diff --git a/Deployment/DOD/azuredeploy.json b/Deployment/DOD/azuredeploy.json index a1557dc08..91a2ebe20 100644 --- a/Deployment/DOD/azuredeploy.json +++ b/Deployment/DOD/azuredeploy.json @@ -1385,32 +1385,6 @@ }, "enabledState": "Enabled" } - }, - { - "name": "routingRule2", - "properties": { - "frontendEndpoints": [ - { - "id": "[concat(resourceId('Microsoft.Network/frontdoors', variables('frontDoorName')), concat('/frontendEndpoints/', variables('frontDoorName'), '-azurefd-us'))]" - } - ], - "acceptedProtocols": [ - "Https" - ], - "patternsToMatch": [ - "/api/*" - ], - "routeConfiguration": { - "@odata.type": "#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration", - "customFragment": null, - "customHost": "[variables('botAppDomain')]", - "customPath": "", - "redirectProtocol": "HttpsOnly", - "customQueryString": null, - "redirectType": "PermanentRedirect" - }, - "enabledState": "Enabled" - } } ], "backendPoolsSettings": { diff --git a/Deployment/GCCH/azuredeploy.json b/Deployment/GCCH/azuredeploy.json index 6f16c14d1..73993537b 100644 --- a/Deployment/GCCH/azuredeploy.json +++ b/Deployment/GCCH/azuredeploy.json @@ -1385,32 +1385,6 @@ }, "enabledState": "Enabled" } - }, - { - "name": "routingRule2", - "properties": { - "frontendEndpoints": [ - { - "id": "[concat(resourceId('Microsoft.Network/frontdoors', variables('frontDoorName')), concat('/frontendEndpoints/', variables('frontDoorName'), '-azurefd-us'))]" - } - ], - "acceptedProtocols": [ - "Https" - ], - "patternsToMatch": [ - "/api/*" - ], - "routeConfiguration": { - "@odata.type": "#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration", - "customFragment": null, - "customHost": "[variables('botAppDomain')]", - "customPath": "", - "redirectProtocol": "HttpsOnly", - "customQueryString": null, - "redirectType": "PermanentRedirect" - }, - "enabledState": "Enabled" - } } ], "backendPoolsSettings": { diff --git a/Deployment/azuredeploy.json b/Deployment/azuredeploy.json index 072b5347f..78084887d 100644 --- a/Deployment/azuredeploy.json +++ b/Deployment/azuredeploy.json @@ -1321,32 +1321,6 @@ }, "enabledState": "Enabled" } - }, - { - "name": "routingRule2", - "properties": { - "frontendEndpoints": [ - { - "id": "[resourceId('Microsoft.Network/frontDoors/frontendEndpoints', variables('frontDoorName'), 'frontendEndpoint1')]" - } - ], - "acceptedProtocols": [ - "Https" - ], - "patternsToMatch": [ - "/api/*" - ], - "routeConfiguration": { - "@odata.type": "#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration", - "customFragment": null, - "customHost": "[variables('botAppDomain')]", - "customPath": "", - "redirectProtocol": "HttpsOnly", - "customQueryString": null, - "redirectType": "PermanentRedirect" - }, - "enabledState": "Enabled" - } } ], "enabledState": "Enabled", diff --git a/Deployment/azuredeploywithcert.json b/Deployment/azuredeploywithcert.json index 1ac5f9222..fbb6c5e75 100644 --- a/Deployment/azuredeploywithcert.json +++ b/Deployment/azuredeploywithcert.json @@ -1282,32 +1282,6 @@ }, "enabledState": "Enabled" } - }, - { - "name": "routingRule2", - "properties": { - "frontendEndpoints": [ - { - "id": "[resourceId('Microsoft.Network/frontDoors/frontendEndpoints', variables('frontDoorName'), 'frontendEndpoint1')]" - } - ], - "acceptedProtocols": [ - "Https" - ], - "patternsToMatch": [ - "/api/*" - ], - "routeConfiguration": { - "@odata.type": "#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration", - "customFragment": null, - "customHost": "[variables('botAppDomain')]", - "customPath": "", - "redirectProtocol": "HttpsOnly", - "customQueryString": null, - "redirectType": "PermanentRedirect" - }, - "enabledState": "Enabled" - } } ], "enabledState": "Enabled", diff --git a/Manifest/manifest_authors.json b/Manifest/manifest_authors.json index 49bde92a4..878fd4508 100644 --- a/Manifest/manifest_authors.json +++ b/Manifest/manifest_authors.json @@ -1,7 +1,7 @@ { "$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.5/MicrosoftTeams.schema.json", "manifestVersion": "1.5", - "version": "5.5.1", + "version": "5.5.2", "id": "1c07cd26-a088-4db8-8928-ace382fa219f", "packageName": "com.microsoft.teams.companycommunicator.authors", "developer": { diff --git a/Manifest/manifest_users.json b/Manifest/manifest_users.json index 212b19509..4bc99a745 100644 --- a/Manifest/manifest_users.json +++ b/Manifest/manifest_users.json @@ -1,7 +1,7 @@ { "$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.5/MicrosoftTeams.schema.json", "manifestVersion": "1.5", - "version": "5.5.1", + "version": "5.5.2", "id": "148a66bb-e83d-425a-927d-09f4299a9274", "packageName": "com.microsoft.teams.companycommunicator", "developer": { diff --git a/Source/CompanyCommunicator.Common/Microsoft.Teams.Apps.CompanyCommunicator.Common.csproj b/Source/CompanyCommunicator.Common/Microsoft.Teams.Apps.CompanyCommunicator.Common.csproj index b545daf5a..3cb11c909 100644 --- a/Source/CompanyCommunicator.Common/Microsoft.Teams.Apps.CompanyCommunicator.Common.csproj +++ b/Source/CompanyCommunicator.Common/Microsoft.Teams.Apps.CompanyCommunicator.Common.csproj @@ -16,19 +16,18 @@ - - - - + + + + - - + - + diff --git a/Source/CompanyCommunicator.Data.Func/Microsoft.Teams.Apps.CompanyCommunicator.Data.Func.csproj b/Source/CompanyCommunicator.Data.Func/Microsoft.Teams.Apps.CompanyCommunicator.Data.Func.csproj index 02b58450d..2c6f62d5f 100644 --- a/Source/CompanyCommunicator.Data.Func/Microsoft.Teams.Apps.CompanyCommunicator.Data.Func.csproj +++ b/Source/CompanyCommunicator.Data.Func/Microsoft.Teams.Apps.CompanyCommunicator.Data.Func.csproj @@ -13,8 +13,8 @@ - - + + diff --git a/Source/CompanyCommunicator.Prep.Func/Microsoft.Teams.Apps.CompanyCommunicator.Prep.Func.csproj b/Source/CompanyCommunicator.Prep.Func/Microsoft.Teams.Apps.CompanyCommunicator.Prep.Func.csproj index 83626da66..e77b6e0f4 100644 --- a/Source/CompanyCommunicator.Prep.Func/Microsoft.Teams.Apps.CompanyCommunicator.Prep.Func.csproj +++ b/Source/CompanyCommunicator.Prep.Func/Microsoft.Teams.Apps.CompanyCommunicator.Prep.Func.csproj @@ -17,11 +17,11 @@ - - + + - + diff --git a/Source/CompanyCommunicator.Send.Func/Microsoft.Teams.Apps.CompanyCommunicator.Send.Func.csproj b/Source/CompanyCommunicator.Send.Func/Microsoft.Teams.Apps.CompanyCommunicator.Send.Func.csproj index 01e7e0a00..5b9ee5540 100644 --- a/Source/CompanyCommunicator.Send.Func/Microsoft.Teams.Apps.CompanyCommunicator.Send.Func.csproj +++ b/Source/CompanyCommunicator.Send.Func/Microsoft.Teams.Apps.CompanyCommunicator.Send.Func.csproj @@ -12,9 +12,9 @@ - + - + diff --git a/Source/CompanyCommunicator/ClientApp/package.json b/Source/CompanyCommunicator/ClientApp/package.json index 2454153c6..73b0735fd 100644 --- a/Source/CompanyCommunicator/ClientApp/package.json +++ b/Source/CompanyCommunicator/ClientApp/package.json @@ -1,6 +1,6 @@ { "name": "company-communicator", - "version": "5.5.1", + "version": "5.5.2", "private": true, "dependencies": { "@fluentui/react": "^8.110.3", @@ -53,6 +53,9 @@ "last 1 safari version" ] }, + "overrides": { + "@babel/traverse": "7.23.9" + }, "devDependencies": { "@fortawesome/fontawesome-free": "^6.4.0", "@types/color-hash": "^1.0.2", diff --git a/Source/CompanyCommunicator/Microsoft.Teams.Apps.CompanyCommunicator.csproj b/Source/CompanyCommunicator/Microsoft.Teams.Apps.CompanyCommunicator.csproj index a4730ab36..02c3f82c6 100644 --- a/Source/CompanyCommunicator/Microsoft.Teams.Apps.CompanyCommunicator.csproj +++ b/Source/CompanyCommunicator/Microsoft.Teams.Apps.CompanyCommunicator.csproj @@ -10,19 +10,19 @@ - + - - + + - - + + - + diff --git a/Wiki/Authorization-issue-fix.md b/Wiki/Authorization-issue-fix.md new file mode 100644 index 000000000..b103e25a8 --- /dev/null +++ b/Wiki/Authorization-issue-fix.md @@ -0,0 +1,20 @@ +## Improved security for Company Communicator app template authoring experience + +A recent security change in the Microsoft Teams client may cause an error to appear in the Company Communicator app template authoring experience in the Microsoft Teams. The users in your organization might see an error while accessing the message authoring experience in the Company Communicator app in Teams, with the error message **“Sorry, an error occurred while trying to access the service”**. Users will observe this issue on the Classic Teams web client, and also on the new Teams desktop and web clients. This can be observed in various environments like Commercial, GCC, GCC-High, and DoD and the below fix will be applicable to all the environments respectively. + +The issue can be addressed with a configuration change. The following steps will guide you through the process of updating the configuration to address it and ensure that the Company Communicator app template authoring experience is secure - + + +- Open the Azure portal, locate and select Company Communicator app Resource group by using the search bar, or navigate to Resource groups from the Azure portal menu. +- Select the Azure Front Door resource from the list of resources in the Company Communicator app Resource group. +- Under Settings section in the left-hand side menu, locate the Front Door designer. +![Front Door Designer View](images/frontdoor_designer.png) + +- Select **"routingRule2"** that was created during the Company Communicator app deployment. +- Update the status of the routing rule to **Disabled** and click on **Update**. +![Disable Routing Rule 2 View](images/disable_routing_rule.png) + +- Click on **Save** to save the changes. +- Browse to the App Service resource under the CC resource group and restart the app service. +- Users may also need to clear the cache on the Teams desktop client ([Classic Teams or new Teams](https://learn.microsoft.com/en-us/microsoftteams/troubleshoot/teams-administration/clear-teams-cache)). + diff --git a/Wiki/Release-notes.md b/Wiki/Release-notes.md index 721a5d43d..a75dcb4be 100644 --- a/Wiki/Release-notes.md +++ b/Wiki/Release-notes.md @@ -6,6 +6,7 @@ Cumulative improvements in Company Communicator App. |Version |Release Date | |---|---| +| 5.5.2 | Apr 1, 2024 | 5.5.1 | Feb 22, 2024 | 5.5 | Sep 20, 2023 | 5.4.1 | June 14, 2023 @@ -28,6 +29,11 @@ Cumulative improvements in Company Communicator App. | 1.0 | Dec 20, 2019 ### Company Communicator feature release notes +#### 5.5.2 (April 1, 2024) +##### Changes introduced +- Updated libraries to address critical and high security alerts. +- Permanent fix for the authorization issue in the CC author app. + #### 5.5.1 (February 22, 2024) ##### Changes introduced - Migration of classic Application Insights to workspace-based Application Insights. diff --git a/Wiki/Support-policy.md b/Wiki/Support-policy.md index 2d615db85..c7af0f176 100644 --- a/Wiki/Support-policy.md +++ b/Wiki/Support-policy.md @@ -27,5 +27,6 @@ For assistance or inquiries, you can reach out to our support team by opening a If you are using modified versions of Company Communicator, you may need to adjust your code base to stay current with the latest updates from the official repo. Here are the principal areas that have been impacted by the recent updates: -- **Authorization problem:** Version 5.5 has been launched by the official repo to address the authorization issue that happened when the redirect removed the Authorization header. This version offers a temporary solution. We are currently developing a permanent fix for this issue, which might involve some changes in Azure front door routing rules. Please be aware that a permanent fix for this will be posted on GitHub in the next few weeks. +- **Authorization problem:** Version 5.5 has been launched by the official repo to address the authorization issue that happened when the redirect removed the Authorization header. This version offers a temporary solution. +We have released a permanent fix to the authorization issue in v5.5.2 which involves change in Azure front door routing rules. Please find the below link for detailed steps to mitigate the authorization issue: [Authorization issue mitigation steps](https://github.com/OfficeDev/microsoft-teams-apps-company-communicator/wiki/Authorization-issue-fix). - **Application Insights migration:** The official repo has moved to workspace-based Application Insights, as the classic Application Insights in Azure Monitor will be retired on 29 February 2024. This version creates a new Log Analytics workspace as part of version 5.5.1. For details, please refer to the [We’re retiring Classic Application Insights on 29 February 2024](https://azure.microsoft.com/en-us/updates/we-re-retiring-classic-application-insights-on-29-february-2024/). \ No newline at end of file diff --git a/Wiki/images/disable_routing_rule.png b/Wiki/images/disable_routing_rule.png new file mode 100644 index 000000000..7a8aa9d46 Binary files /dev/null and b/Wiki/images/disable_routing_rule.png differ diff --git a/Wiki/images/frontdoor_designer.png b/Wiki/images/frontdoor_designer.png new file mode 100644 index 000000000..d5156bc48 Binary files /dev/null and b/Wiki/images/frontdoor_designer.png differ