Enportal/5.5/release notes 5.5.2: Difference between revisions

imported>Mike.berman
(created page)
 
imported>Jason.nicholls
No edit summary
 
(15 intermediate revisions by 2 users not shown)
Line 3: Line 3:
== Introduction ==
== Introduction ==


enPortal version 5.5.2 is a production release scheduled for March, 2015. This page summarizes the New Features, Resolved Issues, and Known Issues for this release.
This page summarizes the new features, resolved issues, and known issues in enPortal version 5.5.2 released on March 9th, 2015.


== What is enPortal ==
== What is enPortal ==
Line 20: Line 20:
== Supported Platform Changes ==
== Supported Platform Changes ==


enPortal 5.5.2 introduces the following changes to the supported platforms:
* None


* None


== New Features ==
== New Features ==


This section describes the enhancements to enPortal that are included in version 5.5.2.
* Added support for AES-256 level encryption of passwords, in addition to the previously supported AES-128. For more information, see [[enportal/5.5/admin/system_administration/security|Product Security]]. (EN-167)
* Upgraded one-way hashing algorithm for encrypting passwords from SHA-1 to SHA-2 (block size SHA-256). For more information, see [[enportal/5.5/admin/system_administration/security|Product Security]]. (EN-168)
* Improved results of security scans by changing the JSESSIONID cookie whenever a session is created or terminated. (EN-173)
* Increased the length of the enPortal_sessionid cookie from 16 hex chars (64 bits) to 64 hex chars (256 bits) to exceed the current security recommendation. (EN-174)


*


== Resolved Issues ==
== Resolved Issues ==


This section describes the resolved issues that are included in enPortal version 5.5.2.
* Upgraded to Apache Tomcat version 7.0.59 to address CVE-2014-0227. (AB-980)
* Upgraded to Xalan 2.7.2 and Xerces 2.11.0 Apache libraries to address CVE-2014-0107. (AB-930)
* Upgraded to HttpClient 4.4 Apache library to address CVE-2014-3577. (EN-187)
* Upgraded to Commons FileUpload 1.3.1 and POI 3.11 Apache libraries to address multiple CVEs. (AB-965)
* Fixed an issue where The <tt>{webapp.home}/custom/</tt> directory was being excluded from archives in the default configuration. For more information on customizing archives, see [[appboard/2.5/admin/backup_and_recovery#Customizing_the_Export|Backup and Recovery]]. (AB-802)
* Fixed an issue where the [[enportal/5.5/admin/unix_installation#Post_Installation_Tasks|post_install]] script on a Solaris O/S would fail in some cases. (AB-927)
* Fixed an issue where some cookies were not being sent by the cookie manager because the maxAge value in seconds was being treated as milliseconds. (EN-177)
* Improved handling of rules in portal.css to better handle @ CSS rules, which were causing silent exceptions. Any portal.css files that include @ CSS rules (for example, @font-face) should be validated to confirm that they are working correctly. (EN-171)
* Fixed the <tt>portal keycreate</tt> command to properly handle the encrypting of all system passwords when the system administrator makes a manual key change. For more information on this command, see the [[enportal/5.5/admin/system_administration/CLI_utilities#Portal_Commands|Portal Commands]] documentation. (EN-175)
* Fixed an issue where an application using a redirect with a "logout=true" request parameter could cause enPortal to interpret the command and terminate the enPortal session. (EN-170)


*


== Known Issues ==
== Known Issues ==
This section describes the new known issues in enPortal version 5.5.2.


* There are no major new known issues in this release.
* There are no major new known issues in this release.

Latest revision as of 09:14, 28 April 2015

Introduction

This page summarizes the new features, resolved issues, and known issues in enPortal version 5.5.2 released on March 9th, 2015.

What is enPortal

Edge enPortal is the industry's only secure, vendor-neutral network management integration platform. With pre-built Product Integration Modules (PIMs) for common third-party applications, enPortal is a Commercial Off The Shelf (COTS) solution that quickly integrates these network management tools and offers advanced capabilities including:

  • Integration of existing web-based tools and applications
  • Advanced Security including role/domain-based access via a secure proxy
  • Single Sign-On (SSO) and Sign-Off
  • Integration with external user authentication systems
  • Branding and Customization
  • Dashboard Views
  • Multi-tenancy
  • Scalability

Supported Platform Changes

  • None


New Features

  • Added support for AES-256 level encryption of passwords, in addition to the previously supported AES-128. For more information, see Product Security. (EN-167)
  • Upgraded one-way hashing algorithm for encrypting passwords from SHA-1 to SHA-2 (block size SHA-256). For more information, see Product Security. (EN-168)
  • Improved results of security scans by changing the JSESSIONID cookie whenever a session is created or terminated. (EN-173)
  • Increased the length of the enPortal_sessionid cookie from 16 hex chars (64 bits) to 64 hex chars (256 bits) to exceed the current security recommendation. (EN-174)


Resolved Issues

  • Upgraded to Apache Tomcat version 7.0.59 to address CVE-2014-0227. (AB-980)
  • Upgraded to Xalan 2.7.2 and Xerces 2.11.0 Apache libraries to address CVE-2014-0107. (AB-930)
  • Upgraded to HttpClient 4.4 Apache library to address CVE-2014-3577. (EN-187)
  • Upgraded to Commons FileUpload 1.3.1 and POI 3.11 Apache libraries to address multiple CVEs. (AB-965)
  • Fixed an issue where The {webapp.home}/custom/ directory was being excluded from archives in the default configuration. For more information on customizing archives, see Backup and Recovery. (AB-802)
  • Fixed an issue where the post_install script on a Solaris O/S would fail in some cases. (AB-927)
  • Fixed an issue where some cookies were not being sent by the cookie manager because the maxAge value in seconds was being treated as milliseconds. (EN-177)
  • Improved handling of rules in portal.css to better handle @ CSS rules, which were causing silent exceptions. Any portal.css files that include @ CSS rules (for example, @font-face) should be validated to confirm that they are working correctly. (EN-171)
  • Fixed the portal keycreate command to properly handle the encrypting of all system passwords when the system administrator makes a manual key change. For more information on this command, see the Portal Commands documentation. (EN-175)
  • Fixed an issue where an application using a redirect with a "logout=true" request parameter could cause enPortal to interpret the command and terminate the enPortal session. (EN-170)


Known Issues

  • There are no major new known issues in this release.


Contact Information

For questions or assistance with this release of enPortal, please see the support page for contact information.