Quobis WAC release notes

A new permissions service that allows to setup policies per domain and user and consume them via the REST API.
Added “screensharing” capability by default in the domain creation
An event speakerChanged is generated when a participant in a conference starts or stops speaking. This event can be consumed from the SDKs to provide this information to the rest of participants. Available in the Javascript SDK.
An event is generated when a participant starts/stops sharing his/her screen

Authentication

Added support for OpenID as an external authentication service

Deployment

New feature “Blue-Green deployment” that allows to have two enviroments in parallel. That means that it can be used to migrate users from existing environment to a new one in order to test that everything works properly. This migration can be done on a per user basis updating the info of the user by using the Service API.

Meetings

Ability to set and start time, end time and meeting password

Recording

New set of recording permissions that allow fine-grained control on who can record what
Three new levels of quality recording
Recordings can be provided merged or separately into single files.

Telephony and PBX

Added MWI (“Message Waiting Indicator”) integration with SIP-based external voicemail platforms. In addition, the voicemail SIP address is now also reachable via a generic destination string (“voicemail”).

Bug fixes

Fixed a bug that prevented SIP users to leave the conference room under some circumstances (QSS-284)
Unneeded Credentials added to STUN ICE servers in the Dispatcher (QA-1824)
Conference log update events are sent as many times as a user appears as candidate in a call (QA-1923)
Improve log line in QSS registry (FOEHN-591)
DataPipe export “symbol” instead of the proper enum (QA-1864)
Meeting PIN is not being send on the SMS (QA-1938)
Users removed from the system remain listed as members of the chat groups to which they belonged (QA-1942)
Active conferences has not an associated chat (QA-1921)
All alerts are displayed as send/received at current time when alerts tab is opened (QA-1943)
Push notifications (iOS): sound property must be set to default (QA-1854)
MWI does not sent sipMapping password in unregister (QUOBDEV-1059)
Wrapper restarts if the plugindata received is empty (QA-1749)
QSS-watchdog-registry stop working if database connection is lost (QSS-276)
An anonymous user can delete itself via API (SRV-1722)
Anonymous users can modify their own data via API (SRV-1723)
Alert iOS Pushes are not working properly (QUOBDEV-827)
Calls from the native app do not connect (QA-1668)
Push notifications of chat non-text messages are not received (QA-1658)
Contacts marked as favourite loose its value when reloading the browser (QA-1615)
Alert template parameters are set to “null” when updating any of their values (QA-1692)
Contacts API returns a 404 error when a user tries to update a contact (QA-1573)

Known issues

Users removed from the system remain listed as members of the chat groups to which they belonged (QA-1942)
Meeting PIN is not being send on the SMS (QA-1938)
Active conferences has not an associated chat (QA-1921)
The xmpp-server doesn’t connect to postgresql after an environment crash (QA-1863)
A malformed requests in erebus should respond with 400, not 500 (QA-1768)
Users can have its role changed to anonymous even if their domain doesn’t allow it (QA-1760)
Allow WAC to locally query itself instead of using public URL when validating an access token (QA-1761)
Credentials OpenAPI definition missing query parameter (QA-1762)
There are some users registered with multiple Firebase push tokens (QA-1755)
When a disconnected user’s ID is called, the call is redirected to PSTN (QA-1757)
The response codes are different depending if the callee is a pstn or a domain user (QA-1754)

Technical improvements

Updated restify to 8.5.1 to fix security vulnerabilities (QUOBDEV-824)
Automatically fix npm security vulnerable packages (QUOBDEV-823)
Drop apn dependency in the QSS (QUOBDEV-822)
Make addressbook service compatible with new static contacts service (QUOBDEV-819)
Deprecate old dnie service (ROAD-1328)
Deprecate old click2call service (ROAD-1327)
Deprecation of sippo-cob-static (ROAD-1326)
Wac <> xmpp events must be sent in chronological order (QUOBDEV-769)
Optimization of framerate for screensharing (SIPPOJS-739)
The inviteMany method should has the same behaviour than the regular invite
When groups are requested via the Addressbook service, the received id in the response is the groupId

v4.2 

v4.2.7 

Temporary recording files are not deleted when configured to record in “audio only” mode (QA-1681)

v4.2.5 

ConferenceLogs events were not being sent to the caller when the call was canceled (QA-1850)
Missing “sound” property default value for iOS notifications (QA-1854)

v4.2.0 

Released January 2021

Backend

New features and changes

Global

A SIP load balancer service is now available to route incoming SIP calls to a pool of audiomixers using several call routing strategies (round robin, priority based, etc…) for better performance and scalability.
Support to SIP authentication using INVITE & REFER authentication has been added so to the SIP proxy.
A new service called “Erebus” has been included in the architecture. Erebus is an API gateway that implements a websocket multiplexer that enables clients to access all of the system services using just one single connection. It reduces login and setup time (less TLS handshakes) and reduces the required bandwidth. This new way of connecting to the server is backward compatible.
Three client websocket connections (into wrapper, sippo-server, and QSS services) have been multiplexed via Erubus into a single websocket connection. This change reduces significantly the call setup and connection setup times. More connections will be passed via Erebus in the upcoming versions.
Added a websocket keepalive message in the websocket connection from the clients in order to prevent the drop of the connection by a firewall. This ping message is automatically sent by the SDKs each 75 seconds and is answered by the system (wrapper service). The 75 seconds value is hardcoded and cannot be changed.
Asterisks are allowed as part of the username and alias fields.

Authentication

Support to several redirect URIs in the oAuth2 authentication process in order to support several type of devices (desktop browser, mobile browser, native app, etc…) with a single oAuth2 host.

Conferences

Added a new functionality “agent assigner” that allows the dispatching of incoming calls to a set of users depending on several criteria. The assignment decision can be taken by an external system (typically, a contact-center or PBX) or locally by the Quobis wac.
A “404 Not Found” SIP error code is sent as a failure message when user does not exist in the system or if the domain in the Request-URI does not match any of the domains handled by the recipient of the request, as defined in RFC-3261.
SDK clients can now register into a SIP or IMS network via a SIP REGISTER. A valid registration on the system will triger a delegated SIP registration into an external SIP network using the ims-credentials values. Please note that this configuration has been deployed in stand-alone configuration only.
Conference URLs path for public rooms is now configurable and set by default to htttps://wac-public-uri/c/public_room. This change has been done to isolate meeting URL from conference URLs

Contacts

A major refactor has been made in order to provide a easiest way to manage and consume contact information. Some methods have been deprecated in the Javascript and iOS SDK. Two new services, “UserContacts” and “Addressbooks”, have been created as result of this refactor.

Deployment

Support to “Lightweight Kubernetes K3s” deployments (www.k3s.io) in addition to standard Kubernets K8s deployment. K3s is a highly available, certified Kubernetes distribution designed resource-constrained systems. Quobis recommends k3s deployments for lab and testing deployments.
Deployment using docker-compose is no longer supported.
The audiomixer, SFU and SIP-proxy services are now running as pods inside the Kubernetes cluster.
K8s cluster can check the health status of the XMPP, o2p, sippo-server, wrapper, dispatcher and QSS containers.
A storage quota parameter (maxStorageQuota) can be set in the installation process via the Ansible installer. This parameter is optional, applies to the entire namespaced and defaults to 60GB for the disk space used by databases, uploaded files, chats and backups. It the parameter is removed, there is no space limitation.

Media

Ability to configure the system to use dynamic TURN credentials to prevent fraudulent usage of the media server and DoS attacks. This functionality is configured by setting two new parameters in file quobis-dispatcher-config.js (“secret” and “expirationHours”)

Meetings

Meetings can be optionally password-protected for better privacy and security. This password protecion applies both for system users and external users as well.
Meeting organizer automatically receives the meeting invitation email when the meeting is created.
Meeting URLs path for public rooms is now configurable and set by default to htttps://wac-public-uri/m/meeting_ID. This change has been done to isolate meeting URL from conference URLs
Added “VALARM” support into the attached ICS file of the meeting invitation emails as defined in RFC2445. That allows the calendar client to raise a reminder before the meeting starts. This time can be configured in the “remindBefore” parameters, which defaults to 10 minutes.

Messaging

Join/leave group announcements are now available in the chat history.

Notifications

Two different Callkit push certificates can be configured for the same APNs: one for VoIP pushes and another for chat pushes.
Mobile push notification payload now includes contact information of the caller party, following the standard order (contact name, display name, username and finally phone number) so the applications don’t need to resolve that information locally.

Recording

Added parameter “recordingType“ that allows the selection of which media streams are recorded: audio and video, only audio, only video or nothing at all.
Audio and video raw files used during the preprocessing phase are deleted from the temporary folders after they are successfully processed if the configuration parameter “clean_temporary_files” in config/config.json is set to true

Security

Ability to set a client IP source ranges to be excluded from rate-limiting (configuration option: limit-whitelist). This is useful in some specific scenarios like contact-centers where most of the traffic is coming from the same IP range.
A password policy can now be set with some rules such as minimum length, minimum number of letters/numbers, lowercase/uppercase usage, symbols and spaces, password blacklist, etc…) in order to comply with ISO-27001 requirements. These policies are system-wide and can be configured at file config/passwordpolicies.json
Restricted avatar uploads to base64 format URI with images to prevent potential XSS attacks.
Added a homoglyph check to reject usernames that might look alike to the existing one, in order to avoid homograph attacks and typosquatting. For example, that happens where the Latin character “a” (Unicode U+0061) is replaced with the Cyrillic character “а” (Unicode U+0410)

Bug fixes

System was not taking into account the participants limit value when we have users with different media options (JW-63)
It was possible to create and domain with an empty domain name which leaded to a login failure (SRV-1692)
System does not start when the agent assigner services is enable and there are not agents defined (SRV-1674)
Meeting invitations are not sent to guests that are a user contact but don’t belong to the user’s domain (QUOBDEV-654)
Meeting invitations are not sent if the user domain is written completely with uppercase letters (QUOBDEV-651)
Calls transferred to a SIP destination caused a wrong entry in the conference log in parallel-SIP scenarios which also caused a crash in the iOS SDK (QSS-281)
Calls were not correctly setup after a redirection from one audiomixer to another with parallel-sip configuration and HA setup (QSS-288, QSS-234)
Users were allowed to set another username in uppercase as their alias (SRV-1610)
Incoming SIP that matched a wac-ims-credentials that starts with a (+) symbol were rejected (QSS-179)
Filters createdAtBefore and createdAtSince were not working as expected, as they used LessThanOrEqual or GreaterThanOrEqual filters rather than``LessThan`` and GreaterThan filters (SRV-1664)
The call does not progress when calling to a ringing group and the first user of the group is offline (QSS-266)
An ongoing call ends if the user logs out from another session (QSS-270)
Making a call to a user group with a space in its ID gets no answer and ends after a timeout (QUOBDEV-694)

Known issues

Service sippo-exporter crashes sending a GET to api/queues (DEVOPS-301)
Presence remains as “busy” if a user is in a call and the connection is closed abruptly (ASLO-33)

Technical improvements

Mobile push notification implementation has been completely redesigned in order to comply with the last iOS policies and to accomodate both hybrid and native applications. All push notifications are now sent from the sippo-server services, including chat notifications which were previously sent by the XMPP server.
Unify user group events into a single one (group-updated)

REST API

New features and changes

Global

REST API documentation is now described using the OpenAPI format.

Auditing

Added /kmanage/k8s/getlogs endpoint to gain get logs of an specific pod (kubectl logs <pod-name>)
Added endpoint /kmanage/loglevel to set the log level of /kmanage endpoints between levels “Info”, “Warn”,”Error”,”Debug” and “Trace” without service restart
Added two endpoints to manage system backups:
- /kmanage/backups/getbackups: lists all backup file available in the system
- /kmanage/backups/downloadbackups: download available backup files
Added endpoint /kmanage/reporting/getreport that gets reports of the last 24 hours.

Conferences

Added endpoint /kmanage/siponhold to obtain conference object from roomId and sent it to the audiomixer service to implement a SIP reINVITE
Added several endpoint for the “Agent assignment” functionality:
- /kmanage/agentassigner/list that gets every agent assigner entries
- /kmanage/agentassigner/delete/{id} that deletes and agent assigner element
- /kmanage/agentassigner/showroute/{id} that shows the route of this entry at the agent assigner
- /kmanage/agentassigner/addroute that creates a new route to the agent assigner element

Contacts

Added endpoint UserContacts for better contact management.
Added endpoint AddressBooks for better contact management.

Deployment

Added endpoint /kmanage/template to get swagger template file in JSON format
Added several endpoints to gain visibility over the Kubernetes cluster status:
- /kmanage/k8s/clusterstate: lists the cluster state (kubectl get pods -o wide)
- /kmanage/k8s/clusterservices: lists the running services (kubectl get svc --all-namespaces -o wide)
- /kmanage/k8s/getlogs: gets logs of a specific pod (kubectl logs <pod-name>)

Meetings

Added boolean field isPasswordProtected to the meeting object that indicates if a meeting is protected by a password.
Added query parameter userId to filter meetings to which an specific user has been invited.

Messaging

Added endpoint /kmanage/xmpp-server/getuserschat that returns a list of users with sent chats and the number of sent chat by each user (1-by-1 chats and group chats)
Added an endpoint to delete sent chats by an specific user (/kmanage/xmpp-server/deleteuserchats)
Endpoint /xmpp/roster/{username}: replaced by full subset:
- xmpp/push
- xmpp/push/register
- /xmpp/push/unregister

Notifications

Endpoint /pushNotifications/{userId} replaced by `/pushNotifications/byUserId/{userId}:

Recording

Added endpoint /kmanage/getrecord to list all recording files available in the system.
Added endpoint /kmanage/downloadrecord to download a recording file.

Users

Added endpoint /kmanage/usergroup/logout to force logout of every participant of a given user group.
Added endpoint /kmanage/user/location to obtain the location of a user.

Bug fixes

Information exposure through error message on /sapi/o/token (SEC-59)
Unauthenticated user could query presence information via /sapi/presence/wac-user (SEC-61)
Log message returned in response to endpoints credentials and domains (SEC-68)
Potential denial of service on /sapi/sessions requests that results in “504 Gateway time-out” after around three minutes (SEC-62)
Information leakage in /sapi/filesharing endpoint (SEC-69)

Global improvements regarding the internal work of the system. The unified system based on a message-broker allows to add more services and remove them easily, giving more flexibility to the architecture. The main change comes from latency optimization, based on a ws-proxy that allows a unique system connection with better and improved performance.

Auditing

Regarding monitoring software it was enhanced with log view and troubleshooting filters navigation. No more consoles to extract logs. Just use the logs, cross metrical performance KPIs data with direct container logs and get your info easy and direct.

Conferences

Attended transfer (available only in the Javascript SDK in this version).

Deployment

TLS 1.3 support is included. Your apps are now more secure, more efficient, more reliable.
NGINX was selected as ingress-controlled for the cluster, so some enhances here from the original Traefik media
SIP early media support and more options regarding the codec selection and media bandwidth allocation for calls. Also were applied some audio improvements to reduce audio-noise on calls.

Meetings

Meetings now include more options to add flexibility to the meeting invites. REST API was improved to support more use cases

Messaging

The main change here is the storage of chat conversations. Enhanced reliability, performance, flexibility to store on the backend architecture.

Notifications

Improved and resolved multiple issues with chat notifications.

Users

Ability to reach SIP endpoints for anonymous users.

A list of other minor features follows:

Add error logs in QSS when “resolvePush” is set to true and it is not possible to reach Push service in sippo-server
CDR (call detail record) display and download in Sippo manager
Integrate services logs viewer in Sippo manager
Generic filter in /conferences/ endpoint to retrieve list of conferences
Screen sharing support in the desktop application
Allow more than 9 video participants on a conference
Prevent certain types of files (JS, HTML and any potentially harmful type) from being transferred (filetransfer)
Avoid credentials being leaked by SAPI endpoints
CORS configuration mechanism
Backend server resource reach-ability service
Transition from Socket.io to plain Websocket
Apply traffic security and anti-DoS measures to k8s ingress (nginx)
Support to multiple audiomixers (high availability)
Include the busy tone when call is rejected
Background noise reduction techniques in SippoSDK-JS and webphone
Provide audio toggle for mobile applications
Ability to change the default bandwidth of the video flows
Early media support with sippoMS.sfu
Automatic SMS / email notification to users when creating a meeting
Improve mail templates for more customization on body and headers
Chat / call / SIP agent assigner (SDK, REST endpoint)
Migrate XMPP storage to SQL based system
Ability to enable/disable “conference chats” in Application Server
Group chat push notifications -
Restrict registration to a single endpoint
Add REFER support on the SIP integration
SIP/WebRTC: On hold music for held participants
Add SIP header manipulation for AudioMixers

v4.0 

v4.0.0 

The list below shows the overview of the main features added since the previous version at each category. A detailed list is provided in the next subchapter.

Backend

New features

Global

The internal architecture has been separated into Sippo AS and Sippo MS. Besides that, new features have been implemented as a number of microservices -interconnected by a high performance message broker- to improve resilience and scalability.
On the client side, two new mobile SDKS have been added for iOS and Android operating systems.

Auditing

Sippo manager has been released to provide better logging and monitoring capabilities. Logs can also now be sent to an external ElasticSearch server for analytics and troubleshooting.

Authentication

Added delegated authentication against Microsoft ADFS servers and upgraded Google oAuth to work with newer Google versions

Conferences

Added a number of PBX-like features such as ringing groups, attended transfer, unattended transfer, onHold, etc… That means that Sippo wac can provide signalling capabilities on its own, without requiring a third-party PBX o SIP backend.
A new service named “conferencelog” allows also to retrieve the conferences where a user has participated, including those where multiple participants are joining and leaving during the conference and also including low-level information on invited participants, rejected and accepted invites, transferred users, etc..
Integration with external SIP backend has been also improved with a “SIP parallel leg” approach. That means that service providers can easily add collaboration to exiting voice-only networks.
Room management is more powerful in this version, as it’s possible to mix and match PSTN users, Sippo users and guest users in the same room. We’ve also changed the associated logic so room ownership is now handled in a more efficient way.

Contacts

Phonebook service has been added to better handle shared contacts and group contacts. In addition to personal contacts and domain contacts, administrators can now define a set of contacts that are assigned to specific users or groups. Users can also manage their own private phonebooks in addition to the ones created by the administrator. Improved mobile and directory synchronization of contacts is also included in this version.

Deployment

Deployment over Docker infrastructure is now fully supported and it’s the recommended deployment choice for trials and PoCs. Automation has been done with Ansible scripts that don’t require any manual installation. On the other hand, deployment over Kubernetes infrastructure is now the default choice for production environments. Deployments over public cloud are now also supported in Amazon AWS and Microsoft Azure.
On the testing side, a number of load testing scripts and functionality testing scripts are available using third-party QA tools, in order to test the deployment before production.

Media

Sippo MS has been included into the architecture so a third-party WebRTC media server is now an optional choice. This media server can handle H264, VP8 codecs and is also able to interact with traditional voice networks using G711 codecs.
This version also enables screen sharing from Chrome and Firefox without requiring a plugin (desktop only).

Meetings

Meetings have been refactored to make them more flexible and manageable, so that they can have a DDI assigned to access the meeting from PSTN or PBX (dial-in).

Messaging

This version incorporates a completely redesigned messaging service, that allows to have permanent chat between users, personal chat rooms, predefined chat rooms and other improvements. It also adds new user capabilities so administrators can allow or disallow messaging functions to users and user groups. That means for example that some user can have chat functions or are able to create groups, while others cannot do that.

Notifications

Mobile notification have been improved both on iOS Callkit and Android Callservice, with deeper integration with the existing javascript SDK and the new native SDKs. One to one Incoming chat messages are also notified with a push message.

Recording

This version allows to configure codec specifications for stored recorded file. In addition, new integration options with storage services allows to actively notify about a file ready to be stored (or share with participants).

Users

Users can now be classified into groups (usergroups). That allows new use case such as to define ringing groups to call all participants of a predefined group, and also to have predefined phonebooks.

Find below a complete list of new features included in this release:

Connector to AD/LDAP for oAuth authentication
Ability to delegate authentication with Google oAuth
Ability to delegate authentication with MS ADFS
Domains can have default contacts that are searchable to every domain user
Added abstraction layer to support different database schemas
Ability to distribute Sippo AS and MS microservices into several hosts
Ability to customize recording video container
Recording support for h264 and vp8
Added “SIP parallel leg” functionality to interop with SIP networks
Sippo manager: user management (create, edit, update, delete)
Sippo manager: dashboard with business KPI and system status graphics
Send audio and video clips
Ability to send DTMFs on the SIP channel on conferences (RFC2833 and RFC4733)
Added “Agent assigner” service to interact with external services in contact-center scenarios.
Toggle camera support for SippoSDK-JS and SippoSDK-iOS
Ephemeral chat group for anonymous rooms
Support for getNativeDisplayMedia: Firefox, Chrome
Recording support for H264 and VP8
REST conference status exposition
Support to transfer of PSTN calls to other Sippo users or PSTN
Improved security login mechanism
Improved signalling headers to identify “to” field in parallel-SIP environments
oAuth2 tokens can have now a expiration time and argument name
Support to remote logging into an Elastic Search instance
User alias enhances: editable by waccli and allow dots in users’ aliases regular expression

REST API

This version of the REST API has a number of new methods in order to allow external systems to interact with the new backend functionalites available in this realease, specially around conference management, user management and phonebook management.