Enportal/5.6/release notes 5.6.1

Revision as of 05:14, 4 December 2015 by imported>Jason.nicholls (1 revision)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Introduction

This page summarizes the new features, resolved issues, and known issues in enPortal version 5.6.1 released on December 4th, 2015.

What is enPortal

Edge enPortal is the industry's only secure, vendor-neutral network management integration platform. With pre-built Product Integration Modules (PIMs) for common third-party applications, enPortal is a Commercial Off The Shelf (COTS) solution that quickly integrates these network management tools and offers advanced capabilities including:

  • Integration of existing web-based tools and applications
  • Advanced Security including role/domain-based access via a secure proxy
  • Single Sign-On (SSO) and Sign-Off
  • Integration with external user authentication systems
  • Branding and Customization
  • Dashboard Views
  • Multi-tenancy
  • Scalability

New Features

  • Added BaseTrustedLoginRequestProcessor, to simplify custom login integrations; where an external authorization sits in front of enPortal/AppBoard. (EN-239)
  • Validate Session Filter (enabled by default) ensures all requests with exception to specific pages and resources (login_pages and js) require a session for improved security and supports custom allow paths. (EN-253)
  • Added support for HTTP Method PUT, so that this request will be supported by the CRS. (EN-236)
  • Introduced a short random change password delay to reduce the risk of brute force password attacks. (EN-246)
  • Introduced a check on the enPortalComponentInfo cookie to figure out the correct proxied URL when runtime rules are unable to handle it. (EN-200)

Resolved Issues

  • Fix CRS Channel Refresh. (EN-249)
  • Improved Security of ClassExec channel, requiring whitelist of classes that can be executed. (EN-255)
  • Enhanced access restrictions of system channels. (EN-250)
  • Enhanced security on initial page rendered from http://host:port/ that did not have appropriate headers X-Content-Type-Options and X-Frame-Options set to prevent clickjacking. (EN-259)
  • Fix CRS URL fragment support. (EN-227)
  • Fixed deadlock in OR mapping framework that could happen under heavy load. (EN-251).
  • Improved performance under heavy load, for both session lookups and runtime variable management. (AB-1140 & AB-1142)
  • Fixed issue where HTML tag was displayed in password policy error message to user; and updates to allow localization of messages to the user. (EN-224)

Known Issues

  • The Validate Session Filter, added in 2.6.1, will redirect any unauthenticated request to the login page. This was added as a security enhancement. If you see this behavior and want the page to be accessible, you must add an allowed path to the custom configuration file.

Contact Information

For questions or assistance with this release of enPortal, please see the support page for contact information.