Changelog Provider

From regify WIKI
Revision as of 09:24, 12 August 2024 by Regify (talk | contribs) (→‎Update 2024 V5.3.4 (announcement))
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


This are the official changelogs for the regify provider software appliance.

Update 2024 V5.3.4 (announcement)

Patch release announcement

  • Fix: Enhance group management function 'remove user from group' to reduce confusion with account deletions.
    • Renamed into 'take from group'.
    • Changed icon to not look like deletion.
    • Added a note to tell group admins that this will not delete the regify account.
  • Fix: In maintenance mode, usage of the portal was not disabled if already logged in (not really an issue, just wrong).
  • Fix: In maintenance mode, captcha generation is stopped.
  • Fix: regigate administration dialogue is now waiting up to 5 minutes for new IP addresses update and shows loader animation on button, preventing multiple clicks.
  • Fix: Fixing regibox invitations not received if receiver domain has restrictive DMARC headers.
  • Fix: Fix reply-to name for regimails written online in web portal (used senders email instead of name).
  • Fix: Eliminated random error messages like "Had to correct corrupt count -1 record for box..." in error log.
  • Fix: Eliminated random error messages like "ERROR: Missing or invalid language-code for template [box_invit_success]..." in error log.
  • Fix: Fixed API function mailcheckassignment returning wrong answer if user is not registered at same provider.
  • Int: Enhanced captcha function.

Update 20. February 2024 V5.3.1

Patch release

  • New: Display a helpful error message if a password reset was requested by a non-activated account.
  • New: Show assigned coupon code in user data administration dialog (system admins only).
  • Fix: Sometimes the "send me a copy" function in online regimail writing did not work.
  • Fix: No error was shown if an invalid coupon code was entered during registration (it was simply ignored).
  • Fix: Enhanced information and handling if > 25 regimails/day were sent using portal.
  • Fix: Enhanced error message if monthly regimail limit was reached.
  • Fix: List of uploaded documents (regipay plus) showed a navigation area with no function. Removed.
  • Fix: Fix error log entries occuring after a user deleted his account (PHP Warning: Illegal string offset 'USERID').
  • Fix: Fix error log entries occuring after the administration pages are called with double slash (eg while pentesting).
  • Fix: Saving data of non activated users in user data administration dialog sometimes triggered error about email address and phone number.
  • Fix: Sometimes regibox went to maintenance mode after the appliance menu regibox options were opened and closed without saving.
  • Fix: New or changed regigate IP addresses (for whitelisting) were not updated.
  • Fix: Triggering a manual backup from admin GUI did not work.
  • Sec: Updated OpenSSH packages and supported algorithms to protect against Terrapin SSH issue (CVE-2023-48795).
  • Sec: Set PostFix config variables to protect from SMTP smuggling (CVE-2023-51764).
  • Int: The PENTEST flag also disables captcha validation for more easy testing.
  • Int: Adding CORS headers to apache configuration.

Update 20. April 2023 V5.3

Major release

This is not only a release with a lot of new functions and updated user interface, it is also a cleanup and modernizing release.

  • New: Completely new designed end-user interface.
    • Modern graphical user interface.
    • Responsive for PC, tablet and mobile usage.
    • Enhanced top navigation with a new navigation structure, respecting the experience of the last years.
    • Easily customizable in corporate identity color and with your company logo.
    • Redesigned for better usability and accessability.
    • Hiding any unavailable options from the user to avoid confusion.
    • Reduced many dialogs to the mandatory fields.
    • Added expert mode to hide beginner notes and enable some more pro functions.
    • Users getting warned if they use an old webbrowser (IE, old Opera, old Firefox, old Safari etc).
  • New: Enhanced performance compared to regify provider 5.2.0 login page
    • Page loads 26% faster (2.3 sec -> 1.5 sec).
    • Page loads 61% less content bytes (551KB -> 213KB).
    • Page does 45% less requests (36 -> 20).
  • New: Re-designed regimail shop system for single users and group administrators.
    • Faster and more easy to understand. Follows current EU regulations.
    • More simple, offers always 1 and 2 years of regimail professional.
    • More transparent communication about prices and offer.
    • Prices and VAT are now entered in (sub)provider configuration (by (sub)provider administrators).
  • New: Enhanced online reading and writing (incl. reading regipay).
    • Much better handling of attachments and enhanced drag&drop and file selection.
    • There is no longer a fallback mode for very old webbrowsers like IE and old Safari. People must use an up to date webbrowser.
    • Internally now using WASM code to be faster and more secure.
    • New online regimail writing limits. Single attachments max. 8MB and 32MB for the whole regimail.
  • New: Support for regipay Plus online document access.
  • New: regibill validation dialog is enhanced and offers better drag&drop usage.
  • New: Enhanced group management dialogs (group admin).
    • Offers an extra page for Excel upload invitations.
    • Function to take former invited people back into your group.
    • Cleanup dialogs and remove popup windows.
  • New: User administration using normal/bold font instead of red/black color to indicate regimail private/professional.
  • New: Added regipay Plus support to regify protocol (for use in client apps).
  • New: Dialogs using Captcha now rendering faster (registration, pwd-reset).
  • New: New qa.php page to give QA and support a quick overview about provider configuration.
  • New: New pentest mode, making pentesting more easy by deactivating specific security functions (PENTEST config option).
  • Rem: Removed (sub)provider flags A, C, D, E, F, H, K, L, P, S, V, X, 3, 4, 7 due to minimal use.
    • See provider 5.2 docs for menu flags reference.
    • They all now use the common default behavior or affected functionality does no longer exist.
  • Rem: Removed unused or redundant user data fields.
    • Removed users bank data information dialogs.
      • Dropping tables tblbankaccounts, tblaccounting.
    • Hiding newsletter checkbox in account dialog.
    • Affects both user and admin dialogs.
  • Rem: Removed invoicing export function.
    • Removed internal processing of a user bank account.
    • Removed payments export in administration.
    • Removed admin options to manage internal users bank account.
    • Droping table tblexport.
  • Rem: Removed functionality that tried to point you to most used page after login.
    • Generally, after login, all user logins start in account overview.
    • Users in a regipay group with available documents start in available documents view.
  • Rem: Removed membership advertisement pages in portal.
  • Rem: Shop system cleanup.
    • Removed option to buy for other people.
    • Removed customShop option for shopping pages.
    • Removed options to customize shopping form. Instead, we offer the most common fields by default.
  • Rem: Password reset dialog offers no auto-generate any more.
  • Rem: Displaying the password does no longer offer a print dialog (eg after registration).
    • Instead, we recommend users to use a password manager application.
  • Rem: Invitations using the portal do no longer allow to edit/change the user name as the inviting user.
  • Rem: Group management cleanup.
    • Removed "pull user into group" function.
    • Removed extra "invite user to group" function (standard invite now works like that).
  • Int: Removed the following configuration options:
    • PDFENABLED (now always enabled).
    • PREVENTREALSENDERADDRESS (now always preventing real sending address).
    • MTA_ADDS_CRLF (always use default).
    • DOCUMENTATION_DOWNLOAD_INFO_FILE (all documentation is now online).
    • DEBUGSLEEP (replaced by PENTEST option).
  • Int: Activated HTTP protocol compression for .js, .css and .wasm file types.
  • Int: Webserver is now sending a Content-Security-Policy header to increase security.
  • Int: Removed all internal connector functionality.
    • This was no longer used since 2008 and therefore was removed from code and testing.
  • Int: Updated all appliance packages to most recent distribution version.
  • Int: Set all provider cookies SameSite attribute to Lax.
  • Fix: Fixed filename issues downloading ZIP of regibox shares.
  • Fix: Fix issues in user import tool (error: missing CHATALLOWEDUNTIL).
  • Fix: Remove serving no longer needed /icons/ folder.

Update 20. April 2022 V5.2

Major release

  • New: We are discontinuing regichat. Due to this, all regichat references were removed from the regify provider completely.
    • Removed all regichat related email templates.
    • Sub-provider menu flags "Q", "R" have been removed.
  • New: For German users, the term "regify-Provider" is now renamed to "regify-Anbieter".
  • New: Enhanced optics for GUI tabs to be better recognizable as tabs.
  • New: Many icons and images were replaced with better resolution versions or a font icon.
  • New: Some unused options were removed from personal information dialog (username field, a header).
  • New: Enhanced several sentences and their translations to be better understandable.
  • New: Group administration dialog now has a refresh button (update members status).
  • New: Group administration dialog is hiding useless options in case the group is a regipay group.
  • New: Invitation dialog now has a refresh button (update invitations status).
  • New: Shop order notifies provider by email about a new order. Now, the email also contains json with order details, allowing automated processing.
  • New: Provider-SDK userinvite function supports new parameter g (to auto-group invited user).
  • New: Provider-SDK got a new error code (36).
  • New: Provider administration pages...
    • The complete look and feel was updated. The interface scales to any screen size (better on 4K monitors).
    • Most dialogs are no longer opening popup windows. Instead, dialogs running inside.
    • Log viewer search is now also offering an end time.
    • Group deletion dialog offers to also delete the contained users.
    • Main page shows a warning if appliance websocket server is not running.
    • Main page notifies with blinking red flag about new orders and authentication requests.
    • Enhanced display of logfile content in administration main page.
    • Status display on administration main page updates every 5 seconds (no need for reload).
    • Documentation and help option now pointing to new help portal at
  • New: Default "Admin" account is no longer allowed to log-in to the end user portal.
  • New: Sub-provider menu flags "5" and "6" have been removed (no longer needed).
  • New: Removed CK-Software shop option in sub-provider administration.
  • New: The activation email default templates have been enhanced (simplified, better colors for activation link).
  • Int: Removed option RENEWALPERIODOFNOTICE constant (was unused).
  • Int: Removed the options to limit mass sendings.
    • No further speed limit for mass sendings.
  • Int: Optimized storage and handling of users list of regiboxes.
    • Gaining better performance on installations with many regiboxes (with regibox manager 2.1).
    • Extended regibox protocol API for the new list form (with regibox manager 2.1).
  • Int: If regibox storage is exceeded:
    • regibox managers will no longer show notifiers for that case.
    • Instead, the 'owner' and 'causing user' will get informed by email (maximum once a day).
  • Int: Optimized output of portal reference URLs (no absolute pathes anymore).
  • Int: Switched regify clearing domains from to
  • Int: Removed provider setting MTA_ADDS_CRLF (no longer needed).
  • Int: Preventing too many SMS for password reset (max 3/day) and re-sending unlock code (max 2/day) per user.
  • Int: SMS url replacement is now supporting [e] parameter for check if text encoding is GSM 03.38 compatible.
  • Int: Added more protection against stupid antivirus scanners accepting or canceling invitations automatically. Same for PWD reset and self registration.
  • Int: Monthly reports now generated on the first day of a month, two minutes after midnight.
  • Int: Monthly reports are now also generated, if the system was offline on first day of a month around midnight (even days later).
  • Int: System is better protected against DOS attacks in Captcha generation.
  • Int: First and lastnames are allowed to be one character only.
  • Fix: Do not allow email address removal if the email address is vital for an existing regibox.
  • Fix: Better handling if the password of a user was reset by a database cleanup of the password field (eg after forcing users to generate a new password).
  • Fix: Fixed issues in reporting Excel invitation list errors.
  • Fix: Fixed accidential dot (.) in sender name for SMS sending in some cases.
  • Fix: Forward after timed out administration session forwarded to portal login instead of admin login.
  • Fix: Captchas were sometimes hard to solve. Now, the algorithm is producing better readable captchas.
  • Fix: PDF transaction list export for regibox invitations incorrectly mentioned creation entries as well (red).
  • Fix: regibox share ZIP download displaying some "please wait" until download starts (prevent irritation if compression needs some time).
  • Fix: If new users are created manually in web administration, dialog did not remember the mode if values were missing.
  • Fix: Appliance complained SSL certs that last longer than 390 days. Now it only complains if they last longer than 398 days.
  • Fix: Fixed database error 'Error in accept: Too many open files' on heavy load.
  • Fix: Fixing several security related issues.
  • Fix: Fixing CVE-2018-25032 (zlib compression vulnerability).

Update 03. November 2020 V5.1.2

Patch release

  • New: Showing provider logo also on mobile devices.
  • New: Enhanced downloads page by enhancing update.json parsing.
    • Supporting a "hide" attribute to allow regify to hide products and versions from here.
    • Supporting "link" attribute to present an informational link instead of binary download.
    • Always showing links for other OS (no longer hidden below).
  • Fix: In some configurations, the shop button in account overview is broken.
    • Note: Shop button in "Communication" -> "Shop" and other locations were still working.
  • Fix: Manage user dialog in administration does not show non-activated users by default (tick "Show only not activated users" to see them until you updated).
  • Fix: Fixed message about to much invitations for group administrators in some cases.
  • Fix: Better handling invalid date values for group administration.
  • Fix: Adding and deleting sub-providers was impossible since 5.1.0.
  • Int: Added "short" mode for regibox share protocol. Also added "protected" and "fileCnt" values for possible future use.
  • Int: Added DOS protection for ZIP download in regibox shares.

Update 21. September 2020 V5.1

Major Release

End user related:

  • New: Add regipay mode to groups.
    • Users in such group get a restricted portal interface, optimized for payslip readers.
    • Users in such group get a hint where to find the payslips.
    • There is a new and optimized email template for invitations into such group (invite_pay template).
  • New: regibox share is now better formatted and offers download as ZIP file.
  • New: The captchas for registration and password reset are updated.
    • More secure (using SVG, rotation, using timing check).
    • Better compatible with mobile devices (automatic resizing).
  • New: There is only one regify account invitation allowed if the user never sent a regimail before (except of group admins).
  • New: Activate "new device" notifier by default. Use better GeoIP service and template.
  • New: Added Chinese country names in dropdown country selections.

Administrator related:

  • New: Added showing users statistics to hotline admin role.
  • New: Admin user list export now also includes invitation information.
  • New: Renamed "negotiator" columns in admin exports to "coupon code id".
  • New: Optional monthly provider report email is re-organized and contains some helping comments (REPORTCOPYADDRESS).
  • New: Provider billing documentation was enhanced by adding a "coupon code"s chapter and other updated information.
  • New: If admin installs an SSL certificate which lasts longer than 398 days, he gets a warning.
  • New: Appliance diagnostics also checks for working websocket connections from outside (regibox).
  • Fix: Replaced CodeMirror with ACE code editor component. Fixing flicker and jumping issues.
  • Fix: Export for regibox billing also listed users which registered after export period (numbers all zero, so no real issue).
  • Fix: Fix issues with authentication dialog not working (5.0.9 issue).
  • Info: We have tipps for monitoring with ZABBIX.
  • API: The provider API function maildelete was enhanced for multiple addresses and corresponding documentation was clarified.


  • Sec: Disable support for TLS1.1. Now, TLS1.2 is the standard protocol. Note: TLS1.3 will not be supported in 5.1 versions.
  • Int: Allow file replication in maintenance mode to fix issues removing maintenance mode in cross-master setups.
  • Int: Switch default regify SMS gateway to a new vendor (normally, no interaction needed).
  • Int: Ensure no email addresses removed from account if its registered as regibox owner (member has to confirm explicitely).
  • Int: Underlying OS updated to most recent patch versions.
  • Int: Removed config values REGIMAILPRIVATE and REGIMAILFLAT (were not used in the past).
  • Int: Removed "SelfAdmin", "RegimailPrivateDefined" and "RegimailFlatDefined" from monthly report.
  • Int: Remove all ALSO and AppDirect related code (cleanup).
  • Int: Removed the concept of "community" and "corporate" providers. Technically, everything is community now.
    • Meaning that there are no "deleted" users any more. Administration no longer offers search for deleted users.
    • Provider-SDK does no longer support UserType=91.

Update 16. June 2020 V5.0.9

Patch release

  • New: Increased maximum number of representatives to 25 (former 5).
  • New: Self registration dialog now utilizing a captcha to prevent robots from registering or abusing the system.
  • Fix: Added missing log entries if a user was removed from a group by the group admin.
  • Fix: Fix broken Enforced Attachment links in Gateway protocol (regigate).
  • Fix: For regibox manager V2, push notifications were missing if user accepted regibox invitation or boxes with no content were deleted.
  • Sec: Prevent HTTP host header attacks (no working attack known for previous provider versions).
  • Sec: Set new HTTP Strict-Transport-Security value max-age to be one year (previously 1/2 year).
  • Int: Now supporting recipientsHash value in provider protocol (newTransaction) to allow more than 5 representatives (client needs to support this, too).

Update 20. February 2020 V4.1.6

Patch release for very outdated regify providers still on version 4

  • Int: Just fixing compatibility with regify Client V4.4 as an temporary help.

Update 20. January 2020 V5.0.8

Patch release

  • New: Administration log viewer allows searching in comments.
  • New: Also allow password reset initiated from group administrator without knowing the mobile number.
  • Fix: Fixed online reading error "TOTAL_SIZE" if RGF file was bigger than 15 MB.
  • Internal: For new backup/restore and SSL offloader scenarios, the system now supports using only IP instead of domain for the main provider.

Update 06. November 2019 V5.0.7

Patch release

  • New: regibox manager with version less than version 1.5.2 are no longer allowed (will trigger error 4 in old regibox managers).
  • Fix: Transaction counter for regify report sometimes returned numbers of previous month for overall transactions statistics.
    • Please note that this counter is not relevant for any calculation of any cost. It is just statistical information.
  • Fix: Database based file replication (master-slave or master-master) does no longer stop in maintenance mode to prevent issues coming back from maintenance.
  • Fix: Prevent changing users regibox settings if regibox is not configured at all (web administration only).
  • Fix: Fixed rare issue with websocket server hanging (100% CPU).
  • Internal: Enhanced options for customizing "Downloads" page image (for better compatibility).
  • Internal: regibox protocol handler now supporting metaData field (for managing special permissions of upcoming regibox manager V2).
  • Internal: Hosts-file entry for clearing DNS now updated from (previously it was

Update 24. May 2019 V5.0.6

Patch release

  • Fix: Fixed problems in admin dialog for user creation if given email address contained leading or trailing spaces.
  • Fix: Decreased default limitation of Provider-SDK function gettransactionlist to 10.000 hits per request to avoid server side high memory consumption.
  • Fix: Enhanced error messages in regigate connector protocol if retrieving message key(s) fails.
  • Fix: Fixed some optical issue in signing regigate certificates dialog.
  • Internal: System now observes the expiration date of the regigate signing certificate. In case it runs out, it is getting re-signed automatically.
  • Internal: Some changes regarding new regibox file sharing protocol (beta, only for future regibox versions).

Update 20. March 2019 V5.0.5

Patch release

  • New: We removed support for TLSv1.0 due to security concerns.
  • New: Added GDPR compliant data download option to HELP AND FAQ page.
  • New: Added start time field to admin log search dialog. Enhanced date and time fields with new HTML5 types.
  • New: Added some extra security layer to some download functions.
  • New: Added functions for new regibox file sharing protocol (beta, only for future regibox versions).
  • Fix: Fixed issues while inviting new users to an already running regichat session.
  • Fix: In some circumstances, the provider sent regimail reminders to regibox owners after 3 days.
  • Fix: Tweaked some WebSocket parameters for better scaling with many regibox users.
  • Fix: Enhanced "online reading" help sentences.
  • Fix: Setup assistant did not correctly initialize Chinese templates.
  • Fix: Enhanced error message if cookies missing while password reset.
  • Fix: Footer code template needed some update.
  • Fix: Mobile country code field was partially hidden on small screens during sign-up.

Update 09. October 2018 V5.0.2

Patch release

  • New: Increased the number of allowed transactions in a regimail professional account from 350 to 500.
  • New: Forward group admins with regipay capability to the group invitation dialog even if they click the ordinary invitation button.
  • Fix: Reducing high CPU load on the appliance if a lot of regiboxes are synchronized with regibox managers pre V1.5.
  • Fix: Cron jobs did not respect proxy settings.
  • Fix: Prevent regibox advertising showing if no shop order mail address is set in administration.

Update 16. August 2018 V5.0.1

Patch release

  • New: Added some additional sanity check if someone edits provider main configuration file (complain about text outside of PHP tags).
  • Fix: Enhanced error message if appliance internally triggers error 58 or error 59 (connectivity issues).
  • Fix: Mention prices "incl VAT" in regify (sub)provider settings.
  • Fix: Fixed bug causing an error in authentication dialogue (if authentication was denied and comment was used).
  • Fix: Fixed and updated list of used components and license information on admin login page.
  • Fix: Fixed some issue in WebSocket connection protocol for upcoming regibox V1.5 release.
  • Fix: Fixed issue that potentially prevented restart of WebSocket server after appliance update.
  • Fix: Fixed some issue in provider setup-wizard after fresh appliance install (invalid session, need login).
  • Fix: No longer displaying regibox creation entry in "regibox invitations" list (may confuse people).

Update 9. July 2018 V5.0.0

This is a major release containing many new functions and also breaking some compatibility. For update information, please visit Update_5.0.

End user related:

  • New: Added Chinese language support (both user interface and admin interface).
  • New: New function "My devices" is showing you the devices you used for log-in.
  • New: Added cookie check to prevent users reporting issues if they simply have turned off cookies in their web-browser.
  • New: Group administrators can re-send an invitation email.
  • New: regify accounts are blocked for 10 minutes if someone tried to login with wrong password for more than 10 times.
  • New: Account overview is offering some regibox advertising (only if provider supports regibox).
  • New: Account overview is showing group administrator name and contact information.
  • New: All users (self registered or invited) will have to explicitly accept terms and conditions during account activation (required by new GDPR/DSGVO).

Admin user related:

  • New: Replaced many icons by font icons. Thus, you can edit the color and icon itself much more easy using CSS.
  • New: Portal administrators can re-send an invitation or registration email.
  • New: User management search also searches in additional email addresses.
  • New: Subprovider-Administrators can also edit their contact and support information now.
  • New: The (sub)provider is now able to choose the languages he likes to support. Others are not available for end users then.
  • New: Language flags are inserted using a simple function now. More easy to customize the footer.
  • New: Administration entries regarding provider settings and customization have been re-arranged to be more clear.
  • New: Direct access to users usage statistics and see last email log entries.
  • New: Provider maintenance dialog offers a SMS test function.
  • New: Customizing now also allows SVG and TTF files upload (for uploading and hosting own fonts for CSS usage).


  • New: Provider-SDK access is now restricted to given IP address(es) or ranges.
  • New: Custom SMS sending functionality (URl call) to allow more placeholders for various SMS text encoding (eg UTF16).
  • New: Terms and conditions page now offers a "print" button.
  • Fix: Transaction history export using PDF is now using a font that supports Chinese subjects, too.
  • Fix: Added support for Windows Phone to pay.php payslip download and on-line regimail reading.
  • Fix: Added more logging regarding user registration and account activation.
  • Fix: As usual, many sentences and template texts have been enhanced or corrected.
  • Fix: Email domain blacklist was not used for invitations using CSV/Excel upload.
  • Fix: The overall number of transactions in monthly report only counted opened transactions instead of all (not used for invoicing!).
  • Fix: Enhanced the invitation dialogue to better explain the usage of optional mobile number.
  • Fix: Excel and CSV import better trims leading and trailing spaces, does no longer complain about empty lines.
  • Fix: Fixed php syntax check in admin script dialogues (was somehow useless in provider 4.1).
  • Fix: Fixed password reset issue, introduced in pre-upgrade release 4.1.5.
  • Fix: Fixed issue where non activated additional email addresses were not automatically removed two days later.


  • Hardened the appliance against several attack vectors.
  • Set Apache TraceEnable directive to "off" by default.
  • Enhanced SSL cipher suites to get even more security for SSL connections.


  • Internal: Now supporting e-mail addresses using unicode domains (Punycode support).
  • Internal: Maximum number of group members is no longer fixed and can get adapted using MAX_GROUP_MEMBERS constant.
  • Internal: Provider-SDK now offers a new function called startchat and allows to run chats from scratch with no need of portal interaction.
  • Internal: Added web-socket server for providing push notifications to several products (eg regibox).
  • Internal: Enhanced CSS and JS provisioning on provider updates to make sure it loads new even if browser cache is active.
  • Internal: New getWebSession function in client protocol to replace older one in future regify client software.
  • Internal: Support script for user export/import now also supports transfer of grouping information.
  • Internal: Upgrade underlying operating system to CentOS 7.5 (also supporting SMBv2 for regibox and backup shares).
  • Internal: To prevent DNS issues with clearing (slow lookup sometimes), we added some auto-updated hosts file entries.

Previous Changelogs

You can find previous and outdated changelogs on a separate changelog page.