Release Notes CGS 7.1.2
Collax Groupware Suite
To install this update please follow the following steps:
- It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
- In the administration interface go to System → System Operation → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
- Click Get Packages to download the update packages.
- Click Install. This installs the update. The end of this process is indicated by the message Done!.
- A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.
New in this Version
GUI: New design User Web Access
Within the user web access users of the Collax Server have access to applications like web-mail, mail-archive, SSL-VPN and groupware or shared documents. From this update on the web access uses up-to-date technology with a new and improved layout.
Security: DNSSEC validation
DNSSEC can be used to verify the authenticity of the queried DNS server and the integrity of its response. This option should be enabled to protect against attacks with incorrect DNS responses. This dialogue is located under Network -> DNS -> Options.
System Management: Analytics - Sends anonymous usage data to Collax for product improvements
With this update, a mechanism is implemented to transfer important data for further product development. For the life cycle of a product and its functions, it is important to obtain information about its use. The collection of analytic data is a powerful tool for product development. The diversity of the functions of a Collax server in particular requires well-founded weighing. Frequently used functions should be given greater focus for further development. In the case of few or unused functions, it must be checked whether and how they can be replaced. The goal is to use development resources as sensibly as possible.
No user-related data will be transferred. Also no data that allows a user reference (such as IP addresses). Collax stores the data anonymously and does not pass it on to third parties.
For paid-licensed Collax servers, the transmission can be switched off. The complete data record can be viewed on the administration interface.
System Management: Renew X.509 certificates
Certificates according to the X.509 standard are managed on the Collax Server. Only certificates created on this server can be renewed. The existing certificate will be replaced by a new certificate. The original certificate is removed. It is possible to change the runtime, the e-mail address, the DNS alias names or the comment. The Private Key and the Public Key are taken from the original certificate. All signed certificates remain assigned to their CA.
System Management: Linux Kernel 4.9.171
This update installs Linux kernel 4.9.171.
Hardware: Additional hardware support for Intel network cards.
This update will add more network cards with the ixgbe Intel driver version 5.5.5, igb intel driver version 18.104.22.168, the i40e intel driver version 2.7.29 and the e1000e Intel driver version 22.214.171.124. The current status can be found in the Hardware Compatibility List.
Issues Fixed in this Version
E-Mail: Fixed MIME filter behaviour
Emails often contain unwanted or dangerous content that should not be delivered to users. Due to an error in the handling of regular expressions, it was possible that emails were filtered. For example. A MIME filter for the file extension “.com” could cause the body contained in the e-mail passage “domain.com” was erroneously recognized. The regular expression has been adjusted and corrected within this release.
Security: Internet Domain Name Server BIND
In the source code of the internet domain name server BIND security holes have been discovered. These holes will be closed within this Collax software update to bind 9.11.5-P4
Security: Remote Login Program OpenSSH
In the source code of OpenSSH security holes have been discovered. These holes will be closed within this software update to OpenSSH 7.9p1
Security: MySQL Administration phpmyadmin
In the source code of the MySQL administration phpmyadmin security holes have been discovered. These holes will be closed within this Collax patch update of version phpmyadmin 4.8.5.
Assigned Common Vulnerabilities and Exposures (CVE) numbers:
Security: Transfer Tool Curl
In the source code of the transfer tool curl security holes have been discovered. These holes will be closed within this Collax software update to curl 7.64
Security: Webserver Apache
In the source code of the webserver Apache security holes have been discovered. These holes will be closed within this Collax software update to curl 2.4.39
E-Mail: Increased required space when using IMAP and full-text index
The option “Generate full-text index” in the options of the dialog “Mail and Messaging -> Mail Storage -> IMAP and POP3” generates a full-text index of the local IMAP folders which accelerates the search within the IMAP folders and e-mails. While activated, the system could use up to 20% more space compared to the former release (also with activated index) for the service cyrus. Please check the space requirements of the service cyrus in advance. Under the dialog “Status -> System -> Statistics” the graph “filesystem/data” shows further details.
E-Mail: Collax Virus Protection powered by Kaspersky prior Version 7
Version 7 of the Collax C servers has updated the anti-virus engine and the format of the patterns. This was done to respond to new threats with the best possible protection. Patterns for versions prior to 7.0.0 will be available until December 31, 2017. From 01.01.2018 Kaspersky will not update the patterns for Collax version 5 and older. All installations using the Collax Virus Protection module should therefore, be brought up to date.
E-Mail: Release already deleted emails in IMAP mailboxes
In the dialog “Mail and Messaging -> Mail Storage -> IMAP and POP3” the IMAP server can be activated for the users to get access to their IMAP mailboxes. Due to a modified standard directive within the Cyrus IMAP mail server since the release V7, e-mails already deleted by the mail client have not been completely released from the harddisc. Since release 7.0.22, cyr_expire will free up memory for already deleted emails. Please note that already after restarting the IMAP service during the update, the process is started and proceeded after restarting the server and thus start the IMAP service.
E-Mail: Collax Avira AntiVir prior Version 7.0.24
Version 7.0.24 of the Collax C servers has updated the anti-virus engine and the format of the patterns. This was done to respond to new threats with the best possible protection. Patterns for versions prior to 7.0.24 will be available until December 31, 2018. From 01.01.2019 Avira will not update the patterns for Collax version 7.0.22 and older. All installations using the Collax Avira AntiVir module should therefore, be brought up to date.
Collax Information & Security Intelligence: Modified mapping of the indices
When updating Elastic Stack to 6.4.0, the mapping of the indexes was changed. This prevents Filebeat to write the data to the same index before and after the update. Therefore, after the update has been performed, the resulting data will no longer be included in the index. From 0:00 clock on, Elastic Stack will create a new index and all data from this point will be written again to the index. The data between the end of the update and midnight will be lost. If it is better to renounce to the data before the update, from 0:00 until the end of the update, the index for the current day can be deleted after the update via the administration interface. Then all data will be lost after 0:00 and the deletion of the index.
Collax Information & Security Intelligence: Schema change
A schema change in Release 7.1.0 requires that the elastic stack and beats be updated at the same time. To do this, update the server with the elastic stack and the server with the filebeats one after the other.