Articles with the tag:
Browse all tags
Close
Changelog
Close
Try in the cloud
Try in the cloud
Help Center
Control Panel
Search

Protect data using encryption

Control Panel v3.5 ONLYOFFICE Control Panel changelog
Open in new window

Version 3.5

Release date: 03/14/2023

General

  • Changed API methods for migration, implemented progressQueue.
  • Changed settings for connecting third-party storages. Added tooltips for fields. Added the 'Server Side Encryption Method' block for Amazon AWS S3.
  • Added logos for dark theme in the Branding section. Logos for the About page are now separate fields in the Advanced tab.
  • Added the ability to set the portal memory quota.

Version 3.1.1

Release date: 08/08/2022

General

  • Fixed issue with file indexing.
  • Fixed elasticsearch container errors when updating ONLYOFFICE Groups.
  • Fixed issue with brand logos after updating in the Docker installation.
  • Fixed texts and layout for the Migration feature.

Version 3.1

Release date: 05/25/2022

General

  • Added the Data Import page that allows to import data from Nextcloud, ownCloud and GoogleWorkspace to ONLYOFFICE Workspace.
  • Moved Elasticsearch to a separate container.
  • Fixed bugs.

Version 3.0

Release date: 06/07/2021

Update

  • License agreement dialog when installing docker components added.
  • The inactive button with an action for uninstalled components (downloading and installing the available version) fixed.

Search

  • Indexing progress display added.

LoginHistory and AuditTrail

  • New empty screens added.

Restore

  • New checks when restoring data from a local or a 3rd party storage.

SSO

  • SSOAuth was removed from Control Panel. It's now available as a portal setting in Community Server.

General improvements and bug fixes

  • Bugs 47721, 49101, 49187, 49273, 49272, 49324, 46386, 49585 from the internal bugtracker fixed.
  • 3rd party licenses and copyright updated.

Version 2.9.1

Release date: 12/10/2020

Bug fixes

  • Bug Fixes & Performance Improvements.

Version 2.9

Release date: 10/14/2020

General

  • Control Panel is available in the free Community version with all settings excepting the editors logo replacement;
  • Added the vsyscall check to the installation scripts when installing Mail Server on Debian with kernel 4.18.0 and later;
  • Redesign of the navigation menu: added Common and Portal settings sections, added icons to menu items;
  • Added the advanced rebranding page in the Common Settings;
  • Added the possibility to reindex the full-text search;
  • Updated node.js, updated packages (transition to samlify for SSO);
  • Added the Encryption at rest block in the Storage section;
  • Added the Private Room section for the server version only;
  • Added the upgrade page with a proposal to upgrade to Enterprise Edition;
  • Added the activate page with a possibility to upload a license file;
  • Added the HideAuthPage option to the SSO settings to hide the authorization page. When the HideAuthPage option is enabled, an automatic redirect from the authorization page to the SSO service will occur.

LDAP

  • Added the Sign in to domain option on the authorization page.

Single Sign-on

  • Transition to the new samlify library;
  • Added the HideAuthPage option to the SSO settings to hide the authorization page. When the HideAuthPage option is enabled, an automatic redirect from the authorization page to the SSO service will occur.

Version 2.7

Release date: 04/25/2019

LDAP

  • Added more fields mapped for the users loaded via LDAP: user photo, birthday, contacts, primary phone number;
  • Added the setting to autosync LDAP on schedule;
  • Added the possibility to give administrator rights to the user group at the portal via LDAP;
  • Updated the rules for LDAP users.

Version 2.5.1

Release date: 04/07/2018

LDAP

  • Fixed the Server internal error error when using the groups enclosed inside each other in the AD (bug #37414).

Single Sign-on

  • Fixed the issue when the user data between the Service Provider and the portal was transferred via HTTP only, even when HTTPS was enabled.

Version 2.4.0

Release date: 01/13/2018

Single Sign-on

  • Fixed the Invalid ssoConfig error which occurred when the link to the IdP contained the question mark '?', e.g.: IdP Single Sign-On Endpoint URL: https://accounts.google.com/o/saml2/idp?idpid=777777;
  • Fixed the Invalid authentication token error which prevented from adding a user to the portal using the AD FS, in case the + or - characters were present when sending the encrypted data.

Version 2.3.0

Release date: 12/15/2017

General

  • Added the changelog for Control Panel and link to it;
  • Fixed the bug when JWT parameters were not sent when updating Document Server(bug #36270);
  • Fixed the bug when Audit Trail heading was present at the login history page (bug #36026);
  • The current machine is now checked for being linked with the domain name for multiple portals.

LDAP

  • Fixed the bug with the LDAP Domain not found error which occurred if the DN record had no DC records (the users with Sun/Oracle DS were affected); now if the LDAP domain could not be specified, the LDAP domain will acquire the unknown value or the ldap.domain value from the web.appsettings.config configuration file;
  • Fixed the bug with the Sizelimit Exceeded error when trying to get more than 1000 users from the Active Directory;
  • Increased the login speed with the Group Membership setting enabled;
  • Added additional logging;
  • Fixed the bug with LDAP operation hanging when using Mono v5.2.0 and older;
  • Fixed the bug with the error when trying to login using the email address entered in the fields different from the Mail Attribute;
  • Fixed the bug occurring in the enclosed groups, when the users were displayed not in all groups.

Version 2.2.0

Release date: 10/31/2017

General

  • Added the documentserver-prepare4shutdown.sh script launch when updating the document-server for the correct edited document saving.

LDAP

  • Dramatically changed LDAP integration, migrated to the single library for the work with LDAP (Novell.Directory.Ldap.NETStandard, Nuget, MIT);
  • Login and email are now split into two separate fields;
  • Added the support for big data;
  • Increased the work speed via the LDAP protocol (the connection to the server and receiving the data is now made once per session, added the limits when only a certain number of results is necessary, fixed the slow login for bit data, removed the sorting out used to find the SID parameter);
  • Fixed the user re-creation issue;
  • Fixed the duplicate username issue;
  • Fixed the already existing email issue;
  • Replaced the LDAP user deletion with account deactivation (for further data migration and data safety);
  • Instead of re-creating a user with an unknown SID but an existing email the data is updated;
  • Added the attempt to save the correct UserName/Login in case a similar one is already taken on the portal.

Single Sign-on

  • Added the AD FS support;
  • Replaced the Single Sign-on link at the authorization page with the customizable button, added the button customization to the SSO setting of the Control Panel.

Version 2.1.0

Release date: 07/03/2017

HTTPS

  • Added the support of letsencrypt service for the domain certificate generation.

Single Sign-on

  • Added the new sso.auth service;
  • Added the new SSO settings page;
  • Added the support for Shibboleth.

Version 2.0.0

Release date: 05/25/2017

General

  • The Control Panel migrated from MVC to Node.js.

Version 1.6.0

Release date: 12/05/2016

LDAP

  • Added LDAP synchronization for users and groups when saving the settings, after login and using the Sync button;
  • Changed email formation for LDAP users;
  • Fixed the problem of creation of users with invalid emails;
  • Fixed the problem of duplicate users;
  • Added icons and hints to the users in the list for the admin;
  • Blocked for editing the user profile fields imported using LDAP;
  • Added the real LDAP password saving to the database during login in case LDAP Auth is disabled, now the LDAP users will become common portal users when LDAP Auth is disabled;
  • Added new API Settings method - Sync LDAP;
  • Added new translations;
  • Bug fixes.

Version for Windows

  • Made changes at the Update page for the Control Panel for Windows;
  • Updates are performed using the downloaded installation packages for each module.
  • The current installed component version numbers are obtained via API request to the Community Server.
  • The new versions available for download are obtained via the request to the https://download.onlyoffice.com/install/windows/updates.txt file, where all the latest component version numbers and links for their download are stored in the JSON format.

Introduction

The Encrypt data at rest feature provided by the Control Panel allows you to ensure the security of sensitive data on your portal.

Encryption is a reversible conversion of information in order to maintain the confidentiality of the data stored on disk. Thus, even if intruders managed to gain access to the data stored on the hard disk, they will not be able to read it, since it is encrypted.

Encryption is based on a Encrypt-then-MAC type of encryption (AES-256-CBC + HMAC-SHA256) of the entire body of data within the ONLYOFFICE instance and is compliant with AES-256 international data encryption standard. AES-256 encryption type with CipherMode.CBC symmetric algorithm are used for enciphering the data on the portal, while SHA256 hashing function paired with HMAC message authentication code screening verify the integrity and the authenticity of the encrypted data.

This feature is available only for server versions.

Prepare for the encryption process

Before starting the encryption procedure, you must perform some preliminary steps.

  1. Manually stop the services that make changes to the files stored on disk.

    For Docker (within the CommunityServer container):

    systemctl stop onlyofficeMail*
systemctl stop onlyofficeThumbnailBuilder.service

    For Linux:

    sudo service onlyofficeMail* stop
sudo service onlyofficeThumbnailBuilder stop

    For Windows:

    Go to Control Panel -> Administrative Tools -> Services and stop the following services: ONLYOFFICE Mail Watchdog, ONLYOFFICE Mail Imap, ONLYOFFICE Mail Cleaner, ONLYOFFICE Mail Aggregator, ONLYOFFICE Thumbnail Builder. To do that, right click the service and choose Stop.

  2. Sign in to your portal and click the Control Panel icon on the Start Page. Alternatively, you can go to the portal Settings and select the Control Panel link on the left-side panel.
  3. Switch to the Backup section and backup data.
  4. Disable the Automatic Data Backup feature.
  5. Select the Local storage option for both Connect storage for static data and Connect storage as CDN.
    The Encrypt data at rest feature works only with local storage.
  6. Make sure there is enough space on your hard drive.

After the preliminary preparations are ready, you can proceed to the next step.

Encrypt storage

  1. Switch to the Storage section in the Control Panel.
  2. Check the Notify users that the portal will be unavailable checkbox to notify all active users via email when the encryption process starts.
    Upon the successful completion of the encryption process, all active users will also receive email notifications. If an error occurs during the encryption process, then all administrators (regardless of the Notify users option) will receive email notifications of the unsuccessful encryption process.
  3. Click the Encrypt storage button and then OK to launch the encryption process.

The time required to complete the procedure depends on the data volume. All portals will be unavailable during the encryption process. As soon as the encryption is over, the portal data will be available for work.

Encrypt storage Encrypt storage
When encryption is enabled, a newly created backup copy of the data archive will contain decrypted files. When such a copy is restored, the files will be encrypted on the disk again.

You will also need to manually start the services that make changes to the files stored on disk.

For Docker (within the CommunityServer container):

systemctl start onlyofficeMailAggregator.service
systemctl start onlyofficeMailCleaner.service
systemctl start onlyofficeMailImap.service
systemctl start onlyofficeMailWatchdog.service
systemctl start onlyofficeThumbnailBuilder.service

For Linux:

sudo service onlyofficeMailAggregator start
sudo service onlyofficeMailCleaner start
sudo service onlyofficeMailImap start
sudo service onlyofficeMailWatchdog start
sudo service onlyofficeThumbnailBuilder start

For Windows:

Go to Control Panel -> Administrative Tools -> Services and start the following services: ONLYOFFICE Mail Watchdog, ONLYOFFICE Mail Imap, ONLYOFFICE Mail Cleaner, ONLYOFFICE Mail Aggregator, ONLYOFFICE Thumbnail Builder. To do that, right click the service and choose Start.

Decrypt storage

To decrypt data on the portal,

  1. Manually stop the services that make changes to the files stored on disk as described above.
  2. Switch to the Storage section in the Control Panel.
  3. Check the Notify users that the portal will be unavailable checkbox to notify all active users via email when the decryption process starts.
    Upon the successful completion of the decryption process, all active users will also receive email notifications. If an error occurs during the decryption process, then all administrators (regardless of the Notify Users option) will receive email notifications of the unsuccessful decryption process.
  4. Click the Decrypt storage button and then OK to launch the decryption process.
    Decrypt storage Decrypt storage

The time required to complete the procedure depends on the data volume. All portals will be unavailable during the encryption process. As soon as the encryption is over, the portal data will be available for work.

You will also need to manually start the services that make changes to the files stored on disk as described above.

Download Host on your own server Available for
Docker, Windows and Linux
You Might Also Like This:
Close