LiquidFiles Documentation
LiquidFiles Documentation

Release Notes Version 3.4.x

Version 3.4.15 (released 2020-12-28)

  • Fixed an issue where freshclam wouldn't start after a recent clamav update.

Version 3.4.14 (released 2020-11-19)

  • Better sanitizing of filenames.
  • Don't allow percent and double at in email recipients.
  • The license info page was sometimes visible where it shouldn't.
  • Added rel noopener and noreferrer to all external links.
  • Added X-Robots-Tag.

Version 3.4.13 (released 2020-09-21)

  • Always permit message replies with no attachments.
  • Fixed an issue where Share Notifications on non-default domains would use the default domain template.
  • Added Created Time to User CSV exports.
  • Set autocomplete hints (new-password, current-password, name, email, ...) where appropriate.
  • Permit Host Based Static Routes.
  • Updated Rails to latest version (security).

Version 3.4.12 (released 2020-09-01)

  • Don't enable Replies to File Request, Filedrop, FTPdrop or Emaildrop messages.
  • Fixed an issue with filenames for files downloaded using older Microsoft Edge browsers.
  • Fixed an issue where filenames from shares would sometimes be incorrect.
  • Added minimal SSL/TLS versions for Emaildrops to TLSv1 (higher doesn't make much sense since we're also accepting cleartext emails).
  • Don't display message BCC for replied to messages.
  • Fixed incorrect quote calculation for shares.
  • Removed sorting by Message Size in Admin → Data. This feature will be returned in the next major version when we've updated the database schema to make this work with sufficient speed.

Version 3.4.11 (released 2020-08-11)

  • Avoid similar looking characters when generating AccessPasses.
  • Fixed SAML authentication for auto-login networks that used to redirect to the message compose page.
  • Added SMTP TLS to Emaildrops.
  • Ensure port 25 is closed after the last Emaildrop is deleted.
  • Fixed the download filename issue for IE and Firefox.
  • Update the kernel for the recent Grub2 vulnerability.
  • Less Restrictive validation for Filedrop Custom help text.
  • Updated Admin navigation links.

Version 3.4.10 (released 2020-07-21)

  • Added additional brute force protection for password reset post action.
  • Added inline table sorting for add existing files, pool files, add files in FileLinks and File Requests.
  • Added duofederal fixes.
  • Updated Content-Disposition header to enable filenames with semicolon in Chrome.
  • Fixed an issue with sorting on domain names in Admin → System Log and Admin → Activity Log.
  • Updated Systemlog and Activitylog views with better escaping of html characters.
  • Added localisation to the contact email label, reply options description and FileLink download button.

Version 3.4.9 (released 2020-07-06)

  • Security: Latest version of the puma web application server.
  • Security: Fixed an issue with a SMS delivery command that wasn't properly escaped.
  • Fixed a JavaScript issue in shares where sometimes shares ending in backspace caused uploads to fail.
  • Fixed an issue where some strftime codes (%Z) wasn't parsed properly in email templates.

Version 3.4.8 (released 2020-06-09)

  • Updated system and activity log time zone.
  • Updated SSH Rate Limit to permit removing the limit and set max limit hitcount to 99.
  • Fixed CSR generation with email address.
  • Fixed race condition in ActionScript Message Received Job.
  • Added application + security autoupdate option.
  • Added TLSv1.2, TLSv1.3 compatibility configuration.
  • Updated SAML authentication that sometimes wouldn't redirect the user back to the previously visited URL.
  • Updated the /help pages with current FileLinks.
  • Fixed an issue where emails in non-default domains sometimes wouldn't use the correct domain configuration.
  • Updated Ruby on Rails

Version 3.4.7 (released 2020-05-11)

  • If there are no access pass users, go to the message authorize page instead of the Access Pass validation page.
  • Added access_pass_url to the message_access_pass template for direct authentication.
  • Fixed an issue relating to automatically applying the April 28 hotfix for v3.4.x systems.

Version 3.4.6 (released 2020-05-04)

  • Enabling Automatic Updates will no longer update the system daily. The system will only be updated if there's an application update.
  • Fixed a problem where sometimes an incorrect version of the Postfix Mail Transfer Agent was installed.
  • Removed dependencies for enabling support access from the console.
  • Added a web based function to enable support access if the system doesn't start properly after a reboot.
  • Fixed an issue with the restoring backup function.
  • Updated the kernel update mechanism to disable the i2c-piix4 kernel module that has caused some systems to boot in emergency mode.

Version 3.4.5 (released 2020-04-28)

  • Added setting in Admin → Groups to limit sending messages to only users that already exist on the system.
  • Attachments API updates to make it clearer if an attached file has been processed by the server.
  • Added SSH Admin Rate Limit, defaulting to 5 connections in 5 minutes, the make brute force login much harder.
  • Added a setting in Admin → Groups to control Message Reply settings.
  • Fixed an issue authenticating with passwords on FileLinks.
  • Fixed an issue creating FileLinks using existing files.
  • Added client side validation of message body when using private message Filedrops.
  • Fixed an issue where users created from a SAML login wasn't redirected back to the correct URL.
  • Fixed an issue with the traffic shaper for multiple interfaces.
  • Added the recent ImageMagick Library Hotfix.

Version 3.4.4 (released 2020-04-06)

  • Added TLS Protocols and Ciphers in the webserver log (in Admin → System Log).
  • Fixed an issue where the Public Hostname in URL configuration didn't work on non-default domains.
  • Fixed an issue where the Admin → System → Network configuration didn't work on non-default domains.

Version 3.4.3 (released 2020-03-23)

  • Fixed an issue where the Share Files cache caused moved files to not be accessible.
  • Fixed an issue where Download Notifications sometimes wouldn't be sent.
  • Fixed an issue where Non-default domains wasn't accessible if Use Hostname in URL's was enabled.
  • Updated Rails version.

Version 3.4.2 (released 2020-03-10)

  • Fixed an issue where Share Files sometimes wasn't accessible.
  • Added Access Pass to the Email Template Editor

Version 3.4.1 (released 2020-03-02)

  • Fixed an issue where it was possible for users to update other users contacts.
  • Use Referrer validation of uploads and only permit session logins from valid Referrer location (potential CSRF issue).
  • Fixed an issue with LDAPs authentication where validate certificate and validate hostname was sometimes not used properly.
  • Fixed an issue with Filedrop Pre-Fill parameters.
  • Fixed an issue where the Use Maps setting wasn't always honoured when disabled.
  • Removed beta expiration (should have been removed in v3.4.0).

Version 3.4.0 (released 2020-02-27)

  • Version 3.4.0, please see the major change list below to see what's changed since v3.3.x.

Major changes from version 3.3 to version 3.4

  • Added Reply function to Secure Messages.
  • Reworked external user authentication using a new function: Access Passes.
  • Updated Admin/Activity Log and Admin/System Log to be searchable on domain names.
  • Added Filedrop Delivery Actionscript
  • Added Group Based Message Delivery Actionscript
  • Added Message Parameters Actionscript
  • Added Terms of Service Application log.
  • Added a setting to enable external users to send files to non-local users (requires license).
  • Reworked the Application Log (Admin → Activity Log) to display log in JSON format.
  • Reworked the underlying log functions to do reverse DNS lookups in the backgroup unless results are cached.
  • Reworked System Log and Activity Log to store only the last X number of records, instead of keeping everything for 3 months (System Log) or 1 year (Activity Log).
  • Added configuration for number of System and Activity Log records to store.
  • Added Brute Force Protection to FTP/SFTP logins.
  • Added IP based/Firewall blocking of specified Hosts/IP addresses or Networks.
  • Reworked the interface and all Brute Force and Firewall blocking is now visible in Admin → System → Firewall.
  • New systems created from v3.4 and onwards will have a simplified disk partitioning layout.
  • Automatic disk expansion of root and data disk partitions (automatic root disk expansion requires the simplified disk partitioning from v3.4).
  • Improved Ingress traffic shaping.
  • Updated Public Hostname configuration with better hostname redirect URL and hostname matching configuration.
  • Use relative redirect URLs in nginx (prevents ip address leakage).
  • Added LDAP Configuration to validate the server certificate when using LDAPs.
  • Updated Strict Transport Security timeout to 2 years.
  • TLSv1.3 and TLS cipher updates.
  • X-Frame-Options -> CSP Frame Ancestors.
  • Internal code cleanup and reoorganization.
  • Updated Ruby, Ruby on Rails, Postgres and various libraries to later versions.