Release Notes - Version 5.0¶
This is the first release for CentOS 9. Version 5 for all server products, including: TeamDrive Registration Server, TeamDrive Host Server and TeamDrive Web Portal is required for CentOS 9.
5.0.1 (2025-02-11)¶
An expiry date may not be set on a default license. The Admin Console now enforces this restriction (REGSERVER-1883). If a license is expired you can no longer change the features or status of a license.
Although this should never be the case, if an expired license is in use then the license features are automatically set to the default license features specified by
DEFAULT_FREE_FEATURE
orDEFAULT_ACCOUNT_FEATURE
(if the user is a member of an account).Note that an expired license should never be in use because the license of a user is changed to the user’s default license when a license expires. This is done by the “Expire Licenses” auto-task.
When deleting a user a new checkbox allows you to specify whether to send an email notification to the user (REGSERVER-1886). Previously this was determined automatically by the
ADMIN_CONSOLE_SEND_EMAIL
setting.By default the checkbox will be unchecked if the user was last active over 1 year ago. If more recently active the default for the checkbox is determined by the value of
ADMIN_CONSOLE_SEND_EMAIL
.Admin Console: the “More Info” buttons have been removed from the user and licenses lists. All information is now available from the corresponding “Edit” page.
The “Username” field in support emails was incorrectly set to the support email address when the user has no username (REGSERVER-1877).
The Key Repository display in the Admin Console now shows the modification time instead of the creation time of the RSA key (REGSERVER-1891?). Note that the modification time is that of the private keys associated with the RSA public key. Public keys are never changed.
Added API functions “getspacedata” and “deletespace” (REGSERVER-1893). See documentation: getspacedata and deletespace.
Fixed “permission to set domain denied” when enabling a domain on the Master Registration Server (REGSERVER-1898).
The Admin Console will now display critical information regarding Depot storage limit overflow (HOSTSERVER-953). This includes information as to the “frozen” state of a Depot which occurs when storage limit is exceeded by a certain amount.
External Authentication¶
- Improvement to security of session based external authentication (REGSERVER-1900). An “encrypted session ID” is now used to initiate the authentication session. This ensures that no useable data appears in the Apache access log of the External Authentication Service.
- Multi-language support: TeamDrive External authentication Services now support both English and German (REGSERVER-1903).
- Fixed a problem when entering a Space marked “2FA required” on the Web Portal, when 2-Factor authentication is performed by the External Authentiation Service (REGSERVER-1887). This fix also requires a client update.
Licenses and Devices¶
The setting
InviteOldDevicesPeriodActive
has been renamed toDeviceInactiveTimeout
to indicate the fact that devices that have not been used for the specified period are considered generally “inactive” or not in use. Inactive devices do not receive invitations and the user will not be notified (by email) if an inactive device is disabled (or neabled) due to the device limit of a license.Implemented a “soft limit” option for the device limit specified by the
MAXIMUM_DEVICES_PER_USER
Provider setting (REGSERVER-1895). The soft limit is indicated by prefixing the value with a ‘~’ character, for example: “~5” means a soft limit of 5 devices per user. Soft limit in this case means that the limit is only enforced if a user does not already exceed the specified limit (see MAXIMUM_DEVICES_PER_USER for details).It is now possible to create “device based” licenses (REGSERVER-1894). These licenses may only be used by one user and limit the number of active devices of the user.
If the number of devices exceeds the limit, access devices are disabled automatically starting with the devices the have been idle for the longest time.
Shop References¶
Licenses, depots, users and accounts now have a “shopreference” which is used instead of the standard external reference, if the license or depot is referenced by an external Shop system (REGSERVER-1881).
For licenses, in addition to “contractnumber” the fields “constractstatus” and “contractenddate”, may also be set using the API. These fields, including the “shopreference” may be set when a license is created (“createlicense” API call) or using the “setlicensecontract” API call.
The depot “shopreference” may be set using the “createdepot” and “updatedepot” API calls.
The setting
API_ADMINCONSOLE_LIC_REF
has been renamed toADMIN_LICENSE_REFERENCE
.In the Admin Console, when editing a license or a depot, the “Change Comment” field no longer has a pre-filled value. A change comment must be entered in order to modify certain feilds of a license or depot.
If a license has a Shop reference, changes to the license contract number will not cause an email to be sent to the license owners or users. In general, changes to the contract details will not result in an email, as it is assumed the user is aware of the changes done in the Shop.
The following API calls now support the
<shopreference>
tag: “registeruser”, “updateuser”, “createdepot”, “updatedepot”, “createlicense”, “setlicensecontract”, “createaccount”, “updateaccount”.
Bounced Email Handling¶
A number of changes have been made to the handling of bounced emails (REGSERVER-1880):
Once the email status of a user account has been set to “Bounced” the status can only be reset by sending the user a “Confirmation Email”.
The user must click the link in the email in order to reset the email status before the Registration Server will resume sending emails to the user. This still applies if the user changes their email address. In this case the user will first receive an associated “Email Change Confirmation” email.
The setting
ResetEmailLimit
has been added. By default it is set to 20. The purpose of this setting is to avoid flooding the user’s inbox when the status of a large number of emails is reset. This is done by setting older emails to th “PAUSED” status.When the user clicks in the link in the Conformation Email, all emails that have an error status are reset. If the number of emails reset exceeds
ResetEmailLimit
then the excess emails are “paused”.The PAUSED status must be manually removed using the “Unpause Email” button available on the Email list in the user’s account. They status of any email can also be reset in the global “Mail Queue”, on the “View Mail Queue” page in the Admin Console.
There are a number of new functions available when you open the Mail Queue on the “Edit User” page in the Admin Console:
Delete All: This button will delete all emails in the user’s Mail Queue.
- Delete Failed Emails: This will remove all emails with an error status,
including: Send-Error, Email-Bounced, Fatal-Error, Incorrect-Address.
If you wish to retry sending emails that are in error you must send a “Confirmation Email” to the user. See “Set Bounced Status” below.
- Unpause Emails: If you have paused emails, use this button to manually
unpause up to
ResetEmailLimit
emails.- Manage Emails...: If you have the required privileges, this will take you to
the “View Mail Queue” page in the Admin Console, and display the current user’s emails.
The “Set Bounced Status” has been added to the “Edit User” page. The “Bounced” email status must be set on the user’s account before you can send “Conformation Email”. to the user. As described above, clicking on the link in the email will reset the status of all emails in the user’s Mail Queue.
If the email server is not reachable, the email will not remain in the “To-Be-Sent” state (REGSERVER-1882). Errors of this form include “Could not resolve host”, “Host not reachable” and connection timeouts. When such an error occurs, the “Send Emails” autotask will quit, and try to send the same email again on the next run.
Fixed a bug that resulted in the Reg Server background process hanging (infinite loop) when forwarding an email notification, if the user/email could not be found on the TeamDrive network (REGSERVER-1885).
5.0.0 (2024-08-01)¶
The “standalone” version of the Registration Server is no longer supported (REGSERVER-1823). This means that a Registration Server must always be connected to a TDNS (TeamDrive Name Server) instance. The options on setup of a new server are “Standard” or “Master” Registration Server.
A Provider may now specify that manual activation of devices is required (REGSERVER-1854). This feature enabled by setting the Provider setting;
MANUAL_ACTIVATION_REQUIRED
toTrue
. See Requiring Manual Activation of Devices for a detailed description of this feature.Added a new Provider setting:
NEW_DEVICE_NOTIFICATION_LIST
which is a list of users to be notified when a new device is installed.The server now supports paging when fetching a large number of keys from the Key Repository (REGSERVER-1849). This fixes problems involving accounts with over 1200 spaces, but also requires a TeamDrive Client update (TDCLIENT-3241).
Added setting
AssumeHttpsAccess
(REGSERVER-1848). If set toTrue
then the Registration Server will assume that clients are using HTTPS to connect to the server (see AssumeHttpsAccess for details).Added new email template: “public-file-download” (HOSTSERVER-905). This is sent to notify users that a public file has been downloaded.
Changed the “From:” on license report emails from the Provider email address to the
EMAIL_SENDER_EMAIL
Provider setting (REGSERVER-1838).API: The <shadowkeyhash> tag is now returned by several API calls (“loginuser”, “getuserdata”, “registeruser”, “verifyauthorizationtoken”, “getinboxkeyseq”, “authenticateuser”) so that the caller can detect a change of the user password, or an explicit logout (REGSERVER-1850).
Improved handling of various 2-Factor Authentication (2FA) flags (REGSERVER-1863). In general the rules are as follows:
- Explicit DISABLE on the account level overrides everything (but cannot disable 2FA done by the External Authentication Service).
- Explicit ENABLE (Email OTP, Google Authenticator or MS Authenticator) overrides everything (which means if 2FA is done by the External Authentication Service, then 2FA will be performed twice).
- Otherwise:
- If 2FA is done by the External Authentication Service, then this disables the account level settings, but not the user level setting (see above).
- If 2FA is enable on the account level, then this applies.
- If 2FA is enable for Web logins only, on the account level, then will be applied.
Added support for updating the public/private keys of old TeamDrive client installations (REGSERVER-1873). Update to client version 5.1.2 is required.
Settings that allow the use of HTTP rather than HTTPS have been deprecated (REGSERVER-1865). This means HTTPS is now used by all URLs that reference the server and the setting
EnforceHttps
has therefore been removed.The Provider settings:
REG_SERVER_PROTOCOL
andHOST_SERVER_PROTOCOL
will be removed in a future version. These settings are now hidden (not visible in the Admin Console), and are set to “https” during the server upgrade process.These setting control the protocol used by the TeamDrive clients when accessing all Registration and Host Servers. This change ensures that there are no longer any acceptions and all clients belonging to the Registration Server will use HTTPS when accessing TeamDrive servers.
The setting
SimulateRegServer20
is deprecated and has been removed. Compatibility with TeamDrive 2.0 clients is no longer guaranteed by the Registration Server. Please upgrade to the latest version as soon as possible.Fixed error: “Parameter login-url value missing” when creating a Web Portal service (REGSERVER-1847).
Security¶
Support HMAC hashing based keys for the Host Server API access (REGSERVER-1826).
It is now possible to set the Authorisation Type on services belonging to other Registration Servers (REGSERVER-1825). This applies to Shop and Web Portal services that are referenced using the
SHOP_SERVICE_NAME
andWEBPORTAL_SERVICE_NAME
Provider settings.In other words, if you have a Shop or Web Portal that provides services to multiple Registration Servers, then the authorisation type and key can be specified separately for each Registration Server.
The “References” column has been added to the Service list in the Admin Console, which indicates references to a service from other Providers. This column is only filled after a Registration Server update.
Added support for Microsoft Authenticator App for users that require 2-Factor authentication (REGSERVER-1861). This feature requires a client update.
The Registration Server no longer support the Diffie-Hellmen (DH) public/private keys, also known as DH/1.0 keys (REGSERVER-1864). Only RSA public/private keys are supported.
In some cases this may require a TeamDrive client update to version 5.2.0. This includes:
- some client installations from 2012 or earlier,
- the Key Repository is enabled with a large number of keys (> 500 Spaces),
- a large profile picture is uploaded,
- an large activity report is sent via email by the client.
External Authentication¶
You can now specify that an External Authentication Services performs Two-facter Authentication (2FA). In this case the Registration Server will not perform 2FA when the user’s account is set to 2FA required (REGSERVER-1815).
External authentication now supports “session based” login (REGSERVER-1851). Using this method, the TeamDrive App redirects to the Auth Service, and then use a (previously obtained) session ID to verify whether the login is successful. This removes the need for an embedded browser in the TeamDrive Desktop App.
External Authentication: when accessing a Authentication Service that does not return the service name (in the verify authentication token reply), then the Provider setting
DEFAULT_AUTH_SERVICE_NAME
must be set.Note that this is only the case when dealing with an Authentication Service that has not been upgraded (or cannot be upgraded) to the latest version.
Administration Console¶
- A column “Referenced By” has been added to the list of Services on the “Manage Domains & Services” page. This column contains a list of Providers that reference the service.
- It is now possible to disable access to the Admin Console for a specific Provider (REGSERVER-1853). When disabled, no user or administrator of the Provider is allowed to login to the Admin Console.
- When deleting a user you can now add a comment (REGSERVER-1827). This will appear in the change history of users in the Admin Console.
- Fixed listing of Spaces on the “Edit Depot” Depot page (REGSERVER-1837).
- Fixed the “Move Space” dialog on the “Edit Depot” page which was returning an when the Depot owner was entered (REGSERVER-1870).
- Fixed the output of the “Edit Auto Task” page.
- Removed certain incorrect entries from the Depot “Change History” (REGSERVER-1839).