[oxse-announce] Please pay attention: New improvements for administrators of Open-Xchange Server 6 v6.18

Open-Xchange Server Edition Maintenance Announcements oxse-announce at open-xchange.com
Thu Sep 2 09:15:46 CEST 2010

Dear Customers of Open-Xchange,
Open-Xchange releases Open-Xchange Server v6.18.0. Open-Xchange provides with the new version two main improvements which it is necessary to adapt for the administrator:
- Important: New Apache settings
New Open-Xchange user interface versioning requires some Apache directives. Further information about the settings are documented at the Installation Guides for the different platforms:
-  Persistent Auto login / Enhanced Session handling
Open-Xchange introduces a persistent auto-login mechanism, which allows the user to decide, if he wants (for security reasons) to enter his login and password every time when he opens Open-Xchange, or if he wants to automatically log into OX from his computer ("Remember Me" functionality) as long as the session is available on the server. If the user selects this option, the session information will be stored in two different cookies in the browser and will be valid for a configurable amount of days.
Attention (User): The user must only use this feature if he is working with a secured workstation and not with a publicly accessible computer like an internet cafe.
Attention (Administrator): A new option is introduced, which allows the administrator to activate the feature server-wide when he is sure, all his clients are secure enough to allow the users to use that feature. The auto-login feature is disabled by default and needs to be activated manually by the administrator. To enhance security, the auto-login mechanism is only available through secure, encrypted connections. The session lifetime needs to be configured to the wanted time (please note, that keeping sessions too long may waste your RAM). 
In Multi-Server environments, the JSESSIONID lifetime needs to be configured accordingly to ensure, that the loadbalancing mechanism works after closing the browser.
Besides more comfort for the user, the cookie handling introduced with the persistent auto-login  enhances security of OX. If single requests are hijacked or exchanged during transport to the client (Broken loadbalancer, webserver, ...) it will not be possible to hijack the users session.
The mechanism of the OX session-handling is in detail described in this whitepaper:
-  JavaScript Auto-Versioning
An automated versioning of the JavaScript files has been implemented. With that enhancement it is no more necessary to clean the browsers cache after each Open-Xchange update, the browser will automatically recognize the new version and reload the necessary files.
Please read the Release Notes for further information under
Configuration Changes - 
Change #334 - Auto-Login and Lifetime of Session Cookies
Change #347 - GUI Versioning to Remove the Need for clearing Browser Caches after each Update
You will find the Release Notes here:
Best regards, 
    Your Open-Xchange Team 
Open-Xchange AG,Maxfeldstr. 9,90409 Nürnberg, Amtsgericht Nürnberg HRB 24738
Vorstand: Rafael Laguna de la Vera, Aufsichtsratsvorsitzender: Richard Seibt
European Office: Open-Xchange GmbH, Martinstr. 41, D-57462 Olpe, Germany
Amtsgericht Siegen, HRB 8718, Geschäftsführer: Frank Hoberg, Martin Kauss
US Office: Open-Xchange, Inc., 303 South Broadway, Tarrytown, New York 10591
---------------------   www.open-xchange.com   -----------------------------

More information about the oxse-announce mailing list