Monthly Release Notes - January 2022

Jump to:

Boldon James Bytware CCSS
Cobalt Strike Core Security Digital Defense
Digital Guardian Globalscape GoAnywhere
Halcyon Insite Inter Mapper
JAMS Robot Safestone
Sequel Skybot Tango/04
TeamQuest Titus Vera    

 

Automate

Automate Schedule

Version 4.5.1

January 6, 2022

IMPORTANT: When updating to Automate Schedule version 4.4.1 or later, it is recommended you manually update your scripts to ensure proper connectivity to Automate Schedule web services. See Running the Automate Schedule Web Service for more information.

Fixes
  • Universal Connector version 1.3.4
    • The Apache Log4j JNDI vulnerability has been addressed by updating to 2.17.0.

Back to Top

 

Digital Defense

Frontline VM

Version 6.4.3.2

January 26, 2022

Enhancements
  • Moved additional logs into Loki logging subsystem for Frontline.Cloud.
Fixes
  • Corrected failure of some cases related to deleted user roles in Managed Account Users CSV Export.
  • Fixed the automatic spin down of Trial accounts on TryFrotnline.Cloud shortly after creation.
  • Fixed missing owner filed in CSV export of Managed Accounts Security GPAs.
  • Fixed spelling error in "Approved management access request user" filter.
  • Removed Test Credentials button from Credential management pages.
Version 6.4.3.1

January 19, 2022

Fixes
  • Fixed Asset and Scanner Profile IP address "is (or)" and "is not (or)" filtering that did not work properly.
  • Multiple fixes to Frontline TAP threat intelligence feed processing for Threat Rank.
  • Frontline.Cloud infrastructure fixes related to expiring certificates.
Version 6.4.3.0

January 12, 2022

New Features

  • Introduced comprehensive authenticated scan status and credential validity management.

    • See the success or failure of authenticated scans at all levels of scan results and reports.

    • Identify which credentials were used in each scan and if they are valid or not.

  • Added a comprehensive suite of management reports targeted specifically for MSPs.

    • Includes CSV reports, PDF reports and email alerts.

    • Manage customer base and understand usage and trends.

Enhancements

  • Added ability to search for vulnerabilities by authentication method (Bug 25256).

  • Added ability to supply custom trending intervals for reports (Bug 20480).

  • Added delay-time-period before automatically spinning down Trial accounts (Bug 25048).

  • Added support to filter scan results by a list of CVEs (Bug 23333).

  • Changed default RNA Access Request time to be 8 hours.

  • Deprecated Oracle Image Virtual RNA download.

  • Included authenticated scan status within reports (Bug 24978).

  • Introduced Asset Rating Trends Report.

  • Introduced SSL Certificates Report.

  • Introduced report review workflow into Frontline.Cloud (Bug 20672).

  • Introduced scoped credentials for authenticated scanning (Bug 24886).

  • Allow Trial account options to be set during Trial account creation.

  • Removed per-account limits for Virtual RNA appliance tokens.

  • Replaced Digital Defense, Inc with Digital Defense by HelpSystems.

  • Display authentication detect method on-hover for vulnerabilities (Bug 23369).

  • Improved support for NVD / PCI rating schemes within Frontline.Cloud (Bug 23934, 25071)

  • Introduced suite of MSP / Super account management reports (Bug 24793, 20040, 20517)

  • Replaced logo with favicon for themes list.

  • Implemented various infrastructure improvements and security updates.

Fixes

  • Removed rounding for Active Risk Score in some locations within Frontline UI and reports.

  • Fixed the incorrect inclusion of tag with Container scanning license when calculating usage.

  • Fixed Core Impact scan exports that could not be filtered by date range.

  • Corrected the mistake allowing the Credential PGP cipher text.

  • Fixed dysfunctional filtering on Frontline Agent list page.

  • Fixed IP Address filter that did not properly respect quoted search terms (Bug 25297).

  • Fixed slow speed on Manage RNAs list page.

  • Broken links to help pages on new account dashboard are resolved (Bug 24931)

  • Fixed performance for statistics object management.

  • Corrected body text on RNA Access Approved email.

  • Populated data in reports based on container scans.

  • Fixed error in scan insertion when ping-type is not defined (Bug 25011)

  • Fixed report options that are not displayed in the report's options appendix.

  • Updated super account usage metrics in instances of error.

  • Allowed additional groupings for Threat Landscape reports.

  • Corrected inability to upgrade Trial accounts to General accounts (Bug 25253, 25060).

  • Fixed various bugs for reports including grammar, spelling, and style fixes.

  • Fixed Virtual RNAs that could not be downloaded on TryFrontline.Cloud due to trade.gov API changes (Bug 25299).

Frontline WAS

Version 6.4.3.2

January 26, 2022

Enhancement
  • Moved additional logs into Loki logging subsystem for Frontline.Cloud.
Fixes
  • Fixed Managed Accounts Users for CSV Export failures in cases related to deleted user roles.
  • Fixed Trial accounts on TryFrontline.Cloud that automatically spin down shortly after being created.
  • Added clarity to Managed Accounts Security GPAs CSV Exports sort order by including owner field in CSV export.
  • Corrected the spelling error in "Approved management access request user" filter.
Version 6.4.3.1

January 19, 2022

Fixes
  • Added multiple fixes to Frontline TAP threat intelligence feed processing for Threat Rank.
  • Frontline.Cloud infrastructure fixes related to expiring certificates.
Version 6.4.3.0

January 12, 2022

New Features
  • Includes a comprehensive suite of management reports targeted specifically for MSPs utilizing Frontline.Cloud.
    • Reports include CSV reports, PDF reports and email alerts that allow MSPs to effectively manage their customer based and understand usage and trends.
Enhancements
  • Added ability to see raw request data for all users.
  • Added delay-time-period before automatically spinning down Trail accounts (Bug 25048).
  • Added support to filter scan results by a list of CVEs (Bug 23333).
  • Changed default RNA Access Request time to be 8 hours.
  • Deprecated Oracle Image Virtual RNA download.
  • Introduced report review workflow into Frontline.Cloud (Bug 20672).
  • Allowed Trial account options to be set during Trial account creation as an option.
  • Removed per-account limits for Virtual RNA appliance tokens.
  • Replaced Digital Defense, Inc with Digital Defense by HelpSystems.
  • Improved support for NVD / PCI rating schemes within Frontline.Cloud (Bug 23934, 25071).
  • Added suite of MSP / Super account management reports (Bug 24793, 20040, 20517).
  • Replaced logo with favicon for themes list.
  • Various infrastructure improvements and security updates.
  • Added WebApp Scan Export API.
Fixes
  • Fixed slow speed on Manage RNAs list page.
  • Corrected broken links to help pages on new account Dashboard (bug 24931).
  • Fixed incorrect body text in RNA Access Approved email.
  • Fixed display of report options in report's options appendix.
  • Updated super account usage metrics that failed in some instances.
  • Trial accounts can be upgraded to General accounts (Bug 25253, 25060).
  • Corrected various bugs for reports including grammar, spelling and style fixes.
  • Fixed Virtual RNAs that could not be downloaded on TryFrontline.Cloud due to trade.gov API changes (Bug 25299).

WAS Scanner

Version 1.0.33.0

January 5, 2022

New Features
  •  Includes new vulnerability checks: 
    • 147293 Apache HTTP Server Security Update 2.4.51 (High)
    • 147294 Drupal Security Advisory SA-CORE-2021-011 (Medium)
    • 147297 PHP December 2021 Security Update (Medium)
    • 147296 PHP November 2021 Security Update (Medium)
    • 147298 WordPress Arbitrary Code Execution Vulnerability (High)
    • 147290 WordPress Plugin: WP Fastest Cache Cross-Site Request Forgery (CSRF) Vulnerability (Medium)
    • 147291 WordPress Plugin: WP Fastest Cache SQL Injection Vulnerability (Medium)
    • 147283 WordPress Plugin: All In One SEO Authenticated Privilege Escalation Vulnerability (Medium)
    • 147284 WordPress Plugin: All In One SEO Authenticated SQL Injection Vulnerability (Medium)
    • 147285 WordPress Plugin: LiteSpeed Cache Cross-Site Scripting (XSS) Vulnerability (Medium)
    • 147286 WordPress Plugin: LiteSpeed Cache Cross-Site Scripting (XSS) Vulnerability (Medium)
    • 147287 WordPress Plugin: UpdraftPlus Stored Cross-Site Scripting (XSS) Vulnerability (Medium)
    • 147288 WordPress Plugin: UpdraftPlus Reflective Cross-Site Scripting (XSS) Vulnerability (Medium)
    • 147289 WordPress Plugin: UpdraftPlus Reflective Cross-Site Scripting (XSS) Vulnerability (Medium)
Enhancements
  • Includes several fixes and enhancements to the scanning engine and existing vulnerability checks.
Fixes
  • Updated Vulnerability Descriptions:
    • 104779 HTTP Header SQL Injection (High)
    • 132636 Potential Web Server Blind SQL Injection (High)
    • 104471 Web Server Blind SQL Injection (High)

Back to Top

 

Digital Guardian

Agent for macOS

Version: 8.1

January, 2022

New Features
  • DG Agent for macOS now supports macOS 12.0.1 and 12.1 (Monterey) on both Intel and Apple M1 computers.

  • DG Agent for macOS supports TLS 1.3.

Fixes

  • USB block rules applied with user policies now work as designed on Apple M1 computers.

  • An issue with accessing Cloudflare-hosted websites on computers running DG Agent was resolved. These websites were either unreachable or prompted for a CAPTCHA test every time you accessed them.

  • Mac rule exclusions now work as designed when you have more than one rule in a policy and exclude a computer from just some of the rules

  • The process flag file (prcsflgs.dat) now contains lines for the Homebrew installation location on both Intel and M1 computers.

Agent for Windows

Version: 8.1

January, 2022

New Features
  • DG Agent for macOS now supports macOS 12.0.1 and 12.1 (Monterey) on both Intel and Apple M1 computers.

  • DG Agent for macOS supports TLS 1.3.

Fixes

  • USB block rules applied with user policies now work as designed on Apple M1 computers.

  • An issue with accessing Cloudflare-hosted websites on computers running DG Agent was resolved. These websites were either unreachable or prompted for a CAPTCHA test every time you accessed them.

  • Mac rule exclusions now work as designed when you have more than one rule in a policy and exclude a computer from just some of the rules

  • The process flag file (prcsflgs.dat) now contains lines for the Homebrew installation location on both Intel and M1 computers.

Back to Top

 

Powertech

BoKS Control Center

Version: 8.1.0.1

January 31, 2022

  • Updated log4j dependency to version 2.17.1.

    • The log configuration for Log4j2 is not backwards compatible. A new log file log4j2.xml is used instead of AppcontrolLogging.xml. When upgrading, AppcontrolLogging.xml will be renamed to AppcontrolLogging.xml.bak. This means that any modifications that were made in AppcontrolLogging.xml must manually be transferred to the new log4j2.xml file to be effective.

Version: 8.0.0.4

January 28, 2022

  • Updated log4j dependency to version 2.17.1.

    • The log configuration for Log4j2 is not backwards compatible. A new log file log4j2.xml is used instead of AppcontrolLogging.xml. When upgrading, AppcontrolLogging.xml will be renamed to AppcontrolLogging.xml.bak. This means that any modifications that were made in AppcontrolLogging.xml must manually be transferred to the new log4j2.xml file to be effective.

Version: 7.2.0.3

January 28, 2022

  • Updated log4j dependency to version 2.17.1.

    • The log configuration for Log4j2 is not backwards compatible. A new log file log4j2.xml is used instead of AppcontrolLogging.xml. When upgrading, AppcontrolLogging.xml will be renamed to AppcontrolLogging.xml.bak. This means that any modifications that were made in AppcontrolLogging.xml must manually be transferred to the new log4j2.xml file to be effective.

Version: 6.7.0.4

January 28, 2022

  • Updated log4j dependency to version 2.17.1.

    • The log configuration for Log4j2 is not backwards compatible. A new log file log4j2.xml is used instead of AppcontrolLogging.xml. When upgrading, AppcontrolLogging.xml will be renamed to AppcontrolLogging.xml.bak. This means that any modifications that were made in AppcontrolLogging.xml must manually be transferred to the new log4j2.xml file to be effective.

  • In the section in the Installation Guide "Troubleshooting the Presentation Server", the file AppcontrolLogging.xml should be replaced with log4j2.xml, the code for activating debugging is

    • <Logger name="com.foxt.bcc" level="info" additivity="false">
    <AppenderRef ref="FILE"/>
    </Logger>

    and the parameters for log size and how many log files are retained are

    <SizeBasedTriggeringPolicy  size="32MB"/>
    <DefaultRolloverStrategy max="5"/>

BoKS Web Services Interface

Version: 8.1.0.1

January 24, 2022

  • Updated log4j dependency to version 2.17.1.

    • The log configuration for Log4j2 is not backwards compatible. A new log file log4j2.xml is used instead of AppcontrolLogging.xml. When upgrading, AppcontrolLogging.xml will be renamed to AppcontrolLogging.xml.bak. This means that any modifications that were made in AppcontrolLogging.xml must manually be transferred to the new log4j2.xml file to be effective.

  • The log4j.config.watch.seconds property in mds.properties is not used anymore. It is replaced by the monitorInterval parameter in the log4j2.xml file (default 30 seconds).

Version: 8.0.0.5

January 24, 2022

  • Updated log4j dependency to version 2.17.1.

    • The log configuration for Log4j2 is not backwards compatible. A new log file log4j2.xml is used instead of AppcontrolLogging.xml. When upgrading, AppcontrolLogging.xml will be renamed to AppcontrolLogging.xml.bak. This means that any modifications that were made in AppcontrolLogging.xml must manually be transferred to the new log4j2.xml file to be effective.

Version: 7.2.0.6

January 24, 2022

  • Updated log4j dependency to version 2.17.1.

    • The log configuration for Log4j2 is not backwards compatible. A new log file log4j2.xml is used instead of AppcontrolLogging.xml. When upgrading, AppcontrolLogging.xml will be renamed to AppcontrolLogging.xml.bak. This means that any modifications that were made in AppcontrolLogging.xml must manually be transferred to the new log4j2.xml file to be effective.

Version: 6.7.0.3

January 24, 2022

  • Updated log4j dependency to version 2.17.1.

    • The log configuration for Log4j2 is not backwards compatible. A new log file log4j2.xml is used instead of AppcontrolLogging.xml. When upgrading, AppcontrolLogging.xml will be renamed to AppcontrolLogging.xml.bak. This means that any modifications that were made in AppcontrolLogging.xml must manually be transferred to the new log4j2.xml file to be effective.

Powertech Antivirus for IBM i

Version 8.05

January 25, 2022

Enhancements

  • Powertech Antivirus now supports the detection and blocking of ransomware activity on IBM i. This extends the existing protection against ransomware storage, by blocking ransomware that encrypts files in the IFS.

  • Improved performance of AVSVR initialization.

  • Powertech Antivirus now uses the McAfee 6300 Anti-Malware Engine, which includes the following new features:

    • Enhanced threat landscape with added support for MPress (LZMAT) and DMG file-type support

    • Improved coverage on OLE and Microsoft Excel file-types

    • Better handling of VBA and Jar files and wider coverage for UPX packed files

    • Several bug fixes, and performance and security improvements

Fixes

  • On-access timeout now processed as seconds.

  • Removed scan file size limit of 2Gb.

  • Fixed "Data for key field 1804 not valid" issue.

  • Improved error messaging when path and file name too long.

  • Infected files on an iASP are now correctly quarantined.

  • In past versions, software updates for Powertech Antivirus for IBM i were provided through a mix of product installers and product PTFs. This process has been simplified so all software updates for Powertech Antivirus for IBM i are provided through product installers. In this version, menu items relating to the PTF-based product update process have been removed.

Back to Top

 

Robot

Robot Network

Version 13.03

January 4, 2022

  • Network License Manager provides ability to manage products in both *SYSBASE and an iASP.

  • Improved licensing across network with systems in different iASP groups.

  • Now correctly loads library with iASP name of 10 characters.

  • DB_POOL and AS400_POOL connections updated to use *CURUSR when running in *SYSBASE.

  • Fixed issue with Conversion Error CPF4AA7.

  • RBTNETPT password length increased to 16.

RBTSYSLIB

Version 2.05

January 4, 2022

  • Network License Manager provides ability to manage products in both *SYSBASE and an iASP.

Back to Top

 

Sequel

Sequel 11

Version: R11M16

January 6, 2022

Enhancements
  • Support for IBM Db2 Mirror for i added.
Fixes

  • A fix was made to correct the way Script Views were being analyzed during the audit process. This caused corrupted entries into the journal receivers, and the data was not available to load into the audit history files

  • SQJCRO will now resolve the library when *LIBL is specified.

Sequel Web Interface

Version: R10M33

January 6, 2022

Sequel Web Server 2.9

  • Fixed issue where if after SWS 2.8 was upgrade e-mail notifications for scheduled Web Service Jobs were not being sent.

  • SWS Timestamp of Noon is saved to Excel as 00:00, but is displayed correctly as 12:00 in browser.

Viewpoint 11

Version: 11.21.362

January 6, 2022

Updates

  • Fixed issue where the 'Bring to Front' and 'Send to Back' options for objects in a dashboard were not saving with the dashboard.

  • Fixed issuer where *SERVER syntax did not show custom column heading that used single quotes. For instance, /<S- COLHDG('Order' 'Entry' 'Date' )-S>/.

  • Fixed issue where if a spreadsheet had spaces in its name, an error would display when doing a refresh (the addin was changing the space to an underscore).

  • Fixed issue where a refresh in the Excel addin would loose any cell formatting such as centering of text, background shading, italicized, and cell bordering.

  • Fixed Viewpoint Files & fields tab errors out when a join contains a between comparison.

  • Added back the missing Series Order option for charts when designing in a dashboard.

  • Fixed issue where if a spreadsheet was somehow corrupted and was missing the named ranges for a view, refreshing data caused a Ribbon Class Error (create range error). We added error handling when trying to get the named range. If an error occurs then fall back to using the range that should be in the add-in xml.

  • Fixed issue where text settings such as font, italics, underline and strikethrough are not getting saved with the dashboard.

Back to Top

 

Showcase

Showcase 10

Version: R10M16

January 6, 2022

Enhancements

  • Support for IBM Db2 Mirror for i added.

Fixes

  • A fix was made to correct the way Script Views were being analyzed during the audit process. This caused corrupted entries into the journal receivers, and the data was not available to load into the audit history files

  • SQJCRO will now resolve the library when *LIBL is specified.

Sequel Web Interface

Version: R10M33

January 6, 2022

Sequel Web Server 2.9

  • Fixed issue where if after SWS 2.8 was upgrade e-mail notifications for scheduled Web Service Jobs were not being sent.

  • SWS Timestamp of Noon is saved to Excel as 00:00, but is displayed correctly as 12:00 in browser.

Viewpoint 10

Version: 10.21.362

January 6, 2022

Updates

  • Fixed issue where the 'Bring to Front' and 'Send to Back' options for objects in a dashboard were not saving with the dashboard.

  • Fixed issuer where *SERVER syntax did not show custom column heading that used single quotes. For instance, /<S- COLHDG('Order' 'Entry' 'Date' )-S>/.

  • Fixed issue where if a spreadsheet had spaces in its name, an error would display when doing a refresh (the addin was changing the space to an underscore).

  • Fixed issue where a refresh in the Excel addin would loose any cell formatting such as centering of text, background shading, italicized, and cell bordering.

  • Fixed Viewpoint Files & fields tab errors out when a join contains a between comparison.

  • Added back the missing Series Order option for charts when designing in a dashboard.

  • Fixed issue where if a spreadsheet was somehow corrupted and was missing the named ranges for a view, refreshing data caused a Ribbon Class Error (create range error). We added error handling when trying to get the named range. If an error occurs then fall back to using the range that should be in the add-in xml.

  • Fixed issue where text settings such as font, italics, underline and strikethrough are not getting saved with the dashboard.

C&DS Migration Utility

Version: 10.21.362

January 6, 2022

Fixes

  • When using the ViewPoint migration utility to import a ShowCase 9 DBQ (query), the user space gets created with a null in the View Description. This is caused by a Column Heading that contains brackets in the dbq.

  • Add repository name to breadcrumbs when migrating a DBQ. This is used during migration of an XLSM that includes linked queries.

Back to Top

 

Titus

Policy Manager

Version 2022.01

January 2022

Enhancements

  • Various enhancements have been made to App Settings in Policy Manager such as updated tooltip text, descriptions, and error handling. Solutions and Products now list more user-friendly names such as Google Docs.

  • When creating a custom App Setting, Solutions and Products properly show which features are supported and Word Online.

Fixes

  • Web page becomes blank when accessing Policy Manager.

  • In the General tab of App Settings, the invalid change in the Description clears out unexpectedly.

  • When creating a custom App Setting and Configuration, "Default" can be used more than once.

  • The UI does not display properly after clicking Cancel in an error message.

  • The App Settings set name should be truncated when it is too long.

  • Event Logging in App Settings does not display correctly within the Enabled Loggers sections.

  • Super Tip description is wrong for On Check Policy Event and On New Event.

  • Duplicated text is displayed for tooltips.

  • An unexpected error displays when using <> to enclose text when creating a Schema field name.

Back to Top

Vera

Version 3.19.0

January 2022

New Features

  • The Vera brand is changing. With this release, the new Vera by HelpSystems logo and logomark will appear in Vera's website, Vera online, Vera documentation, and Vera External APIs.

  • A new button is available to update the AppSecret. Users can use the existing download button to get the new configuration.

Updates

  • Vera announces the support for Symantec V15.8.

  • Vera expands the support for SharePoint. Users can now use the VIB/EIB functionality for protected files hosted on SharePoint.

  • Vera announces the support for PDF files rendering by OnlyOffice cluster.

  • Vera announces the support for the Outlook new UI with the JS add-in on MacOS.

  • Vera announces the support for MangoDB 4.2. MongoDB version 4.0 will reach End of Life (EOL) on April 30, 2022. Atlas clusters currently running MongoDB 4.0, which will be automatically upgraded to MongoDB 4.2 after April 30, 2022.

  • Vera announces the end of support for Microsoft IE11 for VIB/EIB:

    • With the Vera 3.19.0 release, the View-in-Browser/Edit-in-Browser (VIB/EIB) functionality is no longer supported on Internet Explorer 11 (IE11). Other browsers, such as Microsoft Edge, Google Chrome, Mozilla Firefox, and Safari, will continue to be supported. There are no changes to file types, sizes, or any other capabilities of VIB/EIB.

    • This decision is prompted by several factors. Microsoft has set IE11 on a sunset path, with O365 already not supporting it, and planning to withdraw operating system support for IE11 in Q2 2022. Usage of IE has been steadily declining in the Vera user base, with Edge increasing share. As a security company, Vera always recommends using the newest, best-supported version of software. This includes Vera's underlying Javascript libraries, which are also dropping IE11 support with this and subsequent releases.

  • Vera announces the end of support for the following MacOS applications in the upcoming releases:

    • AutoCAD, AutoCADLT, Reader, and Adobe Illustrator version 2019 in the upcoming Vera Release 3.20.0.

    • Outlook shim in the upcoming Vera Release 3.21.0.

    • Office 365 version 15.41.0 and earlier in the upcoming Vera Release 3.20.0.

NOTE: For viewing secured PDF files on MacOS, users can use Vera Preview.
NOTE: For Outlook support, users must upgrade to the Vera JS add-in to continue to using Vera with Outlook on a Mac.
Fixes

  • Fixed an issue where export and dashboard counts do not match:

    • Fixed an issue where the Statistical reports included some duplicate users.

    • Fixed an issue where some leftover content remained during a npm install/npm build.

  • Fixed an issue where Excel experienced slowness when Vera is installed.

  • Fixed an issue where Office 365 latest and Office 2019 – V.16.57 applications were crashed when Vera 3.18.x is installed on Mac. This issue is fixed for all Vera supported OS X versions.

  • Fixed an issue where securing a large file failed using Veracmd.

  • Fixed an issue where TAD Vera client (3.17) service stopped from time to time with the "Event 1000, application error" message on the Windows application logs and caused the key syncing to stop.

  • Fixed an issue where now admin has the option not to show the login button on the download page if User portal access is disabled.

  • Fixed an issue where the error messages provided too much information when you log in to the Vera portal.

  • Fixed an issue to merge the duplicate users and now the user count matches the export count.

  • Fixed an issue that was related to npm install/npm build that did not remove the files properly.

Back to Top