CSSCurrent en:Update from v4.2.1 to v4.3.0

Aus Cryptshare Documentation
Wechseln zu:Navigation, Suche


Important Update Notes

42274358.svgQUICK Technology

Compatibility

Please check the Compatibility of your add-on products.

General

QUICK Technology considerably simplifies the use of Cryptshare! Instead of having to exchange one-time passwords manually, QUICK will take over the management of passwords for your users so they don’t have to deal with passwords anymore but can send and receive information passwordless. For more information please use the following links:

Verification reset recommended
QUICK Technology only works on the highest possible security level if secure QUICK verification tokens can be used. This can only be guaranteed if all previously issued verification tokens have been invalidated during the post update step.

It is therefore highly recommended to invalidate existing verifications during the post update. 42274360.png

Consequences:

  • No invalidation:
    • Cryptshare and QUICK Technology work without any constraints.
    • QUICK does not work on the highest possible security level.
  • Invalidation:
    • QUICK will work on the highest possible security level.
    • All users will need to perform a verification again.

Impact on performance

Please note that due to the technical complexity of the QUICK Technology an increased consumption of resources on the Cryptshare Server is expected. It is therefore recommended to check the general utilization of the system before updating and, if necessary, provide additional system resources in order to use QUICK. The average increase is approx. 15%.

Language Packages

Due to structural changes in the language packages, all supported server language packages will be updated automatically, customized language packages will be removed during the update process (a backup is done before). If more language packages are needed, it is required to download and install them again.

Delta-File for changed passages

In case your language packages have been modified, the attached delta-file Datei:42274357.txt can help you to locate the changes in this update and re-apply the modifications.

Click here to see how the delta file for language packages is built.

42274356.png

Removed Files
Files listed in this section have been removed from the language package entirely. 
\--------------------------------------------------------------------
REMOVED FILES
--------------------------------------------------------------------
<files>
New Files
Files listed in this section have been added to the language package. 
\--------------------------------------------------------------------
NEW FILES
--------------------------------------------------------------------
<files>
Modified Files
Files listed in this section have been modified, which can be one of the following cases:
  • Keys have been removed
  • Keys have been added
  • Keys have been modified
\--------------------------------------------------------------------
MODIFIED FILES
--------------------------------------------------------------------
-----------------------------------------------------------------
<path and file name>
-----------------------------------------------------------------
------------------
---Removed keys---
------------------
<keys>
--------------
---New keys---
--------------
<keys>
-------------------
---Modified keys---
-------------------
KEY: <affected key>
OLD: <former key & value>
NEW: <new key & value>
In case of a modification, the affected key, its old value and its new value is shown.

Password Reset for administrative access After Cryptshare has been updated to v4.3.0, only users with administrative privileges will be able to login into the administration interface. During the post update procedure, all passwords for users with administrative access will be reset. This means:

  • After the post update has been initiated, only the administrator who initiated the update will be able to login afterwards.
  • Other administrators cannot login until the initiating administrator has triggered a password-reset for these users.

42274362.png

Show example ....

Three users with administrative setup exist:

  • 'administrator': The default Cryptshare administrator account.
  • 'johndoe': A user of type 'user' is only allowed to see the status-section.
  • 'janedoe': A user of type 'administrator' who has full administrative access.

In this example, 'administrator' is the one who runs the post update.

Before the post update:

  • 'administrator' and 'janedoe' may login.
  • 'johndoe' is not allowed to login at all due to missing access permissions.

After the post update:

  • 'administrator' is able to login.
  • 'janedoe' and 'johndoe' cannot login. An error message will be shown.

To do for 'administrator': The user 'administrator' needs to navigate to the section 'User Administration' and initiate a password reset for 'janedoe' and 'johndoe'.

42274361.png

Changed Cipher Suites

Changed Cipher Suites
Please note, that the update changes the cipher suite configuration of the Jetty server. The following cipher suite setting will be applied: 
<Set name="includeCipherSuites">
            <Array type="java.lang.String">
                <Item>TLS\_ECDHE.\*</Item>
            </Array>
        </Set>
        <Set name="excludeCipherSuites">
            <Array type="java.lang.String">
                <Item>.\*NULL.\*</Item>
                <Item>.\*RC4.\*</Item>
                <Item>.\*MD5.\*</Item>
                <Item>.\*DES.\*</Item>
                <Item>.\*DSS.\*</Item>
                <Item>TLS\_RSA.\*</Item>
				<Item>TLS\_ECDHE\_ECDSA\_WITH\_AES\_256\_CBC\_SHA</Item>
				<Item>TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA</Item>
				<Item>TLS\_ECDHE\_ECDSA\_WITH\_AES\_128\_CBC\_SHA</Item>
				<Item>TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA</Item>
            </Array>
        </Set>
If you have adjusted your cipher suite configuration, please apply these changes after the update again. The update will not migrate changed settings.

Distribution Upgrade: openSUSE 42.3 to 15.0

Cryptshare Version 4.3.0 enables another upgrade of the underlying operating system. After the update to version 4.3.0 is finished, the Cryptshare Administration Interface will offer the possibility to initiate the upgrade process. 42274359.png

Read the distribution upgrade manual before upgrading
A distribution upgrade makes significant changes to the underlying operating system. It is strongly recommended that you read the documentation before starting the upgrade process: Distribution Upgrade

Changes in this version

Features

  • Introduced the possibility to work with multiple users in the same browser while keeping existing verifications for each user.
  • Introduced upgrade capabilities from openSUSE 42.3 to openSUSE 15.0.
  • Introduced the possibility for administrators to reset a password for another administrator.
  • Improved the process for administrators to change their own password.
  • Resolved an issue where the download summary was not sent to the sender after a transfer expired.
  • The summary page in the user interface now also shows sender information.
  • The Java Runtime Environment has been updated to v11.0.3.
  • The Jetty libraries have been updated to v9.4.17.
  • Minor design improvements in the user interface.

Bugfixes

  • Resolved a security issue in the content viewer when viewing RTF content.
Abgerufen von „https://documentation.cryptshare.com/w/index.php?title=CSSCurrent_en:Update_from_v4.2.1_to_v4.3.0&oldid=33232