General Information
IMPORTANT: upgrade from older version to ISL Conference Proxy 4.4.1837.49 can take a bit longer as some of the indexes needs to be recreated. On fast server with SSD and database size 100GB it takes approx 15minutes to complete the upgrade.
IMPORTANT: old versions of CoreLogin module do not work with ISL Conference Proxy 4.4.1837.49, because of change made in ISLCONFPROXY-1760.
IMPORTANT: ISL Conference Proxy 4.4.1837.49 was replaced with ISL Conference Proxy 4.4.1837.53 due to dropped support for kernel 2.6 and CentOS 5 change in header files. Release info for ISL Conference Proxy 4.4.1837.53.
On 18th of December the following was released:
- ISL Conference Proxy 4.4.1837.49 for Windows 32bit (Platform=win32, Revision=dcbe078ccdb8afc56322bd11b8926572ce6015ba, release_date=2018-12-13, req_os_version=0x06000000-0x7fffffff)
- ISL Conference Proxy 4.4.1837.49 for for Windows 64bit (Platform=win64, Revision=dcbe078ccdb8afc56322bd11b8926572ce6015ba, release_date=2018-12-13, req_os_version=0x06000000-0x7fffffff)
- ISL Conference Proxy 4.4.1837.49 for for Linux 32bit (Platform=linux, Revision=dcbe078ccdb8afc56322bd11b8926572ce6015ba, release_date=2018-12-13)
- ISL Conference Proxy 4.4.1837.49 for for Linux 64bit (Platform=linux64, Revision=dcbe078ccdb8afc56322bd11b8926572ce6015ba, release_date=2018-12-13)
Modules
- ISL AlwaysOn 4.4.1837.49 (release_date=2018-12-13, revision=dcbe078ccdb8afc56322bd11b8926572ce6015ba)
- Core Login 4.4.1837.49 (release_date=2018-12-13, revision=dcbe078ccdb8afc56322bd11b8926572ce6015ba)
- ISL Groop 4.4.1837.49 (release_date=2018-12-13, revision=dcbe078ccdb8afc56322bd11b8926572ce6015ba)
- ISL Light 4.4.1837.49 (release_date=2018-12-13, revision=dcbe078ccdb8afc56322bd11b8926572ce6015ba)
- ISL Pronto 4.4.1837.49 (release_date=2018-12-13, revision=dcbe078ccdb8afc56322bd11b8926572ce6015ba)
- DNS Server 4.4.1837.49 (release_date=2018-12-13, revision=dcbe078ccdb8afc56322bd11b8926572ce6015ba)
- Storage 4.4.1837.49 (release_date=2018-12-13, revision=dcbe078ccdb8afc56322bd11b8926572ce6015ba)
- Reports 4.4.1837.49 (release_date=2018-12-13, revision=dcbe078ccdb8afc56322bd11b8926572ce6015ba)
Translations
- core_login_20181213_20181213_081429.translation
- isl_alwayson_20181213_20181213_081429.translation
- isl_conference_proxy_20181213_20181213_081429.translation
- isl_groop_20181213_20181213_081429.translation
- isl_light_20181213_20181213_081429.translation
- isl_pronto_20181213_20181213_081429.translation
- reports_20181213_20181213_081429.translation
Update availability
All updates, except translations, have release date set to 2018-12-18. Your ESS will need to be same or higher to be able to update your server. This release is available to all countries except Japan.
Upgrading to new version
This are server side updates so hosted service users do not need to do anything.
Server license users please check Upgrading Server License
Improvements
ISL Conference Proxy - Core - Force download of all untrusted files (SECURITY) [ISLCONFPROXY-1808] More
Description
ISL Conference Proxy now forces download (save to folder) of all untrusted (user uploaded) files to prevent future XSS exploits based on file execution. The exception whitelist can be controlled with setting "Security > Allow inline download of unstrusted files (MIME type regex ...)". Default:
image/(jpeg|png|gif|webp) text/plainIt is not recommended to add MIME types to the whitelist without a good understanding of web security. For example, SVG files should never be allowed as they may contain insecure javascript!
ISL Conference Proxy - Core - Add swf to blocked file types (SECURITY) [ISLCONFPROXY-1809] More
Description
"Security > Blocked file extensions for user upload (.exe ...)" was updated to latest (2018-10-31) list of blocked file types in Gmail https://support.google.com/mail/answer/6590?hl=en + swf.
Old list:
.ade .adp .bat .chm .cmd .com .cpl .exe .hta .ins .isp .jar .js .jse .lib .lnk .mde .msc .msi .msp .mst .nsh .pif .scr .sct .shb .sys .vb .vbe .vbs .vxd .wsc .wsf .wshNew list (+apk +cab +dll +dmg +swf):
.ade .adp .apk .bat .cab .chm .cmd .com .cpl .dll .dmg .exe .hta .ins .isp .jar .js .jse .lib .lnk .mde .msc .msi .msp .mst .nsh .pif .scr .sct .shb .swf .sys .vb .vbe .vbs .vxd .wsc .wsf .wsh
ISL Pronto - Module - Use 8 byte random ID for client ID (SECURITY) [ISLPRONTO-1228] More
Description
"session_id" in URL query parameter in "/live/islpronto/events.js" and "/live/islpronto/call.js" was changed from predictable numeric incrementing ID to random hex ID.
ISL AlwaysOn - Module - Limit number of granted connection on user (FEATURE) [ISLALWAYSON-1337] More
Description
Added support for limiting number of granted connection on user. A user/domain/server can have a limitation (standard setting) on the number of granted ISL AlwaysOn connections. Check is performed when a new connection is grated, existing connection is "ghosted" or a connection is migrated. The check is performed only when limitation is set. When existing connection is migrated to same owner the check is skipped.
The users computers are ones that have any of this properties:
- owned by this user,
- owned by the group whose owner is this user,
- owned by this users domain.
If there is limitation on number of granted connections the number of computers in union above must be less than the limit.
ISL AlwaysOn - Module - Store tags when granting access (FEATURE) [ISLALWAYSON-1346] More
Description
Added support for storing tags to connection and ISLAlwaysOn user when granting access to a user.
ISL AlwaysOn - Module - Add webapi that would return ISL AlwaysOn account info (FEATURE) [ISLALWAYSON-1357] More
Description
Added new webapi2 method islalwayson/usage/1. This method will get number of installed ISL AlwaysOn computers owned by current user and users in current domain. This method will also return limitations for granting new connections.
ISL AlwaysOn - Module - Add and store domain_id to ISL AlwaysOn tables (FEATURE) [ISLALWAYSON-1358] More
Description
In order to simplify searches, domain id has been added to ISL AlwaysOn tables.
ISL Conference Proxy - Core - GRID server list internal webapi2 (FEATURE) [ISLCONFPROXY-1524] More
Description
Added new WebAPI2 method internal/utils/grid/servers/get/1 to retrieve a list of GRID servers. Four filtering methods are supported:
- by service and client address (IP), returns sorted servers by load balancer (best match first)
- by service, returns servers that have service enabled
- by module, returns servers that have module installed
- no filters, returns all servers in GRID
ISL Conference Proxy - Core - Insert row in DT raw data initial data support (FEATURE) [ISLCONFPROXY-1531] More
Description
In previous version, if "Insert row" button was clicked in DT Raw data, then row was inserted and then user could edit it. This was now redesigned so that now, this button opens a row editor, where initial row data can be specified.
ISL Conference Proxy - Core - Save default setting config in PostgreSQL (FEATURE) [ISLCONFPROXY-1611] More
Description
Added static table "isldb_default_configuration" which contains all default configuration values.
ISL Conference Proxy - Core - Add HTTP user agent into webhits AKV | 2018-06-04 (FEATURE) [ISLCONFPROXY-1735] More
Description
HTTP User-Agent was added to web hits statistics and HTTP request log.
ISL Conference Proxy - Core - Expose db dir location to module SDK as env ISLCP_DBDIR (FEATURE) [ISLCONFPROXY-1743] More
Description
Internal environment variable for module SDK, exposes db dir location. Normally it's "db", but it can change to "db_test" when integration tests are running.
ISL Conference Proxy - Core - Support missing 2FA state for user login webtoken (FEATURE) [ISLCONFPROXY-1745] More
Description
Added support for enforcing Two Factor Authentication (2FA) for users. New state was added to login webtoken. When you set "Allow login without configured Two-Factor Authentication" to "No", only "Security" pages are available, where you can setup 2FA. while other pages are redirected to this page.
ISL Conference Proxy - Module Core Login - Enforce 2FA for users in domain (FEATURE) [ISLCONFPROXY-1757] More
Description
Added support for enforcing Two Factor Authentication (2FA) for users. This can be done in ISL Conference Proxy configuration page / Security / Allow login without configured Two-Factor Authentication. When this is set to yes, webapi2 method utils/login/1 will return error, saying that you should set 2FA for your account. When 2FA is set, then login should succeed.
ISL Conference Proxy - Core - Restartable module app processes (FEATURE)[ISLCONFPROXY-1760] More
Description
Restartable module app process support was added. Control panel to restart and stop module apps was added to /conf in "Activity monitor > Processes". Also there was some minor changes of messages because of new process states. Field "MODAPP_PID_L" was also added. Modules that do not start in time will report warnings every 10 seconds after initial 30 seconds and timeout error at 120 seconds.
ISL Conference Proxy - Core - Module SDK flags (FEATURE) [ISLCONFPROXY-1766] More
Description
Module SDK flags support was added. Changing a module app flag requires a restart, which is now shown in "/conf". Module runtime tracking was improved thanks to extra functionality available because of flags support:
- stopping a module app for more than 120 seconds will result in internal error (which affects load balancer)
- module startup errors are now also reported as internal errors instead of just simple error emails
ISL Conference Proxy - Core - HTML flag lib (FEATURE) [ISLCONFPROXY-1770] More
Description
Added support for flags in Module SDK. These flags are available in GoLang.
ISL Conference Proxy - Core/Windows - Update publisher info from XLAB d.o.o. to ISL Online (FEATURE) [ISLCONFPROXY-1773] More
Description
Publisher information on Windows was updated from XLAB d.o.o. to ISL Online.
ISL Conference Proxy - Core/Backup/CoreAdmin/CoreLogin - Module SDK translation support with restarts (FEATURE) [ISLCONFPROXY-1775] More
Description
HTML file retranslate support was added when restarting module app. When new .translation file is uploaded, module app restart notice will be present in /conf (old behaviour: translation updates were performed without restarting the module app - this complex mechanism was fully removed). Translations cache is implemented as <outfile>.trcache files together with output files, bringing module retranslate on small changes from 10s+ to less than a second.
ISL Conference Proxy - Core/Backup/CoreAdmin/CoreLogin/islonline.net - Module SDK development mode v2 (FEATURE) [ISLCONFPROXY-1778] More
Description
Simple & full featured development mode was added to ICP:
- ICP will wait for module to be started in debugger
- stopping the debugger and restarting again is supported
- module restart/stop from /conf is also supported (module must be started manually again in debugger)
- flags & translation files will be updated on each start of module process in debugger
- all log types are fully supported, logs are also duplicated in debug console on stdout for inspection
ISL Conference Proxy - Core - Update Go to 1.10.2 from 1.7.3 (FEATURE) [ISLCONFPROXY-1779] More
Description
ISL Conference Proxy is now using Go version 1.10.2 instead of 1.7.3 for build.
ISL Conference Proxy - Core - User agent and GeoIP country code filtering in HTTP and WebAPI (FEATURE) [ISLCONFPROXY-1780] More
Description
"Security > Filters that define access to web pages" was extended to support user agent and geoip country code filtering. User agent match is a substring, both are case insensitive, user agent characters must be url encoded: <space> + % ;
deny_ua mozilla/5.0+(Windows+NT+6.3%3b+Win64%3b+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/69.0.3497.100+Safari/537.36 allow_alldeny_geoipcc VN allow_all
ISL Conference Proxy - Core - system/ namespace for webapis (FEATURE) [ISLCONFPROXY-1820] More
Description
WebAPI2 calls named "system/*" are now filtered based on IP address with setting "Security > Allowed IP addresses for administration". By default, only localhost is allowed. Like /conf, localhost is always allowed, even if not in the list.
ISL Conference Proxy - Core - Support for filtering webpages based on IP address (FEATURE) [ISLCONFPROXY-1823] More
Description
Added support for filtering web pages based on IP address with setting "Security / Allowed IP addresses for administration". By default, only localhost is allowed. Like /conf, localhost is always allowed, even if it's not in the list.
ISL Conference Proxy - Core - Testing internal webapi2 X-Islcp-Header (DEFECT) [ISLCONFPROXY-1523] More
Description
In previous version, "CP-RUNTIME-SECRET-KEY in "users/main/test_webapi2.html" was encoded directly in HTTP header. This was now redesigned so that "CP-RUNTIME-SECRET-KEY" is encoded inside "X-Islcp-Header".
The defect was fixed.
ISL Conference Proxy - Core - test_webapi2 allow null values in responses (DEFECT) [ISLCONFPROXY-1761] More
Description
"null" value in JSON response in "/users/main/test_webapi2.html" is now correctly handled - does not fail in JSON renderer.
ISL Conference Proxy - Core - Translation engine does not handle quotes correctly in HTML attribute context (FEATURE) [ISLCONFPROXY-1774] More
Description
Translation engine handled HTML attributes translations incorrectly when the translation string included single or double quote - they pass unescaped as if in HTML text context. They are now escaped. The defect prevented Core Login to load. Development flag "Debug translations" records all translations in "translations_trace[.N]" for analysis.
ISL Conference Proxy - Core - Batch files create command files in incorrect directory when run as administrator (DEFECT) [ISLCONFPROXY-1803] More
Description
Batch files exposed through the ISL Conference Proxy start menu group created command files in incorrect directory (c:\windows\system32) when ran as administrator. Now the batch files create the command files in the correct directory (ISL Conference Proxy installation directory).
The defect was fixed.
ISL Conference Proxy - Core - Clear sessionCode if form value changes (DEFECT) [ISLCONFPROXY-1805] More
Description
In some cases it was possible that Join page gave users previously used session code. This was now redesigned and stored session code was now cleared so it should not have users previously used session code.
The defect was fixed.
ISL Conference Proxy - Core Login - Increase webapi client timeout to 30s (DEFECT) [ISLCONFPROXY-1824] More
Description
In some cases when Core Login called ISL Conference Proxy WebAPI2 methods (for example for sending email) and they took longer than 2 seconds, then GUI showed error "Failed to send email", but email was still sent. This was now redesigned, and timeout was set to 30 seconds.
The defect was fixed.
ISL Groop - Module - Read current db value in db change callback (DEFECT) [ISLGROOP-1021] More
Description
In some cases ISL Groop module issued database write with old db value. This caused endless loop. If this happened in GRID, then database updates were also queued in network layer. In both cases, ISL Groop program started blinking. This was now redesigned and ISL Groop module should not issued database write with old db.
The defect was fixed.
ISL Light - Module - Always use light_external_id (FEATURE) [ISLLIGHT-5078] More
Description
Option light_external_id is always used. Webapi calls, xmlmsg and session queries will now accept and return externalId.
ISL Pronto - Module - Login with invalid webtoken should not proceed to user authenticate if username is empty (FEATURE) [ISLPRONTO-1062] More
Description
If ISL Pronto client with 2FA enabled, had a webtoken cached from a previous login, it prompted the server with it using empty username/password. As a speed optimization, a flag was added to ISL Pronto module, which returns failure if webtoken is expired, without trying to log in with empty username/password.
ISL Pronto - Module - Separate invited and joined state in database (DEFECT) [ISLPRONTO-1058] More
Description
ISL Pronto operators that were invited to the chat of other operators, but did not actually join the conversation, counted as they participated in the chat. This resulted in high number of chats for some operators, who only received invitations, but did not actually join the chats. States for chat invitations and actual joined chats are now separated in the database.