FileSender 1.5-beta4 released, 25 July

On 25 July, Xander announced the availability of FileSender 1.5-beta4.  We expect this beta to be followed by a release candidate 1 (rc1) early September.  Please report any issues you find to the FileSender support mailinglist.

Xander’s announcement:

“Hi,

Summer finally arrived in the Netherlands and so we’re happy to announce
that FileSender 1.5-beta4 release is now available for download and in
the FileSender package repositories.

Version 1.5-beta4 is the 4th and last planned beta release for the
upcoming 1.5 version and contains mainly fixes based on the security
audit we had done and some other bugfixes found in the previous beta.
There are no new or changed features in this release.

We expect that this will be the last beta. During this cycle we will
(where needed) update the last few missing language definitions (those
of you who have contributed language files before will be contacted 😉
and prepare the documentation for the final release candidate. And of
course if you find something is broken in the current beta4 please let
us know.

When installing or upgrading be sure to read:

http://www.assembla.com/spaces/file_sender/wiki/Installation_notes_for_1-5_development_code

for installation and upgrade notes.

Download details are at:

http://www.assembla.com/spaces/file_sender/wiki/Release_1-5-beta4

The changes since 1.5-beta3 are:

– Security: make admin check more strict (#751)
– Security: Fixed reset of session cookie when switching to HTTPS
(#757)
– Security: Fixed 2 potential XSS vulnerabilities (#754)
– Security: always prevent caching of sensitive pages (#762)
– Security: add XSRF checks for POSTs and additional auth-checks
for GETs (#753)
– Security: add additional recommended PHP settings (#758)
– Fixes and improvements in language selection (#662, #745)
– Updated language definitions
– Disabled HTML5 capability for Opera (#527)
– Improvements on handling and reporting of missing required SAML
attributes (#628)
– Bugfixes in mail error-handling (#713)
– Improved  Help text (en_AU only) (#650, #651)
– Removed HTML5URL configuration setting (merged into Help text)
(#744)
– Various small bug fixes (#691, #731, #742, #794)

As usual many thanks to all contributors to this release!

On behalf of the FileSender team,

Xander”

Thanks Xander, Wendy and Chris for the efforts put in the beta4 release!

Summer student working on standard usage reporting module

UNINETT has engaged a summer student, Vegard Polden, to work on a standard usage reporting module for FileSender.  We target this module to become part of the standard FileSender code base.  It should be ready in a usable form before the end of August.

It will feature an overview page with various standard graphs reporting over standard time periods.  Through the configuration file you will be able to indicate which graphs are of interest for your install, and whether they are public or for admins-only.  Should Vegard have enough time, we may be able to add an additional “formulate your own query” interface.  And for those of us who have to report numbers at the end of the year, it’ll show those.

The design includes a poller/anonimiser taking log entries from the FileSender log table, anonimising them and putting them in a usage statistics table.  This setup might in the future be leveraged to aggregate and compare statistics of various sites.  That would make it easier to judge the relative impact of new FileSender features and would help us guide our development effort.

You can track the progress on https://filesenderstats.uninett.no/.  Please note this is a development machine and its contents change continuously.  If you have feedback please share it on the filesender-dev@filesender.org mailinglist.

Status version 1.5, 29 June 2012: beta-4 planned

In May the planned code security audit of the 1.5 code was executed, the report delivered to us in the last week of May.  Xander, Chris and myself went through it in detail and last week discussed the various recommendations.  There are some details we need to improve on but overall the report was a positive result; no major structural issues were found. I dare say we’ve learned from the previous audits and have become better at producing secure code.  Thanks Chris and Xander 🙂  We’re currently discussing with the security auditing firm whether we can publish the report.  Should you want to receive a copy drop me an email.

We have now planned the next step towards the 1.5 release and we decided we do need a beta-4 mainly to address a a number of the recommendations from the security audit.  We expect this beta-4 to be released around the 25th of July.  We also expect this to be the last beta in the 1.5 release cycle.

Report from FileSender Usability and Interaction Design Review

A report was recently presented to the FileSender core development team arising from a usability and interaction design review of the FileSender 1.5-beta1 release, conducted by members of the User Experience team in eSolutions at Monash University in Australia. This report, as well as the user scenarios document used during the review, are now available for download from the Monash University User Experience Review wikipage. On that page we also list several of the recommendations made by this review that have already been at least partially addressed during 1.5 development. This is just one of several Reviews and prototypes which have been / are planned to be conducted!

FileSender 1.1.1 released on May 31!

May 31st Xander announced the availability of the FileSender 1.1 release to the filesender-dev list.  You should apply this upgrade soon (before FF 13 comes out) if you want your FireFox users to remain able to use your FileSender installation!

Xander’s announcement is as follows:  We’re happy to announce that FileSender 1.1.1 release is now available for download and in the FileSender package and svn repositories.

Version 1.1.1 is a maintenance and bugfix release and contains two important fixes:

  1. The upcoming FireFox 13 (planned for june 5th next week) has changed the way the HTML5 uploads are done. Version 1.1.1 can handle this changed method (and of course also the old method used with FF 12 and lower). *Not* upgrading will mean that uploads with FF13 will break.
  2. With 1.1 it was (under some, non-default circumstances) possible thata normal user was given acces to the administrator view. This has beenfixed in 1.1.1.We therefore recommend that you upgrade to 1.1.1 as soon as possible(preferable before june 5th). If, for whatever reason, a normal upgradeis not possible you should at least get the following two files from the distribution files (tar.gz or zip) and install them:  www/js/fs_html5.js  classes/AuthSaml.php

Download details for FileSender 1.1.1 are at  http://www.assembla.com/spaces/file_sender/wiki/Download
For those of you using the Debian or RPM package repositories:

  • 1.1.1 packages are as of now available in both the stable and testing repositories.
  • As of now 1.0.1 (using the deprecated Gears method) is only available in the ‘oldstable’ repositories.

On behalf of the FileSender team,

Xander”

Thanks Xander!

FileSender 1.5-beta3 available!

On May 15, Xander Jansen announced the availability of the 3rd beta of our upcoming version 1.5. Please help us by field testing it!  If you discover any issues, please report them to our support mailinglist.

This week Xander, Guido and myself are gathered at the 2012 TERENA conference.  We’ll discuss further planning of the 1.5 release, taking into consideration the security audit report we expect to receive tomorrow.  Most likely there will be a beta4.

Xander’s announcement:

“We’re happy to announce that FileSender 1.5-beta3 release is now available for download and in the FileSender package repositories.

Version 1.5-beta3 is the third beta release for the upcoming 1.5 version and contains mostly what we refer to as “cosmetic fixes” regarding the user interface, user feedback and error reporting and logging.

Be sure to read:

http://www.assembla.com/spaces/file_sender/wiki/Installation_notes_for_1-5_development_code

for installation and upgrade notes.

Download details are at:

 http://www.assembla.com/spaces/file_sender/wiki/Release_1-5-beta3

Changes since 1.5-beta2:

  • HTML5 upload support for the upcoming FireFox 13.
  • Improvements in the User Interface.
  • Improved user feedback and error reporting
  • Improved server side logging.
  • Various small bug fixes and enhancements.

Changed features:

  • Option to securely wipe (shred) expired files in the daily cron job.
  • Separate text definitions for ‘logon’ button and title of the landing page.
  • The configured ‘Site Name’ is now used on the landing page.

As usual many thanks to all contributors to this release for their patches, comments and translations! Please keep them coming!

On behalf of the FileSender team,

Xander”

Thanks Xander!

Status FileSender 1.5, 26 april 2012

Yesterday FileSender 1.5-beta2 was released.  We believe  to have fixed all backend issues: those with an impact on the database, program flow or I/O pathways.

From hereon I estimate it will take 2 additional betas before we are ready for releasing.  Our path towards the 1.5 release is:

  • beta-3 is planned as a “fixed date release” for May 15th and will contain mostly what we refer to as “cosmetic fixes”.  Crucially important for the user experience, but less of an upgrade impact for sysadmins.  We’ll knock off open tickets labeled “1.5-beta3” until the 7th of May, after which the workflow-test cycle is run, changesets are merged into the right spot of the code tree and the release is ready on May 15.  Remaining issues will be scheduled for beta4.
  • the external code security auditis planned to be executed between 9-11 May, with the report expected around 18 May.  An external security audit is part of our release status and life cycle policy: despite our attention for security we do have blind spots.  The external security audit is there to make sure FileSender does not have any “basic” security issues.  Based on this report we can schedule beta-4.
  • beta-4 is a tentative beta, depending on the results of beta-3 and the security audit.
  • the first release candidate RC1 is the rebrand of the last beta.  There is a period of at least 1 week between release candidate and the “final release”.  We use this week for final quality assurance and wrap-up of documentation details.

Please check the Release Schedule for details and up-to-date planning.