Page Comparison

New features:

• Support for approving sending of packages by selected users before really sending the packages out. The function can be enabled in "Settings - Configuration - Basic settings - Users can send packages without approval" and by optionally selecting users through revoking their permission to "Send packages without additional approval". The approval can be performed by selected users (with permission to "Approve sending of packages") or by administrators (with permission "package management"). The function is intended to help prevent users from sending out data, which they should not. This is the first basic release of this functionality and will be improved and extended in the future.
• The posibillity to forbid users from sending out packages to themselves and also from downloading files from their own sent out packages. (In "Settings - Configuration - Basic settings - Users can send packages to themselves / Users can download files from their own sent packages" and by optionally revoking corresponding permissions from individual users.) This should further prohibit possible data leaks, where user does not send the data directly out as public package, but sends it to himself or other internal user and then logs in to his account from outside of the organization and downloads it from his account.

Fixes:

• Fixed the integration for FortiClient version 7.0.3 (minor changes in its output format).
• Added some missing texts for audit log messages (PACKAGE_REQUEST_ENTERED_VALID_PASSWORD, PACKAGE_REQUEST_ENTERED_INVALID_PASSWORD).
• Fixed several misspellings.

New features:

• Support for encryption at rest (needs to be enabled in Settings - Configuration - Encryption). Enables encryption of package files on the storage volume after finishing checks by detection engines. For details see documentation.
  • Support for individual package encryption by a key derived from a password set for the package by the sender (after finishing the encryption it is not stored anywhere). Without the knowledge of the password the package files cannot be decrypted and therefore downloaded, not even by the administrator.
• Data integrity verification. It is possible to initiate a data integrity check for whole packages or single files, which computes the current checksums (SHA256) and compares them to the original ones from the time of their upload. The result is stored and displayed for both individual files and whole packages. If the integrity is compromised (file is corrupted), a notification can be sent, according to the settings. An admin can set, whether the check can be initiated even by users for their packages and files, or not. An admin can also schedule an automatic regular integrity check, in Settings – Configuration – Data integrity.
• New antivirus supported in Detection settings – FortiClient (Fortinet antivirus).
• Options to edit an existing package by its sender (author) and admin, specifically:
• An admin can set, whether the author can add new files into his existing packages or delete them (both disabled by default).
• An admin can delete files from existing packages and restore deleted files (by admin or user). A user cannot restore deleted files.
• An admin can shred files from existing packages (and therefore free up the space on the storage volume).
• When a new file is added to an existing package a new notification is sent to the package recipients, similarly, like for a new package.
• Mass actions on packages. Multiple packages can be selected in the package lists and a mass action can be performed on all of those, for example delete them all at once.
• Mass change of permissions for selected users. Multiple users can be selected in the list of users and their permissions changed for all at once.
• An admin can manually run a (re)test of the whole package or individual files through the detection engines again. Useful for example to make sure, that after anti-virus signature update, the package/file is still safe or infected.
• Support for automatic deactivation and deletion of inactive users (Settings – Configuration – User settings). Inactive users can be disabled (unable to log in) or deleted after configured time.
• Temporary user accounts. An admin can set a user account expiration during the account creation. Such an account then expires after the set time and is automatically deleted.
• Better support for different languages:
• Separated setting of primary language for e-mail messages. (Until now, it was determined by the default language of the application.)
• Optional setting of secondary language for e-mail messages. If set, the e-mails will be bi-lingual, secondary language appended below the primary.
• Separated setting of the language for syslog. (Until now, it was determined by the default language of the application.)
• Logged in user can set his preferred language in his profile. This language will then be used in e-mails addressed to him, overriding the global settings of primary and secondary language, as described above.
• New notifications (written in audit log and optionally sent to e-mail) for events:
  • Error during a package check. Because of a failure of one of the detection engines when checking a package, it was skipped.
  • Detection engine not available. One of the detection engines stops being available. Can happen for example when an anti-virus licence expires, a sandbox connection fails, etc.
  • Disk space running low. Happens if the free space drops below 10% on one of the package storage volumes and select system paths (/, /var/log, /var/lib/pgsql, /var/lib/kafka).
• An admin can move a package from active into quarantine. (Until now only the reverse was available, release from the quarantine.)
• The option to block usage of a known leaked passwords ("have i been pwned?" service). Can be enabled in Settings - Configuration - Security.
• When creating a new admin account, it is now possible to send an e-mail with the request to set a new password to the new admin, instead of setting the password directly. (Similarly like for users.)
• A download counter for each file and the archive of a package. The number of downloads of each file and the archive is displayed in the package detail view (for anonymous users, logged in users and administrators). It counts only finished downloads (the end of the file was sent from the server to the client).

Minor changes:

• Login names are no longer case sensitive. This is the same behavior like for example in Active Directory. ("test" and "Test" is now the same user, unlike before)
• An automatic refresh of displayed information occurs when viewing a package detail (for example encryption state, integrity check results, detection results, etc.).
• Changed how a package password is remembered:
  • An admin can set the time the package password is remembered, in Settings - Configuration - Security: "Download JWT token lifetime".
  • If no user is logged in, the token is not stored in the browser (in LocalStorage).
  • If a user is logged in, a new option to "remember password for XX minutes" (according to settings) is offered and by defaulted is not enabled.
• There is a new overview of enabled detection engines and and their related information displayed on the Dashboard.
• The list of files inside a package can be ordered by name, type, date and size of the files.
• The settings for password strength requirements is now separate for users and for admins.
• The package lists can be filtered by package flags. So it is possible for example to display only packages set as persistent.
• The filters above package lists can be collapsed into a single line bar, to preserve space on the screen if needed.
• The list of files inside a package is now split into multiple separate lists for: normal files, quarantined files, deleted files, shredded files.
• Search inside contacts and contact groups improved (can search for contained contacts or groups).
• Package requests can be deleted.
• The user can "delete" packages in his inbox. Technically they are only hidden in his view. Only the sender or admin can truly delete a package, or it is deleted automatically after expiration.
• Even a user can now see the flag if a package is public or not (only admin did until now).
• Changed the process for (re)setting a password by email with a password (re)set link. The email now contains a unique link with UUID, which when opened allows to (re)set the password directly. Unlike before, when it was necessary to manually copy a token from the email into a form field before the password (re)set.
  • The related default email templates for these actions were updated accordingly. If an installation uses customized templates, these must be also manually updated in the same way as the default ones were.
• When activating TOTP multi-factor authentication, it is now required to input a valid code from the activated authenticator first, or the activation will not be done.
• Repeated password guessing protection (against bruteforce attacks) extended also to repeated multi-factor authentication (MFA) attempts.
• When changing expiration times in Settings - Configuration - Workflow it is now possible to optionally apply this change to existing packages, otherwise it only affects new ones.
• Support for new license states. The original "demo mode" is split into a new "no license" mode (new installs without even a trial license) and the now modified "demo mode" (special demo license) for demonstration purposes only.
• Support for FQDN aliases. Besides the main FQDN the license can now contain additional domains and will work for all of them, so the application can run under multiple domains.
• Support for alternative https port - the FQDN can now further contain a custom port specification, for example https://sofie.sonpo.cz:11443. Until now the application supported only native https port 443.
• The API token can be copied to the clipboard by a mouse click.
• Removed actions for shredded packages (like release from quarantine) as they are useless, the package content is already deleted.
• The current password in detection engine settings (for sandboxes) is no longer displayed, it can be only changed to a new one.
• Obfuscated the passwords contained in audit log records (replaced with *** string).
• JWT tokens modified:
  • JWT tokens sent to and stored in browsers are now encrypted, so the client cannot read their contents. (Before the were only signed to prevent client manipulation.)
  • Default expiration of JWT authentication tokens shortened from 60 to 30 minutes (= idle logout timeout).
  • New setting introduced (Settings - Configuration - Security) "Authentication JWT token absolute lifetime", which specifies after what time the user is logged out even when active.
  • New setting introduced (Settings - Configuration - Security) "Download JWT token lifetime", which specifies how long the password for password protected package can be remembered.
• Minor security improvements according to a pentest results, including:
  • Better protection against session hijacking. Added IP address and User-Agent to the JWT token and if those do not match the current ones (they changed), the request is denied and logged.
  • Added headers: Cache-Control "no-store", Pragma "no-cache", X-Content-Type-Options "nosniff" a Referrer-Policy "same-origin" to all responses.
  • When an unexpected internal error/exception occurs, the java class details are no longer displayed, but a custom error page without unnecessary internal details is shown.
• Removed the final state of a package UPLOAD_CANCELED and replaced by a single common final state of "shredded" (CONTENT_DELETED).
• Changed the looks of some parts of the application for better clarity.
• New and modified audit logs, for details see: List and description of Audit Log event types.

Fixes:

• During a long package upload the logout timer is now regularly reset, so the automatic idle logout cannot happen during the upload and cause an upload failure.
• Fixed the sometimes strange behavior of the form when setting the administrator's permissions.
• Fixed the display of usernames and other strings in audit logs and other places, where the additional string of #timestamp was shown.
• The list of detection engine check results for files in package detail is now ordered alphabetically by the column "Detection engine".
• Fixed the color bar display for check results - yellow should now be consistent and always mean, that a detection did occur, but the result is not a quarantine, but just a notification (according to settings). Before it was sometimes red in such cases.
• Changed the "ADFS error" message to " Login error", if a user is successfully logged in by the ADFS, but does not have an access to SOFiE application.
• Fixed the license expiration parsing for Kaspersky 11.2 engine.
• Fixed the missing license state attribute in LICENSE_INVALID audit logs.
• Fixed possible duplication of audit logs when the license state changes.
• The logo preview in Settings - Configuration - Appearance now better matches how it will look in the top bar.
• Other various fixes of typos, texts, design, etc.

Fixes:

• Updated the log4j library to the latest version (2.16.0), which fixes the new security vulnerability (CVE-2021-45046). Originally this vulnerability was deemed much less serious, but later was reevaluated to critical again. But the specific conditions needed for its abuse are not met in our application, so it most likely cannot be triggered at all. But to be completely sure we are again releasing a new version with updated log4j library.

Fixes:

• Updated the log4j library to the latest version (2.15.0), which fixes the new critical security vulnerability (CVE-2021-44228). Considering the severity of the vulnerability, the update should be done as soon as possible. The SOFiE application however runs behind the nginx proxy and only some URL paths are passed through, which according to our current findings effectively filters out all the so far seen attempts at exploiting this vulnerability and so those exploits are terminated at the nginx proxy and do not reach the vulnerable component. An exploit targeting specifically the SOFiE application would be required to get through, unlike the mass automated attempts now spreading through the Internet.

New features:

• Support for Hungarian in the user interface and e-mail notifications (not in the admin interface).
• Multifactor authentication (MFA / 2FA) supported even for logins of users using AD and ADFS (only for local users before).
• In the package upload form the current configured limits for maximum sizes and number of files are shown.
• Support for the password reset functionality even for the administrators. Using an e-mail with instructions and unique token, similarly like for users. The administrator must have an e-mail address filled in for this to work.
• The PDF report with FortiSandbox check results can now be viewed directly in the browser window. It is no longer necessary to download, save and then open the file.
• Showing all (including nested) MIME types for files (if the MIME module is enabled in the Detection settings). For example archives (zips, etc.), Office documents, PDFs and others may contain nested content and files of various MIME types inside. This is now shown in the file details.
• Support for logging of the User Agent from the header of web requests into the audit logs. It can be enabled in Settings - Configuration - Logging - Log User-Agent header.

Minor changes:

• Added new columns "Created at" and "Last login" in the list of users, which can be used to sort the list. This helps when searching for unused or old accounts that can be deleted.
• New audit logs for events: LICENSE_INVALID, LICENSE_VALID, APP_VERSION_CHANGED, PACKAGE_DOWNLOAD_UNAUTHORIZED_ACCESS, PACKAGE_DOWNLOAD_PACKAGE_NOT_FOUND, PACKAGE_DOWNLOAD_PACKAGE_EXPIRED. For details see: List and description of Audit Log event types.
• Added the action to terminate the check in the package detail for packages in the queue (it already was available in the list, but not in the detail).
• Automatic rotation of Kafka module log files, so their number and size does not grow excessivelly.
• Improved the installer (updated components, LetsEncrypt certificate does not need e-email, fixed nginx version for CentOS8, OCSP stapling in nginx).
• Modified the parameters in the e-mail templates. Replaced the ${appTitle} parameter with the parameters ${appName} and ${subjectPrefix} (those are related to Settings - Configuration - Appearance and Settings - Configuration - E-mail prefix). An automatic replacement will be done in the existing templates, according to if the parameter is used inside the subject (->subjectPrefix) or in the body (→appName). Updated the texts, previews, help and related accordingly. Increased the maximum size of the subject in the templates from 100 to 200 characters.
• Modified the logging of changes (for better accuracy) of MIME types. Before it could happen twice, depending on if the change was done by "magic" or "content" MIME detector. Now it happens and is logged at most once, but with new attributes clarifying the change.
• The application web server (Tomcat) now listens for connections only on the localhost address (it communicates with local nginx).
• Multiple components updated (React, Ant Design, Tomcat, Meecrowave, etc.).
• Minor changes in graphics, icons, etc.

Fixes:

• Fixed the deletion of XSRF cookie when closing the browser, but not refreshing it after reopening again, unlike the login, which resulted in a logout after any performed action because of invalid XSRF cookie. Now it has the same lifetime as the login.
• Fixed the "jumping" calendar when editing package expiration.  After a few seconds from the change of month it jumped back.
• Fixed the content deletion from the field for maximum size in the DLP settings after a few seconds.
• Other minor fixes of typos, texts, graphics, etc.

New features:

• Persistent packages. The admin can disable the expiration for a selected package, making it persistent, until the admin enables the expiration again.
• Support for discovering the IP addresses of clients when running behind a proxy. The address of the proxy must be entered in Settings - Configuration - Security - Trusted proxies and the proxy must add a X-Forwarded-For header.
• New permissions for users, specifying, whether they can send each type of the package (public, internal, private). Also new default setting for the package type, which is used for packages where the user does not change it.
• New permission for users, specifying, whether they can download package contents without reentering their login password. (Without it, the user must reenter his login password before each download.)
• Settings for default permissions of new users, in Settings - Configuration - User default settings.

Minor changes:

• For datastores, that cannot be deleted (because of being used), the trashcan icon is inactive.
• Administrator actions for packages moved to a sub menu, which can be displayed be clicking the ... icon.
• Modified the display of flags in package lists.
• New descriptions for package types are available to users directly inside the application.

Fixes:

• The administrator can now change his own password even if he does not have permission for administrator management.
• The audit log no longer displays empty "personalSettings" change when changing user's permissions.
• Sending of packages using API did not take user's permissions into account. Now it is no longer possible to send packages using API, if the user does not have the send package permission.
• Although a check of a package was canceled for a package in the queue, all the queued checks were performed anyway. Now the remaining checks, which are not already running, are correctly skipped.
• Minor fixes of some texts and design.

Fixes:

• Fixed blocking / allowing of content based on a MIME type, where some types were shown differently in the package detail, than how they needed to be entered to the blacklist / whitelist. (ie. "application/x-dosexec" vs. "application/x-msdownload")

New features:

• Implemented support for multi-factor authentication (2FA) for users and administrator. The following factors are supported:
  • TOTP - supported for example by Google Authenticator
  • FIDO2 (Webauthn) - supported for example by Yubico 5
• New application mode "by request only". Administrator can forbid upload of packages to anonymous (not logged in) users, unless they receive package upload request by logged in user. This mode can be set up in Settings - Configuration - Basic Settings.
• New "internal" mode for package accessibility added to existing "private" and "public" modes. Access to internal packages is allowed for all logged in users, who have the link to the package.
• Support for "blind copy" for logged in users. Like in e-mails, logged in users can send packages to hidden recipients, who will not be visible in the displayed package recipients.
• New address book for users, including the support for groups and optional automatic saving of package recipients.
• Support for editing of e-mail templates. Administrator can modify the contents of the notifications being sent out in Settings - E-mail templates.
• Support for multiple data stores (disks/volumes). Administrator can configure them in Settings - Datastores. Enables easy addition of another disk or volume, in case the current is running out of space.
• Administrator can grant (revoke) the following rights to the users:
  • login (without it, the user cannot log in)
  • receive packages (without it, a package cannot be sent to the user's address, like if he does not exist)
  • send packages (without it, the user cannot send packages, only receive them)
• Remote application diagnostics support. The administrator can:
  • send application logs to the technical support (no user data or package data are sent).
  • enable / disable reverse SSH tunnel for remote SSH access of technical support.
• Support for Check Point SandBlast appliance. (before, only cloud version was supported, now both are)
• In FortiSandbox settings, it can be selected which of the results "high risk", "medium risk", "low risk", will be blocked.

Minor changes:

• Link to documentation added to the right part of the top bar.
• Official API documentation available here: https://docs.sofie.cloud/en/api/v1/user/
• Added some functions to the API, see API documentation.
• Administrator can restore the packages from the archive, similarly to restoring deleted packages (from trash).
• ZIP archive can be created even for archived packages (accessible only to the administrator).
• Added "severity" attribute to the audit logs, according to the syslog standard.
• New design of the Dashboard screen for administrators, including graphs of datastore usage.
• New loading page for the first opening of the application, so the anonymous part does not display briefly for logged in users.
• New info screen, which is displayed, when the backend is not working (upgrade, restart, etc.) and automatically disappears, when backend starts working again.
• Support for the new ESET version 7. Old ESET version 4 still works too, but will no longer be maintained and supported.
• Administrator can allow downloading of clean files from quarantined packages, in Settings - Configuration - Basic settings.
• If notifications to (registered) senders about their quarantined packages are enabled, they will also receive notifications when their packages are released from the quarantine.
• All files in packages released from quarantine will be marked as clean. Both packages and files, which were originally not clean, but quarantined, will be flagged as released from quarantine.
• List of files in package detail now shows the files with some detection, that cause the package to be quarantined, always on top of the list.
• Modified administrator's menu with packages: added menu items for some package states, which were mixed together before, and all the states moved to be a sub menu under main menu item Packages.
• FortiSandbox PDF report now also accessible under a magnifying glass icon, not just by double clicking.
• FortiSandbox without a valid license now considered as available, if it works otherwise. It was considered not available without a license before, even though it worked.
• Improved audit logs for forwarded packages, so it is easier to find the forwarded package origin and related logs.
• Improved audit logs for quarantined packages: added new attribute "detectionResults", which contains array of all the reasons for quarantining the package or file.
• Documented all audit log types, see: List and description of Audit Log event types
• Added internal SID attribute to users, for better pairing of AD and ADFS accounts. Useful for example when renaming users.
• The number of application users is sent to the license server during license verification and update.
• Some texts and captions modified for better understanding and unified across the application.
• Introduced 90 day application logs retention period. It was unlimited before and could fill up the disk in time.
• Modified sofie yum repository - changed to disabled. The sofie script enables it in case of need. General yum update will not unexpectedly update the application now.
• Modified (unified) the default values of detection engines after installation.
• New setting in Settings - Configuration - E-mail: Ignore certificate errors. It allows e-mails to be sent using TLS/SSL even if the configured mail server does not have a valid certificate.
• An Administrator can change his own password similarly like a user using the menu under the profile icon on the right side of the top bar.
• Maximum file size in ZIP archive in Settings - Configuration - Package size limits can be set to unlimited value. It was limited to 1 GiB before.

Fixes:

• Removed duplicated lines of encrypted content detection in some ZIP archives.
• Fixed error in internal detection engines when checking some types of archives (error in used library: https://issues.apache.org/jira/browse/COMPRESS-479).
• Fixes and improvements of the installer and its documentation.
• Fixes and changes in the package filters for users (if no state is selected, states are ignored by the filter, correct filtering of requests).
• Added missing texts and display corrections for FILE_CHECK_REPORT_ADDED audit log.
• Fixed swapped audit log messages for FILE_ARCHIVE_ADDED and FILE_ARCHIVE_UPDATED.
• Fixed diskusage in sofie script, so it works even when data directory is a symlink.
• Fixed very long time when rebooting the server (added missing dependencies in systemd scripts).
• Fixes in parallel task processing implementation (AV scans for example). Parallel processing is not used by default.
• Fixes in helper AV scripts (used by detection engines) for some specific situations. Added debug application logs for AV detection engines.
• Fixed unhandled exception if datastore is not writable.
• Fixed exception blocking login, if the protection against repeated login failures had been disabled, multiple invalid logins were attempted and then the protection was enabled again.
• Fixed various minor bugs in some forms (not working closing cross, contents of filled in form field being deleted, etc.).
• Added some missing texts and fixed errors in existing ones.
• Other minor fixes in design and formatting.