Release Date: 13.02.2024

Important Update Notes

Changes in Cryptshare Update process

• Flexible Update Paths: Direct updates to the most current version are possible, regardless of the currently installed version. Conditional Manual Updates: For versions that require manual intervention, the update process halts, ensuring all necessary configurations are properly handled.
• Rollback on Failure: Automated rollbacks preserve system integrity if an update fails at any step.
• Smart Update Checks: The system displays the most advanced version that can be installed unattended.

Enhanced Automatic Update Features

• Update Warnings for Manual Steps: Alerts users when the latest version cannot be updated automatically due to required manual steps.
• Alternative Version Notification: If a lower version is available for automatic update, this will be mentioned in the warning.
• Optimized Unattended Installation: The system automatically selects the highest version available for unattended updates.
• Admin Notifications: Emails notify administrators of available updates, differentiating between manual and automatic options.

Advanced Post-Update Automation

• Non-Interactive Post-Update Steps: If no administrator action is required, post-update steps run automatically and non-interactively.
• Automatic Return to Operation: After an update, the Cryptshare Server automatically returns to a usable state.
• Critical Failure Handling: In case of critical failures during post-update steps, an automatic rollback to the previous state is triggered.
• Non-Critical Failure Notifications: Non-critical failures are displayed on the "Status" page, visible only to users with "Administrator" or "Config Admin" roles. These messages remain until confirmed by one of these users.
• Update Success Notification: After a successful update, a success message and a link to the release notes are displayed on the "Status" page.
• Backup Restoration Option: Information about the possibility to restore the pre-update backup is mentioned post-update.

Enhanced Transfer Policy Configuration through csv

Administrators can now fully configure transfer policies by importing a CSV file. With this update, every configuration input available through the admin web application's wizard can also be set via CSV import. This enhancement provides a comprehensive and efficient method for managing transfer policy settings, ensuring greater flexibility and control.

Improved Password Generation Validation

We have resolved an issue where generated passwords could inadvertently trigger dictionary word filters, leading to their rejection. To address this, we have implemented a dictionary check for all generated passwords. This ensures that passwords containing common words are identified as invalid before they are used. As a result, transfers cannot proceed with an invalid password, enhancing security and compliance.

Legacy Archiving Update

Legacy archiving functionality, which has been prone to issues and is no longer maintained, has undergone significant changes:

• Feature Flag Introduction: A new feature flag has been introduced in the properties settings to control the enabling of legacy archiving. (Please contact our support if you need the feature flag to enable Legacy archiving).
• Admin Interface Visibility: Legacy archiving options are now only displayed in the Admin Interface if the feature is actively enabled.
• Default Setting: The feature flag for legacy archiving is disabled by default, reflecting our move towards file based archiving solutions.
• Post-Update Notification: If legacy archiving is configured, information will be displayed on the Post-Update screen. This includes a link to documentation for Local File Archiving, guiding administrators on transitioning to newer, supported archiving methods.

Additional Changes

• Enhanced IP Address Configuration in Policy Settings: Policy configurations now support simultaneous IPv4 and IPv6 address inputs, applicable to both direct settings and CSV imports. Validation errors no longer redirect to an error page; instead, the wizard stays open, displaying errors for immediate correction. Additionally, previous issues with IPv6 compatibility have been resolved, ensuring all valid IPv6 addresses are now accepted, improving system reliability and flexibility.

• JRE Update Enhancements: We've addressed the issue where symlinks were broken due to incorrect POSIX permissions by updating the Java Runtime Environment (JRE). The new JRE update includes an improved handling mechanism that retains the archive format, rather than extracting it, effectively resolving the permissions issue and ensuring symlink integrity.

• Appliance Settings and Update Checks: Fixed an error that occurred during appliance settings adjustments and refined the REST API to include sender notifications.
• UI and Styling Fixes: Addressed an issue where large file names disrupted UI styling, and resolved minor XSS vulnerabilities in notification messages to bolster security.
• Library Upgrades: Upgraded Java Runtime Environment (JRE) and Spring libraries to enhance performance and security.
• Admin UI Consistency: Resolved inconsistencies where custom link settings were not properly reflected in the admin UI, ensuring a more reliable configuration experience.