CSSCurrent en:Version 4.4.0

Aus Cryptshare Documentation
Wechseln zu:Navigation, Suche

Release Date: 25.10.2019

Important Update Notes

Compatibility

Please check the Compatibility of your add-on products.

Pre-defining recipients in the URL

A new feature has been introduced allowing to pre-define the recipients and the notification subject of a transfer directly via the URL. Please read the documentation article 'Pre-defining recipients in the URL' for further details.

Changed TLS and Cipher Suites configuration

Please note, that the update changes the TLS and cipher suite configuration of the Jetty server. 
Changed TLS configuration

<Set name="includeProtocols">
	<Array type="java.lang.String">
		<Item>TLSv1.2</Item>
		<Item>TLSv1.3</Item>
	</Array>
</Set>
<Set name="excludeProtocols">
	<Array type="java.lang.String">
		<Item>SSLv3</Item>
		<Item>SSLv2Hello</Item>
		<Item>TLSv1</Item>
		<Item>TLSv1.1</Item>
	</Array>
</Set>
Changed cipher suite configuration

<Set name="includeCipherSuites">
	<Array type="java.lang.String">
		<Item>TLS\_ECDHE.\*</Item>
		<Item>TLS\_AES\_128\_GCM\_SHA256</Item>
		<Item>TLS\_AES\_256\_GCM\_SHA384</Item>
	</Array>
</Set>
<Set name="excludeCipherSuites">
	<Array type="java.lang.String">
		<Item>.\*NULL.\*</Item>
		<Item>.\*RC4.\*</Item>
		<Item>.\*MD5.\*</Item>
		<Item>.\*DES.\*</Item>
		<Item>.\*DSS.\*</Item>
		<Item>TLS\_RSA.\*</Item>
		<Item>TLS\_ECDHE\_ECDSA\_WITH\_AES\_256\_CBC\_SHA</Item>
		<Item>TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA</Item>
		<Item>TLS\_ECDHE\_ECDSA\_WITH\_AES\_128\_CBC\_SHA</Item>
		<Item>TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA</Item>
	</Array>
</Set>
If you have adjusted your cipher suite configuration or TLS configuration, please apply these changes after the update again. The update will not migrate changed settings.

Language Packages

Due to structural changes in the language packages, all supported server language packages will be updated automatically, customized language packages will be removed during the update process (a backup is done before). If more language packages are needed, it is required to download and install them again.

Delta-File for changed passages

In case your language packages have been modified, the attached delta-file Datei:72320143.txt can help you to locate the changes in this update and re-apply the modifications.

Click here to see how the delta file for language packages is built.

72320145.png

Removed Files
Files listed in this section have been removed from the language package entirely. 
\--------------------------------------------------------------------
REMOVED FILES
--------------------------------------------------------------------
<files>
New Files
Files listed in this section have been added to the language package. 
\--------------------------------------------------------------------
NEW FILES
--------------------------------------------------------------------
<files>
Modified Files
Files listed in this section have been modified, which can be one of the following cases:
  • Keys have been removed
  • Keys have been added
  • Keys have been modified
\--------------------------------------------------------------------
MODIFIED FILES
--------------------------------------------------------------------
-----------------------------------------------------------------
<path and file name>
-----------------------------------------------------------------
------------------
---Removed keys---
------------------
<keys>
--------------
---New keys---
--------------
<keys>
-------------------
---Modified keys---
-------------------
KEY: <affected key>
OLD: <former key & value>
NEW: <new key & value>
In case of a modification, the affected key, its old value and its new value is shown.

Distribution Upgrade: openSUSE 15.0 to 15.1

Cryptshare Version 4.4.0 enables another upgrade of the underlying operating system. After the update to version 4.4.0 is finished, the Cryptshare Administration Interface will offer the possibility to initiate the upgrade process. 72320146.png

Read the distribution upgrade manual before upgrading
A distribution upgrade makes significant changes to the underlying operating system. It is strongly recommended that you read the documentation before starting the upgrade process: Distribution Upgrade

Automated setup of Appliance Scripts

In an earlier distribution upgrade (openSUSE 42.3 to 15.0) Cryptshare Appliance packages have been removed from the system and been replaced by a set of BASH scripts. Cryptshare version 4.4.0 now takes care of setting up these scripts automatically during the update process. Furthermore a reconfiguration of the scripts can be triggered via the Administration Interface by either, updating the mail server settings or the system notification settings. For more details, please refer to the documentation articles 'Mail Server Settings' and 'System Notifications'.

EML Archiving

Cryptshare 4.4.0 introduces a new feature for archiving connectors, called 'EML Archiving'. 72320144.png When enabled, Cryptshare will only write a single EML file to the archiving location instead of writing all files of the transfer to it. The files of the transfer are added to the EML instead. Please read the documentation for further details: Activating the Archiving Feature

New type of administrative user: Config Admin

Cryptshare 4.4.0 introduces a new type of administrative user called a 'Config Admin'. This type of user is able to administer the Cryptshare Server just like regular administrators, however with some restrictions. The major difference to a regular administrator is, that this kind of administrator cannot see logging information. Therefore a Config Admin is also not allowed to perform certain administrative tasks as this would offer different ways for gathering logging information. Please read the documentation article 'User Administration' for further details and a full comparison list of restrictions for this kind of user.

Security related changes

  • Resolved an issue which allowed performing a reflective XSS attack via the CKEDITOR component.
  • Resolved an issue where the internal server ip address was revealed in response headers.
  • Improved security header settings.
  • Improved CSRF protection measures.
  • Improved rate limiting measures.
  • Improved security measures in the update process.
  • Updated jQuery libraries to version 3.4.1

Additional changes

  • The licence agreement has been updated
  • Resolved an issue where it was possible to send a confidential message despite not being allowed to do so.
  • Resolved an issue where uploads via additional products could be interrupted.
  • Resolved minor user interface failures in the administration interface.
  • Resolved minor layout issues in the user interface.
  • Improved behavior when pressing the enter key in certain screens of the administration interface.
  • The user feedback for generic processing errors in the user interface has been improved.
  • Resolved an issue where administrative users were not properly reconfigured for QUICK after an update under certain circumstances.
  • Resolved minor wording issues within the english and german language packages.
  • Resolved minor wording issues and typos in the spanish and dutch language packages.
  • Resolved an issue where changing the sortation of language packages in the administration interface caused an error.
  • Resolved an issue where the wrong http error codes were returned when directly attempting to download files via the URL.
  • Improved performance when trying to address a large amount of recipients at once.
Abgerufen von „https://documentation.cryptshare.com/w/index.php?title=CSSCurrent_en:Version_4.4.0&oldid=37660