We’re pleased to announce the latest updates to SpamExperts Hosted Cloud and Local Cloud. In this update, we have a large language update, are continuing to increase security, and have several bug fixes.
We’ve updated the language used across the app to be more inclusive. In particular, where you would have seen “blacklist” previously, you’ll now see “blocklist”, and where you would have seen “whitelist” you will see “allow list”. As part of this change, we have generally improved the quality of language used in these areas of the application.
We have also refreshed the translations for Spanish, Italian, and Norwegian. We have refreshes planned for more languages soon, and will be adjusting the cadence of the translation updates to better reflect usage across all clusters.
Security: changes to outdated pages
In order to maintain the security of the app, we’re removing some old and unused functionality. These changes will be included in the November 16th release.
- Old training pages. The old training pages (one for spam, and one for non-spam) were replaced a while ago with the new single page. The old pages were still accessible via bookmarks, a customised dashboard link, or directly entering the URL. They will now redirect to the new page. The new page has all of the functionality of the old pages.
- Old archive search page. This page was only accessible via bookmarks, a customised dashboard link, or directly entering the URL. It will now redirect to the incoming archive search page. The new page has significantly more functionality than the old one – but very advanced searches within message content, and searches across both incoming and outgoing mail, are no longer possible; our analytics indicate that these were almost never used in practice.
- Old destinations page. This page was only accessible via bookmarks, a customised dashboard link, or directly entering the URL. It will now redirect to the new page, which has all of the functionality of the old one.
- Actions in the old log search page. We know that for very specialised cases the old log search is still preferred, and we will not remove it until we have enhanced the new page to be better than the old page in every circumstance. However, we have made some adjustments to some actions on the old page: the “view”, “remove and report as spam”, “redeliver”, and “download” actions will take the user to the selected message on the new page, where the action can be performed – ie. you can still search using the old page, but some actions need to be executed from the new page.
- Actions in the old queue search page. As with the log search, we know that for some specialised cases this page is still preferred, and so we will also not remove this page until the new page completely satisfies all needs. However, we have again had to adjust some actions – “view”, and “delete and report as spam” – to take you to the selected message on the new page, where the action can be performed.
We will be dropping support for TLS 1.0 and TLS 1.1, and some older TLS ciphers, for IMAP connections to the quarantine, in the November 30th release. If you only access the quarantine through the app or reports, this change will have no impact. All modern devices support using TLS 1.2 or 1.3 for connections.
This update resolves the following issues:
- #3144. Issues queueing messages for the quarantine and archive have been resolved.
- #1802. On clusters with a large number of outgoing identities, the “customise action” menu would not properly load; this has been resolved.
- #3259, #163. Fixed issues with TLS certificate updates, particularly Lets Encrypt renewals.
- #3279. Adjust database configuration to reduce the likelihood of table crashes from a MariaDB bug.
- #1852. Fix an issue where changing filters in an existing search in the app would lead to errors.
- #3237. Fix processing email messages with a specific type of bad encoding.
- #1887. Restored the “quick select” for main class filters in the log search.
- #1936. Fixed a small number of missing translations in Japanese.
- #3348, #173. Fixed an issue with the subject links in Protection Reports having the wrong hostname on clusters that have the “Protection Report role” different than the main API server.
- #1943. Removed a navigation page (“Dashboard report templates”) that was wrongly exposed.
- #1944. We now prevent transferring admins in a way that would create a loop.
This update also includes the following improvements:
- When attempting to use newer pages in the app over an insecure connection, the error message now explains that HTTPS should be used. Note that in an upcoming release we will be removing the ability to require HTTPS (making it always required).
- #3260. Minor adjustments to the updater to decrease the downtime period when there are network issues.
- #1884. The user’s email address is now available in custom HTML snippets.
- #1896. Improved the speed of the “retry delivery from queue” action, particularly on clusters with large numbers of domains.
- #3330. In the Email Scout Report action page, the action menu now logically orders the available actions.
- #1930. Updated the geolocation database used for the “last logged in from” functionality.