ISL Conference Proxy 4.4.1747.40 with modules for Windows and Linux (2018-03-14)

General Information

IMPORTANT: upgrade from older version to ISL Conference Proxy 4.4.1747.40 can take a bit longer as some of the indexes needs to be recreated. On fast server with SSD and database size 100GB it takes approx 15minutes to complete the upgrade.

On 14th of March the following was released:

ISL Conference Proxy 4.4.1747.40 for Windows 32bit (Platform=win32, Revision=deff00ac03b9d366a5da8bd5e768a9b9dcd09269, release_date=2018-03-12, os_version=0x06000000-0x7fffffff)
ISL Conference Proxy 4.4.1747.40 for Windows 64bit (Platform=win64, Revision=deff00ac03b9d366a5da8bd5e768a9b9dcd09269, release_date=2018-03-12, os_version=0x06000000-0x7fffffff)
ISL Conference Proxy 4.4.1747.40 for Linux 32bit (Platform=linux, Revision=deff00ac03b9d366a5da8bd5e768a9b9dcd09269, release_date=2018-03-12)
ISL Conference Proxy 4.4.1747.40 for Linux 64bit (Platform=linux64, Revision=deff00ac03b9d366a5da8bd5e768a9b9dcd09269, release_date=2018-03-12)

Modules

Authentication 4.4.1747.40 (release_date=2018-03-12, revision=deff00ac03b9d366a5da8bd5e768a9b9dcd09269)
DNS Server 4.4.1747.40 (release_date=2018-03-12, revision=deff00ac03b9d366a5da8bd5e768a9b9dcd09269)
ISL AlwaysOn 4.4.1747.40 (release_date=2018-03-12, revision=deff00ac03b9d366a5da8bd5e768a9b9dcd09269)
ISL Groop 4.4.1747.40 (release_date=2018-03-12, revision=deff00ac03b9d366a5da8bd5e768a9b9dcd09269)
ISL Light 4.4.1747.40 (release_date=2018-03-12, revision=deff00ac03b9d366a5da8bd5e768a9b9dcd09269)
ISL Pronto 4.4.1747.40 (release_date=2018-03-12, revision=deff00ac03b9d366a5da8bd5e768a9b9dcd09269)
Locale 4.4.1747.40 (release_date=2018-03-12, revision=deff00ac03b9d366a5da8bd5e768a9b9dcd09269)
NTP 4.4.1747.40 (release_date=2018-03-12, revision=deff00ac03b9d366a5da8bd5e768a9b9dcd09269)
PostgreSQL 4.4.1747.40 (release_date=2018-03-12, revision=deff00ac03b9d366a5da8bd5e768a9b9dcd09269)
Reports 4.4.1747.40 (release_date=2018-03-12, revision=deff00ac03b9d366a5da8bd5e768a9b9dcd09269)
Storage 4.4.1747.40 (release_date=2018-03-12, revision=deff00ac03b9d366a5da8bd5e768a9b9dcd09269)
System monitor 4.4.1747.40 (release_date=2018-03-12, revision=deff00ac03b9d366a5da8bd5e768a9b9dcd09269)

Translations

core_login_20180312_20180312_104018.translation
isl_alwayson_20180312_20180312_104018.translation
isl_conference_proxy_20180312_20180312_104018.translation
isl_groop_20180312_20180312_104018.translation
isl_light_20180312_20180312_104018.translation
isl_pronto_20180312_20180312_104018.translation
reports_20180312_20180312_104018.translation

Translations (newer translations)

core_login_20180416_20180416_065607.translation
isl_alwayson_20180416_20180416_065607.translation
isl_conference_proxy_20180416_20180416_065607.translation
isl_groop_20180416_20180416_065607.translation
isl_light_20180416_20180416_065607.translation
isl_pronto_20180416_20180416_065607.translation
reports_20180416_20180416_065607.translation

Update availability

All updates have release date set to 2018-03-12. Your ESS will need to be same or higher to be able to update your server. This release is available to all countries except Japan.

Upgrading to new version

This are server side updates so hosted service users do not need to do anything.

Server license users please check Upgrading Server License

Improvements

ISL AlwaysOn - Module - Handle user uploaded HTML pages securely (SECURITY) [ISLALWAYSON-1253] More

Description

In previous version, files that were accessible from /live/islalwayson/files/download were served inline, which could potentially result in XSS or phishing attack attempts. This risk has been mitigated. No security sensitive cookies are available anymore in the /live folder. HTML and XML files are now served as attachments.

In previous versions, flags for this ticket were disabled by default, and now, they are enabled by default.

[PREVIEW] ISL Conference Proxy - Core / Module Storage - Storage download in /conf should be served securely (SECURITY) [ISLCONFPROXY-1605] More

Description

Storage area browser served files in trusted context and thus potentially allowing XSS. Files are now forced to download.

Flags for this ticket are disabled by default.

ISL Conference Proxy - Core - Upgrade to OpenSSL 1.0.2n (SECURITY) [ISLCONFPROXY-1613] More

Description

OpenSSL library was updated to version 1.0.2n due to security vulnerabilities.

[PREVIEW] ISL Conference Proxy - Core - enable login throttle on /conf (SECURITY) [ISLCONFPROXY-1637] More

Description

User authentication throttling was added to /conf web administration login. UA throttling for both username and IP address is performed in its own scope, so regular users cannot maliciously disable admin accounts on the regular login page /users/main/login.html or application login. The throttling settings were kept the same for both admin and regular user scope in Security section for simplicity.

Flags for this ticket are disabled by default.

ISL Conference Proxy - Module Authentication - ldap.exe logs secure data as plaintext (SECURITY) [ISLCONFPROXY-1648] More

Description

In previous versions, it was theoretically possible that some credentials were exposed in logs. This was now redesigned, so that sensitive fields are now obscured with "*".

[PREVIEW] ISL Groop - Module - Serve session files with access control (SECURITY) [ISLGROOP-981] More

Description

For improved security, /file was replaced with /users/islgroop/webapi/session/file/download in session files page. Unlike /file, /users/islgroop/webapi/session/file/download will not work outside of valid logged in web browser session.

Flags for this ticket are disabled by default.

[PREVIEW] ISL Groop - Module - Use secure session file rename (SECURITY) [ISLGROOP-982] More

Description

ISL Groop allows session files to be renamed to arbitrary names (from .png to .exe for example), which could allow an attacker to trick users to download malware in some specific scenarios. Changing file type (determined by file extension) by rename cannot be done anymore. Additionally, bulk files are renamed to their correct value stored in ISL Groop session object when querying the session file list.

Flags for this ticket are disabled by default.

ISL Pronto - Module - Handle user uploaded HTML pages securely (SECURITY) [ISLPRONTO-1078] More

Description

In previous version, files that were accessible from /live/islpronto_download_chat_file and /live/islpronto_download_file were served inline, which could potentially result in XSS or phishing attack attempts. This risk has been mitigated. No security sensitive cookies are available anymore in the /live folder. HTML and XML files are now served as attachments.

In previous versions, flags for this ticket were disabled by default, and now, they are enabled by default.

ISL AlwaysOn - Module - Add UI for group members + permissions "admin" "read/write" "read" (FEATURE) [ISLALWAYSON-1245] More

Description

Added new user interface for changing users' permissions for groups of computers.
Users can share groups with other users, and now they can also manage the permissions that those users have for the computers within their groups.
Users can have one of the following permissions:

Connect only - They can only connect to computers within the group

Computers Manager - They can connect to computers and edit computers within the group

Group Admin - They can connect to computers, edit computers and share/set permissions for the group to other users

who created the group is a Group Admin and cannot be removed as a Group Admin. Groups can have multiple Group Admins, all of them can get removed except the one who created the group. When a user has permission set to Group Admin tries to lower their permissions they will get a warning.

ISL AlwaysOn - Module - Use session history for last used connections (FEATURE) [ISLALWAYSON-1250] More

Description

In previous version, query for user's last used connection was using "last_used" list in "islalwayson_user". This was now redesigned so that now, it is using table "islalwayson_sessions".

In previous versions, flags for this ticket were disabled by default, and now, they are enabled by default.

ISL AlwaysOn - Module - include last added computers to last_used search (FEATURE) [ISLALWAYSON-1305] More

Description

In previous versions, last used computers were on top, and newly added computers were at the bottom of ISL AlwaysOn computer list. This was now redesigned, so that newly added computers are added on top, and the position at which they appear is dependant on time. Newly added computer will be on top of the list, but if user connects to computer that is not on top of this list, it will go to the top of the list because it was last used.

[PREVIEW] ISL Conference Proxy - Core - GRID server list internal webapi2 (FEATURE) [ISLCONFPROXY-1524] More

Description

Added new WebAPI2 method internal/utils/grid/servers/get/1 to retrieve a list of GRID servers. Four filtering methods are supported:

by service and client address (IP), returns sorted servers by load balancer (best match first)

by service, returns servers that have service enabled

by module, returns servers that have module installed

no filters, returns all servers in GRID

Flags for this ticket are disabled by default.

[PREVIEW] ISL Conference Proxy - Core - simulate minimum number of servers in grid when generating random code base (FEATURE) [ISLCONFPROXY-1529] More

Description

Added support for simulating minimum number of servers in GRID when generating random code base.

Flags for this ticket are disabled by default.

ISL Conference Proxy - Core - dt_notify API for Module SDK (FEATURE) [ISLCONFPROXY-1530] More

Description

Direct tables notify C++ API is now exposed in config.json. Table changes are first enqueued into queues specified by dt_notify_queue and then forwarded to app with HTTP request where content is {"dbid":"<dbid>"}. App must respond with empty 200 response, otherwise an Alert level log is recorded: DT change notify HTTP call failed with LOG_SUBSYSTEM="core_dt_change_notify".

Example of all possible notify variants:
[
 ["dt_init", {
 "table":"dtnotifytest",
 "columns": [
 {"name": "a", "type":"text_utf8"},
 {"name": "b", "type":"text_utf8"},
 {"name": "bb", "type":"text_utf8"}
 ]
 }],
 ["get_app_port", {}, [
 ["register_app", {"exe":"{{top_dir}}bin\\dtnotifytest.exe", "args":["{{app_address}}", "{{app_port}}"]}, [
 ["dt_notify_queue", {"name":"dtnotifytest"}, [
 ["dt_notify_on_insert", {"table":"dtnotifytest", "path":"/dt_notify_on_insert"}],
 ["dt_notify_on_insert", {"table":"dtnotifytest", "path":"/dt_notify_on_insert_b_starts_with_x", "column":"b", "value_prefix":"x"}],
 ["dt_notify_on_update", {"table":"dtnotifytest", "path":"/dt_notify_on_update"}],
 ["dt_notify_on_update", {"table":"dtnotifytest", "path":"/dt_notify_on_update_b_or_bb_changed", "column_prefix":"b"}],
 ["dt_notify_on_update", {"table":"dtnotifytest", "path":"/dt_notify_on_update_b_starts_with_y", "column":"b", "value_prefix":"y"}],
 ["dt_notify_on_delete", {"table":"dtnotifytest", "path":"/dt_notify_on_delete"}],
 ["dt_notify_on_delete", {"table":"dtnotifytest", "path":"/dt_notify_on_delete_b_starts_with_z", "column":"b", "value_prefix":"z"}]
 ]]
 ]]
 ]]
 ]
Notes:

dt_notify_on_* with empty column and value parameters match all rows

dt_notify_update with value matches both before and after change

parameter dbid_column may be used to override default dbid column $dbid (maps to dbid in PG), usually set it to dbid (maps to d_dbid in PG)

[PREVIEW] ISL Conference Proxy - Core - Insert row in DT raw data initial data support (FEATURE) [ISLCONFPROXY-1531] More

Description

In previous version, if "Insert row" button was clicked in DT Raw data, then row was inserted and then user could edit it. This was now redesigned so that now, this button opens a row editor, where initial row data can be specified.

Flags for this ticket are disabled by default.

ISL Conference Proxy - Core - Add Develop web content to dev flags (FEATURE) [ISLCONFPROXY-1536] More

Description

"Develop web content" flag was added to dev flags. Enabling the flag will create "develop_web_content" folder. Disabling the flag will move "develop_web_content" to "develop_web_content.backup_N".

ISL Conference Proxy - Core - Add installation name and color indicator to ICP administration (FEATURE) [ISLCONFPROXY-1578] More

Description

Added support for changing title and background color under ISL Conference Proxy configuration page. The title for web administration will now be read from setting "General / Installation name" or license DNS name as fallback. Also, the setting for changing title background color is added and can be found under "General / Title background color". Only hex colors are valid (#HEX).

ISL Conference Proxy - Core - Remove license version from web admin (FEATURE) [ISLCONFPROXY-1588] More

Description

Some users experienced confusion with "License version" field. This field is now removed from license display in web admin.

ISL Conference Proxy - Core - Remove unused key_cc from Autotransport connection keys (FEATURE) [ISLCONFPROXY-1591] More

Description

Private RSA key was included in exe downloads of ISL Network Start which affected all apps from /start and ISL Tester. Because key was unused, it is now removed in exe downloads of ISL Network Start.

In previous versions, flags for this ticket were disabled by default, and now, they are enabled by default.

[PREVIEW] ISL Conference Proxy - Core - Replace /file with internal bulk file handler (FEATURE) [ISLCONFPROXY-1592] More

Description

For improved security, "/file" was removed and replaced with internal "/conf/api/bulk_file_download" in web admin. Unlike "/file", "/conf/api/bulk_file_download" will not work outside of valid logged in web browser session.

Flags for this ticket are disabled by default.

[PREVIEW] ISL Conference Proxy - Core - File type blocking (FEATURE) [ISLCONFPROXY-1600] More

Description

Settings "Blocked file extensions for user upload (.exe ...)" and "Allowed file extensions for user upload (.txt ...)" were added to "Security" to configure file type blocking for modules that support user file uploads and downloads: "ISL Groop", "ISL Pronto", "ISL AlwaysOn". If allowed is set, the filter will function as whitelist and allow only specified file extensions minus the file extensions in the blocked list. If allowed is not set, the filter will function as blacklist and block the file extensions in the blocked list. Default blocked file extension list: ".ade .adp .bat .chm .cmd .com .cpl .exe .hta .ins .isp .jar .js .jse .lib .lnk .mde .msc .msi .msp .mst .nsh .pif .scr .sct .shb .sys .vb .vbe .vbs .vxd .wsc .wsf .wsh".

Flags for this ticket are disabled by default

ISL Conference Proxy - Core / Modules - /conf/api activity log (FEATURE) [ISLCONFPROXY-1601] More

Description

Added support for recording all admin actions in "conf" web pages in activity log. ISL Conference Proxy conf page names are now more readable instead of using auto-generated numeric IDs. Activity log may now also contain user input, so column limits were set. Extra descriptions and URLs are now trimmed to 1024 bytes and all the rest is now trimmed at 256 bytes.

ISL Conference Proxy - Core - Activity log UTC timestamps (FEATURE) [ISLCONFPROXY-1603] More

Description

Local timezone timestamps in activity log are now replaced with UTC timestamps to be consistent with all other logs.

[PREVIEW] ISL Conference Proxy - Core - Save default setting config in PostgreSQL (FEATURE) [ISLCONFPROXY-1611] More

Description

Added static table "isldb_default_configuration" which contains all default configuration values.

Flags for this ticket are disabled by default.

ISL Conference Proxy - Core - Multiple admin accounts (FEATURE) [ISLCONFPROXY-1614] More

Description

Added support for multiple admin accounts. Alternative admin accounts are only allowed to login into /conf like the standard "admin" account. However, login valid and expiration settings will affect alternative admin accounts unlike the standard "admin" account.

ISL Conference Proxy - Core - Drop API locator feature from ICP and switch to directly entering API URL (FEATURE) [ISLCONFPROXY-1623] More

Description

External WebAPI locator setting was replaced with direct service URL setting for improved performance (service URL locate step is skipped).

ISL Conference Proxy - Core - ISL Tester link in downloads should point to direct download (FEATURE) [ISLCONFPROXY-1633] More

Description

On download page, URLs for ISL Tester pointed to /start insted of /download. This was redesigned so that link for ISL Tester now points to /download to make debugging network problems easier.

ISL Conference Proxy - Module Authentication - user account LDAP group retrieval (FEATURE) [ISLCONFPROXY-1638] More

Description

Added support for retrieving list of groups after user is authenticated. Multiple group queries are supported, each having a tag. The output is following:
<grouplist tag="tag1">
    <group dn="dn1">
        <attribute name="x">y</attribute>
    </group>
    <group dn="dn2">
    </group>
 </grouplist>
 <grouplist tag="tag2">
 ....
 </grouplist>
New options:

GROUPLIST_tag_SCOPE;onelevel; (LDAP search scope for group list "tag")

GROUPLIST_tag_BASE;CN=Users,DC=example,DC=com; (LDAP search base for group list "tag")

GROUPLIST_tag_FILTER;member=@USERDN@; (LDAP search filter for group list "tag")

GROUPLIST_tag_ATTRS;cn,objectguid; (list of attributes to retrieve for group list "tag", use * for everything when debugging)

[PREVIEW] ISL Conference Proxy - Core - External groups setting mapper (FEATURE) [ISLCONFPROXY-1640] More

Description

Setting "Security / External authenticator login settings rules" was added to configure mapping of external group membership information to ISL Conference Proxy user account settings. Setting is a JSON array of rules "[rule, ...]" executed one by one sequentially. The rules are executed when the user logs in. Available rules:

["key", "KEY", "VALUE"] - set KEY=VALUE

["in-group", "GROUPEXPR", ...] - conditionally execute ... if the user is in GROUPEXPR

["key-group-list", "KEY", "GROUPEXPR_PREFIX"] - set KEY=vector of groups

["key-group-list-comma", "KEY", "GROUPEXPR_PREFIX"] - set KEY=comma separated list of groups

GROUPEXPR: list of tag:attribute:value
GROUPEXPR_PREFIX: prefix filter, usually set to tag:attribute:

Flags for this ticket are disabled by default.

ISL Conference Proxy - Core - extend pg_tool to support WHERE clauses when dumping tables (FEATURE) [ISLCONFPROXY-1643] More

Description

Added support for "--where-TABLE=WHERE" was added to "dump_table" command of "pg_tool" which allows the user to restrict the row dump with a WHERE clause.

ISL Conference Proxy - Core - Direct tables replication AKV logs (FEATURE) [ISLCONFPROXY-1647] More

Description

Direct tables replication AKV logs were added to subsystem core_direct_tables_replication_stats on infoseverity level.

Accumulated stats once per interval (default 1 hour):

sync receive: synchronous replicator receive (DB write) report

async send: asynchronous replicator send (DB read) report

async receive: asynchronous replicator receive (DB write) report

Events:

async sender finished

async receiver finished

Log keys:

GRID_SERVER_ID: remote GRID server ID (all)

DTSYNC_TABLE/DTASYNC_TABLE: DB table (all)

DTASYNC_TOTALTIME_MS: total operation time (async sender finished and async receiver finished)

DTSYNC_PKTS_L/DTASYNC_PKTS_L: number of network packets (sync receive, async send, async receive)

DTSYNC_ROWS_L/DTASYNC_ROWS_L: number of rows read or written (sync receive, async send, async receive)

DTSYNC_QWAIT_MS/DTASYNC_QWAIT_MS: queue wait time (sync receive, async send, async receive), delay between network packet receive and DB read/write operations (DT replication executor is single-threaded so multi-server concurrent operation will introduce delays)

DTSYNC_DBTIME_MS: time spent writing rows (sync receive)

DTASYNC_HASHES_L: number of read row hashes (async send and async receive)

DTASYNC_HWASTE_L: read row hashes that were not used (async send), row hashes are read in large blocks, if the corresponding total row size sum would exceed 5 MB when sent fully, the excess rows and their hashes are not processed in the current step but will be left for the next step. Hash read is done using heuristics (average row size from previous block).

DTASYNC_METADBTIME_MS: time spent reading and writing table meta info, includes adding columns (async sendand async receive)

DTASYNC_HASHESDBTIME_MS: time spent reading row hashes (async send and async receive)

DTASYNC_ROWSDBTIME_MS: time spent reading or writing rows (async send and async receive)

ISL Conference Proxy - Core - Log user logins with AKV (FEATURE) [ISLCONFPROXY-1652] More

Description

Login attempts in ISL Conference Proxy Core were added to AKV logs. The fields are:

LOGIN_CTX: how the attempt was made (webapi2, ...)

SOCK_CLIENT_IP: client's IP

LOGIN_USER_ID: account user_id if available

LOGIN_USERNAME: account full username if available

LOGIN_RESULT: one of: ok, invalid credentials, account disabled, cannot login as admin, ok, must change password, use full username, use login dialog, throttle fail, challenge, redirect, error

LOGIN_USERINPUT_TXT: username field input for system login method

LOGIN_SERVER_ID: redirect server id

EXC_DESC_TXT: error exception text

[PREVIEW] ISL Conference Proxy - Module DNS - Option to keep backward compat wildcard GRID entries in single address GRID setup (FEATURE) [ISLCONFPROXY-1654] More

Description

"Keep backward compatible load balancer wildcard records" option was added to single address GRID setting to allow easier migration from regular wildcard GRID setups. Old clients might still need wildcard addresses.

Flags for this ticket are disabled by default.

[PREVIEW] ISL Groop - Module - File type blocking (FEATURE) [ISLGROOP-983] More

Description

File download and upload of blocked file types now shows an error to user in web pages. ISL Groop application will fail to upload or download the blocked file types.

Flags for this ticket are disabled by default.

[PREVIEW] ISL Pronto - Module - Expose retrieved history size limit trough setting (FEATURE) [ISLPRONTO-1068] More

Description

Added support for exposing limit of the history size an operator can retrieve as a setting.

Flag for this ticket is disabled by default.

[PREVIEW] ISL Pronto - Module - Add "Allow send file in chat" and "Allow receive file in chat" settings (FEATURE) [ISLPRONTO-1076] More

Description

Added two settings ("Allow send file in chat" and "Allow receive file in chat") which enables or disabled file sending and receiving from ISL Pronto chat.

Flags for this ticket are disabled by default.

[PREVIEW] ISL Pronto - Module - Add form to submit patches to Administration pages (FEATURE) [ISLPRONTO-1079] More

Description

Added form in administrative pages which submits custom JSON patches for ISL Pronto grid objects.

Flags for this ticket are disabled by default.

[PREVIEW] ISL Pronto - Module - Show all instances of RAM object in Administration pages (FEATURE) [ISLPRONTO-1080] More

Description

Added support for showing all instances in ISL Conference Proxy Configuration administration page, so that users can see if object instances differ in any way.

Flags for this ticket are disabled by default.

ISL AlwaysOn - Module - Update layout of password protected file storage (DEFECT) [ISLALWAYSON-1224] More

Description

In previous versions, there was broken dialog for entering password of protected file storage. This was now fixed, so the dialog should not be broken anymore.

In previous versions, flags for this ticket were disabled by default, and now, they are enabled by default.

ISL AlwaysOn - Module - Fix action_list_js to be run through xpp (DEFECT) [ISLALWAYSON-1227] More

Description

ISL AlwaysON actions list javascript is now run through an extra step of HTML preprocessor so translate_js calls can be executed and this no longer triggers javascript error. HTML preprocessor (XPP) in ISL Conference Proxy 4.4 is more strict and requires explicit runs of external recursive chunks of HTML.

In previous versions, flags for this ticket were disabled by default, and now, they are enabled by default.

ISL AlwaysOn - Module - fix extract computer query (DEFECT) [ISLALWAYSON-1251] More

Description

In previous versions, there was security issue with old v2 interface. It was theoretically possible to retrieve a list of all computers on server. This was now redesigned, so that this should not happen anymore, and users are only able to see own computers.

The defect was fixed.

[PREVIEW] ISL AlwaysOn - Module - catch invalid data on RPC auth message (DEFECT) [ISLALWAYSON-1260] More

Description

In previous version of ISL AlwaysOn module, there was issue with inadequate treatment of hexcode input data, and users could get Error 500. This was now redesigned, so that hexcode data is now correctly parsed, and instead of Error 500, users will now get error message saying that invalid sequence was provided.

The defect was fixed.

Flags for this ticket are disabled by default.

[PREVIEW] ISL AlwaysOn - Module - improve robustness of connect webapi (DEFECT) [ISLALWAYSON-1270] More

Description

In previous version of ISL AlwaysOn module, webapi2 method "islalwayson/computer/connect/1" returned to the caller, version of connection endpoint. Each time ISL AlwaysOn computer updated the endpoint connection object the version increased. When caller provided version in query, the call waited until version was greater than queried version. Only number was accepted for version. This was not redesigned so that the version can now be number or a string, that is converted to number. Version is now also updated on every status change and not only when remote computer changes state.

The defect was fixed.

Flags for this ticket are disabled by default.

ISL AlwaysOn - Module - Remove permission check for system information (DEFECT) [ISLALWAYSON-1308] More

Description

In some cases it was possible that users got error message saying that they don't have permissions to execute sysinfo actions. This happened on computers that were not in any group. This was now redesigned, so that user should not get this error message, and sysinfo action should be executed normally.

The defect was fixed.

ISL Conference Proxy - Core - Fix installation name sanitizer (DEFECT) [ISLCONFPROXY-1468] More

Description

Sanitizer for Installation name of ISL Conference Proxy was implemented incorrectly causing the invalid characters to remain in the installation name if present. This caused errors in various parts of the infrastructure (login, webstart etc.). Sanitizer was implemented correctly and should remove the invalid characters from installation name. If name is composed entirely from invalid characters it is replaced by the connection IP address.

In previous versions, flags for this ticket were disabled by default, and now, they are enabled by default.

ISL Conference Proxy - Core - Show PostgreSQL installation message in file backend mode (DEFECT) [ISLCONFPROXY-1469] More

Description

In previous version, in case PostgreSQL was installed and file database backend is enabled, in ISL Conference Proxy configuration page it displayed following message: "ISL Conference Proxy is not fully configured which will cause limited or inaccessible functionality. In the side menu, go to Manage software and select Online update or Manual update to install all the latest modules." This was now redesigned so that correct error is displayed saying following: "ISL Conference Proxy is using the file database backend which will cause limited or inaccessible functionality. Please upgrade the database backend to PostgreSQL.". Also, in previous version users could hide this notification. This was also redesigned, so that users cannot hide this notification.

The defect was fixed.

In previous versions, flags for this ticket were disabled by default, and now, they are enabled by default.

[PREVIEW] ISL Conference Proxy - Core - Testing internal webapi2 X-Islcp-Header (DEFECT) [ISLCONFPROXY-1523] More

Description

In previous version, "CP-RUNTIME-SECRET-KEY in "users/main/test_webapi2.html" was encoded directly in HTTP header. This was now redesigned so that "CP-RUNTIME-SECRET-KEY" is encoded inside "X-Islcp-Header".

The defect was fixed.

Flags for this ticket are disabled by default.

[PREVIEW] ISL Conference Proxy - Core - Direct tables garbage collector should work in mixed module GRID setups (DEFECT) [ISLCONFPROXY-1545] More

Description

Deleted rows from tables were not cleaned up properly in case of GRID setup where:

one server was deleted from GRID (blocks garbage collector with an old GC threshold version)

tables that are not on all servers (GC is completely disabled)

The defect is fixed.

Flags for this ticket are disabled by default.

ISL Conference Proxy - Core - Remove exposed connection passwords in PostgreSQL debugging messages (DEFECT) [ISLCONFPROXY-1554] More

Description

In previous version, there was very small chance to see PostgreSQL connection password in debug log and web admin debug panel. This was now redesigned and PostgreSQL connection password is now protected and not visible in debug log and web admin debug panel.

The defect was fixed.

ISL Conference Proxy - Core - Remove private crypto keys from cryptography zip by default (DEFECT) [ISLCONFPROXY-1555] More

Description

Private keys are now removed by default from cryptography.zip, which is accessible in Debug web admin panel. Affected files:

connection/*.pvk (many possible)

connection/*.server.pvk (many possible)

codesign/microsoft_authenticode.pvk

codesign/microsoft_authenticode.pvkpass (also affected by dev flag Expose login credentials debug log level (0-2))

codesign/microsoft_authenticode_compat.pvk

codesign/microsoft_authenticode_compat.pvkpass (also affected by dev flag Expose login credentials debug log level (0-2))

grid/grid.pvk

https/main.pvk

https/main.pvkpass (also affected by dev flag Expose login credentials debug log level (0-2))

The defect was fixed.

[PREVIEW] ISL Conference Proxy - Core - IP range matcher is ineffective (DEFECT) [ISLCONFPROXY-1565] More

Description

Due to refactoring error, IP range matcher IP1-IP2 was not effective in ISL Conference Proxy 3.4.0 - 4.4.1734. IP range matcher is now effective again. Affected subsystems:

Security setting Allowed IP addresses for administration

Security setting Allowed IP addresses for XMLMSG

Security setting Allow X-Forwarded-For header (for CDN) for IP ranges

Security setting Do not use HTTP proxy for addresses

Security setting Force networks to public internet address

Security setting Force networks to private intranet address

Security setting Filters that define access to webapi2

Web server setting Allowed IP addresses for frontends

Load balancing setting IP boost on server X

Load balancing setting Global IP boost

<ip>1.2.3.4-1.2.3.10</ip> matcher in software_policy.xml

DNS zone IP limit

Locale setting Map IP to timezone

The defect was fixed.

Flags for this ticket are disabled by default.

[PREVIEW] ISL Conference Proxy - Core - IP filter parser on Linux fails to parse masks (DEFECT) [ISLCONFPROXY-1566] More

Description

Due to incorrect IP parsing order on Linux and the specific unit test not being run automatically, IP mask matcher with spaces 1.2.3.4 / 255.255.0.0 was not effective in ISL Conference Proxy. IP mask matcher is now effective again. IP matcher without spaces 1.2.3.4/255.255.0.0 is not affected. Affected subsystems:

Security setting Allowed IP addresses for administration

Security setting Allowed IP addresses for XMLMSG

Security setting Allow X-Forwarded-For header (for CDN) for IP ranges

Security setting Do not use HTTP proxy for addresses

Security setting Force networks to public internet address

Security setting Force networks to private intranet address

Security setting Filters that define access to webapi2

Web server setting Allowed IP addresses for frontends

Load balancing setting IP boost on server X

Load balancing setting Global IP boost

<ip>1.2.3.4 / 255.255.0.0</ip> matcher in software_policy.xml

DNS zone IP limit

Locale setting Map IP to timezone

The defect was fixed.

Flags for this ticket are disabled by default.

ISL Conference Proxy - Core Login - Use atomics to store template pool (DEFECT) [ISLCONFPROXY-1584] More

Description

In previous version, template poll was not an atomic variable. This was now redesigned so that template pool is now an atomic variable. This prevents any simultaneous modifications from multiple threads.

The defect was fixed.

ISL Conference Proxy - Core - Activity log CSV sanitize (DEFECT) [ISLCONFPROXY-1602] More

Description

In previous version excel CSV writer used by activity log now sanitizes output data (replaces control characters 0x00-0x1F with spaces) to prevent incorrect data import.

ISL Conference Proxy - Core - Activity log strip security sensitive information (DEFECT) [ISLCONFPROXY-1604] More

Description

In some cases, activity log exposed several security sensitive information such as post_token, redirect, password, origin, etc. This was now redesigned so that sensitive information are now replaced with * character.

The defect was fixed.

ISL Conference Proxy - Core - Admin must change password accepts empty password as new password (DEFECT) [ISLCONFPROXY-1615] More

Description

If account is marked as administrator account, and setting "User must change password" is checked, then a dialog will be shown on next login. It was possible to have blank password and account would be disabled. If blank password was set for main admin account, then password was reset to default value. This was now redesigned in a way that users get error if they leave password field blank.

The defect was fixed.

ISL Conference Proxy - Core - Fix jquery's ajax issue when POSTing '??' - disable JSONP (DEFECT) [ISLCONFPROXY-1645] More

Description

In previous version, there was possible to get "No data from API" error on login due to "??" occurrence in password. This was now redesigned so that now users should not get this error on login.

The defect was fixed.

ISL Conference Proxy - Core - flags.json does not always reflect all init flags correctly (DEFECT) [ISLCONFPROXY-1650] More

Description

flags.json was corrected to contain only absolutely necessary flags needed for startup of ISL Conference Proxy. By need flags like 2017-12-27 ~~ISLCONFPROXY-1625~~ local flag support are now also always initialized to avoid startup problems.

The defect was fixed.

[PREVIEW] ISL Pronto - Module - webapi2 islpronto/supporter/info/get/* return "insufficient permissions" (DEFECT) [ISLPRONTO-919] More

Description

In previous versions, webapi2 methods "islpronto/supporter/info/get/list/1" and "islpronto/supporter/info/get/single/1" returned user error (insufficient permissions) if supporter has "View other supporter's public chats" setting to "No". This was now redesigned so that this two webapi2 methods should return only chat info for supporters if they have this setting set to "No".

The defect was fixed.

Flags for this ticket are disabled by default.

[PREVIEW] ISL Pronto - Module - Retrieved chat history size is smaller than the limit (DEFECT) [ISLPRONTO-1069] More

Description

In previous version, retrieved chat history size was smaller than the limit in some cases. This was now redesigned so that chat history size should not be smaller that limit of the size.

The defect was fixed.

ISL Pronto - Module - Convert patch log lines to AKV (DEFECT) [ISLPRONTO-1070] More

Description

In previous versions, some log lines were not in AKV format. This was now redesigned and now, all log lines from ISL Pronto module should be in AKV format.

The defect was fixed.

[PREVIEW] ISL Pronto - Module - File type blocking (DEFECT) [ISLPRONTO-1085] More

Description

In previous versions, it was possible to send different file types through ISL Pronto. This was not redesigned, so that files are now checked and rejected if the file type is blocked on ISL Conference Proxy.

The defect was fixed.

Flags for this ticket are disabled by default.