Aggregated bug-fixes for 7.10.4

Last Update: 2021-02-10

Patch Release 5945 (2021-02-09)

Shipped Components and Versions

Fixed Vulnerabilities

OXUIB-645 CVE-2021-26698

CVSS:3.1

MWB-839 CVE-2021-26698

CVSS:3.1

MWB-838 CVE-2021-26698

CVSS:3.1

DOCS-3139 CVE-2021-26699

CVSS:3.1

Fixed Bugs

OXUIB-660 User can remove read permissions to (default) calendar results in unaccessible calendar

Was caused by missing check for admin rights.This has been fixed by not filtering the calendar if the user has still admin rights.

OXUIB-536 Signatures not above quoted text on forwarded mail

ForwardUnquoted was not recognized by plaintext editor.This has been solved by adding forwardUnquoted detection for plaintext editor.

MWB-868 Dataexport fails with “No such file or directory” error message

Intermediate clean-up task unexpectedly drops file storage resources.This has been solved by not running clean-up task when there are currently running data export tasks.

DOCS-2921 Comment Anchor does not work / function unclear

In the specified environment, the comment ID was transferred to OX Presentation, but it was not found in the parameters of the application launcher.This has been solved by finding and evaluating the transferred comment ID in application launcher for OX Presentation.

DOCS-2619 Readerengine scratch directory fills up

PDFTool does not return at all with some rare, yet unknown PDF documents.A maximum runtime needs to be introduced for each call to the PDFTool (similar to watchdog for RE processes), returning an error after the configured jobExecution timeout time and responding to the appropriate request in time.

Patch Release 5937 (2021-01-25)

Shipped Components and Versions

Fixed Bugs

OXUIB-647 Problem on read receipt: bad sender mail address

Primary address was used in all cases.This has been fixed by adding recipient parameter when calling api.ack and in case mail sent to alias address also this one is used for ack.

OXUIB-602 Missing contact image in desktop notifications

With WebSockets disabled, desktop notifications for mail didn’t fetched a contact image.This has been solved by refactoring mail desktop notifications to use the same message style as with WebSockets enabled.

OXUIB-573 Attach vCard to an email - no checkmark in dropdown shown

Was caused by missing listener to detect, whether the vcard is attached or not.This has been fixed by introducing missing listeners.

OXUIB-561 External Storage account cannot be added immediately after it got deleted

This was caused by a missing trigger and listener for reset events.This has been solved by adding missing trigger and listener for reset events.

OXUIB-556 No refresh on account recovery options

Settings pane for account was not updated when recovering passwords.This has been fixed by adding listener to refresh and update the account settings pane.

OXUIB-541 Login page cut off on small screens

The header and footer were absolute positioned, which doesn’t play nice with a flex layout.This has been solved by refactoring markup to use flex layout as it is intended.

OXUIB-177 Toggling editor mode appends signature instead of replacing it

The signature content was not correctly recognized when switching from plain text to html editor.This has been solved by removing signature on editor toggle and append it again afterward.

MWB-851 Display name used for reply to

Personal part taken over from referenced message, which might be manipulated by sender.This has been fixed by discarding personal part when pre-filling the “From” address.

MWB-833 CardDAV: subscribe / unsubscribe CardDAV folders has no effect on macOS address book

A modified “subscribed” or “usedforsync” status in one of the underlying folders is not recognized during the incremental synchronization of the aggregated collection in CardDAV.This has been fixed by including folder state in sync-token of aggregated collection for CardDAV.

MWB-828 StackOverflowError on certain mail

Possible stack overflow (application recursed too deeply) while parsing addresses from an E-Mail header, which was syntactically broken.This has been fixed by avoiding possible stack overflow (application recursed too deeply) while parsing addresses from an E-Mail header, which is syntactically broken. Display that message as well as possible.

MWB-805 WebEX invitations are displaying the incorrect timezone

Unknown timezone in invitation not interpreted correctly.More sophisticated comparison of parsed timezone observances during import.

MWB-762 Failed to delete (aborted or) completed data export tasks

Deletion of data export task fails due to missing/absent user/context entities when querying appropriate schema reference for a user to operate on correct database.This has been solved by making config-cascade robust towards missing/absent user/context entity.

MWB-713 Calendar entry does not get updated via CalDAV using .ics invites

A user is not able to update an event that was initially organized externally.Solution: Allow attendee changes if assumed to be initiated by an external organizer.

MWB-688 English error description popup - rest of the UI is set to german

Probably update for German for a 7.10.4 bug fix was not applied.This has been solved by adding missing translation.

Patch Release 5930 (2021-01-11)

Shipped Components and Versions

Fixed Bugs

OXUIB-627 Appointments jump to current week on click

The short drag started the drag and drop mechanism of the appointment. Usually, this will not be a problem, but if the appointment is not within the displayed timeframe, the drag and drop mechanism does not work.This has been solved by disabling drag and drop for appointments, that are not within the visible timeframe.

OXUIB-584 Theme is translated as Design in pane.js

Theme has been translated with Design and Design has also been translated with Design.This has been solved by changing the translation of Theme from Design to Theme.

OXUIB-541 Login page cut off on small screens

The header and footer were absolute positioned, which doesn’t look nice with a flex layout.This has been fixed by refactoring markup to use flex layout as it is intended.

MWB-793 MySQL deadlock on delete user

Built-in retry mechanism does not work in case a MySQL deadlock error occurs, which suggests to restart transaction.This has been solved by orderly passing SQLException as cause to wrapping StorageException to let built-in retry mechanism kick-in.

MWB-105 Update copyright year to 2021

Copyright notice in as-config-defaults.yml file was not aligned to current year.This has been solved by changing copyright notice in as-config-defaults.yml file.

Patch Release 5924 (2020-12-14)

Shipped Components and Versions

Fixed Bugs

OXUIB-549 Recurring appointment removal and portal widget aligment

Due to incorrectly linked events, the portal widget does not always detect when events are changed.The incorrectly linked events were adjusted accordingly to solve this issue.

OXUIB-536 Signatures not above quoted text on forwarded mail

Checked for the wrong attribute when trying to detect if forwardUnquoted is set to true.This has been solved by checking for the right attribute.

OXUIB-535 Print view for imported entries does not adjust calendar dates by Time Zone

No conversion to default time zone when printing in month and week view.This has been solved by adding time zone conversion.

OXUIB-529 No refresh of account warning after recovery

UI was not updated after recovering accounts.This has been fixed by triggering an UI update, when accounts are recovered.

OXUIB-521 Clicked mail address in Appsuite uses link text as friendly name

Appsuite uses link text as display name.Appsuite now uses the address as display name because it is not sure that the text is the name.

OXUIB-506 Aappointment start time changes on iPadOS webui

iOS date input style causes odd side effects with our autocorrect mechanics.This has been solved by disabling autocorrect mechanics on iOS devices.

OXUIB-393 View Source starts at the bottom

Firefox has od focus behavior, scrolls to bottom on focus, and ignores scroll top function.Defer scroll top to fix firefox focus bug.

OXUIB-162 Can’t get rid of draft compose windows

Added DEBUG logging to track opened, modified, and listed composition spaces.

OXUIB-129 Composition spaces gets duplicated for some reasons

That change introduced debug logging whenever a composition space is created/deleted. To be enabled with:

MWB-751 Department field in contact is set to NULL if left empty

The company and department fields were not checked if they were set in the actual contact object.This has been solved by checking if the company and department are set in the actual contact before adding them to the vcard file.

MWB-749 Contacts App does only down sync the personal Contacts folder via CarDAV in macOS 11 BigSur anymore

Internal detection of Mac OS address book not working anymore after latest upgrade of client OS.Indicate privileges from default folder also for root collection if aggregated collection is used to solve this issue.

MWB-745 Old composition space increase

Clean-up task does only work for active users since a session is needed. Those belonging to inactive ones are not considered and might therefore remain.This has been solved by refactoring clean-up task for expired composition spaces to have a global task considering any open composition space.

MWB-740 Unable to get/copy a message from the primary account to an IMAP folder from an external account

Possible HTTP proxy not correctly considered when establishing a socket connection to IMAP, SMTP or POP3 end-point.This has been fixed by orderly using JavaMail utility class for establishing a socket to ensure HTTP proxy is correctly considered.

MWB-716 gdpr_dataexport filestore uses more and more disk space overtime + orphaned files

Was caused by possible leftover files during data export run.This has been fixed by explicitly checking for possible orphaned data export files during runtime.

MWB-705 Special characters in folder names on external webDAV folders lead to errors

Decoding with URLDecoder caused the plus sign to be converted into a space character.This has been solved by fixing the URI decoding.

MWB-689 Address book: the number of contacts is wrong

Was caused by wrong showAdmin check for contact count.This has been fixed by adjusting the check.

MWB-652 Hazelcast : Could not create Portable for class-id: 103

Likely a database error happens when trying to create or modify an appointment, but unfortunately the clean-up code itself raises an error that overlays the original one. Thus it is not possible to see the database error causing the failing create/update.Don’t overlay possible exceptions when performing clean-up stuff. The associated change cannot be considered as a fix for this issue. However, it is necessary to detect what is really going wrong when attempting to create or modify an appointment.

MWB-594 ChangePasswordExternal fails with “Error occurred within server..” if set to 1, 4 or 5

Standard display message advertised to client in case error “PSW-0001” (“Cannot change password…”) occurs when user’s attempts to change his/her password.This has been solved by adding better understandable display message when error code “PSW-0001” (“Cannot change password…”) is advertised by Open-Xchange Middleware.

MWB-525 ‘An SQL error occurred: Packet for query is too large’ Messages in Groupware Log

Very big HTML content does not fit into a single packet transferred from Middleware to database due to ‘max_allowed_packet’ setting.This has been solved by paying respect to ‘max_allowed_packet’ setting and introduced disk-based volatile file cache for storing big message contents that do not fit into database (or into transport packet).

MWB-459 Appsuite adds additional PREF field to vcard export;“pref” parameter is used by server to differentiate between multiple numbers of the same type, while client only recognized one “pref”, as general preference.This has been solved by only adding “pref” parameter when exporting TEL properties if required. Note that this is only a mitigation

e.g. when there are multiple “cell” or “home” numbers, the “pref” parameter will still be set.

Patch Release 5905 (2020-11-23)

Shipped Components and Versions

Fixed Vulnerabilities

OXUIB-509 CVE-2020-28945

CVSS:3.1

OXUIB-491 CVE-2020-28945

CVSS:3.1

OXUIB-481 CVE-2020-28945

CVSS:3.1

MWB-646 CVE-2020-28943

CVSS:3.1

Fixed Bugs

OXUIB-535 Print view for imported entries does not adjust calendar dates by Time Zone

No conversion to default time zone when printing in month and week view.This has been fixed by adding time zone conversion.

MWB-694 AppSuite Webmail Safari Error

Null check for relay state was not sufficient.This has been solved by properly checking for empty relay state.

MWB-677 CalDav with OBS (OXaaS) not working on Thunderbird 78

Mozilla changed the user-agent string to no longer contain Lightning, probably because the previous calendar plugin is now integrated into the Thunderbird core.We adjusted our documentation to handle this:https://documentation.open-xchange.com/7.10.4/middleware/miscellaneous/caldav_carddav.html

MWB-674 Unable to get/copy a message from the primary account to an IMAP folder from an external account

Possible web proxy configuration not always considered when establishing a mail/transport connection.Orderly consider possible web proxy configuration when establishing mail/transport connections to solve this.

MWB-672 No log for notification delivery to Apple in appsuite for ox-app

Added INFO logging to APN/APNS HTTP/2 transport.

MWB-614 Listquota: Could not find or load main class

Was caused by wrong package name.This has been solved by using correct package name.

MWB-573 Sbin/deleteuser failed with ‘user could not be deleted’

Carriage return in encoded value of organizer property prevents the reference to the deleted user being discovered correctly.This has been solved by Disabling line folding when encoding organizer value, fix already stored values via update task.

DOCS-2889 Blank page when starting a presentation after “new from template”

Due to the backport of the Advisory Lock feature a small part was missed.This has been fixed by adding the necessary part to the PresenterDocProcessor to handle the REQUEST_JOIN correctly.

DOCS-2884 Topbar gone after switching apps on mobile

The z-index of the topbar was set to 2 because of another fix for Internet Explorer 11.This has been solved by not setting the z-index of the topbar to 2 and fixing the IE11 bug in an other way.

DOCS-2854 GENERAL_NODE_IN_MAINTENANCE_MODE_ERROR after update to 7.10.4 until restart of the node

Starting a new node can very seldomly lead to a merge situation, where Hazelcast changes its own uuid. That’s unexpected behavior and was not detected before.The OX Documents monitor implementation now checks the lifecycle events from Hazelcast more carefully and detects that a merge has been done. This is handled and internal classes are re-initialized to work with the new Hazelcast uuid (especially the JMS queue names are derived from it).

Patch Release 5891 (2020-09-11)

Shipped Components and Versions

Fixed Bugs

OXUIB-515 Unable to Create Filter Rule using a Condition

Wrong timezone was selected when parsing date input.This has been solved by using default timezone when parsing the date input.

OXUIB-507 Automatic opening of notification area setting needs a refresh or login/logout in order to work

The old value of autoOpenNotification was falsely used when changing the setting.This has been solved by using the new value instead.

OXUIB-485 Context menu on folders are missing ‘delete all messages’ after marking/unmarking spam

When spam folder is empty and you move a mail to it (via “mark as spam”) folder count was still 0.This has been solved by adding a refresh of the folder.

OXUIB-448 Floating events are not shown correctly in the list view

Utc timezone was used instead of local time.This has been fixed by using local time when no timezone is given.

MWB-653 Error while editing added mail account - Please enter the following data: primary_address

Primary address was unnecessary checked.Don’t require primary address when checking mail account connectivity to solve this issue.

MWB-648 OX fakes/uses the wrong sender adress when editing appointments in a shared calendar

Missing SENDER field and no option to use a separate no-reply account for imip mails.This has been fixed by adding new configuration parameter to use no-reply account for imip mails and added session user as SENDER to mail headers.

MWB-634 Not possible to add google calendar twice

Check for duplicate account associated with same provider’s user identifier fails due to previously performed PW change (w/o restoration) because user-sensitive data can no more be decrypted.This has been solved by loading OAuth account meta-data w/o secrets (token & secret) when checking for existence.

MWB-525 ‘An SQL error occurred: Packet for query is too large’ Messages in Groupware Log

Very big HTML content does not fit into a single packet transferred from Middleware to database due to ‘max_allowed_packet’ setting.This has been solved by paying respect to ‘max_allowed_packet’ setting and introduced disk-based volatile file cache for storing big message contents that do not fit into database (or into transport packet).

Patch Release 5888 (2020-10-26)

Shipped Components and Versions

Fixed Bugs

USM-6 Unknown OX response reading configuration

Using multifactor authentication has broken the usage of USM/EAS, because USM/EAS does not support it. The error message does not contain enough details to recognize this problem.To recognize this issue we improved error details by adding the json result of the usm-json communication to the error message in case of OXCommunicationException or AuthenticationFailedException.

OXUIB-473 Recurring event in calendar cannot be deleted - ‘Invalid recurrence rule [rule null]’

Orphaned change exceptions w/o corresponding series master event cause errors when being edited or deleted. Dialog was shown before UI checked if a series master existedThis has been fixed by checking if series master exists before showing the dialog.

OXUIB-472 Format-Error for some RSS Feeds on Portal page

Feed sometimes wrongly uses numeric character reference instead of char.This has been solved by adding a rule to replace those occurrences with simple quotes.

MWB-641 Share user amount quota calculated wrong

Quota usage was retrieved after the guest accounts were already created in the database, leading to the wrong number of “current” usage.This has been solved by retrieving actual amount quota before provisioning guest accounts.

MWB-635 Mails not loading if password contains pound sign

Configured character-set encoding not honored by IMAP “LOGIN” command.This has been fixed by using proper character-set encoding for IMAP “LOGIN” command.

MWB-633 “Send a Read Receipt” button shown in sent mail

Address to notify not checked if covered by user’s aliases. if so, not notification should be sent.Do not advertise “disp_notification_to” field in a mail’s JSON representation if address to notify is covered by user’s aliases to solve this issue.

MWB-588 New logon process ends up in old session

Requests with session-id/cookie mismatch led to cookies being overridden. In case of two browser tabs resulting from subsequent login attempts, both sessions would cross-invalidate themselves.This has been solved by only dropping session (and cookies) in case session could not be accessed due to an IP check error (request’s IP address differs from the one stored in session and IP check is enabled).

MWB-457 Sort mail by “unread” is descending by default

Back when the sorting order was changed to descending one case was not adjusted.This has been fixed by using desc sorting order when not using imap search.

DOCS-2691 Duplicate entries in a document collaborators list

When we receive a jms message we check if all header keys are valid. If it is not the case we will stop processing the message.This has been solved by changing the behavior in case there is an invalid header in the jms message. This event is locked, but processing of this message is not stopped.

DOCS-2526 Several issues with documents collaboration start/stop scripts

Some error messages have been ignored by start script and pid file has not been removed.This has been adjusted to be more verbose on errors, and killing the pid-file.

Patch Release 5879 (2020-10-12)

Shipped Components and Versions

Fixed Bugs

OXUIB-467 Mail print: recent chrome browsers do split small mail in multiple pages

Was caused by custom print rule of individual mail applies.This has been fixed by overwriting css page property.

OXUIB-463 Signature selector in compose window not scrolling

The dropdown overlaped the viewport.Now, when overlap is detected make dropdown scrollable.

OXUIB-444 Address book: the number of contacts is wrong

In some cases not the “total” value of a folder was used for display but a calculation. If the setting “com.openexchange.showAdmin” is set to false the displayed value differs from the actual number.If the folder supports the “total” value this value will be used now. If the setting “com.openexchange.showAdmin” is set to false, the displayed value is calculated accordingly.

OXUIB-438 Request for correct setting

Request always added DISPLAY type alarms even if not supported.This has been solved by adding DISPLAY if supported otherwise using first supported type in the provided array.

OXUIB-416 Import of calendar leads to massive thread spike and timeout

Was caused by post-processing after calendar import is triggered per event group.This has been solved by importing post-process results in single task, enqueue long running import jobs.

OXUIB-413 Not possible to enter comma in search field

Default delimiter was used.This has been fixed by removing delimiter to “none” for search/find.

OXUIB-404 Incomplete attachment dropdown in the contact detail view

CSS rule for overflow was overruled.This has been solved by improving selector so overflow rule is active again.

MWB-632 Code:202 Message:primaryMail, Email1 and defaultSenderAddress must be present in set of aliases

Case-sensitive check if provided E-Mail addresses are contained in set of user aliases.This has been solved by ignore-case checking if provided E-Mail addresses are contained in set of user aliases.

MWB-626 Usercopy not working RDB-0002

To less logging to track down validation failures and abortion of overall batch import/insert operation in case a single event cannot be added.This has been solved by enhancing logging for those events that cannot inserted due to validation failure and make the destination calendar storage used by the user-copy operation “resilient”.

MWB-613 Time difference between subscribing to external calendar and imported calendar

Exchange uses non-standard timezones in it’s ical. We did not adjust these timezones when subscribing to an ical feed.This has been solved by also adjusting Exchange timezones to olson timezones when subscribing to an ical feed.

MWB-609 Subscribed .ics calendars with recurring events do not show any events

The recurrence rule is invalid. It has a full-time (floating) start date but a Zulu Time Until value.This has been fixed by using the same recurrence rule adjustment as for the import path.

MWB-481 Unable to respond to any of these challenges: {sso-jwt=sso-jwt}

Inconsistent composition space state referencing to non-existing resources in (S3) file storage.This has been fixed by orderly advertising error code “MSGCS-0006” (NO_SUCH_ATTACHMENT_RESOURCE) if read attempt from storage yields “FLS-0017” (FILE_NOT_FOUND) error and drop the non-existent attachment from parental composition space.

68429 Checkconsistency ignoring MASTER_AUTHENTICATION_DISABLED

This has been fixed by considering credentials optional in case authentication is disabled.

Patch Release 5872 (2020-09-22)

Shipped Components and Versions

Fixed Bugs

OXUIB-443 Zoom settings section is shown even if disabled (and only Jitsi configured)

Was caused by missing check for zoom support.This has been solved by adding check for zoom support.

Patch Release 5869 (2020-09-30)

Shipped Components and Versions

Fixed Bugs

MWB-591 HttpClientService does not reuse connections

Connection was not reused and Keep-Alive not set.This has been solved by enabeling connection keepAlive and setting a ConnectionReuseStrategy so that connection keep alive duration will be considered and a “Keep-Alive” will be set in the request.

MWB-562 Creation date is calculated including the timezone offset for uploaded images

Some images doesn’t contain a timezone in addition to the capture date. In those cases the library which extracts the capture date uses the GMT timezone as a fallback in case the timezone information is missing in the exif data.This has been solved by using the user’s timezone as a fallback for the capture date instead. Please be aware that this is still not a perfect solution for this problem. For example it depends on the timezone configuration of the appsuite when the image has been uploaded. So for example in case the timezone between the camera and the appsuite is different this leads to similar problems. Or in case the timezone of the appsuite is changed then images uploaded before and after the change have a different offset. Also this fix only applies to newly uploaded files. Existing files are still going to show the capture date based on the previous calculation which used the GMT timezone.

Patch Release 5857 (2020-09-16)

Shipped Components and Versions

Fixed Vulnerabilities

OXUIB-421 CVE-2020-24701

CVSS: 3.1

OXUIB-412 CVE-2020-24701

CVSS: 3.1

OXUIB-411 CVE-2020-24701

CVSS: 3.1

OXUIB-401 CVE-2020-24701

CVSS: 3.1

OXUIB-400 CVE-2020-24701

CVSS: 3.1

MWB-583 CVE-2020-24701

CVSS: 3.1

MWB-520 CVE-2020-24701

CVSS: 3.1

Fixed Bugs

OXUIB-391 Button “New appointment” for Calendars opened by sharing link from guests available

Action was checking device guest, which doesn’t work obviously.This has been fixed by adjusting check so it checks for capability guest.

OXUIB-320 List View in Calendar doesn’t update new date

Missing handling when a date in the list collection changes.This has been solved by listening for startDate changes and change labels accordingly.

MWB-545 Increased CPU load after update to 7.10.3

Possible endless loop when the task iterator is initialized from an already interrupted thread.This has been solved by abort waiting for pre-reader if the current thread was already interrupted.

MWB-542 java.util.regex. Pattern very long log entries

Excessively long-running operation to look-up a subsequence/pattern in HTML content.This has been solved by adding conditions for early abort and ultimately shield from too excessive matcher execution.

MWB-533 Translation issue for collected addresses folder

Only a user’s own “collected addresses” folder was considered for translation.This has been solved by dynamically translating special collected addresses folders from requesting user’s point of view.

MWB-459 Appsuite adds additional PREF field to vcard export

“pref” parameter is used by the server to differentiate between multiple numbers of the same type, while the client only recognized one “pref”, as general preference.This has been fixed by only adding “pref” parameter when exporting TEL properties if required. Note that this is only a mitigation, e.g. when there are multiple “cell” or “home” numbers, the “pref” parameter will still be set.

DOCS-2540 “Save in Drive” error if customer creates a new folder

The disable check for the ‘create folder’ button was not working correctly, therefore it displayed the enabled button for cases where it’s not possible. When creating a folder in these not working cases, the error occurred.This has been fixed by adjusting the enable/disable state of the ‘create folder’ button. Therefore, the button is not clickable in wrong cases, the error can’t happen anymore.

DOCS-2484 Collaboration service: works only for the same user in different browsers

In Customer integrated Drive the fileId is unique for each user so we are not able to detect that two users edit the same document.This has been solved by extracting the part of the Id which is only unique for the file.

Patch Release 5842 (2020-09-02)

Shipped Components and Versions

Fixed Bugs

OXUIB-370 Mail compose: default font is ignored when a signature is used

A recent change altered the tinymce editor content was changed from raw to html, which led to stlying issues.This has been solved by using html format when saving signatures but keep raw format for compose actions.

OXUIB-369 Display of mail usage in Portal

Text was set to 100%. Translation part: “Speicherplatz” was changed to “Kontingent” to cover both Email storage and number of Emails. But as we talk about storage here, I changed it back (also in other cases).This has been solved by using actual numbers instead of 100%. Translation part: Changed “Kontingent” to “Speicherplatz”.

OXUIB-346 No appropriate folder storage for tree identifier “0” and folder identifier “XYZ”

Folder api tried to request virtual folders via path request.This has been solved by adding an early check to prevent the error. Also fix code that expected the error. Note: This is mostly a cosmetic fix so there is no error in the logs. The UI switches back to the default folder in case an invalid folder was requested and a user can work normaly again.

MWB-511 Failed to delete composition-space files from dedicated file storage on user/context deletion

Coding error when attempting to delete from files storage on user/context deletion.This has been solved by avoiding java.lang.ArrayStoreException by passing proper argument when attempting to delete from files storage on user/context deletion.

MWB-504 ERROR-Messages (Contact xxx not found in context yyy / ‘You do not have the permission to access objects’) - wihout any user interaction

This was caused by inaccessible contacts. E.g. some contact which was once shared but the permissions has been revoked in the meantime.This has been solved by dropping alarms and also alarm triggers silently for the birthday calendar in case the uderlying contact is missing or is inaccessible.

MWB-502 No mails on resource usage

Internal notification mails are only sent to user attendees.This has been solved by sending notifications mails to resource attendees by default, configurable through com.openexchange.calendar.notifyResourceAttendees.

MWB-501 Some mails with attachments not indicated as such

Slightly different attachment check for get and all requests. In case the content-disposition header is missing the get request in contrast to the all request considers the name attribute of the content-type header to identify attachments.This has been solved by considering the name attribute during all requests as well.

MWB-489 Calendar update failed when running runallupdate

Update task accidentally removed when updating update task framework, although it was used as dependency for other tasks.This has been fixed by restoring removed update task.

MWB-473 Subject of reminder mails for appointments always in UTC

User timezone not considered when formatting event start date for subject.This has been fixed by considering user timezone when formatting event start date in subject of alarm mail.

Release 7.10.4 (2020-08-05)

Shipped Components and Versions

Fixed Vulnerabilities

MWB-289 CVE-2020-15003

CVSS:3.1

Fixed Bugs

OXUIB-89 “Add to calendar” action for imip appointment invitation mails should not be shown

ToolbarView’s selection change did not trigger a redraw (strict: true).This has been fixed by just setting strict to false.

OXUIB-86 JSON field 661 (date) not used by UI

Missing frontend counterpart of backend feature.This has been solved by adding 610 as unsupported sort option with fallback 661.

OXUIB-75 Wrong translation in Finnish calendar module

This was caused by missing context.This was solved by changing to suggested message.

OXUIB-348 Cannot open newsletters with new edge chromium based browser

Basic detection of Edge was added a while back, but noopener feature has not been adjusted.This has been solved by reporting noopener support for Edge based on Chromium in internal functions.

OXUIB-343 Edge: disabled Subject and CC fields in the mail compose dialog

Non-chromium-based browser was applied for chromium-based browser.This has been fixed by differentiating detected edge browser by version number (79+ represents chrome-based).

OXUIB-329 Group ‘All users’ is not getting updating

Appsuite UI side limit that request user details only for at most 1000 members, this limit only affects the settings pane “Groups”.This has been fixed by introducing customizable setting and now also inform user when limit was hit.

OXUIB-319 MDN / Read Receipt disappears after logout when not interacted with

Missing property that identifies open read receipts for seen messages.This has been solved by providing property for seen messages also now (unless read receipt was send). Additionally flag 512 can be used to identify a already send read receipt.

OXUIB-303 Error saving webmailer signature on mobile tablet

Editor content was not part of new/update requests when oximage tinymce plugin wasn’t loaded.This has been solved by ensuring editor content is used.

OXUIB-27 Switch between conversation- and no conversation-view loses mail

During toggling between normal and thread view the collection gets reset but the complete flag stays on ‘true’. So no collection will be loaded as long there aren’t enough mails for pagination in the current folder that triggers the incompleteness.This has been solved by setting the complete flag to ‘false’ manually so that a reload will be triggered.

OXUIB-252 Same email search results in different options

When ‘search’ collection get’s expired via expire() the ‘expire’ property got reverted immediately.This has been solved by manipulating ‘expired’ property directly.

OXUIB-183 Found no such composition space

There is a little time gap between the POST /compose/:id/attachment to state to have a progress of 100% and the fact, that the upload call resolves. This is the time, the server needs to finally store the attachment somewhere. If the mail is send in exactly this gap, a race condition between sending and attaching the image to the mail might occur.Wait until the attachment-upload has been resolved before the mail send process can be started is solving this issue.

OXUIB-112 Throwing error while creating a filter rule with size > 2GB/2048MB/2097152KB

Wrong comparative operator was used.This has been fixed by adjusting the comparative operator.

MWB-94 Heavily increased CPU consumption

Detected & applied wrong start time range to scheduler of GDPR data export tasks.Detect & apply correct start time range to scheduler of GDPR data export tasks to solve this issue.

MWB-80 Caldav capability to manage ical subscriptions should not be announced to CalDAV Clients if com.openexchange.calendar.ical.enabled is set to false

Calendarserver-subscribed is always announced to CalDAV clients.This has been solved by only announcing the ical subscription capability for CalDAV client with “calendarserver-subscribed” when the fitting property, “com.openexchange.calendar.ical.enabled”, is enabled AND the corresponding services are available.

MWB-79 Search defaults to “From” in the Sent view

Custom MAL implementation does not orderly mark the standard folders.Now manually check for possible standard sent folder in case marker is absent for com.openexchange.mail.dataobjects.MailFolder instance to solve this issue.

MWB-72 Performance issue after upgrading

Mail content was read for detection of non-inline parts, which are supposed to be passed to document-converter service (that might be absent).Don’ t trigger document preview if associated capability is absent and avoid reading mail text for detection of non-inline MIME parts. Note: In case Document-Converter is deployed on customer’s installation, accessing MIME message’s file attachments is done by intention.

MWB-69 Appointments exported from google and imported into Appsuite loose reminders

Error thrown Reply-To header can’t be parsed, actually the In-Reply-To header should be used.This has been solved by using the In-Reply-To header.

MWB-53 Spam and phishing errors

The problem is that SMTP server in question uses the reserved return code 552 “Exceeded storage allocation” incorrectly to advertise that message to send has been blocked due to spam/phishing detection. Unfortunately, there is no deterministic detection possible since the accompanying text for the 552 return code may be arbitrarily chosen. Only a heuristic can be used here.Check accompanying text for the 552 return code for occurrences of “virus” or “spam” to interpret message as being blocked e.g. due to triggering a filter such as a URL in the message being found in a domain black list.

MWB-503 Error message and stacktrace during / on deletion of a user using deleteuser cmd

Null connection returned to the DatabaseService.Don’t return null connection to the DatabaseService to solve this issue.

MWB-475 Mail compose with non-instant attachment upload does not work

Unused API parameter prevented non-storing of attachments. When used, send/save lead to errors and were not possible at all.This has been solved by removing API parameter streamThrough and locally spool uploaded attachments before passing them on to save a draft or send an email.

MWB-462 Dedicated filestore does not work with Sproxyd for Mail Compose

Missing according DatabaseAccessProvider at runtime.This has been fixed by adding missing DatabaseAccessProvider for mail compose that is needed in case an Sproxyd file storage is used.This fixed is based on revision 16 and is not part of any revision between revision 16 and 18. With next public patch in two weeks and revision 19+ all fixes between revision 16 and 18 will be included.

MWB-437 “Remember me”-funktion is not working

Open-xchange-session cookie was not set on successful /login?action=tokens response even though it should.This has been solved by writing session cookie on token login.

MWB-419 Only 500 appointments are synced via CalDAV

Used wrong default value.This has been solved by using correct default value.

MWB-323 “set” in sieve rule: mailfilter page not loading

Action command parser was missing.This has been solved by adding action command parser for set action.

MWB-31 not possible to add multiple totp accounts on same server

No unique information for the TOTP account.Added the user’s login to the TOTP account.

MWB-273 Unexpected error [Error performing calendar migration in context xxx] caused by NullPointerException

A missing value within the legacy series pattern causes an unhandled exception when trying to convert it into a recurrence rule.Fall back to “first” week when converting monthly_2/yearly_2 patterns if not specified.

MWB-235 Runallupdate Results in Hazelcast errors

Missing upgrade package for hazelcast enterprise.This has been fixed by adding a hazelcast enterprise upgrade package: open-xchange-cluster-enterprise-upgrade-from-7102.

MWB-174 F5 reload causes logout

Session cookie has not been written to HTTP response.This has been fixed by writing missing session cookie on login.

MWB-161 Import of an ics file results in Error while reading/writing from/to the database

Event data was only stored partly when an unexpected error occurred during saving of supplementary data like alarms.This has been solved by importing each calendar object resource within separate transaction, extended alarm validity check.

MWB-149 Reply all on a mail from within unified inbox does not work

UnifiedInboxManagement OSGi service was not added to bundle’s needed/tracked services, which is required to check if an account is the special Unified Mail account.Solution: Orderly track UnifiedInboxManagement OSGi service to check if an account is the special Unified Mail account.

MWB-134 Email attachments from drive size checked not during “upload”

Drive document has been accounted to upload quota, but shouldn’t.This has been solved by do not throw upload quota exceeded error in case file attachment is a Drive document.

MWB-130 File gets deleted when uploading new version and having autodelete_file_versions=true retentionDays=1 and maxVersions=1

Wrong version number for current version was assumed when auto-deleting file versions.This has been solved by passing proper current version number to auto-delete routine.

MWB-13 Some customers cannot sent emails with attachments - CacheLoader returned null for key

When using Google cache’s ´get(key, loader)´ method, the passed loader must not return null.Don’t return null in passed CacheLoader instance to solve this issue.

MWB-129 Reply all button does not work

UnifiedInboxManagement OSGi service was not added to bundle’s needed/tracked services, which is required to check if an account is the special Unified Mail account.Now orderly track UnifiedInboxManagement OSGi service to check if an account is the special Unified Mail account.

MWB-127 Display of special and polish charactes in Appsuite

If “UTF8=ACCEPT” is advertised through IMAP server’s capabilities, there is no need to encode(decode the mailbox name (according to RFC 2060, section 5.1.3. “Mailbox International Naming Convention”).This has been fixed by avoiding decoding/encoding of the mailbox name in case “UTF8=ACCEPT” is advertised through IMAP server’s capabilities.

MWB-103 Recurring tasks can not be marked as done via EM Client

The caldav servlet doesn’t support operations on recurring tasks, but it also doesn’t filter recurring tasks out.This has been resolved by just filtering thoes recurring tasks.

68803 OX drive dissappears

Actually undefined properties are cached at the “configuration” provider of the config cascade once they’ve been queried for the first time. This happens implicitly when the final scope is determined for a property that was picked up at another level of the config cascade. In case such properties are prefixed with “com.openexchange.capability.”, they’re also considered and evaluated to “false” when constructing the capability set for any other user, potentially overriding module permissions if they’ve been used in a discouraged way of using the permission identifier as capability property name.This has been fixed by ignoring undefined capability properties when building the capability set, added debug logging to reveal problematic configurations.

68773 Error Description Improvement in the WebUI

USM can not send an error message, the communication is restricted to the http return code for a failed login.Increased logging: Increase the level for those kind of log messages from DEBUG to INFO.

68762 Calendar can not be synced anymore to iPhone

A change exception where the series master event could no longer be looked caused a runtime exception when converting the data to an appointment as used by the legacy calendar API.Now do not fail if the recurrence identifier cannot be converted to the corresponding recurrence (date) position.

68744 Shared Calendar Abonnement Setting not kept for Google and Default Calender

Folder properties are protected, but the UI does not respect that.This has been solved by disabling the checkmark if the sync property is protected such that the user will not be able to sync google calendars for example.

68734 Subject Line Cyrillic encoding preview issue

Don’t attempt to re-encode subject string given by ENVELOPE fetch item to solve the cyrillic encoding issue.

68689 Script errors in IE and Firefox

Some model changes might trigger long running redraw actions, which block the browser and might even lead to “long running script”-warning.This has been solved by preventing browsers from redrawing the whole list where possible.

68684 deleting account does only delete “inner” account, leaving the “outer” one as it is

Adjust to latest API behaviour when removing folders associated to accounts.

68666 Connection refused nginx - appsuite

Websocket push using Socket.IO in combination with Grizzly TLS causes deadlocks in Grizzly selector threads.This has been solved by reducing lock scope in original implementation. Furthermore offer a whole different Socket.IO implementation that uses less locking overall.

68629 Appointment with the same start as end date/time cannot be viewed in month view

This has been fixed by adding missing handling for this special case.

68615 Failure on adding email address to guard key

Code expected RSA key, failed with DSA. The fix removes specified cast, uses existing public key algorithm

68612 Strange behavior of calendar Appointments

When serving the ‘all’ request, a potential exception is raised when recurrences are processed.Solution: Additional exception handling when processing loaded event data, increased logging capabilities.

68606 Backend fetches SNIPPETS from external accounts once this account provides “SNIPPET=FUZZY”

Missing config switch in settings-list.Added missing config key to documentation.open-xchange.com

68584 logout with an unfinished mail on Android causes Error ”Mail could not be found” after some repetitions

Issue was caused by race condition (multiple almost simultaneous removeRestorePoint calls)

68539 Draft preview doesn’t work

Dependent on MAL implementation, an absent subject is returned as null, which confuses App Suite UI.Solution: Advertise a missing subject as an empty string within output layer.

68522 Mail settings not displayed when mailfilter package (API) not enabled

Missing capability check before sending requests to the API.This has been solved by adding “global” capability check in internal API module.

68516 Caldav Sync Problem - 500 CalDAVAccountRefreshQueueableOperation

URIs in href-elements within a PROPFIND request from a client may get decoded two times under certain circumstances, which might lead to a runtime exception whenever the original URI contains the percent sign ‘%’.Solution: Ensure to decode percent-encoded values only once.

68510 MAC contacts app does not allow to add new contacts to OX on Catalina

The contacts application in the latest macOS release introduced a bug where the current user’s privileges were derived from the virtual root, and not the actual contacts collection.This has been fixed by indicating privileges from default folder also for root collection for macOS client.

68507 External Drive: Old name displays in Settings - Account for external drive after renaming in Drive

Accounts get’s refreshed now once a related folder get’s updated to solve this issue.

68501 Distribution list is not shown in mail compose address picker

Now a popup is displayed if maxlimit for the addresspicker is reached and “admin=false” parameter is respected if applying index range.

68444 Name of external account in mail compose

Name of external account name was not offered after adding a new external mailaccount.This has been solved by adding handling for an active mail compose window when a mail account get’s added/removed.

68435 Error occurs when moving mail from external account to default

Mix-up of folder to account association when composing JSON response.This has been fixed by accessing folder in proper account.

68424 AM1 & AM2 Sent Mail Listing Missing Recipients

Overlapping addresses were not correctly handled.This has been fixed by adjusting associated css.

68421 HTML and CSS problem in combination with media-queries

Every rule in the stylesheet was treated as a css rule.This has been solved by treating rules according to rule type.

68397 Tasks are reset iPhone

A NPE was triggered if start_time is not set(null).This has been fixed by using correct variable to determine UTC time difference.

68351 Google account after password change offers “Try again”

This has been adjusted and for error code OAUTH-0013 button “Try again” is replaced by “Edit accounts” that links to corresponding settings pane.

68343 Emails are not sent as HTML and text

No support for contentType multipart/alternative with initial new compose api.This has been solved by adding support for it, Appsuite UI now send this as a parameter. The MW will then create a html/text part from the html part.

68285 Filter rules can have > 2GB if using GB/MB/KB

Unit was not considered when checking size.This has been solved by adjusting check accordingly.

68205 Wrong font is displayed in toolbar for empty lines when replying a mail

Selection is modified to get correct scrollbehavior but not restored correctly afterwards.This has been fixed by restoring selection correctly.

68163 Letters with descenders (like p, g, y lowercase ) have bottom truncated

Firefox has some issues with visibility hidden and descenders.This has been fixed by adjusting css with padding and negative margins.

68150 Shift+Enter does not work with Firefox

Scroll behavior in enter key listener changed selection.This has been solved by checking shift key too and prevent execution in that case.

68105 Dead links on documentation.o.c

Some dead links and obsolete infos.This has been solved by cleaning up start page and removed obsolete information.

68091 Found no such composition space

Existing mechanism to periodically perform a clean-up task for expired composition spaces might not trigger actual clean-up often enough.This has been solved by choosing another mechanism to periodically perform a clean-up task for expired composition spaces.

67883 OXUserCopyService.copyUser(): Unexpected problem occurred

Duplicate task leads to abortion of user copy operation.Solution: Do not hard fail on duplicate task, but handle it gracefully.

67718 Vacation notice in UI available even if mail backend does not support this

Action command was not checked for drop down in mail toolbar.This has been solved by checking vacation action before rendering dropdown link.

67692 Problem displaying videos

The “!important” CSS style value was dropped.This has been solved by keeping the “!important” CSS style value is dropped.

67325 Not syncing all appointments in the future

Was caused by hard coded limit for future appointments of 3 years.This has been fixed by making this limit configurable in eas.properties: com.openexchange.usm.eas.appointments.future.time_limit

67184 Error “Mail could not be found” opening webmail on mobile devices (Android/ios)

Was caused by separate handling for savepoints on smartphones and other devices.This has been solved by extending initial fix to also cover smartphones.

66771 Portal: Twitter does not work

Wrong “API” parameter was used.This has been fixed by adding correct API string to the request.

66622 Confirmation mail of appointment ever in English and Coordinated Universal Time

For events where the (external) organizer is not attending, the timezone is not set explicitly and falls back to the system default.This has been solved by prefering event timezone in notification mails for external organizer that does not attend the meeting.