Monthly Release Notes - October 2021

Jump to:

Automate Beyond Security Boldon James Bytware CCSS
Clearswift Cobalt Strike Core Security Digital Guardian
Document Management (RJS) FileCatalyst Globalscape GoAnywhere  
Halycon IBM Partnership Insite InterMapper
JAMS Powertech Robot Safestone
Sequel Showcase Skybot Tango/04
TeamQuest Titus      

 

Beyond Security

beSECURE

Version 21.102

October 2, 2021

Enhancements

  • Added support for delay in the JavaScript Crawler.

  • Added transition API responses from XML to JSON wherever possible.

  • IS will now report back to the LSS when a scan has been disabled, improving un-syncing handling.

  • Added Scanner Name to the Web Scan column list.

Fixes

  • Fixed an issue where the beSECURE logo was malformed causing it to get blocked by some spam filters.

  • Improved 4ME integration.

  • beSecure now correctly detects notifies a user when a password has been changed.

  • Changed comparison to 'eq' when it is a string and to a '==' when it is an int to improve consistency in handling.

  • Fixed several SSO (SAML)-related issues.

  • Moved the WebScan DB connection code to its own function to prevent unneeded database connections.

  • Removed the Owner column from the tblNotification table to improve performance (always Null and incorrectly referenced as part of the KEY).

  • Disabled SMTP Authentication in the UI if no Username is provided.

  • Switched order of After/Before in UI Search to improve user experience.

  • Changed the Color of Pass (CIS report) to Green from Orange to prevent to improve user experience.

  • 'Please Wait' message now appears on tables being fetched, rather than no-matching-results message.

  • New Contact adding in New Account process has been restored (the option got lost during UI JavaScript migration).

  • Hide Host Information is now correctly stored in the Report Settings.

  • Fixed an issue where tags weren't populated in the Asset Report Generator due to a spelling mistake.

Version 21.103

October 3, 2021

Enhancements

  • Tickets Detailed now allows Assignee searching.

  • The Proxy setup value now shows an example to make it easier to configure.

  • The regular login and SAMLv2 (and other SSO) logins have been split to simplify which option to use.

  • CSV Filename (from Graph title) is now used when saving Graphs.

  • Added when tests were last updated to the reports XML .

  • Added the Hide Unschedule option on the Schedule option to improve the user interface.

  • Default Country now automatically selects the system value.

  • Added Test Inclusion to Mass Update of Scans (only had Test Exclusion).

Fixes

  • Fixed an issue with the Permissions Tab searching for values (existing vs new items).

  • Fixed an issue with the Audit table missing its pagination page due to merging of UI with the standard AJAX method.

  • Fixed an issue where the RecordState was used on the wrong table causing the AssignedItem to fail to ignore deleted entries.

  • Fixed an issue where the Create on the Fly contact was re-introduced (it was originally removed due to a coding bug).

  • Fixed an issue where Assets search was lacking Saved Search.

  • Fixed an issue where Reboot and Restart were sharing an Audit code causing user action monitoring confusion.

  • Fixed an issue where the graph binding box was not aligned.

  • Fixed an issue where users using XML preferences were causing an Internal Server Error.

Back to Top

 

Boldon James

Classifier API

Version 1.3.1

October 2021

Fixes

  • Fixed backwards compatibility issues (663894, 664116)

Back to Top

 

Document Management (RJS)

Webdocs Office Add-Ins

Version: 3.0.2

October 15, 20121

Enhancements

  • Added text based log file and control to view log file for customer support.

  • Added secure connection option to Webdocs connections.

  • Added result count to the search results panel.

  • Updated folder, document type, and route listings to load more efficiently and have less impact on Webdocs. Also added a refresh option allowing the user to update the lists if changes occur.

  • Added a loading indicator to the search function.

Fixes

  • Added specific exit point error messages to default error message that appears when a document has failed the check in process.

  • Added automatic login to Webdocs for all Webdocs actions.

  • Fixed issue with search panel where objects would sometimes overlap other objects.

  • Fixed issue where Title could not be populated automatically from Excel Workbook.

  • Autologin property fixed to allow user to disable it.

Back to Top

 

FileCatalyst

Version 3.8.4 - Build 48

October 22, 2021

Updates

  • All - Modernized look and feel.

  • Server - Usability enhancements to the Logs page in the HTML Admins.

  • Server - Performance improvements.

  • HotFolder,TransferAgent - Client applications no longer require license key to enable reporting.

Fixes

  • All - XML REST API calls return a 500 Internal Server Error.

  • All - Various usability improvements.

  • All - Multiple security fixes.

  • TransferAgent - About dialog not displaying information.

  • TransferAgent - Email Weblink page not loading.

  • TransferAgent - Install on Mac showing failure despite successful installation.

  • TransferAgent - TA Express page does not detect TA is running when running Localhost Fallback Proxy.

  • TransferAgent - Addressed issue where TransferAgent would not properly queue transfers.

  • Server - Upgrading S3 authentication method to enable compatibility with newer buckets.

  • Server - Connection limit email reporting incorrect value.

  • Server - Unable to Browse on an EFS.

  • Server - Fixed an issue where we were not writing bandwidth reports.

  • Server - License information not being displayed.

  • Server - Native HTTP Upload page not loading.

  • Server - Help button on Weblink page disappears on page refresh.

  • Server - File Ownership is not being applied with auto-zip.

  • Server - Corrected Server shutdown process.

  • HotFolder - HotFolder incorrectly identifying itself for licenses purposes, erroneously limiting functionality.

  • HotFolder - Serialization error when setting task to Always on.

  • HotFolder - Fixed an issue where we were failing to write transfers to logs on rescans.

  • Central - Search on filepath produces an SQL error.

Back to Top

GoAnywhere

Version 6.8.5

October 30, 2021

Enhancements

  • Enhanced agent connection log purging.

  • Enhanced the uninstaller to remove additional executable and temp files.

  • Enhanced the Import Project and Import Project ZIP commands to provide the ability to import into an Agent or AgentGroup.

  • Enhanced the indexes and queries used within Secure Forms to avoid deadlocking under heavy load.

  • Improved the performance of validating Agent user permissions.

  • Upgraded Apache Tomcat from version 9.0.41 to 9.0.52.

Fixes

  • Fixed an issue with the Write EDIFACT task where some composites were not saving mappings correctly, resulting in invalid errors or no data being written.

  • Fixed issue where the Copy task would fail if using flatten = false and certain network resources.

GoAnywhere Agents

Version 1.6.4

October 30, 2021

  • Fixed an issue where the Copy task would fail if using the flatten=false function with certain network resources.

Back to Top

 

Powertech

BoKS Control Center

Version: 8.1

October 4, 2021

New Features
  • Support is added for the new BoKS sudo, sudoedit and sudolist access methods.
  • A new object, sudoenvlist, can be specified for sudo Access Rules.
  • Added controls making it possible to activate or deactivate BoKS sudo protection for hosts, host pre-registrations and host pre-registration types.
Enhancements
  • Systemd is used for managing the BCC application where available. The systemctl command is used for starting and stopping the service. The /etc/init.d/bccps start script has been removed.
  • /home is now the default location for creating home directories when you create a host, host pre-registration or host pre-registration type, or when you import host definitions.
  • A new command named bccinfo has been added to collect useful troubleshooting information. See the documentation set for details.
  • Fixed an issue where some GUI operations (for example managing "User SSH Public Keys") did not work when running the server with Java 1.8.0 update 282 or later.
  • Support is added for TLS 1.3.

    • Default allowed TLS protocols are TLSv1.2 and TLSv1.3.

    Default allowed TLS cipher suites are TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (TLS 1.2) and TLS_AES_256_GCM_SHA384 (TLS 1.3).

  • A new section "User certificate mappings" is added to the User details page to map UUID and certificate hashes to users.
  • Added the ability to turn off autocomplete for the Host field in the password checkout interface using the bcc.properties variable PwmHostListingEnabled.
Fixes
  • The dependency in the BCC install program on /bin/ed, which is not supported in some newer OS versions, is removed.
  • Removed cache for downloadable resources (host and ca certificates) to provide enhanced security.
  • Added replacement of session ID every time a user logs in and deletion of old session IDs to provide enhanced security.
  • The default time zone set for the domain is now displayed in the Time zone field when you create a new host, and domain is selected for the setting.
  • Added response header "X-Content-Type-Options: nosniff" for enhanced security.
  • Ensured that a Strict-Transport-Security HTTP header is sent with each HTTPS response.
  • Updated the default session ID name to "id" to provide enhanced security.
  • Added enhanced protections to prevent the ability to download certificates from BCC without an active session.
  • "unsafe-inline" is removed from Content-Security-Policy headers in accordance with OWASP recommendations.
  • The "Import options" section when importing users is removed as the UID range for system users varies per OS. The "UID range" section can be used instead.
  • The section "Secondary unix groups" is renamed to "Unix groups".
  • The label for "Map home directories to host... at location" is changed to "Optionally create home directories on host... at location" to better reflect the functionality.

BoKS Manager

Version: 8.1

October 21, 2021

New Features
  • Added automatic renewal of node keys. For details of this feature please see the BoKS Manager 8.1 documentation set.
  • Support is added for BoKS control of sudo and sudoedit.
  • The BoKS configuration is redesigned to use the CLI program boksconfig which replaces the BoKS ENV file.
  • BoKS Master / Replica packages are now delivered as native packages for easier installation and deployment.
  • The BoKS Data Collection Module (BDCM) for BoKS Reporting Services is now a part of the BoKS install package.
Enhancements

  • The boks_bru program is replaced with a new backup and restore program named boksbackup. For details see the BoKS man page boksbackup and the product manuals.

  • The default lower limit for UIDs in BoKS is changed to 2000 and the default upper limit is changed to 59999.
  • Support is added for authentication of SecurID to RSA Authentication Manager using the REST API protocol. For more details see the BoKS Manager 8.1 Administration Guide.

  • BoKS Web Services Interface 8.1 features a REST API version. See the BoKS WSI documentation set for more information.

  • A new option -b <bcastaddr-file> has been added to the BoKS setup program to make it easier to specify the bcastaddr file when deploying BoKS, especially for native packages which only run setup not install.
  • BoKS is now started at OS boot by systemd on Linux platforms and SMF on Oracle Solaris. The BoKS Boot program also uses the systemd/SMF frameworks for temporary start/stop of the BoKS daemons. On IBM AIX, BoKS continues to be started by /etc/inittab.
  • Intelligent downloading of tables to Replicas in the event of a failover Replica being promoted to Master has been added to improve failover performance.

  • BoKS audit logging is added for the following boksdiag commands:

    • delpswentry boksuser

    • delpasswdentry user ...

    • boksdiag updpsw -h host

    • boksdiag updpasswdentry user

    • boksdiag updauthkeysuser user

    • boksdiag updauthkeyshost -h host

  • Added revocation checking for BoKS host certificates used for internal verification of BoKS hosts.
  • A new config variable, user/allowed-homedirs, is added that can be used to restrict where clntd can create homedirs and write profile files.
  • Audit logs are now produced if the BoKS name of an account or a UNIX group is changed as part of a rename host or rename Host Group operation.
  • Previously "hostadm -l <-h host>" only listed parameters' values set for a host, but did not deal with parameters set domain-wide from bksdef. In version 8.1, "hostadm -l <-h host>" shows parameters' value, and also shows whether the parameter value comes from a domain-wide setting or from the host setting itself, like the lsbks listing does. There are two host parameters' values that could come from a domain-wide setting. They are "Local userdata check" and "Timezone" in the hostadm listing parameters.

  • boksrule can now be used with the option ---list --not or -l -N to negate the search criteria. For more information see the BoKS man page boksrule.

  • A new version of the boks_errlog file is now created, where messages that include the text "Can't connect to" are filtered out and not included. This separate boks_errlog file is named boks_errlog_filtered.txt.
  • A man page is added for the program boksnativesshdadm.
  • Added support for TLS 1.3.
  • Upgraded the version of OpenSSH that BoKS SSH is based on from 8.1p1 to 8.6p1.
Fixes
  • Fixed an unhandled error from a network read in the boks_bridge that caused it to exit, affecting replication and causing all Replicas to be marked down.
  • Added input checking so the modifiers kslsize and ksltime cannot be set where keystroke logging is not specified for an Access Rule.

  • When deploying a 8.1 Server Agent in a 6.7.0 domain, hotfix HFBM-0051 is required for full cadm functionality. 6.7.1 and onwards are good to go.

  • Support for reading/writing the file $BOKS_etc/files using the cadm command has been removed as this file is no longer used.

  • hostkey option -r to remove a local nodekey file is no longer supported.

  • Database encryption algorithms ND2 and DES are no longer supported.

  • The default value for the ENV variable FREE_SHARED_MEMORY_LIMIT (now db/shm/free-limit) is now 15 (was 30 before), and the lower allowed value is 3 (was 5 before).

  • Removed option to run kslog_stalefile_check remotely from the master since all supported versions of BoKS now have kslog_stalefile_check executed periodically by boks_cron.

  • Removed support for ENV variable REVOKE_IGNORE_ISSUER intended for compatibility with BoKS 4.x which did not support issuer in revocation records.

  • USE_RW_DB_LOCK is dropped from ENV as it is now always turned on (from BoKS 8.0).

  • When issuing BoKS host certificates for Server Agents 8.1 or later the P12 credential container no longer uses the host's nodekey for locking key.

    Instead a random key dedicated for P12 locking is generated. P12 containers intended for pre-8.1 Server Agents continue to use the nodekey as locking key. BoKS 8.1 Server Agents can still use a nodekey locked credential container when operating in a pre-8.1 MR-domain.

  • If the home directory prefix is not specified when adding a host of type REPLICA,UNIXBOKSHOST or DYNIPCLIENT, it will default to "/home". For other host types the default is as before, empty string (= not set).

  • Fixed an issue where cadm -w denied writing files with ".." in the name.
  • Fixed an issue where creating a user with homedir / and setting an SSH key for the user with sshpkadm could cause clntd to use 100% CPU.
  • Fixed a potential database deadlock problem on Replicas when downloading.
  • Fixed an issue where the adsync function required that hostnames were in lower case, and did not work with host names that were in upper case.
  • The BoKS ENV variable ACED_OPT_STRIPHOSTNAME is obsolete and is removed.
  • Fixed an issue where enabling debug for boks_sshd displayed the password/yubikey in cleartext in the debug output when using certain SSH authentication methods.
  • bokslogview is enhanced to be able to read very long lines that could exceed the standard limit for syslog.
  • The bccsetup and bccgethostcert programs now prompt for the key length to use for host certificate.
  • Fixed an issue on Red Hat 8 where check_daemon failed to find running PIDs in some cases.
  • Added more information to the boksrule man page about what regular expressions can be used, with examples.
  • The boksrule man page and Administration Guide have been updated to clarify that YubiKey authentication is not supported for the FTP, PWCO and RSH access methods.
  • Web Services Interface no longer displays "=+1" for modifiers when listing Access Rules.

  • The program name parameter in boks_errlog records is changed for some BoKS daemons as a result of updates to the error logging framework.

    By default the program name in boks_errlog records is set to the basename of the program binary. There are some exceptions to this.

    For program binaries that are used for multiple functions, an extension is added to the program name parameter in the boks_errlog to make it possible to see which instance of the program generated the log.

    There were previously also some daemons that used the program basename without the "boks_" prefix in boks_errlog. This is now changed so that all daemons use the program binary basename including the "boks_" prefix:

    "master" -> boks_master

    "servc" -> boks_servc

    "servm" -> boks_servm

    "clntd" -> boks_clntd

    Multi-function daemons like the boks_bridge and boks_drainmast still use a postfix extension to basename.

  • Fixed an issue with boks_clntd_helper that could cause provisioning of large numbers of users and groups to fail on AIX platforms.
  • Fixed an issue in boks_clntd_helper that caused it to set lastchange = 0 in the /etc/security/passwd when modifying a user without a password.
  • Fixed an issue whereby removing an AIX host from a Host Group could leave stray Unix groups on the host.
  • Fixed an issue where restoring a pre-8.0 backup with boks_bru disabled boks_upgrade privatekey compatibility mode.
  • The upgrade_client program no longer returns a message that the host key cannot be registered when it reuses the old host keys.
  • Resolved an issue where programs running on a Replica could write to the database on the Master.
  • Fixed an issue where checkdomain didn't work for IPV6 addresses on Red Hat 8.
  • Support for the -v (verbose) option has been added again to the program classadm.
  • The bokscron.conf file is split into separate files for Master/Replica and Server Agent functions. See the BoKS Manager 8.1 documentation set for more information.
  • BoKS SCP is enhanced to ensure that files larger than 4GB can be successfully transferred with BoKS File Transfer Logging on 32-bit systems.
  • Fixed an issue where specific sequences of database operations could make boks_master stop responding.
  • The BoKS CA now creates host certificates with the BoKS registered host name in the certificate subject altname othername attribute to ensure that certificate-to-host mapping functions correctly when hosts are not registered with FQDN in the BoKS security database. BoKS hosts with certificates created in earlier versions of the BoKS CA need to have a new certificate created after upgrading the BoKS Master to 8.1 to take advantage of this. For more information see the BoKS Manager 8.1 Administration Guide.
  • Resolved an issue where, in Solaris 11.4, from SRU 21, the pam_dhkeys PAM module no longer being installed by default caused warnings to be generated when a user logged in with BoKS activated.
  • The adsync interval is no longer configured in the boksinit.master file, but using the BoKS configuration variable ad/sync/interval. For details see the BoKS Manager Administration Guide.
  • Improved error handling and documentation for the case where a password that is enabled for checkout is changed, but no EMS encryption certificate has been created.
  • The entry for a user with no password set created by BoKS in /etc/shadow will now be more similar to what the OS useradd command creates.
  • The hostprereg command now checks whether a Host Group exists when adding/modifying a host or type entry. If it does not exist, an error is generated and the command does nothing.
  • hostprereg now logs all parameters set when a host preregistration entry is added and all old and new values when an entry is modified. The only exception is that the comment is not logged.
  • The overlap check when adding a host has been speeded up (when enabled).
  • The BoKS configuration variable communication/host-identifier should be set to a non-loopback local ip-address if used (or a hostid for a DYNIPCLIENT). If it is incorrect, Boot complains, and daemons ignore the incorrect value. This may cause communication with BoKS infrastructure to fail until it is fixed.
  • If a BoKS host did not have all its IP-addresses registered in BoKS, ssh and sshd (in the hostbased authentication case) would not be able to find the hostkey for the machine in the BoKS database in all cases. This has been fixed by having both send the full list of IP-addresses found in DNS. If one of those addresses is registered in BoKS, the hostkey can be found.
  • Information from the file $BOKS_var/hotfix_install.log is added to the output of boksinfo.
  • The -N option for cadm, which suppressed logging, has been removed.
  • Information about audit log configuration corresponding to the output of "bokslogadm -lv" is added to the output of boksinfo.
  • Removed a duplicated line in /etc/pam.d/login on Red Hat 7.
  • Fixed an issue where "adsynchelper -u" did not find principal names for all users.
  • The mkhome command failed if the homedirectory of a user ended in '/'. This has been fixed.
  • Running 'boksversion -b -s' now displays the native package version number for 'boks-server'. You can still run 'boksversion -b' to display the number for 'boks-client'.
  • Enhanced handling of corrupt data and error reporting in the Keystroke Log File transfer mechanism.
  • The default minimum password length is increased to 10 characters.
  • The following ENV variables from previous versions are now controlled using bksdef: CHANGE_PSW_ED_QUOTIENT -> bksdef --psw-look-alike-edq CHANGE_PSW_LCS_PERCENT -> bksdef --psw-look-alike-lcs SUROOT_AUTHENTICATE -> bksdef --suroot-require-a-and-a
  • The command "boksdir -E", previously used to view ENV environment variables on a host, is deprecated.
  • Fixed an issue where running SSH_X11 on Red Hat failed with a message saying that this function was disabled or not supported by server.
  • Standardized the umask for files output by BoKS programs to umask 022.
  • Added support for SHA512, MD5 and Blowfish password hashes in the BoKS EMS LDAP function for propagating password updates from BoKS to LDAP.
  • Improved the ability of BoKS audit logging to recover from a full-disk scenario.
  • boksinfo is updated to include new configuration files for troubleshooting configuration.
  • Fixed issues where boksinfo could fill up $BOKS_var, and corrected the boksinfo man page.
  • Fixed an issue where it was possible to create an invalid Access Rule that could not be viewed or deleted.
  • Fixed an issue where client_helper removing Unix groups on AIX could cause timeout errors.
  • upgrade_client now automatically updates any 128 bit node key on a BoKS Server Agent to a 256 bit node key, if the longer key exists in the BoKS database.
  • Fixed an issue where users were locked out of hosts where LDAP authentication is required when their passwords are set to "force change on next login".
  • boks_portmux no longer listens on the servc port if servc/allow-external-req=false, thus completely stopping Server Agents from connecting to the Master. This can for example be used to prevent Server Agents from sending keystroke logs directly to the Master.
  • Enhancements have been added to how keystroke log transport is handled, with a limit added to the number of open connections to keystroke log handling daemons. You can configure the limits using the BoKS configuration variables ftsd/conn-max and kslog/ksllogsd/maxconn. Also Server Agents can now be prevented from sending keystroke logs directly to the Master by setting the configuration variable servc/allow-external-req to false. See the BoKS man page boksconfig for more information.
  • Improved the performance of "hostprereg -l -h <host>" and "-t <type>" by replacing a linear table scan with use of the key index.
  • Fixed an issue where the log message hostname parameter was incorrectly set to the DNS name instead of the hostname registered in BoKS for a number of BoKS programs.
  • When installing a BoKS Master, a default domain name is no longer set as part of the installation. If required it can be set after install using hostadm -M <domainname>.
  • Optimized the use of system calls in order to improve efficiency of database calls in environments with a heavy load.
  • Added functionality to identify which processes are locking the BoKS database in the event of a suspected database deadlock. The function is activated by setting the BOKS configuration variable db/lock-info to "true" (on) and the command "boksdiag lockinfo" can then be used to list the process ids of processes having a write- or readlock on the BoKS database.
  • Fixed an issue where the $BOKS_etc/bokscron.conf file was not updated correctly with new entries needed when restoring a boks_bru backup from a version prior to 7.1 and the $BOKS_etc/ENV file could get wrong permissions if the current umask was too restrictive.
  • Fixed issues where "lsbks -B" and "lsbks -L" did not give expected output and "lsbks -Dm" was slow.
  • Fixed an issue where an inactive host pre-registration could be classed as type AGENTHOST, causing licensing violations.
  • Added a feature where BoKS warns when the node key is not in sync between the Server Agent and BoKS database, which is active as long as automatic node key rotation is not activated.

BoKS Reporting Services

Version: 8.1

October 4, 2021

New Features
  • New reports are added for sudo, sudoedit and sudolist Access Rules.
  • New report added, Host Groups By Host Listing, that for a given host, lists all the Host Groups that the host is member of.
  • New report added, Hostgroup Hosts Listing, that for a given Host Group lists all the hosts that match all the members in the Host Group. So if the Host Group has a pattern member "*", all the hosts that match that pattern are listed in the report.
Enhancements
  • Exporting a report saves the report with a filename consisting of the report name and a timestamp.
  • A new command named brsinfo has been added to collect useful troubleshooting information. See the documentation set for details.
  • User Detailed Listing report:
    • New optional filter "username" added.
    • Fixed issue with large temp files on the server during report execution.
  • Support is added for TLS 1.3.

    • Default allowed TLS protocols are TLSv1.2 and TLSv1.3.

    Default allowed TLS cipher suites are TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (TLS 1.2) and TLS_AES_256_GCM_SHA384 (TLS 1.3).

  • The BRS application is now managed as a systemd service.
Fixes

  • Fixed an issue where brscmd could not write to all places on disk when SELinux was enabled.

  • Fixed a CSS vulnerability where an attacker in a man-in-the-middle attack could inject a malicious URL to then be able to retrieve information about a user session.
  • Removed all unsafe-inline in Content-Security-Policy header.
  • Fixed an issue where exported reports in PDF format could be cut off at the right hand side.
  • The default minimum password length for BRS users is increased from 6 to 10 characters.

  • Added fix to set SELinux security context for installation directories, resolving issue with process not starting on Red Hat/Centos 8 with SELinux enabled.

BoKS Web Services Interface

Version: 8.1

October 4, 2021

New Features
  • A REST API version of the Web Services Interface is added in addition to the existing SOAP interface.
  • A new command called mdsinfo is added that can be run to collect troubleshooting information on the WSI server.
Enhancements
  • Introduced parallel execution of synchronous single domain requests to improve throughput of requests and enhance operational robustness. The default number of maximum parallel requests is 4.

  • Added support for retrieving client IP from "Forwarded" and "X-Forwarded-For" request headers when using WSI behind proxy or firewall.

  • Systemd is used for managing the WSI application where available. The systemctl command is used for starting and stopping the service. The /etc/init.d/mds start script has been removed.
  • A keep-alive is added so the WSI server regularly polls the BoKS admin server BCCAS. This can be configured using the KeepAliveInterval parameter in the config.yaml file. The default setting is 10 minutes.
  • The application automatically picks up changes to the log configuration without the need to restart.
  • Logging of incoming requests can be enabled in the log configuration.
  • Failed requests are now logged to mds.log and error.log.
  • Added support for TLS 1.3.

    • Default allowed TLS protocols are TLSv1.2 and TLSv1.3.

    Default allowed TLS cipher suites are TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (TLS 1.2) and TLS_AES_256_GCM_SHA384 (TLS 1.3).

  • Added fix to set SELinux security context for installation directories, resolving issue with process not starting on Red Hat/Centos 8 with SELinux enabled.
Fixes
  • Java client code example has been updated for Java 11 and above.
  • Removed all unsafe-inline in Content-Security-Policy header.
  • The dependency in some WSI programs on /bin/ed, which is not supported in some newer OS versions, is removed.
  • Fixed an issue where you could not clear Access Rule modifiers with the modifiersClear option.

  • Added fix to set SELinux security context for installation directories, resolving issue with process not starting on Red Hat/Centos 8 with SELinux enabled.

Back to Top

Robot

Robot Monitor

Version 14.24

October 26, 2021

  • AIX systems need to update RPM to a 4.x version to be compatible with Robot Monitor 14.23 and above.

  • Fixed issue with looping MM messages when upgrading.

  • Updated installer now shows correct message when installing PC software and user is not a Windows Administration account.

  • Fixed issue with error message "File MMCPWTLA in library *LIBL not found or inline data file missing" appearing in joblog.

Robot Schedule

Version 13.12

October 20, 2021

  • RBTBCHUPD and AUTORUN commands can now be secured using Robot Schedule internal security.

  • Improved performance on RBTSWAPSYS.

  • Fixed issue with Robot Replay ghost child jobs.

Version 13.13

October 28, 2021

  • Fixed issue with iASP being ignored from Advanced Setting under Connection Properties in the Schedule GUI.

  • Fixed issue with authority on logical file RSL507W4.

Back to Top

 

Safestone

DetectIT

Version 14.4.10

October 29, 2021

Enhancements

  • Report MSP4604 prints only those Message Action Items where at least one of the configuration entries is not the default value.

  • Updated the End User License Agreement (EULA) to display the new version when attempting to install or upgrade the DetectIT GUI software.

  • Updated the Network Traffic Controller processing for the Database Server SQL server Exit Points (QIBM_QZDA_SQL1 and QIBM_QZDA_SQL2) to use the configured rules from the database. This means there is no longer a specific, fixed limit on the number of configuration entries that are used by the SQL request verification process.

  • Updated the Graphical software for the DetectIT release, allowing users to confirm that they are running compatible Graphical software.

  • The list of Message Action Items that have been configured is now available directly using F15=Action Item List within the Work with Message Monitor functions. Selecting F15 generates the MSP4604 report.

  • Updated the software license agreement for version 14.4.10. The license agreement is available after entering a permanent or a term license. You can also access the license agreement by selecting F8=License Agreement from where the licenses can be reviewed or entered in the product interface.

  • Correct transaction dates are now displayed when only QAUDJRN Data Collection settings are changed.

  • Resolved an issue where the wrong license version was displayed.

  • When a Secured System is deleted any associated programmer access details are deleted also.

  • Updated the placeholder values for the following Message Ids:

    • MLT1992 Db2 Mirror, Network Redundancy Group &20.

    • MLT1993 Db2 Mirror, Network Redundancy Group &20.

    • MLT1994 Db2 Mirror, Network Redundancy Group &20.

  • Resolved issue where the Application Program authority was not copied when using the Base on via the MAP module profile maintenance.

  • Message Action Item configuration report, MSP4604 now prints the fully qualified program name.

  • Network Traffic Controller log entry detail is now displayed with a space between a full length library name and the Member text.

  • The ALERT profile can still access the Technical Assistance Information function even if the Group Profile parameter has been changed to *NONE. For example, GRPPRF(*NONE).

Back to Top

 

Titus

Data Detection Engine

Version 2021.10

October 29, 2021

  • No updates for this release.

Policy Manager

Version 2021.10

October 29, 2021

New Features

  • New App Settings feature that allows you to allows you to define, enable, and customize features and text that appear in the Client interface. Audit logging will record new or updated App Settings.

  • New OnShare event that triggers a Titus Policy for Google Docs, Sheets, and Slides.

Titus Classification for Google Workspace

Version 2021.10

October 29, 2021

New Features

  • Titus Classification for Google Workspace now supports the OnShare event for Google Docs, Sheets and Slides. If there is a violation based on how a policy is configured in Policy Manager, this could trigger a supported action (Alert, Set classification and Deny).

Titus Console

Version 2021.10

October 29, 2021

  • No updates for this release.

Titus Office Add-in for Outlook Online

Version 2021.10

October 29, 2021

  • No updates for this release.

Titus Office Add-in for Word and Excel Online

Version 2021.10

October 29, 2021

  • No updates for this release.

Back to Top