Seafile pro edition 6.3.5 is ready!


#1

This is a maintenance release with the following fixes:

  • [fix, security] Fix a security issue in Shibboleth authentication
  • [fix] Fix sometimes Web UI can’t load >100 items in a folder
  • [fix] Fix sending notification emails in backend node
  • Showing user’s name instead of email in web interface
  • [fix] Fix desktop client can’t login if using ADFS

There are also some new features

  • Add a new sharing link permission “can edit” for docx/excel (if online office is configured). Any login users can edit the file via share link.
  • [multi-tenancy] Support department and department owned library
  • Add system traffic statistics (show the daily web download/web upload/sync traffic)

#2

Thank you for considering shibboleth users !

I don’t understand the limitation to logged users.
If you want a registered user to edit the file, you just have to share the file to that user or his group.

I find it a little confusing between

  • smartlink,
  • share to user
  • and anonymous share (which in ths case did not require to login)
    now anomymous share link is not longer “anonymous” if you want to provide file editing.

#3

The reason behind this is because we want to log who edited the file.


#4

Hi,

Some (but not all) of our shibboelth users can not log in.

Seahub displays “Page unavailable”

seahub.log traces

2018-09-19 09:58:55,492 [ERROR] django.request:135 handle_uncaught_exception Internal Server Error: /
Traceback (most recent call last):
  File "seafile/seafile-pro-server-6.3.5/seahub/thirdpart/django/core/handlers/exception.py", line 41, in inner
    response = get_response(request)
  File "seafile/seafile-pro-server-6.3.5/seahub/thirdpart/django/core/handlers/base.py", line 249, in _legacy_get_response
    response = self._get_response(request)
  File "seafile/seafile-pro-server-6.3.5/seahub/thirdpart/django/core/handlers/base.py", line 187, in _get_response
    response = self.process_exception_by_middleware(e, request)
  File "seafile/seafile-pro-server-6.3.5/seahub/thirdpart/django/core/handlers/base.py", line 185, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "seafile/seafile-pro-server-6.3.5/seahub/seahub/auth/decorators.py", line 27, in _wrapped_view
    return view_func(request, *args, **kwargs)
  File "seafile/seafile-pro-server-6.3.5/seahub/seahub/base/decorators.py", line 40, in _decorated
    return func(request, *args, **kwargs)
  File "seafile/seafile-pro-server-6.3.5/seahub/seahub/views/__init__.py", line 737, in libraries
    'can_add_public_repo': request.user.permissions.can_add_public_repo(),
  File "seafile/seafile-pro-server-6.3.5/seahub/seahub/base/accounts.py", line 162, in can_add_public_repo
    elif get_enabled_role_permissions_by_role(self.user.role)['can_add_public_repo']:
KeyError: 'can_add_public_repo

Apache access log trace a weird 408 timout error during the transactions between shibd and seahub

XXX.XXX.XXX.XX - - [19/Sep/2018:11:59:13 +0200] "-" 408 152 "-" "-"

full apache access.log

Kit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
XXX.XXX.XXX.XX - - [19/Sep/2018:11:57:50 +0200] "GET /sso/?next=/ HTTP/1.1" 302 1232 "https://seafile.domain.fr/accounts/login/?next=/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
XXX.XXX.XXX.XX - - [19/Sep/2018:11:57:54 +0200] "GET /Shibboleth.sso/Login?SAMLDS=1&target=ss%3Amem%3A390b2d443e1977e39cdf4f59bcd32146ab8c434d6186271fe61ff79d5dcc4d15&entityID=https%3A%2F%2Fidp.domain.fr%2Fidp%2Fshibboleth HTTP/1.1" 302 1966 "https://discovery.renater.fr/renater/?entityID=https%3A%2F%2Fseafile.domain.fr&return=https%3A%2F%2Fseafile.domain.fr%2FShibboleth.sso%2FLogin%3FSAMLDS%3D1%26target%3Dss%253Amem%253A390b2d443e1977e39cdf4f59bcd32146ab8c434d6186271fe61ff79d5dcc4d15" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
XXX.XXX.XXX.XX - - [19/Sep/2018:11:58:53 +0200] "POST /Shibboleth.sso/SAML2/POST HTTP/1.1" 302 1116 "https://idp.domain.fr/idp/profile/SAML2/Redirect/SSO;jsessionid=485B6BA8F51051D4A4F14E72CC4B2105?execution=e1s2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
XXX.XXX.XXX.XX - user.@domain.fr.fr [19/Sep/2018:11:58:53 +0200] "GET /sso/?next=/ HTTP/1.1" 302 572 "https://idp.domain.fr/idp/profile/SAML2/Redirect/SSO;jsessionid=485B6BA8F51051D4A4F14E72CC4B2105?execution=e1s2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
XXX.XXX.XXX.XX - - [19/Sep/2018:11:58:53 +0200] "GET / HTTP/1.1" 302 371 "https://idp.domain.fr/idp/profile/SAML2/Redirect/SSO;jsessionid=485B6BA8F51051D4A4F14E72CC4B2105?execution=e1s2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
XXX.XXX.XXX.XX - - [19/Sep/2018:11:58:53 +0200] "GET /terms/accept/site-terms?returnTo=/ HTTP/1.1" 200 4598 "https://idp.domain.fr/idp/profile/SAML2/Redirect/SSO;jsessionid=485B6BA8F51051D4A4F14E72CC4B2105?execution=e1s2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
XXX.XXX.XXX.XX - - [19/Sep/2018:11:58:53 +0200] "GET /custom-css/ HTTP/1.1" 302 382 "https://seafile.domain.fr/terms/accept/site-terms?returnTo=/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
XXX.XXX.XXX.XX - - [19/Sep/2018:11:58:53 +0200] "GET /seafmedia/js/editormd/lib/marked.min.js HTTP/1.1" 200 6141 "https://seafile.domain.fr/terms/accept/site-terms?returnTo=/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
XXX.XXX.XXX.XX - - [19/Sep/2018:11:58:53 +0200] "GET /seafmedia/avatars/default.png HTTP/1.1" 200 8184 "https://seafile.domain.fr/terms/accept/site-terms?returnTo=/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
XXX.XXX.XXX.XX - - [19/Sep/2018:11:58:53 +0200] "GET /terms/accept/site-terms?returnTo=/custom-css/ HTTP/1.1" 200 4863 "https://seafile.domain.fr/terms/accept/site-terms?returnTo=/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
XXX.XXX.XXX.XX - - [19/Sep/2018:11:58:53 +0200] "GET /seafmedia/css/font/fontawesome-webfont.woff?v=3.0.1 HTTP/1.1" 200 44032 "https://seafile.domain.fr/seafmedia/css/seahub.min.css?t=1537243822" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
XXX.XXX.XXX.XX - - [19/Sep/2018:11:58:55 +0200] "POST /terms/accept/ HTTP/1.1" 302 337 "https://seafile.domain.fr/terms/accept/site-terms?returnTo=/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
XXX.XXX.XXX.XX - - [19/Sep/2018:11:58:55 +0200] "GET / HTTP/1.1" 500 591 "https://seafile.domain.fr/terms/accept/site-terms?returnTo=/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
XXX.XXX.XXX.XX - - [19/Sep/2018:11:58:55 +0200] "GET /favicon.ico HTTP/1.1" 404 12320 "https://seafile.domain.fr/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
XXX.XXX.XXX.XX - - [19/Sep/2018:11:59:13 +0200] "-" 408 152 "-" "-"
XXX.XXX.XXX.XX - - [19/Sep/2018:11:59:36 +0200] "GET /api/v2.1/notifications/?_=1537351026110 HTTP/1.1" 200 524 "https://seafile.domain.fr/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"

I had to downgrade to 6.3.2 to make it work :thinking:


Files edited into OnlyOffice are not versionned correctly into Seafile
#5

Hello, we add a new role permssion can_add_public_repo in 6.3.5, and I guess you configured a custom role besides default and guest.

To solve your problem you must add can_add_public_repo permission to your custom role in seahub_settings.py:

...
    custom_role: {
         ...
        'can_add_public_repo': False,
        ...
    },

And we will also improve logic of role permission feather in the next release to avoid similar problems.


#6

Yes it solved th issue

I hope so ! :yum:

Thank you for the quick answer


#7

Please add this to the upgrade notes / changelog (https://manual.seafile.com/changelog/changelog-for-seafile-professional-server.html).


#8

The bug has been fixed in version 6.3.6.


#9

I like the “can edit” permission for share links. This is a nice feature. Are there plans to extend this feature to non login users (if technically feasible)?

Then a question regarding the “preview only” permission: A link with this permission opens the document in the online editor from where I can copy-paste the content in a local document. In the case of a DOCX document, not only the content, but also the formating (including style sheet) gets copied. In the case of XSLX, only the values, not the formulas get copied. Is this the intended behaviour?

I use Seafile PE 6.3.5 with OnlyOffice.


#10

Version 6.3.6 is uploaded and login non login users to edit file via a shared link.

I will check the problem.