Release Notes CBS 7.2.44

Collax Business Server
01.06.2026

Installation Notes

Update Instructions

To install this update please follow the following steps:

Procedure

  1. It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
  2. In the administration interface go to Menu → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
  3. Click Get Packages to download the update packages.
  4. Click Install. This installs the update. The end of this process is indicated by the message Done!.
  5. A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.

Issues fixed in this version

System Management: Linux Kernel 6.6.141

This update upgrades the Linux kernel to version 6.6.141.

The kernel update includes security fixes for several vulnerabilities, including “Fragnesia/Fail Copy 3.0”, the third bug within three weeks from the same family as “Dirty Frag”.

In addition, a new vulnerability called “ssh-keysign-pwn” has been identified, in which Qualys researchers discovered a race condition in the kernel’s ptrace access path.

File: Fix for anonymous FTP access

Previously, an anonymous connection to the FTP service was possible even when anonymous access was disabled for all shares. Users could not access any content, but they were still able to see the names of the shared shares. This behavior has been corrected so that anonymous FTP access is only offered when it is explicitly enabled for at least one share.

DNS: Fix for dynamic DNS updates

Fixed warning messages occurring during DNS configuration updates. On systems with IPv6 disabled and an IPv4-only DNS service, calls to nsupdate could fail and produce messages such as “Communication with ::1#53 failed: connection refused”.

Grommunio: Adjustment of authentication behavior with Active Directory integration

After an update, authentication issues in Outlook could occur in AD-integrated environments. Users were sometimes unable to log in, even though login via the webmail interface still worked.

The cause was a changed handling of user alternative names (aliases/alternative names): email addresses or LDAP attributes were additionally interpreted as alternative names and could therefore conflict with existing user IDs (“Username is already used as alternative name”).

Security: Roundcube

This release fixes several security vulnerabilities in the Roundcube webmail client. The issues include potential bypasses of security mechanisms as well as possible attack vectors such as injection and SSRF scenarios.

Notes

Additional software: Bitdefender - pattern update after commissioning

After starting up the Collax Antivirus powered by Bitdefender module, it may take a few minutes for the current virus patterns to be downloaded. If you click on Update Bitdefender in the virus scanner form during this time, you will receive an error message “Error connecting to server at /opt/lib/bitdefender//bdamsocket: -3”, because the background process has not yet been fully executed.

GUI: Sporadic hangs during running jobs

The progress of configuration jobs is displayed in the top right-hand corner of the web administration. In the case of extensive changes in the network area, especially with country locks (geo-ip), it can happen in rare cases that the job display hangs during activation. As of release 7.2.28, you will now receive the message “Network connection has been interrupted: Messages may be lost until the connection can be re-established.” informs you about such situations.

VPN: Fix for IKEv2 with Microsoft Windows crashes after 7.6 hours

VPN connections with IKEv2 and the on-board tools of Microsoft Windows are interrupted after interrupted after exactly 7.6 hours. The error occurs because Microsoft Windows proposes different algorithms during the IKE re-encryption than during the first connection. The problem can be solved with a registry fix by the value “NegotiateDH2048_AES256” under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters to 1 is set.

Under the following link you will find a REG file (registry entry) that adds the registry key. Collax accepts no liability for system errors resulting from this.

Table of Contents

Newsletter Subscription