Introducing LiquidFiles v4.2
LiquidFiles v4.2 is a major LiquidFiles release with quite a few changes and improvements, one of the important changes is support for Ubuntu Pro FIPS Mode.
Performance
Removed legacy Plupload function that had been used in earlier versions of LiquidFiles. The last remaining function was uploads in Shares. We've finally migrated away from Plupload in LiquidFiles v4.2. Along with a few other improvements along the way, we've seen increased upload speeds of up to 30%.
Security Related Changes
- Added support for enable Ubuntu Pro in Ubuntu Pro FIPS Mode.
- Login Limit. If a user fails to login 10 times in a row, the user will be required to change their password.
- If someone is trying to authenticate with a non-existent account and Friendly Error messages is disabled, that non-existent email will be blocked for logins for about one day (randomized between 18 and 36h).
- Stronger input validation for admin functions (the stronger input validation had already been added to user visible functions in previous versions of LiquidFiles).
- Friendly Error messages now defaults to disabled.
- CSP now uses the Public Hostname instead of 'self' if Strict Hostname Validation has been enabled.
- When a Filedrop has recipient validation enabled, you are now required to send a valid user API key when accessing the Filedrop using the API.
- When a Filedrop password has been set, you are now required to send this password as authentication when accessing the Filedrop using the API.
- Stronger URL filtering in nginx.
General Changes
- Added multi-select in shares to select multiple files or folders to move or delete at once.
- Added function to sort files and folders in shares.
- Trashed files in shares are now automatically deleted, on default after 14 days.
- Added Support for Anonymous and Anonymous Public Shares. Anonymous Shares can be accessed read-only by anyone that has the share URL. Anonymous Public Shares are also listed at the /shares path (i.e. https://files.yourcompany.com/shares). This could be used for instance for marketing material, company logo's and other things you want to enable public access to. You can optionally also set a password in order to be able to access these anonymous shares.
- Added custom admin levels, it's now possible to create non-admin groups with some admin privileges for Shares, Filedrops, Users, Pools and Branding.
- Previous User Admin and Pool admins functions now use custom admin levels. If you haven't used User Admin or Pool Admin groups, they will be removed.
- Sessions Timeout now defaults to 6h.
- Outlook Web sessions now use the Session Timeout.
- Persistent cookies now expire after n days of inactivity instead of an absolute time.
- The Return-Path is now set to the users email for local users and the Email Sender Address Policy is set to Local Domain Emails use their own addresses or Email Sender Address for system email only.
- Added a function to record delivery of emails for Secure Messages.
- Added valdation when editing Locales to ensure variables are correctly configured.
- Show active and expired messages in separate tabs in Admin → Data → Messages.
- Updated the internal queue worker engine.