Build 2025-10-12

This release contains major updates and new features. Make sure to test this release appropriately before approving it for production.

New major features of note include:

• It is now possible to double-encrypt sensitive fields in the (already) encrypted database. This permits protection of sensitive information (such as passwords) from access, even from Administrators. If reading the objects as generic objects, values will be returned in encrypted form. Typed readout (i.e. via their corresponding class implementations) is required to access the decrypted values. The classes can protect their sensitive properties using Security.CallStack to ensure access is only granted from certain parts of the code, and not elsewhere.

  • Classes affected: Account, MucRoom, RelayConfiguration, MqttBrokerNode, XmppBrokerNode, ScriptPasswordParameter, MongoDBSettings, DomainConfiguration and XmppConfiguration.

  • Encrypted properties are encrypted in ledger blocks to avoid distribution of sensitive information via ledgers.

  • A property becomes encrypted by annotating it with the [Encrypted] attribute. You can use the [Encrypted(MinLength)] overload to instruct the database to encrypt the value with a minimum length of MinLength to mask the size of smaller properties.

  • A new IEncryptedProperties interface exists to simplify the conversion of legacy unencrypted variants.

Other new features in this release:

• The Account Admin page has been updated: The Password field is now empty: You can only set new passwords, not access existing passwords.

• The Neuron now runs under Linux.

• Configuration (Gateway.config): HTTP sniffers can be stored in separate subfolders based on remote endpoint, to simplify debugging.

• Call-stack checks have been refactored. Call-stack checks now implement a specific ICallStackCheck interface, making the library extensible. Explicitly prohibited source checks have been added.

A list of fixes in this release include:

• GATEWAY_THEME_ID environment variable caused an error: ConfigError: Environment Variable contains an invalid value: Theme not found. This has been fixed.

• GATEWAY_HR_NAME environment variable caused an error: ConfigError: Environment Variable contains an invalid value: Value missing. This has been fixed.

• Deleting old logs and sniffers recursively where appropriate, including sub-folders.

• Ability to disable Content-Encoding in a web resource.

• Ability to debug into dynamically generated object serializers in the persistence libraries.

• Color of printed output.

• CallStack fix disabling protection if including the same assembly in approved sources as makes the call.

peter@waher.se
10/13/2025, 12:27:01 PM