Release Notes CPS 7.1.20

Collax Platform Server
25.02.2021

Installation Notes

Update Instructions

To install this update please follow the following steps:

Procedure

  1. It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
  2. In the administration interface go to System → System Operation → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
  3. Click Get Packages to download the update packages.
  4. Click Install. This installs the update. The end of this process is indicated by the message Done!.
  5. A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.

New in this Version

Collax Central: Filter presets, note function and information box for VMs

With this version, new feature sets are available for the additional module “Collax Central”. Filter presets can be saved for routine use. Filters can be reused to for example quickly identify all servers that need an update or are at a certain location.

The note function will help a lot in everyday life so that you don’t forget a todo or to leave colleagues a note.

The information box for VMs has been upgraded. An event will be displayed on the desktop notification. In this way, important events are not ignored if the browser window is not visible.

Backup/Restore: Additional column security plan in assignment

Regular backups are the only way to protect against unforeseeable events such as hardware failures. Among other things, Collax Server supports backups to shares on other servers. With this update the form overview “Assignments” is clearly designed for selecting and viewing previously created backup plans.

GUI: Changed view of the configuration control

The view of the current changes to the configuration control of the system have been adjusted with this release. The change control tab under “Configuration -> Configuration Control” listing configuration changes are given descriptive names instead of cryptic path information, which improves readability.

GUI: Search for content

You can perform a search left-hand in the menu. As of this release, you can search for forms as well as for content or values, such as a user name or a special network. The search results are then clearly displayed in a stack. One click takes you directly to the corresponding form. The search can be called up directly with the keyboard shortcut CTRL + SHIFT + F.

GUI: Usage of objects

In the content view of various objects, the usage, at which point the object is used, is displayed. With a certificate, for example, you can see, that it is used for a network link of the type VPN or in the form of the web server. With this release, the view is continuously expanded and it is also indicated that a Certificate is not used by any form, for example.

GUI: Extended check by host and port check widget

We are improving the graphical administration interface even more by adding a hostcheckWidget and a protocolWidget. In the view of various forms, hosts such as a mail server for mail collection for the POP3 service receive direct checks for their availability, whether the server can be pinged and the connection to the port can be established.

E-Mail: Heuristic Bayesian spam filter notifications

The spam filter can be optimized in its filter properties with the learning function. To do this, the collected data is stored in a filter’s own Bayesian database. Notifications about the learning process can now be configured so that “always, on errors or never” is notified.

E-Mail: Spam Customer Scores

Certain properties of a mail are used to determine the probability of it being spam. For this purpose, information from the header and the content of a mail is used to perform a detection with a score system. Scores for individual rules can be changed within this release.

A change of the score of a rule should be carried out only in exceptional cases. The scores of many rules are balanced with each other. Changes can affect the balance. Unbalanced values lead to non-recognized spam or false positives. Once a score has been changed, it will not be updated by the automatic updates. With a right click changed scores can be reset. Then the score of the SpamAssassin project is taken over again and updated by automatic updates.

E-Mail: Retrieving Mail with SSL and validate server certificate

SSL/TLS encryption can used to retrieve e-mail from external e-mail providers. With the SSL-encrypted collection, expired and self-signed certificates are saved and accepted by the server. If this is not desired, the option “Validate server certificates” can be set with this release.

Important: It is recommended to activate and test the setting “Validate server certificate”. In the past it was common to accept expired and self-signed certificates for encrypted collection. This should no longer be necessary and should be avoided.

Collax SSL-VPN: RDS collections in SSL VPN options for RDP connections

From this version on, an additional option can be used when configuring RDP connections via SSL-VPN. The additional field “Session collection” can now be used within an SSL VPN connection to use the RDS session collections. The name of the collection is in the form “tsv://MS Terminal Services Plugin.1.name of the collection”.

“Quality of Service” (QoS) refers to procedures used to guarantee a specific connection quality for individual services. The increasing use of real-time data connections makes such procedures ever more important. The Collax Server enables the realization of QoS. With this release, you can now also add cable modem (DHCP) QoS network interfaces.

Kopano Groupware: New version of Z-Push

With this Collax software update, Z-Push 2.6.2 is going to be installed. More information on:

Z-Push 2.6.2 Release

Collax Gatekeeper: Timeout für SIP Connection tracking helper

For exchanging SIP audio packets over a firewall a special SIP connection helper is required. With the SIP connection helper is it possible to export the dynamic audio data via UDP (User Datagram Protocol) to track and change on firewall level. With this release, the timeout for the master connection can be configured. The default value is 3600 s (1 hour).

Collax Gatekeeper: Create VPN profiles for different clients

With this update, IPSec profiles of an existing VPN link can easily be exported. The profiles help you set up various clients. In addition to exporting for other Collax servers and the option of an import function on another Collax server export profiles are available for connecting the NCP Secure Entry Client. It also can export profiles for the Strongswan VPN Client for Android and also profiles for iOS / MacOS to implement a simple connection.

Issues Fixed in this Version

Security: MySQL Administration phpMyAdmin

In the source code of the MySQL administration phpmyadmin security holes have been discovered. These holes will be closed within this Collax update of version phpMyAdmin 4.9.7.

Security: FreeRDP

In the source code of FreeRDP security holes have been discovered. These holes will be closed within this software update to the version 2.0.0-rc4.

Assigned Common Vulnerabilities and Exposures (CVE) numbers:

CVE-2018-0886 CVE-2018-8789 CVE-2018-8785 CVE-2018-8786 CVE-2018-8787 CVE-2018-8788 CVE-2018-8784 CVE-2018-1000852

Collax Gatekeeper: Improved rekeying for IKEv2 tunnels

With this update the rekeying for outgoing IKEv2 connections is improved by setting the parameter “reauth = no”.

File: Webaccess - fix kopano context menus not showing

When calling certain context menus in Kopano Webaccess, it could happen that these could not be displayed correct, because dynamically displayed scroll bars in the iframe have been resized of the content area. This has been fixed with this release.

Notes

E-Mail: Avira AntiVir prior Version 7.1.6

From Avira, an automatic update of the core components of Avira has been carried out. In this context, a new dependency of the libraries has been added, the next time the virus scanner is not started can be resolved. The result is that the virus scanner does not work during a reboot or configuration change is restarted. For security reasons, emails will no longer be delivered. To solve the problem, please update your server to version 7.1.6. Note: As long as the virus scanner is not restarted, it works in its entirety.

E-Mail: Changed ruleset format of Spam Filter SpamAssassin

Please note: On March 1st, the SpamAssassin project will change the format of the ruleset updates. From this date on, only systems that have installed Update 7.1.10 will receive updates.

E-Mail: Retrieving Mail with SSL and validate server certificate

SSL/TLS encryption can used to retrieve e-mail from external e-mail providers. With the SSL-encrypted collection, expired and self-signed certificates are saved and accepted by the server. If this is not desired, the option “Validate server certificates” can be set with this release.

Important: It is recommended to activate and test the setting “Validate server certificate”. In the past it was common to accept expired and self-signed certificates for encrypted collection. This should no longer be necessary and should be avoided.

Kopano Groupware: Database conversion after update 7.1.6

The Kopano database is automatically converted for update 7.1.6 after the server is restarted. This process can, depending on the database size, take between half and several hours. In the dashboard this background task is visible as a job. The Kopano service is not available at the time of conversion. Before the update, make a complete backup of the data. When the conversion is complete, the Kopano service is restarted. Subsequently, further optimizations and schema changes are made. In this time the services Kopano and MySQL may not be stopped.

Collax Gatekeeper: IKEv2 with Microsoft Windows stops after 7.6 hours

VPN connections with IKEv2 and the on-board resources of Microsoft Windows interrupt after exactly 7.6 hours. It can be reestablished by restarting the connection.