Changelog provider

From regify WIKI
Jump to navigation Jump to search

Information

This are the official changelogs for the regify provider software appliance.

Update Q1 2023 V5.3

Major release announcement.

This is not only a release with a lot of new functions and updated user interface, it is also a cleanup and modernizing release.

  • New: Completely new designed end-user interface.
    • Modern graphical user interface.
    • Responsive for PC, tablet and mobile usage.
    • Enhanced top navigation with a clear navigation structure.
    • Easily customizable in corporate identity color and with your company logo.
    • Redesigned for better usability and accessability.
    • Hiding any unavailable options from the user to avoid confusion.
    • Reduced many dialogs to the mandatory fields.
    • Added expert mode to hide beginner notes and enable some more functions.
    • Users getting warned if they use an old webbrowser (IE, old Opera, old Firefox etc).
  • New: Re-designed regimail shop system for single users and group administrators.
    • Faster and more easy to understand. Follows current EU regulations.
    • More simple, offers always 1 and 2 years of regimail professional.
    • More transparent communication about prices and offer.
    • Prices and VAT are now entered in (sub)provider configuration (by sub-provider administrators).
  • New: Enhanced online reading and writing (incl. reading regipay).
    • Much better handling of attachments and enhanced drag&drop and file selection.
    • There is no longer a fallback mode for very old webbrowsers like IE and old Safari.
    • Internally now using WASM code to be faster and more secure.
    • New online regimail writing limits. Single attachments max. 8MB and 32MB for the whole regimail.
  • New: Support for regipay Plus online document access.
  • New: regibill validation dialog is enhanced and offers better drag&drop usage.
  • New: Enhanced group management dialogs.
    • Cleanup dialogs and remove popup windows.
    • Offers an extra page for Excel upload invitations.
  • New: User administration using normal/bold font instead of red/black color to indicate regimail private/professional.
  • New: Added regipay Plus support to regify protocol (for use in client apps).
  • New: Dialogs using Captcha now rendering faster (registration, pwd-reset).
  • New: New qa.php page to give QA and support a quick overview about provider configuration.
  • New: New pentest mode, making pentesting more easy by deactivating specific security functions (PENTEST config option).
  • Rem: Removed (sub)provider flags A, C, D, E, F, H, K, L, P, S, V, X, 3, 4, 7 due to minimal use.
    • See provider 5.2 docs for menu flags reference.
    • They all now use the common default behavior or affected functionality does no longer exist.
  • Rem: Removed unused or redundant user data fields.
    • Removed users bank data information dialogs.
      • Dropping tables tblbankaccounts, tblaccounting.
    • Hiding newsletter checkbox in account dialog.
    • Affects both user and admin dialogs.
  • Rem: Removed invoicing export function.
    • Removed internal processing of a user bank account.
    • Removed payments export in administration.
    • Removed admin options to manage internal users bank account.
    • Droping table tblexport.
    • Removed DEBITSTATECHECK, RENEWALPERIODOFNOTICE and INVOICINGINTERVAL config options.
  • Rem: Removed functionality that tried to point you to most used page after login.
    • Generally, after login, all user logins start in account overview.
    • Users in a regipay group with available documents start in available documents view.
  • Rem: Removed membership advertisement pages in portal.
  • Rem: Shop system cleanup.
    • Removed option to buy for other people.
    • Removed customShop option for shopping pages.
    • Removed options to customize shopping form. Instead, we offer the most common fields by default.
  • Rem: Password reset dialog offers no auto-generate any more.
  • Rem: Displaying the password does no longer offer a print dialog (eg after registration).
    • Instead, we recommend users to use a password manager application.
  • Rem: Invitations using the portal do no longer allow to edit/change the user name as the inviting user.
  • Rem: Group management cleanup.
    • Removed "pull user into group" function.
    • Removed extra "invite user to group" function (standard invite now works like that).
  • Int: Removed the following configuration options:
    • PDFENABLED (now always enabled).
    • PREVENTREALSENDERADDRESS (now always preventing real sending address).
    • MTA_ADDS_CRLF (always use default).
    • DOCUMENTATION_DOWNLOAD_INFO_FILE (all documentation is now online).
    • DEBUGSLEEP (replaced by PENTEST option).
  • Int: Activated HTTP compression for .js, .css and .wasm file types.
  • Int: Webserver is now sending a Content-Security-Policy header to increase security.
  • Int: Removed all internal connector functionality.
    • This was no longer used since 2008 and therefore was removed from code and testing.
  • Int: Updated all appliance packages to most recent distribution version.
  • Fix: Fixed filename issues downloading ZIP of regibox shares.
  • Fix: Fix issues in user import tool (missing CHATALLOWEDUNTIL).
  • Fix: Remove serving /icons/ folder.

Update 20. April 2022 V5.2

Major release

  • New: We are discontinuing regichat. Due to this, all regichat references were removed from the regify provider completely.
    • Removed all CHAT_*, all REGICHAT_*, CHECK_HISTORY_INTERVAL and CHECK_IF_REGICHAT_LOADED_INTERVAL constants.
    • Removed all regichat related email templates.
    • Sub-provider menu flags "Q", "R" have been removed.
  • New: For German users, the term "regify-Provider" is now renamed to "regify-Anbieter".
  • New: Enhanced optics for GUI tabs to be better recognizable as tabs.
  • New: Many icons and images were replaced with better resolution versions or a font icon.
  • New: Some unused options were removed from personal information dialog (username field, a header).
  • New: Enhanced several sentences and their translations to be better understandable.
  • New: Group administration dialog now has a refresh button (update members status).
  • New: Group administration dialog is hiding useless options in case the group is a regipay group.
  • New: Invitation dialog now has a refresh button (update invitations status).
  • New: Shop order notifies provider by email about a new order. Now, the email also contains json with order details, allowing automated processing.
  • New: Provider-SDK userinvite function supports new parameter g (to auto-group invited user).
  • New: Provider-SDK got a new error code (36).
  • New: Provider administration pages...
    • The complete look and feel was updated. The interface scales to any screen size (better on 4K monitors).
    • Most dialogs are no longer opening popup windows. Instead, dialogs running inside.
    • Log viewer search is now also offering an end time.
    • Group deletion dialog offers to also delete the contained users.
    • Main page shows a warning if appliance websocket server is not running.
    • Main page notifies with blinking red flag about new orders and authentication requests.
    • Enhanced display of logfile content in administration main page.
    • Status display on administration main page updates every 5 seconds (no need for reload).
    • Documentation and help option now pointing to new help portal at manuals.regify.com.
      • Removed DOCUMENTATION_DOWNLOAD_INFO_FILE constant.
  • New: Default "Admin" account is no longer allowed to log-in to the end user portal.
  • New: Sub-provider menu flags "5" and "6" have been removed (no longer needed).
  • New: Removed CK-Software shop option in sub-provider administration.
  • New: The activation email default templates have been enhanced (simplified, better colors for activation link).
  • Int: Removed option RENEWALPERIODOFNOTICE constant (was unused).
  • Int: Removed the options to limit mass sendings.
    • Removed SERVICEPRIORITY_REGIMAIL, SERVICEPRIORITY_REGIBILL, SERVICEPRIORITY_REGIPAY constants.
    • No further speed limit for mass sendings.
  • Int: Optimized storage and handling of users list of regiboxes.
    • Gaining better performance on installations with many regiboxes (with regibox manager 2.1).
    • Extended regibox protocol API for the new list form (with regibox manager 2.1).
  • Int: If regibox storage is exceeded:
    • regibox managers will no longer show notifiers for that case.
    • Instead, the 'owner' and 'causing user' will get informed by email (maximum once a day).
  • Int: Optimized output of portal reference URLs (no absolute pathes anymore).
  • Int: Switched regify clearing domains from regify.clearing.lu to clear-center.eu.
  • Int: Removed provider setting MTA_ADDS_CRLF (no longer needed).
  • Int: Preventing too many SMS for password reset (max 3/day) and re-sending unlock code (max 2/day) per user.
  • Int: SMS url replacement is now supporting [e] parameter for check if text encoding is GSM 03.38 compatible.
  • Int: Added more protection against stupid antivirus scanners accepting or canceling invitations automatically. Same for PWD reset and self registration.
  • Int: Monthly reports now generated on the first day of a month, two minutes after midnight.
  • Int: Monthly reports are now also generated, if the system was offline on first day of a month around midnight (even days later).
  • Int: System is better protected against DOS attacks in Captcha generation.
  • Int: First and lastnames are allowed to be one character only.
  • Fix: Do not allow email address removal if the email address is vital for an existing regibox.
  • Fix: Better handling if the password of a user was reset by a database cleanup of the password field (eg after forcing users to generate a new password).
  • Fix: Fixed issues in reporting Excel invitation list errors.
  • Fix: Fixed accidential dot (.) in sender name for SMS sending in some cases.
  • Fix: Forward after timed out administration session forwarded to portal login instead of admin login.
  • Fix: Captchas were sometimes hard to solve. Now, the algorithm is producing better readable captchas.
  • Fix: PDF transaction list export for regibox invitations incorrectly mentioned creation entries as well (red).
  • Fix: regibox share ZIP download displaying some "please wait" until download starts (prevent irritation if compression needs some time).
  • Fix: If new users are created manually in web administration, dialog did not remember the mode if values were missing.
  • Fix: Appliance complained SSL certs that last longer than 390 days. Now it only complains if they last longer than 398 days.
  • Fix: Fixed database error 'Error in accept: Too many open files' on heavy load.
  • Fix: Fixing several security related issues.
  • Fix: Fixing CVE-2018-25032 (zlib compression vulnerability).

Update 03. November 2020 V5.1.2

Patch release

  • New: Showing provider logo also on mobile devices.
  • New: Enhanced downloads page by enhancing update.json parsing.
    • Supporting a "hide" attribute to allow regify to hide products and versions from here.
    • Supporting "link" attribute to present an informational link instead of binary download.
    • Always showing links for other OS (no longer hidden below).
  • Fix: In some configurations, the shop button in account overview is broken.
    • Note: Shop button in "Communication" -> "Shop" and other locations were still working.
  • Fix: Manage user dialog in administration does not show non-activated users by default (tick "Show only not activated users" to see them until you updated).
  • Fix: Fixed message about to much invitations for group administrators in some cases.
  • Fix: Better handling invalid date values for group administration.
  • Fix: Adding and deleting sub-providers was impossible since 5.1.0.
  • Int: Added "short" mode for regibox share protocol. Also added "protected" and "fileCnt" values for possible future use.
  • Int: Added DOS protection for ZIP download in regibox shares.

Update 21. September 2020 V5.1

Major Release

End user related:

  • New: Add regipay mode to groups.
    • Users in such group get a restricted portal interface, optimized for payslip readers.
    • Users in such group get a hint where to find the payslips.
    • There is a new and optimized email template for invitations into such group (invite_pay template).
  • New: regibox share is now better formatted and offers download as ZIP file.
  • New: The captchas for registration and password reset are updated.
    • More secure (using SVG, rotation, using timing check).
    • Better compatible with mobile devices (automatic resizing).
  • New: There is only one regify account invitation allowed if the user never sent a regimail before (except of group admins).
  • New: Activate "new device" notifier by default. Use better GeoIP service and template.
  • New: Added Chinese country names in dropdown country selections.

Administrator related:

  • New: Added showing users statistics to hotline admin role.
  • New: Admin user list export now also includes invitation information.
  • New: Renamed "negotiator" columns in admin exports to "coupon code id".
  • New: Optional monthly provider report email is re-organized and contains some helping comments (REPORTCOPYADDRESS).
  • New: Provider billing documentation was enhanced by adding a "coupon code"s chapter and other updated information.
  • New: If admin installs an SSL certificate which lasts longer than 398 days, he gets a warning.
  • New: Appliance diagnostics also checks for working websocket connections from outside (regibox).
  • Fix: Replaced CodeMirror with ACE code editor component. Fixing flicker and jumping issues.
  • Fix: Export for regibox billing also listed users which registered after export period (numbers all zero, so no real issue).
  • Fix: Fix issues with authentication dialog not working (5.0.9 issue).
  • Info: We have tipps for monitoring with ZABBIX.
  • API: The provider API function maildelete was enhanced for multiple addresses and corresponding documentation was clarified.

Internal:

  • Sec: Disable support for TLS1.1. Now, TLS1.2 is the standard protocol. Note: TLS1.3 will not be supported in 5.1 versions.
  • Int: Allow file replication in maintenance mode to fix issues removing maintenance mode in cross-master setups.
  • Int: Switch default regify SMS gateway to a new vendor (normally, no interaction needed).
  • Int: Ensure no email addresses removed from account if its registered as regibox owner (member has to confirm explicitely).
  • Int: Underlying OS updated to most recent patch versions.
  • Int: Removed config values REGIMAILPRIVATE and REGIMAILFLAT (were not used in the past).
  • Int: Removed "SelfAdmin", "RegimailPrivateDefined" and "RegimailFlatDefined" from monthly report.
  • Int: Remove all ALSO and AppDirect related code (cleanup).
  • Int: Removed the concept of "community" and "corporate" providers. Technically, everything is community now.
    • Meaning that there are no "deleted" users any more. Administration no longer offers search for deleted users.
    • Provider-SDK does no longer support UserType=91.

Update 16. June 2020 V5.0.9

Patch release

  • New: Increased maximum number of representatives to 25 (former 5).
  • New: Self registration dialog now utilizing a captcha to prevent robots from registering or abusing the system.
  • Fix: Added missing log entries if a user was removed from a group by the group admin.
  • Fix: Fix broken Enforced Attachment links in Gateway protocol (regigate).
  • Fix: For regibox manager V2, push notifications were missing if user accepted regibox invitation or boxes with no content were deleted.
  • Sec: Prevent HTTP host header attacks (no working attack known for previous provider versions).
  • Sec: Set new HTTP Strict-Transport-Security value max-age to be one year (previously 1/2 year).
  • Int: Now supporting recipientsHash value in provider protocol (newTransaction) to allow more than 5 representatives (client needs to support this, too).

Update 20. February 2020 V4.1.6

Patch release for very outdated regify providers still on version 4

  • Int: Just fixing compatibility with regify Client V4.4 as an temporary help.

Update 20. January 2020 V5.0.8

Patch release

  • New: Administration log viewer allows searching in comments.
  • New: Also allow password reset initiated from group administrator without knowing the mobile number.
  • Fix: Fixed online reading error "TOTAL_SIZE" if RGF file was bigger than 15 MB.
  • Internal: For new backup/restore and SSL offloader scenarios, the system now supports using only IP instead of domain for the main provider.

Update 06. November 2019 V5.0.7

Patch release

  • New: regibox manager with version less than version 1.5.2 are no longer allowed (will trigger error 4 in old regibox managers).
  • Fix: Transaction counter for regify report sometimes returned numbers of previous month for overall transactions statistics.
    • Please note that this counter is not relevant for any calculation of any cost. It is just statistical information.
  • Fix: Database based file replication (master-slave or master-master) does no longer stop in maintenance mode to prevent issues coming back from maintenance.
  • Fix: Prevent changing users regibox settings if regibox is not configured at all (web administration only).
  • Fix: Fixed rare issue with websocket server hanging (100% CPU).
  • Internal: Enhanced options for customizing "Downloads" page image (for better compatibility).
  • Internal: regibox protocol handler now supporting metaData field (for managing special permissions of upcoming regibox manager V2).
  • Internal: Hosts-file entry for clearing DNS now updated from pkgs.regify.com (previously it was pls1.regify.com).

Update 24. May 2019 V5.0.6

Patch release

  • Fix: Fixed problems in admin dialog for user creation if given email address contained leading or trailing spaces.
  • Fix: Decreased default limitation of Provider-SDK function gettransactionlist to 10.000 hits per request to avoid server side high memory consumption.
  • Fix: Enhanced error messages in regigate connector protocol if retrieving message key(s) fails.
  • Fix: Fixed some optical issue in signing regigate certificates dialog.
  • Internal: System now observes the expiration date of the regigate signing certificate. In case it runs out, it is getting re-signed automatically.
  • Internal: Some changes regarding new regibox file sharing protocol (beta, only for future regibox versions).

Update 20. March 2019 V5.0.5

Patch release

  • New: We removed support for TLSv1.0 due to security concerns.
  • New: Added GDPR compliant data download option to HELP AND FAQ page.
  • New: Added start time field to admin log search dialog. Enhanced date and time fields with new HTML5 types.
  • New: Added some extra security layer to some download functions.
  • New: Added functions for new regibox file sharing protocol (beta, only for future regibox versions).
  • Fix: Fixed issues while inviting new users to an already running regichat session.
  • Fix: In some circumstances, the provider sent regimail reminders to regibox owners after 3 days.
  • Fix: Tweaked some WebSocket parameters for better scaling with many regibox users.
  • Fix: Enhanced "online reading" help sentences.
  • Fix: Setup assistant did not correctly initialize Chinese templates.
  • Fix: Enhanced error message if cookies missing while password reset.
  • Fix: Footer code template needed some update.
  • Fix: Mobile country code field was partially hidden on small screens during sign-up.

Update 09. October 2018 V5.0.2

Patch release

  • New: Increased the number of allowed transactions in a regimail professional account from 350 to 500.
  • New: Forward group admins with regipay capability to the group invitation dialog even if they click the ordinary invitation button.
  • Fix: Reducing high CPU load on the appliance if a lot of regiboxes are synchronized with regibox managers pre V1.5.
  • Fix: Cron jobs did not respect proxy settings.
  • Fix: Prevent regibox advertising showing if no shop order mail address is set in administration.

Update 16. August 2018 V5.0.1

Patch release

  • New: Added some additional sanity check if someone edits provider main configuration file (complain about text outside of PHP tags).
  • Fix: Enhanced error message if appliance internally triggers error 58 or error 59 (connectivity issues).
  • Fix: Mention prices "incl VAT" in regify (sub)provider settings.
  • Fix: Fixed bug causing an error in authentication dialogue (if authentication was denied and comment was used).
  • Fix: Fixed and updated list of used components and license information on admin login page.
  • Fix: Fixed some issue in WebSocket connection protocol for upcoming regibox V1.5 release.
  • Fix: Fixed issue that potentially prevented restart of WebSocket server after appliance update.
  • Fix: Fixed some issue in provider setup-wizard after fresh appliance install (invalid session, need login).
  • Fix: No longer displaying regibox creation entry in "regibox invitations" list (may confuse people).

Update 9. July 2018 V5.0.0

This is a major release containing many new functions and also breaking some compatibility. For update information, please visit Update_5.0.

End user related:

  • New: Added Chinese language support (both user interface and admin interface).
  • New: New function "My devices" is showing you the devices you used for log-in.
  • New: Added cookie check to prevent users reporting issues if they simply have turned off cookies in their web-browser.
  • New: Group administrators can re-send an invitation email.
  • New: regify accounts are blocked for 10 minutes if someone tried to login with wrong password for more than 10 times.
  • New: Account overview is offering some regibox advertising (only if provider supports regibox).
  • New: Account overview is showing group administrator name and contact information.
  • New: All users (self registered or invited) will have to explicitly accept terms and conditions during account activation (required by new GDPR/DSGVO).

Admin user related:

  • New: Replaced many icons by font icons. Thus, you can edit the color and icon itself much more easy using CSS.
  • New: Portal administrators can re-send an invitation or registration email.
  • New: User management search also searches in additional email addresses.
  • New: Subprovider-Administrators can also edit their contact and support information now.
  • New: The (sub)provider is now able to choose the languages he likes to support. Others are not available for end users then.
  • New: Language flags are inserted using a simple function now. More easy to customize the footer.
  • New: Administration entries regarding provider settings and customization have been re-arranged to be more clear.
  • New: Direct access to users usage statistics and see last email log entries.
  • New: Provider maintenance dialog offers a SMS test function.
  • New: Customizing now also allows SVG and TTF files upload (for uploading and hosting own fonts for CSS usage).

Generic:

  • New: Provider-SDK access is now restricted to given IP address(es) or ranges.
  • New: Custom SMS sending functionality (URl call) to allow more placeholders for various SMS text encoding (eg UTF16).
  • New: Terms and conditions page now offers a "print" button.
  • Fix: Transaction history export using PDF is now using a font that supports Chinese subjects, too.
  • Fix: Added support for Windows Phone to pay.php payslip download and on-line regimail reading.
  • Fix: Added more logging regarding user registration and account activation.
  • Fix: As usual, many sentences and template texts have been enhanced or corrected.
  • Fix: Email domain blacklist was not used for invitations using CSV/Excel upload.
  • Fix: The overall number of transactions in monthly report only counted opened transactions instead of all (not used for invoicing!).
  • Fix: Enhanced the invitation dialogue to better explain the usage of optional mobile number.
  • Fix: Excel and CSV import better trims leading and trailing spaces, does no longer complain about empty lines.
  • Fix: Fixed php syntax check in admin script dialogues (was somehow useless in provider 4.1).
  • Fix: Fixed password reset issue, introduced in pre-upgrade release 4.1.5.
  • Fix: Fixed issue where non activated additional email addresses were not automatically removed two days later.

Security:

  • Hardened the appliance against several attack vectors.
  • Set Apache TraceEnable directive to "off" by default.
  • Enhanced SSL cipher suites to get even more security for SSL connections.

Other:

  • Internal: Now supporting e-mail addresses using unicode domains (Punycode support).
  • Internal: Maximum number of group members is no longer fixed and can get adapted using MAX_GROUP_MEMBERS constant.
  • Internal: Provider-SDK now offers a new function called startchat and allows to run chats from scratch with no need of portal interaction.
  • Internal: Added web-socket server for providing push notifications to several products (eg regibox).
  • Internal: Enhanced CSS and JS provisioning on provider updates to make sure it loads new even if browser cache is active.
  • Internal: New getWebSession function in client protocol to replace older one in future regify client software.
  • Internal: Support script for user export/import now also supports transfer of grouping information.
  • Internal: Upgrade underlying operating system to CentOS 7.5 (also supporting SMBv2 for regibox and backup shares).
  • Internal: To prevent DNS issues with clearing (slow lookup sometimes), we added some auto-updated hosts file entries.


Previous Changelogs

You can find previous and outdated changelogs on a separate changelog page.