DRACOON Core Service

Version 4.11.0 (2019-04-10)

Security Issue Improved springfox.js implementation.

Security Issue Removed unnecessary debug information provided in JSON errors.

Security Issue Ensured prevention of memory exhaustion at email service.

Security Issue Implemented additional validations regarding LDAP authentication provider.

Security Issue Improved several log.info messages.

Security Issue Enforced redirect URI when creating or changing a client with grant types "authorization code" or "implicit".

Security Issue Fixed an issue that made shares accessible to Log Auditors.

New Feature Deprecated "customer" attribute in GET /user/account.

New Feature Deprecated GET and PUT /system/config/settings/mail_server.

New Feature Deprecated "cntFiles", "cntFolders", and "cntRooms" attributes in GET /user/account/customer.

New Feature Introduced isBrowsable attribute for rooms.

New Feature Revised several eventlog and syslog messages.

New Feature Added createdAt filter to GET /shares/downloads and GET /shares/uploads.

New Feature Added option to filter for customer attributes that do not exist at a customer.

New Feature Existing access and refresh token now stay valid on successful token refresh.

New Feature Introduced "inline" query parameter to download APIs.

New Feature Introduced avatars for every user.

New Feature Added support for OpenID Connect Hybrid Flow.

New Feature Refactored "displayName" attribute and "UserInfo" model.

New Feature Added support for modification of Download and Upload Shares.

New Feature Added "internalNotes" attribute to /shares/downloads and /shares/uploads APIs.

Improvement Introduced option to provide unlimited customer quota.

Improvement Split "cntChildren" attribute into "cntRooms", "cntFolders", and "cntFiles" attributes.

Improvement Replaced Spring Security OAuth library.

Improvement "cntChildren" attribute now takes permissions into consideration.

Improvement Added "homeRoomParentId" attribute to response model of GET /config/info/general.

Improvement Deprecated "classification" attribute in the response models of /shares/downloads APIs.

Improvement Introduced "targetType" attribute to /shares/uploads APIs.

Improvement Improved Swagger documentation.

Improvement Files and folders can now by copied to their parent.

Improvement Removed public token upload from upload APIs.

Improvement Un-deprecated providerCustomerId in provisioning APIs.

Improvement Added "mediaType" attribute to GET /public/shares/downloads/{access_key}.

Improvement Improved handling of share passwords that are not base64-encoded.

Bugfix Updated list of top-level domains.

Bugfix Made behaviour of "cntDownloadShares" and "cntUploadShares" attributes consistent.

Bugfix Fixed an issue that made the OAuth authorization code grant fail when no redirect URI was provided.

Bugfix Fixed an issue that could lead to exceeding the user limit.

Bugfix Revised consideration of permissions of GET /nodes/{node_id}/parents.

Bugfix Ensured that nodes can only be restored to containers.

Bugfix Fixed an issue that prevented users from deleting their phone number.

Bugfix Improved caching in connection with SyslogSender and MailSender.