Release Notes CPS 7.0.20
Collax Platform Server
To install this update please follow the following steps:
- It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
- In the administration interface go to System → System Operation → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
- Click Get Packages to download the update packages.
- Click Install. This installs the update. The end of this process is indicated by the message Done!.
- A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.
New in this Version
In the dialog “History” in the menu “Software -> System update” from this release on the date can be seen when which version was installed. The function is available from the update and not retrospectively.
Collax Advanced Networking: Quality of Service (QoS)
“Quality of Service” (QoS) refers to procedures used to guarantee a specific connection quality for individual services. The increasing use of real-time data connections makes such procedures ever more important. The Collax Server enables the realization of QoS. The implementation is unidirectional, i.e. support by the remote party is not necessary or not possible. QoS is only applied to outgoing data (egress); the receipt of data (ingress) can only be limited. The new function replaces the previous bandwidth management and can be found under “Network -> Links -> QoS”. to be activated.
Issues Fixed in this Version
In the source code of the virus scanner ClamAV security holes have been discovered. These holes will be closed within this software update to the version 0.99.3.
Security: Meltdown and Spectre - Serious processor security hole
Security researchers have discovered massive security holes in processors that were developed by security experts These holes were published under the name Meltdown or Spectre. Meltdown is the vulnerability, that allowed unprivileged processes the reading of kernel memory. Spectre is the security hole that exploits that CPUs execute many commands speculatively in advance, resulting in memory areas, that can be tapped. This update installs a feature against Spectre Variant 2 called Retpoline “Return Trampoline” Support. Information about Retpoline can be found here .
More information on Meltdown and Spectre here .
Security: Internet Domain Name Server Bind
In the source code of the internet domain name server BIND security holes have been discovered. These holes will be closed within this Collax software update to bind 9.9.11-P1
Assigned Common Vulnerabilities and Exposures (CVE) number: CVE-2017-3145
Security: Improved Protection for Cross-site scripting Attacks
Within this Update the Apache directive TraceEnable has been disabled. The TRACE command could be used in XSS attacks and should be disabled. Assigned Common Vulnerabilities and Exposures (CVE) number: CVE-2004-2320
GUI: Event adminpage logout
In the dialog in the menu “Logging / Monitoring -> Event Log”, for certain events, the system can generate an e-mail to the administrator. Due to an error in the program code In the adminpage logout email, no username appeared, as opposed to logging into the system. This update will correct the error.
Collax Advanced Networking: Inheritance of traffic policies from parent network groups
To be able to use the policy routing functions, network packets must be marked. The traffic policies are used for this purpose. Due to an error in the program code of the firewall generator, traffic policies were not transferred correctly from higher-level network groups. This will be fixed with this update.
E-Mail: Increased required space when using IMAP and full-text index
The option “Generate full-text index” in the options of the dialog “Mail and Messaging -> Mail Storage -> IMAP and POP3” generates a full-text index of the local IMAP folders which accelerates the search within the IMAP folders and e-mails. While activated, the system could use up to 20% more space compared to the former release (also with activated index) for the service cyrus. Please check the space requirements of the service cyrus in advance. Under the dialog “Status -> System -> Statistics” the graph “filesystem/data” shows further details.
E-Mail: Collax Virus Protection powered by Kaspersky prior Version 7
Version 7 of the Collax C servers has updated the anti-virus engine and the format of the patterns. This was done to respond to new threats with the best possible protection. Patterns for versions prior to 7.0.0 will be available until December 31, 2017. From 01.01.2018 Kaspersky will not update the patterns for Collax version 5 and older. All installations using the Collax Virus Protection module should therefore, be brought up to date.