ISL Conference Proxy 4.4.1947.49 with modules for Windows and Linux (2020-02-06)

 

On 6th of February the following was released: 

  • ISL Conference Proxy 4.4.1947.49 for Windows 32bit (Platform=win32, Revision=3696b1d8f17b13f30e729a5b1814880a476117a7, release_date=2020-02-04, req_os_version=0x06000000-0x7fffffff)
  • ISL Conference Proxy 4.4.1947.49 for for Windows 64bit (Platform=win64, Revision=3696b1d8f17b13f30e729a5b1814880a476117a7, release_date=2020-02-04, req_os_version=0x06000000-0x7fffffff)
  • ISL Conference Proxy 4.4.1947.49 for for Linux 32bit (Platform=linux, Revision=3696b1d8f17b13f30e729a5b1814880a476117a7, release_date=2020-02-04, req_os_version=0x0206170000-0xffffffffff)
  • ISL Conference Proxy 4.4.1947.49 for for Linux 64bit (Platform=linux64, Revision=3696b1d8f17b13f30e729a5b1814880a476117a7, release_date=2020-02-04, req_os_version=0x0206170000-0xffffffffff)

Modules

  • Authentication 4.4.1947.49 (revision=3696b1d8f17b13f30e729a5b1814880a476117a7, release_date=2020-02-04)
  • Backup 4.4.1947.49 (revision=3696b1d8f17b13f30e729a5b1814880a476117a7, release_date=2020-02-04)
  • Core Login 4.4.1947.49 (revision=3696b1d8f17b13f30e729a5b1814880a476117a7, release_date=2020-02-04)
  • DNS 4.4.1947.49 (revision=3696b1d8f17b13f30e729a5b1814880a476117a7, release_date=2020-02-04)
  • GeoIP 4.4.1947.49 (revision=3696b1d8f17b13f30e729a5b1814880a476117a7, release_date=2020-02-04)
  • ISL AlwaysOn 4.4.1947.49 (revision=3696b1d8f17b13f30e729a5b1814880a476117a7, release_date=2020-02-04)
  • ISL Groop 4.4.1947.49 (revision=3696b1d8f17b13f30e729a5b1814880a476117a7, release_date=2020-02-04)
  • ISL Light 4.4.1947.49 (revision=3696b1d8f17b13f30e729a5b1814880a476117a7, release_date=2020-02-04)
  • ISL Pronto 4.4.1947.49 (revision=3696b1d8f17b13f30e729a5b1814880a476117a7, release_date=2020-02-04)
  • Locale 4.4.1947.49 (revision=3696b1d8f17b13f30e729a5b1814880a476117a7, release_date=2020-02-04)
  • NTP 4.4.1947.49 (revision=3696b1d8f17b13f30e729a5b1814880a476117a7, release_date=2020-02-04)
  • PostgreSQL 4.4.1947.49 (revision=3696b1d8f17b13f30e729a5b1814880a476117a7, release_date=2020-02-04)
  • Reports 4.4.1947.49 (revision=3696b1d8f17b13f30e729a5b1814880a476117a7, release_date=2020-02-04)
  • Storage 4.4.1947.49 (revision=3696b1d8f17b13f30e729a5b1814880a476117a7, release_date=2020-02-04)
  • System Monitor 4.4.1947.49 (revision=3696b1d8f17b13f30e729a5b1814880a476117a7, release_date=2020-02-04)

Translations

  • backup_20200204_20200204_091052.translation
  • core_login_20200204_20200204_091052.translation
  • isl_alwayson_20200204_20200204_091052.translation
  • isl_conference_proxy_20200204_20200204_091052.translation
  • isl_groop_20200204_20200204_091052.translation
  • isl_light_20200204_20200204_091052.translation
  • isl_pronto_20200204_20200204_091052.translation
  • reports_20200204_20200204_091052.translation

Update availability

All updates, except translations, have release date set to 2020-02-04. Your ESS will need to be  same or higher to be able to update your server. This release is  available to all countries except Japan.

Upgrading to new version

This are server side updates so hosted service users do not need to do anything.

Server license users please check Upgrading Server License

Improvements

ISL Conference Proxy - Core - Sanitize web server internal error URLs (SECURITY) [ISLCONFPROXY-2064] More

Description

URLs in web server internal error reports are now sanitized (sensitive information is removed).

ISL Conference Proxy - Core - Improve file storage checks (SECURITY) [ISLCONFPROXY-2088] More

Description

File storage was updated to do more security checks. Scope is now checked in all interactions. Output directory name (mapped from scope) and file name must be a filesystem safe name. Another check is made if names contain valid characters and are of appropriate length.

ISL Conference Proxy - Core - Upgrade OpenSSL to 1.0.2u (SECURITY) [ISLCONFPROXY-2125] More

Description

OpenSSL library was updated to version 1.0.2u due to security vulnerabilities.

ISL AlwaysOn - Module - Remove Setting "Subsystem register computer debug log" and port obsolete register_action logs to hag (FEATURE) [ISLALWAYSON-1490] More

Description

ISL AlwaysOn module was using old style of logs, which are now replaced with new style logs.

ISL AlwaysOn - Module - dump more info when user connects to a computer (FEATURE) [ISLALWAYSON-1509] More

Description

When user connects to remote computer hag logs show additional info on edge server.

New origin tags (WA_ORIGINTAGS_TXT) include:

  • c_id ... db computer id
  • co_id ... db computer connection id
  • sn ... internal computer structure seq
  • st ... computer connection object status
  • ver ... computer connection object version
  • cmd ... command to be executed

ISL Conference Proxy - Core - DT delayed delete & undelete support (FEATURE) [ISLCONFPROXY-1732] More

Description

Marked for deletion (trash marker) support was added to direct tables backend. Rows that are marked for deletion:

  • will not be visible to modules by default similar to truly deleted rows (for GRID garbage collector)
  • may be undeleted
  • will get removed after a delay, by default 14 days

ISL Conference Proxy - Core / Module DNS / Module Storage - Undelete in /conf (FEATURE) [ISLCONFPROXY-1742] More

Description

Undelete support was added to core objects in ICP web admin interface "/conf":

  • domains (sessions, history and users are not undeleted recursively)
  • users (sessions and history are not undeleted recursively, 2FA configuration is fully restored however)
  • bulk files (debug page)
  • customizations
  • subdomains
  • DNS zones
  • storage areas

ISL Conference Proxy - Core - Register all servers setting in GRID static registry (FEATURE) [ISLCONFPROXY-1878] More

Description

The server stores all registered settings into a dedicated DT table. Before settings were simply held in memory. This was done so settings can be read and served by module apps.

ISL Conference Proxy - Core - Add support for / URL in module SDK (FEATURE) [ISLCONFPROXY-1909] More

Description

Module SDK apps may now register webapp handler on "/" with register_webapp_handler to cover:

  • / itself
  • other unknown URLs that are not handled by ICP already

ISL Conference Proxy - Core / Core Login - Dump SAML crypto (FEATURE) [ISLCONFPROXY-1925] More

Description

ICP was extended to support JSON certificate dump protocol. Core Login SAML crypto dump is now implemented, web admin Debug > cryptography.zip will contain:

  • corelogin/saml/sp.crt
  • corelogin/saml/sp.pvk (only if dev flag "Crypto ZIP dump private keys" is enabled)
  • corelogin/saml/idp.N.crt

ISL Conference Proxy - Core - Register module enabled permission with standard APIs (FEATURE) [ISLCONFPROXY-1965] More

Description

Feature module permissions for ISL Light, ISL AlwaysOn, ISL Groop and ISL Pronto are now registered using standard internal APIs. The default value will now be externally visible in table "isldt_default_configuration". The module enabled permission " enabled" is now always Yes by default in web admin even if there is no license installed (previously No if the license was not valid).

ISL Conference Proxy - Core - Add 8 settings for min password strength (FEATURE) [ISLCONFPROXY-1966] More

Description

Following settings regarding password strength were added to "Configuration/Security":

  • Minimum password length
  • Maximum password length
  • Minimum number of custom special characters required in passwords
  • List of custom special characters
  • Minimum number of uppercase characters required in passwords
  • Minimum number of lowercase characters required in passwords
  • Minimum number of digit characters required in passwords
  • Allow password to start or end with whitespace

ISL Conference Proxy - Core - Report HTTPS/X509 certificate expiry times (FEATURE) [ISLCONFPROXY-1971] More

Description

Certificate expiry checks were added for:

  • HTTPS certificate
  • HTTPS chain certificates
  • GRID certificate
  • Application MUX SSL (client to server) certificates
  • Certificate dump API (see ISLCONFPROXY-1925):
    • SAML service provider certificate
    • SAML identity provider certificates

"Not valid before" is now used in all certificate checks. Expiry notifications will not be reported until the last third of valid interval. For example, 90 day certificate will limit notifications to last 30 days. General notification schedule was not changed:

  • every day last 15 days before expiry
  • 30 days before expiry
  • 60 days before expiry

Authenticode certificate check was corrected to UTC. License check is still done in local timezone.

Debugging file is written on each check into _info.json.

New log lines were added to "[Core] Certificate/license expiry check":

  • certificate expired (alert)
  • failed to get file (critical)
  • expiry info not available (notice)
  • failed to check expiry info (critical)

ISL Conference Proxy - Core - DB notification log execution time (FEATURE) [ISLCONFPROXY-1981] More

Description

New log lines were added to database change notify:

  • db notification handling started with long delay (general ICP DB queue)
  • db notification handled with long execution time (general ICP DB queue)
  • direct tables notification handled with long execution time (DT native queue)

Severity threshold:

  • 5s: warning
  • 20s: critical

Log lines are limited to one unique event (message, severity) per minute. Critical severity event will suppress warning for a minute.

Setting "Performance > Callback event warning report threshold in ms" was removed from /conf. Legacy log lines for general ICP DB queue and DT native queue were removed.

ISL Conference Proxy - Core - WebAPI2 akv log simpler messages (FEATURE) [ISLCONFPROXY-1982] More

Description

Log messages for WebAPI2 were simplified from variable format

"WebAPI2 request {served,error}{, with long execution time, with excessive execution time}"

to regular messages:

  • WebAPI2 request error:
    • USER_ERROR: error
    • INTERNAL_ERROR: critical
    • IMPLEMENTATION_ERROR: critical
  • WebAPI2 request served:
    • OK: info

and additional log line:

  • WebAPI2 request long execution time:
    • 15s: warning
    • 30s: critical

ISL Conference Proxy - Core - Add simple/common password database and check checkbox (FEATURE) [ISLCONFPROXY-1983] More

Description

New permission "Reject passwords from password_blacklist.txt" was added to "Configuration/Security". When this permission is enabled, passwords will be compared to common password database (text file in ISL Conference Proxy install directory). Default common password database can be overridden by uploading text file with name "password_blacklist.txt" to ISL Conference Proxy private storage.

ISL Conference Proxy - Core Login - lower severity for `InResponseTo` does not match any of the possible request IDs (FEATURE) [ISLCONFPROXY-1987] More

Description

Critical log "`InResponseTo` does not match any of the possible request IDs (expected [])" was lowered to error severity level.

ISL Conference Proxy - Core - Lower severity to error for log "CPLANG/CPVER parameter sanitized to deleted value" (FEATURE) [ISLCONFPROXY-1990] More

Description

Log lines have error severity level now if the request referrer does not match ICP own domains (critical previously):

  • CPLANG parameter sanitized to deleted value
  • CPVER parameter sanitized to deleted value

ISL Conference Proxy - Core - Refresh GRID static registry on settings change (FEATURE) [ISLCONFPROXY-1997] More

Description

GRID static registry will now track changes in GRID configuration. For example: removing a server from GRID will remove the server's groups and keys.

ISL Conference Proxy - Core - Add logs for packet generator and bulk files (FEATURE) [ISLCONFPROXY-1999] More

Description

AKV logs were added for:

  • [Core] Packet generator (mostly debug level)
  • [Core] Bulk files (many warning-critical messages)
  • subprocess execution in packet generator (debug level)
  • task tracker in packet generator (debug level)

ISL Conference Proxy - Core - GRID static data into designated table (FEATURE) [ISLCONFPROXY-2000] More

Description

GRID static registry support for custom DT tables was added.

ISL Conference Proxy - Core - Add support for Korean language in ISL Conference Proxy (FEATURE) [ISLCONFPROXY-2008] More

Description

ISL Conference Proxy now accepts translated strings for ko (Korean) language and includes them in generated translation files.

ISL Conference Proxy - Core - Web init flags (FEATURE) [ISLCONFPROXY-2017] More

Description

Flag error will now print the reason to stderr and into file "flag_error.txt"

ISL Conference Proxy - Core - Use adjusted wallclock time instead of system time in AKV logs (FEATURE) [ISLCONFPROXY-2030] More

Description

AKV logs now use NTP adjusted wallclock time instead of system time.

ISL Conference Proxy - Core - GRID static registry per server get API (FEATURE) [ISLCONFPROXY-2032] More

Description

API to access group/key => servers cache was added.

ISL Conference Proxy - Module SDK - improve join/defer/close error descriptions (FEATURE) [ISLCONFPROXY-2033] More

Description

Error messages were improved. In case of error, its description is now added on stack.

ISL Conference Proxy - Core - Show setting sections and subsections in conf (FEATURE) [ISLCONFPROXY-2035] More

Description

Settings sections and subsections were added to conf. Empty sections are skipped.

ISL Conference Proxy - Core - Reproducible PostgreSQL function dump (FEATURE) [ISLCONFPROXY-2051] More

Description

Dev flag "PostgreSQL dump functions" (file: pg_dump_functions) was implemented, which dumps PostgreSQL functions installed in "public" namespace into a file "pg_dump_functions.sql" when ISL Conference Proxy finishes DB startup. The event order in generated SQL is now static and reproducible.

[INTERNAL] ISL Conference Proxy - Core / Module SDK - Simplify flags to be more similar to hefa_flag (FEATURE) [ISLCONFPROXY-2054] More

Description

Flags were simplified to be more similar to hefa_flag.

ISL Conference Proxy - Core - Report HTTP 403 as critical log when referrer matches (FEATURE) [ISLCONFPROXY-2055] More

Description

HTTP 403 will now be reported as critical severity instead of error severity if:

  • client has intranet IP
  • or matching Host: and Referer: host, where domain is served by ICP (license address, primary DNS server zone, ...)

[INTERNAL] ISL Conference Proxy - Core - Devflag to disable OpenSSL buffers (FEATURE) [ISLCONFPROXY-2058] More

Description

Devflags "openssl_buffers" and "no_openssl_buffers" were added to ICP. Default value for OpenSSL buffers is enabled.

ISL Conference Proxy - Core - Add logs to check_change_profile catch (FEATURE) [ISLCONFPROXY-2066] More

Description

Logs were added to check_change_profile.

[INTERNAL] ISL Conference Proxy - Core - DB API throw hefa::exception instead of xapi_exception (FEATURE) [ISLCONFPROXY-2067] More

Description

Exceptions thrown in DB API are now hefa::exception instead of xapi_exception to improve exception reporting in logs.

ISL Conference Proxy - Core - Filter out result exception info from non-internal and non-system WebAPI2 calls (FEATURE) [ISLCONFPROXY-2070] More

Description

Changes regarding "errors" object in WebAPI2:

  • "exception" field is now filtered out if the method is not "internal/" and not "system/".
  • unhandled exception is now internally handled as "exception" field instead of "info"

WA_ERRORS_TXT log field stays the same.

WebAPI2 JSON and XML input parser will now report exceptions in WA_ERRORS_TXT log field.

ISL Conference Proxy - Core - Do not report internal errors for remote proxy channels (FEATURE) [ISLCONFPROXY-2076] More

Description

Web server internal errors are now reported at notice severity on intermediate ICP (remote proxy source). Endpoint ICP (remote proxy target) will still report at critical severity.

ISL Conference Proxy - Core - Limit HTTP event sender log line (FEATURE) [ISLCONFPROXY-2079] More

Description

HTTP event sender log line field HEVT_DATA_TXT is now limited to 1800 bytes (pre-escaping).

ISL Conference Proxy - Core - ICP Support new p1-*, p2-*, ... p9-* in "Enable resolved/hotfix-/req- flags" dev setting (FEATURE) [ISLCONFPROXY-2083] More

Description

Flag categories in "Debug/Flags" are now:

  • ^[0-9] (released): always enabled
  • deployed: enabled in beta or with enable_flags
  • ^p[1-8]- (for QA): enabled with enable_flags
  • resolved: enabled with enable_flags

Obsolete categories were removed and have no special treatment anymore:

  • tested
  • hotfix-
  • req-
  • stalled-
  • in-progress

[INTERNAL] ISL Conference Proxy - Module SDK - icperr.Add(f), icperr.Close handle empty desc, icperr.Go (FEATURE) [ISLCONFPROXY-2097] More

Description

API improvements, code refactoring.

[INTERNAL] ISL Conference Proxy - Core - Support flags.txt in module dir (FEATURE) [ISLCONFPROXY-2100] More

Description

"flags.txt" file with a standard "tag:description" format for tagging flags is now supported. ICP init time cache is stored in "module_flags.txt" (will be deleted if there are no module flags.txt). "flags.txt" location should be:

  • module_/flags.txt, or
  • moduleapp_dev//flags.txt

ISL Conference Proxy - Module GeoIP - Update database to 2020-01-21T22:56:49Z (FEATURE) [ISLCONFPROXY-2119] More

Description

Updated GeoIP to use the database GeoLite2-City 2020-01-21T22:56:49Z

ISL Groop - Module - Session undelete in /conf (FEATURE) [ISLGROOP-990] More

Description

Support for undelete was added to ISL Groop session history in /conf. Search for user (creator) field now takes effect in both history and active.

ISL Light - Module - Session delete and undelete in /conf (FEATURE) [ISLLIGHT-5055] More

Description

ISL Light session history delete and undelete support was added to /conf.

ISL Light - Module - add setting for ISL Light package id for Android to be used on join page (FEATURE) [ISLLIGHT-5082] More

Description

Added support to customize Android intent package in Join Session WebAPI through setting ISL Light / Androidintent package in join session. The default value is com.islonline.isllight.mobile.android.

ISL Light - Module - Use ISL Light instead of ISL Light Desk when starting and resuming sessions (FEATURE) [ISLLIGHT-5220] More

Description

When requesting a supporter link to start a new session through isllight/session/start/1, the response included a session start link that invoked ISL Light Desk. A new webapi2 call isllight/session/start/2 has been added and its response includes a session start link that invokes ISL Light, with a fallback to ISL Light Desk. When attempting to transfer a session to a supporter or to invite a supporter to a session, the resulting link invoked ISL Light Desk. The resulting session transfer or session invite link now invokes ISL Light, with a fallback to ISL Light Desk.

ISL Light - Module - DB notification / RPC log long execution time (FEATURE) [ISLLIGHT-5347] More

Description

New logs were added to monitor long execution time of

  • database notifications
  • RPC calls

Thresholds:

  • 2s: warning
  • 15s: critical

ISL Pronto - Module - Session delete and undelete in /conf (FEATURE) [ISLPRONTO-1185] More

Description

ISL Pronto session history delete and undelete support was added to /conf.

ISL Pronto - Module - Add index state debug panel in /conf (FEATURE) [ISLPRONTO-1314] More

Description

ISL Pronto in-memory debug page was added to web administration with full XML dump of indexes and caches. Not covered:

  • file downloads
  • GRID transports
  • in-page chat

ISL AlwaysOn - Module - set default os_version on macOS (DEFECT) [ISLALWAYSON-1492] More

Description

In previous version there was issue with selecting action to run on macOS. This was now redesigned and issue should not happen anymore.

The defect was fixed.

ISL AlwaysOn - move action update to GRIDCALL rp channel (DEFECT) [ISLALWAYSON-1498] More

Description

In previous versions action status was updated on edge server (server that is connected to a computer). This could result in action not being updated and the user would sometimes get an error using action. This was now redesigned so when action is started on one server (origin server), this server will then manage started action and the edge server will forward action status update to origin server.

The defect was fixed.

ISL Conference Proxy - Backup - fix error when no locale installed (DEFECT) [ISLCONFPROXY-1978] More

Description

In previous versions, when there was no "locale" module installed, backup pages were not working because of javascript error. This was now redesigned and error should not be present.

The defect was fixed.

ISL Conference Proxy - Core - Show ISL AlwaysOn computer history errors in modal (DEFECT) [ISLCONFPROXY-2006] More

Description

In previous versions ISL AlwaysOn history errors when choosing to large time frame were displayed on page. This was now redesigned, modal should stay open and error should be displayed there.

The defect was fixed.

ISL Conference Proxy - Core Login - Fix broken layout on mobile when configuring 2FA (DEFECT) [ISLCONFPROXY-2011] More

Description

In previous versions 2FA pages were not using responsive design on mobile devices. This was now redesigned and layout should not be broken anymore.

The defect was fixed.

ISL Conference Proxy - Core - Digital signature does not match, improve error message (DEFECT) [ISLCONFPROXY-2034] More

Description

File storage signed file upload error string was fixed: "Digital signature does match the file..." was replaced with "Digital signature does not match the file..."

The defect was fixed.

ISL Conference Proxy - Core - Change valid password rule check order (DEFECT) [ISLCONFPROXY-2056] More

Description

In previous versions valid password regex check was applied before valid password rules. This was now redesigned and password rules are now applied before regex check. New order of rules is now:

  • Max len
  • Whitespace
  • Min uppercase (Min special chars used to be here)
  • Min lowercase
  • Min digits
  • Min special char
  • Min len
  • Common password DB

The defect was fixed.

ISL Light - Module - remove empty macs from desk and client software (DEFECT) [ISLLIGHT-5374] More

Description

In previous version when client reported MAC address that contained empty address, multiid calculation might not be the same. This was now redesigned and empty MAC address is now removed before it is stored in database or used in multiid calculation.

The defect was fixed.

ISL Pronto - Module - Apply pronto::chat_max_query_range setting to query_chat_history task (DEFECT) [ISLPRONTO-1155] More

Description

In previous version retrieving chat history in ISL Pronto program did not check "Maximum chat query range" ISL Pronto setting in /conf. This was now redesigned and retrieving chat history should respect setting.

The defect was fixed.

ISL Pronto - Module - Clear escaped strings before escaping again and improve feedback on edge case chat history search failure (DEFECT) [ISLPRONTO-1294] More

Description

In previous version when retrieving chat history where multiple queries were executed error is shown in ISL Pronto Debug window. This was now redesigned and error in debug window should not appear anymore.

The defect was fixed.

ISL Pronto - Module - InPage webapi log unexpected exception (DEFECT) [ISLPRONTO-1311] More

Description

In previous versions InPage webapi did not log unexpected exceptions. This was now redesigned and new logs are added.

The defect was fixed.

Was this article helpful?

Cookie Consent

We use cookies to deliver and maintain ISL Online services, as well as to ensure the best browsing experience for our users. Three types of cookies are used:

Detailed information about the Cookies, their purpose, lifetime, expiration date and more can be found in our Cookie Policy and Privacy Policy. You can update your cookie preferences at any time.