Universal Messenger 7.56.0 (EN)

Owned by Florian Wolff
Last updated: Juli 04, 2024
4 min read

Release 7.56.0 Build 1910 was released in July 2024. This release includes:

  • Securing REST endpoints with API keys

  • Newsletter archive: Tracking event export

  • Detecting Tracking Events from Bots or Virus Scanners

  • Functional improvements and bug fixes

  • Service Desk 4.3.3

  • Update of various components

  • REST-Proxy 3.3.0

Securing REST endpoints with API keys

Starting from UM 7.56.0, an API key is required for authentication when accessing various public REST endpoints. Under Tools / API Keys, any number of such keys can be generated and managed for this purpose.

Each API key consists of a (public) key and a secret key. Both keys are required for authentication at one of these interfaces: The public key serves as the username, and the secret key as the password. Both must be passed as the Authorization header in Basic Auth format.

Each API key can be assigned one or more permissions required for the use of various interfaces.

image-20240703-142836.png

When creating and editing an API key, the key can be activated or deactivated, and a description can be provided. Additionally, permissions can be selected for the key.

The permissions required for each interface can be found in the REST API documentation.

When creating a new API key, there is a one-time opportunity to copy the secret key. Since the secret key is stored as a hash digest in the database, it cannot be viewed at a later time.

For CSE developers: see also Securing REST endpoints with API keys

Newsletter archive: Tracking event export

The newsletter detail view in the newsletter archive has been expanded to include the Tracking event export tab. Here, an Excel report containing comprehensive listings of all recorded tracking events can be downloaded.

image-20240703-142522.png

The downloaded Excel file contains the following five sheets/pages:

  • Views

  • Clicks

  • Conversions

  • Unsubscriptions

  • Bounces

Optionally, selecting a segment enables filtering of recipients whose tracking events should be exported.

This new feature can be enabled in admin roles with the following line in the respective cmsbs-conf/adminRoles/role_XXX.properties file:

area.NewsletterArchive.TrackingEventExport = true

By default, it is disabled in non-super-admin roles for privacy reasons.

Detecting Tracking Events from Bots or Virus Scanners

Most major email providers automatically visit all links in received emails to protect their customers by scanning linked pages for malware, among other purposes. These automated views and clicks on newsletters consequently distort statistics.

Since version 7.56.0, the UM can classify recorded Views and Clicks based on various criteria. This classification allows subsequent analyses to filter out these automatically generated tracking events. 

On the following pages, this filtering can be enabled or disabled:

  • Newsletter Archive

  • Newsletter detail view

    • View Newsletter

    • Analyze metrics

    • Analyze views

    • Analyze clicks

    • Tracking event export

  • Newsletter Groups

In existing installations, the classification of incoming tracking events may need to be enabled in the cmsbs.properties file if it's not already active:

cmsbs.tracker.startclassifier = true

Service Desk 4.3.3

The bundled version of the Service Desk app has been updated to version 4.3.3.

Functional improvements

Bouncebehandlung: Anpassung der Defaults

The UM internal defaults and settings in the cmsbs.properties file of a new UM installation have been adjusted according to the recommendations from Universal Messenger 7.54.0 (EN) | General Bounce Handling :

# Unsubscribe on the first hard bounce: cmsbs.bounce.hardbounce.max = 1 # Do not unsubscribe directly for soft bounces / autoresponds: cmsbs.bounce.softbounce.max = -1 cmsbs.bounce.autorespond.max = -1 # Unsubscribe directly after five consecutive bounces: cmsbs.bounce.newsletter.max_in_a_row = 5

Core Scripting Engine

To verify RSA-signed JSON Web Tokens (JWT), the jwks-rsa library from auth0 is now included.

A potential NullPointerException when setting a password field via the CSE API has been resolved.

Mail-Relays

Under Tools / Mail Relays, the counters and alerts can now be reset with the click of a button.

Bug fixes

Embedded Tomcat

When using UM in embedded Tomcat, there was a fix implemented to resolve a ClassCastException that could occur under specific circumstances during email sending triggered via CSE.

REST-Proxy

The Transfer-Encoding header is no longer mistakenly inherited from the original request.

Instead of sending a 503 status code, the REST proxy now sends a 403 when a request is rejected due to the configured whitelist.

Backoffice login against LDAP

If the initial LDAP server binding fails during Back Office login, depending on the configuration, login against the internal user management system is still allowed. In all previous versions, login was always rejected in this scenario, even if a matching user entry existed in the internal user management system.

Editing of app instances in Firefox

After editing app instances, Firefox previously triggered an unintended "Page Reload" confirmation dialog. This issue has now been resolved.

Job "Delete Entries with pending subscriptions"

An issue related to expired newsletter subscriptions has been resolved.

Update of various components