Releases

Api: diverse security hardening following up a pentest through SySS GmbH contracted by one of our customers
Api: allow to check passwords e.g. for application secrets via OpenID Connect authentication (requires "password" grant!)
Addressbook: hide account-name column for non-admins, unless otherwise configured in app-configuration of addressbook
CalDAV/CardDAV: only show own user and memberships on automatic index page (or PROPFIND) for privacy and security reasons
Admin/Api: allow to hide groups from non-admins
Admin/Preferences: allow to use templates for creating application-passwords (and optionally limit groups to just use pre-existing templates)
Calendar: Stop constant flickering in planner view
Addressbook: use a hierarchical list to show distribution lists incl. groups (if groups are enabled)
Filemanager: tile view show filename and comment on hover
Mail: allow to search for Bcc addresses (works only in Sent folder!)
Mail: allow to select (multiple) mail addresses from addressbook directly in compose window
Mail: Deleting emails from the list is faster
Mail: added an option in mail preferences to hide the 'From' address header in the compose window
Collabora: white icons for new notebookbar in new Collabora version 24.04.11
Tracker: Update Times column as timesheets are added to tickets
Tracker: new filter "Not closed or pending"
Resources: new setting what to show in title beside name: short description (default), location or inventory number
Addressbook/REST-API: changed NameComponent names to match final RFC 9553 (old names are parsed, but no longer returned, see the docu)
InfoLog/REST-API: allow to set primary link via relatedTo object, see updated REST API docu for InfoLog
LDAP/Univention: fix not imported or read group mail address
LDAP/ADS/Import: invalidating accounts-cache during import for groups, accounts and memberships
EPL/eSyncProvisioning: allow to NOT set the optional MaxDevicePasswordFailedAttempts policy
Invoices (EPL): new invoice-types "Corrected invoice" (384) to cancel invoices and "Credit note" (381)
Invoices (EPL): allow to configure a full and reduced tax rate, to reduce errors by manual repeated entry
Invoices (EPL): schema update to fit "cancelled" status and prefer matching business email over other matches on import
Invoices (EPL): translation of unit-codes and {{*/en}} placeholders for untranslated content (without it's translated to users language)
Invoices (EPL): fix (regular) PDFs on mobile device are opened in invoices viewer and give an error it's no invoice
Many translations
Extended release notes

Mail: use account of selected From address to send mails, not the current open mailbox
Mail: prefer identity email over SMTP username for Return-Path header, if both are from the same domain
Addressbook: fix non-active accounts where visible for non-admins, if hidden accounts exist
All apps: merge-print of OpenDocument files now also replaces in header- and footer-lines or text-frames (styles.xml part of the document)
Tracker: Add 'View linked Time Sheet entries' action
Invoices (EPL): allow to use Invoices app as viewer for e-invoices in Mail (without rights for Invoices app itself)
Invoices (EPL): allow to select a mail template and directly mail invoice to buyer
Invoices (EPL): attach imported invoice pdf/xml to the imported invoice and link it with the seller
Invoices (EPL): allow to set and import product characteristics and country of origin
Invoices (EPL): display/import invoices in UBL XML syntax too (generated invoices use CII syntax)
Invoices (EPL): allow to download multiple invoices as PDF, XML or ZIP-archive
Invoices (EPL): allow to select "XML invoice", even if Collabora is available, e.g. for customers requesting XML over PDF
Invoices (EPL): additonally support UBL syntax for import or display, beside the already used CII syntax, used for creating invoices

LDAP/AD: bugfixes introduced by last maintenance release
Mail: new microsoft app for oauth authentication for mail
ViDoTeach: display videos from swivl.com
API: removed not working themes, Standard and Fancy are the only ones now plus mobile device support
Import/Export: fix not working CSV import wizard
All apps: many fixes around new Bootstrap icons and the updated UI
Invoices: preview of new EPL app to write and import e-invoices (ZUGFeRD or XRechnung)
Many translations

PHP: security update to 8.3.14
All apps: many fixes in Fancy theme and new Bootstrap icons (see 23.1.20241111 pre-release)
Tracker: desktop version uses now a nextmatch list for comments
Calendar: new preference for changing resource status when event is moved
Calendar: when opening calendar as infolog, event participants (user accounts) are copied to infolog responsible
Projectmanager: Add a config setting to choose which project statuses we include for link search
Mail: if Sieve editheader extension is available forward with a From header matching the recipient to avoid SPF and DKIM problems/misalignment (need to be enabled in Dovecot)

All apps: new icons based on Bootstrap icons
All apps: new "fancy" theme, which can be enabled in user general preferences
Admin: allow to mark users as hidden, to show them only to admins e.g. to hide functional users from regular users
Status, Addressbook: preference to use first letters of username for avatar instead of initials
Addressbook: show username for accounts as a column in the list too
Addressbook: change title and role to 128 characters
Mail: explicitly allow data-uris of arbitrary length for images (were shown as red questionmark, when longer then 800 chars)
Mail: fix Sieve editor considers mail body rules wrongly as unconditional, if there are more than one rule
All apps: fix private custom-fields were shown independent of entry type-filter, if user was allowed to see the field
EPL/Mail/SpamTitan: allow admins to white- or blacklist for all users / whole domain

Mail: fix not working drag-n-drop and context menu und lazy-loaded 2nd mail account

PHP Security Update to 8.3.12
All apps: limit number of loaded links to 20 and offering to load more, if more are available
All apps: allow longer sharing-path up to 1024 chars (instead of just 255), which also limited Collabora editing
Admin: bulk action together with a selected group and select all was not working / complaining about nothing selected
Admin: trying to create a global category with a parent gave a validation error
Calendar: differ between private events and only having free/busy-rights by showing "busy" instead of "private" as title
Mail: remove content of script and style tags from displayed html mail
Mail: fix wrong badge (with number of unread mails) when using empty Trash or Spam folder
ActiveDirectory: allow to disable VLV controls, if your AD has problems with it AND can return all users in a single query
Filemanager: fix not being able to become superuser
Kanban: copying of boards did not copy swinlanes
All apps: updated translations from our translation server
CalDAV/CardDAV: .well-known redirects were always http (deb/rpm update of egroupware-nginx.conf)

Admin: allow to show groups by container: e.g. LDAP DN or arbitrary part of name found by a regular expression
Admin: Add bulk changes as a context menu action for user list
Admin/all apps: custom-fields can now specify tabs they are displayed in (instead of one standard tab)
Mail/Filemanager: admin can allow users to store a password to pass to mail- and file-servers in case they use (password-less) SingleSignOn
Mail: new reply with attachments (answer to mail incl. all attachments)
Mail: show s/mime signed/encrypted icons in mail display popup (verification is only shown in preview!)
Mail: make sure to create a valid Message-ID header, even if SERVER_NAME is set to "_"
Mail: fix broken PDF attachments which were quoted-printable encoded
Mail/Calendar: improved display of meeting requests: what's changed, single recurrence or whole series, display and enter comment when accepting/rejecting a request
Calendar: fix conflict check to take into account that whole-day (floating) events start and end by definition in all timezones at midnight
Calendar: ask user to apply changes in series master to already created exceptions
Calendar: allow to create recurring events with explicit recurrences
CalDAV: fixed all-day events from Thunderbird with timezone were one day longer
Calendar/Resources/CalDAV: fix not reported privileges for resources causing resource calendars to appear readonly in CalDAV clients
eSync/Calendar: new preference how many days to sync back, if client specifies no limit / all, default is 365
Notifications: fix wrong condition leading to infinite recursion (causing timeout) and high database load
LDAP/Import: fix not imported memberships of groups in LDAP not using their gidNumber, because it is already used as uidNumber / user
LDAP/ActiveDirectory Sync: permanently store DN+entryUUID and use the latter to detect renamed user or accounts
LDAP/AD: automatic retry, if connection to LDAP server was lost
InfoLog/REST API: attributes "progress" and "percentComplete" were NOT parsed when creating or updating entries
All apps/REST API: fix custom-fields of type "date-time" to be stored timezone aware, if no format is specified
Api/Auth/OpenIDConnect: allow to specify which JWT payload attribute to use and a regular expression to extract username from it
Kanban: Add listen & change for swimlanes
ViDoTeach: push changes to start-page including material list with summery
ViDoTeach: record when disclaimer was agreed to incl. requiring existing participants to agree, if a disclaimer is added later
EPL: fix not working symlinks in merge-stream-wrapper e.g. /templates
All apps: admin can now upload a web-font to use in EGroupware independent of what the user selected for his browser
All apps: replaced tree and context menu with Shoelace widgets
Mail: No longer mark high priority mail with a red bar
General: Update PHP to 8.3.11
Admin/all apps: new custom field types
Many translations
Extended release notes

THIS IS A SECURITY UPDATE: thanks to Christian Zaeske from SySS GmbH and Hochschule Magdeburg-Stendal, please update ASAP
Mail: fix broken PDF attachments which were quoted-printable encoded
Mail: do not stall (quick-)preview on mails without text-part e.g. PDF only
Mail: allow to edit/fix mail account if no session password is available e.g. SAML or OpenID Connect SSO login
Filemanager: automatic shorten too long filenames and replace 4-byte utf-8 characters, which gave an error when trying to store VFS
Calendar: fix editing recurring events of type RDATE/explicit dates
Calendar: fix generating/importing exceptions on recurring events using explicit RDATEs instead of a RRULE
CalDAV/CardDAV/REST API: fix not working limited result
eSync: fix whole-day events were one day longer (shifted by timezone difference)
eSync/Mail/Calendar: limit request for all mail and events to 1 year back, instead of previous 178 or 100 days
eSyncPro/EPL: fix provisioning loop cause by wrong timezone conversation
Calendar/eSync/EPL: better cope with Android bug reporting always 1st of current month as cutoffdate, if a policy is given: use setting of default policy instead
Resources: fix category-name not shown in edit, if user has no edit rights to the resources
Resources: fix editing on mobile devices gave a template error
ProjectManager: if sorting element-list by start, end, budget, time or quantity: consider both varieties, but prefer the requested one
InfoLog: now fully supported by REST API
Many translations
Extended release notes

Notifications: fixed deleting and grouping of popup notifications by app-name and -id and show full total independent of max. 100 shown entries
Notifications: if deleting all (visible) messages, directly return the next junk, to ease cleaning them up
Notifications: configurable number of days (default 30), after which older notifications get automatic deleted
Api: Fix list updates while app was hidden were not all shown when switching back to the app
Api: Fix removing email tag did not properly update display
Mail: fix forwarding and reply to mail with just a PDF or image was showing it and not opening a compose window
Mail: fix list of Sieve rules was not scrollable
Mail: configurable limit to exclude attachments from automatic saving as drafts, default is no limit / attachments are always saved in drafts
Mail: revert to use first and second part of full rfc822 mail address outside angle brackets as first and last name
Addressbook/Mail: new value "Hide groups without email" for preference "Hide user groups as distribution list"
Calendar/CalDAV: do not allow to resurrect a deleted meeting by accepting it again via CalDAV or meeting-request from mail app
Tracker: Fix mailhandling for a specific queue did not use correct queue ACL
Tracker: Fix export would fail for certain filter combinations
Registration: allow to customize confirmation mail
InfoLog: config to handle status "archive" as unchangeable (or only changeable by an admin)
eSync: fix for messages with no text body e.g. just a PDF or an image, returns empty body with attachment(s)
eSync: fix syncing forwarded and replied flags to client incl. push using highestmodseq, if supported by IMAP server
eSync: only first to address was shown / send to client
eSync: fix inline forward with attachment(s) and smartForward (e.g. GMail client) was broken
EPL eSyncPro: fix not working buttons in policy add or edit
AD/LDAP Import: import could potentially deactivate or delete users if the connection to LDAP server failed
AD Import: import was not correctly taking into account primaryGroup of users
EPL: backups in S3 could not be renamed or downloaded via WebDAV (direct download from backup worked)
EPL/CTI: fix typo incom(m)ing causing custom configuration to not identify incoming calls correctly
Many translations
Extended release notes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Releases: EGroupware/egroupware

23.1.20250307

23.1.20250113

23.1.20241214

23.1.20241128

23.1.20241111

23.1.20241008

23.1.20240930

23.1.20240905

23.1.20240624

23.1.20240430