Aggregated bug-fixes for 7.10.5

Last Update: 2025-07-01

Patch Release 6198 (2022-12-19)

Shipped Components and Versions

Fixed Vulnerabilities

MWB-1876 CVE-2022-43700

CVSS: 5.0

Fixed Bugs

MWB-1878 Unable to delete an email

This was caused by an empty Disposition-Notification-To header.This has been solved by adding a handle for empty Disposition-Notification-To header.

Patch Release 6188 (2022-11-02)

Shipped Components and Versions

Fixed Vulnerabilities

OXUIB-1933 CVE-2022-43696

CVSS: 4.3

OXUIB-1795 CVE-2022-37306

CVSS: 4.3

MWB-1882 CVE-2022-42889

CVSS: 9.8

MWB-1862 CVE-2022-43699

CVSS: 5.0

MWB-1823 CVE-2022-43698

CVSS: 5.0

MWB-1784 CVE-2022-43697

CVSS: 4.3

DOCS-4580 CVE-2022-42889

CVSS: 9.8

Fixed Bugs

OXUIB-1885 Folder ‘confirmed_spam’ not listed in folder tree

This was caused by conflicting lists of (default-)folders: io.ox/mail//defaultFolders and list of types in folders/extensions.jsThis has been solved by removing hardcoded entry in folders/extensions.js

MWB-1395 OX middleware java thread issue

An individual thread is used to perform asynchronous session storage tasks. In case Hazelcast gets unresponsive, those threads pile up rendering the system unresponsive as too many threads need to be handled by JVM.This has been solved by introducing separate worker(s) for issuing operations against Hazelcast-backed session storage.

Patch Release 6177 (2022-10-10)

Shipped Components and Versions

Fixed Bugs

OXUIB-1653 Broken Free-Busy calendar

Was caused by incomplete (but still valid) freebusy data.This has been solved by making the planning view more robust, using the data that is there and using defaults for the rest.

Patch Release 6172 (2022-09-16)

Shipped Components and Versions

Fixed Bugs

MWB-1625 Drivemail draft: view/download/save to drive of attachment does not work

Drive Mail attachments not accessible via mail API.This has been fixed by making Drive Mail attachments accessible via mail API.

Patch Release 6164 (2022-08-11)

Shipped Components and Versions

Fixed Bugs

MWB-1720 Images embedded in mails via cid: are not visible

Messed-up file holder reference when checking for possible image transformation.This has been solved by orderly managing file holder reference when checking for possible image transformation.

Patch Release 6155 (2022-08-11)

Shipped Components and Versions

Fixed Vulnerabilities

OXUIB-1785 CVE-2022-37310

CVSS: 4.3

OXUIB-1732 CVE-2022-37309

CVSS: 5.4

OXUIB-1731 CVE-2022-37308

CVSS: 5.4

OXUIB-1678 CVE-2022-37307

CVSS: 5.4

OXUIB-1654 CVE-2022-31469

CVSS: 4.3

MWB-1714 CVE-2022-37311

CVSS: 5.3

MWB-1713 CVE-2022-37312

CVSS: 5.3

MWB-1712 CVE-2022-37313

CVSS: 5.0

Fixed Bugs

OXUIB-1768 Save a sent mail as distribution list - nothing happens

We introduced restrictions on apps that can be launched. This broke some actions with “closable” apps. Namely edit/create distribution list and invite to appointment actions.This has been solved by introducing list of valid edit apps so the actions work again.

Patch Release 6149 (2022-07-18)

Shipped Components and Versions

Fixed Bugs

MWB-1395 OX middleware java thread issue

Excessive reading of mail parts on inline view of video files or when outputting images.This has been solved by avoiding excessive reading of MIME part content.

Patch Release 6140 (2022-06-28)

Shipped Components and Versions

Fixed Bugs

OXUIB-1587 Reminder can not be set and missing details in shared calendars for users with no access to them

Missing folderdata because of insufficient permissions.This has been solved by checking if event is in all public appointments folder. This way we can make some assumptions even without full folder data.

MWB-1592 Caldav configuration

Root collection path statically set to “com.openexchange.dav.prefixPath”.This has been solved by applying proper internal/external path translation for DAV root collection.

Patch Release 6137 (2022-06-09)

Shipped Components and Versions

Fixed Vulnerabilities

MWB-1602 CVE-2022-31468

CVSS:5.4

MWB-1572 CVE-2022-29853

CVSS:4.3

MWB-1540 CVE-2022-29852

CVSS:5.4

DOCS-4428 CVE-2022-29851

CVSS:8.2

Fixed Bugs

OXUIB-1383 Compose a text-only email: row is moving immediately after typing

This was caused by a bug in the Chrome browser.This has been solved by adjusting an old fix for slow loading mail compose.

OXUIB-1065 Different order for displayed contact field than in edit mode

Mismatch in order of displayed contact fields.This has been fixed by moving fields to match edit form.

Patch Release 6132 (2022-05-09)

Shipped Components and Versions

Fixed Bugs

OXUIB-919 Huge amount of “Found no such resource in attachment storage for identifier: undefined’ errors after update

Improvement: Do not complain when client tries to delete a non-existing attachment.

OXUIB-1406 Pdf write error message not translated

Was caused by a missing gt call.This has been fixed by adding the missing gt call.

MWB-1560 Huge traffic increase on userdb after updating to 7.10.5 (incl. custom package)

In case client-passed token does not match the one currently associated with requested composition space while trying to perform an update ends in an infinite retry loop.This has been solved by using dedicated error code in case client-passed token does not match the one currently associated with requested composition space.

Patch Release 6120 (2022-04-11)

Shipped Components and Versions

Fixed Bugs

USM-33 Issues with Exchange connection on Android 10

USM combines original mail and forward text into a new mail which is sent in base64 format. This seems to be invalid and is rejected by the backend. ICS attachments are filtered by USM if the mime-header content-type contains application/ics or text/calendar.This has been solved by sending combined mail in text format. Create correct mail with hierarchical multipart. ICS attachments will be filtered only if corresponding calendar objects exist.

OXUIB-1095 File attachment multiplies after send

Resizing an email attachment could cause individual attachments to be duplicated.The process has been revised so that resizing an image attachment cannot be interpreted as a new attachment.

MWB-1523 Mail/drivemail attach files: if file being uploaded takes too much all other files will fail with 502503 error

Uploaded attachments were spooled to local temporary file while unnecessarily holding lock on affected composition space. This holds that lock for too long.Solution: Spool attachment to local temporary file w/o acquiring lock. However, actually adding the attachment to the draft mail is required to be performed mutually exclusive.

MWB-1513 Since update to rev39: compose limit reached although no compose window is currently active

Checked local state for possible too many composition spaces which might not be up to date.This has been solved by always checking content of standard drafts folder on mail server to reliably test for too many composition spaces.

DOCS-4119 Print or export of document loses line spacing

LibreOffice is having a problem with the default property in styles, regardless of the value LO interprets it as default = “true”. There should only be one default paragraph style in a document. LO thinks that there are twice and lets the latter win. So In this case the correct paragraph style “Normal” is overwritten by the paragraph style “ListParagraph”.Solution: We will no longer write the property “default” in styles when its value is “false”, this is also valid. The bugfix only works for newly created documents and documents that are saved again in our editor.

Patch Release 6111 (2022-03-23)

Shipped Components and Versions

Fixed Bugs

OXUIB-1307 Onboarding wizard always displays “sync app” for android, even when not enabled

This was not supported.Now ‘apps’ can be hidden via jslob setting “io.ox/onboarding//hidden/apps”. The syncapp is hidden by default.

OXUIB-1042 Calendar entry can not be modified (empty popup, UI hangs)

Missing organizer caused js error in UI.This has been solved by making UI more robust so it doesn’t break if an appointment has no organizer.

MWB-1487 Mail/drivemail attach files: if file being uploaded takes more than 60 seconds exception is thrown

Slow upload leads to timeouts.Solution: Do not let upload time out since not measurable whether there is slow connection bandwidth or poor performing file storage end-point.

MWB-1479 MFA does not disable WebDAV and CalDAV

Dav does not call the session hit that the MW does. As a result, the check for multifactor is missed.This has been solved by adding additional check for multifactor in DAV servlet. Should simply reject if found. There is no way to authenticate multifactor in DAV. Application passwords should be used.

MWB-1464 u2f not working in chrome anymore

Chrome removed U2F support.Utilize webauthn U2F mechanisms to support the logins in Chrome.

MWB-1209 Failure of JVMs/groupware-nodes, Login not longer possible

Applied regular expression leading to excessive resource consumption. Too heavyweight logic to convert HTML to plain text.This has been fixed by avoiding using regular expression to split HTML content to lines and fixed possible NPE when querying available composition spaces. Improved html-to-text conversion to be faster and use less memory.

Patch Release 6101 (2022-03-02)

Shipped Components and Versions

Fixed Bugs

OXUIB-1262 Single quote in mail compose To field handled incorrectly

This wasn´t considered yet.This has been solved by extending the regex.

MWB-1448 Compose is moved to trash if “com.openexchange.mail.compose.maxSpacesPerUser” is over

Max. number of composition spaces not orderly considered when opening a new one.This has been solved by Considering max. number of composition spaces when opening a new one.

MWB-1439 Need to extend log to analyze “Found no such resource in attachment storage for identifier: undefined’ errors

Extend log to get more infos.

MWB-1435 Errors on the conversion layer API used by mobile applications

Parse errors if a MIME message contains a corrupt Content-Type string.This has been fixed by sanitizing Content-Type string in case a corrupt one is present in MIME message or one of its parts.

MWB-1423 Context taxonomy not mentioned in cli onlinehelp

Missing help text for dynamic options.This has been fixed by adding a help text for dynamic options.

MWB-1413 Birthday calendar name is changeable via DAV but not in Web UI

Update of DAV:displayname property permitted through CalDAV for default Birthdays calendar.Treat DAV:displayname property as protected for Birthdays calendar, and indicate forbidden property updates via DAV:cannot-modify-protected-property precondition.

MWB-1387 gdpr data export fails reliably

Errors while trying to resume a previously paused data export.Solution: Handle possible connect failure while exporting mails. Avoid pausing running data export tasks. Let started ones complete and avoid unnecessarily stopping data export tasks in case a continuous timeframe is configured, e.g. “com.openexchange.gdpr.dataexport.schedule=Mon-Sun”.

Patch Release 6092 (2022-02-04)

Shipped Components and Versions

Fixed Bugs

MWB-1444 New mails can not be composed when having many external accounts configured

Plain connection established although SSL connection expected.Solution: Orderly signal whether a direct SSL connection should be established or not.

Patch Release 6084 (2022-01-28)

Shipped Components and Versions

Fixed Bugs

MWB-1431 MSG-0008 Categories=ERROR Message=‘An I/O error occurred: Received BYE response from IMAP server: * BYE out-of-sync data before server greeting’

InputStream.available() might not indicate available content.Solution: Probe for next byte instead of relying on InputStream.available().

Patch Release 6079 (2022-01-25)

Shipped Components and Versions

Fixed Bugs

OXUIB-1221 Grammatical Error in German Getting Started Tour

This has been solved by adjusting trivial grammatical error.

OXUIB-1094 Inconsistend mail draft handling movbile UI <-> Web UI

Wrong action type leads to creating a copy instead of editing the draft.This has been solved by changing the type from ‘copy’ to ‘edit’.

OXUIB-1042 Calendar entry can not be modified (empty popup, UI hangs)

Missing organizer caused js error in UI.Solution: Make UI more robust so it doesn’t break if an appointment has no organizer.

OXUIB-1024 Skewed Images After attaching them during mail compose

Editing an image with the createImageBitmap function within a worker in Chrome Browser version = 77 leads to incorrect results.Solution: For Chrome Browser version = 77, the editing process with createImageBitmap is no longer performed in the worker.

MWB-1394 Drivemail: share expiration is wrong if user timezone is not GMT+0

Client-wise specified expiration date got adjusted by user’s time zone.Now passing client-wise specified expiration date as-is (assume GMT+0) and do not adjust by user’s time zone to solve this issue.

MWB-1384 Birthday / Public calendar shows no entries when using czech language settings

This has been solved by fixing a typo in Czech .po file.

MWB-1319 Usercopy does not copy the user all the time

Possible SQL transaction timeout while trying to copy a user from one context to another: “Lock wait timeout exceeded, try restarting transaction”.This has been solved by following the suggestion from MySQL server and repeat the user-copy execution in case an SQL transaction timeout is encountered.

Patch Release 6072 (2022-01-12)

Shipped Components and Versions

Fixed Vulnerabilities

DOCS-4106 CVE-2022-23100

CVSS:8.2

Patch Release 6068 (2022-01-11)

Shipped Components and Versions

Fixed Bugs

OXUIB-963 2fa not working with form/token login anymore

The first fix was only for form login.Now this has also been fixed for token login.

MWB-1376 Concurrent Update Exception when uploading multiple Attachments during compose

Retry mechanism circumvented through introduction of client tokens for any reason.This has been solved by re-enabling retry mechanism.

MWB-1352 Update of appointment restricted CAL-4038

Was caused by too strict permission check when processing CANCEL messages.Solution: Require delete permissions for targeted user attendee when applying CANCEL messages.

MWB-1351 GDPR backup feature task doesn’t seem to work all the time

Was caused by sporadicaly timeouts when obtaining a connection to the storage.Solution: Retry establishing a connection to file storage in case caught exception indicates a timeout while connecting to an HTTP server or waiting for an available connection from connection pool.

Patch Release 6066 (2021-12-16)

Shipped Components and Versions

Fixed Bugs

OXUIB-963 2fa not working with form/token login anymore

Rampup extensions trying to fetch data without session requiring multifactor. Replaced missing rampup call.Solution: exit the rampup stage early if multifactor is required after login. Add back missing rampup call.

OXUIB-1061 Composer loading slow/hangs with a lot of recipients

The calculation has been corrected and irrelevant scrollbars are hidden to solve this issue.

MWB-1346 Service com.openexchange.contact.storage.ContactStorage is temporary not available

Missing access when looking up enhanced entity information as guest user.This has been sollved by adjusting handling when looking up enhanced entity information.

MWB-1343 Premature end of Content-Length delimited message body error on Image Preview

Possible premature end of stream when reading a Scality object’s content.Solution: Gracefully deal with possible premature end of stream when reading a Scality object’s content.

Patch Release 6061 (2021-11-29)

Shipped Components and Versions

Fixed Bugs

MWB-1345 Calendar names disappeared after update

Backported changes relied on newer handling of localized folder names.This has been solved by continuing to use untranslated name if no localized name is present.

Patch Release 6060 (2021-12-14)

Shipped Components and Versions

Fixed Vulnerabilities

OXUIB-1092 CVE-2021-44208

CVSS:3.1

MWB-1322 CVE-2021-44209

CVSS:3.1

MWB-1260 CVE-2021-44210

CVSS:3.1

MWB-1259 CVE-2021-44211

CVSS:3.1

MWB-1219 CVE-2021-44212

CVSS:3.1

MWB-1216 CVE-2021-44213

CVSS:3.1

Fixed Bugs

OXUIB-1050 Invalid fully-qualifying mail folder identifier on mail search using mail main folder

Configured value for special “all messages” folder (through property “com.openexchange.find.basic.mail.allMessagesFolder”) is not a fully-qualified mail folder identifier. UI had a 300ms delay before disabling the select button in the folder picker. This allowed picking invalid folders.Solution: Don’t expect fully-qualified mail folder identifiers when performing a mail search. Remove 300ms delay in UI and implement failsave for invalid folders, so invalid folders should no longer be selectable.

MWB-1314 “Connect your Device” iPhone (iOS device) overwrites the first account in case you have 2 on the same system

Used same PayloadIdentifier for different users leading to profiles overwriting each other.This has been solved by using unique PayloadIdentifier to avoid profiles for different users overwriting each other.

MWB-1311 Different handling of chronos?action=update when partStat is set to “NEEDS-ACTION”

Reset of participant status behaves differently then removing and adding of the same participant.When participant status is reset also remove hidden flag, so event is displayed for the attendee again (internal attendee). Also, send “invitation” notification (internal attendee) or iTIP (external attendee) mail to attendee with reset status.

MWB-1303 After 7.10.5 update: ‘Missing configuration for nextcloud account’ in logs for several users

Extensive logging of error afflicted file-storage accounts when performing a drive search.This has been solved by adjusting log level of user-specific errors to “debug”.

Patch Release 6053 (2021-11-22)

Shipped Components and Versions

Fixed Bugs

OXUIB-1060 Scheduling shows 1h off after time change

In rare cases when adding the start hours for “only working hours” mode can lead to wrong calculations due to different offset values.Mind the offset and add it if necessary to solve this issue.

OXUIB-1051 GET/POST adding needless question mark when no url params are set

GET/POST generally added a ‘?’ to the requesting url.This has been solved by removing needless ‘?’ for GET/POST requests when no url params a set.

MWB-1313 Since 7.10.5 OX-9999 Categories=ERROR Message=‘Missing attachment identifier in mail part’ error

Possible “Missing attachment identifier in mail part” error when parsing draft mail.This has been fixed by avoiding “Missing attachment identifier in mail part” error.

MWB-1300 Move of contexts fails when using OXContextService > moveContextFileStore

Accessing a file during storage move signals file-not-found error although file list has been retrieved from storage itself.Pass an appropriate file-not-found handler if file listing was retrieved from storage, but accessing a file fails due to absence. This allows to perform checkconsistency to repair that.

MWB-1224 Slovak text broken within Settings -> Accounts

Broken encoding for standard google account nam ein slovak.This has been solved by using UTF-8 encoding instead if ISO-8859-1 encoding for the display name when creating the callback URL for Google.

MWB-1223 Imapauth.properties cannot allow uppercase logins (with USE_MULTIPLE=false)

Missing option to automatically convert login info to lower-case.This has been fixed by introducing boolean property “com.openexchange.authentication.imap.autoLowerCase” (default is false) to specify that login info is supposed to be automatically converted to lower-case when attempting to authenticate against IMAP server.

MWB-1159 Email subject not displayed in desktop notifications

Found paths in IMAP-IDLE backed push implementation for which notifications are published w/o providing basic message info (like subject).Always provide basic message info when publishing notification to solve this.

Patch Release 6051 (2021-11-12)

Shipped Components and Versions

Fixed Bugs

OXUIB-1066 Creating mail results in error messages

When loading the Mail Compose dialog in the mobile view it is possible that the mail quota has not been updated yet and therefore the default value is stored. This leads to the assumption that the mail quota has been reached.The method with which the mail quota is evaluated has been adjusted to solve this issue.

Patch Release 6051 (2021-11-12)

Shipped Components and Versions

Fixed Bugs

OXUIB-1066 Creating mail results in error messages

When loading the Mail Compose dialog in the mobile view it is possible that the mail quota has not been updated yet and therefore the default value is stored. This leads to the assumption that the mail quota has been reached.The method with which the mail quota is evaluated has been adjusted to solve this issue.

Patch Release 6046 (2021-11-09)

Shipped Components and Versions

Fixed Bugs

OXUIB-1046 Mobile mail: clicking arrow to expand subfolders in folders view is too sensitive

Through bubbling folders got opened instead of toggled.This has been fixed by stopping bubbling with stopPropagation.

OXUIB-1045 Reset password inputs are inconsistent and untranslated

Inconsistencies left over after last refactoring, typo in “Confirm new Password”.This has been solved by cleaning up behavior of labels and placeholders to be consistent with the username field, fixed “Password” -> “password”.

MWB-1289 Mail: editing drivemail draft for compose does delete drivemail draft folder in drive

Premature deletion of shared attachment folder on edit-draft invocation.This has been solved by avoiding premature deletion of shared attachment folder on edit-draft invocation.

MWB-1231 Using Russian in Appsuite inserts whitespaces inside the Subject

Multi-mime-encoded header value wasn’t properly decoded.Now properly decode a multi-mime-encoded header value.

DOCS-3684 Connection Errors After Installing ImageConverter

Inserting PRIMARY keys more than once during IC server job proccessing gives DB server exceptions in some timing dependent cases.This has been solved by preventing mutliple access to PRIMARY DB keys fixes the problem with IC server DB communication.

DOCS-3611 Welcome Tour is displayed two times for Text, Spreadsheet, Presentation (6 times in total)

Creating the missing settings entry “portal//recents” deletes the existing settingsentry “portal//fulltour/shown” causing the tour to start again.Now, when starting a portal app, the missing property “portal//recents” will explicitly be created in frontend code and sent to server.

DOCS-3588 Tall Image Distorted on Zoom

Images with quite unusual width/height aspect rations get too much distorted when scaled into a target rectangle so that e.g. text rendering within the target image gets distorted/unreadable after processing.This has been solved by checking aspect ratios for source and target images for unusual ratios above 21:9 (2.33) when scale type CONTAIN is requested and w/h aspect ratios of source and target image differ significantly. Prevent scale processing of images completely in those cases so that as much source image information as possible gets transferred to the requester/browser as possible. This significantly improves readability of e.g. text like content in such images delivered to the frontend.

DOCS-3536 DC error logging should be enhanced to show the root cause

Added newline within log output prevents output of root cause.This has been fixed by removing newline within log output to log root cause of exception.

Patch Release 6038 (2021-10-25)

Shipped Components and Versions

Fixed Bugs

OXUIB-976 Mobile onboarding wizard - Upsell only available for EAS / CalDAV/CardDAV missing

Unnecessary double capability check, which broke upsell configuration.This has been solved by just checking for one capability for each entry.

OXUIB-963 2fa not working with form/token login anymore

Rampup extensions trying to fetch data without session requiring multifactor.This has been fixed by exiting the rampup stage early if multifactor is required after login.

OXUIB-899 Drivemail: auto switch is done too late to prevent overquota issues

There is no check if the email exceeds the available storage space before it is forwarded to the backend.A check, if the email exceeds the available storage space before it is forwarded to the backend, has been implemented. Furthermore, a dialog with a corresponding hint has been implemented to indicate the switching to DriveMail.

OXUIB-1025 Accessing shared files in a certain order fails

Failed virtual folder “request” caused error and error handler failed as ‘error’ and ‘options’ were undefined.This has been solved by adding fallback for ‘error’ and ‘options’.

OXUIB-1023 Permissions dialog does not support link-only case anymore

Feature were accidentally removed during refactoring.This has been solved by adding feature again.

MWB-1272 Content-Type: message/delivery-status not shown in App Suite

Message’s delivery-status was not displayed.Now display message’s delivery-status.

MWB-1268 Explicit deleting of draft from mail draft folder does not delete corresponding drivemail draft folder from drive

Referenced shared attachment folder not removed on message deletion.This has been fixed by dropping referenced shared attachment folder on message deletion.

MWB-1267 Deleting drivemail draft via DELETE mail/compose/draft.xxxx does not delete drivemail draft folder from drive

Drive Mail folder not dropped when composition space is closed.This has been solved by also dropping Drive Mail folder when composition space is closed.

MWB-1265 Password reset link not invalidated after setting new password

Password change not forwarded to cross-context database.Align guest reference in cross-context database after setting new password in “reset” dialog to solve this issue.

MWB-1252 Compose starting from Drivemail saved draft containing attachments does not have attachment size information

File attachment size not correctly advertised on mail and composition space retrieval calls.Now orderly advertise file attachment size on mail and composition space retrieval calls.

MWB-1248 Attachment downloads not working when app password used

RestrictedAction.Type was missing from the getAttachmentAction.This has been solved by adding missing action type.

Patch Release 6035 (2021-10-04)

Shipped Components and Versions

Fixed Bugs

OXUIB-1013 Sharing tasks only possible with “View” permissions

Rights changed to viewer for guestes without notice.Now give a notice to user when rights are changed.

MWB-1247 Subscribed mail account saves drafts to primary account

Final draft messages are not stored in appropriate account’s standard drafts folder.Final draft messages are now orderly stored in appropriate account’s standard drafts folder. Please note that storing intermediate draft messages associated with an alive/intact composition space are intentionally stored in primary account’s standard folder.See also: https://documentation.open-xchange.com/7.10.5/middleware/mail/mail_compose/01_drafts.html#mail-storage-utilization

MWB-1244 Report client not finishing

com.openexchange.report.appsuite.storage.ContextLoader.getAllContextIdsInSameSchema(int, Connection) returns an empty abstract list if a schema has no results for contexts (see table context_server2db_pool).This has been solved by returning new ArrayList<> instead of Collections.emptyList().

Patch Release 6034 (2021-09-21)

Shipped Components and Versions

Fixed Bugs

OXUIB-973 Calendar entries shorter than 1 hour, which straddle an hour, are truncated when printed

Wrong calculation of end time slot (was not based of endtime, but starttime and length).This has been solved by fixing calculation of endtime slot so the slot that contains the end time is included correctly.

OXUIB-957 Notifications for mails from external accounts

It was not possible to receive notifications for external mail accounts.This has been solved by implementing check for external inboxes. Note: This is done via periodic requests and not via sockets, since there is no MW support for this. Implemented a feature switch for this so the current behavior does not change for customers that don’t want this.io.ox/mail//notificationsForExternalInboxes default is false.

OXUIB-952 Account recover dialog can be opened manually

Was causee by an obsolete ui artefact.This has been fixed by removing whole part on accounts settings pane.

MWB-1240 Drive shares loosing permissions

Was caused by a caching problem on permission rollback, warning contained in response not displayed.Fixed caching problem and changed warning in response to error.

MWB-1232 Increased threads since update

Repeatedly loading of resource files for JavaMail providers and address map.Solution: Cache loaded resource files for JavaMail providers and address map (reset cache on reloadconfiguration).

MWB-1220 500 internal server error(s) for one dedicated EAS Account

In case a calendar user appears multiple times in the attendee lineup, a folder existence check may fail due to selecting the false one.This has been solved by considering further alternatives when checking if event is rendered in folder or not.

MWB-1150 ‘Edit copy’ functionality does not correctly duplicate drivemail folder/attachment

Stored draft message is kept messing up Drive Mail folder when multiple versions are sent.Solution: Manage a separate Drive folder in case new composition space has shared attachments enabled and has been spawned via “Edit copy”.

MWB-1147 Compose starting from saved draft containing attachments does not have attachment size information

Size information not propagated.Orderly advertise size of attachments when opening a composition space for a forward.

Patch Release 6029 (2021-09-07)

Shipped Components and Versions

Fixed Bugs

OXUIB-941 Help files for FR-Canada switches to English

This has been solved by adding specific mapping for fr_CA when loading help.

OXUIB-940 UI window formatting glitch after opening connect your device

CSS selector for steps was too generic.This has been fixed by using id selectors for wizard steps.

OXUIB-906 Dav sync option shown in address book settings, without dav installed

Was caused by a missing check for capabilites carddav / caldav.This has been fixed by hiding toggle buttons when carddav or caldav is missing.

MWB-1023 Connect your device SMTP Settings

SMTP host & login information advertised as “None” in case SMTP authentication is disabled through configuration.Several changes were applied: Do not advertise SMTP host information as “None” in case SMTP authentication is disabled through configuration. Set SMTP user name in configuration regardless if SMTP authentication is enabled or not. Fallback to IMAP login in case SMTP login is provisioned to be an empty string.

Patch Release 6026 (2021-08-23)

Shipped Components and Versions

Fixed Vulnerabilities

OXUIB-872 CVE-2021-38374

CVSS:3.1

MWB-1116 CVE-2021-38377

CVSS:3.1

MWB-1113 CVE-2021-38375

CVSS:3.1

Fixed Bugs

OXUIB-948 File en_SG.js renamed to en_sg.js in package open-xchange-appsuite

Moment renamed en-SG to en-sg.This has been solved by updating the locale lookup table to new filename.

OXUIB-932 Draft autoload on mobile causes huge amount of “draft changed in another tab” messages

This was caused by immediate loading of drafts on mobile.This has been solved by introducing lazyload for mobile devices.

OXUIB-931 Default rights when sharing a folder to an unnamed user are “Author”

Since the redesign the default was set to author right for folders and viewer rights for files.Solution: Changed it to default to viewer rights in all cases.

OXUIB-920 “locked” view during running GDPR Export is wrong

When redrawing the default configuration was used all the time.This has been fixed by only using default configuration when no download is pending. Show requested modules instead.

OXUIB-917 Several “No such job” error messages for some customers (increasing) after update to 7.10.5

UI did not check for error codes and kept requesting long running jobs.This has been fixed by removing jobs from queue for error code JOB-0002 so they are not requested anymore.

OXUIB-884 Onboarding Wizard “Connect Your Device” not correctly displayed on small iOS Displays

Flex shrink was behaving strangely for small devices.This has been resolved by removing shrink for some components.

MWB-667 Mail filter apply does not work for copy

The copy require was missing from the FILEINTO action command, hence the MailFilterService was generating the wrong require directive for the sieve script. The issue lies within the MailFilterService.getFilterRule when the method reconstructs the Rule object from the sieve script, i.e. the copy require is not added as an optional require.This has been solved by including the copy as an optional require for the FILEINTO action command.

Patch Release 6020 (2021-08-10)

Shipped Components and Versions

Fixed Bugs

USM-27 several hundred of “Couldn’t determine mail object for ItemOperations Fetch, oxObjectId is null” per minute after update

Starting with 7.10.5 we improved the support for the Mobile-Outlook-App. Now it may be used to sync via EAS. But so far only basic features have been tested. The Mobile-Outlook-App is the first client which uses ItemOperations_Fetch to sync a contact. So far only mail objects have been fetched. Fetching a contact is not implemented yet.Implement fetch of contact objects. The protocol allows more collection types : calendar, tasks. So far these cases did not occur in our tests. It could be that the fix does not avoid all messages. In that case we will neeed debug logs (including EAS log).

USM-26 Mail folders are not visible created by EAS client

The parameter “subscribed” has changed its default from true to false. USM does not send it, because it was not necessary so far.USM adds the parameter “subscribed” always set to true.

OXUIB-927 Can’t copy content from Connect Your Device Wizard

Text was unselectable and focus trap prevented from proper selection.Enable text selection and disable focus trap.

OXUIB-916 bg-bg and et-ee mappings

Added missing mappings and files.

OXUIB-905 mail compose: double scrollbars when in text mode + attachments

This bug is caused by the incorrect calculation of the height of the text field.The calculation has been corrected and irrelevant scrollbars are hidden.

Patch Release 6016 (2021-07-26)

Shipped Components and Versions

Fixed Bugs

OXUIB-901 “Internal Sharing of Files and Folders” does not work with HiDrive but is still offered

This was caused by missing check for ‘permissions’ of folders ‘supported_capabilites’ property.This has been solved by adding missing check.

OXUIB-897 Error on sharing mail folder SVL-0011

Wrong dirty check caused request that was not needed.This has been solved by fixing wrong dirty check.

OXUIB-895 Missing “show entire message” button for truncated mails

Class ‘mail-detail-content’ was added to body element while plain text mails still add a wrapping DIV with that class name beneath the body element.This has been fixed by adjusting selector to allow adding ‘Show entire message’ button again.

OXUIB-830 “connect your device” functions missing/changed/inconsistent

Missing QR code support for eas.This has been solved by adding QR code support and MWB-1179.

OXUIB-747 Sharing calendar with notification mail for invited user leads to an error

Wrong dirty check caused request that was not needed.This has been solved by fixing wrong dirty check.

MWB-1179 Missing link endpoint for onboarding EAS provisioning

EAS support was missing.This has been solved by adding EAS support.

MWB-1169 Appointment series exceptions are not shown via CalDAV all the time

Userization of delete exception dates not working properly for event series in public folders.Solution: Don’t userize change- and delete exception dates for events in public folders.

Patch Release 6010 (2021-07-12)

Shipped Components and Versions

Fixed Bugs

OXUIB-891 Signatures can duplicate if you hit save multiple times

Was caused by missing differentiation between success and error state.This has been solved by idling dialog only when error was returned.

OXUIB-890 Icon highlights in AM1_prod_reseller

The launcher drop-down moved to the left edge of the top bar and received its own section name in CSS.This has been solved by adding the new section to the others where topbarHover is applied.

OXUIB-888 Closing a (huge) mail draft with a double click results in an error

Multiple clicks on close button were possible.This has been solved by disabling buttons in window header when app is closing.

OXUIB-876 Attachments deleted from draft return after saving draft

Attaching a large file and then deletes/cancels while it’s uploading led to an error.This has been fixed by fetching pendingUploadingAttachments and pendingDeletedAttachments during the upload process to cover more edge cases.

OXUIB-684 AppSuite Help - Index links non-existent

For some cases, the resolving of the index targets seems to fail for html output, while it works for pdf output.This has been fixed by removing all links from the Index to the glossary terms for html output.

MWB-1148 Package referenced in docs (open-xchange-mail-authenticity) does not exist

Wrong package in mail authenticity config documentation.This has been solved by using correct package in mail authenticity config documentation.

Patch Release 6008 (2021-06-28)

Shipped Components and Versions

Fixed Bugs

USM-25 Mail Flagging via EAS

Mail flagging was not implemented with EAS.If the client sends a non-empty nodeflag USM sets the “flagged” bit within the mail system flags. The other direction: if the “flagged” bit is set within the mail system flags USM/EAS sends to the client the following node:FlagFlagStatus2/FlagStatusFlagTypeFollowUp/FlagType/Flag.If the “flagged” bit is not set and the cached sync status within EAS shows that the bit was set previously at the last sync USM/EAS sends an empty node to the client to indicate that the flag shall be cleared:Flag/If the “flagged” bit is not set from sync to the next sync no flag node is sent to the client.

OXUIB-868 Wrong description in the ‘Getting started’ instruction

Button was moved to help icon.This has been fixed by changing text accordingly.

OXUIB-854 “Distorted” Error window when restoring a nonexistent draft in a second tab

The error was handled twice although it occurs only once.The double handling of the error is unnecessary. The error is now displayed in the tab only and this can be closed with “close”.

OXUIB-820 Signature editor: toolbar cut off

Wrapping of elements were disabled.This has been fixed by simply wrapping actions in toolbar if not enough space is available.

MWB-938 Drive shares losing permissions

Just added more logging, not fixed yet.

MWB-1145 CalDAV: calendar can not be synchronized aynmore since upgrade to 7.10.5-ucs2

Missing safety checks prior folder display name template replacements.Solution: Additional safety checks prior folder display name template replacements, added logging if replacements are unavailable.

MWB-1137 Mails not displayed anymore on missing Drafts folder when Mail-Authenticity is enabled

Possible null dereference when dropping a standard mail folder.Fixed possible null dereference when dropping a standard mail folder.

MWB-1132 iCal feed throws “IllegalStateException: can not shift the time zone of an all-day date”

All-day appointments were not considered during recurrence id normalization.This has been solved by considering all-day appointments.

MWB-1108 Autoconfig does only use Port 80 for probing/connecting to autoconfig.domain

Static build URL used HTTP and not HTTPS.This has been fixed by preferring HTTPS URL and only retry with HTTP if the forceSecure flag is set (over HTTP API). Also, log a warning if HTTP is used.

MWB-1058 Server reports failed SQL database insertion for syncfolders request

Filenames containing dashes confused the fulltext index tokenizer.Solution: OX Drive searches for files with “exact-match”, ignore fulltext index for those requests.

MWB-1023 Connect your device SMTP Settings

SMTP host & login information advertised as “None” in case SMTP authentication is disabled through configuration.This has been solved by not advertising SMTP host & login information as “None” in case SMTP authentication is disabled through configuration.

Patch Release 6003 (2021-06-14)

Shipped Components and Versions

Fixed Bugs

OXUIB-870 “What’s New Popup” does not honor the Customers Configuration

Feature checks were not sufficient.Federated sharing text now also checks if filestorage_xox or filestorage_xctx capabilities are present. Onboarding wizard now checks for capability client-onboarding and if the setting for the new wizard is actually enabled (io.ox/core//onboardingWizard).

OXUIB-852 What is new in this version Information modal displayed in attachment preview

Missing customization for what’s new feature list.This has been solved by adding extension point to customize this list.

OXUIB-845 Wrong help article referenced in subscribed dialogs

Was caused by wrong references.This has been fixed by using right references.

OXUIB-818 Appointments in public folders can not be edited, resulting in endless loading

Appointments were drawn before the ‘injectVirtualCalendarFolder’ was called.Now register change listeners for appointments with incomplete folder data to solve this.

MWB-1106 No calendar listed - FLD-1001 NPE

Was caused by a NPE while sorting display names.This has been fixed by adding null guard and by preventing null values.

MWB-1000 DefaultSenderAddress not used when composing new mail

From address determined by examining user’s primary mail account data.Orderly pre-select user’s default send address when composing new mails to solve this issue.

Patch Release 6000 (2021-06-01)

Shipped Components and Versions

Fixed Vulnerabilities

OXUIB-838 CVE-2021-33495

CVSS:3.1

OXUIB-837 CVE-2021-33494

CVSS:3.1

OXUIB-809 CVE n/a

CVSS:5.3

OXUIB-771 CVE-2021-33492

CVSS:3.1

OXUIB-770 CVE-2021-33488

CVSS:3.1

MWB-993 CVE-2021-33489

CVSS:5.3

MWB-1094 CVE-2021-33490

CVSS:3.1

MWB-1067 CVE-2021-33493

CVSS:3.1

Fixed Bugs

OXUIB-839 “Setup wizard” partially covered by “Whats New”

Onboarding-hint-popover is shown automatically and visual anchor is hidden behind “whats new”.This has been solved by using Stage instead of Extension to show popover and ensuring popover does not “collide” with other steps visually.

OXUIB-836 Css for button missing in onboarding menu “Windows” -> “OX-Drive”

Missing style for drive download button.This has been solved by addingcorrect style to drive download button.

OXUIB-833 Wrong help page mapped for contacts create/edit window

Missing differentiation between user and contact.This has been fixed by differentiating between user and contact mapping.

OXUIB-830 “Connect your device” functions missing/changed/inconsistent

Missing manual configuration scenarios.This has been solved by adding manual configuration scenarios for iOS and added eas for android.

OXUIB-829 Safari: display error in “connect your device”

Browser have different focus styles.This has been fixed by adding consistent focus style for all browsers.

OXUIB-828 “Connect your device” - “OX Drive” entry removeable

Was caused by wrong capability check for drive apps.This has been fixed by adding capability check for drive capability to disable drive menu options.

OXUIB-822 Missing contacts when adding from address book

Wrong parameter within the translation made the warning hard to read.Fixed parameters within spanish translations.

OXUIB-816 Planning view in calendar ignores daylight saving time

Was caused by wrong calculation of offset.This has been fixed by adjusting offset calculation.

OXUIB-813 Wrong dutch translation in mail compose dialog

This has been solved by fixing a typo.

OXUIB-812 Missing alert when mail not saved due to exceeded quota

Warning was not added to baton and therefore not processed.Warning gets added to baton now.

OXUIB-776 Encoded line break doesn’t work in mailto link

Was caused by missing convert of’\n’ to ‘br’ when html is preferred mode for mails.This has been fixed by adding the missing convert.

OXUIB-767 Mail Forward: Size of attachment is given as a negative number

The file attachment sizes was not orderly advertised with the first request for forwarded mails. File attachment sizes was always rendered if a size is returned in the response.Solution: Orderly advertise size of attachments with first request for forwarded mails and only render file sizes that are larger than 0 B, otherwise don’t render them at all.

OXUIB-514 Attachments deleted from draft return after saving draft

Draft was saved before all delete requests were processed.This has been solved by fetching pendingUploadingAttachments and pendingDeletedAttachments during the upload process to cover more edge cases.

MWB-792 New feature ‘File backup’ is not working

Unexpected premature termination of byte stream when reading content from S3 end-point. When having two folders named e.g. “resumé” and “resume” only one folder gets into the data export.This has been solved by adding an option to enable conversion of Unicode characters in ZIP archive entry names with somewhat reasonable ASCII7-only characters:com.openexchange.gdpr.dataexport.replaceUnicodeWithAsciiDefault value is false. So, when setting it to true ZIP archive names like “résumé” are converted to “resume”.

MWB-1083 7.10.3 -> 7.10.5 Update results in Unmet dependencies for update task “com.openexchange.mail.compose.impl.groupware.CompositionSpaceRestoreAttachmentBinaryDataColumn”

Was caused by broken update task dependencies.Has been solved by fixing update task dependencies.

MWB-1077 Changes done to appointment series in O365 lead to error in subscribed calender in Appsuite

Incompatible timezone identifier gets cached along with overridden instances, which causes problems when re-loading the data from the cache.Normalize recurrence identifiers prior processing events from external iCalendar source to solve this.

MWB-1072 iOS Profile names not clear since 7.10.5

Content-dependent identifier for onboarding profile names were accidentally cropped.This has been fixed by re-adding content-dependent part to profile display name.

MWB-1065 Draft high priority is not kept when saved as draft

Priority not kept when restoring a compose window from formerly saved draft message.This has been solved by keeping priority when editing draft messages.

MWB-1049 Option “Use Drive Mail” throws an error to user

Wrong sequence number chosen while trying to apply attributes to shared Drive mail attachments.Fixed applying attributes to shared Drive mail attachments.

DOCS-3190 My Attachments Shown but Unusable when Opening Documents

The files are not visible because it’s not possible to open the attachements in documents.This has been solved by hiding the attachments folder to not confuse the user.

DOCS-3189 Single context mode - “Global template folders” are getting displayed

Global templates are not helpful with com.openexchange.capability.alone=true.With com.openexchange.capability.alone=true global templates in office settings are not displayed anymore for users.

DOCS-3144 Viewer: Printing of images is not possible

Print as PDF did only work for Office files and PDF files.This has been fixed by enabling that images can be printed via “Print as PDF” too. Plain .txt files are enabled now too for “Print as PDF”, which was also not possible before.

Patch Release 5994 (2021-05-19)

Shipped Components and Versions

Fixed Bugs

OXUIB-733 OX Webmail - After some Onclick action focus does not move

Focus was not set to list after action.This has been fixed by setting focus to next list item after action.

MWB-1052 Database error when searching for something like [-+*%][a-z]

Remaining whitespace in tokenized query after non-word characters have been replaced.This has been solved by trimming pattern after replacing non-word characters in client-supplied token.

MWB-1024 Connection to database problems / DAV client(s) involved

Generic error returned when vCards exceed the maximum size during bulk import.This has been solved by explicitly handling too large vCard during bulk import requests.

Patch Release 5989 (2021-05-03)

Shipped Components and Versions

Fixed Bugs

MWB-1040 Calendar does not return conflict warning

Iteration of checked event series begins too late.This has been solved by considering duration when initialize recurrence iterator for conflicting series events in checked period.

MWB-1011 Smtp login-rejects (wrong password and similar) are not logged at all

Missing log message for failed authentication attempts against primary mail/transport server.This has been solved by adding logging failed authentication attempts against primary mail/transport server.

MWB-1000 DefaultSenderAddress not used when compose new mail

From address determined by examining user’s primary mail account data.Solution: Orderly pre-select user’s default send address when composing new mails.

Patch Release 5982 (2021-04-19)

Shipped Components and Versions

Fixed Bugs

OXUIB-776 Encoded line break doesn’t work in mailto link

Missing convert of ’\n’ to ‘br’ when html is preferred mode for mails.This has been solved by adding missing convert of ’\n’ to ‘br’.

OXUIB-694 Mail cut off without warning

Button was drawn but not visible.This has been fixed by triggering ‘complete’ to adjust height again.

MWB-999 “All Day” appointment display problem after adding iCal by URL

Wrong data from external calendar source taken over as-is.This has been fixed by adjusting bogus all-day dates prior to storing event data from subscriptions.

MWB-1029 Autodiscover needs a lot of time

Too low settings for HTTP connection pools for both - auto-config server and ISPDB end-point.This has been solved by increasing settings for HTTP connection pool of both - auto-config server and ISPDB end-point - while lowering values for read and connect timeout.

MWB-1023 Connect your device SMTP Settings

SMTP host information advertised as “None” in case SMTP authentication is disabled through configuration.Now do not advertise SMTP host information as “None” in case SMTP authentication is disabled through configuration.

MWB-1017 String index out of range: -1 for error when scrolling in inbox

Possible java.lang.StringIndexOutOfBoundsException when trying to decode subject string obtained from ENVELOPE fetch item.Fixed possible java.lang.StringIndexOutOfBoundsException when trying to decode subject string obtained from ENVELOPE fetch item.

MWB-1014 UI Error When Birthdays Disabled

No fallback access used when collecting pending alarm triggers from disabled accounts.This has been solved by using fallback access when collecting pending alarm triggers from disabled accounts.

MWB-1007 GDPR Exports in state “Pending”

Lock entry not cleansed from database in case temporary database outage/inaccessibility occurs.This has been solved by enhancing acquired lock by a time stamp that gets periodically touched (every minute). Consider lock as expired if not touch for more than 5 minutes.

Patch Release 5976 (2021-03-29)

Shipped Components and Versions

Fixed Bugs

OXUIB-769 Link in text mails with ] at the end

”[ ]” were not part of suffix characters we use in our regex to detect the end of links, similar to “, . ?” etc.This has been fixed by adding “[ ]” to possible suffix characters.

OXUIB-749 Drive guided tour pauses if sharing is disabled

Capabilities were not used correctly, selectors were no longer valid and tour accidentally opened the chat app.This has been solved by adjusting selectors and capabilities and no longer open the chat app.

OXUIB-741 Wrong date in filter rule, previous day

The local time zone was used to render the timestamp in the filter rule.This has been solved by now using UTC for rendering.

OXUIB-739 Week forward button “>” does not do anything when language is dutch, view is werkweek and weekstart is zondag

Wrong selection of day with certain (work)week settings.This has been fixed by removing basic setting dependent .startOf(‘week’) and replace with startOf(‘isoWeek’) in addition to a small adjustment for choosing the correct day.

OXUIB-688 Sender name not updated in webmail

Settings were not updated and may contain old account name.This has been solved by updating settings correctly.

MWB-994 Inline forwarding of a particular mail results in ‘Missing argument com.openexchange.mail.conversion.fullname’

A broken image link leads to failure of send/transport attempt.Solution: Don’t let failed image URI resolution prevent from sending a mail.

MWB-987 Suggestions for change: cleanup tasks are started on all nodes of a cluster, but only one is effectively running, “list” tool removes data

Existent data export tasks silently deleted if associated user/context do no more exist.This has been fixed by not deleting such “orphaned” data export tasks when invoking listdataexports command-line tool.

MWB-688 English error description popup - rest of the UI is set to german

A translation from a previous bugfix was missing.This has been solved by adding the missing translation.

Patch Release 5973 (2021-03-15)

Shipped Components and Versions

Fixed Vulnerabilities

DOCS-3201 CVE-2021-28095

CVSS:3.1

DOCS-3200 CVE-2021-28094

CVSS:3.1

DOCS-3199 CVE-2021-28093

CVSS:3.1

Fixed Bugs

OXUIB-726 Distribution list entries wrong after editing the list

A combination of changes and streamlining caused loss of firstname and lastname, company was used as fallback.This has been solved by adding available data were possible so company name is not used as fallback, prefer display name over company name for external participants.

MWB-967 Higher load on parsing sent email

Was caused by possible long-running Matcher.find() invocation.This has been fixed by adding fast plausibility check & introduced a timeout-aware matcher alternative that respects a passed timeout whenever matching the input sequence or finding a certain sub-sequence is requested to avoid possibly long-running matcher invocations.

MWB-958 Not possible to change directly case of context name with changecontext

Context names are checked case-insensitive for equality when attempting to change a context’s name and thus changing to the same context name, but different cases were considered as a no-op.This has been solved by checking case-sensitive for equal context names when attempting to change a context’s name.

MWB-954 Wrong HTTP status code when If-None-Match header is set

No response status distinction for read-only operations in If-None-Match/If-Match checks.This has been solved by using HTTP 304 response during If-Match/If-None-Match checks for GET and HEAD.

MWB-951 Share is not created if mailbox is overquota

Missing special handling for error codes that advertise actual transport succeeded, but append to standard sent folder failed.This has been fixed by adding special handling for error codes that advertise actual transport succeeded, but append to standard sent folder failed.

MWB-892 Different words in OX for the same - Beschreibung, Notiz., Anmerkung

Inconsistent translation of ‘notes’.This has been fixed by adjusting translations.

MWB-888 Increased load since 7.10.3

Too many occurrences of low-level HTTP end-point pools for initialized Sproxyd clients.This has been fixed by adding cache for low-level Sproxyd HTTP end-point pools.

DOCS-3248 Automatic color in shape shows black, then reverts to white after save

The filter cannot evaluate type ‘auto’ for text colors in shapes (Presentation and Spreadsheet, ooxml).Solution: Instead of sending ‘auto’ when the user selects ‘Auto’ as a text color, the best text color is evaluated corresponding to the shape background. This calculated color is sent to the filter.

DOCS-3239 Presentation Template - Scroll issues

When an image is inserted via the buttons in template drawings, the mousedown happens on the content root node, but the mouseup does not. But these events are registered for an optional scrolling. Therefore the scroll position was not correctly adapted when the user changes the slide using the slide pane and does not click at least once into the document after inserting the image.This has been solved by checking the target nodes for mouse down and mouse up events that are required for scrolling.

DOCS-3237 Cell content does not get saved when using ‘save as’ if cell is still “open”

Document was not flushed before the copy was created in Drive. Flushing causes to save all pending changes which, in Spreadsheet, includes to commit the cell edit mode.Solution: Flush document before starting to copy the file in Drive for user actions “Save As” and “Save As Template”.

DOCS-3222 Default templates have wrong review language in places

Templates contained more than 5 different languages on XML level.This has been fixed on XML level, replaced all (western) lang attrs to be only en-US for EN templates, de-DE for DE templates.

Patch Release 5961 (2021-03-02)

Shipped Components and Versions

Fixed Bugs

OXUIB-677 Mail folder not visible after creation

Event listerners were still listening on an old collection.This has been fixed by adjusting event listeners after folder rename.

OXUIB-661 Popup / popout mail view nearly impossible from list-view

Single and double clicks on the same element were competing and leaded to inconsistent behavior.This has been fixed by treating double clicks as single clicks on list elements in list layouts.

OXUIB-609 “Remove photo” button greyed out after image resolution is too high

Buttons were not enabled after dialog gets idle.This has been solved by setting dialog to idle also when cropped image can’t be loaded.

OXUIB-536 Signatures not above quoted text on forwarded mail

Was caused by forwardUnquoted not recognized by plaintext editor.This has been solved by adding forwardUnquoted detection for plaintext editor.

OXUIB-514 Attachments deleted from draft return after saving draft

Draft was saved before all delete requests were processed.This has been solved by waiting for all delete requests to be resolved, also if draft gets deleted.

MWB-930 Appointment invitation: .ics file gets saved as .dat file in drive

Different generation of fallback attachment filename extension.This has been solved by using the common method to yield fall-back name with a reasonable file extension.

MWB-928 CompositionSpaceCleanUpTask seems to trigger UpdateTasks on all schemas after 7.10.4 upgrade automatically

Unexpected trigger of update task for a schema that is currently checked for possible expired composition spaces.Skip clean-up of expired composition spaces for those schemas that are currently updated or need an update to solve this.

MWB-924 Wrong encoding in plain-text sharing-mail-body using umlauts in display name

Sender’s full name for introduction in drive mail notifications escaped twice.This has been fixed by escaping sender’s full name for introduction in drive mail notifications only once.

MWB-919 Not possible to add Yahoo address books

The callback URL was not constructed properly.This has been fixed by constructing the callback URL properly.

MWB-910 “restricted” session parameter not distributed in session storage

Restricted scopes session parameter were incompatible with portable serialization.This has been solved by using comma-separated string for restricted scopes session parameter.

MWB-903 One user can create stack traces to JE >36.000 lines

Equal exceptions chained multiple times.This has been solved by avoiding chaining equal exceptions multiple times.

MWB-891 An error occurred: HTTP/1.1 423 Locked

Possible concurrent modification of storage objects is quitted with “HTTP/1.1 423 Locked” status response leading to abortion of request processing.This has been fixed by introducing retry mechanism with exponential back-off in case Sproxyd service quits request with “HTTP/1.1 423 Locked”.

MWB-868 Dataexport fails with “No such file or directory” error message

Intermediate clean-up task unexpectedly dropped file storage resources.This has been solved by not running clean-up task when there are currently running data export tasks.

Release 7.10.5 (2021-02-10)

Shipped Components and Versions

Fixed Vulnerabilities

OXUIB-645 CVE-2021-26698

CVSS:3.1

OXUIB-509 CVE-2020-28945

CVSS:3.1

OXUIB-421 CVE-2020-24701

CVSS: 3.1

OXUIB-412 CVE-2020-24701

CVSS: 3.1

OXUIB-411 CVE-2020-24701

CVSS: 3.1

MWB-839 CVE-2021-26698

CVSS:3.1

Fixed Bugs

OXUIB-647 Problem on read receipt: bad sender mail address

Primary address was used in all cases.This has been fixed by adding recipient parameter when calling api.ack and in case mail was send to alias address also this one is used for ack.

OXUIB-627 Appointments jump to current week on click

The short drag started the drag and drop mechanism of the appointment. Usually, this will not be a problem, but if the appointment is not within the displayed timeframe, the drag and drop mechanism does not work.This has been solved by disabling drag and drop for appointments, that are not within the visible timeframe.

OXUIB-610 User feedback time controlled option not documented

Documentation simply was not added during development.Add documentation from feature description to technical docs.

OXUIB-602 Missing contact image in desktop notifications

With WebSockets disabled, desktop notifications for mail didn’t fetched a contact image.This has been solved by refactoring mail desktop notifications to use the same message style as with WebSockets enabled.

OXUIB-591 Reminders for past appointments works not correct

Heading ‘Reminder’ was still visible on the settings pane when showPastReminders was set to protected.Do not render heading when setting is protected.

OXUIB-584 Theme is translated as Design in pane.js

Theme has been translated with Design and Design has also been translated with Design.This has been solved by changing the translation of Theme from Design to Theme.

OXUIB-573 Attach vCard to an email - no checkmark in dropdown shown

Was caused by missing listener to detect, whether the vcard is attached or not.This has been fixed by introducing missing listeners.

OXUIB-561 External Storage account cannot be added immediately after it got deleted

This was caused by a missing trigger and listener for reset events.This has been solved by adding missing trigger and listener for reset events.

OXUIB-556 No refresh on account recovery options

Settings pane for account was not updated when recovering passwords.This has been fixed by adding listener to refresh and update the account settings pane.

OXUIB-549 Recurring appointment removal and portal widget aligment

Due to incorrectly linked events, the portal widget does not always detect when events are changed.The incorrectly linked events were adjusted accordingly to solve this issue.

OXUIB-541 Login page cut off on small screens

The header and footer were absolute positioned, which doesn’t look nice with a flex layout.This has been fixed by refactoring markup to use flex layout as it is intended.

OXUIB-536 Signatures not above quoted text on forwarded mail

ForwardUnquoted was not recognized by plaintext editor.This has been solved by adding forwardUnquoted detection for plaintext editor.

OXUIB-535 Print view for imported entries does not adjust calendar dates by Time Zone

No conversion to default time zone when printing in month and week view.This has been fixed by adding time zone conversion.

OXUIB-529 No refresh of account warning after recovery

UI was not updated after recovering accounts.This has been fixed by triggering an UI update, when accounts are recovered.

OXUIB-523 Error from accounts APIs prevent UI login

Due to an unhandled error the login could be prevented.Now the error is intercepted so that the login is not aborted.

OXUIB-515 Unable to Create Filter Rule using a Condition

Wrong timezone was selected when parsing date input.This has been solved by using default timezone when parsing the date input.

OXUIB-485 Context menu on folders are missing ‘delete all messages’ after marking/unmarking spam

When spam folder is empty and you move a mail to it (via “mark as spam”) folder count was still 0.This has been solved by adding a refresh of the folder.

OXUIB-472 Format-Error for some RSS Feeds on Portal page

Feed sometimes wrongly uses numeric character reference instead of char.This has been solved by adding a rule to replace those occurrences with simple quotes.

OXUIB-467 Mail print: recent chrome browsers do split small mail in multiple pages

Was caused by custom print rule of individual mail applies.This has been fixed by overwriting css page property.

OXUIB-463 Signature selector in compose window not scrolling

The dropdown overlaped the viewport.Now, when overlap is detected make dropdown scrollable.

OXUIB-444 Address book: the number of contacts is wrong

In some cases not the “total” value of a folder was used for display but a calculation. If the setting “com.openexchange.showAdmin” is set to false the displayed value differs from the actual number.If the folder supports the “total” value this value will be used now. If the setting “com.openexchange.showAdmin” is set to false, the displayed value is calculated accordingly.

OXUIB-416 Import of calendar leads to massive thread spike and timeout

Was caused by post-processing after calendar import is triggered per event group.This has been solved by importing post-process results in single task, enqueue long running import jobs.

OXUIB-404 Incomplete attachment dropdown in the contact detail view

CSS rule for overflow was overruled.This has been solved by improving selector so overflow rule is active again.

OXUIB-394 Unable to Copy/Paste in Compose Window

tinymce adjusts height of node flexible and “starts” with a single line.Add a dynamic min-height as it is already set for iframe container.

OXUIB-393 View Source starts at the bottom

Firefox has od focus behavior, scrolls to bottom on focus, and ignores scroll top function.This has been solved by deferring scroll top to fix firefox focus bug.

OXUIB-177 Toggling editor mode appends signature instead of replacing it

The signature content was not correctly recognized when switching from plain text to html editor.This has been solved by removing signature on editor toggle and append it again afterward.

MWB-915 CardDAV: contacts gets removed from server by disabling / enabling contacts (sub)folders for DAV Sync

macOS client sends unconditional DELETE for no longer listed vCard resources after list of synchronized folders changes.Use variable path to special aggregated collection with different modes for macOS clients and introduced new modes for folders in aggregated collection.

MWB-833 CardDAV: subscribe / unsubscribe CardDAV folders has no effect on macOS address book

A modified “subscribed” or “usedforsync” status in one of the underlying folders is not recognized during the incremental synchronization of the aggregated collection in CardDAV.This has been fixed by including folder state in sync-token of aggregated collection for CardDAV.

MWB-818 DAV ETags missing quotes?

ETag and Schedule-Tag header values not submitted as quoted string.Submit ETag and Schedule-Tag header values as quoted string.

MWB-806 DAV fails on passwords with trailing space

Decoded strings from basic authentication header were trimmed.Don’t trim decoded strings from basic authentication header.

MWB-805 WebEX invitations are displaying the incorrect timezone

Unknown timezone in invitation not interpreted correctly.More sophisticated comparison of parsed timezone observances during import.

MWB-799 Optimize FolderMapManagement cache

Inefficient max. size restriction of in-memory folder cache.This has been solved by using the SessionD events when the short term sessions are removed and use the Guava cache’s expireAfterAccess method with a decent max time that should only remove stale entries.

MWB-792 New feature ‘File backup’ is not working

One optimisation was done: Resume reading an S3 object’s content when HTTP connection gets unexpectedly closed due to premature EOF (actually read bytes do not match advertised content length)

MWB-768 Imported vcard shows mail address twice in contact

Several fallback machnisms led to duplicate entries.This was fixed by avoiding to import an already existing email.

MWB-762 Failed to delete (aborted or) completed data export tasks

Deletion of data export task fails due to missing/absent user/context entities when querying appropriate schema reference for a user to operate on correct database.This has been solved by making config-cascade robust towards missing/absent user/context entity.

MWB-751 Department field in contact is set to NULL if left empty

The company and department fields were not checked if they were set in the actual contact object.This has been solved by checking if the company and department are set in the actual contact before adding them to the vcard file.

MWB-705 Special characters in folder names on external webDAV folders lead to errors

Decoding with URLDecoder caused the plus sign to be converted into a space character.This has been solved by fixing the URI decoding.

MWB-694 AppSuite Webmail Safari Error

Null check for relay state was not sufficient.This has been solved by properly checking for empty relay state.

MWB-689 Address book: the number of contacts is wrong

In case com.openexchange.showAdmin was set to false the check for contact count was wrong.

MWB-653 Error while editing added mail account - Please enter the following data: primary_address

Primary address was unnecessary checked.Don’t require primary address when checking mail account connectivity to solve this issue.

MWB-652 Hazelcast : Could not create Portable for class-id: 103

Likely a database error happens when trying to create or modify an appointment, but unfortunately the clean-up code itself raises an error that overlays the original one. Thus it is not possible to see the database error causing the failing create/update.Don’t overlay possible exceptions when performing clean-up stuff. The associated change cannot be considered as a fix for this issue. However, it is necessary to detect what is really going wrong when attempting to create or modify an appointment.

MWB-633 “Send a Read Receipt” button shown in sent mail

Address to notify not checked if covered by user’s aliases. if so, not notification should be sent.Do not advertise “disp_notification_to” field in a mail’s JSON representation if address to notify is covered by user’s aliases to solve this issue.

MWB-632 Code:202 Message:primaryMail, Email1 and defaultSenderAddress must be present in set of aliases

Case-sensitive check if provided E-Mail addresses are contained in set of user aliases.This has been solved by ignore-case checking if provided E-Mail addresses are contained in set of user aliases.

MWB-614 Listquota: Could not find or load main class

Was caused by wrong package name.This has been solved by using correct package name.

MWB-594 ChangePasswordExternal fails with “Error occurred within server..” if set to 1, 4 or 5

Standard display message advertised to client in case error “PSW-0001” (“Cannot change password…”) occurs when user’s attempts to change his/her password.This has been solved by adding better understandable display message when error code “PSW-0001” (“Cannot change password…”) is advertised by Open-Xchange Middleware.

MWB-568 Middleware on provisioning node runs into max-open-files

This is caused by hundreds of reload configuration calls with each one triggering an appsuite history check.Fixed by never perform history checks in parallel.

MWB-562 Creation date is calculated including the timezone offset for uploaded images

Some images doesn’t contain a timezone in addition to the capture date. In those cases the library which extracts the capture date uses the GMT timezone as a fallback in case the timezone information is missing in the exif data.This has been solved by using the user’s timezone as a fallback for the capture date instead. Please be aware that this is still not a perfect solution for this problem. For example it depends on the timezone configuration of the appsuite when the image has been uploaded. So for example in case the timezone between the camera and the appsuite is different this leads to similar problems. Or in case the timezone of the appsuite is changed then images uploaded before and after the change have a different offset. Also this fix only applies to newly uploaded files. Existing files are still going to show the capture date based on the previous calculation which used the GMT timezone.

MWB-542 java.util.regex. Pattern very long log entries

Excessively long-running operation to look-up a subsequence/pattern in HTML content.This has been solved by adding conditions for early abort and ultimately shield from too excessive matcher execution.

MWB-501 Some mails with attachments not indicated as such

Slightly different attachment check for get and all requests. In case the content-disposition header is missing the get request in contrast to the all request considers the name attribute of the content-type header to identify attachments.This has been solved by considering the name attribute during all requests as well.

MWB-489 Calendar update failed when running runallupdate

Update task accidentally removed when updating update task framework, although it was used as dependency for other tasks.This has been fixed by restoring removed update task.

MWB-459 Appsuite adds additional PREF field to vcard export

“pref” parameter is used by the server to differentiate between multiple numbers of the same type, while the client only recognized one “pref”, as general preference.This has been fixed by only adding “pref” parameter when exporting TEL properties if required. Note that this is only a mitigation, e.g. when there are multiple “cell” or “home” numbers, the “pref” parameter will still be set.

MWB-457 Sort mail by “unread” is descending by default

Back when the sorting order was changed to descending one case was not adjusted.This has been fixed by using desc sorting order when not using imap search.

MWB-346 CardDAV: deletion of a contact does not sync for contacts which were created on an iOS device

The client creates contacts in folder 6 (which is not allowed), so the server stores it in the user’s default contact folder implicitly. After a deletion of this contact in the web interface, this is only indicated for this folder, so that the client assumes that the contact in folder 6 is still there.Re-route newly created contacts to default and fake deletion in targeted collection.

DOCS-3011 Support for pasting ‘user@abc’ after the @ to trigger a mention has been added.

Combining text nodes after pasting, so that the email-detection process finds the pasted email-addresse

DOCS-2921 comment Anchor does not work / function unclear

In the specified environment, the comment ID was transferred to OX Presentation, but it was not found in the parameters of the application launcher. ‘Go to comment’ in notification mails is working now in SingleTab environment

DOCS-2884 Avoiding that topbar becomes invisible after loading one of the portals of OX Documents

z-index of the topbar was set to 2 because IE 11.

DOCS-2854 GENERAL_NODE_IN_MAINTENANCE_MODE_ERROR after update

OX Documents monitors the life-cylce and online state of all Appsuite OX Documents nodes. Handling of lost Hazelcast nodes works as expected, but there a some more situations where we see the described behavior. The OX Documents monitor implementation now checks the lifecycle events from Hazelcast more carefully and detects that a merge has been done. This is handled and internal classes are re-initialized to work with the new Hazelcast uuid (especially the JMS queue names are derived from it).

DOCS-2822 truncated title due to window size

Shorten title in German, check other languages if they are affected, too.

DOCS-2691 Duplicate entries in a document collaborators list

When we receive a jms message we check if all header keys are valid. If it is not the case we will stop processing the message. We change the behaviour in case there is an invalid header in the jms message. We lock this event, but we do not stop processing of this message.

DOCS-2619 PDFTool does not return at all with some rare, yet unknown PDF documents.

A maximum runtime needs to be introduced for each call to the PDFTool (similar to watchdog for RE processes), returning an error after the configured jobExecution timeout time and responding to the appropriate request in time.

DOCS-2540 The disable check for the ‘create folder’ button was not working correctly, therefore it displayed the enabled button for cases were it’s not possible. When creating a folder in these not working cases, the error occurred.

Fixed the enable/disable state of the ‘create folder’ button. Therefore, the button is not clickable in wrong cases, the error can’t happen anymore.

DOCS-2526 The start/stop scripts have been adjusted

Be more verbose on errors, kill the pid-file.

DOCS-2330 Reduced the 3 jms messages to one jms message.

When we must do a close hard for a document we send 3 jms messages. If one message got lost we would have a problem.