DRACOON Core Service

Version 4.12.1 (2019-07-11)

latest version

Bugfix "accessedAt" attribute is now correctly set for deleted nodes.

Bugfix Fixed an issue that led to the rename node procedure not being executed correctly under certain circumstances.

Version 4.12.0 (2019-06-18)

Security Issue Fixed an issue that enabled users to restore files without the necessary permissions in certain scenarios.

Security Issue Ensured that RADIUS shared secret cannot be logged.

Security Issue Restricted all APIs to return a maximum of 500 items.

New Feature Improved CORS filter configuration.

New Feature Deprecated POST /user/profileAttributes.

New Feature Deprecated "mediaServerEnabled" attribute in system-settings-config endpoints.

New Feature Extended configuration for S3 migration options.

New Feature Introduced client distinction for OAuth client.

New Feature Add device information to OAuth authorizations.

New Feature Added filtering and sorting options for OAuth authorizations endpoint.

New Feature Removed client authorization aggregation so authorized clients can be distinguished.

New Feature Added token revocation endpoint for OAuth authorizations.

New Feature Added device information to OAuth authorizations so that devices can be distinguished.

New Feature Comments can now be retrieved paged.

New Feature DRACOON is now shipped as Spring Boot application.

New Feature Introduced new role to prevent data room admins from listing users and groups.

Improvement Updated redirect URI for DRACOON for Outlook.

Improvement Improved handling of login password hashes.

Improvement Improved Swagger documentation for room configuration.

Improvement Introduced new API endpoint GET /users/{user_id}/userAttributes.

Improvement Introduced new API endpoint GET provisioning/customers/{customer_id}/customerAttributes.

Improvement Gender in DRACOON now deprecated.

Improvement Improved performance for large lists of items.

Improvement Renamed DRACOON Web Access to DRACOON Web App.

Improvement Improved OAuth grant type validation.

Improvement A user's phone number can now be reset by providing an empty String.

Improvement Ensured that OAuth Client ID cannot be configured with obscure characters.

Improvement Corrected trial day calculation for demo accounts.

Improvement Added normalization to URI/URL according to RFC3986.

Improvement Move operation with same parent as target (and with rename) is now allowed.

Improvement Copy and move operations allow additional resolution strategies.

Improvement Only one download notification is now sent for ranged requests on Download Shares.

Improvement Revised logging for chunked downloads.

Improvement Improved quality of fallback avatar.

Improvement Made all boolean attributes in request models optional.

Improvement POST /auth/login now accepts auth method "basic" (in addition to "sql")

Documentation Issue Extended documentation for download shares.

Documentation Issue Corrected documentation for avatar error handling.

Documentation Issue Added avatar size information to documentation.

Documentation Issue Corrected some typos in Swagger documentation.

Documentation Issue Corrected documentation for profile attributes.

Documentation Issue Corrected documentation for RADIUS configuration.

Documentation Issue Corrected documentation for settings API.

Documentation Issue Corrected API RADIUS configuration documentation.

Documentation Issue Corrected API documentation for settings.

Documentation Issue Corrected documentation of customer quota.

Documentation Issue Corrected API documentation of profile attributes.

Documentation Issue Corrected documentation of homeRoom configuration.

Documentation Issue Corrected documentation info in general configuration endpoint.

Documentation Issue Corrected documentation of search API.

Version 4.11.2 (2019-05-03)

Bugfix Ensured that default avatars will be created for every user on update of DRACOON Server.

Version 4.11.1 (2019-04-25)

Bugfix Fixed an issue that caused the OpenID user information retrieval to fail.

Version 4.11.0 (2019-04-10)

Security Issue Improved springfox.js implementation.

Security Issue Removed unnecessary debug information provided in JSON errors.

Security Issue Ensured prevention of memory exhaustion at email service.

Security Issue Implemented additional validations regarding LDAP authentication provider.

Security Issue Improved several log.info messages.

Security Issue Enforced redirect URI when creating or changing a client with grant types "authorization code" or "implicit".

Security Issue Fixed an issue that made shares accessible to Log Auditors.

New Feature Deprecated GET and PUT /system/config/settings/mail_server.

New Feature Deprecated "cntFiles", "cntFolders", and "cntRooms" attributes in GET /user/account/customer.

New Feature Deprecated "customer" attribute in GET /user/account.

New Feature Introduced isBrowsable attribute for rooms.

New Feature Revised several eventlog and syslog messages.

New Feature Added createdAt filter to GET /shares/downloads and GET /shares/uploads.

New Feature Added option to filter for customer attributes that do not exist at a customer.

New Feature Existing access and refresh token now stay valid on successful token refresh.

New Feature Introduced "inline" query parameter to download APIs.

New Feature Introduced avatars for every user.

New Feature Added support for OpenID Connect Hybrid Flow.

New Feature Refactored "displayName" attribute and "UserInfo" model.

New Feature Added support for modification of Download and Upload Shares.

New Feature Added "internalNotes" attribute to /shares/downloads and /shares/uploads APIs.

Improvement Replaced Spring Security OAuth library.

Improvement "cntChildren" attribute now takes permissions into consideration.

Improvement Split "cntChildren" attribute into "cntRooms", "cntFolders", and "cntFiles" attributes.

Improvement Added "homeRoomParentId" attribute to response model of GET /config/info/general.

Improvement Deprecated "classification" attribute in the response models of /shares/downloads APIs.

Improvement Introduced "targetType" attribute to /shares/uploads APIs.

Improvement Introduced option to provide unlimited customer quota.

Improvement Improved Swagger documentation.

Improvement Files and folders can now by copied to their parent.

Improvement Removed public token upload from upload APIs.

Improvement Un-deprecated providerCustomerId in provisioning APIs.

Improvement Added "mediaType" attribute to GET /public/shares/downloads/{access_key}.

Improvement Improved handling of share passwords that are not base64-encoded.

Bugfix Updated list of top-level domains.

Bugfix Made behaviour of "cntDownloadShares" and "cntUploadShares" attributes consistent.

Bugfix Fixed an issue that made the OAuth authorization code grant fail when no redirect URI was provided.

Bugfix Fixed an issue that could lead to exceeding the user limit.

Bugfix Revised consideration of permissions of GET /nodes/{node_id}/parents.

Bugfix Ensured that nodes can only be restored to containers.

Bugfix Fixed an issue that prevented users from deleting their phone number.

Bugfix Improved caching in connection with SyslogSender and MailSender.

Version 4.10.7 (2019-03-21)

Security Issue Fixed an issue that could cause lock timeouts eventually downing the application.

Bugfix Fixed an issue that made the deletion of users very slow on large environments.

Version 4.10.6 (2019-01-14)

Bugfix Revised ehcache persistence strategy.

Version 4.10.5 (2018-12-22)

Security Issue Improved sanity checks of node names.

Bugfix Fixed an issue that could lead to an internal server error when moving nodes.

Bugfix Fixed an issue that could lead to a database inconsistency when moving a folder during file upload.

Version 4.10.4 (2018-11-30)

Improvement Made NodeParent type of node parents API consistent with similar APIs.

Bugfix Ensured that the AD Home Room parent is returned by the eventlog API.

Bugfix Improved performance of node count queries.

Bugfix Fixed a minor error in Swagger documentation.

Bugfix Fixed an issue that made an update of a user's metadata revoke his AD Home Room permissions.

Bugfix Fixed an MSISDN formatting issue in connection with Austrian phone numbers.

Bugfix last_admin_rooms API does not return sub rooms of AD Home Rooms anymore.

Bugfix Fixed an issue that prevented saving OpenID IdP configurations under certain circumstances.

Version 4.10.3 (2018-11-15)

Bugfix AD Home Rooms are now enabled by default if they have previously been used.

Version 4.10.2 (2018-11-05)

New Feature Introduced APIs to retrieve last admin users / groups of rooms.

New Feature Removed personal data rooms (introduced in 4.10.0) and returned to an improved version of AD Home Rooms instead.

Improvement Improved usage of zip formats.

Improvement Added "homeRoomParentId" attribute to response model of GET /config/info/general.

Improvement Improved performance of eventlogs-related database tables.

Bugfix Fixed an issue that resulted in OpenID auth requests with invalid options.

Bugfix Fixed invalid classification of Download Shares on folders.

Bugfix Made eventlogs CSV files compatible to Microsoft Excel.

Version 4.10.1 (2018-10-12)

Security Issue Prevented the retrieval of the list of all users in personal data rooms.

Bugfix User's last login is now also updated when performed via OpenID Connect.

Bugfix Fixed an issue that resulted in a broken OAuth authorization flow.

Version 4.10.0 (2018-09-27)

Security Issue Fixed a possible timing side-channel attack regarding LDAP connections.

Security Issue Fixed an issue in internal handling of errors.

New Feature Refactored all occurences of TripleCrypt technology.

New Feature Introduced support for configurable database connection pooling.

New Feature Deprecated all branding-related API endpoints.

New Feature Set Content-Security-Policy header (incl. predecessors).

New Feature Added support for importing users from OpenID IDP.

New Feature Introduced a Breadcrumb API in the form of GET /nodes/{node_id}/parents.

New Feature Introduced a personal data room for every user.

New Feature Introduced new means of collaboration via comments on nodes.

Improvement Deprecated GET /users/{user_id}/rooms and GET /groups/{group_id}/rooms.

Improvement Deprecated "children" attribute in respective API endpoints and models.

Improvement Improved internal handling of DB connections.

Improvement Improved name handling for Upload Shares and Download Shares.

Improvement Deprecated "depth_level" parameter of GET /nodes.

Improvement Recycle Bin and file versioning are now always on for all data rooms.

Improvement Removed contact email from Swagger UI.

Improvement Revised documentation of further information in uploads API.

Improvement Fixed a performance issue caused by fast directory browsing.

Bugfix Improved caching in connection with SyslogSender and MailSender.

Bugfix Cache is now correctly flushed when branding settings are changed.

Bugfix Fixed an issue that made orphaned data rooms possible.

Bugfix Fixed an issue that made the DRACOON Media Server unusable in connection with OAuth.

Version 4.9.2 (2018-08-17)

Bugfix Improved handling of deletion of OAuth tokens.

Version 4.9.1 (2018-08-10)

Bugfix Fixed an issue that made orphaned data rooms possible.

Bugfix Fixed an issue that made the DRACOON Media Server unusable in connection with OAuth.

Version 4.9.0 (2018-08-03)

Security Issue Updated server dependencies to their latest versions.

New Feature Introduced support for configurable database connection pooling.

New Feature Refactored all occurences of SDS.

New Feature Enabled upload of files with Content-Type: application/octet-stream.

New Feature Introduced default classification.

New Feature Introduced possibility to disable need to change password after provisioning.

New Feature Introduced API for third-party dependencies data.

New Feature Introduced support for S3 tags.

Improvement Fixed a performance issue caused by fast directory browsing.

Improvement Introduced possibility to explicitly set an initial password upon user creation.

Improvement Ensured that Share Link email can never contain the Share Password.

Improvement Introduced sorting by time for eventlog API.

Improvement Revised response codes for move/copy operations in nodes API.

Improvement Recylce bin of new data rooms is now active by default.

Improvement Added equals filter for node names.

Improvement Made random password generation comply with configured password policies.

Improvement Current user is now used as default room adminstrator when creating a top-level room.

Improvement Added OAuth clients for Instabrand service.

Bugfix Introduced a limit on reading eventlogs to prevent the database system from crashing.

Bugfix Fixed an issue that resulted in very large downloaded zip files being corrupt.

Bugfix Fixed a possible null pointer exception.

Bugfix Revised documentation of preconditions of POSTs and DELETEs in roles API.

Bugfix folder_id is not mistakenly recognized as room_id anymore in nodes API.

Bugfix Removed invalid filters from groups API.

Bugfix Fixed an issue that made the CORS filter block the authorization header.

Version 4.8.5 (2018-08-17)

Bugfix Fixed an incompatibility of nodes with empty mediaType attribute.

Bugfix Improved handling of deletion of OAuth tokens.

Version 4.8.4 (2018-08-17)

Bugfix Fixed an issue that made orphaned data rooms possible.

Bugfix Fixed an issue that made the DRACOON Media Server unusable in connection with OAuth.

Version 4.8.3 (2018-08-03)

New Feature Introduced support for configurable database connection pooling.

Improvement Fixed a performance issue caused by fast directory browsing.

Version 4.8.2 (2018-07-13)

Bugfix Fixed an issue that prevented the provisioning of customers on systems with disabled SQL authentication.

Version 4.8.1 (2018-06-04)

Security Issue Names of nodes could be retrieved without read permission.

Version 4.8.0 (2018-05-01)

Security Issue Pentest result: Mail templates were prone to HTML injection attacks.

Security Issue Pentest: Known issue in MS Internet Explorer 11 could be exploited for XSS.

Security Issue Pentest: Added a header option for MS Internet Explorer 11 to prevent a possible XSS attack in the download options dialog.

Security Issue Config managers were able to retrieve access information to their configured S3 storage.

New Feature Deprecated some customer attributes in the provisioning API.

New Feature Corrected some filter and sort documentation in Swagger.

Improvement Authorized OAuth standard clients for sFTP and WebDAV to get refresh tokens.

Improvement Improved message of error -40006 to be more specific in some cases.

Improvement Added several information to proctected Upload Shares.

Bugfix Fixed a problematic issue where encrypted files were stated with a size of 0 bytes even though upload succeeded. This prevented the files from being downloaded again.

Bugfix Prevented the last administrative user from permanently locking himself/herself.

Bugfix Fixed an documentation issue in Swagger that falsely stated that s3Key would be returned by node objects.

Bugfix Ensured that the event of activating encryption shows up in the respective room log.

Bugfix Fixed an issue that prevented the provisioning API to properly filter for a certain user login.

Bugfix Ensured that receiver's name is set properly in emails even if no branding is active.

Bugfix Corrected to object type of some log messages when automatically removing an Upload Share.

Version 4.7.0 (2018-03-29)

Security Issue Mail server password had been logged on reset.

New Feature Configuration path changed.

New Feature Removed deprecated RADIUS settings.

New Feature Lock information of customers and users are now boolean attributes.

New Feature Search results are now sortable by path.

New Feature Added new attribute phone to user.

New Feature Introduced profile attributes for users.

New Feature Introduced new language handling in preparation for new localizations.

Improvement Deprecated attribute fileId has been removed from Download Shares.

Improvement Unused OAuth authorization codes are now cleaned up.

Improvement Log level now configurable in properties.

Improvement Full refactoring of Tenant DB schema.

Improvement Introduced new logging framework.

Improvement Corrected HTTP status code for user keypair request.

Improvement Reduced the minimum quota for customers to 1 MB (=1024*1024 Bytes).

Improvement All notes fields are now restricted to 255 characters.

Improvement Added some documentation to Swagger for depth-level in searches.

Improvement Client ID and Client Secret of DRACOON clients are no longer shown via API.

Improvement Refactoring of copy and move operations.

Bugfix Fixed a stability issue regarding S3 storage connections.

Bugfix Removed an invalid error code from uploads API.

Bugfix Ensured that changes in the priority of auth methods is logged properly.

Bugfix Included a missing endpoint in Swagger Documentation.

Bugfix Enabling of event log was logged twice as event.

Bugfix Fixed an inconsistent behavior regarding the text length for notes of Download Shares.

Bugfix Some date range filters did not work properly.

Bugfix Fixed an issue that caused inconsistent meta data when restoring old versions of files that are stored on S3 storage.

Bugfix Fixed an issue that prevented S3 storage from being activated after initial configuration.

Bugfix Fixed an issue that allowed one OAuth client to receive multiple authorizations for one user.

Version 4.6.1 (2018-03-15)

Improvement Improved performance of permissions calculations.

Version 4.6.0 (2018-03-12)

Security Issue Reject encrypted files bigger than 63 GB so that nonce reuse may not occur in crypto version A.

New Feature Last login error IP attribute is now deprecated.

New Feature Swagger UI Contact info is updated.

New Feature Extensive documentation about deprecations and corresponding APIs.

New Feature Improved handling of Home Room configuration.

New Feature Introduced new setting keys.

New Feature Introduction of new models for configuration.

New Feature Extensive documentation of new configuration APIs.

New Feature Restructuring of S3 storage API controllers.

New Feature Ensured that at least one authentication method is present.

New Feature Introduced new API for branding information.

New Feature New APIs to set configuration.

New Feature New APIs to retrieve configuration.

New Feature Introduced OAuth authentication to Swagger UI.

New Feature Introduction of new settings and configuration APIs.

New Feature Introduced new config information APIs.

New Feature Major refactoring of config APIs.

Improvement Improved clarity of error code for invalid upload token or download token.

Improvement Ensured that random passwords do not use lookalike characters.

Improvement Improved Log Operations API.

Improvement Extended the API to easily retrieve configuration state of Media Server.

Improvement Updated several external frameworks.

Improvement Introduced new attributes to reset several values.

Improvement Reordered attributes in Swagger documentation.

Improvement Integrated DRACOON branding client in DRACOON Server project.

Improvement Added some examples to Swagger Documentation.

Improvement Refactoring of audit log and syslog generation.

Improvement Updated Spring Libraries for OAuth.

Improvement Updated RabbitMQ queue names to DRACOON.

Improvement Unified description of error codes in documentation.

Improvement Default values are now documented in Swagger.

Improvement Corrected some documented information in Swagger about legacy roles.

Improvement Introduced a filter for globally available auth methods.

Improvement New filter for globally available auth methods.

Improvement Introduced filter for auth methods.

Improvement Renamed authentication method sql to basic.

Improvement Improved public system info API.

Improvement Added missing error codes to Swagger documentation.

Bugfix Corrected HTTP content type of Swagger Documentation.

Bugfix Ensured full compatibility of AD configuration APIs with new Swagger version.

Bugfix Improved URL validation for branding URL.

Bugfix Ensured that mail settings only allow either STARTTLS or SSL.

Bugfix brandingProviderUrl could not be reset in all circumstances.

Bugfix Activating IP address logging did not work properly.

Bugfix Fixed an issue that prevented the last fail IP address of a user from being returned.

Bugfix Deprecation of /config APIs.

Bugfix Removed obsolete attribute useS3Storage from general settings update.

Bugfix Fixed an issue that prevented the OpenID Connect fallback mapping claim from being reset.

Bugfix Improved the conflict handling of user attributes with the same key.

Bugfix Fixed an issue that occured when a Config Manager provided invalid auth method configuration values.

Version 4.5.0 (2018-02-02)

New Feature Introduced auto-generated Swagger Documentation.

New Feature Refactoring of internal package naming.

New Feature Added required roles and rights to Swagger Documentation.

New Feature Added some missing status codes to Swagger Documentation.

New Feature Integrated new Swagger Documentation in service. Swagger-Proxy is no longer provided.

New Feature It is now possible to rename files with copy and move operations.

New Feature Introduced new Swagger UI version 3.4.5.

New Feature Updated Swagger to version 2.0.

New Feature Activity Logs of Data Rooms may now be disabled and enabled by Data Room Admins.

Improvement Improved Swagger 2.0 specification.

Improvement Improved description of effectivePerms and effectiveRoles in Swagger Documentation.

Improvement Ensured that status codes 401 and 403 are documented in Swagger if applicable.

Improvement Improved media type handling in all APIs.

Improvement Refactored text/csv export for event log API.

Improvement Extend error message for status 406. Please make sure to provide correct content header in API requests.

Improvement Improved debug configuration settings.

Improvement Renaming of internal packages of OAuth component.

Improvement Added some missing error codes to Swagger Documentation.

Improvement Added extensive information about deprecated APIs to Swagger Documentation.

Bugfix Fixed an issue that prevented Media Server from working.

Bugfix Fixed an issue with filter "isGranted" when trying to get rooms of a user or group.

Bugfix Fixed missing filters for attributeKey and attributeValue in Provisioning API.

Bugfix Fixed an issue with UTF-8 handling.

Bugfix Fixed an issue that caused OAuth sessions to be lost on Tomcat 8.

Bugfix Fixed an issue that prevented an update of the global used storage size in case a top level data room is removed.

Bugfix Added correct default for enabling/disabling Activity Logs.

Version 4.4.2

Minor Changes Minor changes for quality improvements

Version 4.4.1 (2017-12-18)

Improvement Reduced log level to avoid performance issues.

Version 4.4.0 (2017-12-18)

Security Issue Fixed a possible SQL injection issue.

Security Issue Ensured that the manually set password for a new customer's first user is never in the API response.

New Feature Restructured GET/SET methods.

Improvement Redesign of GET/SET methods in OAuth component.

Improvement Page title and description were invisble on OAuth logon page.

Bugfix Fixed an issue that prevented role assignments from being logged.

Bugfix Ensured compatibility of Media Server for OAuth access.

Bugfix Corrected audit log category for logon/logoff events.

Bugfix Fixed an issue that allowed to configure AD HomeRoom creation to an invalid parent room.

Version 4.3.3 (2017-11-09)

Bugfix Fixed an issues that might cause deadlocks.

Version 4.3.2 (2017-10-26)

Bugfix Fixed an issue that caused pending group permissions to get lost on some edit operations.

Bugfix Fixed an issue that allowed to configure AD HomeRoom creation to an invalid parent room.

Version 4.3.1

Bugfix Fixed HTTP status codes for GET /system/config/storage/s3

Bugfix Removed incorrect Swagger documentation

Bugfix Fixed an issue that caused a delay in FileKey calculation

Version 4.3.0

Security Issue Fixed a critical bug that affects all previous versions: Deleting a Data Room with a special name might result in all files being deleted.

New Feature Basic implementation of node metadata configuration for S3.

New Feature Added log events for S3 changes.

New Feature Job to migrate files from NFS to S3 storage.

New Feature Improved the behavior of the RADIUS configuration regarding failover hosts.

New Feature All background jobs are now being skipped if DB update is in progress.

Improvement Deprecated error code -70502.

Improvement Introduced a mapping claim to OpenID provider.

Improvement Corrected Swagger Documentation of error code in POST /nodes/folders.

Improvement Added error code -40000 in Swagger Documentation of various endpoints.

Improvement Added missing error code -40751 to Swagger Documentation.

Improvement Added missing error -20501 to Swagger Documentation.

Improvement Corrected error code for downloads in Swagger Documentation.

Improvement Added Swagger Documentation for pending assignments.

Improvement Introduced new error code for missing Share.

Improvement Added error -20502 to Swagger Documentation.

Improvement Corrected wrong error codes for download issues in Swagger Documentation.

Improvement Integrated RADIUS in OAuth component.

Improvement Added PKCE support for OpenID Connect.

Improvement Extended state and nonce for OpenID Connect.

Improvement Corrected in Swagger Documentation that fileKey tag is optional.

Improvement Corrected Swagger Documentation for share link recipients.

Improvement OAuth client secret is now validated separately.

Bugfix Fixed a wrong audit log entry when changing AD configuration.

Bugfix RADIUS implementation did not work properly with NetIQ AAF.

Bugfix Fixed an issue about missing information in pending assignements.

Bugfix Fixed an issue that caused the full stack trace being logged in context of wrong AD settings.

Bugfix When creating a customer, the login of the first user was not in response if AD is the only auth method.

Bugfix Fixed a crash when creating a user with an invalid value for isEnabled.

Bugfix Fixed an issue with invalid internal identifiers of an AD configuration.

Bugfix Fixed a server error when sending the same auth method several times for one user.

Bugfix Fixed an issue with setting a blank name for Download Shares.

Bugfix Corrected the error code for Share Links when too many smsRecipients were provided.

Bugfix Corrected the input validation of POST /provisioning/customers.

Bugfix Corrected the debug message for incorrect filters of GET /provisioning/customers.

Bugfix Fixed an issue when updating a user with an invalid authentication method present.

Bugfix Fixed an issue when assigning several user groups at once.

Bugfix Fixed an UTF-8 encoding issue on OAuth login.

Bugfix In some cases the import group and the home folder parent for an AD configuration was falsely removed.

Bugfix Filtering for objects with underscore did not always work properly.

Bugfix Filtering is no longer case sensitive.

Bugfix Filtering objects with percentage sign did not work properly in all cases.

Bugfix Fixed an issue that prevented the rescue key from being created correctly after moving a file between encrypted Data Rooms.

Bugfix Fixed an issue with percentage sign as Data Room name and search.

Version 4.2.2

Bugfix Fixed an issue that allowed setting an expiration date to the last user of a global role which might orphane the affected role.

Bugfix Expiration of old file versions from the Recycle Bin did not reduce the used size of Data Rooms.

Version 4.2.1 (2017-07-04)

Minor Changes Minor changes for quality improvements

Version 4.2.0 (2017-06-30)

New Feature Old log event tables are now removed from DB.

New Feature Support for French and Spanish translations.

New Feature Reorganized feature switches in code.

New Feature cntAdmins and cntUsers are removed from Node model since they are already disfunctional.

New Feature Mediaserver file transfer mode can now be configured in api.properties.

New Feature Provide new attribute \emph{showUploadedFiles} for public upload share info.

New Feature Extend UploadShare model to provide attribute \emph{showUploadedFiles}.

New Feature Previously uploaded files no longer returned at public upload shares if \emph{showUploadedFiles} is false.

New Feature New API to create RADIUS configuration.

New Feature New API to retrieve RADIUS configuration.

New Feature New API to change RADIUS configuration.

New Feature New API to remove RADIUS configuration.

New Feature New API to test RADIUS configuration.

New Feature DB update to reflect RADIUS configuration.

New Feature Legacy RADIUS configuration in /config is now ignored.

New Feature Extension of API /auth/login to provide information about RSA RADIUS access challenge.

New Feature Implemented access challenge response and correct handling of X-Forwarded-For-Header.

New Feature Implementation of RSA RADIUS access challenge workflow.

New Feature Moved RADIUS configuration to /system/config/radius.

New Feature Implementation of RADIUS failover server.

New Feature DB update to store info whether uploaded files are shown at public upload shares.

New Feature Media Tokens are now provided in Nodes model.

New Feature Ensured IPv6 compliance for upload security.

New Feature Share link target is updated if link is to be kept during overwrite process.

New Feature Share links can only be kept if resolution strategy "overwrite" is selected.

New Feature Implemented new permission check for keeping share links while overwriting items.

New Feature Updated models of create, copy and move APIs.

New Feature Implementation of API model for Nodes analysis.

New Feature New Swagger Documentation for Nodes analysis.

New Feature Adaption of DB for Nodes analysis right.

New Feature Implementation of new right for Node analysis.

New Feature Implementation of authorization enforcement for Nodes analysis.

New Feature Implementation of controllers for Nodes analysis.

New Feature Implementation of API filters for Nodes analysis.

New Feature Implementation of native SQL queries to optimize performance.

New Feature Implementation of internal service and filters for Node analysis.

New Feature Comments of files/folders/rooms may now be removed by providing an empty string.

Improvement MaxSize and MaxSlots are now deprecated for public Upload Shares.

Improvement Corrected targetId filter for upload shares: \emph{cn} is corrected to \emph{eq}.

Improvement Added redirectUri for OAuth client configuration.

Improvement Nodes from different parents can now be deleted in one DELETE request (e.g. from search results).

Improvement Improved error code when trying to remove last user/groups from a Data Room.

Improvement OAuth clients can no longer be created with longer access token validity than refresh token validity.

Improvement StartTLS is now supported to secure mail server connections.

Improvement Customer ID of deprecated Branding Server may now be empty.

Improvement mailBody is now optional when creating upload shares.

Improvement Customer ID of deprecated Branding Server may now be empty.

Improvement AD configuration has been removed from /config/settings and /config/authSettings.

Improvement Extended information for syslog event API.

Improvement Fingerprint of AD configuration may now be unset with an empty string.

Version 4.1.5

Minor Changes Minor changes for quality improvements

Version 4.1.4 (2017-04-03)

Bugfix Performance issues on frequent changes of permissions inheritance setting.

Bugfix A large number of expired files within a small time frame might cause cleanup issues.

Version 4.1.3 (2017-03-17)

Bugfix Fixed an issue with some filter parameters in rooms where users do not have permissions.

Bugfix Fixed an issue with fileKey distribution for users in rooms without rescue keys.

Version 4.1.2 (2017-03-02)

Improvement Improved handling of sms config properties to facilitate transparent setting for adminstrators.

Bugfix Filtering of Activity Log was only possible for Log Auditors. This is changed so that anyone with access may send filter criteria.

Bugfix Fixed a crash if the client sends a certain user agent. This prevented DriveLetter from connecting.

Bugfix Fixed an issue with favorites that could cause a DB inconsitency.

Bugfix Fixed an issue in the Activity Log that prevented users from seeing other entries then their owns'.

Version 4.1.1 (2017-03-01)

Bugfix Changed the default handling of sms feature after rollout to false. Otherwise this might conflict with missing sms gateway configurations.

Version 4.1.0 (2017-03-01)

New Feature Updated Swagger documentation to clarify the error description of error code [-90057].

New Feature Implemented a component to transmit Text Messages to the SMS Gateway.

New Feature Extended config API to provide interface to enable/disable SMS Feature.

New Feature Extended config API to announce availability of SMS Gateway to clients.

New Feature APIs to create Share Links now accepts MSISDNs to send Text Messages.

New Feature Provide configuration for an SMS Gateway.

Improvement SDS Server includes Template for Short Messages.

Improvement Models for creation of Share Links now contain a field for text message recipients.

Improvement Attribute sendMail is now optional when creating a Download Share.

Improvement Attribute notifyCreator is now optional when creating a Download Share.

Improvement Clarified error message when user tries to log on while account is locked due to too many unsuccessful attempts.

Improvement Introduced a new error to prevent clients from leaking crypto passwords to the server by accident.

Improvement Clarified misleading error codes when importing groups and setting a destination for AD Home Rooms.

Improvement Email notification button can now be enabled and disabled.

Improvement Attribute notifyCreator is now optional when creating an Upload Share.

Improvement Attribute sendMail is now optional when creating an Upload Share.

Bugfix Share notification emails now contain the time zone (UTC) to clarify the time stamps.

Bugfix Fixed an issue when retrieving all visible Data Rooms a group is authorized at.

Bugfix Fixed an issue when trying to retrieve all visible Data Rooms a user is authorized at.

Bugfix Fixed an issue with Download Shares of Data Rooms.

Bugfix Fixed a rare issue that prevented Data Room encryption from being activated.

Bugfix Fixed an issue that prevented nodes in very long path names from being deleted.

Bugfix Fixed an issue that prevented the immediate cleanup of an aborted upload.

Bugfix Fixed an issue that allowed a user keypair to be set even though client-side encryption is disabled.

Version 4.0.4 (2017-03-03)

Minor Changes Minor changes for quality improvements

Version 4.0.3

Minor Changes Minor changes for quality improvements

Version 4.0.2

Minor Changes Minor changes for quality improvements

Version 4.0.1

Minor Changes Minor changes for quality improvements