Release notes for Mividas Meeting Portal.
[2.10.3] - 2025-01-23
Added
- Add support to attach extra iCal-file using advanced meeting type-setting
{"attach_extra_ical_file": true}
- Add support to force auto lock of calls by using advanced meeting type-setting
{"enable_auto_lock_call": "force"}
- Add support to override sender email address if organizer is included in attendee-list by using advanced meeting type-setting
{"override_organizer_self_email": "[email protected]"}
- Add support to search video users to add as invites (set global setting to enable)
- Extract names and email addresses from pasted invite users
Fixed
- Fix scheduling webinars if moderator pin has been disabled
- Fix text of support-button in mobile version
- Fix change password-link if local accounts are disabled
- Display 404-error if trying to remove dialout multiple times
- Ignore settings for forcing pin codes for existing VMRs
- Override disabled moderator PIN for Pexip webinars
- Return error message if trying to schedule meeting in existing VMR without selecting one
- Display unbook-button on Outlook meeting details view when Outlook meeting removal is enabled
- Fix recurring rule format for Outlook meetings to be able to move the first occurrence without effecting the whole series
- Display error message when search requests fails
- Disable changing e-mail address if using SAML/LDAP for authentication
- Fix using cached data for some account-related settings to improve performance
- Handle validation errors due to invalid encoding of e-mail addresses
Security
- Disable changing e-mail address if using SAML/LDAP for authentication
- Upgrade requests and pydantic, patch django-rest-framework
- Related CVEs: CVE-2024-3772, CVE-2024-35195, CVE-2024-21520
Changed
- Set max length of meeting title input
- Send invite iCal-file as top level alternative
- Increase cache timeout for outlook views
- Validate that PIN codes are the same length for Pexip meetings
- Pre-fill organizer email address as moderator for secure meeting
- Include installation domain name in manifest filename
- Decrease cache duration for meeting type settings to 10 seconds
- Collect more information to audit log
- Validate that the same PIN code has not been set for both VMR moderator- and guest access method
- Allow unbooking meetings from Outlook using POST-request if policy blocks DELETE-request
- Display ID, sent time and send errors in meeting invite lists for troubleshooting
Deprecations
- Portal v2.10.x will be the last versions supporting advanced Outlook mode using dialogs
[2.10.2] - 2024-10-04
Fixed
- Fix manually specifying SAML claim names using uri-syntax - e.g. http://schemas.microsoft.com....
- Fix saving outlook-settings if having license for secure meetings but no enabled meeting types
- Fix sending cancellation notification for meetings in static VMRs
- Redirect to previous occurrence when removing invitations from recurring meetings
- Display moderator invite message for meetings in static VMRs, if enabled
- Fix resending invitation emails when the first occurrence of a meeting series is cancelled
- Update API-request for sending SMS with Brevo (previously sendinblue)
- Resync recurring meeting series to extend upper provisioning date for long series
- Stop logging errors during cancellation for SMS-based invites
- Hide button to add new static VMRs in case that the user does not have a user in the MCU
- Fix compatibility for downloadable iCal-file
- Fix Outlook-status for meeting scheduled using advanced mode using dialog
- Fix some translations and issues with whitespace detection since browser-updates
- Display moderator connection details for webinars if no PIN-code was excplititly set by user
Changed
- Use role as fallback SAML claim name if none is provided
- Log result of sending SMS-messages
- Log name specified in invite for secure meetings using SMS-invites
- Require users to visit VMR details before seeing the connection-button for all roles
- Disable scheduling meetings in existing VMRs belonging to separate tenants
[2.10.1] - 2024-07-01
Fixed
- Fix rescheduling ended recurring meetings
- Fixed selecting meeting types in Outlook settings if secure meetings license is not enabled
- Fix SSO-login in Outlook-addin when local accounts are enabled
- Fix inviting participant step in wizard for webinars
- Fix availability API-request for recurring meetings with more than 15 instances
- Fix populating PIN-codes from static VMR since Core API-connection
Changed
- Log if LDAP bind or filter calls takes over 1s for troubleshooting
- Include extra ACS-url with trailing slash in SAML metadata to prepare for future change
[2.9.6] - 2024-07-01
Fixed
- Fix rescheduling ended recurring meetings
- Fix login form in backend admin if both SAML and local accounts are enabled
- Fix cache expiry for SAML metadata
- Fix SSO-login in Outlook-addin when local accounts are enabled
Changed
- Log if LDAP bind or filter calls takes over 1s for troubleshooting
- Include extra ACS-url with trailing slash in SAML metadata to prepare for future change
[2.10.0] - 2024-05-29
Added
- Search and filtering support in meeting list
- New meeting type for external meetings, eg. scheduling dialouts to a zoom meeting
- Support for searching meeting based on dialouts
- Availability checking for automatic dialout
- New list view of users' meeting rooms
- More options for user meeting rooms, layout, only member access and microphone mute for new participants
- Create/remove support for users meeting rooms
- Added support for creating copies of existing meetings
- Add/remove members support for users meeting rooms
- Support for managing other users meetings, requires license flag
- Schedule static meetings in Core, and add support for dialouts
Global settings
- Enable/disable advanced invitations
- Force dialout availability validation
- Enable/disable searching for meetings based on dialout
Meeting room settings
- Enable/disable requirement of meeting room guest and moderator PIN code
Outlook add-in settings
- Menu based add-in settings
- Enable/disable smart events
- Default meeting types for secure and static meeting scheduling
Fixed
- Javascript fixes for IE 11
- Fixes for popups opening in main window
Changed
- All-around translation updates
- Better error handling in scheduling forms
- Improved email base template
- Improved invitation forms in scheduling wizard
- Improved automatic dialout form
- Allow more style attributes in invitation message
[2.9.5] - 2024-05-29
Added
- Add support for regular user LDAP filter using new separate field in Installer
Fixed
- Fix SRV-lookup for LDAP servers
- Add custom LDAP relation fields from Installer to user query
- Remove redundant data from LDAP error messages
- Only display SAML SSO login on start page when local accounts are enabled in Installer
- Dont strip sip: or CMS/Pexip desktop protocols in email content
Changed
- Increase session expiration to 7 days when using SAML SSO in combination with LDAP
- Change header in backend admin
- Improve cache for remote SAML-metadata. Enable HTTP(s)-proxy
- Allow rescheduling recurring meetings ended more than a couple of hours ago
[2.9.4] - 2024-03-28
Recommended platform versions (at time of release):
- Mividas Installer v1.8.5
- Mividas Core: v3.1.4
- Mividas Connect/Identify: v1.0.x
- Mividas Outlook add-in v2.0.2+
Added
- Pass meeting settings about forced moderator PIN-code to outlook addin
- Add support to remove existing invitations
- Add support to adding H323- and E.164 dialouts
Fixed
- Fix second action button in wizard, e.g. "Add another"
- Fix unbooking single occurrence outside of weekly rule
- Display public title for secure meetings in sidebar calendar
- Fix adding dialouts for recurring secure meetings
- Use secure meeting invite message from backend admin in Outlook add-in
- Fix overriding meeting title in iCal-file for recurring instances
- Fix clearing unbooked recurring overrides from Outlook calendar
- Fix wizard-steps when using advanced/dialog mode for Outlook add-in
- Fix detection of re-used secure meeting invites and normalize identification number
- Fix initial layout mode if overridden in meeting type settings
- Handle error if visiting invalid meeting url
- Fix generation of SMS code with at least one digit for iPhone-support. Replace hard to distinguish characters
- Fix restoring recurring meeting instance that had previously been removed
- Detect and merge renamed LDAP-users using objectGUID
- Fix redacting meeting invites
- Fix enable preset for dialout-flag for meeting types in new installations
- Fix content-type for outgoing secure meeting API json-requests
- Display correct end time for separate occurrences when rescheduling recurring meeting series
- Fix initial layout selection when using advanced settings for meeting-type
- Don't prefill invitation-field with organizer email address if already invited
- Send extra cancellations for separate events of recurring series to remove events from outlook
- Fix display of call id for meetings scheduled in static Cisco Meeting Server VMRs
- Display moderator pin-form if only guest-PIN has been forced using advanced settings
- Fix public meeting titles for secure meetings if changing from single title to separated titles
- Fix normalization of digits and dashes for swedish personal number
- Fix Pexip "Control meeting"-button if using specific webapp-version in Core
- Fix displaying secure meeting invites for recurring meetings with overrided first occurrence
- Fix changing title of meeting if secure meeting settings has been changed from having separate title enabled to not enabled
- Allow login with SAML-responses that are missing NameID (Note that SLO is unavailable)
Security
- Upgrade libncursesw6, libpq-dev, libpq5, libtinfo6, ncurses-base, ncurses-bin, Django, setuptools, cryptography
- Related CVEs: CVE-2021-39537, CVE-2023-29491, CVE-2023-5869, CVE-2023-46695, CVE-2022-40897
Changed
- Use invite text from flatblock for secure meetings scheduled using Outlook add-in
- Sort multiple meetings on the same day using start- and stop time in sidebar calendar
- Allow more CSS-styles in invite text, update base email template
- Log errors when sending emails
- Use dialog when removing dialouts from meeting
- Log secure meeting invite-actions
- Use empty title by default in wizard, focus text input on page load
- Remove unused "single use"-checkbox from SMS-code invites
- Try at most 3 LDAP-servers from SRV-lookup. Sort by priority
- Log if LDAPS is configured but only _ldap._tcp SRV pointers are available
- Don't resend SMS-invite for changed meetings within 48h unless the recipient has already opened and read the time information
- Delay sending invite emails for 45 seconds after booking meeting
- Log more information about resolved LDAP-servers to syslog
- Upgrade some javascript dependencies and packaging runtime
- Don't send email when someone accepts invitation from Portal, except if advanced setting
send_open_meeting_notification
is set - Pre-provision recurring meetings up to 12 months from now and/or 120 meetings from today
- Rebook single instance by default when opening dialog
[2.9.3] - 2023-11-01
Recommended platform versions (at time of release):
- Mividas Core: v3.1.4
- Mividas Connect/Identify: v1.0.x
- Mividas Outlook add-in v2.0.2+
Added
- Ask if meeting should be cancelled if wizard is aborted
- Add support for SAML metadata
/saml/metadata/
and SLO front channel flow - Add support for SAML signing certificates
- Add support to specify admin permission claims for SAML in future version of Installer
- Add support for dialog based Outlook add-in scheduling when using desktop client with IE11 engine
Fixed
- Use correct timezone when selecting day of week when updating meeting
- Use correct timezone when calculating active days in sidebar calendar
- Fix updating dialouts for recurring series using other occurrence than the first scheduled one
- Display backend admin link in mobile
- Hide test meeting in mobile version if not enabled
- Use current locale in sidebar calendar
- Allow logging in as admin with- or without domain (if allowed by LDAP filter)
- Handle timeout when fetching static meeting rooms in dialog
- Fix race condition where single occurrence overrides for meeting series was not reflected in Core until the next modification
- Don't show recording options when not supported by backend
- Transpile some more vendor libraries for better IE11 (embedded Outlook) support
- Lower delay for initial healthcheck to speed up deployment
- Fix SMS phone number-validation if using eID as secure meeting authentication
Security
- Upgrade Pillow, certifi, cryptography
- Related CVEs: CVE-2023-4863, CVE-2023-37920, CVE-2023-38325
Changed
- Clearer meeting serie information in meeting details view
- Display year of meeting and occurrence
[2.9.2] - 2023-07-11
Recommended platform versions (at time of release):
- Mividas Core: v3.0.1+ / v3.1.2+
- Mividas Connect/Identify: v1.0.x
Added
- Add support for menu-based Outlook add-in
Fixed
- Fix redacting name from secure meeting log
- Fix removing default meeting type
Security
- Fix potential elevated privilege issue when an admin user with a logged in Outlook-session delegates full mailbox delegation access to a non-admin user in Exchange
- Lower session expiration value
- Validate- and auto-logout if LDAP-user has been disabled or removed after login
- Upgrade cryptography, django, sqlparse
- Related CVEs: CVE-2023-31047, CVE-2023-30608, CVE-2023-36053
Changed
- Send both moderator- and guest PIN-codes when changing static VMR-settings to allow empty PIN-code and single operation toggle of activated PIN
[2.9.1] - 2023-04-28
Recommended platform versions (at time of release):
- Mividas Core: v3.0.1+ / v3.1.0+
- Mividas Connect/Identify: v1.0.x
Note: To keep "Test meeting" visible in the user interface, you have to set relevant SIP- and/or WebRTC-address in Theme settings > Support settings > Test calls
Added
- Add support to modify email template header (e.g. to remove invite subject) from outgoing emails in Backend admin > Flat blocks > Text Content >
invite_email.content
Fixed
- Fix issue in error reporting where the system tried to contact Mividas-servers to report the number of exceptions that was not sent, due to that error reporting was disabled
- Fix selecting day before today when updating recurring meeting series
- Remove invalid authentication type from help text
- Fix disabling default meeting type
- User interface fixes if scheduled recordings are enabled in preparation for next version
Changed
- Hide fields from backend admin not applicable for secure meeting types
- Change input tag-type for layout selector for better WCAG-compatibility
[2.9.1-rc1] - 2023-03-30
Recommended platform versions (at time of release):
- Mividas Core: v3.0.1+ / v3.1.0+
- Mividas Connect/Identify: v1.0.0
Added
- Add theme option for setting URL for WebRTC test call, and default test call SIP-address
- Include if requested meeting belongs to a recurring meeting in the API response
- Add support to automatically delete old meetings (advanced setting
{"remove_meetings": "7 01:02:03"}
for custom time length) - Add support to automatically redact meeting invite data (advanced setting
{"redact_invites": "7 01:02:03"}
for custom time length) - Add support to automatically delete secure meeting authentication logs (input number of days in the user interface, or advanced setting
{"redact_log": "7 01:02:03"}
for custom time length) - Add support to specify custom duration before hiding secure meeting authentication logs (advanced setting
{"redact_log": "7 01:02:03"}
) - Helper API for importing existing meetings into Portal
- Basic support for Synergy Manage
Fixed
- Fix unbooking recurring series from Outlook add-in
- Allow updating user video address when using SAML in combination with LDAP
- Fix moderator suffix sometimes being added twice to iCal calendar items
- Fix matching recurring occurrence using EWS item ID
- Increase iCal change counter for every standalone occurrence
- Fix error message in schedule static meeting room form if no rooms are available
- Fix delay for changing PIN for secure meetings without unique addresses
Security
- Better sanitation of invite HTML content before displaying to users
- Upgrade django, certifi, cryptography, pyopenssl, sentry-sdk, urllib3
- Related CVEs: CVE-2022-41323 CVE-2023-23969 CVE-2023-24580 CVE-2022-45198 CVE-2022-45199 CVE-2023-28117
Changed
- Bundle MicrosoftAjax.js for better Outlook compatibility in air-gapped environments
- Allow setting staff-flag if LDAP user is member of dn-nested child group to configured group dn
- Fix static meeting room list-view layout if no static meeting rooms are available
- Send the number of invited participants to Core for future support to display counters
- Validate email address format (e.g. copy-pasted lists) for invited participants. Extract name of users if included and include in outgoing email
[2.9.0] - 2023-01-27
Recommended platform versions (at time of release):
- Mividas Core: v3.0.0
- Mividas Connect/Identify: v1.0.0
Added
- Add support for scheduling meetings in static meeting rooms (if enabled in Core > Backend Admin > Scheduling Portal API key-settings)
- Add support to schedule secure meetings from Outlook
- Add support for scheduling recurring meetings
- Support for weekly rule and custom occasions/overrides.
- Missing: reschedule/override "this and future events"
- Add support to pass service account name that will always be added to Outlook invites
- Add French translation
- Add support for scheduling secure
- Add support to match secure meeting-invite to email address if configured as verified in Connect/Identify SAML-settings
- Send separate moderator email for meetings scheduled in Outlook without extended authentication
Fixed
- Better reschedule error handling
- Fixes for wizard-based Outlook scheduling:
- Workaround office-js bug #2437 effecting on premise Exchange-installation caused by wrong casing of folder name
- Workaround office-js bug #1286 effecting on premise Exchange-installation
Security
-
Upgrade django, pydantic, django-ninja, pillow, pytz, pysaml2
-
Related CVEs:
-
Validate image file name in theme image fields
Changed
- Encrypt secure meeting authentication log data
- Include at least one digit in SMS code to fix iPhone code-matching
[2.8.10] - 2022-09-06
Fixed
- Re-package office-js files - fixes problems with Outlook SSO authentication
[2.8.9] - 2022-07-05
Fixed
- Keep language cookie after browser close
Changed
- Enable secure flag for session cookies
- Increase SAML allowed clock skew to 15 seconds
- Open support links in new window
- Display cancel meeting in dialog
- Change the label text on the support ticket-button
[2.8.8] - 2022-05-31
Note: For LDAP login, TLS verification is forced by default when LDAPS/SSL connection is not enabled. Make sure to install any custom CA or disable TLS verification.
Added
- Add more logging for Connect API requests
- Display more information for unhandled error when using admin login
Fixed
- Keep language cookie after browser close
Changed
- Enable secure flag for session cookies
- Increase SAML allowed clock skew to 15 seconds
- Open support links in new window
- Display cancel meeting in dialog
- Change label on ticket button
[2.9.0-beta3] - 2022-08-24
Fixed
- Hide cancelled meetings from incoming secure meeting list
- Redirect meeting login to Connect for meetings that have Portal login disabled
- Fix opening meeting details when not logged in
- Fix meeting PIN change when using Core without support for separate access methods
- Fix webinar user registration
- Fix pre-set authentication method for guest participant
- Fix scheduling meeting with only one enbled guest participant authentication method
- Fix meeting start time for scheduling wizard if using different timezones in Outlook vs Portal
- Fix meeting start time when using Outlook with IE11 web engine
- Increase API timeout to Core
- Better default language detection
Changed
- Enable secure flag for session cookies
- Increase SAML allowed clock skew to 15 seconds
- Open support links in new window
[2.8.8] - 2022-05-31
Note: For LDAP login, TLS verification is forced by default when LDAPS/SSL connection is not enabled.?Make sure to install any custom CA or disable TLS verification.
Added
- Add support to set SAML metadata XML offline in Installer, without using autoconfiguration URL
- Add support to use external redis server
- Add support to set moderator password from Outlook add-in
- Add support to follow ldap referrals
Fixed
- Fix moderator PIN code copy for static meeting rooms
- Fix moderator SIP uri in meeting details
- Fix flatblock search in backend admin
- Fix formatting of dialout system directory search
- Fix updating PIN-code for static meeting rooms
- Don't close login wizard when using dialout from address book search
Security
- Upgrade django, openssl, libssl1.1
- Related CVEs: CVE-2022-28346, CVE-2022-28347, CVE-2022-0778
Changed
- Add help text for canceling meeting + cancel link
- Lookup LDAP servers alternatives using SRV query
- Always try to start TLS connection to ldap server when not using SSL/LDAPS
- Set default timeout for API requests, log errors
- Don't prefill user email address in invite form when using Outlook add-in
[2.9.0-beta2] - 2022-05-31
Added:
- Add support to set SAML metadata XML offline in Installer, without using autoconfiguration URL
- Add support to use external redis server
- Add support to set moderator password from Outlook add-in
- Add support to follow ldap referrals
Added, secure meeting:
- Add new SSO authentication variant that only allows SSO from Connect
- Add new SSO authentication variant that allows all SSO/eID login in Connect
- Add support to toggle if moderators and participants should have separate agendas
- Add support to toggle if "send using other program" should be visible
- Add support to override organizer email address for specific secure meeting types
- Add support to override labels of authentication variants
Fixed:
- Increase max length of SMS invite text
- Fix moderator iCal file-download
- Use correct location field for secure moderator iCal-requests
- Fix wizard step count for webinars if meeting type has been modified
- Fix update of secure meeting
- Don't display meeting invites in sidebar for cancelled meetings
- Use secure meeting login url as both iCal location and description for organizer
- Fix meeting callback for Outlook add-in running on mac desktop
- Don't close wizard when adding dialout from address book search
Security
- Upgrade openssl, libssl1.1
- Related CVEs: CVE-2022-28347, CVE-2022-0778
Changed:
- Treat SAML and LDAP email field as verified to connect to static meeting rooms
- Bypass join meeting-lobby when connecting to secure CMS meeting
- Update meeting data after settings update
- Change name of session cookie
- Add help text for canceling meeting + cancel link
- Lookup LDAP servers alternatives using SRV query
- Always try to start TLS connection to ldap server when not using SSL/LDAPS
- Moderator invite text will always be generated if moderator status is set to Yes in backend admin, only if lobby pin checkbox is checked during scheduling if set to "Unknown"
- Sync meeting types on version upgrade
- Hide SMS tabs if no SMS provider has been configured
- Change default secure meeting auth types
- Display "cancel meeting" confirmation in dialog
- Limit console log output of personal authentication information
- Hide agenda information tab for secure meetings if agenda is not enabled in wizard
- Keep default meeting subject if no subject has been provided in Outlook add-in
[2.8.7] - 2022-05-03
Fixed
- Fix listing of personal video conference system if only using H323
Changed
- Allow 3 second time drift between servers for SAML authentication requests
- Don't display recording menu if customers recording provider does not support playback
- Add space between sip uri and web url in iCal location
[2.8.7-rc1] - 2022-04-22
Added
- Addressbook search from Mividas Rooms
- List users personal endpoints in dialout form for easier access
- Log SMTP errors
- Display more moderator connection details on meeting tab
Fixed
- Dialout to personal video conference system
- Fix missing translations
Security
- Stop accepting unsolicited SAML logins. NOTE: this breaks idP-initiated logins for now
- Upgrade libzma5 and gzip
- Related CVEs: CVE-2022-1271
Changed
- Populate user given name from SAML
- Include default SAML claim names from ADFS
- Increase log verbosity for ldap logins
- Join as moderator when pressing join-buttons as default
- Bundle all office.js-files for Outlook add-in for supporting airgapped environments
- Use Sent-By for meeting iCal-request for moderator to make invite show up again in some Outlook-versions
- Send iCal-request for meeting cancellations
- Redirect to login page and return after submit when trying to opening a protected URL__
[2.9.0-beta1] - 2022-03-02
Added:
- Support for end user authentication before joining meetings (separate license and Mividas Connect edge service is required)
- Add support to modify meeting templates from backend admin
- Add support to use static meeting rooms using user email address instead of MCU user object
- Add support to schedule all meeting types using Outlook plugin (v2)