Traction® TeamPage 6.0.12 is focused on some new account security features including: password security requirements; password history; optional policy for deactivating accounts after a set number of authentication failures, or after a specified period of inactivity. The release also includes a small number of bug fixes.
TeamPage now includes settings for specifying the requirements for user account passwords, including minimum length, minimum numbers of certain types of characters, and requirements for not reusing previously used passwords. (Password history will only include passwords that are set after the first time your TeamPage server has been upgraded to version 6.0.12 or later.) Passwords generated by TeamPage for new or existing accounts will be guaranteed to be valid under whatever rules have been configured by server administrators.
There is also an option to configure a policy for handling a certain number of consecutive authentication failures. Administrators may choose either to have the account deactivated, or to simply prevent further authentication attempts while allowing any existing logins to remain valid.
Lastly, administrators may now opt to automatically deactivate accounts that have not been used in a certain amount of time. (All accounts are considered active as of the date / time your TeamPage server is first run after having been upgraded to version 6.0.12 or later.)
Bug Fixes and Other Changes
• Fixed a bug that was introduced in version 6.0.11 that could prevent the TeamPage server from shutting down in certain cases, notably on the first time the TeamPage is restarted after a TeamPage journal is first created. Shutting down a TeamPage service in this state would not have any negative consequences, but the shutdown would have to be forced (either by killing the process or by using the emergency force shutdown bypass). (Server73435)
• Modified the way that user profile requests are handled to prevent users from attempting to load the list of all notifications for a user account other than their own. This was likely to happen only if a user was viewing their own Notifications page and used the type-ahead search field to find and navigate to another user profile; the URL loaded for other user profiles in that case will no longer point to the Notifications page. (JPBO4315)
• Fixed a bug that prevented views with comments from loading if the requesting user selected "Newest First" for their "Comment Sort Order" preference. (Server73453)
• Removed the "Edit" links/buttons for user profile entries. User profiles should be edited on the user's Edit Profile page. (Technically, there are some forms that offer the ability to edit the content of a user profile entry, but the content of user profile entries is generally ignored, and they are not intended to be edited anywhere other than the user's Edit Profile page.) (Server72943)
• Moved the "Require All Users to Change Their Passwords" to the new Server Settings > People > Passwords setting group, and changed the way that it works so that the user who clicks it is not immediately presented with an error message when the Server Settings > People reloads itself after they've clicked this button. (The user will be forced to select a new password as soon as they click another link or next visit that TeamPage server.) (Server73375)
• Fixed a bug that caused the custom Title saved in an export template to be overwritten with what would ordinarily be the default Title setting value as soon as the template was loaded in the Export Setup dialog. (Server73553)
• Fixed a bug that caused a custom "Table of Contents" heading / title specified in the Export Setup dialog to be ignored. "Table of Contents" was always used. (Server73552)
• Slightly narrowed the definition of an "authentication attempt," so that only attempts, per se -- e.g., testing a user account's credentials -- is considered an attempt. Previously, certain kinds of successful or failed attempts to verify an existing known login could have resulted in "attempts" being recorded even though they weren't "attempts" as would be commonly understood. These changes will only be relevant to any TeamPage administrators who rely upon the authentication audit history, or who plan to define a policy for handling multiple consecutive failed authentication attempts.
• Fixed an issue related to tag names that unexpectedly begin with the reserved prefix "-e:" causing errors in some cases. The only known instance of this issue caused the tag chooser dialog for the section editor not to function, making it impossible to configure tag-driven section definitions. (Server73562)
For Developers
• Added support to the foreach tag for an escaped=true/false and extended support for the separator= attribute to the case of a String (e.g., comma separated list) stored in a variable named by the listvariable= attribute being turned into a list. Previously, if such a variable was being processed, there was no way to indicate an alternative separator sequence, and no way to indicate that the list elements might contain instances of that sequence in escaped form (preceded by a backslash), e.g., via the com.traction.sdk.props.NativeTypeConversion.string2list method.
Article: Customer4687 (permalink) Categories: :Doc:changelog, :Doc:R60 Date: August 26, 2014; 2:48:42 PM Eastern Daylight Time
