RSS feed for all product releases
RSS feed for Mividas Meeting Portal only

[2026.2.0] - 2026-07-09

Note our new version numbering system:

[year].[feature release index - starting at 1].[bugfix release index - starting at 0]

Added

  • Add support to quickly toggle WCAG-compatible color scheme, add support to set color of dangerous actions
  • You can now choose how dates and times are displayed, in addition to your timezone. Pick from year-first (2024-04-02 19:00), day-first with slashes (02/04/2024 19:00) or dots (02.04.2024 19:00), or month-first 12-hour (04/02/2024 07:00 PM). The setting is available on the same page where you change your timezone and applies to dates shown throughout the portal.
  • Administrators can now restrict who is allowed to schedule meeting dialouts (auto-dial of endpoints when a meeting starts). Enable the new theme setting "Begränsa schemaläggning av uppringning till behöriga grupper" — when off (the default), dialout scheduling stays open to everyone; when on, only users in a group granted the book_dialout:write scope (which every authenticated user has by default until you revoke it) can schedule dialouts to external systems. Every user can always schedule dialouts to their own registered personal devices, regardless of the scope.
  • White glove operators no longer need full administrator (is_staff) rights. Administrators can grant the new whiteglove:write (or whiteglove:read) OAuth scope to a group, and any user in that group is allowed to schedule meetings on behalf of other users, list meetings across all accounts, and use white glove sections — without also gaining permission to change themes or other admin-only settings. Existing administrators (is_staff) continue to have white glove access as before.
  • Add explicit OAuth application group scope connection - see "Security"

Fixed

  • WCAG related accessibility improvements - header order, aria-labels, text- and border contrast
  • Enable OIDC support for OAuth applications using certificate instead of hashed secret

Security

  • Explicit group scopes are required for OAuth applications. Scopes are bounded to the lowest of the application and the authenticating users permissions or, in case of client credentials flow, the application owner permissions.
  • Lower access token expiration time to 1 hour

Changed

  • Date and time fields now use the browser's built-in date/time controls instead of a custom calendar popup, improving accessibility (WCAG), keyboard navigation and the experience on mobile devices. This applies to the booking form, recurring meeting settings and the meeting list filters.

[2.11.2] - 2026-07-09

Fixed

  • Fix skipping over the moderator invite step for meeting types with optional moderator pin-code
  • Fix secure meeting scheduling raising error on PIN-code when having set forced moderator PIN-code in Core
  • Fix rescheduling meeting series with only custom occurrences when moving the first meeting before the previous series start
  • Fix creating extra occurrence when rescheduling meeting series with only custom occurrences when moving the first meeting of the series
  • Fix client credential oauth flow (note: scopes are bounded to application owner scopes - next version will require explicit scopes to every application)
  • Fix changing input focus on search fields using tab-button
  • Stop splitting search input on ":"-key

Security

  • Fix client credential oauth flow (note: scopes are bounded to application owner scopes - next version will require explicit scopes to every application)
  • Enable OIDC support for OAuth applications using certificate instead of hashed secret
  • Lower access token expiration time to 1 hour

Changed

  • When an Outlook service account is configured it is now BCC'd on the first invite of each meeting

[2.11.1] - 2026-06-25

Fixed

  • WCAG - fix heading ordering, remove redundant header tag from logo, hide svg icons from screen readers
  • Fix links to meetings scheduled by other admins in white glove mode in search views
  • Fix repeating the same system multiple times in dialout history

Security

  • Upgrade Django, urllib3, Pillow, lxml, cryptography, libpq5, openssl/libssl3t64 and OS security packages

  • Related CVEs: CVE-2026-3902, CVE-2026-4878, CVE-2026-6473, CVE-2026-6477, CVE-2026-6478, CVE-2026-33034, CVE-2026-42311, CVE-2026-44431, CVE-2026-44432

  • Internal: The findings below are not reachable on our attack surface and are upgraded only as defense-in-depth: the openssl/krb5 library CVEs (TLS is terminated upstream by traefik, Kerberos is unused, and these libraries appear only on client-side/authenticated paths that standard TLS handshakes do not exercise); the lxml XXE/local-file-read (all XML input is parsed through defusedxml); the Pillow FITS decompression bomb (CVE-2026-40192, which only triggers on a full image decode — the upload paths only open and read dimensions, never decoding or resizing); the wheel CVE (a build-time tool, absent from the runtime image); and the PostgreSQL server-side CVE surfaced via the libpq client (the database is a separate, separately-patched component).

  • Internal - not reachable: CVE-2026-6638, CVE-2026-24049, CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31789, CVE-2026-40192, CVE-2026-40355, CVE-2026-40356, CVE-2026-41066, CVE-2026-45447

  • Mitigate Bootstrap 4 carousel XSS vulnerability (CVE-2024-6531) by removing the unused carousel component from the bundled JavaScript. This project was not affected by the CVE, as the carousel component was never used.

[2.11.0] - 2025-05-25

Added

  • Two new white glove/delegations modes:

    • Support for per user delegation request, adds "schedule as" choice in schedule dialog (requires separate license)
    • White glove tab support for admins to schedule for other users (requires separate license)
  • Support for scheduling hybrid cloud meetings (requires separate license)

    • Webex meeting / cloud only, with delegation support
    • Hybrid on-prem + Webex meeting
    • Secure Webex meetings with participant identification
  • Support to have generated meeting details separate from mail body in meeting invitations

  • Added clear text formatting toolbar button to invite wysiwyg

  • Checkbox to toggle DTMF for meeting dialouts

  • Send email for dialouts systems with connected room calendar mailbox

  • Send login webhook when using only SAML login

  • Add support to add additional participants with custom authentication method to secure meetings

  • Add support to set custom per user timezone for all visible times and dates

  • Configurable PIN code length with provider-enforced PIN requirements, including support for leading zeros

  • Custom meeting location override setting for calendar invitations

  • Webhook-based SMS provider for integration with external SMS gateways

  • LDAP directory search for the invite participant picker

  • HTML formatting support for delegation request and response emails

  • Support for selecting dialout role (guest or moderator) when adding dial-out participants

  • SMS verification code expiry with automatic resend and secure hashed storage, if enabled in secure meeting settings

  • Read-only admin API for audit logs

  • Help dialog for cloud mode selection explaining hybrid meeting options

  • Public preview of scoped user permissions (beta)

    • Please verify your particular use case before handing out restricted access!
    • Backend only - all UI elements remain visible but will trigger permission denied messages
    • Read/write, read-only, and admin permissions as an initial step
    • Restrict user permissions by setting scopes on Group from backend admin and adding members
    • Add OAuth/OIDC application support to create API users + tokens
  • Meeting type setting to send endpoint display name for dialouts - "send_endpoint_name": true

  • Backend support for adding meeting type scheduling external meetings without video URIs for system reservation only (requires external meeting license)

Outlook add-in

  • Outlook setting for hiding title field, will instead use the mail subject as title
  • Outlook setting to automatically send moderator details to the meeting owner
  • Outlook setting to have moderator list be toggled by checkbox
  • Support for hiding meeting type button on the portal start page (i.e. Outlook only)

Fixed

  • Better mobile support for meeting list

  • Clear systems in meeting list search

  • Invisible module header color in admin content area

  • Show saved notice when changing layout from meeting view

  • Fix scheduling webinar invites with signup requirements

  • Fix editing static meeting room invitation settings for VMRs without uri

  • Open join button for secure meetings in a new window to preserve portal session

  • Case-insensitive matching of SIP and H.323 URIs in dialout address book

  • Fix stored timezone for recurring meeting series when rescheduling across timezones

  • Fix account name and email not updating from SAML attributes when LDAP is disabled

  • Display all available secure meeting types in Outlook settings form

  • Stop including internal tracking reference code in "invite using other program" copy text

Security

  • HMAC-based authentication replaces cleartext API key transmission between Portal and Core

  • Upgrade Django to v4.2.29, Pillow, pyOpenSSL, and sqlparse

Changed

  • Upgrade Django and all dependencies
  • Upgrade frontend to use vue 3, including date field components and calendar
  • Upgrade tinymce, the wysiwyg editor used in all invitation dialogs
  • Send separate email to secure meeting moderators using sso as well, because it may be used for eID
  • Better button label for removing dialout
  • Better handling for all types of 500 server errors
  • Upgrade base Docker image to Debian Trixie

Removed

  • Outlook advanced mode / schedule using Portal as outlook dialog, now deprecated

Deprecations

  • Portal v2.11.x will be the last versions supporting history tab in dialout wizard

[2.10.5] - 2025-05-21

Added

  • Add function to force resending email invitations for meeting from backend admin
  • Add advanced meeting type flag force_separate_moderator_maybe_non_sso_auth_email: true to send separate outlook moderator invite when allowing all SSO- and eID auth types

Fixed

  • Fix format of some non-english translations that causes issues when trying to display warning that the license expires in less than 90 days
  • Fix login redirect when trying to access some pages without being logged in
  • Fix counter for number of steps when scheduling external meeting if dialout is enabled
  • Fix resyncing recurring meeting serie scheduled in Outlook where the first instance has been changed
  • Fix removing invitations using SMS as send method
  • Fix displaying layout choice for recurring series
  • Send email to moderators of secure meetings with valid accounts if using SMS- or eID login
  • Fix background color of inline headers in backend admin
  • Log meeting id to audit log after successful scheduling
  • Fix ordering of history results in dialout wizard

Changed

  • Include field name in wizard error message list
  • Block search engines from indexing page if exposed to public internet
  • Match secure meeting participant using email address to SSO-login for invites not requiring validated, pre-set, identification
  • Add reset-button when adding secure meeting invites, in case of validation error
  • Send additional webhook a few seconds after the first time a user logs in to allow faster provisioning
  • Add support to copy meeting type in backend admin using "Save as new"-button
  • Add buttons to remove formatting, and toggle underline from invite text message

[2.10.4] - 2025-04-04

Added

General

  • Add support to disable sending invites using email/sms for secure meeting types using advanced meeting type setting {"enable_send_email": false, "enable_send_sms": false}, with optional _participant and _moderator-suffix for isolated change for role

Outlook add-in

  • Pass full invitee list to Outlook to be able to preselect moderators after changing meeting

Fixed

  • Allow logging in as moderator for secure meetings using SSO where email claim is not configured as identification
  • Hide checkbox to override invitee name for secure meetings by default
  • Fix wizard steps for secure meetings if agenda is enabled but invite step is not
  • Fix handling of recurring meeting overrides during rescheduled series
  • Fix updating layout for recurring series
  • Stop displaying some scheduling errors twice

Outlook add-in

  • Change HTML structure of meeting tracking code that is used by Outlook to connect to a specific meeting instance, after Outlook has changed how it cleans the source and started to remove it
  • Fix syncing list of recipients when scheduling meetings from Outlook add-in
  • Fix duplicate invitee in list after changing a participant from moderator to regular participant from Outlook
  • Add CORS-file for better support for Windows desktop classic smart events-requests
  • Fix connecting invites to respective users account to be able to see meeting details in adding when invited

Security

  • Upgrade gunicorn
  • Related CVEs: CVE-2024-6827

Changed

  • Allow copying Outlook meetings
  • Change button label to "Impersonate" when taking over another user
  • Improve cache to decrease page load time for start page and static VMRs
  • Hide secure meeting type and external meeting by default if license is removed after installation
  • Display search icon in relevant fields in wizard
  • Change order of columns in participant list
  • Display more information about meeting and accounts for superusers in backend admin for troubleshooting purposes
  • Stop sending extra emails for old overrides when rescheduling long recurring series
  • Display warning about Outlook support when trying to schedule meetings using both recurring rule and custom overrides on the same day

[2.10.3] - 2025-01-23

Added

  • Add support to attach extra iCal-file using advanced meeting type-setting {"attach_extra_ical_file": true}
  • Add support to force auto lock of calls by using advanced meeting type-setting {"enable_auto_lock_call": "force"}
  • Add support to override sender email address if organizer is included in attendee-list by using advanced meeting type-setting {"override_organizer_self_email": "[email protected]"}
  • Add support to force override name of secure meeting invitee using advanced meeting type setting {"enable_override_invite_name": true}
  • Add support to search video users to add as invites (set global setting to enable)
  • Extract names and email addresses from pasted invite users

Fixed

  • Fix scheduling webinars if moderator pin has been disabled
  • Fix text of support-button in mobile version
  • Fix change password-link if local accounts are disabled
  • Display 404-error if trying to remove dialout multiple times
  • Ignore settings for forcing pin codes for existing VMRs
  • Override disabled moderator PIN for Pexip webinars
  • Return error message if trying to schedule meeting in existing VMR without selecting one
  • Display unbook-button on Outlook meeting details view when Outlook meeting removal is enabled
  • Fix recurring rule format for Outlook meetings to be able to move the first occurrence without effecting the whole series
  • Display error message when search requests fails
  • Disable changing e-mail address if using SAML/LDAP for authentication
  • Fix using cached data for some account-related settings to improve performance
  • Handle validation errors due to invalid encoding of e-mail addresses

Security

  • Disable changing e-mail address if using SAML/LDAP for authentication
  • Upgrade requests and pydantic, patch django-rest-framework
  • Related CVEs: CVE-2024-3772, CVE-2024-35195, CVE-2024-21520

Changed

  • Set max length of meeting title input
  • Send invite iCal-file as top level alternative
  • Increase cache timeout for outlook views
  • Validate that PIN codes are the same length for Pexip meetings
  • Pre-fill organizer email address as moderator for secure meeting
  • Include installation domain name in manifest filename
  • Decrease cache duration for meeting type settings to 10 seconds
  • Collect more information to audit log
  • Validate that the same PIN code has not been set for both VMR moderator- and guest access method
  • Allow unbooking meetings from Outlook using POST-request if policy blocks DELETE-request
  • Display ID, sent time and send errors in meeting invite lists for troubleshooting

Deprecations

  • Portal v2.10.x will be the last versions supporting advanced Outlook mode using dialogs

[2.10.2] - 2024-10-04

Fixed

  • Fix manually specifying SAML claim names using uri-syntax - e.g. http://schemas.microsoft.com....
  • Fix saving outlook-settings if having license for secure meetings but no enabled meeting types
  • Fix sending cancellation notification for meetings in static VMRs
  • Redirect to previous occurrence when removing invitations from recurring meetings
  • Display moderator invite message for meetings in static VMRs, if enabled
  • Fix resending invitation emails when the first occurrence of a meeting series is cancelled
  • Update API-request for sending SMS with Brevo (previously sendinblue)
  • Resync recurring meeting series to extend upper provisioning date for long series
  • Stop logging errors during cancellation for SMS-based invites
  • Hide button to add new static VMRs in case that the user does not have a user in the MCU
  • Fix compatibility for downloadable iCal-file
  • Fix Outlook-status for meeting scheduled using advanced mode using dialog
  • Fix some translations and issues with whitespace detection since browser-updates
  • Display moderator connection details for webinars if no PIN-code was excplititly set by user

Changed

  • Use role as fallback SAML claim name if none is provided
  • Log result of sending SMS-messages
  • Log name specified in invite for secure meetings using SMS-invites
  • Require users to visit VMR details before seeing the connection-button for all roles
  • Disable scheduling meetings in existing VMRs belonging to separate tenants

[2.10.1] - 2024-07-01

Fixed

  • Fix rescheduling ended recurring meetings
  • Fixed selecting meeting types in Outlook settings if secure meetings license is not enabled
  • Fix SSO-login in Outlook-add-in when local accounts are enabled
  • Fix inviting participant step in wizard for webinars
  • Fix availability API-request for recurring meetings with more than 15 instances
  • Fix populating PIN-codes from static VMR since Core API-connection

Changed

  • Log if LDAP bind or filter calls takes over 1s for troubleshooting
  • Include extra ACS-url with trailing slash in SAML metadata to prepare for future change

[2.9.6] - 2024-07-01

Fixed

  • Fix rescheduling ended recurring meetings
  • Fix login form in backend admin if both SAML and local accounts are enabled
  • Fix cache expiry for SAML metadata
  • Fix SSO-login in Outlook-add-in when local accounts are enabled

Changed

  • Log if LDAP bind or filter calls takes over 1s for troubleshooting
  • Include extra ACS-url with trailing slash in SAML metadata to prepare for future change

[2.10.0] - 2024-05-29

Added

  • Search and filtering support in meeting list
  • New meeting type for external meetings, eg. scheduling dialouts to a zoom meeting
  • Support for searching meeting based on dialouts
  • Availability checking for automatic dialout
  • New list view of users' meeting rooms
  • More options for user meeting rooms, layout, only member access and microphone mute for new participants
  • Create/remove support for users meeting rooms
  • Added support for creating copies of existing meetings
  • Add/remove members support for users meeting rooms
  • Support for managing other users meetings, requires license flag
  • Schedule static meetings in Core, and add support for dialouts

Global settings

  • Enable/disable advanced invitations
  • Force dialout availability validation
  • Enable/disable searching for meetings based on dialout

Meeting room settings

  • Enable/disable requirement of meeting room guest and moderator PIN code

Outlook add-in settings

  • Menu based add-in settings
  • Enable/disable smart events
  • Default meeting types for secure and static meeting scheduling

Fixed

  • Javascript fixes for IE 11
  • Fixes for popups opening in main window

Changed

  • All-around translation updates
  • Better error handling in scheduling forms
  • Improved email base template
  • Improved invitation forms in scheduling wizard
  • Improved automatic dialout form
  • Allow more style attributes in invitation message

[2.9.5] - 2024-05-29

Added

  • Add support for regular user LDAP filter using new separate field in Installer

Fixed

  • Fix SRV-lookup for LDAP servers
  • Add custom LDAP relation fields from Installer to user query
  • Remove redundant data from LDAP error messages
  • Only display SAML SSO login on start page when local accounts are enabled in Installer
  • Dont strip sip: or CMS/Pexip desktop protocols in email content

Changed

  • Increase session expiration to 7 days when using SAML SSO in combination with LDAP
  • Change header in backend admin
  • Improve cache for remote SAML-metadata. Enable HTTP(s)-proxy
  • Allow rescheduling recurring meetings ended more than a couple of hours ago

[2.9.4] - 2024-03-28

Recommended platform versions (at time of release):

  • Mividas Installer v1.8.5
  • Mividas Core: v3.1.4
  • Mividas Connect/Identify: v1.0.x
  • Mividas Outlook add-in v2.0.2+

Added

  • Pass meeting settings about forced moderator PIN-code to outlook add-in
  • Add support to remove existing invitations
  • Add support to adding H323- and E.164 dialouts

Fixed

  • Fix second action button in wizard, e.g. "Add another"
  • Fix unbooking single occurrence outside of weekly rule
  • Display public title for secure meetings in sidebar calendar
  • Fix adding dialouts for recurring secure meetings
  • Use secure meeting invite message from backend admin in Outlook add-in
  • Fix overriding meeting title in iCal-file for recurring instances
  • Fix clearing unbooked recurring overrides from Outlook calendar
  • Fix wizard-steps when using advanced/dialog mode for Outlook add-in
  • Fix detection of re-used secure meeting invites and normalize identification number
  • Fix initial layout mode if overridden in meeting type settings
  • Handle error if visiting invalid meeting url
  • Fix generation of SMS code with at least one digit for iPhone-support. Replace hard to distinguish characters
  • Fix restoring recurring meeting instance that had previously been removed
  • Detect and merge renamed LDAP-users using objectGUID
  • Fix redacting meeting invites
  • Fix enable preset for dialout-flag for meeting types in new installations
  • Fix content-type for outgoing secure meeting API json-requests
  • Display correct end time for separate occurrences when rescheduling recurring meeting series
  • Fix initial layout selection when using advanced settings for meeting-type
  • Don't prefill invitation-field with organizer email address if already invited
  • Send extra cancellations for separate events of recurring series to remove events from outlook
  • Fix display of call id for meetings scheduled in static Cisco Meeting Server VMRs
  • Display moderator pin-form if only guest-PIN has been forced using advanced settings
  • Fix public meeting titles for secure meetings if changing from single title to separated titles
  • Fix normalization of digits and dashes for swedish personal number
  • Fix Pexip "Control meeting"-button if using specific webapp-version in Core
  • Fix displaying secure meeting invites for recurring meetings with overrided first occurrence
  • Fix changing title of meeting if secure meeting settings has been changed from having separate title enabled to not enabled
  • Allow login with SAML-responses that are missing NameID (Note that SLO is unavailable)

Security

  • Upgrade libncursesw6, libpq-dev, libpq5, libtinfo6, ncurses-base, ncurses-bin, Django, setuptools, cryptography
  • Related CVEs: CVE-2021-39537, CVE-2023-29491, CVE-2023-5869, CVE-2023-46695, CVE-2022-40897

Changed

  • Use invite text from flatblock for secure meetings scheduled using Outlook add-in
  • Sort multiple meetings on the same day using start- and stop time in sidebar calendar
  • Allow more CSS-styles in invite text, update base email template
  • Log errors when sending emails
  • Use dialog when removing dialouts from meeting
  • Log secure meeting invite-actions
  • Use empty title by default in wizard, focus text input on page load
  • Remove unused "single use"-checkbox from SMS-code invites
  • Try at most 3 LDAP-servers from SRV-lookup. Sort by priority
  • Log if LDAPS is configured but only _ldap._tcp SRV pointers are available
  • Don't resend SMS-invite for changed meetings within 48h unless the recipient has already opened and read the time information
  • Delay sending invite emails for 45 seconds after booking meeting
  • Log more information about resolved LDAP-servers to syslog
  • Upgrade some javascript dependencies and packaging runtime
  • Don't send email when someone accepts invitation from Portal, except if advanced setting send_open_meeting_notification is set
  • Pre-provision recurring meetings up to 12 months from now and/or 120 meetings from today
  • Rebook single instance by default when opening dialog

[2.9.3] - 2023-11-01

Recommended platform versions (at time of release):

  • Mividas Core: v3.1.4
  • Mividas Connect/Identify: v1.0.x
  • Mividas Outlook add-in v2.0.2+

Added

  • Ask if meeting should be cancelled if wizard is aborted
  • Add support for SAML metadata /saml/metadata/ and SLO front channel flow
  • Add support for SAML signing certificates
  • Add support to specify admin permission claims for SAML in future version of Installer
  • Add support for dialog based Outlook add-in scheduling when using desktop client with IE11 engine

Fixed

  • Use correct timezone when selecting day of week when updating meeting
  • Use correct timezone when calculating active days in sidebar calendar
  • Fix updating dialouts for recurring series using other occurrence than the first scheduled one
  • Display backend admin link in mobile
  • Hide test meeting in mobile version if not enabled
  • Use current locale in sidebar calendar
  • Allow logging in as admin with- or without domain (if allowed by LDAP filter)
  • Handle timeout when fetching static meeting rooms in dialog
  • Fix race condition where single occurrence overrides for meeting series was not reflected in Core until the next modification
  • Don't show recording options when not supported by backend
  • Transpile some more vendor libraries for better IE11 (embedded Outlook) support
  • Lower delay for initial healthcheck to speed up deployment
  • Fix SMS phone number-validation if using eID as secure meeting authentication

Security

  • Upgrade Pillow, certifi, cryptography
  • Related CVEs: CVE-2023-4863, CVE-2023-37920, CVE-2023-38325

Changed

  • Clearer meeting serie information in meeting details view
  • Display year of meeting and occurrence

[2.9.2] - 2023-07-11

Recommended platform versions (at time of release):

  • Mividas Core: v3.0.1+ / v3.1.2+
  • Mividas Connect/Identify: v1.0.x

Added

  • Add support for menu-based Outlook add-in

Fixed

  • Fix redacting name from secure meeting log
  • Fix removing default meeting type

Security

  • Fix potential elevated privilege issue when an admin user with a logged in Outlook-session delegates full mailbox delegation access to a non-admin user in Exchange
  • Lower session expiration value
  • Validate- and auto-logout if LDAP-user has been disabled or removed after login
  • Upgrade cryptography, django, sqlparse
  • Related CVEs: CVE-2023-31047, CVE-2023-30608, CVE-2023-36053

Changed

  • Send both moderator- and guest PIN-codes when changing static VMR-settings to allow empty PIN-code and single operation toggle of activated PIN

[2.9.1] - 2023-04-28

Recommended platform versions (at time of release):

  • Mividas Core: v3.0.1+ / v3.1.0+
  • Mividas Connect/Identify: v1.0.x

Note: To keep "Test meeting" visible in the user interface, you have to set relevant SIP- and/or WebRTC-address in Theme settings > Support settings > Test calls

Added

  • Add theme option for setting URL for WebRTC test call, and default test call SIP-address
  • Include if requested meeting belongs to a recurring meeting in the API response
  • Add support to automatically delete old meetings (advanced setting {"remove_meetings": "7 01:02:03"} for custom time length)
  • Add support to automatically redact meeting invite data (advanced setting {"redact_invites": "7 01:02:03"} for custom time length)
  • Add support to automatically delete secure meeting authentication logs (input number of days in the user interface, or advanced setting {"redact_log": "7 01:02:03"} for custom time length)
  • Add support to specify custom duration before hiding secure meeting authentication logs (advanced setting {"redact_log": "7 01:02:03"})
  • Helper API for importing existing meetings into Portal
    • Basic support for Synergy Manage
  • Add support to modify email template header (e.g. to remove invite subject) from outgoing emails in Backend admin > Flat blocks > Text Content > invite_email.content

Fixed

  • Fix issue in error reporting where the system tried to contact Mividas-servers to report the number of exceptions that was not sent, due to that error reporting was disabled
  • Fix selecting day before today when updating recurring meeting series
  • Remove invalid authentication type from help text
  • Fix disabling default meeting type
  • User interface fixes if scheduled recordings are enabled in preparation for next version
  • Fix unbooking recurring series from Outlook add-in
  • Allow updating user video address when using SAML in combination with LDAP
  • Fix moderator suffix sometimes being added twice to iCal calendar items
  • Fix matching recurring occurrence using EWS item ID
  • Increase iCal change counter for every standalone occurrence
  • Fix error message in schedule static meeting room form if no rooms are available
  • Fix delay for changing PIN for secure meetings without unique addresses

Security

  • Better sanitation of invite HTML content before displaying to users
  • Upgrade django, certifi, cryptography, pyopenssl, sentry-sdk, urllib3
  • Related CVEs: CVE-2022-41323 CVE-2023-23969 CVE-2023-24580 CVE-2022-45198 CVE-2022-45199 CVE-2023-28117

Changed

  • Bundle MicrosoftAjax.js for better Outlook compatibility in air-gapped environments
  • Allow setting staff-flag if LDAP user is member of dn-nested child group to configured group dn
  • Fix static meeting room list-view layout if no static meeting rooms are available
  • Send the number of invited participants to Core for future support to display counters
  • Validate email address format (e.g. copy-pasted lists) for invited participants. Extract name of users if included and include in outgoing email
  • Hide fields from backend admin not applicable for secure meeting types
  • Change input tag-type for layout selector for better WCAG-compatibility

[2.9.0] - 2023-01-27

Recommended platform versions (at time of release):

  • Mividas Core: v3.0.0
  • Mividas Connect/Identify: v1.0.0

Added

  • Add support for scheduling meetings in static meeting rooms (if enabled in Core > Backend Admin > Scheduling Portal API key-settings)
  • Add support to schedule secure meetings from Outlook
  • Add support for scheduling recurring meetings
    • Support for weekly rule and custom occasions/overrides.
    • Missing: reschedule/override "this and future events"
  • Add support to pass service account name that will always be added to Outlook invites
  • Add French translation
  • Add support for scheduling secure
  • Add support to match secure meeting-invite to email address if configured as verified in Connect/Identify SAML-settings
  • Send separate moderator email for meetings scheduled in Outlook without extended authentication

Fixed

  • Better reschedule error handling
  • Fixes for wizard-based Outlook scheduling:
    • Workaround office-js bug #2437 effecting on premise Exchange-installation caused by wrong casing of folder name
    • Workaround office-js bug #1286 effecting on premise Exchange-installation

Security

  • Upgrade django, pydantic, django-ninja, pillow, pytz, pysaml2

  • Related CVEs:

  • Validate image file name in theme image fields

Changed

  • Encrypt secure meeting authentication log data
  • Include at least one digit in SMS code to fix iPhone code-matching

[2.8.10] - 2022-09-06

Fixed

  • Re-package office-js files - fixes problems with Outlook SSO authentication

[2.8.9] - 2022-07-05

Fixed

  • Keep language cookie after browser close

Changed

  • Enable secure flag for session cookies
  • Increase SAML allowed clock skew to 15 seconds
  • Open support links in new window
  • Display cancel meeting in dialog
  • Change the label text on the support ticket-button

[2.8.8] - 2022-05-31

Note: For LDAP login, TLS verification is forced by default when LDAPS/SSL connection is not enabled. Make sure to install any custom CA or disable TLS verification.

Added

  • Add more logging for Connect API requests
  • Display more information for unhandled error when using admin login

Fixed

  • Keep language cookie after browser close

Changed

  • Enable secure flag for session cookies
  • Increase SAML allowed clock skew to 15 seconds
  • Open support links in new window
  • Display cancel meeting in dialog
  • Change label on ticket button

[2.8.8] - 2022-05-31

Note: For LDAP login, TLS verification is forced by default when LDAPS/SSL connection is not enabled.?Make sure to install any custom CA or disable TLS verification.

Added

  • Add support to set SAML metadata XML offline in Installer, without using autoconfiguration URL
  • Add support to use external redis server
  • Add support to set moderator password from Outlook add-in
  • Add support to follow ldap referrals

Fixed

  • Fix moderator PIN code copy for static meeting rooms
  • Fix moderator SIP uri in meeting details
  • Fix flatblock search in backend admin
  • Fix formatting of dialout system directory search
  • Fix updating PIN-code for static meeting rooms
  • Don't close login wizard when using dialout from address book search

Security

  • Upgrade django, openssl, libssl1.1
  • Related CVEs: CVE-2022-28346, CVE-2022-28347, CVE-2022-0778

Changed

  • Add help text for canceling meeting + cancel link
  • Lookup LDAP servers alternatives using SRV query
  • Always try to start TLS connection to ldap server when not using SSL/LDAPS
  • Set default timeout for API requests, log errors
  • Don't prefill user email address in invite form when using Outlook add-in

[2.8.7] - 2022-05-03

Added

  • Addressbook search from Mividas Rooms
  • List users personal endpoints in dialout form for easier access
  • Log SMTP errors
  • Display more moderator connection details on meeting tab

Fixed

  • Dialout to personal video conference system
  • Fix missing translations
  • Fix listing of personal video conference system if only using H323

Security

  • Stop accepting unsolicited SAML logins. NOTE: this breaks idP-initiated logins for now
  • Upgrade libzma5 and gzip
  • Related CVEs: CVE-2022-1271

Changed

  • Populate user given name from SAML
  • Include default SAML claim names from ADFS
  • Increase log verbosity for ldap logins
  • Join as moderator when pressing join-buttons as default
  • Bundle all office.js-files for Outlook add-in for supporting airgapped environments
  • Use Sent-By for meeting iCal-request for moderator to make invite show up again in some Outlook-versions
  • Send iCal-request for meeting cancellations
  • Redirect to login page and return after submit when trying to opening a protected URL__
  • Allow 3 second time drift between servers for SAML authentication requests
  • Don't display recording menu if customers recording provider does not support playback
  • Add space between sip uri and web url in iCal location
On This Page
    © Mividas Video Solutions AB 2026