Skip over navigation

Release Notes

The Open-Source OroCRM for Commerce and the OroPlatform

OroCRM 3.1.0-beta

This release is a Beta developer preview of an upcoming 3.1 version of OroCRM. In this release we focused on application stability and security.

Websocket security

SSL/TLS connections

OroCRM may now connect to websocket server via SSL/TLS connection and pass SSL connect options if necessary. To enable this connection, use the following new parameters in the application configuration:

  • websocket_backend_transport defines the transport to be used for connection. This option may be set to any registered transport returned by [stream_get_transports](http://php.net/manual/en/function.stream-get-transports.php); the default value is tcp.
  • websocket_backend_ssl_options specifies the SSL context options that will be passed when establishing the connection.
    These configuration options are not exposed on the UI and should be set during the installation or changed in config/parameters.yml file.

    Connection origin check

    To further improve the security of websocket connection and eliminate Cross-Site WebSocket Hijacking (CSWSH) attacks, Origin headers will be checked against the list of allowed origins after the websocket connection is established. This feature utilizes the existing OriginCheck functionality of GoS WebSocket bundle.

    Administration

    New Case-Insensitive Email Addresses configuration option allows the system administrator to restrict user email addresses acceptable for registration. When this option is turned on, all different capitalizations of a same email (e.g. johndoe@example.com and JohnDoe@example.com) will be treated as the same address so only one of them could be used to register a user. This option is off by default, as prescribed by RFC 5321 2.4.

    API

  • JSON API is now the default REST API sandbox
  • API filters are now enabled by default for one-to-many relations
  • We created developer documentation for API filters
  • We added data flow diagrams to API action documentation to clarify the use of API processors in customizations

    Other improvements

  • ACL security model is now extendable with custom data access rules
  • updatedAt field for Leads is now indexed

    Known issues

    Due to deprecations of Elasticsearch 6 the following changes were introduced:

  • Fulltext search will match words only from the beginning of the word – e.g. Foldable Wheelchair will be found by wheel, but not by eel
  • In case of multiple words, AND strategy will be used

You will be redirected to [title]. Would you like to continue?

Yes No
sso for www.magecore.comsso for oroinc.desso for oroinc.fr
Back to top