estos Tech Essentials March 2022
With the estos tech essentials, we have summarized current essentials around technology and support from our portal support.estos.de.
SECURITY ADVICE
Update recommended: Security advice for ProCall Enterprise WebService – jquery versions from 1.2 to 3.5
SECURITY ADVICE PROCALL ENTERPRISE UPDATE TROUBLESHOOTING MAINTENANCE
In jQuery versions equal to or later than 1.2 and prior to 3.5.0, passing HTML from untrusted sources to any of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) – even after cleanup – could execute untrusted code. This issue has been fixed in jQuery 3.5.0.
The local WebService at ProCall Enterprise that is shipped with the UCServer is affected by this vulnerability.
estos has already released or is in the process of releasing updates with fixes for the vulnerability for ProCall 7 Enterprise, ProCall 6 Enterprise and ProCall Business.
Customers and partners can obtain the updates through the known channels and follow the normal update process.
Please find affected versions and notes about the versions with a fix for the vulnerability in our:
Update recommended: Security advice for ProCall Enterprise XMPP Federation and ECSTA for SIP phones – Expat/Libexpat versions prior to 2.4.4
SECURITY ADVICE PROCALL ENTERPRISE ECSTA FOR SIP PHONES XMPP FEDERATIONUPDATE TROUBLESHOOTING MAINTENANCE
Expat (also known as libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a non-zero XML_CONTEXT_BYTES.
estos has already released or is in the process of releasing updates with fixes for the vulnerability for ProCall 7 Enterprise, ProCall 6 Enterprise and ECSTA for SIP phones.
Customers and partners can obtain the updates through the known channels and follow the normal update process.
Affected versions and information about those versions with a fix can be found in our:
Not affected: estos software and the vulnerability in critical vulnerabilities in PJSIP
SECURITY ADVICE PROCALL ENTERPRISE PSJIP VULNERABILITY
There are currently warnings of critical vulnerabilities in the open source multimedia communication library PJSIP. These vulnerabilities have a CVSS criticality of 9.1 - 9.8.
estos products are not affected by this vulnerability and can continue to be used without modification without hesitation. Supplementary information can be found here:
USEFUL INFORMATION
STUN/TURN Server: Notes on requirements and commissioning
UCCONNECT PROCALL MEETINGS PROCALL BUSINESS COMMISSIONING RETAILER ACCOUNT
Direct audio/video communication has become an important part of modern collaboration.
In order to implement this efficiently from a technical point of view while at the same time keeping internal networks secure, framework conditions must be observed that at first glance make it difficult to establish direct communication across network boundaries.
In private IPv4 networks, a NAT router is often used to increase security, making it difficult or impossible for an external computer to contact an internal client without being prompted. Unfortunately, this also blocks the connections necessary for efficient audio/video communication. In order to still be able to establish these and similar connections that are actually desired, techniques have been developed that allow audio/video communication to take place without reducing security.
These technologies include STUN and TURN.
We have described in a new article how you can commission a STUN (RFC5398)/TURN (RFC5766) server on the internet that is interoperable with estos products.
The basis for this is the well-known TURN server "coTurn": https://github.com/coturn/coturn.
In our new article, we have compiled information for you on how to get started as easily as possible, the requirements and how to check them.
Global authorizations in UCServer – overview of permission levels
PROCALL ENTERPRISE UCSERVER USER MANAGEMENT ALLOCATION OF RIGHTS CONFIGURATION ADMINISTRATION
With globally allocated authorization levels, it is possible to administratively set the minimum presence and contact information that is transferred to the users within the UCServer. In addition, the level defines the minimum permissions that users receive on other users' lines.
Users can extend the globally allocated permission level, but cannot restrict globally allocated authorization.
You can quickly find which permissions apply at which authorization level (Public, Business, Team member, Personal) in our overview:
IN PRACTICE
New best practice video tutorial: Set up replicator for Microsoft Dynamics 365 in MetaDirectory
METADIRECTORY REPLICATOR MICROSOFT DYNAMICS 365 VIDEO TUTORIAL WEBINAR RECORDING TECH ESSENTIALS LIVE HOWTO CONFIGURATION COMMISSIONING
Since version 5.0.14 of MetaDirectory Enterprise, the replicator for Microsoft Dynamics 365 is available.
We have now added a video tutorial to our startup best practices. In the webinar recording of our Tech Essentials LIVE February 2022, an estos specialist shows which steps you need to perform in the Microsoft administration portals in Microsoft Azure Active Directory, when setting up the connection with Microsoft Dynamics for app registration and creating users, and how to configure the replicator in MetaDirectory.
- Video tutorial (webinar recording of our Tech Essentials LIVE from February 2022).
Language: German
Duration: approx. 30 minutes
ECSTA for OpenScape Business has no connection after update (V2→V3)
ECSTA INTEROPERABILITY ATOS UNIFY OPENSCAPE BUSINESS PBX TELEPHONE SYSTEM
After updating an OpenScape Business from V.2 to V.3, the ECSTA for OpenScape Business cannot connect to the PBX.
Possible cause: CSTA licenses are required by Atos/Unify in OpenScape Business. Apparently, in V2 the connection of the ECSTA also ran without a valid CSTA license. With the system version V3 this lack of a CSTA license is no longer tolerated. Now the licensing of the CSTA interface in the plant is compulsory.
For more information about Booster Card and Booster Server licenses, see our new article:
PRODUCTS
New releases at estos – recently released
PROCALL ENTERPRISE PROCALL BUSINESS PROCALL MEETINGS ECSTA RELEASESRELEASE NOTESMAINTENANCE
- ProCall 7 Enterprise version 7.3.5 was released on as a maintenance release.
This release fixes the following security vulnerabilities. Update recommended!
ProCall 7.3.5 Enterprise Release Notes
Security advice: ProCall Enterprise WebService – jquery versions between 1.2 and 3.5und 3.5
Security advice: ProCall Enterprise XMPP Federation and ECSTA for SIP phones - ProCall Meetings 1.2.6 was release on as a maintenance release.
ProCall Meetings 1.2.6 Release Notes - ECSTA 6 version 6.0.8.896 was released on as a maintenance release.
This release fixes a security vulnerability. Update recommended!
ECSTA 6.0.8 Release Notes
Security advice: ProCall Enterprise XMPP Federation and ECSTA for SIP phones
You can find an overview of our Release Notes here...
DATES
19/4/2022: Tech Essentials LIVE – Administrative specification of content for monitor and favorites in ProCall Enterprise
PROCALL ENTERPRISE TECH ESSENTIALS LIVE PARTNER WEBINAR TECHNOLOGY ADMINISTRATION
| Tech Essentials LIVE April 2022 Language: German |
Tuesday, 19 April 2022 –11.00 a.m. | |
| Administrative specification of content for monitor and favorites in ProCall Enterprise | |
| Submit questions in advance on this subject to the speaker Nicolai Hanisch: techessentials@estos.de |
YOUR CONTRIBUTION
Do you have a contribution or suggestions for the next tech essentials? Then write to techessentials@estos.de
At support.estos.de you will find technical information and helpful articles on installation, commissioning, operation, maintenance, troubleshooting, tutorials, interesting facts about estos software and products in the various system environments. The articles are subject to constant revision and updates.