Last Update: 2020-11-09
Wrong timezone was selected when parsing date input.This has been solved by using default timezone when parsing the date input.
When spam folder is empty and you move a mail to it (via “mark as spam”) folder count was still 0.This has been solved by adding a refresh of the folder.
Utc timezone was used instead of local time.This has been fixed by using local time when no timezone is given.
Primary address was unnecessary checked.Don’t require primary address when checking mail account connectivity to solve this issue.
Missing SENDER field and no option to use a separate no-reply account for imip mails.This has been fixed by adding new configuration parameter to use no-reply account for imip mails and added session user as SENDER to mail headers.
Check for duplicate account associated with same provider’s user identifier fails due to previously performed PW change (w/o restoration) because user-sensitive data can no more be decrypted.This has been solved by loading OAuth account meta-data w/o secrets (token & secret) when checking for existence.
Very big HTML content does not fit into a single packet transferred from Middleware to database due to ‘max_allowed_packet’ setting.This has been solved by paying respect to ‘max_allowed_packet’ setting and introduced disk-based volatile file cache for storing big message contents that do not fit into database (or into transport packet).
Using multifactor authentication has broken the usage of USM/EAS, because USM/EAS does not support it. The error message does not contain enough details to recognize this problem.To recognize this issue we improved error details by adding the json result of the usm-json communication to the error message in case of OXCommunicationException or AuthenticationFailedException.
Orphaned change exceptions w/o corresponding series master event cause errors when being edited or deleted. Dialog was shown before UI checked if a series master existedThis has been fixed by checking if series master exists before showing the dialog.
Feed sometimes wrongly uses numeric character reference instead of char.This has been solved by adding a rule to replace those occurrences with simple quotes.
Quota usage was retrieved after the guest accounts were already created in the database, leading to the wrong number of “current” usage.This has been solved by retrieving actual amount quota before provisioning guest accounts.
Configured character-set encoding not honored by IMAP “LOGIN” command.This has been fixed by using proper character-set encoding for IMAP “LOGIN” command.
Address to notify not checked if covered by user’s aliases. if so, not notification should be sent.Do not advertise “disp_notification_to” field in a mail’s JSON representation if address to notify is covered by user’s aliases to solve this issue.
Requests with session-id/cookie mismatch led to cookies being overridden. In case of two browser tabs resulting from subsequent login attempts, both sessions would cross-invalidate themselves.This has been solved by only dropping session (and cookies) in case session could not be accessed due to an IP check error (request’s IP address differs from the one stored in session and IP check is enabled).
Back when the sorting order was changed to descending one case was not adjusted.This has been fixed by using desc sorting order when not using imap search.
When we receive a jms message we check if all header keys are valid. If it is not the case we will stop processing the message.This has been solved by changing the behavior in case there is an invalid header in the jms message. This event is locked, but processing of this message is not stopped.
Some error messages have been ignored by start script and pid file has not been removed.This has been adjusted to be more verbose on errors, and killing the pid-file.
Was caused by custom print rule of individual mail applies.This has been fixed by overwriting css page property.
The dropdown overlaped the viewport.Now, when overlap is detected make dropdown scrollable.
In some cases not the “total” value of a folder was used for display but a calculation. If the setting “com.openexchange.showAdmin” is set to false the displayed value differs from the actual number.If the folder supports the “total” value this value will be used now. If the setting “com.openexchange.showAdmin” is set to false, the displayed value is calculated accordingly.
Request always added DISPLAY type alarms even if not supported.This has been solved by adding DISPLAY if supported otherwise using first supported type in the provided array.
Was caused by post-processing after calendar import is triggered per event group.This has been solved by importing post-process results in single task, enqueue long running import jobs.
Default delimiter was used.This has been fixed by removing delimiter to “none” for search/find.
CSS rule for overflow was overruled.This has been solved by improving selector so overflow rule is active again.
Case-sensitive check if provided E-Mail addresses are contained in set of user aliases.This has been solved by ignore-case checking if provided E-Mail addresses are contained in set of user aliases.
To less logging to track down validation failures and abortion of overall batch import/insert operation in case a single event cannot be added.This has been solved by enhancing logging for those events that cannot inserted due to validation failure and make the destination calendar storage used by the user-copy operation “resilient”.
Exchange uses non-standard timezones in it’s ical. We did not adjust these timezones when subscribing to an ical feed.This has been solved by also adjusting Exchange timezones to olson timezones when subscribing to an ical feed.
The recurrence rule is invalid. It has a full-time (floating) start date but a Zulu Time Until value.This has been fixed by using the same recurrence rule adjustment as for the import path.
Inconsistent composition space state referencing to non-existing resources in (S3) file storage.This has been fixed by orderly advertising error code “MSGCS-0006” (NO_SUCH_ATTACHMENT_RESOURCE) if read attempt from storage yields “FLS-0017” (FILE_NOT_FOUND) error and drop the non-existent attachment from parental composition space.
This has been fixed by considering credentials optional in case authentication is disabled.
Was caused by missing check for zoom support.This has been solved by adding check for zoom support.
Connection was not reused and Keep-Alive not set.This has been solved by enabeling connection keepAlive and setting a ConnectionReuseStrategy so that connection keep alive duration will be considered and a “Keep-Alive” will be set in the request.
Some images doesn’t contain a timezone in addition to the capture date. In those cases the library which extracts the capture date uses the GMT timezone as a fallback in case the timezone information is missing in the exif data.This has been solved by using the user’s timezone as a fallback for the capture date instead. Please be aware that this is still not a perfect solution for this problem. For example it depends on the timezone configuration of the appsuite when the image has been uploaded. So for example in case the timezone between the camera and the appsuite is different this leads to similar problems. Or in case the timezone of the appsuite is changed then images uploaded before and after the change have a different offset. Also this fix only applies to newly uploaded files. Existing files are still going to show the capture date based on the previous calculation which used the GMT timezone.
Action was checking device guest, which doesn’t work obviously.This has been fixed by adjusting check so it checks for capability guest.
Missing handling when a date in the list collection changes.This has been solved by listening for startDate changes and change labels accordingly.
Possible endless loop when the task iterator is initialized from an already interrupted thread.This has been solved by abort waiting for pre-reader if the current thread was already interrupted.
Excessively long-running operation to look-up a subsequence/pattern in HTML content.This has been solved by adding conditions for early abort and ultimately shield from too excessive matcher execution.
Only a user’s own “collected addresses” folder was considered for translation.This has been solved by dynamically translating special collected addresses folders from requesting user’s point of view.
“pref” parameter is used by the server to differentiate between multiple numbers of the same type, while the client only recognized one “pref”, as general preference.This has been fixed by only adding “pref” parameter when exporting TEL properties if required. Note that this is only a mitigation, e.g. when there are multiple “cell” or “home” numbers, the “pref” parameter will still be set.
The disable check for the ‘create folder’ button was not working correctly, therefore it displayed the enabled button for cases where it’s not possible. When creating a folder in these not working cases, the error occurred.This has been fixed by adjusting the enable/disable state of the ‘create folder’ button. Therefore, the button is not clickable in wrong cases, the error can’t happen anymore.
In Customer integrated Drive the fileId is unique for each user so we are not able to detect that two users edit the same document.This has been solved by extracting the part of the Id which is only unique for the file.
A recent change altered the tinymce editor content was changed from raw to html, which led to stlying issues.This has been solved by using html format when saving signatures but keep raw format for compose actions.
Text was set to 100%. Translation part: “Speicherplatz” was changed to “Kontingent” to cover both Email storage and number of Emails. But as we talk about storage here, I changed it back (also in other cases).This has been solved by using actual numbers instead of 100%. Translation part: Changed “Kontingent” to “Speicherplatz”.
Folder api tried to request virtual folders via path request.This has been solved by adding an early check to prevent the error. Also fix code that expected the error. Note: This is mostly a cosmetic fix so there is no error in the logs. The UI switches back to the default folder in case an invalid folder was requested and a user can work normaly again.
Coding error when attempting to delete from files storage on user/context deletion.This has been solved by avoiding java.lang.ArrayStoreException by passing proper argument when attempting to delete from files storage on user/context deletion.
This was caused by inaccessible contacts. E.g. some contact which was once shared but the permissions has been revoked in the meantime.This has been solved by dropping alarms and also alarm triggers silently for the birthday calendar in case the uderlying contact is missing or is inaccessible.
Internal notification mails are only sent to user attendees.This has been solved by sending notifications mails to resource attendees by default, configurable through com.openexchange.calendar.notifyResourceAttendees.
Slightly different attachment check for get and all requests. In case the content-disposition header is missing the get request in contrast to the all request considers the name attribute of the content-type header to identify attachments.This has been solved by considering the name attribute during all requests as well.
Update task accidentally removed when updating update task framework, although it was used as dependency for other tasks.This has been fixed by restoring removed update task.
User timezone not considered when formatting event start date for subject.This has been fixed by considering user timezone when formatting event start date in subject of alarm mail.
ToolbarView’s selection change did not trigger a redraw (strict: true).This has been fixed by just setting strict to false.
Missing frontend counterpart of backend feature.This has been solved by adding 610 as unsupported sort option with fallback 661.
This was caused by missing context.This was solved by changing to suggested message.
Basic detection of Edge was added a while back, but noopener feature has not been adjusted.This has been solved by reporting noopener support for Edge based on Chromium in internal functions.
Non-chromium-based browser was applied for chromium-based browser.This has been fixed by differentiating detected edge browser by version number (79+ represents chrome-based).
Appsuite UI side limit that request user details only for at most 1000 members, this limit only affects the settings pane “Groups”.This has been fixed by introducing customizable setting and now also inform user when limit was hit.
Missing property that identifies open read receipts for seen messages.This has been solved by providing property for seen messages also now (unless read receipt was send). Additionally flag 512 can be used to identify a already send read receipt.
Editor content was not part of new/update requests when oximage tinymce plugin wasn’t loaded.This has been solved by ensuring editor content is used.
During toggling between normal and thread view the collection gets reset but the complete flag stays on ‘true’. So no collection will be loaded as long there aren’t enough mails for pagination in the current folder that triggers the incompleteness.This has been solved by setting the complete flag to ‘false’ manually so that a reload will be triggered.
When ‘search’ collection get’s expired via expire() the ‘expire’ property got reverted immediately.This has been solved by manipulating ‘expired’ property directly.
There is a little time gap between the POST /compose/:id/attachment to state to have a progress of 100% and the fact, that the upload call resolves. This is the time, the server needs to finally store the attachment somewhere. If the mail is send in exactly this gap, a race condition between sending and attaching the image to the mail might occur.Wait until the attachment-upload has been resolved before the mail send process can be started is solving this issue.
Wrong comparative operator was used.This has been fixed by adjusting the comparative operator.
Detected & applied wrong start time range to scheduler of GDPR data export tasks.Detect & apply correct start time range to scheduler of GDPR data export tasks to solve this issue.
Calendarserver-subscribed is always announced to CalDAV clients.This has been solved by only announcing the ical subscription capability for CalDAV client with “calendarserver-subscribed” when the fitting property, “com.openexchange.calendar.ical.enabled”, is enabled AND the corresponding services are available.
Custom MAL implementation does not orderly mark the standard folders.Now manually check for possible standard sent folder in case marker is absent for com.openexchange.mail.dataobjects.MailFolder instance to solve this issue.
Mail content was read for detection of non-inline parts, which are supposed to be passed to document-converter service (that might be absent).Don’ t trigger document preview if associated capability is absent and avoid reading mail text for detection of non-inline MIME parts. Note: In case Document-Converter is deployed on customer’s installation, accessing MIME message’s file attachments is done by intention.
Error thrown Reply-To header can’t be parsed, actually the In-Reply-To header should be used.This has been solved by using the In-Reply-To header.
The problem is that SMTP server in question uses the reserved return code 552 “Exceeded storage allocation” incorrectly to advertise that message to send has been blocked due to spam/phishing detection. Unfortunately, there is no deterministic detection possible since the accompanying text for the 552 return code may be arbitrarily chosen. Only a heuristic can be used here.Check accompanying text for the 552 return code for occurrences of “virus” or “spam” to interpret message as being blocked e.g. due to triggering a filter such as a URL in the message being found in a domain black list.
Null connection returned to the DatabaseService.Don’t return null connection to the DatabaseService to solve this issue.
Unused API parameter prevented non-storing of attachments. When used, send/save lead to errors and were not possible at all.This has been solved by removing API parameter streamThrough and locally spool uploaded attachments before passing them on to save a draft or send an email.
Missing according DatabaseAccessProvider at runtime.This has been fixed by adding missing DatabaseAccessProvider for mail compose that is needed in case an Sproxyd file storage is used.This fixed is based on revision 16 and is not part of any revision between revision 16 and 18. With next public patch in two weeks and revision 19+ all fixes between revision 16 and 18 will be included.
Open-xchange-session cookie was not set on successful /login?action=tokens response even though it should.This has been solved by writing session cookie on token login.
Used wrong default value.This has been solved by using correct default value.
Action command parser was missing.This has been solved by adding action command parser for set action.
No unique information for the TOTP account.Added the user’s login to the TOTP account.
A missing value within the legacy series pattern causes an unhandled exception when trying to convert it into a recurrence rule.Fall back to “first” week when converting monthly_2/yearly_2 patterns if not specified.
Missing upgrade package for hazelcast enterprise.This has been fixed by adding a hazelcast enterprise upgrade package: open-xchange-cluster-enterprise-upgrade-from-7102.
Session cookie has not been written to HTTP response.This has been fixed by writing missing session cookie on login.
Event data was only stored partly when an unexpected error occurred during saving of supplementary data like alarms.This has been solved by importing each calendar object resource within separate transaction, extended alarm validity check.
UnifiedInboxManagement OSGi service was not added to bundle’s needed/tracked services, which is required to check if an account is the special Unified Mail account.Solution: Orderly track
UnifiedInboxManagement OSGi service to check if an account is the special Unified Mail account.
Drive document has been accounted to upload quota, but shouldn’t.This has been solved by do not throw upload quota exceeded error in case file attachment is a Drive document.
Wrong version number for current version was assumed when auto-deleting file versions.This has been solved by passing proper current version number to auto-delete routine.
When using Google cache’s ´get(key, loader)´ method, the passed loader must not return null.Don’t return null in passed CacheLoader instance to solve this issue.
UnifiedInboxManagement OSGi service was not added to bundle’s needed/tracked services, which is required to check if an account is the special Unified Mail account.Now orderly track
UnifiedInboxManagement OSGi service to check if an account is the special Unified Mail account.
If “UTF8=ACCEPT” is advertised through IMAP server’s capabilities, there is no need to encode(decode the mailbox name (according to RFC 2060, section 5.1.3. “Mailbox International Naming Convention”).This has been fixed by avoiding decoding/encoding of the mailbox name in case “UTF8=ACCEPT” is advertised through IMAP server’s capabilities.
The caldav servlet doesn’t support operations on recurring tasks, but it also doesn’t filter recurring tasks out.This has been resolved by just filtering thoes recurring tasks.
Actually undefined properties are cached at the “configuration” provider of the config cascade once they’ve been queried for the first time. This happens implicitly when the final scope is determined for a property that was picked up at another level of the config cascade. In case such properties are prefixed with “com.openexchange.capability.”, they’re also considered and evaluated to “false” when constructing the capability set for any other user, potentially overriding module permissions if they’ve been used in a discouraged way of using the permission identifier as capability property name.This has been fixed by ignoring undefined capability properties when building the capability set, added debug logging to reveal problematic configurations.
USM can not send an error message, the communication is restricted to the http return code for a failed login.Increased logging: Increase the level for those kind of log messages from DEBUG to INFO.
A change exception where the series master event could no longer be looked caused a runtime exception when converting the data to an appointment as used by the legacy calendar API.Now do not fail if the recurrence identifier cannot be converted to the corresponding recurrence (date) position.
Folder properties are protected, but the UI does not respect that.This has been solved by disabling the checkmark if the sync property is protected such that the user will not be able to sync google calendars for example.
Don’t attempt to re-encode subject string given by ENVELOPE fetch item to solve the cyrillic encoding issue.
Some model changes might trigger long running redraw actions, which block the browser and might even lead to “long running script”-warning.This has been solved by preventing browsers from redrawing the whole list where possible.
Adjust to latest API behaviour when removing folders associated to accounts.
Websocket push using Socket.IO in combination with Grizzly TLS causes deadlocks in Grizzly selector threads.This has been solved by reducing lock scope in original implementation. Furthermore offer a whole different Socket.IO implementation that uses less locking overall.
This has been fixed by adding missing handling for this special case.
Code expected RSA key, failed with DSA. The fix removes specified cast, uses existing public key algorithm
When serving the ‘all’ request, a potential exception is raised when recurrences are processed.Solution: Additional exception handling when processing loaded event data, increased logging capabilities.
Missing config switch in settings-list.Added missing config key to documentation.open-xchange.com
Issue was caused by race condition (multiple almost simultaneous removeRestorePoint calls)
Dependent on MAL implementation, an absent subject is returned as null, which confuses App Suite UI.Solution: Advertise a missing subject as an empty string within output layer.
Missing capability check before sending requests to the API.This has been solved by adding “global” capability check in internal API module.
URIs in href-elements within a PROPFIND request from a client may get decoded two times under certain circumstances, which might lead to a runtime exception whenever the original URI contains the percent sign ‘%’.Solution: Ensure to decode percent-encoded values only once.
The contacts application in the latest macOS release introduced a bug where the current user’s privileges were derived from the virtual root, and not the actual contacts collection.This has been fixed by indicating privileges from default folder also for root collection for macOS client.
Accounts get’s refreshed now once a related folder get’s updated to solve this issue.
Now a popup is displayed if maxlimit for the addresspicker is reached and “admin=false” parameter is respected if applying index range.
Name of external account name was not offered after adding a new external mailaccount.This has been solved by adding handling for an active mail compose window when a mail account get’s added/removed.
Mix-up of folder to account association when composing JSON response.This has been fixed by accessing folder in proper account.
Overlapping addresses were not correctly handled.This has been fixed by adjusting associated css.
Every rule in the stylesheet was treated as a css rule.This has been solved by treating rules according to rule type.
A NPE was triggered if start_time is not set(null).This has been fixed by using correct variable to determine UTC time difference.
This has been adjusted and for error code OAUTH-0013 button “Try again” is replaced by “Edit accounts” that links to corresponding settings pane.
No support for contentType multipart/alternative with initial new compose api.This has been solved by adding support for it, Appsuite UI now send this as a parameter. The MW will then create a html/text part from the html part.
Unit was not considered when checking size.This has been solved by adjusting check accordingly.
Selection is modified to get correct scrollbehavior but not restored correctly afterwards.This has been fixed by restoring selection correctly.
Firefox has some issues with visibility hidden and descenders.This has been fixed by adjusting css with padding and negative margins.
Scroll behavior in enter key listener changed selection.This has been solved by checking shift key too and prevent execution in that case.
Some dead links and obsolete infos.This has been solved by cleaning up start page and removed obsolete information.
Existing mechanism to periodically perform a clean-up task for expired composition spaces might not trigger actual clean-up often enough.This has been solved by choosing another mechanism to periodically perform a clean-up task for expired composition spaces.
Duplicate task leads to abortion of user copy operation.Solution: Do not hard fail on duplicate task, but handle it gracefully.
Action command was not checked for drop down in mail toolbar.This has been solved by checking vacation action before rendering dropdown link.
The “!important” CSS style value was dropped.This has been solved by keeping the “!important” CSS style value is dropped.
Was caused by hard coded limit for future appointments of 3 years.This has been fixed by making this limit configurable in eas.properties: com.openexchange.usm.eas.appointments.future.time_limit
Was caused by separate handling for savepoints on smartphones and other devices.This has been solved by extending initial fix to also cover smartphones.
Wrong “API” parameter was used.This has been fixed by adding correct API string to the request.
For events where the (external) organizer is not attending, the timezone is not set explicitly and falls back to the system default.This has been solved by prefering event timezone in notification mails for external organizer that does not attend the meeting.