General Information
On 24th of November the following was released:
- ISL Conference Proxy 4.4.1734.39 for Windows 32bit (Platform=win32, Revision=8538867969d5247ca81d4a7380a6ab0436513a7c, release_date=2017-11-22, os_version=0x06000000-0x7fffffff)
- ISL Conference Proxy 4.4.1734.39 for Windows 64bit (Platform=win64, Revision=8538867969d5247ca81d4a7380a6ab0436513a7c, release_date=2017-11-22, os_version=0x06000000-0x7fffffff)
- ISL Conference Proxy 4.4.1734.39 for Linux 32bit (Platform=linux, Revision=8538867969d5247ca81d4a7380a6ab0436513a7c, release_date=2017-11-22)
- ISL Conference Proxy 4.4.1734.39 for Linux 64bit (Platform=linux64, Revision=8538867969d5247ca81d4a7380a6ab0436513a7c, release_date=2017-11-22)
Modules
- Core Login 4.4.1734.39 (release_date=2017-11-22, revision=8538867969d5247ca81d4a7380a6ab0436513a7c)
- GeoIP 4.4.1734.39 (release_date=2017-11-22, revision=8538867969d5247ca81d4a7380a6ab0436513a7c)
- ISL AlwaysOn 4.4.1734.39 (release_date=2017-11-22, revision=8538867969d5247ca81d4a7380a6ab0436513a7c)
- ISL Pronto 4.4.1734.39 (release_date=2017-11-22, revision=8538867969d5247ca81d4a7380a6ab0436513a7c)
Translations
- core_login_20171124_20171124_125029.translation
- isl_alwayson_20171124_20171124_125029.translation
- isl_conference_proxy_20171124_20171124_125029.translation
- isl_groop_20171124_20171124_125029.translation
- isl_light_20171124_20171124_125029.translation
- isl_pronto_20171124_20171124_125029.translation
- reports_20171124_20171124_125029.translation
Update availability
All updates have release date set to 2017-11-22. Your ESS will need to be same or higher to be able to update your server. This release is available to all countries except Japan.
Upgrading to new version
This are server side updates so hosted service users do not need to do anything.
Server license users please check Upgrading Server License
Improvements
ISL Conference Proxy - Core - Update to OpenSSL 1.0.2m (SECURITY) [ISLCONFPROXY-1576] More
Description
OpenSSL library was updated to version 1.0.2m due to security vulnerabilities.
[PREVIEW] ISL AlwaysOn - Module - Handle user uploaded HTML pages securely (SECURITY) [ISLALWAYSON-1253] More
Description
In previous version, files that were accessible from /live/islalwayson/files/download were served inline, which allowed XSS or phishing attacks. The impact for XSS was greatly reduced, because no security sensitive cookies are available on /live. This was now redesigned so that HTML and XML files are now served as attachments.
Flags for this ticket are disabled by default.
[PREVIEW] ISL Conference Proxy - Core - Handle user uploaded HTML pages securely (SECURITY) [ISLCONFPROXY-1589] More
Description
Uploaded files that were accessible from /file were served inline, which allowed XSS or phishing attacks. The impact for XSS was greatly reduced, because no security sensitive cookie were available on /file. This was not redesigned and HTML and XML files are now served as attachments.
Flags for this ticket are disabled by default.
[PREVIEW] ISL Pronto - Module - Handle user uploaded HTML pages securely (SECURITY) [ISLPRONTO-1078] More
Description
In previous version, files, that were accessible from /live/islpronto_download_chat_file and /live/islpronto_download_file were served inline, which allowed XSS or phishing attacks. The impact for XSS was greatly reduced, because no security sensitive cookies were available on /live. This was not redesigned, so that HTML and XML files are now served as attachments.
Flags for this ticket are disabled by default.
ISL Conference Proxy - Module GeoIP - Update database to 2017-10-04 (FEATURE) [ISLCONFPROXY-1571] More
Description
Updated GeoIP to use the database from 2017-10-04.
ISL Conference Proxy - Core - Sanitize CPLANG and CPVER input (FEATURE) [ISLCONFPROXY-1574] More
Description
In previous version, web server removed URL request parameters CPLANG and CPVER and saved them directly to cookies CPLANG and CPVER. This triggered some security scanning tools when passing invalid data like %00. This was now redesigned and URL rewrite was modified to discard invalid data to avoid false positives.
ISL Conference Proxy - Core - Sanitize webtoken language (FEATURE) [ISLCONFPROXY-1575] More
Description
In previous version if user provided language, it was passed directly to user session token. This was now redesigned to be consistent with ISLCONFPROXY-1574 and avoid potential future false positive scan result, invalid language parameter is replaced with empty string.
ISL Conference Proxy - Core / Module Core Login - Login dialog should use relative links only for /users/main/login.html (FEATURE) [ISLCONFPROXY-1577] More
Description
In previous version, WebAPI2 method "utils/login/dialog/1" used "webBrowser: 1" as signal to use relative URLs. This made it impossible to integrate 2FA login cleanly into nano-ICP web sites. This was now redesigned, so relative links are now server only when "relativeURLs: 1" is present in the request.
ISL Conference Proxy - Core - Add webapi groups/update/security/2 with custom privileges and added computer_all default privilege and remove aon_* privilege (FEATURE) [ISLCONFPROXY-1518] More
Description
New webapi2 method was introduced: groups/update/security/2. aon_* privilege was remove and several new custom privilages were added: all, computer_edit, computer_delete, computer_action, computer_all. Those privileges are checked against the rules set in the ISL Conference Proxy web administration under "Security->User privileges settings". Default privilege computer_all was added compared to webapi2 groups/update/security/1.
In previous version of ISL Conference Proxy 4.4.1734.24 this flag was disabled by default, and now, it is enabled by default
[PREVIEW] ISL Conference Proxy - Core - Use modern force download HTTP headers (FEATURE) [ISLCONFPROXY-1590] More
Description
ISL Conference Proxy server exe, dms and zip executables with outdated and wrong headers to force download. This was redesigned so that it does not use outdated headers.
Flags for this ticket are disabled by default.
[PREVIEW] ISL Conference Proxy - Core - Remove unused key_cc from Autotransport connection keys (FEATURE) [ISLCONFPROXY-1591] More
Description
Private RSA key was included in exe downloads of ISL Network Start which affected all apps from /start and ISL Tester. Because key was unused, it is now removed in exe downloads of ISL Network Start.
Flags for this ticket are disabled by default.
[PREVIEW] ISL AlwaysOn - Module - dont update last_used when sharing computer connection (FEATURE) [ISLALWAYSON-1249] More
Description
From now on, list of last used computers will not be updated when computer connection sharing changes.
Flag for this ticket is disabled by default.
[PREVIEW] ISL AlwaysOn - Module - Use session history for last used connections (FEATURE) [ISLALWAYSON-1250] More
Description
In previous version, query for user's last used connection was using "last_used" list in "islalwayson_user". This was now redesigned so that now, it is using table "islalwayson_sessions".
Flags for this ticket are disabled by default.
[PREVIEW] ISL Pronto - Module - ISL Light custom installation schema support (FEATURE) [ISLPRONTO-1075] More
Description
Setting ISL Light installation schema was added to ISL Pronto settings, which affects ISL Pronto application. If not set, the setting ISL Light installation schema, from default server or account customization is used.
Flags for this ticket are disabled by default.
ISL Conference Proxy - Core - Handle translation files without version as fallback (DEFECT) [ISLCONFPROXY-1515] More
Description
Using islonline.net integrator module and corresponding translation file disabled the usage of translation file. Integrator module was using translation version identification whereas translation file had no version. Fallback check was added to avoid checking translation verions when module is installed.
ISL Conference Proxy - Core - Flush UA throttle in Debug panel does not flush the entire state (DEFECT) [ISLCONFPROXY-1583] More
Description
In previous version "Flush UA throttle" button in Debug menu of ISL Conference Proxy configuration, flushed only thresholds and expires. This was now redesigned, and it flushes not only tresholds and expires, but also grid packets.
The defect was fixed.
[PREVIEW] ISL Conference Proxy - Module GeoIP - when loading mmdb files on start, default or custom, version might stay "..." (DEFECT) [ISLCONFPROXY-1572] More
Description
In previous version, sometimes when loading GeoIP database, the database info in web admin GeoIP status stays empty / in progress. This now now redesigned so that table columns should always show database info.
The defect was fixed.
Flags for this ticket are disabled by default.