General Information
On 18th of April the following was released:
- ISL Conference Proxy 4.4.1747.56 for Windows 32bit (Platform=win32, Revision=09c1bb84d1408ec0700da49873554c3c829f4f64, release_date=2018-04-17, os_version=0x06000000-0x7fffffff)
- ISL Conference Proxy 4.4.1747.56 for Windows 64bit (Platform=win64, Revision=09c1bb84d1408ec0700da49873554c3c829f4f64, release_date=2018-04-17, os_version=0x06000000-0x7fffffff)
- ISL Conference Proxy 4.4.1747.56 for Linux 32bit (Platform=linux, Revision=09c1bb84d1408ec0700da49873554c3c829f4f64, release_date=2018-04-17)
- ISL Conference Proxy 4.4.1747.56 for Linux 64bit (Platform=linux64, Revision=09c1bb84d1408ec0700da49873554c3c829f4f64, release_date=2018-04-17)
Modules
- ISL AlwaysOn 4.4.1747.56 (release_date=2018-04-17, revision=09c1bb84d1408ec0700da49873554c3c829f4f64)
- ISL Pronto 4.4.1747.56 (release_date=2018-04-17, revision=09c1bb84d1408ec0700da49873554c3c829f4f64)
Translations
- core_login_20180416_20180416_065607.translation
- isl_alwayson_20180416_20180416_065607.translation
- isl_conference_proxy_20180416_20180416_065607.translation
- isl_groop_20180416_20180416_065607.translation
- isl_light_20180416_20180416_065607.translation
- isl_pronto_20180416_20180416_065607.translation
- reports_20180416_20180416_065607.translation
Update availability
All updates, except translations, have release date set to 2018-04-17. Translations have release date set to 2018-04-16. Your ESS will need to be same or higher to be able to update your server. This release is available to all countries except Japan.
Upgrading to new version
This are server side updates so hosted service users do not need to do anything.
Server license users please check Upgrading Server License
Improvements
ISL Conference Proxy - Core / Module Storage - Storage download in /conf should be served securely (SECURITY) [ISLCONFPROXY-1605] More
Description
Storage area browser served files in trusted context and thus potentially allowing XSS. Files are now forced to download.
In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.
ISL Conference Proxy - Core - Update OpenSSL to 1.0.2o (SECURITY) [ISLCONFPROXY-1682] More
Description
OpenSSL library was updated to version 1.0.2n due to security vulnerabilities.
ISL Groop - Module - Serve session files with access control (SECURITY) [ISLGROOP-981] More
Description
For improved security, /file was replaced with /users/islgroop/webapi/session/file/download in session files page. Unlike /file, /users/islgroop/webapi/session/file/download will not work outside of valid logged in web browser session.
In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.
ISL Groop - Module - Use secure session file rename (SECURITY) [ISLGROOP-982] More
Description
ISL Groop allows session files to be renamed to arbitrary names (from .png to .exe for example), which could allow an attacker to trick users to download malware in some specific scenarios. Changing file type (determined by file extension) by rename cannot be done anymore. Additionally, bulk files are renamed to their correct value stored in ISL Groop session object when querying the session file list.
In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.
[PREVIEW] ISL AlwaysOn - Module - implement webapi islalwayson/computer/delete/2 that returns error in result (FEATURE) [ISLALWAYSON-982] More
Description
Webapi2 method "islalwayson/computer/delete/1" returned the result in body and not in result variable. The feedback of webapi2 method is in field "data.ok". If this field is set to 1, then all is ok, but if field is set to 0 then, error occurred. This caused confusion with developers. New webapi2 method ("islalwayson/computer/delete/2") was added that returns error in result.
Flags for this ticket are disabled by default.
ISL AlwaysOn - Module - dont update last_used when sharing computer connection (FEATURE) [ISLALWAYSON-1249] More
Description
From now on, list of last used computers will not be updated when computer connection sharing changes.
In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.
[PREVIEW] ISL AlwasyOn - Module - allow group id in webapi islalwayson/user/grant/ and islalwayson/user/email (FEATURE) [ISLALWAYSON-1306] More
Description
Some of ISL AlwaysOn webapi2 methods accepts group code, but not group id. Group id is obtained when using webapi2 method "utils/groups/query/1". Group id and code are related - code can be used only for granting ISL AlwaysOn access. Two new webapi2 methods were implemented - "islalwayson/user/grant/3" and "islalwayson/user/email/2" that accepts group id to generate ISL AlwaysOn grant blob or join code. Group id can only be used with authenticated user and the user must be a group member.
Flags for this ticket are disabled by default.
[PREVIEW] ISL AlwaysOn - Module - obsolete alwayon/* webapis (FEATURE) [ISLALWAYSON-1307] More
Description
In previous versions, ISL AlwaysOn module, registered some webapi2 method calls, that were not used by any of our product (they were obsolete). This was redesigned so that ISL AlwaysOn module will not register anymore this obsolete webapi2 methods. This methods are:
- "islalwayon/computer/update/1"
- "islalwayon/computer/connect/1"
- "islalwayon/computer/search/1"
- "islalwayon/user/grant/1"
Flags for this ticket are disabled by default.
ISL Conference Proxy - Core - Add a health check API for reverse proxy setups (FEATURE) [ISLCONFPROXY-1294] More
Description
Added health check API which can be used when reverse proxy is put in front of ISL Conference Proxy. With the new API functionality the reverse proxy can check whether the server is available or not by making a request to:
[server_address]/health/server/enabled. If server is unavailable the response will be returned with error code 500.In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.
ISL Conference Proxy - Core / Module Authentication - Custom error messages from external authenticators (FEATURE) [ISLCONFPROXY-1395] More
Description
Users that used external authenticator like LDAP, then they could get wrong login error if account was disabled, if password expired and so on. This was redesigned so that now, users will get correct error. This error texts can be configured in ISL Conference Proxy configuration page under Configuration / Security. The name of this setting is External authenticator fail reason specification ([["regex", "html text"], ...]).
In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.
ISL Conference Proxy - Core - Stabilize packet generator chunks (FEATURE) [ISLCONFPROXY-1501] More
Description
Packet generator for executables is now using a stable algorithm for calculating cache key hashes and ensuring that they stay the same, even after reboot or when only file timestamps change on disk but not content, thus making it easier to debug related issues. unpackcache directory will be rebuilt because raw file chunk hashes (accessed with raw#filename in spec files) are now precalculated when unpacking.
In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.
ISL Conference Proxy - Core - Use file content etag in web server instead of file timestamp (FEATURE) [ISLCONFPROXY-1502] More
Description
Web server now serves content based etags instead of file timestamps in all cases, to allow effective caching in GRID setup. Etag cache stores 10000 file hashes and was implemented in
to support packet generator raw file content hashes.ISLCONFPROXY-1501In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.
ISL Conference Proxy - Core - Split executable file to allow caching (FEATURE) [ISLCONFPROXY-1503] More
Description
Programs signed with authenticode (Windows desktop platform) are now correctly sliced into smaller chunks to support proper caching. Authenticode changes two bytes at the start of the executable ** and might cause the entire chunk to be redownloaded. The executable is now sliced into:
- 512 bytes (not cached, authenticode change is here)
- 256 kilobytes (cached, supports icon changes)
- 512 kilobytes (cached, supports icon changes)
- the rest (cached)
In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.
ISL Conference Proxy - Core - Replace /file with internal bulk file handler (FEATURE) [ISLCONFPROXY-1592] More
Description
For improved security, "/file" was removed and replaced with internal "/conf/api/bulk_file_download" in web admin. Unlike "/file", "/conf/api/bulk_file_download" will not work outside of valid logged in web browser session.
In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.
ISL Conference Proxy - Core - File type blocking (FEATURE) [ISLCONFPROXY-1600] More
Description
Settings "Blocked file extensions for user upload (.exe ...)" and "Allowed file extensions for user upload (.txt ...)" were added to "Security" to configure file type blocking for modules that support user file uploads and downloads: "ISL Groop", "ISL Pronto", "ISL AlwaysOn". If allowed is set, the filter will function as whitelist and allow only specified file extensions minus the file extensions in the blocked list. If allowed is not set, the filter will function as blacklist and block the file extensions in the blocked list. Default blocked file extension list: ".ade .adp .bat .chm .cmd .com .cpl .exe .hta .ins .isp .jar .js .jse .lib .lnk .mde .msc .msi .msp .mst .nsh .pif .scr .sct .shb .sys .vb .vbe .vbs .vxd .wsc .wsf .wsh".
In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.
[PREVIEW] ISL Conference Proxy - Core - Remove obsolete HTML tunnel support (FEATURE) [ISLCONFPROXY-1676] More
Description
HTML tunnel support was removed, because it is not used anymore by client software. URLs will return HTTP error 404.
Flags for this ticket are disabled by default.
ISL Groop - Module - File type blocking (FEATURE) [ISLGROOP-983] More
Description
File download and upload of blocked file types now shows an error to user in web pages. ISL Groop application will fail to upload or download the blocked file types.
In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.
ISL Pronto - Module - Add form to submit patches to Administration pages (FEATURE) [ISLPRONTO-1079] More
Description
Added form in administrative pages which submits custom JSON patches for ISL Pronto grid objects.
In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.
ISL Pronto - Module - Show all instances of RAM object in Administration pages (FEATURE) [ISLPRONTO-1080] More
Description
Added support for showing all instances in ISL Conference Proxy Configuration administration page, so that users can see if object instances differ in any way.
In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.
ISL Pronto - Module - Add IP to file operation logs (FEATURE) [ISLPRONTO-1139] More
Description
Added "SOCK_CLIENT_IP" to log lines:
- "user is not permitted to receive files"
- "failed to check users pronto::allow_receive_file_in_chat permission"
- "user is not permitted to send files"
- "failed to check users pronto::allow_send_file_in_chat permission"
- "upload was blocked"
ISL AlwaysOn - Module - catch invalid data on RPC auth message (DEFECT) [ISLALWAYSON-1260] More
Description
In previous version of ISL AlwaysOn module, there was issue with inadequate treatment of hexcode input data, and users could get Error 500. This was now redesigned, so that hexcode data is now correctly parsed, and instead of Error 500, users will now get error message saying that invalid sequence was provided.
The defect was fixed.
In previous versions, flags for this ticket were disabled by default, but now, they are enabled by default.
ISL Conference Proxy - Core - Incorrect input parameters for webapi2 call will cause unhandled exception instead of user error (DEFECT) [ISLCONFPROXY-1389] More
Description
If user specified incorrect input parameter in webAPI method "utils/users/query/1" ( session code instead of user id ) this resulted in internal server error instead of user error. WebAPI method was redesigned, users will now receive user error instead of internal server error when providing incorrect code.
In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.
ISL Conference Proxy - Core Login - Improve error logs for crashing module (DEFECT) [ISLCONFPROXY-1494] More
Description
In certain cases the Default log mode of ISL Conference Proxy failed to provide enough information to diagnose the problem. Log entries were redesigned, they now contain additional information that should help diagnose the problems in the future. HTTP server reports errors in the log as well.
In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.
ISL Conference Proxy - Core - confproxy_moduleapp wrapper should handle ICP crash (DEFECT) [ISLCONFPROXY-1498] More
Description
In some cases, Core Login process was still running even if ISL Conference Proxy (confproxy_server) crashed which lead to Unhandled exception when users tried to login. This was redesigned, so that when crash occur in confproxy_server, and when it is back online, users should not get Unhandled exception on login.
In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.
[PREVIEW] ISL Conference Proxy - Storage - Check for empty storage configuration (DEFECT) [ISLCONFPROXY-1511] More
Description
When users created a new storage area the following log line was shown in ISL Conference Proxy log: Storage: failed to read storage configuration [XXX]: :Error in hefa-isljson.cpp:390:isljson::element::parse_json. A new flag was added which hides this kind of error in log.
The defect was fixed.
ISL Light - Module - Show 2FA not available error for ISL Light v3 (DEFECT) [ISLLIGHT-4674] More
Description
In previous version, if user had 2FA and tried login via ISL Light Desk (v3) he got an error saying that provided username/password is wrong. This was now redesigned so that correct error message is shown to user saying that two-factor authentication is required but not supported with this version.
The defect was fixed.
In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.
ISL Pronto - Module - File type blocking (DEFECT) [ISLPRONTO-1085] More
Description
In previous versions, it was possible to send different file types through ISL Pronto. This was not redesigned, so that files are now checked and rejected if the file type is blocked on ISL Conference Proxy.
The defect was fixed.
In previous version, flags for this ticket were disabled by default, but now, they are enabled by default.
[PREVIEW] ISL Conference Proxy - Core - Restrict alternative admin accounts to a whitelist of user_ids (FEATURE) [ISLCONFPROXY-1669] More
Description
"Administrator account whitelist (user IDs)" setting was added in "Security" as additional protection for admin /conf login. Empty whitelist disables the feature. Entering one or more user IDs will create a whitelist of alternative user accounts, that will be granted administrator rights. The accounts will still need the setting "Administrator account: Yes" to be able to login into /conf.
Flags for this ticket are disabled by default.