Release Notes CPS 7.1.8

Collax Platform Server
28.11.2019

Installation Notes

Update Instructions

To install this update please follow the following steps:

Procedure

  1. It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
  2. In the administration interface go to System → System Operation → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
  3. Click Get Packages to download the update packages.
  4. Click Install. This installs the update. The end of this process is indicated by the message Done!.
  5. A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.

New in this Version

New Add-on module - Collax Central

With this version, the new add-on module “Collax Central” is available. It helps to keep track of all Collax servers, making administration easier and points out early on emerging problems. The Collax Central Dashboard is a tool to make the administration efficient and the place where all the threads come together. This can be problems to be recognized at a glance in a large server landscape. Sporadic and regular maintenance tasks go quickly by the hand. Collax Central is available as a module for the Collax C servers (eg Collax Business Server). If you are interested, please contact your dealer, distributor or Collax distributor.

Kopano Groupware: Kopano and Performance Tuning Paramater

This version will extend and adjust tuning parameters for Kopano. For an optimal tuning, the settings of the MySQL database should be optimized. Especially the values for the innodb_buffer_pool_size will be increased. The innodb_log_file_size will also be restricted to 2048M.

Distribution of CRLs via OCSP or CRL URL

Previously, CRLs had to be individually and with each change by exporting and importing to the respective servers be distributed. With the new options OCSP URL and CRL URL the CRLs can be distributed automatically. Either an existing network OCSP server can be used or a CRL URL will be generated and configured together with the certificates on the participating servers. Currently this function is supported only by the local service for IPSec VPN (IKEv1, IKEv2).

File: Samba 4.9

Samba has been updated to the new version 4.9. The Samba developers have, among other things, closed critical security holes.

System Management: Linux Kernel 4.9.202

This update installs Linux kernel 4.9.202.

Issues Fixed in this Version

Security: Important security relevant System Components

This update will also install/update the following important system components:

  • libxslt 1.1.33
  • sqlite 3.28.0
  • Apache Tomcat 9.0.22
  • libexpat
  • Curl 7.65.3
  • Apache 2.4.41
  • PHP 7.2.23
  • OpenLDAP 2.4.48
  • libsasl2 2.1.27
  • microcode-20191115
  • heimdal kerberos libraries

CVE-2019-11068 CVE-2019-13117 CVE-2019-13118 CVE-2019-5018 CVE-2019-8457 CVE-2019-9936 CVE-2019-9937 CVE-2019-10072 CVE-2019-0221 CVE-2019-0232 CVE-2018-20843 CVE-2019-15903 CVE-2019-5435 CVE-2019-5436 CVE-2019-10081 CVE-2019-9517 CVE-2019-10098 CVE-2019-10092 CVE-2019-10097 CVE-2019-10082 CVE-2019-11042 CVE-2019-11041 CVE-2019-13057 CVE-2019-13565 CVE-2018-16860 CVE-2019-12098 CVE-2018-12207 CVE-2019-11135 CVE-2018-16860 CVE-2019-12098

Security: SWAPGS

Experts have discovered critical security holes. SWAPGS refers to an attack on Intel processors, much like Meltdown and Spectre.

Assigned Common Vulnerabilities and Exposures (CVE) number:

CVE-2019-1125

Security: Intel has fixed security holes

Experts have discovered and fixed critical security holes on Intel processors.

See here .

Kopano Groupware: Z-Push: GAB-Sync

The (Global Address Book) GAB-sync script regularly syncronizes the global address book of the Kopano server. Due to an incorrect file system path, the script could not be called and generated an error message. This update adjusts the path and corrects this behavior.

Collax E-Mail Archive: Fix search for recipients

Due to a bad string for searches within the email archive front-end the search query could not be restricted on recipients. This will be fixed with this release, so that all archived emails are displayed again.

Due to a faulty perl-email-address module, not all search queries could be carried out reliably. This will be fixed with this release, so that all archived emails are displayed again.

VPN connection after certificate update

The VPN component Charon has shown unexpected behavior and VPN connections with a certificate renewed by Let’s Encrypt have not been reloaded, causing the connection not to establish anymore. This update will provide the renewed certificate for the link to be reread again.

Collax Advanced Networking: Brute Force Protection: Status

In the brute force protection status dialog, blocked IP addresses are listed. This dialog is located under Status / Maintenance -> Status -> Brute Force Protection Status. Under certain circumstances, the call could result in a timeout. This behavior is fixed within this update.

System Management: Amavis - Recipient notification

AMaViS (A Mail Virus Scanner) is a high-performance and reliable interface between the mailer (MTA) and one or more virus scanners. If infected or unverifiable messages can be detected, it can be controlled, whether the recipient receives a warning via e-mail. Due to an error in the configuration file Amavis has set the sender domain of the recipient notification incorrectly, causing certain e-mail servers not to address the message. This will be fixed with this release.

Notes

E-Mail: Avira AntiVir prior Version 7.1.6

From Avira, an automatic update of the core components of Avira has been carried out. In this context, a new dependency of the libraries has been added, the next time the virus scanner is not started can be resolved. The result is that the virus scanner does not work during a reboot or configuration change is restarted. For security reasons, emails will no longer be delivered. To solve the problem, please update your server to version 7.1.6. Note: As long as the virus scanner is not restarted, it works in its entirety.

Kopano Groupware: Database conversion after update 7.1.6

The Kopano database is automatically converted for update 7.1.6 after the server is restarted. This process can, depending on the database size, take between half and several hours. In the dashboard this background task is visible as a job. The Kopano service is not available at the time of conversion. Before the update, make a complete backup of the data. When the conversion is complete, the Kopano service is restarted. Subsequently, further optimizations and schema changes are made. In this time the services Kopano and MySQL may not be stopped.