v9 Changelog

Important Note: If you are still using legacy V1 and V2 volume formats, it will be necessary to switch to V3 volume format since V1 and V2 volume formats are now marked as read-only. To switch the volume format, go to Configuration→General→Archive, select volume format to V3. Save. Visit Configuration→Volumes, create a new volume and close the existing Active one.

 

Upgrade Troubleshooting: If the server refuses to start or archive after upgrading, follow these upgrade troubleshooting steps.
 
IMPORTANT! If upgrading from v8/v7 to v9 and HTTP/S is configured for web console security, you will need to adjust your Tomcat settings as described in these upgrade troubleshooting steps. The reason being, MailArchiva V9 now embeds Tomcat 10 and its TLS connection configuration in server.xml has changed.

 

9.0.80 (8 Dec 2025)

 

[AR-3167] - add support for X-MS-Exchange-Organization-BCC
[AR-3174] - PST doesn't import directly from zip

 

9.0.79 (28 Nov 2025)

[AR-3159] - zip PDF and PST large file export to speed up download
 

9.0.78 (30 Oct 2025)

 

[AR-3146] - Thread exhaustion due to blocking on blob insertion
[AR-3147] - Fix index and display of single part messages

 

9.0.77 (23 Oct 2025)

 

[AR-3144] - java.io.BufferedReader shows up in the subject line.

 

9.0.75 (21 Oct 2025)


[AR-3140] - multitenant: fix missing cleanup of processed queue blobs

 

9.0.73 (15 Oct 2025)

 

[AR-3128] - Better handling of Google Workspace rate limiting (revised)

 

9.0.72 (10 Oct 2025)

 

[AR-3124] - Wrong part is rendered in message view (reworked)
[AR-3125] - Render inline images with Content-Type of application/octet-stream  (reworked)

 

9.0.71 (4 Oct 2025)

 

[AR-3129] - Unable to write large blobs to Backblaze B2 due to FileAlreadyExistsException status (904)
[AR-3126] - security enhancement: OWASP santization of message view

 

9.0.70 (3 Oct 2025)
 

[AR-3119] - ejected volume when mounted stays ejected
[AR-3124] - Wrong part is rendered in message view
[AR-3125] - Render inline images with Content-Type of application/octet-stream
[AR-3126] - security enhancement: OWASP santization of message view
[AR-3127] - Remove orphaned blobs from central queue 
[AR-3116] - Additional Google rate limiting fixes
[AR-3122] - Timeout parsing of large and complex attachments

 

9.0.69 (29 Sep 2025)

 

[AR-3116] - Google get users Code:429 "Too Many Requests "
[AR-3118] - java.lang.NoSuchMethodError: 'void kotlin.io.path.PathsKt.deleteRecursively

 

9.0.68 (18 Sep 2025)

 

[AR-3111] - hang on PDF export due to Aspose parsing issue. Upgrade Aspose 25.4
[AR-3112] - Harden AWS S3 region and endpoint resolution logic

 

9.0.65 (14 Jul 2025)

 

[AR-2814] - Archive rule not applied as expected

 

9.0.64 (4 Jul 2025)

 

[AR-3099] license threshold adjustment

 

9.0.62 (16 Jun 2025)

 

[AR-3097] unbounded recursion on malformed MIME structure occurs during attachment size count 

 

9.0.61 (16 Jun 2025)

 

[AR-1618] - unbounded recursion on malformed MIME structure causes file handle exhaustion
[AR-3096] - Indexing may throw MalformedInputException due to use of InputStreamReader with default charset

 

9.0.54 (5 Jun 2025)

 

[AR-3089]  Fix indexing issue where the index grows in size uncontrollably

 

9.0.53 (4 Jun 2025)

 

[AR-3094]   blank screen on export 

 

9.0.51 (30 May 2025)

 

[AR-1618] - resolve .office file & file handle leaks

[AR-1618] - receive queue is not restoring all queued items from restore folders
[AR-3093] - Index startup fixes

 

9.0.50  (16 May 2025)

 

[AR-3090] - minimize index commits

 

9.0.48 (2 May 2025)

 

[AR-3089] - Fix indexing issue where the index grows in size uncontrollably

 

9.0.47 (1 May 2025)

 

[AR-3083] - exchange journal report duplicate cc when bcc exist
[AR-3084] - failed to generate server requests
[AR-3085] - not all attachments are listed on blob view
[AR-3086] - FieldValueUtils parse could skip some addresses
[AR-3088] - Upgrade tomcat: Apache Tomcat is prone to a remote code execution (RCE) vulnerability

 

9.0.46 (11 Mar 2025)

 

[AR-3081] - fix license ldap query {earlier fix didn't work, really fixed now!)

 

9.0.45 (8 Mar 2025)

 

[AR-3082] - schedule index merges for size reduction

 

9.0.44 (25 Feb 2025)

 

[AR-3081] - fix license ldap query

 

9.0.43 (18 Feb 2025)

 

[AR-3077] - export single file cause UI blankpage with issue
[AR-3078] - tika 3.1 upgrade

 

9.0.41 (28 Jan 2025)

 

[AR-3076] - mailarchiva.service should use /bin/bash not /bin/sh

 

9.0.39 (17 Jan 2025)

 

[AR-3074] - add subject alternate name (SAN) in certificate request generation

 

9.0.38 (10 Jan 2025)

 

[AR-3073] - bulk export from V2 volume (null pointer): Cannot invoke com.stimulus.archiva.og.a(String)

 

9.0.37 (9 Jan 2025)

 

[AR-3071] - unable to generate certificate due to bouncycastle library conflict
[AR-3072] - office 365 connection certificate generate (manifest removed)

 

9.0.34 (7 Nov 2024)

 

[AR-3066] - multitenant: login to central: Problems calling function [fn:length] (intermittant)
[AR-3067] - multitenant: insufficient permissions on session redirect

 

9.0.32 (22 Oct 2024)

 

[AR-3062] - export fails if analytics report enabled
[AR-3063] - AD license count query should include remote mailboxes
 

9.0.30 (10 Oct 2024)

 

[AR-3060] - certificate import: chain verification fails with varying order of DN components

 

9.0.28 (3 Sept 2024)

 

[AR-3055] - remove Microsoft Graph superfluous error log entries in Tomcat logs
[AR-3057] - failed set time via drop down search wizard, always resets to 01.00 as time
[AR-3058] - failed to index body text (rarely)

 

9.0.26 (15 July 2024)

 

[AR-3056] - add subject alt name to cert generation

 

9.0.25 (26 June 2024)

 

[AR-3052] - export search results to HTML: zip END header not found
[AR-3054] - PDF export sort order incorrect
[AR-3050] - logback.xml: <level> element is deprecated

[AR-3051] - search interface may break when the wrong datatables settings are loaded

 

9.0.24 (28 May 2024)

 

[AR-3049] - failed load users.conf of version < 9

 

9.0.23 (8 May 2024)

 

[AR-3048] anti clickjacking and HTTP strict transport security headers

 

9.0.22 (6 May 2024)

 

[AR-3047] - failed to execute method. Cause: Evicting queue null

 

9.0.21 (2 May 2024)


[AR-3046] - new volume format switching back to V3

 

9.0.20 (24 April 2024)

 

[AR-3041] - retention rule and logs: setting keep days to non-numeric character sets field value to zero
[AR-3044] - failure to parse dtSettings: Unexpected token LEFT BRACE({
[AR-3045] - basic authentication users go missing in rare circumstances
[AR-3042] - validate custom retention rule filter query on save
[AR-3043] - failed to execute method in searchform.do

 

9.0.18 (19 April 2024)

 

[AR-3038] - custom retention rule on archive date lowers the case of TO operator
[AR-3039] - refactor autosearch service with test coverage
[AR-3040] - some attachments can't be downloaded

 

9.0.17 (26 March 2024)

 

[AR-3037] - PST export: ArrayIndexOutOfBoundsException: arraycopy: last destination index

 

9.0.15 (19 March 2024)

 

[AR-3012] - EwsXmlReader cannot access class com.sun.org.apache.xerces.internal.impl.XMLErrorReporter 


9.0.14 (15 March 2024)

 

[AR-3031] - JMX provides applications queue information
[AR-3035] - Add REST API function to delete multiple blobs

 

9.0.13 (13 March 2024)

 

[AR-3030] - smtp send: sometimes retry on 5xx return code
[AR-3033] - clarify invalid license notifications
[AR-3034] - out-of-memory processing word doc

 

9.0.12 (5 March 2024)

 

[AR-3025] - export: The request object has been recycled and is no longer associated with this facade
[AR-3026] - add domain verification failed notification
[AR-3027] - shows cursor pointer on hover audit clickable entries
[AR-3028] - failed view blobs from audit log
[AR-3029] - SAML authentication broken due to token length constraints

 

9.0.11 (4 March 2024)
 
[AR-3022] - audit: only show changed configuration changes
[AR-3023] - audit: proper CSV formatting
[AR-3024] - audit: log on access change for basic auth
 
9.0.10 (27 Feb 2024)
 

[AR-3020] - create new volume NPE
[AR-3021] - cant view emails in V1 volumes

 

9.0.9 (21 Feb 2024)
 

[AR-3016] - body tip proper view
[AR-3017] - possible mount second ACTIVE volume
[AR-2594] - can't download log files
[AR-3015] - failed parse plain/text body
[AR-3018] - initial date range: before date shouldn't be set
[AR-3019] - PST import: database instance is not set in the current thread

 
9.0.8 (16 Feb 2024)
 
[AR-3014] Graph database thread pool starvation
 
9.07 (15 Feb 2024)
 
[AR-3007] - NoSuchFileException o365_cache
[AR-3008] - GraphNotificationProcessor noisy startup logging
[AR-3009] - multitenant: central restore queue Application.x()" is null
[AR-3010] - error indexing eml files within zip files
[AR-3011] - null ptr on IndexIndex.getDocCount()
 
9.0.6 (14 Feb 2024)
 
[AR-2998] - fix XSS vulnerability
[AR-3002] - can't login to central due to processes issue
[AR-3004] - process restored queue blobs skip route
[AR-3005] - cannot see emails pertaining to all configured domains in basic authentication
[AR-3006] - notify no volumes available event
 
9.0.5 (9 Feb 2023)
 
[AR-3003] ODatabaseRecordThreadLocal.instance().set(db);
 
9.0.4 (7 Feb 2023)
 
[AR-2999] resynchronize o365 folder structures
[AR-3000] load bootstrap.conf from programdata->application data dir (backward compat)
 
9.0.3 (30 Jan 2023)
 
Features

[AR-2877] - migrate from Java 8 to Java 21 (significant performance gain)
[AR-2971] - upgrade to Tomcat 10 (Jakarta)
[AR-2961] - REST API: Switch to OpenAPI 3.0 swagger definitions
[AR-2964] - Windows installer issues & improvements
[AR-2915] - Exchange shared mailboxes
[AR-2976] - switch milter to use Night Code jmilter
 
Issues
 
[AR-2953] - store blob missing from REST API
[AR-2996] - Jespa license reports as invalid (replaced!)
[AR-2902] - Druid database consumes too much disk space
[AR-2942] - user menu rendered mangled on some chrome installs
[AR-2951] - BaseExportFile.createExportFile should return created file not path
[AR-2952] - MailarchivaPrincipal use Raw types
[AR-2955] - export from UI doesn't work
[AR-2957] - cannot view O365 imported message
[AR-2960] - MBox import: ArrayIndexOutOfBoundsException: Index 100000 out of bounds for length 100000
[AR-2962] - fail to renew Let's Encrypt certificate: Could not initialize class org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder
[AR-2963] - search again after close view message tab
[AR-2973] - exchange sync: IllegalStateException: headers too large
[AR-2975] - press delete on task doesn't remove the process from the menu
[AR-2979] - can't view some messages on GUI
[AR-2980] - message view slow loading
[AR-2981] - failed to get data in GraphNotificationProcessor
 
Sub-Tasks
 
[AR-2878] - druid upgrade to work with java9 and above
[AR-2949] - hibernate update
[AR-2954] - check if the auto update version is backward compatible with the current one
[AR-2958] - remove IMail server authentication
[AR-2959] - deprecate v0, v1, v2 formats
[AR-2965] - install in C:Program Files not C:Program Files (x96)
[AR-2966] - update procrun utilities for Java 21 & Tomcat 10 support
[AR-2968] - add specified service logon account
[AR-2969] - shutdown server on upgrade
[AR-2970] - service applet to load on start 
 
 
v8 Changelog....

v10 Changelog

 

Authentication change: MailArchiva V10 introduces a new authentication system based on the pac4j security framework. Some configuration changes are required; please refer to the upgrade notes for details.

 

10.0.0 (4 Sept 2025)

 

[AR-2974] Authentication overhaul — replaced the entire authentication system with Pac4j security framework for standardized, modern, and extensible security handling.

 

Core Changes

Fixes and Adjustments Post-Migration

Create your own Knowledge Base