Release Notes Version 3.7.x
Major changes from version 3.6 to version 3.7
- Added Web based API authentication — this enables all authentication requirements same as for web logins when authenticating to the API such as Strong 2-Factor Authentication.
- Expiring API Keys — when using the Web based API authentication, the API keys will be configured to expire after a default of 30 days which will prompt users to re-authenticate in the Outlook plugin, Windows and Mac Agent and the IOS app.
- Added Support Address with link in the Menubar.
- Added Recipient and Sender Aliases, including support for added Recipient and Sender aliases through LDAP.
- Improved Secure Message View to make it easier to access and download when there's many attachments.
- Filedrop API now uses expiring API keys.
- Added Filedrop API functions for User Filedrops.
- User Filedrops can now set Email Validation Requirements and send receipts to Senders.
- File Upload API changes from /attachments to individual upload actions per function /message/attachments/upload,...
- Added Email Sender Address Policy — a more flexible way to set sender addresses enabling users in local domains to send emails with their real emails while still sending external email accounts using the Email Sender Address.
- Redesigned the Email Templates — all emails will look nicer and if you've previously changed any of the email templates you will most likely have to start over with the new templates.
- Updated the HTML editor and removed a lot of incompatible tags. Previously it was possible to use things like font color but this did not render reliably so from now onwards, the HTML editor will only show tags that can be styled correctly in the emails and web interface.
- Added html cleaner when pasting texts primarily from MS Word or similar.
- Enabled HTTP/2 which will speed up subsequent page-loads in LiquidFiles and will provide a substantial improvement when using reverse proxies (please note that HTTP/2 only works over HTTPs).
- Added Permission Policy Header
- Added autocomplete username and current-password where applicable..
- Don't log /404's as user activity in Admin → System → User Acitivity.
- Added a function to redirect the browser if they connect using http to a https port.
- Postfix (Emaildrops incoming and sending emails) now require TLSv1.2 for both incoming and outgoing connections.
- Updated libraries and functions such as Ruby on Rails, Ruby, Nginx, Bootstrap, PostgreSQL...
Version 3.7.19 (released 2024-08-12)
- Permit strong auth remember when using sms auth.
- Fixes an issue where strong auth remember cookie could be reused.
- Added support for the archived CentOS 7 system repositories.
- Added function that will remove the LiquidFiles system repositories on the 1st of January, 2025.
- Updated migration script for LiquidFiles v4.x migrations.
- Updated Kernel.
Version 3.7.18 (released 2024-01-10)
- Updated migration script for LiquidFiles v4.x migrations.
Version 3.7.17 (released 2024-01-09)
- Security: Update the Kernel.
- FileLink max expiration max to 3650 days.
- Fixes an issue where it was possible to double-click the Send button in the Message → Compose page, when using Chrome.
- Added End of Support information for CentOS 7 and notifications to migrate the system to LiquidFiles v4 before June 30, 2024.
- Better test to detect when cookies can't be set.
- Updated libraries and internal fixes
Version 3.7.16 (released 2023-11-30)
- Fixes an issue where Email Template for the Filedrop Private Message listed the wrong sender.
- Fixes an issue where Email Template viewer wasn't displayable for all templates.
- Changed https://man.liquidfiles.com → https://docs.liquidfiles.com.
Version 3.7.15 (released 2023-11-07)
- Security: Fixes an issue where an Admin can elevate their privileges to Sysadmin privileges using a specially crafted request.
- Security: Fixed an issue where it could be possible for external users to create external user accounts when they shouldn't (additional fix from v3.7.12).
- Added reply_url to the api_template.
- Redirect /messages to /messages/inbox
- Fixes a couple of database migration issues after restores from older systems.
- Internal fixes
Version 3.7.14 (released 2023-08-28)
- Security: Better sanitizing of user names, and fixed an issue with the sanitizer from v3.7.13.
- Autommatically redirect the old /user/registration and /account/password_reset urls to the new ones.
- Fixes an issue where expire password was enabled when creating a new user when it shouldn't.
- Updated Ruby on Rails and libraries.
Version 3.7.13 (released 2023-08-16)
- Security: Better sanitizing of a users name.
- Fixes an issue where uploading chunks in shares wouldn't restart from the previous available chunk.
- Added chunk verification similar to Secure Messages for Shares API.
- Changed /user/registration to /register and /account/password_reset to /password_reset.
Version 3.7.12 (released 2023-07-26)
- Security: Fixed an issue where it could be possible for external users to create external user accounts when they shouldn't (additional fix from v3.7.11).
- Fixed an issue where Administrators couldn't update users with automatically assigned groups.
- Fixed an issue where the expires header was set to an incorrect weekday.
- Updated Libraries and functions.
Version 3.7.11 (released 2023-06-13)
- Security: Fixed an issue where it could be possible for external users to create external user accounts when they shouldn't.
- Security: if 2FA is enabled, require 2FA before resetting passwords.
- Fixed an issue uploading files to shares using JSON.
- Fixed a display issue how much data can be sent when using a separate data disk.
- Fixed replaying to a message when the HTML editor was disabled.
- Fixed an issue with FTPdrops that could cause an issue with large files due to incorrect disk size validations.
- Added Sent At Time view to sent messages views.
- Fixed a display issue with the navbar on phone size screens.
- Fixed the branding quickstart.
- Fixed an issue where the queue didn't clear up errors properly.
- Updated libraries.
Version 3.7.10 (released 2023-05-02)
- Fixed an issue where FTPdrop sizes wasn't set properly on create.
- Fixed editing contacts.
- Fixed using the password validation regex test.
- Mb -> MB (everywhere)
- Fixed max file display with correct disk space.
- Added connect-src configuration to the Content Security Policy.
- Fixed XML uploads for Filedrops.
- Removed required field for saml_authn_context.
- Fixes an intermittent issue where sometimes Syslog messages couldn't be written and caused a file upload issue.
- Use MB and GB instead of Mb and GB to avoid bit vs byte confusion.
- Updated Libraries and underlying functions.
Version 3.7.9 (released 2023-04-25)
- Fixes an issue updating FTPdrop recipients.
- Fixes an issue with sanitizing filenames.
- Fixes an issue uploading assets during Getting Started.
- Add default sender alias api response to the Client Info Request.
- Updated jQuery and libraries.
Version 3.7.8 (released 2023-04-17)
- Fixes an issue where groups are forced to authenticate with SAML when accessing a Secure message.
- Fixes an issue inviting Users that exist in LDAP.
- Fixes an issue displaying attachments of expired messages.
- Updated Inbox and Sent view for better responsiveness.
Version 3.7.7 (released 2023-04-12)
- Permit download authentication details without authentication for unauthenticated messages.
- Added download time and download speed to the download receipt template.
- Fixed maintenance expires for attachments attached to multiple message.
- Better logging for maintenance expirations.
- Updated Content Security Policy to permit showing media in shares.
- Better email design for Outlook.
- Fixed LiquidFiles v2 restore.
- Fixes an issue downloading XML and JSON files.
- Fixes an issue using Outlook plugin v2.0.139.
- Fixes an issue displaying icons in the date picker.
- Fixes a rare issue that can cause syslog messages to not be written properly.
Version 3.7.6 (released 2023-03-30)
- Fixes an issue upload XML and JSON files.
- Fixes an issue with password validation when the API is disabled.
- Fixes an issue uploading branding assets.
- Fixes an issue with pre-fill parameters for Filedrops.
- Better sanitizing for filenames.
- Fixes an issue where filenames with spaces would be downloaded with +.
- Fixes local domain validation for Public Hostnames with domain.com style.
Version 3.7.5 (released 2023-03-15)
- Don't detect Content-Type until file has been assembled.
- Fixes an issue where sometimes when uploads fail the progressbar hangs with no feedback.
- Require authentication to be required when sending private messages.
- Removed email relay password from being logged.
- Fixes an issue where SAML errors would cause an internal server error.
- Fixes an issue where saving the External Users group would disable send Secure Message feature.
- Fixes an issue for Terms of Service for users without accounts.
- Fixes an issue where sending emails would sometimes set the incorrect Envelope From address.
Version 3.7.4 (released 2023-03-07)
- Added configuration to enable/disable recipient aliases in Admin → Groups.
- Added Certificate Chain upload option when uploading a PFX certificate.
- Moved attachment details CSV download to the web interface instead of attaching in email.
- Fixed editing users with automatically assigned groups.
- Fixed an issue setting max_file_size using the Admin User API.
Version 3.7.3 (released 2023-02-28)
- Fixes Message API sending messages with Base64 encoded attachments.
- Fixes an issue where setting passwords in a Filedrop would require authentication when it shouldn't.
- Record downloads (but not send emails) when owners download their own attachments.
- Adds a CSV attachment with attachment details when sending a Secure Message through the web interface.
- Removes Checksum from the default email template when sending Secure Messages through the web interface.
- Fixes an issue when sending emails from usernames with commas in them.
- Fixes a couple of strings that wheren't translatable.
- Security: Adds a restrictive Content-Security-Policy for downloaded files (should never be used).
- Security: URL Encode filenames during downloads. Fixes a potential XSS attack.
- Security: Removed legacy Form Based file uploads in Shares.
Version 3.7.2 (released 2023-02-21)
- Changed the low disk notification email to send directly, not by the nightly notification.
- Fixes an issue showing download map.
- Fixes an issue with temporary files permissions that affected some updates from v3.6.
- Fixes an issue with database migration that affected some updates from v3.6.
Version 3.7.1 (released 2023-02-16)
- Fixing an issue uploading files with many chunks.
Version 3.7.0 (released 2023-02-14)
- Initial Release of v3.7.
Incompatibilities and Warnings
These are a few things you need to be aware of when updating to LiquidFiles v3.7.
System Repository
The LiquidFiles v3.x hosted system repository at https://updates.liquidfiles.com as documented in the Network & Firewall documentation will be removed on the 1st of January, 2025. Updating to v3.7.19 will make sure your system can still connect to a repository should you need to, and you will need to permit unrestricted outgoing access from 1st of January, 2025 to be able to connect to a system repository.
Outlook/Windows Client
Please make sure you're running at least Outlook plugin version 2.1.x and CLI version 3.7.2.
Content-Type update for API calls
Before LiquidFiles 3.7, it was possible to set the Content-Type to application/json and have the LiquidFiles API respond with JSON. This was not correct and the correct header to set was and is the Accept header (curl -H "Accept: application/json" in the LiquidFiles curl examples). If you're using the API, please make sure that tyou set the Accept header to application/json.
Redesigned the Email Templates
LiquidFiles v3.7 adds a new default Email Template design. If you've previously changed the Email Templates from the default it's most likely easiest to just start over with the new templates.
API Deprecations
Form Based API uploads
It's no longer possible to use Form based file uploads. Form based file uploads have been listed as being deprecated for a few years now in favour of binary file uploads. Up until v3.6 it was still possible to use Form base file uploads but starting with v3.7 it's no longer possible.
Previous Attachment Upload API will be deprecated after v3.7
Up until v3.6, the /attachments and /attachments/binary_uploads API functions have been global functions for most (all except shares) uploads. The Form based /attachments upload function was deprecated in this release and the /attachments/binary_uploads API will be deprecated in the next major release. The supported way moving is to use individual functions such as /message/attachments/upload moving forward.
XML API will be removed after v3.7
From LiquidFiles v3.0.x, LiquidFiles has migrated from XML towards JSON for all API functions. There's still some old functions that have been kept around since they where there and working. After this release all XML API functions will be removed and you will be required to use JSON for the LiquidFiles API moving forward.