CSSCurrent en:Why is an update to v4.1.3 recommended?
Aus Cryptshare Documentation
List of improvements
Functional enhancements
- The "Terms of Use" feature can now be used to request the user's approval to a Privacy Policy as set out by GDPR. The text "Terms of Use" in the sender data input screen can now be customized to any desired text. A custom Privacy Policy can be added to the tab "Legal" / "Usage Terms" in the Administration Interface. Additionally, when Usage Terms are enabled on the server, all recipient notifications will include a banner informing the user about the Usage Terms, with a link to the full Usage Terms (either as text inside the Cryptshare application, embedded iFrame or external link). The link inside the recipient notification will point to language specific resources.
- The Web Application Designer now allows to set the position for the logo to left, centred or right. The default value is set to "left".
- Words in the dictionary are only considered for a password check if they are longer than 3 characters. This change reduces the chance that the Cryptshare Server is not able to create automated passwords because of a failing dictionary rule.
- It is now possible to customize the date picker texts and date formatting (month names, weekday names, date format) through language packages in order to provide seamless support for all languages.
Technical enhancements
- Increased security level: The algorithms and parameters for the encryption are updated. Existing transfers can still be retrieved after the update.
- SHA-256 replaces SHA-1: The SHA-1 algorithm is replaced by SHA-256 for creating checksums of transfer files. The checksum algorithm being used is customizable. For performance reasons, the administrator can enable/disable the creation of transfer file checksums globally. When creating checksums is disabled, all related information is no longer visible in the Administration,- and User Interface. When using archiving the used file checksum algorithm is added to the default template. All changes are backward compatible.
- The Java Runtime Environment has been updated to Java 9.
- Operating System upgrade mechanism improved. It is now easier to manage OS upgrades from the Administration Interface. Also, the upgrade from openSUSE 42.2 to 42.3 can be performed using the new mechanism.
- New update/restore mechanism. Easier handling for administrators. No need for manual intervention as a consequence of backup or restore tasks.
- Preparations for QUICK: Verification Cookies now have a maximum lifetime in addition to the existing idle time interval. The verification will have to be re-performed in any case when the maximum lifetime interval has been exceeded.
- An updated default wildcard certificate is pre-installed at delivery.
Bugfixes
- Resolved an issue where the date for the Transfer Log CSV Export could not be changed.
- Resolved an issue in the webservice interface where the password validation indicated an existing alphabetical sequence although no characters were specified.
- Resolved an issue where a custom logo for email templates was not used.
- Resolved an issue where the calendar for date pickers was not at the correct position in the Administration Interface.
- Resolved an issue where changes to image alignments in the UI Designer were not applied to the User Interface.
- Resolved a security issue concerning the EML viewer.
- Resolved an issue where generated passwords were longer than expected. Generated passwords now always have the minimum length that was setup in the Administration Interface.
- Resolved an issue in datepickers causing problems with certain localizations in browsers. Please refer to the documentation concerning language packages for further details.
- Resolved an issue where the language names in the selector for the recipient language were shown in the wrong language.
- Resolved an issue where the deletion of the a server language package removed all other server packages under certain circumstances.
- Resolved an issue where the link for the Terms of Use were shown although the feature was not enabled.
- Resolved an issue where custom links were not shown although being activated
- Resolved an issue with the database that could lead to sporadic unexpected behaviour of the server.
- Resolved a security issue in the context of verification.
- Resolved a security issue concerning the display of EML files in the content viewer. Items that potentially pose a security risk are not displayed, which may lead to the content viewer not showing all formatting and contents of the original message.
- Resolved an issue where signatures and subjects defined in policy rules were not saved.
- Resolved an issue where date pickers (e.g. for the log export) in the Administration Interfaces were not usable.
- Resolved an issue where transfers sent via API or Cryptshare for Office 365 & Outlook where not retrievable under certain circumstances.
- Resolved an issue where parts of the message where cut off if it contained certain special characters.
- Resolved an issue where embedded content was missing and a text was appended to the message in the EML content viewer for certain types of embedded content.