On the evening of September 6th, a vulnerability in the App Center repository server became known that allowed Docker images to be manipulated for Docker based apps. The vulnerability was in the Docker registry for the Univention App Center and allowed anonymous push of Docker images. The problem was fixed the following day by locking the anonymous push again.
At Univention, we are constantly thinking about how we can add benefit and value to our Univention Corporate Server (UCS) and App Center. One idea born from this is the app suggestion system, which I would like to introduce to you in this article. I would also like to give you some insight into how we work with hypotheses & tests in such projects at Univention. Plus, you will learn how, contrary to many other systems, we at Univention have given top priority to the protection of personal data.
Univention Directory Manager (UDM): More performance, improved functionality and a new REST API as beta version
There are significant performance improvements for managing the contents of the directory service via UDM, especially for application scenarios with complex structures. There have also been further minor improvements in DNS management, where the search for IP addresses is now enabled in further modules, as well as in the use of standard containers of domain controller objects.
UDM REST API (beta version) released: The new interface for accessing all content in the directory service
What is the „UDM REST API“?
A “REST API” (also called “RESTful API”) is a web service that allows integration between applications.
The REST API of the Univention Directory Manager provides access to all contents of the Univention Corporate Server (UCS) directory service. Its functionality is therefore comparable to that of the already available and further existing scripting interfaces (e.g. the “udm” command line tool). In contrast to these, however, the API is accessible via the web through HTTPS and can be more easily integrated into existing applications using standardized data formats (JSON).
In February 2019, the Univention Directory Notifier received a new protocol version that makes replication of directory service contents within the UCS domain more secure. To achieve this, some modifications had to be made under the hood.
After the extensive updates of the basic distribution with the release of UCS 4.3, our focus during the development of UCS 4.4 was on the implementation of new functionalities: The enhancements include new functions in Self Services, in the Portal, in Radius Integration and in Services for Windows. In addition, the Admin Diary is a new app with which events on the different systems or in the management system can be tracked and commented.
Many organizations and educational institutions allow users to work on their personal laptops, tablets and smartphones. Bringing Your Own Device (BYOD) is popular because it reduces the financial burden on businesses and gives users a greater freedom of choice as well as their familiar working environment. Before users connect to the school or corporate Wi-Fi with their personal devices, administrators should think about security so that the devices do not become a gateway for malware.
With UCS 4.3-3 the third point release for Univention Corporate Server (UCS) 4.3 is now available, which includes a number of important updates and various new features.
Improved configurability of the portal
The portal is the starting point for many UCS users and administrators. As described in the blog article Design the UCS Portal with Drag & Drop, you can adapt it very easily to your needs. The categories “Applications” and “Administration” were static until now. We have extended the portal so that you can now define your own categories. In addition, you can add static links to the portal, e.g. also link an imprint here.
Since the release of UCS 4.1 in November 2015, the App Center has supported Docker apps. These are applications in the form of Docker images that are deployed by the App Center in a Docker container. To do this, the App Center downloads the Docker image of an app and starts the Docker container. We call these apps “Single Container Apps” because the App Center only supports one container per app. This functionality is sufficient for many apps.