Monthly Release Notes - October 2022

Jump to:

Agari Alert Logic Automate Boldon James
Bytware CCSS Clearswift Cobalt Strike
Core Security Digital Defense Digital Guardian Document Management (RJS)
FileCatalyst Globalscape GoAnywhere Halycon
HelpSystems One IBM Partnership Insite InterMapper
JAMS Powertech Robot Safestone
Sequel Showcase Skybot Tango/04
TeamQuest Titus Vera  

 

Alert Logic

Alert Logic Universal Agent

October 28, 2022 (Container image only)
Enhancements

  • Added ARM64 (aarch64) version of al-agent-container; both version and latest tags are now multi-arch.

Fixes

  • Fixed several Go runtime vulnerabilities due to outdated docker client binary in the container.

Back to Top

 

Cobalt Strike

Version: 4.7.2

October 17, 2022

Fixes

  • Hardening of the client against a RCE security issue within the Java Swing framework's support for HTML in components.

  • Fixed an issue with the example text in the font selection dialog.

  • Added a confirmation dialog for the Spear Phish preview dialog to confirm the user trusts the data used for the Spear Phish.

Back to Top

 

Digital Defense

Frontline Agent

Version 1.49.0

October 31, 2022

Supoort for the macOS Catalina version of Frontline Agent will be discontinued on February 1, 2023. After this date, the agent may stop sending scan results back to Frontline.Cloud until the host is upgraded to a version supported by the Frontline Agent.

Current Windows agent version: 1.48.0

Current macOS agent version: 1.48.0

Enhancements

  • Implemented the following new vulnerability checks:

    • 150003 Apple Security Update: macOS Big Sur 11.7.1 (Medium) - Mac
    • 150002 Apple Security Update: macOS Monterey 12.6.1 (Medium) - Mac
    • 150004 Apple Security Update: Safari 16.1 (High) - Mac
    • 149989 APSB22-44: Security Updates Available for Adobe ColdFusion (High) - Windows
    • 149993 Azul Zulu Critical Patch Update: OCTOBER-2022 (High) - Windows
    • 149987 Google Chrome: Multiple Vulnerabilities in Versions Less Than 106.0.5249.119 (High) - Windows, Mac
    • 149997 Java Critical Patch Update - CPU-JULY-2022 (High) - Windows, Mac
    • 149998 Java Critical Patch Update - CPU-OCTOBER-2022 (High) - Windows, Mac
    • 149999 macOS Catalina End of Life (High) - Mac
    • 149988 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 106.0.1370.47 (High) - Windows
    • 149990 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox 106 (High) - Windows, Mac
    • 149991 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox ESR 102.4 (High) - Windows, Mac
    • 149992 Mozilla Thunderbird: Multiple Vulnerabilities in Versions Less Than Thunderbird 102.4 (High) - Windows
    • 149995 Visual Studio Code Information Disclosure Vulnerability (High) - Windows
    • 149994 Visual Studio Code Remote Code Execution Vulnerability (High) - Windows
Version 1.48.0

October 19, 2022

Current Windows agent version: 1.48.0

Current macOS agent version: 1.48.0

Enhancements

  • Implemented the following new vulnerability checks:

    • 149905 Google Chrome: Multiple vulnerabilities in versions less than 106.0.5249.61 (High) - Windows, Mac
    • 149904 Google Chrome: Multiple vulnerabilities in versions less than 106.0.5249.91 (High) - Windows, Mac
    • 149851 Microsoft Silverlight End of LIfe (High) - Windows
    • 149907 Mozilla Thunderbird: Multiple vulnerabilities in versions less than Thunderbird 102.3.1 (High) - Windows
    • 149948 MS22-OCT: Microsoft Office Security Update (High) - Windows, Mac
    • 149949 MS22-OCT: Microsoft Sharepoint Server Security Update (High) - Windows
    • 149947 MS22-OCT: Microsoft Windows Security Update (High) - Windows
    • 149957 Zoom MacOS Client Open API Debugging Port (High) - Mac
Version 1.47.0

October 5, 2022

Support for macOS Mojave ends with the release of Frontline Agent 1.47.0. Additionally, support for Apple Silicon has been added.

Current Windows agent version: 1.47.0

Current macOS agent version: 1.47.0

Enhancements

  • Implemented the following new vulnerability checks:

    • 149791 APSB22-50: Security Updates Available for Adobe InDesign (High) - Windows
    • 149792 APSB22-52: Security Updates Available for Adobe Photoshop CC (High) - Windows
    • 149789 Google Chrome: Multiple Vulnerabilities in Versions Less Than 105.0.5195.125 (High) - Windows, Mac>
    • 149790 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 105.0.1343.42 (High) - Windows
    • 149793 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox 105 (High) - Windows, Mac
    • 149794 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox ESR 102.3 (High) - Windows, Mac
    • 149795 Mozilla Thunderbird: Multiple Vulnerabilities in Versions Less Than Thunderbird 102.3 (High) - Windows
    • 149796 Mozilla Thunderbird: Multiple Vulnerabilities in Versions Less Than Thunderbird 91.13.1 (High) - Windows
    • 149637 MS13-098: Vulnerability in Windows Could Allow Remote Code Execution - Registry Entry Not Set (High) - Windows
    • 149848 Visual Studio Code Elevation of Privilege Vulnerability (High) - Windows
    • 149839 wnpa-sec-2022-06: Security Update Available for Wireshark (Low) - Windows, Mac

Frontline NIRV Scanner

Version 4.9.3

October 28, 2022

Enhancements

Updated authenticated scanning checks and network explicit checks listed:

  • 148769 Amazon Linux Security Advisory: ALAS-2022-1585 (High)

  • 149989 APSB22-44: Security Updates Available for Adobe ColdFusion (High)

  • 149993 Azul Zulu Critical Patch Update: OCTOBER-2022 (High)

  • 149974 ELSA-2022-6854: gnutls and nettle security, bug fix, and enhancement update (Low)

  • 149961 ELSA-2022-6911: .NET 6.0 security and bugfix update (Low)

  • 149985 ELSA-2022-6912: .NET Core 3.1 security and bugfix update (Low)

  • 149979 ELSA-2022-6913: .NET 6.0 security and bugfix update (Low)

  • 149966 ELSA-2022-6963: nodejs security update (Medium)

  • 149965 ELSA-2022-6964: nodejs:16 security update (Medium)

  • 149967 ELSA-2022-6999: java-17-openjdk security and bug fix update (Low)

  • 149980 ELSA-2022-7000: java-17-openjdk security and bug fix update (Low)

  • 149975 ELSA-2022-7002: java-1.8.0-openjdk security and bug fix update (Low)

  • 149962 ELSA-2022-7006: java-1.8.0-openjdk security update (Low)

  • 149970 ELSA-2022-7007: java-1.8.0-openjdk security update (Low)

  • 149981 ELSA-2022-7008: java-11-openjdk security and bug fix update (Low)

  • 149977 ELSA-2022-7012: java-11-openjdk security and bug fix update (Low)

  • 149973 ELSA-2022-7013: java-11-openjdk security and bug fix update (Low)

  • 149972 ELSA-2022-7020: firefox security update (Medium)

  • 149984 ELSA-2022-7023: thunderbird security update (Medium)

  • 149982 ELSA-2022-7024: firefox security update (Medium)

  • 149969 ELSA-2022-7026: thunderbird security update (Medium)

  • 149978 ELSA-2022-7071: firefox security update (Medium)

  • 149963 ELSA-2022-7086: pki-core security update (Low)

  • 149983 ELSA-2022-7088: libksba security update (Medium)

  • 149976 ELSA-2022-7089: libksba security update (Medium)

  • 149964 ELSA-2022-7090: libksba security update (Medium)

  • 149960 ELSA-2022-9926: Unbreakable Enterprise kernel security update (Medium)

  • 149968 ELSA-2022-9927: Unbreakable Enterprise kernel-container security update (Medium)

  • 149959 ELSA-2022-9930: Unbreakable Enterprise kernel security update (Medium)

  • 149971 ELSA-2022-9931: Unbreakable Enterprise kernel-container security update (Medium)

  • 149987 Google Chrome: Multiple Vulnerabilities in Versions Less Than 106.0.5249.119 (High)

  • 149997 Java Critical Patch Update - CPU-JULY-2022 (High)

  • 149998 Java Critical Patch Update - CPU-OCTOBER-2022 (High)

  • 149988 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 106.0.1370.47 (High)

  • 149990 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox 106 (High)

  • 149991 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox ESR 102.4 (High)

  • 149992 Mozilla Thunderbird: Multiple Vulnerabilities in Versions Less Than Thunderbird 102.4 (High)

  • 149996 Oracle Database Critical Patch Update: October 2022 (High)

  • 149995 Visual Studio Code Information Disclosure Vulnerability (High)

  • 149994 Visual Studio Code Remote Code Execution Vulnerability (High)

  • 149986 VMware Security Advisory: VMSA-2022-0025 (Low)

Fixes

Updated Vulnerability Descriptions:

  • 149951 Fortinet Authentication Bypass Vulnerability (Critical)

  • 149905 Google Chrome: Multiple Vulnerabilities in Versions Less Than 106.0.5249.61 (High)

  • 149904 Google Chrome: Multiple Vulnerabilities in Versions Less Than 106.0.5249.91 (High)

  • 149851 Microsoft Silverlight End of Life (High)

  • 149907 Mozilla Thunderbird: Multiple Vulnerabilities in Versions Less Than Thunderbird 102.3.1 (High)

  • 149948 MS22-OCT: Microsoft Office Security Update (High)

  • 149949 MS22-OCT: Microsoft Sharepoint Server Security Update (High)

  • 149947 MS22-OCT: Microsoft Windows Security Update (High)

Version 4.8.2

October 18, 2022

Enhancements

Updated authenticated scanning checks and network explicit checks listed:

  • 149951 Fortinet Authentication Bypass Vulnerability (Critical)
Fixes

Updated Vulnerability Descriptions:

  • 149791 APSB22-50: Security Updates Available for Adobe InDesign (High)

  • 149792 APSB22-52: Security Updates Available for Adobe Photoshop CC (High)

  • 149852 Drupal Security Advisory SA-CORE-2022-016 (High)

  • 149789 Google Chrome: Multiple Vulnerabilities in Versions Less Than 105.0.5195.125 (High)

  • 149854 ISC Bind Buffer Overread Vulnerability (Medium)

  • 149853 ISC Bind Denial of Service (DoS) Vulnerability (Medium)

  • 149855 ISC Bind Denial of Service (DoS) Vulnerability (High)

  • 149856 ISC Bind Denial of Service (DoS) Vulnerability (High)

  • 149857 ISC BIND Security Advisory September 2022 (High)

  • 149858 Lighttpd Denial of Service (DoS) Vulnerability (High)

  • 149790 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 105.0.1343.42 (High)

  • 149851 Microsoft Silverlight End of Life (High)

  • 149793 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox 105 (High)

  • 149794 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox ESR 102.3 (High)

  • 149795 Mozilla Thunderbird: Multiple Vulnerabilities in Versions Less Than Thunderbird 102.3 (High)

  • 149796 Mozilla Thunderbird: Multiple Vulnerabilities in Versions Less Than Thunderbird 91.13.1 (High)

  • 149637 MS13-098: Vulnerability in Windows Could Allow Remote Code Execution - Registry Entry Not Set (High)

  • 149860 PHP Cookie Integrity Vulnerability (Medium)

  • 149859 PHP Denial of Service (DoS) Vulnerability (Medium)

  • 149848 Visual Studio Code Elevation of Privilege Vulnerability (High)

  • 149839 wnpa-sec-2022-06: Security Update Available for Wireshark (Low)

Version 4.8.1

October 13, 2022

Enhancements

Updated authenticated scanning checks and network explicit checks listed:

  • 149945 AIX Security Advisory: rpm_advisory (Medium)

  • 149946 AIX Security Advisory: zlib_advisory (High)

  • 149909 Amazon Linux Security Advisory: ALAS-2022-1636 (High)

  • 149908 Amazon Linux Security Advisory: ALAS-2022-1637 (Low)

  • 149910 Amazon Linux Security Advisory: ALAS-2022-1638 (Medium)

  • 149933 Cisco Security Advisory: CISCO-SA-ALG-DOS-KU9Z8KFX (High)

  • 149938 Cisco Security Advisory: CISCO-SA-C9800-MOB-DOS-342YAC6J (High)

  • 149937 Cisco Security Advisory: CISCO-SA-CWLC-SNMPIDV-RNYYQZUZ (Medium)

  • 149936 Cisco Security Advisory: CISCO-SA-EWC-PRIV-ESC-NDERYLTK (High)

  • 149944 Cisco Security Advisory: CISCO-SA-IOS-XE-CAT-VERIFY-D4NEQA6Q (High)

  • 149943 Cisco Security Advisory: CISCO-SA-IOSXE-6VPE-DOS-TJBTF5ZV (High)

  • 149935 Cisco Security Advisory: CISCO-SA-IOSXE-CIP-DOS-9RTBKLT9 (High)

  • 149934 Cisco Security Advisory: CISCO-SA-IOSXE-MPLS-DOS-AB4OUL3 (High)

  • 149942 Cisco Security Advisory: CISCO-SA-SSH-EXCPT-DOS-FZOBQTNK (High)

  • 149941 Cisco Security Advisory: CISCO-SA-WEBUI-CMDINJ-GJE47EMN (Medium)

  • 149940 Cisco Security Advisory: CISCO-SA-WLC-DHCP-DOS-76PCJPXK (High)

  • 149939 Cisco Security Advisory: CISCO-SA-WLC-UDP-DOS-XDYEWHNZ (High)

  • 149902 Debian Security Advisory: DLA-3108-1 (Medium)

  • 149903 Debian Security Advisory: DLA-3109-1 (Medium)

  • 149890 Debian Security Advisory: DLA-3114-1 (Medium)

  • 149888 Debian Security Advisory: DLA-3117-1 (Medium)

  • 149892 Debian Security Advisory: DLA-3118-1 (Medium)

  • 149886 Debian Security Advisory: DLA-3120-1 (Medium)

  • 149897 Debian Security Advisory: DLA-3122-1 (Medium)

  • 149883 Debian Security Advisory: DLA-3125-1 (Medium)

  • 149885 Debian Security Advisory: DLA-3126-1 (Medium)

  • 149896 Debian Security Advisory: DLA-3127-1 (Medium)

  • 149898 Debian Security Advisory: DLA-3129-1 (High)

  • 149891 Debian Security Advisory: DLA-3130-1 (Medium)

  • 149901 Debian Security Advisory: DLA-3137-1 (High)

  • 149884 Debian Security Advisory: DLA-3141-1 (High)

  • 149887 Debian Security Advisory: DLA-3144-1 (Medium)

  • 149900 Debian Security Advisory: DSA-5229-1 (High)

  • 149893 Debian Security Advisory: DSA-5231-1 (Medium)

  • 149894 Debian Security Advisory: DSA-5234-1 (Medium)

  • 149895 Debian Security Advisory: DSA-5239-1 (Medium)

  • 149889 Debian Security Advisory: DSA-5242-1 (High)

  • 149899 Debian Security Advisory: DSA-5246-1 (Medium)

  • 149852 Drupal Security Advisory SA-CORE-2022-016 (High)

  • 149874 ELSA-2022-22254: squid security update (High)

  • 149868 ELSA-2022-6700: firefox security update (Medium)

  • 149862 ELSA-2022-6702: firefox security update (Medium)

  • 149880 ELSA-2022-6708: thunderbird security update (Medium)

  • 149870 ELSA-2022-6717: thunderbird security update (Medium)

  • 149882 ELSA-2022-6763: bind security update (Medium)

  • 149873 ELSA-2022-6765: bind security update (Medium)

  • 149866 ELSA-2022-6775: squid:4 security update (Medium)

  • 149878 ELSA-2022-6778: bind security update (Medium)

  • 149861 ELSA-2022-6781: bind9.16 security update (Medium)

  • 149872 ELSA-2022-6815: squid security update (Medium)

  • 149877 ELSA-2022-6820: prometheus-jmx-exporter security update (Low)

  • 149864 ELSA-2022-6834: expat security update (Medium)

  • 149871 ELSA-2022-6838: expat security update (Medium)

  • 149863 ELSA-2022-6839: squid security update (Medium)

  • 149876 ELSA-2022-9852: Unbreakable Enterprise kernel security update (High)

  • 149879 ELSA-2022-9853: kubernetes security update (Medium)

  • 149881 ELSA-2022-9854: kubernetes security update (Medium)

  • 149875 ELSA-2022-9855: kubernetes security update (Medium)

  • 149865 ELSA-2022-9856: kubernetes security update (Medium)

  • 149867 ELSA-2022-9870: Unbreakable Enterprise kernel security update (Medium)

  • 149869 ELSA-2022-9871: Unbreakable Enterprise kernel-container security update (Medium)

  • 149905 Google Chrome: Multiple Vulnerabilities in Versions Less Than 106.0.5249.61 (High)

  • 149904 Google Chrome: Multiple Vulnerabilities in Versions Less Than 106.0.5249.91 (High)

  • 149854 ISC Bind Buffer Overread Vulnerability (Medium)

  • 149853 ISC Bind Denial of Service (DoS) Vulnerability (Medium)

  • 149855 ISC Bind Denial of Service (DoS) Vulnerability (High)

  • 149856 ISC Bind Denial of Service (DoS) Vulnerability (High)

  • 149857 ISC BIND Security Advisory September 2022 (High)

  • 149858 Lighttpd Denial of Service (DoS) Vulnerability (High)

  • 149851 Microsoft Silverlight End of Life (High)

  • 149907 Mozilla Thunderbird: Multiple Vulnerabilities in Versions Less Than Thunderbird 102.3.1 (High)

  • 149948 MS22-OCT: Microsoft Office Security Update (High)

  • 149949 MS22-OCT: Microsoft Sharepoint Server Security Update (High)

  • 149947 MS22-OCT: Microsoft Windows Security Update (High)

  • 149860 PHP Cookie Integrity Vulnerability (Medium)

  • 149859 PHP Denial of Service (DoS) Vulnerability (Medium)

  • 149912 RHSA-2022:6763: bind security update (Medium)

  • 149921 RHSA-2022:6765: bind security update (Medium)

  • 149917 RHSA-2022:6775: squid:4 security update (Medium)

  • 149919 RHSA-2022:6778: bind security update (Medium)

  • 149922 RHSA-2022:6781: bind9.16 security update (Medium)

  • 149914 RHSA-2022:6815: squid security update (Medium)

  • 149918 RHSA-2022:6820: prometheus-jmx-exporter security update (Low)

  • 149915 RHSA-2022:6834: expat security update (Medium)

  • 149911 RHSA-2022:6838: expat security update (Medium)

  • 149916 RHSA-2022:6839: squid security update (Medium)

  • 149920 RHSA-2022:6854: gnutls and nettle security, bug fix, and enhancement update (Low)

  • 149913 RHSA-2022:6878: expat security update (Medium)

  • 149848 Visual Studio Code Elevation of Privilege Vulnerability (High)

  • 149929 [USN-5371-3] nginx vulnerability (Medium)

  • 149923 [USN-5651-1] strongSwan vulnerability (Medium)

  • 149924 [USN-5651-2] strongSwan vulnerability (Medium)

  • 149925 [USN-5653-1] Django vulnerability (Medium)

  • 149931 [USN-5657-1] Graphite2 vulnerability (Medium)

  • 149926 [USN-5658-1] DHCP vulnerabilities (Medium)

  • 149927 [USN-5661-1] LibreOffice vulnerabilities (Medium)

  • 149928 [USN-5663-1] Thunderbird vulnerabilities (Medium)

  • 149932 [USN-5665-1] PCRE vulnerabilities (Medium)

  • 149930 [USN-5666-1] OpenSSH vulnerability (Medium)

Fixes

Updated Vulnerability Descriptions:

  • 149791 APSB22-50: Security Updates Available for Adobe InDesign (High)

  • 149792 APSB22-52: Security Updates Available for Adobe Photoshop CC (High)

  • 149789 Google Chrome: Multiple Vulnerabilities in Versions Less Than 105.0.5195.125 (High)

  • 149790 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 105.0.1343.42 (High)

  • 149793 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox 105 (High)

  • 149794 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox ESR 102.3 (High)

  • 149795 Mozilla Thunderbird: Multiple Vulnerabilities in Versions Less Than Thunderbird 102.3 (High)

  • 149796 Mozilla Thunderbird: Multiple Vulnerabilities in Versions Less Than Thunderbird 91.13.1 (High)

  • 149637 MS13-098: Vulnerability in Windows Could Allow Remote Code Execution - Registry Entry Not Set (High)

  • 149839 wnpa-sec-2022-06: Security Update Available for Wireshark (Low)

Back to Top

 

Digital Guardian

Agent for Windows

Version: 7.8.4

Oct, 2022

New Features

  • Enhancement to WIP Auto-Skip Operational Alert: The WIP Auto Skip Domain Detected Operational Alert now reports the URL of the website where an Auto-Skip event is detected as a result of an HTTP request.

    The Op Alert details for Auto-Skip cf or imp, and sometimes tls-reneg, display the URL for the Auto-Skip event. Auto-skips that are detected when a connection is being established, such as mtls and, in some cases, tls-reneg, have no URL that can be reported.

    This enhancement currently applies only to Cloudflare, Imperva, and TLS renegotiation. For more information, see "Operational Alerts Report" in Digital Guardian Management Console User's Guide.

  • Boldon James Classifier Updates:

    The following newer versions of Boldon James software have been certified with Agent for Windows 7.8.4:

    • Classifier Administration Server 3.19.2

    • Email and Office Classifier 3.18.22

    • File Classifier 3.16.7.1

  • Documentation Changes: Information about the Sub rule operator has been changed in the "Rule Variables" chapter of Digital Guardian Rule Implementation Guide:

    • The topic "Subtracting Variables With Sub" has been edited to remove information that no longer applies. The text now reads: "Sub removes a stored value from an array."

    • The topic "Using Sub To Declare a Rule Variable" no longer applies and has been removed.

Fixes

  • When a DG Agent upgrade was performed using Microsoft Endpoint Configuration Manager (formerly System Center Configuration Manager, or SCCM), the DGMC, or an interactive MSI installer, the value of the enableStatus Windows Registry key in HKEY_LOCAL_MACHINE\SOFTWARE\VDG/status) did not change when the user expected it to. This is resolved with an update to DG documentation. See Critical Notice "Agent Upgrade Status in Registry Linked to Query Interval" on page 1" and "Agent Upgrade Status in Registry" in Digital Guardian Management Console User's Guide, v8.5.1.

  • DG added a cache to its process for validating server certificates for storing the results of attempts to resolve missing intermediate certificates. This should help reduce repeated connection timeouts that occurred when a missing intermediate certificate could not be retrieved and the attempt to locate it required a fairly long time before failing.

  • A rule that uses address bar value in the web browser to detect and block access to unapproved external websites was incorrectly triggered on Mozilla Firefox due to an error in the DG plug-in for Firefox. A change to the plug-in code resolved the issue.

  • Using a USB device with Removable Media Encryption (RME) sometimes caused a system crash due to a race condition during USB mounting. A code change resolved the issue.

  • When WinRAR extracted an XZ compressed archive containing a .rar file, the DG Agent triggered a FileArchive event, and the Local Forensic Report showed a few of the source files as files extracted from the archive and showed the destination file as the .rar file extracted from the archive. A code fix now allows the Agent to differentiate between compression and extraction processes.

  • Multiple rules containing the constOpFileSaveAs constant all executed on a File > Save As operation, regardless of their priority or the fact that Continue Rule Evaluation was set to No. This caused failures in control rules that had an action other than Alert. DG had the customer upgrade to an Agent version where the issue does not exist.

Back to Top

 

FileCatalyst

Version 3.8.6 - Build 43

October 26, 2022

Updates

  • All - Update Amazon Corretto to version 8.332.08.1.

  • All - Multiple security fixes.

  • All - Modernized look and feel.

  • Server - TLS 1.3 support.

  • Server - HTML Remote Admin now allows the creation of self-signed certificates for testing and demo purposes.

  • HotFolder - MD5s now included in HotFolder data reports.

  • Server, HotFolder, TransferAgent - Labs: New Rate-based Congestion Control Algorithm.

  • Server, HotFolder, Central - Ability to enforce strong password policy.

  • Central, LoadBalancer - LoadBalancer now has built in sticky sessions, where a multiclient task execution will utilize the same server.

Fixes

  • All - Various UI fixes.

  • Central - FileDetails CSV export has Null in Task ID and Name columns.

  • Central - FileDetails CSV export has swapped Task ID and Name column values.

  • Server - Issue with diagnostic generation on shutdown.

  • HotFolder - Thread leak causing HotFolder to hang.

  • HotFolder - No task logging, after first execution.

  • TransferAgent - TransferAgent would incorrectly reset connections when receiving multiple transfer requests.

  • Server, TransferAgent - SessionID is not relevant to the FileCatalyst TransferAgent.

Back to Top

 

Globalscape

Version 8.1.0.11

October 31, 2022

Fixes

EFT Event Rules

  • Fixed an issue where Timer Event Rules configured for Daily runs would not trigger on Monday.

There are currently no updates.

Back to Top

 

Intermapper

Version: 6.6.0

October 13, 2022

New Features

  • Added support for new platforms: Windows 2022 Server, Ubuntu 21.04, 22.04, MacOS 11.

  • Added new license type 'Subscription'.

  • Updated icons for devices in Intermapper.

Enhancements

  • Added Advanced Network Mapping Capability (Virtual Network Monitoring for AWS).

  • Included SHA-2 in supported SNMPv3 Auth options.

  • Added functionality to control if interface status change would effect device status changing.

  • Added watermark on maps for 'Trial License Only'.

  • Added TLSv1.3 functionality.

  • Added SystemD for management of Intermapper services for Linux, and updated to conform with the Linux File Systems for packaged applications. Refer to the Installation Guide for further details on updating Linux to 6.6.

Fixes

  • Updated LibPNG related libraries, addressed vulnerability CVE-2019-7317.

  • Resolved Layer-2 scan fails to complete.

  • Resolved IMDC database failure with CheckViolation error.

  • New link alert configuration features work correctly under version skew.

  • Resolved issues with non-default installation locations on Windows, Linux and MacOS.

  • Fixed incorrect disk space check during database migration/upgrade.

  • Fixed port 636 failure caused IM Database to have strings more than 256 chars.

  • Resolved failure in LDAP authentication.

  • Resolved setting a password for Intermapper DataCenter not holding.

  • Resolved TCP dropping and server stuck spinning on ETIMEDOUT.

  • Support SNMP community starting with @.

  • Resolved TLS error on HTTPS probe (Inbuilt Probe).

  • Resolved E-mail notifications not sending using external SMTP server.

  • Resolved comment import no-op for file import with .csv.

  • Resolved error when using import and save custom SSL certificate in the IMDC.

Back to Top

 

Powertech

Boks Manager

Version 8.1 (version update)

October 05, 2022

New Features

  • Support is added for BoKS Manager and BoKS Server Agent 8.1 on Red Hat Enterprise Linux 9 on x64.

BoKS Reporting Services

Version 8.1.0.4

October 12, 2022

Fixes

  • Implementation details have been hidden from the general error page.

  • A bad request can result in a general error page. This page revealed application implementation specifics, such as an application stack trace. This information has been removed from the error page.

  • A fix has been applied so that the import status is updated when a permission denied error reading the dump file occurs.

  • Upgraded Spring, Spring Boot, jackson-databind, moment.js and Snakeyaml dependencies. (CVE-2022-42003, CVE-2022-42004, CVE-2020-36518, CVE-2022-22950, CVE-2022-38750, CVE-2022-22970, CVE-2022-38751, CVE-2022-25857, CVE-2022-38752, CVE-2022-38752, CVE-2022-24785, CVE-2022-31129).

Version 8.0.0.9

October 12, 2022

Fixes

  • Implementation details have been hidden from the general error page.

  • A bad request can result in a general error page. This page revealed application implementation specifics, such as an application stack trace. This information has been removed from the error page.

  • Upgraded Spring, Spring Boot, jackson-databind, moment.js and Snakeyaml dependencies. (CVE-2022-42003, CVE-2022-42004, CVE-2020-36518, CVE-2022-22950, CVE-2022-38750, CVE-2022-22970, CVE-2022-38751, CVE-2022-25857, CVE-2022-38752, CVE-2022-38752, CVE-2022-24785, CVE-2022-31129).

Version 7.2.0.9

October 12, 2022

Fixes

  • Implementation details have been hidden from the general error page.

  • A bad request can result in a general error page. This page revealed application implementation specifics, such as an application stack trace. This information has been removed from the error page.

  • Upgraded Spring, Spring Boot, jackson-databind, moment.js and Snakeyaml dependencies. (CVE-2022-42003, CVE-2022-42004, CVE-2020-36518, CVE-2022-22950, CVE-2022-38750, CVE-2022-22970, CVE-2022-38751, CVE-2022-25857, CVE-2022-38752, CVE-2022-38752, CVE-2022-24785, CVE-2022-31129).

BoKS Control Center

Version 8.1.1.1

October 25, 2022

This release includes the following security fixes:

  • Hide implementation details from general error page.

  • A bad request can result in a general error page. This page revealed application implementation specifics, such as an application stack trace. This information has been removed from the error page.

  • Changing sudo protection for host via list menu resets home directory to /home.

  • Fixed issue with the host menu causing the home directory to be reset to /home when changing the sudo protection setting in the list without first opening the details row.

  • Upgraded dependencies.

  • Upgraded Spring to 5.3.23.

  • Upgraded Snakeyaml to 1.33.

Version 8.1.0.3

October 25, 2022

This release includes the following security fixes:

  • Hide implementation details from general error page.

  • A bad request can result in a general error page. This page revealed application implementation specifics, such as an application stack trace. This information has been removed from the error page.

  • Changing sudo protection for host via list menu resets home directory to /home.

  • Fixed issue with the host menu causing the home directory to be reset to /home when changing the sudo protection setting in the list without first opening the details row.

  • Upgraded dependencies.

  • Upgraded Spring to 5.3.23.

  • Upgraded Snakeyaml to 1.33.

Version 8.0.0.6

October 25, 2022

This release includes the following security fixes:

  • Hide implementation details from general error page.

  • A bad request can result in a general error page. This page revealed application implementation specifics, such as an application stack trace. This information has been removed from the error page.

  • Upgraded dependencies.

  • Upgraded Spring to 5.3.23.

  • Upgraded Snakeyaml to 1.33

Version 7.2.0.5

October 25, 2022

This release includes the following security fixes:

  • Hide implementation details from general error page.

  • A bad request can result in a general error page. This page revealed application implementation specifics, such as an application stack trace. This information has been removed from the error page.

  • Upgraded dependencies.

  • Upgraded Spring to 5.3.23.

  • Upgraded Snakeyaml to 1.33.

Back to Top

Titus

Illuminate

Version 2022.1

October 24, 2022

New Features

  • Illuminate can now scan files and folders with Microsoft sensitivity labels in Microsoft Office 365. You can map Microsoft sensitivity labels to Titus fields and values, so that Titus’s users can process documents and emails from Microsoft users. Illuminate Scanning UI now contains a Propagate label feature to apply the contents and formatting of Microsoft labels to Titus labels and vice versa.

Enhancements

  • Illuminate can now scan files referenced in symbolic links.

  • Support for Office 365 authentication. If you are using an Office 365 authentication URL (such as GCC high), you can configure that URL in the commonappsettings.config file.

  • Using a Custom Action, you can populate the value of a new custom document property with the value of an existing document property (for example, last modified date) plus a time offset.

Fixes

  • Illuminate does not show Original Document Classification for documents that are already classified

  • Error appears when upgrading Illuminate from a previous version. See the Titus Illuminate Deployment Guide for a workaround.

  • Cannot generate a SharePoint Online/OneDrive token to authorize a cloud provider.

Policy Manager

Version 2022.10

October 21, 2022

New Features

  • Can now configure Schemas, Policies, App Settings, and Configurations and publish a TCPG file for Titus Classification for Windows using Policy Manager

  • Users can use their own custom image in the Ribbon and Classification Select dialog

  • Added Templates to Policy Manager so users can start configuring faster (supported in Titus Classification Suite for Windows only)

Enhancements
  • Improved messages in error dialogs and improved tooltips for Action parameters
  • Renamed Event Logging in App Settings to Event Logging for Email and Event Logging for Documents
  • Moved ability to set the Solution and Event to the same area in the UI as naming a Policy
  • Removed Analytic Dashboard from Titus Console
Fixes

  • App Setting Event Logging throws error when selected value is being changed

  • Schema field name maximal value is being trimmed in unique name from 800 to 400 symbols

  • Unexpected Error when trying to create new policy with 800 digit name

  • Policy name: "Unexpected error" is shown when special characters <>&*|,;[] are used

Titus Console

Version 2022.10

October 12, 2022

Enhancements

  • Removed Analytic Dashboard from Titus Console.

Titus Data Detection Engine

Version 2022.10

October 12, 2022

Enhancements

  • Removed Analytic Dashboard from Titus Console.

Titus Classification for Google Workspace

Version 2022.12 HF1

December 16, 2022

Fixes

  • Fixed bug that prevented users from editing and saving a Google Calendar meeting event.

Back to Top

Vera

Version 3.21.0

October 2022

New Features

  • Vera allows you to secure files based on classification labels and tags. For each classification tag, you can apply rules based on auto-selected folder membership access or group-based membership access for files that are manually or automatically classified. The Classification Rules tab replaces the combined functionalities of the Partner Policy Mapping and Partner Policy Share Mapping tabs.

Updates

  • Vera provides an option to their customers to copy Vera events from an AWS S3 bucket, without the need to open inbound ports to their environment or set up a Syslog server.

  • The Vera agent may be unstable if the endpoint user installs Vera software first and then an administrator installs System Center Configuration Manager (SCCM). Vera’s installation procedures have been updated to remove user-based installation when Vera is deployed by an administrator via SCCM installation. Vera recommends rebooting the endpoint after the administrator installation.

  • Vera has integrated the Titus C++ SDK into the Vera SDK, so when the Netskope discovery scans the file and identifies the partner policy tag, Vera can internally call the Titus SDK to write the Titus data classification tag on the file in Titus readable format and then encrypt the file.

  • Vera announces the end of support for macOS Mojave in this release.

  • SharePoint support for rendering all VIB-supported files on the browser if the supported application is not present on the desktop.

  • Kerberos Single Sign-On Integration - Logs a user into the Vera client automatically if the user signs into Windows via Active Directory.

Fixes

  • Fixed an issue where the access request emails were not sent.

  • Fixed the low-risk vulnerabilities that were identified by Capital One's internal team.

  • Fixed an issue where the SDK third-party authentication OAuth token expires.

  • Fixed an issue where user’s session credentials are passed through the URL instead of a cookie.

  • Fixed an issue where the application was allowing the client to specify a cipher suite that uses insecure encryption and/or hashing algorithms.

  • Fixed an issue where the user export report and the dashboard count do not agree.

  • Fixed an issue by creating an API that returns the tenant's correct number of TAD sync-able documents.

  • Fixed a security issue with SAML authentication which allowed the user to log in via SAML into the Vera portal even though they were not whitelisted in the authentication settings.

  • Fixed an issue where all the file copies were not displayed on the File Details window.

  • Fixed an issue where a time-bomb error was reported when the files were opened in the browser.

  • Upgraded all the Vera connectors to 3.19.1, allowing the security teams to rescan vulnerabilities.

  • Fixed an issue where the watermark is missing when printing a TIFF file to paper from the Windows Photo Viewer.

  • Fixed an issue where the multi-install fix is not working when the user is not signed out from the machine.

Back to Top