DRACOON Core Service

Version 4.8.0 (2018-05-01)

Security Issue Pentest result: Mail templates were prone to HTML injection attacks.

Security Issue Pentest: Known issue in MS Internet Explorer 11 could be exploited for XSS.

Security Issue Pentest: Added a header option for MS Internet Explorer 11 to prevent a possible XSS attack in the download options dialog.

Security Issue Config managers were able to retrieve access information to their configured S3 storage.

New Feature Deprecated some customer attributes in the provisioning API.

New Feature Corrected some filter and sort documentation in Swagger.

Improvement Authorized OAuth standard clients for sFTP and WebDAV to get refresh tokens.

Improvement Improved message of error -40006 to be more specific in some cases.

Improvement Added several information to proctected Upload Shares.

Bugfix Fixed a problematic issue where encrypted files were stated with a size of 0 bytes even though upload succeeded. This prevented the files from being downloaded again.

Bugfix Prevented the last administrative user from permanently locking himself/herself.

Bugfix Fixed an documentation issue in Swagger that falsely stated that s3Key would be returned by node objects.

Bugfix Ensured that the event of activating encryption shows up in the respective room log.

Bugfix Fixed an issue that prevented the provisioning API to properly filter for a certain user login.

Bugfix Ensured that receiver's name is set properly in emails even if no branding is active.

Bugfix Corrected to object type of some log messages when automatically removing an Upload Share.