 |
| |
| |
This message is to announce the imminent release for FirstClass Internet Services 12 build 11.165. If you notice anything in this note that need correcting, please let Ian Archibald know.
FirstClass Division Product Bulletin
Title: OpenText FirstClass Internet Services Update Release
Bulletin Number: 283
Version: 1.0
Date: July 15, 2014
Audience
This Product Bulletin is intended for distribution to FirstClass Divisions installed base administrators, Customer Support Center team, Business Development Center team, Account Managers, and Channel Partners.
Description
The new product components are:
FirstClass Internet Services 12 Build 11.165
Availability
FirstClass Internet Services 12 build 11.165 and components are distributed to existing customers who have a valid maintenance and support contract.
FirstClass Update Services will automatically download the files to your server. If your servers Update Services schedule is turned off, you may manually initiate an Update Services request to receive the update.
FirstClass 12 Internet Services 12 Build 11.165 components will be available for download from FCOL (fc.firstclass.com) in the following locations:
Windows server
Conferences/Downloads/FirstClass 12 Product Updates/FC12 Windows Server Updates/
Mac OS X server
Conferences/Downloads/FirstClass 12 Product Updates/FC12 OS X Server Updates/
Linux server
Conferences/Downloads/FirstClass 12 Product Updates/FC12 Linux Server Updates/
Please ensure that you have your server specific FirstClass 12 license, and review both the Release Notes and instructions accompanying the installers thoroughly before proceeding with the upgrade.
To renew or purchase your M&S contract, please contact your regional Sales Support Center listed at the end of this bulletin.
New Product Features and Changes
FirstClass Internet Services 12 Build 11.165
Filter out XSS attack vectors from the dAltBody HTML stream before sending it to the server.
Adjust level 3 logging so that when sending responses that fail are marked as such.
Changed the Stream closed log message to Stream closed by other end, to make it clear(er) who's at fault.
IMAP: Do async reporting in the NOOP command handler.
Handle ATOM dates in RSS 2.0 feeds.
Fixed Symantec scan engine error by not trying to send zero length chunks of data to be scanned.
Fixed crash processing Alt Body HTML.
Buffer data sent to the Symantec scan engine for better performance.
Fixed broken access to personal web pages via alias.
Fixed retrieval of encrypted S/MIME messages that haven't been decrypted on the way in.
Limit the amount of original message body (used for crash diagnostics) to 100MB, to avoid bogging the machine down.
Fixed SMTP crash.
Updated calendar invitation handling to better inter-operate with other calendaring systems, such as Google and Exchange.
Ignore mailto: in RCPT TO: addresses, as issued by Exchange.
The XSS sanitizer doesn't strip url() references to image files (.jpg, .jpeg, .gif and .png).
Replace newlines with spaces in the Location field to improve legibility.
When attaching a calendar event (instead of turning the message into the event), set the start date, duration, etc. (but not attendees).
The XSS sanitizing is now more surgical in what it removes.
XSS sanitizing can now be disabled/enabled in one of two ways. The first is via inetsvcs.cf:
[Config]
SET_DisableXSSSanitizing = 1
The default value is 0.
The other way is via a new mail rules built in variable $DisableXSSSanitizing, which is read/write and can be set to 0 (zero) to enable sanitizing or 1 (one) to disable sanitizing.
FTP, HTTP, LDAP, POP3 and IMAP4 now support blacklisting IP addresses when they strike out due to too many bad logging attempts.
Bad password strike outs (including SMTP) are now controlled by the Abuse note level setting in Basic Internet Setup : UCE/Spam : Abuse.
Added a feature in the AddHandler document to return custom HTTP headers in the response to the HTTP client.
Syntax is Custom-Header: <contents of custom header>, defined in an <AddURLHandler> block, where <contents of custom header> are the complete header, which will be sent as is.
Implemented log log rollover on startup. Setting [Config] LogRollover = 1 in inetsvcs.cf will cause an existing InetSvcs.OLD (or fcisd.old) to be renamed xxxYYYYMMDD_HHMM.log before the .log file is renamed to .old.
Fixed a problem where the wrong value was used as the domain name for Android notifications when the service is started at the first push notification.
The Android push notification service is now enabled by default.
Fixed "Wrapping issue on inbound HTML message".
Fixed crash outputting very long text/calendar property.
Fixed crash accepting (or declining) a calendar invitation with an unexpectedly formatted ATTENDEE property (e.g. ATTENDEE:mailto:email@address.com).
Fixed another issue when there is an HTML part, no DESCRIPTION in the event and the event is not attached to a message.
Fixed problem where the multipart/alternative end boundary wasn't output, which causes Outlook 2007 (and possibly later versions) grief.
Fixed crash retrieving (via IMAP or POP3) a calendar event in the mailbox that has an HTML altbody message body instead of a plain text message body. Also fixed some related message generation issues.
Added some randomness to the IMAP CRAM-MD5 challenge string.
Fix for incorrectly interpreting 12:00 as midnight when processing the date in 24 hour format.
All 127.x.x.x addresses are loopback addresses, not just 127.0.0.1.
When parsing text/calendar objects, don't set a 1 minute alarm when no alarm was set in the object.
Recognize the MIME type text/vCard in SMTP messages.
Fixed problems sending attached contacts that had message body.
Check for timezone changes once a minute.
Fixed some misparsing of text/calendar objects.
When parsing text/calendar objects, handle the X-ALT-DESC property (if it's HTML) if the DESCRIPTION property is missing.
When parsing text/calendar objects, handle the ATTACH property. Not yet implemented when the event is added as an attachment.
Output the site name and ID in the log file when starting up.
Set the IMAP show sent items per the form when applying config changes.
IMAP: Prevent crash processing parameters in parentheses when there is only an opening parenthesis.
Added support for Windows Phone and Android client push notifications.
All push notification services can be individually disabled via inetsvcs.cf settings in the [Config] section:
SET_DisableApplePNS = 1
SET_DisableBlackBerryPNS = 1
SET_DisableWinPhonePNS = 1
SET_DisableAndroidPNS = 1 (this is the default setting for this release)
The Google push notification API key and GCM Sender ID can be overridden in the inetsvcs.cf with these settings:
[Config]
GoogleAPIKey = "api key string"
GoogleCMSenderID = "sender id string"
Fixed problems with some event cancellation messages not being sent, or incorrectly formatted.
Accept ATTENDEE values that start with http:// or https:// (as sent by Google calendar.)
Allow incoming messages with text/calendar parts to be turned into events if the METHOD parameter is missing.
Various improvements to outputting calendar events/tasks:
- output task STATUS
- output DURATION if no start date
- output proper value for DTSTAMP
- output COMPLETED date for tasks
- output DUE date for tasks
- output PRIORITY for events/tasks via CalDAV
- don't output DTEND when there is no end date or duration
Fixed problem with some attendees receiving cancel event notifications instead of invitations.
Fixed problem with deleted attendees that required delivery retries.
Fixed problem where some calendar messages would be missing the event data.
Fixed issue where forwarded events would result in cancellation event notifications would be sent.
Fixed problem that caused all of a relayed message to end up in the smtp log.
Fixed problem where the $IsSpammer flag didn't work if set after the end of the headers.
Fixed typo when parsing header match enable webdav tokens (WevDAV_Basic).
Add a Date header if there is none in the message.
FTP: the RNFR (rename from) command now supports a path name, as per RFC 959.
Fixed issues in the IMAP APPEND handler that caused server crashes.
Improved fidelity when FETCHing APPENDed messages (IMAP).
Improved error/shutdown handling when handling inbound attachments.
Updated builtin OpenSSL library to 1.0.1h. Addresses security advisory CVE-2014-0224.
If the character set in an RFC 1522 encoded word is not recognized, leave the encoded word as is.
Contact Information
Sales
To purchase a FirstClass product or user licenses, please contact our Sales Department or your local FirstClass reseller.
North America and South America
email: mailto:sales@firstclass.com phone: 888.808.0388
UK, Europe, Middle East, Africa, Australia, and Asia
email: mailto:sales@firstclass.com phone: +44.1189.848000
Nordic and Baltic Regions
email: mailto:info@ett.se phone: +46.1869.1600
Sales Support
To renew or purchase your M&S contract, contact your regional Sales Support center.
North America
mailto:debra@firstclass.com
phone: 905.762.6347 or 888.588.3444 ext 5
UK, Europe, Middle East, Africa, South America, Australia, and Asia
Contact your local FirstClass reseller or
email: mailto:intl_fcmaintenance@opentext.com phone: +353.61.467424
Customer Support
Site administrators should contact their regional customer support center, if technical assistance is required.
North America
email: mailto:support@firstclass.com
United Kingdom
email: mailto:intl_fcsupport@opentext.com
Europe, Middle East, Africa, South America, Australia, and Asia
email: mailto:intl_fcsupport@opentext.com phone: +44.1189.848484
Nordic and Baltic Regions
email: mailto:support@firstclass.se phone: +46.1868.1620