ISL Conference Proxy 4.4.1747.56 with modules for Windows and Linux (2018-04-18)

 

General Information

On 18th of April the following was released: 

  • ISL Conference Proxy 4.4.1747.56 for Windows 32bit (Platform=win32, Revision=09c1bb84d1408ec0700da49873554c3c829f4f64, release_date=2018-04-17, os_version=0x06000000-0x7fffffff)
  • ISL Conference Proxy 4.4.1747.56 for Windows 64bit (Platform=win64, Revision=09c1bb84d1408ec0700da49873554c3c829f4f64, release_date=2018-04-17, os_version=0x06000000-0x7fffffff)
  • ISL Conference Proxy 4.4.1747.56 for Linux 32bit (Platform=linux, Revision=09c1bb84d1408ec0700da49873554c3c829f4f64, release_date=2018-04-17)
  • ISL Conference Proxy 4.4.1747.56 for Linux 64bit (Platform=linux64, Revision=09c1bb84d1408ec0700da49873554c3c829f4f64, release_date=2018-04-17)

Modules

  • ISL AlwaysOn 4.4.1747.56 (release_date=2018-04-17, revision=09c1bb84d1408ec0700da49873554c3c829f4f64)
  • ISL Pronto 4.4.1747.56 (release_date=2018-04-17, revision=09c1bb84d1408ec0700da49873554c3c829f4f64)

Translations

  • core_login_20180416_20180416_065607.translation
  • isl_alwayson_20180416_20180416_065607.translation
  • isl_conference_proxy_20180416_20180416_065607.translation
  • isl_groop_20180416_20180416_065607.translation
  • isl_light_20180416_20180416_065607.translation
  • isl_pronto_20180416_20180416_065607.translation
  • reports_20180416_20180416_065607.translation

Update availability

All updates, except translations, have release date set to 2018-04-17. Translations have release date set to 2018-04-16. Your ESS will need to be  same or higher to be able to update your server. This release is  available to all countries except Japan.

Upgrading to new version

This are server side updates so hosted service users do not need to do anything.

Server license users please check Upgrading Server License

Improvements

ISL Conference Proxy - Core / Module Storage - Storage download in /conf should be served securely (SECURITY) [ISLCONFPROXY-1605] More

Description

Storage area browser served files in trusted context and thus potentially allowing XSS. Files are now forced to download.

 

In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.

ISL Conference Proxy - Core - Update OpenSSL to 1.0.2o (SECURITY) [ISLCONFPROXY-1682] More

Description

OpenSSL library was updated to version 1.0.2n due to security vulnerabilities.

ISL Groop - Module - Serve session files with access control (SECURITY) [ISLGROOP-981] More

Description

For improved security, /file was replaced with /users/islgroop/webapi/session/file/download in session files page. Unlike /file, /users/islgroop/webapi/session/file/download will not work outside of valid logged in web browser session.

 

In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.

ISL Groop - Module - Use secure session file rename (SECURITY) [ISLGROOP-982] More

Description

ISL Groop allows session files to be renamed to arbitrary names (from .png to .exe for example), which could allow an attacker to trick users to download  malware in some specific scenarios. Changing file type (determined by  file extension) by rename cannot be done anymore. Additionally, bulk  files are renamed to their correct value stored in ISL Groop session  object when querying the session file list.

 

In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.

[PREVIEW] ISL AlwaysOn - Module - implement webapi islalwayson/computer/delete/2 that returns error in result (FEATURE) [ISLALWAYSON-982] More

Description

Webapi2 method "islalwayson/computer/delete/1" returned the result in body and not in result variable. The feedback of webapi2 method is in  field "data.ok". If this field is set to 1, then all is ok, but if field is set to 0 then, error occurred. This caused confusion with  developers. New webapi2 method ("islalwayson/computer/delete/2") was  added that returns error in result.

 

Flags for this ticket are disabled by default.

ISL AlwaysOn - Module - dont update last_used when sharing computer connection (FEATURE) [ISLALWAYSON-1249] More

Description

From now on, list of last used computers will not be updated when computer connection sharing changes.

 

In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.

[PREVIEW] ISL AlwasyOn - Module - allow group id in webapi islalwayson/user/grant/ and islalwayson/user/email (FEATURE) [ISLALWAYSON-1306] More

Description

Some of ISL AlwaysOn webapi2 methods accepts group code, but not  group id. Group id is obtained when using webapi2 method  "utils/groups/query/1". Group id and code are related - code can be used only for granting ISL AlwaysOn access. Two new webapi2 methods were  implemented - "islalwayson/user/grant/3" and "islalwayson/user/email/2"  that accepts group id to generate ISL AlwaysOn grant blob or join code.  Group id can only be used with authenticated user and the user must be a group member.

 

Flags for this ticket are disabled by default.

[PREVIEW] ISL AlwaysOn - Module - obsolete alwayon/* webapis (FEATURE) [ISLALWAYSON-1307] More

Description

In previous versions, ISL AlwaysOn module, registered some webapi2  method calls, that were not used by any of our product (they were  obsolete). This was redesigned so that ISL AlwaysOn module will not  register anymore this obsolete webapi2 methods. This methods are:

  • "islalwayon/computer/update/1"
  • "islalwayon/computer/connect/1"
  • "islalwayon/computer/search/1"
  • "islalwayon/user/grant/1"
 

Flags for this ticket are disabled by default.

ISL Conference Proxy - Core - Add a health check API for reverse proxy setups (FEATURE) [ISLCONFPROXY-1294] More

Description

Added health check API which can be used when reverse proxy is put in front of ISL Conference Proxy. With the new API functionality the  reverse proxy can check whether the server is available or not by making a request to:
[server_address]/health/server/enabled. If server is unavailable the response will be returned with error code 500.

 

In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.

ISL Conference Proxy - Core / Module Authentication - Custom error messages from external authenticators (FEATURE) [ISLCONFPROXY-1395] More

Description

Users that used external authenticator like LDAP, then they could get wrong login error if account was disabled, if password expired and so  on. This was redesigned so that now, users will get correct error. This  error texts can be configured in ISL Conference Proxy configuration page under Configuration / Security. The name of this setting is External  authenticator fail reason specification ([["regex", "html text"], ...]). 

 

In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.

ISL Conference Proxy - Core - Stabilize packet generator chunks (FEATURE) [ISLCONFPROXY-1501] More

Description

Packet generator for executables is now using a stable algorithm for  calculating cache key hashes and ensuring that they stay the same, even  after reboot or when only file timestamps change on disk but not  content, thus making it easier to debug related issues. unpackcache directory will be rebuilt because raw file chunk hashes (accessed with raw#filename in spec files) are now precalculated when unpacking.

 

In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.

ISL Conference Proxy - Core - Use file content etag in web server instead of file timestamp (FEATURE) [ISLCONFPROXY-1502] More

Description

Web server now serves content based etags instead of file timestamps  in all cases, to allow effective caching in GRID setup. Etag cache  stores 10000 file hashes and was implemented in ISLCONFPROXY-1501  to support packet generator raw file content hashes.

 

In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.

ISL Conference Proxy - Core - Split executable file to allow caching (FEATURE) [ISLCONFPROXY-1503] More

Description

Programs signed with authenticode (Windows desktop platform) are now  correctly sliced into smaller chunks to support proper caching.  Authenticode changes two bytes at the start of the executable ** and  might cause the entire chunk to be redownloaded. The executable is now  sliced into:

  • 512 bytes (not cached, authenticode change is here)
  • 256 kilobytes (cached, supports icon changes)
  • 512 kilobytes (cached, supports icon changes)
  • the rest (cached)
 

In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.

ISL Conference Proxy - Core - Replace /file with internal bulk file handler (FEATURE) [ISLCONFPROXY-1592] More

Description

For improved security, "/file" was removed and replaced with internal "/conf/api/bulk_file_download" in web admin. Unlike "/file",  "/conf/api/bulk_file_download" will not work outside of valid logged in  web browser session.

 

In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.

ISL Conference Proxy - Core - File type blocking (FEATURE) [ISLCONFPROXY-1600] More

Description

Settings "Blocked file extensions for user upload (.exe ...)" and  "Allowed file extensions for user upload (.txt ...)" were added to  "Security" to configure file type blocking for modules that support user file uploads and downloads: "ISL Groop", "ISL Pronto", "ISL AlwaysOn".  If allowed is set, the filter will function as whitelist and allow only  specified file extensions minus the file extensions in the blocked list. If allowed is not set, the filter will function as blacklist and block  the file extensions in the blocked list. Default blocked file extension  list: ".ade .adp .bat .chm .cmd .com .cpl .exe .hta .ins .isp .jar .js  .jse .lib .lnk .mde .msc .msi .msp .mst .nsh .pif .scr .sct .shb .sys  .vb .vbe .vbs .vxd .wsc .wsf .wsh".

 

In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.

[PREVIEW] ISL Conference Proxy - Core - Remove obsolete HTML tunnel support (FEATURE) [ISLCONFPROXY-1676] More

Description

HTML tunnel support was removed, because it is not used anymore by client software. URLs will return HTTP error 404.

 

Flags for this ticket are disabled by default.

ISL Groop - Module - File type blocking (FEATURE) [ISLGROOP-983] More

Description

File download and upload of blocked file types now shows an error to  user in web pages. ISL Groop application will fail to upload or download the blocked file types.

 

In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.

ISL Pronto - Module - Add form to submit patches to Administration pages (FEATURE) [ISLPRONTO-1079] More

Description

Added form in administrative pages which submits custom JSON patches for ISL Pronto grid objects.

 

In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.

ISL Pronto - Module - Show all instances of RAM object in Administration pages (FEATURE) [ISLPRONTO-1080] More

Description

Added support for showing all instances in ISL Conference Proxy  Configuration administration page, so that users can see if object  instances differ in any way.

 

In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.

ISL Pronto - Module - Add IP to file operation logs (FEATURE) [ISLPRONTO-1139] More

Description

Added "SOCK_CLIENT_IP" to log lines:

  • "user is not permitted to receive files"
  • "failed to check users pronto::allow_receive_file_in_chat permission"
  • "user is not permitted to send files"
  • "failed to check users pronto::allow_send_file_in_chat permission"
  • "upload was blocked"

ISL AlwaysOn - Module - catch invalid data on RPC auth message (DEFECT) [ISLALWAYSON-1260] More

Description

In previous version of ISL AlwaysOn module, there was issue with inadequate treatment of hexcode input data, and users could get Error 500. This was now redesigned, so that hexcode data is now correctly parsed, and instead of Error 500, users will now get error message saying that invalid sequence was provided.

The defect was fixed.

In previous versions, flags for this ticket were disabled by default, but now, they are enabled by default.

ISL Conference Proxy - Core - Incorrect input parameters for webapi2 call will cause unhandled exception instead of user error (DEFECT) [ISLCONFPROXY-1389] More

Description

If user specified incorrect input parameter in webAPI method  "utils/users/query/1" ( session code instead of user id ) this resulted  in internal server error instead of user error. WebAPI method was  redesigned, users will now receive user error instead of internal server error when providing incorrect code.

In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.

ISL Conference Proxy - Core Login - Improve error logs for crashing module (DEFECT) [ISLCONFPROXY-1494] More

Description

In certain cases the Default log mode of ISL Conference Proxy failed  to provide enough information to diagnose the problem. Log entries were  redesigned, they now contain additional information that should help  diagnose the problems in the future. HTTP server reports errors in the  log as well.

 

In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.

ISL Conference Proxy - Core - confproxy_moduleapp wrapper should handle ICP crash (DEFECT) [ISLCONFPROXY-1498] More

Description

In some cases, Core Login process was still running even if ISL  Conference Proxy (confproxy_server) crashed which lead to Unhandled  exception when users tried to login. This was redesigned, so that when  crash occur in confproxy_server, and when it is back online, users  should not get Unhandled exception on login.

 

In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.

[PREVIEW] ISL Conference Proxy - Storage - Check for empty storage configuration (DEFECT) [ISLCONFPROXY-1511] More

Description

When users created a new storage area the following log line was  shown in ISL Conference Proxy log: Storage: failed to read storage  configuration [XXX]: :Error in hefa-isljson.cpp:390:isljson::element::parse_json. A new flag was added which hides this kind of error in log. 

 

The defect was fixed.

ISL Light - Module - Show 2FA not available error for ISL Light v3 (DEFECT) [ISLLIGHT-4674] More

Description

In previous version, if user had 2FA and tried login via ISL Light  Desk (v3) he got an error saying that provided username/password is  wrong. This was now redesigned so that correct error message is shown to user saying that two-factor authentication is required but not  supported with this version.

 

The defect was fixed.

 

In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.

ISL Pronto - Module - File type blocking (DEFECT) [ISLPRONTO-1085] More

Description

In previous versions, it was possible to send different file types  through ISL Pronto. This was not redesigned, so that files are now  checked and rejected if the file type is blocked on ISL Conference  Proxy.

 

The defect was fixed.

 

In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.

[PREVIEW] ISL Conference Proxy - Core - Restrict alternative admin accounts to a whitelist of user_ids (FEATURE) [ISLCONFPROXY-1669] More

Description

"Administrator account whitelist (user IDs)" setting was added in "Security" as additional protection for admin /conf login. Empty whitelist disables the feature. Entering one or more user IDs will create a whitelist of alternative user accounts, that will be granted administrator rights. The accounts will still need the setting "Administrator account: Yes" to be able to login into /conf.

Flags for this ticket are disabled by default.

Was this article helpful?