Software Change History for 4D WebSTAR V
© 1995-2005 4D, Inc. and its Licensors.


Changes in 5.4.1
------------------------------------------------------------------

General
 - IMPORTANT: The server will only launch if your installed license is valid for version 5.4.1. If you have a CIP license, it must be valid for updates until September 16th, 2005 or later. Please check your Admin Server Licenses panel in the Admin Client. Your validity information for each selected server license is located at the top of the Description text area. At least one entry must be valid for 5.4.x or valid until 16/Sept/2005 or later. If your license is not valid for this version, you should upgrade it *before* installing. You can purchase a license upgrade from http://store.4d.com/, and register it at http://www.4d.com/register/.

Installer
 - Updated the ClamAV custom install option to install ClamAV 0.87.
	NOTE: Non-critical warnings may appear in the ClamAV logs about the availability of a more recent release of ClamAV.
 - The ClamAV custom install option now always creates a Startup Item instead of using alternate launching methods on Panther and Tiger. This should help reduce problems with freshclam database downloads.

Admin Server
 - Now launches even if the license is invalid for the installed version, allowing post-upgrade license entry via the Admin Client.
 - Launches of the server processes are staggered to avoid initialization failures that prevent Admin Client connections.
 - Contains modifications to reduce the likelihood of zeroing out of the License.prefs.xml file on launch. 

SMTP Server
 - When another mail server sends an incorrect command, the server no longer disconnects.
 - The server no longer holds archived log files open, preventing deletion.
 - No longer corrupts messages to multiple recipients when the receiving server drops the connection. This behavior sometimes caused the SMTP Server to shut itself down without recovery.
  - Preference files should no longer be written as empty files if there is no disk space.

Mailbox Server
 - Fixed crashes on IMAP access by clients running Mac OS X 10.4 (Tiger) Mail 2.
 - The effective IMAP timeout should now be more consistent with the configured setting.
  - Preference files should no longer be written as empty files if there is no disk space.

Web Server
 - Now includes Sigurjon Jonsson's Mail Quarantine CGI. It allows you to review and clear the contents of a Mail server quarantine folder via the Web. For more information, please see the Mail Quarantine CGI Readme.txt file in the 4DWebSTAR/Documentation folder.
 - WebSTAR API plug-ins can now load their own plug-ins.
 - Preference files should no longer be written as empty files if there is no disk space.
 
WebSTAR CGI Plug-in
 - Updated the built-in distributions of PHP to version 4.4.0. If you use the excellent product PHPStar from http://phpstar.keywerks.de, you may need to reinstall it after running the WebSTAR Installer.

WebSTAR Flexmail Plug-in
 - Now adds a Message-Id header to all messages.
 - Prevents spammers from redirecting email messages.  

WebSTAR FTP Plug-in
 - Increased the effective maximum number of connections from 20 to 32.

WebSTAR Rewrite Plug-in
 - Proxy rules now return a 504 (Gateway Timeout) error if the back-end server is unreachable. If a custom 504.* (e.g. 504.html) page exists in your errors folder, it will be served in these cases.
 - Proxy rules are now compatible with POST method forms on Microsoft IIS and other target servers that use the interim 100 Continue response.

WebSTAR Security Plug-in
 - Now redisplays the realm authentication (401) dialog on all browsers after input of a bad password.

WebSTAR Tomcat Plug-in
 - No longer crashes on certain malformed URLs.


Changes in 5.4.0
------------------------------------------------------------------

General
 - IMPORTANT: The server will only launch if your installed license is valid for version 5.4.0. If you have a CIP license, it must be valid for updates until November 22, 2004 or later. Please check your Admin Server Licenses panel in the Admin Client. If your license is not valid for this version, you should upgrade it *before* installing. You can purchase a license upgrade from store.4d.com, and register it at 4d.com/register.

Installer
 - A distribution of ClamAV 0.75.1 is now included as a custom install option.
	NOTE: The installer for ClamAV does not set up a 'clamav' user in the system, so the ClamAV processes will run as 'webstar'.
	NOTE: Non-critical warnings appear in the ClamAV logs about the availability of a recent release of ClamAV.
 - The permissions reconfiguration at the end of installations is now much faster.
 - No longer overwrites existing php.ini files.
 - The "Configure File Permissions" and "Restrict File Permissions" custom install options now quit all 4D WebSTAR processes and applications before running.

Admin Server
 - Integrated service testing and recovery. If Web, FTP or Mail services are unresponsive, the Admin Server will recover the appropriate server.
 	NOTE: This testing feature results in periodic entries in your server logs.
	NOTE: If you need to disable the server tester or modify its settings, please quit the server, then use a text editor to modify this tag in the AdminServer/admin.prefs.xml file:
		<ServerTest active="yes" frequency="360" tolerance="60"/>
		Explanation:
		Active - If testing is active or not ("yes" or "no")
		Frequency - How often the tester checks services (in seconds).
		Tolerance - How long the tester waits for a response from each service (in seconds).
	NOTE: This feature is intended to replace the Perl script package that many customers have been using to test and recover services.

Admin Client
 - Now displays different login errors depending on whether the failure was caused by a server problem or by an incorrect username or password.

SMTP Server
 - Support for ClamAV virus filtering, with a distribution of ClamAV 0.75.1 included as a custom install option.
	NOTE: The installer for ClamAV does not set up a 'clamav' user in the system, so the ClamAV processes will run as 'webstar'.
	NOTE: Non-critical warnings appear in the ClamAV logs about the availability of a newer release of ClamAV (0.80).
 - Now supports optional whitelisting of all SMTP Authenticated connections. This new setting is located at the bottom of the SMTP Server Authentication panel.
 	NOTE: Connections whitelisted by authentication will bypass Spam Filtering, but DNS Blacklisting is still enforced. If you need to bypass DNS Blacklisting, please use IP whitelisting in the SMTP Server Allow/Deny panel.
 - The SMTP Incoming Command timeout setting is now respected (previous effective maximum was 60 seconds).
 - Automatically deletes malformed SMTP message files that were previously delivered as blank messages.
 - The virus checking system now more reliably deletes its temporary files, reducing the problem of non-infected messages being quarantined.
 - IP Addresss whitelisted on the SMTP Server Allow/Deny panel are now properly allowed by the DNSBL plug-in. However, connections whitelisted by authentication are still subject to DNS Blacklisting.

Mailbox Server
 - Automatically deletes malformed SMTP message files that were previously delivered as blank messages.

Web Server
 - Reduced the number of unnecessary backups of the main Web Server preference file (WSWebServer.prefs.xml).
 - Prevents the potential use of 4D WebSTAR V to retrieve hidden file contents from within Web site folders on Mac OSX HFS+ volumes.
	IMPORTANT: Although the update alone secures your server against the common published forms of the HFS+ Volume exploit, performing the following steps further protects your server from possible exploit variants.
	WARNING: This Rewrite-based trap is aggressive and in some cases may interfere with normal service. If your Web sites depend on legitimate browser requests that would match on the Rewrite Rule Conditions described below, you can exclude one or more of the conditions from the rule.
	1. Launch the 4D WebSTAR Admin Client and login to your server, selecting Admin from the Settings Group dialog.
	2. Select the Admin Modify Rules panel from the Web Rewrite panel group.
	3. Create a new rule:
		Name: HFS Plus Fix
  		Preprocess - checked
		Full Request  contains  .DS_Store  or
		Full Request  contains  /data  or
		Full Request  contains  /rsrc  or
		Change root path to:
		Change URL path to:  /NoSuchURL
		Continue with Rule:  stop

WebSTAR CGI Plug-in
 - PHP distributions (both CGI and FastCGI) updated to version 4.3.10 to address critical security issues.
 - Further reduction of WSCGIServer process terminations after load-related errors, especially with PHP.

Web Server Directory Indexer Plug-in
 - Fixed a problem with uploading files over SSL.

WebSTAR FTP Plug-In
 - Now allows writing to aliased or linked folders (affected v5.3.2 and v5.3.3).
 - No longer replaces Unix line-endings (e.g. in CGIs) with Mac line-endings when files are uploaded from certain clients.
 - No longer logs disconnections that occur before login.

WebSTAR SSI Plug-in
 - Fixed a crash related to SSI and Directory Indexer page processing.

WebSTAR Security Plug-in
 - Fixed an inability to handle certain malformed Digest authentications.


Changes in 5.3.4 SMTP Update
------------------------------------------------------------------

SMTP Server
 - Resolved the issue with the IP whitelisting feature that caused allowed IP addresses to be treated as whitelisted. 
 - Now allows Command Timeout settings of up to 240 seconds, and Data Timeout settings up to 320 seconds.


Changes in 5.3.3
------------------------------------------------------------------

====================================================================
IMPORTANT - CRITICAL UPDATE
--------------------------------------------------------------------
4D WebSTAR V v5.3.3 contains multiple critical security enhancements
to the Web, FTP and Admin servers. Immediate implementation on all
4D WebSTAR V servers is strongly recommended.
====================================================================

General
 - This update is free to any customer with a 4D WebSTAR V license, even if the license is no longer valid for updates.  However, to receive technical support, you must have a current license.
 - This version includes multiple critical security enhancements to the Admin, Web, and FTP servers.

Installer
 - Includes a new option to restrict access to files in the 4DWebSTAR folder. You will be given an opportunity to use this the first time you run the new installer. You can also choose do it later via the "Restrict File Permissions" custom install option. Restricting file access is recommended, but may cause problems with third-party software that needs to access your 4D WebSTAR V files. If you experience this problem, you can manually allow greater access to files and folders with the Finder's Get Info dialog. Running the "Configure File Permissions" custom install option will not override your manual changes unless they prevent the 4D WebSTAR V server from accessing files.

Launcher and Admin Server
 - The 4D WebSTAR V Launcher no longer automatically launches the Monitor by default on new installations.
 - Improved error description for unexpected client and server disconnections from the Admin Server.

Mailbox Server
 - Resolved problems with mailbox compaction and indexing that caused crashes and message disappearances when clients logged out.
 - Automatically deletes empty files found in the MailboxServer/InProcess folder.
 - Now compatible with SquirrelMail 1.4 and other IMAP clients that treat the body of a non-multipart messages as the first part of a multi-part message. However, there are still problems reading attachments with SquirrelMail 1.4. 4D Mail is not compatible with SquirrelMail 1.5.

SMTP Server
 - Now includes a new IP-whitelisting feature. Connections from "Whitelist" IP addresses in the SMTP Allow/Deny table will be exempt from checks by the DNS Blacklist and Spam Filter features.
 - Automatically deletes empty files found in the SMTPServer/Relay and SMTPServer/Local folders.
 - The original contents of bounced messages should now appear when read by all email clients.
 - Wildcard characters ('*' and '?') in the Spam Filter rules interface can now be escaped ('\*' and '\?') if you need to find a '*' or '?' in the message header.
 - You can now use the Spam Filter rules system to check the contents of X-Spam (SpamAssassin) headers.
 - You can now use the Spam Filter rules system to check for blank headers. To use this feature, simply create a rule condition that has a header selected, but leave the contents field empty. Checking for blank message bodies is not yet supported.
 - Resolved a crash associated with DNS Cache flushing.
 - DNSBL Quarantining no longer fails to move messages because of file name corruption.
 - Improved error descriptions in the SMTP Server log.
 - Improved support for Virex's command-line tool's virus warning output.

Web Server
 - Critical security enhancements.
 - By default, newly created files (e.g. when uploaded via FTP) are not accessible by any Mac OS X user account. This improves security for systems that allow non-administrative access to the machine via other services, but may cause problems with third-party software (e.g. Lasso) that needs access to your 4D WebSTAR V files. You can also change this behavior if needed (see below). Once a file is created, you can adjust its permissions via the Finder's Get Info dialog.  Running the Installer's "Configure File Permissions" custom install option will not override your manual changes unless they prevent the 4D WebSTAR V server from accessing files.
 - A new setting in the Web Server settings file (WSWebServer.prefs.xml in the /Applications/4DWebSTAR/WebServer folder) determines if the Web Server will create new files with read and/or write permissions for any Mac OS X user. By default, this setting looks like this:
	<FilePermissions anyonecanread="false" anyonecanwrite="false"/>
You can use a text editor to change this setting. Only set one or both of these new values to "true" as needed. This only applies to new files and will not affect existing files.
	WARNING: Do not edit this file when the server is running.
 - The server now automatically creates a backup of the Web Server settings file (WSWebServer.prefs.xml) if settings are changed via the Admin Client.

WebSTAR CGI Plug-in
 - PHP distributions updated to version 4.3.7 (both CGI and FastCGI).
 - The Web Server now passes posts of up to 32K to FastCGIs, up from 8K.
 - The CGI Plug-in no longer intercepts URLs that Rewrite needs to modify. This allows you to match on the same URLs in both the CGI Action and Rewrite tables.
 - Reduced the likelihood of the WSCGIServer process terminating without recovery after this load-related error:
	CGISERVER: Cannot fork (Resource temporarily unavailable)

WebSTAR FTP Plug-in
 - Critical security enhancements.
 - Now allows access to user accounts that use aliases for their root folder paths.
 - No longer prevents write access to user accounts that are set up with slashes at the end of their root folder paths.

WebSTAR Search Plug-in
 - Resolved an issue that limited indexing to only HTML, text, and PDF files. Now indexes a wider range of file types (including .lasso, .shtml, etc) as documented in the Technical Reference.

Admin Client
 - Long checkbox labels in several Admin Client panels are no longer selectable, thus preventing accidental settings changes.
 - New Web Rewrite rules are now automatically configured to stop processing.
 - New Web Security Authenticators now automatically include the Admin List as the secondary user list.

Monitor
 - The color blocks for the Mail Activity window's legend are now visible like in the Admin Client.


Changes in 5.3.2
------------------------------------------------------------------

General
 - Will not launch unless the license is valid past October 30, 2003. Please check your Admin Server Licenses panel in the Admin Client. If your license is not valid for updates, you should renew it *before* installing. You can purchase a CIP Renewal License from store.4d.com, and register it at 4d.com/register.
 - Upgraded OpenSSL to avoid latest potential vulnerabilities.

SMTP Server
 - The SMTP Server no longer launches the ProcessServer as root, which prevents killing of the munpack utility when it runs indefinitely and uses high amounts of CPU time.
 - Querying of DNS Blacklists no longer fails after extended use.
 - Less chance of SMTP Authentication failures when the Mailbox Server (which provides user information) is temporarily unavailable.
 - Changes to the Content-Type and Sender conditions are now saved properly in the Spam Rules table.
 - The MD5-Digest challenge in SMTP Authentication now includes a domain name.
 
Mailbox Server
 - New messages now appear more quickly when using the Entourage IMAP client.
 - Improved compatibility for secure logins from the Entourage IMAP client. Users can now select the "Always use secure password option" in Entourage, and administrators can select the "Require APOP/MD5-Digest" option in the Admin Client.
 - The Mailbox Server no longer loses messages sent to groups that have a period ('.') in the group name.

Web Server
 - Byte serving of PDF files is improved, because the Web Server no longer gives inaccurate content length information when responding to requests for multiple byte-ranges.
 - Changes to the Web Connections timeout value are now saved on quit.
 
WebSTAR FTP Plug-in
 - No longer allows users to rename folders to which they should not have access.
 - Now allows the RNFR (Rename From) command to be aborted, providing improved client compatibility.
 - Resolves a crash on certain kinds of failed access attempts.
 
WebSTAR Search Plug-in
 - Now uses PDF meta data (titles and descriptions) in search results.
 
WebSTAR Security Plug-in
 - Changes to the header requirement match type popup are now properly saved in the Realms table.

WebSTAR Logging Plug-in
 - Bad dates no longer appear in the logs of sites with heavy traffic.
 
Installer
 - On machines without Java 1.3 folder (e.g. G5s), the installer creates a symbolic link to the 1.3.1 folder so that the Admin Client and Monitor applications can launch.


Changes in 5.3.1
------------------------------------------------------------------

General
 - Will not launch unless the license is valid past July 21, 2003. If your license is not valid for updates, you should renew it *before* installing. You can purchase a CIP Renewal License from store.4d.com, and register it at 4d.com/register.

Web Server
 - Should no longer replace its settings file (WSWebServer.prefs.xml) if it is temporarily unavailable on initialization.
 - Reduces the accumulation of stuck, partially closed connections. This condition can lead to the server being unresponsive.

WebSTAR CGI Plug-in
 - No no longer crashes on multiple simultaneous AppleEvent CGI hits.
 
WebSTAR Flexmail Plug-in
 - XML-reserved characters (including &, ", and < ) in the Flexmail settings no longer cause problems.
 - Flexmail SAVECUSTOM now works if the Web site's root folder is not in the 4DWebSTAR/WebServer folder.

WebSTAR FTP Plug-in
 - No longer gives incorrect storage limit errors when uploading multiple files to a limited account.

WebSTAR Search Plug-in
 - No longer crashes on crawling if the robots.txt file for a Starting URL is redirected.
 - Now includes the ability to search URLs made available by Web Services. SOAP data sources are identified by special "soap://" start URLs in the Admin Client's Search interface. These URLs have the following format:
	soap://server:port/path/#soapMethodParameter
For example, if you had a 4th Dimension 2003 database serving product descriptions, you could set up the database to expose a Web Service method that returns a list of URLs to all product descriptions. If the end point for the method is http://127.0.0.1:8081/4DSOAP/, then the starting URL in the Admin Client should look something like this:
	soap://127.0.0.1:8081/4DSOAP/#product_descriptions
Once the Search plug-in gets the list of URLs, then it will crawl and index them as if they were normal URLs.

WebSTAR Security Plug-in
 - New "and/or" setting for combining Authentication and Allow/Deny realm protections is now retained after quit and relaunch.

WebSTAR Logging Plug-in
 - Log Archiving "By Size" setting is now retained after quit and relaunch.
 - No longer writes blank or incorrect dates in log file entries.

Mailbox Server
 - Reduces the accumulation of stuck, partially closed connections. This condition can lead to the server being unresponsive.

SMTP Server
 - Reduces the accumulation of stuck, partially closed connections. This condition can lead to the server being unresponsive.
 - Now includes support for Norton AntiVirus v9 or later, which is better than Virex at decoding viruses in email.

Monitor
 - Software update message no longer appear if an older version of a component is not already installed. For example, if you have the latest Web server but the Mail server is not installed, you will not see an update message on Monitor launch.

Installer
 - Now automatically quits all 4D WebSTAR processes if v5.3 is installed. WARNING: Manual quitting of all 4D WebSTAR V applications prior to updating is still recommended.
 - Warns unless a server license that is valid for updates is installed.


Changes in 5.3.0
------------------------------------------------------------------

General
 - Mac OS X v10.2.0 or later is now required (10.2.3 or later recommended).

Web Server
 - Byte-range serving no longer fails on cached files.
 - Web server no longer corrupts HTTP headers on large plug-in responses.
 - The default suffix mapping table now includes an entry for MacBinary (.bin) files.
 - Main preference file is no longer replaced when disk is full.
 - Will now launch without network access to a DNS server.
 - Reduced incidences of spontaneous Web server shutdowns wihtout recovery.

WebSTAR Search Plug-in
 - New SWISH-Enhanced based search engine with more accurate results and improved support for accented characters.
	IMPORTANT: If you update from a previous version, you will need to reindex any existing search indexes, otherwise search queries will fail.
 - The default and example search templates now refer to themselves for subsequent queries. Since the installer does not replace existing templates, this fix can be made manually in the template's search form.

WebSTAR Security Plug-in
 - The way in which Authentication and Allow/Deny realm protections are combined is now configurable. For example, an administrator can configure a realm to allow users access without a password if they connect from the local network, but require a password from outside the local network.

WebSTAR Logging Plug-in
 - Web server no longer crashes if CS-HOST token is used in log.
 
WebSTAR FileMaker Connector Plug-in
 - This beta plug-in enables communication between 4D WebSTAR V and the FileMaker Web Server Connector, and is available as a custom install option.

Mailbox Server
 - Remote file browsing (Choose button) now always works.
 - A backup of the Mailbox Server prefs file is made after every change.
 - Group addresses are no longer case sensitive.
 - POP server now responds correctly to unsupported command from QuickMail Pro client.
 - Will now launch without network access to a DNS server.
 - Main preference file is no longer replaced when disk is full.

SMTP Server
 - A backup of the SMTP Server prefs file is updated after every change.
 - DNS Blacklist feature now functional again (affected v5.2.4).
 - Spam Filter rules no longer disappear after entering XML-reserved characters.
 - Will now launch without network access to a DNS server.
 - Messages are no longer replicated as many times as there are recipients if you use the Relay table's via field.
 - Reverse IP Lookup matching is now more complex to defeat reverse lookup spoofing.
 - Reduced incidences of high CPU use and server deafness with Virus filtering on.
 - Bounces messages are now correctly formatted, eliminating SMTP errors and other problems with bounces.

Admin Server
- The Admin Server preferences are no longer corrupted on forced quit.

Admin Client
 - Panel group collapsed/expanded positions are now remembered after the first launch of the Admin Client.
 - Quit handling now compatible with Mac OS 10.2.4, so that previous window positions are remembered on launch.

Monitor
 - Quit handling now compatible with Mac OS 10.2.4, so that previous window positions are remembered on launch.

Installer
 - No longer opens the install destination folder before the permissions configuration is complete.
 - No longer warns about the special user if you already have created it.
 - Now creates optional Startup Item in /Library/StartupItems instead of /System/Library/StartupItems.
 - Now replaces older servers and plug-ins based on file creation date, not file modification date.
 - Now includes an Upgrade option, which behaves exactly like the Easy Install.


Changes in 5.2.4
------------------------------------------------------------------

SMTP Server (4D Mail)
 - New 12-hop limit on relayed messages, preventing possible loops (customizable in the SMTP Server preferences file for those with more unusual situations).
 - Messages from all time zones should be sorted correctly in mailboxes.
 - Resolves several server deafness and high CPU-use issues.
 - Now accepts unknown addresses for local domains if a Mailbox user account named "..." exists. This feature is NOT supported via a group address named "...".
 - The Relay Current Connections counter (on the Mail Activity window) is now updated periodically for better accuracy.
 - Sorting of the Try column in the SMTP Relay Queue window is now numeric instead of alphabetical.
 - Significant DNS lookup improvements, preventing messages from getting stuck in the Relay Queue.
 - Length of time Virus filtering components are allowed to run is now restricted to prevent then from monopolizing system resources.
 - No longer crashes when certain types of bad addresses are included in multiple recipient messages.

Mailbox Server (4D Mail)
 - Mailboxes no longer get scrambled after deletion of certain messages.
 - Per-user storage limits by size are now implemented, with customizable warning messages.
    WARNING: The warning messages do not currently support accented characters.
 - Unread messages no longer appear as read in some IMAP clients, especially Entourage.

4D Mail Migration Tool
 - Now supports migration from EIMS. This is not yet documented in the Migration tool PDF, but this works very similar to WebSTAR 4 (provide the Migration Tool with a list of users and their passwords so it can perform the migration using IMAP). The primary difference is that with EIMS you can only migrate one virtual host at a time.

Admin Server
 - Admin Client connections counter (on the Admin Activity window) is now properly decremented on logout.
 - Special characters in the admin.hostperms.xml file (edited via the Admin Server Settings Access panel) are no longer double-encoded after changes are made.
 
Web Server and Default Plug-in
 - Fix for Web server deafness after Lasso connections. Lasso update also required for complete fix.
 - Now can have a larger number of files and network connections open simultaneously.
 - No longer crashes on launch when running 10.2.
 - When launching from System Startup, the Web server should continue to respond to requests even after logging out of Finder.
 
WebSTAR CGI Plug-in
 - New "Verify" feature that checks to see if CGI-handled URLs (e.g. ends with .php) properly map to existing files.
 - Client IP address value is now correctly forwarded to AppleEvent-based CGI's when "Perform DNS Lookups" is disabled, and both "address" and "client IP address" should now work as expected.
 - AppleEvent CGI handling is now compatible with Mac OS 10.2.3.
 - The NuSOAP PHP library is now included, providing Web Services (SOAP) support via PHP.
 - Requests for directory urls without trailing slashes no longer fail when all html files are handled by an AppleEvent CGI (e.g. Maxum NetCloak).

WebSTAR FTP Plug-in
 - The configurable timeout value is now respected (in previous versions 300 seconds was always used)
 - Now properly increments and decrements the current connections counter, which is displayed periodically in the FTP log.
 
WebSTAR Security Plug-in
 - Minor improvements to German language interface.
 
WebSTAR SSI Plug-in
 - Now supports the following 4D WebSTAR API pi variables: piVersionNumber, piUpSincedate, piCurrentUserLevel, piHighestUserLevel, piMaxusers, piTotalConnections, pitotalbytesSent, and piUserAgent.

WebSTAR WebDAV Plug-in
 - Now serves the source of files usually processed by plug-ins, when the requests match realms configured to be served for WebDAV.
   IMPORTANT: This fix does not yet apply to CGI-processed files. Also, the source of files will be served to browsers unless the "Ignore this realm for browsing" checkbox is on.


Changes in 5.2.3
------------------------------------------------------------------

All Servers
  - Keeps serial numbers active even if they are no longer valid for free updates.
  
Web Server
  - Now allows 10,000 security authenticators per Web server instead of 50.
  
Mailbox Server
   - Umlauts and other special language characters no longer cause all 4D Mail users to disappear. Encoding of these characters is still non-standard, however, so you should avoid using them. 


Changes in 5.2.2
------------------------------------------------------------------

Admin Server
  - The Admin Client can now connect to the Admin Server after servers are activated via the Admin Server Settings panel.

4D Link Plug-in
  - Now always saves settings on quit
  - Fixes problem connecting to 4D Web Server on an unspecified port.
  - No longer allows entry of non-numeric characters in port field.

WebSTAR FTP Plug-in
  - No longer fails to respond to LIST commands on passive connections.
  - Improved handling of MacBinary downloads.
  
WebSTAR Security Plug-in
  - Improvements in German language UI.
  
WebSTAR Log Plug-in
  - Now always saves settings on quit.

SMTP Local Mail Plug-ins
  - No longer overrides normal server greeting on connections from recognized IP addresses.
  - Clearer interface for authentication by previous POP or IMAP login.
  
SMTP Server
  - Now only gives a single-line connection response for compatiblity with some email clients.
  - Better handling for connections that are improperly closed by other SMTP agents.
  
SMTP Log Plug-in
  - Some improvements in the French language interface.

SMTP Virus Filtering Plug-in
  - No longer gives unnecessary errors in the Launcher window.
  - Catches viruses in a wider variety of message encoding formats.

Mailbox Server
  - Updates most recent POP or IMAP log-in time to properly support SMTP access requirements.

Mail Migration Tool
  - Clearer documentation
  - More reliable log-ins to WebSTAR Mail 4 servers for message downloads.


Changes in 5.2.1
------------------------------------------------------------------

Installer
  - Performs appropriate fresh installs of the Web Server only or of 4D Mail only, allowing the Admin Client to connect. 

Launcher
  - Now shows version number in Finder's Show Info or Get Info dialog.
  
Mailbox Server
  - Gives a more informative error message than "Settings are corrupt" when attempting to accessing an invalid Post Office via the Admin Client.
  - Now handles limited user account licenses.
  
WebSTAR FTP Plug-In
  - No longer crashes on downloads or uploads of files that match entries in the Suffix Mapping table (e.g. .map and .4D files).
  - Saved FTP Users now show up immediately after quit and relaunch.


Changes in 5.2
------------------------------------------------------------------

4D Mail (SMTP Server and Mailbox Server)
  - 4D WebSTAR V now includes high-performance Internet email services with spam filtering, virus scanner support, and a Migration Tool for WebSTAR Mail 4.

Admin Client
  - Now shows above the panel tree the name of the Settings Group (virtual host) you are configuring.
  - Cleaner screen updates when moving from one panel to another.
  - Remembers your previous panel tree, table column, and floating window positions.
  - Numerous minor UI enhancements.

Admin Server
  - Now manages licensing for Web and Mail Servers.
  - Now properly prevents settings changes by Host Admins when a mix of read and read/write access options are chosen for a Settings Group (virtual host).
  
Launcher
  - Now displays all console information in its own window, which you can show and hide with the green zoom button.
  
Monitor
  - Now automatically displays available software updates on launch.
  
Web Server
  - Upgraded OpenSSL to 0.9.6g, eliminating potential vulnerabilities that existed in earlier versions.
  
WebSTAR FTP Plug-In
  - No longer crashes on uploads of files that end with a period.
  - Import via the Admin Client now replaces all existing users instead of appending.

WebSTAR CGI Plug-in
  - Fixed a memory leak in FastCGI handling.
  - Now notifies Apple Event CGIs of error conditions for proper error file handling.

WebSTAR Search Plug-in
  - Dashes "-" are no longer stripped from Search queries.

WebSTAR Log Plug-in 
  - Appropriate log headers now appear at the very top of new log files created after archiving.
  
WebSTAR Flexmail Plug-In
  - The Content Disposition of enclosures is now correctly set to "attachment".
  
WebSTAR Tomcat Plug-in
  - Now respects all lines in prefix table instead of just the first one.
  

Changes in 5.1.3
------------------------------------------------------------------

Web Server
  - Eliminates a potential security vulnerability.
  - Fixes an incompatibility that prevented some WebDAV clients from accessing password-protected realms.


Changes in 5.1.2
------------------------------------------------------------------

Admin Client
  - Can no longer accidentally delete tables by clicking on Save before the data has fully loaded.
  - Remote file browsing (Choose dialog) now properly supported in Windows version of Admin Client.
  - Now saves changes on keyboard quit (Command + Q).
  - Some panels with tables now implement a new data download indicator.
  - "None" and "Any" in some pop-ups replaced with blanks for simplicity and multiple language support.
  - Improvements to French and German interfaces.
  - In most cases, XML reserved characters (e.g. "&") are saved properly when used in tables and text fields (please see "Known Problems and Troubleshooting Tips" in the "About 4D WebSTAR V" file for exceptions).

Admin Server
  - New folders created in remote file browsing dialogs now immediately appear in other remote file browsing dialogs.
  - File listings now appear in the Remote file browsing even if file, folder, or volume names contain special characters.

Web Server and WebSTAR Default Plug-in
  - Now has an option in the Web Connections panel to disable all DNS lookups on IP addresses.
  - No longer quits on Finder log out if launched from startup.
  - SSL connections are now properly terminated, improving browser compatiblity.
  - Sends an error message to the browser when no virtual host route is configured to handle the request.
  - Duplicate entries no longer appear in the Suffix Mapping panel's Action popup.

Monitor
  - Now has a Shutdown Admin Server menu option (requires administrator username and password for security).

WebSTAR 4D Connect Plug-in
  - No longer truncates last character of responses from 4D Web Extension.

WebSTAR 4D Link Plug-in
  - Now properly passes search arguments to 4D Web Extension.
  - Improved compatibility with Rewrite modify rules.

WebSTAR CGI Plug-in
  - All environment variables should now be properly supported when appropriate, including HTTP_AUTHORIZATION, AUTH_TYPE, and HTTP_COOKIE.
  - DNS resolution is now optional (see Web Server changes), allowing the Apple Event CGI 'addr' (address) parameter to return the client's IP address instead of its hostname when DNS resolution is disabled.
  - Now provides username and password information to CGIs even if authentication is not triggered by a WebSTAR realm.
  - Now multiple fields of the same name are consolodated into a single variable. For example, if multiple Cookies are set, they will all appear in HTTP_COOKIE separated by semicolons.

WebSTAR Directory Indexer Plug-in
  - Now properly stores file names with multiple slashes on upload.
  
4D WebSTAR Rewrite
  - A new script for converting Welcome rules for use with Rewrite is now included in the 4DWebSTAR/Documentation/4DWSRewrite folder.
 
4D WebSTAR Search
  - Performance enhancements in query responses.
  - Remote file browsing (Choose dialog) now available for selecting index file location.
  - Fixes several instabilities during indexing.
  - No longer crashes on queries if certain tags are missing from custom templates.
  - Now can index Adobe Acrobat 5 (PDF1.4) files.

WebSTAR Security Plug-in
  - Default settings on clean installs now include a example realm for WebDAV serving.

WebSTAR SSI Plug-in
  - Character set now configurable via the Admin Client.
  
GUI Editor
  - Now keeps comments on save (at end of file).


Changes in 5.1.1
------------------------------------------------------------------

WebSTAR Default Plug-in
  - Security fix. Under certain conditions, previous versions reveal the source of pages that are supposed to be interpreted by other plug-ins and CGIs.


Changes in 5.1r2
------------------------------------------------------------------

Web Server
  - No longer truncates long pages served from Lasso, WebCatalog, and some other plug-ins and CGIs.
  
PHP Distribution
  - Updated to 4.1.2.
  
WebSTAR 4D Link Plug-in
  - Now uses the back-end server's hostname in the Host field of requests to it. Please see '4D Link 5.1 Readme.txt' in the Documentation folder for more details.


Changes in 5.1
------------------------------------------------------------------

Admin Client
  - Now supports remote file browsing for Virtual Host and FTP User root folders.
  - Improved performance.
  - Fixed connection drop while processing large XML tables.
  - New red line during drag and drop reordering of table records shows the record's new position.
  
Admin Server
  - Now has a configurable Client connection timeout (default is 30 minutes).
  - Fixed crash on saving large tables.
  
Web Server and WebSTAR Default Plug-in
  - Enhanced performance.
  - Default (index) documents are now properly processed by Plug-ins and CGIs.
  - Now compatible with PHP 4.1.1.
  - Now loads plug-ins on UFS volumes without having to rename the Plug-Ins folder.
  - Fixed problem where server responded improperly to requests for files with dates of December 31, 1969.
  
WebSTAR 4D Link Plug-in
  - Now requires the 4D WebSTAR Rewrite Plug-in.
  - Now supports connections to an authentication-protected 4D Web Extension.

WebSTAR CGI Plug-in
  - Now supports FastCGIs, including PHP 4.1.1 running as a FastCGI (see the WebServer/fcgi-bin folder for examples and a readme).
  
WebSTAR FTP Plug-in
  - No longer creates extra WebStar FTP Data folders with special characters in their names
  - FTP User roots are now browsable in the Admin Client.

WebSTAR Image Map Plug-in
  - This plug-in is now included in the Server Suite, and provides support for server-side image maps.

WebSTAR Language Plug-in
  - This new plug-in automatically serves localized versions of web pages based on browser Lanaguage settings.

4D WebSTAR Rewrite
  - This new plug-in provides a rule-based system for handling URL redirects, modifications, and proxy requests.
  
4D WebSTAR Search
  - Certain malformed queries no longer cause errors or crashes.
  - The results total figure now only counts hits that meet the relevancy requirement.
  - Search result summaries are no longer displayed in all lowercase.
  - If a search index contains multiple sites, search queries now support limiting a search to one or more of the sites.

WebSTAR SSI Plug-in
  - Now properly executes CGIs on the #exec command. FastCGI is not yet supported by SSI #exec.
  - Fixed a problem with #echo of variables.
  
PHP Distribution
  - Now includes CGI and FastCGI distributions of PHP 4.1.1. Please see the Documentation folder for open source license information.


Changes in 5.0.2
------------------------------------------------------------------

WebSTAR Directory Indexer Plug-In
  - Fixed problem where dates in December would not display correctly when using the numeric date.
  - Response pages generated after uploading a file now have the correct content-type of "text/html".
  - Fixed crash on long client paths. When uploading files through Internet Explorer on a PC, the
entire path to the file on the client's machine is passed as part of the form data. WebSTAR would
crash if this path were longer than 80 characters.
  - Upload speed is faster.

WebSTAR Log Plug-in
  - Fixed problem with dates in December being written incorrectly to disk. This prevented log analysis tools from properly analyzing WebSTAR logs.


Changes in 5.0.1
------------------------------------------------------------------

Many improvements, including the following:

WebSTAR 4D Connect Plug-In
  - This plug-in is now included in the Server Suite, and provides a tag-based method for connecting to 4D RDMBS.
  
PHP CGI Distribution
  - A distribution of PHP 4.0.6 is now included for processing files with PHP tags. Please see the Documentation folder for open source license information.

Admin Server
  - No longer causes cosmetic anomalies in the Admin Client after recovery of the Web Server.
  - Able to handle heavy log data traffic for display in the Monitor and Admin Client applications.
  
Web Server
  - Now supports Mac aliases for Web browsing and Virtual Host root folders. WebSTAR WebDAV Plug-In 5.0.1 does not support Mac aliases, however.
  - Some performance enhancements.
  - New Flush Cache button in the Web Server Cache panel.
  
WebSTAR FTP Plug-In
  - Better upload performance.
  - Improved handling PASV connections, especially uploads.
  - Includes a log window for the Monitor and Admin Client.
  
WebSTAR CGI Plug-In
  - Unix CGI compatibility fixes.
  
4D WebSTAR Launcher
  - Launching the Monitor at start is now optional.
  - Now can also launch the Console application.

4D WebSTAR Server Suite Monitor
  - Includes a built-in Software Update feature for downloading the latest updates from 4D, Inc. Software Update is accessible from the Monitor's File menu.
  
4D WebSTAR Search
  - Many improvements to functionality and interface.

Documentation
  - Updated Technical Reference.


Contacting 4D, Inc.
------------------------------------------------------------------

4D, Inc.
3031 Tisch Way, Suite 900
San Jose, California 95128

Email:
  info@4d.com
  sales@4d.com

Web:
  http://www.4d.com/

Phone:
  Main: (408) 557-4600
  Sales: (800) 881-3644 or (408) 557-4600

Fax: (408) 557-4625



Edited 9/19/2005