Monthly Release Notes - January 2022

Jump to:

 

Automate


Automate Schedule

Version 4.5.1

January 6, 2022

IMPORTANT: When updating to Automate Schedule version 4.4.1 or later, it is recommended you manually update your scripts to ensure proper connectivity to Automate Schedule web services. See Running the Automate Schedule Web Service for more information.

Fixes
  • Universal Connector version 1.3.4
    • The Apache Log4j JNDI vulnerability has been addressed by updating to 2.17.0.

Back to Top

 

Digital Defense

Frontline VM

Version 6.4.3.2

January 26, 2022

Enhancements
  • Moved additional logs into Loki logging subsystem for Frontline.Cloud.
Fixes
  • Corrected failure of some cases related to deleted user roles in Managed Account Users CSV Export.
  • Fixed the automatic spin down of Trial accounts on TryFrotnline.Cloud shortly after creation.
  • Fixed missing owner filed in CSV export of Managed Accounts Security GPAs.
  • Fixed spelling error in "Approved management access request user" filter.
  • Removed Test Credentials button from Credential management pages.
Version 6.4.3.1

January 19, 2022

Fixes
  • Fixed Asset and Scanner Profile IP address "is (or)" and "is not (or)" filtering that did not work properly.
  • Multiple fixes to Frontline TAP threat intelligence feed processing for Threat Rank.
  • Frontline.Cloud infrastructure fixes related to expiring certificates.

Version 6.4.3.0

January 12, 2022

New Features
  • Introduced comprehensive authenticated scan status and credential validity management.

    • See the success or failure of authenticated scans at all levels of scan results and reports.

    • Identify which credentials were used in each scan and if they are valid or not.

  • Added a comprehensive suite of management reports targeted specifically for MSPs.

    • Includes CSV reports, PDF reports and email alerts.

    • Manage customer base and understand usage and trends.

Enhancements
  • Added ability to search for vulnerabilities by authentication method (Bug 25256).

  • Added ability to supply custom trending intervals for reports (Bug 20480).

  • Added delay-time-period before automatically spinning down Trial accounts (Bug 25048).

  • Added support to filter scan results by a list of CVEs (Bug 23333).

  • Changed default RNA Access Request time to be 8 hours.

  • Deprecated Oracle Image Virtual RNA download.

  • Included authenticated scan status within reports (Bug 24978).

  • Introduced Asset Rating Trends Report.

  • Introduced SSL Certificates Report.

  • Introduced report review workflow into Frontline.Cloud (Bug 20672).

  • Introduced scoped credentials for authenticated scanning (Bug 24886).

  • Allow Trial account options to be set during Trial account creation.

  • Removed per-account limits for Virtual RNA appliance tokens.

  • Replaced Digital Defense, Inc with Digital Defense by HelpSystems.

  • Display authentication detect method on-hover for vulnerabilities (Bug 23369).

  • Improved support for NVD / PCI rating schemes within Frontline.Cloud (Bug 23934, 25071)

  • Introduced suite of MSP / Super account management reports (Bug 24793, 20040, 20517)

  • Replaced logo with favicon for themes list.

  • Implemented various infrastructure improvements and security updates.

Fixes
  • Removed rounding for Active Risk Score in some locations within Frontline UI and reports.

  • Fixed the incorrect inclusion of tag with Container scanning license when calculating usage.

  • Fixed Core Impact scan exports that could not be filtered by date range.

  • Corrected the mistake allowing the Credential PGP cipher text.

  • Fixed dysfunctional filtering on Frontline Agent list page.

  • Fixed IP Address filter that did not properly respect quoted search terms (Bug 25297).

  • Fixed slow speed on Manage RNAs list page.

  • Broken links to help pages on new account dashboard are resolved (Bug 24931)

  • Fixed performance for statistics object management.

  • Corrected body text on RNA Access Approved email.

  • Populated data in reports based on container scans.

  • Fixed error in scan insertion when ping-type is not defined (Bug 25011)

  • Fixed report options that are not displayed in the report's options appendix.

  • Updated super account usage metrics in instances of error.

  • Allowed additional groupings for Threat Landscape reports.

  • Corrected inability to upgrade Trial accounts to General accounts (Bug 25253, 25060).

  • Fixed various bugs for reports including grammar, spelling, and style fixes.

  • Fixed Virtual RNAs that could not be downloaded on TryFrontline.Cloud due to trade.gov API changes (Bug 25299).

Frontline WAS

Version 6.4.3.2

January 26, 2022

Enhancement
  • Moved additional logs into Loki logging subsystem for Frontline.Cloud.
Fixes
  • Fixed Managed Accounts Users for CSV Export failures in cases related to deleted user roles.
  • Fixed Trial accounts on TryFrontline.Cloud that automatically spin down shortly after being created.
  • Added clarity to Managed Accounts Security GPAs CSV Exports sort order by including owner field in CSV export.
  • Corrected the spelling error in "Approved management access request user" filter.
Version 6.4.3.1

January 19, 2022

Fixes
  • Added multiple fixes to Frontline TAP threat intelligence feed processing for Threat Rank.
  • Frontline.Cloud infrastructure fixes related to expiring certificates.
Version 6.4.3.0

January 12, 2022

New Features
  • Includes a comprehensive suite of management reports targeted specifically for MSPs utilizing Frontline.Cloud.
    • Reports include CSV reports, PDF reports and email alerts that allow MSPs to effectively manage their customer based and understand usage and trends.
Enhancements
  • Added ability to see raw request data for all users.
  • Added delay-time-period before automatically spinning down Trail accounts (Bug 25048).
  • Added support to filter scan results by a list of CVEs (Bug 23333).
  • Changed default RNA Access Request time to be 8 hours.
  • Deprecated Oracle Image Virtual RNA download.
  • Introduced report review workflow into Frontline.Cloud (Bug 20672).
  • Allowed Trial account options to be set during Trial account creation as an option.
  • Removed per-account limits for Virtual RNA appliance tokens.
  • Replaced Digital Defense, Inc with Digital Defense by HelpSystems.
  • Improved support for NVD / PCI rating schemes within Frontline.Cloud (Bug 23934, 25071).
  • Added suite of MSP / Super account management reports (Bug 24793, 20040, 20517).
  • Replaced logo with favicon for themes list.
  • Various infrastructure improvements and security updates.
  • Added WebApp Scan Export API.
Fixes
  • Fixed slow speed on Manage RNAs list page.
  • Corrected broken links to help pages on new account Dashboard (bug 24931).
  • Fixed incorrect body text in RNA Access Approved email.
  • Fixed display of report options in report's options appendix.
  • Updated super account usage metrics that failed in some instances.
  • Trial accounts can be upgraded to General accounts (Bug 25253, 25060).
  • Corrected various bugs for reports including grammar, spelling and style fixes.
  • Fixed Virtual RNAs that could not be downloaded on TryFrontline.Cloud due to trade.gov API changes (Bug 25299).

WAS Scanner

Version 1.0.33.0

January 5, 2022

New Features
  •  Includes new vulnerability checks: 
    • 147293 Apache HTTP Server Security Update 2.4.51 (High)
    • 147294 Drupal Security Advisory SA-CORE-2021-011 (Medium)
    • 147297 PHP December 2021 Security Update (Medium)
    • 147296 PHP November 2021 Security Update (Medium)
    • 147298 WordPress Arbitrary Code Execution Vulnerability (High)
    • 147290 WordPress Plugin: WP Fastest Cache Cross-Site Request Forgery (CSRF) Vulnerability (Medium)
    • 147291 WordPress Plugin: WP Fastest Cache SQL Injection Vulnerability (Medium)
    • 147283 WordPress Plugin: All In One SEO Authenticated Privilege Escalation Vulnerability (Medium)
    • 147284 WordPress Plugin: All In One SEO Authenticated SQL Injection Vulnerability (Medium)
    • 147285 WordPress Plugin: LiteSpeed Cache Cross-Site Scripting (XSS) Vulnerability (Medium)
    • 147286 WordPress Plugin: LiteSpeed Cache Cross-Site Scripting (XSS) Vulnerability (Medium)
    • 147287 WordPress Plugin: UpdraftPlus Stored Cross-Site Scripting (XSS) Vulnerability (Medium)
    • 147288 WordPress Plugin: UpdraftPlus Reflective Cross-Site Scripting (XSS) Vulnerability (Medium)
    • 147289 WordPress Plugin: UpdraftPlus Reflective Cross-Site Scripting (XSS) Vulnerability (Medium)
Enhancements
  • Includes several fixes and enhancements to the scanning engine and existing vulnerability checks.
Fixes
  • Updated Vulnerability Descriptions:
    • 104779 HTTP Header SQL Injection (High)
    • 132636 Potential Web Server Blind SQL Injection (High)
    • 104471 Web Server Blind SQL Injection (High)

Back to Top

 

Powertech


BoKS Control Center

Version: 8.1.0.1

Jan 31, 2022

  • Updated log4j dependency to version 2.17.1.

  • The log configuration for Log4j2 is not backwards compatible. A new log file log4j2.xml is used instead of AppcontrolLogging.xml. When upgrading, AppcontrolLogging.xml will be renamed to AppcontrolLogging.xml.bak. This means that any modifications that were made in AppcontrolLogging.xml must manually be transferred to the new log4j2.xml file to be effective.

Version: 8.0.0.4

Jan 28, 2022

  • Updated log4j dependency to version 2.17.1.

  • The log configuration for Log4j2 is not backwards compatible. A new log file log4j2.xml is used instead of AppcontrolLogging.xml. When upgrading, AppcontrolLogging.xml will be renamed to AppcontrolLogging.xml.bak. This means that any modifications that were made in AppcontrolLogging.xml must manually be transferred to the new log4j2.xml file to be effective.

Version: 7.2.0.3

Jan 28, 2022

  • Updated log4j dependency to version 2.17.1.

  • The log configuration for Log4j2 is not backwards compatible. A new log file log4j2.xml is used instead of AppcontrolLogging.xml. When upgrading, AppcontrolLogging.xml will be renamed to AppcontrolLogging.xml.bak. This means that any modifications that were made in AppcontrolLogging.xml must manually be transferred to the new log4j2.xml file to be effective.

Version: 6.7.0.4

Jan 28, 2022

  • Updated log4j dependency to version 2.17.1.

  • The log configuration for Log4j2 is not backwards compatible. A new log file log4j2.xml is used instead of AppcontrolLogging.xml. When upgrading, AppcontrolLogging.xml will be renamed to AppcontrolLogging.xml.bak. This means that any modifications that were made in AppcontrolLogging.xml must manually be transferred to the new log4j2.xml file to be effective.

  • In the section in the Installation Guide "Troubleshooting the Presentation Server", the file AppcontrolLogging.xml should be replaced with log4j2.xml, the code for activating debugging is

  • <Logger name="com.foxt.bcc" level="info" additivity="false">
    <AppenderRef ref="FILE"/>
    </Logger>

    and the parameters for log size and how many log files are retained are

    <SizeBasedTriggeringPolicy  size="32MB"/>
    <DefaultRolloverStrategy max="5"/>

BoKS Web Services Interface

Version: 8.1.0.1

Jan 24, 2022

  • Updated log4j dependency to version 2.17.1.

  • The log configuration for Log4j2 is not backwards compatible. A new log file log4j2.xml is used instead of AppcontrolLogging.xml. When upgrading, AppcontrolLogging.xml will be renamed to AppcontrolLogging.xml.bak. This means that any modifications that were made in AppcontrolLogging.xml must manually be transferred to the new log4j2.xml file to be effective.

  • The log4j.config.watch.seconds property in mds.properties is not used anymore. It is replaced by the monitorInterval parameter in the log4j2.xml file (default 30 seconds).

Version: 8.0.0.5

Jan 24, 2022

  • Updated log4j dependency to version 2.17.1.

  • The log configuration for Log4j2 is not backwards compatible. A new log file log4j2.xml is used instead of AppcontrolLogging.xml. When upgrading, AppcontrolLogging.xml will be renamed to AppcontrolLogging.xml.bak. This means that any modifications that were made in AppcontrolLogging.xml must manually be transferred to the new log4j2.xml file to be effective.

Version: 7.2.0.6

Jan 24, 2022

  • Updated log4j dependency to version 2.17.1.

  • The log configuration for Log4j2 is not backwards compatible. A new log file log4j2.xml is used instead of AppcontrolLogging.xml. When upgrading, AppcontrolLogging.xml will be renamed to AppcontrolLogging.xml.bak. This means that any modifications that were made in AppcontrolLogging.xml must manually be transferred to the new log4j2.xml file to be effective.

Version: 6.7.0.3

Jan 24, 2022

  • Updated log4j dependency to version 2.17.1.

  • The log configuration for Log4j2 is not backwards compatible. A new log file log4j2.xml is used instead of AppcontrolLogging.xml. When upgrading, AppcontrolLogging.xml will be renamed to AppcontrolLogging.xml.bak. This means that any modifications that were made in AppcontrolLogging.xml must manually be transferred to the new log4j2.xml file to be effective.

Powertech Antivirus for IBM i

Version 8.05

Jan 25, 2022

Enhancements
  • Powertech Antivirus now supports the detection and blocking of ransomware activity on IBM i. This extends the existing protection against ransomware storage, by blocking ransomware that encrypts files in the IFS.

  • Improved performance of AVSVR initialization.

  • Powertech Antivirus now uses the McAfee 6300 Anti-Malware Engine, which includes the following new features:
    • Enhanced threat landscape with added support for MPress (LZMAT) and DMG file-type support

    • Improved coverage on OLE and Microsoft Excel file-types

    • Better handling of VBA and Jar files and wider coverage for UPX packed files

    • Several bug fixes, and performance and security improvements

Fixes
  • On-access timeout now processed as seconds.

  • Removed scan file size limit of 2Gb.

  • Fixed "Data for key field 1804 not valid" issue.

  • Improved error messaging when path and file name too long.

  • Infected files on an iASP are now correctly quarantined.

  • In past versions, software updates for Powertech Antivirus for IBM i were provided through a mix of product installers and product PTFs. This process has been simplified so all software updates for Powertech Antivirus for IBM i are provided through product installers. In this version, menu items relating to the PTF-based product update process have been removed.

Back to Top

 

Robot


Robot Network

Version 13.03

Jan 4, 2022

  • Network License Manager provides ability to manage products in both *SYSBASE and an iASP.

  • Improved licensing across network with systems in different iASP groups.

  • Now correctly loads library with iASP name of 10 characters.

  • DB_POOL and AS400_POOL connections updated to use *CURUSR when running in *SYSBASE.

  • Fixed issue with Conversion Error CPF4AA7.

  • RBTNETPT password length increased to 16.

RBTSYSLIB

Version 2.05

Jan 4, 2022

• Network License Manager provides ability to manage products in both *SYSBASE and an iASP.

Back to Top

 

Sequel


Sequel 11

Version: R11M16

Jan 6, 2022

Enhancements
  • Support for IBM Db2 Mirror for i added.
Fixes
  • A fix was made to correct the way Script Views were being analyzed during the audit process. This caused corrupted entries into the journal receivers, and the data was not available to load into the audit history files

  • SQJCRO will now resolve the library when *LIBL is specified.

Sequel Web Interface

Version: R10M33

Jan 6, 2022

Sequel Web Server 2.9
  • Fixed issue where if after SWS 2.8 was upgrade e-mail notifications for scheduled Web Service Jobs were not being sent.

  • SWS Timestamp of Noon is saved to Excel as 00:00, but is displayed correctly as 12:00 in browser.

Viewpoint 11

Version: 11.21.362

Jan 6, 2022

Updates
  • Fixed issue where the 'Bring to Front' and 'Send to Back' options for objects in a dashboard were not saving with the dashboard.

  • Fixed issuer where *SERVER syntax did not show custom column heading that used single quotes. For instance, /<S- COLHDG('Order' 'Entry' 'Date' )-S>/.

  • Fixed issue where if a spreadsheet had spaces in its name, an error would display when doing a refresh (the addin was changing the space to an underscore).

  • Fixed issue where a refresh in the Excel addin would loose any cell formatting such as centering of text, background shading, italicized, and cell bordering.

  • Fixed Viewpoint Files & fields tab errors out when a join contains a between comparison.

  • Added back the missing Series Order option for charts when designing in a dashboard.

  • Fixed issue where if a spreadsheet was somehow corrupted and was missing the named ranges for a view, refreshing data caused a Ribbon Class Error (create range error). We added error handling when trying to get the named range. If an error occurs then fall back to using the range that should be in the add-in xml.

  • Fixed issue where text settings such as font, italics, underline and strikethrough are not getting saved with the dashboard.

Back to Top

 

Showcase


Showcase 10

Version: R10M16

Jan 6, 2022

Enhancements
  • Support for IBM Db2 Mirror for i added.

Fixes
  • A fix was made to correct the way Script Views were being analyzed during the audit process. This caused corrupted entries into the journal receivers, and the data was not available to load into the audit history files

  • SQJCRO will now resolve the library when *LIBL is specified.

Sequel Web Interface

Version: R10M33

Jan 6, 2022

Sequel Web Server 2.9
  • Fixed issue where if after SWS 2.8 was upgrade e-mail notifications for scheduled Web Service Jobs were not being sent.

  • SWS Timestamp of Noon is saved to Excel as 00:00, but is displayed correctly as 12:00 in browser.

Viewpoint 10

Version: 10.21.362

Jan 6, 2022

Updates
  • Fixed issue where the 'Bring to Front' and 'Send to Back' options for objects in a dashboard were not saving with the dashboard.

  • Fixed issuer where *SERVER syntax did not show custom column heading that used single quotes. For instance, /<S- COLHDG('Order' 'Entry' 'Date' )-S>/.

  • Fixed issue where if a spreadsheet had spaces in its name, an error would display when doing a refresh (the addin was changing the space to an underscore).

  • Fixed issue where a refresh in the Excel addin would loose any cell formatting such as centering of text, background shading, italicized, and cell bordering.

  • Fixed Viewpoint Files & fields tab errors out when a join contains a between comparison.

  • Added back the missing Series Order option for charts when designing in a dashboard.

  • Fixed issue where if a spreadsheet was somehow corrupted and was missing the named ranges for a view, refreshing data caused a Ribbon Class Error (create range error). We added error handling when trying to get the named range. If an error occurs then fall back to using the range that should be in the add-in xml.

  • Fixed issue where text settings such as font, italics, underline and strikethrough are not getting saved with the dashboard.

C&DS Migration Utility

Version: 10.21.362

Jan 6, 2022

Fixes
  • When using the ViewPoint migration utility to import a ShowCase 9 DBQ (query), the user space gets created with a null in the View Description. This is caused by a Column Heading that contains brackets in the dbq.

  • Add repository name to breadcrumbs when migrating a DBQ. This is used during migration of an XLSM that includes linked queries.

Back to Top

 

Titus


Policy Manager

Version 2022.01

January 2022

Enhancements
  • Various enhancements have been made to App Settings in Policy Manager such as updated tooltip text, descriptions, and error handling. Solutions and Products now list more user-friendly names such as Google Docs.

  • When creating a custom App Setting, Solutions and Products properly show which features are supported and Word Online.

Fixes
  • Web page becomes blank when accessing Policy Manager.

  • In the General tab of App Settings, the invalid change in the Description clears out unexpectedly.

  • When creating a custom App Setting and Configuration, "Default" can be used more than once.

  • The UI does not display properly after clicking Cancel in an error message.

  • The App Settings set name should be truncated when it is too long.

  • Event Logging in App Settings does not display correctly within the Enabled Loggers sections.

  • Super Tip description is wrong for On Check Policy Event and On New Event.

  • Duplicated text is displayed for tooltips.

  • An unexpected error displays when using <> to enclose text when creating a Schema field name.

 

Back to Top