Release Notes CSG 7.1.6

Collax Security Gateway

Installation Notes

Update Instructions

To install this update please follow the following steps:


  1. It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
  2. In the administration interface go to System → System Operation → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
  3. Click Get Packages to download the update packages.
  4. Click Install. This installs the update. The end of this process is indicated by the message Done!.
  5. A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.

New in this Version

E-Mail: TLS version for outgoing e-mails selectable

Emails can be send via a secure TLS connection with remote mail servers which also support TLS. Now the SSL/TLS version for outgoing e-mails can be choosen.

Web Proxy: Enable browser autoconfiguration for proxy (WPAD)

Activating this option activates the WPAD functionality, which enables automatic proxy detection by browsers and some operating systems. This dialog is located under “Web Proxy -> Web Proxy Server -> Options”.

Add-on Software: New Version of Avira Antivir

The virus scanner Avira Antivir offers comprehensive antivirus protection for email services. Within this Collax system update the scanner is updated to the newest version 4.11.1.

Add-on Software: Update notification of the virus scanner pattern update

The update mechanism for the virus patterns of all installed and activated virus scanners can inform the administrator by e-mail about the update status. The previous statuses “Always” and “Never” will be extended by the status “On errors”.

System Management: Overwrite MySQL configuration settings

This release gives you the ability to override MySQL configuration values. Depending on the application that works with the database, it may be useful to adjust the automatically determined configuration values. For Kopano installations, these values should only be changed in exceptional cases. Only in installations with a large number of users and unusual requirements can adjustments lead to better performance. Changes should only be made by experienced administrators or on the recommendation of support. The section is divided into three parts. The values for the MySQL server and the storage engines MyISAM and InnoDB can be configured. If a field remains empty, the default value is used. The names of the fields are linked and lead to the documentation of the respective value.

System Management: Linux Kernel 4.9.186

This update installs Linux kernel 4.9.186.

Issues Fixed in this Version

Security: Important security relevant System Components

This update will also install/update the following important system components:

  • freeradius 3.0.19
  • libpng 1.6.37

CVE-2019-11234 / CVE-2019-11235 / CVE-2018-14048 / CVE-2018-14550 / CVE-2019-7317

Web Proxy: Squid 4.8

The Webproxy Squid will be updated to version 4.8 with this update. It also corrects a bug that could cause web radio streams to crash with the error “assertion failed:” lowestOffset “”.

Web Proxy: Saving custom URL Lists

Custom lists offer the possibility to maintain one or several URL lists. These lists can be used in the Rules. The creation of custom lists with more than 7000 entries was acknowledged by an error. This behavior is corrected with this update, own lists can now easily contain over 10000 entries.

Certificates: Certificate Creation

Certificates can be added under “Usage Policy -> X.509 Certificates”. Due to an error, user-type certificates were generated incorrectly. The certificate purpose was in this case “SSL client: No” instead of “SSL client: Yes”. This is fixed with this update. Furthermore, under certain circumstances, certificates could not be generated in every key length. This is also fixed. This update also generates an error message if the entered CA password is wrong.

VPN: VPN connection with revoked certificates

The VPN component charon has shown unexpected behavior and VPN connections with a certificate revoked by a CRL. With this update prevents VPN tunnels from being set up with revoked certificates. Existing VPN tunnels remain active until the next re-keying (default: 9 hours).


E-Mail: Avira AntiVir prior Version 7.1.6

From Avira, an automatic update of the core components of Avira has been carried out. In this context, a new dependency of the libraries has been added, the next time the virus scanner is not started can be resolved. The result is that the virus scanner does not work during a reboot or configuration change is restarted. For security reasons, emails will no longer be delivered. To solve the problem, please update your server to version 7.1.6. Note: As long as the virus scanner is not restarted, it works in its entirety.