- Release Date: May 2024
- Build Number: 21.0.101
- Type: Service Pack Release
This release contains major security fixes, please upgrade your server as soon as possible.
Download Links
Upgrade Information
- Please read this complete Release Notes and instructions before upgrading.
- Please follow the regular upgrade documentation for Windows or Linux
- Upgrading any previous version higher or equal to version 16.0.100
- Cluster: Running different versions on the servers in the cluster is supported but limited to version >= 16.0.100
- Mandatory configuration changes:
nginx configuration changes
Please update the nginx site configuration due to security fixes from server version 21 FINAL:
location /rpc { ... proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-For $remote_addr; } ... location / { ... proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-For $remote_addr; } ... location /websocket_client { proxy_http_version 1.1; proxy_pass http://cluster/websocket; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; }
Notes:
- The configuration is incorrect in case you see in logs or browser:
Host header invalid - should contain web base URL
- For more Information, please visit our guide: Reverse Proxy Setup Guide#PassHostnameoftheUpstreamwhenReverseproxying
- Apache2 configuration does not need to be changed
SAML: Transfer of security Information
Change SAML/Shibboleth attribute prefix to "SAML
" (from "HTTP_
") in shibboleth2.xml and Apache config.
This change is not backward compatible due to security reasons! There changes have to be done to correctly support SAML logins
- For more Information, please visit our guide: Apache configuration
Downgrade Information (optional)
- In case a downgrade to a previous version is necessary:
- For a downgrade, you have to review our downgrade documentation.
- Simply replace the PowerFolder-Server.jar file with that from the previous version you would like to run.
- Log messages due to the higher schema version of database can be ignored:
[DatabaseMigrator]: Database layout version is newer than expected.
HTTPS Server-Client-Tunnel using Web Sockets
The clients can also use the web sockets same as our iOS app, please use the following web proxy guide to enable the web sockets: WebSockets for iOS and Desktop Client#EnablingWebSocketsforClient
Add the following config. to the Default.config (server) or PowerFolder.config (client) when the clients should use the web sockets. Precondition is, that the web sockets are configured on the server/load balancer.
connections.websocket=true
Document Editing using WebDAV
After MS security updates 2023 the editing of documents using WebDAV is not possible, please use the following file to update the settings:
More Information under: WebDAV known issues in Windows
API Call to restore folder from BACKUP_REMOVE
You can now use the API call to restore one or all folders from system recycle bin:
- Restore single folder: https://apidoc.powerfolder.com/#api-Folders-GetApiFoldersActionRestore
- Restore all folders: https://apidoc.powerfolder.com/#api-Accounts-GetApiAccountsActionRestoreallfolders
Changelog Extended
- PFS-4349 - Fix editable document file links when uploads are deactivated
- PFS-4348 - Disable mails on quota overuse of folder owner
- PFS-4330 - A1.3 Security fix
- Release Date: May 2024
- Build Number: 21.0.100
- Type: Service Pack Release
Changelog
- PFS-4124 - Document editing: Fix WebDAV access with .reg file
- PFC-3412 - M1.1: Provide HTTPS server-client-tunnel
- PFC-3414 - H1.1: Replace ECB encryption with web socket SSL connections
- PFS-4183 - Reverse proxy should disconnect from target server when initial requests fails/stops
- PFS-3793 - Change transfer of security information of SAML
- PFS-4300 - Web tests for all files functions
- PFS-4322 - Failed to update devices on account delete when running parallel
- PFS-4338 - API Call to restore folder from system recycle bin (BACKUP_REMOVE)
- PFS-4346 - Increased DDoS protection: throttle HTTP requests
- PFS-4327 - M1.2 Security fix
- PFS-4326 - M1.1 Security fix
- PFS-4329 - N1.2 Security fix
- PFS-4333 - N1.3 Security fix
- PFS-4334 - N1.4 Security fix
- PFS-4335 - N1.5 Security fix
- PFS-4331 - I1.1 Security fix
- PFS-4332 - I1.2 Security fix
- PFS-4336 - I1.3 Security fix