🖥️ PowerFolder Server 23 SP4

1 📦 Download Links
2 ⬆️ Upgrade Information
- 2.1 🆕 Organization Expiration Management
3 🛡️Content Security Policy (CSP) Protection
- 3.1 Configuration
- 3.2 Options
- 3.3 ✨ New: Default user folders on first login
4 🔄 Javascript in Email Templates
5 📂 Enhancements in Database for Sub-Folder Sharing
6 ⚠️ Logging - "Missing Account Information"
7 📄 Logging - Folder Metadata
8 ⬇️ Downgrade Information (optional)
9 📜 Changelog
10 📜 Full Changelog

Release Date: November 2025
Build Number: 23.4.101
Type: Hotfix Release

📦 Download Links

JAR File (Wiki Password required)
Linux
Windows
Outlook Add-In (No changes)

⬆️ Upgrade Information

Please read this complete Release Notes and instructions before upgrading.
Please follow the regular upgrade documentation for Windows or Linux
Upgrading any previous version higher or equal to version 16.0.100
Cluster: Running different versions on the servers in the cluster is supported but limited to version >= 22.0.100

🆕 Organization Expiration Management

Two new administrative API endpoints have been added to manage expired organizations more efficiently:

Report expired organizations — Generate a detailed report of organizations that expired before a specified number of days.
https://apidoc.powerfolder.com/#api-Organizations-reportExpiredBefore
Delete expired organizations — Permanently remove organizations that expired before a specified number of days.
https://apidoc.powerfolder.com/#api-Organizations-deleteExpiredBefore

These endpoints simplify maintenance and cleanup of outdated organizational records in larger deployments.

🛡️Content Security Policy (CSP) Protection

To enhance security against Cross-Site Scripting (XSS) and other injection attacks, the application supports enabling Content Security Policy (CSP) headers. CSP allows the browser to restrict which content sources (scripts, styles, images, etc.) are allowed to load, preventing malicious scripts from executing.

Configuration

The CSP mechanism can be controlled via configuration flags in your server configuration file:

# Enable or disable Content Security Policy
web.csp.enable=true

# Run in report-only mode or enforce policy
web.csp.report_only=false

Options

web.csp.enable
- Default: true
- Enables CSP headers in responses.
- Set to false to completely disable CSP protection (not recommended).
web.csp.report_only
- Default: false
- When false, CSP violations will block content that does not comply with the policy.
- When true, CSP runs in Report-Only mode: violations are logged/reported, but the browser does not block the content.
This is useful for debugging potential CSP false positives without breaking user functionality.

✨ New: Default user folders on first login

To simplify onboarding for new users, the system can now automatically create default folders at their first login.
Add the following to your Default.config (server maintenance):

# Default folders
f.my_files.name=Meine Dateien
f.my_files.dir=Meine Dateien
f.shared.name=Geteilt
f.shared.dir=Geteilt

🔄 Javascript in Email Templates

The email templates are also improved, please update the email templates or delete the old templates.

📂 Enhancements in Database for Sub-Folder Sharing

In this version, major changes have been made to the database tables. New columns and entries have been added to support versioning and preparations for sub-folder sharing in upcoming releases. These changes are backward-compatible, even if the admin decides to downgrade the server.

⚠️ Logging - "Missing Account Information"

Admins will get the above stated log entries in this version, this is only for debugging purpose. To turn off these log entries please add the following parameter to JMX:

^{-Dpowerfolder.feature.FILEINFO_LOG_MISSING_MODIFIED_BY_ACCOUNT=false}

📄 Logging - Folder Metadata

Folder metadata logging is now more detailed in preparation for upcoming subfolder and sharing features.

You may see entries like:

"Found newer version in memory. in DB"
"Storing"
"Rename (forced internalize)"

These are informational only and not errors.
Support packages remain helpful for troubleshooting.

⬇️ Downgrade Information (optional)

In case a downgrade to a previous version is necessary:
- For a downgrade, you have to review our downgrade documentation.
- Simply replace the PowerFolder-Server.jar file with that from the previous version you would like to run.
Log messages due to the higher schema version of database can be ignored:
- [DatabaseMigrator]: Database layout version is newer than expected.

📜 Changelog

PFS-4642: Download and copy of file links in subdirectories leads to “not synced yet"
PFS-4641: Fix issue causing occasional sync failures for password-protected links
PFS-4643: Ensure account valid till date is same as organization
INT-1165: Correctly invoice 1 TB partner package when there is no booked active customer
INT-1157: Ensure that customer_balance / Überweisung is used for invoices in monthly invoice run
INT-1106: Track and store Referrer page in account JSON and notes during registration

Release Date: October 2025
Build Number: 23.4.100
Type: Service Pack Release

📜 Full Changelog

INT-1130: 4.1 Security fix
INT-1131: 4.2 Security fix
INT-1133: 4.3 Security fix
INT-1134: 4.4 Security fix
INT-1135: 4.5 Security fix
INT-1136: 4.6 Security fix
PFS-3752: Download of old file versions
PFS-4516: Provide support for ODS, ODT, ODP files using file links
PFS-4562: API Call to delete Organizations expired before X days
PFS-4615: Search Organization by OID
PFS-4611: Enhance Database Performance Monitoring with Advanced Statistics Logging and improve caching in session handling
PFS-3005: Adding non existent users via edit organization dialog not possible
PFS-2853: Fix cut and paste of files between folders
PFS-4616: Fix duplicate federated folders