Aggregated bug-fixes for 7.8.4

Last Update: 2018-12-13

Patch Release 4973 (2018-11-12)

Shipped Components and Versions

Fixed Bugs

61348 Document Converter not working

This was caused by a package update inside the “com.openexchange.server” bundle.This has been solved by adding the missing bundle to document-converter’s launcher file, which is considered when building document-converter service.

Patch Release 4969 (2018-12-06)

Shipped Components and Versions

Fixed Bugs

253 New server key and new Push certificate

This driverestricted patch includes a new server key to enable fcm Push for Drive Android and a new iOS Push certificate.

Patch Release 4965 (2018-11-19)

Shipped Components and Versions

Fixed Vulnerabilities

60089 CVE-2018-18462

CVSS: 5.4

60088 CVE-2018-18462

CVSS: 5.3

60025 CVE-2018-18463

CVSS: 4.8

Fixed Bugs

61293 Moveuserfilestore inserts new entry in table filestore2user instead of updating the existing one

Wrong PRIMARY KEY specified for “filestore2user” table, which allows duplicate entries per user.This has been solved by avoiding duplicate entries in “filestore2user” table when moving user’s file storage.

61128 Address displayed on one line if Contact map service setting is “no link”

Css was broken.This has been solved by adjusting CSS to display the address in multiple lines.

60889 Provisioning calls do not always consider server name/ID when looking up contexts

Missed possibility to check if a context exists in a certain server.This has been solved by adding possibility to check a context’s existence in the scope of the registered server, in which the called provisioning node is running in. Thus the client is able to check before-hand, in which setup a context exists.

60455 Object doesn’t support property or method ‘from’ with mailto link with IE11

Code minifier broke the sanitizer plugin.This has been fixed by upgrading the code minifier to a newer version.

59528 MSG-0032 Categories=USER_INPUT Message=‘Mail could not be found’

It was not possible to display messages fetched from IMAP having a corrupt BODYSTRUCTURE information.More robust handling with IMAP messages having a corrupt BODYSTRUCTURE information solve this issue.

Patch Release 4932 (2018-11-05)

Shipped Components and Versions

Fixed Bugs

60939 OXEceptions related to USER_INPUT are logged but setting is suppresed

Orderly suppressing stack trace for OXExceptions with a category listed by “com.openexchange.log.suppressedCategories” property to solve this issue.

60909 com.openexchange.smtp.smtpLocalhost is by default null

Changed interpretation of the default value for “com.openexchange.smtp.smtpLocalhost” property.This has been solved by restoring proper interpretation of the default value for “com.openexchange.smtp.smtpLocalhost” property.

60874 OXUserServicePortType.change(Change ch) method is not backward compatible

Naming changed from “drive_folder_mode” to “drive_user_folder_mode”.Solution: Accept & output alternative “drive_folder_mode” element for passing “drive_user_folder_mode”

60828 Segmented updates doesn’t work with multiple domains

The feature has been designed to only serve one migrationRedirect URL.This has been solved by adding the possibility to configure the migrationRedirectURL on a per-host base via the as-config.yml

60826 Sharing is not fully capable to deal with “segmented updates”

The LOCATED_IN_ANOTHER_SERVER exception was not properly handled in the ShareServlet.This has been fixed by handling the exception properly, i.e. redirect the client to the appropriate node. Introduced a new migrationRedirectURL property for the ShareServlet to use in order to send a redirect to the correct node.

60698 Contact list selected, contacts get deselected when clicking on group header

No differentiation between keyboard “clicks” and touch/mouse “clicks”.Support autoselect only for keyboard navigation to solve this.

60457 Search intermittently displays no folder information with results

Increase robustness for mail by using loader information directly instead of a derived property value. Now the folder is always displayed in a search result.

59723 Message “Error Sequence number is outdated.” is not specific to end-users

Changed Error message to “This appointment already exists in your calendar.” and added translations.

Patch Release 4917 (2018-10-16)

Shipped Components and Versions

Fixed Bugs

60751 Firefox / IE / Edge on Windows: Mail App with Mail in INBOX blocks WebUI when opening Settings Burger Menu

Second body node in dom causes problems when used without iframe.Appsuite 7.8.4 has extended backend sanitizing, where body nodes are replaced with divs. With this, another body node to preserve inline styles is not needed.

60718 Strange error message when Quota is exceeded

Simplified the message. Message is not translated in every language yet.

60415 Context menu is not displayed for attachment

Race condition caused the ul element reference to be missing.This has been fixed by using a safer way to store the ul element reference.

60380 Address book sort order is different based on the number of contacts

Sortname was the same with multiple contacts, so no clear sorting order.This has been fixed by adding the first valid mail address as second sorting criteria, if sortnames are the same.

60277 Vcard gets attached multiple times

Wrong vCard file name representations are compared.This has been solved by checking proper vCard file name representations.

58895 Contacts with Email 2 field in distribution list do not populate

No filtering and yells for those emails.This has been solved by adding yells and filtering.

55887 Not able to pick 2nd or 3rd mail address via contact picker

Missing data about mail address field.Addressbook popup returns field-value is used to initialize participant model.

Patch Release 4896 (2018-10-01)

Shipped Components and Versions

Fixed Bugs

60274 Login - password length restricted to 100 characters (maxlength=“100”)

This has been solved by increasing MaxLength for passwortd.

60140 Mail content not displayed

Sanitizer removed attributes needed for mail styling.This has been solved by improving sanitizer so styles are preserved.

60013 Attachment actions not shown on certain mail

Content type with upper case letters do not pass the attachment check for inlineimages.Made content type check case-insensitve for inlineimages to solve this issue.

60011 Calendar Recurrence when selected with a specific End Date is displaying as Day-1 after saving

The date is stored in utc but was converted to a localized date by momentjs which could lead to a wrong date in some cases.This has been fixed by converting the rule to a date in utc time to prevent timezone offsets to display a different date.

59957 Mail selected after login, might not be visible to user

Selected mail not scrolled into view.Now scroll selected mail into view to have this mail displayed.

Patch Release 4881 (2018-09-17)

Shipped Components and Versions

Fixed Bugs

60212 [Backport] /ajax/folders?action=allVisible does not respect the“com.openexchange.mail.hidePOP3StorageFolders” setting

When an appsuite user has a POP3 secondary account and the “com.openexchange.mail.hidePOP3StorageFolders” setting is configured to true this setting was not respected and POP3 folders were returned as private folders of the primary account.

60104 [Backport] FCM Support

Migrated from the legacy GCM to the new FCM (Firebase Cloud Messaging) when sending push notifications to the OX Drive clients on Android.

60017 WebDAV upload overrides context quota and can thus fill up underlying filestore

Proper cleanup in case of runtime exceptions while writing to filestore.

Patch Release 4869 (2018-09-03)

Shipped Components and Versions

Fixed Bugs

60071 Cache CPU optimization

High CPU load and possible OOM due to overflowing of cache events.Mitigate CPU impact caused by cache events with a large list of keys to invalidate.

59914 Compromised Account Email Headers

App Suite UI passed wrong information to Open-Xchange Server in case personal part of “From” address contains brackets as a workaround for another old issue.This has been solved by removing the workaround.

59833 Not possible to add pop3 account

Trying to issue an ‘EXAMINE’ command against a non-existent folder yields a ‘javax.mail.FolderNotFoundException’.This has been fixed by treating a possible ‘javax.mail.FolderNotFoundException’ as folder cannot be opened.

59756 Sieve Rule with “redirect” and “keep” are changed to “redirect :copy”

When creating the auto-forward rule it was not checked if the used sieve action “copy” exists.Now, if the sieve action “copy” is not available the combination “redirect” / “keep” is retained to solve this issue.

59753 Error when dragging mail from an externally linked account

The lsub entry couldn’t be resolved because of a naming mismatch: “Inbox” vs “INBOX”.This has been fixed by storing lsub entries also under the original fullname, so no error is displayed while moving mails from external accounts.

59711 Grizzly not starting if iprange can’t be resolved

The hostname was used to create the octets. If the hostname is not an ip address the conversion fails.This has been solved by using host address instead of hostname to calculate octets.

59692 Archive folder not created automatically

Trying to issue an ‘EXAMINE’ command against a non-existent folder yields a ‘javax.mail.FolderNotFoundException’.This has been fixed by treating a possible ‘javax.mail.FolderNotFoundException’ as folder cannot be opened.

59684 Draft email with vcard sending not working

The “vcard” parameter was parsed and written differently.Solution: Lenient evaluation of “vcard” parameter.

58142 IAE for UserSettingMail at MailUploadQuotaChecker

Failed to read value for config-tree path warnings when opening share links.Don’t apply share compose settings if not available to solve this issue.

57850 Logging out as test user (sometimes) not possible

Mail compose did not unregister it’s logout extension point if startup fails. This causes the logout to abort as the extension is still there for a non-existing mail compose instance.This has been fixed by removing logout extension if app startup fails.

Patch Release 4862 (2018-08-20)

Shipped Components and Versions

Fixed Vulnerabilities

59507 CVE-2018-13105

CVSS: 3.5

58742 CVE-2018-13104

CVSS: 5.4

56457 CVE-2018-13103

CVSS: 4.3

56406 CVE-2018-13104

CVSS: 3.1

Fixed Bugs

59774 Mail detail actions drop-down has hardcoded background color

The background color of .mail-detail .detail-view-row .actions>li a:focus was hardcoded.This has been solved by reworking @brand-primary for this part.

59711 Grizzly not starting if iprange can’t be resolved

The hostname was is used to create the octets. If the hostname is not an ip address the conversion failed.This has been solved by using host address instead of hostname to calculate octets.

Patch Release 4850 (2018-08-06)

Shipped Components and Versions

Fixed Bugs

59367 Appointment colors are not printed

A function was not executed in Edge and IE. Jquery has problems in Edge if the HTML is not trimmed.This has been fixed by adding different event handling for Edge and IE, trimmed HTML before adding to print page.

59362 Dot animation not centered

Broken CSS on login page.Fixed simple CSS typo in login page CSS to solve this issue.

Patch Release 4834 (2018-07-23)

Shipped Components and Versions

Fixed Bugs

59370 Reduced lock scope of configdb access

We reduced the scope and therefor effect on database locks when loading database assignments from configdb exclusively. This is a partial solution for issues reported at Bug #56419.

59291 Mail from phpmailer not displayed in sent folder

Loading IMAP part by reference failed, IMAP server signal zero bytes when using relative section identifier “TEXT”.This has been solved by retrying fetching IMAP part in case no specific section identifier was used. Using specific section identifier works without problems.

59183 Multiple push notifications generated

Multiple IMAP-IDLE listeners spawned for a user in a cluster for unknown reason.This has been solved by changing handling of IMAP-IDLE listeners: Extended logging to check why a new IMAP-IDLE listener was spawned, more aggressive refreshing of acquired cluster lock and avoiding (remotely) checking existence of sessions for existing cluster lock entries and immediately tear-down of an IMAP-IDLE listener once it times out.

59054 Mail with 2 or more attachments - only 1 attachment gets forwarded

When using reset on a backbone collection with plain js objects, the reset function removes objects which looks like to have the same identifier and only one attachment was displayed.Prevent this by creating models first and then use reset.

56704 Attach Vcard not Saved in Draft

This was not supported in the past.This is activated again because we have now support for this.

56693 Symbols are not shown in name of sender

Full-width characters in personal part were dropped.This has been fixed by maintaining full-width characters in personal part.

56065 Sort order of to/cc/bcc when reply a mail

Order of recipients was not preserved.Now preserve order of recipients to solve this issue.

53921 Search results sometimes without folder labels

Problematic handling when collection cache was used. Events triggered after list view was drawn.This has been solved by disabling caching of search result also for modules using collection loader.

Patch Release 4819 (2018-07-09)

Shipped Components and Versions

Fixed Bugs

59098 Twitter: not possible to add account;On middleware’s OAuth workflow the jsessionid route is being written as a segment path of the host’s path, e.g. https://ox.io/ajax/defer

jsessionid=123… After Twitter’s announcement about the changes regarding the callback URLs and that every application needs to white-list all callback URLs otherwise clients will be denied access to that application, all callback URLs that featured the previous mentioned route it will be considered as invalid since the segment path is being considered by Twitter as part of the actual callback URL.This has been fixed by writing the ‘jsessionid’ as a URL parameter instead of path segment for the Twitter OAuth provider.The callback-URLs at https://apps.twitter.com/ should have the following format: https://mydomain.com/ajax/defer

58976 Web UI delete account confirmation button not correct

Confirmation button Popup were broken in portrait format.This has been fixed by adding smartphone styles.

58952 Existing Autoforward Sieve Rule Broken After Upgrade

The old style autoforward rules are not interpreted correctly by the v2 mail-filter HTTP API, i.e. if an autoforward rule was created with a previous version of the middleware, then the ‘keep’ action command will be present in the sieve script. The JSON parser in this case does not recognise that and assumes that ‘keep’ is yet another action command that needs parsing.This has been solved by adjusting the response after the filter is read. Therefore, ensure that old style autoforward rules are correctly parsed by the mail filter JSONParser and delivered via the mail-filter v2 HTTP API, that is merge the action commands ‘redirect’ and ‘keep’ and if the later is set, apply the ‘copy’ flag to the ‘redirect’ action command on the JSON response. No sieve rules are adjusted.

58938 Move folder in Drive checks not case sensitive

The cause of this issue was that the origin folder was used for capability checks instead of the destination folder.This has been solved by using the destination folder in case of move instead.

58857 Specialuse flag ignored

The wrong name has been stored as the fullname (e.g. ‘Spam123’ instead of ‘subfolder.Spam123’) and this folder was created on the root level.This has been solved by using the proper fullname instead of the short name.

58849 Recursive folders in Trash get not unsubscribed when deleting

Only direct subfolders were unsubscribed.Now properly unsubscribe all subfolders to solve this issue.

58204 Confusing Text on Popup to Restore a Draft

This has been solved by adjusting the restore popup.

57830 Mail mangled after answering from outlook

Long header lines contained in a MIME message were not folded.Now rigorously fold header lines of passed mail, which is supposed to be transported.

57205 Long login times on some OX Nodes after some runtime (~ around one day)

Avoid excessive locking in cache implementation to weaken the impact of the original problem.

55389 Inconsistent behavior “Add extern account” in Drive and in Settings - Accounts on mobile phones

Adding storage accounts always had been disabled for smartphones. Since the option to add new accounts has been removed from the settings area, this should be enabled. A few adjustments were made for mobile style. Implementation is now equal to address book or calendar app.

Patch Release 4817 (2018-06-26)

Shipped Components and Versions

Fixed Bugs

59158 UI always uses en_US when logging in with session-tokens

The always did not wait for a inner deferred to finish which caused the login:success event to be triggered to early just before the user language was set correctly. The UI then falls back to en_US in each case, but only for initial login.This has been solved by adjusting token login handler and replacing .always with .then in token login handler success function.

Patch Release 4791 (2018-07-17)

Shipped Components and Versions

Fixed Vulnerabilities

58880 CVE-2018-12611

CVSS: 5.4

58874 CVE-2018-12609

CVSS: 6.5

58282 CVE-2018-12611

CVSS: 4.3

58256 CVE-2018-12611

CVSS: 5.4

58226 CVE-2018-12611

CVSS: 4.3

58161 CVE-2018-12611

CVSS: 4.3

58096 CVE-2018-9997

CVSS: 4.3

58051 CVE-2018-12610

CVSS: 3.7

58029 CVE-2018-9998

CVSS: 3.7

Fixed Bugs

59401 Unable to Copy/ Paste in Chrome

A function for checking inline images did not expect non-html content and led to this non working Copy&Paste.This has been solved by adjusting the check for inline images.

58905 Allow subnets for known proxies configuration

Changed behavior of com.openexchange.server.knownProxies: com.openexchange.server.knownProxies does now allow subnets as known proxies. Added SCR-49.

58891 eMail address is not parsed correctly in text mails (when domain part contains a . and a -)

Was not mapped by regex.This has been solved by adding both cases to this regex.

58760 Usercopy fails with duplicate key

Usercopy failed with duplicate key.Now ‘target_id’ for new reminder referenced the old object ID instead of the object ID for moved appointments/tasks.

58632 IE11: contact list view jump to different position when selecting a contact

Missing tabidnex messed up focus handling.This has been fixed by adding tabindex -1 to labels for IE11.

58628 Attachment overlap for Print function

There was no styling for the print rendering.This has been solved by adding a print rendering view.

58609 Incorrect translation for “Last name, First name”

Adjusted Translation to fix this issue.

Patch Release 4771 (2018-06-11)

Shipped Components and Versions

Fixed Bugs

58900 Usercopy fails with rsync error

An erroneous paths were provided to the ‘rsync’ utility, while only the absolute path is required for such an operation.This has been solved by using the correct path for the copy operation via ‘rsync’, the protocol type as the ‘file’ is always implied.

58767 Calendar workweek view not considered in recurring appointments

Used static preconfigured workweek for recurring appointments.This has been fixed by using configured workweek instead of default work week.

58759 Filter rules are not translated in Japanese

Added missing translation.

58186 Document converter breaks with Apache load-balancing

Due to active load balancing between Middleware and Documentconverter server nodes, the PDF results for creating each ManagedFile were taken from different Documentconverter server nodes. In some document cases, this might give slightly different results due to contained date or other fields, evaluated and written at conversion time on each Documentconverter node.This has been solved by ensuring that range requests for one document always create the same hash id even in case the file version is missing and adding appropriate synchronization code on a file id basis results in generating just one ManagedFile on Middleware side within the Ajax request handler. The PDF result file is created from one DC server node only for the sequence of range requests for one document, even in case the file version is missing.

58119 Time picker is briefly shown in vacation notice

TimeInput toggled after draw.This has been fixed by calling toogleTimeInput as soon as possible.

58089 MSG-1031 Categories=ERROR Message=‘Error processing mail server response’

Small improvements to ease debugging with not working Kerberos authentication as administrators are not able to identify the users with problems.

57739 OX shared mail folders notification mail does not honor namespace, folder is not subsribed automatically

Missing config option to control whether shared INBOX should be visible as “shared/user” or “shared/user/INBOX”.This has been solved by introducing config option “com.openexchange.imap.includeSharedInboxExplicitly” to control whether shared INBOX should be visible as “shared/user” or “shared/user/INBOX”. Default is “false”. Related Software change request is SCR-183.

57495 Removeshares url not working

The parser was not able to properly parse the share urls.This has been fixed by properly parsing share urls.

57301 Error Message not Translated to German if redirect to often

Added missing translation.

56956 Ham mail sent out when moving mail from Spam folder to Trash folder

‘handle-ham’ is called when moving messages from Spam folder to Trash folder.Do not invoke ‘handle-ham’ when moving messages from Spam folder to Trash folder to solve this issue.

Patch Release 4691 (2018-04-30)

Shipped Components and Versions

Fixed Bugs

58322 Typo at S3 storage configuration

A recently introduced typo at a configuration parameter was solved that led to issues connecting to S3 storage backends. To avoid configuration changes and unexpected issues, please deploy this Patch Release if S3 storage backends are used. This addresses SDB article #394.

Patch Release 4685 (2018-05-08)

Shipped Components and Versions

Fixed Bugs

58333 Incorrect hyper-link encoding for certain links

In case hyper-links in mail contain percentage signs for URI parameters, those could lead to a incorrect locations since we were encoding them twice. This has been solved to just encode quotes in links.

58207 Mail file size reported as zero when switching conversation sort

When sorting mails by size and toggling conversation view on and off, a incorrect file size has been displayed. This has been solved by resetting old collections on toggle.

58201 Address book property “town” has been changed to “city”

Based on suggestions we renamed the property “town” to “city” on the web frontend.

58187 Missing branding for mobile tour

When using OX App Suite on a smartphone browser, parts of the tour were not correctly branded. We made sure that the productName properties are being used correctly for mobile assets as well.

58158 OX App Suite login page shown during SAML redirection

When using specific SAML based authentication methods, the default login page of OX App Suite has been shown for a split second. We’re now skipping the default login process when using SAML and redirects even before the login screen is rendered.

58019 Unable to forward multiple mails

When using a certain MAL implementation, workarounds were to be used with can lead to an error when trying to forward multiple mails. We’re now avoiding the workaround in case multiple mails are being selected.

57841 Appointment colors are not printed

Appointments without a custom color were not colored according to their calendar folders color, if it has been set. This has been solved by adding the color label of the parent folder to all appointments that don’t specify their own color while printing.

57831 Logstash JSON output contains linebreaks

When using Logstash as log output, long stacktraces could be delivered as JSON file with linebreaks, which messes up the Logstash encoder. We identified the culprit at a JSON generator of a third-party library, which splits JSON after processing a certain amount of bytes. We replaced usage of this library by manual JSON object compilation.

57627 Some signatures are not getting removed

When trying to remove certain HTML signatures from mail compose, a cleanup method to sanitize HTML was a bit too strict and embraced HTML5 standards. We’re now examining API responses for signatures in more detail with less strict cleanup.

56720 Incorrect Japanese translation for mobile search

When using search on mobile browsers, the folder selector did show an incorrect translation. This has been corrected with proper translation.

Patch Release 4673 (2018-04-13)

Shipped Components and Versions

Fixed Bugs

58084 No login screen and ‘Connection Error” after last update

Changed timing of extension point broke some customizations.This has been solved by restoring old timing, introduce new extension point for the use-case introduced for customizing the login process.

Patch Release 4673 (2018-04-13)

Shipped Components and Versions

Fixed Bugs

58084 No login screen and ‘Connection Error” after last update

Changed timing of extension point broke some customizations.This has been solved by restoring old timing, introduce new extension point for the use-case introduced for customizing the login process.

Patch Release 4670 (2018-04-23)

Shipped Components and Versions

Fixed Vulnerabilities

58023 CVE-2018-9998

CVSSv3: 3.6

57956 CVE-2018-9997

CVSSv3: 4.3

57692 CVE-2018-9997

CVSSv3: 5.4

57095 CVE-2018-9997

CVSSv3: 5.4

57016 CVE-2018-9997

CVSSv3: 5.4

56740 CVE-2018-5754

CVSSv3: 5.4

56407 CVE-2018-5753

CVSSv3: 4.3

Fixed Bugs

57933 Not able to insert emojis while composing mail

Update of tinyMCE plugin changed API: custom function to insert emoji into tinyMCE editor is not part of plugin any longer.This has been solved by adding default implementation for custom insert method to restore old behaviour.

57913 Download Drive folders as a zip limited to 1 GB not documented to configure

This has been solved by adding missing property documentation.

57771 Forwarding email only uses displayname

The plaintext was again sanitized superfluously.Just sanitize email-addresses once to fix this.

57740 Autoforward filter rule causes other rules’ “file into” actions to act as “copy into”

“Keep a copy of the message” led to a sieve rule with the command “keep”.This has been fixed by adding “copy”:true” to the redirect action “Keep a copy of the message”.

56948 External connected Drive - View and Filter not working correct

View and Filter were not working for external file storages.This has been fixed by removing the filter for external file storages because external file storages cannot and do not provide the full “infostore” feature set.

Patch Release 4642 (2018-04-09)

Shipped Components and Versions

Fixed Bugs

57705 Disable OX login screen if no connection to DB

Users were redirected to the OX login screen instead of a custom login page.This has been changed and the users are now redirected to the customized login screen.

56042 Got exception during upload

Middleware’s Sproxyd connector refused to store an empty file to Sproxyd end-point and Hard fail when trying to delete a non-existing file.This has been solved by allowing to store an empty file to Sproxydend-point and Do not fail when trying to delete a non-existing file from Sproxydend-point.

55362 Translation missing on upload timeout error

Error to early to load at least the translated message.Static error messages for different languages added to index.html to solve this issue.

53905 Inconsistent behavior between modules for external accounts handling

Button was shown although if no service is available.This has been fixed by adding check to show subscribe buttons only if there is a service available.

44380 Login form shown when using SAML and the IdP is slow to respond

We changed the login process to be completely customizable using ui plugins. This allows for fine-grained control to meet all possible demands.

Patch Release 4619 (2018-03-27)

Shipped Components and Versions

Fixed Bugs

57636 Encrypted files in Drive with uppercase file type name

An encrypted file in Drive with uppercase file type name couldn’t be previewed.Now ignore case of file extension for encrypted files to solve this issue.

57459 Calendar items only visible when scrolling in the past

Was caused by height calculation from invisible elements.This has been fixed by only calculating height on visible elements.

57263 Out of Memory Errors when IMAP endpoint is inaccessible

Threads are kept too long in subsequent connect attempts against a IMAP host in case of a fail-over scenario.Added option com.openexchange.imap.useMultipleAddressesMaxRetries (Default: 3) to specify max. number of retry attempts.

57203 Category can not be removed from appointment

Categories were not parsed if the corresponding property was absent in incoming iCal files.This has been fixed by always parsing and applying categories from iCal.

57133 Issues with image in signature using IE 11 browser does not show image

Wrong/Fall-back MIME type advertised for a signature’s embedded image.This has been solved by using metadata-extractor library to detect image’s MIME type if absent and return that for response’s Content-Type header.

57060 Webmail folder issue with Archive Folder

After an ‘update’-requerst only a subset of the account data is used locally.Now simply process the data returned by the ‘update’-request like it is made for ‘all’-requests.

56935 Better handling of auth failures in OX Request

Possible IMAP response during failed authentication are not considered.Handle possible IMAP response code during failed authentication attempt to better reflect to the user what went wrong. Introduced retry mechanism in case special “UNAVAILABLE” response code is advertised by IMAP server. Enhanced logging in case an external account gets disabled.Changed logging for failed authentication for following IMAP response codes:AUTHENTICATIONFAILED: MSG-1000 “There was an issue in authenticating your E-Mail password…”AUTHORIZATIONFAILED: MSG-1036 “Mail server host denies access for login login.”UNAVAILABLE: MSG-1038 “A temporary failure occurred on mail server host during login for login. Please try again later.” (But only after 5 failed attempts!)EXPIRED: MSG-1039 “Access to mail server host is no longer permitted for login login using his password.” PRIVACYREQUIRED: MSG-1040 “Access to mail server host is not permitted for login login due to a lack of privacy.”

56869 Apache Proxy Timeouts while moving many files (Error 502 after 18 mins)

Action was not prepared for job queue.This has been solved by introducing job queue for files?action=move.

56699 Move folder with files with descriptions to external drive doesn’t work

No error handling for folders. After the ‘ignore’ button was pressed, a ‘undefined’ file was tried to move. That caused a typeError in the frontend and also the above provided server error due to a invalid request.This has been solved by implementing error handling also for folder and files inside folders.

56640 An error occurred: unknown signature key algorithm: 22 when opening mail

If the decryption was successful, but Guard simply doesn’t understand the signature algorithm, the signature was ignored.This has been fixed by allowing decryption with unknown signature type.

56034 OAuth not working if ending on other node

Prematurely failed to acquire a call-back URL in case local token map is empty.Do not prematurely fail to acquire a call-back URL in case local token map is empty to solve this issue.

Patch Release 4602 (2018-03-12)

Shipped Components and Versions

Fixed Bugs

57276 Error while saving Guard message to Draft

Invoking cleanup() on a ContentAwareComposedMailMessage instance throws an UnsupportedOperationException.This has been solved by avoiding invoking clean-up for ContentAwareComposedMailMessage instance.

57168 Mail shows only blank body

Depth was not incremented, when style tag in html-body was added.Increment depth when adding CSS on style tag to solve this issue.

57067 Emoticon pop-up is not anchored properly in Compose window

Strict javascript engines (Edge) failed when assigning values to read-only variables in strict mode.This has been fixed by using the setter function with a new object instead of assigning directly to the object of the getter.

57066 Graphical Elements in Email Appear Squashed When Printed

Combination of width:auto and max-widht:100% causes elements to enlarger when set to 100% width.This has been solved by removing styles.

57064 Calendar module, monthly view, first week of January is missing

Using tables in monthview led to missing days in the view.Implemented a more cleaner version to have always all days displayed.

56999 Incorrect handling of sieve_max_redirects

The MAXREDIRECTS limit that the Sieve server provided was used on the middleware to check the total redirect commands in the entire user’s script.The middleware now checks the total redirect commands in a single rule to solve this issue.

56912 OX6: added \n after logout to signature

New/Missing line breaks after sanitizing.Don’t use the new print for signatures for OX6 to avoid unnecessary line breaks.

56589 Shared private calendar - decline appointment as a secretary (not an invitee) - deletes the appointment for everyone

A missing “participants” array in the updated appointment data was misinterpreted so that participants got removed.Take over original participant data in case they’re not explicitly set by the client.

55298 Maximum configured sized needs to be fixed for Japanese Error message

Response format was strangely encoded html.This has been solved by forcing response format to be correct html with json data.

55057 Folder structure order for the default folders are changed

Wrong order were implemented.This has been fixed by changing fixed order of folders.

54765 Guest quota not working as expected

Guest quota was not working as expected.This has been solved by removing frontend quota check.

52107 Different display of name with comma;Parentheses were rigorously dropped from address strings.Solution: Keep parentheses in quoted personal part

e.g. ``“Doe, Jane (JD)” doe.jane@domain.de.

Patch Release 4583 (2018-02-27)

Shipped Components and Versions

Fixed Bugs

57023 “Show done tasks” resets after logout and login

Missing handling to store grid options.This has been fixed by adding handling for all options (sort, order, done).

56965 Distribution list - adding an external user with just clicking save is not working

Missing blur handler.This has been solved by introcucing blur handler on typeahead field.

56924 Forward Email in some mails attachment get lost

Wrong mail part id for the text part.This has been solved by adjusting part in case “nature” is set to “virtual”.

56875 Eml Import via Drag&Drop not working with Unified Mailbox

Eml import were available for unified inbox but not working.Now importing for unified mail folder is disabled.

56795 Month view - appointments in weeks 13, 22, 31, 39, 40 48 get not displayed

Week collection of last week in month was overwritten, instead of reused, when new weeks were required.Reuse already existing week collections to solve this issue.

56774 Usercopy of user with userfilestore fails with generic error message

Look-up whether destination user should use Unified Quota although not yet completely available.Now deny copying a user using Unified Quota and avoid checking for it during user-copy operation.

56638 Cloud storage - error messages after moving of a larger folder / larger number of files between different storages

Heart-beat kicks-in too late.This has been solved by letting heart-beat kick-in early enough.

56342 Show and hide name while mail compose

Default account “displayname” is used in from dropdown but initally set in a jslob setting once you’ve started to add a custom displayname.This has been fixed by storing current account “displayname” right from the start and keep in updated every time a instance of mail compose is created.

55044 OXTender for Outlook destroys SMIME signature

Empty lines are discarded when parsing multipart content.Keep possible preceding new-lines at the start of a multipart content to not destroy SMIME signature.

Patch Release 4555 (2018-02-07)

Shipped Components and Versions

Fixed Vulnerabilities

56740 CVE-2018-5754

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

56718 CVE-2018-5755

CVSS: 7.7 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)

56706 CVE-2018-5752

CVSS: 6.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L)

56619 CVE-2018-5752

CVSS: 6.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L)

56582 CVE-2018-5754

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

56580 CVE-2018-5754

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

56477 CVE-2018-5751

CVSS: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

56407 CVE-2018-5753

CVSS: 4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)

56359 CVE-2018-5756

CVSS: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)

56334 CVE-2018-5752

CVSS: 6.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L)

56333 CVE-2018-5756

CVSS: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)

Fixed Bugs

56774 Copying users with individual filestores causes errors

When using the usercopy functionality for users which have individual filestores, unexpected errors were thrown. We resolved the situation in a way that errors during user copying are caught and handled correctly. We still deny copying users with individual filestores.

56496 Replying to HTML mail is using plain-text

On specific custom mail abstraction implementations, replying to HTML E-Mails lead to creation of plain-text E-Mails. This is related to the custom implementation and does not affect other operators. We added a workaround which needs to be validated at the target environment.

55894 Making rampup calls configurable for debugging

In certain environments the API rampup delivery inconsistent response times. We added debug logging if preconditions for this API exceed a specific threshold and added functionality to allow disabling those preconditions. Note that this serves solely to support debugging of actual issues and should not be used by default. See SCR-63 for more information.

55409 Inconsistent sort order at contact lists

Japanese sort order for contact lists at mail compose and the Contacts app were inconsistent. We updated the sort mechanism at those places to deliver consistent results.

Patch Release 4538 (2018-01-22)

Shipped Components and Versions

Fixed Bugs

56597 Report -o not working

Fixed parameter indices to make report working again.

56560 Starting with second logout: open draft throws error message, draft gets added by +1 in drafts folder on each iteration

Updated drafthandling an now no new draft is generated and no error is displayed.

56539 OX shows unsupported sieve action

With the introduction of the simplified mail filter test and actions in the HTTP API v2, there was no check done in the config calls to determine whether a simplified command is using any unannounced/not supported sieve capabilities, which lead into returning those simplified commands, thus the UI assumed that the particular simplified action command was available.Ensure that the required capabilities of the simplified action commands are also checked for possible required sieve capabilities to only show supported sieve rules.

56536 Send contact as vcard keeps loading with circle logo

Loading the Source of vcard failed.This has been fixed by adjusting the request.

56478 Mail disappears when mail deletion canceled on smart phones

Missing cancel handling on mobile phones.Now handling canceling on mobile phones.

56395 Link an image in signature is not working

Linking an image in a signature was not possible.This has been solved by updating TinyMCE.

56291 Printing or saving document missing lines

Verically merged tables are only shown in OX Text but are not visible in Word (except the top cell).Hiding vertically merged cells so that the user cannot modify its content and gets the impression of data loss after opening the document in Word to solve this issue.

56034 OAuth not working if ending on other node

JVM route information not added to redirecting call-back URL.Ensure JVM route is added to redirecting call-back URL to solve this issue.

54884 Error in method SQL query

The related request used wrong column numbers.This has been solved by adjusting those column numbers.

52764 Documentconverter backend will be used with action=rconvert calls from users without ‘document_preview’ capability

Files API handles .csv files differently whether we check for the file extension or the mime type.This has been fixed by checking directly for view model type instead of using the mime type based files API methods.

Patch Release 4516 (2018-01-08)

Shipped Components and Versions

Fixed Bugs

56538 Restorecontext not working with open-xchange-admin-autocontextid installed

Checking if a context to restore might be the last one held in associated DB schema does not deal with the possibility that the context does no more exist. In that case that test should simply pass.This has been solved by checking context existence prior to checking if it might be the last one held in associated DB schema on context restoration.

56499 Incorrect attachment names in Japanese

Lenticular brackets were removed from the list of valid characters, which broke certain attachment names as those characters appear to be common in Japanese. We’re now maintaining those characters when providing attachment information.

56486 Incorrect attachment names in Japanese

RFC2231 encoded parameters where incorrectly decoded when handling attachments. This broke certain attachment names as such encodings appear to be common in Japanese. We’ve corrected decoding and now provide correct attachment information.

56475 Logback without newlines after upgrade

The newline character was removed from the LogstashEncoder and moved to the LogstashSocketAppender.This has been fixed by removing the newline character from the LogstashSocketAppender. Re-introduced the newline character to the LogstashEncoder.

56455 Guided tour for Drive cannot be closed

Race condition when uploading sample file into drive.Make sure sample file is uploaded before starting the tour to solve this issue.

56446 Mail alias creation randomly give internal server error

Cached content was used to decide which alias to add and which to remove, but that cached content might not be up-to-date.This has been solved by setting a user’s aliases at once.

56444 Calendar monthly view not working

Internet Explorer has problems with absolute positioned elements in table cells.This has been solved by calculating the height in Internet Explorer 11.

56435 Task status not correctly exported

The rfc for the corresponding vtodo element, only specifies four status. The ox status for waiting is not covered by the specification and was mapped to the status cancelled after import.To guarantee the correct status import of vtodo-elements, the status parameter is extended with a new parameter, called X-OX-STATUS and the value WAITING, which is parsed when importing to represent the “Waiting”-status of the task.

56415 Push related debug messages at log files

Registration and de-registration messages of push clients have been logged at INFO level before, which could create large amounts of log data. As this information is supposed to be used for debugging purposes, we’re now logging it at log-level DEBUG. This solution has to be validated in a production environment.

56414 “Not Spam” button is missing after update

Many code lines just work with “spam”, not with “confirmed_spam”.Always checking for “confirmed_spam” as well to solve this issue.

56400 Links missing in certain HTML mails

Specific HTML mails where handled incorrectly due to a recent sanitizing change for HTML style expressions. In case where such styles got applied to hyper-links the link would potentially not work. We adjusted HTML parsing to avoid this.

56342 Show and hide name while mail compose

After hiding and showing your name, it is was still hidden.This has been fixed by storing current account “displayname” right from the start and keep in updated every time a instance of mail compose is created.

56193 Context menu is NOT closed by right-click

Right click outside the context menu doesn´t close it.This has been fixed by removing selector from blackllist and listen for contextmenu event to close.

56069 Filter condition size checking inconsistent

The validation for the “size” condition was incorrect if a action for mailfilter were added.The validation for the “size” condition has been corrected to be consistent.

56040 Mail addresses missing at auto-complete

In case the same mail address is used for multiple contacts, only one contact would be available when using address auto-complete for mail and other scenarios. To avoid this glitch we updated the filter to consider contacts to be unique in case their address are equal but names differ.

55872 Removed “Open in browser” for IE

Microsoft Office attempts to render documents within the browser instead of downloading them, however not considering cookies required to fetch the requested information. As a result user experience suffers when trying to view or edit MS Office documents stored within OX App Suite. For this and other reasons we decided to remove the “Open in browser” option when using IE-based browsers. We suggest to use OX Documents for in-browser editing work-flows.

Patch Release 4477 (2017-12-01)

Shipped Components and Versions

Fixed Bugs

0 Updated APNS certificates

Existing Apple Push Notification Service (APNS) certificates will expire on 2017-12-07, please update to make sure client devices continue to receive push notifications when using OX Drive.

Patch Release 4473 (2017-12-13)

Shipped Components and Versions

Fixed Vulnerabilities

56352 CVE-2017-17060

5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

56157 CVE-2017-17060

5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

56091 CVE-2017-17060

5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

56063 CVE-2017-17061

3.1 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)

56056 CVE-2017-17062

3.1 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)

56055 CVE-2017-17060

5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

55882 CVE-2017-17060

5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

55830 CVE-2017-17060

5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

55167 CVE-2017-17060

5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

54915 CVE-2017-17060

5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

51464 CVE-2017-17060

5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

Fixed Bugs

56149 Userreporting ERROR “Cannot find user with identifier id in context ctx“

When storing the report before sending it, a useless comma was added.This has been solved by constructing correct JSON when loading macdetails from local storage.

56140 Cloud-Storage connection problem

Wrong check if whether used connection pool is currently unused/empty caused premature stopping of idle-connection-closer.Proper check whether used connection pool is currently unused/empty to solve this issue.

56107 OX - Slowness in loading the mail folder list

List request breaks on altnamespace with many folders.This has been fixed by removing ‘default0’ list request out of ‘virtual/standard’.

56089 Not possible to delete account via API

Wrong owner identifier passed to quota-aware file storage instance.This has been fixed by compiling proper owner info when resolving a file storage.

56073 Logging the IMAP endpoint IP

Remote IP address of connected end-point was not available.Now also output remote IP address of connected end-point to solve this.

56071 Mail content not displayed

Garbled mail messes up IMAP server’s BODYSTRUCTURE information.This has been solved by reparsing mail manually in case IMAP server’s BODYSTRUCTURE information is messed up.

56038 Name of attachment with Japanese characters not correctly displayed

“ISO-8859-1” charset is assumed for every string value in MAPI properties of a TNEF-encoded attachment.This has been solved by detecting proper charset (e.g. by code page attribute) and use that to get the string value.

56034 OAuth not working if ending on other nodes

JVM route information was not added to redirecting call-back URL.Now ensure JVM route is added to redirecting call-back URL.

56023 External Storage error while saving presentations created from a template

Generating setDocumentAttribute operation twice. In renameHandler and during reloading the document.Marking document as unmodified before reloading it to solve this issue.

56021 Feedback: comments and suggestions area without checks filters and escaping

Some characters haven’t been sanitized.More sanitizing for feedback exports solve this.

55974 Appointments in public calendars are getting displayed in the same color independent of the status

Changed default status from accepted to unconfirmed due to some issues with itip attachments.This has been fixed by using status accepted as default for public appointments.

55972 Mail not displayed correctly in App Suite UI

Garbled HTML content with conditional revealed comments confuses Jericho HTML parser.Get rid off HTML comments prior to processing to display such mails.

55964 High load on ConfigDB since update to latest Patch

Excessive ``SELECT cid FROM context_server2db_pool WHERE server_id=xxx AND write_db_pool_id=xxx AND db_schema=xxx´´ queries.This has been solved by optimizing collecting data for drive metric calculation and improved some locations which invoked ‘getContextsInSameSchema()’.

55948 Mailadresses not in “Collected addresses” when reading a new Mail

“collect_addresses” field extracted out of wrong JSON object.This has been solved by extracting “collect_addresses” field out of proper JSON object.

55865 Source Maps Support in Appsuite Development

Modification of source code from middleware before evaluation.This has been solved by stop modifying source code on the client side.

55831 Upon external drive account deletion, the UI still triggers requests that lead to errors

This has been fixed by adding a missing folder refresh.

55102 Cloud storage - moving of a larger folder / larger number of files between different storages stops after 1100s with error 502

Possible HTTP proxy timeout during long-running operations.Introduced the possibility to let a client submit a certain operation to a job queue, which can be frequently polled to check operation’s status.

55085 Tasks: error message on removing editor

Removing oneself as a participant caused permission loss. Which was treated as an error.Don’t treat permission loss as an error anymore as this is expected in this case now.

54957 This message has been truncated due to size limitations. Show entire message - no images can be loaded

Accept new ‘forceImages’ parameter for ‘mail?action=get&view=document’ action. Also show extended action label only when external images are filtered out.

52633 Drag & drop of a huge picture into a HTML-Mail will cause the JVM to OOM up until OS swapped

Missing failure handling of tinymce. Remove the image manually.This has been solved by removing image preview if upload of image fails due to whatever reason (for example, when the image size is too big).

Patch Release 4448 (2017-11-15)

Shipped Components and Versions

Fixed Bugs

56001 mail folder not loading: String index out of range

Possible ‘java.lang.StringIndexOutOfBoundsException’ while parsing an address list. Fixed by orderly reset cached string length after string was modified.

Patch Release 4441 (2017-11-22)

Shipped Components and Versions

Fixed Bugs

56041 Disableschema java.sql.SQLException: No value specified for parameter 14

The counter was not counting the parameters correctly when compiling the SQL statement.This has been solved by using the correct counter for cid when disabling schema.

56015 Signature editor broken, shows no signatures

No Signature was displayed because the Mapping for signitures were broken.This has been solved by removing accidentally kept reference that messed up mapping.

55928 User email is visible in URL

It was possible to see the Guest user’s E-Mail address in an URL parameter.This has been fixed with replacing E-Mail address with ‘user-id@context-id’ tuple and adjusted resolve logic accordingly.

55835 Folder rename in external accounts very slow

Inefficient check for duplicate/equally named folders and inefficient folder retrieval as well.This has been fixed by improving performance when updating a folder and fetching folder list afterwards.

55774 Webmail UI used on a mobile device ignores signatures while forwarding (replaying to) an email

Single signature were not fully implemented for mobile.This has been solved by adjusting the getDefaultSignature method.

55676 Empty lines in email get reduced to 1 when sending in “Plain Text” mode

Text mails got a ‘cleanup’ when displayed in AppSuite.This has been solved by tweaking replacement of redudant line breaks to presere two empty lines.

55631 Unable to add external account due to fixed overlay

Fixed typo in login call parameters to solve this issue.

55626 Email format is NOT preserved when being saved to draft folder

Edit was called without considering mail attributes.Action is now invoked to prevent this issue.

55532 Redirection not working on chrome but works on Mozilla

Links accidentally considered as harmful.Managed a dedicated list of identifiers for possible global event handlers to get all those links working again.

55433 Dutch Backend Translation Problem

Was resolved by adjusting Dutch Backed translation.

54984 Unread messages folder Counter is incorrect and also messes up unread count for other folders

Folder selection had virtual/all folder hard coded.This has been fixed by using configured values to determine virtual/all folder.

Patch Release 4425 (2017-10-24)

Shipped Components and Versions

Fixed Bugs

55881 Inbox not loading

The yielded ‘javax.mail.internet.AddressException’ in case of a parsing error may return ‘null’ when invoking its ‘getRef()’ method.This has been fixed by orderly passing parsed address string to fall-back address instance in case of parsing error.

Patch Release 4415 (2017-11-13)

Shipped Components and Versions

Fixed Bugs

55788 Save in drive for webmail user not usable

General problem that might occur if an action gets chained.Once an undefined list element was present the check always returned true now(“draw it”).

55776 Spamexperts not working with https

Basic-auth information only provided in “Authorization” header for HTTP protocol, but not for HTTPS.This has been solved by always providing basic-auth information in “Authorization” header regardless of used protocol and refactored to use newer HttpClient library.

55748 Wrong sieve rule written when using “start/end with”

The ‘starts with’ and ‘ends with’ simplified rules got mixed up.Properly parse starts- and ends with match types to solve this issue.

55692 Mobile UI changes layout in jslob

Jslob saves also stores fixed settings that are applied for smartphones only.This has been fixed by not saving ‘layout’, ‘showContactPictures’ and ‘showCheckboxes’ for mobile devices.

55583 OX Help Docs language error on Calendar module header

The header of the respective file was adjusted to get the right translation.

55574 Wrong sort order when using flag as sort option

Sortorder was adjusted. Note: Selecting a specific sort field (other than “date”) when mails are grouped by conversations might still yield “strange” results since a conversation’s mails are statically sorted by “date” and only the top mail of each conversations is considered for sorting the conversation groups. Having a flagged mail in the midst of a conversation does not sort that mail to the top since only conversation’s newest mail is considered.

55362 Translation missing on upload timeout error

Added missing translation.

55298 Maximum configured sized needs to be fixed for Japanese Error message

Fixed translation for “Maximum configured sized”.

55284 Possible to change threadSupport if protected

We had no consistently check if threadSupport was enabled.in case ‘threadSupport’ is disabled also a potentially active folder viewoption ‘thread’ is ignored to oslve this issue.

Patch Release 4394 (2017-10-17)

Shipped Components and Versions

Fixed Vulnerabilities

55703 CVE-2017-15029

CVSS: 3.1 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)

55651 CVE-2017-15030

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

55603 CVE-2017-15030

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

55602 CVE-2017-15030

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

55601 CVE-2017-15030

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

55600 CVE-2017-15030

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

55090 CVE-2017-13667

CVSS: 6.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L)

55068 CVE-2017-13668

CVSS: 3.7 (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N)

Fixed Bugs

55694 Html signature - images within the signature did not get saved into dedicated signature storage

Sometimes it was not possible to upload pictures into the dedicated signature storage.Fixed a racecondition to solve this issue.

55679 Create a new signature with image alone - Save button at the bottom should be disabled till the image is saved

Missing handling for pending images.This has been fixed by introducing cascade.

55606 Undocumented: imap4flags extension is a requirement not only for “mail categorization” but also for custom sieve filter rules

Support for ‘imapflags’ was removed for the new v2 api in 7.8.4.This has been fixed by re-adding the support for the ‘imapflags’ capability.

55574 Wrong sort order when using flag as sort option

Wrong sort order returned for “flagged” sort field (660).This has been solved by returning proper sort order for “flagged” sort field (660).

55487 Contacts don’t add correctly when choosing distribution list

This was caused by a missing check for contacts without mail address.Now those contacts are filtered.

55413 OX Calendar Print Preview Issue

This was solved by dropping support for browsers built-in printing and give users a hint to use AppSuites print instead.

55409 Contact sort orders are inconsistent between “address book” and “select address dialog”

It was just sorted by the first character.This has been fixed by adding recursion when letters are equal.

55362 Translation missing on upload timeout error

Missing string in i18n.Added missing string to i18n, this is only the new string, the string itself is still not translated, the translation will be available with the next public patch.

55360 Potential XSS-Bug while handling Mail From

Possible control and/or white-space characters returned to clients.This has been fixed by dropping control and/or white-space characters from E-Mail addresses.

55301 mail.filter.json.v2 - Certain rules created with “not” conditions, including “not exists” (header) ExistsTestCommandParser, are shown in the UI as the positive condition

Certain rules created with -not- conditions, including -not exists- could not be parsed correctly.This has been solved by adjusting the parsing and added backend support for this behaviour.

55288 pdf.js progressive rendering floods OX logs with “Connection reset by peer” errors on Chrome

Superfluous error logging for common case when client/end-user abruptly aborts the HTTP connection.This has been fixed by adjusting logging for common case when client/end-user abruptly aborts the HTTP connection.

55271 File name incorrect Japanese characters

Fullwidth digits were replaced in file names.This has been solved by allowing fullwidth digits in file names.

55044 OXTender for Outlook destroys SMIME signature

Possible empty line after multipart preamble was not maintained.Force a blank line before start boundary when writing out multipart content to solve this issue.

54802 Duplicate entry for key PRIMARY Error on Update 7.8.2 to 7.8.4

Names were written to user attributes table with possible leading and/or trailing whitespaces.This has been fixed by checking for duplicate user attributes after any leading and trailing whitespaces were removed.

Patch Release 4377 (2017-10-20)

Shipped Components and Versions

Fixed Bugs

55551 “Expires” drop-down in share link dialog not displayed in IE11

MS Internet Explorer 11 has problems with auto height when bottom css attribute is set to 100%.This has been solved by setting bottom to auto if the browser is IE 11.

55455 Contacts export and have EOL

LF character was used as line terminator in exported CSV files. Outlook was not able to handle those files.This has been solved by using CRLF sequence as line terminator in exported CSV files.

55453 Open-xchange-cluster-upgrade package not seen for 7.8.3 to 7.8.4 upgrade

Added missing Hazelcast invalidation packages and accompanying bundles for v7.8.3 and v7.8.4 to solve this issue.

55425 Unclear behaviour on versioning when uploading files upper/lower case

File name check was case-sensitive.Now file names check ignoring case to have a standardized procedure.

55363 Default text style are not retained in compose page after pressing backspace

Styles were applied manually and get cleared after deleting the last letter in mailcompose.This has been fixed by using tinymce option ‘forced_root_block_attrs’ and apply custom style and identifier class.

55345 Dovecot allows to add more rules than configured for redirect in sieve_max_redirects

Middleware ignored MAXREDIRECTS.Now Middleware limits redirect commands and “redirect” actions are limited according to the MAXREDIRECTS setting.

55285 Wrong sender account when replying to email addresses with upper-case letters

Check was case sensitive.This has been fixed by comparing case insensitive and fix the sync-async problem for the fallback.

55273 Logout ends up in a white page

Was caused by a problem with deleted files of running OX Documents when logging out.This has been solved by rejecting promise in this error case in the quit handler.

54750 TO: with IDN scrambled after reply

The mail sent by thunderbird does not contain the ASCII representation of the mail address. Instead it contains the unexpected IDN representation. This was fixed in javax.mail as it deals with unexpected mail content. Try to parse with the default java charset. If ASCII is provided (as expected) nothing will change.

Patch Release 4354 (2017-09-18)

Shipped Components and Versions

Fixed Bugs

55380 Standalone Document Converter doesn’t start anymore after last upgrade

After upgrading a standalone document converter node, the open-xchange-documentconverter-server daemon doesn’t start anymore. This has been fixed by adding new bundles to launcher.

55265 High load on configdb DB ReadSlave

Excessive querying of all context identifiers, likely caused by unnecessarily “per node” initialization of default attachment storage cleaner. Solution: Efficient retrieval of distinct context identifiers per schema and refactored default attach- ment storage cleaner to be managed as cluster task (runs only once, no more per node).

55254 Rename / delete folders in OX Drive not possible

Creation of trash and public folders on demand was removed. This has been solved by reenabling the creation of trash and public folder on demand.

55240 Sharing link can not selected on a mobile device

Copy button was disabled for Safari because of API limitations. This has been solved by enabling the button for Safari again, meanwhile Safari supports the required API.

55229 Japanese text is garbled in App Suite

Some Japanese characters are not display correctly (garbled) in emails. This has been fixed by using “x-windows-iso2022jp” charset in case Javas “iso-2022-jp” charset yields unmapped characters.

55200 Capabilities checks performed against “mailfilter” instead of “mailfilter v2”

Even though the mailfilter.v2 API is the one being used, capability checks were done against the legacy to mailfilter API. This has been solved by setting capability check to mailfilter v2.

55175 Mail Module does not render thumbnails for .txt

This has been solved by adding txt to regex of supported file extensions for preview.

54956 Post install script not uses com.openexchange.mail.filter.preferGSSAPI=true

When updating from 7.8.3 consider the case where users preferred GSSAPI as SASL mech and set the new c.o.mail.filter.preferredSaslMech accordingly to solve this issue.

54468 Status of a multi-file incorrect

If a file uplaod was running and a second file upload is started, the upload time were not calculated new. Fixed time estimation as increased collection size was not taken into account during calculation.

51093 “Switch to parent folder” leads to hidden root for external storages

The root folder is “9” for Drive, but for external storages it is “1”. When the root is reached, the overview is shown. The check if the root is reached only considered “9” and therfor did not work when using external storage accounts. This has been fixed by checking also for folder id “1” for external storages.

Patch Release 4328 (2017-09-05)

Shipped Components and Versions

Fixed Bugs

55251 Unused libraries were shipped

Removed unused libraries from com.openexchange.preview bundle.

55199 Custom mail filters break due to changes in com.openexchange.mail.filter.json.v2

Command registries are not properly registered as services. Properly register comand registries for new v2 API to solve this.

55171 Mail Modules does not render thumbnails for TIFF and PSD

Missing handling for .psd and .tiff in mail preview. This has been solved by adding PSD and TIFF support to preview list.

55100 Errors regarding logback mbean after update to 7.8.3

In case the com.openexchange.java-commons.logback-extensions bundle has not been started an attempt to register its MBean failed. Await availability of Logstash Socket Appender instance prior to attempting to register its MBean to solve this issue.

55096 Dragging a folder into Drive in App Suite UI results in unspecific error

Wrong folders detection on MS Windows. Improved detection to solve this issue.

55084 Onboarding shows EAS configuration without permissions

Missing implementation for mobile view. This has been solved by adding missing implementation.

55082 Burger menu “Back to login” not working

Was caused by a missing extension. Added missing extension to solve this problem.

55075 Attendent can change the participant status of appointment creator in shared calendar

UI changed response so it looked like the currently logged in user confirmed the appointment. This has been fixed by using the actual user that confirmed instead of the currently logged in user.

55057 Folder structure order for the default folders are changed

This was caused by a wrong client side order of the folder. This has been fixed by changing client side order to: inbox, drafts, sent, spam, trash, archive.

55042 Inconsistency when selecting an empty folder in the Mail tab

The text “Empty” is shown initially when selecting a empty mail folder but not when the user did tap on other folders and then returns back. Second visit calls busy twice that breaks the “visibile-invisible-chain”. This has been fixed by using a robust implementation that utilizes busy and idle.

54879 Quotes in email local part not allowed

Possible quotes (“) in local part of an E-Mail address were handled as special characters. Now orderly handle quotes in local part of an E-Mail address to solve this issue.

54232 File names are case sensitive

The filename reservation logic recorded possibly conflicting filenames in a map using case-sensitive keys. This has been solved by tracking possibly conflicting filenames ignoring case.

Patch Release 4318 (2017-08-21)

Shipped Components and Versions

Fixed Vulnerabilities

54915 CVE-2017-12885

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

54838 CVE-2017-12885

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

54592 CVE-2017-12885

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

54579 CVE-2017-12884

CVSS: 3.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)

54578 CVE-2017-12885

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

Fixed Bugs

54955 No scrollbar for signature list

Smart dropdown uses “auto” as height parameter, but numeric calculations with strings are impossible. Error in calculation where “auto” was assumed to be a number.

54944 Subject line with UTF-8 characters are jumbled up

Mixed encoded values are not properly combined. Properly combine mixed encoded values to solve this issue.

54894 E-mail gets only displayed partly

Mail uses absolute positioning. Email exceeded internal limit (32KB) for specific post-processing. Raise size limit for that particular post-processing to 128KB for Chrome, 64KB for other browsers to display those emails.

54877 Tasks cannot be deleted

Duplicate entries were written to the del_task folder table. This has been fixed by only writing the most current ones.

54863 Restart of more than one middleware nodes take a long time

This has been solved by avoiding too many request to all possible DB-Schemas and improving start-up of middleware nodes for setups holding millions of contexts.

54820 Datetime in Calendar page is partially hidden

With this fix the Japanese date format were changed to the shorter hh:mm version.

54802 Duplicate entry for key PRIMARY Error on update

Inexact SQL expression to remove duplicate entries from user_attribute table. This has been fixed by deleting duplicate entries by their UUID association.

54797 CSV import wrong birthday

Added dynamic date format for user locale to solve this issue.

54796 Photo taken by iPad with OX Drive does not show up in App Suite

Consider proper image dimension when performing auto-rotate of JPEG images to solve this issue.

53959 An I/O error occurred: Connection reset by peer

Client/end-user abruptly aborts the HTTP connection while writing out the content of a ZIP archive. This has been solved by adjusting logging for common case when client/end-user abruptly aborts the HTTP connection.

53947 Monthly calendar view does not scroll to previous month

Previous month scrollposition was unreachable due to endless scrolling. This has been fixed by drawing an additional month if trying to scroll to the first drawn month.

53454 A IMAP folder called “user” is visible

“user” folder remained in child listing of root folder. Orderly drop single namespace folders from LSUB collection to solve this issue.

52719 Prefetched documents are not used by the viewer

In some cases like PDF source content or previously rendered files, a ManagedFile was returned although the request contained an async flag. This has been solved by ignorring ManagedFiles at all whenever async flag is set at request and return a JSON Object with element {“async”:true} in such cases.

Patch Release 4304 (2017-08-07)

Shipped Components and Versions

Fixed Bugs

54790 Getting quota does not work anymore

When requesting quota information for non-existing file storage accounts a runtime exception was thrown instead of properly handling the case. This has now been corrected.

54774 Sending user feedback fails with empty SMTP auth values

When sending user feedback as CSV file via mail, empty SMTP authentication configuration settings would prevent sending the mail. We added a potential solution for this, however did not have nec- essary information to reproduce the original problem. Therefor this fix has to be validated by the requesting customer.

54702 Rename folder pop-up not closing

The dialog to rename a folder in App Suite would not close under very special conditions. This has been researched and a potential workaround got applied. The effectiveness of this solutions needs to be validated for the environment in question.

54701 Unable to copy raw image content to mail compose with IE11

When copying raw image content from apps like MS Paint to mail compose, rather than just adding that image via drag&drop or the provided composer options, its content did not get pasted when using IE11. This has been corrected for this particular case, however note that copy&paste is implemented very inconsistently across browsers and operating systems, other cases will potentially not work as expected since the browser does not provide necessary information to web applications.

54673 Same timestamp shown for drafts in multiple composers

When composing multiple mails at the same time, the date/time information when the mail has been saved as draft was added to all open composer windows and did overwrite the actual date. This has been solved so that each composer window shows the correct saving date.

54580 Issues with parsing plain-text links in mail

Certain E-Mails did contain combinations of text that led to incorrect hyperlink detection. This got solved by parsing links at plain-text mails less greedy.

54534 Socket monitoring support

To allow debugging potential network and remote service issues more efficiently, we added sup- port to log connection status and usage metrics for each socket that gets opened to an external system (e.g. Database, IMAP). See Change SCR-24 for more information.

54453 Account help page missing

A particular help page for external accounts was incorrectly linked, this has been corrected.

54437 Contact collector not working

Collecting contact information while reading mail was not working when combining specific mail handling (seen/unseen) in combination with contact collection. This has been solved.

52637 Unable to print encrypted mails

Encrypted mails could not be printed after decrypting. This has been fixed.

51194 Ability to disable adding attachments to PIM apps via configuration

A new frontend-side configuration option has been added to disable the “add attachment” area when creating or editing PIM objects. Note that this is purely cosmetic and does not affect other clients than OX App Suite. See Change #4301 for more information.

Patch Release 4285 (2017-07-24)

Shipped Components and Versions

Fixed Bugs

54723 Busy circle never stops on attachment uploads

Tried to create previews for documents for local files. This has been solved by not trying to create previews for documents for local files.

54593 No error message if import limit is reached

No warning given in case number of imported items were truncated. This has been fixed by adding warning if number of imported objects were truncated.

54529 Drive mail drive attachment counting filesize against upload limit

Any mail attachment appended to the new message has been checked against upload quota limitation. Only consider uploaded file (mail attachments) when checking upload quota limitation to solve this issue.

Patch Release 4257 (2017-07-10)

Shipped Components and Versions

Fixed Vulnerabilities

54403 CVE-2017-9809

CVSS: 3.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)

54402 CVE-2017-9808

CVSS: 3.3 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)

54321 CVE-2017-9808

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

54320 CVE-2017-9808

CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

Fixed Bugs

54532 Confusing error message “Folder INBOX has been closed on mail server”

Confusing displayed error message. Solution: Rephrased error messages dealing about connectivity issues to mail server to have a more user-friendly information. Moreover added the “Please try again later.” suffix to hint to a possibly temporary nature of the issue.

54454 Multiple contact selection works only on 2nd try

No previous selection when there actually was an item selected. This has been solved by using the correct selection.

54377 Generating missing MD5 sums on filestore Objects causes high read load

There might be situations where the metadata for stored infostore documents does not indicate the referenced files MD5 checksum. This may be the case for files that were stored more than 4 years ago, or for files that have been uploaded in chunks, e.g. during a migration. When synchronizing via OX Drive, the missing checksums for those files are calculated on demand, which requires the files to be retrieved from the underlying storage. When having many or very large files where the checksum needs to be calculated for, this may lead to an increased read load which may impact other processes and systems in the installation. This has been fixed by providing functionality to calculate missing file checksums on demand.

54349 Edge crashes on large attachments

Too much memory and CPU usage by canvas resize. Integrate canvas resize into our lazyload mechanism so not every picture is processed simultaniously to solve this issue.

54348 Attachment filename wrong when forward email

Building the forwarded mail calling setHeader erased the header information about file name. This has been solved by calling setHeader first and set the file name header afterwards.

54311 Unable to send mail with onboard external account as sender

A SMTP server which responds with non standards-compliant multi-line greeting on socket connect messed up parsing of server’s capabilities. This has been solved by dealing with multi-line greetings from SMTP server.

54262 No timeout message if loading modules fails

No error message on require timeout. This has been fixed by adding timeout message and reload option with longer timeout (30 seconds).

54177 Creating folders or renaming folders to prefix A- or B- does not show

The folder title gets not re-rendered after a title change. Now after a title change also the folder title gets re-rendered.

53965 Incorrect Japanese translation for “Unread” which appears in the “Sort by” menu

Adjusted the translation to solve this.

53964 Incorrect translation for “Unread messages” in Japanese translation

Adjusted the translation to solve this.

53963 Filter rule description text in the Folder picker with Language: Japanese

Adjusted the translation to solve this.

53962 Japanese translation issues in Address Picker

Adjusted one translation and added a new translation to the Address Picker.

53961 BCC is incorrectly translated as BBC in Japanese translation

Adjusted the translation to solve this.

53454 A IMAP folder called “user” is visible

Leftover namespace folder remains in LIST/LSUB collection. This has been fixed by adding a special check that cares about dropping leftover namespace folders.

Patch Release 4233 (2017-06-26)

Shipped Components and Versions

Fixed Bugs

54315 Incompatibility with SIEVE rules

When running OX App Suite 7.8.3 and 7.8.4 against a shared mail environment, SIEVE filter rules could unintentionally affect each other, for example auto-forward and vacation notice. This got fixed by retaining commented script content which is unknown to the 7.8.4 implementation.

54181 Config-cascade inconsistency for value pairs

Certain value pairs where not correctly distributed by the config cascade mechanism, especially those related to services that use oAuth for authentication. We solved this by making those properties config-cascade aware.

54136 Incorrect permission restriction when moving folders in Drive

When moving/copying a folder from a external storage service to folder of the primary OX Drive storage service, a permission related error was thrown. This got solved by properly setting administrator privileges to the creator of a OX Drive folder while copying/moving in folders from external services.

54133 Sharing dialog stuck when sharing locked file

When attempting to share a file which is locked, the sharing dialog did not close when canceling the operation. This got solved by handling potential errors related to locks when trying to share a file.

54069 Fuzzy fallback for unsupported languages

In certain cases the frontend language did fall back to german instead of english. This got fixed by setting a explicit fallback to en_US if the browser provides a unsupported language and no previously set OX language cookie.

54067 Outdated “unsupported browsers” message

OX App Suite UI did display incorrect recommendations for mobile browsers when using such as a desktop browser. This has been solved and we’re now showing recommendations for mobile browsers only when using a mobile device.

54042 Unable to update dates with Japanese locale

When defining start/end dates at the calendar on mobile browsers, the supplied data did not get taken over to the appointment. This was caused by incompatibility of a date/time format library with specific languages and has been fixed by making sure the same date/time format is used at all related components.

54041 Missing schema information for database timeout errors

In case a database connection reported a communication failure or timeout, the specific database schema was not part of the exception. This has now been added to allow simple debugging of affected database clusters.

54034 Missing recipient when removing and modifying recipients

In cases where the original recipients (To, Cc) of a mail got removed during compose and re-added later, the resulting mail was sent without recipient information. This got fixed by properly handling events related to tokens that display participants.

53980 High CPU load caused by documentconverter

Changes to documentconverter led to higher than usual base CPU load. This impact got reduced by lowering a queue polling time to a value which offers a good compromise between queue responsiveness and “idle” CPU load.

53958 More debug background for exceptions related to closed IMAP folders

In case a IMAP backend did close a connection due to technical issues or timeouts, the resulting stack-trace at OX App Suite middleware was rather generic. This has been improved in a way that we now show the related IMAP command to allow better debugging. This issue has to be validated in production environments that show such unexpected behavior.

53923 Quick reply disappears after the first reply

When using “quick reply” to answer a mail, this option will disappear. We changed the behavior in a way that the option stays available after using it.

53916 Adding local files opens camera App on iOS

When using OX App Suite UI with Safari on iOS, the action to add a local attachment resulted in immediate launch of the camera App. We now trigger a selection menu which offers to either use the camera or access existing photos on the device.

53913 Vacation notices could not be activated for aliases

When setting a vacation notice, it was not possible to define a alias address for the notice instead of the primary address. This got fixed by more consistent checks for mail aliases.

53688 Contacts with Katakana “yomi” fields were sorted as “other”

When using Japanese language settings and subsequently “yomi” contact fields, those contacts were sorted incorrectly as “other”, which got solved.

53671 Specific mails produced empty printouts

When printing specific mails that define CSS, the created print version did not show substantial content. This got fixed by dropping certain CSS elements from our whitelist that could lead to broken layouts. See Change #4204.

53649 Folder IDs were shown in PIM objects attachment details

For PIM objects with attachments we did show the hyperlinks pointing to OX Drive instead of the corresponding App. To avoid confusion we did visually remove those links as they provide almost no functionality.

53474 Duplicate recipients when sending mail

When sending a mail to all appointment participants the resulting mail compose did contain duplicates of the expected recipients. This got solved by detecting and removing the currently logged in user from that list.

53437 Inconsistency for thumbnails and image preview

Certain file formats (tiff, psd, pbm) were shown as thumbnail preview while not being supported in image preview. To ensure consistency we added support for tiff and psd files to image preview.

53313 Unable to edit name used for mail on mobile

When using OX App Suite UI on a mobile browser, updates to a E-Mail addresses “personal part” at mail compose were not reflected to the selected mail address. This got solved by updating the corresponding element after the change has happened.

Patch Release 4180 (2017-06-14)

Shipped Components and Versions

Fixed Bugs

53900 1st (out of two) Google Mail Account does not work after adding 2nd (out of two) Google Calender Abo

When updating an OAuth account (applying a new name), the enabled scopes was accidentally reseted.This has been solved by not touching OAuth account’s enabled scopes when updating its name.

53795 POP3 External account: messages retrieved are duplicated

Certain POP3 server’s do not obey to advertise UIDLs with at max. 70 characters.This has been fixed by extending the “uidl” column in “pop3_storage_ids” and “pop3_storage_deleted” tables from 70 to 128 characters as some POP3 server advertise bigger UIDL values. An Updatetask will be triggered with this fix.

53690 Fields considered for sorting / categorizing contacts inconsistent

A contact’s (yomi-) firstname was not taken into account during sort name generation in case no (yomi-) lastname was set.This has been solved by using combination of (yomi-) last- and firstname per default as sort name.

53689 Yomi fields not available / visible with non-Japanese language setting

Missing feature for other languages.Added new setting and feature to make yomi fields with other languages.

53688 Contacts with Katakana “yomi” fields are sorted and categorized as “other”

Only hiragana in sorting table.Extend table with katakana to solve the first part. When yomi was given with Half-width Katakana it is still not sorted correctly, this will be fixed with an upcomming patch.

53340 Appointment status of participant not updated via EAS

The list of confirmations was not part of the USM sync-state.USM syncs now the list of confirmations from the backend to solve this issue.

53233 No appropriate folder storage for tree identifier “0” and folder identifier “label”

Used dummy folder_id ‘label’.This has been fixed by using ‘virtual/label’ now to avoid that an invalid ID is used in server requests.

Release 7.8.4 (2017-05-23)

Shipped Components and Versions

Fixed Vulnerabilities

53077 CVE-2017-8340

CVSS: 3.1 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)

53073 CVE-2017-8340

CVSS: 3.1 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)

52843 CVE-2017-8340

CVSS: 3.1 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)

52255 CVE-2017-6912

CVSS: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

52066 CVE-2017-8341

CVSS: 3.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)

52040 CVE-2017-6913

CVSS: 5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

51863 Script code execution for text comments

Replacing single quotes in fast load string of OX Text. CVE-2017-6913.

51667 Task folder names exposed in error cases

Adjusting error messages to avoid exposing folder names when triggering errors based on folder IDs. CVE-2016-10078.

51622 PIM attachment permissions are not evaluated on saveAs

Fixed folder/object permission plausibility checks when using certain API calls to move data internally. CVE-2017-6912, credits to Iordache Cosmin.

51480 XSS filter bypass using HTML comments

Improved detection for corrupt HTML with regards to HTML comments. CVE-2017-5864, credits to Zoczus.

51474 @import style references are not sanitized from HTML mail

Allow only valid CSS elements at HTML mail and removing external references. CVE-2017-5864, credits to Secator.

51464 Bypass for “safe file” detection using multipart mimetypes

Disallow to manually specify a file’s MIME type when uploading such content. CVE-2017-5864, credits to Secator.

51407 Stored XSS for custom calendar timezones

We’re handling timezone information more carefully now since it’s potentially user-provided data. CVE-2017-5864, credits to R00trus.

51219 XSS filter bypass using multiple levels of open tags

Hard error in case HTML cannot be parsed to its individual segments/tags. Content which cannot be parsed and sanitized will no longer be delivered to the client. This might affect broken/malformed legitimate mails but also attempts to bypass HTML filters. CVE-2017-5864, credits to ZeeShan.

51202 XSS filter bypass using HTML comments

Hard error in case HTML cannot be parsed to its individual segments/tags. Content which cannot be parsed and sanitized will no longer be delivered to the client. This might affect broken/malformed legitimate mails but also attempts to bypass HTML filters. CVE-2017-5864, credits to Zoczus.

51164 External image protection bypass via CSS

Disallow ‘list-style-image’ style element which can be used to include external content and track users. CVE-2017-5210, credits to Iordache Cosmin.

51069 Missing permission checks for snippets

Check if snippet/signature is either shared or owned by the user that attempts to delete/modify it. Deny operation if condition is not satisfied and return with an error. CVE-2017-5863, credits to Iordache Cosmin.

51058 Folder names exposed via ical import

Sanitized error message by dropping folder name from user-visible error message and replaced name by numeric identifier for the technical log message. CVE-2016-10078, credits to Iordache Cosmin.

51039 XSS at RSS feed content

RSS “text/xhtml” content is now being pre-processed by sanitizer. CVE-2017-5864, credits to Iordache Cosmin.

51038 Missing permission check when deleting reminders

Added an additional layer for reminders between JSON and SQL which performs permission checks. CVE-2017-5863, credits to Iordache Cosmin.

50943 XSS at E-Mail

We’re now handling global event handlers (onerror, onabort, etc.) as unsafe and remove them during sanitizing. CVE-2016-10077, credits to Zoczus.

50940 HTML “map” element can be used for tabnabbing

Added area elements to “noopener” mechanism. CVE-2017-5211, credits to Zoczus.

50893 Reflected content for /api/account

Removed user input at the response of the Accounts API which could be used for content spoofing. CVE-2017-5211, credits to Ahmed Abdalla.

50849 Self-XSS at mail signature editor

We added client-side sanitizers at the mail signature editor to avoid self-XSS in addition to server-side filters that remove malicious code at persistent data. CVE-2017-5213.

50764 Autofill on “form” areas can be used to steal credentials

We removed “form” and “input” elements from the HTML sanitizing white-list. Note that this will remove such kind of content in legitimate mails. CVE-2017-5210, credits to Zoczus.

50760 Tabnabbing using “form” tags

We now prevent form submit, open a new window manually, nulling window.opener, redirect the form to the new window and then manually submit the form. In addition we removed “form” and “input” elements from the HTML sanitizing white-list. Note that this will remove such kind of content in legitimate mails. CVE-2017-5211, credits to Zoczus.

50748 SVG can be used to set cookies

Perform sanitizing on SVG files to remove meta tags that can be used to set/overwrite cookies. CVE-2017-5213, credits to Abiral Shrestha.

50739 Permissions for task attachments not correctly evaluated

Check if underlying task is accessible in the parent folder when accessing attachments. CVE-2017-5212, credits to Iordache Cosmin.

50737 XSS with Snippets

We’re now considering Javascript content from personal “snippets” as potentially harmful and reject “inline” use. CVE-2017-5213, credits to Secator.

50734 XSS via “isindex” tags

Proper handling of combined characters during HTML sanitizing. CVE-2016-10077, credits to Zoczus.

50733 Task folder names leaked to arbitrary users

Removed the task folder name at error responses when calling a folder by its ID. CVE-2016-10078, credits to Iordache Cosmin.

50723 XSS at mail body

Proper handling of combined characters during HTML sanitizing. CVE-2016-10077, credits to Zoczus.

50721 Reflected content for /api/apps/load

Removed user input at the response of the Apps API which could be used for content spoofing. CVE-2017-5211, credits to Ahmed Abdalla.

50715 Uploaded images are available to all users

Adding user-based permission checks in addition to UUIDs to avoid access to foreign images at OX Documents. CVE-2016-10078, credits to Secator.

50382 XSS filter bypass at mail

Added greedy/repetitive detection of possibly malformed HTML-tags to avoid follow-up issues with HTML sanitizing. CVE-2016-10077, credits to ZeeShan.

Fixed Bugs

53674 Broken filenames for certain Japanese file attachments

The “name” and “filename” attributes of Content-Type were incorrectly parsed, which led to broken attachment file names when using certain encodings. This got solved.

53457 Unread counter not updating correctly

When moving a mail to the “Trash” folder, in some cases the unread counter was incorrectly updated. This has been solved by making such “move” operations more robust for the counter.

53456 Unable to parse certain broken mails

Mails with broken Content-Type headers at their MIME part could not always be rendered. We added some workarounds in order to attempt parsing and displaying such mails.

53451 Errors when importing specific CSV

Some CSV data did trigger errors during import, caused by incorrect mappings for “Marital status” and “Employee ID” and the attempt to import read-only values like “Object ID”. This got solved by adjusting the mapping and skip list.

53434 Database timeouts when executing “logincounter” CLT

The “logincounter” CLT did use excessive and unoptimized queries when generating statistics. In combination with millions of data sets this could lead to database timeouts and subsequently unusable output. We enhanced that function to use chunk-wise querying and processing of such kind of data.

53368 UI does not load but also not redirect to unsupported.html for MSIE 9.0

Latest code changes make IE9 unusable.Now sending MSIE 9 users to the unsupported HTML file.

53282

53267 Folder inconsistencies when changing a users password

Parts of the folder representation is cached and in cases where the users password got changed without terminating its session this cache was outdated and led to problems with standard folders like “Sent”. This got solved by looking up those folders via mail accounts API rather than using a cache.

53249 Unable to remove POP3 accounts

In special cases where the corresponding IMAP folder of a POP3 account got manually deleted, there were issues removing the associated POP3 account. Other issues were related to the attempt of deleting the same account multiple times. Those got fixed.

53216 Slow rendering when composing mails to many recipients

In case of more than 50 recipients for a mail, the mail compose dialog became a bit unresponsive. This was caused by unnecessary requests to contact images and got solved by allowing to asynchronously load such images as well as reducing the amount of requests.

53158 Missing documentation for oAuth scope configuration

Configuration description about oAuth and related scopes got added at https://documentation.open-xchange.com.

53139 Google oAuth subscriptions were not assigned

In some cases the assignment of a Google oAuth account did break, usually when adding multiple accounts. In such cases the reference was made to the default Google account rather than the account associated to a subscription. This got fixed and the correct account is referenced now.

53127 DAV Links for Tasks (and maybe for others too) are displayed although they are not accessible at all

Missing check if task folder is private.Added missing check to solve this issue.

53100 Mail is not being displayed, blocking other from being displayed in INBOX

This was due to missing recovery for an unsupported character-encoding.This has been solved by handling possible unsupported character-encoding.

53095 Unable to use oAuth accounts after permission downgrade

If a scope for a oAuth account got defined (e.g. to access a external calendar) and the corresponding OX account got downgraded to lose access to calendar, accessing the oAuth account was not possible anymore. This got improved by handling unexpected absence of scope and corresponding Apps.

53087 Second Google calendar subscription does not show calendar contents

The actual OAuth account associated with a subscription has not been considered, but always the default Google OAuth account was referenced.Solution: Consider the actual OAuth account that is associated with a subscription. Info: Popup Blocker may not be active.

53023 Message with truncated subject

Subsequent base64-encoded strings are not combinable if individual values end with padding ‘=’ character.This has been fixed by not combine padded base64-encoded values, but decode them separately.

53008 HTML content is invalid and cannot be displayed

Weird start tag segments in real-world HTML messes-up HTML parser refusing to process the content any further.Solution: Better deal with malformed start tags in real-world HTML content.

52959 Layout issue with sharing on mobile

When sharing a link on smartphone devices, the dialog was displayed in a way that the input field for recipients of the link was not shown. This has been solved by allowing to scroll that section into the viewport on small screens.

52928 Attachment not shown

In email with attachments which have different cid and id it was not possible to show all attachments.Make sure attachments do not have a cid attribute when added to a collection to solve this issue.

52798 Missing appointments in Outlook

In special cases, a list of deleted change exceptions for recurring appointments was provided by Outlook to USM, which led to an exception and subsequently incomplete sync. This got fixed by considering this case.

52797 Autoconfiguration fails for hotmail/yahoo/live domains

Thunderbird’s ISPDB for auto-configuration changed.Changed default value for property “com.openexchange.mail.autoconfig.ispdb” in file ‘autoconfig.properties’ from “https://live.mozillamessaging.com/autoconfig/v1.1/" to
https://autoconfig.thunderbird.net/v1.1/".

52764 Document conversion triggered without capability

Even though a users did not have the “document_preview” capability assigned, calls to the Documentconverter API were made. This got solved by considering the users capability before executing such requests, for example when generating thumbnail previews for mail attachments.

52756 Twitter can not be configured anymore;Case-sensitive look-up for an OAuth API: “Twitter” is not equal to “twitter”

Case-sensitive look-up for an OAuth API: “Twitter” is not equal to “twitter”.Perform ignore-case look-up by OAuth API identifier to solve this issue.

52751 Creating external accounts does not work anymore

Wrong detection if a mail account action was targeted for primary mail account.Reliably check specified account identifier to determine primary account to solve this problem.

52730 Misleading indication that IMAP folder is shared

In case IMAP ACLs just for “see folder” are granted, the “this folder is shared” indicator was displayed. While technically correct this is misleading to users since no content is actually shared. The handling has been changed to avoid displaying the indicator for this kind of ACL.

52729 Missing reload when clearing Trash manually

When removing all mails within the Trash folder manually (select all, delete) instead of using the explicit function, the folder list was not reloaded. This got fixed by triggering a reload in such cases.

52727 UI/Browser blocked / stalled when dealing with huge amounts of appointments

To many operations in DOM-tree if having much appointments.This has been fixed by disabling some functionality for a large Number of appointments.

52712 Twitter stream not shown after configuration

Missing event in Keychain API led to this issue.This has been fixed by adding an additional event, so portal plugins update correctly.

52675 HTML mail not displayed at all

Some mails were not displayed because style tag does not get closed while sanitizing mail’s HTML content.This has been fixed by orderly closing the style tag while sanitizing HTML content.

52633 Drag & drop of a huge picture into a HTML-Mail will cause the JVM to OOM/ up until OS swapped

Configured image limitations were not tested when checking for validity of an uploaded image.This has been solved by testing for image limitations when checking for validity of an uploaded image.

52607 Inconsistent naming of recurring appointment dialogs

When changing or editing a recurring appointment, different dialogs with different naming were displayed. This got unified and changed to shorter naming in favor of small screen devices.

52606 Show hidden files setting does not work at all

Hidden files were not displayed because filter extensions for files were never called.Invoked filter extension point to post process file list to solve this issue.

52534 Disableschema: SessiondService is used but not registered in the activator

Required SessionD service was not orderly tracked.This has been solved by properly tracking needed SessionD service.

52530 POP3 access to external account is not logged by AuditLog

The tracked instance of AuditLogService was not orderly put into utilized service registry.This has been fixed by properly putting tracked service into service registry.

52478 Duplicate registration of ObfuscatorService

Even though ObfuscatorService is implemented as a singleton, it got registered multiple times which led to error messages. Those did not affect functionality but led to higher log traffic than necessary. The problem got fixed by making sure ObfuscatorService gets registered just once.

52470 Incorrect detection of users USM capabilities

In certain cases a users capabilities to use USM and related sync implementations got incorrectly detected. We solved that by sticking to the advertised module access permissions instead of dynamically resolving it.

52435 running processes/instances after the open-xchange-documentconverter-server stop script on RHEL6

init script problems according to title / shutdown of ReaderEngine instances not reliable during DC server bundle shutdown, fixed init scripts, cleanup after migration for 7.8.2 / catching spurious exception during RE instance kill in Java bundle shut.

52433 Incomplete parsing of “mailto” handler at mails

In cases where a regular HTTP/HTTPS resource contains the subtring “mailto” like
“www.mailtool.invalid”, that link was incorrectly detected as mailto: handler and mail compose got opened rather than the URL. This got solved by just looking for mailto: at the beginning of a URL.

52391 Empty Page in UI settings section after update

JS error in yell function and only a empty settings page were displayed.Made yell function more robust, so Settings do not break anymore.

52314 Unicode decoding fails for multi-line mail subjects

In case a E-Mail subject spans multiple lines where each consists of UTF-8 mail-safe base64 encoded characters, decoding partly failed and Unicode characters were displayed in a scrambled way. This has been solved by properly handling such split subjects and encoding each part independently.

52280 Read timeout log entries when using folders that were already closed

Several log messages referred to a situation where access to a IMAP folder is attempted which got closed already. We added optimizations to lower the probability of such cases and handle them correctly instead of throwing an error.

52277 Wrong log level for concurrent updates to last-login

In case two threads update a users “last login” information, a log message of level “ERROR” was logged. Since this is rather a temporary issue and can’t be solved in retrospect we lowered its log level. Further optimizations made it less likely that this kind of issue would happen at all.

52238 Typo at NRFILES property at startscript

A typo at the /opt/open-xchange/sbin/open-xchange script led to a situation where custom configured “nofiles” limits where not correctly applied to the process. This has been solved by correcting the properties name and adding a log message to open-xchange-console.log in case the process fails to set this limit.

52231 open-xchange-documentconverter-jolokia needs open-xchange-documentconverter-client package to be installed

Changed required packages from open-xchange-documentconverter to open-xchange-documentconverter-server in spec file

52161 Missing mails on mobile devices when using mail categories

When using mail categories with a desktop browser and moving mails to specific categories, those mails would not be displayed at Inbox anymore when using the same account using a mobile browser. We solved this by avoiding categorization Inbox if the corresponding feature set is not available on the currently used platforms.

52157 IMAP master-auth user name provided to client

In case of specific IMAP errors related to EXPUNGE commands, a detailed error message was returned to the user, which could contain a user-name for IMAP master authentication. This was solved by removing detailed error message contents for that IMAP command.

52156 IMAP folder names shown different after update

Due to external account refactoring in 7.8.3, the “default0” prefix for “standard” IMAP folders was shown at the frontend. This got fixed by stripping that prefix in places where users would expect just the folder name.

52151 Drop zone for .eml not disappearing if a file is not dropped with firefox on Windows

Firefox does not trigger dragleave or mouseout correctly.This has been fixed by using mouseenter to remove the dropzone when the mouse enter the window without dragged files.

52123 Unable to change mail account name with certain mail configurations

If a user was changing its mail account displayname while the middleware uses a “global”
mailServerSource setting, incorrect host names were applied. As a result the displayname could not be changed. We solved this by applying the appropriate host name to avoid erroneous responses during the operation.

52119 Technical messages if HTML mail exceeds limits

If a HTML mail exceeds pre-defined limits, a rather harsh message is displayed at the frontend. This got polished in order to show a user friendly representation.

52114 Empty page printed by browser in thread view

Single mails are printed correctly when using native browser printing (CTRL+p) but mail threads were not printed. This got fixed by handling mail threads in a more compatible way and allowing native functions to get their relevant content.

52107 Inconsistency in naming order for external accounts

When changing the account name syntax of an external mail account, this change is not reflected to mail lists when reading mail sent and received by the same user. This got fixed by honoring a naming scheme which uses commas to separate last and firstname.

52104 Untraceable database timeouts during share cleanup

Once the PeriodicCleaner task for shares was executed, potential SQL errors could not be traced since the related schema name was unknown. To allow further debugging we addedcom.openexchange.database.schema as parameter for this cleanup run. It will highlight which database schema triggered timeouts or other errors.

52101 ‘Folder “9” is not visible to user “X” in context “YY”

Caused by the changes for favorite folders, where favorite folders for every module were added to the collection pool. The favorite folder for drive has the parent with id “9”. When the UI is refreshed, all parents of all folders are listed. That causes every refresh to request the folder with id “9”.This has been fixed by only adding favorite folders for modules with granted permission.

52100 Permission checks avoid changing corrupt users signatures

In case a users signature contains a faulty “createdby” header on file-level, subsequent changes to that signature were rejected based on a permission evaluation. In order to accept inconsistent data within in the system, the permission check has been removed.

52095 Missing private appointments in shared folders via CalDAV

When sharing calendar folders and accessing them via CalDAV, appointments marked as “private” were not correctly synced. The same use-case works fine when using the HTTP API. This got fixed for CalDAV by considering this kind of appointment when creating responses.

52067 Enter a text in the Search bar. Click on the close option but still the pop up with the text is not closed

Now clear and close dropdown on cancel to solve this issue.

52022 Incorrect App launched from external accounts page

When using the hyperlink for a external storage account at the Settings-Accounts page, no or the wrong App is launched. This has been corrected and a fallback to Drive was added.

52013 Enhancements to IMAP host detection and logging

To allow better debugging and monitoring of interaction between OX App Suite and IMAP backends, a new parameter was added to parse the IMAP backends “greeting” and provide it as part of the OX App Suite log. This behavior is configurable and described within release notes. When rolling out this Patch Release.

51967 Missing distribution lists in Outlook

When syncing Outlook using USM, certain amounts and combinations of contacts and distribution lists could lead to a situation where only a subset of contacts but not all distribution lists got synced. This has been solved by sorting the type of object (contact, distribution list) prior to performing the sync operation. This way the kind of objects retrieved at the client side stays consistent in case the total amount of objects exceeds the chunk size for one sync operation.

51960 Incorrect font for mail attachment on mobile

When using OX App Suite UI on a smartphone, the “Attachments” link within mail compose has been shown with incorrect font and color. This got fixed by applying proper mobile styles to this link.

51918 Calendar conflicts with UTC+12 timezones

During conflict detection, the floating time-span of full-day appointments was calculated using the servers timezone (usually UTC) while other appointments used the timezone configured by the user. In cases where a large offset to UTC is present, there has been a 5050 chance that appointments would conflict with full-day appointments at the previous or next day. We’re now calculating both values using the users specific timezone for conflict handling. This should bring down the probability of incorrect conflicts considerably.

51910 Huge amount of threads stops OX

Did some improvements to avoid a crashing OX. Utilize a user-scoped lock mechanism to avoid having a global lock that might affect unrelated threads unnecessarily. Avoid duplicate remote session look-up.

51859 Changed API behavior leads to issues with file uploads

An earlier bugfix introduced a significant change to HTTP API behavior, any change to the MIME-Type parameter has been rejected as a result. While OX clients were unaffected, this led to an incompatibility with third-party clients when using the “infostore” API for uploading and modifying files. We reduced the scope of the change to block MIME-Types that start with “multipart” instead, this should not affect the vast majority of use-cases for this API.

51839 Certain serious (non UCE/UBE) HTML mail is not displayed

Too greedy check for possibly malicious content led to this issue.This has been solved by allowing properly parsed start tag.

51772 Unable to modify users own data

In cases where the contact associated to the user account was created by the “oxadmin” account rather than the user itself, the user was unable to change its own contact data. Such situations may arise in specific provisioning implementations. Changing the contacts data is now possible again by correcting the mechanism to look up the oxadmin account as potential creator for the own contact.

51755 Long-running script warnings when sending mail to huge recipient list

When composing a mail to a list of several hundreds of recipients, browser warnings about unresponsive scripts occurred when trying to parse and tokenize the recipient list. The handling has been improved by 2-3x to allow a larger number of recipients.

51727 Mail icon stills appears in UI even though mail is not enabled

Caused by missing capability check for disabling and hiding.This has been fixed by adding the missing check.

51700 Guided tours showing for users even though the package was not installed

Document tours are contained in documents-ui package, existence of standard tours package was not checked there.This has been solved by adding check for existence of standard tours package, do not show tours automatically if missing, hide settings menu entry.

51610 Desktop notifications are not shown for negative timezone offsets

When configuring a negative timezone offset (e.g. UTC-5), desktop notifications would not be shown since the timestamp of newly received mails was checked against UTC rather than the users timezone.

51602 Incorrect encoding when using IMAP “plain” authentication

In case mailbox login names allow multi-byte Unicode characters, the login process would fail when using OX App Suite. This has been solved by applying the correct charset when performing the login procedure for mailboxes.

51594 Drive opens wrong files directly after upload - wrong link in UI

indexing mismatch between the DOM nodes representing the file items and the model entries holding the file data.This has been solved by fixing the sort method.

51572 Moving files with and without description not working in drive

App Suite UI just redid the same operation.Solution: App Suite UI checks which files caused conflicts and only tries to redo those.

51570 Only one warning for copy multiple files with description in drive

Multiple response was not fully processed.This has been fixed by processing full array.

51569 Primary mail address and aliases cannot be changed at the same time if the old primary mail address should be an alias

During the createuser command an alias for the primary mail account is already added. This alias is equal to the upper case notation used in the create command. The change command now tries to add the same alias but with only lower case letters. This isn’t recognized and therefore the middleware tries to insert this alias to the db again which results in the duplicate entry error.Solution: Do a case independent check when comparing the old with the new aliases.

51548 Moving files which already exist result in duplicate files with Google Drive

There was no name check performed for the move operations.This has been fixed by adding the name check to the move operation.

51468 Failing to parse pre-auth from configuration

Inappropriate invocation of ‘MailConfig.doCustomParsing()’ lets Zimbra MAL connector fail to perform its own parsing of access information.Solution: Do call ‘MailConfig.doCustomParsing()’ regardless of passed parameters.

51462 Full-day appointments could not be converted with Lightning

When using Thunderbird/Lightning and CalDAV of OX App Suite, full-day appointments could not be converted back to normal appointments using the CalDAV client. The reason for this was a client-specific CalDAV header used to indicate full-day appointments which caused issues with Lightning. We removed this header if the associated user-agent does not expect it.

51399 Repeated mail sending when using Outlook

In case a backend error did occur, like downtime of the mail storage, there could be situations where Outlook clients using USM get into a sending-loop, resulting to duplicated E-Mail. Those kind of errors are now handled by the USM API in accordance to the OX App Suite middleware error code.

51388 If email is disabled, OX Docs tour should not show “Send as email” icon

Guided tour for OX Text does not display info about mail,if mail is not available

51368 Bursts of WARN Messages: filemanagement.internal.ManagedFileManagementImpl ..Temporary file could not be deleted about 800-1000/day

Delete attempt does not check whether file is non-existing.This has been fixed by properly checking if attempt is made to delete a non-existing file changed logging appropriately.

51357 No participants can be added in Scheduling with IE11 after an update

IE has problems with flexbox styles.This has been fixed by changing styles to fix the problem.

51356 Missing support for custom login sources for onboarding

When using the “onboarding wizard” while having a custom login implementation running, some configuration templates could not be properly created since access to the correct credentials (e.g. mail address, login name) is not possible. This has been solved by offering the ability to integrate custom login sources.

51313 Errors when adding invitations to calendar while tasks are disabled

There has been a dependency between the calendar and tasks App with regards to handling iCal files, which led to a situation that appointments could not be imported if tasks are disabled. This dependency has been relaxed to allow cases where either App is disabled.

51263 Missing function returned in case requested files could not be found

A earlier fix changed the response content when requesting a frontend related file. Instead of a function and a error message, just a error message was returned. As a result the web frontend could get stuck in case a file was not found. This has been solved by providing a similar response than earlier, just with obfuscated payload.

51222 Big text file load endless with the UI

The client request didn’t get a response.With these changes the Viewer displays an error message if the file is too big to be loaded.

51207 Error message shown if “default app” setting is empty

In cases where a users configuration was damaged and the default App “none” has been selected, subsequent logins led to error messages. We’re now falling back to the global default App if the provided App cannot be found.

51101 showruntimestats -a errors: No such cache: OXIMAPConCache

OXIMAPConCache is an obsolete JCS cache. The StatisticTools was querying the JCSCacheInformation for that particular non existing cache. The same applies for MailConnectionCache and SessionCache.This has been solved by removing the obsolete calls and corrected the error message.

51091 Upload to external filestorage account folder does not abort if overquota and fails

Missing error handling for overquota in multiple file upload.This has been solved by checking error FLS-0024 and stop queue if this error appears. Also check for rate limit error. If one of those errors appear, the upload queue stops and removes all files from the queue.

51075 Missing translation for upload progress bar

When uploading files as Mail attachment or Drive object, the corresponding progress bar offered a “Cancel” button that was not translated.

51074 Encoding issues with passwords

In case certain operating systems got configured incorrectly, specifically RHEL6 and SLES11, usage of the open-xchange-passwordchange-script plugin could lead to incorrectly encoded passwords passed over to a script. This has been solved by adding an optional parameter as described by Change #4022 to allow base64 encoded transfer. Additionally, unexpected encoding configurations will get logged to open-xchange-console.log to alert operators about potential follow-up issues.

51053 Appointment invitations get duplicated by adding attachments

Deactivated Notification pool combined with multiple uploads of attachments result in a single notification mail for each attachment.Solution: Keep track of a batch of attachment uploads during the whole stack.

51018 Munin warning updating config_ox_java_heap

Non-existing mbean raised an error.This has been fixed by removing mbean.

51017 Munin error updating last-error in ox_grizzly_TCPNIOTransport

Last error value was not a simple signed integer.Check for “N/A”, will return 0 instead of “N/A” with this fix and will only fix the problem for ox_grizzly_TCPNIOTransport.

50997 Searching inside of sent mail folder always shows senders name in results column

This has been solved by adding special handling in find App.

50991 Exception generating IMAP URI

A possible scheme/port information in “com.openexchange.mail.mailServer” or“com.openexchange.mail.transportServer” property was not properly handled.This has been solved by using a structured object for the global mail/transport server configuration setting to also apply protocol, port, etc. (if specified).

50987 AutoStart is not working with io.ox/settings or portal

Settings is not a favorite App and is therefore ignored as autolaunch.This has been solved by adding a special case for settings. Settings will not appear in the dropdown but can be set by the provider as default autoStart App.

50982 External Cloud Storage: number of Items in folder not displayed - ‘0’ all the time

Some file storage implementations are not returning a file count.With this fix the file count is not displayed if the external storage returns no value for file count.

50965 Restore compose application pop up not loading with 7.8.3 upgrade

Introduced new value for ox.serverConfig.persistence: “always”. Only works with adjustment in custom bundles.

50964 Enable Notification sounds - Play sound on incoming mail not working

Settings pane for message sound was displayed when no websocket support was available.This has been solved by adding missing capability check.

50951 In a ‘Drive with Documents’ environment drive offers to send by mail

OXGuard extends “send as mail” ext.point, but the capabilities are NOT extended – now with manual check for capabilities.

50947 OX Documents Portals don’t work for users without default folders

The implementation now checks the default template folder and use the user’s default folder as a fallback.

50939 Missing context menu for conversation thread view

When using conversation (thread) view, the context menu was not added for each individual mail but for the whole thread and the first mail. This makes it hard to handle individual mails and got solved.

50918 Timezone issues with task start/due dates on negative timezone offsets

When defining a start or due date for tasks while using a negative UTC offset, the selected date would be reported incorrectly. This has been solved by adjusting the full-day handling for tasks to the calendar implementation which uses UTC.

50868 Missing translation for external accounts

The “My accounts” page at “Settings” did contain untranslated strings for external account names, this got solved by making use of existing translation strings.

50837 Birthday on 1.1.1970 not displayed

Timestamp for 1.1.1970 were interpreted as timestamp 0. Adjusted calculation from Birth Dates to solve this issue.

50835 Report doesn’t terminate if contexts are broken

In case of a context that never existed on the system, a lookup for all contexts in the same schema lead to endless attempts to get those contexts.This has been fixed by adding the initial context to context list, if the database returns no values for the given context id. Add potential errors to output report.

50804 Attached vCards could not be removed again

When adding own contact information to a Mail as vCard, that virtual attachment could not be removed afterwards. This was caused by an API change which is now reflected to mail compose.

50798 Renaming a root level folder which contains a Favorite Folder will lead to “Mailfolder not found on IMAP Server”

Missing checks if parent folders get renamed or removed.This has been solved by looking for rename or removal of parent folders. On rename: anticipate changed path and keep folder. On remove: immediately remove affected favorites. This doesn’t work if triggered by another client.

50738 Not possible to import multiple mappings with CSV file

“Addmapping” value was not split by comma when supplying multiple login mappings via csv file at create context.Now split multiple login mappings by comma during context creation from CSV file to solve this issue.

50714 OXtender synchronization fails with Couldn’t determine extra fields in object with errors

The ical analysis of an external invitation delivers an JSON object “users” without sub fields, especially without confirmation. This was unexpected by USM and produced an error, which led to a general sync error with OLOX.Now the missing confirmation is accepted and initialized by USM with 0.

50706 OX APP Creates too many IMAP connections and not closing them

Unnecessary global lock that leads to stacking up threads.This has been solved by removing unnecessary global lock from‘com.openexchange.jslob.storage.db.DBJSlobStorage’ class for improved throughput.

50693 Content pane folder name not refreshed when renamed on external storage

Error handling is now done inside the apps. If errors with external storages (or other folder errors) appear and that folder is currently selected, the App will change to the default folder and reload the parent folder.

50691 Shared links to external storage accounts don’t work

It was possible to share folders of an external storage account as link to other internal users. Since those accounts are per-account, that link would not work though. Therefor we removed the option to send a link to such folders to other internal users.

50689 Possible to lock files in external storages when not supported

The ‘locks’ capability was not correct for some external storages.Changed behavior: The file lock feature is disabled for every external storage. Lock does only work in the internal ox fileStore now.

50674 Deleting 2 Users at a time via SOAP results in a database deadlock

Possible database deadlock on concurrent delete attempts for users in the same context.Solution: Acquire a lock on user deletion to enforce queuing of concurrent delete calls.

50627 Mail content not displayed

Malformed conditional comment (CC) causes to greedy detection of such a CC pattern in HTML content during sanitizing.This has been fixed by dealing with malformed conditional comments.

50621 OX crashed - one node/JVM permanently on GC/100% CPU - after creating an heap dump error looked different but OX still does not react

Really weird HTML content inside a mail containing over 700 nested body start tag segments renders the routine running mad that tries to replace body tags with div tags for embedded display inside App Suite UI.This has been fixed by avoiding excessive replacements of body tags inside such a really weird HTML content.

50598 Missing warnings for account failures at unified mail

In case a external mail account cannot be used (e.g. because the password changed), there has not been a notification to the user in order to resolve the situation. This has been changed to provide warning messages when trying to accessing a unavailable account.

50574 Expiry dates for shares cannot be changed directly

When sharing a object with expiry date, that expiry date was set to “one month” when editing the share afterwards. We solved that by no longer applying the default value when editing a share.

50570 Not possible to change name in email settings if global configuration is used

MailConfig values were overwritten with wrong values.This has been fixed by preventing overwriting in specific situations.

50527 MySQL databases refuses connection because of Too Many connections from single groupware servers

Incrementing use-count for a lot of contacts associated with a certain E-Mail address causes too many INSERT statements to be issued, that do flood the MySQL service.This has been solved by accumulating use-count incrementation through a batch statement and limit the number of updated contacts that are associated with the same address. That limit is configurable through property “com.openexchange.contactcollector.searchLimit” and defaults to “5”.

50519 Not possible to find group in calendar permissions dialog

Groups where not drawn due to a limit.Now applying limit by result type so groups are drawn.

50518 Email module - Burger Menu - Create filter rule is not responding

Due to the deactivation of the “address” mailfilter the default values were not available.This has been fixed by introducing a fall-back to the former “header” filter if “address” is not available.

50495 Adjust “hover” color in OX Text and OX Spreadsheet.

Use the actual hover fade value as defined in current UI theme.

50478 Impossible to add two or more different Gmail accounts

Initial assumption to re-use OAuth credentials was wrong.Now OAuth credentials are not re-use when adding mail accounts.

50461 HTTPClientActivator never calls Services#setServiceRegistry

Services class was not initialized.This has been solved by properly initialize the Services class.

50414 Birthdays in the portal widget/side-popup are sometimes a day off

Birthday calculation was slightly different in both views and apart from that even not correct for all cases.This has been solved by using the same code for both views and also using a correct approach.

50412 Edit incorrect email address in to or cc generates duplicate entries and phantom entries

Collection and token field state gets messed up cause models ‘token’ attribute get updated within the ‘tokenfield:createtoken’ handler.This has been fixed by redrawing Tokens only when the display name has changed.

50407 Missing hints for incorrect server startup

In case syntax errors are present at YAML-style configuration files, the middleware did start up partly but apparently was not logging this situation clear enough for some operators. We improved error messages that are thrown once this happens to make it more clear.

50404 If Sharing is disabled, the sharing button is still available in OX Documents

linked caps and implemented “hide disabled elements” feature

50381 Further E-Mail fields not shown in case primary mail is missing

If multiple E-Mail addresses are stored for a contact but not “E-Mail 1” and neither Company nor Position are available a blank second line at the contacts list was displayed. This has been adjusted to fall back to “E-Mail 2” and “E-Mail 3” in case “E-Mail 1” is unavailable.

50342 Calendar colors get lost on printouts

No custom label colors applied to template.This has been solved by passing colorLabel identifier to html output.

50328 Incorrect cursor placement for plain-text signatures

When using default plain-text signatures and navigating with the TAB key, the cursor would be set at the end of the signature. This has been solved in a way that the cursor will be set to the beginning of the message.

50307 Incorrect translation for maximum upload size

When uploading several files which combined size exceed the maximum upload size, the related error message was related to the last file which got added. However, in such cases the error is related to the combined file size, therefor the wording has been adjusted.

50303 No error message regarding “No such snippet found for identifier:” when filestore not available on login

This was caused by a missing hint that a file associated with a snippet/signature is (temporary) not available.Restored logging in case the file associated with a snippet/signature is (temporary) not available: “Missing file for snippet 1 for user X in context ctx_ID. Maybe file storage is (temporary) not available.”

50258 Categories - select all in one of the tabs - info message that no all mails all selected is missing

Added new message for “select all” in tabbed inbox, some translation will be provided with the next patch.

50244 Task title truncated / does not use all available space

Media queries were not flexible enough.This has been solved by using flex layout to use available space better (private and due time appear in this row too if set).

50232 Renaming a folder which is present in Favorites removes it from Favorites

The folder ID changes, therefore the folder was lost on page reload.This has been fixed by listening to ID changes and update and store favorites.

50230 Connection losses to Logstash go unnoticed

In case connection to a Logstash server gets interrupted, log messages will be lost. We introduced a buffer for such messages that gets filled in case the connection is temporarily unavailable.

50213 Edit draft loads endlessly

Recognizing HTML input was not working correctly in all cases.Now wrapping content with div…/div in those cases to solve this issue.

50176 Dragging an email from desktop to mail-category tab is not working

No Handling for Drag & Drop in mail-categories.Added the missing Handling, first the mail is imported to the inbox and then moved to the category.

50135 Help not context sensitive in settings

The app did not contain any information about contextual help.This has been solved by showing context sensitive help in settings. External apps can also register their help pages on the extension point ‘io.ox/settings/help/mapping’ in the function list.

50093 Date or size where not shown as column headers for mail attachment view

When sorting mail attachments by Size or Date, the corresponding column header was not show, this is now the case.

50043 Possible to add version info to external storage files

Was caused by missing capability check for version comments.This has been fixed by adding capability check for version comments.

50041 Moving files with description to external storage not working

Missing translations were added.

50040 Content pane not refreshed

After deleting a folder in a external storage account the view was not updated.With this fix the view is updated after deleting a folder.

50039 Problem with folder rename of external storage providers

Dropbox identifies the folder through the path. New Files create all folders in their path by default. This is a special Dropbox behavior.This has been solved by checking for folder existence before storing a file and return default “folder does not exist exception”.

50016 When composing an email, the signatures do not get refreshed, when adding initial/new one

This has been fixed by using standard listener.

49989 Onboarding Wizard Connect Device Tile does not fit into frame

Max-width were applied on whole container.This has solved by applying max-width for description only.

49979 Guest users don’t get deleted

Guest user deletion triggers push listener removal for guests even if they might not have any push listener registered.Solution: Consider webmail permission before removing push listeners within the user deletion process.

49864 Full-day appointment will be displayed as a regular 24h appointment on Android

Specific clients rely on a certain order of the EAS protocol elements. AllDayEvent shall be sent after StartTime,EndTime. Microsoft Exchange Server for example does this.Sending AllDayEvent after StartTime,EndTime.

49781 Email list: email address displayed instead of display name when DISPLAYFROM is enabled

Now show display name if DISPLAYFROM is set.

49731 Missing event data when deleting an appointment after accepting it

The Appointment object at the deleteDateFromNotoficationQueue event was missing some typically unused data in cases where a participant deletes the appointment after accepting it. To allow compatibility with certain calendaring implementations, we now add a full Appointment object to the queue in such cases.

49236 Huge amount of Mail folder could not be found on mail server messages for non-existing folders

The message for “Mail folder could not be found on mail server” were known, actually by design, but not expected to happen that often.The fix just excludes the inbox from the obfuscation, to reduce the amount of error messages.

49099 sporadic crashes in UNO bridge when loading CSV files via UNO with format string given via FilterOptions string property

setting field delimter and text separators in RE SC code instead via UNO on DC server side

49083 E-Mail-Folder Action ‘delete all messages’ ignores OVERQUOTA

Copy command was able to run into over-quota.This has been fixed by using move operation for clear folder command in case move operation is supported by IMAP server.

48361 Login not possible if folder limit is reached

Adjusted login- and error-handling to solve this issue.Special error code “MSG-0113” in case creation of default/standard folders fails with an “over quota” error was added. This Error will be displayed after login to the end-user.

47616 Interval setting in calendar not used

When setting a interval for calendar time scales, that interval was applied for time pickers and drag-lasso. Now this interval is also used for the calendar views time scale.

47229 Mail folder menu contains “Sharing” and “Permissions”

Capabilities of mail folders were incorrectly checked in case the mail system did not support permissions. As a result the context menu contained permission related actions which were not working as expected. We added a explicit check for environment where permission handling of own mailbox folders is disabled.

40632 Collected addresses does not work for users from the same context

In cases where multiple users are provisioned to the same context with the Global Address Book disabled, automatic contact collection of addresses that are present at the Global Address Book has not been performed. We changed the behavior to consider cases where the Global Address Book exists but cannot be accessed.