Release Date: 29.10.2018

Important Update Notes

Compatibility

Please check the Compatibility of your add-on products.

Language Packs

Cryptshare for Office 365 & Outlook compatibility

Database optimization 

File checksum algorithm changed from SHA-1 to SHA-256

File checksums, which can be obtained from the download section, are now created using SHA-256 instead of SHA-1.

Updating existing Archiving Connectors

Is my Cryptshare Installation affected?

The steps described in this page should be performed if you are about to update your Cryptshare Server from Version 4.0 to 4.1 and an Archiving Connector is active. In all other cases no further action is required.

What can happen if I do not follow the instructions of this page?

If the steps within this page have not been performed the archiving meta-information will not contain an information which hashing algorithm was used for the transfer files.

Adding the hashing algorithm type to exisiting Archiving Meta-Data

Approach 1: Replace existing configuration and create a new one

As the meta-data template for archiving connectors will be updated with the latest Velocity Context you can simply remove an existing configuration and create a new one. This way the checksum algorithm type will be included in your meta-data. Please follow the documentation for Archiving in order to setup a new configuration.

Approach 2: Modifying an existing configuration RECOMMENDED

1. Open the Cryptshare Administration Interface and navigate to 'Archiving → Meta-Data

2. Scroll down to the recipients tag and paste the below snippet under the end tag for recipients.

#if (${fileChecksumAlgorithm})
	<field name="fileChecksumAlgorithm">${fileChecksumAlgorithm}</field>
#end

3. Save the Settings

Improved Update and Restore mechanisms

Future updates will not require manual intervention any longer. The update and restore process will not need a manual server restart or manual intervention, i.e. the manual replacement of the Cryptshare Launcher.

Introduced 'Maximum Validity Term' for Verification Cookies

A new 'Maximum Validity Term' setting has been introduced for verification cookies. If the term is exceeded, the verification cookie will become invalid.

What's the difference between idle time and the maximum validity?

> 'Validity term for verifications' has been changed to 'Idle validity term'

The idle term is updated with every use. If a user does not use Cryptshare, the idle term expires and the verification becomes invalid. The maximum validity term describes the time a verification remains valid irrelevant if it has been used in the meantime or not. The verification becomes invalid in any case after that time.

Introduced Distribution Upgrade to openSUSE 42.3

The administration interface offers the possibility to upgrade openSUSE 42.2 hosts to openSUSE 42.3.

Removed default configuration for TLS 1.0

As TLS 1.0 is not considered a secure protocol any longer it has been removed from the Cryptshare default configuration.

Additional Changes

Features

• Added the possibility to change the positioning of the logo in the UI Designer. Possible positions are:
  • Left (Default)
  • Center
  • Right
• Introduced the possibility to customize the title for the Terms of Use. This way the requirements of GDPR can be fulfilled by adding a privacy policy to the terms of use and re-naming the link that is displayed to the users accordingly.
• Introduced a banner in recipient notifications that informs the users that they accept the Terms of Use by clicking the "Download Files" button.
• The "Terms of Use" feature can now be used to request the user's approval to a Privacy Policy as set out by GDPR. The text "Terms of Use" in the sender data input screen can now be customized to any desired text. A custom Privacy Policy can be added to the tab "Legal" / "Usage Terms" in the Administration Interface. Additionally, when Usage Terms are enabled on the server, all recipient notifications will include a banner informing the user about the Usage Terms, with a link to the full Usage Terms (either as text inside the Cryptshare application, embedded iFrame or external link). The link inside the recipient notification will point to language specific resources.
• Words in the dictionary are only considered for a password check if they are longer than 3 characters. This change reduces the chance that the Cryptshare Server is not able to create automated passwords because of a failing dictionary rule.
• It is now possible to customize the date picker texts and date formatting (month names, weekday names, date format) through language packages in order to provide seamless support for all languages.
• Changed the label of the "Next" button on the download screen to "Exit".
• Updated the language packs to version 8.0.
• Updated the Cryptshare for Office 365 & Outlook language packs to version 11.0.
• Updated the default wildcard certificate which is pre-installed at delivery.
• Adjusted the default Jetty WebServer configuration for new installations to perform better under high loads (please see detailed update instructions in our documentation).
• Added option to configure verification code validity term to the Administration Interface.
• Several performance improvements.
• Improved stability of uploads on slow connections.
• Optimized overall memory usage of the web application.
• Several improvements have been made on the update screen.
• Increased security level: The algorithms and parameters for the encryption are updated. Existing transfers can still be retrieved after the update.
• SHA-256 replaces SHA-1: The SHA-1 algorithm is replaced by SHA-256 for creating checksums of transfer files. The checksum algorithm being used is customizable. For performance reasons, the administrator can enable/disable the creation of transfer file checksums globally. When creating checksums is disabled, all related information is no longer visible in the Administration,- and User Interface. When using archiving the used file checksum algorithm is added to the default template. All changes are backward compatible.
• The Java Runtime Environment has been updated to Java 9.
• Operating System upgrade mechanism improved. It is now easier to manage OS upgrades from the Administration Interface. Also, the upgrade from openSUSE 42.2 to 42.3 can be performed using the new mechanism.
• New update/restore mechanism. Easier handling for administrators. No need for manual intervention as a consequence of backup or restore tasks.
• Preparations for QUICK:  Verification Cookies now have a maximum lifetime in addition to the existing idle time interval. The verification will have to be re-performed in any case when the maximum lifetime interval has been exceeded.
• An updated default wildcard certificate is pre-installed at delivery.

Bugfixes

• Resolved an issue where the date for the Transfer Log CSV Export could not be changed.
• Resolved an issue in the webservice interface where the password validation indicated an existing alphabetical sequence although no characters were specified.
• Resolved an issue where a custom logo for email templates was not used.
• Resolved an issue where the calendar for date pickers was not at the correct position in the Administration Interface.
• Resolved an issue where changes to image alignments in the UI Designer were not applied to the User Interface.
• Resolved a security issue concerning the EML viewer.
• Resolved an issue where generated passwords were longer than expected. Generated passwords now always have the minimum length that was setup in the Administration Interface.
• Resolved an issue in datepickers causing problems with certain localizations in browsers. Please refer to the documentation concerning language packages for further details.
• Resolved an issue where the language names in the selector for the recipient language were shown in the wrong language.
• Resolved an issue where the deletion of the a server language package removed all other server packages under certain circumstances.
• Resolved an issue where the link for the Terms of Use were shown although the feature was not enabled.
• Resolved an issue where custom links were not shown although being activated.
• Resolved an issue with the database that could lead to sporadic unexpected behaviour of the server.
• Resolved a security issue in the context of verification.
• Resolved a security issue concerning the display of EML files in the content viewer. Items that potentially pose a security risk are not displayed, which may lead to the content viewer not showing all formatting and contents of the original message.
• Resolved an issue where signatures and subjects defined in policy rules were not saved.
• Resolved an issue where date pickers (e.g. for the log export) in the Administration Interfaces were not usable.
• Resolved an issue where transfers sent via API or Cryptshare for Office 365 & Outlook where not retrievable under certain circumstances.
• Resolved an issue where parts of the message where cut off if it contained certain special characters.
• Resolved an issue where embedded content was missing and a text was appended to the message in the EML content viewer for certain types of embedded content.