• Release Date: March 2025
• Build Number: 22.3.101
• Type: Hotfix Release

Download Links

• JAR File (Wiki Password required) 
• Linux
• Windows
• Outlook Add-In

Upgrade Information

• Please read this complete Release Notes and instructions before upgrading.
• Please follow the regular upgrade documentation for Windows or Linux
• Upgrading any previous version higher or equal to version 16.0.100
• Cluster: Running different versions on the servers in the cluster is supported but limited to version >= 22.0.100
• Mandatory manual changes:

Script to check Database in case of Problems on Migration

In case you encounter problems during the update with the database migration you might need to check if entries exists in table Account with too long column data:

SELECT username,CHARACTER_LENGTH(firstname) FROM Account WHERE CHARACTER_LENGTH(firstname) > 127 LIMIT 100;

→ Check the selected Accounts and fix the issue via Web->Admin->Account→Edit and shorten the given entries, in this case "firstname".

Note: Script needs to be adjusted depending on the failing statement. Example is for this step:

ALTER TABLE Account MODIFY COLUMN firstname VARCHAR(127);

Database Update Scripts

• MySQL
• MSSQL
• PGSQL
• H2

The target SchemaVersion is 182

nginx configuration changes

Please update the nginx site configuration:

location /rpc {
            ...
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-For $remote_addr;
}

...

location / {
            ...  
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-For $remote_addr;
}

...

location /websocket_client {
            proxy_http_version 1.1;
            proxy_pass http://cluster/websocket_client;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
			proxy_set_header Upgrade $http_upgrade;
			proxy_set_header Connection "Upgrade";
}

Notes:

• The configuration is incorrect in case you see in logs or browser: Host header invalid - should contain web base URL
• For more Information, please visit our guide:
  • Reverse Proxy Setup Guide#PassHostnameoftheUpstreamwhenReverseproxying
  • Cluster Setup Guide
• Apache2 configuration does not need to be changed

SAML: Transfer of security Information

Change SAML/Shibboleth attribute prefix to "SAML" (from "HTTP_") in shibboleth2.xml and Apache config.

This change is not backward compatible due to security reasons! These changes have to be done to support SAML logins

For more Information, please visit our guide: Apache configuration

Downgrade Information (optional)

• In case a downgrade to a previous version is necessary:
  
  • For a downgrade, you have to review our downgrade documentation.
  • Simply replace the PowerFolder-Server.jar file with that from the previous version you would like to run.
• Log messages due to the higher schema version of database can be ignored:

  • [DatabaseMigrator]: Database layout version is newer than expected.

New features and improvements

Activate Reporting for Content Security Policy (CSP)

Please configure the following entry in PowerFolder.config:

web.log.csp.enable=true

Reporting is only after 60 minutes or after 500 log entries. 

MFA is now Default

To enhance the software security, Two-factor-authentication is now enabled by default in config:

mfa.enabled=true

To disable the possibility for users to use MFA set in config:

mfa.enabled=false

HTTPS Server-Client-Tunnel using Web Sockets

The clients can also use the web sockets same as our iOS app, please use the following web proxy guide to enable the web sockets: WebSockets for iOS and Desktop Client#EnablingWebSocketsforClient

 Add the following config. to the Default.config (server) or PowerFolder.config (client) when the clients should use the web sockets. Precondition is, that the web sockets are configured on the server/load balancer.

connections.websocket=true

Support Sender of Invite as Email from Address

For invitation emails: Set the email of the sender of an invitation as email from field instead of the default from address. Requires unauthorized sending via email serve:

mail.from.use_sender=true

Updated Documentation Microsoft SQL Server 2022

PowerFolder server now supports the MS SQL Server 2022, please consult our wiki article when you want to use the database server: Database Setup Guide | DatabaseSetupGuide InstallMySQLServer

Changelog

• INT-997 - Security Fix

• Release Date: March 2025
• Build Number: 22.3.100
• Type: Service Pack Release

Full Changelog

• PFS-4329 - N1.2 Security fix
• PFS-4465 - Change authorization checks for API invitation and add API docs 
• PFS-4459 - Provide option to change folder owner of shared folders as server admin 
• PFS-4452 - Prevent overuse of storage with recycle bin and move operations
• PFS-4458 - Provide autofill default expiry for links in the link settings 
• PFS-4464 - Fix preview and slide show for photos and videos using file links 
• PFS-4475 - Leaving a shared folder ist possible through (...) menu
• PFS-4460 - Correct spelling mistake in change PW window 
• PFS-4463 - Fix host head check within cluster 
• PFS-4454 - Fix emails after enabling the anti-XSS filter 
• PFS-4462 - Run background storage migration between 1 and 5 at night only 
• PFS-4480 - Enable MFA by default in config