EU servers cloud update 28-2-18

Improvement Highlights

• Cleaned up confusing brand settings
• Auditing for lock outs and administrator login/logout attempts
• Improved branding UX flow of webmail integration plugin for atmail mail server
• Updated jQuery and jQuery-UI libraries
• Random password generator in atmail mail server account manager
• New theme settings to for atmail suite integration theme edit form

Bug Fixes

• Delete_account script fixed allowing admins to delete accounts
• Deleting a brand, then domain is still assigned to it in the DB resolved
• Fixed issue with some database migration scripts
• Fixed various areas in mail server that was missing internationalization support
• Forgotten password was not functional - resolved by adding a new configuration for an atmail mail server administration api user

Security Improvements/Fixes

• Branding calls can expose customer enumeration
• Stored XSS in theme name
• Missing input validation -> Negative value for quota
• Missing input validation - searches
• Outdated jQuery library with CVE, upgraded
• Secure flag now used for admin cookie
• Password policy settings checked against Global settings even if Global has been disabled
• "accountsettingssave" API method now checks against password policy
• Admin users should not be allowed to change the password policy of its own role
• Error on disabling password policy for a domain when there is a global policy as well
• Global password policy is not applied while creating mail account if domain password policy is disabled
• Password policy was not applied to forgot password for email users. 

---

atmail suite summary

Epics

• Password policy and good practices features and improvements to increase security and configuration options for the atmail product line
• Translation support and refresh

New Feature Highlights

• API server now uses new atmail mail server administration API user to update mail server password
• API server can now store authentication details client side

Improvement Highlights

• New API authentication method which uses the client side storage for service accounts credentials
  • This includes new authentication flows such as prompting for a service account password
• Internationalization improved
• New translation - Dutch
• All translations refreshed
• Forgotten password will now update your service account passwords
• Password policy is now applied to forgot password for email users

Bug Fixes

• Calendar VEVENTS that contain UTC timezone can now be processed
• Error now displayed to user when a calendar invite fails to be processed
• Fixed error where an invited event cannot be modified
• When deleting from important list task stays in important list
• Support for short TZID field in calendar invites added
• Correctly changes service account passwords with forgotten password, not just main user
• Fixed various nil pointers and invalid memory address issues in calendar event processing
• Accepting calendar invites sent from Apple products duplicates DTSTAMP resolved
• Fixed JavaScript error breaking calendar when using locale other then English
• API proxy server side event not releasing connections correctly on disconnect.

Known Issues

• API call getContacts → blank {} properties is treated as NULL
• atmail suite → When receiving a thread update, the avatar is not updated to latest replied user

---

atmail dav summary

Bugs Fixes

• Fixed initialize declaration in PropertyStoage
• Calendar VEVENTS when snoozing in atmail suite are now reflected in Outlook for Mac
• Accepting calendar invites sent from Apple products duplicates DTSTAMP resolved

---

Changelog