June 4, 2020
This is a maintenance release.
- Updated to Apache Tomcat 8.5.43 to include the latest security updates.
(CAS-0010146971) Updated the Limit Display option to use the Date class instead of a Calendar class to resolve page loading response time.
(CAS-0010161236) Added a note in the documentation to replace white spaces in statistic names with underscore when used in derived statistic formula.
- Updated Tomcat 8.5.38 to include the latest security updates.
- (CAS-0010132528) Updated the combine function to show the last record.
- (CAS-0010128925) Updated jar files to address security vulnerabilities.
- (CAS-0010111612) Changed the default SSL port to 636 for configuring Active Directory (AD) and Lightweight Directory Access Protocol (LDAP).
- (CAS-0010137578) Enabled ECDHE cipher suites to allow forward secrecy with modern web browsers and to use DHE cipher as a fallback to support a wider range of clients.
Updated 3rd party utilities to latest versions to include the latest security updates.
- Updated Tomcat support to version 8.5.32 to include the latest security updates.
- Updated Java support to version SEu181 to include the latest security updates.
- (CAS-0010097946) Added support for HTTP Strict-Transport-Security header.
- (CAS-0010097941) Updated the Configuration user interface to use the User Preference Timeout setting from the Reporting user interface as the session timeout.
- (CAS-0010097937) Removed the capability to elevate the group access of a public user to that of administrators by manipulating request parameter values.
- (CAS-0010097947) Removed the ability for users to create and submit Cross-Site Request Forgery (CSRF) requests.
- (CAS-0010097944) Logging out of Monitor Configuration now invalidates the current session so the back button cannot be used to view previous pages.
- (CAS-0010097942) Added BCrypt hashing to new passwords.
- (CAS-0010096592) Secured Vityl Monitor from Java Deserialization attacks by restricting which classes are allowed to be deserialized.
Added support for Apache Tomcat version 8.5.30 to include the latest security updates.
(CAS-0010094546) Disabled ciphers using SHA1 Message Authentication.
(CAS-0010077602) Added the capability to configure number of login attempts to multiple LDAP accounts in Vityl Monitor.
- Added support for Java 8.
(CAS-0010065303) Invalid User Name/Password message is displayed when entering a blank password when logging into Vityl Monitor.
- Updated Apache Tomcat version 7 to include the latest security updates.