Release Notes - Version 3.1¶
3.1.3 (2023-11-13)¶
- External authentication now redirects to “/external-authentication/finish”. This fixes the issue with Web Portal external authentication and 2-Factor authentication.
- Set client version to 5.0.8.3464
3.1.2 (2023-07-18)¶
- Set client version to 5.0.6.3386
- The UseEmbeddedLoginsetting has been removed. This means there is no longer an option to embedded in the TeamDrive Agent GUI (WEBCLIENT-459). This is because most external authentication services do not support embedding in a iFrame for security reasons (for example Microsoft Azure).
- Fixed an update problem (from 3.1.1) which concerned the Container Log table (WEBCLIENT-460).
3.1.1 (2023-05-23)¶
- Set client version to 5.0.2.3338
- Added SyncProviderListsetting (WEBCLIENT-456). This is a comma separated list of Provider codes. All containers of users that belong to these Providers will be periodically synchronised regardless of theSyncInboxesOnlysetting.
- The Web Portal now writes a “Container Log” which traces the main events and activity
regarding a container (WEBCLIENT-457). This includes:- START WEBUI/INBOX- The container was started because a user logged in.
- SYNC WEBUI/INBOX- The container was started by the auto-sync background task.
- STOPPED WEBUI/INBOX- The container has stopped. Note this log entry is only created when the Web Portal becomes aware that a container is no longer running so this may not be the actual shutdown time.
- DELETE FINAL- The container was completed removed, including all local storage and backups.
- SHUTDOWN WEBUI/INBOX- The container was stopped.
- DELETE LOCAL- The container’s local storage was deleted.
- ERROR WEBUI/INBOX- An error occurred when starting the container.
- CREATE WEBUI/INBOX- A new container was created for an inbox or a user that logged in for the first time.
- CREATE BACKUP- The container database and settings have been copied to the Cloud Storage.
- RESTORE BACKUP- The container database and settings have been restored from Cloud Storage.
- REMOVE BACKUP- The Cloud Storage backup of the container has been removed.
- ERROR RESTORE- An error occurred while restoring the container from Cloud Storage.
 
- Fixed a problem with the flag that indicates that the local databases exists. This can effect the auto-sync function which starts a container regularly so that changes to spaces are applied even if the user does not login.
- Fixed upgrade of the WP_Container table which fails with the error: Invalid default value for ‘ActiveTime’.
3.1.0 (2022-10-25)¶
- Set client version to 4.8.0.3249 
- The setting - BuildBinaryNameis now read-only and is set to the name of the Agent binary executable from the Agent archive on upgrade. The binary is then renamed to “teamdrived.bin” which is the fixed name now used by the Web Portal (WEBCLIENT-451).
- The Web Portal will now periodically start containers so that the TeamDrive Agent can sync any changes that may have occurred in space (WEBCLIENT-454). - A new auto-task, Synchronise Containers, was created to perform this operation. - The settings: - ContainerRunLimit,- EnableSyncContainersand- SyncInboxesOnly, have been added to control the behaviour of the task.- See Container Syncing for more details.. 
- Addition template variables for - SandboxCommand:- {RLE=T} Set to non-zero value if the option “require-local-encryption=true” should be set when starting the agent.
- {IST=N} Set to non-zero if the option “idle-shutdown-timeout” should be set to the given value.
- {ESE=F} Set to non-zero if the option “enable-shell-extension=false” should be set.
 
- Prevent the pre-5.0 TeamDrive Agent from starting the shell extension (WEBCLIENT-453). 
- If the Web Portal cannot reach the Agent (HTTP connection failed), it will terminate the process (if it is running) and return a session timeout error to the Web GUI (WEBCLIENT-450). 
- Hardening sets UMASK to 077 which requires group privileges to be fixed when the TeamDrive Agent package is unzipped (WEBCLIENT-452). 
- Login on the Web Portal no longer returns the “Unknown user” error (WEBCLIENT-438). Instead, it will return an error of the form: “Username or password incorrect”, when the user enters their password. 
- The Admin Console now displays the Auto Task list (WEBCLIENT-434). 
- The mod_agent.log can now be viewed in the Admin Console. 
- Added a new Sandbox setting: - RequireLocalEncryption, which allows you to ensure that all containers of the Web Portal use local encryption (WEBCLIENT-399).
- When - UseEmbeddedLoginis set to- True, the “embedded” option is no longer set for the- RegistrationURLlink (WEBCLIENT-379). This is because the Web Portal always redirects to this page, and does not embed the page in the Web user interface.
- Improvement to Web Portal redirection: - The Web Portal will display an information message when the user has been redirected from another Web Portal. - After a redirect has occurred, the login name (username or email) entered by the user will preserved and display in the appropriate field (WEBCLIENT-363). - If the login email contains a registered domain, then the Web Portal will redirect to the Web Portal belonging to the Provider of the domain, even if the user is not yet a registered user (WEBCLIENT-375). - When multiple Web Portals are used by the same Registration Server, the user will now be redirected to their Provider associated Web Portal, when attempting to login to the incorrect Web Portal. Previously users were only redirected when the required Web Portal was associated with a different Registration Server. - NOTE: The Web Portal associated with Provider is specified by the - WEBPORTAL_API_URLProvider setting. This value must be set if redirection is required.
Release Notes - Version 3.0¶
3.0.4 (2022-09-21)¶
- Set client version to 4.8.0.3223
3.0.3 (2022-06-15)¶
- Set client version to 4.7.5.3196
3.0.2 (2022-01-10)¶
This release also includes a number of security improvements. Please follow the instructions in Upgrading from a Docker based to a Docker less Web Portal to upgrade an existing Web Portal to a docker-less version. Please contact TeamDrive for further details.
- For security reasons, Docker has been replaced by customised TeamDrive Agent containerisation (WEBCLIENT-430). - The settings - ImageBuildFolder,- MinDockerDataSpaceAvailable,- MinDockerMetaDataSpaceAvailable- RootlessDocker,- BuildDockerfile,- ImageBuildCommand,- DockerEntryPoint,- BuildWgetCommand,- ContainerHosts,- ContainerUserID,- ContainerGroupID,- RunAsUser,- RunAsGroupand- UseSudoare no longer used and have been removed.- Renamed - DockerHostsetting to- ContainerHost.
- Added a new apache module: mod_agent which is now responsible for routing calls from the browser to the respective TeamDrive Agent. 
- Added the - SandboxCommandsetting which specifies the command for the TeamDrive Agent sandbox. If empty, then the agent is not run in a sandbox.- The following template variables may be used in the setting: - {TDBIN} TeamDrive Agent binary, this value should be: “/var/teamdrive/webportal/agent/teamdrived.bin”
- {APIPORT} API port number
- {WSPORT} Websocket port
- {USERNAME} The username of the TeamDrive user
- {ROOTPATH} TeamDrive root path, this value should be “/teamdrive/” the Agent directories used un this path are “{ROOTPATH}{USERNAME}/system” and “”{ROOTPATH}{USERNAME}/spaces”
- {DBSPATH} The alternative database path, which is used to store the SQLite database files. If there is no alternative path then {DBSPATH} == {ROOTPATH). The actual directory used by the agent is: “{ROOTPATH}{USERNAME}/system”
- {INIPATH} The shared directory which contains the “teamdrive.ini” file.
 
3.0.1 (2021-10-11)¶
This is a security update.
- A number of security issue have been fixed, please contact TeamDrive for further details.
- yvva 1.5.11 is required which includes measures to prevent “Log Poisoning” by encoding r and n characters (YVVA-52).
- Fixed container creation error after user was deleted and recreated (WEBCLIENT-418 and WEBCLIENT-419).
3.0.0 (2021-08-20)¶
The 3.0 release includes a several security bug fixes and a number of hardening measures, and is recommended to all users.
Please contact TeamDrive for further details.
Version 3.0 is an in-place upgrade to all previous versions running on CentOS 7.
On CentOS 8 the new version runs with Docker in “rootless mode”, see:
Because of the added security due to rootless mode, and other CentOS 8 security updates, all users of the Web Portal are requested to transition to this version as soon as possible.
- Initial public release of 3.0.
- Set security headers in Apache configuration (WEBCLIENT-400).
- OS hardening and security update to Apache configuration (WEBCLIENT-385).
- Hardening of TeamDrive Agent (Agent Version >= 4.7.1.3011).
- Support for running Docker in rootless mode (only CentOS 8)
Release Notes - Version 2.0¶
2.0.8 (2020-05-10)¶
- Fixed an access denied error when calling the Registration Server API to get information on a user that belongs to a another provider (i.e. a provider other than the Web Portal’s provider).
- Fixed handling of email address change due to user deletion or if two users switch email addresses (WEBCLIENT-372).
- Added support for MySQL 8
- Set client version to 4.7.0.2944
2.0.7 (2020-12-16)¶
- If a user logs in with an email address that is not unique, the Web Portal will return an appropriate error (WEBCLIENT-358).
- Login with email will now re-direct to the correct Web Portal if necessary, provider Registration Server version 4.5.4 or later and TDNS version 2.0.2 is use (WEBCLIENT-357).
- Set client version to 4.6.12.2793
2.0.6 (2020-10-02)¶
- Login with a temporary password was not working when using an email address (WEBCLIENT-356).
- Fixed bug: the Web GUI not going directly to the external authentication
login page when AuthServiceEnabledwas set toTrue(WEBCLIENT-355).
- Entries separated by a newline in the ContainerHostssetting was not working correctly (WEBCLIENT-354).
- Fixed “Array index out of bounds” error when accessing the “Build Image” settings details page.
2.0.5 (2020-09-15)¶
- The “White Label” settings have been renamed to “Build Image” settings. In addition, the setting - UseWhiteLabeldDockerImagehas been removed and the- WhiteLabelINIFileSettingssetting has been rename to- ClientSettings(see below).- UseWhiteLabeldDockerImageis no longer required because all Web Portals now use the image build settings to create a new Docker image on upgrade, if necessary.- The setting - WhiteLabelIdleTimeouthas been renamed to- ContainerIdleTimeoutand is now a “Docker Setting” (see ContainerIdleTimeout).- The - IdleContainerTimeoutsetting has been renamed to- RemoveIdleContainerTimeto better distinguish this value from- ContainerIdleTimeout.
- Added - SharedIniPathand- AgentCommandLineArgs. Using- SharedIniPathyou can specify a global path for the “teamdrive.ini” file (WEBCLIENT-350).- WhiteLabelINIFileSettingshas be rename to- ClientSettingsand is now a “General Setting”. Client settings that are set using the- ClientSettingssetting are then written to the- teamdrive.inifile. If a- SharedIniPathis specified, then they are read by the all TeamDrive agents, when a container starts. If not, then the client settings are written to the- /etc/teamdrive.inifile, which is part of the container image.- The - AgentCommandLineArgssettings is a read-only variable that specifies the command line arguments that are passed to the TeamDrive agent when the container starts.- See SharedIniPath, AgentCommandLineArgs and ClientSettings for details. 
- Added - MaxLoginRateand- MaxLoginLogAgesettings. These settings are used to detect Denial of Service and other brute force attacks targeting the Web Portal login (WEBCLIENT-344). See MaxLoginRate and MaxLoginLogAge for details.
- Error messages returned by the Web Portal are now use the translation file provided by the TeamDrive Agent. 
- Added - ContainerHostssetting (see containerhosts). Use this to specify entries for the “/etc/hosts” file of the container (WEBCLIENT-139).
- You can now configure a proxy during setup of the Web Portal (WEBCLIENT-338). 
- If - AuthServiceEnabledis- Falsethe Web Portal now uses external authentication as required by the user, provided you are using TeamDrive Agent 4.6.11.2656 or later (WEBCLIENT-335).- As before, if - AuthServiceEnabledis- True, then Web Portal uses a specific authentication service (as specified by- AuthLoginPageURLand- AuthTokenVerifyURL).- See AuthServiceEnabled for more details. 
- Moved settings - SessionTimeout,- ForceHTTPSUsageand- ForceHTTPSUsageto- Admin Consolesettings group.- Moved - RegistrationEnabledand- RegistrationURLto the- Authenticationsettings group.
- The Web Portal will now redirect to another Web Portal, if a user attempts to login to the incorrect Web Portal (WEBCLIENT-333). This is done if the provider of the user is not in the list of - AllowedProviders.- On the Registration Server of the user, you must set the - WEBPORTAL_API_URLprovider setting. This setting specifies the domain name of the Web Portal used by the provider. In addition, Registration Server version 4.5.4 is required. This version implements the “webportal” redirect required to implement this functionality.- If any of these conditions is not met, then the user will get the error message: “The provider you are registered to is not enabled for this web portal”. 
- Set the minimum client Agent version to 4.6.11.2707. This version support the Web Portal redirect, and includes some error message improvements. 
- Setting the default distributor code, and language using the - portal/login.htmland- extauth/login.htmlpages is not longer supported.
2.0.4 (2020-05-19)¶
- Added Multi-Registration Server support. 
- Fixed agent download URL. 
- All documents and security relavent data stored in containers run by the web portal are now encrypted when using TeamDrive Agent version 4.7 or later. - Encryption activates the so-called “super PIN” functionality implemented by Registration Server 4.2. When the super PIN is activated for an account the user is required to print out and save a 56-digit super PIN, and recovery URL (in the form of QR code) in a secure place. - After activation of the super PIN functionality the user can only access their account using their password, or the super PIN, or the recovery code (which can be retrieved using the recovery URL). Changing your password is also only possible using either the super PIN or recovery code. 
- Changes made to support local encryption of inboxes. Encryption of inboxes required Registration Server version 4.2 or later, and TeamDrive Agent version 4.7 or later. 
- Added - ContainerDatabasessetting (WEBCLIENT-334). This setting allows you to specify an alternative path for the SQLite databases used by the containers. Normally all data is placed in the- ContainerRootdirectory.- When specified the new location will be mounted in the container under the path: “/teamdrive/dbs”. However, this path will only be used if you build a new image using the TeamDrive Agent version 4.6.12.2637 or later. - This version of the client supports the “–database-path” option which allows you to specify an alternative path for the SQLite database. When - ContainerDatabasesis set, the image build process will automatically add this option to the start parameters of the agent (see- @USEDATABASEPATHin the- WhiteLabelDockerfilesetting).
2.0.3 (2020-04-14)¶
- Changes for yvva 1.5.2 compatibility.
- Fixed a problem removing container data, remove directory was failing when a ‘$’ was in the path name.
- The Web Portal will now correctly use the database specified in the “td-webportal.my.cnf” file (WEBCLIENT-296). Previously the database name was hard-coded to “webportal”.
- Fixed: in case of an exception the temporary file created by syscall() is not be deleted (WEBCLIENT-316).
- Fixed: HTML entities conversion problem when editing setting “WhiteLabelDockerfile” (WEBCLIENT-323).
- When the docker image in being updated, the Web GUI will now return the error “Upgrade in progress, please try again shortly”, when the user attempts to login.
- Added API functions to enable and disabled a container (WEBCLIENT-324).
- Added support for “prelogin” call in order to support login changes (WEBCLIENT-327).
- Added “sqlite-synchronous=normal” as start parameter for the agents to reduce SQLite flush frequency
- Set client version to 4.6.10.2619
2.0.2 (2019-07-26)¶
- Increased MinimumAgentVersion to 4.6.7.2355.
2.0.1 (2019-06-11)¶
- Fixed problems the on demand creation and starting of containers that have been deleted (WEBCLIENT-304).
2.0.0 (2019-04-25)¶
Note
Please follow the new update process described in chapter upgrade_web_portal. The former separate GUI rpm package is not longer necessary. The standard Web Portal will update the docker Container image from the docker hub during the update step and will extract and update the files necessary for the GUI from this image. A white label Web Portal needs the white label agent .tar.gz to build a white label docker container image.
- Initial release of Web Portal 2.0.
Upgrading from previous versions of the Web Portal¶
As of version 2.0.4 you must run the upgrade_now command from the console after
installing a new version of the Web Portal.
This command updates the database structure and the docker image used by the Web Portal. The Admin Console may return errors, and other random errors may occur before the upgrade had been completed.
To update the database structure and docker image start yvva and
execute upgrade_now;;. This command also upgrade the container image
used by the Web Portal. See the  chapter upgrade_web_portal for details.
Key features and changes¶
- Increased MinimumAgentVersion to 4.6.7.2328 
- External authentication supports both login and registration. This feature can be activated by setting - AuthServiceEnabledto True. To allow registration set- RegistrationEnabledto True. If no- AuthLoginPageURLor- RegistrationURLpage is specified then the Web Portal will use the “portal pages”, provided by the Registration Server.
- External authentication can be embedded in the TeamDrive Web GUI, or can the external authentication pages can be used directly. A new setting: - UseEmbeddedLogin, must be set to- Truein order to use the embedded login form.- By default, - UseEmbeddedLoginis set to- Falseif you upgrade from a previous version of the Web Portal that was using external authentication. Otherwise, the default is- True. This is to ensure backwards compatibility, with previous versions that only supported the non-embedded form.- Accessing the Web Portal domain, for example: - https://webportal.yourdomain.com, will automatically present the login in the embedded or non-embedded form, as specified by- UseEmbeddedLogin.
- You can now use “explicit” links to the login page in order to set the default provider code and language, for the login or registration. - For the non-embedded login form use the following explicit link: - https://webportal.yourdomain.com/portal/login.html?dist=CODE&lang=LG - and for the embedded login form use the following explicit link: - https://webportal.yourdomain.com/extauth/login.html?dist=CODE&lang=LG - where - CODEis the provider code, and- LGis the language code, for example- enor- de.- Note that the external authentication service must be able to handle the specified provider code and language. 
Administration Console¶
- Added a Container list page, which can be used to search for containers of a particular user and type. The container details page allows you to stop, start and delete containers. - Note that deleting a container will remove all the container data as well. This means that Web Portal users will find all spaces deactivated on next login. If the user looses his password he will also loose access to his data, unless he has a TeamDrive installation elsewhere.