Okiok is releasing version 4.9.0 of S-Filer/Portal™.
The following important features have been added in this release:
Easy configuration of TLS keys and certificates
The configuration interface now includes screens to manage the various SSL/TLS keys and certificates used in S-Filer. There is so much to cover that there is a blog post to describe this feature.
Experimental Configuration command line tool (CLI)
S-Filer now includes a “Command Line Interface” (CLI) to perform some configuration tasks such as:
- Creating the server instance
- Adding Gateway or Web interface instances
- Updating the database schema
- Reading and changing configuration values
Before this feature, these tasks could only be performed in the configuration web interface and prevented fully scripted installation and configuration. The configuration CLI is still considered experimental since not all tasks have been implemented and some more advanced scenarios may still need to be performed in the web interface. However, it is a first step towards automating S-Filer deployments.
New REST web services
The new web services follow REST design principles and are built on the Swagger framework. This offers several advantages over our previous web services:
- A clear specification written in YAML
- Generated documentation from the specification
- Swagger-UI: A web tool to try the web services
- Client code generation in many languages supported by the Swagger project
In this first release, only a subset of operations were implemented, however, in the next releases, this API will be expanded considerably.
In HTTPS mode, it is now possible to select some files or folders and download them
HTTPS downloads is the regular kind of download where you click on a link and the browser downloads the file to disk. This has been supported for single files in S-Filer/Portal for a long time. However, when you want to download 13 files and 2 folders along with the contents of those folders, S-Filer/Portal would simply give an error indicating that only single file downloads were possible.
To fix this, we use the same solution we implemented a while back in our “Download All” feature, namely we create a zip of the files and then send the zip to the browser for download. This offers great flexibility for our clients who now can use this functionality in HTTPS since it was already available in APPLET mode.
The encrypted files are now stored in multiple directories for better performance
Previously all encrypted files were stored in the same folder. In installations that handle a very large number of files, this resulted in inefficient use of the filesystem because folders were not meant to hold hundreds of thousand of files.
To fix this, we implemented directory sharding, where we have 256 folders under the main folder and files are stored in those subfolders. Note that the system is smart about this and existing files do not need to be migrated, they will be found even in the older structure, only new files are stored according to the new structure.
Environment variables can now be used in config files
A feature to enable advanced deployment scenarios, S-Filer/Portal configuration files now support environment variables replacement. A common syntax was used, namely:
will be replaced by the value associated with the environment variable named: ENV_VAR.
Implemented preview mode in ICAP to optimize the scanning of large files
Most antivirus software can make a decision on a file using the only the header of the file. Basic use of the ICAP protocol meant the S-Filer/Portal would send the entire file to the anti-virus before checking for the response. Since S-Filer/Portal often handles very large files, this could waste a lot of bandwidth.
The solution now includes more advanced ICAP support and queries the ICAP server to determine if it supports preview mode. In this mode, only a preview (usually 4k) of the file is sent before the antivirus sends back an answer. In that case, the answer can be positive, negative or “Send the rest of the file” which are handled properly. Since most moder antivirus support preview mode in their ICAP implementation, we expect this to make a huge difference in scanning times for large files.
Minor improvements and bug fixes
This release also includes minor features and bug fixes:
- Fixed the search functionality in the SOAP web services. It is now possible to perform an “exact match” search not only “contains” search.
- In the administration panel of users, communities or groups, when assigning items, it was possible to assign the same item many times before saving. This has been fixed and items already assigned will not appear in the available list.
- Users without download rights could not see folders in a community, this did not allow them to upload files in these folders. This has been fixed and now they can see folders, but they still can’t see files if the community does not allow users to see “non-downloadable” files.
- When printing a File Report for a specific user and an invalid value was entered for the user, the report page would indicate an error instead of reporting the error in the report parameter page. This has been fixed and errors are properly reported.
- In the configuration interface, descriptions have been added to scheduled jobs in order to more precisely describe what each job does.
- Fixed a bug with the redirection mechanism which would sometimes attempt a redirect to internal address. Now relative links are properly generated and work in all cases even behind proxies which rewrite URLs.
- Improved the behavior of the “License Agreement” and “Acknowledgement” pages so that buttons are closer to the content and the flow is easier to understand.
- Updated the SSH library used in S-Filer for SFTP transfers so that longer Diffie-Hellman keys can be generated. This solves a problem where newer SFTP clients considered the 1024 bits DH keys generated by S-Filer too weak.
- It was possible for some audit records with very long messages to fail to be recorded. This has been fixed, however, if the message exceeds the length of the database column it is truncated, so only partial information will be kept.
- When logged in as an administrator, it was possible to access the “User” view of S-Filer, in that case, the administrator did not see any community and no files were shown anywhere but the administration menus were not shown either. This has been fixed and administrators will be redirected to the “Admin” view whenever they access the “User” view.
- Some of the more complex reports now allow configurable limits for the number of “subitems” for each displayed items. For example, when selecting a reports of all groups in S-Filer, it is possible to restrict the list of group members shown to 5, 25 or “No Limit”. This greatly accelerates the generation of such reports.
There no known issues at this point.
This section describes an update from 4.8.4
- This update does involve database schema changes, make sure to backup the database before performing the update in the configuration interface
- This update does not change the UI themes
- This update does not change the email templates
- This update changes the values in configuration files and migrates configurations related to SSL/TLS keys from the old style to the new format automatically. However, it is recommended to take a backup of those config files before starting the update.