[ZendTo] ANNOUNCE: Production version 5.23-1 released

Jules Jules at Zend.To
Mon Mar 16 11:47:51 GMT 2020 

Folks,

To give you something to do while self-isolating from Covid-19, I have 
just released a new version of ZendTo, version 5.23-1.

It's been some time since the last production release (sorry, I got 
stuck in hospital), so there are quite a few new features and updates. 
Don't forget to run /opt/zendto/bin/upgrade after you yum/apt upgrade to 
the new version.

Here are the major changes and new options/features:

*- New preferences.php settings* (more details in preferences.php)*:*
   * '*allowExternalRecipients*' (default=TRUE). If set to FALSE, only 
recipients listed in internaldomains.conf may be used. Creates an 
entirely closed system where files cannot be sent to external users at all.
   * '*showRecipientsWaiverCheckbox*' (default=TRUE) and 
'*defaultRecipientsWaiver*' (default=FALSE). A new "terms and conditions 
waiver" feature. If used, this forces recipients to read some text 
(could be legal stuff, could be instructions) and tick a check box to 
say they have read and agreed to it. Until they have ticked the box, 
they cannot see any of the download links. The default "terms and 
conditions" text just contains instructions on how you change that text, 
and how to disable the feature completely.
   * '*behindLoadBalancer*' (default=FALSE). Set this to TRUE if your 
ZendTo log says all users are coming from the same IP address (that of 
your load balancer/firewall). This used to be automatic, but doing it 
that way introduces a potential security vulnerability when there is no 
load balancer.
   * '*requestSenderOrgIsEditable*' (default=TRUE). In the "request a 
drop-off" form, should the organisation name be editable or not. In 
small / simple organisations you probably want this FALSE, but in 
complex ones such as large universities with multiple brands and 
spin-offs you may well want this to be editable and hence TRUE.
   * '*indexAddressbookByEmail*' (default=FALSE). If your users login to 
ZendTo with a random (and continually changing) username, due to you 
using hardware authentication keys such as Yubikeys, setting this TRUE 
will make the "address book" feature work properly. Changing this from 
FALSE to TRUE on an existing installation will effectively wipe the 
address book contents, so don't change it unless you actually need to.
   * '*allowExternalPickups*' (default=TRUE). If set to FALSE, users who 
are not logged in will not see the "Pick-up files" button in the main menu,

- internaldomains.conf file can now list individual email addresses as 
well as domain names. This allows you to add a few GMail users as 
"internal users", for example.
- Changed method of calling Google ReCaptcha to improve reliability, and 
to make it work from China. If you use the "Content-Security-Policy" 
HTTP header, you will need to add recaptcha.net to the items that list 
google.com as valid sources.

- Removed vulnerabilities from admin "unlock users" page.
- Improved security of session cookie. Installing this update will 
logout any current ZendTo users, so do this at a quiet time or a 
scheduled maintenance window.
- Updated supplied copies of all external Javascript libraries.

- Added new Hungarian, Russian and Polish translations.
- Improved French, Italian and Dutch translations.

- Added support for CentOS 8, Ubuntu 19 and Debian 10 (Buster) to the 
Installer.
- Fixed self-signed certs generated by the Installer so they work in 
MacOS 10.15 Catalina. Apple have added a bunch of constraints, see 
https://support.apple.com/en-us/HT210176.
- Various other minor bug fixes. See the ChangeLog entries for the 
preceding beta releases for details.


As usual, please get in contact with me if you have any problems with 
the new version.

Cheers,

Jules

-- 
Julian Field MEng CEng CITP MBCS MIEEE MACM

'Talent is God-given ... be humble;
  fame is man-given ... be grateful;
  conceit is self-given ... be careful.' - John Wooden

www.Zend.To
Twitter: @JulesFM

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20200316/1288566d/attachment.html>

More information about the ZendTo mailing list