Monthly Release Notes - February 2023
Boldon James
Classifier Administration Server
Version 3.19.3
February 27, 2023
New Features
-
Added “Remove Field Codes" rule in the Apply rules category.
-
Added "Allow Classification of Unlabelled Attachments when Sending Emails" Application Setting. You can label attachments from the compose window context menu, or from the policy check dialog when an “Unlabelled Attachment Check” result is shown.
-
Added "Mask message attachment labels on Open/Close" Privacy Setting.
Enhancements
-
Updated UI with Fortra branding guidelines.
Classifier API
Version 1.3.3
February 27, 2023
Enhancements
-
Updated UI with Fortra branding guidelines.
-
Confirmed support for Windows 11 and Windows Server 2022.
Fixes
-
Updated API to the latest Common Components.
-
Fixed installer upgrade issue.
Email and Office Classifier
Version 3.19.0
February 27, 2023
New Features
-
Added “Remove Field Codes" rule in the Apply rules category.
-
Added "Allow Classification of Unlabelled Attachments when Sending Emails" Application Setting. You can label attachments from the compose window context menu, or from the policy check dialog when an “Unlabelled Attachment Check” result is shown.
-
Added "Mask message attachment labels on Open/Close" Privacy Setting.
-
“Active Directory Attribute Values of Computer” conditions can now be used when evaluating dynamic clearances.
-
If Office 365 Autosave is enabled, only the first save event for that session is audited, unless the label changes or the user selects “Save As.”
Enhancements
-
Updated UI with Fortra branding guidelines.
Fixes
-
Change of “Markup” value setting after saving a Word document.
-
Word headers/footers incorrectly set in “Bold” format.
-
Problems with view changing in Word when changing a label or saving a document.
-
Excel changing cell format on workbook when closing the application.
File Classifier
Version 3.17.0
February 27, 2023
New Features
-
“Active Directory Attribute Values of Computer” conditions can now be used when evaluating dynamic clearances.
Enhancements
-
Updated UI with Fortra branding guidelines.
MasterKeyPlus
Version 9.0
February 2023
Enhancements
-
Boldon James branding revisions
-
User interface improvements
-
Outlook 2019 support
-
64-bit support
Digital Defense
Frontline Vulnerability Manager
Version 6.5.2.1
February 22, 2023
New Features
- This version include Windows 11 CIS Benchmark checks.
Enhancements
- Improve scan execution efficiency in SPARKS.
- Add PCI workflow backend support to WAS.
- Create dedicated app server type for external users.
- Add AWS instant translation to translation service.
- PCI Self Service: Create a CRON to remove old validated disputed_accepted vulns.
- Create new WAS Tuning Policy for PCI.
- PCI Disputes should trigger notifications to analysts.
- Improve logging in the RNA activation controller.
- Use caching to improve account ownership functions.
- PCI Self Service: Add ability in PCI tabs to remove a dispute.
- PCI Self Service: When an official report is created and sent in review all PCI analysts are notified.
- PCI Self Service: Add sorting/filtering for 3B notes.
- Enable Windows 11 CIS reports in Frontline.
- Create standard PCI WAS scanning policy.
Fixes
- Performance fixes for stats generation.
- Fix PCI Tab default sorting.
- Fix Recurring Reports that run on different days. Only the most recent report appears to be available.
- Creating multi-scan VM / WAS Compliance Report includes All Active View.
- Trigger reconciliation of WAS scan where scan is marked completed, but has not reconciled.
- PCI Self Service: PCI dispute page not displaying UI control for individual line items.
- PCI Self Service: UI elements to Accept or Reject a PCI Dispute are present for a MSP Global Admin.
- PCI Self Service: PCI Scans Show Analysis tab when managed workflow is not being used.
- PCI Self Service: When hostname scanning the IP Address that the hostname is being resolved to is brought forth when attesting.
- Fix VM scan results PCI tab to allow re-dispute.
- Show Customer svope in PCI Attestation.
- VM scan links have a value appended to them.
- Spelling error in WAS > PCI tab > Dispute button.
Frontline Agent
Version 1.55.1
February 24, 2023
Current Windows agent version: 1.53.0
Current macOS agent version: 1.55.0
Enhancements
-
Implemented the following new vulnerability checks:
- 151577 Apple Security Update: macOS Big Sur 11.7.4 (High) - Mac
- 151576 Apple Security Update: macOS Ventura 13.2.1 (High) - Mac
- 151575 Apple Security Update: Safari 16.3 (High) - Mac
- 151572 APSB23-11: Security Updates Available for Adobe Photoshop CC (High) - Windows
- 151573 APSB23-12: Security Updates Available for Adobe InDesign (High) - Windows
- 151536 Google Chrome: Multiple Vulnerabilities in Versions Less Than 110.0.5481.77 (High) - Windows, Mac
- 151539 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 109.0.1518.70 (High) - Windows
- 151538 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 109.0.1518.78 (High) - Windows
- 151537 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 110.0.1587.41 (High) - Windows
- 151569 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox 110 (High) - Windows, Mac
- 151570 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox ESR 102.8 (High) - Windows, Mac
- 151571 Mozilla Thunderbird: Multiple Vulnerabilities in Versions Less Than Thunderbird 102.7.1 (High) - Windows
- 151567 MS23-FEB: Microsoft Exchange Server Security Update (High) - Windows
- 151562 MS23-FEB: Microsoft Internet Explorer Security Update (High) - Windows
- 151564 MS23-FEB: Microsoft Office Security Update (High) - Windows, Mac
- 151568 MS23-FEB: Microsoft Sharepoint Server Security Update (Medium) - Windows
- 151565 MS23-FEB: Microsoft SQL Server Security Update (High) - Windows
- 151563 MS23-FEB: Microsoft Windows Security Update (High) - Windows
Version 1.54.0
February 1, 2023
Current Windows agent version: 1.53.0
Current macOS agent version: 1.53.0
Enhancements
-
Implemented the following new vulnerability checks:
- 151438 Apple Security Update: macOS Big Sur 11.7.3 (High) - Mac
- 151437 Apple Security Update: macOS Monterey 12.6.3 (High) - Mac
- 151436 Apple Security Update: macOS Ventura 13.2 (High) - Mac
- 151439 Apple Security Update: Safari 16.3 (High) - Mac
- 151381 Azul Zulu Critical Patch Update: JANUARY-2023 (High) - Windows
- 151420 Foxit PDF Editor: Multiple Vulnerabilities in Version 12.0.2.12465 and Earlier (Low) - Windows
- 151419 Foxit PDF Reader: Multiple Vulnerabilities in Version 12.0.2.12465 and Earlier (Low) - Windows
- 151371 Google Chrome: Multiple Vulnerabilities in Versions Less Than 109.0.5414.119 (High) - Windows, Mac
- 151422 Java Critical Patch Update - CPU-JANUARY-2023 (High) - Windows, Mac
- 151374 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 107.0.1418.62 (High) - Windows
- 151373 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 108.0.1462.42 (High) - Windows
- 151372 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 108.0.1462.54 (High) - Windows
- 151375 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 109.0.1518.49 (High) - Windows
- 151376 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 109.0.1518.52 (High) - Windows
- 151377 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 109.0.1518.61 (High) - Windows
- 151378 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox 109 (High) - Windows, Mac
- 151379 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox ESR 102.7 (High) - Windows, Mac
- 151380 Mozilla Thunderbird: Multiple Vulnerabilities in Versions Less Than Thunderbird 102.7 (High) - Windows
- 151433 Visual Studio Code Remote Execution Vulnerablility (High) - Windows
- 151383 wnpa-sec-2022-09: Security Update Available for Wireshark (Low) - Windows, Mac
- 151382 wnpa-sec-2022-10: Security Update Available for Wireshark (Low) - Windows, Mac
Frontline NIRV Scanner
Version 4.15.0
February 16, 2023
Enhancements
Updated authenticated scanning checks and network explicit checks listed:
-
151551 Amazon Linux 2 Security Advisory: ALAS-2023-1920 (Low)
-
151559 Amazon Linux 2 Security Advisory: ALAS-2023-1921 (Medium)
-
151560 Amazon Linux 2 Security Advisory: ALAS-2023-1922 (Low)
-
151553 Amazon Linux 2 Security Advisory: ALAS-2023-1923 (Low)
-
151549 Amazon Linux 2 Security Advisory: ALAS-2023-1924 (Medium)
-
151555 Amazon Linux 2 Security Advisory: ALAS-2023-1925 (Low)
-
151558 Amazon Linux 2 Security Advisory: ALAS-2023-1926 (Low)
-
151554 Amazon Linux 2 Security Advisory: ALAS-2023-1927 (Low)
-
151552 Amazon Linux 2 Security Advisory: ALAS-2023-1928 (Low)
-
151557 Amazon Linux 2 Security Advisory: ALAS-2023-1929 (Medium)
-
151556 Amazon Linux 2 Security Advisory: ALAS-2023-1930 (Low)
-
151548 Amazon Linux 2 Security Advisory: ALAS-2023-1932 (Low)
-
151561 Amazon Linux 2 Security Advisory: ALAS-2023-1934 (Low)
-
151550 Amazon Linux 2 Security Advisory: ALAS-2023-1935 (Low)
-
151540 Amazon Linux Security Advisory: ALAS-2023-1676 (Low)
-
151547 Amazon Linux Security Advisory: ALAS-2023-1677 (Low)
-
151545 Amazon Linux Security Advisory: ALAS-2023-1678 (Low)
-
151543 Amazon Linux Security Advisory: ALAS-2023-1679 (Low)
-
151544 Amazon Linux Security Advisory: ALAS-2023-1680 (Low)
-
151546 Amazon Linux Security Advisory: ALAS-2023-1681 (Low)
-
151541 Amazon Linux Security Advisory: ALAS-2023-1682 (Low)
-
151542 Amazon Linux Security Advisory: ALAS-2023-1683 (Low)
-
151446 Apache HTTP Server 2.4.55 Security Release (High)
-
151572 APSB23-11: Security Updates Available for Adobe Photoshop CC (High)
-
151573 APSB23-12: Security Updates Available for Adobe InDesign (High)
-
151495 Debian Security Advisory: DLA-3280-1 (Medium)
-
151499 Debian Security Advisory: DLA-3288-1 (Low)
-
151492 Debian Security Advisory: DLA-3289-1 (High)
-
151487 Debian Security Advisory: DLA-3291-1 (High)
-
151489 Debian Security Advisory: DLA-3293-1 (High)
-
151496 Debian Security Advisory: DLA-3295-1 (Medium)
-
151488 Debian Security Advisory: DLA-3298-1 (Medium)
-
151500 Debian Security Advisory: DLA-3303-1 (High)
-
151491 Debian Security Advisory: DLA-3304-1 (Medium)
-
151493 Debian Security Advisory: DLA-3305-1 (Medium)
-
151497 Debian Security Advisory: DLA-3314-1 (Medium)
-
151502 Debian Security Advisory: DLA-3315-1 (Medium)
-
151498 Debian Security Advisory: DLA-3317-1 (High)
-
151494 Debian Security Advisory: DSA-5333-1 (Medium)
-
151490 Debian Security Advisory: DSA-5343-1 (Medium)
-
151501 Debian Security Advisory: DSA-5346-1 (High)
-
151441 Dell iDRAC6 Multiple Vulnerabilities (Critical)
-
151483 ELSA-2023-0049: grub2 security update (Low)
-
151478 ELSA-2023-0208: java-1.8.0-openjdk security and bug fix update (Low)
-
151461 ELSA-2023-0210: java-1.8.0-openjdk security and bug fix update (Low)
-
151475 ELSA-2023-0334: kernel security and bug fix update (Medium)
-
151474 ELSA-2023-0336: systemd security update (Low)
-
151485 ELSA-2023-0343: libtasn1 security update (Low)
-
151471 ELSA-2023-0399: kernel security and bug fix update (Low)
-
151462 ELSA-2023-0446: go-toolset:ol8 security and bug fix update (Low)
-
151463 ELSA-2023-0456: thunderbird security update (Medium)
-
151467 ELSA-2023-0463: thunderbird security update (Medium)
-
151469 ELSA-2023-0476: thunderbird security update (Medium)
-
151458 ELSA-2023-0530: libksba security update (Medium)
-
151464 ELSA-2023-0600: thunderbird security update (Medium)
-
151479 ELSA-2023-0606: thunderbird security update (Medium)
-
151482 ELSA-2023-0608: thunderbird security update (Medium)
-
151457 ELSA-2023-0610: git security update (Medium)
-
151473 ELSA-2023-0611: git security update (Medium)
-
151486 ELSA-2023-0622: tigervnc security update (Medium)
-
151466 ELSA-2023-0625: libksba security update (Medium)
-
151468 ELSA-2023-0626: libksba security update (Medium)
-
151484 ELSA-2023-0662: tigervnc security update (Medium)
-
151472 ELSA-2023-0675: tigervnc and xorg-x11-server security update (Medium)
-
151465 ELSA-2023-12103: hsqldb security update (Medium)
-
151460 ELSA-2023-12108: virt:kvm_utils security update (Medium)
-
151470 ELSA-2023-12109: Unbreakable Enterprise kernel security update (Medium)
-
151456 ELSA-2023-12116: Unbreakable Enterprise kernel security update (Medium)
-
151477 ELSA-2023-12117: Unbreakable Enterprise kernel security update (Medium)
-
151476 ELSA-2023-12118: Unbreakable Enterprise kernel-container security update (Medium)
-
151481 ELSA-2023-12119: Unbreakable Enterprise kernel security update (Medium)
-
151480 ELSA-2023-12120: Unbreakable Enterprise kernel-container security update (Medium)
-
151459 ELSA-2023-12121: Unbreakable Enterprise kernel-container security update (Medium)
-
151536 Google Chrome: Multiple Vulnerabilities in Versions Less Than 110.0.5481.77 (High)
-
151447 ISC BIND Security Advisory January 2023 (High)
-
151448 Joomla Security Advisory: February 2023 (Low)
-
151445 ManageEngine Multiple Products Remote Code Execution (Critical)
-
151539 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 109.0.1518.70 (High)
-
151538 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 109.0.1518.78 (High)
-
151537 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 110.0.1587.41 (High)
-
151569 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox 110 (High)
-
151570 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox ESR 102.8 (High)
-
151571 Mozilla Thunderbird: Multiple Vulnerabilities in Versions Less Than Thunderbird 102.7.1 (High)
-
151567 MS23-FEB: Microsoft Exchange Server Security Update (High)
-
151562 MS23-FEB: Microsoft Internet Explorer Security Update (High)
-
151564 MS23-FEB: Microsoft Office Security Update (High)
-
151568 MS23-FEB: Microsoft Sharepoint Server Security Update (Medium)
-
151565 MS23-FEB: Microsoft SQL Server Security Update (High)
-
151563 MS23-FEB: Microsoft Windows Security Update (High)
-
151449 OpenSSH Security Advisory (High)
-
151450 OpenSSL Security Advisory February 2023 (High)
-
151454 Oracle MySQL Critical Patch Update: January 2023 (High)
-
151455 Oracle WebLogic Critical Patch Update: January 2023 (High)
-
151452 PHP Denial of Service Vulnerability (Medium)
-
151451 PHP Remote Code Execution Vulnerability (High)
-
151515 RHSA-2023:0208: java-1.8.0-openjdk security and bug fix update (Low)
-
151514 RHSA-2023:0210: java-1.8.0-openjdk security and bug fix update (Low)
-
151510 RHSA-2023:0446: go-toolset:rhel8 security and bug fix update (Low)
-
151516 RHSA-2023:0456: thunderbird security update (Medium)
-
151511 RHSA-2023:0463: thunderbird security update (Medium)
-
151505 RHSA-2023:0476: thunderbird security update (Medium)
-
151506 RHSA-2023:0530: libksba security update (Medium)
-
151509 RHSA-2023:0600: thunderbird security update (Medium)
-
151503 RHSA-2023:0606: thunderbird security update (Medium)
-
151518 RHSA-2023:0608: thunderbird security update (Medium)
-
151519 RHSA-2023:0610: git security update (Medium)
-
151508 RHSA-2023:0611: git security update (Medium)
-
151513 RHSA-2023:0622: tigervnc security update (Medium)
-
151504 RHSA-2023:0625: libksba security update (Medium)
-
151520 RHSA-2023:0626: libksba security update (Medium)
-
151507 RHSA-2023:0662: tigervnc security update (Medium)
-
151512 RHSA-2023:0675: tigervnc and xorg-x11-server security update (Medium)
-
151517 RHSA-2023:0752: grub2 security update (Low)
-
151440 SSL Connection: TLS Diffie-Hellman Export Cipher Downgrade "Logjam" Vulnerability (Trivial)
-
151444 Trust Data Solutions' Job File Scheduler Default Credentials (Critical)
-
151453 Wordpress Denial of Service Vulnerability (Medium)
-
151533 [USN-5810-3] Git vulnerabilities (Medium)
-
151524 [USN-5811-3] Sudo vulnerability (Medium)
-
151529 [USN-5816-2] Firefox regressions (Medium)
-
151521 [USN-5823-2] MySQL vulnerability (Medium)
-
151531 [USN-5824-1] Thunderbird vulnerabilities (Medium)
-
151522 [USN-5825-1] PAM vulnerability (Medium)
-
151530 [USN-5825-2] PAM regressions (Medium)
-
151523 [USN-5826-1] Privoxy vulnerabilities (Medium)
-
151525 [USN-5834-1] Apache HTTP Server vulnerabilities (Medium)
-
151527 [USN-5837-2] Django vulnerability (Medium)
-
151526 [USN-5838-1] AdvanceCOMP vulnerabilities (Medium)
-
151528 [USN-5839-2] Apache HTTP Server vulnerability (Medium)
-
151532 [USN-5843-1] tmux vulnerability (Medium)
-
151534 [USN-5845-2] OpenSSL vulnerabilities (Medium)
-
151535 [USN-5866-1] Nova vulnerabilities (Medium)
Fixes
Updated Vulnerability Descriptions:
- 151381 Azul Zulu Critical Patch Update: JANUARY-2023 (High)
-
151420 Foxit PDF Editor: Multiple Vulnerabilities in Version 12.0.2.12465 and Earlier (Low)
-
151419 Foxit PDF Reader: Multiple Vulnerabilities in Version 12.0.2.12465 and Earlier (Low)
-
151442 GoAnywhere MFT Detected (Info)
-
151443 GoAnywhere MFT License Response Servlet Remote Code Execution Vulnerability (Critical)
-
151371 Google Chrome: Multiple Vulnerabilities in Versions Less Than 109.0.5414.119 (High)
-
151422 Java Critical Patch Update - CPU-JANUARY-2023 (High)
-
151374 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 107.0.1418.62 (High)
-
151373 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 108.0.1462.42 (High)
-
151372 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 108.0.1462.54 (High)
-
151375 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 109.0.1518.49 (High)
-
151376 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 109.0.1518.52 (High)
-
151377 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 109.0.1518.61 (High)
-
151378 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox 109 (High)
-
151379 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox ESR 102.7 (High)
-
151380 Mozilla Thunderbird: Multiple Vulnerabilities in Versions Less Than Thunderbird 102.7 (High)
-
151433 Visual Studio Code Remote Execution Vulnerablility (High)
-
151383 wnpa-sec-2022-09: Security Update Available for Wireshark (Low)
-
151382 wnpa-sec-2022-10: Security Update Available for Wireshark (Low)
Version 4.14.2
February 6, 2023
Enhancements
Updated authenticated scanning checks and network explicit checks listed:
-
151442 GoAnywhere MFT Detected (Info)
-
151443 GoAnywhere MFT License Response Servlet Remote Code Execution Vulnerability (Critical)
Fixes
Updated Vulnerability Descriptions:
- 150812 APSB22-46: Security Updates Available for Adobe Acrobat and Reader (High)
-
150811 APSB23-01: Security Updates Available for Adobe Acrobat and Reader (High)
-
150810 APSB23-07: Security Updates Available for Adobe InDesign (High)
-
151381 Azul Zulu Critical Patch Update: JANUARY-2023 (High)
-
151435 Borland InterBase Remote Code Execution Vulnerability (High)
-
144013 Citrix Security Advisory: CTX276688 (Medium)
-
144015 Citrix Security Advisory: CTX281474 (Medium)
-
144014 Citrix Security Advisory: CTX289674 (Medium)
-
145433 Citrix Security Advisory: CTX297155 (High)
-
145638 Citrix Security Advisory: CTX319135 (High)
-
148136 Citrix Security Advisory: CTX322787 (Medium)
-
147208 Citrix Security Advisory: CTX335705 (High)
-
149333 Citrix Security Advisory: CTX370551 (High)
-
148912 Citrix Security Advisory: CTX457048 (High)
-
151420 Foxit PDF Editor: Multiple Vulnerabilities in Version 12.0.2.12465 and Earlier (Low)
-
151419 Foxit PDF Reader: Multiple Vulnerabilities in Version 12.0.2.12465 and Earlier (Low)
-
150792 Foxit PhantomPDF: Multiple Vulnerabilities in Version 10.1.9.37808 and Earlier (Low)
-
150806 Google Chrome: Multiple Vulnerabilities in Versions Less Than 107.0.5304.122 (High)
-
150809 Google Chrome: Multiple Vulnerabilities in Versions Less Than 108.0.5359.72 (High)
-
150808 Google Chrome: Multiple Vulnerabilities in Versions Less Than 108.0.5359.95 (High)
-
151371 Google Chrome: Multiple Vulnerabilities in Versions Less Than 109.0.5414.119 (High)
-
150807 Google Chrome: Multiple Vulnerabilities in Versions Less Than 109.0.5414.74 (High)
-
100158 Host Detected But Not Present At End Of Scan (Info)
-
151422 Java Critical Patch Update - CPU-JANUARY-2023 (High)
-
151374 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 107.0.1418.62 (High)
-
151373 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 108.0.1462.42 (High)
-
151372 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 108.0.1462.54 (High)
-
151375 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 109.0.1518.49 (High)
-
151376 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 109.0.1518.52 (High)
-
151377 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 109.0.1518.61 (High)
-
116642 Microsoft Windows Tilde Character File Name Information Disclosure (Low)
-
150813 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox 108 (High)
-
151378 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox 109 (High)
-
150814 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox ESR 102.6 (High)
-
151379 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox ESR 102.7 (High)
-
150815 Mozilla Thunderbird: Multiple Vulnerabilities in Versions Less Than Thunderbird 102.5.1 (High)
-
150817 Mozilla Thunderbird: Multiple Vulnerabilities in Versions Less Than Thunderbird 102.6.1 (High)
-
150816 Mozilla Thunderbird: Multiple Vulnerabilities in Versions Less Than Thunderbird 102.6 (High)
-
151380 Mozilla Thunderbird: Multiple Vulnerabilities in Versions Less Than Thunderbird 102.7 (High)
-
150795 MS23-JAN: Microsoft Exchange Server Security Update (Medium)
-
150794 MS23-JAN: Microsoft Office Security Update (High)
-
150796 MS23-JAN: Microsoft Sharepoint Server Security Update (High)
-
150793 MS23-JAN: Microsoft Windows Security Update (High)
-
151434 Oracle Database Critical Patch Update: January 2023 (High)
-
151433 Visual Studio Code Remote Execution Vulnerablility (High)
-
151383 wnpa-sec-2022-09: Security Update Available for Wireshark (Low)
-
151382 wnpa-sec-2022-10: Security Update Available for Wireshark (Low)
Frontline WAS Scanner
Version 2.0.7
February 7, 2023
Enhancements
- Includes several fixes and enhancements to the scanning engine and existing vulnerability checks.
Fixes
- Updated Vulnerability Descriptions:
- 148390 Apache HTTP Server 2.4.53 Security Release (High)
145498 Apache HTTP Server Security Update 2.4.48 (High)
148043 Content Security Policy Missing (Trivial)
145502 Drupal Core Security Advisory: SA-CORE-2021-003 (Medium)
145633 Drupal Core Security Advisory: SA-CORE-2021-004 (Medium)
146102 Drupal Core Security Advisory: SA-CORE-2021-005 (High)
146407 Drupal Core Security Advisory: SA-CORE-2021-006 (Low)
146408 Drupal Core Security Advisory: SA-CORE-2021-007 (Medium)
146409 Drupal Core Security Advisory: SA-CORE-2021-008 (Medium)
146410 Drupal Core Security Advisory: SA-CORE-2021-009 (Medium)
146958 Drupal Core Security Advisory: SA-CORE-2021-010 (Medium)
147294 Drupal Core Security Advisory: SA-CORE-2021-011 (Medium)
147935 Drupal Core Security Advisory: SA-CORE-2022-001 (Medium)
147936 Drupal Core Security Advisory: SA-CORE-2022-002 (Medium)
147937 Drupal Core Security Advisory: SA-CORE-2022-003 (Medium)
147938 Drupal Core Security Advisory: SA-CORE-2022-004 (Medium)
148393 Drupal Security Advisory SA-CORE-2022-005 (Medium)
148394 Drupal Security Advisory SA-CORE-2022-006 (Medium)
148389 HTTP Strict Transport Security (HSTS) Header missing (Trivial)
104152 Insecure Cookie Parameters (Trivial)
148404 Joomla! Core Security Advisory March 2022: Multiple Vulnerabilities in Versions 2.5.0-3.10.6 and 4.0.0-4.1.0 (High)
148405 Joomla! Core Security Advisory March 2022: Multiple Vulnerabilities in Versions 3.7.0-3.10.6 (Medium)
148403 Joomla! Core Security Advisory March 2022: Multiple Vulnerabilities in Versions 4.0.0-4.1.0 (Medium)
123536 jQuery Framework Detected (Info)
117573 JspWebShell Detected (Critical)
116642 Microsoft Windows Tilde Character File Name Information Disclosure (Low)
104022 SSL Certificate: Chain Contains Weak RSA Keys (Trivial)
102095 Wordpress Detected (Info)
Digital Guardian
Agent for macOS
Version: 8.4
February, 2023
New Features
-
Digital Guardian provides Removable Media Encryption (RME) capabilities that encrypts and decrypts files that are transferred by the users to removable devices, such as USB drives. To activate Removable Media Encryption, you configure RME settings in the DGMC and then apply the RME resource to machines in dynamic machine groups. For more information, refer to "Activating Removable Media Encryption" topic in "DigitalGuardian Management Console Users Guide".
Agent for Windows
Version: 7.9.0
February, 2023
New Features
-
Agent for Windows 7.9.0, with DG Server 8.6.0 or later, extends the Digital Guardian Microsoft Information Protection (MIP) feature by prompting users to apply MIP labels manually to sensitive files when they attempt to transfer the files outside of local fixed storage (for example, to a removable drive or remote network share).
-
You configure the following settings for user-applied MIP labeling in your Core Settings configuration resource in the DGMC:
-
Allow Egress On Failed MIP Labeling. Determines whether a user will be blocked from transferring a file
-
Show All Recommended MIP Labels. Determines whether all recommended MIP labels will be displayed to the user, or only the MIP label with the highest ranking.
-
-
Sample Match is an optional add-on feature that allows analysts to quickly assess events sent from the DG Agent to the DGMC and DG ARC consoles in order to identify false positives or decide to escalate an incident.
-
Starting with DG Agent for Windows 7.9.0, you can use IPv6 addresses in rules and component lists and in URL-based network operation events (events that block access to IPv6 addresses). Rule properties whose names end with "v6" or "6" are used in rules with IPv6 addresses. Properties whose names end without a version are used in rules with IPv4 addresses.
-
Agent for Windows 7.9.0 introduces the wipAutoSkipEnableMask setting that allows you to fine-tune which DG WIP auto-skip capabilities are enabled. Values for wipAutoSkipEnableMask can be configured only in a Custom Configuration resource.
-
DG Agent for Windows 7.9.0 ships with version 12.12 of the Micro Focus KeyView and Eduction Engine SDKs.
Fixes
-
When using DG Adaptive Content Inspection (ACI), a random delay of up to 60 seconds occurred before classified files were content inspected. This was resolved with an update to the Micro Focus KeyView and a change to the way the Agent manages the KeyView process.
-
When operations such as NTU or SaveAs were performed, if the overall number of entities and classification tag data exceeded an internal buffer size check limit, the DG Agent was prevented from returning any classification tags that might have been applied to the file. This issue has been resolved.
-
In a DG environment using Adaptive Content Inspection (ACI), after an upgrade to DG Agent 7.8.3, customers experienced hangs in Microsoft Outlook when sending email. To resolve this issue, install the Micro Focus KeyView patch 12.12.6.8405 provided with the 7.9.0 Agent.
-
Some web applications require exact capitalization of their custom HTTP headers and may fail to behave as expected because DG WIP normalizes the HTTP headers as a request is proxied. DG has added the wipHeaderDenormalizeEnable custom configuration option to allow DG WIP to maintain the HTTP/1.1 header capitalization that was received when it proxies a request or response. Some standard headers cannot be denormalized due to their importance to the operation of the DG WIP http stack, but all nonstandard headers can be denormalized. wipHeaderDenormalizeEnable is disabled by default.
-
DG Agent 7.8.0 or 7.8.2 on Microsoft Windows Servers experienced excessive CPU consumption generated by the DG Agent and DGAdmin processes. This was resolved by updating the GO runtime library. In some cases DG WIP was not using the customer’s corporate web proxy to send Online Certificate Status Protocol (OCSP) requests that DG WIP requires but that do not originate from the browser. This was resolved so that all outgoing requests now go through the corporate proxy.
Document Management (RJS)
Webdocs Forms Management
Version: 11.0.06
February 27, 2023
New Features
- Reporting Dashboards.
- Copy Rule Code.
Enhancements
-
Workflow Admin Reassign to Role option now provides a comboBox, improving role selectability.
-
Upgraded to Spring Boot 2.7 for improved security and other enhancements.
-
Removed dependencies making illegal reflective access that caused "WARNING: Illegal reflective access" in logs.
-
HTTP/2 is now enabled for both Cloud and On Premise.
-
Added CSV Data Connector to default installation.
Fixes
-
Upload Control: The business rule to remove files from upload control does not remove the files as expected.
-
User with Who can view/edit Submissions" permission sees the error "Access Denied" when trying to view submissions that are in the SAVED state.
-
Users incorrectly received an Application Error when accessing a Portal in which one of the menu items had an email/web link instead of the raw share link.
-
Multi-Language Support: Radio control options in Arabic are improperly aligned in the generated PDF.
-
Admin "View Configuration" page incorrectly displays "Default Space" instead of "Default Portal".
-
PDF Mapping: Changes to PDF static text are not reflected in mapping dialogue after template is updated.
-
Vulnerabilities:
-
Spring-beans-5.1.14.RELEASE.jar (CVE-2022-22965) resolved.
-
tika-core-1.8.jar (CVE-2019-10094, CVE-2019-10088) resolved.
-
quartz-2.2.1.jar (CVE-2019-13990|CWE-611) resolved.
-
tika-parsers-1.8.jar (CVE-2016-6809|CWE-502,CVE-2016-4434|CWE-611) resolved.
-
Sring-batch-core-4.2.1.RELEASE.jar (CVE-2020-5411|CWE-502) resolved.
-
json-smart-2.3.jar (CVE-2021-27568|CWE-754) resolved.
-
jetty-io-9.4.14.v20181114.jar (CVE-2021-28165|CWE-400) resolved.
-
c3p0-0.9.1.1.jar (CVE-2018-20433|CWE-611) resolved.
-
Spring-security-web-5.1.8.RELEASE.jar (CVE-2021-22112, SRCCLR-SID-22823) resolved by upgrade.
-
Additional vulnerabilities resolved
- (dom4j-1.6.1.jar
- bcmail-jdk14-138.jar
- spring-security-oauth2-2.3.4.RELEASE. jar
- poi-3.12-beta1.jar
- jetty-io-9.4.26.v20200117.jar
- postgresql-42.2.24.jar)
-
-
Task List: Task History (Audit Trail) button is not visible on tasks searched as a workflow administrator.
-
Task List: Clicking the Recent Tasks icon does not return any results.
-
Application Errors occur when submitting the first step of a workflow.
-
Migration from 10.1.20 to 11.0.x with Oracle Database does not start.
-
On Premise trial signup is incorrectly generating a v11 license.
-
Let's Get Started link points to wrong documentation site.
-
Application Error occurs when changing control type from repeat to table if Min is set to 1.
-
When removing a tab from a tab control and saving, an error "The flow may be open in another window..." is shown and the logs display "Could not save resource with reference to orphan".
-
Task notification with a template in the "CC' field fails if the template resolves to an invalid email address.
-
Doc Action Email with a template in the "CC' field fails if the template resolves to an invalid email address.
-
When there is a slow connection, users have to click on submit button twice while rejecting a task.
-
When there is a slow connection, rejection sometimes displays "Task reject cancelled" message.
-
Metadata fields (e.g. Submitted Date, error, state, submitter ID) incorrectly appear in Task List Search in Form/Workflow field options.
-
After upgrade v10.1.x (or prior) → v11.0.x, a checkbox with multiple values selected does not load those values after save or continue.
-
Workflow shows error "Form Save Failed" and Application Error present in logs after trying to save a workflow.
-
Table control populated from database by business rule does not delete rows properly.
-
Reports are not visible in Portals for users with frevvo.Reports role.
-
Enabling the Force Auth property on a non-LDAP tenant redirects the designer/owner to login page when they attempt to edit the form.
-
Style Name is not required, so it is possible to create a Style without a name.
-
v10.1.19 --> v11.0.3 Upgrade Fails Reason: liquibase.exception.DatabaseException: String or binary data would be truncated.
-
A workflow with separate forms (not linked steps) gives a "Form save failed" error when deleting a step.
-
After v10.1.x --> v11.04 upgrade, a user with Designer role cannot be deleted and logs display the error message "An expression of non-boolean type specified in a context where a condition is expected, near ','"
-
Cancelling (vs Saving) a new Style results in an 'Application Error'.
-
SQL Server - Startup fails when running 11.0.4 for the first time and logs display the error message "Explicit value must be specified for identity column in table 'resources' either when IDENTITY_INSERT is set to ON or when a replication user is inserting into a NOT FOR REPLICATION identity column."
-
Fixed file path issue to allow for multiple file uploads with the same name but different extensions.
FileCatalyst
FileCatalyst Direct
Version 3.8.7 - Build 27
February 16, 2023
Updates
-
TransferAgent - Updated SSL Certificate
Powertech
BoKS Manager
Version 7.2 (version update)
February 27, 2023
Enhancements
-
OpenSSL library upgraded to 1.1.1t.
-
Curl library upgrade to 7.87.0.
Fixes
-
Fixed a security issue when kslog is enabled for BoKS SSH.
Version 8.1 (version update)
February 23, 2023
New Features
- The groupadm is now allowed to modify the modification comment without changing any other value of the group information.
Fixes
-
Fixed chroot on Access Rules for SSH subsystems on Linux.
-
Fixed broken bokshostcertreq command with update to handle change to the host certificate request file.
Robot
Robot Network
Version 13.05
February 28, 2023
Enhancements
-
Network can now use Java 11 on IBM i systems.
-
Updated product installer.
-
Changed ending of Performance Collections process to allow shutdown if not fully functioning.
Fixes
-
Removed environment variable checking of JAVA_HOME in RunJava script.
-
Fixed issue with MyNetwork.xml periodically getting deleted.
-
RBNSETASPGRP can now go from an iASP to a *SYSBASE configuration.
Sequel
Sequel Data Warehouse Client
Version: 08.3.2901
February 20, 2023
Enhancements
- Add support for checking SQLSTATE and SQLCODE values after executing embedded SQL Statements in extract expressions.
Fixes
- Increase the default number of rows to select for Sample data panel from 3 to 200.
- Fix for introduction/refresh of Salesforce data sources, where remarks column contains invalid characters.
Sequel Data Warehouse Server
Version: 08.3.02
February 20, 2023
Enhancements
- Enhancements to CMDRDNENV command to allow comparison of Environments on different LPARS, and new Configuration Comparison report.
- Enhancement to Menu 10 to print a detailed Configuration report.
- Ensure the default Authorization List is applied to Data sets created by Reverse Engineering.
Fixes
-
eGateway fix for Microsoft SQL statements that require a semicolon terminator in a Batch push script.
-
Fix to extract program generation for join type ‘Get Previous Row by Full or Partial Key’. See Note 2.
Vera
Version 3.21.2
February 2023
Fixes
-
Fixed an issue where the links from Outlook would crash or refuse to open on the Microsoft Edge browser. This issue was noticed with the latest Microsoft Edge Browser update (version 110.0.1587.41).
-
Fixed an issue where the secured PDF files would open as unsecured with Adobe 2022.003.20310 (old UI) release.
-
Fixed an issue where the AD proxy does not work if the proxy is set to both group sync requests and authentication.
-
Fixed an issue where Null Pointer Exception (NPE) occurs when a previously deleted file reappears in the Box folder.