Release Notes CPS 7.0.26

Collax Platform Server
06.06.2018

Installation Notes

Update Instructions

To install this update please follow the following steps:

Procedure

  1. It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
  2. In the administration interface go to System → System Operation → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
  3. Click Get Packages to download the update packages.
  4. Click Install. This installs the update. The end of this process is indicated by the message Done!.
  5. A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.

New in this Version

E-Mail: GDPR: Log analysis - delete statistics

In the dialog “Mail and Messaging -> SMTP reception” the log analysis for the SMTP server can be activated within the options. In this case, statistics about the utilization of the mail server are available under “Monitoring/Analysis”. To comply with legal defaults the additional field “delete statistics if older than” can be set with this release. It controls how many old statistics should be kept.

Collax Network Storage: GDPR: Log analysis - delete statistics

In the dialog “Eile export -> FTP” the log analysis for the FTP-server can be activated within the options. In this case, statistics about the utilization of the FTP-server are available under “Monitoring/Analysis”. To comply with legal defaults the additional field “delete statistics if older than” can be set with this release. It controls how many old statistics should be kept.

Collax Web Application: GDPR: Log analysis - delete statistics

In the dialog “Mail and Messaging -> SMTP reception” the log analysis for the SMTP server can be activated within the options. In this case, statistics about the utilization of the mail server are available under “Monitoring/Analysis”. To comply with legal defaults the additional field “delete statistics if older than” can be set with this release. It controls how many old statistics should be kept.

Collax Web Security: GDPR: Log analysis - delete statistics

In the dialog “Web-Proxy -> Web-Proxy-Server” the log analysis for the web-proxy can be activated within the options. In this case, statistics about the utilization of the web-proxy are available under “Monitoring/Analysis”. To comply with legal defaults the additional field “delete statistics if older than” can be set with this release. It controls how many old statistics should be kept.

Collax E-Mail Archive: GDPR: Subsequent deletion of e-mails

To comply with legal requirements and time limits, it may be necessary to delete emails from the archive. In a company, a processor is designated to delete certain e-mails from the e-mail archive. As a processor, he has access to the entire database and can delete emails irrevocably. For this purpose, after calling the mail archive via the user page, the function “Delete irrevocably from the archive” is available to him via right-click. Multiple mails can be marked at the same time using the Control and Shift keys.

Access for the processor can be configured in the Mail and Messaging -> E-Mail Archive dialog. All users of the selected groups are granted the permissions of a processor who can search and delete all emails. Deletions are not performed immediately, but along with the next daily update of the dataset.

Collax E-Mail Archive: GDPR: E-Mail Notification for Searches and Deletions

As soon as the processor performs a search, the recipients of these e-mail addresses are informed. If emails are deleted, the recipients will receive a report by e-mail within the next 24 hours listing all deleted emails. Several addresses can be specified, separated by a line break. Valid addresses should be entered in the form user@example.com. The field can optionally be left blank.

File: GDPR: Log analysis - delete statistics

In the dialog “Eile export -> FTP” the log analysis for the FTP-server can be activated within the options. In this case, statistics about the utilization of the FTP-server are available under “Monitoring/Analysis”. To comply with legal defaults the additional field “delete statistics if older than” can be set with this release. It controls how many old statistics should be kept.

System Management: GDPR: Privacy notice in the registration wizard

To comply with legal requirements, this update modifies the registration wizard. During the wizard, an e-mail address for the administration newsletter can be specified. The administration newsletter can provide important information about product updates, new features or security information. To be able to send you the admin newsletter, we need your acknowledgment and your agreement that Collax GmbH stores and processes personal contact data.

System Management: Linux Kernel 4.9.102

This update installs Linux kernel 4.9.102.

Changelog

Issues Fixed in this Version

Security: Spectre-v4 Speculative Store Bypass

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2018-3639 CVE-2018-3640

Security researchers have discovered massive security holes in processors that were developed by security experts These holes were published under the name Meltdown or Spectre. Meltdown is the vulnerability, that allowed unprivileged processes the reading of kernel memory. Spectre is the security hole that exploits that CPUs execute many commands speculatively in advance, resulting in memory areas, that can be tapped. This update installs a feature against Spectre Variant 4 called “Speculative Store Bypass”. This protection relies on microcode updates from the processor manufacturer.

Notes

E-Mail: Increased required space when using IMAP and full-text index

The option “Generate full-text index” in the options of the dialog “Mail and Messaging -> Mail Storage -> IMAP and POP3” generates a full-text index of the local IMAP folders which accelerates the search within the IMAP folders and e-mails. While activated, the system could use up to 20% more space compared to the former release (also with activated index) for the service cyrus. Please check the space requirements of the service cyrus in advance. Under the dialog “Status -> System -> Statistics” the graph “filesystem/data” shows further details.

E-Mail: Collax Virus Protection powered by Kaspersky prior Version 7

Version 7 of the Collax C servers has updated the anti-virus engine and the format of the patterns. This was done to respond to new threats with the best possible protection. Patterns for versions prior to 7.0.0 will be available until December 31, 2017. From 01.01.2018 Kaspersky will not update the patterns for Collax version 5 and older. All installations using the Collax Virus Protection module should therefore, be brought up to date.

E-Mail: Release already deleted emails in IMAP mailboxes

In the dialog “Mail and Messaging -> Mail Storage -> IMAP and POP3” the IMAP server can be activated for the users to get access to their IMAP mailboxes. Due to a modified standard directive within the Cyrus IMAP mail server since the release V7, e-mails already deleted by the mail client have not been completely released from the harddisc. Since release 7.0.22, cyr_expire will free up memory for already deleted emails. Please note that already after restarting the IMAP service during the update, the process is started and proceeded after restarting the server and thus start the IMAP service.

E-Mail: Collax Avira AntiVir prior Version 7.0.24

Version 7.0.24 of the Collax C servers has updated the anti-virus engine and the format of the patterns. This was done to respond to new threats with the best possible protection. Patterns for versions prior to 7.0.24 will be available until December 31, 2018. From 01.01.2019 Avira will not update the patterns for Collax version 7.0.22 and older. All installations using the Collax Avira AntiVir module should therefore, be brought up to date.