Monthly Release Notes - December 2024

Jump to:

Agari Alert Logic Automate Beyond Security
Boldon James Bytware CCSS Clearswift
Cobalt Strike Core Security Digital Defense Digital Guardian
Document Management FileCatalyst Fortra Fortra VM
Globalscape GoAnywhere Halcyon HelpSystems One
IBM Partnership Insite InterMapper JAMS
Outflank Security Tooling Powertech Robot Safestone
Sequel Showcase Tango/04 TeamQuest  
Titus Vera

 

Alert Logic

Alert Logic Universal Agent

Version 2.26.0

December 10, 2024

Enhancements

  • Line breaks in Windows event log messages are preserved to aid in the development of future analytics.

  • The collection method of FIM Windows registry events is improved, allowing for detailed event metadata, including specific key and value names modified.

Fixes

  • The remotely updated Windows master executable is no longer started with below-normal priority, fixing service start timeouts.

  • Downloaded update installer files are now deleted after successful installation.

Managed Web Application Firewall (WAF)

Version 5.2.1.1

December 9, 2024

New Features

  • Support weekly (per day) system update schedules and general system/OS package installation delay to support StateRAMP related integrity and change management requirements

  • Detect unauthorized software installs to support StateRAMP related requirements

  • Allow users to reset connection trust states for the entire system or for specific IP addresses

  • Allow untrusted peer syslog TLS protocol option allowing logs to be sent to internal syslog servers that use self-signed TLS certificates

  • Add option to generate a Page Integrity report showing all external and inline scripts in a single page

  • Option to require all user configured regex to be re2 regex engine compliant

Enhancements

  • Fallback to socket IP when other X-Forwarded-For options are exhausted instead of extracting potentially wrong IP address

  • Reject or issue issue warnings when regexes cause fallback to PCRE depending on re2 compliance setting

Fixes

  • Preserve HTML entities when injecting CSP nonces while streaming responses from Page Integrity enabled backend servers

  • Support HTTPS backends that require SNI when modifying HTML content required for Page Integrity protections

  • Backup/restore support for all Page Integrity resources when doing both system-wide and individual website backup/restore operations

  • Correctly truncate WAF deny log which - in rare corner cases - could lead to deny logs not being available in the UI

  • Resolve UI element overflow glitch when showing network IP whitelist

  • Generate Software Bill of Materials (SBOM) during package creation

  • Quote meta characters when matching OpenAPI ACLs

  • Prevent DNS exception configuration lock with certain StateRAMP settings

Back to Top

 

Cobalt Strike

Version: 4.10.1

December 10, 2024

Fixes
  • Fixed issues when the client is connected to multiple team servers and generating payloads.

  • Fixed issue with WinHTTP beacon truncating the user agent field when using a user defined proxy server.

  • Fixed issue with x86 beacons crashing when using the indirect syscall method.

Back to Top

 

Core Security

Access Assurance Suite

Version: 9.5.2

December, 2024

Access Assurance Suite Enhancements and Fixes

  • Microsoft SQL Server 2022 supported

  • Notification Service now supports configuration for the SMTP server’s port and use of secure connection.

Core Access Enhancements and Fixes

  • Improved the functionality to get the information associated with a user’s access when building a request when the user has many accounts.

  • Improvements added to handle situations where entitlement data has a NULL ControlType or NULL ControlLabel in the EntitlementConfiguration table.

  • Added the ability to cancel a request after first step is approved.

  • Ability added to select which columns to see on the View My Request page and Request Management page.

  • Added the ability to configure the profile details to see on the Profile Approval screen.

  • The Entitlement Owner information is now present in the Approval view of an access request, where the entitlement details are shown.

  • Improved behavior of the radio-button’s value selected to set an Entitlement’s value during access request approval.

  • Request Management page now shows approval steps for requests with Roles that do not include a secondary approval step.

  • For the Approve Request page, added the ability to configure whether to display the Approve and Deny buttons at the request level and at the access level.

  • For access requests that include removal of a role or entitlement that includes an entitlement that is common to another currently assigned role or directly assigned entitlement, the common entitlement is not removed.

  • For the Profile Approval page, added the ability to configure whether to display the Approve and Deny buttons.

  • Manage Access page’s request Submit button is not enabled until policy checks are complete.

  • Fixed the dynamic community check to authorize access to the Entitlements tab in Manage Access Catalog.

  • Fixed a situation when a delegatee’s email address is used in a notification, when there is no actual delegation involved.

  • Old Manage Access page now defaults to “Myself” on displaying of the page.

  • Restored the ability to read the GlobalConfigValues table for information in the SubmitAccessRequest_New stored procedure.

  • Policy management’s SOD-related columns expanded to NVARCHAR(MAX) size to avoid truncation situations.

Access Assurance Portal Enhancements and Fixes

  • Improved Access Assurance Portal configured with Windows Integrated Authentication for authentication or configured with SSO-based authentication to address a portal timeout error.

  • More robust session management to prevent “Error on get quicklinks” message.

  • Resolved a session-related problem that in some scenarios resulted in the message “Error on get charts”.

  • In Menu.xml the required URL parameters were added and Profile Creation details added.

  • For an entry in the Menu.xml file that uses workflow.aspx the “target” parameter must be provided and have a value. Acceptable values are “_self”, “_blank”, or a random value like the workflow name.

  • The original Access Assurance Portal session is no longer invalidated after launching a Provisioning Platform workflow into a new browser tab.

  • Custom Macro VBS. Is.AD.ARM Admins is updated to include the missing “CN=”.

Data Management Enhancements and Fixes

  • Improvements made to the Data Collector for Microsoft Active Directory including support for additional group attributes, group names, detailed logging information, and configuration option for connection attempt retries.

  • Data Collector for Microsoft ADO enhanced to work with Oracle databases.

  • Prevent repeated execution of the same Identity Mapping rule when there are two collection rules for a single collection target.

  • Prevent duplicates of the same entitlement from being created.

  • Deadlock fix during Entitlement Mapping process and Accounts with Entitlement mapping process.

  • Additional ExtraIdentifier columns added to the DC_Entitlement_Staging and DC_AccountEntitlement_Staging tables for extended attribute mapping.

Core Provisioning Enhancements and Fixes

  • Connector trigger that copies contents of a source folder to a destination folder, now can copy specific files from a source folder to a destination folder.

  • Connector for HTML Email2 updated to support configuration for secure communication to SMTP Server using the UseSSL target configuration parameter.

  • Connector for Microsoft ADO now supported the OLE DB Driver SQL Server 19.

  • Using a Connector for Microsoft ADO-based target against the Seed, Resource, or Provisionee community table that has a bit/boolean column, refine search is improved.

  • The out-of-the-box NonEmployeeExtend workflow improved its handling of the Account Expires Date attribute and added the Access Expiry Date attribute.

Core Compliance Enhancements and Fixes

  • Review Cycle display improved regarding the expand and collapse arrows and dropdown arrows.

  • Attestation rejection comments that include an apostrophe are now handled.

  • The creator of the review cycle is now captured in the details of the Review Cycle in the Compliance Analysts view of review cycles.

  • Delegation user search now has Advanced Search capability.

 

Back to Top

 

Digital Guardian

Agent for Server

Version: 8.7 Hotfix

December 18, 2024

Fixes

  • Resolved an issue where a policy with a "pending flag" status was incorrectly deployed when saving rule parameters.

  • Resolved an issue where the Archive Restore tool failed to work with SQL 2022 with the DGMC 8.7 upgrade. Customers can fix this issue by upgrading the Archive Restore tool.

  • Resolved an issue in which a limited set of new users, reported by DLP Agents for a specific endpoint machine, were not being registered by the DGMC. This situation only affects environments that do not have Active Directory synchronization configured. Additional logic was implemented to ensure this group is handled correctly.

  • Resolved an issue where parametrization changes applied in a TextBox control are not preserved upon saving. Users must upgrade their DGMC Server to the latest 8.7.0.94 build.

Analytics & Reporting Cloud

Version: 5.1.0

December, 2024

New Features

  • There are no new features or enhancements in this release.

Fixes

  • Resolved an issue where event details were missing in the Incident Summary for specific Incident IDs.

Agent for Windows

Version: 9.0.0

December, 2024

New Features

  • Certified support for manifest.xml configurations compliant with v5 operating system standards.

  • The new Outlook Add-in now includes support for shared mailboxes by enabling the <SupportsSharedFolders> configuration tag in the v5 manifest.xml.

  • The legacy implementation of the Process Flags File (PFF) on current Windows OS versions stored process names in a 16-character array; so the process name was limited to 14 or 15 characters plus the terminating null character. If a process name was longer than 15 characters, it was automatically truncated to 15 characters. There are two significant limitations to this scheme:

    • Many process executables have names longer than 14 or 15 characters

    • Cannot specify a path with the process name

    To remove these limitations, full path process flags add the following process flag entry capabilities if you use Agent for Windows 9.or later:

    • Allows full path process name process flags (<drive>:\<directories>\<processname>.<extension>) up to 260 characters—259 characters plus the terminating null character.

    • Allows processname.extension to be up to 259 characters if you do not include the full path to the process in the flag entry.

    • Allows process names with hard-coded local paths, which have the format:

      <drive>:\<directories>\<processname>.<extension> where <drive> is a single drive letter, <directories> is a hardcoded directory path, and <processname>.<extension> may not contain wildcards.

    • Allows multiple process flag entries with the same <processname>.<extension>, but different <drive>:\<directories>\ paths in the process flags file.

    • Provides backward compatibility with existing PFFs, specifically wildcards in process names and 14- and 15-character truncated process names.

      For more details, refer to “Process Flags” section in Digital Guardian Management Console User Guide.

  • Digital Guardian Agent by Fortra has updated its MIP SDK from version 1.13.182 to 1.14.128.

Enhancements

  • MicroFocus is now OpenText, and the EDK (or Eduction) and Keyview ACI Engines have been upgraded from version 12.12 to 23.4.1.

  • Browser-initiated NTU activities that created temporary files in browser-specific subfolders of C:\AppData. These temporary files were incorrectly reported to WIP, generating unnecessary network traffic. In this release, the following missing path prefix has been added to the default configuration, and the filtering mechanism in `lua.json` configuration file has been updated to exclude browser-specific temporary files from WIP reporting.

    \\DEVICE\\*\\USERS\\*\\APPDATA\\ROAMING\\MICROSOFT\\WINDOWS\\

    DG Agent now compares file paths against predefined prefixes in `lua.json`, with matching files automatically filtered and not reported to WIP.

Fixes

  • If the uninstall password contains an ampersand character ("&"), the uninstallation process fails. However, this issue has now been resolved, and the fix correctly handles XML-specific special characters such as <, >, ', ", and &, making the uninstallation successful.

  • The agent uninstallation using DGAgentInstaller.exe previously failed with a usage error due to the execution of an invalid msiexec command based on the parameters documented in the DGMC User's Guide. This issue has now been resolved.

  • An issue was identified where a large 300k data dictionary file took a long time to compile with DGAgent. This issue has been resolved, and the file now compiles in just a matter of seconds.

  • The DG Agent installation was unsuccessful via command line if the certificate path or certificate GUID path contained spaces. However, this issue is now resolved, and the DG Agent can be installed successfully.

Agent for Linux

Version: 9.1.0

December, 2024

New Features

  • Certification for Additional Kernels

    This table lists the additional certified Linux kernels for Red Hat Enterprise Linux (RHEL) and Ubuntu in this release. Refer to Agent for Linux User's Guide for details about the packages required to support the new kernel versions for the Agent. Refer to Agent_for_Linux_v7.4.x_and_later_RHEL_Certified_Environments and Agent_for_Linux_v7.4.x_and_later_Ubuntu_Certified_Environments for complete lists of supported RHEL and Ubuntu kernels.

Distribution

Version

Architecture

Kernel
RHEL 9.5 64-Bit kernel-5.14.0-503.14.1.el9_5
RHEL 9.4 64-Bit kernel-5.14.0-427.44.1.el9_4
RHEL 9.4 64-Bit kernel-5.14.0-427.42.1.el9_4
RHEL 9.4 64-Bit kernel-5.14.0-427.40.1.el9_4
RHEL 9.2 64-Bit kernel-5.14.0-284.92.1.el9_2
RHEL 9.2 64-Bit kernel-5.14.0-284.90.1.el9_2
RHEL 9.2 64-Bit kernel-5.14.0-284.88.1.el9_2
RHEL 8.10 64-Bit kernel-4.18.0-553.27.1.el8_10
RHEL 8.8 64-Bit kernel-4.18.0-477.75.1.el8_8
Ubuntu 22.04 64-Bit linux-image-6.8.0-49-generic
Ubuntu 22.04 64-Bit linux-image-6.8.0-48-generic
Ubuntu 22.04 64-Bit linux-image-6.8.0-47-generic
Ubuntu 22.04 64-Bit linux-image-5.15.0-125-generic
Ubuntu 22.04 64-Bit linux-image-5.15.0-124-generic
Ubuntu 20.04 64-Bit linux-image-5.15.0-125-generic
Ubuntu 20.04 64-Bit linux-image-5.15.0-124-generic
Ubuntu 20.04 64-Bit linux-image-5.4.0-200-generic
Ubuntu 20.04 64-Bit linux-image-5.4.0-198-generic

Fixes

  • No issues are resolved in this release.

Back to Top

 

Document Management (RJS)

Webdocs for IBM i

Version: 4.03

December 10, 2024

Enhancements
  • Updated user interface to more closely match other Fortra products. Increased accessibility with text scaling and screen reader capabilities.
  • Added ability to customize the logging to use any HTTP header specified for the user's IP Address to aid in load balancer and firewall scenarios.
  • Updated documentation with new screen shots.
Fixes
  • Modified logout procedure to log user out of all sessions across all devices for better security practices.

Webdocs Forms Management

Version: 11.0.14

December 16, 2024

Enhancements

  • Updated Webdocs Archive Service to .NET 8.0

Fixes
  • Collapsed completed section label displays red even when there is no error.
  • Custom Styles - Submit Error Highlight displays in black if set to any hex color value, and resets to a hex value for yellow instead of white after clearing and saving the Style.
  • Designer/Admin app banner displays at top of form after using target-uri with raw share link.
  • Setting frevvo.supported.browsers property results in “Oops. Something has gone wrong” error displayed on admin home page.
  • PDF Snapshot: Form with a dark "Header" color (Custom Style) prints with space around section header.
  • Changing “Reassign to” selection does not clear value entered in a previous selection, and can result in an invalid task assignment.
  • Shared Items: The ‘Who can Edit Submissions” permission set by a template is not updated when the template’s value is edited and form is resubmitted.

Webdocs Invoice Manager

Version: 2.3.0

December 19, 2024

New Features
  • New Analytics dashboard Features:
    • Approved but not Exported dashboard.
    • Drill down to details.
    • Forms by Status report.
  • New Product License Entry UI and Email Option.
  • New Settings UI.
  • New Webdocs Key Map UI.
  • New Form Template UI.
  • New Install Guide.
  • New Administrator Guide.
  • New User Guide.
  • Added auto close to Form Save confirmation dialog.
  • Added loading icons for slow line-item actions.
  • Added MAPICS integration scripts.
  • Added S2k Discounts and Misc Charge component.
  • Added line-item override feature to default configuration.
  • Added the ability to customize email templates.
  • Added tracking to data matcher at the form level.
  • Optimized Adding Notes function.
Fixes
  • Fixed several security vulnerabilities.
  • Fixed issue with column resizing on inboxes.
  • Fixed issue where some password fields not displayed as masked on screen.
  • Fixed issue where forms would undo a checkout as admin when in read only mode.
  • Fixed issue with trademark icon.
  • Fixed several deadlock issues with routing.
  • Fixed several issues with checkboxes.
  • Fixed issue where changes could be lost if there was an error adding a note.

Back to Top

 

Fortra

Endpoint Manager

December 11, 2024
Enhancements

  • Added filtering controls to Assign Endpoints dialog.

  • Changed ‘Add’ button on Assign Endpoints dialog to ‘Update’.

  • Endpoints can now be deleted from the Endpoint drawer.

Fixes

  • Fixed issue where a hover effect lingers over the Assign Endpoint button on the Group Endpoints page.

  • Resolved security vulnerabilities and minor bug fixes.

 

Back to Top

 

Globalscape

EFT

EFT

v8.2.1.33

Dec 04, 2024

Fixes

Event Rules

Dec 4, 2024

Fixes

Event Rules

  • Fixed an issue where under certain conditions in EFT 8.2.0/8.2.1 event rules with PowerShell-embedded scripts could cause a memory leak

SFTP

  • Fixed an issue where SSH connections from WinSCP versions 6.2.1 - 6.3.5 failed to connect to EFT 8.2.1 due to OpenSSH 9.5 and WinSCP's integration of Putty 0.81

  • Fixed an issue where OpenSSH PowerShell client version 8.9 or higher using an SSH key would fail to connect to EFT 8.2.1

  • Fixed an issue where high loads of SSH protocol transfers in EFT 8.2.1 could cause EFT to crash

  • Fixed an issue where EFT (all versions) did not correctly report the SSH offering as SHA-2 when using a SHA-2 SSH site key

IMPORTANT: Upgrading from EFT v8.2.0 or v8.2.1 with RAM configured will require manual upgrades on Remote Agents; this does not affect upgrades from EFT 8.1.x

RAM

  • Upgrading from EFT v8.2.0 or v8.2.1 with RAM configured will require manual upgrades on Remote Agents; this does not affect upgrades from EFT 8.1.x

Back to Top

 

GoAnywhere

GoAnywhere Agents

Version 2.3.0

December 16, 2024

New Features

  • Added encryption to the Agent database.

  • Updated the Agent database configuration file to remove non-configurable database parameters from the database.xml file.

Enhancements

  • Enhanced Transfers to and from GoAnywhere to reduce memory fragmentation.

Updates

  • Updated the SQL Server JDBC Driver version from 6.4 to 12.8.

Fixes

  • Fixed an issue with upgrading while in FIPS mode.

GoAnywhere MFT

Version 7.7.0

December 11, 2024

Fortra Threat Brain Integration (Beta)

  • Added the ability to reject HTTP/S service connections based upon Fortra Threat Brain. This includes connections to the Web Client, AS2, AS4, and any other endpoints that run on HTTPS service.

FileCatalyst Server Service Integration (Beta)

  • Implemented new FileCatalyst Service that allows FileCatalyst clients to connect to MFT.

  • Added GoAnywhere trigger support for FileCatalyst Service.

  • Integrated GoAnywhere Gateway with new FileCatalyst Service implementation.

  • Integrated audit logging within the new FileCatalyst Service implementation.

  • Incorporated GoAnywhere licensing functionality into FileCatalyst Service integration.

  • Added an option for installers to configure the new FileCatalyst Service port.

  • Added new FileCatalyst Service into GoAnywhere MFT reports.

Configure Web User AS4 fields via GACMD and REST

  • Added the ability to add an AS4 Message Channel from a Domain using GACMD CLI/REST.

  • Added the ability to add an AS4 Push Processing Mode to a Web User using GACMD CLI/REST.

  • Added the ability to add an AS4 Pull Processing Mode to a Web User using GACMD CLI/REST.

  • Added the ability to remove an AS4 Message Channel from a Domain using GACMD CLI/REST.

  • Added the ability to remove an AS4 Push Processing Mode from a Web User using GACMD CLI/REST.

  • Added the ability to remove an AS4 Pull Processing Mode from a Web User using GACMD CLI/REST.

  • Added the ability to update an AS4 Push Processing Mode on a Web User using GACMD CLI/REST.

  • Added the ability to update an AS4 Pull Processing Mode to a Web User using GACMD CLI/REST.

  • Added the ability to update a Web User's AS4 Partner ID using GACMD CLI/REST endpoints.

Other New Features

  • Added a new System Alert to notify users when an Admin User has been created.

  • Added support for Account SAS Token authentication to the Azure Blob Storage Resource.

  • Added support for 256-bit curve25519 and the curve25519-sha256@libssh.org key exchange algorithms in the SFTP/SCP/SSH client.

  • Added support for 512-bit HMAC-SHA algorithms in the SFTP/SCP/SSH client.

Enhancements

  • Enhanced the performance of the Secure Form Drafts Web Client page.

  • Enhanced the process of cancelling Jobs to clean up the Job records even if the job thread no longer exists.

  • Enhanced the performance of listing recent contacts in the Web Client within Address Book and Contact Chooser.

  • Enhanced transfers to and from Agents to reduce memory fragmentation.

  • Enhanced the performance of the Key Management System PGP Key list page

  • Enhanced the performance of the Key Management System SSH Key list page.

  • Enhanced the performance of Key Management System Certificates list page.

  • Enhanced the performance of the AS4 Message Channels list page.

  • Enhanced the performance of the Monitors list page.

  • Enhanced performance of the Web User list page when listing and exporting web users.

  • Enhanced the performance of the Secure Form Submitted Web Client page.

  • Enhanced performance of the Scheduled Jobs page.

  • Enhanced the Submitted Secure Form list page to include new filtering and improved its query performance.

  • Enhanced the Secure Form Manager filter UI.

  • Enhanced the Admin User list page to include column selection, filtering and pagination.

  • Enhanced the accuracy of Disk Quota Limit feature.

  • Enhanced the efficiency of Disk Quota Limit directory size calculation.

  • Enhanced the filtering and selection of Web Groups when managing Web User and Web User Templates.

  • Enhanced Web User, Web User Template and Secure Form view pages to paginate the Web Group associations.

  • Enhanced the Secure Mail Manager filter display.

  • Enhanced the Web User Group list page to include column selection, filtering and pagination.

  • Added a suffix for Agent Sessions to indicate their usage.

  • Added the ability to resolve multiple Jobs at once.

  • Added a Session Expired event to the Administration and HTTPS Audit Logs to log when an Admin or Web User's session times out.

  • Reduced the memory footprint of Disk Quota Limit feature.

  • Localized the button label for Active/Queued Job Buttons on Completed Jobs for Agent/Agent Group.

Updates

  • Updated Tomcat from version 9.0.87 to 9.0.97.

  • Updated PeSIT Client and Server Libraries from 3.0.1 to 3.1.3.

  • Upgrade wss4j library from 2.0.10-2 to version 2.4.3.

  • Updated the list of SSL/TLS Cipher Suites that are allowed in FIPS 140-2 Compliance Mode in the User Guide.

  • Updated the SQL Server JDBC Driver version from 6.4 to 12.8.

  • Updated labeling for PeSIT Compression options.

  • Updated Agent Processing to use a connection pool for proxied requests to reduce the load on the originating server.

  • Updated the SMTP Connection Pool to use a more modern pooling API.

  • Updated Clustering License Check to occur when another system joins instead of upon startup.

  • Enabled selection of cipher/mac/key exchange algorithms in the SFTP/SCP/SSH client while in FIPS mode.

  • Redirection of URLs beginning with `/gaservices` to `/goanywhere` is no longer supported. This remediates CVE-2024-9945.

Fixes

  • Fixed an issue within the Agent Notification process that prevented notifications from being served.

  • Fixed an issue with the AS2 protocol where file transfers were not being displayed on the Active Transfers page.

  • Fixed an issue where GoFast service transfers were not shown on Active Transfer page.

  • Fixed an issue where PeSIT Client Send and Receive Tasks could fail when executed in parallel.

  • Fixed an issue where Syslog messages sent over TCP lacked proper end-line delimiters making them difficult to read on the Syslog server.

  • Fixed an issue where selecting a non-FIPS algorithm while in FIPS mode would cause an error.

  • Fixed an issue where LDAP Groups were note shown when configuring the Web User Address Book or Secure Form group associations.

  • Fixed an issue with log directory validation to cover cases where the log directory is not located inside the MFT install directory.

  • Fixed an issue with PeSIT Vertical Compression where files would end up corrupted after transferring.

  • Fixed an issue on Completed Jobs where the query was being executed twice when the user paginates.

Back to Top

 

IBM Partnership

Backup, Recovery, and Media Services

Product 5770-BR1 Version: PTF 7.5 SJ03069, 7.4 SJ03066

December, 2024

Fixes

In version 7.4 and later:

  • Issue where the ‘Save size’ field reported by the PRTRPTBRM command may be incorrect when using object lists is fixed.

  • Backup control group QNFSIPLFUL is not using the expected ‘End of media option’ on the device backup issue is fixed.

  • Fixed instance where SQL service QUSRBRM.BRMS_LOG_INFO may loop and hang with message MSGCPF2465.

  • Fixed issue where BRMS commands incorrectly change the job CCSID to 37.

  • Issue when report QP1A2RCY may incorrectly list duplicate volumes when duplicates were not requested is fixed.

Product 5770-BR2 Version: PTF 7.5 SJ02198, 7.4 SJ02197

December, 2024

Enhancements

  • The BRMS Web interface installed with primary languages other than English may fail to show BRMS Log information.

  • BRMS has been enhanced with new SQL services to view backup control group information. See the BRMS wiki for more information at https://ibm.biz/brms-enhancements.

Fixes

In version 7.4 and later:

  • Issue where the ‘Save size’ field reported by the PRTRPTBRM command may be incorrect when using object lists is fixed.

  • Backup control group QNFSIPLFUL is not using the expected ‘End of media option’ on the device backup issue is fixed.

  • Fixed instance where SQL service QUSRBRM.BRMS_LOG_INFO may loop and hang with message MSGCPF2465.

  • Fixed issue where BRMS commands incorrectly change the job CCSID to 37.

  • Issue when report QP1A2RCY may incorrectly list duplicate volumes when duplicates were not requested is fixed.

IBM PowerHA SystemMirror for IBM i

Version 7.5 HA 5.6.3 PTF SJ03222 (plus Language PTFs)

December, 2024

New Features

  • Integration with IBM Power Virtual Server Global Replication Services (GRS) for asynchronous IASP replication between two data centers in IBM Power Virtual Server.

Fixes

  • Resolves CVE-2024-55897. The PowerHA web interface now enforces that session cookies created during HTTPS are configured to only be sent via a secure connection.

  • Resolves CVE-2024-55896. For improved security, the PowerHA web interface now prevents iFraming.

  • Resolved an issue where the web interface could show an error: 'Oops - that's not right' when the primary language of the system was not English.

  • Improved accessibility for the web interface by dynamically setting the content language based on the displayed language.

  • Resolved an issue in environments with LUN-Level switching without replication where CHGCRGPRI SWTTYP(*SAMESITE) or using the web interface to perform a switchover would fail with message CPFBB09.

  • Simplified switchover operations in instances where some nodes are ineligible for switching. Previously, additional steps were required to prevent message HAE0099 from occurring while preparing for the switchover.

  • Resolved an issue where WRKCADMRE or the admin domain SQL services may produce an MCH3601, hang, or give unreadable data.

  • It is now possible to remove devices from a CRG that has an active session without requiring the session to be ended first, as long as there is at least one remaining device in the session. When attempting to remove the last device, an improved error message is returned.

  • In some instances the Add Cluster Administrative Domain Monitored Resource Entry (ADDCADMRE) confirmation screen would show dependent resource *YES or *AUTO, even though no dependent resources were displayed. This has been corrected.

NOTE:
PTF updates require one or more associated language PTFs. To determine if additional languages you have installed in your environment require a requisite MRI PTF, consult the table of language PTFs in the release cover letter for SJ03222.
Version 7.4 HA 4.12.3 PTF SJ03274 (plus Language PTFs)

December, 2024

New Features

  • Integration with IBM Power Virtual Server Global Replication Services (GRS) for asynchronous IASP replication between two data centers in IBM Power Virtual Server.

Fixes

  • Resolves CVE-2024-55897. The PowerHA web interface now enforces that session cookies created during HTTPS are configured to only be sent via a secure connection.

  • Resolves CVE-2024-55896. For improved security, the PowerHA web interface now prevents iFraming.

  • Resolved an issue where the web interface could show an error: 'Oops - that's not right' when the primary language of the system was not English.

  • Improved accessibility for the web interface by dynamically setting the content language based on the displayed language.

  • Resolved an issue in environments with LUN-Level switching without replication where CHGCRGPRI SWTTYP(*SAMESITE) or using the web interface to perform a switchover would fail with message CPFBB09.

  • Simplified switchover operations in instances where some nodes are ineligible for switching. Previously, additional steps were required to prevent message HAE0099 from occurring while preparing for the switchover.

  • Resolved an issue where WRKCADMRE or the admin domain SQL services may produce an MCH3601, hang, or give unreadable data.

  • It is now possible to remove devices from a CRG that has an active session without requiring the session to be ended first, as long as there is at least one remaining device in the session. When attempting to remove the last device, an improved error message is returned.

  • In some instances the Add Cluster Administrative Domain Monitored Resource Entry (ADDCADMRE) confirmation screen would show dependent resource *YES or *AUTO, even though no dependent resources were displayed. This has been corrected.

NOTE:
PTF updates require one or more associated language PTFs. To determine if additional languages you have installed in your environment require a requisite MRI PTF, consult the table of language PTFs in the release cover letter for SJ03274.

Rational Developer for i (RDi)

Version: 9.8.0.3

December, 2024

New Features
Enhancements

  • Access Client Solutions updated to version 1.1.9.6.

  • IBM Java updated to version 11.0.23.

  • IFS query speed improvements made.

  • Added Outline view when editing Binding source (BND).

  • Added ability to expand a *BNDDIR object to see the entries (IBMI-I-668).

  • Outline now can show SORTA modifying an array (IBMI-I-3550).

  • Keep alive setting added to the connection properties.

  • Editor Delta compare button now allows choice of compare style: inline or side-by-side.

  • Error List View: when sorting by severity, have the secondary sort to be by line numbers.

  • Object Table view preference improvements include: auto-switch to custom columns if a column preference is changed, add menu to show current column group selection: default, all, or custom selection, preferences should open according to the mode that you are in: Member, Object, or Library.

  • An indicator on the connection status panel of the connection properties shows if the connection is secure.

Fixes

  • Issue with RDi 9.8.0.2 unsuccessful Kerberos authentication to IBM i server has been fixed (SE81365).

  • RDi 9.8.0.2 GUI locks up when opening COBOL source editor or browser fixed (SE81364).

  • Fixed issue found in RDi 9.8.0.2 when project reports "RUNTIMEEXCEPTION; COULD NOT OPEN SNAPSHOT LOCATION FOR WRITING" in the error log (SE81363).

  • RDi 9.8.0.2 problem occurring where COBOL syntax checker hangs when pasting into COBOL source is fixed (SE81361).

  • Fixed issue where no error message is displayed in the debug breakpoint condition page after entering an invalid condition (SE81359).

  • RDi 9.8.0.2 issue when invalid breakpoint condition cannot be modified due to server response is fixed (SE81358).

  • Fixed RDi 9.8.0.2 issue of COBOL outline sort action unable to sort (SE81357).

  • Issue in RDi 9.8.0.2 with editing SQLRPGLE source reports a syntax error for BOOLEAN() used in an SQL statement has been fixed (SE81355).

  • RDi 9.8.0.0 problem where debugging fails with error CRRDG3002E fixed (SE80756).

  • RDi 9.8.0.0 issue where the Browse-Edit toggle does not work correctly with multiple editor views is fixed (SE80017).

  • Fixed issue with RDi Member filter list corruption when there is a bi-directional text in the member descriptions (SE80283).

  • RDi GUI locks up while awaiting results for multiple batch compiles fixed (SE79613).

  • Problem where the user interface locks up at RDi startup and remains unresponsive is fixed (SE78670).

  • RDi 9.6.0.11 CL editor formatting should indent ENDPGM to match PGM issue fixed (SE77353).

Back to Top

 

Outflank Security Tooling (OST)

Outflank

19 December 2024
Cloudpack
  • ROADTune bug fixed and additions. PhishperPrice now supports token resource tokens, plus added extra documentation.
Outflank C2 updates
  • BOF loader is now able to deal with BOFs BeaconPrintf-ing binary buffers from BOF that aren’t programmed nicely. System proxy support for Linux and macOS. Several small bug fixes on additional HTTP headers.
EDR updates and documentation
  • Added 2 new EDR presets. Improved OPSEC documentation on several key aspects.
4 December 2024
New loaders and BIG OPSEC update
  • 4 new loads in PE Payload generator, Full threat stack spoofing implemented on all system calls in the stagers, implant and reflective loader, EarlyCascade update, Windows CET compatibility update, EDR finetuning for new EDRs.
Outflank C2 implant update
  • Improved Linked implants DeepSleep, Automatic User agent detection, extra guardrails.

Back to Top

 

Powertech

Encryption for IBM i

Version 4.03

December 3, 2024

New Features

  • The Master Encryption Key commands (LODMSTKEY, SETMSTKEY, DSPMSTKEY, CLRMSTKEY) now offer better support for the scenario of testing the Master Encryption Key passphrases. They support a new *TEST setting, which gives the ability to safely test loading and setting passphrases. When the *TEST key is displayed, then you can use the comparison value to if the *TEST key matches the MEK on a different system, without setting the MEK.

Enhancements

  • Warning messages will now be issued when symmetric keys are created or changed and the logging option is enabled for the data encryption and/or data decryption. The warning messages point out the potentially strong overhead that the use of those options can create.

  • The installer now runs additional pre-checks if Powertech Encryption is being updated from a version prior to 4.0.

  • Improved support for External Key Managers

    • Added diagnostic messages for scenarios where the connection between Powertech Encryption and an External Key Manager fails. This helps to better identify if there are network latency or setup issues when TLS/SSL is used. Information in these messages includes the GSKIT error return code, identifying the source of the failed connection.

    • Added new functionality to allow the user to configure timeout values for the connection between Powertech Encryption and the External Key Manager. This gives users the ability to extend the timeout. The new command; ‘Change EKM Timeout Value’ (CHGTIMEOUT), has been added for this purpose.

  • Powertech Encryption Backup and Restore Encryption commands now support a "Private authorities" option corresponding to the option on the IBM i backup and restore commands; ENCSAVLIB, DECRSTLIB, ENCSAVOBJ, DECRSTOBJ, ENCSTMF, DECSTMF.

  • License expiration messages now follow the configured system date format.

  • The live Partition Mobility feature has a new command (ADDLPMEXT) to automate the setup of exit point programs.

  • Improved security for the use of CRRP015 and a new audit category value of 79 has been added.

Fixes

  • Fixed an issue where programs were not resolving to the CRYPTO library correctly.

  • The WRKFILFLDS command has been modified to refresh masking values when adding multiple field encryption entries to a file.

  • The store procedure P_GetFldIdx has improved efficiency when retrieving the field id if multiple keys are used on a field.

  • When the Translate Field Encryption Keys (TRNFLDKEYF) command was used after the key for a field encryption entry had been changed, a wrong key was applied. This has been fixed.

  • The CRYPTO main menu function key (F9) for the previous command retrieval has been corrected.

  • The CRCL015A program introduced in Powertech Encryption 4.0 has been deprecated and will be removed in a future release. Existing programs that use the CRCL015A program may require modification to call CRRP015.

  • The handling of removing exit point programs for the Powertech Encryption uninstaller has been improved.

  • The field procedure second level text for the SQL return error for numeric values has been improved to include full text for the Powertech Encryption error message.

Back to Top

 

Robot

Robot Schedule

Version 13.18

December 11, 2024

Enhancements

  • Enhanced the GUI's Group Members area to allow editing of Schedule Override codes to multiple members at once.

Fixes

  • Enhanced product startup resilience within varied environments to ensure success.

  • Fixed issue where jobs that ended on a job queue did not have their status showing within completion history in a timely manner.

  • Enhanced Schedule's Audit Log to distinguish between group members and independent jobs.

  • Fixed 'Import of Scheduled Objects' function in the GUI to ensure that Schedule job description changes are updated in all necessary areas of the product.

  • Enhanced visibility of Robot Schedule licensing expiration messages sent to QSYSOPR by requiring a reply to the license expiration message.

  • Fixed an issue that caused the processing of SBMJOB commands to log system WRKPRB entries.

Robot Space

Version 3.52

December 17, 2024

Enhancements

  • Updated product installer.

  • Updated License Agreement user interface functionality.

  • Added version and company info to Properties>Details panel of the RobotSpace.exe GUI launcher.

Fixes

  • Fixed issue with Storage Audit: Reorganize Physical Files where unpredictable results were occurring for the file being audited when the file was exceptionally large and had a high percentage of deleted records.

  • Fixed the Good Morning Report to report /QDLS folders properly.

Back to Top

 

Titus

DCS for Data at Rest (DaR)

Version 5.0.2

December 16, 2024

Enhancements

  • Improved management of expiring and refreshing tokens to reduce duplicated work

Fixes

  • Fixed issues pertaining to scanning SharePoint and OneDrive files and folders:

    • Extended the existing scheme which looked for a “401” status code in the caught exception message. If it is unauthorized, a structured exception is generated which all callers analyze and initiate a retry of the command if required.

    • The following instances are retried as SharePoint throttling events:

      • ServerException with text message "System.IO.IOException"

      • WebException with Status WebExceptionStatus.Timeout

      • WebExceptionStatus.SendFailure

      • WebExceptionStatus.KeepAliveFailure,

      • WebExceptionStatus.ReceiveFailure

    • When performing an incremental scan, we no do not process files that were successfully processed in a previous iteration of the scan and have not subsequently changed.

    • Folders with '#' character in the name scan successfully

    NOTE: We made improvements to address the issue of Modified Date & Modified By values not being preserved in SharePoint history after writing metadata to a file. Note that in rare circumstances (such as SharePoint throttling), this issue can still occur.

DCS Policy Manager (On-premises)

Version 5.0

December 3, 2024

New Features

  • DCS Policy Manager allows administrators to create configurations in the DCS Console portal so users can identify and label sensitive information in a DCS client product. DCS for Windows is supported in this release. Other products in the Suite will be configurable in future releases.

Back to Top