HipChat Server 1.x Release Notes

Server 1.3 build 1.3.9 – March 24, 2016

Promoted from beta to production on April 6th, 2016.

This is a security patch release with minor fixes. 

If your version is earlier than 1.3.8 The server must be rebooted for this change to take full effect

Fixes:

•  Fixed an intermittent issue where the database password update was not completely propagated during upgrade
  
  

Server 1.3 build 1.3.8 – February 19, 2016

Promoted from beta to production on March 10th, 2016.

This is a security patch release with minor fixes:

• CVE-2015-7547 glibc getaddrinfo stack-based buffer overflow vulnerability
  • The server must be rebooted for this change to take full effect
  • The severity of this issue is dependent on your environment
  • AWS' response: https://aws.amazon.com/security/security-bulletins/cve-2015-7547-advisory/
• The customization scripts ~admin/startup_scripts/* are now executed after every configuration manager execution, not just at boot
  
  • An example ~admin/startups_scripts/firewall_hole was added to demonstrate how to make customizations to the appliance firewall
• The outbound proxy password now works with mixed-case characters

Server 1.3 build 1.3.7 – November 18, 2015 – (HipChat.ova md5sum 7e4e97cdb3befac0d65230f2f084ccc8)

Promoted from beta to production on December 14th, 2015.

New features:

• Scrubbed mobile/email notifications (when that data has to be REALLY private, change the setting in admin/features)
• Domain Restricted signups can now support multiple domains (example.com, example.pizza, example.beer in admin/features)
• Exports now include 1-to-1 chats of "deleted" users
• Diagnostic log bundling & convenient download
• AES256 encrypted "hipchat diagnostics" on the CLI (see ~/diagnostics/readme.txt)
• Upgraded internally to MariaDB 10 and passwords rotated

Fixes:

• A bug that did not correctly delete expired sessions and therefore blocked some users (sadpanda)
• Prevents "decompression bombs" from Files (attachments or emoticons) uploads (what was that User thinking?)
• OpenJDK upgrade for Beta-aged deploys
• Export handles very long unicode filenames
• Export is missing some files with .gz file extension with error 'Received response with content-encoding: gzip, but failed to decode it'
• Fixed a UI crash when accessing /server_admin/directory for LDAP directory types
• APIv2 enforces domain restrictions when adding new user accounts
• Resolved an issue with Active User count on the Status page

Known issues:

• HipChat Servers initially deployed earlier than 2015 may have a monit config conflict upon upgrade:

  • Workaround/Resolution:

    sudo dont-blame-hipchat; rm -f /etc/monit.d/mysqld.monitrc; hipchat upgrade --force-upgrade

• If Invitation URL is disabled "Invite your team" for admins in /chat will only send a broken URL.
• After upgrade says "completed" Users cannot log in while an internal authorization service loads which can take up to 5 minutes
  
  • To follow along: tail -f /var/log/hipchat/atlassian-crowd.log until "Loading global messages from" appears (badpokerface)
• Content previews are disabled for GitHub, Imgur, Twitter and YouTube, in order to comply with their service agreements please activate using How to Generate API Keys for Content Previews and Configure it in Hipchat Server

Server 1.3 build 1.3.5 – September 29, 2015

New features:

• Chat Message storage performance and stability improvements
• Multi word User and Room search in the Admin WebUI
• Group Admins cannot modify Group Owners via APIv1

Fixes:

• API that returns recent history now includes the Topic messages
• /commands that have similar prefixes won't confuse each other

Known issues:

• HipChat Servers initially deployed earlier than 2015 may have a monit config conflict upon upgrade:

  • Workaround/Resolution:

    sudo dont-blame-hipchat; rm -f /etc/monit.d/mysqld.monitrc; hipchat upgrade --force-upgrade

• Even if Invitation URL is enabled the "Invite Your Team" functionality from /chat will not send any invites (feelsbadman)
• After upgrade says "completed" Users cannot log in while an internal authorization service loads which can take up to 5 minutes
  
  • To follow along: tail -f /var/log/hipchat/atlassian-crowd.log until "Loading global messages from" appears (badpokerface)
• Content previews are disabled for GitHub, Imgur, Twitter and YouTube

Server 1.3 build 1.3.4 – September 17, 2015

This was the production release prior to 1.3 build 1.3.7

New features:

• Web Client has Avatars next to the chats by default (so ensure your selfie or celeb-twin-lookalike image has been uploaded)

(Can be disabled in Settings -> Appearance if you really prefer just boring old text)

Fixes:

• Improved some component service restarts when meteors, earthquakes, and other unanticipated events occur

Known issues:

• Upgrades are typically over 8 minutes, for 1.2.3 and older it may take 20+ minutes
• After upgrade says "completed" Users cannot log in while an internal authorization service loads which can take up to 5 minutes
  
  • To follow along: tail -f /var/log/hipchat/atlassian-crowd.log until "Loading global messages from" appears (badpokerface)
• Content previews are disabled for GitHub, Imgur, Twitter and YouTube
  
  

Server 1.3 build 1.3.3 – September 14, 2015

The user directory service has received an overhaul. HipChat accounts are no longer associated to their remote directory sources by email address, but by a unique identifier instead. This solves a host of issues related to user management.

New features:

• Directory integrations are now based on the directory username instead of email address

  • Authentication is still performed by email address in HipChat but mapped to directory username when authenticating to the remote directory

  • Changing a user's email address in the directory will update the email address in HipChat without creating a second account
• Users and Rooms are now searchable in the web administrative controls: https://server/admin/users, https://server/admin/rooms 
• Exports can be interrupted at the command line: hipchat export --cancel
• Higher performance APIv2 service with reduced database demands

Fixes:

• Fixed a crash when the directory service encounters more than 25 thousand user accounts
• User profiles no longer require the job title field to be filled

Known issues:

• Carried over from Server 1.3 build 1.3.1

Server 1.3 build 1.3.1 – August 14, 2015

This release brings a fun emoticon interface with batch uploads and automatic image scaling. The platform gains performance, scalability and reliability improvements, increasing the chat connection rate by 500%.

New features:

• Emoticons gain a new web interface at https://server/emoticons
  • Automatic image scaling with retina display support
  • Accessible by all users
  • Custom emoticon limit has been increased from 250 to 750
  • Emoticons can be uploaded in batches
• Import & Export improvements
  • Exports can be purged by age, in days: hipchat export --purge-older-than 7
  • Export notifications can be sent to multiple email recipients: hipchat export --notify her@example.com him@example.com
  • Imports will now handle file attachments from deleted accounts for consistency
• Improved performance
  
  • XMPP connection handling is now multi-process and CPU prioritized
  • XMPP services include new rate limiting and retry abilities
  • The data caching service (Redis) is utilized more efficiently and is CPU prioritized
• API enhancements
  • In-app dialog windows: https://server/docs/apiv2/dialogs
  • "Add Ons" have been renamed to "Integrations"
• XMPP encryption no longer implements the DES-CBC-SHA cipher
• The terms of the open source software disclosure have been updated: https://server/open_source

Fixes:

• APIv2 scalability with more than 8 CPU cores
• Logjam security fix CVE-2015-4000 for Diffie-Hellman ciphers
• OpenSSL has been upgraded from version 1.0.1-4ubuntu5.25 to 1.0.1-4ubuntu5.31
  • Medium security scope with change log courtesy of Ubuntu
• Invites from within the web chat client could crash
• Disk capacity percentages on AWS deployments in the Status page: https://server/server_admin/

Known issues:

• Content previews are disabled for GitHub, Imgur, Twitter and YouTube
  • Instructions for enabling these previews are available in this document.
• CPU prioritization for the data caching layer (Redis) requires a server reboot or an explicit restart:
  • hipchat service --restart db; hipchat service --restart
  • Note this will cause a service outage of approximately two minutes
• Personal admin privileged APIv2 tokens that were created before 1.3.1 did not get the new View_Room scope after upgrade
  
  • Workaround is to regenerate a new personal APIv2 token that has all of the scopes selected

Server 1.2 build 1.2.8 – June 18, 2015

Upgrades gain an aggressive retry to correct various ill conditions, hipchat upgrade --force-upgrade. The directory integration and data importer each pick up some polish. Otherwise, this release remains very close to HipChat Server 1.2 build 1.2.7. Thanks for upgrading. 

New features:

• The HipChat server CLI upgrade utility has a more detailed diagnostic mode
  • hipchat upgrade --diagnostic
• There is a force option has been added to the upgrade utility that is able to reapply the current version
  •  hipchat upgrade --force-upgrade
• XMPP encryption no longer implements RC4-SHA and RC4-MD5 ciphers

Fixes:

• Import of data handles additional timezone data variants
• Improved upgrade logging in /var/log/hipchat/update.log
• Scheduled synchronization of directory data is more reliable
• The Delegated LDAP option has been removed from the directory integration
• A bug related to downsizing the number of processors

Known issues:

• Upgrades are still pretty slow, typically over 8 minutes, for 1.2.3 and older it may take 20+ minutes

Server 1.2 build 1.2.7 – June 4, 2015

This build enables much larger scale deploys. 36 CPUs and 64GB of RAM. Big iron! Upgrade reliability has been making a number of sites nervous so we've added some additional resiliency and retry capabilities. Big client changes round out the upgrades. Enjoy.

New features:

• New Android client v3.0.0
  • Full rewrite implementing Android Material Design
• New Linux and Windows clients v2.2.1373
  • Emoticon autocomplete
  • You can finally hide animated gifs
  • https://www.hipchat.com/release_notes/qtwindows
• Upgrade 
  • Adds an upgrade retry ability, via hipchat upgrade --force-upgrade
  • Improved logging
• Scalability
  • New support for 16, 32 and 36 CPU core systems, i.e. c4.8xlarge
  • Support for up to 64GB RAM
• Customizable web login page
  • Edit the file ~admin/config/oem/content/login.html to insert content on the web login page for compliance purposes

Fixes:

• APIv2 1:1 history fetch of more than 50 messages

Known issues:

• Upgrades are still pretty slow, typically over 8 minutes, for 1.2.3 and older it may take 20+ minutes
• Imports will create messages with the current timestamp instead of their original sent timestamp

Server 1.2 build 1.2.6 – May 15, 2015

The directory integration has received some serious improvements. It's now more communicative about errors, is faster, more scalable, more event driven. We're continuing to work on directory integration with more functionality to follow. The release picks up a handful of fixes and polish:

New features:

• Upgraded directory integration
  • Improved account validation
  • Improved logging and error reporting
  • Faster and more efficient using event-driven actions instead of polling
• The custom emoticon limit has been raised from 100 to 250

Fixes:

• YouTube previewing has been updated to use their v3 API
• APIv2 improves handling of DNS errors for Add-On integrations
• The Import/Export capability continues to evolve
  • Improved date handling
  • Retry capabilities for chat history fetch

Known issues:

• Upgrades are still pretty slow, often over 5 minutes 
• Some API and authentication errors occur on systems with 16 or more CPU cores

Server 1.2 build 1.2.5 – April 24, 2015

This release is the same as Server 1.2 build 1.2.4 with one fix for upgrades.

New features:

• None

Fixes:

• Upgrade fix for versions older than 1.2 build 1.2.3

Known issues:

• Incompatible with HipChat v4.0+ clients
  • Chat history will fail to load, please upgrade to 1.3 build 1.3.7 as soon as possible
• Requires outbound access to http://hipchat-dependencies-stable.s3-website-us-east-1.amazonaws.com/, a name variant of the existing required update source http://hipchat-dependencies-stable.s3.amazonaws.com/
• YouTube preview links are broken
   

Server 1.2 build 1.2.4 – April 20, 2015

This release is focused on reliability and security. Note that the group invite URL is disabled by this upgrade.

New features:

• Group invite URLs are disabled by default

Fixes:

• Native mobile notifications to some IOS devices has been restored
• An internal library, libtasn.1 has been patched per USN-2559-1
• Upgrades from Server builds older than 1.2.0
  
  

Known issues:

• Upgrades will take longer than before, at least 5 minutes and sometimes longer
• Customers that do not allow outbound access should contact server-support@hipchat.com for a patch before upgrading
• The user count at /server_admin/status erroneously includes the number of guest users registered
  
  • Note that the user count used for license enforcement excludes guest user counts correctly
• If you are unable to authenticate several minutes after upgrade please SSH in as the admin user and run
  • hipchat service --restart directory
  • Wait two minutes for the directory service to restart and attempt another login through the web or a chat client
  • The directory service log file is /var/log/hipchat/atlassian-crowd.log


Server 1.2 build 1.2.3 – April 16, 2015

The new generation web chat client has matured and is now the default. We've made good progress improving stability on directory integration and data import/export too. Platform compatibility and support is expanding with new disk management code.

New features:

• New client versions
  • The new web chat client has been updated to version 3.0.3 and is now the default web client
  • The Windows and Linux clients have been updated to version 2.2.1361
  • Release notes for the web client are here: https://www.hipchat.com/release_notes
• APIv2 enhancements
  • Room lifecycle webhooks
  • User avatar controls
  • See /docs/apiv2 on your own HipChat Server deployment
  • User invite to rooms
• OVA deployments will automatically scale /file_store and /chat_history partitions on reboot
• The AWS image will automatically expand its virtual disk on reboot for HVM instance types (forxvd device types, also applicable to Xen)
• There is a new maintenance mode to limit production access during maintenance events such as upgrade and boot
  • This is automatic and has no manual controls
• Directory integration has improved documentation: Configuring User Directories
• The Import/Export utility has been improved
  • Many-gigabyte datasets now work
  • Unexpected and duplicate values are handled more gracefully during import
  • Job summary emails now include nice logs and warnings
• Service monitoring has been improved for higher availability
  •  NTP, Import/Export, the welcome bot, and the notifications daemon

Fixes:

• SSL libraries have been patched per USN-2537-1
• Directory integration is more reliable at scale by increasing some process limits
• Directory integration removes options for read-write and delegated authentication capabilities as we're going to keep directory access read-only for ease, security & simplicity
• Reducing the CPU core count assigned to the HipChat Server VM will no longer leave rogue processes behind
• Rooms imported with guest access enabled are now able to disable that access
• Redis data files have been moved from /mnt to /file_store/redis
• The OSX chat client download now uses .zip format instead of .dmg for better download reliability
• The log file rotations have been refined and now include /var/log/hipchat/auth.log
  
  

Known issues:

• Upgrades from installations older than Server 1.0 build 1.2.0 can fail
• Some IOS users are not receiving native mobile notifications

Server 1.2 build 1.2.1 – March 17, 2015

Our web UI for upgrade broke in Server 1.0 build 1.1.9 and Server 1.2 build 1.2.0. To upgrade to this release please SSH in as the user admin and run hipchat upgrade

New features:

• HipChat Server Admins can now use the web interface to disable Video (notsureifgusta)
• Smileys are now hi-res retina ready (awyiss)
• The AWS image is compatible with more instance types

Fixes:

• The upgrade web UI (/server_admin/upgrade) works again
• 3rd party cookies with !, ? and ~ characters in their key names will no longer break web session handling
• The setup wizard is more reliable at initial startup
• libicu has been patched to resolve security issues USN-2522-3

Known issues:

• The new web chat client is beta software and does not offer video chat, audio and screen sharing
• Changing the email address of a user in a directory can create duplicate user accounts in HipChat
• Downloading the .dmg from https://hipchat.example.com/download may sometimes return a damaged file.  This is a known issue with the Mac client for both Cloud and Server and the workaround is to use https://www.hipchat.com/downloads/latest/mac and get the .zip file
  
  

Server 1.2 build 1.2.0 – March 2, 2015

This release brings the next generation web chat client and many changes focused on reliability and security refinements.

New features:

• Web chat client "v2"
  • Enable per-user by specifying the ?v=2 URL suffix, for example https://hipchat.example.com/chat?v=2
  • You can revert to the original web chat client at /chat?v=1
• All web services (/admin, /chat, /files, etc) instruct search engines not to index
  • The specific header is X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
• Full scale images are rendered in the browser instead of downloaded
  • For jpg/jpeg, gif, gifv, and png file formats
• Increased authentication timeout durations in some authentication paths, from 5s to 30s
• The secure shell (SSH) configuration has been hardened
  
  • The following ciphers have been disabled: aes128-cbc, 3des-cbc, blowfish-cbc
  • The following message authentication codes (MAC) have been disabled: hmac-md5
• The Android client has been upgraded to version 2.4.4

Fixes:

• Reliability improvements in the user directory 
• Import/Export scalability improvements
• Duplicate accounts with varied case email addresses are handled to enable case insensitive logins
  • Relevant to users with local accounts and corresponding camel-cased directory data on Server 1.0 builds 1.1.7 and 1.1.8
• IOS mobile notifications are working again

Known issues:

• The new web chat client is beta software and does not offer video chat, audio and screen sharing
• Changing the email address of a user in a directory can create duplicate user accounts in HipChat
• Upgrade from the web interface is broken due to some new security measures implemented in 1.0 build 1.1.9
  • Please SSH in as the admin user and type the following to upgrade: hipchat upgrade -u
• Downloading the .dmg from https://hipchat.example.com/download may sometimes return a damaged file.  This is a known issue with the Mac client for both Cloud and Server and the workaround is to use https://www.hipchat.com/downloads/latest/mac and get the .zip file

Server 1.0 build 1.1.9 – February 12, 2015

The release is driven by improvements to the directory integration, bug fixes and security hardening.

New features:

• Bundled client upgrades
  • Windows & Linux at version 2.2.1328
  • OSX at version 3.2.1-160
• Import/Export utility adds deleted user and guest account capabilities
• Retina emoticons
  
  • Updated to match the hipchat.com/emoticons global set
• Custom /etc/hosts and /etc/network/interfaces capability for users with special requirements
  
  • Email server-support@hipchat.com if you require customization to these files so we can provide the best guidance
• Stronger cross-site scripting prevention
• Guest invite URLs now use SSL so that you can disable port 80 access to your installation

Fixes:

• Login email addresses are no longer case sensitive
• Directory integration will ignore the optional outbound proxy 
• CVE-2014-6277, CVE-2014-6278 Upgraded the system shell (bash) to prevent privilege escalation from a theoretically compromised service
• Import/Export handles additional character sets

Known issues:

• We've seen some trouble upgrading images older than beta build 1.1.4
• A reboot is advised after upgrade from builds older than Server 1.0 build 1.1.8
• Login names (email addresses) will remain case sensitive if duplicate accounts are present by email address
  
  • For example: mr.bill@example.com and Mr.Bill@example.com 
  • We have a tool to resolve duplicate addresses, please contact server-support@hipchat.com or wait for 1.0 build 1.2.0
• The new Twitter integration has stopped working with Server, the crash is by the hosted code, not in Server
• Mobile notifications for IOS clients stopped working
• Upgrade from the web interface is broken due to some overly strict security measures implemented in 1.0 build 1.1.9
  • Please SSH in as the admin user and type the following to upgrade: hipchat upgrade -u

Server 1.0 build 1.1.8 – January 31, 2015

A security and compatibility release, of moderate importance.

New features:

• bcrypt password hashing (replaces SHA-based hashing)
  • Passwords are rehashed automatically, transparently, at login
  • Not applicable to remote authentication

Fixes:

• CVE-2015-0235 "ghost" glibc patch to fix gethostbyname* exploits
  • Please reboot the VM after applying this upgrade, a reboot is not automatic
• Compatibility fix for licenses issued by my.atlassian.com on AWS deploys

Known issues:

• Login email addresses remain case sensitive

Server 1.0 build 1.1.7 – January 27, 2015

Our production launch! See https://hipchat.com/server for details. 

New features:

• Production versioning HipChat Server 1.0 with build numbering consistent with the beta program
• Production licensing https://www.atlassian.com/customer-agreement/
• Open Source disclosures have expanded to include the components used by Atlassian Crowd
• Licensing and purchasing using existing Atlassian infrastructure 
  • Setup wizard bridges to license evaluation for easy configuration with a server ID (SID)
  • Purchase HipChat Server the way you do other Atlassian products such as JIRA or Stash
• Error reporting has been added to the configuration system when run as hipchat upgrade --restart
• Import & Export will now handle guest accounts and chat history
• Add On enhancements
  • Filtered list of instructional add ons that are qualified 
  • Next-generation add on support for Atlassian products including JIRA and Confluence

Fixes:

• Scalability fixes to the Import & Export for large teams
• Directory integration changes for better global character sets
• Directory integration fixes for accounts with missing email, mention and user names
• New OVA deploys have a 4GB larger root partition
• An email marketing opt-out option has been removed from the user profile page
   in the user

Known issues:

• Login names (email addresses) are case sensitive, they were case insensitive in build 1.1.6, and we plan to restore that behavior
• Fresh deploys of this build include the latest emoticons from hipchat.com but upgrades to this release do not. We'll get those emoticons updated in short order
• Amazon AWS deployments are rejecting some licenses issued from my.atlassian.com. Please contact server-support@hipchat.com for a temporary license until we have this fixed