Hello everyone,
we have released a new maintenance and security relaease 26.6.20260616 and maintenance release 26.6.20260619.
Release notes:
26.6.20260616
- THIS IS A SECURITY and maintenance RELEASE, everyone is encouraged to update to it ASAP
- TinyMCE: updated to latest version 8.6.0 because of multiple high level XSS vulnerabilities
- Addressbook: fix REST/JSON contact creation always using personal addressbook
- AiTools: allow to define prompts to run on specific triggers: entry added, updated or delete beside on context-menu
- AiTools: allow multiple tool calls (up to 5) per prompt e.g. to first search for a contact before creating it
- Api: fix categories from a linked application entry were missing when inserting into document
- Api: fix changing actions on nextmatch lost the copy/paste actions
- Calendar: fix handling for Exchange 2010 timezones
- Calendar: creating an exception with more than 20 (max matches preference) participants truncated the participants in the series
- Infolog: fix mobile template, so firefox can also render it
- Kdots: prevent closing a CRM tab from removing all addressbook javascript
- KnowledgeBase: needs manual update/pull, to be able to edit articles!
- Mail: fix horizontal view to also show items correctly
- Mail: enforce attachment size limit and switch to download link when exceeded; add config for attachment size limit
- Mail: marking a mail as read or unread (e.g. open it in preview) no longer requests a server response
- Mail: fix reply/forward status icon was missing
- Mail: enhance search to use OR (default), AND, + or - to combine search patterns, thanks to Gabriele from ATSrl
- OpenAPI/REST-API: new configuration which operationIds to (not) show and number of matches for searches/list-requests e.g. for OpenWebUI
- RAG: close session while searching, so a slow or unresponsive Embedding does not block the user session
- Timesheet: new âbillableâŠâ pseudo filter showing all entries not invoiced or marked as not-to-invoice
- Timesheet: create status ânot to invoiceâ and âinvoicedâ for use with Invoices app
- Invoices: create invoice from selected timesheets, infologs or tickets, (linked) timesheets get added as positions and set to invoiced
- LDAP/ADS: fix PHP 8.5 error: LDAP value must be of type string|int|bool, float given (stalling Univention installation)
- EPL: export whole (or parts of) VFS to a S3 bucket using the actual names/path
26.6.20260619
- Api/TinyMCE: fixed not usable editor in some places due to zero height
- Calendar/ActiveSync: fix stalled sync caused by Calendar using now DateTime objects instead of timestamps
- Calendar/CalDAV: fix stalled sync caused by Calendar using now DateTime objects instead of timestamps
- Calendar: External calendar subscription can now optionally force events blocking or non-blocking
- Mail: fix inline images lost (did not live as CID) through save as draft
- PHP: replace PHP 8.4 syntax stalling installation in PHP 8.2 and 8.3
This Maintenance update is provided via Docker container.
If you have problems with this update, you can easily revert to the previous version:
Manual (container) update/downgrade in a Docker installation
Manuelles (Container)-Update/Downgrade in einer Docker-Installation
- THIS IS A SECURITY and maintenance RELEASE, everyone is encouraged to update to it ASAP
This update is also a security update!
Please be sure to check whether the automatic update worked, or trigger it manually if necessary or desired.
You can find the version here:
https://help.egroupware.org/t/where-can-i-find-the-egroupware-version-number/79853
- TinyMCE: updated to latest version 8.6.0 because of multiple high level XSS vulnerabilities
The (HTML) text editor used in EGroupware (for emails, HTML fields, etc.) required a security update.
As a result, a significantly newer version of the TinyMCE editor is now in use. The appearance has changed slightly and a few functions have been removed by the TinyMCE developers (image cropping, etc.).
The configuration of the displayed functions should be checked and adapted to the organisations requirements. At the very least, the following should be set as defaults or even enforced:
- AiTools: allow to define prompts to run on specific triggers: entry added, updated or delete beside on context-menu
- AiTools: allow multiple tool calls (up to 5) per prompt e.g. to first search for a contact before creating it
This is a very long list of possible features!
- KnowledgeBase: needs manual update/pull, to be able to edit articles!
If the knowledge base is being used, it must be pulled again. The changes are not included in the container update!
https://github.com/EGroupware/egroupware/wiki/Running-own-apps-in-standard-Docker-installation#old-deprecated-apps-wiki-knowledgebase-
- Mail: enforce attachment size limit and switch to download link when exceeded; add config for attachment size limit
A configuration option has been added to set a size limit for attachments:
If the limit is exceeded, the system will switch to a download link when composing an email and notify the user accordingly:
This parameter should be adjusted to match the mail server settings.
Please note: File size is not the same as the size of an email attachment!
Rule of thumb:
Message size: ~ original file size Ă 1.37 + approx. 1 KB (header overhead)
The size set must be correspondingly smaller. Test it!
- Mail: marking a mail as read or unread (e.g. open it in preview) no longer requests a server response
Marking an email as read or unread (via the preview, icon or context menu) no longer waits for a response from the mail server. The change is now displayed immediately in the mail client. This makes the mail client âfasterâ.
- Mail: enhance search to use OR (default), AND, + or - to combine search patterns, thanks to Gabriele from ATSrl
The search function has been expanded so that the operators OR (default), AND, + or - can now be used to combine search patterns.
This enhancement was suggested by user ATSrl. Many thanks, Gabriele!
- Timesheet: new âbillableâŠâ pseudo filter showing all entries not invoiced or marked as not-to-invoice
A new filter has been added:
You can now filter entries that are still to be invoiced or that are not to be invoiced.
- EPL Invoices: create invoice from selected timesheets, InfoLogs or tickets, (linked) timesheets get added as positions and set to invoiced
It is now possible to include timesheets, InfoLogs or tickets as position in invoices for further processing.
- EPL: export whole (or parts of) VFS to a S3 bucket using the actual names/path
It is now possible to export the database (file manager), including file names and storage paths, to an S3 bucket.
This feature is not intended as a backup solution.
The data is stored unencrypted.
The âstandardâ S3 functions are intended for backups to (external) S3 buckets.
- Calendar: External calendar subscription can now optionally force events blocking or non-blocking
It is now possible to specify for subscribed calendars whether the calendar should be set to ânon-blockingâ, âblockingâ, or whether the dates from the subscribed calendar should (continue to) apply.
The update information is collected in the following topic
https://help.egroupware.org/t/new-features-preferences-or-other-important-things-since-release-of-egroupware-26/79581
in reverse chronological order.
Please follow us, give us likes or stars: 
Kind regards
Your EGroupware team
