Monthly Release Notes - November 2018

Jump to:

Document Management (RJS)


Webdocs Windows

Version: 2.1.3
Enhancements
  • Added more paging information on the user list within the application administration.
  • The installer generates verbose logging by default and will package the logs in a way that that can then be viewed or sent to support more easily in case of issues.
  • User credential security has been enhanced to use an updated technology.
  • A new endpoint is available from the REST API that allows a document to be removed from a workflow process that is in progress.
  • Restoring a deleted document generates a new activity in the audit log.
  • Adding a new document note generates a new activity in the audit log.
Other Fixes
  • Fixed an issue where returning a document on a workflow step that contains multiple users was not successful.
  • Document list column preferences are now correctly saved when the same user logs out and back in.
  • Fixed an issue where moving documents between folders via the REST API didn't reindex the document information so the document was no longer visible from the UI.
  • Updated several error messages to be more user-friendly.
  • Several web application cookies have been modified for additional security.
  • Viewing the routing history of a document that is actively on a workflow now includes more information related to the document's route history.

Back to Top

 

GoAnywhere


GoAnywhere MFT

Version: 6.0.0

Web Client

  • Overhauled the Web Client with a more modern look and feel, which includes the following enhancements:
    • Revamped the navigation menu in the Web Client to display a unified view across all features. The new side menu navigation makes it easier for users to see folders in GoDrive and Secure Folders at the same time while also being able to quickly jump between Secure Forms and Secure Mail items.
    • Added drag and drop integration for files and folders between Secure Folders, Secure Mail, and GoDrive through the new side tree navigation.
    • Added right-click context menus to files and folders in GoDrive and Secure Folders to access additional actions like Rename, Download, Share, etc.
    • Overhauled the Media Viewer for GoDrive with a more modern look and feel.
    • Added a new User popup menu accessible in the top right corner of the page.
    • Moved the Address Book, Preferences, Update Profile, and other menu items to the new User popup menu.
    • Adjusted the design of the toolbar menu on the Secure Folders section to support the new Web Client layout better.
    • Enhanced the self-registration pages, the view Secure Mail message, and other non-authenticated pages with a more modern look and feel.
    • Updated all email templates used to send emails to Web Users and Secure Mail recipients with a new look and feel to match the Web Client interface.
IMPORTANT:

The new Web Client user interface provides an enhanced user experience, which includes new logos, images, and tools for customizing the interface. HelpSystems suggests you test the new interface in your GoAnywhere test or development environment prior to upgrading your production environment.

  • Added additional Web Client Brand settings to control the look and feel of the Login page. The login panel can now be left, right, or center aligned and the background color of the panel can be customized. An optional page background image can be added to enhance the overall look and feel or to provide additional brand recognition when users visit the page. The custom logo field was split into two so that the logo on the login page and the one used in the header section on authenticated pages can be different sizes.
  • Added an additional Two-Factor Authentication (2FA) method to the Web Client to use Time-based One-Time Passwords (TOTP) for Web User authentication. Users can now use popular mobile applications like Google Authenticator as a second form of authentication.
  • Added the ability for Web Users to see who they have shared files and folders with, who has shared files and folders with them, and the ability to manage access for those shared items.
  • Added the ability to cancel active file transfers in the HTML file uploader.
  • Enhanced the HTML file uploader and Secure Form pages inside the Web Client to meet 508 compliance for keyboard tabbing to ensure items with focus are visually indicated.
  • Fixed an issue where the Forgot Password page in the Web Client confirms when valid user names are entered. The Web client will no longer reveal if the specified user name is valid.

Administration

  • Streamlined the licensing process for GoAnywhere MFT. An unlicensed server will now step administrators through the account registration and licensing process.
  • Added the ability for new customers to GoAnywhere to get a 7-day limited trial license automatically upon registration with the Customer Portal. This license will be upgraded to a full 30-day trial after the account has been validated by HelpSystems.
  • Added support for using Time-based One-Time Password (TOTP) applications, such as Google Authenticator, for two-factor authentication for Admin Users.
  • GoAnywhere MFT 6.0.0 requires Java 8. The GoAnywhere MFT 6.0.0 Upgrade Guide contains instructions for updating your JRE.
  • Enhanced the Admin Client user interface with a more modern look and feel, which includes the following enhancements:
    • Enhanced the default email notification templates with a more modern look and feel.
    • Enhanced the user interface of the embedded help documentation to match the new Admin and Web Client interfaces.
    • Enhanced the hover effects on table rows, the More Actions menu, buttons, and input fields in the Web Client and Admin Client interfaces with a more modern look and feel.
    • Updated the main menu in the Admin Client with new colors and better spacing.
  • Added a new page for Admin Users to quickly view all file system folders that Web Users and Groups have access to through Secure Folders. Administrators can browse the file system using the new View Web User Folder Access page accessible from the Web User list page. Each folder will indicate which users and groups have access to the folder along with their associated permissions.
  • Added the ability for Admin Users to use two-factor RADIUS (RSA SecurID) authentication.
  • Added a new Product Usage Report that shows the total number of transfers, Projects defined, number of users, and more.
  • Enhanced the Send Email action on Triggers to give administrators the ability to specify a priority on the email.
  • Added official support for the Azul Zulu JRE.
  • Added the ability to see active sessions for Admin Users.
  • Added admin logging for when an Admin User changes their own password.
  • Added admin logging and revision tracking to the FIPS 140-2 Compliance settings page.
  • Added the ability to send Administrator audit log events to a syslog server.
  • Added support for additional Mac and Key Exchange algorithms that can be used with the SFTP service.
  • Added prevention for SAML assertion replay attacks.
  • Enhanced password hashing to use the PBKDF2 (Password-Based Key Derivation Function 2) algorithm for Admin and Web Users. Existing users will automatically be updated to PBKDF2 password hashing on next login.
  • Enhanced the disable Web User process to immediately terminate active sessions for the user.
  • Upgraded the Maverick SFTP server API from 1.6.40 to 1.7.18.
  • Updated the embedded web help documentation to use JQuery 3.3.1.
  • Added the ability to import PKCS#5 encrypted private keys into the key management system.
  • Removed an extra database query that wasn't necessary during user authentication to improve performance under heavy load.
  • Upgraded the Microsoft SQL database driver to version 6.4 to support TLSv1.2.
  • Improved the documentation to include more information and procedures on how to renew expired certificates.
  • Removed a database query to get the Domain information that wasn't necessary during project execution which improves performance under heavy load.
  • Upgraded the Bouncy Castle API used for PGP, SSL, AS2, and more from version 1.48 to 1.60.
  • Upgraded the OWASP Enterprise Security API to version 2.1.0.1 and the XML Tooling library to version 1.4.6.
  • Upgraded the Apache Batik libraries version from 1.6 to 1.10.
  • Upgraded the Jasper Reports libraries version from 6.0.0 to 6.7.0.
  • Added the IECompatibility=/EDGE properties in the system.properties file by default for new installations.
  • Upgraded the guava library from version 17.0 to 26.0.
  • Upgraded the jackson databind, core, and annotations libraries from version 2.9.4 to 2.9.5.
  • Fixed an issue with the switch database process that was resetting the Maximum Idle Connections setting to 2.
  • Fixed an issue where Encrypted Folders could not be deleted if they were created using a network resource that no longer exists.
  • Fixed an issue with report generation to properly handle international characters.
  • Fixed an issue where disabled Domains may still show up in some cases when trying to add new items.
  • Fixed an issue where REST tasks using file-based keys were not properly validated when changing a domain to use the Key Management System.
  • Fixed an issue where enabling or updating the anonymous Web User account would cause an unnecessary error in the error log.

Agents

  • Added the ability to work with Amazon S3, WebDAV, Azure, and SMB Network Shares on GoAnywhere Agents.
  • Enhanced the Completed Jobs page on the Agent console to display jobs that were invoked by an Agent Monitor that called a project on GoAnywhere MFT.
  • Upgraded the Bouncy Castle API used in Agents from version 1.48 to 1.60.
  • Updated the Basic and Standard licenses on Agents into a single Standard license.
  • Updated the Agent log to record the operating system and JVM information at startup.
  • Fixed an issue where an Agent file monitor will hang if the connection between GoAnywhere and the Agent is broken.
  • Fixed an issue where Agents could not always delete a source file after it was moved to another system.

GACMD

  • Added a new Delete Secure Form command that can be used from GAcmd command line, REST, and SOAP interfaces.
  • Added new commands to configure a Web User's whitelisted and blacklisted IP addresses that can be used from GAcmd command line, REST, and SOAP interfaces.

GoDrive

  • Added the ability to generate and share public links to files and folders stored in GoDrive. Users can protect the URLs with a password, set expiration dates on them, and indicate whether recipients can upload files or download only. Recipients can view the files and folders without being a registered user in the system.
  • Renamed GoDrive Devices to Web User Devices in the GoAnywhere Administrator. Moved the device manager from the GoDrive menu to the Users > Web User Devices menu.
  • Renamed the GoDrive Manager admin user role to Web User Device Manager. The Product Administrator will role will now manage GoDrive settings and the Web User Device Manager will only manage Web User devices.

Project Designer

  • Added the ability to include directories in File Sets which includes the following enhancements:
    • Modified the Rename Task to rename directories when included in a File Set.
    • Modified the PGP Decrypt, Encrypt, Sign, and Verify tasks to ignore directories when processing File Sets.
    • Modified the Copy Task to copy directories when included in a File Set.
    • Modified the AS2 task to ignore directories when processing a File Set.
    • Enhanced the Move Task to recursively move directories when included in a File Set.
    • Enhanced the Delete Task to recursively delete directories when included in a File Set.
    • Enhanced the file transfer tasks for FTP, FTPS, SFTP, and more to create directories when they exist in a File Set on the Upload and Download actions.
    • Modified the Gzip, Gunzip, Unzip, and Untar tasks to ignore directories when unarchiving files or folders.
    • Enhanced the FTP Set Permissions task to include directories if they exist in a File Set.
    • Enhanced the remote server tasks for FTP, FTPS, SFTP, and more to create or remove directories when they exist in a File Set on the Move and Delete actions.
    • Enhanced the file transfer tasks for FTP, SFTP, HTTPS, GoFast, and Send Email to give the user the ability to ignore directories when they exist in a File Set.
    • Modified the Merge Files Task, Search And Replace Task, and Merge Reports Task to ignore directories when processing a File Set.
    • Enhanced the remote server file rename tasks for FTP, FTPS, SFTP, HTTPS to properly handle directories when they exist in a File Set.
    • Modified the Read CSV, Read Excel, Read Fixed Width, Read Flat File, Read XML, and Read JSON tasks to ignore directories when processing File Sets.
    • Enhanced FileSet input and output variables to better support working with directories in Project Workflows.
  • Created a new DateMillis function for project workflows that converts a specific date and time into milliseconds.
  • Created a new DateDiff function for project workflows that compares two dates and times and returns the difference between them.
  • Added two new tasks to Base64 encode and decode files.
  • Added placeholder text to display the default values of fields in Resources and Tasks within the Project Designer.
  • Improved the performance of the project execution life-cycle by reducing the overhead required for looking up projects, project folders, and permissions.
  • Increased the width of wildcard pattern fields to display 60 characters.
  • Fixed an issue where a certificate error in the AS2 Task would indicate the certificate was located in the File Based Default Trusted Certificates Key Store instead of the Key Management System.
  • Fixed an issue where Project definitions could be deleted if they were used by an Agent Monitor.

Resources

  • Added a new action on the list page for Resources that allows you to test the Resource connection without going into the edit page.
  • Added the ability to click on labels for Resource attributes to get additional information about the field.
  • Updated the JNQ API used by SMB Network Shares from version 1.0.1 S7 R2750.7 to jNQ-1.0.2.br-1.1

Secure Mail

  • Added a recipients variable to Secure Mail Email templates so each recipient can see all other recipients of the Secure Mail Package.
  • Added the ability to send Secure Mail Package passwords to recipients using SMS text messages.
  • Added a new Ignored Attachments tab to the Secure Mail settings to provide the ability to ignore specific attachments, such as company logos in email signatures, from being sent with the Secure Mail Package.
  • Enhanced the Web Client to only show the Secure Mail menu item for Web Users when they have the ability to send messages or when they have items in their inbox.
  • Fixed a typo in the confirmation dialog when deleting an entry in the Address Book.

Services (FTP, FTPS, SFTP, AS2, GoFast)

  • Added the ability to restrict GoFast, SFTP, FTPS, FTP and HTTPS listeners to a specific Domain, which allows administrators to assign Web Users to specific Web Client Brands.
  • Increased the performance significantly for Web Users that log in frequently by caching the virtual file system for that user. For example, automated processes that log in to FTP or SFTP every second.
  • Fixed an issue in the asynchronous receipt validation process for AS2 where the key used for trust was being pulled from the default trust store file rather than using KMS.
  • Fixed a spelling error in the SFTP Permission Denied message.
  • Fixed an issue where the JVM maximum memory for GoFast was not calculated correctly when displayed in error messages.

GoDrive for Windows

Version: 2.5.0
  • Upgraded the type of file system mount used by GoDrive to avoid issues if legacy mounts are disabled.
  • Fixed multiple issues related to Microsoft Office documents being corrupt, leaving behind temporary files, or causing GoDrive to go into Read Only mode.
  • Fixed an issue where conflicting folder names could cause GoDrive to go into Read Only mode.
  • Fixed an issue where changing a user’s permission to a shared file/folder could cause GoDrive to go into Read Only mode in specific scenarios.

Secure Mail Outlook Plugin

Version 2.4.0
  • Added the ability to request files from recipients. This new option will send a unique link to recipients requiring files to be uploaded and returned to the requester.
  • Removed duplicate files inside the installer that could cause mismatched hash values when validating the install.
  • Improved the transition of UI windows and error dialogs during the login process.
  • Improved how often a warning message will appear when starting Outlook after an interrupted attempt to send Secure Mail.
  • Improved the uninstaller so the plugin is completely removed after uninstall.

Back to Top

 

Halcyon


Version: 4.1
Enhancement
  • Task Supervisor now includes the ability to restrict user Roles by Group.
Fixes
  • Task Supervisor now allows the completion of a task without needing to provide a comment.
  • Task Supervisor now allows the use of special characters in passwords.

Back to Top

 

Insite


Version: 2.6.1
  • Performance improvements have been implemented for Vityl IT & Business Monitoring.

Back to Top

 

Powertech


BoKS Control Center

Version: 7.2
NOTE: For system requirements including supported platforms, see the FoxT Control Center 7.2 Installation Guide. For Known Issues in this release, see the section "Known Issues" in the Administration Guide.
New Features
  • Updated to support BoKS 7.2 features and functions.

  • Additional authentication methods can be used to log in to FCC: Radius password and YubiKey.

Enhancements
  • FCC is delivered as an additional package as an RPM.
  • The installation has been split into an install program and a setup program.
  • FCC checks that the correct Java version is installed.
  • The list of installed hotfixes is updated every t-ime the user opens or reloads the Start page.
  • Program groups that are members of another program group are displayed as links you can click to go to the Program group details page.
  • Program groups that appear in Access Rules are links to the Program group details page.
  • It is easier to configure a Replica for failover, with support for this in the setup program.

 

Other Updates
  • Java is now required to be installed on the system before installation / upgrade.

  • CAS-194895-M6Q4W1 - Autocomplete fields now search for matching items from the beginning of the name with the exception of the "user" autocomplete field that searches throughout the name.

  • CAS-0010107691 - Added the option ANY/* to the dropdown for domain access policies.

BoKS Manager

Version: 7.2
NOTE: For system requirements including supported platforms, see the BoKS Manager 7.2 Installation Guide. For Known Issues in this release, see the section "Known Issues" in the Administration Guide.
New Features
  • RADIUS Authentication

    Support is included for authentication against a RADIUS server.

  • Yubikey Authentication

    Support is included for authentication using Yubikey password tokens as a secondary authentication method. Note that only the primary authentication method is recorded in the BoKS audit log.

  • Disable password hash formats

    Functionality is added so that password hash formats for user password can be allowed / disallowed in the domain. You can allow / disallow different sets of formats for functional and non-functional accounts. The ability is added to indicate which accounts are functional in order to be able to manage password hash formats separately in this way.

  • Database download speedup

    Enhancements to database download operations are added with 2 new daemons for improved download speeds.

  • Host last activity

    A function for monitoring and listing host last activity is added to enable you to more easily see hosts that are not being used and proactively manage your BoKS domain.

  • Removed Functionality

  • Support for SafeWord Tokens
  • Authentication using SafeWord tokens is no longer supported, therefore the SafeWord authenticator type and the Access Rule modifiers desgold and harddesgold are removed.

    Any Access Rules in the database that have the desgold or harddesgold modifiers for Safeword authentication are not restored when you upgrade. These Access Rules are instead listed in the file $BOKS_tmp/deleted-access-rules-<pid of boks_bru>.txt. You can review the Access Rules in this file, if any, and determine whether they need to be recreated with an alternative authentication method in the new BoKS database.

  • Support for xRBAC

    The xRBAC feature is removed, including support for xRoles and xRolesets, OSroles, and the SWROLE access method.

  • Support for BoKS Desktop / User Virtual Cards

    Support for the BoKS Desktop product and user virtual cards is removed.

    CA classifications related to user virtual cards, KR, SCLOCK, OLD and TEMPORARY, are removed.

    The usrcreds program is removed.

    User certificates from external CAs are still supported for certificate authentication in BoKS SSHD. External certificate mapping to BoKS users is managed using the mapcert and certadm CLI programs.

  • Support for BoKS Server Agent for Windows

    Support for the BoKS Server Agent for Windows product is removed. This means the following are not included / supported in BoKS Manager and FoxT Control Center:

    • The user types Windows Local and Windows Domain, including support for these user types in LDAP synch.
    • The host types Windows server agent and Windows server agent DHCP.
    • The access methods NETSHARE, WINLOGIN, WINNETSHARE, WINRDP and WINRUNAS.

    See also the changes to programs and other functions relating to this removal in the Enhancements section.

Enhancements
  • Access Rules The supported host prefixes for use in Access Rules have changed. In BoKS Manager 7.1, the following prefixes were supported: ANY, BOKS, KNOWN, NONBOKS, UNIXBOKS, WINBOKS. In BoKS Manager 7.2, the following prefixes are supported: ANY, KNOWN, NONBOKS, UNIXBOKS

  • For boksversion, a new option, -h, can be used to list the hotfixes currently installed on the host. For more information, see the BoKS man page boksversion.
  • lsbks -p now lists user info in passwd format without including the password hash. The letter 'x' is printed in the password hash position of the output. The lsbks -D <list-spec> option by default uses newline as delimiter both between different users and between different attributes for a user. The new option -d <delimiter> can be used to change the user attribute delimiter to something other than newline so that all output for a user is printed on a single line.
  • Host virtual cards are converted to PKCS#12 containers. Host PKI credential container format changed from Virtual Card to PKCS#12. Existing Host Virtual Cards are converted to PKCS#12 format when restoring a pre-7.2 backup with boks_bru. To be backward compatible with pre-7.2 Master/Replica domain, BoKS 7.2 Server Agents can still use host PKI credentials in Virtual Card format. To supply pre-7.2 Server Agents with host certificates, BoKS 7.2 Master/Replicas need the boksp12tovc program to convert PKCS#12 containers to Virtual Card format. The boksp12tovc program is not included in the BoKS 7.2 distribution, but can be installed as a hotfix if needed.
  • For dumpbase, the option -t can now be used to dump multiple tables. The parameter is a comma-separated string of table numbers or names with no spaces allowed. Tables are dumped in the order specified.
  • For bksdef:
    • a new flag is added, --trust-dns-less {enable | disable}. Enabling this fixes issues #9814 and #9816, but makes some small changes to the way BoKS tests authorization so can affect customers upgrading (for this reason, this flag is disabled if upgrading an old database). See NOTE ON DNS in the bksdef man page for a full description.
    • removed obsolete flags -p and -u (used for disabling updating of password hashes in /etc/passwd).
    • removed 'lastchange' field from bksdef. It was prominently printed first, but was only updated by rmbks, mkbks, and modbks, and thus misleading.
  • A LASTACTIVITY field is added for hosts which is updated once per day if the host is up. 7.2 Server Agents will make a call once per day if they are up so the field is updated. For older clients the field is updated only if they make calls to servc. "hostadm -l -o N" will list hosts with LASTACTIVITY older than N days sorted with youngest first with hostname and date, one per line. For hosts with no LASTACTIVITY set, it is listed as -. Also shows up in host listing (hostadm -l) for BoKS hosts.
  • The maximum supported value for shared memory, set using the SHM_MAX ENV var, is now 4000000.
  • When running boksinfo, the resulting BoKS/boks_var.txt file no longer includes the files below $BOKS_var/kslog unless the -k switch is given. The reason is that the information is seldom needed, and some customers have very many files below that directory, so the resulting archive becomes very large and cannot easily be uploaded to FoxT Customer Service.
  • A new CLI program has been added for managing external authentication server list, extauthadm. The extauthadm program supersedes ldapauthadm but ldapauthadm is still supported. extauthadm adds support for multiple types of authentication servers. Currently only type "ldap" is used but further server types will be added in future BoKS versions. The new ENV variable EXTAUTHSITE can be used to get a site-specific lookup of external auth server, see ENV(4B).

  • ENV SERVC_EXTERNAL_REQ_DISABLE can now also be used on Replicas. Previously it was only effective on the Master and ignored on Replicas.

  • ABAC/boks_bccasd changes: The removal of virtual cards (replaced by PKCS#12 for hosts only), Windows users and groups, and the XRBAC functionality affects the bccasd API accordingly. In particular, the ABAC rules in an existing bccas-abac.yaml file from an earlier BoKS version will probably need to be updated. In BoKS 7.2 the file will be successfully read, but warnings will be logged in $BOKS_var/boks_errlog. Running bccasdabac will check the bccas-abac.yaml and print the warnings on stderr. Old "virtualCard" references should be changed to "certificate", except in the case "read host virtual card" (now P12) which should be changed to "hostP12".

  • For kslog:
    • on 7.2 Server Agents, when using kslog=4 on SUEXEC or SSH access rules, it no longer reads configuration from the local ENV variable KSLOG_DEFINITION. Instead you should use modifiers kslsize, ksltime, kslog_max_input and kslog_max_output on the SUEXEC or SSH access rule. These can be applied to any kslog level. Without these modifiers kslog=4 will behave as kslog=3 on 7.2 Server Agents. To make older Server Agents behave the same way, you need to apply hotfixes. HFBM-0230 (BoKS 6.7), HFBM-0231 (BoKS 7.0) and HFBM-0232 (BoKS 7.1).
    • changed the logging message for log started in kslog, where the new tty is now logged.
  • For boksdiag, you can now use boksdiag pushbatch ip-address [ip-address ...] to force a send retry of batched Server Agent updates to given IP addresses instead of waiting for up to 30 minutes for it to happen.
  • RFE #13863 - For setup / convert, when the BoKS Master is set up, the nodekey is now saved in the file $BOKS_etc/nodekey. This means that you do not have to enter the nodekey manually if you convert the Master to a Replica.
  • The upgrade_client script now attempts to migrate any changes in the old $BOKS_etc/sshd_config..* files to the new ones. The original files are saved with extension .pre_upgrade as before. If any changes are made to the new sshd_config..* files, the original ones are saved with extension ..org. Any changes in the new files is prefixed by a comment. Exceptions to migrating changed attributes:
    • Any changes to the PermitTunnel attribute are not migrated as allowing this presents a security risk. This must be turned on manually after migration if it is wanted.
    • The attribute KerberosAuthentication was set to yes in the BoKS 6.6 sshd_config..active file. This attribute is now ignored when BoKS is active (and kerberos authentication is controlled by flags to Access Rules), so it is not migrated.

    See also fixed issue #9912, #12297.

  • The BoKS ENV variable TRUST_EXTERNAL_PASSWORD is no longer supported.
  • $BOKS_var/btmpx is now removed and has merged with $BOKS_var/btmp. This has enhanced the stability of inactivity timeouts. The command "bwho" no longer supports the options -x and -X.
  • When a license is in violation, it is not possible to add new User Classes or Host Groups, in addition to new hosts.
  • The default maximum password length is now 72 (instead of 8).
  • The password history max length of 20 is now enforced, it was previously documented but not enforced.
  • The concept of "functional account" (as opposed to a "real user") is now expressed with a flag in the user database and can be modified and viewed with mkbks/modbks/lsbks and through boks_bccasd. The previous boks_bccasd specific function with $BOKS_etc/funcacc.conf has been removed. The file $BOKS_etc/funcacc-template.conf is no longer part of the distribution. When upgrading, users are updated according to the old funcacc.conf file (using the tool funcaccupdate), if there is one, and the config file removed.
  • Two new daemons have been added to handle database table download from Master to Replicas. boks_download_m runs on the Master and boks_downlaod_s on the Replicas. They use TLS for encryption and use the BOKS servc port (via portmux) for communication. They are introduced to speed up database download. The following ENV vars are added to manage these daemons:
    • DOWNLOAD_CIPHER_LIST (MR) List of TLS cipher suites to use
    • DOWNLOAD_M_NTHREADS (M) Number of worker threads used by boks_download_m daemon. This sets the maximum number of replicas the daemon can download to simultaneously, 1 - 128 , default 16.
  • The BoKS internal CA store for certificate and private keys (earlier VC files now P12 files) moved from $BOKS_data/sso_creds/ca_creds/keypkgs/ to $BOKS_var/ca/. If container lock pin is saved, the file with the saved pin is also stored in the $BOKS_var/ca/ directory.
  • The KSL Administrator password hash format is changed from an MD5 hash to a standard SHA512 password hash. The old MD5 hash is still accepted for verification, but when setting a new KSL Administrator password the SHA512 password hash will be used.
  • The boks_pkcs7 command has been replaced by bokspkcs7 with similar functionality but using P12 container format instead of Virtual Cards.
  • BoKS internal CA is changed to use PKCS#12 (P12) containers for certificate and private keys instead of the proprietary Virtual Card (VC) container format. As a result of the change a number of CLI programs for management of VCs are replaced by corresponding programs for P12 container management:
    • vcgen -> boksp12gen
    • mkvc -> boksp12create
    • vcdata -> boksp12data

    BoKS Server Agents can use host certificates stored in either P12 or Virtual Card format to allow 7.2 Server Agents to be used in pre-7.2 Master/Replica domain. When upgrading the Master in a pre-7.2 domain, Host Virtual Cards in the database are converted to P12 format. CA Virtual Cards conversion to P12 format is also done automatically for CAs with saved CA pin. For CAs where the pin is not saved to file the conversion can be performed after restoring the database by running the script boksca_vc_to_p12.pl in interactive mode and entering the CA pin when prompted.

    BoKS # pcb $BOKS_data/perl/boksca_vc_to_p12.pl

  • ssh_keyreg now silently ignores the -t keytype option when doing "ssh_keyreg -w [-i ip] -k base64key -t keytype". The key type is extracted from the base64key string.
  • When running "BoKS # hostcreds list [-h host]" and no host credentials found the command earlier exited with code != 0. Now empty credentials list only gives exit code != 0 if a host is explicitly specified.
  • servm now logs DB compound DB updates that take longer than 20 seconds to complete to a file servm.slow in the monitoring directory. By default this file grows to 1000 Kb before it is renamed servm.slow.bck and a new file is created. THe size can be changed using the ENV parameter SERVM_SLOW_MAXFILESIZE_KB (or SERVM_SLOWLOG_MAXFILESIZE_KB).
  • The password "look alike" check has been completely rewritten. See the documentation for the new variables CHANGE_PSW_ED_QUOTIENT and CHANGE_PSW_LCS_PERCENT in ENV.1. The ENV variable CHANGE_PSW_DIFF has been removed, as it is no longer used.
  • The "hgrpadm -R" command is no longer supported. See also Fixed Issue #9906.
  • From BoKS 7.0-7.1 it was possible to add multiple LDAP server URIs in a single database record. This is no longer supported. Server URIs must be added one by one. This also makes it possible to modify server URIs independently of each other. When upgrading from pre-7.2 LDAP server URI records with multiple URIs will be split up into multiple records with one URI each.
  • Added support for use of StartTLS in ldap protocol for external LDAP authentication with the optional parameter START_TLS=1.
  • For boks_uname, removed all lowercase options, and thus the call to the system's uname command. They were just passed on to the system's uname which returns very different things on different OSes with the same flags, and were never used by the BoKS installation/setup procedure anyway.
  • It is now supported to modify the name or GID of multiple Unix Groups in one operation using groupadm. This can be useful if you need to change names or GIDs but doing this for one group at a time would create conflicts. For example to change the GID for multiple Unix groups: groupadm -m -n H1:grp -n H2:grp ... -i 4711 -c 'new gid' or groupadm -m -n '*:grp' -i 4711 -c 'new gid' In both cases the groups must already exist and have the same groupname and GID. To change the group name on multiple Unix groups: groupadm -m -n H1:grp -n H2:grp ... -R newgroupname -c 'new name' or groupadm -m -n '*:grp' -R newgroupname -c 'new name' In this case the groups must already exist and have the same name, but can have different GIDs.
  • As part of the removal of functionality related to BoKS Server Agent for Windows, the following changes have been made to the CLI and BoKS database.
    • CLI:
      • lh: removed flag -p
      • checkovacts: flag -f obsolete but still accepted
      • bksdef: removed flags -W, -h and -c and options W, h and c to the -D flag
      • modbks: removed flags -K, -O, -R, -W and -S
      • mkbks: removed flags -a, -K, -O, -R, -S, -W and -n
      • mapkerberos: removed flags -w and -g
      • hostadm: removed support for host types WINBOKSCLIENT and WINDYNIPCLIENT
      • groupadm: removed flags -L and -N
      • adgroup: removed flags -m and -w
      • boksrule: removed flag --share and support for access methods WINLOGIN, WINRDP, WINRUNAS, WINNETSHARE and NETSHARE
      • boks_bru when restoring an old database: – Users of type WINLOC or WINDOM are removed – hosts of type WINBOKSCLIENT or WINDYNIPCLIENT are converted to NONBOKSHOST – The access methods that are no longer supported are removed from Access Rules – Program group members that refer to windows programs are removed – Any data in tables 23 (WINUSERATTR) and 30 (WINUSER2GROUP) is removed – In table 68 (KERBEROS2USERMAP) the field WINDOMUSER is removed – In table 71 (SSHPUBLICKEYUSER) if the owner field refers to a Windows user it is cleared
    • DB:
      • Table 0 (SYS) fields NETSHARE_CACHE_TIMEOUT and NETSHARE_LOG_INTERVAL removed
      • Table 23 (WINUSERATTR) has been changed to SPARE_23 with different fields
      • Table 30 (WINUSER2GROUP) has been changed to SPARE_30 with different fields
      • Table 68 (KERBEROS2USERMAP) field WINDOMUSER has been dropped
  • For lsbks:
    • removed the obsolete flag -n
    • removed support for flags -O, -w, and -E
    • option -P has been removed. It was previously used to support a since discontinued GUI in a very old version of BoKS.
  • For Replica communication / load-balancing, for BoKS Server Agents older than 7.1 that don't have the load-balancing hotfix (HFBM-0191 / HFBM-0192) installed, load-balancing is achieved by the Replica delaying the reply to ServerAgent Replica discovery calls. The amount of delay used for the discovery call reply is changed since the boks_bdpsd daemon now uses direct access to boks_udsqd when reading the servc queue length. This should result in a delay that better matches what is described in the BoKS documentation. Earlier, the queue length query itself ended up in the queue and delayed the reply in addition to the delay specified by BRIDGE_QUEUE_DELAY and BRIDGE_QUEUE_LOW. Note that this change only affects Server Agents older than 7.1 that don't have the load-balancing hotfix installed.

  • For mkhome:
    • option # to the command mkhome -H no longer has any special meaning. As a consequence, mkhome no longer sends options -M or -n to the mkhome hook scripts.
    • the program now always calls any configured hook scripts, when creating home dirs. Previously the flag -H was needed, but this behavior was a remnant from the old BoKS Administration GUI, and it overloaded the -H flag normally used for physical home dirs.

  • For Access Rules, modifiers kslfblocal, and the misspelled variant kslfblocally, are no longer valid. This behavior was already the default, and the modifiers had no effect. These modifiers are stripped from existing rules upon upgrade to BoKS 7.2.
  • The programs pgrpadmin, lsbks, hostadm, hgrpadm, groupadm, and classadm now return 2 instead of 0 (or in some cases instead of 1) when trying to list fully specified objects that do not exist. See man pages for details.

  • For boksrule:
    • The command boksrule --list now does literal searches by default. To perform regex searches for options --user-name, --user-class, --method, --source, and --destination, you can use the new option --regex.

    • boksrule -l now lists modifiers as "modifier" instead of "modifier=+1", and "-modifier" instead of "modifier=-1".

    • Added capability in boksrule to search for Access Rules with given modifiers. If '=' is given, the part following it may be a regular expression, e.g. boksrule -l --flags 'chroot=/.*/foo', or boksrule -l --flags 'kslog=(2|3)'.
  • For hostadm:
    • As part of stricter argument checking, if you convert a host to a DYNIPCLIENT you MUST specify hostid. Any existing ip-address for the host in the DB is removed. If you convert a host from DYNIPCLIENT, you MUST specify an ip-address. The existing hostid in the DB is removed.

    • ‘hostadm -d -b hostid’ is no longer supported. This operation did not function as intended since it removed the hostid, but left the HOST_DYNIP flag set. The correct way is now to convert the host to another type (and provide an ip-address if the host does not yet have one).

    • hostadm no longer supports setting and clearing dynip flag. The only way to affect this flag is to change typ to/from DYNIPCLIENT.

  • For routeadm / setup, option -D is removed (used to add default legacy routes / classes). The file $BOKS_etc/userclass_default_routes (used by above) is removed.
  • Removed the $BOKS_etc/ports file, which is not used.

  • The programs modrun, module, and ssoconf, related to BoKS Application Agents, are removed from $BOKS_lib. The bccas function listAgentMethods is also removed.

  • The Heimdal kerberos library used in previous BoKS versions has been replaced by MIT kerberos as this is considered a more widely supported platform.
  • OpenSSL has been upgraded in this BoKS version from v. 1.0.2 to v. 1.1.1.
  • SSH stream forwarding, which is subject to some security vulnerabilities, is disabled in this version of BoKS.
  • The root account can now be defined as a role on Solaris hosts. See the BoKS Manager 7.2 Installation Guide for more information.
Other Updates
  • RC5-128 encryption is deprecated and may not be supported in future versions of BoKS. The BoKS Server Agent upgrade program is modified to use AES-128 encryption instead of RC5-128 encryption if the local nodekey is 128-bit.
  • The command modbks -G, used to change the Host Group part of a user account, is enhanced with support for wildcard members added to Host Groups and support for handling users with the same login name in different Host Groups.
  • CAS-0010121791 - An enhancement was made in the code for deleting items from the BoKS database that speeds up deletion in large tables by a factor of ~ 2.

  • CAS-0010118871 - The boks_bdpd daemon is redesigned to minimize reply times to UDP discovery messages. Also the SERVC_EXTERNAL_REQ_DISABLE is now effective both on Master and Replicas.

  • CAS-0010123577 - A fix for the vulnerability CVE-2017-15906 is included in this release.

  • CAS-0010118605 - boks_bridge connection counter handling is updated so counter value always matches the actual number of connections, thus avoiding false triggering of the max connection limit.

  • CAS-0010120910 - Max history length for checkout-enabled passwords is now set to 10 to minimize risk of overflow.

  • #12920, CAS-184249-V9D0D0 - An issue was fixed that caused multiple shared scp sessions and FTL to stop responding and could generate SSH ID mismatch errors.

  • CAS-0010115630 - The man page for boksrule no longer lists use_frompsw as a valid modifier for SUEXEC.

  • CAS-0010114897 - An issue was fixed that caused SecurID authentication to stop working when the authenticating user had the environment variable http_proxy set.
  • CAS-0010104374 - Auto-registered hosts no longer experience a delay in the population of the /etc/passwd file when they connect to the BoKS infrastructure.
  • CAS-0010112941 - The initial PATH set by boks_sshd has been updated to match that of the native ssh.
  • CAS-0010114844 - The option "hostadm -l" now has correct error handling for any unsupported additional arguments.
  • CAS-0010114844 - The option "hostadm -l -t NONBOKSHOST" now lists all hosts with type NONBOKSHOST as it is supposed to.
  • CAS-0010114844 - The option "hostadm -lC" did not function correctly from BoKS 7.0 and produced identical output to "hostadm -l -S". This is fixed.
  • CAS-0010114682 - An issue in the freeradius client used by the BoKS RADIUS client caused it to always set identifier to 103 in the RADIUS packet. This issue is fixed.
  • CAS-0010102348 - BoKS was not able to set field 3 in /etc/shadow to NULL. This field now becomes empty if PSWLASTCHANGE for a user in the BoKS database is 0 (e.g. when user is created but no password is set).
  • CAS-0010108922 - A fix for the vulnerability CVE-2016-12 in boks_sshd is included in this release.
  • CAS-0010108922 - A fix for the vulnerability CVE-2016-11 in boks_sshd is included in this release.
  • CAS-0010108922 - A fix for the vulnerability CVE-2016-10 in boks_sshd is included in this release.
  • CAS-0010108922 - A fix for the vulnerability CVE-2016-8858 is included in this release.
  • CAS-0010104374 - When adding a host to a Host Group, BoKS could send out bogus update_group requests for all users on that host that had the secondary group flag set if Unix Groups were created on the host. This issue is fixed.
  • CAS-0010108500 - Improvements have been made in the error statuses written to boks_errlog, for example in the case of a DNS mismatch with /etc/hosts.
  • CAS-0010105415 - An issue has been fixed whereby if a user performed suexec to run a BoKS shell as root, and then performed subsequent suexec commands, these were logged as being done by root, not the original user. Now the original user is logged in this scenario.
  • #14535, CAS-184623-Y0J9S3, CAS-0010103964 - The extension "=+1", which is for internal use in the BoKS database, is no longer displayed in Access Rule listings by boksrule and lsbks, and access modifiers are correctly transferred when upgrading.
  • #14120, CAS-184583-L2Y7F3 - You could not debug the program $BOKS_lib/boks_create_homedir using bdebug, but now you can use the program label "createhomedir" for bdebug if the ENV file parameters CREATEHOMEDIR_DEBUG_LEVEL and CREATEHOMEDIR_DEBUG_FILE are set.
  • CAS-184728-J9L0P3 - Under certain circumstances servc could dump core for a user with a "must use" LDAP authenticator, leaving the user unable to log in to servers.
  • CAS-0010103938 - Trying to block an already blocked user, or unblock a user that was not blocked, made BoKS Web Services Interface return a 500 internal server error.
  • CAS-0010102899 - When you set a limit for maximum number of SSH user keys using the command "bksdef -k", there was insufficient input validation. A maximum limit of 65535 has now been set on the value for this setting.
  • #14471, CAS-184612-K2M0D2 - When you tried to import Unix Groups from a host in FCC 7.1 the operation could fail in some circumstances with the message that the host did not exist, due to an issue in the admin server code.
  • #14402, CAS-189060-Q0T2F8 - When the Master is installed the function to "truncate UNIX password to first 8 characters when checking new password against password policy" is disabled by default. In previous versions it was enabled by default. You can if required enabled this function using the command "bksdef -T enable". Note that if this function is enabled and the minimum password length is greater than 8, the password length restriction check always fails and users are prohibited from changing their passwords.
  • #13832, CAS-184201-M4Q1K7 - Inactivity timeout settings for to-user on SU and SUEXEC Access Rules with keystroke logging enabled did not function correctly.
  • For the deprecated program ttyadmin the option -LP|C has been removed as it did not return the correct output. The option -LA (list all access methods) is still supported.
  • There was no man page for the file $BOKS_etc/consoles. The man page consoles.4 has now been added.
  • #13947, CAS-184579-H3V9S8 - When you installed BoKS an SSH host key was registered to the database without this being logged. This was because the command ssh_keyreg -b, which is run by sshd_setup during BoKS installation, did not generate any logs.
  • #12297, CAS-187552-F3N4Y9 - When upgrading a Server Agent using upgrade_client, only the UsePrivilegeSeparation and Subsystem sftp settings in the sshd_config* files were restored. Now all customizations in these files are restored except PermitTunnel and KerberosAuthentication.
  • #13945, CAS-183999-L1J9V4 - When boks_init gave up respawning a process and reported this to boks_errlog, the severity classification label was set to “warning” when it should have been “error” to better draw attention to the issue.
  • #13787, CAS-187041-W6J8T8 - The output from bokslicense -l always listed non-enforcing licenses as “In compliance” even if they were over the limit on number of hosts. These type of licenses are now listed as “Not enforced”.
  • #13930, CAS-188980-M4L4W2 - Updates to the BoKS bridge communication protocol on BoKS Master/Replica caused incompatibilities with BoKS 6.5 and 6.6 Server Agents.
  • #13896, CAS-188970-F5N8G9 - Alarm log handling commands with parameters or that expected an end of file did not work correctly, changes to configuration required a Boot of BoKS and proper error messages were not provided for bad commands.
  • #12544, CAS-186858-Y5P7F4 - The boks_drainmast process used a write lock on the database even though it only reads. Also, in some cases boks_drainmast generated more psw update messages to the clntd send bridge than needed.
  • #13860, CAS-183997-Z9G3S4 - When keystroke logging (kslog) was enabled for SSH_EXEC Access Rules, the uid was changed to root and not changed back to the login user.
  • #13930, CAS-188980-M4L4W2 - When servc is communicating with BoKS 6.5 Server Agents and cannot extract the BoKS version and OS release from the startup log message, it dumps core as a result.
  • #13225, CAS-187156-D0L4B0 - When creating a user account in BoKS and providing an LDAP Distinguished Name, the mkbks command required a one-to-one mapping between the user and the Distinguished Name (DN). This made it impossible to map a single LDAP user to multiple BoKS users defined in different Host Groups. The one-to-one enforcement has now been removed from mkbks.
  • #13778, CAS-187272-Q3M1M7 - Under certain circumstances udsqd attempted to free memory multiple times, with a resulting negative impact on performance. Also, forked receive bridges looked up the last hostkey for each message to de/encrypt even though they only read/write messages to the same host. The forked receive bridges now cache the hostkey in local memory, improving performance.
  • #13620, CAS-184240-T9F8L0 - When user data checking (UDC) failed, a generic error message was displayed that did not provide information about the specific problem.
  • #8717, CAS-189106-Q8Z4V9 - If TLOCK has been configured for a user, the inactivity checker in boks_bksd ignored changes on modification date of the tty device, even if logged in on a non-Solaris host (i.e. a host that lacks support for Tlock).
  • #8323, CAS-189101-V3Z8Z0 - The command hgrpadm -R, which could be used to list Host Groups, was much slower than the command hgrpadm -l, also used for listing. Support for hgrpadm -R has been dropped from BoKS 7.2, and hgrpadm -l should be used instead.
  • #13722, CAS-187285-X8M1H7 / #13734, CAS-187290-Y9C4M9 / #13719, CAS-187289-T8M9L3 - Secondary UNIX groups were not properly updated on Server Agents in certain scenarios depending on the order in which commands were executed.
  • #13507, CAS-184238-N2T1P8 - Shared memory was allocated with a default size 1MB, no matter what size was configured, when a BoKS host was converted from Replica to Master.
  • #8052, CAS-188393-J7Q1T1 - The lsbks command had an obsolete option -n that improperly listed non-functioning authenticators that were administrated through modbks rather than authadm.
  • #13562, CAS-187349-S6N1C7 - ssh failed intermittently with the error “Permission denied” when there was a large number of messages in the servc queue.
  • #13662, CAS-187014-G3R3G3 - The operation to delete a Host Group with a large amount of members could return an error “Internal server error” and cause some processes on the BoKS Master to stop responding.
  • #9531, CAS-184007-W6N5J9 - The filmon program could incorrectly report that a file had changed even though this was not the case.
  • #9938, CAS-185034-H5Z1M2 - When logging in to HP-UX with rlogin and a script configured in the ENV parameter T_LOGOUT to control inactivity monitoring, the corresponding btmp file entry could be erroneously deleted, disabling inactivity monitoring.
  • #9754, CAS-185079-G2X3M6 - When an issue occurred during setup of BoKS, the setup program aborted and could leave the installation in a half-finished state. The setup program has been enhanced to exit in the event of one operation failing and report which operation failed so that you can take appropriate action and rerun the setup.
  • #13532, CAS-187310-G0X3N5 - The boks_bridge process failed to bind the address if IPv6 had been disabled.
  • TFS-110905-012857, CAS-188746-B5S9L6 - The adminwiz and, later, fccsetup programs did not check for the existence of a nodekey for the BoKS Master if it was moved to new hardware but no nodekey was created, so did not display a useful warning to enable the issue to be resolved.
  • #13417, CAS-187096-G5G9K8 - The command “adgroup -l” accepted the admin_user argument (i.e. “admin@DOMAIN”) without returning an error, but admin_user should only be used with the -a and -d options for adgroup.
  • #13069, CAS-184145-B7S7Y3 - The ENV variable BRIDGE_DOMAIN has a documented range 0-9 and enforcement of this range was added in code to enhance load-balancing. However there is actually no need for a 0-9 limit as long as the resulting port numbers are below 65535.
  • TFS140924-015120, CAS-183979-Z7M4N4 - On some platforms if the showmaster program was unable to locate the server, the message "Alarm clock" was printed on the user’s screen.
  • #13206, CAS-184127-R1V6B2 - If $BOKS_etc/savefiles or $BOKS_var/savefiles were empty boks_bru aborted with exit 1 and no error message was produced.
  • #12686, CAS-187446-Z1Y7H7 - It was possible to remove the Master from the BoKS database using the hostadm program without supplying a force flag to the program.
  • #11802, CAS-184079-N3D5Q0 - The suexec safepath test deemed it unsafe to run an executable in the /tmp directory because the directory is world writable, but if the /tmp directory has the sticky bit set (the normal case) it is actually safe.
  • #11973, CAS-187679-C0G4L3 - If the $BOKS_etc/nodekey file was missing or corrupt the hostkey command failed and was thus terminated by a SIGSEGV without logging a warning to $BOKS_var/boks_errlog.
  • #12298, CAS-184349-B8R8V3 - If you had a definition in host2profiles specifying a Host Group, but used the -h option to specify a hostname using the CLI program mkhome, the Host Group wasn’t matched.
  • #9938, CAS-184349-B8R8V3 - Inactivity timeout had three separate problems for telnet on HPUX: 1) The T_LOGOUT parameter for custom configuration was not recognized. 2) The action at timeout sent SIGUSR1 to the user’s shell once and this could be trapped and ignored by the user. 3) The btmp entry was cleared unconditionally so that no further inactivity checking could be made in that case.
  • #13292, CAS-187242-D9D9K0 - A lack of validity checking by ssh_keyreg meant that invalid SSH public keys could be created both using the CLI and FCC.
  • #14102, CAS-184591-D2H1X4 - BoKS xdl failed to start on Debian 9.
  • #14357, CAS-189062-D4P9K1 - A segmentation violation occurred in boks_sshd with remote command execution if the length of the command line argument exceeded 10232 characters (approx 10 KB).
  • CAS-0010102573 - SecurID login to FCC did not work with hotfix HFBM-0234-2 installed.
  • #14269, CAS-184631-P1C8B1 - Child receive bridge could crash if the caller closed the connection prematurely.
  • #13236, CAS-189160-P7V2S4 - A timeout could occur when listing Host Groups with many members using "hgpadm -l".
  • #14127, CAS-184796-F7B8V8 - A suexec Access Rule with a wildcard in the to-user part allowed access to root. This is changed to work like SU Access Rules, i.e root access is not included for wildcards.
  • #14127, CAS-184796-F7B8V8 - A user logging in with BoKS sshd on Red Hat with SELinux enabled did not get all the ENV vars in their session they would get with the OS sshd. Now the following ENV vars are also available when logging in with BoKS sshd: SELINUX_ROLE_REQUESTED, SELINUX_USE_CURRENT_RANGE, SELINUX_LEVEL_REQUESTED.
  • #14164, CAS-184766-V1H1N6 - internal-sftp generated SELinux violations when SELinux was enabled.
  • #13901, CAS-184854-Y5M9G7 - A security vulnerability when provisioning registered SSH user public keys to local authorized_keys files was fixed.
  • #13874 - The vulnerability "CVE-2017-3736 bn_sqrx8x_internal carry bug on x86_64" was fixed.
  • #13874 - The vulnerability "CVE-2017-3738 rsaz_1024_mul_avx2 overflow bug on x86_64" was fixed.
  • TFS111124-013071 - The $BOKS_etc/consoles file was not documented but now the man page consoles.4 has been added.

BoKS Reporting Services

Version: 7.2
NOTE: For system requirements including supported platforms, see the BoKS Reporting Services 7.2 Administrator's Guide.

BoKS Reporting Services is a new product that reports on access configuration and objects in the BoKS database, and can support multiple BoKS domains.

New Features
  • A reporting Graphical User Interface (GUI) can be used to run reports from the categories:
    • BoKS Objects
    • User Access
    • User Class Access
  • A high-performance embedded database is used to store BoKS reporting data.
  • Output reports in HTML, CSV and PDF formats from the GUI, plus JSON format via CURL or extension.
  • Includes a fully-documented REST API for flexibility running reports.
  • Support for customizing logo in BRS GUI and reports.

  • Helper programs make for smooth install with flexible deployment scenarios ("pull" and "push").

BoKS Web Services Interface

Version: 7.2
NOTE: For information about changes in the API and known issues, see the WSI 7.2 Administrator's Guide.
New Features
  • Updated to support BoKS 7.2 features and functions.

Other Updates
  • Security enhancements for response headers for XSS prevention and SSL Client-initiated renegotiation.
  • Removed bundled JRE - Java Runtime is no longer bundled with the WSI installation. System installed Java is used instead.
  • CAS-0010116127 / #10313 - The Access Rule valid time was previously incorrectly converted with the the validFrom and validTo date fields being specified without timezone. When the rule is added to BoKS the time is now not dependent on the local timezone.
  • CAS-0010113777 - The deprecated parameter "members" for the createProgramGroup function, which has no effect, is removed from the html documentation.
  • CAS-0010120101 - Attributes with the value "null" are no longer sent to the BoKS admin server, so listing functions perform correctly.

Compliance Monitor

Version: 3.30

Consolidator

New Feature
  • The date and time can now be included as part of the file name generated by the batch assessment process.
Enhancement
  • Java 1.8 is now supported.
Other Updates
  • Filters available on incorrect log file reports has been resolved.
  • Failed Send Message actions (on the Mail Server tab of Consolidator Properties) are now reported correctly.
  • Inability to export reports with names containing Spanish characters has been resolved.
  • Content alignment issues viewing assessments in Chrome and Edge have been resolved.
  • A problem causing the CM2BCHREQ command to lock up when using Position To has been resolved.
  • Duplicate data on Command Assessment reports has been resolved.

Database Monitor

Version: 3.16
  • Message CPF950A 'Storage limit exceeded for data queue IDTINDXQ in DataThread' is no longer sent many times (which can result in filling up job logs).
  • An issue causing the incorrect program to be reported as having made a change to a monitored file on IBM i 7.2 and 7.3 has been resolved. (QDZXDBI is no longer reported as QDBUDR.)
  • A typo has been fixed in the REFMON description.

Exit Point Manager

Version: 7.21
New Feature
  • Two new commands allow you to "lock" (LCKDSP) and "unlock" (UNLDSP) an interactive display session. While the interactive display is locked, a screen saver is displayed and the workstation user must enter their password to unlock the display or unlock it from another authorized job.
Enhancements
  • A new command DLTNSUGRP has been developed to allow programmatic deletion of User Groups and, optionally, their members.
  • Performance of processing transactions through exit points has been improved.
Other Fixes
  • A minor error has been corrected that allows the F9=Retrieve, F16=System Main Menu, and F22=Status function keys to function properly on the Reports Menu.
  • The User Rules Listing and Location Rules Listing reports now indicate whether the Memorized Transactions listed are generic or not.

RSA SecurID Agent for IBM i

Version: 9.8.3.2
New Features
  • Enhanced SecurID GUI Client. Various system and user configuration settings have been combined into a new Insite-style interface that incorporates usability and performance improvements for an enhanced user experience. Installer updates have been introduced to accommodate upgrades and migrating from the previous client.
  • Authentication Suppression. SecurID's new Authentication Suppression allows authentication to required resources with a reduced number of authentication challenge prompts. This allows for minimal disruption while securing your network.
    • The time period of suppression can be configured.
    • The field can be audited for management reporting.
    • Activity auditing (journals, Exit Point, job tracking, ATHPRF) allows you to identify the time period suppression is being used.
  • Object locking. SecurID has been changed to open database files for Read or Change based on the action that is required in order to minimize object locking.
Enhancements
  • If the position for the SecurID Agent library is changed, the activity is audited within the @ACE/ACEACTJRN journal.
  • Changes to the SecurID library position are now printed on the User/Job Activity report.
  • Agent for RSA SecurID is now delivered with new deployment functionality, including the ability to stage the product installation.
  • The upgrade process will migrate data from your prior version of the software so that no configuration data is lost when upgrading.
  • The profile file has been changed to 'Read' access only for SecurID Authentication. This ensures authentication can take place, but profile configuration changes cannot be performed directly on the destination (DR) IBM i system.
  • The Authenticate Profile (ATHPRF) command has been changed to include Exit Point related parameters. These parameters allow you to make use of the "Authentication Suppression" feature when running ATHPRF within an Exit Point program that is not shipped as part of the Agent for RSA SecurID.
  • Reporting for Authentication Suppression activity has been added. Full detail of the activity is held in the Activity Journal.
  • SecurID Authentication is now available for DDM / DRDA requests. This is the IBM Network Attribute parameter identified as DDM/DRDA request access (DDMACC). Authentication can be configured to challenge All, Specific, or no users. For Specific users, the appropriate User Profiles must be configured within SecurID and have 'Sign On exit point' set to *SECURID.
  • SecurID Authentication is now available for File Server requests. This is the IBM Exit Point identified as: QIBM_QPWFS_FILE_SERV. Authentication may be configured to challenge All, Specific, or no users. For Specific users, the appropriate User Profiles must be configured within the Agent for RSA SecurID and have 'Sign On exit point' set to *SECURID.
  • SecurID Authentication is now available for Data Base Server Initiation (SQL / ODBC entry). This is the IBM Exit Point identified as: QIBM_QZDA_INIT. Authentication may be configured to challenge All, Specific, or no users. For Specific users, the appropriate User Profiles must be configured within the Agent for RSA SecurID and have 'Sign On exit point' set to *SECURID.
  • The Check Agent Configuration (CHKAGTSRV) routine includes verification for for following additional Exit Points:
    • Database Server - entry, QIBM_QZDA_INIT. Format ZDAI0100
    • File Server, QIBM_QPWFS_FILE_SERV. Formats: PWFS0100 and PWFS0200 (from IBM i 7.3)
    • DDM request access (DDM / DRDA).
Other Fixes
  • SecurID now checks for and removes 'orphaned systems.' These are systems that have been assigned a user, but no longer exist in the list of systems.

Back to Top

 

Robot


Robot Monitor

Version: 14.1.7
  • Users without administrator rights can now install Robot Monitor by removing the prefix 'setup' from the Robot Monitor executable file name. Renaming the executable file to exclude the words 'setup' or 'installer' will forgo the administrator rights requirement.

  • The shortcut key functionality and labels have been removed from the Sort sub-menu within the application right-click menu.

  • Fixed an issue with MONDISK failing when the QSYSOPR queue is locked.

  • Users can now override the PC name from the GUI using the Job Name parameter on the Advanced settings.

  • Selected elements are now retained on Short-Term History, Detailed History, and History Summary views when navigating between views and partitions.

Robot HA

Version: 12.06
Enhancements
  • Robot HA now supports the following types of role swaps when integrated with PowerHA:
    • *NOSWAPIP
    • *ONE_TO_N (One to Many)
    NOTE: *SWAPIP role swap type in Robot HA and Takeover IP Address in PowerHA are not currently supported. Also, ‘cascade flow’ (A to B1 to B2) for data replication is not currently supported.
Other Fixes
  • SQL Triggers are now retained on the backup system when completing a production to backup role swap.

    NOTE: Robot HA will not maintain the changes to an SQL trigger on the backup systems after the initial sync. Any changes made on the production system must also be done on the backup systems.
  • Robot HA can now refresh a physical file with more than 300 dependent objects.

 

Robot Console

Version: 7.02
  • The max length of the TEXT OPAL variable has been increased to 512 to match the length of the first level message text.
  • OUTQ resources have been corrected to fix potential issues with conversion.
  • OPAL variables TXT2NDLVL and USRTEXT2 variables have been limited to 1000 characters max to fix an issue that occurred within the RBASNDMSG and PAGE operations.
  • The OPAL TEXT variable will include alternate text if it exists for the message set.
  • Locks on files have been released to allow an update if a GUI connection is still active.

  • There was an issue with OPAL errors being reported incorrectly when the message set is sent to the host, but this has now been fixed.

  • Fixed an error that occurred when adding a new resource monitor.

  • Security enhancements have been implemented.

Robot Network

Version: 12.02
  • Fixed an error that occurred when attempting to configure a node from the GUI if the node is not currently configured to the host.

  • Security enhancements have been implemented.

Robot Save

Version: 12.28
  • Domino restore is now working correctly when the data directory path is specified multiple times.
  • Fixed an issue where empty libraries were being displayed.

Robot Schedule

Version: 13.02

 

Enhancements
  • New command FCTJOBSMIS has been added:
    • FCTJOBSMIS allows the user to select a forecast name that has completed its build and a specific date/time range in that forecasting or an entire forecasting period to find the jobs that missed running.
    • The process will produce the report listing the missed jobs and optionally send the messages to the selected warning type of message queue, Alert device or Robot Network status center.

  • Performance improvements have been made to RBTSWAPSYS.
Other Fixes
  • The maximum wait time has been fixed in the RUNAGTCMD command.
  • Job security records now exist in Robot Schedule after converting the jobs from IBM job scheduler.
  • Security enhancements have been implemented.
  • There was an issue where converting an iASP Schedule instance from R12 to R13 failed, but this has now been fixed.
  • There was an intermittent issue with jobs posting with a status of 'T' when the job completed normally, but this has now been fixed.

Robot Schedule Enterprise

Version: 2.02
  • Security enhancements have been implemented.

Robot Space

Version: 3.43
  • There was an issue with collection iASP objects being locked and not returning the correct ASP value, but this has now been fixed.
  • Security enhancements have been implemented.

Back to Top

Sequel


Sequel 11

Version: R11M12
Enhancements
  • A new Verify Repository command has been added to be used by an Administrator that verifies the integrity of the repository, by performing cross-checks between the repository files and a list of specified libraries. If any orphaned files or user spaces are found, reports are produced identifying the orphaned objects.
  • Java connections for remote databases now allow custom values for SystemDefault.Properties & Environment Variables.
Updates
  • Commitment control should not be automatically started for *LOCALSYS and *LOCAL views.
  • CVTSQTOIFS will create repository objects with lower case extensions (i.e. vptview).
  • Using RUNSCRIPT with SETVAR if last variable is an EXPR the first character of the preceeding variable value is truncated
  • DSPVIEWD fails with the error MCH0601 Space offset message when the source being written exceeds 9999 lines.
  • Error MCH3402 Tried to refer to all or part of an object that no longer exists when running multiple scripts from a CL program in batch.
  • RUNSCRIPT passing an empty string on the SETVAR gives RNX0100 length or start position is out of range for the string operation.
  • UPDATE and INSERT fail for users with *STRICT authority with MCH0801 Argument associated with external or internal parameter not passed.
  • Results from a CTE were not displaying Column headings defined from the inner SELECT correctly.
  • Script passing EXPR variables fails in some instances with CPD0020 Character '0' not valid following string ''sequel/ex'. (Caused in Mod08).
  • EXECUTE fails to signal error if pre existing target IFS file is checked out (CHKOUT)
  • EXECUTE using ALIAS keyword gives error CPF327D alternative name specified more than once.
  • Running *LOCALSYS views, , if MSG(*NO) is specified, query messages should be suppressed.
  • Auditing was not showing use of EXECUTE command.
  • Host Install will now add new connection types to MNTHOSTF.
  • ADS security now supports fields with long names (greater than 10)

Sequel Web Interface

Version: R10M30
Enhancements
  • In SWS Repository Mode when copying a repository object, restrictions set explicitly on the object will be duplicated.
  • In SWS Repository mode a search function has been added to the Explorer tab with will also search across sub-folders.
  • SWS Repository logging has been improved to: 1. Prompt for to download the zip file. 2. Apply a timestamp to the zip file. 3. Include the JDE log when applicable.
  • In SWS Repository mode a Repository folder can be set as a Favorite.
  • In Repository Mode, multi-select of objects (not including jobs) is allowed.
  • Improved SWS Host import utility now includes url templates and default driver settings

Updates
  • Tomcat used for SWS connections has been updgraded from version 7 to version 9.
  • In both SWI and SWS when the results are buffered, the page description will not include the total number of records.
  • Certain complex views would not display any custom headings when run from SWS. This has now been corrected.
  • Several open source components used in SWI and SW have been updated to the latest versions to address both defects and potential security concerns in the earlier versions.
  • A dashboard with multiple views with the same variable name that is saved with results gives error RNP8014 Value for variable &VARNaM exceeds the defined length of x.
  • In SWS Repository Mode, results did not support a blank column heading.
  • SWS Repository mode creates XLSX output with inappropriately sized columns and poorly formatted column headings in some instances.
  • SWS Repository mode Client Tables over JDE connections failed.
  • SWS fails to pass blank value with Values List integrity test like values('I', 'AM',' ' ).
  • SWS Repsository Mode grouping views gave error Invalid object name "SEQUEL.VPTDYNFLTR' using Dynamic Drill Down.
  • From SWS Repository mode, user see spinning wheel when trying to access folder in Repository that IFS security excludes them.
  • Web Service job password stored in plain text ONLY when job imported from a host job.
  • SWI and SWS host and repository modes fail to display calendar on date prompts for scripts and script views
  • SWS Host and Repository modes produce corrupt xlsx from view with subtotals
  • SWS Repository Mode Dashboard with Hide Border setting did not work.
  • From SWS Repository mode a dashboard with a view set to hide menu/tool bar never loads the data when run.
  • From Viewpoint, saving view results to physical file gives message 'Client request-run program *LIBL/VPTJMSG' when NetIQ is in use.
  • In both SWI and SWS results, the 10,000 row display limit has been removed.
  • In SWI and SWS, email subject line is now 80 positions.

Viewpoint 11

Version: 11.18.312
Enhancements
  • Administrator option for Advanced Database Security now has additional options for ADS and JDE configuration.
  • When setting query variables, if user is in the middle of editing the value or has not tabbed over or pressed enter to accept changes, buttons function(s) will be disable, plus user message will display.
  • Excel Add-in now supports Set Query Variable which allows the variable to be set and then when refreshed will upate the variable in as many places as it is used in the spreadsheet.
  • View Builder should allow searching for a file in *USRLIBL
  • In Repository mode, added right-click option for the user to Create/Delete/Rename folder, as well as Copy and Paste folder(s).
  • In Repository mode, added new button to the SaveAs form/screen to create new folder in the current repository when saving an object.
  • Added ability to change repository name in the Excel Add-in References, if for any reason SWS server and/or name of the repository changed, preventing it from refreshing a view in a worksheet.
  • Improved Templates for *SERVER syntax that allows variables, grouping functions, and a back option.
Updates
  • Repository mode will now allow shortcuts with extensions in both upper and lower case (i.e. VPTVIEW and vptview) to run.
  • In Repository mode when saving a Script or Application, the extension for the saved object will automatically be set.
  • In Repository mode error at connection to Repository Error message CPF4101 appeared during OPEN for the file SWIUSERDFT.
  • In Repository Mode deleting an object from the Explorer no longer requires a license for SWI.
  • Repository mode when a user is not allowed to log in to the Repository, they should be prompted to enter new information.
  • Repository mode will now remember the last used JDE Environment and Role.
  • In Repository mode Save As on an existing view with uppercase letters in the original name has all lower case in the new name.
  • In Repository mode, open a view in View Designer, Click the yellow "Open" folder icon just left of the "Save" icon. This opens a list of repository folders. Click cancel and you get Run-time error '0'
  • Excel Add-in Canceling from a variable prompt gave: Object reference not set to an instance of an object .
  • Excel Add-in improperly re-formats a field when it is character field that contains only numeric characters with 4 leading zeroes.
  • Excel Add-in will now wrap column headings.
  • Excel Add-in Repository mode ERROR: Ribbon ViewPoint - RunSelectedObj: Object reference not set to an instance of an object when adding extendable areas.
  • Silent Installed failed on initial install.
  • View Designer corrupting SQL statement when field name ends with _1.
  • View Designer does not recognize the AS keyword in an SQL statement.
  • View Designer corrupts SQL statement that references a quoted file name.
  • In View Designer, Display option is grayed out if another option is chosen and then canceled.
  • Script run from a shortcut or DOS command fails with -2147023170 Automation error The remote procedure call failed.
  • Script Designer fails to run script and gives error CPD0018 Message String ' "DISPLAY ' contains a character that is not valid when Viewpoint is current and host software is very old.
  • View Builder and View Designer improved to quote schema names with underscore characters.
  • View Builder gives error ShowExtended Dialog, class not registered msstdfmt.dll when another dialogue box like Expression Editor is opened.
  • In View Builder with an ADS or JDE connection, you could only delete the last field in the list regardless of which one was chosen.
  • In View Builder edit drop down is disabled for Binary fields from SQLSERVER
  • From Explorer focus of scrolling improved after keying in a library name, object list will scroll.

Abstract

Version: R10M43

No updates for this version.

Anydate

Version: R02M17
Enhancement
  • Two new commands (CRTOVRSET and OVRSYSSET) have been added that allow you to save override values in a file (OVRSETF) so they can easily be re-used—either in other processes, or other times.

Esend

Version: R03M59
Enhancement
  • Added link to Goanywhere for SFTP with SSH.
  • Provided new control to remove command line and/or individual options from WRKSPLFE screen.
  • EDISTRIB now supports spooled file numbers greater than 9999.
Update
  • Install now sends message when EFWD subsystem is active.
  • Signature has unacceptable spacing between lines.
  • SAVSPLF generates CPF3C33 during creation of new spooled file.
  • ESNDFILE using TYPE(*SPLPC) results in a file with only a control character - no data in the file.

Back to Top

 

Showcase


Sequel 10

Version: R10M12
Enhancements
  • A new Verify Repository command has been added to be used by an Administrator that verifies the integrity of the repository, by performing cross-checks between the repository files and a list of specified libraries. If any orphaned files or user spaces are found, reports are produced identifying the orphaned objects.
  • Java connections for remote databases now allow custom values for SystemDefault.Properties & Environment Variables.
Updates
  • Commitment control should not be automatically started for *LOCALSYS and *LOCAL views.
  • CVTSQTOIFS will create repository objects with lower case extensions (i.e. vptview).
  • Using RUNSCRIPT with SETVAR if last variable is an EXPR the first character of the preceeding variable value is truncated
  • DSPVIEWD fails with the error MCH0601 Space offset message when the source being written exceeds 9999 lines.
  • Error MCH3402 Tried to refer to all or part of an object that no longer exists when running multiple scripts from a CL program in batch.
  • RUNSCRIPT passing an empty string on the SETVAR gives RNX0100 length or start position is out of range for the string operation.
  • UPDATE and INSERT fail for users with *STRICT authority with MCH0801 Argument associated with external or internal parameter not passed.
  • Results from a CTE were not displaying Column headings defined from the inner SELECT correctly.
  • Script passing EXPR variables fails in some instances with CPD0020 Character '0' not valid following string ''sequel/ex'. (Caused in Mod08).
  • EXECUTE fails to signal error if pre existing target IFS file is checked out (CHKOUT)
  • EXECUTE using ALIAS keyword gives error CPF327D alternative name specified more than once.
  • Running *LOCALSYS views, , if MSG(*NO) is specified, query messages should be suppressed.
  • Auditing was not showing use of EXECUTE command.
  • Host Install will now add new connection types to MNTHOSTF.
  • ADS security now supports fields with long names (greater than 10)

Sequel Web Interface

Version: R10M30
Enhancements
  • In SWS Repository Mode when copying a repository object, restrictions set explicitly on the object will be duplicated.
  • In SWS Repository mode a search function has been added to the Explorer tab with will also search across sub-folders.
  • SWS Repository logging has been improved to: 1. Prompt for to download the zip file. 2. Apply a timestamp to the zip file. 3. Include the JDE log when applicable.
  • In SWS Repository mode a Repository folder can be set as a Favorite.
  • In Repository Mode, multi-select of objects (not including jobs) is allowed.
Updates
  • Tomcat used for SWS connections has been updgraded from version 7 to version 9.
  • In both SWI and SWS when the results are buffered, the page description will not include the total number of records.
  • Certain complex views would not display any custom headings when run from SWS. This has now been corrected.
  • Several open source components used in SWI and SW have been updated to the latest versions to address both defects and potential security concerns in the earlier versions.
  • A dashboard with multiple views with the same variable name that is saved with results gives error RNP8014 Value for variable &VARNaM exceeds the defined length of x.
  • In SWS Repository Mode, results did not support a blank column heading.
  • SWS Repository mode creates XLSX output with inappropriately sized columns and poorly formatted column headings in some instances.
  • SWS Repository mode Client Tables over JDE connections failed.
  • SWS fails to pass blank value with Values List integrity test like values('I', 'AM',' ' ).
  • SWS Repsository Mode grouping views gave error Invalid object name "SEQUEL.VPTDYNFLTR' using Dynamic Drill Down.
  • From SWS Repository mode, user see spinning wheel when trying to access folder in Repository that IFS security excludes them.
  • Web Service job password stored in plain text ONLY when job imported from a host job.
  • SWI and SWS host and repository modes fail to display calendar on date prompts for scripts and script views
  • SWS Host and Repository modes produce corrupt xlsx from view with subtotals
  • SWS Repository Mode Dashboard with Hide Border setting did not work.
  • From SWS Repository mode a dashboard with a view set to hide menu/tool bar never loads the data when run.
  • From Viewpoint, saving view results to physical file gives message 'Client request-run program *LIBL/VPTJMSG' when NetIQ is in use.
  • In both SWI and SWS results, the 10,000 row display limit has been removed.
  • In SWI and SWS, email subject line is now 80 positions.
Automate Schedule/Deployment Bundle
  • Web Service Jobs allow xlsx as an output type.
  • Running a host job now has all email notifications correct: running email, results email and completed email.
  • Converting SWS Host Job to Web Service Job, schedule and notification settings are lost
  • Incorrect notification if job returns zero rows, job appears to fail
  • Web Service jobs migrated from CADS when a null variable was used failed.
  • Web Service jobs migrated from a C&DS job that runs on specific days is scheduled for the wrong days.
  • Web Service job - e-mailed output file name doesn't match what was defined in the job
  • Web Service jobs migration has improved messaging when migration fails.

Viewpoint 10

Version: 10.18.312
Enhancements
  • Administrator option for Advanced Database Security now has additional options for ADS and JDE configuration.
  • When setting query variables, if user is in the middle of editing the value or has not tabbed over or pressed enter to accept changes, buttons function(s) will be disable, plus user message will display.
  • Excel Add-in now supports Set Query Variable which allows the variable to be set and then when refreshed will upate the variable in as many places as it is used in the spreadsheet.
  • View Builder should allow searching for a file in *USRLIBL
  • In Repository mode, added right-click option for the user to Create/Delete/Rename folder, as well as Copy and Paste folder(s).
  • In Repository mode, added new button to the SaveAs form/screen to create new folder in the current repository when saving an object.
  • Added ability to change repository name in the Excel Add-in References, if for any reason SWS server and/or name of the repository changed, preventing it from refreshing a view in a worksheet.
  • Improve Templates for *SERVER syntax that allow variables, grouping functions and a back option.
Updates
  • Repository mode will now allow shortcuts with extensions in both upper and lower case (i.e. VPTVIEW and vptview) to run.
  • In Repository mode when saving a Script or Application, the extension for the saved object will automatically be set.
  • In Repository mode error at connection to Repository Error message CPF4101 appeared during OPEN for the file SWIUSERDFT.
  • In Repository Mode deleting an object from the Explorer no longer requires a license for SWI.
  • Repository mode when a user is not allowed to log in to the Repository, they should be prompted to enter new information.
  • Repository mode will now remember the last used JDE Environment and Role.
  • In Repository mode Save As on an existing view with uppercase letters in the original name has all lower case in the new name.
  • In Repository mode, open a view in View Designer, Click the yellow "Open" folder icon just left of the "Save" icon. This opens a list of repository folders. Click cancel and you get Run-time error '0'
  • Excel Add-in Canceling from a variable prompt gave: Object reference not set to an instance of an object .
  • Excel Add-in improperly re-formats a field when it is character field that contains only numeric characters with 4 leading zeroes.
  • Excel Add-in will now wrap column headings.
  • Excel Add-in Repository mode ERROR: Ribbon ViewPoint - RunSelectedObj: Object reference not set to an instance of an object when adding extendable areas.
  • Silent Installed failed on initial install.
  • View Designer corrupting SQL statement when field name ends with _1.
  • View Designer does not recognize the AS keyword in an SQL statement.
  • View Designer corrupts SQL statement that references a quoted file name.
  • In View Designer, Display option is grayed out if another option is chosen and then canceled.
  • Script run from a shortcut or DOS command fails with -2147023170 Automation error The remote procedure call failed.
  • Script Designer fails to run script and gives error CPD0018 Message String ' "DISPLAY ' contains a character that is not valid when Viewpoint is current and host software is very old.
  • View Builder and View Designer improved to quote schema names with underscore characters.
  • View Builder gives error ShowExtended Dialog, class not registered msstdfmt.dll when another dialogue box like Expression Editor is opened.
  • In View Builder with an ADS or JDE connection, you could only delete the last field in the list regardless of which one was chosen.
  • In View Builder edit drop down is disabled for Binary fields from SQLSERVER
  • From View Builder and View Designer the Expression Editor had invalid date functions listed like SCSERVER10CYYDD.
  • From Explorer focus of scrolling improved after keying in a library name, object list will scroll.

C&DS Migration Utility

Version: 10.18.312
Updates
  • The Migration Report now lists any subscription information even for a .PES file that does have subscriptions.
  • Import Showcase 9 Query option gives CPF3C34 Value *RPL for replace option is not valid.
  • The format of the date used in the DATE function will be forced to upper case.
  • Migration improved to better handle a variable used twice in the dbq with null capabilty.
  • CVTWHBLDR command will be changed so that the conversion puts them in upper case if they're in lower or mixed case.

Back to Top

 

 

Copyright © HelpSystems, LLC.
All trademarks and registered trademarks are the property of their respective owners.
Last Published: 201812060924