On 25th of March the following was released:
- ISL Conference Proxy 4.4.2044.79 for for Windows 64bit (Platform=win64, Revision=9af373cba6dda32fdcfebfdd7679b47fcb729c92, release_date=2021-03-22, req_os_version=0x06010000-0x7fffffff)
- ISL Conference Proxy 4.4.2044.79 for for Linux 64bit (Platform=linux64, Revision=9af373cba6dda32fdcfebfdd7679b47fcb729c92, release_date=2021-03-22, req_os_version=0x0206200000-0xffffffffff)
Important: Required GNU C library (glibc) version on Linux system was raised to 2.12.0!
Modules
- Administration 4.4.2044.79 (revision=9af373cba6dda32fdcfebfdd7679b47fcb729c92, release_date=2021-03-22)
- Audit 4.4.2044.79 (revision=9af373cba6dda32fdcfebfdd7679b47fcb729c92, release_date=2021-03-22)
- Authentication 4.4.2044.79 (revision=9af373cba6dda32fdcfebfdd7679b47fcb729c92, release_date=2021-03-22)
- Backup 4.4.2044.79 (revision=9af373cba6dda32fdcfebfdd7679b47fcb729c92, release_date=2021-03-22)
- Core Login 4.4.2044.79 (revision=9af373cba6dda32fdcfebfdd7679b47fcb729c92, release_date=2021-03-22)
- DNS 4.4.2044.79 (revision=9af373cba6dda32fdcfebfdd7679b47fcb729c92, release_date=2021-03-22)
- GeoIP 4.4.2044.79 (revision=9af373cba6dda32fdcfebfdd7679b47fcb729c92, release_date=2021-03-22)
- Integrator 4.4.2044.79 (revision=9af373cba6dda32fdcfebfdd7679b47fcb729c92, release_date=2021-03-22)
- ISL AlwaysOn 4.4.2044.79 (revision=9af373cba6dda32fdcfebfdd7679b47fcb729c92, release_date=2021-03-22)
- ISL Groop 4.4.2044.79 (revision=9af373cba6dda32fdcfebfdd7679b47fcb729c92, release_date=2021-03-22)
- ISL Light 4.4.2044.79 (revision=9af373cba6dda32fdcfebfdd7679b47fcb729c92, release_date=2021-03-22)
- ISL Pronto 4.4.2044.79 (revision=9af373cba6dda32fdcfebfdd7679b47fcb729c92, release_date=2021-03-22)
- Locale 4.4.2044.79 (revision=9af373cba6dda32fdcfebfdd7679b47fcb729c92, release_date=2021-03-22)
- NTP 4.4.2044.79 (revision=9af373cba6dda32fdcfebfdd7679b47fcb729c92, release_date=2021-03-22)
- PostgreSQL 4.4.2044.79 (revision=9af373cba6dda32fdcfebfdd7679b47fcb729c92, release_date=2021-03-22)
- Reports 4.4.2044.79 (revision=9af373cba6dda32fdcfebfdd7679b47fcb729c92, release_date=2021-03-22)
- Storage 4.4.2044.79 (revision=9af373cba6dda32fdcfebfdd7679b47fcb729c92, release_date=2021-03-22)
- System Monitor 4.4.2044.79 (revision=9af373cba6dda32fdcfebfdd7679b47fcb729c92, release_date=2021-03-22)
Translations
- administration_20210322_20210322_120212.translation
- backup_20210322_20210322_120212.translation
- core_login_20210322_20210322_120212.translation
- integrator_20210322_20210322_120212.translation
- isl_alwayson_20210322_20210322_120212.translation
- isl_conference_proxy_20210322_20210322_120212.translation
- isl_groop_20210322_20210322_120212.translation
- isl_light_20210322_20210322_120212.translation
- isl_pronto_20210322_20210322_120212.translation
- reports_20210322_20210322_120212.translation
Update availability
All updates, except translations, have release date set to 2021-03-22. Your ESS will need to be same or higher to be able to update your server. This release is available to all countries except Japan.
Upgrading to new version
This are server side updates so hosted service users do not need to do anything.
Server license users please check Upgrading Server License
Improvements
ISL AlwaysOn - Module - JS replace escape (SECURITY) [ISLALWAYSON-1623] More
DescriptionJavascript replace function call is now properly escaped in move connection to group form and files list.
ISL Conference Proxy - Core - JS replace escape (SECURITY) [ISLCONFPROXY-2009] More
DescriptionJavascript replace function call is now properly escaped in login forms and web page version selector.
ISL Conference Proxy - Module Reports - JS replace escape (SECURITY) [ISLCONFPROXY-2028] More
DescriptionJavascript replace function call is now properly escaped in chat transcript.
ISL Conference Proxy - Core - Secure HTTP header encoder (SECURITY) [ISLCONFPROXY-2394] More
DescriptionHTTP response header encoder was improved to reject newline injections. No injections are known to exist at this time, all header usage is done through sanitized or properly encoded APIs.
ISL Conference Proxy - Core Login SAML - Fix for GHSA-4hq8-gmxx-h6w9 (SECURITY) [ISLCONFPROXY-2410] More
DescriptionLibrary was updated to fix vulnerability GHSA-4hq8-gmxx-h6w9 in Core Login SAML implementation. Related CVEs:
- CVE-2020-29509
- CVE-2020-29510
- CVE-2020-29511
ISL Groop - Module - JS replace escape (SECURITY) [ISLGROOP-1128] More
DescriptionJavascript replace function call is now properly escaped in file upload.
ISL Light - Module - JS replace and HTML escape (SECURITY) [ISLLIGHT-5375] More
DescriptionJavascript replace function call and html are now properly escaped in session list tooltips and transfer user selector.
ISL Pronto - Module - JS replace and HTML escape (SECURITY) [ISLPRONTO-1300] More
DescriptionJavascript replace function call and html are now properly escaped in:
- filter chooser in web chat
- chat transcript
- welcome message in in-page chat
ISL Conference Proxy - Core - Disable certain webapi2 calls in released software (FEATURE) [ISLCONFPROXY-1279] More
DescriptionSupport was added for disabling specified webapi2 functionalities. Before users could only block access to webapi2 functionalities, now they can disable the webapi2 functionalities altogether. The setting for disabling webapi2 functionalities is located on ISL Conference Proxy configuration page under Security section: "List of webapi2 calls that will NOT be registered"
ISL Conference Proxy - Administration - Add domain/admin/usergroup/list/1 webapi (FEATURE) [ISLCONFPROXY-1711] More
DescriptionAdded new webapi2 method domain/admin/usergroup/list/1. This method returns list of user groups from user's domain. Set filter to filter groups by group name. Session user must be Domain Admin otherwise "insufficient permissions" error is returned.
ISL Conference Proxy - Administration - Add domain/admin/usergroup/create/1 webapi (FEATURE) [ISLCONFPROXY-1712] More
DescriptionAdded new webapi2 method domain/admin/usergroup/create/1. This method creates new user group. Only user members are supported. Unlike standard/computer groups, session user is not added to group and group owner is domain. Session user must be Domain Admin and have "User can create, edit and delete user groups if he is Domain Admin" permission otherwise "insufficient permissions" error is returned.
ISL Conference Proxy - Administration - Add domain/admin/group/update/1 webapi (FEATURE) [ISLCONFPROXY-1713] More
DescriptionAdded new webapi2 method domain/admin/group/update/1. This method updates existing user group. Session user must be Domain Admin and have "User can create, edit and delete user groups if he is Domain Admin" permission otherwise "insufficient permissions" error is returned.
ISL Conference Proxy - Administration - Add domain/admin/usergroup/remove/1 webapi (FEATURE) [ISLCONFPROXY-1714] More
DescriptionAdded new webapi2 method domain/admin/usergroup/remove/1. This method deletes user group. Session user must be Domain Admin and have "User can create, edit and delete user groups if he is Domain Admin" permission otherwise "insufficient permissions" error is returned.
ISL Conference Proxy - Administration - Add domain/admin/user/list/usergroup/membership/1 webapi (FEATURE) [ISLCONFPROXY-1715] More
DescriptionAdded new webapi2 method domain/admin/user/list/usergroup/membership/1. This method lists users similarly to domain/admin/user/list/1 but also includes is_member field for each user which marks if user is member of group. Session user must be Domain Admin otherwise "insufficient permissions" error is returned.
ISL Conference Proxy - Administration - Add group management view (FEATURE) [ISLCONFPROXY-1762] More
DescriptionGroup management view was added to Administration pages where user can list, create and edit user groups.
ISL Conference Proxy - Core - HTTP domain redirects (FEATURE) [ISLCONFPROXY-1814] More
DescriptionSetting "Web server > Redirect domains (<PathRegex> <DomainRegex> <RedirectToDomain>)" was added. Example setting to redirect standard user web pages from x.y.com to a.b.com:
(/|/users/.*) x\.y\.com a.b.com
Redirecting /conf or API URLs like /webaccess, /webapi2, ... is not advisable.
SysInfo - Module - Improved Device+OS name (FEATURE) [ISLCONFPROXY-1827] More
DescriptionSystem Information in /conf -> Activity monitor -> System statistics will now show also device name.
ISL Conference Proxy - Core - Add internal/utils/public/url/get/1 webapi2 for retrieving public URL (FEATURE) [ISLCONFPROXY-1929] More
DescriptionRegistered new internal webapi2 internal/utils/public/url/get/1 which returns ICP's public address.
[INTERNAL] ISL Conference Proxy - Core - Remove / at the end of static_core_path_min_430 (FEATURE) [ISLCONFPROXY-2029] More
DescriptionSlash at the end of static_core_path_min_430 API call was removed. Affects ISL Pronto template readability.
ISL Conference Proxy - Core - Add GeoIP support for root handler (FEATURE) [ISLCONFPROXY-2099] More
DescriptionOption "force_geoip=1" was added to "Web server > Map path to HTTP backend" to enable GeoIP even outside session paths like /users. GeoIP will run on every request and will not be cached in webtoken. Additionally, "force_geoip:1" option was added to "register_webapp_handler" in config.json. Dev flag "force_client_ip" was added and will take effect in:
- TCP connections on 80, 443, 7615
- DNS context client_address
[INTERNAL] ISL Conference Proxy - Core - Fix Host field parsing in cookie_domain (FEATURE) [ISLCONFPROXY-2106] More
DescriptionInternal handling of Host field parser to determine domain for cookies was fixed for IPv6 addresses. There is no visible user impact.
ISL Conference Proxy - Core - Store webtoken creation time (FEATURE) [ISLCONFPROXY-2147] More
DescriptionWebtokens now include timestamp when the token was created. Timestamp is not changed when webtoken is updated and with this information we can now limit how long the webtoken can be used. Default value is 30 days and can be changed in /conf -> Advanced -> Web server -> "Websession max age (in seconds)".
"utils/webtoken/info/1" was updated to return token age.
ISL Conference Proxy - Core - Reduce number of DB queries in "utils/group/query/1" webapi2 (FEATURE) [ISLCONFPROXY-2149] More
DescriptionIn previous versions webapi2 method "utils/group/query/1" became slow when number of groups started to increase. This was now redesigned and number of DB queries in "utils/groups/query/1" webapi2 was reduced to improve performance.
ISL Conference Proxy - Core - Add option to limit "utils/groups/query" webapi2 to domain (FEATURE) [ISLCONFPROXY-2150] More
DescriptionSupport for domain limited queries in utils/groups/query webapi2 was added. New setting "Limit groups to domain" was added to General settings in /conf. Default value is set to "No" which has no change in behavior. When the setting is set to "Yes", webapi will only return groups that belong to the domain of the user calling the webapi. This can cause some groups not showing (if group, that the user is member of, belongs to other domain).
ISL Conference Proxy - Core - Add option to limit number of created groups on domain (FEATURE) [ISLCONFPROXY-2151] More
DescriptionNew setting "Maximum number of groups in domain" was added to General settings in /conf. With this settings we can specify the maximum number of all groups in one domain. This setting is then checked in utils/groups/create/1 webapi2 method. If setting is set and number of existing groups in the domain that the user belongs to is already equal or over the limit, the webapi2 call will result in error "Maximum number of groups in domain reached. You cannot create any more groups." and group will not be created. If setting has default value "unlimited", the limit is ignored and users can create arbitrary number of groups.
ISL Conference Proxy - Core - Add webapi system/groups/optimize/1 (FEATURE) [ISLCONFPROXY-2156] More
DescriptionNew webapi2 method was added: "system/groups/optimize/1". Webapi is used to set Domain ID for groups that do not have it set. Domain ID is set to match the owner of the group. Webapi supports several actions, selected by passing argument "action":
- search_users: returns all users in given domain (used in other actions)
- waiting: returns groups with missing Domain ID (waiting to be optimized)
- search: returns groups with missing Domain ID for given user (user ID + domain ID)
- check: returns list of groups that will be optimized and before/after value of Domain ID and before/after value of Owner ID if owner has to be fixed also
- update: same as "check" but actually updates the DB
New log subsystem "[Core] Optimize groups" is used to log skipped and optimized groups.
ISL Conference Proxy - Core - Add GUI for groups DB optimize (FEATURE) [ISLCONFPROXY-2162] More
DescriptionNew GUI for optimizing groups in DB was created. GUI is accessible in /conf -> Activity monitor ->Database. User can:
- fetch all domain users (user ID is required for some other actions)
- search all groups without domain ID per domain or per specific user in domain (when user ID is provided)
- check (see changes but do not update DB) or update groups with missing domain ID per domain or per specific user in domain (when user ID is provided)
- check or update all groups without domain ID
ISL Conference Proxy - Core - Sync external groups in login settings rules (FEATURE) [ISLCONFPROXY-2288] More
DescriptionSecurity > "External authenticator login settings rules" and "SAML login settings rules" were extended with rule commands that create external user groups in ISL Conference Proxy and assign memberships:
- ["sync-external-groups-rename", "FROM1", "TO1", "FROM2", "TO2", ...]:
- renames groups for sync-external-groups using regular expression FROM and replacement TO (uses \1, \2, ... for captures)
- renames stop on first FROM match, use multiple sync-external-groups-rename for multiple passes
- rename to empty string will exclude group from sync
- place before sync-external-groups and after groups-from-attr
- (for SSO SAML) ["sync-external-groups", "GROUPEXPR_PREFIX"]:
- creates groups with names that start with GROUPEXPR_PREFIX (prefix is removed from group name)
- GROUPEXPR_PREFIX is usually empty ""
- group renames should be avoided, new groups will be created with new names
- place after sync-external-groups-rename and groups-from-attr
- maximum number of groups per user is 100
- (for LDAP) ["sync-external-groups", "GROUPEXPR_PREFIX", "GROUPID_PREFIX"]:
- creates groups with names that start with GROUPEXPR_PREFIX (prefix is removed from group name) and external_id that starts with GROUPID_PREFIX (prefix is removed from external_id)
- external_id is used as a main identifier, so group renames are supported if external_id stays the same
- on AD, GROUPEXPR_PREFIX is usually "tag:cn:" and GROUPID_PREFIX "tag:objectguid:"
- place after sync-external-groups-rename and groups-from-attr
- maximum number of groups per user is 100
WebAPI2 methods will now return "group_type" with a value "", "external_group" or "user_group":
- utils/groups/create/1
- utils/groups/query/1
- utils/groups/query/2
- utils/groups/info/1
- utils/groups/update/1
WebAPI2 utils/groups/delete/1 will refuse to delete groups of type "external_group".
ISL Conference Proxy - Core - utils/group/query/3 with support for user groups (FEATURE) [ISLCONFPROXY-2298] More
DescriptionWebapi2 calls "utils/groups/query/1" and "utils/groups/query/2" will now return only computer groups. "utils/groups/query/3" was added which returns all groups by default or with "type" parameter to restrict the results to "computer" and "user" groups.
[INTERNAL] ISL Conference Proxy - Core - Implement group based acls, dump rights with types (FEATURE) [ISLCONFPROXY-2323] More
DescriptionUser resolution for groups and privileges was unified. Objects in groups and privileges have "type" and "id". Types are group, domain and user. Id is group public code, domain name and full username. Limitation to group hierarchy was added to allow only user groups to be present as members in computer groups. Computer group cannot be added as member to another computer group.
New webapis are available that support privileges for groups. There are few use changes to new webapis compared to design of old webapis:
- apis will now return nice names relative to current user domain - before server default domain was used
- only full objects definitions are now accepted (we accept groups, domains and users). Before object definition was also deduced from string only - now type and id must be provided.
List of new webapis:
- utils/groups/create/2
- utils/group/query/3
- utils/group/info/2
- utils/group/update/2
- utils/group/security/3
Existing webapis will not show acls related to groups, but will use them in backend to check permissions.
ISL Conference Proxy - Core - Invalidate webtoken on change/reset password or email (FEATURE) [ISLCONFPROXY-2327] More
DescriptionAll current user webtokens are now invalidated when:
- user changes password
- user resets password (forgot password)
- user changes email
All webtokens with creation time before current timestamp - 1 seconds are invalidated. The current user will get new webtoken that is valid and he will not be logged out.
In previous versions when user had 2FA enabled, reset password via "Forgot password" link and tried to login, login failed. This was redesigned and user is now redirected to login page.
The defect was fixed.
ISL Conference Proxy - Integrator - Prepare new Integrator module to be used with JWT and register new webapi2 calls (FEATURE) [ISLCONFPROXY-2332] More
DescriptionNew Integrator module was prepared, which can be used to create domains and users in ISL Conference Proxy. New table "integrator_jwt_api_access_public_rsa_keys" was registered, to store "key_id"s, public keys and rights. New webapi2 methods registered:
- integrator/user/create/1: Creates new user. Requires "create_user" right. Username must be valid and unique. No other checks are performed.
- integrator/domain/create/: Creates new domain. Requires "create_domain" right. Domain name must be valid and unique.
- integrator/domain/set/concurrent/limit/1: Sets concurrent limit for domain (Max concurrent usage (per user setting)). Requires "set_domain_concurrent_limit" right. Limit can be left blank/skipped to reset/clear setting value.
ISL Conference Proxy - ISL AlwaysOn - Add support for user groups sharing (FEATURE) [ISLCONFPROXY-2335] More
DescriptionUser groups were added to computer list sharing. User groups are now listed when sharing computer group or computer. Sharing dialog was updated and now has 3 tables: users, groups and selected. GUI is also updated to use new webapis and only computer groups are shown in list. Computer groups and computers can be only shared with user groups, but computer can be moved to computer group same as before.
ISL Conference Proxy - Core, Integrator - Prepare integrator API for forgot password token (FEATURE) [ISLCONFPROXY-2336] More
DescriptionInternal webapi2 call "internal/utils/password/forgot/custom/1" was registered, which accepts "email_address", "email_subject", "email_body", checks these fields are set and not empty, checks user with that email address exists in DB, parses and validates html body, checks body contains at least one token placeholder, replaces it and sends email.
"integrator/utils/password/forgot/custom/1" was registered, which forwards call to "internal/utils/password/forgot/custom/1". Requires "utils_password_forgot_custom_1" right to work.
ISL Conference Proxy - Core - Logout user on web "Logout" link (FEATURE) [ISLCONFPROXY-2343] More
DescriptionIn previous versions session was not invalidated when user clicked "Logout" on web pages. Now webtoken for user is invalidated on logout.
ISL Conference Proxy - Core - Data lifecycle queries PG index usage (FEATURE) [ISLCONFPROXY-2347] More
DescriptionDelete history queries were improved by simplifying expression and adding new indexes.
ISL Conference Proxy - Integrator - Merge islonline_net and integrator module (FEATURE) [ISLCONFPROXY-2348] More
DescriptionIntegrator LB service was registered.
Registered "integrator/lic/user/custom/get/1" webapi2 call to query for user data.
[INTERNAL] ISL Conference Proxy - Core - Use "SetLinger" in icpwa2client (FEATURE) [ISLCONFPROXY-2353] More
DescriptionNew http client was added, that closes TCP connection immediately, so we avoid connection in TIME_WAIT state. This client should be used when calling internal webapis from modules.
ISL Light - Module - Read audit data from ISL Light programs (FEATURE) [ISLCONFPROXY-2354] More
DescriptionNew setting "Send live audit event level from ISL Light" was added to /conf in "ISL Light" settings. When set to "Audit level basic" or "Audit level detailed", ISL Conference Proxy will read audit events from ISL Light operator side and log them with "debug" level with "[ISL Light] Audit messages from client" logsubsystem. Default value of setting is "No audits".
ISL AlwaysOn - Module - Adjust web page GUI to match ISL Light program (FEATURE) [ISLCONFPROXY-2358] More
DescriptionComputer list page was updated to match ISL Light program.
Share dialog was updated:
- some visual changes (alignment, too long columns are truncated)
- click anywhere on row to toggle it
"Selected" tab shows count of members and items are ordered (domain, users of domain and user groups)
Popups were updated:
- computer row, 1s hover shows popup with details
- click on shared icon opens list of shared users/domain/user groups
- alert/lock has the same popup but with new design and now opens on click
ISL Conference Proxy - Core - Clear CPSESSID when invalid (FEATURE) [ISLCONFPROXY-2364] More
DescriptionCPSESSID is now cleared when invalid on pages that were previously ignored (/join.html, /downloads.html) and CPSESSID was kept even if it was set to something invalid or expired webtoken.
ISL Conference Proxy - Core - ASync replication details in debug XML (FEATURE) [ISLCONFPROXY-2365] More
Description"Debug > DT Async XML" now shows timing, packet and state details in senders and receivers.
ISL Conference Proxy - Administration - Add webapi to check and fix broken computer group ownership (FEATURE) [ISLCONFPROXY-2368] More
DescriptionTwo new webapi2 methods were added.
domain/admin/computergroup/list/1:
- lists all computer groups in domain
- returned data for each group: name, computer count, public code, owner (name, email, fullname, username), status (empty when all OK, otherwise contains error message)
- results can be filtered by group name and current owner
- user must be Domain Admin to use this webapi2
domain/admin/computergroup/changeowner/1:
- changes owner of specified group to the provided new user
- new owner must be valid user (given by name) in the same domain
- can only update computer groups
- requires Audit module to create audit logs
- user must be Domain Admin to use this webapi2
ISL Conference Proxy - Administration - Always set jwt integration description as wa2 error (FEATURE) [ISLCONFPROXY-2369] More
DescriptionJWT integration error handler was refactored. On error the "description" field is now set as "exception" in webapi errors field and will be logged by ISL Conference Proxy.
ISL Conference Proxy - Administration - Add page for computer group migration (FEATURE) [ISLCONFPROXY-2370] More
DescriptionNew tab "Computer Groups" was added to Administration module.
New tab shows list of all Computer Groups in domain. List can be filtered by group name, owner and status (error/ok).
Group owner can be changed for selected computer group. This will set selected user as owner of the computer group, add him to members of group and give him "all" privileges. Existing ACLs will not be modified if old owner is valid (available in DB), when old owner was problematic (not available in DB) his ACL for this group will also be removed.
ISL Conference Proxy - Core - Implement webapi utils/logout/2 (FEATURE) [ISLCONFPROXY-2376] More
DescriptionNew webapi2 method "utils/logout/2" was implemented that supports logout of sessions stored in webtokens. User can specify one of following actions:
- "this" to logout current session (please see "specific" logout in ISLCONFPROXY-579 for details)
- "all" to logout existing user sessions (please see "global" logout in ISLCONFPROXY-579 for details)
- "none" to leave session as is
ISL Light - Module - File Manager GUI features in Administration (FEATURE) [ISLCONFPROXY-2380] More
DescriptionNew setting which allows the operator to use the File Manager functionality was added to /conf in ISL Light -> Permissions -> Files -> File Manager. Settings are enabled by default. Please note that when this setting is disabled, file transfer can still be performed unless the "Send Files" and "Receive Files" settings are also disabled.
ISL Conference Proxy - Core - Add support for display names in email from address (FEATURE) [ISLCONFPROXY-2385] More
DescriptionSupport was added for display names in email from address. Setting "Default from e-mail address" in /conf -> Configuration -> Basic now supports also display names. Emails are handled in 3 ways:
- Quoted display name: If display name is nicely quoted it is used as is, no whitespace cleanup or additional escaping. Example: "Name Surname" <email@address.com>
- Unquoted display name: Display name and email address are split. Then sequences of multiple spaces are replaced with single space. Backslashes and double quotes are escaped with backslash. Example: Name Surname <email@address.com>
- No display name or email not in angle brackets: Same behavior as in previous versions, email address is extracted, everything else is dropped. Example: email@address.com
ISL Conference Proxy - Core - Support macOS versions up to 27.x (FEATURE) [ISLCONFPROXY-2386] More
DescriptionISL Conference Proxy will automatically correct program and action header os_version upper bound from 0xaffff (macOS 10.x) and 0xbffff (macOS 11.x) to 0x1bffff (macOS 27.x). As a result, programs can be now downloaded as usual up to future macOS version 27.x.
ISL Conference Proxy - Core - Devflags checksum indicator (FEATURE) [ISLCONFPROXY-2388] More
DescriptionDevflag checksum was added to dev flags page and server list as "devflags=<checksum>" feature. Checksum is empty if there are no changes to dev flags.
[INTERNAL] ISL Conference Proxy - Core - config.json support for removing /join /programs /start /download (FEATURE) [ISLCONFPROXY-2389] More
DescriptionStandard www handler may now be disabled with config.json. Devflags introduced in ISLCONFPROXY-2266 will not be supported anymore:
- Remove WWW handler /join
- Remove WWW handler /programs
- Remove WWW handler /start
- Remove WWW handler /download
ISL Conference Proxy - Core - Add module to "initialization failed" error log (FEATURE) [ISLCONFPROXY-2396] More
DescriptionWhen initialization of ICP fails, "INIT_MODULE_TXT" will be added to "initialization failed" error log line.
[INTERNAL] ISL Conference Proxy - Core - Custom email relaxng/xslt in config.json (FEATURE) [ISLCONFPROXY-2398] More
DescriptionSupport for adding custom email XSLT and RelaxNG was added to config.json.
ISL AlwaysOn - Module - Split slow session history query in separate logs (FEATURE) [ISLCONFPROXY-2402] More
DescriptionNew logs were added for slow ISL AlwaysOn queries:
- slow sql query for isl alwayson get users computers list from last used session history
- slow sql query for isl alwayson get users computers list from granted connections
Severity is based on duration:
- >60s : Alert
- >20s : Critical
- >5s : Warning
ISL Light - Module - Reduce ISL Light RPC task queue rescheduling, RPC/MSG logging (FEATURE) [ISLCONFPROXY-2405] More
DescriptionLog line "session DB sync long wait" was removed because it was misleading. Added log line "msg handling long execution time" in isllight_session_msg_channel (2s warning, 15s critical). Log line "rpc call long execution time" was improved and it will include total network to RPC finish execution time (new timestamps: "rpc::task_ => rpc::packet_") and new key LIGHTRPC_REPLYCNT_L (number of executing rpc replies).
ISL Conference Proxy - Core - Add numeric bounds to password requirement settings (FEATURE) [ISLCONFPROXY-2406] More
DescriptionNumeric bounds were added to password requirement settings.
Lower bound means numeric setting can not be set to lower value as setting on a higher level.
Upper bound means numeric setting can not be set to higher value as setting on a higher level.
When numeric bound is violated, warning in /conf will be shown: "Warning, value forced to: X", where X is value of setting on a higher level.
Settings that are now restricted with lower bound:
- Minimum password length
- Minimum number of custom special characters required in passwords
- Minimum number of uppercase characters required in passwords
- Minimum number of lowercase characters required in passwords
- Minimum number of digit characters required in passwords
Settings that are now restricted with upper bound:
- Maximum password length
Example: Set "Minimum password length" on server to 12. When trying to change setting on domain to 10, warning will be shown, and value will be forced to 12, because password length is restricted with lower bound, so we can only set it to 12 or higher. Set it, for example to 14. Now "Minimum password length" on user can be set only to 14 or higher.
Added "normal" (a-zA-Z0-9) character filter to "List of custom special characters". These characters are removed and not used when checking password. If setting contains nothing but "normal" characters (meaning it is empty after filter) we show "Setting "List of custom special characters" is not empty but contains no special characters. Please contact your system administrator. This needs to be resolved to enable password change." error to user.
Inverted "Reject passwords from password_blacklist.txt" permission so now it is "Allow passwords from password_blacklist.txt". Default value was changed from "Yes" to "No", so there are no changes when using default settings. This way domain admin can't lower security if system admin set it to "No".
ISL Conference Proxy - Administration - Add support for numeric bounds (FEATURE) [ISLCONFPROXY-2407] More
DescriptionSupport for numeric bounds was added to Administration pages. When user enters incorrect value, warning will be immediately shown. Please check ISLCONFPROXY-2406 for details about numeric bounds.
[INTERNAL] ISL Conference Proxy - Core - Remove web root meta files (favicon.ico, robots.txt) (FEATURE) [ISLCONFPROXY-2409] More
DescriptionSupport was added to config.json to remove standard web root meta files like favicon.ico and robots.txt, which may then be served by custom root handler.
ISL Conference Proxy - Audit - Add support for transaction audit logs with errors (FEATURE) [ISLCONFPROXY-2411] More
DescriptionNew webapi "domain/admin/audit/event/list/2" was added that can be used to query Audit logs and return list of audit logs with commit data also (error and timestamp).
Audit logs can can be also filtered by "status" ("error" or "ok") so only logs that were successful or not can be returned.
ISL Conference Proxy - Administration - Show audit log transactions with error (FEATURE) [ISLCONFPROXY-2413] More
DescriptionAudit logs table now has new column "Status", that shows error when an error occurred during audit log transaction. Column is shown by default and can also be filtered (Error/Ok).
Columns were also reordered, event was moved right after timestamp and status.
ISL Conference Proxy - Core - Handle glibc version packed in linux os_version and raise minimum glibc version to 2.12.0 (FEATURE) [ISLCONFPROXY-2414] More
DescriptionISL Conference Proxy and ISL AlwaysOn module were updated to handle packed linux os_version headers. "os_version" in .base and .module files is now constructed from req_os_version and req_glibc. New "os_version" will be sent to ISL Conference Proxy in program download requests and compatible program will be selected.
Required GNU C library (glibc) version was raised to 2.12.0.
ISL Conference Proxy - Core - Handle android/ios in online updater (FEATURE) [ISLCONFPROXY-2415] More
DescriptionAndroid program customizations will be installed based on API (minimum/target) levels. iOS version display will be nicer (8.0.0+ instead of 0x80000-0xffffff).
ISL Conference Proxy - Administration - Make logs on successful change of computer owner (FEATURE) [ISLCONFPROXY-2429] More
DescriptionAKV log was added when successfully changing owner of computer group. Log contains data:
- info about the user that made the change (Domain Admin)
- group ID
- old owner ID
- new owner ID
ISL Conference Proxy - Administration - Redesign change owner dialog to allow new owner searching (FEATURE) [ISLCONFPROXY-2430] More
DescriptionChange Owner dialog was redesigned in "Computer Groups" tab. New owner field is now dropdown field with search capability, so user can search for users (first 5 matches are shown) and select the one he wants to assign as new owner.
ISL Conference Proxy - Core - Update relaxng/xslt for emails (FEATURE) [ISLCONFPROXY-2432] More
DescriptionRelaxng/xslt for email templating was updated to v2. Links now use different color scheme and are not underlined anymore.
ISL Conference Proxy - Administration - Update user group management GUI (FEATURE) [ISLCONFPROXY-2437] More
DescriptionCreate/update/delete user group modals in Administration pages were updated.
ISL Conference Proxy - Administration - Update and ca_release user_domain_admin_edit_groups permission (FEATURE) [ISLCONFPROXY-2439] More
DescriptionSecurity setting "User can create, edit and delete user groups if he is Domain Admin" was moved to General -> Domain Administration section and renamed to "Create, edit and delete user groups (domain admin only)". Setting is now accessible also in Administration pages.
ISL Light - Module - Add "startedFrom" field to http event data (FEATURE) [ISLCONFPROXY-2441] More
DescriptionNew field was added to ISL Light http events: "startedFromModule".
ISL AlwaysOn - Module - Order computer groups (FEATURE) [ISLCONFPROXY-2443] More
DescriptionCase insensitive ordering was added to {{utils/groups/3}}. Computer groups in Remote access pages were already ordered by name but now case insensitive ordering is used.
ISL Conference Proxy - Core - Add support for case insensitive ordering in DB queries (FEATURE) [ISLCONFPROXY-2445] More
DescriptionSupport for lowercase order by was added to DB queries.
ISL Conference Proxy - Administration - Add check for corrupted computer group members and permissions (FEATURE) [ISLCONFPROXY-2446] More
DescriptionCheck was added to computer groups for corrupted group members and permissions. New checks are only performed in method "domain/admin/computergroup/list/2". When corrupted members are detected, "Group member is not valid" will be returned as error and will be shown as group's status in GUI.
[INTERNAL] ISL Conference Proxy - Core - External user_group: use external boolean instead of external_group type (FEATURE) [ISLCONFPROXY-2449] More
DescriptionAll user groups will now have type "user_group". External user groups (with type "external_group" previously) will now have attribute set "external" = 1 (boolean true) to differentiate them from regular groups.
ISL Conference Proxy - Administration - Protect external user groups and mark them in GUI (FEATURE) [ISLCONFPROXY-2451] More
DescriptionExternal user groups are marked in Administration GUI and modification or deletion of such groups is rejected.
ISL Conference Proxy - Core - Allow sharing computer groups with user groups by default (FEATURE) [ISLCONFPROXY-2473] More
DescriptionAdding user group to computer groups with webapis "utils/groups/update/1" or "utils/groups/update/2" will not be limited with setting "User can create group hierarchy [unsupported preview]". The setting is now used only when building user groups hierarchy.
ISL Conference Proxy - Core - Add and use setting to see all user groups in domain (FEATURE) [ISLCONFPROXY-2474] More
DescriptionUsers can now view all user groups in domain when they have permission "User can view list of user groups in own domain" (default: Yes). This allows them to share computers and computer groups with user groups even if they are not member of those user groups.
[INTERNAL] ISL AlwaysOn - Module - Add uiref for User Group share tab (FEATURE) [ISLCONFPROXY-2476] More
DescriptionElements for sharing with user groups were tagged with uiref so they can be easily hidden with css (by uiref).
ISL Conference Proxy - Module GeoIP - Update database to 2021-02-23T15:48:45Z (FEATURE) [ISLCONFPROXY-2478] More
DescriptionUpdated GeoIP to use the database GeoLite2-City 2021-02-23T15:48:45Z
ISL Conference Proxy - Core - Improve webapi2 init messages (FEATURE) [ISLCONFPROXY-2485] More
DescriptionThe text of setting "webapi2_prevent_register" was changed from "List of webapi2 calls that are NOT registered on this server" to "List of webapi2 calls that will NOT be registered". Hag logs for webapi2 methods which are not registered were added to ICP startup: "webapi2 call is in forbidden registration list - call not registered".
ISL AlwaysOn - Module - Check group type during group code resolution (FEATURE) [ISLCONFPROXY-2487] More
DescriptionProcedure how groups are resolved from code in ISL AlwaysOn was updated. Now we have defined two modes of group resolution from group code:
- for owner: computer groups can be used when migrating a computer to a group or when granting access
- for sharing: user groups can be used when sharing existing computer connection
Also when sharing computer connection with a user group, all domain groups can be used; based on setting "User can view list of user groups in own domain".
ISL Conference Proxy - Core - Implement webtoken logout functionality (FEATURE) [ISLCONFPROXY-579] More
DescriptionWebtoken logout functionality was implemented. Webtoken blob is associated with specific user and token creation time. There are two types of logout on webtoken:
- specific will logout webtoken with this ICP user and this token creation time
- global (older than) will logout all webtoken with this ICP user and creation time that is older or equal than this token creation time
There can be at max. 10 specific logouts per user, after that the oldest logout is converted to global logout. Logout command is stored for wal (each server has own wal queue) and also flushed to disk (file accessible in /conf -> Debug -> Logout webtokens XML). Data is trimmed every 30 seconds.
[INTERNAL] Translation recorder - HTML5 empty non-void element warning (FEATURE) [LIB-1133] More
DescriptionTranslation recorder will now add warning if html output will be incompatible with HTML5: non-void elements that are empty like "<span/>".
ISL Conference Proxy - Code sign build time executables using new Digicert certificate with validity from 2021 to 2024 (FEATURE) [LIB-1167] More
DescriptionCode sign build time executables will now use new Digicert certificate with validity from 2021 to 2024.
ISL AlwaysOn - Module - Add support for session options - options that are not saved (DEFECT) [ISLALWAYSON-1482] More
DescriptionIn previous versions when using --user-session with ISL Light will cause "Connect to existing RDP session" to be saved and then used also on other connections. This was now redesigned and webapi accepts also "session_options" that are not saved to database but are used during the connection. "Connect to existing RDP session" should not be checked from previously used connection anymore.
The defect was fixed.
ISL Conference Proxy - Core - HTTP header Host: IPv6 handling (DEFECT) [ISLCONFPROXY-1964] More
DescriptionIn previous versions IPv6 addresses in webhits were not properly displayed. This was redesigned and changed to:
- [::1]:80 is now simplified to [::1] on http://
- [::1]:443 is simplified to [::1] on https://
The defect was fixed.
ISL Conference Proxy - Reports - Prevent garbled characters in exported CSV (DEFECT) [ISLCONFPROXY-2271] More
DescriptionIn previous versions garbled characters were shown in exported CSV. This was redesigned and special characters should be now displayed correctly. Other fixes include:
- Report size is no longer limited to 2 MB on Chrome.
- Export should be now working correctly in Edge browser.
- "%" character in exported data no longer causes error when generating report.
Defects were fixed.
ISL Conference Proxy - Reports - Add translation for "chat" field (DEFECT) [ISLCONFPROXY-2289] More
DescriptionIn previous versions "Chat" field was not translated in ISL Light and ISL Pronto reports. This was redesigned and translation was added.
The defect was fixed.
ISL AlwaysOn, ISL Light - Module- Right align dropdowns to prevent positioning outside of window (DEFECT) [ISLCONFPROXY-2326] More
DescriptionIn previous versions dropdowns would overflow out of screen when browser window was shrunk. This was redesigned and dropdowns are right aligned to prevent positioning outside of window.
The defect was fixed.
ISL AlwaysOn - Module - Modal window is closed on enter without saving (DEFECT) [ISLCONFPROXY-2360] More
DescriptionIn previous versions when pressing "Enter" key on "Create Group" dialog nothing happened. This was now redesigned and group should be created.
The defect was fixed.
ISL Conference Proxy - Core - New file access is created before closing previous (DEFECT) [ISLCONFPROXY-2366] More
DescriptionIn previous versions ISL Conference Proxy would sometimes report critical error: "migration of file failed". This happened when file access was created before previous had been closed. This was now redesigned and should not happen anymore.
The defect was fixed.
ISL Conference Proxy - Core - Use grid sender for webtoken logout grid protocol (DEFECT) [ISLCONFPROXY-2371] More
DescriptionIn previous versions remote servers sometimes received unexpected/out-of-protocol messages. This was redesigned and messages for webtoken logout protocol are now sent through grid sender. Two new devflags were added:
- Manual grid connect
- Sleep (miliseconds) before handling grid logoff message
When "Manual grid connect" devflag is enabled, default grid reconnect task will not be run. Button in "Debug" menu "Manual Reconnect all in GRID" will be available to manually start reconnect.
ISL Conference Proxy - Administration - Add translate tags for "Reset to Default" and "Search Settings" strings (DEFECT) [ISLCONFPROXY-2384] More
DescriptionIn previous versions Administration pages had untranslated strings: "Reset to default" and "Search Settings". This was now redesigned, translation tags were added and these strings should now be translated.
The defect was fixed.
ISL Groop - Module - Missing translations on registered user actions (DEFECT) [ISLCONFPROXY-2390] More
DescriptionIn previous versions "Change Status" and "Change Role" strings on editing ISL Groop meeting registered users were not translated, because translation tags were missing. This was redesigned, translation tags were added and strings should now be translated.
The defect was fixed.
ISL Conference Proxy - Backup - Prevent scheduled backup executing multiple times in a row (DEFECT) [ISLCONFPROXY-2391] More
DescriptionIn previous versions sometimes scheduled backup was ran multiple times. This was now redesigned and should not happen anymore.
The defect was fixed.
ISL Conference Proxy - Core - Fix Windows page file usage in System statistics (DEFECT) [ISLCONFPROXY-2392] More
DescriptionIn previous versions System statistics in /conf -> Activity monitor showed incorrect usage of "Swap" on Windows. This was redesigned and should now match with the output of "wmic PAGEFILE" command.
The defect was fixed.
ISL Conference Proxy - Administration - Translate table header (DEFECT) [ISLCONFPROXY-2395] More
DescriptionIn previous versions user list table header in Administration pages was not translated. This was now redesigned and strings should be translated.
The defect was fixed.
ISL Conference Proxy - Core - Correct log lines Webtoken language / CPLANG sanitized to empty value (DEFECT) [ISLCONFPROXY-2397] More
DescriptionIn previous versions "Webtoken language sanitized to empty value" was sometimes logged, where "CPLANG cookie sanitized to empty value" should be logged instead. This was now redesigned and correct strings should be logged.
The defect was fixed.
ISL Conference Proxy - Administration - Selected audit log columns are lost on page refresh (DEFECT) [ISLCONFPROXY-2399] More
DescriptionIn previous versions selected columns in Audit tab were lost on page refresh. This was redesigned and selected columns are stored to URL and should be reloaded after page refresh.
The defect was fixed.
ISL Groop - Module - Send register emails by "join_uid" (DEFECT) [ISLCONFPROXY-2400] More
DescriptionIn previous versions emails sent on user registration for ISL Groop meetings were sent per registered user "email", which caused emails to contain invalid UID (when multiple registrations with same email were done, only oldest UID was used from previous registrations). This was redesigned and emails on registration and when editing registered user are now sent per UID, so multiple emails with different UID in join link are sent.
The defect was fixed.
ISL Conference Proxy - Administration - Handle duplicated or invalid Audit log filters and reload filters on refresh (DEFECT) [ISLCONFPROXY-2403] More
DescriptionIn previous versions filter implementations allowed duplicated or empty rules. This was now redesigned, duplicated and empty rules are not allowed anymore. Current search filter is now saved and restored on page refresh.
The defect was fixed.
ISL Groop - Module - Allow missing/empty user extra data when registering for meeting (DEFECT) [ISLCONFPROXY-2408] More
DescriptionIn previous versions when registering for meeting, process of validation register from fields created "extra" field in user data even when no such data was provided in request and it was not needed (default form). This caused broken user data in DB that was not properly handled by GUI which resulted in JS error. This was now redesigned, empty user extra data is now allowed.
The defect was fixed.
ISL Conference Proxy - Administration - Adjust computer groups webapi error severity for user errors (DEFECT) [ISLCONFPROXY-2426] More
DescriptionIn previous versions webapi methods "domain/admin/computergroup/changeowner/1" and "domain/admin/computergroup/list/1" returned internal error when user provided invalid input. This was now redesigned and user error should be returned instead.
The defect was fixed.
ISL Conference Proxy - Core - Allow specifying existing members when updating group privileges (DEFECT) [ISLCONFPROXY-2448] More
DescriptionIn previous versions changing computer group permission when user did not have access to all shared user groups failed. This was now redesigned and user that can edit group can now use existing user group's members and privileges when updating members or security, even if he is not member of that user group.
The defect was fixed.
ISL Conference Proxy - Core - Fix group owner warning (DEFECT) [ISLCONFPROXY-2450] More
DescriptionIn previous versions when querying privileges in webapis "utils/groups/security/3", "utils/groups/info/2", "utils/groups/update/2", warning "missing owner privilege data in db object" was incorrectly logged when owner was valid. This was now redesigned and should not be logged anymore.
The defect was fixed.
[INTERNAL] ISL Conference Proxy - Administration - Respond with new public code when creating new user group (DEFECT) [ISLCONFPROXY-2452] More
DescriptionIn previous versions "domain/admin/usergroup/create/1" returned empty string instead of public code of created group. This was now redesigned and public code should be returned.
The defect was fixed.
ISL Conference Proxy - Administration - Add missing translations for Computer Groups tab (DEFECT) [ISLCONFPROXY-2455] More
DescriptionIn previous versions table header in Administration pages -> Computer Groups tab was not translated. This was now fixed and table header should be translated.
The defect was fixed.
ISL Conference Proxy - Core - Ignore empty logout grid packets (DEFECT) [ISLCONFPROXY-2461] More
DescriptionIn previous versions "failed to handle grid message" was sometimes logged, because empty message was sent to other servers. This was now redesigned, logout events that are obsolete should not be broadcasted anymore.
The defect was fixed.
ISL AlwaysOn - Module - Wrap long text in computer popup (DEFECT) [ISLCONFPROXY-2462] More
DescriptionIn previous versions when computer was shared with many, computer details tooltip was broken. This was redesigned and tooltip is now limited with width, too long text will be wrapped. Tooltip content is now also updated when editing computer (name, tags, shared with, in group).
The defect was fixed.
ISL Conference Proxy - Administration - Allow vertical overflow in modals (DEFECT) [ISLCONFPROXY-2465] More
DescriptionIn previous versions new user select dropdown in change owner modal was sometimes cut, depending on template used. This was redesigned and text should not be cut anymore.
The defect was fixed.
ISL AlwaysOn - Module - Invalid no results text for users and missing translations (DEFECT) [ISLCONFPROXY-2467] More
DescriptionIn previous versions when sharing computer group and searching for users, "No groups found." was returned when there were no results. This was now fixed and "No users found." should be returned instead.
The defect was fixed.
ISL Conference Proxy - Core - Support custom install path on Windows when restoring from backup (DEFECT) [ISLCONFPROXY-2471] More
DescriptionIn previous versions when using custom install path of ISL Conference Proxy on Windows, restoring from backup failed. This was now redesigned and correct restore location should be used.
The defect was fixed.
ISL AlwaysOn - Module - Prevent keep_allow for computer groups on islalwayson/computer/migrate/1 (DEFECT) [ISLCONFPROXY-2494] More
DescriptionWebapi islalwayson/computer/migrate/1 will now return implementation error when user wants to save old access and old access was computer group.
The defect was fixed.
ISL Conference Proxy - Core - Reduce the size of PostgreSQL change notifications (DEFECT) [ISLCONFPROXY-2497] More
DescriptionIn previous versions ICP startup would fail when limit of PostgreSQL change notifications was reached. This was redesigned and size of notifications will now be limited.
The defect was fixed.
ISL Pronto - Module - Check if client really gone before executing leave_chat_task (DEFECT) [ISLPRONTO-1223] More
DescriptionIn previous versions when client was redirected to another server, "Client has left chat" message would be shown. This was redesigned and another check is now performed if client is really gone before executing leave_chat_task.
The defect was fixed.
ISL Conference Proxy - HAG - Ensure valid akv log line in case of KV pair data overflow (DEFECT) [LIB-1150] More
DescriptionIn previous versions in case of overflow data, log line was truncated at last valid syntactic token and might produce invalid log line. This was redesigned, overflow will trigger a revert and a truncation marker LOG_TRUNCATED_N="1" will be added.
The defect was fixed.