Axigen 10.5.19

SECURITY

• Prevent loading SASL plugins (AXI-5632 • CVE-2024-28589 • LEARN MORE)

• Prevent referrer exfiltration by improving HTML content filtering for incoming email messages (AXI-5500)

LEARN MORE: INTERNAL SECURITY REVIEW 2024

• Authentication Security: Harden cryptography for cookie based authentication (AXI-5496)
• Email Content Security: Extend body filtering rules for messages containing external images (AXI-5501)
• WebMail Security Strengthening: Address Cross-Site Scripting (XSS) vulnerabilities in the interface and action handling scripts (AXI-5489, AXI-5490)
• Mobile WebMail Enhancements: Eliminate HTML injection vulnerabilities (AXI-5505, AXI-5506, AXI-5507, AXI-5558)

LEARN MORE: INTERNAL SECURITY REVIEW 2024

SERVER

• Improve logging for saving mail in Sent while sending mail (AXI-5556)
• Keep the original account type (basic / premium) for newly repaired accounts (AXI-5650)
• Fix Milter issue where header values are being cropped to 4K when added/inserted/modified (AXI-5641)
• Fix DAV return empty contents on REPORT multi-get when an entry is broken (AXI-5629)
• Fix calendar crash caused by logically malformed durations (AXI-5628)
• Improve mail list logging (AXI-5622)
• Lower the storage impact for SNMP or /metrics related requests (AXI-5619)
• Delay account reporting job with 1 hour from the start moment (AXI-5618)
• Fix wrong response code when attempting Undo Operation that cannot be completed (AXI-5616)
• Fix high CPU usage in milter caused by polling a closed socket (AXI-5549)
• Fix implementation for Check DNS TXT method from SMTP filter (AXI-5548)
• Fix auto-migration handling of errors returned as response to ID command (AXI-4544)

• Fix mails losing labels when archiving with specific email clients (AXI-5596)
• Log improvements for conversation undo (AXI-5585)
• Introduce support for additional charsets (AXI-5559)
• Fix storage corruption caused by APPEND-ing into the Archive folder when yearly archiving is set (AXI-5553)
• Fix archived message getting duplicated when using Outlook (AXI-5522)
• Fix send restrictions exceptions not working in specific scenario (AXI-5508)

• Fix crash scenario related to the Activesync calendar (AXI-5563)
• Fix search index status for Flagged folder stuck updating (AXI-5414)
• Fix CLI scan command and improve storage related logs (AXI-5571)
• Fix the export method for SMTP variables (AXI-5551)
• Fix crash when setting indexAutoReschedule to "never" (AXI-5547)
• Also apply the CA bundle fallback if the files are broken (AXI-5534)
• CalDAV: Fix task categories not working (AXI-5521)

• Fix scheduled email not being sent at the correct time in specific scenarios (AXI-5493)
• Improve logging related to erors during the conversation indexing (AXI-5484)
• Recreate indexing job if not present during rescheduling (AXI-5478)
• Fix infinite loop caused by domain deletion during conversation index update (AXI-5465)
• Improve logging visibility for certain configuration changes (AXI-5459)
• CLI: add option to change the value for caBundlePath (AXI-5457, AXI-5458)
• Fix RPOP STARTTLS connection failure (AXI-5433)
• Fix crash scenario when restoring an account using an administrative account with specific permissions (AXI-5426)
• Fix reason details for WebMail authentication failures (AXI-5399)
• Fix a high CPU usage scenario when running a Milter filter (AXI-5392)
• CardDAV: Fix interoperability issue when synchronizing contact collections in recent versions of Thunderbird (AXI-4588)

• Improve storage corruption crosschecks (AXI-5339)*
• Fix LDAP SSL certificate validation after caching CA bundle (AXI-5410)
• Enhance logging related to temporary search folder management (AXI-5437)
• Return indexInfo error on temporary exceptions post index initialization (AXI-4903)

*) This fix performs a storage upgrade. Roll-back possible via back-up only!

• Hotfix: Fix Axigen crashes related to ActiveSync session (AXI-5412)

• Fix crash when trying to negotiate StartTLS (AXI-5401)
• Cache the CA validation result to avoid long commit time when changing listeners (AXI-5393)
• Fix preserving subfolder permissions when upgrading from 10.3.3 to 10.4.x and later (AXI-5366)
• Fix storage corruption after several record resize operations on the same transaction (AXI-5386)
• Add CLI command to repair domain container (AXI-5341)

• Upgrade OpenSSL to version 3.0 (AXI-4863 • Read before upgrading!)
• Fix SSL related log line reporting wrong client protocol version (AXI-5267)
• Fix SSL/TLS cipher suite truncated to 255 characters before being applied (AXI-5143)
• Fix stale or inconsistent output of get conversations in a specific scenario (AXI-5355)
• Fix Auto-discovery process for the latest Outlook clients (AXI-3242)

• Fix push notification statistics (AXI-5335)
• Fix overflow in upgrade code (AXI-5325)
• Fix long response times for conversation endpoints caused by rescheduling of conversation job (AXI-5305)
• Fix conversation index error while computing participants (AXI-5304)
• Fix storage corruption that causes a mailbox container to be used as read only (AXI-5256)
• Add EC Key Types support for OIDC (AXI-5249)
• Improve logging for unexpected indexInfo status - uninitialized after initialized (AXI-4903)

• Improve conversation index logging visibility (AXI-5290)
• Fix conversation index leak while deleting folders (AXI-5275)
• Fix misleading conversation indexing warning on folders previously deleted (AXI-4758)
• Remove folders that no longer exist from conversation index (AXI-5142)
• Fix misleading conversation indexing warning on folders with \NoSelect flag (AXI-5115)
• Remove existing conversation index folders with \NoSelect flag (AXI-5274)
• Fix a debug instance crash while executing smtp filters under specific circumstances (AXI-5254)
• Fix message appender in certain scenarios (AXI-5251)
• Add CLI command to list DAPI details for all domain objects (AXI-5237)
• Fix file descriptor double close when using LDAP over OpenSSL in certain scenarios (AXI-5186)
• Fix automatic migration failure from Lotus Domino (AXI-4693)
• Fix leak in reported by ASAN while while updating mbox container snapshot (AXI-5257)
• Update zlib to version 1.3 (AXI-5268)
• Update libcurl to 8.4.0 (AXI-5250)

• Add account ID to account data dump (AXI-5243)
• Improve algorithm that generates the shared secret used for 2-Step verification (AXI-5228)
• Include usage of domain selection on login in statistics (AXI-5220)
• Fix RPOP rescheduling when errors in SSL/StartTLS negotiation (AXI-5207)
• Add an option to CLI repair accounts to skip scanning the entire server (AXI-5199)
• Log failures attempts when using WebMail and 2-Step Verification (AXI-5198)
• Fix abort of debug instance when receiving an email while deleting the domain (AXI-5168)
• Fix storage corruption after improperly stopping an instance several times (AXI-5167)
• Fix invalid message generated after multiple operations (AXI-5165)

• Fix issue with Mailbox API usage incrementing the WMStandard stats counter (AXI-5138)
• Fix DKIM validation issue caused by any secondary attribute that starts with "d" (AXI-5155)
• Improve logging related to conversation jobs (AXI-5160)
• Improve Mailbox API response when the requested endpoint is not defined (AXI-5161)
• Increment Mailbox API to v1.1.1

• Introducing WebAdmin /data/accounts endpoint (AXI-5007)
• Fix memory error parsing a large wasieve-server file (AXI-5019)
• Fix Calendar API bug where UTC OFFSET second 00 is wrongly considered incorrect (AXI-5094)
• Fix updating plain listeners after a successful Lets Encrypt certificate renewal (AXI-5102)

• Fix account filters vanish in specific scenario (AXI-4580)
• Fix inconsistency in creating default filters between message delivery and account login events in specific scenario (AXI-5075)
• Fix password change at next login not working when renewal interval policy is enabled (AXI-5079)
• Fix a data race while executing batch operations (AXI-5000)

• Fix abnormal memory usage while processing certain malformed emails (AXI-5051)
• Fix additional AddressSanitizer warnings (AXI-4384)
• Allow overriding the undo send grace period via environment variable (AXI-5029)

• Fix typo when repairing an account using CLI (AXI-5014)
• Fix sort indexes being recomputed for the Flagged folder on server restart and periodically (AXI-5021)
• Fix flags during backup/restore for special folders (AXI-5023)
• Fix crash caused by GSSAPI initialization on Windows (AXI-5026)

• Remove Cyren support. New license required for currently active Cyren customers.
• Add Bitdefender In-Product Support (AXI-4780)
• Mailbox API (REST): Add support for Undo send (AXI-4682)
• Mailbox API (REST): Add support for Scheduled send (AXI-4689)
• Mailbox API (REST): Add UI settings endpoint for API clients (AXI-4788)
• Mailbox API (REST): Remove support for copying folders (AXI-4463)
• Mailbox API (REST): Introduce support for consuming emails with complex MIME structures (AXI-4566)
• Fix MIME parsing - unrecognized mpeg subtype variant (AXI-4804)
• Fix MIME parsing - disposition type identification in specific scenario (AXI-4771)
• Update folder failed when first character was UTF-8 (AXI-4523)
• WebMail service: Fix invalid request was causing subsequent request to fail (AXI-4427)
• Fix a number of memory leaks (AXI-4384, AXI-4853)
• Introduce Search Index upgrade when upgrading from 10.3.2.4 and newer (AXI-4828)
• CLI: Add a new CLI debug command to show the loaded users and job statistics (AXI-4713)
• CLI: Introduce configurable indexing auto rescheduling time for Sort and Search indices (AXI-4873)
• Remove a no longer used internal filter (AXI-4883)
• External libraries updates

WEBADMIN

• Fix domain specific routing configuration floating panel not appearing correctly in specific scenarios (AXI-5636)

• Fix last login display when server date is offset to / from UTC (AXI-5332)
• Fix incomplete domains list in domain admin limits in specific scenarios when some of the domains are disabled (AXI-3996)
• Fix maximum number of subdomains in domain admin limits stoping at 999 instead of 1000 (AXI-1612)

• Fix release notes being cropped if longer than 4KB (AXI-5352)

• Fix WebAdmin XSS vulnerability in info_sslcerts (AXI-5291 • CVE-2023-49101)
• Remove the Prototype Javascript library from WebAdmin (AXI-5294 • CVE-2008-7220)
• Fix security issues allowing the injection and execution of JavaScript for admin users with specific permissions (AXI-5246)

• Fix logo rendered incorrectly for Webadmin branding (AXI-5240)

• Fix security issue allowing the injection and execution of Javascript code for admin users with specific permissions (AXI-5219 • CVE-2023-48974)

• Fix Quarantine table not displayed correctly in Safari (AXI-4816)

WEBMAIL

• Composer (All): Fix hyperlink dialog rendering not adapting to the zoom in / out level (devicePixelRatio <> 1) (AXI-5649)
• Fix signatures dropdown disappear when switching tabs in settings (AXI-5612)

• Fix loading progress bar hanging at 100% when (re)loading the application (AXI-5591)
• Fix Settings menu rendering not adapting to the zoom in / out level (AXI-5584)
• Standard WebMail: Fix issue adding addresses to blacklist (AXI-4746)

• Fix autoscroll not working when moving / copying a message and typing the name of the folder (AXI-5543)
• Fix issue closing WebMail tab in specific scenarios (AXI-5540)
• Fix parsing email addresses containing 6+ nested subdomains (AXI-5467)
• Fix issue sorting messages by Unread when conversation view is enabled (AXI-5134)
• Fix line folding when printing plain text emails (AXI-5260)
• Remove an unnecessary WebMail file from the product kits (AXI-5491)
• Standard WebMail: Fix a Greek translation issue (AXI-5388)
• Mobile WebMail: Fix wrong attachments list when opening email from search results (AXI-5372)
• Mobile WebMail: Fix attachments not shown when the email is opened from search results (AXI-3817)

• Fix top tabs scroll buttons not functioning (AXI-5510)
• Mobile WebMail: Fix issue displaying duplicate body content for specific emails (AXI-5480)

• Fix console error when sending a specific message from WebMail (AXI-5425)
• Fix printing message trimming the subject when upgrading from 10.3.3 to 10.4 (AXI-5381)
• Fix clicked message losing focus and going out of the viewport when sorting messages by any specific sorting component (AXI-5376)
• Fix message snippet containing source code for messages saved to Drafts (AXI-5227)

• Fix the "Forward" button label not being translated (AXI-5390)
• Fix Read Receipt confirmation button not reflecting its action in Conversation view mode (AXI-5185)

• Upgrade PrototypeJS to version 1.6.0.2 in Standard WebMail (AXI-5379)
• Fix the visibility and functionality of the top right "Close" button when the email is opened in a tab (AXI-5375)
• Fix mail item print menu option when for emails view the email is opened in a tab (AXI-5374)
• Fix issue saving EML attachments to a folder (Copy to...) (AXI-5368)

• Fix plain text attachments rendered as body part (AXI-5258)
• Fix non-working Print menu toolbar when composing a message (AXI-5231)
• Fix non-working Print menu option when conversation view is disabled (AXI-5054)

• Fix branding PNG logo rendered incorrectly in the private section of the application (AXI-5086)
• Fix search in Conversation View returning emails when the interface language is not English (AXI-5189)
• Fix issue and Javascript error when rendering messages containing broken HTML tag attributes (AXI-5200)

• Fix email search before date wrongly incrementing the date by one on reopen (AXI-4036)
• Fix issue displaying phone numbers for contacts saved in specific formats (AXI-4576)
• Fix login error when the username (local part) contains the "&" character (AXI-4735)
• Fix issue resulting in messages sent to public folder not being displayed for the sender (AXI-4772)
• Fix webmail message display issues for multipart/related messages with a text part and no HTML part (AXI-5136)
• Fix the occasional Javascript exceptions thrown when reloading the UI (AXI-5156)

• Fix Webmail sorting error on certain folders (AXI-5087)
• Fix issue replying to or forwarding external event invitations (AXI-5107)
• Fix email messages containing inline SVG not displayed in Webmail (AXI-5112)
• Fix issue deleting recurring events from shared calendars via the calendar views (AXI-2926)
• Fix issue showing specific emails as event invitations (AXI-5106)

• Fix an XSS vulnerability (AXI-5091 • CVE-2023-40355)

• Fix checking whitelist for addresses added from WebMail (AXI-5050)

• Fix Pre-Auth XSS Vulnerability (AXI-5062)
• Fix the horizontal alignment of the schedule button in the custom schedule menu for the languages with smaller texts (AXI-5049)
• Add complete translations for German (AXI-5047)

• Fix WebMail settings not working for users who have no permissions to edit their contact info (AXI-4940)
• Add complete translations for Bulgarian, Croatian, Farsi, Finnish, Indonesian, Italian, Spanish (AXI-4999)
• Fix empty conversation item tab in a specific scenario (AXI-5008)
• Fix draft deletion from the conversation item tab (AXI-5010)
• Fix imbricated attachment cards HTML structure (AXI-5020)
• Fix Settings / Appearance displaying the message size option when conversations view is enabled (AXI-5034)

• Add support for Undo send (AXI-4682)
• Add support for Scheduled send (AXI-4689)
• Add read / unread as a search criterion (AXI-3454)
• Properly render emails with complex MIME structures (AXI-4566)
• Branding: Properly resize custom logos in the login page (AXI-4406)

OTHER

• Axigen TNEF Decoder 1.4.2
  • Update all non-major dependencies (AXI-5654)
• Axigen Migrator 1.5.5
  • Update all non-major dependencies (AXI-5653)

• Axigen TNEF Decoder 1.4.0
  • Fix displaying messages in Outlook by changing rebuild messsage logic after TNEF decoding (AT-96)
  • New parameter added to enable/disable performing a TNEF correlation check - default is enabled (AT-97)

• Axigen Migrator 1.5.3
  • Update Go to 1.21 and go module dependencies (#14)
• Axigen TNEF Decoder 1.3.17
  • Update Go to 1.21 and go module dependencies (#15)

• Axigen Migrator 1.5.2
  • Update go dependencies (#13)
• Axigen TNEF Decoder 1.3.16
  • Fix attachment name incorrect after TNEF decoding (AXI-3572)
  • Update go dependencies (#14)

• Axigen TNEF Decoder 1.3.15
  • Fix libc dependencies on specific OS versions (#6)

• Axigen Migrator 1.5.1
  • Update Go dependencies (#12)
• Axigen TNEF Decoder 1.3.14
  • Update Go dependencies (#12)

• Axigen Migrator 1.5.0
  • Update Go dependencies (#11)
  • Fix migration of contacts broken by Communigate Pro caused by invalid "Organization" header (AT-78)
  • Fix issue running on Centos/RHEL 8 (AT-93)
  • Change sqlite library to avoid glibc version constraints (AT-94)
  • Fix contact vCard name property and encode base64 the multi-line values of the vCard properties (AT-92)

• Axigen TNEF Decoder 1.3.13
  • Update Go dependencies (#11)

Supported Versions

• In accordance with our End-User License Agreement (EULA), we usually provide full support for the two latest major versions.
• Nevertheless, due to the early release of Axigen X5, which was intended to replace Cyren with Bitdefender and maintain uninterrupted AntiVirus and AntiSpam services, we are making an exception: until Axigen X6 is launched, we will be extending support to the three most recent major versions: Axigen 10.5.x, Axigen 10.4.x, and Axigen 10.3.x.

Important Upgrade Information

• If you are upgrading from X3 or older, the sort and search indexes will be migrated to the new version. In addition, a new conversation index will be computed and built. Depending on your storage size, these jobs are expected to last a few hours and will require a storage capacity increase of up to 10%. WebMail and IMAP user access is conditioned by the sort indexes, while the conversation indexes are only used by the WebMail. Until they are created, users will be able to use the WebMail in mail view.
• If you use Cyren or have manually upgraded to Bitdefender before X5, please note that after upgrading to X5, a new license will be required to activate Bitdefender. The new license will be emailed directly to the license holder.
• The upgrade process for X5 differs based on the presence of an active Cyren service and / or manual Bitdefender upgrade. Here you can find instructions on how to upgrade to Axigen X5.