Thru Server 9.7.0 Release Notes January 5 2018
Added Portuguese and Russian languages to UI
Portuguese and Russian languages are added to Thru Portal User interface
Restrict File Types on upload in the portal
Site administrators can set restrictions on file types allowed for upload in the portal or in a dropbox feature. Setting allows file type selection by inclusion or exclusion as shown below:
Upload screens display allowed or blocked file types:
API to store LAN locations in the cloud
REST and SOAP API calls are added to manage a list of LAN locations associated with the names, see API documentation for details. The functionality is used by Thru Outlook add-in in email archiving function to store LAN archive locations and can be used in integrations to store LAN locations associated with the tags for any purpose.
Widget My Documents which points to subfolder My Documents of user’s home folder is replaced by the widget My Files which points to user home folder. Change is made since My Documents folder is not created by default any longer when user is provisioned.
Dropbox URL parameters
To set a subject of the email on Dropbox URL both parameter names subjectemail and subject are supported.
· Forgot Password operation is allowed every N minutes, setting in in administration section
· password reset links expire in K hours, setting is defined in administration section. Default value : 8. The setting also defines expiration of password setup links sent to a new user when a user is created.
· next password reset request invalidates previous request.
Integration of Thru Web email with external address book for Chrome and Firefox via CORS security mechanism
Article on CORS requirements which specifies requirements for external address book developers:
Section: Requests with credentials
According to CORS specification the following logic should be implemented in the address book application called from Thru Web email:
In Request headers from the client connection application should read the header Origin, example :
In Response headers application should return the headers:
Access-Control-Allow-Origin: https://site.thruinc.com - should match the origin header
Other security fixes
· cross-site scripting vulnerability in Thru web email
· If a user is created by SSO, administrator should not be able to modify user data
· minor security fixes discovered by Qualys runs
Compatibility with the services
Required minimum versions of Thru services:
· Thru FTP Service – 2.0.37
· Thru SFTP Service – 2.2.0
· Thru Purge Service – 1.12