General Information
On 21th of May the following was released:
- ISL Conference Proxy 4.4.1816.66 for Windows 32bit (Platform=win32, Revision=e1a7275989a8a80ab17d0a52386f543dbbd8bea3, release_date=2018-08-21, req_os_version=0x06000000-0x7fffffff)
- ISL Conference Proxy 4.4.1816.66 for Windows 64bit (Platform=win64, Revision=e1a7275989a8a80ab17d0a52386f543dbbd8bea3, release_date=2018-08-21, req_os_version=0x06000000-0x7fffffff)
- ISL Conference Proxy 4.4.1816.66 for Linux 32bit (Platform=linux, Revision=e1a7275989a8a80ab17d0a52386f543dbbd8bea3, release_date=2018-08-21)
- ISL Conference Proxy 4.4.1816.66 for Linux 64bit (Platform=linux64, Revision=e1a7275989a8a80ab17d0a52386f543dbbd8bea3, release_date=2018-08-21)
Modules
- Core Login 4.4.1816.66 (release_date=2018-08-21, revision=e1a7275989a8a80ab17d0a52386f543dbbd8bea3)
- ISL AlwaysOn 4.4.1816.66 (release_date=2018-08-21, revision=e1a7275989a8a80ab17d0a52386f543dbbd8bea3)
- ISL Light 4.4.1816.66 (release_date=2018-08-21, revision=e1a7275989a8a80ab17d0a52386f543dbbd8bea3)
- ISL Pronto 4.4.1816.66 (release_date=2018-08-21, revision=e1a7275989a8a80ab17d0a52386f543dbbd8bea3)
- GeoIP 4.4.1816.66 (release_date=2018-08-21, revision=e1a7275989a8a80ab17d0a52386f543dbbd8bea3)
Translations
- core_login_20180820_20180820_123900.translation
- isl_alwayson_20180820_20180820_123900.translation
- isl_conference_proxy_20180820_20180820_123900.translation
- isl_groop_20180820_20180820_123900.translation
- isl_light_20180820_20180820_123900.translation
- isl_pronto_20180820_20180820_123900.translation
- reports_20180820_20180820_123900.translation
Update availability
All updates, except translations, have release date set to 2018-08-21. Your ESS will need to be same or higher to be able to update your server. This release is available to all countries except Japan.
Upgrading to new version
This are server side updates so hosted service users do not need to do anything.
Server license users please check Upgrading Server License
Improvements
ISL Conference Proxy - Core - Upgrade to OpenSSL 1.0.2p (SECURITY) [ISLCONFPROXY-1769] More
Description
OpenSSL library was updated to version 1.0.2p due to security vulnerabilities.
ISL AlwaysOn - Module - Use "connect_continue" protocol message (FEATURE) [ISLALWAYSON-1231] More
Description
ISL AlwaysOn "islalwayson/computer/connect/2" method now supports new message: connect_continue. With new message, the session options and selected rdp session must be sent before server shows notification message.
ISL AlwaysOn - Module - Client protocol version 9 - headless and native only auth (FEATURE) [ISLALWAYSON-1285] More
Description
Added back-end support for connecting to a remote computer in "headless" mode ( which allows remote tunneling ). The new protocol also allows native authentication on remote computer ( using Windows credentials ).
Flags for this ticket are enabled by default.
ISL AlwaysOn - Module - add hag logs on grant/delete computer access (FEATURE) [ISLALWAYSON-1332] More
Description
Added support for logging computer access (add, remove). All logs, have set LOG_SEVERITY to info.
ISL AlwaysOn - Module - Update connect options (headless, rdp, remote sound) (FEATURE) [ISLALWAYSON-1341] More
Description
Connect options are now defined in one place and are not dynamically updated with client and computer capabilities.With connect options the user can now define new keywords:
- requires
- protocol
In case requires is specified, both client and computer must hold specified feature.
Example:
[share_remote_sound]
order=111
cmd=--on-connect "audio?remote_sound=true"
text=Stream Remote Sound
requires=remote_sound
[select remote session]
order=901
text=Connect to existing RDP session
requires=remote_session
[headless mode]
cmd=--on-connect "main?headless=true"
requires=headless
ISL AlwaysOn - Module - Improve webapi2 connect authentication step (FEATURE) [ISLALWAYSON-1363] More
Description
We improved webapi2 connect authantication step. In previous version, error messages were not very descriptive and they didn't tell the users why it came to this error. This was now redesigned, so that errors should now be more descriptive.
ISL AlwaysOn - Module - Add ICP setting for native_only authentication (FEATURE) [ISLALWAYSON-1371] More
Description
Added setting for native_only authentication. This setting can be found in ISL AlwaysOn / Allow native only authentication (reconnect required).
ISL AlwaysOn - Module - Clean authentication for webapi2 connect (FEATURE) [ISLALWAYSON-1372] More
Description
AlwaysOn module now removes unsupported authentication methods from authentication object so they are not presented to user.
ISL AlwaysOn - Module - Include notify message in authentication parameters (FEATURE) [ISLALWAYSON-1380] More
Description
Added support to webapi2 method islalwayson/computer/connect/2 for notify_message parameter. When combined with ISL AlwaysOn program, Desktop Sharing / Show notification of incoming connection and Desktop Sharing / Allow local user to reject connection, notify_message will appear alongside consent message.
ISL AlwaysOn - Module - Fix wrong user parameter when migrating from one group to another (DEFECT) [ISLALWAYSON-1364] More
Description
Moving a computer from a group back to All Computers resulted in a webapi error for users not in default domain.
The defect is fixed.
[PREVIEW] ISL AlwaysOn - Module - use wol groups field to select proxy computer (FEATURE) [ISLALWAYSON-1325] More
Description
Added support for improving WOL behaviour. New WOL sender is computer that has same wol_group as target computer. If it doesn't exists, then old WOL sender selection is used. So if last outer IP of computer is on the same network as ISL Conference Proxy, then ISL Conference Proxy will send WOL packet or we will find computers that have same outer IP and send them proxy WOL.
Flags for this ticket are disabled by default.
[PREVIEW] ISL AlwaysOn - Module - delay grant webapi when user data is missing in db (FEATURE) [ISLALWAYSON-1331] More
Description
When calling webapis the user_id from webtoken might not be synchronized - might not be preset in DB. This is the case when call to create user is immediately followed by webapi grant aon access.
In case user data for user id from webtoken is not preset in DB a delay of max 10s is added continuing with call handling. Also when user id is present in webtoken the user is check if it is allowed to use aon functionality.Flags for this ticket are disabled by default.
[PREVIEW] ISL AlwaysOn - Module - Add option to define number of selected computers to send WOL packet (FEATURE) [ISLALWAYSON-1336] More
Description
Added support for defining number of computers used that could send WOL packet. When sending WOL packet, 3 random computers are selected that could send WOL packet. However, if the network mask is not trivial, the selected computers might not be correct. Via setting ISL AlwaysOn / Number of computers to used for sending wol packet we can change how many of this random computers will be selected.
Flags for this ticket are disabled by default.
[PREVIEW] ISL AlwaysOn - Module - Limit number of granted connection on user (FEATURE) [ISLALWAYSON-1337] More
Description
Added support for limiting number of granted connection on user. A user/domain/server can have a limitation (standard setting) on the number of granted ISL AlwaysOn connections. Check is performed when a new connection is grated, existing connection is "ghosted" or a connection is migrated. The check is performed only when limitation is set. When existing connection is migrated to same owner the check is skipped.
The users computers are ones that have any of this properties:
- owned by this user,
- owned by the group whose owner is this user,
- owned by this users domain.
If there is limitation on number of granted connections the number of computers in union above must be less than the limit.
Flags for this ticket are disabled by default.
[PREVIEW] ISL AlwaysOn - Module - Store tags when granting access (FEATURE) [ISLALWAYSON-1346] More
Description
Added support for storing tags to connection and ISLAlwaysOn user when granting access to a user.
Flags for this ticket are disabled by default.
[PREVIEW] ISL AlwaysOn - Module - Add webapi that would return ISL AlwaysOn account info (FEATURE) [ISLALWAYSON-1357] More
Description
Added new webapi2 method islalwayson/usage/1. This method will get number of installed ISL AlwaysOn computers owned by current user and users in current domain. This method will also return limitations for granting new connections.
Flags for this ticket are disabled by default.
[PREVIEW] ISL AlwaysOn - Module - Add and store domain_id to ISL AlwaysOn tables (FEATURE) [ISLALWAYSON-1358] More
Description
In order to simplify searches, domain_id field has been added to ISL AlwaysOn tables.
Flags for this ticket are disabled by default
[PREVIEW] ISL AlwaysOn - Add the possibility to set session start, end and file access templates per user/per domain (FEATURE) [ISLALWAYSON-1373] More
Description
Added support for setting session start, session end and file access templates, per domain and user, similar to other ISL AlwaysOn mail templates.
Flags for this ticket are disabled by default.
ISL Conference Proxy - Core - Improve programs crash reports (FEATURE) [ISLCONFPROXY-1381] More
Description
Added support for improving programs crash reports. All crashes are now recorded into ISL Conference Proxy server log. From log line users can see LOG_SUBSYSTEm, APP_CRASHICPFILE, SOCK_CLIENT_IP, APP_CRASHRAW_TXT, APP_CRASHIMAGEPATH, APP_CRASHEXCCODE, APPCRASHEXCADDR, APP_CRASHOS, APP_CRASHAGENT.
Flags for this ticket are enabled by default.
ISL Conference Proxy - Core / Modules - /conf/api activity log (FEATURE) [ISLCONFPROXY-1601] More
Description
Added support for recording all admin actions in "conf" web pages in activity log. ISL Conference Proxy conf page names are now more readable instead of using auto-generated numeric IDs. Activity log may now also contain user input, so column limits were set. Extra descriptions and URLs are now trimmed to 1024 bytes and all the rest is now trimmed at 256 bytes.
In ISL Conference Proxy 4.4.1816.65 release, this feature was also added for GeoIP module.
ISL Conference Proxy - Core - Add support for CP-JSONPARSE header for module SDK (FEATURE) [ISLCONFPROXY-1658] More
Description
Support for header CP-JSONPARSE (jsonparse inside X-Islcp-Header) was added to Module SDK web call responses, which is utilized in WebAPI2 and external dialog authenticators.
ISL Conference Proxy - Core - User action, incoming and outgoing logs (FEATURE) [ISLCONFPROXY-1665] More
Description
New logs were added for core subsystems. Log settings with special naming are sorted to the top:
- (user action) - important actions caused directly by user
- (incoming) - transport layers closely related to user actions, ICP receives request
- (outgoing) - transport layers closely related to user actions, ICP sends request to other external server
Log settings with (deprecated) are sorted to the bottom.
HTTP tunnel requests on /webaccess are not logged anymore as regular requests, since they use their own not-fully HTTP compliant logic to traverse firewalls. HTTP tunnels always terminate with MUX channel.
ISL Conference Proxy - Core - GRID static registry (FEATURE) [ISLCONFPROXY-1694] More
Description
GRID static registry API was added. Keys are registered in groups on each server at startup time in server config value "grid_static::<group>". Keys are automatically removed when a module that registered them is uninstalled.
ISL Conference Proxy - Core - WebAPI2 AKV description, errors, user agent, HTTP referrer, execution time messages (FEATURE) [ISLCONFPROXY-1736] More
Description
Logs for webapi2 log subsystem have been improved with new AKV pairs. New keys include WA_DESC_TXT, WA_ERRORS_TXT, WA_USERAGENT and WA_REFERRER.
ISL Conference Proxy - Core - Only report HTTP 404 as critical for ICP's domains (FEATURE) [ISLCONFPROXY-1737] More
Description
HTTP 404 critical reports were changed from:
- matching Host: and Referer: host
to
- client has intranet IP
- or matching Host: and Referer: host, where domain is served by ICP (license address, primary DNS server zone, ...)
ISL Conference Proxy - Core - Save all flag_* settings into flags.json instead of effective difference to defaults (FEATURE) [ISLCONFPROXY-1739] More
Description
flags.json now contains a simple copy of all "flag_*" settings. Previously, it contained only effective difference to the current default, which could lead to incorrect flag settings to be applied on upgrades.
ISL Conference Proxy - Core - Allow send empty emails via utils/email/1 webapi2 method (FEATURE) [ISLCONFPROXY-1744] More
Description
Added possibility to send emails with empty body via utils/email/1.
ISL Conference Proxy - Core - Webhits lower severity for ioctl_web_transport_not_internal_error (FEATURE) [ISLCONFPROXY-1746] More
Description
Ignore internal error flag is now reported to web hits subsystem. If the ignore flag is present, 4xx and 5xx error logs will drop to Notice severity.
ISL Conference Proxy - Core - Remove corrupt files in mail sender queue (FEATURE) [ISLCONFPROXY-1749] More
Description
Corrupt emails in resend queue are now moved to failed_emails directory so they don't trigger error reports again.
ISL Conference Proxy - Core - Improve unexpected SMTP code error log (FEATURE) [ISLCONFPROXY-1752] More
Description
Key "EXC_DESC_TXT" for "unexpected SMTP code" in SMTP sender error log was improved to include full error description returned by the SMTP server.
ISL Conference Proxy - Module GeoIP - Update database to 2018-08-07T23:25:47Z (FEATURE) [ISLCONFPROXY-1765] More
Description
Updated GeoIP to use the database from 2018-08-07T23:25:47Z.
ISL Conference Proxy - Core - Direct tables garbage collector should work in mixed module GRID setups (DEFECT) [ISLCONFPROXY-1545] More
Description
Deleted rows from tables were not cleaned up properly in case of GRID setup where:
- one server was deleted from GRID (blocks garbage collector with an old GC threshold version)
- tables that are not on all servers (GC is completely disabled)
The defect is fixed.
ISL Conference Proxy - Core - Crash in IP matcher at init time (DEFECT) [ISLCONFPROXY-1734] More
Description
In some cases, it was possible that ISL Conference Proxy crashed in IP matcher at init time. This was now redesigned, and ISL Conference Proxy should not crash in IP matcher.
The defect was fixed.
ISL Conference Proxy - Core - Time based log rotate does not work on Linux (DEFECT) [ISLCONFPROXY-1740] More
Description
On Linux log dumper was initialized before log rotate because of Linux specific logs (drop root, etc.), so log rotate setup did not take effect.
The defect was fixed.
ISL Conference Proxy - Core Login - Use user prompted attestation to enable security key configuration (DEFECT) [ISLCONFPROXY-1759] More
Description
In some cases, security key configuration failed because automatic device attestation is no longer supported in Google Chrome. This was redesigned and now, Google Chrome should prompt user to permit device attestation after which security key should be added successfully.
The defect was fixed.
ISL Conference Proxy - Core - test_webapi2 allow null values in responses (DEFECT) [ISLCONFPROXY-1761] More
Description
"null" value in JSON response in "/users/main/test_webapi2.html" is now correctly handled - does not fail in JSON renderer.
[PREVIEW] ISL Conference Proxy - Core - Prevent login for user object where domain object was deleted (DEFECT) [ISLCONFPROXY-1729] More
Description
In previous version, it was possible to create user in domain, and delete that domain, without deleting users that were part of this domain. When this users tried to login, the login succeeded which shouldn't. This was now redesigned, so that login is disabled (error should say Incorrect username or password) for this kind of users.
The defect was fixed.
Flags for this ticket are disabled by default.
[PREVIEW] ISL Conference Proxy - Core - HTTPS-POST-CERTPIN external authenticator method (FEATURE) [ISLCONFPROXY-1730] More
Description
HTTPS-POST-CERTPIN external authenticator method was added. Server and client certificates are pinned (static and verified to match by both server and client). The parameters are:
- URL: https endpoint URL, must accept application/x-www-form-urlencoded POST with DOMAIN=D&USERNAME=U&PASSWORD=P and return external authenticator XML response
- CA: server PEM cert file
- CERT: client PEM cert file
- KEY: client PEM key file
Flags for this ticket are disabled by default.
[PREVIEW] Add HTTP user agent into webhits AKV | INC-1221 | 2018-06-04 (FEATURE) [ISLCONFPROXY-1735] More
Description
HTTP User-Agent was added to web hits statistics and HTTP request log.
Flags for this ticket are disabled by default.
[PREVIEW] ISL Conference Proxy - Core - Restrict HTTP compression to prevent BREACH attack (SECURITY) [ISLCONFPROXY-1747] More
Description
HTTP compression was disabled on all dynamic URLs to prevent BREACH attack. Static resources will be still served compressed:
- /static
- /core
- /files
- /webspace
Flags for this ticket are disabled by default.
[PREVIEW] ISL Conference Proxy - Core - Remove/simplify dynamic chooser interface on /users/programs (FEATURE) [ISLCONFPROXY-1748] More
Description
Dynamic program chooser on "/users/programs" was replaced with a simpler program list. By default, the program list is not accessible and "/users/programs" will just redirect to "/users/main/downloads.html".
Flags for this ticket are disabled by default.
[PREVIEW] ISL Conference Proxy - Core - Require TLS 1.2 by default (FEATURE) [ISLCONFPROXY-1753] More
Description
Default values for settings was changed to allow only TLS 1.2:
- "HTTPT SSL protocol", "HTTPT SSL cipher suite"
- "Application MUX SSL protocol", "Application MUX SSL cipher suite"
- "GRID SSL protocol", "GRID SSL cipher suite"
Old values:
- "ALL -SSLv2 -SSLv3"
- "HIGH:MEDIUM:!aNULL:!eNULL:!SSLv2:!RC4:!MD5:@STRENGTH"
New values:
- "ALL -SSLv2 -SSLv3 -TLSv1 -TLSv1.1"
- "ALL:!aNULL:!eNULL:!SSLv2:!SSLv3:@STRENGTH"
Flags for this ticket are disabled by default.
[PREVIEW] ISL Conference Proxy - Core - Remove HTTP Server header (FEATURE) [ISLCONFPROXY-1755] More
Description
HTTP Server header was removed from HTTP responses. Server header will still stay present in "/webaccess" as it is required by client software for HTTP tunnels.
Flags for this ticket are disabled by default.
[PREVIEW] ISL Conference Proxy - Core - AKV counters log (FEATURE) [ISLCONFPROXY-1763] More
Description
Counters dump (dump command in "Logs > Counter settings") is now implemented in AKV format. Output is limited to 100 counters per log line, multiple lines will be logged if there are more. Counter output name (set by "[name]" in setting) is converted to AKV format:
- AKV key must match:
[A-Z][A-Z0-9]{0,15}_[A-Z][A-Z0-9]{0,15}_L- ':' and '_' are used to find the scope, otherwise "CNT_" will be used as scope
- lowercase letters are uppercased
- numbers are passed through except the first character
- other characters are stripped out
- length is limited to <16 characters>_<16 characters>_L
Flags for this ticket are disabled by default.
ISL Light - Module - new webapi2 call "isllight/session/info/2" return session info for external_id (FEATURE) [ISLLIGHT-5070] More
Description
Added new webapi2 method isllight/session/info/2 that returns session info for specific external_id. The server will register this webapi2 method only if it is using direct tables (DT) database backend and has light_external_id in database options. Only last created session that matches external_id will be returned.
[PREVIEW] ISL Light - Module - add setting for ISL Light package id for Android to be used on join page (FEATURE) [ISLLIGHT-5082] More
Description
Added support to customize Android intent package in Join Session WebAPI through setting ISL Light / Androidintent package in join session. The default value is com.islonline.isllight.mobile.android.
Flags for this ticket are disabled by default.
[PREVIEW] ISL Pronto - Module - Extend JSON patching protocol to prevent feedback loop (DEFECT) [ISLPRONTO-1081] More
Description
In some cases servers could get caught in a JSON patching feedback loop. To prevent this patching protocol has been extended with new message types.
The defect is fixed.
Flags for this ticket are disabled by default.