Page Comparison

New features:

• Support for Hungarian in the user interface and e-mail notifications (not in the admin interface).
• Multifactor authentication (MFA / 2FA) supported even for logins of users using AD and ADFS (only for local users before).
• In the package upload form the current configured limits for maximum sizes and number of files are shown.
• Support for the password reset functionality even for the administrators. Using an e-mail with instructions and unique token, similarly like for users. The administrator must have an e-mail address filled in for this to work.
• The PDF report with FortiSandbox check results can now be viewed directly in the browser window. It is no longer necessary to download, save and then open the file.
• Showing all (including nested) MIME types for files (if the MIME module is enabled in the Detection settings). For example archives (zips, etc.), Office documents, PDFs and others may contain nested content and files of various MIME types inside. This is now shown in the file details.
• Support for logging of the User Agent from the header of web requests into the audit logs. It can be enabled in Settings - Configuration - Logging - Log User-Agent header.

Minor changes:

• Added new columns "Created at" and "Last login" in the list of users, which can be used to sort the list. This helps when searching for unused or old accounts that can be deleted.
• New audit logs for events: LICENSE_INVALID, LICENSE_VALID, APP_VERSION_CHANGED, PACKAGE_DOWNLOAD_UNAUTHORIZED_ACCESS, PACKAGE_DOWNLOAD_PACKAGE_NOT_FOUND, PACKAGE_DOWNLOAD_PACKAGE_EXPIRED. For details see: List and description of Audit Log event types.
• Added the action to terminate the check in the package detail for packages in the queue (it already was available in the list, but not in the detail).
• Automatic rotation of Kafka module log files, so their number and size does not grow excessivelly.
• Improved the installer (updated components, LetsEncrypt certificate does not need e-email, fixed nginx version for CentOS8, OCSP stapling in nginx).
• Modified the parameters in the e-mail templates. Replaced the ${appTitle} parameter with the parameters ${appName} and ${subjectPrefix} (those are related to Settings - Configuration - Appearance and Settings - Configuration - E-mail prefix). An automatic replacement will be done in the existing templates, according to if the parameter is used inside the subject (->subjectPrefix) or in the body (→appName). Updated the texts, previews, help and related accordingly. Increased the maximum size of the subject in the templates from 100 to 200 characters.
• Modified the logging of changes (for better accuracy) of MIME types. Before it could happen twice, depending on if the change was done by "magic" or "content" MIME detector. Now it happens and is logged at most once, but with new attributes clarifying the change.
• The application web server (Tomcat) now listens for connections only on the localhost address (it communicates with local nginx).
• Multiple components updated (React, Ant Design, Tomcat, Meecrowave, etc.).
• Minor changes in graphics, icons, etc.

Fixes:

• Opraveno mazání Fixed the deletion of XSRF cookie při zavření prohlížeče, ale neobnovení při znovu otevření, narozdíl od přihlášení, takže následně došlo po jakékoli akci k odhlášení z důvodu neplatnosti XSRF cookie. Nyní má stejnou platnost jako přihlášení.
• Opraven "přeskakující" kalendář u editace expirace zásilky. Po pár vteřinách od změny měsíce docházelo k návratu zpět.
• Opraveno mazání obsahu pole pro maximální velikost v nastavení DLP po několika vteřinách.
• Další drobné opravy překlepů, textů, grafiky, apodwhen closing the browser, but not refreshing it after reopening again, unlike the login, which resulted in a logout after any performed action because of invalid XSRF cookie. Now it has the same lifetime as the login.
• Fixed the "jumping" calendar when editing package expiration.  After a few seconds from the change of month it jumped back.
• Fixed the content deletion from the field for maximum size in the DLP settings after a few seconds.
• Other minor fixes of typos, texts, graphics, etc.

New features:

• Persistent packages. The admin can disable the expiration for a selected package, making it persistent, until the admin enables the expiration again.
• Support for discovering the IP addresses of clients when running behind a proxy. The address of the proxy must be entered in Settings - Configuration - Security - Trusted proxies and the proxy must add a X-Forwarded-For header.
• New permissions for users, specifying, whether they can send each type of the package (public, internal, private). Also new default setting for the package type, which is used for packages where the user does not change it.
• New permission for users, specifying, whether they can download package contents without reentering their login password. (Without it, the user must reenter his login password before each download.)
• Settings for default permissions of new users, in Settings - Configuration - User default settings.

Minor changes:

• For datastores, that cannot be deleted (because of being used), the trashcan icon is inactive.
• Administrator actions for packages moved to a sub menu, which can be displayed be clicking the ... icon.
• Modified the display of flags in package lists.
• New descriptions for package types are available to users directly inside the application.

Fixes:

• The administrator can now change his own password even if he does not have permission for administrator management.
• The audit log no longer displays empty "personalSettings" change when changing user's permissions.
• Sending of packages using API did not take user's permissions into account. Now it is no longer possible to send packages using API, if the user does not have the send package permission.
• Although a check of a package was canceled for a package in the queue, all the queued checks were performed anyway. Now the remaining checks, which are not already running, are correctly skipped.
• Minor fixes of some texts and design.

Fixes:

• Fixed blocking / allowing of content based on a MIME type, where some types were shown differently in the package detail, than how they needed to be entered to the blacklist / whitelist. (ie. "application/x-dosexec" vs. "application/x-msdownload")

New features:

• Implemented support for multi-factor authentication (2FA) for users and administrator. The following factors are supported:
  • TOTP - supported for example by Google Authenticator
  • FIDO2 (Webauthn) - supported for example by Yubico 5
• New application mode "by request only". Administrator can forbid upload of packages to anonymous (not logged in) users, unless they receive package upload request by logged in user. This mode can be set up in Settings - Configuration - Basic Settings.
• New "internal" mode for package accessibility added to existing "private" and "public" modes. Access to internal packages is allowed for all logged in users, who have the link to the package.
• Support for "blind copy" for logged in users. Like in e-mails, logged in users can send packages to hidden recipients, who will not be visible in the displayed package recipients.
• New address book for users, including the support for groups and optional automatic saving of package recipients.
• Support for editing of e-mail templates. Administrator can modify the contents of the notifications being sent out in Settings - E-mail templates.
• Support for multiple data stores (disks/volumes). Administrator can configure them in Settings - Datastores. Enables easy addition of another disk or volume, in case the current is running out of space.
• Administrator can grant (revoke) the following rights to the users:
  • login (without it, the user cannot log in)
  • receive packages (without it, a package cannot be sent to the user's address, like if he does not exist)
  • send packages (without it, the user cannot send packages, only receive them)
• Remote application diagnostics support. The administrator can:
  • send application logs to the technical support (no user data or package data are sent).
  • enable / disable reverse SSH tunnel for remote SSH access of technical support.
• Support for Check Point SandBlast appliance. (before, only cloud version was supported, now both are)
• In FortiSandbox settings, it can be selected which of the results "high risk", "medium risk", "low risk", will be blocked.

Minor changes:

• Link to documentation added to the right part of the top bar.
• Official API documentation available here: https://docs.sofie.cloud/en/api/v1/user/
• Added some functions to the API, see API documentation.
• Administrator can restore the packages from the archive, similarly to restoring deleted packages (from trash).
• ZIP archive can be created even for archived packages (accessible only to the administrator).
• Added "severity" attribute to the audit logs, according to the syslog standard.
• New design of the Dashboard screen for administrators, including graphs of datastore usage.
• New loading page for the first opening of the application, so the anonymous part does not display briefly for logged in users.
• New info screen, which is displayed, when the backend is not working (upgrade, restart, etc.) and automatically disappears, when backend starts working again.
• Support for the new ESET version 7. Old ESET version 4 still works too, but will no longer be maintained and supported.
• Administrator can allow downloading of clean files from quarantined packages, in Settings - Configuration - Basic settings.
• If notifications to (registered) senders about their quarantined packages are enabled, they will also receive notifications when their packages are released from the quarantine.
• All files in packages released from quarantine will be marked as clean. Both packages and files, which were originally not clean, but quarantined, will be flagged as released from quarantine.
• List of files in package detail now shows the files with some detection, that cause the package to be quarantined, always on top of the list.
• Modified administrator's menu with packages: added menu items for some package states, which were mixed together before, and all the states moved to be a sub menu under main menu item Packages.
• FortiSandbox PDF report now also accessible under a magnifying glass icon, not just by double clicking.
• FortiSandbox without a valid license now considered as available, if it works otherwise. It was considered not available without a license before, even though it worked.
• Improved audit logs for forwarded packages, so it is easier to find the forwarded package origin and related logs.
• Improved audit logs for quarantined packages: added new attribute "detectionResults", which contains array of all the reasons for quarantining the package or file.
• Documented all audit log types, see: List and description of Audit Log event types
• Added internal SID attribute to users, for better pairing of AD and ADFS accounts. Useful for example when renaming users.
• The number of application users is sent to the license server during license verification and update.
• Some texts and captions modified for better understanding and unified across the application.
• Introduced 90 day application logs retention period. It was unlimited before and could fill up the disk in time.
• Modified sofie yum repository - changed to disabled. The sofie script enables it in case of need. General yum update will not unexpectedly update the application now.
• Modified (unified) the default values of detection engines after installation.
• New setting in Settings - Configuration - E-mail: Ignore certificate errors. It allows e-mails to be sent using TLS/SSL even if the configured mail server does not have a valid certificate.
• An Administrator can change his own password similarly like a user using the menu under the profile icon on the right side of the top bar.
• Maximum file size in ZIP archive in Settings - Configuration - Package size limits can be set to unlimited value. It was limited to 1 GiB before.

Fixes:

• Removed duplicated lines of encrypted content detection in some ZIP archives.
• Fixed error in internal detection engines when checking some types of archives (error in used library: https://issues.apache.org/jira/browse/COMPRESS-479).
• Fixes and improvements of the installer and its documentation.
• Fixes and changes in the package filters for users (if no state is selected, states are ignored by the filter, correct filtering of requests).
• Added missing texts and display corrections for FILE_CHECK_REPORT_ADDED audit log.
• Fixed swapped audit log messages for FILE_ARCHIVE_ADDED and FILE_ARCHIVE_UPDATED.
• Fixed diskusage in sofie script, so it works even when data directory is a symlink.
• Fixed very long time when rebooting the server (added missing dependencies in systemd scripts).
• Fixes in parallel task processing implementation (AV scans for example). Parallel processing is not used by default.
• Fixes in helper AV scripts (used by detection engines) for some specific situations. Added debug application logs for AV detection engines.
• Fixed unhandled exception if datastore is not writable.
• Fixed exception blocking login, if the protection against repeated login failures had been disabled, multiple invalid logins were attempted and then the protection was enabled again.
• Fixed various minor bugs in some forms (not working closing cross, contents of filled in form field being deleted, etc.).
• Added some missing texts and fixed errors in existing ones.
• Other minor fixes in design and formatting.