CSSCurrent en:Version 7.2.0: Unterschied zwischen den Versionen

Aus Cryptshare Documentation
Wechseln zu:Navigation, Suche
(Adding CSS-15154 information)
Keine Bearbeitungszusammenfassung
Zeile 11: Zeile 11:


For more information on configuration, see the article [[{{NAMESPACE}}:Web_Server_Configuration|Web Server Configuration]].
For more information on configuration, see the article [[{{NAMESPACE}}:Web_Server_Configuration|Web Server Configuration]].
== SCP Archiving with public key authentication ==
If you are using the SCP Archiving feature with public key authentication, please check if the stored private key is using the EdDSA-25519 signature algorithm. In a unpatched third-party library used by Cryptshare the vulnerability CVE-2020-36843 has been found. Therfore, customers are encouraged to select an alternative signature algorithm for enhanced security.
In order to determine if you are affected, perform a transfer and check the system logs for the warning message "For SCP Archiving, a public key authentication with EdDSA-25519 digital signature schema is used that might be insecure. Please replace the SCP Archiving Private Key using a different signature schema."


= New features =
= New features =
Zeile 45: Zeile 50:
* The Java runtime environment has been updated to version 21.0.6 and Cryptshare is built on JDK-21 from this version on.
* The Java runtime environment has been updated to version 21.0.6 and Cryptshare is built on JDK-21 from this version on.
*Several third-party components have been updated to more recent versions.
*Several third-party components have been updated to more recent versions.
*Use of the EdDSA-25519 signature algorithm for SCP Archiving has been accepted with a security disclaimer due to vulnerability CVE-2020-36843. Customers are encouraged to select an alternative signature algorithm for enhanced security.


=Bug Fixes=
=Bug Fixes=

Version vom 14. März 2025, 15:12 Uhr

Release Date: TBD

Important Update Notes

Language Packages

Due to structural changes in the language packages, all supported server language packages will be updated automatically, customized language packages will be removed during the update process (a backup is done before). If more language packages are needed, it is required to download and install them again.

In case your language packages have been modified, the attached delta-file Datei:Delta english lp 7.1.0 to 7.2.0.txt can help you to locate the changes in this update and re-apply the modifications. The structure of this file is explained in Language Pack Changes.

Update of the Jetty web server to version 12

The Jetty web server used by Cryptshare has been updated to version 12. If you have made changes to the configuration files (ui-config.xml and ai-config.xml), please check whether the automatic update of the configuration files has run correctly and adjust them manually if necessary.

It might happen, that the Cryptshare server does not start correctly while rebooting after the update was installed. In this case, to allow the server to start correctly, please install the default ui-config.xml and ai-config.xml in the resources/WEB-INF directory and reach out to our support.

For more information on configuration, see the article Web Server Configuration.

SCP Archiving with public key authentication

If you are using the SCP Archiving feature with public key authentication, please check if the stored private key is using the EdDSA-25519 signature algorithm. In a unpatched third-party library used by Cryptshare the vulnerability CVE-2020-36843 has been found. Therfore, customers are encouraged to select an alternative signature algorithm for enhanced security.

In order to determine if you are affected, perform a transfer and check the system logs for the warning message "For SCP Archiving, a public key authentication with EdDSA-25519 digital signature schema is used that might be insecure. Please replace the SCP Archiving Private Key using a different signature schema."

New features

REST-API

New Version number

The version number of the Cryptshare REST API was increased to 1.11.

Extended REST-API feature: "Zip download of specified transfer files"

It is now possible during downloading the transfer files in a zip file to specify which files explicitly should be included or excluded from the zip file. More information can be found here (TBD).

Option to prohibit email based verifications over the REST-API

A new Checkbox is now available in the REST-API Addon Products page to configure whether generating the verification codes for the email based verification over the REST-API is allowed or prohibited. By unchecking the option, REST-API clients cannot request the sending of verification codes per email anymore.

For installations without a licensed REST API feature, this option will be set during the update to "prohibited", while installations with a licensed REST API feature will be set to "allowed". If you have the REST API licensed, but do not use the email based verification feature, you can now set email based verifications to "prohibited".

Distribution upgrade for Cryptshare Appliances: openSUSE 15.5 to 15.6

This Cryptshare version allows an upgrade of the underlying operating system. After the update to Cryptshare version 7.2.0 is complete, the Cryptshare administration interface provides the option to start the upgrade process.

Please note that distribution upgrades are only available for Cryptshare Appliances
Read the distribution upgrade manual before performing an upgrade
A distribution upgrade will result in significant changes to the underlying operating system. It is strongly recommended that you read the documentation before starting the upgrade: Distribution Upgrade

Improvements

  • When using the default recipient notification subject and if files are removed from the transfer via the File Type Filter or Pre-processing, the subject will now be updated to account for the files that remained in the transfer.
  • In order to prepare the Cryptshare Server for future authentication options for administrative users, the technical backend for logging in has been revised.
  • The Live Logger can now be enlarged to the full screen size or minimized again with one button press. The associated buttons are now permanently visible and do not only appear when the mouse cursor hovers over the Live Logger.
  • The policy dialog now uses a larger area of the screen and requires less scrolling.
  • The option "Send me a notification email about this upload" was removed from the Transfer Options Page in the Web App. By default, the sender will always receive a notification email about the upload.
  • The Reply button has been removed from the recipient email template to simplify the user experience and reduce potential confusion by providing a single, clear action.
  • Logging of the CleanupTask was extended with more log messages and the addition of the respective tracking id.
  • Using the Cryptshare for OWA in the Outlook Classic Client now correctly displays the application logo.
  • The Java runtime environment has been updated to version 21.0.6 and Cryptshare is built on JDK-21 from this version on.
  • Several third-party components have been updated to more recent versions.

Bug Fixes

  • Resolved an issue that caused in case of activated logging of zip contents to the duplicated display of these files in the transfer log view.
  • Resolved an issue that caused the services are not installed along with rpm package of cryptshare server.
  • Resolve an issue that the line break in E-mail signature didn't take effect on email notification signature.
Abgerufen von „https://documentation.cryptshare.com/w/index.php?title=CSSCurrent_en:Version_7.2.0&oldid=46303