontext’, not for users commonly. Was caused by accessing context properties while context is created.This has been fixed by falling back to server level configuration if context is not yet created.

67422 Certain mail freezes/crashes ui

Clientwise specified “max_size” parameter has not been applied to plain text.Now applying given “max_size” to plain text as well.

67418 Inline attachment problem with png file

Image transformation failed because Java image reader is unable to parse PNG image binary.This has been fixed by handling special javax.imageio.IIOException hinting to Java image reader failed to parse image binary. Return image non-transformed instead.

67397 Issue when MariaDB server is running with the –read-only option

Read connection used for table cleanup.This has been solved by using write connection for table cleanup.

67058 Appointment notification email not synced to mobile device

Mail was filtered out because it was interpreted as appointment invitation mail.Now mail is analyzed whether the appointment was created “on behalf” and then synced to client, but this works only for the main calendar of the “manager”.

Patch Release 5439 (2019-10-16)

Shipped Components and Versions

Fixed Vulnerabilities

67097 CVE-2019-16717

CVSS: 3.1

66594 CVE-2019-16717

CVSS: 2.2

66538 CVE-2019-16716

CVSS: 2.2

Fixed Bugs

67067 Message not getting displayed correctly

There is a check to test if a file actually holds data based on some heuristics. That check leads to false-positive for the inline image attachments of the affected E-Mail.Fixed check for possibly empty file data.

67047 Converting of ACE email-addresses with uppercase-chars not working

Accept upper-case ASCII characters as well for ACE->IDN conversion to solve this issue.

67042 No print option in preview of eml

This has been solved by enabling print preview for embedded mail.

67027 User cannot edit some of his own appointments after update to 7.10.2

Inconsistent data for organizer/principal in the legacy storage was converted to a representation of the organizer that assumed an external entity.This has been solved by ignoring principal if equal to organizer when reading from legacy storage, correct sent-by in organizer for already migrated events. Please mind that the update task to correct the wrong data in the storage is disabled by default in the hotfix, but can be enabled manually by setting the property “com.openexchange.calendar.enableCalendarEventCorrectOrganizerSentByTask” to “true” if needed.

67021 Saving draft emails merged

Address string was interpreted as a group name in case host is NIL when parsing an ENVELOPE address string.This has been fixed by aligning behavior of Open-Xchange Middleware according to common IMAP server one. Assume “missing-domain” as host part of an E-Mail address in case host is NIL when parsing an ENVELOPE address string.

67017 Sieve filter settings page lags/stops for a time when moving elements

Change listener called too frequent.Solution: debounce execution waiting for 30ms without further call.

67012 Invitation for all day appointments will be changed after Outlook user accepted the appointment and user accept changes

This was caused by a different used iTIP method.This has been fixed by adjusting used iTIP method.

67006 Renaming folder with initial asterisk results in lost folder

Was caused by wrong detection whether a move or a rename needs to be performed.Fixed check whether a move or a rename needs to be performed to solve this issue.

66933 Caldav doesn’t sync all appointments

For CalDAV collections with many contained resources where the initial synchronization result gets truncated before a specific point in time, consecutive DAV:sync-collection requests with this intermediate token would get answered with HTTP 403 Forbidden due to the token being assumed out of range.This has been fixed by encoding additional flags into generated sync-tokens to properly resume intermediate truncated responses.

66928 UI crashes when opening mail

Some jQuery functions got stuck and prevented further code execution.This has been fixed by using native functions.

66919 vCard import: BDAY ignored without YEAR

Unable to handle vCard v4 partian dates.Now handling PartialDate for Birthday and Anniversary to solve this issue.

66865 AS-7.8.4 and DC-7.10.2: No page preview icons in Presenter and Popout View

It is now possible to use the documentconverter version 7.10.2 with older appsuite-backends.

66483 Chrome: appointment is opened only after third click

Windows sends a mousemove event when only a mousedown event should be triggered resulting in the monthview to enter drag mode.This has been fixed by introducing a deadzone of 5px before dragging is enabled.

66393 Reset password for guest account fails

This wasn´t a bug, it was a wording problem.This has been solved by changing wording for the avatar dropdown of “Change Password” for guests. Was confusing with Guard Guest emails. Changed to “Add login password” or “Change login password”. Adjusted title and button of dialog.

66241 Attach as PDF to e-mail after making changes does not use the changed PDF

Same request parameters lead to same responses from the MW #getDocument Ajax handler. In case the request parameters don’t change after revisionless save, the response will be the unchanged one.This has been fixed by providing ‘revtag’ parameter when creating the attachment.

66088 Mail - Compose - Request read receipt flag checked by default

This has been solved by ensuring a valid address is passed to “Disposition-Notification-To” header and that only a valid E-Mail address is accepted for “disp_notification_to” in JSON field.

Patch Release 5420 (2019-09-30)

Shipped Components and Versions

Fixed Bugs

66768 Missing translation in error message for quota limit

Specify user’s locale when outputting detected limitation violations to show translated error messages.

66762 OX node apparently unable to close/remove threads

Stick to active short-term sessions when re-injecting a push listener to solve this issue.

66721 File not unlocking when opened with ms office

The “Lock-Token” header was not sent correctly to the client during the LOCK response, so that a consecutive UNLOCK request could not be performed successfully.This has been solved by using correct format for the “Lock-Token” response header.

66718 Reminder mail of appointment in English even another is selected

The JVM’s default locale was used when processing the template for appointment reminder mails.This has been fixed by using the receiving user’s locale when processing the template for appointment reminder mails.

66712 Mail can not be sent when using long subjects (about ~256 chars)

Data truncation while trying to store a quite long subject to database.Solution: Enlarged “subject” field in “compositionSpace” table from 256 to 512 character. Moreover, added user-friendly error messages in case such a data truncation occurs.

66451 Portal widget “my tasks” does not work anymore after 7.10.1 update

Avoid unnecessary “GROUP BY” clause in SQL SELECT statement to prevent errors with
strict ONLY_FULL_GROUP_BY mode.

66169 Not possible to connect HiDrive with Windows 10 and Edge

Runtime error in Edge when using popup.close() stopped code execution.This has been fixed by closing popup at the very end to limit any impact on the promise chain itself.

66064 Change Google selection UI appearance to conform with their branding guidelines

Adjusted appearance like described in ““Google” Text” in the branding guideline.

Patch Release 5397 (2019-09-11)

Shipped Components and Versions

Fixed Bugs

66595 etc/settings/guidedtours.properties got overwritten during update from 7.8.4 -> 7.10.0 -> 7.10.1

Mark guidedtours.properties as configfile now.

66556 floating windows for mail compose can not be closed

When opening a restorepoint, the id is incremented. But for objects from the jslobs, the object reference is still pointing to the object in the jslobs. Therefore, the id in the cache is also changed and the object with the old id cannot be found and deleted. Work on a copy of the object to prevent to overwrite the id in the jslobs object.

66553 Mail compose and emojis after zoom fails to render properly

TinyMCE cannot handle floating point numbers and therefore, size computation fails. Manually force tinymce to accept floating point pixels when necessary.

66552 unified mail: “mark all as read” inactive;Grant write permission to virtual composite folders of Unified Mail account

write permissions in terms of mail folder means user is allowed to set flags other than seen/unseen and “mark as deleted”.

66457 wrong importance value medium in mail header

Wrong value “Medium” used to signal normal importance. Set “Importance” MIME message header according to https://tools.ietf.org/html/rfc4021#page-32. (Values: High, normal, or low).

66451 portal widget “my tasks” does not work anymore after 7.10.1 update

Task query uses “GROUP BY” clause and conflicts with ONLY_FULL_GROUP_BY mode of the database. Avoid “GROUP BY” clause in SQL statement, but filter possible duplicate tasks in application.

65742 token login not working anymore after upgrade to 7.10.2

A mismatch between the derived and registered class definitions may lead to a serialization error when using the Hazelcast-backed token login container. Use defined order of field definitions during (de-)serialization of portable sessions.

Patch Release 5374 (2019-08-26)

Shipped Components and Versions

Fixed Bugs

66396 Move context to another filestore using movecontextfilestore is not updating new filestoreID

Trying to delete location/directory from source file storage failed. Due to that, context information has not been properly updated.Solved by fail-safe deletion of source location in file storage. Note: Filestore identifier of affected contexts need to be manually adjusted in database.

66354 Order mails not printed correctly

Custom mail css did not work correctly because of missing class.This has been fixed by adding the missing class.

66297 Wrong dutch translation for attachment view

This has been solved by adding comments when “View” should be used as a verb.

Patch Release 5359 (2019-08-12)

Shipped Components and Versions

Fixed Bugs

66306 Attaching an attachment in mail compose silently fails. WebUI error logs shows FLS-0024

A pending request blocked the window.This has been solved by correctly handling the error and unblock the window. Also added documentation for this.

66294 Lots of MySQLIntegrityConstraintViolationException: Duplicate entry for key ‘PRIMARY’ after upgrade

When the default internal calendar account gets auto-provisioned concurrently when first being accessed simultaneously, a database error may be raised under certain circumstances.This has been solved by re-checking pending auto-provisioning operations after conflicting insertions.

66258 Wrong tooltip in TinyMCE toolbar for emoticons

String was not translated correctly.Fixed typo to solve this issue.

66139 Android login page wrong button color

It was used screensize instead of “real” smartphone detection.This has been solved by switching to .smartphone class.

65815 Vacation notice, show advanced options

According to RFC 822 the local part needs to be quoted in some cases. Since this was only done in the mw the value could not be interpreted correctly.If the local part needs to be quoted this is now also considered in the Appsuite UI.

65812 Wrong translation: Vacation notice / Afwezigheidsmelding

Changed translation to solve this.

65776 Customer’s footer isn’t shown and too much empty space in the DEM

Table height:100% breaks mail detail view.This has been fixed by adding style to reset table height in mail detail view.

Patch Release 5310 (2019-07-15)

Shipped Components and Versions

Fixed Bugs

65821 Access to the Custom app is sometimes very slow

Threads piling up in push registration framework due to excessive locking in turn leading to unresponsiveness of the system.This has been solved by removing that lock by using higher level concurrency mechanisms and optimized to avoid unnecessary remote session look-up.

65682 Replies to appointments always in English on OUTLOOK and not in current language

If the organizer is no attendee (Outlook), the locale for the notification recipient was not set.This has been fixed by adding the acting users locale in this case.

65659 The output file for the webmail feedback comments module does not recognize Edge browser

Edge was recognized as IE with higher version.This has been fixed by improving the browser check.

65640 The output file for the webmail feedback labels the “Inbox” application as “Mail” , Instead of “Inbox””

It was not possible to map feedback app names to custom names.This has been improved by adding new extension point to process feedback data, now it can be added in customizations.

Patch Release 5291 (2019-07-01)

Shipped Components and Versions

Fixed Bugs

65826 Nginx auth broken

New base64 method does not accept url-base64-encoded strings.This has been solved by using previous method to decode base64 data, which seamlessly accepts both variants (plain base64 and URL base64).

65688 Mail forwarded to gmail receives delivery failure

Incorrect initialization of in-memory byte array when transferring nested message’s data to new message. The generated byte array contains a 0-byte remainder.Solution: Proper initialization of in-memory byte array, which prevents from 0-byte remainder.

65533 Attachment from external ics invite not present in Calendar meeting

CID URLs in iMIP were not encoded and decoded correctly, so that the referenced MIME part could not be looked up successfully.This has been solved by correcting encoding and decoding of “cid” URLs in invitation mails.

65410 Calendar items in shared / public calendar are always using the calendar color for other users but the owner

Appointment color was only considered if the user is the owner of an event such that the user can select the color for the whole public folder.Now the appointment colors are considered for organizers and organizers_on_behalf.

65304 IE11 compose window stays blank

Internet explorer lacks the function.name property and therefore tries to compute the function name out of source code. If the function has no name due to minified code, this regex will fail and therefore has no result.This has been solved by increasing robustness of code to work minified and not minified.

Release 7.10.2 (2019-05-16)

Shipped Components and Versions

Fixed Vulnerabilities

64703 CVE-2019-11522

CVSS: 5.4

64682 CVE-2019-11522

CVSS: 5.4

64680 CVE-2019-11521

CVSS: 6.5

63411 CVE-2019-9739

62465 CVE-2019-11806

CVSS: 3.3

61771 CVE-2019-7159

CVSS: 4.1

47790 CVE-2016-6849

CVSS: 7.1

Fixed Bugs

64811 Stopping synchronization due to an db error

Different checks for folder name equality may cause the INSERT statement to fail during folder creation under certain circumstances.This has been fixed by using lowercased binary collation when comparing names during folder creation.

64722 With categories, Drag and Drop from one tab to another doesn’t update unread count

This has been solved by fixing broken collection invalidation.

64674 Error while trying to copy users to different context

The copy task for events failed in case there is an event without an organizer.Adjusted the behavior to make copy possible for this scenario.

64670 Timestamp of file in drive does not get set via webDAV

The last-modified / timestamp handling for WebDAV documents in the middleware could not be used reliably by some clients to detect if a file contents was changed.This has been solved by considering sequence number during ETag generation / Map {DAV:}getlastmodified to the sequence number property / Write out “Last-Modified” HTTP header in GET/HEAD responses by default / Actively set “last-modified” during updates unless overridden by client / Added support for commonly used {DAV:}lastmodified to read/write an infostore document’s last modified property.

64482 Creation of subfolders throws “NO Public namespaces have no owner”

IMAP server advertises multiple public namespaces, but Open-Xchange Middleware only checks for one.This has been solved by paying respect to possibly multiple public namespaces when determining proper ACL identifier.

64467 Delete appointment in Portal doesn’t work

If model was not in pool, it was not requested by the API.Fixed boolean expression for filter.

64421 When creating a new task with reminder-time < local-time + (local-time - gmt-time) then immediately the notification is shown

Local timestamp was used in one check.This has been solved by using correct utc timestamp.

64407 Unable to retrieve updates for timezone, unexpected EOF at net.fortuna.ical4j.data.CalendarParserImpl

Ensure to follow redirects when retrieving updated timezone definitions to solve this.

64337 Broken address book layout

Race condition during app start. The app was initialized and resumed at the same time.Do not resume apps that are currently starting anyway to solve this issue.

64217 Customer unable to accept meeting invite sent from outlook with IMAP to OX mailbox

When an iMIP request is received whose organizer can be resolved to an internal user within the current context, he was treated as internal entity. As creating events such events is forbidden, an error was raised when reypling to such an event.This has been solved by not resolving organizer when importing event from iTIP message.

64146 Forwarded message cannot be opened

Duplicate re-parsing of the corrupt message avoid further processing.Re-parse a message only one time to prvent this error.

64119 Appointment can not be accepted on appointment change from external (insufficient permissions)

If an attendee removes himself from one occurrence of an externally organized event series, and a consecutive organizer update to the series is applied later on, a check preventing from reinstantiating previously deleted occurrences kicks in and a permission denied error is raised.This has been fixed by taking over delete exception dates from externally organized events as-is.

64086 Calendar-query request is returning several etags for the same uri

In certain CalDAV reports, calendar object resources consisting of multiple events were listed multiple times in responses.Only include a calendar object resource once in responses.

63965 SQLException: Duplicate entry for key ‘PRIMARY’ after upgrade to the latest version

Ensure no duplicate entries are left in “filestore2user” table when trying to change its PRIMARY KEY to prevent this issue.

63951 Save signature fails with ‘An error occurred: No known registration name for: …’

External images are erroneously considered during content id extraction.Now ignore external images to solve this..

63876 Moving appointment to another calendar sends an email to the event creator

Move only updates are not ignored within itip handling.This has been fixed by ignoring move only updates within itip handling.

63867 Import of .ics file wrong with daylight setting

Java’s date format parsing routine does not work when a partial timezone defintion is used.Retry parsing using a built-in timezone definition in case of parsing errors as a workaround.

63677 A lot of FETCHes from middleware kills dovecot backend

The contents of all message-mapped file attachments were queried that matches a client-given search expression.Solution: Try to map given sort criteria to an IMAP sort term to perform a filtered sort command. Extract the requested chunk (…&limit=10) from that sorted result set to only fetch the content of relevant messages.

63611 ics import fails from attachment

This was caused by a combination of invalid data and unnecessary email address parsing.Invalid data cannot be fixed by OX, but we disabled the check for mail addresses.

63482 Address picker displays incorrect items for “All folders”

During the closing process the Address Picker was not properly reseted.Now the folder selection is reseted during the closing of the address picker.

63477 About model shows old copyright date

The default copyright is now displayed correctly.

63470 Encoding wrong in plain text mails

All html entities below 255 do not require a semicolon. Therefore &quot &times &pound etc. are encoded.This has been fixed by encoding ampersand to prevent encoding of html entities.

63452 Sharing Links / What’s New Tour Errors

The menu entry for “What’s new” and “Guided Tour” wasn’t disabled for guest.

63443 Feedback Module: Text message is not aligned properly when the mouse is hovered on the rating/selecting rating icon in IE browser

Some misinterpretation of CSS from IE 11 caused this issue.This has been solved by adding a CSS fix only for IE11 to handle this issue.

63435 Vacation notice cannot be changed after migration to 7.10

This was caused by a vacation notice which makes use of the date range (current date test) and the zone option in this test is missing. This happens if the vacation notice was created with a older appsuite version. A missing zone option will now be compensated based on the current values.

63392 Recurring appointment can’t changed to “Never ends”

For initial values or changes of recurrence type, the other field does not need to be explicitedly set to null. In fact, the middleware throws an error if it is set.Solution: Only set these values to null if the recurrence type is set to never.

63387 Additional empty line on signature

This is just an improvement for signatures: Signature with empty content (only whitespace) will not be added anymore.

63386 Google calendar 410 gone

The root cause seems to be a bad token used for list query against the google api. Now a full sync as fallback is done in case of bad sync tokens.

63360 Joplin app not working with appsuite

Conditional headers have only been matched on resources with an entity tag present (i.e. not for collections that have no body).Solution: Also match conditional headers against resources without entity.

63357 Customer sees errors after restarting - attempting autologin or destroying session

Remote parameter names were not correctly initialized when fetching a session representation from Hazelcast IMDG.This has been solved by orderly initializing remote parameter names when fetching a session representation from Hazelcast IMDG.

63333 Periodic Cleaners triggers update tasks

Update process is triggered automatically when loading a context and context-associated DB schema has pending update tasks.Solution: Do not trigger update if context is disabled.

63331 Redirection if schemata is disabled

In case context-associated server does not match the server associated with target node a CTX-0012 error is thrown, which initiates automatic redirection to another node (as configured through “com.openexchange.server.migrationRedirectURL” property).Solution: Do not throw CTX-0012 error in case context is disabled to avoid automatic redirection to another node. Instead, outer logic recognizes tat context is disabled through authorization service.

63298 HTML mail throws console error

Broken encoding in style tag caused js error.This has been fixed by making sanitizer more robust so no error occurs.

63240 Cannot open newsletters with new google chrome 72

Links opened by blankshield are blocked due to security reasons.Solution: Open links with rel=“noopener” directly in chrome 72 and above. Note that this is just an intermediate fix and will be replaced as soon as the issue is fixed in blankshield.

63222 Not possible to switch appointment visibility from private to secret

Fixed wrong comparing on server side.

63216 Update task fails: UPD-0014 Duplicate key name action

UpdateTask was missing an index exists check.Solution: Added an index exists check.

63211 Expired Vacation notice shows up “active” within the popup of the settings area

In contrast to the main activation button the little toggle is considering the date range.The little toggle now only depends on the active state of the rule.

63184 Recipient disappears if double-clicked then click away

Bundling orginal tokenfield file (static) lead to loading it’s content twice and custom ‘prototype’ fixes in our tokenfiled.js was overwritten by the second load.Solution: Clean up bundle.

63135 Tasks not working correctly

The reminder was not parsed properly since a recent change.

63126 Draft mail opened after migration

Savepoints were created in old versions (7.8.3), that were not supposed to be created.Solution: Cleanup savepoints once in any higher version than 7.8.3

63027 Set given name to ‘*’ for user in same context returns an error

User input was translated to SQL wildcard.This has been solved by avoiding wildcard in special contact search.

62883 compatibility changes to make DC server available for DC clients, using prior API versions

By adding poppler-data content to the open-xchange-pdftool package and using the correct data path, approprioate unicode code points can be displayed when rendering PDF pages. The package license has been changed to GPL in order to be compliant.

62862 Guided tour compose window doesn’t display

The security attribute is always reapplied even if there is no previous object.This has been solved by making sure that at least an empty object as previous object exists.

62835 Edit Copy Button in Draft folder does not work as expected for externally linked accounts

The unified mail storage returned normal mail ids instead of unified ones for copy/move commands.Solution: Return proper unified mail ids.

62800 Documentation for Mail Authentication Configuration Incomplete

Updated the User Docu to have all needed informations.

62794 No drag and drop of pictures while composing a new mail

Dropping images to an iframe caused the browser to reload the whole view which might lead to data loss. Since no easy fix was found, we disabled drag and drop.Reenable drag and drop by attaching listeners inside the iframe which will prevent reload of the page with the dropped content on the one hand and on the other hand correctly uploads image based on the previous mechanisms.

62773 NullPointerException with checkcountconsistency

There was no check to determine whether the ‘contexts_per_dbschema’ table contained any schemata of a database object, before beginning with the insertion of the schemata tied to that database object.This has been fixed by performing a check to determine whether the ‘contexts_per_dbschema’ table contains any schemata of a database object before blindly beginning with the insertion.

62770 In IE11 opening multiple compose windows can make subject field uneditable

Web accessibility steals the focus on clicking into the subject field on Internet Explorer.Do not apply refocus on click because this should only happen with keyboard navigation to solve this issue.

62764 Settings - security - active clients shows “unknown application / unknown device” for Android Device using *DAV

Some *DAV-clients were not detected and used wrong fallback.This has been fixed by improving detection of *DAV-clients and set correct fallback by checking session’s origin.

62761 Moving an appointment from an invitation to a private calendar is not possible

UI was too restrictive regarding move action.This has been solved by enabling move action but grey out unsupported folders.

62755 Guided Tours for document apps called two times without any user interaction

Backend writes configuration for recently opened documents while the tour is running. This (wrongly) deletes the “shown” flag of the tour. After the tour has been finished, the “shown” flag will be saved again to the configuration.

62746 Changes in custom theme #2

Added a workaround for IE11 in the appcontrol.

62730 Wrong weekly view with appointments over several days

Only checked weekdays and not if it’s the same week.This has been solved by adding check if it overlapps into next week.

62704 Unable to click on Save button in Create new rule window with right click pasting

Pasting a value into an input field triggered no validation and may result in a disabled save button.

62666 Error message “Unable to save draft, due to exceeded quota.” even quota is not reached

The causing exception was hidden, which has been changed to find the root cause of this bug.

62608 Tasks changing start and due time for a tasks changes date

Always used UTC as the timezone to calculate the recurrence position of an task.This has been solved by using server default timezone instead.

62605 Contact Print Action ‘details’ option is displaying City and Postal code in the same line

Print used own format of address where it was not possible to internationalize the address.This has been fixed by using internationalization approach which is already used to display the address in the contacts detail pane.

62572 Outlook for android causes runaway mysqlbinlogs;Outlook-App uses EAS-protocol version 14.0: FilterType inside Option

does not use CertificateRetrieval within ResolveRecipients, but EAS expected it (is allowed in 12.1).This has been solved by improving parsing of ResolveRecipients (according to 12.1) and GetItemEstimate (according to 14.0).

62525 No Connection Available to Access Mailbox

Caused by trying to access IMAP via an unconnected socket due to a previous I/O error (socket closed unexpectedly by remote host/IMAP).Now a re-connect to IMAP server on unexpected socket closure is done.

62463 NPE on changing mapping default folders

In case the account details for the internal is hidden default values (null) were send to validate call.This is fixed by extending the list of properties that do not have to be verified by all folder-fullname properties

62453 Failed deletecontext leaves context in an inconsistent state

Invoke a “post deletion” call-back to reseller plug-in to let reseller information being cleared when context has been successfully removed, to solve this issue.

62452 Spelling issue for Dutch language

Two wrong translations were adjusted to fix this.

62393 Sieve validation with 2 pgp keys not possible

When the arguments of the action commands ‘enotify’, ‘vacation’ and ‘pgp_encrypt’ are extending over multiple lines and those action commands have more than one arguments, then only the first argument was considered while counting.Solution: Iterate over all arguments of the previous mentioned action commands.

62378 Document with japanese / korean / chinese characters is not displayed in Viewer due to missing font resources for PDF.js

Adobe external CMaps were not copied to the build folder and pdf.js was not configure to use them.This has been fixed by adding CMaps folder to the thirdparty copy script and configured pdf.js to use them.

62360 Disabling/enabling contexts in environments with hazelcast shards

Disablecontext throws exception if context was already disabled.Solution: Idempotent handling of disablecontext which means each call results in a db statement like “UPDATE context SET enabled = 0, reason_id = 42 WHERE cid = 1”.

62345 Html part of mail always shown

UI accidentally used ‘noimg’ or ‘trusted’ as value for api parameter ‘view’. In case ‘Allow html formatted emails’ is disabled the only valid value is ‘text’, this was adjusted to fix this issue.

62305 Vacation alias settings are broken and no autoresponder for all mail addresses

The “select all” button has no effect on the vacation notice model due to a wrong naming.This has been fixed by changing the attribute name accordingly so the model can be handled correctly.

62300 C&P from a mailaddress includes OX AppSuiteURL

This has been solved by changing the href property to ‘mailto:’ in the from widget (mail compose) an the participants widget (calendar, tasks) so only the mail address get’s pasted.

62294 Login rate limiter does not work com.openexchange.ajax.login.maxRate

Root cause: Long overflow during calculation of the rate limit window.Solution: Don’t always double the window on each consecutive login attempt.

62282 Max sessions exceeded while real usage is much lower

Config option “com.openexchange.servlet.maxInactiveInterval” is not orderly applied to spawned HTTP sessions and therefore they don’t get removed.This has been fixed by orderly setting timeout for HTTP sessions.

62281 Appointment time incorrectly displayed in Japanese

The Moment and moment-interval framework used inconsistent time formats in japanese. Update locales in moment-interval plugin to be consistent.

62263 Add mail account on mobile: buttons hide text field for input

Removes button ‘manual’ cause is it used as fallback in case autodiscover fails and should not be handled as a separate option for ux reasons.

62258 ics file can’t be impoted from attachment if mail was encrypted

Added support for importing encrypted ical files.

62243 Inconsistent sort order between address book and distribution list

Missing sortname for list members.Address picker issue has been fixed, Distributionlist issue is still there, because backendpart cannot be backported, this will be available with 7.10.2.

62240 Creating tasks while on a different time zone with a yearly or monthly repeat leads to wrong dates

Too generic approach in the recurrence view. All timezones with negative offset are affected. In detail, the timezone of a task (utc) wasn’t considered when creating the recurrence rule.This has been solved by considering different timezones when using calendar or task. StartDate of calendar knows its timezone whereas tasks are always in utc.

62237 Maileditor shows ‘0’ as size for drive attachments

Size calculation was not correctly taking external files into account.This has been fixed by changing the calculation to respect all sizes of the attached files including external files.

62222 Send / reply not possible for some users, blank page, loads forever

UI waits for timeout of the middleware which might take a lot of time.This has been solved by introducing a timeout for snippets which aborts the request after 15 seconds. Nevertheless, this is still a workaround since the actual issue is the slow/non-responding S3.

62218 Basic Accounts can still use Drive as a Standard App although it is disabled

Settings considered all apps which where rendered in the launcher and did no dedicated capability check.Filter for apps, which are disabled by capabilities but might be visible due to upsell to solve this issue.

62216 Task section > progress bar doesn’t work on Chrome, Opera and Safari

CSS background-size’s implicit height value ‘auto’.Solution: Use 100% as value for height.

62212 All day event uses multiple days when printed from monthly view

Not considered the special case for all-day events which were then printed the day before they started and the day after.This has been solved by filtering correctly for all-day appointments.

62205 Using poppler-data path when building/using PDFTool package and packaging of poppler-data within PDFTOOL package under GPL liense

Running the PDFTool, the internally used poppler library had no access to externally provided poppler-data character classes. By adding poppler-data content to the open-xchange-pdftool package and using the correct data path, approprioate unicode code points can be displayed when rendering PDF pages. The package license has been changed to GPL in order to be compliant.

62201 Unable to determine next update task

The defined dependency of the update task (com.openexchange.groupware.update.tasks.ContextAttributeConvertUtf8ToUtf8mb4Task) might be excluded and could not be solved.This has been fixed by setting dependency to com.openexchange.groupware.update.tasks.CreateIndexOnContextAttributesTask.

62178 Translation issue for “autoforward” in Filter Rules

The rule title was missing the translation capability.This has been solved by adding the translation capability.

62163 Italian translation issue in Calendar search

Adjusted translation for place.

62160 adding configurable autoCleanup implementation for stateful resources, allocated in #beginConvert

There persistent and runtime memory leaks in some kind of user environment, related to stateful requests, for which the final endConvert call is not performed. A new mechanism has been added to the DC server code base in order to be able to automatically finalize stateful beginConvert/getPage/../endConvert call sequences in cases, the final endConvert is not called at all (e.g. routed to the wrong DC server node. a broken HTTP connection, …

62106 Ical import fails with 503 error

Out Of Memory when importing large iCal files.This has been solved by reducing the used heap space. Detailed informations about the import limit “com.openexchange.imort.ical.limit” are available here:See https://documentation.open-xchange.com/components/middleware/config/7.10.1/index.html#mode=features&feature=Import/Export.

62076 Replies to Guard emails broken

When replying to an encrypted email, the compose dialog shows the ENCRYPTED mail rather than the proper decrypted content. This also breaks the Guest replies. This is limited to Customer that have the feature setting io.ox/mail//features/fixContentType=true.Now it is possible to reply to Guard emails also io.ox/mail//features/fixContentType is “true”.

62034 Appointment series ends one day to early

UNTIL in the recurrence rule has been interpreted as a date value by the UI, whereas it should be a datetime value.The UNTIL part of the recurrence rule now contain as a datetime value. Therefore, the zulu timestamp in UNTIL is now after the startdate of the last occurrence.

61998 Not able to change access control in emClient

The OX permission model requires the “DAV:read-acl” and “DAV:read-current-user-privilege-set” privileges to be granted in each ACE. When attempting to set an ACE without those privileges, a “DAV:not-supported-privilege” error is raised.This has been solved by automatically assume “DAV:read-acl” and “DAV:read-current-user-privilege-set” if missing instead of throwing an error.

61989 Imported contacts are not shown in contact picker

Tis was casued by using of cached data.This has been solved by clearing cache on import.

61893 Guard Guest Accounts gives Timeout or Mails are not shown

This was caused by a timeout because guest sessions were not synced between servers.Now guest sessions are synced between hazelcast server.

61887 Relative dates (today, yesterday) in search facet are only evaluated once

Cache generated smart date catalogue only for current day.

61884 Date search results displaying results of a search DAY and DAY+1

Parsed date wrong for IMAP results.Now just one date is used for results. This is just a partial fix. A full solution would be to request a longer timeframe and to do the slicing manually. But this rather requires a larger change to the search module and can not be handled inside a patch.

61859 CardDAV: weird / unexpected behaviour when entering / syncing CardDAV addresses

The EMAIL mapping for vCards ignored a third email address in case there are others explicitly marked as HOME or WORK.This has been fixed by using first non work/home/other address as fallback if no distinguishing e-mail type found.

61823 Drive shows main folder content instead of content from selected folder

Wrong root folder selected after removing a folder.This has been solved by removing superfluous event trigger and fixed regular expression.

61799 Sending email to participants with only second email not possible

It was not possible to send an email to an appointment participant if he had only a secondary emails address entered inside the address book.This has been fixed by using provided data instead of fetching everything.

61784 Using OX with Dovecot XOAUTH / OAUTHBEARER seems to be broken

Proper check if mail account can be connected to with respect to possible OAuth authentication type has been added.

61777 Out of office information in Mail module not wrapped

The three dots shown at the end of the shortened message were hidden by the close icon.This has been solved by adjusting the padding to prevent the overlapping.

61756 Calendar: Sunday day name in year view not in red color

Index overflow (day 8 instead of 1) let to a non-red marked Sunday.Now using correct modulo to display the Sunday in red.

61726 Properties in Tasks-Burger-Menu is missing

Properties menu was disabled for tasks and extension points where not working with tasks.This has been solved by reenabling properties menu and adjusted extension points to support tasks again.

61660 Add a google calendar for com.openexchange.oauth.modules.enabled.google=calendar not working

The reason for this is that the default implementation of the google calendar is a read only provider and therefore requires an activated calendar_ro module. You can find the info here: https://documentation.open-xchange.com/7.10.1/middleware/components/calendar/implementation_details.html#google-calendar. Even though it is stated that the ‘calendar_ro’ module is required, it isn’t clear that the ‘calendar’ module is not applicable here. Therefore improved the documentation on this part.

61645 No weekdays name are shown when printing Calendar

When a language with a different start of the week than sunday was selected, the loop to generate the days was not generic enough.This has been fixed by creating week-days more generic depending on the start of the week.

61525 Small glitch in mail counter for unread messages

Detail view set mail to read although the selection did not change.After manually setting to unread keep unread state until selection changes to solve this issue.

61427 Wrong hint in the Settings page for reload or relogin

Adjusted reload/relogin hint and added translations.

61412 Expires on check box is not getting edited when user tries editing for an existing calendar folder

When a second modal dialog is opened, the focusin-listener of the second dialog is registered before the listener of the previous dialog is removed. Since the keepFocus function is bound to the prototype of the dialog, the unregistration removes the listeners for all instances. Therefore, the keepfocus function is not correctly registered and will not keep the dropdown open when the dialog loses focus. That leads to the problem, that no click events are triggered on the elements of the dropdown and thereforce, no model updates are triggered.This has been solved by adjusting focusin events, so they are also correctly registered for the second (or third or fourth) modal dialog. Therefore, bind keepFocus to the current this value and make it unique.

61388 Signatures not above quoted text

If in ‘Settings -> Mail -> Signatures’ the option “Add signature above quoted text” is selected, the signature in forwarded mail is not above, it’s placed at the bottom of mail.Solution: Added “com.openexchange.mail.forwardUnquoted” setting to JSlob under path
“io.ox/mail//forwardunquoted” and use different ‘selector’ in forwarding context when mail are forwarded unquoted.

61167 Mail folder could not be found: confirmed-spam

Spam/ham information advertised mail account data even though no spam handler was available or concrete spam handler tells to not create such folders.This has been fixed by suppressing spam/ham information in mail account data if spam is disabled or no such folders are supposed to be created according to spam handler specification.

61017 Messages in Create new rule window for filter is not intuitive

Editing the size condition is not intuitive since there is no hint how to handle different units.This has been solved by adding the possible units next to the comparison dropdown.

60826 Sharing is not fully capable to deal with “segmented updates”

The LOCATED_IN_ANOTHER_SERVER exception was not properly handled in the ShareServlet. This has been fixed by handling the exception properly, i.e. redirect the client to the appropriate node. Introduced a new migrationRedirectURL property for the servlet to use in order to send a redirect to the correct node.

59957 Mail selected after login, might not be visible to user

Selected mail not scrolled into view.Now scroll selected mail into view to have this mail displayed.

55916 After creating an event in korganizer, the cal-dav agent crash

We adjusted this now to properly respond with the CALDAV:no-uid-conflict precondition, see https://tools.ietf.org/html/rfc4791#section-5.3.2.1 for details. With these changes the client at least no longer crashed in our tests. However, creating different calendar object resources with the same UID value is still not allowed.

55298 Maximum configured sized needs to be fixed for Japanese Error message

Response format was strangely encoded HTML.This has been solved by forcing response format to be correct HTML with JSON data.