WebApp 2.1.1 Final is now available

WebApp 2.1.1 Final is now available

After the WebApp 2.1.0 final release which introduced a lot of new features, we are now releasing WebApp 2.1.1, which is a maintenance release. This new version includes a couple of bug fixes, several of which are security related. These issues were reported by our customers and partners; thanks to everyone that has provided feedback! If you are already running the RC release of WebApp 2.1.1, you do not need to upgrade: the Release Candidate has been re-branded to a Final release.

What changed since 2.1.0?

A new script was developed and is included in the current package that helps administrators implement the new email signature templating feature into their organization. You can find the script in the documentation folder for WebApp (/usr/share/doc/zarafa-webapp/). A total of 15 issues has been resolved in the 2.1.1 final release. Worth mentioning are fixes for missing translations, a fix where the HTML editor generated incorrect CSS values and a loading mask that got stuck when switching between items.

Security fixes

Two of the issues are related to security. A XSS issue on the logon page was identified, where a specifically crafted URL could execute JavaScript before logging on. This issue only affects unauthenticated users. The CVE identifier 2015-7690 was assigned to this issue, which was reported by A. Kulhanek from GoSecurity GmbH, a Swiss company.

Another XSS issue was identified when displaying user-created distribution lists, which could also execute JavaScript code if the user-created distribution list was displayed on screen.

Where can I get the new version?

We recommend that you upgrade to the latest available version as soon as possible. You can download the packages from our download server and the changelog is available here.

Please note: if you are currently running the ‘beta’ of Zarafa Files 2.0, do not install the Zarafa Files packages included in this WebApp release – these are not compatible with the Zarafa Files 2.0 beta packages.

If you run into any issue please let our support team know, or open a new forum topic.

Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedIn
Bob Huisman
Bob Huisman

Leave a Reply

Your email address will not be published. Required fields are marked *