Aggregated bug-fixes for 7.10.5

Last Update: 2021-05-07

Patch Release 5989 (2021-05-03)

Shipped Components and Versions

Fixed Bugs

MWB-1040 Calendar does not return conflict warning

Iteration of checked event series begins too late.This has been solved by considering duration when initialize recurrence iterator for conflicting series events in checked period.

MWB-1011 Smtp login-rejects (wrong password and similar) are not logged at all

Missing log message for failed authentication attempts against primary mail/transport server.This has been solved by adding logging failed authentication attempts against primary mail/transport server.

MWB-1000 DefaultSenderAddress not used when compose new mail

From address determined by examining user’s primary mail account data.Solution: Orderly pre-select user’s default send address when composing new mails.

Patch Release 5982 (2021-04-19)

Shipped Components and Versions

Fixed Bugs

OXUIB-776 Encoded line break doesn’t work in mailto link

Missing convert of ‘\n’ to ‘br‘ when html is preferred mode for mails.This has been solved by adding missing convert of ‘\n’ to ‘br‘.

OXUIB-694 Mail cut off without warning

Button was drawn but not visible.This has been fixed by triggering ‘complete’ to adjust height again.

MWB-999 “All Day” appointment display problem after adding iCal by URL

Wrong data from external calendar source taken over as-is.This has been fixed by adjusting bogus all-day dates prior to storing event data from subscriptions.

MWB-1029 Autodiscover needs a lot of time

Too low settings for HTTP connection pools for both - auto-config server and ISPDB end-point.This has been solved by increasing settings for HTTP connection pool of both - auto-config server and ISPDB end-point - while lowering values for read and connect timeout.

MWB-1023 Connect your device SMTP Settings

SMTP host information advertised as “None” in case SMTP authentication is disabled through configuration.Now do not advertise SMTP host information as “None” in case SMTP authentication is disabled through configuration.

MWB-1017 String index out of range: -1 for error when scrolling in inbox

Possible java.lang.StringIndexOutOfBoundsException when trying to decode subject string obtained from ENVELOPE fetch item.Fixed possible java.lang.StringIndexOutOfBoundsException when trying to decode subject string obtained from ENVELOPE fetch item.

MWB-1014 UI Error When Birthdays Disabled

No fallback access used when collecting pending alarm triggers from disabled accounts.This has been solved by using fallback access when collecting pending alarm triggers from disabled accounts.

MWB-1007 GDPR Exports in state “Pending”

Lock entry not cleansed from database in case temporary database outage/inaccessibility occurs.This has been solved by enhancing acquired lock by a time stamp that gets periodically touched (every minute). Consider lock as expired if not touch for more than 5 minutes.

Patch Release 5976 (2021-03-29)

Shipped Components and Versions

Fixed Bugs

OXUIB-769 Link in text mails with ] at the end

“[ ]” were not part of suffix characters we use in our regex to detect the end of links, similar to “, . ?” etc.This has been fixed by adding “[ ]” to possible suffix characters.

OXUIB-749 Drive guided tour pauses if sharing is disabled

Capabilities were not used correctly, selectors were no longer valid and tour accidentally opened the chat app.This has been solved by adjusting selectors and capabilities and no longer open the chat app.

OXUIB-741 Wrong date in filter rule, previous day

The local time zone was used to render the timestamp in the filter rule.This has been solved by now using UTC for rendering.

OXUIB-739 Week forward button “>” does not do anything when language is dutch, view is werkweek and weekstart is zondag

Wrong selection of day with certain (work)week settings.This has been fixed by removing basic setting dependent .startOf(‘week’) and replace with startOf(‘isoWeek’) in addition to a small adjustment for choosing the correct day.

OXUIB-688 Sender name not updated in webmail

Settings were not updated and may contain old account name.This has been solved by updating settings correctly.

MWB-994 Inline forwarding of a particular mail results in ‘Missing argument com.openexchange.mail.conversion.fullname’

A broken image link leads to failure of send/transport attempt.Solution: Don’t let failed image URI resolution prevent from sending a mail.

MWB-987 Suggestions for change: cleanup tasks are started on all nodes of a cluster, but only one is effectively running, “list” tool removes data

Existent data export tasks silently deleted if associated user/context do no more exist.This has been fixed by not deleting such “orphaned” data export tasks when invoking listdataexports command-line tool.

MWB-688 English error description popup - rest of the UI is set to german

A translation from a previous bugfix was missing.This has been solved by adding the missing translation.

Patch Release 5973 (2021-03-15)

Shipped Components and Versions

Fixed Vulnerabilities

DOCS-3201 CVE-2021-28095


DOCS-3200 CVE-2021-28094


DOCS-3199 CVE-2021-28093


Fixed Bugs

OXUIB-726 Distribution list entries wrong after editing the list

A combination of changes and streamlining caused loss of firstname and lastname, company was used as fallback.This has been solved by adding available data were possible so company name is not used as fallback, prefer display name over company name for external participants.

MWB-967 Higher load on parsing sent email

Was caused by possible long-running Matcher.find() invocation.This has been fixed by adding fast plausibility check & introduced a timeout-aware matcher alternative that respects a passed timeout whenever matching the input sequence or finding a certain sub-sequence is requested to avoid possibly long-running matcher invocations.

MWB-958 Not possible to change directly case of context name with changecontext

Context names are checked case-insensitive for equality when attempting to change a context’s name and thus changing to the same context name, but different cases were considered as a no-op.This has been solved by checking case-sensitive for equal context names when attempting to change a context’s name.

MWB-954 Wrong HTTP status code when If-None-Match header is set

No response status distinction for read-only operations in If-None-Match/If-Match checks.This has been solved by using HTTP 304 response during If-Match/If-None-Match checks for GET and HEAD.

MWB-951 Share is not created if mailbox is overquota

Missing special handling for error codes that advertise actual transport succeeded, but append to standard sent folder failed.This has been fixed by adding special handling for error codes that advertise actual transport succeeded, but append to standard sent folder failed.

MWB-892 Different words in OX for the same - Beschreibung, Notiz., Anmerkung

Inconsistent translation of ‘notes’.This has been fixed by adjusting translations.

MWB-888 Increased load since 7.10.3

Too many occurrences of low-level HTTP end-point pools for initialized Sproxyd clients.This has been fixed by adding cache for low-level Sproxyd HTTP end-point pools.

DOCS-3248 Automatic color in shape shows black, then reverts to white after save

The filter cannot evaluate type ‘auto’ for text colors in shapes (Presentation and Spreadsheet, ooxml).Solution: Instead of sending ‘auto’ when the user selects ‘Auto’ as a text color, the best text color is evaluated corresponding to the shape background. This calculated color is sent to the filter.

DOCS-3239 Presentation Template - Scroll issues

When an image is inserted via the buttons in template drawings, the mousedown happens on the content root node, but the mouseup does not. But these events are registered for an optional scrolling. Therefore the scroll position was not correctly adapted when the user changes the slide using the slide pane and does not click at least once into the document after inserting the image.This has been solved by checking the target nodes for mouse down and mouse up events that are required for scrolling.

DOCS-3237 Cell content does not get saved when using ‘save as’ if cell is still “open”

Document was not flushed before the copy was created in Drive. Flushing causes to save all pending changes which, in Spreadsheet, includes to commit the cell edit mode.Solution: Flush document before starting to copy the file in Drive for user actions “Save As” and “Save As Template”.

DOCS-3222 Default templates have wrong review language in places

Templates contained more than 5 different languages on XML level.This has been fixed on XML level, replaced all (western) lang attrs to be only en-US for EN templates, de-DE for DE templates.

Patch Release 5961 (2021-03-02)

Shipped Components and Versions

Fixed Bugs

OXUIB-677 Mail folder not visible after creation

Event listerners were still listening on an old collection.This has been fixed by adjusting event listeners after folder rename.

OXUIB-661 Popup / popout mail view nearly impossible from list-view

Single and double clicks on the same element were competing and leaded to inconsistent behavior.This has been fixed by treating double clicks as single clicks on list elements in list layouts.

OXUIB-609 “Remove photo” button greyed out after image resolution is too high

Buttons were not enabled after dialog gets idle.This has been solved by setting dialog to idle also when cropped image can’t be loaded.

OXUIB-536 Signatures not above quoted text on forwarded mail

Was caused by forwardUnquoted not recognized by plaintext editor.This has been solved by adding forwardUnquoted detection for plaintext editor.

OXUIB-514 Attachments deleted from draft return after saving draft

Draft was saved before all delete requests were processed.This has been solved by waiting for all delete requests to be resolved, also if draft gets deleted.

MWB-930 Appointment invitation: .ics file gets saved as .dat file in drive

Different generation of fallback attachment filename extension.This has been solved by using the common method to yield fall-back name with a reasonable file extension.

MWB-928 CompositionSpaceCleanUpTask seems to trigger UpdateTasks on all schemas after 7.10.4 upgrade automatically

Unexpected trigger of update task for a schema that is currently checked for possible expired composition spaces.Skip clean-up of expired composition spaces for those schemas that are currently updated or need an update to solve this.

MWB-924 Wrong encoding in plain-text sharing-mail-body using umlauts in display name

Sender’s full name for introduction in drive mail notifications escaped twice.This has been fixed by escaping sender’s full name for introduction in drive mail notifications only once.

MWB-919 Not possible to add Yahoo address books

The callback URL was not constructed properly.This has been fixed by constructing the callback URL properly.

MWB-910 “restricted” session parameter not distributed in session storage

Restricted scopes session parameter were incompatible with portable serialization.This has been solved by using comma-separated string for restricted scopes session parameter.

MWB-903 One user can create stack traces to JE >36.000 lines

Equal exceptions chained multiple times.This has been solved by avoiding chaining equal exceptions multiple times.

MWB-891 An error occurred: HTTP/1.1 423 Locked

Possible concurrent modification of storage objects is quitted with “HTTP/1.1 423 Locked” status response leading to abortion of request processing.This has been fixed by introducing retry mechanism with exponential back-off in case Sproxyd service quits request with “HTTP/1.1 423 Locked”.

MWB-868 Dataexport fails with “No such file or directory” error message

Intermediate clean-up task unexpectedly dropped file storage resources.This has been solved by not running clean-up task when there are currently running data export tasks.

Release 7.10.5 (2021-02-10)

Shipped Components and Versions

Fixed Vulnerabilities

OXUIB-645 CVE-2021-26698


OXUIB-509 CVE-2020-28945


OXUIB-421 CVE-2020-24701

CVSS: 3.1

OXUIB-412 CVE-2020-24701

CVSS: 3.1

OXUIB-411 CVE-2020-24701

CVSS: 3.1

MWB-839 CVE-2021-26698


Fixed Bugs

OXUIB-647 Problem on read receipt: bad sender mail address

Primary address was used in all cases.This has been fixed by adding recipient parameter when calling api.ack and in case mail was send to alias address also this one is used for ack.

OXUIB-627 Appointments jump to current week on click

The short drag started the drag and drop mechanism of the appointment. Usually, this will not be a problem, but if the appointment is not within the displayed timeframe, the drag and drop mechanism does not work.This has been solved by disabling drag and drop for appointments, that are not within the visible timeframe.

OXUIB-610 User feedback time controlled option not documented

Documentation simply was not added during development.Add documentation from feature description to technical docs.

OXUIB-602 Missing contact image in desktop notifications

With WebSockets disabled, desktop notifications for mail didn’t fetched a contact image.This has been solved by refactoring mail desktop notifications to use the same message style as with WebSockets enabled.

OXUIB-591 Reminders for past appointments works not correct

Heading ‘Reminder’ was still visible on the settings pane when showPastReminders was set to protected.Do not render heading when setting is protected.

OXUIB-584 Theme is translated as Design in pane.js

Theme has been translated with Design and Design has also been translated with Design.This has been solved by changing the translation of Theme from Design to Theme.

OXUIB-573 Attach vCard to an email - no checkmark in dropdown shown

Was caused by missing listener to detect, whether the vcard is attached or not.This has been fixed by introducing missing listeners.

OXUIB-561 External Storage account cannot be added immediately after it got deleted

This was caused by a missing trigger and listener for reset events.This has been solved by adding missing trigger and listener for reset events.

OXUIB-556 No refresh on account recovery options

Settings pane for account was not updated when recovering passwords.This has been fixed by adding listener to refresh and update the account settings pane.

OXUIB-549 Recurring appointment removal and portal widget aligment

Due to incorrectly linked events, the portal widget does not always detect when events are changed.The incorrectly linked events were adjusted accordingly to solve this issue.

OXUIB-541 Login page cut off on small screens

The header and footer were absolute positioned, which doesn’t look nice with a flex layout.This has been fixed by refactoring markup to use flex layout as it is intended.

OXUIB-536 Signatures not above quoted text on forwarded mail

ForwardUnquoted was not recognized by plaintext editor.This has been solved by adding forwardUnquoted detection for plaintext editor.

OXUIB-535 Print view for imported entries does not adjust calendar dates by Time Zone

No conversion to default time zone when printing in month and week view.This has been fixed by adding time zone conversion.

OXUIB-529 No refresh of account warning after recovery

UI was not updated after recovering accounts.This has been fixed by triggering an UI update, when accounts are recovered.

OXUIB-523 Error from accounts APIs prevent UI login

Due to an unhandled error the login could be prevented.Now the error is intercepted so that the login is not aborted.

OXUIB-515 Unable to Create Filter Rule using a Condition

Wrong timezone was selected when parsing date input.This has been solved by using default timezone when parsing the date input.

OXUIB-485 Context menu on folders are missing ‘delete all messages’ after marking/unmarking spam

When spam folder is empty and you move a mail to it (via “mark as spam”) folder count was still 0.This has been solved by adding a refresh of the folder.

OXUIB-472 Format-Error for some RSS Feeds on Portal page

Feed sometimes wrongly uses numeric character reference instead of char.This has been solved by adding a rule to replace those occurrences with simple quotes.

OXUIB-467 Mail print: recent chrome browsers do split small mail in multiple pages

Was caused by custom print rule of individual mail applies.This has been fixed by overwriting css page property.

OXUIB-463 Signature selector in compose window not scrolling

The dropdown overlaped the viewport.Now, when overlap is detected make dropdown scrollable.

OXUIB-444 Address book: the number of contacts is wrong

In some cases not the “total” value of a folder was used for display but a calculation. If the setting “com.openexchange.showAdmin” is set to false the displayed value differs from the actual number.If the folder supports the “total” value this value will be used now. If the setting “com.openexchange.showAdmin” is set to false, the displayed value is calculated accordingly.

OXUIB-416 Import of calendar leads to massive thread spike and timeout

Was caused by post-processing after calendar import is triggered per event group.This has been solved by importing post-process results in single task, enqueue long running import jobs.

OXUIB-404 Incomplete attachment dropdown in the contact detail view

CSS rule for overflow was overruled.This has been solved by improving selector so overflow rule is active again.

OXUIB-394 Unable to Copy/Paste in Compose Window

tinymce adjusts height of node flexible and “starts” with a single line.Add a dynamic min-height as it is already set for iframe container.

OXUIB-393 View Source starts at the bottom

Firefox has od focus behavior, scrolls to bottom on focus, and ignores scroll top function.This has been solved by deferring scroll top to fix firefox focus bug.

OXUIB-177 Toggling editor mode appends signature instead of replacing it

The signature content was not correctly recognized when switching from plain text to html editor.This has been solved by removing signature on editor toggle and append it again afterward.

MWB-915 CardDAV: contacts gets removed from server by disabling / enabling contacts (sub)folders for DAV Sync

macOS client sends unconditional DELETE for no longer listed vCard resources after list of synchronized folders changes.Use variable path to special aggregated collection with different modes for macOS clients and introduced new modes for folders in aggregated collection.

MWB-833 CardDAV: subscribe / unsubscribe CardDAV folders has no effect on macOS address book

A modified “subscribed” or “usedforsync” status in one of the underlying folders is not recognized during the incremental synchronization of the aggregated collection in CardDAV.This has been fixed by including folder state in sync-token of aggregated collection for CardDAV.

MWB-818 DAV ETags missing quotes?

ETag and Schedule-Tag header values not submitted as quoted string.Submit ETag and Schedule-Tag header values as quoted string.

MWB-806 DAV fails on passwords with trailing space

Decoded strings from basic authentication header were trimmed.Don’t trim decoded strings from basic authentication header.

MWB-805 WebEX invitations are displaying the incorrect timezone

Unknown timezone in invitation not interpreted correctly.More sophisticated comparison of parsed timezone observances during import.

MWB-799 Optimize FolderMapManagement cache

Inefficient max. size restriction of in-memory folder cache.This has been solved by using the SessionD events when the short term sessions are removed and use the Guava cache’s expireAfterAccess method with a decent max time that should only remove stale entries.

MWB-792 New feature ‘File backup’ is not working

One optimisation was done: Resume reading an S3 object’s content when HTTP connection gets unexpectedly closed due to premature EOF (actually read bytes do not match advertised content length)

MWB-768 Imported vcard shows mail address twice in contact

Several fallback machnisms led to duplicate entries.This was fixed by avoiding to import an already existing email.

MWB-762 Failed to delete (aborted or) completed data export tasks

Deletion of data export task fails due to missing/absent user/context entities when querying appropriate schema reference for a user to operate on correct database.This has been solved by making config-cascade robust towards missing/absent user/context entity.

MWB-751 Department field in contact is set to NULL if left empty

The company and department fields were not checked if they were set in the actual contact object.This has been solved by checking if the company and department are set in the actual contact before adding them to the vcard file.

MWB-705 Special characters in folder names on external webDAV folders lead to errors

Decoding with URLDecoder caused the plus sign to be converted into a space character.This has been solved by fixing the URI decoding.

MWB-694 AppSuite Webmail Safari Error

Null check for relay state was not sufficient.This has been solved by properly checking for empty relay state.

MWB-689 Address book: the number of contacts is wrong

In case com.openexchange.showAdmin was set to false the check for contact count was wrong.

MWB-653 Error while editing added mail account - Please enter the following data: primary_address

Primary address was unnecessary checked.Don’t require primary address when checking mail account connectivity to solve this issue.

MWB-652 Hazelcast : Could not create Portable for class-id: 103

Likely a database error happens when trying to create or modify an appointment, but unfortunately the clean-up code itself raises an error that overlays the original one. Thus it is not possible to see the database error causing the failing create/update.Don’t overlay possible exceptions when performing clean-up stuff. The associated change cannot be considered as a fix for this issue. However, it is necessary to detect what is really going wrong when attempting to create or modify an appointment.

MWB-633 “Send a Read Receipt” button shown in sent mail

Address to notify not checked if covered by user’s aliases. if so, not notification should be sent.Do not advertise “disp_notification_to” field in a mail’s JSON representation if address to notify is covered by user’s aliases to solve this issue.

MWB-632 Code:202 Message:primaryMail, Email1 and defaultSenderAddress must be present in set of aliases

Case-sensitive check if provided E-Mail addresses are contained in set of user aliases.This has been solved by ignore-case checking if provided E-Mail addresses are contained in set of user aliases.

MWB-614 Listquota: Could not find or load main class

Was caused by wrong package name.This has been solved by using correct package name.

MWB-594 ChangePasswordExternal fails with “Error occurred within server..” if set to 1, 4 or 5

Standard display message advertised to client in case error “PSW-0001” (“Cannot change password…”) occurs when user’s attempts to change his/her password.This has been solved by adding better understandable display message when error code “PSW-0001” (“Cannot change password…”) is advertised by Open-Xchange Middleware.

MWB-568 Middleware on provisioning node runs into max-open-files

This is caused by hundreds of reload configuration calls with each one triggering an appsuite history check.Fixed by never perform history checks in parallel.

MWB-562 Creation date is calculated including the timezone offset for uploaded images

Some images doesn’t contain a timezone in addition to the capture date. In those cases the library which extracts the capture date uses the GMT timezone as a fallback in case the timezone information is missing in the exif data.This has been solved by using the user’s timezone as a fallback for the capture date instead. Please be aware that this is still not a perfect solution for this problem. For example it depends on the timezone configuration of the appsuite when the image has been uploaded. So for example in case the timezone between the camera and the appsuite is different this leads to similar problems. Or in case the timezone of the appsuite is changed then images uploaded before and after the change have a different offset. Also this fix only applies to newly uploaded files. Existing files are still going to show the capture date based on the previous calculation which used the GMT timezone.

MWB-542 java.util.regex. Pattern very long log entries

Excessively long-running operation to look-up a subsequence/pattern in HTML content.This has been solved by adding conditions for early abort and ultimately shield from too excessive matcher execution.

MWB-501 Some mails with attachments not indicated as such

Slightly different attachment check for get and all requests. In case the content-disposition header is missing the get request in contrast to the all request considers the name attribute of the content-type header to identify attachments.This has been solved by considering the name attribute during all requests as well.

MWB-489 Calendar update failed when running runallupdate

Update task accidentally removed when updating update task framework, although it was used as dependency for other tasks.This has been fixed by restoring removed update task.

MWB-459 Appsuite adds additional PREF field to vcard export

“pref” parameter is used by the server to differentiate between multiple numbers of the same type, while the client only recognized one “pref”, as general preference.This has been fixed by only adding “pref” parameter when exporting TEL properties if required. Note that this is only a mitigation, e.g. when there are multiple “cell” or “home” numbers, the “pref” parameter will still be set.

MWB-457 Sort mail by “unread” is descending by default

Back when the sorting order was changed to descending one case was not adjusted.This has been fixed by using desc sorting order when not using imap search.

MWB-346 CardDAV: deletion of a contact does not sync for contacts which were created on an iOS device

The client creates contacts in folder 6 (which is not allowed), so the server stores it in the user’s default contact folder implicitly. After a deletion of this contact in the web interface, this is only indicated for this folder, so that the client assumes that the contact in folder 6 is still there.Re-route newly created contacts to default and fake deletion in targeted collection.

DOCS-3011 Support for pasting ‘user@abc’ after the @ to trigger a mention has been added.

Combining text nodes after pasting, so that the email-detection process finds the pasted email-addresse

DOCS-2921 comment Anchor does not work / function unclear

In the specified environment, the comment ID was transferred to OX Presentation, but it was not found in the parameters of the application launcher. ‘Go to comment’ in notification mails is working now in SingleTab environment

DOCS-2884 Avoiding that topbar becomes invisible after loading one of the portals of OX Documents

z-index of the topbar was set to 2 because IE 11.


OX Documents monitors the life-cylce and online state of all Appsuite OX Documents nodes. Handling of lost Hazelcast nodes works as expected, but there a some more situations where we see the described behavior. The OX Documents monitor implementation now checks the lifecycle events from Hazelcast more carefully and detects that a merge has been done. This is handled and internal classes are re-initialized to work with the new Hazelcast uuid (especially the JMS queue names are derived from it).

DOCS-2822 truncated title due to window size

Shorten title in German, check other languages if they are affected, too.

DOCS-2691 Duplicate entries in a document collaborators list

When we receive a jms message we check if all header keys are valid. If it is not the case we will stop processing the message. We change the behaviour in case there is an invalid header in the jms message. We lock this event, but we do not stop processing of this message.

DOCS-2619 PDFTool does not return at all with some rare, yet unknown PDF documents.

A maximum runtime needs to be introduced for each call to the PDFTool (similar to watchdog for RE processes), returning an error after the configured jobExecution timeout time and responding to the appropriate request in time.

DOCS-2540 The disable check for the ‘create folder’ button was not working correctly, therefore it displayed the enabled button for cases were it’s not possible. When creating a folder in these not working cases, the error occurred.

Fixed the enable/disable state of the ‘create folder’ button. Therefore, the button is not clickable in wrong cases, the error can’t happen anymore.

DOCS-2526 The start/stop scripts have been adjusted

Be more verbose on errors, kill the pid-file.

DOCS-2330 Reduced the 3 jms messages to one jms message.

When we must do a close hard for a document we send 3 jms messages. If one message got lost we would have a problem.