Release Notes CSG 5.8.6

Collax Security Gateway

Installation Notes

Update Instructions

To install this update please follow the following steps:


  1. It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
  2. In the administration interface go to System → System Operation → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
  3. Click Get Packages to download the update packages.
  4. Click Install. This installs the update. The end of this process is indicated by the message Done!.
  5. A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.

New in this Version

GUI: Listing of imported users in alphabetical order

For groups from the Active Directory management to be displayed, the system must have joined an Active Directory as member, and the Active Directory proxy must be activated on the system. The listed group can be integrated in the local policies. The listed group will be sorted in alphabetical order from now on.

GUI: Importable Groups dialogue

The dialogue for importable groups is now located under System -> Usage Policy -> Policies instead of System -> Usage Policy -> Windows Support

GUI: Validity of certificates

The validity of certificates is displayed in the list of certificates. The remaining period is shown in remaining days. With this release the expiration date is shown instead.

E-Mail: Quarantine procedure for Header Filter

In the dialog Services -> Mail and Messaging -> Mail Security custom rules for filtering e-mail attachments can be setup. These dialogs also serve the management of filters for lines in the e-mail headers. With this Collax update the action Redirect to E-mail address can be choosen.

Net: Brute Force Protection for Zarafa

From this update on it is possible to enable a Brute Force Protection service for Zarafa.

Net: Email Notification for Brute Force Protection

From this update we added the possibility to enable/disable email notification for the administrator.

Net: Port Forwarding

You can disable or reenable a port forward. In this way, you do not need to delete and reconfigure a port forward that is only needed occasionally. With this update the active/inactive state is shown in the list of port forwards and can be disabled or reenabled there directly.

Backup/Restore: Initialize unpartitioned devices

If a device was detected in the system that is not used and whose partitions are not used, the device can be initialized. After the initialization, the device can be used by existing volume groups or by the backup system. With this release also unpartitioned devices can be initialized successfully.

Misc: Sign LDAP connections

If there is already a Windows server controlling a domain, the Collax Server can join this domain. Within this update signed ldap connections are possible in the case of Domain Controllers enforcing the usage of signed LDAP connections. More details can be found here:

Sign and Seal

System Management: Active Monitoring supports X.509 certificates check

Certificates according to the X.509 standard are managed on the Collax Server. With this update the active monitoring checks the validity of certificates. A warning is shown within the active monitoring if the remaining days are below 14. Not yet valid or already expired certificates will be shown as critical.

Hardware: Support of storage controllers with chipset LSI SAS 3108

With this update Collax Server support storage controllers with chipset LSI SAS 3108 like for example the LSI MegaSAS 9361 Raid controller.

Issues Fixed in this Version

Security: Scripting Language PHP5 and PHP Libraries

In the source code of PHP5 security holes have been discovered. These holes will be closed within this software update to PHP 5.6.6. Please note that its a major update from PHP5.3 to PHP 5.6. More information can be found here:

Security: MySQL database and phpMyAdmin

A number of basic MySQL settings can be configured in the Collax Server administration interface. The administration of the actual database takes place by way of the powerful phpMyAdmin system. MySQL makes use of its own user management. Two users are preconfigured: “admin” and “root”. With this update the user “admin” will be deleted. Login to phpMyAdmin will result automatically if logged in to the Collax Server administration interface.

GUI: Install Applications of various Vendors

With this software version applications of various vendors can be installed on the platform of the Collax Security Gateway. Software vendors can use the Collax Solution Platform (CSP) to integrate their applications and will provide cabinet files.

Certificates: Revoke certificates

The action Revoke revokes a certificate. The certificate is deleted and entered in the CRL (Certificate Revocation List) for the CA. From this time on, the certificate is blocked on the Collax Server. Certificates could not been revoked if the CA certificate contained certain special characters. This issue has been corrected with this update.