Release Notes - Version 3.5

Key features and changes

TeamDrive Host Server Version 3.5 is the next major release following after version 3.0.013.

Note

Please note the the version numbering scheme for the Host Server has been changed starting with version 3.5. The first two digits of the version string now identify a released version with a fixed feature set. The third digit, e.g. “3.5.1” now identifies the patch version, which increases for every public release that includes backwards-compatible bug or security fixes. A fourth digit identifies the build number and usually remains at zero, unless a rebuild/republishing of a release based on the same code base has to be performed (e.g. to fix a build or packaging issue that has no effect on the functionality or feature set).

Version 3.5 contains the following features and notable differences to version 3.0.013. See Release Notes - Version 3.0.013 for a detailed description of the change history for that version.

Host Server Functionality

  • Security enhancement: Files can now be published with an expiration date after which an auto task on the Host Server will automatically remove the published files again. Additionally, published files can now be protected by a password. This functionality requires support on the TeamDrive Client side, which is implemented in versions 4.1 of the TeamDrive Client. For entering the password in a html page, a few templates were added. The templates could be customized and will not overwritten when updating to a newer Host Server version.
  • Security enhancement: A request for a published file no longer returns the actual file directly, except in the case where the request comes from tools like wget or curl. Instead, the document returned is an HTML file containing JavaScript calls that load the actual file using a temporary URL. This solves a potential security problem in which URLs of published documents can be inadvertently disclosed to unintended recipients in the following scenario: A TeamDrive user publishes a document that contains URLs pointing to a third-party website (e.g. a PDF or office document). The user, or an authorized recipient of the published URL, clicks on a hyperlink embedded in the document. At that point, the referrer header discloses the document’s publish URL to the third-party website. Someone with access to that header, such as the webmaster of the third-party website, could then access the link to the published document. (HOSTSERVER-316)
  • A new Client/Server protocol, supporting parallel polling of Spaces for increased throughput/performance, batched delete operations (e.g. emptying the Trash) and “soft” locking of files. These features require support on the TeamDrive Client side, which is scheduled to be implemented in future versions of the TeamDrive Client.
  • Performance improvement: The Host Server now uses a database table instead of action files in the Space Volume’s file system for signalling actions like uploading or deleting files to the object store. As a result, s3d no longer has to perform a full scan of all Space Volumes to look for new or changed files. (HOSTSERVER-284) Additionally, the MD5 digest of a file is also stored in this table, so s3d does not need to perform a recalculation of the checksum before uploading the file to the object store. During an upgrade from a previous version, any remaining action tag files in the file system will be imported into the database. Afterwards, the server setting ImportS3tagFiles should be set to False.
  • The S3 daemon s3d now only performs a full scan of all Space Volumes once per day by default, looking for old files to be transferred to the object store. The age of these files is set via the settings variable MaxFileAge. The maximum file age should be set long enough to ensure that no file that may still be in the process of being uploaded by a Client will be sent to the Object Store, otherwise the Client would have to restart the upload from scratch.

Administration Console

  • Security improvement: Added support for managing multiple user/administrator accounts. There are 2 types of users: Superuser and Administrator. Only the Superuser may manage other users. The Administrator may view all users and only update his own user account. (HOSTSERVER-366)
  • Security improvement: Disabled auto completion on the login form. (HOSTSERVER-379)
  • Security improvement: The complexity of entered passwords is now indicated. (HOSTSERVER-374)
  • Security improvement: it is now possible to enable two-factor authentication via email. If enabled, the user is required to enter a security code provided via email in addition to his username and password.
  • Security improvement: On login, the user will get an error if he has another logged in session. To proceed, the user must check the checkbox titled: “Close my other login sessions”. (HOSTSERVER-376, HOSTSERVER-377)
  • Security improvement: The following events are now logged at the “notice” level: login, logout, failed login attempts and changes to user accounts.
  • Security improvement: the amount of search results (e.g. Spaces, Depots or users) is now limited to a maximum defined by the MaxRecordsDisplayed setting, which can only be changed by the Superuser.
  • Administration: It is now possible to change a Depot’s status (e.g. enabled, disabled, deleted)
  • Administration: Added support for viewing selected server log files and the Host Server API log. (HOSTSERVER-348, HOSTSERVER-243)
  • Administration: It is now possible to track and display modifications made to Space Depots (e.g. via API calls coming from the Registration Server or via the Host Server Admin Console). (HOSTSERVER-388)
  • Administration: When creating a new Space Volume via the Administration Console, the system now checks if the directory actually exists on the file system before creating the Volume. (HOSTSERVER-349)
  • Usability: References like Depot Names, Volume names and owners in the Space list are now clickable, to improve the quick navigation between pages. (HOSTSERVER-390)
  • Usability: Objects like Spaces or Depots that have been marked as deleted are now hidden in result lists by default. They can be made visible again by changing the setting ShowDeletedObjects from false to true. (HOSTSERVER-442)
  • Usability: Administration Console now better visualizes errors like missing Space Volumes.
  • Usability: Units displayed for disk space or traffic usage now use the correct units (e.g. MiB, or GiB), to avoid confusion caused by conversions between different units. Space and traffic levels are now displayed in percent instead of absolute units.

Administration / Installation

  • Administration: The Host Server’s log levels have been aligned with the ones used by the Registration Server and the Yvva Runtime Environment. Valid log levels are: 1 (Error), 2 (Warning), 3 (Notice), 4 (Trace), 5 (Debug). In production mode the default log level is 3 (Notice). Setting the log file name to syslog will now send log output to the local syslog service. You can add an optional “Log Identity after a colon in the log file name, for example: syslog:my-log-id. The default Log Identity is name of the program, e.g. s3d or tshs.
  • Administration: The central log file /var/log/td-hostserver.log is the central log location for all Yvva-based components (e.g. the Host Server API, Administration Console or td-hostserver background service); the log files used in previous versions (e.g. /var/log/mod_yvva.log, /var/log/p1_autotask.log, /var/log/pbvm.log) will no longer be used.
  • Administration: TSHS now supports the additional commands disable-s3-host, enable-s3-host and delete-s3-host that allow for disabling/removing the synchronization of objects to an S3-compatible object store. Calling disable-s3-host marks a host entry as “disabled”. Calling delete-s3-host deletes a host entry unless the entry is referenced by a file. In this case the entry will be marked as deleted. If an entry is marked as disabled or deleted, no further data will be uploaded to the object store. However, accessing existing objects from the object store will continue to work. Calling enable-s3-host will re-enable the synchronization of objects to the object store, including the upload of all objects that have been uploaded to TSHS while the object store was marked as disabled. If a disabled or deleted host is marked as current, then TSHS will generate an error on each write attempt.
  • Administration: Added an auto task that can be enabled to send out notification emails if a Space Volume’s disk utilization reaches a configurable level.
  • Administration: Added an auto task that removes published files that have reached their expiry time.
  • Administration: Added an auto task that can be enabled to delete API log entries older than 30 days from the hostapilog table.
  • Installation: TSHS now supports reading options from a configuration file. The default is /etc/tshs.conf. The default options that were previously stored in the TSHS init script /etc/init.d/tshs have now been moved to the configuration file instead. (HOSTSERVER-303)
  • Installation: Optionally configure email support (required when using two-factor authentication). (HOSTSERVER-437)
  • Installation: The initial Host Server setup process now asks for both a user name and password for the Superuser account. (HOSTSERVER-438)
  • Installation: Host Server 3.5 now requires Yvva Runtime Environment version 1.2 or later. This version is included in the Host Server’s yum package repository and will be installed automatically.
  • Installation: The distribution now contains the tool mys3, which can be used to interact with an S3 compatible object store.

API

  • Changes to a Space Depot performed by the API functions addusertodepot and deleteuserfromdepot are now added to the Depot’s change log.
  • The MD5 checksum value calculated over API requests no longer needs to be passed in lowercase when submitting the request. (HOSTSERVER-426)
  • For debugging purposes, erroneous API requests are now logged to the API requests table as well. (REGSERVER-465)

Change Log - Version 3.5

3.5.1 (2015-10-09)

Documentation

  • Fixed description of Background Tasks
  • Added ssl configuration hint in case of upgrading a server to version 3.5
  • Added description for the html templates for password protected published files

Host Server Functionality

  • Usability: Added a default html template folder to avoid conflicts with customized html templates (HOSTSERVER-572)
  • Administration: Fixed divide by zero error in case of depot size and traffic limit are zero (HOSTSERVER-570)
  • Administration: German translation is disabled. Only english web interface is supported (HOSTSERVER-569)
  • Administration: The new background task for API log cleanup will be created with status enabled instead of disabled. The usage could be controlled using the setting “APILogEntryTimeout” (HOSTSERVER-568)
  • Usability: Added html template “url-invalid.html” for expired or invalid token in case of access a published file (HOSTSERVER-567)
  • Security improvement: Limit access to allowed log files (HOSTSERVER-564)
  • S3 daemon: Added bandwidth limitation for the S3 daemon (HOSTSERVER-563)
  • Administration: Added filter (<, >, =) for Space-IDs and Depot-IDs (HOSTSERVER-562)
  • Administration: Added setting “APILogEntryTimeout” to define a period in days for deleting api logs (HOSTSERVER-561)
  • Administration: Fixed truncated “Add New Admin User”-Button (HOSTSERVER-560)
  • Administration: Fixed access to ping.xml (HOSTSERVER-558)
  • Administration: Fixed s3d.log file name for log file display (HOSTSERVER-557)
  • S3 daemon: Fixed crash in case of multipart upload (HOSTSERVER-556)
  • Administration: Fixed displaying info text for “TimeDiffTolerance” setting (HOSTSERVER-553)

3.5.0 (2015-09-21)

  • Initial public release