Release overview
Release Date: 19 November 2018
Release Versions: atmail suite - 8.4.1 / atmail dav server - 8.4.1 / atmail mail server - 8.4.1
Security Fixes
Special thanks to Asad Muhammad for identifying potential brute force attack vectors.
For our customers' protection, atmail doesn't disclose, discuss, or confirm security issues publically. This update includes a multitude of security fixes for both the atmail suite and atmail mail server. It is highly recommended that all atmail on-premises customers upgrade ASAP. If you are a direct client of atmail and further information is required please feel free to contact us in regards to the matter.
New Features
Product | Component | Title | Summary | Dependencies |
---|---|---|---|---|
atmail suite |
||||
atmail suite | File Storage | My Files |
|
N/A |
atmail suite | Calendar | Mini-Cal |
|
N/A |
atmail suite | 3rd Party Email Client configuration | Auto-Configuration Tool |
|
N/A |
atmail suite | Accounts | Support for new 3rd Party Accounts |
|
N/A |
atmail suite | Passwords | Password Policies and Best Practice |
|
atmail mail server |
atmail suite | Translation | New Translations |
|
N/A |
atmail suite | Settings | Empty trash on logout |
|
N/A |
atmail suite | Calendar | Send Invite "Toggle" |
|
N/A |
atmail suite | Mail Filters | Advanced Sieve UI |
|
N/A |
atmail suite | Quota | Combined Quota Mode |
|
N/A |
atmail suite | Password Management | External Password Management |
|
N/A |
atmail suite | Webmail | Email Composer Enhancements |
|
N/A |
atmail suite | JMAP Proxy | General |
|
N/A |
atmail mail server |
||||
mail server | Level 1 Support Functions | Enhanced Level 1 Support functionality for help desks |
|
N/A |
mail server | Password Management | New policies can be applied to administrator and email accounts |
|
N/A |
mail server | Password Management | Best practice enforcement |
|
N/A |
mail server | Password Management | One-time passwords |
|
N/A |
mail server | API | New admin api user |
|
N/A |
mail server | Branding | Multiple improvements to white-labelling and branding |
|
N/A |
mail server | Logging | Enhanced logging capabilities |
In addition to Level 1 Support Functionality, the following is available:
|
N/A |
mail server | administration | General |
|
N/A |
Product Improvements
Product | Component | Title | Summary | Dependencies |
---|---|---|---|---|
atmail suite | Internationalisation | Translation Improvements |
|
N/A |
atmail suite | Password Management | Forgot Password? |
|
atmail mail server |
atmail suite | In-app help | Updated help |
|
N/A |
atmail suite | Virtual folders | Configuration |
|
N/A |
atmail suite | Calendars | Invitations |
|
N/A |
atmail suite | Webmail | Email threading |
|
N/A |
atmail suite | Contacts | Group management |
|
N/A |
atmail suite | General | Performance Improvements |
|
N/A |
atmail suite | Email Headers | Date Parsing |
|
N/A |
atmail suite | Accounts | Only display relevant information |
|
N/A |
atmail suite | Webmail | Unread Count |
|
N/A |
atmail suite | Webmail | Visual Indicators |
|
N/A |
atmail suite | General |
|
N/A | |
atmail suite | Branding | White Label |
|
N/A |
atmail suite | General | General |
|
N/A |
atmail suite | Calendar | Accessibility |
|
N/A |
mail server | Branding |
|
N/A | |
mail server | Administration | Auditing enhancements |
|
N/A |
mail server | Account Management |
|
N/A | |
mail server | Misc |
|
N/A | |
mail server | API | User Level Forwarding |
|
N/A |
mail server | Sieve | Whitelisting |
|
N/A |
mail server | anti-abuse | Scanning |
|
N/A |
mail server | Password policy | Policy Permissions |
|
N/A |
DAV server | General | Multiple Improvements |
|
N/A |
Bug Fixes
-
atmail suite
- Calendar VEVENTS that contain UTC timezone can now be processed
- Error now displayed to user when a calendar invite fails to be processed
- Fixed error where an invited event cannot be modified
- When deleting from important list task stays in important list
- Support for short TZID field in calendar invites
- Correctly changes service account passwords with forgotten password, not just main user
- Fixed various nil pointers and invalid memory address issues in calendar event processing
- Accepting calendar invites sent from Apple products duplicates DTSTAMP
- Fixed JavaScript error breaking calendar when using locale other then English
- API proxy server side event not releasing connections correctly on disconnect.
- Once local storage is cleared, authentication steps do not populate x-jmap-extension header with "com.atmail.accounts:1" causing failure for forgotten password path
- API server APNS client new account polling time + general resource usage higher then it could be
- Rename folder not sending folder ID in some cases which results in folder rename not working
- Calendar event creation failed when no timezone is set
- Can't change calendar after adding event
- Calendar - To date cannot be changed.
- Child folder becomes parent when email is moved to it
- Renaming parent folder removes child folder until refresh
- Load locale data returns null for some languages
- Error after switching language if the thread list context menu has been used
- Cannot delete mail from Trash using context menu
- Duplicate key warning
- Clear storage on fresh login
- Moving an email to trash doesn't work when Redis is unavailable
- Can set AccessTokenExpiry again
- Duplicate key warnings
- Duplicated event created when an event is accepted.
- sideMenuItemActiveColor now correctly unset on blur
- Active Folder Colour now correctly unset on blur
- Folder counts missing
- Deleting a folder would report "NaN" as email count
- Fixed high-rate of draft saves
- Now cannot select external account as primary and remove mail server backed account
- CORS headers did not correctly parse host names with ports
- Change password displays error but changes password
- Forgotten password link works again
- Google Account setup was incorrect for internal test system
- Shared links expire is now optional and not limited
- Attachments that are too large display a warning with no information of what's wrong
- When clicking some items in menus, the mouse up event triggered then menu item click event
- Hamburger menu icon not shown when sidebar hidden
- Fixed various infinite routing bugs which resulted in stack overflow in browser
- Can't change color of calendar
- Upload multiple files will get some files failed randomly
- Removed atmail branding in the in-app help documentation
- Can now correctly sort messages by sender, subject, date and size.
- Confusing behavior of selection of individual messages with the checkbox or "Shift + Click" to select multiple messages.
- Multi-select of files selects random when holding shift
- FILE_TOO_LARGE should display appropriate message instead of "Oops! An error occurred."
- Console warnings in browser for react
- Dates for autoreply (out of office) no longer showing
- When creating a contact, photo name isn’t cleared on save
- Successful saving of empty contact details, no warning message displayed
- Unable to select/deselect calendars. Events disappears when clicked but appears again after few seconds
- Event - Able to Save Earlier Start Date than End Date and/or Missing Title
- Category dropdown still shows deleted categories
- Unable to Cancel Adding a Category in Tasks
- Renaming a folder presents user with error before changing folder name
- Events created at a specific time and covering the whole day next day didn’t show correct highlight
- Webmail quota display bar not updating
- Unable to delete occurrence for repeated events
- Calendars - Unable to save with selected date on reminders
- Deleting a folder with emails in it doesn't count the emails
- Settings - Mail - Rules with “IS” is not applied
- Settings - Mail - Send an automated reply to incoming emails. Set rules with empty Subjects created an incorrect header on auto replies
- Contacts - Able to Save Blank Phone/Emails when Updating Contacts
- Tasks - Cancel/Save Button won’t disappear after successful update
- Download attachment in IE and Edge opens blank tab and does nothin
- Contacts - Saved Notes are not editable
- Saving edited timezone on event doesn't save change
- Tasks - Unable to delete single task only for recurring tasks. When deleted, all task created with it are also deleted
- Webmail - Calendar Settings - Set the default reminder to Select Date but in Add Calendar event, default reminder is “At time of Event”
- Webmail - Calendar Settings - No invitation Email sent when “Delete email events on responding” is enabled
- Saving event with custom reminder date/time fails
- Can't delete or move emails with gmail integration
- Task created in different months for start and end dates shows only end date
- In responsive mode title bar needs to be colored
- Tasks - No error message when saving earlier deadline
- Tasks - No error message when saving blank title
- Icons in mail on hover don't show a tooltip
- Composer isn't theme color settable (send button too)
- Deleting draft doesn't send draft to trash
- Event invitations aren't saved in sent folder
- Contact us link needs to be added in in-app help
- UI Dropdown list in Timezone Add Event is broken
- Settings > Accounts > Edit > Click IMAP = Empty dropdown
- Contact search through filters should search ONLY in current filter
- Left pane scroll board isn't click draggable
- Forward email with option to keep a copy
- Can't delete from trash
- Gmail integration sending message produces error even though message sends and composer doesn't close
- Settings - Send an automated reply to incoming emails - No error when saving earlier date/blank subject /or body
- Gmail integration doesn't have auto suggestion on TO field
- Contacts - SSE Event Error when clicking the More Menu above the page
- Add support for handling disabled sieve filters in UI
- Calendar - No preview for repeated events
- Downgrade sql scripts syntax error
- Race condition with new http transport client
- Calls to JMAP methods panic if ServiceAccount missing
- Expires should be a timestamp in getFiles response
- duplicate migration files causing errors on update
- File preview overwrites file with empty data
- Add custom header addition support for security headers
- Redis connection pool not freeing
- Must set proper Content-Length when upload file to DAV
- Gmail Integration Issues
-
atmail mail server
- Delete_account cron scripts work again
- Sievec now doesn't fail on initial compile if already loaded and running
- Password policy is sometimes not saved although success message is displayed
- Deleting a brand, then domain is still assigned to it in the DB
- Fixed issue with some database migration scripts
- Fixed various areas in mail server that was missing internationalisation support
- Forgotten password not functional - Added new configuration for an atmail mail server administration api user
- Warnings thrown when kicked back to login screen on one-time-password (OTP)
- Issues relating to duplicated theme names
- Fixed error during update
- Fixed grammar of error when creating webmail domain that already exists
- Assigned user roles no longer become unavailable after creator is deleted
- Check
deletedAccounts
table before adding a new user - Generate random password results in an infinite loop in some cases
- Change password displays error but changes password
- Database update process should be in a transaction
- Screen Issue when Scrolling Down on atmail mail server
- Filter does not apply in dashboard/admin logs of atmail mail server
- Client IP, Browser and Platform Columns does not filter in Dashboard>Admin Log
- Allow Google accounts needs to be changed to Third Party accounts
- Password Policy - Minimum Numeric Character automatically turns '0' when disallow numeric character is ON
- Password Policy - Only Enable Three-of-Char-Types checking but error message is different
- Pressing "Delete Selected" with no selected aliases throws a javascript error presented in an alert("box").
- One Time Password works only on newly created account - not in edit user account
- Mailserver create/update account apis should be able to update account.userStatus
- Running cron to delete users doesn't completely delete them can't recreate, thinks they still exist
- MailServer - Count in LoginLog is different from Log detail Totals
-
atmail DAV server
- Fix initialise declaration in PropertyStorage
- Calendar VEVENTS when snoozing in atmail suite should be reflected in Outlook for Mac
- Accepting calendar invites sent from Apple products duplicates DTSTAMP
- Rescheduled recurring Invitations using external clients iCal to Outlook
- DAV php 7.2 webfiles throws error on upload
- upload_max_filesize in php ini has to be set for upload
- DAV configuration duplicating IMAP details
Known Issues Resolved
-
atmail suite
- Some email headers report "invalid date"
- Moving an email to trash doesn't work when Redis is unavailable
- If email addressee is unknown Avatar component throws a warning
- Invalid dates cause repeated calls to FormattedRelative component
- Fixed broken change account type in Webmail > Settings > Accounts
- Rescheduled Recurring Invitations iCal to Outlook
- Improved socket count footprint for API server
- SSE connection timeouts are large
- Redis connections leak during some functions
Known Issues Outstanding
-
atmail suite
- API call getContacts → blank {} properties is treated as NULL
- atmail suite → When receiving a thread update, the avatar is not updated to latest replied user
- Some mail is not reported due to virtual folder dovecot bug when using file based indexes (clear virtual indexes as a workaround)
- RPM script doesn't output the right configure command as shown in help centre
- Calendar entries that are not parsable by the dav server will not be displayed in the webmail UI
- Transient password accounts will not work if the domain is switch back to normal logins and visa versa
- Combined quota will only update on login if SSE is disabled or in error.
- Mini calendar isn't formatted correctly for 12h time. AM and PM are placed on new lines and the text is too small.
- Calendar entries that are not parsed correctly by the DAV server will not be displayed
- SSE not idling on selected mailbox
-
atmail mail server
- On first installation, if a domain is created before services are published the domain will be unavailable to the API.
-
atmail DAV server
- Quota allocated for storage cannot be changed via UI, DB only.
Guides & Documentation
- Securing your installation
- Level 1 Support - coming soon
- Log Dashboard Design - coming soon
Comments