OpenText FirstClass 11.0 SP3 Release Announcement v1.0

FirstClass Division Product Bulletin

Title: OpenText FirstClass 11.0 SP3 Release Announcement

Bulletin Number: 255

Version: 1.0

Date: December 19, 2011

Audience

This Product Bulletin is intended for distribution to FirstClass Division's installed base Administrators, Customer Support Center team, Business Development Center team, Account Managers, and Channel Partners.

Description

This is an announcement of the general availability (GA) of FirstClass 11.0 SP3 for Windows, Mac OS X, and Linux 64-bit platforms.

The new product versions are:

FirstClass Server 11.0 Build 1019 for Windows
FirstClass Internet Services 11.0 Build 11.049 for Windows
FirstClass Server 11.0 Build 1019 for Mac OS X
FirstClass Internet Services 11.0 Build 11.049 for Mac OS X
FirstClass Server 11.0 Build 1019 for Linux
FirstClass Internet Services 11.0 Build 11.049 for Linux

Availability

FirstClass 11.0 SP3 Core Server and Internet Services components are now available to existing customers who have a valid maintenance and support contract. FirstClass Update Services will automatically download these to your server in the upcoming weeks. If your server’s Update Services schedule is turned off, you may manually initiate an Update Services request to receive the updates.

FirstClass 11.0 SP3 will also be available for download from FCOL shortly in the following locations:

Windows server

Conferences/Downloads/FirstClass 11 Product Updates/FC11 Windows Server Updates/

Mac OS X server

Conferences/Downloads/FirstClass 11 Product Updates/FC11 OS X Server Updates/

Linux server

Conferences/Downloads/FirstClass 11 Product Updates/FC11 Linux Server Updates/

Please ensure that you have your server specific FirstClass 11 licenses, along with reviewing both the FirstClass 11.0 ReadMe First! text and instructions accompanying the installer thoroughly before proceeding with the upgrade.

To renew or purchase your M&S contract, please contact your regional Sales Support Center listed at the end of this bulletin.

New Product Features and Enhancements

The new features and fixes (since FirstClass 11.0 Server Build 979, Internet Services 11.0 Build 11.035) are listed in this section.

A. FirstClass Server

Enhancements

Passwords

Password encryption has been upgraded to use SHA512.

While we remain backwards compatible with older clients, passwords saved with the 11.017 or newer FirstClass Client will only work against this server build or newer.
Password checks are now case sensitive.

Enforcement of password compliance for user accounts. Does not apply to Gateway accounts.

If a user's password does not meet the password restrictions set at the user group level, then the change password form is displayed upon login.
If the user closes the change password form, the server logs the user off.
Once the change password form is displayed the server puts the user into a lock down mode where they do not have permission to perform any functions, until they change their password.

Implemented a new feature via the user group form, to allow mobile devices which are set to use a saved password to reconnect gracefully within a specified grace period.

Since mobile devices can disconnect at random times the "auto reconnect" feature would be hindered by the "must type password" security setting.

This new field allows the security setting to be enforced in such a way that the user experience continues at a high level.

If the disconnected time exceeds the setting the user is then forced to enter the password again.

Archive Server - new Batch Admin Search Feature

Allows Librarian to run a batch admin script to locate users who have data containing a search string. (To be implemented via a custom stationery form using field substitution)
Archive search is limited to Librarians only on an Archive Server.

New Batch Admin commands - SEARCH, SETSEARCHOPTIONS, and SETSEARCHFILTERS.

Syntax for SEARCH

SEARCH <UserID> or <ClientID> or <ALL>

e.g.

SEARCH UserID jamaclean

SEARCH ClientID 2165

SEARCH ALL

Syntax for SETSEARCHOPTIONS <EnableOption>... <EnableOption>

where available options are "Subject Body ToNames FromName AttachNames All ToCopyNames FAX"

Syntax for SETSEARCHFILTERS

SETSEARCHFILTERS MODIFIED BEFORE "2011/9/8"

SETSEARCHFILTERS MODIFIED AFTER "2011/9/1"

SETSEARCHFILTERS MODIFIED BEFORE "2011/9/8" MODIFIED AFTER "2011/9/1"

SETSEARCHFILTERS PATTERN "Keywords together in quotes" plus keywords -notthisword

Use with REPLY

- example message sent

SETSEARCHOPTIONS ALL

SETSEARCHFILTERS MODIFIED AFTER "2010/9/1"

SETSEARCHFILTERS MODIFIED BEFORE "2011/10/1"

SETSEARCHFILTERS PATTERN "hello world" -python

SEARCH ALL

- example message returned

SEARCH for Pattern ""hello world" -python"

Pattern found in User CID: 2169 UserID "cheryll"

Pattern found in User CID: 2165 UserID "jamaclean"

Fixes and Changes

Changes to better support processor use priorities, to allow the FirstClass kernel to use less CPU when idle, and improve the performance of high priority. For the server, this means medium mode now performs about the same as high, while using zero CPU while idle. Performance should not be negatively affected, and should be slightly better in some cases.
Fixed memory leak that occurred during mail delivery.
Fix for crash relating to rules processing.
Fix for mailbox open but session not notified.
Fix to properly update the Server Monitor's progress bar regarding batch admin scripts.
SysIDTable converted from Pre 10 version.
Convert notify table entries to correct data size when reading into memory from disk. Should fix expiry problem which in turn should fix incorrect notification.
Fixes a directory filtering issue regarding "All Conferences".
Fix for crash during a failed rebuild attempt.
Efficiency improvements to the way the MTA handles requeue requests.
Changes to the server's memory heap manager to significantly improve search index load times.
Added additional support for the android mobile devices.
Introduced a new notification method to keep the iPhone's unread count up to date.
Entering an email address in the contacts form no longer performs loop back (local address) detection. Fix for syncing/using contacts on mobile devices.
[OSX/Linux] Performance summary entries now being written to the Statistics log.

FirstClass Communities (formerly known as OpenText Social Workplace)

Enabled directory filtering on Recent Visitors
Keep track of the inviter in the comments field of the new account's UIF.
Flagged items do not clear unless directly clicked
Allow "chatters" to upload files (pictures, files, etc) into a instant messaging container.

Watches / Digests

Users were allowed to add duplicate watches to the same message thread.
Send notifications when documents are added or modified.
When user unsubscribes a community their Feeds/Digests are also removed. Thread watches remain IF the community is public.
When a community is changed from Public to Private, all users with Feeds/Digests and watches who are not subscribers have these watches removed.

Archive Server

Change to always send the most recent retention period regardless of when the name was validated.
Archive folders are now always created not published.
Archive now creates unpublished mailbox containers to avoid uniqueness.

Audit

Increased Audit's buffer sizes to handle longer path names.
Suppress indexing of gateway mailboxes during a Service Audit.

FirstClass Scripting (aka Batch Admin)

Fixed the "<" comparison of the IF command. Previously executed as "<=".
Added new EXPORT option (-F) to exclude folder creations to allow importing into a single container.
SETEXPORTFILTERS now only applies to leaf items.

Shutdown Related

Fixed a few issues that could trigger server crashes during the shutdown procedures.
Fixed several issues that could lead to lengthy delays as well as indefinite hangs during the shutdown procedure.
Fixed duplicate terminate (Ctrl-C) requests to not spew continuous "Fast shutdown requested (already shutting down)." messages on the console.
Added more logging when shutting down OS threads, to provide a better sense of the progress during shutdown.

Error Reporting

Fixed problems with RPT and DMP crash files not being saved, or being saved into the wrong folder location.
Fixed a 32-bit truncation of the address reported in the exception handler's "Cause:" line.
Fixed exception reports to include a dump of the 64-bit registers.
[Win] Added a warning message to server startup (after the DBGHELP message) for the cases when the server cannot load it's own symbols, and when the PDB file is missing or the incorrect version.

UTF8 Related

Translate history records from the correct character set.
Fixed incorrect truncation of (charset) translated strings.
Corrected a character translation problem for an uploaded file's subject.
Modified in place translations to verify that translated strings are not truncated in the middle of a multibyte character.

Known Limitations

FirstClass 11.0 SP3 Server Build 1019 supports FirstClass Applications Services (FCAS) Builds 3243-4098 and 4524 or later, only. Other versions of FCAS are not compatible, and may crash. Do not upgrade to Server Build 1019 at this time if your system is running custom applications unless:

your system is currently installed with a supported FCAS build, or until
your system has been updated to one of the supported FCAS builds.

A server crash may be triggered by the user auto registration process. It is currently recommended to disable that feature while running this server build.

B. Internet Services

Added 3 inetsvcs.cf config parameters for controlling POP sucking, which can improve reliability in the case of sucking large mailboxes:

- SET_POP3ClientIOLimit. Defaults to 25, shouldn't be changed.

- SET_POP3ClientMessagesPerLogin. Defaults to 0 (RETRieve all messages.)

- SET_POP3ClientMessageBytesPerLogin. Defaults to 0 (no limit.)

Added support for setting the Acceptable HTML parse errors setting via mailrules.
Added support for S/MIME certificates that use /emailaddress= instead of /Email=.
Added support for setting the Acceptable HTML parse errors setting via mailrules: see below.
Added a rules.MailRules variable that allows IS to parse email sent by poorly written mailers that send lines that end in only LF. The variable name is HandleBareLFInViolationOfRFC5321.

Suggested use in rules.SMTPDebug is:

X-Mailer: "Kayako Fusion " SET $HandleBareLFInViolationOfRFC5321 = 1

Added support for Rich Text User Signatures.
The Global Signature document (in Internet Services) now supports embedded images and attachments.
Added some validation of the OrigURL parameter to prevent it being used as an attack vector.
Changed decoding of Google calendar events so that there is a .ics file as an attachment instead of the same calendar event.
Cleaned up Log Kernel Statistics output, and provide the actual number for highest worker threads in use.
Correct output of vCal ATTENDEE attribute from TYPE to CUTYPE.
Correctly decode and set the ALARM in received text/calendar events.
Disable all WebDAV commands when enablewebdavfeatures is set to Disabled in headermatch.
Don't try to blackhole uninitialized SSL connections, as it causes a crash. Block them instead.
Enhanced the error message about mismatched email addresses to include the addresses.
Fixed a problem in HTTPSendTemplate where a boolean was being used as the expiry value in HTTPSendHeaders, which caused problems for the squid HTTP proxy server.
Fixed issue initializing sites when MS&L entry has certificate name entered but SSL status disabled.
Fixed problems with CGIs redirecting back into the /cgi-bin/ space.
Fixed a crash due to improper cleanup of IMAP append handler object.
Fixed a crash sending a forwarded or replied message with corrupt style data.
Fixed a memory issue when a CA certificate wasn't added to the store.
Fixed a problem that added a status message about the expiry period for each certificate in an S/MIME message, instead of just for the certificate that contained the email address.
Fixed a problem where a new alias with a new domain name wasn't usable until a restart.
Fixed an issue where the reported size of the message would increase by the attachment sizes for each set of recipients/domain.
Fixed broken default filter setting for the lower pane which prevented UnRead items retrieval.
Fixed problems and omissions parsing complicated style sheets.
Fixed crash processing SEARCH NOT UID <sequence set> <search key> commands.
Fixed crash caused by parsing a malformed table.
Fixed crash decoding vCard attachments that contained EMAIL lines. Also decode the misnamed TYPE attribute in vCal attachments sent by previous versions of FCIS.
Fixed crash parsing contact data when a <CR><LF> pair is split between two buffers.
Fixed crash processing a directory lookup URL with no URL parameters. Also fixed a couple of other potential crashes with similar lack of parameters.
Fixed crash regarding sound resource (that was handled) usually seen in RWD sites. Suspected of causing performance issues.
Fixed crash when the S/MIME sender's email address is in the Subject Alternative Name field instead of the Subject field. Find email addresses in the Subject Alternative Name field.
Fixed display of containers in toolbar not to appear in the desktop for enhanced set of FC templates.
Fixed issue that was overwriting a 32 byte digest with a 40 byte digest when doing HTTP CRAM-MD5 authentication.
Fixed issue where MX records with an expiry time of zero were discarded before being used (once.)
Fixed issue where the POP sucker would cause IS-server connection failures.
Fixed issue where updated vCalendar events were not updating the original event.
Fixed login problem for Android and Blackberry clients when the admin has disabled chat for the user.
Fixed mangling of encrypted S/MIME messages.
Fixed mistranslation of vCal DESCRIPTION field.
Fixed Mojibake with long bodies and Mojibake with line breaks.
Fixed problem importing LONG data FC Form Data header.
Fixed problem parsing MS&L.
Fixed problem that skipped updating the icon id after the end of the internet headers (via rules.mailrules).
Fixed problems where some envelope fields (Date, message options, From name) were not updated properly.
Fixed resolver crash.
Fixed SAPtr64Reserve bad behaviour of needlessly growing the table in the name of performance. Suspected cause of log entries ending with 'SAPtr64Reserve returned zero', which will cause SSL connection problems.
Fixed SSL status = Login causing redirected to HTTPS for non login requests.
Fixed various problems with sending S/MIME messages.
Fixes for line wrapping Japanese text.
Flush the command stream after a successful STARTTLS/STLS command in the SMTP, POP3 and IMAP servers, to prevent a plain text command injection attack.
Handle single quotes as well as double quotes around header parameter values.
If sub records in a cached DNS record expire, re-lookup the sub record instead of deleting it.
IMAP: Fix possible endless loop trying to report EXPUNGEd items in containers with large numbers of items.
IMAP: Prevent crash if we get a NULL tObjListSumm while listing folders.
Improved error reporting when loading SSL certificates.
Improved S/MIME error reporting in NDNs.
Make sure that threaded sends of large binary files don't use more than half of the worker threads.
Make the full crash dump option the default for improved DMP file debugging.
Only anonymous BINDs should call logout with the keepconnected option.
Prevent endless loop initializing HTTP sites when misconfigured in a certain way.
Prevent endless loop that causes IS to stop responding when processing a certain invalid URL.
Prevent endless loop when bad data is received for rCustomDaily calendar events.
Print the SSL CA certificate name in most error messages where it's available.
Removed unconditional delete of the queued packet pool at the end of SMTP message thread, as it could cause crashes in other active outbound messages.
Replaced the style sheet linked list with a hash table, to speed up parsing and accessing very large style sheets.
The STARTTLS override is now checked in the POP sucker, which provides a workaround for POP servers that can't handle the CAPA command in the non-authenticated state.
Use a two minute sanity timer to keep from getting stuck in a logged out but still connected state.
Various performance improvements.

Internet Services 11.049 SET_SSLCipherSuite

Added support for overriding the default SSL cipher suite, via [Config] directive SET_SSLCipherSuite = "" in inetsvcs.cf. This new configuration item is added in response to a growing need of FirstClass sites to provide enhanced SSL security in order to pass stricter security audits. This is done by configuring the OpenSSL library to disable lower security ciphers by means of a string that describes which sets of ciphers to enable or disable.

There are two suggested strings for those sites to use:

SET_SSLCipherSuite = "-ALL:+HIGH:+MEDIUM"

should be good for most sites. For sites requiring the use of only highest encryption ciphers:

SET_SSLCipherSuite = "-ALL:+HIGH"

Refer to http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslciphersuite for complete documentation on the format of the string. Note that this string cannot enable ciphers that are not enabled by the configured build of OpenSSL included in IS, only disable them. Also note that the Disabled (SSL) versions: checkboxes override this setting.

Internet Services 11.049 Acceptable HTML parse errors support in rules.MailRules

There is a new predefined variable, named AcceptableHTMLParseErrors that can be read from or written to. Reading from it will return the current value, as set in the Advanced Mail form, or the default value. Writing to it (if done before the HTML body part is processed) will change what HTML issues will be accepted and sent to the server for display in the client. There are two ways to specify the new value: 1) a numeric value that is the sum of the acceptable warnings and errors, expressed as either a decimal or hexadecimal number, or 2) one or more identifiers separated by plus signs (+) or vertical bars (|). For example, to set the value to Bad images and Table errors, use either

$AcceptableHTMLParseErrors = 0x00020004

$AcceptableHTMLParseErrors = WarnBadImages + ErrTableError

The case of identifiers is not important, so AnyError is the same as anyerror and ANYERROR.

The following is a table listing the identifiers and their corresponding values.

Identifier	Value	Notes
All	0xffffffff	Any warning or error
AnyError	0x0000ffff	Any error
AnyWarning	0xffff0000	Any warning
ErrUnknownTags	0x00000001	The HTML contains a <tag> that is not defined in the HTML specification
ErrNotWellFormed	0x00000002	The HTML contains one or more syntax errors
ErrTableError	0x00000004	The HTML contains one or more syntax errors in a table
WarnExternalCSS	0x00010000	The HTML contains a reference to an external CSS style sheet
WarnBadImages	0x00020000	The HTML contains a reference to an image on a web server
WarnScriptTags	0x00040000	The HTML contains a <script> tag
WarnForms	0x00080000	The HTML contains one of these tags: form, button, fieldset, input, isindex, keygen, label, select or textarea
WarnFrameSets	0x00100000	The HTML contains a <frame> or <frameset> tag
WarnIFrames	0x00200000	The HTML contains an <iframe>, <ilayer> or <legend> tag
WarnEmbeddedApps	0x00400000	The HTML contains an <applet> or <object> tag
WarnImageMaps	0x00800000	The HTML contains an <area> or <map> tag, or <optgroup> and <option> if they occur outside of a <select> tag
WarnBadEmbeddedContent	0x01000000	The HTML contains an <embed> tag
WarnUsupportedTags	0x80000000	The HTML contains a valid but unsupported tag (base, basefont, bgsound, bidi override, blink, colgroup, layer, marquee, multicol, nobreak or spacer)

Internet Services 11.049 Known Issues

The POP3 and IMAP servers do not support attached FC objects.

Standard Web Client Template 11.0 R7

Fixed various calendar related issues
Fixed issue when IconID field in Properties/Get Info was not working correctly
Fixed issues when in some cases recipient name was not displayed in TO: and CC: fields in Classic Mode.
Fixed issue when "Tentative" icon was not displayed for all attendees of the calendar event.
Fixed issue when attendees of the calendar event was unable to Accept, Decline or mark as Tentative any event without a Validation Key.

Standard Web Client Template 11.0 R7 Known Issues

LiteralHTML style will not be supported in the web editor in this release
Setting/editing bullets will not be supported in the web editor in this release
Some new and edited repeated calendar events may be scheduled incorrectly. FirstClass client should be used to create or edit such events.

RSS Plugin 10.0 R2

Fixed issue when Web calendars did not display event subject in RSS feed.

Web Publishing Blog 10.0 R3

Fixes Validation key feature that did not work for blog comments.
Fixes Validation key feature that did not work for private blog comments.

Contact Information

Sales

To purchase a FirstClass product or user licenses, please contact our Sales Department or your local FirstClass reseller.

North America and South America

email: sales@firstclass.com

phone: 888.808.0388

UK, Europe, Middle East, Africa, Australia, and Asia

email: sales@firstclass.com

phone: +44.1189.848000

Sales Support

To renew or purchase your M&S contract, contact your regional Sales Support center.

North America

For Canada, Southwestern US (AK, AZ, CA, CO, NM, OR, TX, WA), Mexico, South America, Japan

email: rmajchrz@opentext.com

phone: 905.762.6472

For the rest of North America

email: debra@firstclass.com

phone: 905.762.6347 or 888.588.3444 ext 5

UK, Europe, Middle East, Africa, South America, Australia, and Asia

Contact your local FirstClass reseller

email: intl_fcmaintenance@opentext.com

phone: +353.61.467424

Customer Support

Site administrators should contact their regional customer support center, if technical assistance is required.

North America

email: support@firstclass.com

United Kingdom

email: intl_fcsupport@opentext.com

phone: +0800.9.808.808

Europe, Middle East, Africa, South America, Australia, and Asia

email: intl_fcsupport@opentext.com

phone: +44.1189.848484

FirstClass, OpenText and the associated logos used herein are trademarks of Open Text Corporation and/or its subsidiary used under license. All other trademarks are the property of their respective owners.

End of Bulletin