What's New?
"What's New?" is a new blog series covering recent changes to Comet in more detail. This article covers the latest changes in Comet Voyager over April 2022.
Important security fix with the Tenants feature
In early April, we became aware of a security issue affecting the Tenant feature in the Self-Hosted Comet Server version 22.3.1, 22.2.0 and all earlier versions. A certain API could allow administrators in one Tenant to see user profile details belonging to user accounts from another Tenant.
We discovered this issue internally, and there is no evidence to suggest that any misuse has taken place. All partners known to be using this feature have been notified directly.
Comet 22.3.2 and Comet 22.2.1 were released on April 6, 2022 to fix this issue. We recommend upgrading at your earliest opportunity.
Direct codesigning for macOS
Comet Server allows you to customize the branding for the client software, including changing the branding, logos, text, EULA, and icon for both the installer and the application itself.
When you download Comet Backup from your Comet Server web interface, Comet Server generates a custom installer on-demand. This custom installer contains all your branding as well as the built-in URL for your Comet Server, so no extra configuration is needed by the end-user.
However, newly generated installers are not immediately trusted by operating system security measures such as SmartScreen on Windows or Gatekeeper on macOS. Windows users are likely to be familiar with the blue SmartScreen dialog and practised in clicking the "Run anyway" button, but for macOS users, you may be surprised to learn that there is no such "Run anyway" button:
It's possible to bypass the dialog by right-clicking the *.pkg installer and choosing 'Open'. Then the dialog will include a 'Run anyway' button. However, this is a major user experience roadblock for macOS clients.
A better way to solve this solution is to codesign the installer. You can configure this on both Windows and Linux from inside your Comet Server, in the settings page, on the "Client branding" tab, using the "Codesigning" button at the bottom. For Windows, it's as simple as purchasing a certificate from one of our recommended vendors and uploading it to the "Authenticode" tab.
For macOS, the process was much more complicated. The tools used to perform macOS codesigning could only run on a real Mac machine. Comet Server required you to purchase a certificate from Apple, but in addition – to also to buy a Mac (or rent a cloud Mac), configure it for SSH, and set up some very careful permissions in order to allow Comet Server to remotely SSH into it to sign the installer *.pkg file. This was difficult for our partners (and difficult for our support team!).
Thanks to recent developments, we are pleased to announce that a Mac is no longer required for this process. You can simply purchase the certificate and upload it to this screen; Comet Server will handle all the necessary signing steps internally. We have further details on how to purchase an Apple certificate and register an App Store Connect ID in our full documentation.
This is a significant simplification of how Comet (and other software vendors) will be able to deploy macOS software going forward.
New Getting Started guide
When using a Comet Server for the first time – or giving access to a reseller Tenant for the first time – Comet Server used to show a small text box with instructions on how to download the Comet Backup client app and run your first backup job. To help streamline this process, we've expanded this first-use guide into a larger sidebar that walks you through each step individually:
This guide appears the first time an admin logs into a new server and can be dismissed at any time. It walks you through all the first steps of running a Comet Server, including configuring storage settings, adding a first user account, downloading and installing the Comet Backup desktop client, ensuring the user account has registered a device and a Protected Item, and running a backup job.
The progress through these steps is refreshed automatically using a live connection to the Comet Server.
If you're an established Comet Server administrator, you won't see any changes in this area, but if you onboard new reseller Tenants or if you create a new Comet Server then we hope it helps you walk through the process a little more smoothly.
Coming soon: New Quarterly release
Once every quarter, we roll up all our Voyager development into a new long-term support release. The current quarterly release series, 22.2 "Elara" was planned for release in late February, and received one dedicated point release to fix issues over its lifetime. We are now closely approaching the end of its patch support period. You should expect to hear from us very soon about what's coming up next!
After each quarterly release gets superseded by another, the old quarterly release will receive ticket and critical support only, with most issues resolved by encouraging users to move to the current series.