How can we help?




Follow

US servers cloud update 6-3-18

Stewart -

Release overview

Release Date: 6 March 2018
Servers: atmail cloud US servers
Release Versions: atmail suite - 8.3.1 / atmail dav server - 8.3.1 / atmail mail server - 8.3.1

Please Note:
Release 8.3.1 marks the first release that all products in that atmail 8 line up share the same version number.

atmail mail server summary

Epics

  • Password policy and good practices features and improvements to increase security and configuration options for the atmail product line
  • Security fixes

Improvement Highlights

  • Cleaned up confusing brand settings
  • Auditing for lock outs and administrator login/logout attempts
  • Improved branding UX flow of webmail integration plugin for atmail mail server
  • Updated jQuery and jQuery-UI libraries
  • Random password generator in atmail mail server account manager
  • New theme settings to for atmail suite integration theme edit form

Bug Fixes

  • Delete_account script fixed allowing admins to delete accounts
  • Deleting a brand, then domain is still assigned to it in the DB resolved
  • Fixed issue with some database migration scripts
  • Fixed various areas in mail server that was missing internationalization support
  • Forgotten password was not functional - resolved by adding a new configuration for an atmail mail server administration api user

Security Improvements/Fixes

  • Branding calls can expose customer enumeration
  • Stored XSS in theme name
  • Missing input validation -> Negative value for quota
  • Missing input validation - searches
  • Outdated jQuery library with CVE, upgraded
  • Secure flag now used for admin cookie
  • Password policy settings checked against Global settings even if Global has been disabled
  • "accountsettingssave" API method now checks against password policy
  • Admin users should not be allowed to change the password policy of its own role
  • Error on disabling password policy for a domain when there is a global policy as well
  • Global password policy is not applied while creating mail account if domain password policy is disabled
  • Password policy was not applied to forgot password for email users. 

atmail suite summary

Epics

  • Password policy and good practices features and improvements to increase security and configuration options for the atmail product line
  • Translation support and refresh

New Feature Highlights

  • API server now uses new atmail mail server administration API user to update mail server password
  • API server can now store authentication details client side

Improvement Highlights

  • New API authentication method which uses the client side storage for service accounts credentials
    • This includes new authentication flows such as prompting for a service account password
  • Internationalization improved
  • New translation - Dutch
  • All translations refreshed
  • Forgotten password will now update your service account passwords
  • Password policy is now applied to forgot password for email users

Bug Fixes

  • Calendar VEVENTS that contain UTC timezone can now be processed
  • Error now displayed to user when a calendar invite fails to be processed
  • Fixed error where an invited event cannot be modified
  • When deleting from important list task stays in important list
  • Support for short TZID field in calendar invites added
  • Correctly changes service account passwords with forgotten password, not just main user
  • Fixed various nil pointers and invalid memory address issues in calendar event processing
  • Accepting calendar invites sent from Apple products duplicates DTSTAMP resolved
  • Fixed JavaScript error breaking calendar when using locale other then English
  • API proxy server side event not releasing connections correctly on disconnect.

Known Issues

  • API call getContacts → blank {} properties is treated as NULL
  • atmail suite → When receiving a thread update, the avatar is not updated to latest replied user

atmail dav summary

Bugs Fixes

  • Fixed initialize declaration in PropertyStoage
  • Calendar VEVENTS when snoozing in atmail suite are now reflected in Outlook for Mac
  • Accepting calendar invites sent from Apple products duplicates DTSTAMP resolved

Changelog 

T Summary Status Component(S)
Bug Error when createing cloud account through store or Security > Add cloud RESOLVED Mail server
Bug ApiAdmin using wrong hash RESOLVED  API server
Bug SPECIAL-USE missing in dovecot 2.33.2 RESOLVED Mail server
Bug Password policy not displayed on error on forgot password RESOLVED Webmail
Bug Forgotten Password is broken RESOLVED  Mail server
Bug Forgotten password path doesn't apply password policy RESOLVED  Mail server
Bug Password policy is not applied to forgot password for email users RESOLVED  Mail server
Bug SSE not releasing connections correctly on disconnect RESOLVED JMAP API
Bug Can no longer add domains in mailserver RESOLVED  Mail server
Bug Forgotten password is broken RESOLVED JMAP API, Webmail
Bug Admin users should not be allowed to change the password policy of its own role RESOLVED  Mail server
Bug Javascript error breaks calendar event add when using non english locale RESOLVED Webmail
Bug Random password generated by MS will stop apiserver provisioning RESOLVED Mail server
Bug Unable to login to webmail after updating User password by webadmin RESOLVED  Webmail, Mail server
Bug Apostrophes in international descriptions breaking webmail RESOLVED  Webmail
Bug Secure flag should be used for admin cookie RESOLVED Mail server
Bug Outdated libs -> jQuery RESOLVED Mail server
Bug Missing input validation - searches RESOLVED Mail server
Bug Missing input validation -> Negative value for quota RESOLVED Mail server
Bug Stored XSS theme name RESOLVED Mail server
Bug Customer enumeration via branding call RESOLVED Mail server
Bug delete_account cron scripts don't account for new Auditing code RESOLVED Mail server
Bug When deleting from important list task stays in important list RESOLVED Calendars, Tasks, Webmail
Bug accepting calendar error - Timezone: UTC Not found RESOLVED Calendars, JMAP API
Bug CALENDAR: runtime error: invalid memory address or nil pointer dereference RESOLVED Calendars, Webmail
Bug CALENDAR: nil pointer in calendar event RESOLVED Calendars, Webmail
Bug CALENDAR - Snooze Webmail to Outlook for Mac RESOLVED Calendars, Webmail
Bug Invited event cannot be modified. RESOLVED Calendars, Webmail
Bug No error displayed to user when actioning a calendar invite fails RESOLVED Dav, Webmail
Bug Support for short TZID field in calendar invites RESOLVED Calendars, Webmail
Bug accepting calendar invitation error RESOLVED Dav, Webmail
Bug Accepting calendar invites sent from Apple products duplicates DTSTAMP RESOLVED Calendars, Dav, Webmail
Improvement Add API Admin to mailserver RESOLVED Mail server, Mail Server API
Improvement On admin user password expiry user should be enforced to change the password RESOLVED  Mail server
Story Admin Account login/logout and lockouts will be logged in DB RESOLVED Mail server
Story apiserver doesn't support UTC timezone RESOLVED API, JMAP API
Story As an administrator I expect that no passwords are stored on disk in a reversible encryption format RESOLVED JMAP API, Passwords, Webmail
Story As a service desk operator I would like to assign a one-time password to a user or admin. The User/admin should then be prompted for a new password on use of this one time pass RESOLVED Mail server, Passwords, Webmail
Story As an administrator I do not want any information that can be used to guess passwords, a generic message should always be used RESOLVED Mail server, Webmail
Story As an admin user I would like my account to be locked out for a period of time after a specified amount of failed login attempts RESOLVED Mail server
Story As an administrator I would like to enforce good password practices on my other subadmins RESOLVED Mail server
Story As an admin user I do not want password policies to be applied to any one-time passwords or tokens RESOLVED Mail server, Passwords
Story As an webmail/admin user I want to define my password using special characters RESOLVED Mail server, Passwords, Webmail
Sub-task Database migration scripts RESOLVED  Mail serfver
Sub-task Add password change frequency requirement RESOLVED  Mail server
Sub-task Auditing for lock outs and administrator login/logout attempts RESOLVED  Mail server
Sub-task New password must be different from the last five passwords used RESOLVED  Mail server
Sub-task Deleting a brand, then domain is still assigned to it in the DB RESOLVED Mail server
Sub-task Clean up confusing brand settings slightly RESOLVED Mail server
Task Import new translations, including new Dutch file RESOLVED Webmail

 

 
Have more questions? Submit a request

Comments


Contact our support team


+61 (7) 5357 6605       support@atmail.com