Difference between revisions of "Changelog Provider"

Information

This are the official changelogs for the regify provider software appliance.

Update 2024 V5.3.4 (announcement)

Patch release announcement

• Fix: Enhance group management function 'remove user from group' to reduce confusion with account deletions.
  • Renamed into 'take from group'.
  • Changed icon to not look like deletion.
  • Added a note to tell group admins that this will not delete the regify account.
• Fix: In maintenance mode, usage of the portal was not disabled if already logged in (not really an issue, just wrong).
• Fix: In maintenance mode, captcha generation is stopped.
• Fix: regigate administration dialogue is now waiting up to 5 minutes for new IP addresses update and shows loader animation on button, preventing multiple clicks.
• Fix: Fixing regibox invitations not received if receiver domain has restrictive DMARC headers.
• Fix: Fix reply-to name for regimails written online in web portal (used senders email instead of name).
• Fix: Eliminated random error messages like "Had to correct corrupt count -1 record for box..." in error log.
• Fix: Eliminated random error messages like "ERROR: Missing or invalid language-code for template [box_invit_success]..." in error log.
• Fix: Fixed API function mailcheckassignment returning wrong answer if user is not registered at same provider.
• Int: Enhanced captcha function.

Update 20. February 2024 V5.3.1

Patch release

• New: Display a helpful error message if a password reset was requested by a non-activated account.
• New: Show assigned coupon code in user data administration dialog (system admins only).
• Fix: Sometimes the "send me a copy" function in online regimail writing did not work.
• Fix: No error was shown if an invalid coupon code was entered during registration (it was simply ignored).
• Fix: Enhanced information and handling if > 25 regimails/day were sent using portal.
• Fix: Enhanced error message if monthly regimail limit was reached.
• Fix: List of uploaded documents (regipay plus) showed a navigation area with no function. Removed.
• Fix: Fix error log entries occuring after a user deleted his account (PHP Warning: Illegal string offset 'USERID').
• Fix: Fix error log entries occuring after the administration pages are called with double slash (eg while pentesting).
• Fix: Saving data of non activated users in user data administration dialog sometimes triggered error about email address and phone number.
• Fix: Sometimes regibox went to maintenance mode after the appliance menu regibox options were opened and closed without saving.
• Fix: New or changed regigate IP addresses (for whitelisting) were not updated.
• Fix: Triggering a manual backup from admin GUI did not work.
• Sec: Updated OpenSSH packages and supported algorithms to protect against Terrapin SSH issue (CVE-2023-48795).
• Sec: Set PostFix config variables to protect from SMTP smuggling (CVE-2023-51764).
• Int: The PENTEST flag also disables captcha validation for more easy testing.
• Int: Adding CORS headers to apache configuration.

Update 20. April 2023 V5.3

Major release

This is not only a release with a lot of new functions and updated user interface, it is also a cleanup and modernizing release.

• New: Completely new designed end-user interface.
  • Modern graphical user interface.
  • Responsive for PC, tablet and mobile usage.
  • Enhanced top navigation with a new navigation structure, respecting the experience of the last years.
  • Easily customizable in corporate identity color and with your company logo.
  • Redesigned for better usability and accessability.
  • Hiding any unavailable options from the user to avoid confusion.
  • Reduced many dialogs to the mandatory fields.
  • Added expert mode to hide beginner notes and enable some more pro functions.
  • Users getting warned if they use an old webbrowser (IE, old Opera, old Firefox, old Safari etc).
• New: Enhanced performance compared to regify provider 5.2.0 login page
  • Page loads 26% faster (2.3 sec -> 1.5 sec).
  • Page loads 61% less content bytes (551KB -> 213KB).
  • Page does 45% less requests (36 -> 20).
• New: Re-designed regimail shop system for single users and group administrators.
  • Faster and more easy to understand. Follows current EU regulations.
  • More simple, offers always 1 and 2 years of regimail professional.
  • More transparent communication about prices and offer.
  • Prices and VAT are now entered in (sub)provider configuration (by (sub)provider administrators).
• New: Enhanced online reading and writing (incl. reading regipay).
  • Much better handling of attachments and enhanced drag&drop and file selection.
  • There is no longer a fallback mode for very old webbrowsers like IE and old Safari. People must use an up to date webbrowser.
  • Internally now using WASM code to be faster and more secure.
  • New online regimail writing limits. Single attachments max. 8MB and 32MB for the whole regimail.
• New: Support for regipay Plus online document access.
• New: regibill validation dialog is enhanced and offers better drag&drop usage.
• New: Enhanced group management dialogs (group admin).
  • Offers an extra page for Excel upload invitations.
  • Function to take former invited people back into your group.
  • Cleanup dialogs and remove popup windows.
• New: User administration using normal/bold font instead of red/black color to indicate regimail private/professional.
• New: Added regipay Plus support to regify protocol (for use in client apps).
• New: Dialogs using Captcha now rendering faster (registration, pwd-reset).
• New: New qa.php page to give QA and support a quick overview about provider configuration.
• New: New pentest mode, making pentesting more easy by deactivating specific security functions (PENTEST config option).
• Rem: Removed (sub)provider flags A, C, D, E, F, H, K, L, P, S, V, X, 3, 4, 7 due to minimal use.
  • See provider 5.2 docs for menu flags reference.
  • They all now use the common default behavior or affected functionality does no longer exist.
• Rem: Removed unused or redundant user data fields.
  • Removed users bank data information dialogs.
    • Dropping tables tblbankaccounts, tblaccounting.
  • Hiding newsletter checkbox in account dialog.
  • Affects both user and admin dialogs.
• Rem: Removed invoicing export function.
  • Removed internal processing of a user bank account.
  • Removed payments export in administration.
  • Removed admin options to manage internal users bank account.
  • Droping table tblexport.
  • Removed DEBITSTATECHECK, RENEWALPERIODOFNOTICE and INVOICINGINTERVAL config options.
• Rem: Removed functionality that tried to point you to most used page after login.
  • Generally, after login, all user logins start in account overview.
  • Users in a regipay group with available documents start in available documents view.
• Rem: Removed membership advertisement pages in portal.
• Rem: Shop system cleanup.
  • Removed option to buy for other people.
  • Removed customShop option for shopping pages.
  • Removed options to customize shopping form. Instead, we offer the most common fields by default.
• Rem: Password reset dialog offers no auto-generate any more.
• Rem: Displaying the password does no longer offer a print dialog (eg after registration).
  • Instead, we recommend users to use a password manager application.
• Rem: Invitations using the portal do no longer allow to edit/change the user name as the inviting user.
• Rem: Group management cleanup.
  • Removed "pull user into group" function.
  • Removed extra "invite user to group" function (standard invite now works like that).
• Int: Removed the following configuration options:
  • PDFENABLED (now always enabled).
  • PREVENTREALSENDERADDRESS (now always preventing real sending address).
  • MTA_ADDS_CRLF (always use default).
  • DOCUMENTATION_DOWNLOAD_INFO_FILE (all documentation is now online).
  • DEBUGSLEEP (replaced by PENTEST option).
• Int: Activated HTTP protocol compression for .js, .css and .wasm file types.
• Int: Webserver is now sending a Content-Security-Policy header to increase security.
• Int: Removed all internal connector functionality.
  • This was no longer used since 2008 and therefore was removed from code and testing.
• Int: Updated all appliance packages to most recent distribution version.
• Int: Set all provider cookies SameSite attribute to Lax.
• Fix: Fixed filename issues downloading ZIP of regibox shares.
• Fix: Fix issues in user import tool (error: missing CHATALLOWEDUNTIL).
• Fix: Remove serving no longer needed /icons/ folder.

Update 20. April 2022 V5.2

Major release

• New: We are discontinuing regichat. Due to this, all regichat references were removed from the regify provider completely.
  • Removed all CHAT_*, all REGICHAT_*, CHECK_HISTORY_INTERVAL and CHECK_IF_REGICHAT_LOADED_INTERVAL constants.
  • Removed all regichat related email templates.
  • Sub-provider menu flags "Q", "R" have been removed.
• New: For German users, the term "regify-Provider" is now renamed to "regify-Anbieter".
• New: Enhanced optics for GUI tabs to be better recognizable as tabs.
• New: Many icons and images were replaced with better resolution versions or a font icon.
• New: Some unused options were removed from personal information dialog (username field, a header).
• New: Enhanced several sentences and their translations to be better understandable.
• New: Group administration dialog now has a refresh button (update members status).
• New: Group administration dialog is hiding useless options in case the group is a regipay group.
• New: Invitation dialog now has a refresh button (update invitations status).
• New: Shop order notifies provider by email about a new order. Now, the email also contains json with order details, allowing automated processing.
• New: Provider-SDK userinvite function supports new parameter g (to auto-group invited user).
• New: Provider-SDK got a new error code (36).
• New: Provider administration pages...
  • The complete look and feel was updated. The interface scales to any screen size (better on 4K monitors).
  • Most dialogs are no longer opening popup windows. Instead, dialogs running inside.
  • Log viewer search is now also offering an end time.
  • Group deletion dialog offers to also delete the contained users.
  • Main page shows a warning if appliance websocket server is not running.
  • Main page notifies with blinking red flag about new orders and authentication requests.
  • Enhanced display of logfile content in administration main page.
  • Status display on administration main page updates every 5 seconds (no need for reload).
  • Documentation and help option now pointing to new help portal at manuals.regify.com.
    • Removed DOCUMENTATION_DOWNLOAD_INFO_FILE constant.
• New: Default "Admin" account is no longer allowed to log-in to the end user portal.
• New: Sub-provider menu flags "5" and "6" have been removed (no longer needed).
• New: Removed CK-Software shop option in sub-provider administration.
• New: The activation email default templates have been enhanced (simplified, better colors for activation link).
• Int: Removed option RENEWALPERIODOFNOTICE constant (was unused).
• Int: Removed the options to limit mass sendings.
  • Removed SERVICEPRIORITY_REGIMAIL, SERVICEPRIORITY_REGIBILL, SERVICEPRIORITY_REGIPAY constants.
  • No further speed limit for mass sendings.
• Int: Optimized storage and handling of users list of regiboxes.
  • Gaining better performance on installations with many regiboxes (with regibox manager 2.1).
  • Extended regibox protocol API for the new list form (with regibox manager 2.1).
• Int: If regibox storage is exceeded:
  • regibox managers will no longer show notifiers for that case.
  • Instead, the 'owner' and 'causing user' will get informed by email (maximum once a day).
• Int: Optimized output of portal reference URLs (no absolute pathes anymore).
• Int: Switched regify clearing domains from regify.clearing.lu to clear-center.eu.
• Int: Removed provider setting MTA_ADDS_CRLF (no longer needed).
• Int: Preventing too many SMS for password reset (max 3/day) and re-sending unlock code (max 2/day) per user.
• Int: SMS url replacement is now supporting [e] parameter for check if text encoding is GSM 03.38 compatible.
• Int: Added more protection against stupid antivirus scanners accepting or canceling invitations automatically. Same for PWD reset and self registration.
• Int: Monthly reports now generated on the first day of a month, two minutes after midnight.
• Int: Monthly reports are now also generated, if the system was offline on first day of a month around midnight (even days later).
• Int: System is better protected against DOS attacks in Captcha generation.
• Int: First and lastnames are allowed to be one character only.
• Fix: Do not allow email address removal if the email address is vital for an existing regibox.
• Fix: Better handling if the password of a user was reset by a database cleanup of the password field (eg after forcing users to generate a new password).
• Fix: Fixed issues in reporting Excel invitation list errors.
• Fix: Fixed accidential dot (.) in sender name for SMS sending in some cases.
• Fix: Forward after timed out administration session forwarded to portal login instead of admin login.
• Fix: Captchas were sometimes hard to solve. Now, the algorithm is producing better readable captchas.
• Fix: PDF transaction list export for regibox invitations incorrectly mentioned creation entries as well (red).
• Fix: regibox share ZIP download displaying some "please wait" until download starts (prevent irritation if compression needs some time).
• Fix: If new users are created manually in web administration, dialog did not remember the mode if values were missing.
• Fix: Appliance complained SSL certs that last longer than 390 days. Now it only complains if they last longer than 398 days.
• Fix: Fixed database error 'Error in accept: Too many open files' on heavy load.
• Fix: Fixing several security related issues.
• Fix: Fixing CVE-2018-25032 (zlib compression vulnerability).

Update 03. November 2020 V5.1.2

Patch release

• New: Showing provider logo also on mobile devices.
• New: Enhanced downloads page by enhancing update.json parsing.
  • Supporting a "hide" attribute to allow regify to hide products and versions from here.
  • Supporting "link" attribute to present an informational link instead of binary download.
  • Always showing links for other OS (no longer hidden below).
• Fix: In some configurations, the shop button in account overview is broken.
  • Note: Shop button in "Communication" -> "Shop" and other locations were still working.
• Fix: Manage user dialog in administration does not show non-activated users by default (tick "Show only not activated users" to see them until you updated).
• Fix: Fixed message about to much invitations for group administrators in some cases.
• Fix: Better handling invalid date values for group administration.
• Fix: Adding and deleting sub-providers was impossible since 5.1.0.
• Int: Added "short" mode for regibox share protocol. Also added "protected" and "fileCnt" values for possible future use.
• Int: Added DOS protection for ZIP download in regibox shares.

Update 21. September 2020 V5.1

Major Release

End user related:

• New: Add regipay mode to groups.
  • Users in such group get a restricted portal interface, optimized for payslip readers.
  • Users in such group get a hint where to find the payslips.
  • There is a new and optimized email template for invitations into such group (invite_pay template).
• New: regibox share is now better formatted and offers download as ZIP file.
• New: The captchas for registration and password reset are updated.
  • More secure (using SVG, rotation, using timing check).
  • Better compatible with mobile devices (automatic resizing).
• New: There is only one regify account invitation allowed if the user never sent a regimail before (except of group admins).
• New: Activate "new device" notifier by default. Use better GeoIP service and template.
• New: Added Chinese country names in dropdown country selections.

Administrator related:

• New: Added showing users statistics to hotline admin role.
• New: Admin user list export now also includes invitation information.
• New: Renamed "negotiator" columns in admin exports to "coupon code id".
• New: Optional monthly provider report email is re-organized and contains some helping comments (REPORTCOPYADDRESS).
• New: Provider billing documentation was enhanced by adding a "coupon code"s chapter and other updated information.
• New: If admin installs an SSL certificate which lasts longer than 398 days, he gets a warning.
• New: Appliance diagnostics also checks for working websocket connections from outside (regibox).
• Fix: Replaced CodeMirror with ACE code editor component. Fixing flicker and jumping issues.
• Fix: Export for regibox billing also listed users which registered after export period (numbers all zero, so no real issue).
• Fix: Fix issues with authentication dialog not working (5.0.9 issue).
• Info: We have tipps for monitoring with ZABBIX.
• API: The provider API function maildelete was enhanced for multiple addresses and corresponding documentation was clarified.

Internal:

• Sec: Disable support for TLS1.1. Now, TLS1.2 is the standard protocol. Note: TLS1.3 will not be supported in 5.1 versions.
• Int: Allow file replication in maintenance mode to fix issues removing maintenance mode in cross-master setups.
• Int: Switch default regify SMS gateway to a new vendor (normally, no interaction needed).
• Int: Ensure no email addresses removed from account if its registered as regibox owner (member has to confirm explicitely).
• Int: Underlying OS updated to most recent patch versions.
• Int: Removed config values REGIMAILPRIVATE and REGIMAILFLAT (were not used in the past).
• Int: Removed "SelfAdmin", "RegimailPrivateDefined" and "RegimailFlatDefined" from monthly report.
• Int: Remove all ALSO and AppDirect related code (cleanup).
• Int: Removed the concept of "community" and "corporate" providers. Technically, everything is community now.
  • Meaning that there are no "deleted" users any more. Administration no longer offers search for deleted users.
  • Provider-SDK does no longer support UserType=91.

Update 16. June 2020 V5.0.9

Patch release

• New: Increased maximum number of representatives to 25 (former 5).
• New: Self registration dialog now utilizing a captcha to prevent robots from registering or abusing the system.
• Fix: Added missing log entries if a user was removed from a group by the group admin.
• Fix: Fix broken Enforced Attachment links in Gateway protocol (regigate).
• Fix: For regibox manager V2, push notifications were missing if user accepted regibox invitation or boxes with no content were deleted.
• Sec: Prevent HTTP host header attacks (no working attack known for previous provider versions).
• Sec: Set new HTTP Strict-Transport-Security value max-age to be one year (previously 1/2 year).
• Int: Now supporting recipientsHash value in provider protocol (newTransaction) to allow more than 5 representatives (client needs to support this, too).

Update 20. February 2020 V4.1.6

Patch release for very outdated regify providers still on version 4

• Int: Just fixing compatibility with regify Client V4.4 as an temporary help.

Update 20. January 2020 V5.0.8

Patch release

• New: Administration log viewer allows searching in comments.
• New: Also allow password reset initiated from group administrator without knowing the mobile number.
• Fix: Fixed online reading error "TOTAL_SIZE" if RGF file was bigger than 15 MB.
• Internal: For new backup/restore and SSL offloader scenarios, the system now supports using only IP instead of domain for the main provider.

Update 06. November 2019 V5.0.7

Patch release

• New: regibox manager with version less than version 1.5.2 are no longer allowed (will trigger error 4 in old regibox managers).
• Fix: Transaction counter for regify report sometimes returned numbers of previous month for overall transactions statistics.
  • Please note that this counter is not relevant for any calculation of any cost. It is just statistical information.
• Fix: Database based file replication (master-slave or master-master) does no longer stop in maintenance mode to prevent issues coming back from maintenance.
• Fix: Prevent changing users regibox settings if regibox is not configured at all (web administration only).
• Fix: Fixed rare issue with websocket server hanging (100% CPU).
• Internal: Enhanced options for customizing "Downloads" page image (for better compatibility).
• Internal: regibox protocol handler now supporting metaData field (for managing special permissions of upcoming regibox manager V2).
• Internal: Hosts-file entry for clearing DNS now updated from pkgs.regify.com (previously it was pls1.regify.com).

Update 24. May 2019 V5.0.6

Patch release

• Fix: Fixed problems in admin dialog for user creation if given email address contained leading or trailing spaces.
• Fix: Decreased default limitation of Provider-SDK function gettransactionlist to 10.000 hits per request to avoid server side high memory consumption.
• Fix: Enhanced error messages in regigate connector protocol if retrieving message key(s) fails.
• Fix: Fixed some optical issue in signing regigate certificates dialog.
• Internal: System now observes the expiration date of the regigate signing certificate. In case it runs out, it is getting re-signed automatically.
• Internal: Some changes regarding new regibox file sharing protocol (beta, only for future regibox versions).

Update 20. March 2019 V5.0.5

Patch release

• New: We removed support for TLSv1.0 due to security concerns.
• New: Added GDPR compliant data download option to HELP AND FAQ page.
• New: Added start time field to admin log search dialog. Enhanced date and time fields with new HTML5 types.
• New: Added some extra security layer to some download functions.
• New: Added functions for new regibox file sharing protocol (beta, only for future regibox versions).
• Fix: Fixed issues while inviting new users to an already running regichat session.
• Fix: In some circumstances, the provider sent regimail reminders to regibox owners after 3 days.
• Fix: Tweaked some WebSocket parameters for better scaling with many regibox users.
• Fix: Enhanced "online reading" help sentences.
• Fix: Setup assistant did not correctly initialize Chinese templates.
• Fix: Enhanced error message if cookies missing while password reset.
• Fix: Footer code template needed some update.
• Fix: Mobile country code field was partially hidden on small screens during sign-up.

Update 09. October 2018 V5.0.2

Patch release

• New: Increased the number of allowed transactions in a regimail professional account from 350 to 500.
• New: Forward group admins with regipay capability to the group invitation dialog even if they click the ordinary invitation button.
• Fix: Reducing high CPU load on the appliance if a lot of regiboxes are synchronized with regibox managers pre V1.5.
• Fix: Cron jobs did not respect proxy settings.
• Fix: Prevent regibox advertising showing if no shop order mail address is set in administration.

Update 16. August 2018 V5.0.1

Patch release

• New: Added some additional sanity check if someone edits provider main configuration file (complain about text outside of PHP tags).
• Fix: Enhanced error message if appliance internally triggers error 58 or error 59 (connectivity issues).
• Fix: Mention prices "incl VAT" in regify (sub)provider settings.
• Fix: Fixed bug causing an error in authentication dialogue (if authentication was denied and comment was used).
• Fix: Fixed and updated list of used components and license information on admin login page.
• Fix: Fixed some issue in WebSocket connection protocol for upcoming regibox V1.5 release.
• Fix: Fixed issue that potentially prevented restart of WebSocket server after appliance update.
• Fix: Fixed some issue in provider setup-wizard after fresh appliance install (invalid session, need login).
• Fix: No longer displaying regibox creation entry in "regibox invitations" list (may confuse people).

Update 9. July 2018 V5.0.0

This is a major release containing many new functions and also breaking some compatibility. For update information, please visit Update_5.0.

End user related:

• New: Added Chinese language support (both user interface and admin interface).
• New: New function "My devices" is showing you the devices you used for log-in.
• New: Added cookie check to prevent users reporting issues if they simply have turned off cookies in their web-browser.
• New: Group administrators can re-send an invitation email.
• New: regify accounts are blocked for 10 minutes if someone tried to login with wrong password for more than 10 times.
• New: Account overview is offering some regibox advertising (only if provider supports regibox).
• New: Account overview is showing group administrator name and contact information.
• New: All users (self registered or invited) will have to explicitly accept terms and conditions during account activation (required by new GDPR/DSGVO).

Admin user related:

• New: Replaced many icons by font icons. Thus, you can edit the color and icon itself much more easy using CSS.
• New: Portal administrators can re-send an invitation or registration email.
• New: User management search also searches in additional email addresses.
• New: Subprovider-Administrators can also edit their contact and support information now.
• New: The (sub)provider is now able to choose the languages he likes to support. Others are not available for end users then.
• New: Language flags are inserted using a simple function now. More easy to customize the footer.
• New: Administration entries regarding provider settings and customization have been re-arranged to be more clear.
• New: Direct access to users usage statistics and see last email log entries.
• New: Provider maintenance dialog offers a SMS test function.
• New: Customizing now also allows SVG and TTF files upload (for uploading and hosting own fonts for CSS usage).

Generic:

• New: Provider-SDK access is now restricted to given IP address(es) or ranges.
• New: Custom SMS sending functionality (URl call) to allow more placeholders for various SMS text encoding (eg UTF16).
• New: Terms and conditions page now offers a "print" button.
• Fix: Transaction history export using PDF is now using a font that supports Chinese subjects, too.
• Fix: Added support for Windows Phone to pay.php payslip download and on-line regimail reading.
• Fix: Added more logging regarding user registration and account activation.
• Fix: As usual, many sentences and template texts have been enhanced or corrected.
• Fix: Email domain blacklist was not used for invitations using CSV/Excel upload.
• Fix: The overall number of transactions in monthly report only counted opened transactions instead of all (not used for invoicing!).
• Fix: Enhanced the invitation dialogue to better explain the usage of optional mobile number.
• Fix: Excel and CSV import better trims leading and trailing spaces, does no longer complain about empty lines.
• Fix: Fixed php syntax check in admin script dialogues (was somehow useless in provider 4.1).
• Fix: Fixed password reset issue, introduced in pre-upgrade release 4.1.5.
• Fix: Fixed issue where non activated additional email addresses were not automatically removed two days later.

Security:

• Hardened the appliance against several attack vectors.
• Set Apache TraceEnable directive to "off" by default.
• Enhanced SSL cipher suites to get even more security for SSL connections.

Other:

• Internal: Now supporting e-mail addresses using unicode domains (Punycode support).
• Internal: Maximum number of group members is no longer fixed and can get adapted using MAX_GROUP_MEMBERS constant.
• Internal: Provider-SDK now offers a new function called startchat and allows to run chats from scratch with no need of portal interaction.
• Internal: Added web-socket server for providing push notifications to several products (eg regibox).
• Internal: Enhanced CSS and JS provisioning on provider updates to make sure it loads new even if browser cache is active.
• Internal: New getWebSession function in client protocol to replace older one in future regify client software.
• Internal: Support script for user export/import now also supports transfer of grouping information.
• Internal: Upgrade underlying operating system to CentOS 7.5 (also supporting SMBv2 for regibox and backup shares).
• Internal: To prevent DNS issues with clearing (slow lookup sometimes), we added some auto-updated hosts file entries.

Previous Changelogs

You can find previous and outdated changelogs on a separate changelog page.