Tip |
---|
Version 1.4.0 (2020/04/15) |
New features: - Implemented support for multi-factor authentication (2FA) for users and administrator. The following factors are supported:
- TOTP - supported for example by Google Authenticator
- FIDO2 (Webauthn) - supported for example by Yubico 5
- New application mode "by request only". Administrator can forbid upload of packages to anonymous (not logged in) users, unless they receive package upload request by logged in user. This mode can be set up in Settings - Configuration - Basic Settings.
- New "internal" mode for package accessibility added to existing "private" and "public" modes. Access to internal packages is allowed for all logged in users, who have the link to the package.
- Support for "blind copy" for logged in users. Like in e-mails, logged in users can send packages to hidden recipients, who will not be visible in the displayed package recipients.
- New address book for users, including the support for groups and optional automatic saving of package recipients.
- Support for editing of e-mail templates. Administrator can modify the contents of the notifications being sent out in Settings - E-mail templates.
- Support for multiple data stores (disks/volumes). Administrator can configure them in Settings - Datastores. Enables easy addition of another disk or volume, in case the current is running out of space.
- Administrator can grant (revoke) the following rights to the users:
- login (without it, the user cannot log in)
- receive packages (without it, a package cannot be sent to the user's address, like if he does not exist)
- send packages (without it, the user cannot send packages, only receive them)
- Remote application diagnostics support. The administrator can:
- send application logs to the technical support (no user data or package data are sent).
- enable / disable reverse SSH tunnel for remote SSH access of technical support.
- Support for Check Point SandBlast appliance. (before, only cloud version was supported, now both are)
- In FortiSandbox settings, it can be selected which of the results "high risk", "medium risk", "low risk", will be blocked.
Minor changes: - Link to documentation added to the right part of the top bar.
- Official API documentation available here: https://docs.sofie.cloud/en/api/v1/user/
- Added some functions to the API, see API documentation.
- Administrator can restore the packages from the archive, similarly to restoring deleted packages (from trash).
- ZIP archive can be created even for archived packages (accessible only to the administrator).
- Added "severity" attribute to the audit logs, according to the syslog standard.
- New design of the Dashboard screen for administrators, including graphs of datastore usage.
- New loading page for the first opening of the application, so the anonymous part does not display briefly for logged in users.
- New info screen, which is displayed, when the backend is not working (upgrade, restart, etc.) and automatically disappears, when backend starts working again.
- Support for the new ESET version 7. Old ESET version 4 still works too, but will no longer be maintained and supported.
- Administrator can allow downloading of clean files from quarantined packages, in Settings - Configuration - Basic settings.
- If notifications to (registered) senders about their quarantined packages are enabled, they will also receive notifications when their packages are released from the quarantine.
- All files in packages released from quarantine will be marked as clean. Both packages and files, which were originally not clean, but quarantined, will be flagged as released from quarantine.
- List of files in package detail now shows the files with some detection, that cause the package to be quarantined, always on top of the list.
- Modified administrator's menu with packages: added menu items for some package states, which were mixed together before, and all the states moved to be a sub menu under main menu item Packages.
- FortiSandbox PDF report now also accessible under a magnifying glass icon, not just by double clicking.
- FortiSandbox without a valid license now considered as available, if it works otherwise. It was considered not available without a license before, even though it worked.
- Improved audit logs for forwarded packages, so it is easier to find the forwarded package origin and related logs.
- Improved audit logs for quarantined packages: added new attribute "detectionResults", which contains array of all the reasons for quarantining the package or file.
- Documented all audit log types, see: List and description of Audit Log event types
- Added internal SID attribute to users, for better pairing of AD and ADFS accounts. Useful for example when renaming users.
- The number of application users is sent to the license server during license verification and update.
- Some texts and captions modified for better understanding and unified across the application.
- Introduced 90 day application logs retention period. It was unlimited before and could fill up the disk in time.
- Modified sofie yum repository - changed to disabled. The sofie script enables it in case of need. General yum update will not unexpectedly update the application now.
- Modified (unified) the default values of detection engines after installation.
- New setting in Settings - Configuration - E-mail: Ignore certificate errors. It allows e-mails to be sent using TLS/SSL even if the configured mail server does not have a valid certificate.
- An Administrator can change his own password similarly like a user using the menu under the profile icon on the right side of the top bar.
- Maximum file size in ZIP archive in Settings - Configuration - Package size limits can be set to unlimited value. It was limited to 1 GiB before.
Fixes: - Removed duplicated lines of encrypted content detection in some ZIP archives.
- Fixed error in internal detection engines when checking some types of archives (error in used library: https://issues.apache.org/jira/browse/COMPRESS-479).
- Fixes and improvements of the installer and its documentation.
- Fixes and changes in the package filters for users (if no state is selected, states are ignored by the filter, correct filtering of requests).
- Added missing texts and display corrections for FILE_CHECK_REPORT_ADDED audit log.
- Fixed swapped audit log messages for FILE_ARCHIVE_ADDED and FILE_ARCHIVE_UPDATED.
- Fixed diskusage in sofie script, so it works even when data directory is a symlink.
- Fixed very long time when rebooting the server (added missing dependencies in systemd scripts).
- Fixes in parallel task processing implementation (AV scans for example). Parallel processing is not used by default.
- Fixes in helper AV scripts (used by detection engines) for some specific situations. Added debug application logs for AV detection engines.
- Fixed unhandled exception if datastore is not writable.
- Fixed exception blocking login, if the protection against repeated login failures had been disabled, multiple invalid logins were attempted and then the protection was enabled again.
- Fixed various minor bugs in some forms (not working closing cross, contents of filled in form field being deleted, etc.).
- Added some missing texts and fixed errors in existing ones.
- Other minor fixes in design and formatting.
|