Monthly Release Notes - April 2020

Jump to:

Boldon James


Mac Classifier

Version 3.12.3

April 2020

New Featuers
  • Mono version 5.12 or later is required if you will be running Classifier on macOS versions up to and including Mojave. For macOS Catalina, testing with this current Classifier release indicates that Mono version 6.4 is required. Mono can be obtained from https://download.mono-project.com/.

Enhancements
  • Basic status information is shown in the Classifier menu if you hold the Option button while opening it. This menu is now always created on startup, even when Classifier cannot find a valid configuration.

Other Fixes
  • The Classifier button now appears disabled in Excel, Word, or PowerPoint, when Classifier is disabled in the policy.

  • Addresses an issue where Mac Classifier fails to load the configuration from the root folder on some web servers.

  • There was an issue where subject labels may not be formatted correctly if the user did not add a subject to the message, and hence the label was not decoded on delivery. This no longer occurs with recent versions of Outlook – tested on 16.35.

  • Classifier will now display a message on startup if the evaluation license has expired.

  • Some changes to avoid issues encountered when running alongside Adobe Creative Cloud applications.

  • Fixes the case where an evaluation license warning is incorrectly given when using a subscription license.

Back to Top

 

Core Security


Core Impact

Version: 19.1.9

Apl 30, 2020

Enhancements
  • Assorted Improvements for Exploits: This update contains minor improvements and fixes to several exploit modules.
  • Import Output XML Report from OpenVAS: This update add support to import the output from OpenVAS to Core Impact
  • Exploits Maintenance CVE Numbers 22: This update provides modules that were released prior to a CVE number being assigned (typically noted as NOCVE) with the correct CVE number as well as updating modules with invalid CVE numbers.
  • New Exploits:
    • Microsoft Windows Ws2ifsl UaF Local Privilege Escalation Exploit: An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. (CVE-2019-1215)

    • Microsoft Windows SMBv3 SMBGhost Elevation of Privilege Vulnerability Exploit: An unauthenticated attacker can connect to the target system using SMBv3 and sends specially crafted requests to exploit the vulnerability. This module exploits this vulnerability in the local system in order to achieve an elevation of privilege. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0796)

    • Kinetica Admin getLogs Function Remote OS Command Injection Exploit: The Kinetica Admin web application did not properly sanitise the input for the function getLogs. This lack of sanitisation could be exploited to allow an authenticated attacker to run remote code on the underlying operating system. (CVE-2020-8429)

    • Microsoft Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability Exploit: An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status and take control of an affected system. (CVE-2020-0787)

    • Fuji Electric V-Server Lite VPR File Parsing Overflow Exploit: The specific flaw exists within the processing of VPR files. (CVE-2020-10646)

    • Open-AudIT m_devices.php Remote PHP File Upload Vulnerability Exploit: The sub_resource_create function of class M_devices in m_devices.php of Open-AudIT 3.2.2 allows remote authenticated users to upload arbitrary PHP files, allowing the execution of arbitrary php code in the system. (CVE-2020-11942)

Other Fixes
  • Microsoft Windows SMBv3 CoronaBlue Vulnerability DoS Update: An unauthenticated attacker can connect to the target system using SMBv3 and sends specially crafted requests to exploit the vulnerability. The module exploits this vulnerability in order to generate a Denial of Service This update contains minor fixes to it. (CVE-2020-0796)

Core Network Insight

Version: 7.0.1

Apr 27, 2020

Enhancements
  • Core Security logos have been updated to blue to fit with the HelpSystems brand book.

  • Newly created users can't log in until a second password change.

  • SMTP mail server configuration validation button has been added.

  • Add SSL and TLS/STARTTLS authentication to SMTP server configuration.

  • SSL and TLS/STARTTLS authentication has been added to SMTP server configuration. (CAS-0010192121, CAS-0010184524)

Other Fixes
  • User Permissions prevented from correctly upgrade the product to 7.0. (CAS-0010196258)

  • Software update notifications messages have been corrected to display the correct status of the installation.

  • When creating a new user account, there's a checkbox for forcing the user to change their password upon first logging in that is not being unchecked after the change so the user is requested to change the password after each login. (CAS-0010191716)

  • Corrected a defect where 2 consecutive password resets were needed to allow a new user to log in the product.

  • Memory requirements have been modified to allow a correct functioning on lightweight micro-sensors or vSensors. (CAS-0010195683)

  • Systems and Threat tabs in the GUI are not accessible after scrolling to bottom of the page. (CAS-0010196661)

  • SIEM settings Syslog or Splunk uses UDP irrespective of changes in UI. (CAS-0010198356)

  • Statistics are now saved in multiple files. (CAS-0010198455)

Visual Identity Suite (VIS)

Version: 2.3.2
Other Fixes
  • Fixed browser issues caused by the latest Google Chrome browser release.
  • Additional scaling provided to handle larger numbers of roles.

Back to Top

 

Globalscape


EFT Enterprise

Version 8.0.4.27

Nov 1, 2020

New Features

EFT Administration

  • Added support for runtime templating, a means of setting reusable variables for paths and similar resources to facilitate DR and migrations (TFS 373679)

  • Added support for Datasets, which are easier to use and more powerful than arrays, a variable type that can hold tabular data (TFS 373163)

  • Added a new Event Rule action that will download a remote file listing and store the results in a Dataset (TFS 373167)

  • Added a new Event Rule action to loop through each element in a Dataset (TFS 373169)

  • Added support for break from loop for datasets in Event Rules (TFS 373170)

  • Added a new Event Rule action to read the contents of a Dataset and output those to a .CSV file (TFS 374260)

  • Added a new Event Rule action to store the contents of a .CSV file into a Dataset (TFS 374261)

  • Added an option to output PowerShell debug logging to a separate file, independent of EFT's primary log file (TFS 374313)

  • Added two additional AWS regions (EU (Milan) and Africa (Cape Town)) to EFT's AWS cloud actions (TFS 375029)

  • Added a customizable upload forms feature for collecting metadata from users prior to uploading files, which can be utilized by Event Rules (TFS 374804)

  • Added a prompt to the EFT Admin GUI that will warn administrators when enabling cipher suites that may be vulnerable to Raccoon (TFS 377846)

Advanced Properties

  • Added ability to default HTTP socket timeout (HTTPSocketDefaultTimeout) (TFS 375327, Case 77746)

  • Added ability to set sub-folder Remote listings in Datasets to parse recursively. The default value is 10 (GetListingActionMaxRecursion) (TFS 373167)

  • Added ability to set the number of records to display in the WTC Sent items view (outbox) and Received items view (inbox). The default value is 50. (BigCollectionsPageSize) (TFS 370374, 370375)

  • Added ability to restore legacy Dictionary password complexity functionality. The default value is False (DictionaryLegacyCheckIncludeSpecialDigits) (TFS 374099)

  • Added ability to enable/disable cipher aes128-gcm@openssh.com. The default value is Enabled (SFTP2_AES128_GCM_AT_OPENSSH_COM) (TFS 372451)

  • Added ability to enable/disable cipher aes192. The default value is Enabled (SFTP2_AES192) (TFS 372451)

  • Added ability to enable/disable cipher aes192-ctr. The default value is Enabled (SFTP2_AES192CTR ) (TFS 372451)

  • Added ability to enable/disable cipher aes256-gcm@openssh.com. The default value is Enabled (SFTP2_AES256_GCM_AT_OPENSSH_COM) (TFS 372451)

  • Added ability to enable/disable cipher chacha20-poly1305@openssh.com. The default value is Enabled (SFTP2_AES256_GCM_AT_OPENSSH_COM) (TFS 372451)

  • Added ability to enable/disable cipher rijndael-cbc@lysator.liu.se. The default value is Enabled (SFTP2_RIJNDAEL_CBC_AT_LYSATOR_LIU_SE) (TFS 372451)

  • Added ability to enable/disable MAC hmac-sha1-etm@openssh.com. The default value is Enabled (SFTP2_HMAC_SHA1_ETM_AT_OPENSSH_COM) (TFS 375033)

  • Added ability to enable/disable MAC hmac-sha2-256-etm@openssh.com. The default value is Enabled (SFTP2_HMAC_SHA2_256_ETM_AT_OPENSSH_COM) (TFS 375033)

  • Added ability to enable/disable MAC hmac-sha2-512-etm@openssh.com. The default value is Enabled (SFTP2_HMAC_SHA2_512_ETM_AT_OPENSSH_COM) (TFS 375033)

  • Added ability to enable/disable MAC umac-64@openssh.com. The default value is Enabled (SFTP2_UMAC_64_AT_OPENSSH_COM) (TFS 375033)

  • Added ability to enable/disable MAC umac-64-etm@openssh.com. The default value is Enabled (SFTP2_UMAC_64_ETM_AT_OPENSSH_COM) (TFS 375033)

  • Added ability to allow user-agent to skip 2FA/MFA (UserAgentHeaderSkipOTP) (TFS 374817)

  • Added a new advanced property that would allow admins to export AWE tasks from EFT's database to their legacy file paths (AutoExportAllAWTasksToFiles) (TFS 374755)

AS2

  • Added the ability to allow values that exceed 600 seconds for the response and message send timeout setting (TFS 374078, Case 69531)

COM API

  • ICIServer, CreateSSHKey and CreateSSHKeyRemotely; changed nKeyBits to nKeyParams

  • ICISite, CreateSSHKeyPair, changed changed KeyBits to KeyParams

  • Added the following methods to ICISite:

    • AddUploadForm

    • DeleteUploadForm

    • EnableUsers

    • GetUploadForm

    • UpdateUploadForm

  • Added the following properties:

    • EnableMfa

    • MfaType

    • SmsProviderProfile

    • UploadFormsList

    • WebSSORedirectToSsoServiceBypassingLoginPage

    • WorkspacesMfaType

    • WorkspacesOAIMfaType

  • ICIClientSettingInterface, added the following functions:

    • GetRequireMfa

    • SetRequireMfa

    • ICIEventRule, added the AddLoopDatasetStatement method

  • ICIActionStatements, added the following methods:

    • AddActionStatement

    • AddIfStatement

    • AddLoopDatasetStatement

  • Added the ICILoopDatasetStatement interface, with the following methods:

    • AddActionStatement

    • AddIfStatement

    • AddLoopDatasetStatement

    • DeleteStatement

    • GetParams and SetParams

    • StatementsCount

    • Statement

  • Added ICICsvExportActionParams and ICICsvImportActionParams

  • Added ICIGetListingActionParams Interface

  • Added ICILoopDatasetStatement Interface

  • Added ICILoopDatasetStatementParams Interface

  • Added ICIUploadForm interface

  • Added ICIUploadFormElement interface

  • Added ICITwilioSmsProviderProfile interface

  • In the ICISimpleCondition interface, added the UseRegex property.

  • Enums added:

    • MFA type to specify whether to use email, SMS or either for second authentication

    • LoopDatasetStatement to EventRuleStatementType enum

    • LoopOrderType, used in the ICILoopDatasetStatementParams LoopOrder property

    • GetListingAction, LoopBreakAction, CsvImportAction, and CsvExportAction to EventActionType

    • FileDateFormat

    • UploadFormComType

    • UploadFormElementComType

REST API

  • Added underlying support for RESTful APIs in accordance with JSON:API principles (TFS 374144)

  • Added the ability to assign REST permissions to EFT administrator accounts (TFS 375336)

  • Added RESTful API endpoints for user account and VFS management configuration (TFS 374152)

  • Added the ability to create granular permissions for RESTful access to end points, down to the individual element (TFS 375337)

  • Added support for REST which allows EFT admins to create users and read all their settings but not delete them [users] or update them [users](TFS 375337)

  • Added support for REST which allows EFT admins to create users except for a user name matching "Administrator"(TFS 375337)

  • Added support for REST which allows EFT admins to read all the configuration for all users for a given site named (TFS 375337)

  • Added support for REST which allows EFT admins to read the AllowSecureFolderSharing value for users in the Guest template, but cannot read any other values or do anything else (TFS 375337)

  • Added support for REST which allows EFT admins to read the configuration to find out everything about all users in Site under template "Guest Users" but not make any changes to those users (TFS 375337)

  • Added support for REST which allows EFT admins to update everything about any user (TFS 375337)

  • Added support for REST which allows EFT admins to update everything about any user except for changing their SFTP key (TFS 375337)

  • Added support for REST which allows EFT admins to update all users except for a user matching a specific name (TFS 375337)

  • Added support for REST which allows EFT admins to update users but not create them or delete them (TFS 375337)

  • Added support for REST which allows EFT admins to delete users (TFS 375337)

  • Added support for REST which allows EFT admins to delete all users except for a specific user name (TFS 375337)

  • Added support for REST which allows EFT admins to execute the Generate pass function for all users (TFS 375337)

SAML

  • Added the ability to leverage federated authentication for Guest users, including SSO and JIT, where desirable (TFS 374120)

SSH/SFTP

  • Added support for aes256-gcm@openssh.com SSH cipher in both FIPS and Non-FIPS mode (TFS 372451)

  • Added support for rijndael-cbc@lysator.liu.se SSH cipher in both FIPS and Non-FIPS mode (TFS 372451)

  • Added support for aes192-ctr SSH cipher in Non-FIPS mode (TFS 372451)

  • Added support for aes192-cbc SSH cipher in Non-FIPS mode (TFS 372451)

  • Added support for aes128-gcm@openssh.com SSH cipher in both FIPS and Non-FIPS mode (TFS 372451)

  • Added support for chacha20-poly1305@openssh.com SSH cipher in Non-FIPS mode (TFS 372451)

  • Added legacy support for cast128-cbc SSH cipher in Non-FIPS mode (TFS 372451)

  • Added legacy support for blowfish-cbc SSH cipher in Non-FIPS mode (TFS 372451)

  • Added legacy support for arcfour SSH cipher in Non-FIPS mode (TFS 372451)

  • Added new advanced properties to enable/disable certain ciphers for client outbound (TFS 372451)

  • Added support for hmac-sha2-512-etm@openssh.com SSH MAC in both FIPS and Non-FIPS mode (TFS 375033)

  • Added support for hmac-sha2-256-etm@openssh.com SSH MAC in both FIPS and Non-FIPS mode (TFS 375033)

  • Added support for hmac-sha1-etm@openssh.com SSH MAC in both FIPS and Non-FIPS mode (TFS 375033)

  • Added support for umac-64-etm@openssh.com SSH MAC in Non-FIPS mode (TFS 375033)

  • Added support for umac-64@openssh.com SSH MAC in Non-FIPS mode (TFS 375033)

  • Added new advanced properties to enable/disable certain MACs for client outbound (TFS 375033)

  • Added the ability to choose SFTP key type upon creation (TFS 370229)

  • Added backward compatibility for DSS keys (TFS 372452)

  • Added support for ecdh-sha2-nistp521 SSH KEX in both FIPS and Non-FIPS mode (TFS 372613, Case 77147)

  • Added support for ecdh-sha2-nistp384 SSH KEX in both FIPS and Non-FIPS mode (TFS 372613, Case 77147)

  • Added support for ecdh-sha2-nistp256 SSH KEX in both FIPS and Non-FIPS mode (TFS 372613, Case 77147)

  • Added support for diffie-hellman-group18-sha512 SSH KEX in both FIPS and Non-FIPS mode (TFS 372613, Case 77147)

  • Added support for curve25519-sha256 SSH KEX in Non-FIPS mode (TFS 372613, Case 77147)

  • Added support for curve25519-sha256@libssh.org SSH KEX in Non-FIPS mode (TFS 372613, Case 77147)

  • Added support for sntrup4591761x25519-sha512@tinyssh.org SSH KEX in Non-FIPS mode (TFS 372613, Case 77147)

  • Added back the ability to see negotiated SFTP cipher suites to EFT's client (outbound) logs (TFS 373618)

Web Transfer Client (WTC) & Workspaces Changes

  • Added support for SMS 2nd factor validation for guest account enrollment (registration) and for normal authentication (TFS 374817)

  • Added a new shared folder (Workspaces) history section to the Web Transfer Client for owners and participants (TFS 374884)

  • Added a Received items (inbox) section to the Web Transfer Client for users to see messages and files sent to them (TFS 370375)

  • Added a Sent items (outbox) section to the Web Transfer Client for users to see messages and files they've sent to others (TFS 370374)

Enhancements

EFT Administration

  • Enhanced the password dictionary validation feature so that dictionary words surrounded by non-alphabet characters are detected and blocked (TFS 374099, Case 75599)

  • Updated the text under the Logs tab to reflect "Audit event rule client outbound transfer" instead of "Diagnostic Logging Settings" (TFS 376313)

  • Optimized EFT's folder monitor polling so that it wouldn't attempt to open file hands for files matching extension exclusion conditions (TFS 373182)

  • Modified EFT's import/export of Event Rules to match the json format supported by EFT's RESTful APIs (TFS 374054)

  • Modified the 'Variable' action so that it uses only a single line, making it easier to visually parse (TFS 374308)

  • Modified encrypted folder and personal data secrets so they are randomized by default and can be viewed or overridden by admins (TFS 373411)

Advanced Properties

  • Updated default value for Advanced Property SFTP2_ARCFOUR to False (TFS 372451)

  • Updated default value for Advanced Property SFTP2_Blowfish to False (TFS 372451)

  • Updated default value for Advanced Property SFTP2_CAST128 to False (TFS 372451)

  • Updated default value for Advanced Property SFTP2_MD5 to False (TFS 375033)

  • Updated default value for Advanced Property SFTP2_MD5_96 to False (TFS 375033)

  • Updated default value for Advanced Property SFTP2_SHA1_96 to False (TFS 375033)

Outlook Add-in (OAI)

  • Modified the Outlook Add-in to avoid message preparation when the add-in is not being used to handle attachments (TFS 377131, Case 80889)

REST API

  • Modified EFT's existing RESTful APIs for Server and Site endpoints to adhere to JSON:API (TFS 374361)

SSH/SFTP

  • Prohibit the ability to generate rsa SSH keys less than 2048 bit in FIPS mode (TFS 375076)

  • Prohibit the ability to use SSH keys other than rsa/dsa keys >=2048 bits or ecdsa keys >= 224 bits (for both client and server) in FIPS mode (TFS 375076)

  • Prohibit the use of "diffie-hellman-group1-sha1" SSH KEX (for both client and server) in FIPS mode (TFS 375076)

  • Prohibit the use of "hmac-sha1-96" SSH MAC (for both client and server) in FIPS mode (TFS 375076)

  • Enabled by default "hmac-sha1" SSH MAC (for client) in both FIPS and non-FIPS mode (TFS 375076)

  • Prohibit the ability to generate rsa SSH keys less than 2048 bit (in GUI only) in non-FIPS mode (TFS 375076)

  • Ciphers are now ordered by strength, favoring FIPS approved ciphers, with only FIPS approved ciphers enabled by default (TFS 372451)

  • EFT admins will now be warned if they enable insecure ciphers (3des-cbc, cast128-cbc, blowfish-cbc, arcfour) in Non-FIPS mode (TFS 372451)

  • EFT admins will now be warned if they enable insecure cipher 3des-cbc in FIPS mode (TFS 372451)

  • The following ciphers are now enabled by default (due to FIPS-compliance): aes256-gcm@openssh.com, aes256-ctr, aes256-cbc, rijndael-cbc@lysator.liu.se, aes192-ctr, aes192-cbc, aes128-gcm@openssh, aes128-ctr, aes128-cbc (TFS 372451)

  • The following ciphers are now enabled on upgrade: aes256-gcm@openssh.com, aes128-gcm@openssh, rijndael-cbc@lysator.liu.se, aes192-ctr, aes192-cbc (TFS 372451)

  • Improved TED6 log verbosity with newer SSH library (TFS 373819, Case 72767)

  • The following MACs are now enabled by default (due to FIPS-compliance): hmac-sha2-512-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha1-etm@openssh.com (TFS 375033)

  • The following MACs are now enabled on upgrade: hmac-sha2-512-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha1-etm@openssh.com (TFS 375033)

  • KEX ciphers are now ordered by strength, favoring FIPS approved KEXes, with only FIPS approved KEXes enabled by default (TFS 372613, Case 77147)

  • The following KEX ciphers are now enabled by default (due to FIPS-compliance): ecdh-sha2-nistp521, ecdh-sha2-nistp384, ecdh-sha2-nistp256, diffie-hellman-group16-sha512, diffie-hellman-group14-sha256, diffie-hellman-group-exchange-sha256 (TFS 372613, Case 77147)

  • KEX cipher diffie-hellman-group18-sha512 will not be enabled by default (despite the fact that its FIPS-compliance) due to its poor performance behavior (TFS 372613, Case 77147)

  • The following KEX ciphers are now enabled on upgrade: ecdh-sha2-nistp521, ecdh-sha2-nistp384, ecdh-sha2-nistp256 (TFS 372613, Case 77147)

  • The following KEX ciphers are enabled by default for Client connections in both FIPS and Non-FIPS mode: ecdh-sha2-nistp521, ecdh-sha2-nistp384, ecdh-sha2-nistp256, diffie-hellman-group18-sha512, diffie-hellman-group16-sha512, diffie-hellman-group14-sha256, diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1 (TFS 372613, Case 77147)

  • The following KEX ciphers are enabled by default for Client connections in Non-FIPS mode: curve25519-sha256, curve25519-sha256@libssh.org, sntrup4591761x25519-sha512@tinyssh.org, diffie-hellman-group-exchange-sha1 (TFS 372613, Case 77147)

SSL

  • Updated SSL Library to 1.0.2u (TFS 375029)

  • Prohibit the ability to generate rsa SSL keys less than 2048 bit in FIPS mode (TFS 375076)

  • Prohibit the ability to use SSL keys other than rsa/dsa keys >=2048 bits or ecdsa keys >= 224 bits (for both client and server) in FIPS mode (TFS 375076)

  • Prohibit the ability to generate rsa SSL keys less than 2048 bit (in GUI only) in non-FIPS mode (TFS 375076)

WTC/Workspaces

  • Updated jQuery to v3.5.1 (TFS 376501, Case 80133)

Fixes

EFT Administration

  • Fixed an issue where EFT could hang after applying a change to the group and domain for an AD site (TFS 369730, Case 65993)

  • Fixed an issue where EFT would fail to create a GSAuth account when RSA manage password is enabled (TFS 375388, Case 78173)

  • Fixed an issue where a deadlock could be exhibited when stopping the EFT service via the Service Manager (TFS 371230, Case 70079)

  • Fixed an issue where the quick search produced incorrect results for connection profiles in upload/download actions (TFS 375328, Case 77625)

  • Fixed an issue where LDAP users could no longer login after changing the OU (TFS 374566, Case 75760)

  • Fixed an issue where the AWE mail registry SMTP Password would be overwritten when the EFT Admin GUI's SMTP settings were modified (TFS 376198, Case 78079)

  • Fixed an issue where a potential deadlock could cause a hang on the EFT Admin GUI (TFS 376222,376433,376389, Case 78656,79826, 80385, 80914)

  • Fixed an issue where a potential deadlock could cause HTTPs connections to fail (TFS 377021, Case 81348)

  • Fixed an issue where FTP listing on chrome would list an empty directory (TFS 377050, Case 80506)

  • Fixed an issue where plain FTP via DMZ would not work (TFS 376912, Case 78948)

  • Fixed an issue where upgrades to EFT 8.0 could fail when duplicate Event Rule folder names existed (TFS 377445, Case 82273)

  • Fixed an issue where upgrades to EFT 8.0 could fail when duplicate ssh public existed (TFS 377002, Case 80370)

  • Fixed an issue where upgrades to EFT 8.0 could fail when workspaces included duplicate names in upper and lowercase (TFS 376973, Case 80443)

  • Fixed an issue where server admin permissions could disappear after upgrading to EFT 8.0 (TFS 377672, Case 81472)

  • Fixed an issue where upgrades to EFT 8.0 could fail when a certificate resided in both the pending and trusted list (TFS 376153, Case 79408)

  • Fixed an issue where upgrades to EFT 8.0 could fail when an Event Rule contained Mail action (TFS 377457, Case 82232)

  • Fixed an issue where the EFT Admin GUI could run out of memory with heavy configurations (TFS 377338, Case 82025)

  • Fixed an issue where EFT Admins would receive an error when specifying remote SSH keys in Event Rules (TFS 376118)

ARM

  • Fixed an issue where the Activity - by Users reports were misleading with the data being pulled. (TFS 374125)

  • Fixed an issue where the reports using fact tables would group several lines for each group. (TFS 374454)

  • Fixed an issue where EFT would audit 0kb when AS2 transactions are successful (TFS 376257, Case 79486)

AWE

  • Fixed an issue where a race condition was seen when running GSAWE.exe that caused an AWE licensing error (TFS 372374, 71032)

  • Fixed an issue where the AWE OCR action would not work (TFS 375343, Case 76553)

COM API

  • Fixed an issue where user admins could not enable a user account via COM (TFS 373315, Case 74441)

Event Rules

  • Fixed an issue where Timer Event Rules - Exclude UK Holidays had missing days (TFS 376875, Case 78879)

  • Fixed an issue where the Event Rule change log would not properly update after clicking Apply (TFS 376277, Case 79465)

HA (High Availability)

  • Fixed an issue where Event Rule master would send MSMQ tasking message to itself when it shouldn't be (TFS 376320)

ICAP/CIC

  • Fixed an issue where the host header in a CIC request would send a request to http.example.com (TFS 377358, Case 81443)

Installer

  • Fixed an issue where EFT would fail installation when CWDIllegalInDllSearch registry is configured (TFS 373910, Case 70840)

Logging

  • Changed log level to ERROR for AML export errors (TFS 376480)

  • Fixed an issue where the wrong log level for Folder Monitor reconnect events was used (TFS 375800, Case 78333)

Outlook Add-in

  • Fixed an issue where duplicate email stuck in outbox when encrypted with zed mail (TFS 374623, Case 75460)

PCI DSS

  • Fixed an issue where PCI compliance reports would report failures due to password security for remote agents (TFS 377808, Case 82083)

Remote Agent (RAM)

  • Fixed an issue where a remote agent could crash when the source path is configured with a virtual local path (TFS 376602, Case 80300)

SAML SSO

  • Fixed an issue where the SAML SSO JIT user template pulldown can set incorrect user setting template (TFS 375614)

  • Fixed an issue where the SAML SSO JIT user email attribute taken from username attribute, not email attribute (TFS 375677)

  • Fixed an issue where users were presented with a 404 on the reply portal when using SSO (TFS 374791, Case 76465)

SSH/SFTP

  • Fixed an issue where EFT could crash when opening a file/folder (TFS 375556, Case 78436)

VFS

  • Fixed an issue where EFT startup performance would be affected by large number of virtual folders (TFS 374893, Case 76483)

Web Transfer Client (WTC) & Workspaces

  • Fixed an issue where "Expires:" headers were sent twice via our WTC page (TFS 375389)

  • Fixed an issue where Workspaces participants could not share their root folder (TFS 376164)

  • Fixed an issue where the From field in Send requests did not enforce server side validation (TFS 376091)

  • Fixed an issue where password resets were treated as successful but actually failed (TFS 375161, Case 76747)

  • Fixed an issue where customization changes in theme.json were not properly applied (TFS 374598)

  • Fixed an issue when viewing a workspace (as invitee) the update is active but would not display a progress bar (TFS 376221)

  • Fixed an issue where session tokens were not properly randomized (TFS 376419, Case 79654)

  • Fixed an issue where default datetime format was not defaulted to US (TFS 376870)

  • Fixed an issue where passwords with trailing spaces would get trimmed (TFS 375354, Case 77494)

  • Fixed an issue where Workspace invitation acceptance would fail if user already had a session open (TFS 377040, Case 81196)

  • Fixed an issue where duplicate file uploads to WTC could break upload functionality in the current session (TFS 377266, Case 80852)

  • Fixed an issue where copy/paste function when inviting someone to a workspace would fail in IE11 (TFS 376708, Case 80348)

  • Fixed an issue where a folder with "#" in the name would cause an error in WTC (TFS 375243, Case 77426)

  • Fixed an issue where EFT's Terms of Service and forced password reset would cause a permission denied error (TFS 376510, Case 79430)

  • Fixed an issue where WTC retry would fail with error 406 on Firefox (TFS 376199, Case 78233)

EFT Express

Version 8.0.0.38

Jan 19, 2020

New Features

EFT Administration

  • The DMZ Gateway address box can accept a comma-delimited list of addresses (EFT will try one IP address, then the next, until it can connect) (TFS 339989)

  • EFT can capture certain performance and current state values to SQLite databases on a routine basis which can be used by administrators, support, or Globalscape to evaluate and use for planning, troubleshooting, and statistical analysis (TFS 372346)

  • The EFT SMTP settings page now has a “Send Test Email” button (TFS 372357)

  • Admins can now specify node-unique values for DMZ Gateway PASV Mode port range, which in rare occasions can be different across nodes (TFS 368808)

  • Added a separate control the Request File page/portal URL (TFS 371245)

  • Added REST endpoints to generate the PCI DSS compliance and GDPR DPIA reports (TFS 371829)

  • Added ability to generate a complete manifest of commonly requested tech support data from within the administration interface Help menu (TFS 372341)

  • A new prompt is now displayed when enabling Google Captcha referencing a KB article 11435 (TFS 368710)

  • Added SAML assertion map attribute to email field (TFS 369964)

  • Added new Site-Level Counters

    • User Login Success /sec – rate at which users are authenticating successfully and turn into an active session. See user sessions for count of actively connected users

    • User Login Failed Non-existent Username /sec – rate at which users are failing to authenticate due tan invalid or non-existent username being provided. Compare with Users connections

    • User Login Failed Bad Password /sec – rate at which users are failing to authenticate due to a valid username but invalid password being provided. There are mitigation techniques you can use if frequent attacks on root or administrator

    • Folder Monitor Worker Threads – number of folder monitors in active use. Consider increasing FolderMonitorWorkerThreadCount if it routinely exceeds 32

    • Timer Rule Worker Threads – number of timers currently active. Consider decreasing TimerStackSize if it routinely exceeds 200 to conserver memory

    • Templates – number of templates defined for this site. Updated infrequently

    • User Accounts Disabled - subset of this site’s user accounts that are currently in a disabled state. Updated infrequently

    • User Accounts Locked Out – subset of this site’s user accounts that are currently locked out. Updated infrequently

    • User Login Failed Bad Password /sec – rate at which users are failing to authenticate due to a valid username but invalid password being provided. There are mitigation techniques you can use if frequent attacks on root or administrator

    • User Login Failed Non-existent Username /sec – rate at which users are failing to authenticate due tan invalid or non-existent username being provided. Compare with users connections

    • User Login Success /sec - rate at which users are authenticating successfully and turn into an active session. See User Sessions for count of actively connected users

    • Workspaces Drop-offs – number of drop-off requests active and not expired

    • Workspaces File Sends – number of file send operations that are active and have not yet expired

    • Workspaces Folders Shared – number of folder shares that are active and have not yet expired

  • Updated the Amazon S3 Region list (TFS 373493)

  • Configuration settings are now stored in SQLite databases vs. flat files. This should eliminate the need for SyncTool when performing migrations (TFS 368467)

  • Awaiting/Trusted SSL cert list are now stored in SiteConfig*.db and upon upgrade they are moved into this db. (TFS 371720)

  • SSH Key Storage settings are now moved from Server level to Site level (TFS 369528)

  • Each site has its own set of SSH keys

  • Each site’s SSH (SFTP) private and public keys are now stored in SiteConfig*.db

  • The SSH creation and management GUIs were changed accordingly

  • OpenPGP key pairs are now defined and managed at the Site level instead of the Server (TFS 369527)

  • Workspaces tabs have been consolidated into the Site > Web tab

Advanced Properties

  • Accepts configuration overrides using advancedproperties.json (AP) in lieu of registry entries. Upon upgrade, existing registry overrides will be moved to the AP file (TFS 368291). This includes EFT’s VFS data in Config.db (TFS 369529), server settings in ServerConfig.db and SiteConfig[GUID].db (TFS 371366).

  • To provide more control and visibility over EFT's behavior when it comes sync state, draining, and node management (ClusterOutOfSyncGracePeriodSecs) (TFS 367401)

  • To enable/disable encryption when storing personal data. Note that the default is to encrypt using the default key (EncryptPersonalData) (TFS 363303)

  • To specify a 256-bit key (represented by 64 hexadecimal digits) used to encrypt and decrypt personal data. When not configured or malformed, the default key is used. (PersonalDataEncryptionKey) (TFS 363303)

  • To enable/disable JSON format when rendering Data Protection Impact Assessment (DPIA) report.; used to change DPIA report format (JSON/XML) (RenderDPIAReportAsJSON) (TFS 366251)

  • To deny certain usernames without checking the user database, so you can reduce load on the authentication subsystem (AutoDenyLoginAttemptswithSpecificUsernames) (TFS 370345)

  • To specify that cookies shouldn't be sent with cross-site requests. Acceptable values are "Strict", "Lax", "None". Values other than these will result in "Strict" value (HttpCookieSameSitePolicy) (TFS 367997)

  • To specify the maximum number of asynchronous event rule subroutines that may be queued before dropping new subroutine. A value of 0 (default) indicates there is no limit. (QueuedAsyncSubroutinesLimit) (TFS 367875)

  • To specify the maximum number of simultaneous asynchronous event rule subroutines running. A value of 0 indicates there is no limit. (RunningAsyncSubroutinesLimit) (TFS 367875)

  • To specify the recurrence strategy for cleaning up workspaces: 0 - minutely (default), 1 - hourly, or 2 – daily (WorkspacesCleanupRecurrence) (TFS 368683)

  • To specify the number of Workspace invitation expiration days. (WorkspaceInviteExpirationPeriodDays) (TFS 371827)

  • To specify that the sender for Workspace Messages is 0 - Recipient receives Workspace Invites from User and Secure Send from SMTP Server; 1 - Recipient receives Workspace Messages from the SMTP server, 2 - Recipient receives Workspace Messages from the User. (WSInviteFromAddrUseOwnerEmail) (TFS 371099)

  • Avoid duplicate firing of Account Rules on multiple nodes. (UserAccountTriggersOnOriginatingNodeOnly) (TFS 372193)

  • Change the default “Out of sync” timeout value for HA (ClusterOutOfSyncGracePeriodSecs) (TFS 367401)

  • Change the default “Timeout for sync” value for HA (ClusterOutOfSyncHealSecs) (TFS 367401)

  • Set Workspaces Invitations Expiration (WorkspaceInviteExpirationPeriodDays) (TFS 371827)

  • Allow turning off total drop-off quota limit (MaxAnonymousAllUploadSizeInGB) (TFS 370763)

  • Provide the ability to optionally include and customize EFT WTC’s referrer policy header, (EnableHTTPReferrerPolicyHeader), (HTTPReferrerPolicyAttributeString) (TFS 368162)

  • To disable EFS calculations, (DisableEFSChecksForPCIReport) (TFS 370306)

  • To enable one-way-trust communication between EFT and another domain (AllowToTryLoginUnlistedUsers) (TFS 369294)

  • To copy all ClientFTP settings to JSON, (CopyClientFTPSettingsToRegistry). (TFS 368291)

  • To create a PGP RSA Key with subkey, (CreatePGPRSAKeyWithSubkey). (TFS 370232)

  • To remove UTC designation in timestamp, (ISO8601noUTC). (TFS 368860)

  • To disable cache for DN Type in Active Directory sites (TFS 367876)

  • Added to skip auditing of:

    • Successful socket connections (AuditSuccessSocketConnections). Set to FALSE by default (TFS 369778-AC1)

    • Banned socket connections (AuditBannedSocketConnections). Set TRUE by default (TFS 369778-AC2)

    • Other failed socket connections (AuditFailedSocketConnectionsOther). Set TRUE by default (TFS 369778-AC3)

    • Protocol commands for resources that have an IsInternal flag (AuditIsInternal). Set FALSE by default (TFS 369778-AC4);

    • Workspaces REST calls (AuditRESTWorkspaces). Set TRUE by default (TFS 369778-AC5)

    • Workspaces config REST calls (AuditIsRESTWorkspacesInternal). Set FALSE by default (TFS 369778-AC6)

    • Administrative REST calls (AuditIsRESTAdmin). Set TRUE by default (TFS 369778-AC7)

    • RAM REST calls (AuditIsRESTRAMAgent). Set TRUE by default (TFS 369778-AC8)

    • User initiated REST calls (AuditIsRESTUSER). Set TRUE by default (TFS 369778-AC9)

    • All invalid username authentication attempts (AuditFailedAuthforNonExistingUsernames). Set TRUE by default (TFS 369778-AC10)

    • ‘root’ and ‘administrator’ invalid username authentication attempts (AuditFailedAuthforUsernameRoot). Set TRUE by default (TFS 369778-AC11)

    • Unimportant (non-CRUD) operations (AuditIUnimportantCommands). Set FALSE by default (TFS 369778-AC12); CRUD: Copy/Rename/Upload/Delete

    • Username and password for S/FTP/S events (AuditRedundantUserAndPass). Set FALSE by default (TFS 369778-AC13)

Auditing and Reporting

  • Increased the default ARM queue size from 1,000 t100,000 (TFS 370453)

    • Provided the ability to control what EFT Audits within the following tables (TFS 369778):

    • tbl_SocketConnections

    • tbl_ProtocolCommands

    • tbl_AS2Transactions

  • Improved error messages logged when failing to connect tOracle databases (TFS 369217)

  • ARM schema tables added:

    • AuthenticationsExpired to capture session expirations so admins can track session times (TFS 369874-AC2)

    • AdminActionsChangeDetails that captures before and after values for admin-initiated configuration changes (TFS 369874-AC3)

    • NegotiatedCiphersSSL to audit the negotiated ciphersuites for SSL handshakes (TFS 369874-AC4)

    • NegotiatedCiphersSSH to audit the negotiated ciphersuites for SSH handshakes (TFS 369874-AC5)

    • PrivacyRightExcercised capture privacy rights exercised by users (TFS 363345)

    • PrivacyTermsEUStatus to capture the EU subject matter status of users (TFS 363558)

    • ScanDataAction to contain list of scanned files and scan results (TFS 365254)

    • PersonalDataActions when a user accounts personal data fields have been modified, for GDPR compliance (TFS 363346)

  • Added missing MIC code which wasn’t being audited to the AS2 Transactions table (TFS 369828-AC7)

  • Added a TransactionID column tAS2Transactions table for consistency with other tables (TFS 369828-AC10)

  • Added a Time_stamp column to Transactions table to aid in cascade deletes when purging (TFS 369874-AC1)

  • Added an Actor column to ProtocolCommands table to avoid having to join on Authentications table for just about every report (TFS 369874-AC6)

  • Added a dbo.lu.[TableName] for every table that makes use of enumerators, for easier mapping of values to their meanings (TFS 369780-AC9)

  • Added a relation to Actions and ScanDataActions table via ActionID field (TFS 369870-AC1)

  • Added tbl_PrivacyRightExercised which will audit any right exercised by a user for privacy compliance reporting (TFS 363345)

  • Added tbl_PersonalDataActions which will audit administrator changes to user personal data for compliance with notification rights (TFS 363346)

  • Added tbl_PrivacyTermsEUStatus which will audit any change in a user’s EU data subject status, agreement to Terms of Service, or consent to Privacy Policy (TFS 363558)

  • Added tbl_ScanDataAction which audits third-party file scan results from DLP or similar tools that scan for personal data in files (TFS 365254)

  • Added ARM reports:

    • “Workspaces – Folders Unshared”

    • “Activity - Session Lifecycle” that shows user log on/off information, with data from tbl_AuthenticationsExpired (TFS 371364)

    • “Activity - File Scanned Data Results” that shows the data from the tbl_ScanDataActions (TFS 371364)

    • “Troubleshooting – Negotiated SSL Ciphers” that shows the data from the tbl_NegotiatedCiphersSSL (TFS 371364)

    • “Troubleshooting – Negotiated SSL SSH Ciphers” that shows the data from the tbl_NegotiatedCiphersSSH (TFS 371364)

    • “Privacy – Admin Changes to Personal Data” that shows the contents of the tbl_PersonalDataActions table (TFS 371364)

    • “Privacy - User Rights Exercised” that shows the contents of the tbl_PrivacyRightExcercised table (TFS 371364)

    • “Privacy - Terms and Status Changes” that shows the data from the tbl_PrivacyTermsEUStatus table (TFS 371364)

    • “Admin - Audit Log (Detailed)” that shows the data from the tbl_AdminActionsChangeDetails table (TFS 371364)

    • “Troubleshooting - Most Prolific Users” that shows top three accounts for failed and success auth for a given time period (TFS 371364)

Workspaces

  • Added domain blacklist in addition to existing whitelist for share/send invitations (TFS 370026)

COM API

  • In the ICIServer interface, added defaultvalue and Reason parameter tAddIPAccessRule (TFS 369934)

  • UTF8Logs property

  • In the ICISite interface, added defaultvalue and Reason parameter tAddIPAccessRule method(TFS 369934)

  • PGP Key properties and methods:

    • CreatePGPKey

    • ExportPGPKey, ImportPGPKey

    • PGPKeys

    • RemovePGPKey

    • Added PGPLogLevelDebug to the ICISite Interface PGPLogLevel property.

  • SSH Key properties and methods:

    • CreateSSHKeyPair

    • ExportSSHPrivateKey, ImportSSHPrivateKey

    • ExportSSHPublicKey, ImportSSHPublicKey

    • GetSSHKeyForSFTP, SetSSHKeyForSFTP

    • RemoveSSHKey

    • RenameSSHKey

    • SSHKeys

  • Privacy-related changes:

    • GetClientDataField, SetClientDataField

    • GetPrivacyPolicy, SetPrivacyPolicy

    • GetTermsOfService, SetTermsOfService

    • GetGDPRSettings, SetGDPRSettings

  • Workspaces Properties:

    • WorkspacesDomainsToForbidInviteeAddresses

    • WorkspacesEnableDomainsToForbidInviteeAddresses

    • WorkspacesOAIDomainsToForbidInviteeAddresses

    • WorkspacesOAIEnableDomainsToForbidInviteeAddresses

    • WorkspacesOAIEnableDomainsToLimitInviteeAddresses

    • WebSSOJitUserProvisioningEmailLocation and WebSSOJitUserProvisioningEmailAttribute

  • Content Integrity Control profile management methods and properties

  • GetVirtualFolderList Properties (TFS 368492):

    • Calls with empty parameters work as previous behavior

    • Improvements with data returns of virtual folders that are inside the folder

  • In the ICIClientSettings interface, added defaultvalue and Reason parameter to: AddIPAccessRule, GetGDPRPrivacyPolicyConsentStatus, SetGDPRPrivacyPolicyConsentStatus, GetGDPRSubjectStatus, SetGDPRSubjectStatus, GetGDPRTermsOfServiceConsentStatus, SetGDPRTermsOfServiceConsentStatus, ResetAllFieldAttributeDefaults, CompanyName, Duns, Mobile, PartnerId

  • In the ICISSHKeyInfo interface, added HasPrivate property

  • In the ICIManualIPAccessRule interface, added Reason property

  • Interfaces added for new Event Rule Actions:

    • ICICallSubroutineActionParams interface

    • ICIDefineVariableActionParams interface

    • ICIRunPowerShellScriptActionParams interface

    • Interfaces added for GDPR, privacy policy, and terms of service features (TFS 370527):

    • ICIClientDataField interface

    • ICIGDPRSettings Interface

    • ICIPrivacyPolicy interface

    • ICITermsOfService interface

  • Enums:

    • In the AdminAccountType enum, added ADGroupAccount

    • In the AdminPermissionsPolicy enum, added ManagePersonalData

    • In the EventType enum, added EventRuleSubroutine

    • In the EventActionTypeenum, added:

      • DefineVariableAction

      • RunPowerShellScriptAction

      • CallSubroutineAction

    • In the EventProperty enum, added:

      • FileExtension

      • ClientGDPRSubjectStatus

      • ClientGDPRConsentStatus

      • ClientGDPRReason

      • ClientGDPRRightExercised

      • New ClientDataField enum

      • New GDPRTermsofServiceMode enum

      • New GDPRPrivacyPolicyMode enum

      • New GDPRSubjectStatus enum

      • New GDPRPrivacyPolicyConsentStatus enum

      • New GDPRTermsOfServiceConsentStatus enum

    • In UserAccountActionType enum, added:

      • EnableAccount

      • PersonalDataDeleteFields

      • PersonalDataResetToDefaults

      • PersonalDataSetEnabled

      • PersonalDataSetModifiable

      • PersonalDataSetVisible

      • SetEUDataSubjectStatus

      • SetPrivacyPolicyConsent

      • SetTermsOfServiceConsent

Enhancements

  • Advanced Property updates:

    • Updated advanced property to allow setting the disk quota value t0 (zero) so that the quota is rechecked on every login (DiskQuotaBaselineCalculationFrequencyInDays) (TFS 368628)

    • (DiskQuotaBaselineCalculationFrequencyInDays) now has a minimum value of 0, when set EFT will recheck the quota on every login. (TFS 368628)

    • (FolderMonitorWorkerThreadCount) default value has increased from 32 t64

    • (ARMQueueSize) default value has increased from 1000 t10000. (TFS 370453)

    • (EnableLogging) is now renamed to (ClientFTPOverrideLogging). (TFS 373030)

  • AD Authentication into the EFT Admin GUI is no longer dependent on the ASM (Advanced Security Module) and is now part of core EFT (TFS 361153)

  • The Advanced Workflow variable UI is now resizable (TFS 369372)

  • The SSH Key Manager UI is now resizable (TFS 369372)

  • EFT now re-uses the LDAP search timeout for LDAP auth timeout (TFS 371476)

  • AML files are no longer available as of this version (only on the sample files); however EFT provides the ability to export Advanced Workflows, either one at a time or all at once (TFS 371719)

  • The DMZ Gateway connection orientation behavior was extended to AD Sites, whereas before it was limited to LDAP (TFS 367515)

  • Updated OpenPGP library (TFS 370232)

  • Updated OpenSSL to 1.0.2t (TFS 367828)

  • Updated OpenSSH to 8.1.0.0 (TFS 365876)

  • Updated jquery to version 3.4.1 on the WTC login page (TFS 372869)

  • On new EFT install only TLS 1.2 protocol is enabled by default (TFS 373431)

  • As part of the flexibility to ease the migration of an EFT, the configuration path field in the administration interface is read-only (TFS 368290)

  • User email control is no longer displayed on General page; this change is related GDPR (TFS 362046)

  • Restoring configuration from previous versions of EFT are not allowed. EFT only supports restoration from the same version of EFT, which was always the intent for the backup and restore feature. (TFS 369567)

  • EFT log file will no longer report default configuration override values (those can be obtained from the online help file) and instead will only report those values that have been modified from their defaults.

  • Updated Server-Level Counters (TFS 361733)

    • Number of Sites to Sites

    • ARM queue size ARM Queue Size

    • ConnectedAdminCount Admin Sessions

    • WorkspacesLicensesAvailable Workspaces Licenses Available

    • WorkspacesNormalLicensesUsed Workspaces Licenses Assigned

    • WorkspacesDropoffLicensesused Workspaces Drop-offs (this is now under the Site Counters)

    • Updated counter names Site-Level Counters (TFS 361733)

    • Number of Clients User Accounts

    • ConnectedUserCount User Sessions

    • ActiveServerUploadCount User Uploads

    • ActiveServerUploadBytesPerSecond User Upload Bytes /sec

    • ActiveServerDownloadCount User Downloads

    • ActiveServerDownloadBytesPerSecond User Download Bytes /sec

    • Number of running event rules Event Rules Triggered

    • Number of running Upload Actions Event Rules Running Upload Actions

    • Number of running Download Actions Event Rules Running Download Actions

    • Number of running Cloud Upload Actions Event Rules Running Cloud Upload Actions

    • Number of running Cloud Download Actions Event Rules Running Cloud Download Actions

    • Number of running AWE Actions Event Rule Running AWE Tasks

    • Size of AWE Actions queue Event Rules Size of AWE Actions Queue

    • ActiveClientUploadCount Event Rules Client Uploads

    • ActiveClientUploadBytesPerSecond Event Rules Client Upload Bytes /sec

    • ActiveClientDownloadCount Event Rules Client Downloads

    • ActiveClientDownloadBytesPerSecond Event Rules Client Download Bytes /sec

    • New Server-Level Counters (TFS 361733)

    • Sites Started – subset of defined sites that are actively listening for connections, updated infrequently.

    • Sites Enabled – number of sites currently in an enabled state

    • ARM Stalled Audit Events – number of audit events delayed for longer than ARMLogStalledThreadMinDuration, which by default is set t1 (one) second

    • Admin Accounts – number of administrator accounts defined for this server

    • Admin Accounts Locked Out - number of administrator accounts currently and temporarily locked out of the server

ARM schema changes

  • Removed vw_ProtocolCommands view as we added Actor column to the ProtocolCommands table (TFS 369874-AC7)

  • Removed auditing of username and password for HTTP/S events to ProtocolCommands as it is redundant with Authentications table. (TFS 369779-AC1)

  • Removed redundant auditing of authentication records in Authentications table across all protocols except for stateless HTTP. (TFS 369779-AC2)

ARM reports modified

  • “Activity – All Transfers”, modified so that it only shows transfers from tbl_ClientOperations (TFS 371471)

  • “Activity – All Files (as Server)”, used pc.RemoteIP instead of au.IP from remote IP address (TFS 371471)

  • “Activity – All Users (Summary)”, Converted to FACT based (TFS 371471)

  • “Activity – All Users (Detailed)”: removed inner join on tbl_Authentications; removed “AND au.ResultID=0”;changed “Order by au.Time_Stamp” to “Order by PC.Time_stamp”; removed folder column so we can fit longer filenames (TFS 371471)

  • “Event Rules – Actions (Summary)”, Remove details column (TFS 371471)

  • “Executive Summary Report”, Updated report to optionally use FACT tables if available (TFS 371471)

  • “Outlook Send Report”, Change column titles to better match their state (TFS 371471)

  • “Outlook Pick Up Report”, modifications similar to outlook send report (TFS 371471)

  • “Security – Failed Logins”, Remove hashed password column (TFS 371471)

  • “Traffic – Average Transfer Rates by Users”, updated report to optionally use FACT tables if available (TFS 371471)

  • “Traffic – Connection Summary”, updated report to optionally use FACT tables if available (TFS 371471)

  • “Traffic – Datewise-hourly Bytes Transferred”, updated report to optionally use FACT tables if available (TFS 371471)

  • “Traffic – IPWise Connections (Summary)”, updated report to optionally use FACT tables if available (TFS 371471)

  • “Traffic – Monthwise-IPWise Bytes Transferred”, updated report to optionally use FACT tables if available (TFS 371471)

  • “Traffic – Most Active IP – Connections”, updated report to optionally use FACT tables if available (TFS 371471)

  • “Traffic – Most Active IP – Data Transferred”, updated report to optionally use FACT tables if available (TFS 371471)

  • “Traffic – Most Active Users – Connections”, updated report to optionally use FACT tables if available (TFS 371471)

  • “Traffic – Most Active Users – Data Transferred”, updated report to optionally use FACT tables if available (TFS 371471)

  • “Traffic – Protocolwise Connections (Summary)”, updated report to optionally use FACT tables if available (TFS 371471)

  • “Traffic – SiteWise Hourly by User”, updated report to optionally use FACT tables if available (TFS 371471)

  • “Troubleshooting – Event Rule Failures”, updated report to optionally use FACT tables if available (TFS 371471)

  • “Troubleshooting – Operational Failures”, increased performance by doing smart select vs. union, removed ‘pass’ as filter as this is for Failed Auth report (TFS 371471)

  • “Troubleshooting – Connection Errors”, excludes authentication failures, translated result codes into string values (TFS 371471)

  • “Workspaces activity”, multiple column and field updates (TFS 371471)

ARM reports renamed

  • Activity – All File Transfers is renamed to Activity – File Transfers as Client (TFS 371471)

  • Activity – All Files (as Server) is renamed to Activity – File Transfers as Server (TFS 371471)

  • Activity – All Groups (Detailed) is renamed to Activity – by Permissions Group (TFS 371471)

  • Activity – All Users (Detailed) is renamed to Activity – by Users (Detailed) (TFS 371471)

  • Admin Actions is renamed to Admin – Audit Log (TFS 371471)

  • Admin Actions (Summary) is renamed to Admin – Authentications (TFS 371471)

  • AS2 – Transactions Detailed is renamed to Activity – AS2 Transfers (Detailed) (TFS 371471)

  • AS2 – Transactions Overview is renamed to AS2 Transfers (Summary) (TFS 371471)

  • Content Integrity Control – Actions (Detailed) is renamed to Content Integrity Control

  • Event Rules – Actions (Summary) is renamed to Event Rules – by Trigger Name (Summary) (TFS 371471)

  • Event Rules – Activity (Summary) is renamed to Event Rules – by Trigger Type (Summary)

  • Event Rules – Activity (Detailed) is renamed to Event Rules – by Trigger Type (Detailed) (TFS 371471)

  • Event Rules – Inbound-Outbound By Date is renamed to Event Rules – Just Transfers (TFS 371471)

  • Outlook Send Report is renamed to Workspaces – Files Sent (TFS 371471)

  • Outlook Pick Up Report is renamed to Workspaces – Files Picked Up

  • Security – Failed Logins is renamed to Troubleshooting – Failed Logins (TFS 371471)

  • Troubleshooting – Connection Errors is renamed to Troubleshooting – Socket Connection Errors (Inbound) (TFS 371471)

  • Workspace Activity is renamed to Workspaces – Folders Shared

ARM reports removed

  • Activity – Ad Hoc (Detailed), this is a redundant with Outlook Send/Pickup Report (TFS 371471)

  • Activity – Ad Hoc (Summary), this is a redundant with Outlook Send/Pickup Report (TFS 371471)

  • Activity – Ad Hoc By File (Detailed), this is a redundant with a filtered Outlook Send/Pickup Report (TFS 371471)

  • Activity – Ad Hoc By Recipient (Detailed), this is a redundant with a filtered Outlook Send/Pickup Report (TFS 371471)

  • Activity – Ad Hoc By Sender (Detailed), this is a redundant with a filtered Outlook Send/Pickup Report (TFS 371471)

  • Activity – By [All Reports], other reports accomplish the same data. (TFS 371471)

  • Activity – By File

  • Activity – By Group (Detailed)

  • Activity – By User (Detailed)

  • Activity – By User (Detailed) – Group by UserName-Action

  • Activity – By User (Summary)

  • EventRules – Inbound-Outbound By User, the same data is available under Event Rules Just Transfers and filter by user

  • Troubleshooting – IP Address Activity (Detailed), the same data is available under the troubleshooting reports if filtered by IP

High Availability-Specific changes

  • Sync value changes (TFS 367401)

  • Changed initial “Out of sync” timeout value from 5 seconds t10 seconds

  • Changed full timeout for sync from default 30 seconds t60 seconds

  • Updated WEL (Windows Event Log) reporting to reflect “Node out of sync, attempting to heal…” instead of “Node out of sync”

  • Time when node entered into out of sync state, “Initial detection of node as out of sync, entering grace period…”

  • Time when node attempted to start healing itself, “Node out of sync, attempting to heal…”

  • Time node took to heal (if healed), “Node was out of sync for [N] seconds but is now in sync”

  • Time at which point node considered itself unable to heal

  • Time at which node began to drain, “Out of sync node unable to recover after [N] seconds, entering drain mode for maximum of [M] minutes. Service [will\will not] restart when draining is complete”

  • Elapsed time node completing drain, “Finished draining node after [N.XY] minutes”

  • Specify log location and prefix with node ID (TFS 367897)

Installer Modifications

  • Update existing ProtocolCommands records with Actor (Account) value from Authentications table (TFS 370935-AC1)

  • Update existing Transactions records with Time_stamp value from other tables (TFS 370935-AC2)

  • Backup existing reports and deposit new ones for new and existing customers (TFS 370935-AC3)

  • Deposit a number of helper SQL scripts, such as row count, most prolific users, etc. (TFS 370935-AC4)

  • Deposit a number of targeted purge scripts. See comments in each script for details (TFS 370935-AC5)

  • Update to the create_5_sprocs.sql to avoid adding NULL values into the database. (TFS 370752)

  • Upgrades are only allowed from 7.4.x (TFS 368126)

  • EFT trials are now 15 days (TFS 369582)

  • Recommendation is to upgrade tour latest GA (7.4.13.15) before upgrading to this release

Privacy-Related Additions

  • GDPR will require ESM/ASM licensing (TFS 371440)

  • Set of privacy configuration settings that map GDPR requirements to EFT’s privacy features, for evaluating compliance levels (TFS 369312)

  • Built-in automatic encryption of all fields identified as personal data, including email, with a separate, managed encryption key (TFS 363303)

  • Updated Account Details dialog on the General tab (when selecting a user) with tool tip functionality (TFS 363529)

  • New Account Details template under security tab at the site level (TFS 363529)

  • Ability to define attributes that are considered personal data

  • Ability to define attributes that are visible to the user

  • Ability to define attributes that are modifiable by the user

  • Changes done will apply tall existing clients and new clients (TFS 370953)

  • Ability to define EFT admins to view/manage personal data (TFS 364360)

  • New User consent to Privacy Policy (PP) drop-down under the General tab at the user level (TFS 368730)

  • Block or allow access to personal data, limiting administrators to need-to-know access to personal data (TFS 362490)

  • Generate a Data Privacy Impact Assessment (DPIA) report which evaluates compliance and risk levels based on settings (TFS 366251)

  • Set an EU subject status teach user account (TFS 363000)

  • Define a privacy policy for a given EFT Site (TFS 367574)

  • Specify whether explicit or implicit consent with the privacy policy is required of end users (TFS 367574/367846)

  • Define a Terms of Service (ToS) for a given EFT Site (TFS 366847/367845)

  • Determine user account details fields are considered personal data or assign attributes over each field (TFS 362406)

  • Specify whether explicit or implicit agreement with the Terms of Service is required of end users (TFS 366847)

  • Reset the privacy policy’s effective date, which re-displays the policy to connected users (TFS 367574/367846)

  • Deny access to other protocols (S/FTP/S) until the user has consented to the privacy policy (TFS 367574/367846)

  • Reset the Terms of Service’s effective date, which re-displays the policy to connected users (TFS 366847)

  • Deny access to EFT via other protocols (S/FTP/S) until the user has agreed to EFT’s Terms of Service (TFS 366847)

  • Identify or specify whether or not a user has consented to use their personal data (TFS 363087)

  • Optionally give users the ability to access (view) their personal data (TFS 363200)

  • Optionally give users the ability to rectify (modify) their personal data (TFS 363201)

  • Optionally give users the ability to delete their account including personal data (TFS 363202)

  • Optionally give users the ability to restrict use to their personal data (TFS 363211)

  • Optionally give users the ability to be notified of changes made to their personal data (TFS 363300)

  • Optionally give users the ability to export (port) their personal data (TFS 363301)

  • Optionally give users the ability to object to the use of their personal data (TFS 363302)

  • Ability for users to see their currently assigned EU subject status (optional) (TFS 371467)

  • Ability for users to modify their current EU subject status (optional) (TFS 371803)

  • %USER.GDPR_RIGHT_EXCERCISED_ARTICLE_ID% for events related to exercising of privacy rights (TFS 363470)

  • %USER.GDPR_RIGHT_EXERCISED% for events related to exercising of privacy rights (TFS 363470)

  • %USER.GDPR_REASON_GIVEN% to capture the user’s rationale when exercising their privacy rights (TFS 363470)

  • %USER.PP_CONSENT_STATUS% to show the current privacy policy consent status for a given user (TFS 363470)

  • %USER.TOS_CONSENT_STATUS% to show the current Terms of Service agreement status for a given user (TFS 363470)

  • %USER.EU_DATA_SUBJECT_STATUS% to capture the EU subject status state for a given user (TFS 363470)

  • New event rule trigger “GDPR Right Exercised” that triggers whenever a user attempts to exercise one of their granted rights (TFS 363341)

  • New conditions for event rule processing related to a user’s EU subject status, privacy policy, and agreement consent status (TFS 363342)

  • Ability to trigger a rule in EFT when a user’s personal data is modified by someone other than the user (right to be notified) (TFS 363300)

  • Ability to modify user privacy fields via EFT’s event rules, such as changing field attributes, modifying EU data subject status, and more (TFS 368623)

Other Event Rule Additions

  • Create or set variable Action (TFS 358683)

  • Run PowerShell Action (TFS 367503)

  • Call (GoTo) Event Rule Subroutine Event and Action (TFS 367875)

  • Ability to scan metadata with Content Integrity Control Action (TFS 363436)

  • “Enable this Account” option added to User Account Action (TFS 368623)

  • Context variable to grab file extension, and place it into the context variable (TFS 367283)

  • Added new context variables for date and time stamps in ISO8601 format. (TFS 368860)

  • Increased the default FM worker threads from 32 t64 (TFS 370453)

  • Retry logic for Copy Action (TFS 370290)

  • Cloud object monitor usability updated (TFS 369671)

  • Workspace re-enable users on re-invite (TFS 368874)

  • Event rule exports are now in JSON format, XML is deprecated and will not be imported in this version of EFT (TFS 371721)

  • AWE task code (.aml) is now persisted in SiteConfig*.db (SQLite file). Upon upgrade, .amls are read from the legacy file location and imported into the database (TFS 371719)

  • CIC profiles are now site-level (previously were Server-level) (TFS 371722)

  • Upon upgrade legacy server level CIC profiles will be cloned into each site (TFS 371722)

  • EFT’s CIC event rule action can now scan ad hoc message metadata, such as the message subject or body text, in addition to files (TFS 363436)

Web Transfer Client & Workspaces

  • Ground-up re-write resulting in tremendous performance gains (TFS 368791)

  • Includes a new Profile page for managing personal/privacy data, language, date format, number format

  • See (TFS 371467) and specify (TFS 371803) whether or not they qualify as an EU data subject (optional)

  • See user's account details fields marked as personal data from within the web client (right to access) (Optional) (TFS 363345)

  • Modify fields marked as personal data from within the web client (right to rectify) (Optional) (TFS 363201)

  • Rescind their consent to previously agreed to privacy policy (right to rescind) (Optional) (TFS 363119)

  • Submit a request to have their account be removed including all personal data (right to be forgotten) (TFS 363202)

  • Request that EFT restrict use of their account details marked as personal data (right to restrict) (TFS 363211)

  • Object to the use of their account details marked as personal data (right to object) (TFS 363302)

  • Download their account details marked as personal data in a semi-structured format (right to port) (TFS 363301)

  • Optionally change their password (TFS 367099)

  • Added support for batch downloads in zipped format (TFS 369255)

  • Added ability to move files between two different workspace folders (TFS 76901)

  • Change default workspace expiration-check cycle to once a minute (TFS 368683)

  • Separate control added tenable Request file portal subject to Send and Reply portals both being enable (TFS 369944)

  • File Expiration has been separated from Link Expiration for ad hoc delivered files, separating link security and data retention concerns (TFS 369706)

COM API

  • The ICIServer Interface methods and properties below are deprecated and no longer work (return E_NOTIMPL error). (Instead use the similar Site-level methods and properties.)

  • Methods:

    • CreatePGPKey

    • RemovePGPKey

    • ImportPGPKey

    • ExportPGPKey

    • GetPGPKeyringSettings

    • SetPGPKeyringSettings

    • ImportSSHKey

    • RemoveSSHKey

    • RenameSSHKey

    • ExportSSHKey

    Properties:

    • AvailablePGPKeys

    • AvailableSSHKeys

  • The ICISite Interface methods and properties below are deprecated and no longer work (return E_NOTIMPL error):

  • Methods:

    • GetSSHKeyFilePath

    • SetSSHKeyFilePath

    Properties:

    • SFTPKeyFile

    • SFTPKeyFile

  • ISATMessage and IAdhocMessage interfaces do not apply tEFT v8 and later

Fixes

EFT Admin GUI

  • Resolved an issue that caused the Start and stop site options from being grayed out under the “File” drop-down option (TFS 368804)

  • Updated the Encrypted folder wizard which had a spelling error (TFS 368880)

  • Updated IP address option to “OS Chooses” (TFS 369223)

  • Fixed an issue when presented with a failed to create user after selecting a different Site on User creation wizard error displayed “FOREIGN KEY constraint failed” (TFS 370378)

  • Provided the ability to customize the URL and port that are sent via Workspace invite email in the Send Portal (TFS 371388)

  • Fixed an issue where invalid SSH key imports would not display any error prompts (TFS 368594)

  • Fixed an issue where the status tab Ban option would not work (TFS 368622)

  • Fixed an issue where the Admin GUI could hang with high traffic (TFS 368908)

  • Fixed an issue where passwords could be shown in plain text in file and folder operation actions (TFS 369656)

  • Fixed an issue where the Admin GUI could hang when enabling ARM (TFS 370382)

  • Fixed the layout in the “AS2 – Transactions Detailed” report (TFS 371246)

  • Fixed an issue where the Admin GUI hang could limit access tWTC (TFS 367876)

  • Fixed an issue where the Admin GUI could timeout during a backup (TFS 372407)

  • Fixed an issue where the Admin GUI in EFT Express could hang upon upgrade (TFS 369339)

  • Fixed an issue where the Admin GUI could hang after making changes (TFS 369391)

  • Fixed an issue where the Admin GUI could crash when removing site while the FileAudit.db is broken (TFS 371278)

  • Fixed an issue where the Max Transfer Speed limit, when enabled, would cause folder downloads to hang (TFS 369373)

  • Fixed an issue where the Admin GUI could hang due to HTTP buffer size (TFS 370952)

  • Fixed an issue where the Admin GUI was not consistent when enabling and disabling administrator permissions (TFS 372895)

  • Fixed an issue where the Admin GUI would revert the Delete file(s) older than X value to 7 in the File Cleanup Action after browsing a folder (TFS 372677)

  • Fixed an issue where the Admin GUI would display an icon image on the IP Access Rules UI (TFS 371654)

  • Fixed an issue where the Admin GUI spinner for Prohibit reuse of previous passwords was not working correctly (TFS 370549)

  • Fixed an issue where the Admin GUI could be slow on high HTTP traffic (TFS 369938)

API

  • Fixed an issue where an API call could cause an EFT exception (TFS 372977)

Auth SAML

  • Fixed an issue where SAML requests could fail. (TFS 370586)

Auth AD

  • Fixed an issue where AD users were unable to reset passwords when AD password has expired or was set t“user must change password at next login” and group consists of users from parent/child domains (TFS 368107)

  • Fixed and issue where one-way trust no longer worked for remote forest (TFS 369294)

  • Fixed an issue were users were unable to authenticate with an AD account when using UPN login (TFS 373152)

ARM

  • Updated crate_5_sprocs.sql to incorporate improvements (TFS 370752)

  • ARM reports were not generating data with traditional Chinese SQL server (TFS 373304)

  • Auditing of HTTP GET requests to use GET rather than LIST verb (TFS 369780-AC2)

  • TransferTime wasn’t appearing for certain transactions in ProtocolCommands table (TFS 369780-AC3)

  • SFTP connections were not auditing LIST operation (TFS 369780-AC4)

  • FTP connections where auditing USER and LIST verbs multiple times (TFS 369780-AC5)

  • Inconsistency with usage of datetime and datetime2 data types for auditing of timestamps (TFS 369780-AC6)

  • AS2Transactions table to use nvarchar(max) rather than "text" datatype for MDN, PayloadHeaders, and MDNHTTPResponse (TFS 369780-AC7)

  • Naming convention in auditing of administrator and REST administrator operations in ProtocolCommands table (TFS 369780-AC10)

  • Circular reference in Actions and EventRules tables (TFS 369871)

  • Circular reference in AS2 Actions and AS2Files (TFS 369871)

  • Modified schema to merge AS2Transactions and AS2Files tables as they were redundant (TFS 369828-AC5.1)

  • Modified EFT to use an AD object per AD call and sends inserts in batches, which improves auditing performance under load (TFS 371279)

  • Modify purge and fast purge with a vastly more performant version of the same (TFS 370935-AC6)

  • Updated Oracle’s stored procedures to avoid a NULL constraint error on offline record insert (TFS 370935-AC7)

AWE

  • Fixed an issue where the Long List FTP action would display an error (TFS 365263)

  • Fixed an issue where EFT variables were missing (TFS 372798)

  • Fixed an issue where the “On error” action email fails after upgrading EFT (TFS 366436)

  • Fixed an issue where the email action was lost after upgrade (TFS 368591)

  • Fixed an issue where EFT administrators were unable to import batches of AWE scripts (TFS 369543)

  • Fixed an issue where variables were initialized differently between AWE10 and AWE8 (TFS 370023)

  • Fixed an issue where the Delete File action did not respect the “Exclude Mask” (TFS 372488)

  • Fixed an issue where the “If Folder Exists” statement was not working (TFS 372490)

  • Fixed an issue where variables as delimiters in a loop were not working (TFS 372491)

  • Fixed an issue where change folder action is appending to the user’s home folder path (SFTP only) (TFS 372494)

  • Fixed an issue where the margins are ignored when converting file to PDF (TFS 373077)

  • Fixed an issue where EFT variables were missing in AWE (TFS 373337)

  • Fixed the aspect ratio of the AWE splash screen (TFS 373282)

CIC

  • Fixed an issue where CIC was not properly processing files as expected (TFS 351868)

Cloud Connectors

  • Fixed an issue where Amazon S3 compatible did not work when providing S3 details (TFS 370883)

  • Fixed an issue where S3/Azure uploads fail if folder exists in source location (TFS 368817)

  • Fixed an issue where cloud monitor events may cause a hang in EFT (TFS 369997)

  • Fixed an issue where post processing actions failed to complete (TFS 370600)

  • Fixed an issue where files over 4GB uploaded to Azure were malformed (TFS 372579)

  • Fixed an issue where cloud object key conditional logic did not work as expected (TFS 372831)

Connection Profiles

  • Fixed an issue where the wrong IP was sent on an outbound request when configured under the Advanced properties (TFS 370758)

Custom Commands

  • Fixed a GUI issue that reflected incorrect admin permissions (TFS 368530)

DMZ Gateway

  • Fixed an issue where EFT did not honor the XFF headers when the traffic is generated from the DMZ Gateway (TFS 370642)

EFT COM

  • Added the reason parameter to Object AddIP Access Rule (TFS 369934)

Event Rules

  • Fixed an issue where the context variables for a copy action did not work in the port field (TFS 372219)

  • Fixed and issue where Folder monitor rules may crash (TFS 370420)

  • Fixed an issue where weekly event rule schedule timer not using recur every <N> weeks(s) on value (TFS 369253)

  • Fixed an issue where the Ban user IP address action was not working as expected (TFS 369995)

  • Fixed an issue where mail attachments were not working in event rules (TFS 369996)

  • Fixed an issue where remote listing cache was never cleaned up (TFS 372220)

  • Fixed an issue where weekly scheduled timer event rules failed to start at the expected cycle (TFS 372876)

  • Fixed an issue where the “On Before Download” would trigger for non-existent 404 resource (TFS 368469)

  • Fixed an issue where “On upload failed” event rule with file is banned condition would not trigger via SFTP (TFS 368801)

  • Fixed an issue where a square bracket saved in the SMTP from field prevented any mail action event rules to be properly saved (TFS 368712)

  • Fixed an issue where “Invoke Web Service” rule always redirected on URL received in Location Header (TFS 369340)

  • Fixed an where upload support would fail when using DMZ server as a proxy (TFS 373297)

High Availability (HA)

  • Fixed an issue where all nodes would trigger a user password change event rule when an EFT admin changes a user’s password (TFS 368864)

  • Fixed an issue where load balanced timer event rules may crash EFT (TFS 370272)

Installer

  • Fixed an issue to provide the HA install MSMQ parameters (TFS 370310)

  • Fixed an issue where an AWE DLL was not properly registered upon install/upgrade (TFS 370584)

  • Fixed an issue where an invalid MSMQ configuration via silent installer caused a crash in EFT (TFS 370928)

Logging

  • Fixed an issue where the Folder Encryption Key is displayed in the log file (TFS 373641)

  • Fixed an issue where the EFT log would log an error when running a PCI DSS Compliance Report (TFS 373517)

Outlook Add-in

  • Fixed an issue where the pickup link was incorrect (TFS 369824)

  • Fixed an issue where duplicate requests were sent to the EFT server (TFS 369832)

  • Fixed an issue where user was not presented with a prompt when using the Secure Message without an attachment (TFS 371259)

  • Fixed an issue where EFT may hang due to high OAI users (TFS 368320)

  • Fixed an issue where Workspace pickup link would display the incorrect link when using a DMZ Gateway (TFS 368504)

REST API

  • Fixed an issue where REST API calls log password in clear text (TFS 371314)

scClient

  • Fixed an issue where scClient did not work using FAST (TFS 371277)

SFTP

  • Fixed an issue where ciphers were missing when upgrading from an older version of EFT (TFS 367978)

  • Fixed an issue where on rare situations EFT would experience a crash in the SFTP engine (TFS 370750)

  • Fixed an issue where quit commands would report “Exit status -1” instead of -0 (TFS 371165)

  • Fixed an issue where SFTP connections would not send a close packet (TFS 372816)

Web Transfer Client (WTC)

  • Fixed an issue where some of WTC pages were missing the X-Frame-Options: SAMEORIGIN Get request (TFS 368205)

  • Fixed an issue where some secure flag was missing for cookies (TFS 370264)

  • Updated cookie naming from loginsession to mfatoken and token to csrftoken (TFS 370266)

  • Fixed an issue where the EFT username is not displayed unless workspaces is enabled (TFS 366503)

  • Fixed an issue where the samlssologgedout cookie was not marked with the secure attribute (TFS 369921)

  • Fixed an issue where the LDAP user account had “user must change password” enabled did not allow the user tlogin tWTC (TFS 370383)

  • Fixed an issue where 0KB folder could not be download (TFS 368671)

  • Fixed an issue where some users were not seeing the correct display when clicking on the Filter option (TFS 367819)

  • Fixed an issue where the broken transfer warning UI did not translate to any other language other than English (TFS 367032)

  • Fixed an issue where the UI would not properly report a valid error message when quota limit was reached (TFS 367608)

  • Fixed an issue where the change password option should not be available when EFT is not configured tallow change password (TFS 368677)

Workspaces

  • Fixed an issue where the workspace owner’s full name was not displayed in the invitee workspace welcome email (TFS 372654)

  • Fixed an issue where the Reply address was not properly populated after KB 11384 was applied (TFS 368578)

  • Fixed an issue where the subject and message body details for a message marked “secure message” was not encrypted in the Workspaces.db (TFS 368575)

  • Fixed an issue where workspaces emails kept the EFT HTTPS port in the email invite instead of the DMZ listening port (TFS 368802)

  • Fixed an issue where Yahoo domain users did not receive the hyperlink for Workspaces send portal (TFS 370406)

  • Fixed an issue where the “Shared With Me” link was displayed even when workspaces was disabled (TFS 352135)

  • Fixed an issue where the toolbar did not reflect the guest permissions (TFS 369559)

  • Fixed an issue where Request File Reply could not upload a file that contained a # character (TFS 368716)

  • Fixed an issue where the Send Portal browse button was not functional in a PCI-DSS site (TFS 372933)

  • Fixed an issue where a race condition in Transactional Workspaces could cause the EFT service to crash (TFS 371428)

Version 8.0.1.4

Feb 09, 2020

New Features
  • Added a "Secrets module" under the Security tab, which provides the ability to encrypt certain EFT passwords locally or via Azure's Key Vault (AKV) (TFS 372081)

  • Added support for Azure's Data Lake Storage Gen2 (ADLSg2) (TFS 372082)

  • Added ability to override VFS credentials (TFS 372229)

  • Added supports REST API for Event Rules (TFS 372230)

Fixes

EFT Admin GUI

  • Fixed an issue where an LDAP site failed to pull users in the UI but would allow authentication (TFS 369709)

  • Fixed an issue where the Admin GUI would truncate virtual folder paths larger than 260 characters (TFS 371035)

  • Fixed an issue where the Admin GUI did not properly apply the certificate to the Administration Service (TFS 373685)

  • Fixed an issue where the EFT Site Wizard UI would not follow the proper flow after pressing the back button (TFS 373735)

  • Fixed an issue where user login authentications may fail after SSL options at the user level are modified (TFS 374027)

  • Fixed an issue where the Admin GUI displayed the wrong CIC profile when editing an event rule for a SCAN file action (TFS 374051)

  • Fixed an issue where the EFT Admin GUI could crash when pressing refresh while viewing a report (TFS 374089)

Auth AD

  • Fixed where EFT was unable to authenticate an AD user (with UPN) on EFT Express (TFS 373552)

AWE

  • Fixed an issue where concurrent EFT Admins may use the same tmp file for editing AWE tasks (TFS 373762)

Event Rules

  • Fixed an issue where the focus in the Admin GUI was lost when adding variables to the subject field in an email action (TFS 374065)

  • Fixed an issue where the Event Rules "Stop Processing Rule" was always enabled (TFS 373879)

  • Fixed an issue where EFT would change the date modified timestamp in copy/move action changes on the destination file (TFS 373600)

FTP

  • Fixed an issue where the EFT service could crash via FTP (TFS 373856)

  • Fixed an issue where EFT failed to connect in FTP PASV mode when using DMZ as a proxy (TFS 371118)

GDPR

  • Fixed an issue where GDPR Article 32:(4) would not follow proper logic (TFS 373712)

  • Fixed an issue where DPIA Report logic for Article 32:(4) would not follow proper logic (TFS 374063)

Installer

  • Fixed an issue where some upgrades to EFT 8.0 would fail when upgrading from a large FTP.cfg file (TFS 373712)

  • Fixed an issue where some upgrades to EFT 8.0 would fail when certain EFT admins had misconfigured permissions (TFS 374116)

SFTP

  • Fixed an issue where the EFT could be flooded by network connections (TFS 373683)

Web Transfer Client (WTC)

  • Fixed an issue where the PowerShell script to customize WTC failed to run (TFS 37458)

  • Fixed an issue where the EFT would report a status code of 200 when failing to log on (TFS 373101)

COM API

  • Added enums, properties, and methods to support the Azure Data Lake Storage, Azure Key Vault, and Secrets module functionality in EFT. (For details of the Azure Data Lake Storage, Azure Key Vault, and Secrets module functionality, please refer to the EFT administration help contents.)

    • SecretsModuleType

    • CloudProviderType_AzureDataLakeStorageGen2

    • Properties in ICISiteInterface:

    • OverrideVFSCredentialsEnable

    • OverrideVFSCredentialsLogin

    • OverrideVFSCredentialsPassword

    • SecretsModuleClientID

    • SecretsModuleClientSecret

    • SecretsModuleType

    • SecretsModuleURL

    • Methods in ICICloudStorageMonitorEventRuleParams:

    • GetAzureDLSgen2GeneralParams

    • SetAzureDLSgen2GeneralParams

Version 8.0.2.10

Mar 25, 2020

New Features

EFT Administration

  • New option to schedule FACT table updates (TFS 373489)

Advanced Properties

  • By default, EFT uses non-exclusive file-sharing mode when processing file uploads. With this advanced property (UseExclusiveSharingModeForUploads) (TFS 374129), EFT can be configured to use exclusive sharing mode for uploads (i.e., file locking)

COM API

  • Added enums and a Site interface property to support the Out-of-Band passcode to pick-up files in EFT. (Please refer to the EFT administration help contents.)

  • WorkspacesOAIPasscodeProtectionType enum, used in the ICISite property, WorkspacesOAIPasscodeProtection to specify whether the EFT administrator requires a passcode, does not require, or is chosen by the email sender.

Web Transfer Client (WTC) & Workspaces Chages

  • Ability to Secure Send without attachment (Send portal and Outlook Add-in) (TFS 370270)

  • Ability to request passcode for file pick-up (TFS 361146)

  • Ability to redirect to login page instead of registration page for internal domains (TFS 373043)

Enhancements

  • Removed our legacy Jument WTC from the EFT installer (TFS 374773)

  • Ground-up rewrite of the various portals: Request file, Drop-off, Send, and Pick-up resulting in tremendous performance gains (TFS 373849)

Fixes

EFT Admin GUI

  • EFT would not respect server-level permissions (TFS 374330)

  • Admin GUI may crash due to nested workspaces (TFS 374281)

  • Enabling Encryption folders would cause open windows on the background to be displayed in the forefront (TFS 374831)

  • Remote admin GUI would fail to display the GDPR report (TFS 374567)

  • Memory leak in SSL_AES256_CBC_Encrypt (TFS 374865)

ARM

  • Report "Traffic-Average Transfer Rates by User "would report groups by protocol instead of site (TFS 374441)

  • Report "Activity - File Scanned Data Results" was missing in EFT Express (TFS 374150)

Event Rules

  • GUI may not display Else condition after saving and refreshing an event rule (TFS 374154)

  • Virtual Path condition may not work properly (TFS 374139)

  • EFT service may crash when trying to delete user while "On User Account Deleted" event rule is active (TFS 370599)

  • Event Scheduler may crash on service stop (TFS 371951)

Installer

  • Some upgrades to EFT 8.0 would fail during the copy serialization (TFS 374421)

  • Some upgrades to EFT 8.0 would fail when custom calendar selectors contained duplicated case sensitive entries (TFS 374565)

  • Upgrade from EFT Express to EFT Enterprise while changing the configuration path would lead to duplicate config and binaries of EFT folders (TFS 368531)

  • Upon upgrade to EFT 8.0 poor loading performance was experienced on the FileAudit.db (TFS 374194)

  • Upgrade to EFT 8.0 could fail due to a deleted workspace (TFS 374280)

  • Upgrade to EFT 8.0 could fail when a Remote Agent template is in the Awaiting Approval state (TFS 374258)

  • On an HA install, selecting Modify and changing the ARM server to a different SQL server was not saved (TFS 374238)

  • An upgrade to EFT 8.0 could fail when incorrect values exist in Client IP access (TFS 374846)

  • An upgrade to EFT 8.0 could fail when an incorrect participation value exists in the workspaces.db (TFS 374845)

Outlook Add-in

  • Outlook Add-in was treated as an untrusted publisher (TFS 374635)

  • Files sent via the OAI (Outlook Add-in) that contain # in the filename were not available in the pick-up portal (TFS 374077)

  • Emails can become stuck in the outbox when the Outlook Add-in is configured with Zedmail add-in (TFS 374053)

  • Copyright dates on the Outlook Add-in UI were out of date (TFS 372700)

PCI DSS

  • Some users may be disabled every night on a PCI site (TFS 374577)

  • Server admins were not required to use complex passwords when PCI is enabled (TFS 374807)

REST API

  • EFT Express would allow folder creation via REST (TFS 374113)

SAML

  • SAML JIT password fail password complexity when enabled(TFS 374357)

Web Services

  • InvokeWebService action works wrong with Location Header (TFS 373928)

Web Transfer Client (WTC) & Workspaces

  • Sharing a workspace with # the recipient could not register for access (TFS 373156)

  • An expected error message that should be presented when trying to share a workspace with an external user is not being presented (TFS 374100)

  • Authenticated external users were unable to reply to send requests without access to their home folder (TFS 374777)

  • TOS (Terms of Service) and Privacy policy prompts were not working on the various portals (TFS 371808)

  • Fixed an issue where workspaces fails to redirect new external participants to their workspace when taking less than 60 minutes between registration and verification (TFS 371972)

Version 8.0.2.19

May 10, 2020

New Features

Advanced Properties

  • EFT now provides the ability to override the port used in all workspace email notifications. This is useful when the DMZ Gateway is on a non-default port (e.g., 4443) and differs from the site port (i.e., 443). When enabled, all workspace emails (Send/Share/Request/etc.) will now use and append the PORT defined via the Advanced Property regardless of the Send Settings URL:PORT or Site DMZ port configuration. This property is disabled by default (ExternalLinkPortOverride) (TFS 371388)

  • Ability for WTC reserved file/folder caching for HTTP(S) requests to cache based on file size instead of an entire directory. This property is disabled by default. (MaxCachedReservedFileSizeKB) (TFS 373650)

    Ability to cache WTC reserved files/folders located under .../EFT Server Enterprise/web/public/EFTClient/wtc/lib/, this property is enabled by default (CacheReservedFiles) (TFS 373650)

Fixes

Web Transfer Client (WTC) & Workspaces

  • Fixed an issue where the WTC page failed to load for external domains when EFT is configured with both Internal (with SAML SSO) and External domains (TFS 375093)

  • Fixed an issue where WTC customization failed when configured with multiple sites (TFS 375253)

  • Fixed an issue where upgrades to EFT 8.0 could fail because of duplicated workspaces (TFS 375535)

  • Fixed an issue where EFT may crash on rare instances when configured with AD and authenticating with Internal/External workspace users (TFS 375040)

  • Fixed an issue where upgrades to EFT Express 8.0 could fail due to incorrect data in the local db files (TFS 375555)

  • Fixed an issue where ignored logging to the authentication and protocols tables were not being honored (TFS 375543)

  • Fixed an issue where upgrades to EFT 8.0 could fail because of non-existing workspaces (TFS 375497)

  • Fixed an issue where upgrades to EFT 8.0 could fail because of missing permissions or non-unique connection profiles (TFS 375683)

  • Fixed an issue where upgrades to EFT 8.0.2 could cause Remote Agents Event Rule downloads to fail (TFS 375750)

Version 8.0.2.23

jun 14, 2020

New Features
  • Added subscription licensing for EFT and most modules

  • Restored ability to customize default values for Workspaces permissions (TFS 376117, Case 78957)

  • Restored ability to customize default values for Workspaces participant limits (TFS 376121, Case 78957)

Version 8.0.4.27

Nov 01, 2020

New Features

Administration

  • Enhanced the password dictionary validation feature so that dictionary words surrounded by non-alphabet characters are detected and blocked (TFS 374099, Case 75599)

  • Added support for runtime templating, a means of setting reusable variables for paths and similar resources to facilitate DR and migrations (TFS 373679)

  • Added support for Datasets, which are easier to use and more powerful than arrays, a variable type that can hold tabular data (TFS 373163)

  • Added a new Event Rule action that will download a remote file listing and store the results in a Dataset (TFS 373167)

  • Added a new Event Rule action to loop through each element in a Dataset (TFS 373169)

  • Added support for break from loop for datasets in Event Rules (TFS 373170)

  • Added a new Event Rule action to read the contents of a Dataset and output those to a .CSV file (TFS 374260)

  • Added a new Event Rule action to store the contents of a .CSV file into a Dataset (TFS 374261)

  • Added an option to output PowerShell debug logging to a separate file, independent of EFT's primary log file (TFS 374313)

  • Added two additional AWS regions (EU (Milan) and Africa (Cape Town)) to EFT's AWS cloud actions (TFS 375029)

  • Added a customizable upload forms feature for collecting metadata from users prior to uploading files, which can be utilized by Event Rules (TFS 374804)

  • Added a prompt to the EFT Admin GUI that will warn administrators when enabling cipher suites that may be vulnerable to Raccoon (TFS 377846)

Advanced Properties

  • Added ability to default HTTP socket timeout (HTTPSocketDefaultTimeout) (TFS 375327, Case 77746)

  • Added ability to set sub-folder Remote listings in Datasets to parse recursively. The default value is 10 (GetListingActionMaxRecursion) (TFS 373167)

  • Added ability to set the number of records to display in the WTC Sent items view (outbox) and Received items view (inbox). The default value is 50. (BigCollectionsPageSize) (TFS 370374, 370375)

  • Added ability to restore legacy Dictionary password complexity functionality. The default value is False (DictionaryLegacyCheckIncludeSpecialDigits) (TFS 374099)

  • Added ability to enable/disable cipher aes128-gcm@openssh.com. The default value is Enabled (SFTP2_AES128_GCM_AT_OPENSSH_COM) (TFS 372451)

  • Added ability to enable/disable cipher aes192. The default value is Enabled (SFTP2_AES192) (TFS 372451)

  • Added ability to enable/disable cipher aes192-ctr. The default value is Enabled (SFTP2_AES192CTR ) (TFS 372451)

  • Added ability to enable/disable cipher aes256-gcm@openssh.com. The default value is Enabled (SFTP2_AES256_GCM_AT_OPENSSH_COM) (TFS 372451)

  • Added ability to enable/disable cipher chacha20-poly1305@openssh.com. The default value is Enabled (SFTP2_AES256_GCM_AT_OPENSSH_COM) (TFS 372451)

  • Added ability to enable/disable cipher rijndael-cbc@lysator.liu.se. The default value is Enabled (SFTP2_RIJNDAEL_CBC_AT_LYSATOR_LIU_SE) (TFS 372451)

  • Added ability to enable/disable MAC hmac-sha1-etm@openssh.com. The default value is Enabled (SFTP2_HMAC_SHA1_ETM_AT_OPENSSH_COM) (TFS 375033)

  • Added ability to enable/disable MAC hmac-sha2-256-etm@openssh.com. The default value is Enabled (SFTP2_HMAC_SHA2_256_ETM_AT_OPENSSH_COM) (TFS 375033)

  • Added ability to enable/disable MAC hmac-sha2-512-etm@openssh.com. The default value is Enabled (SFTP2_HMAC_SHA2_512_ETM_AT_OPENSSH_COM) (TFS 375033)

  • Added ability to enable/disable MAC umac-64@openssh.com. The default value is Enabled (SFTP2_UMAC_64_AT_OPENSSH_COM) (TFS 375033)

  • Added ability to enable/disable MAC umac-64-etm@openssh.com. The default value is Enabled (SFTP2_UMAC_64_ETM_AT_OPENSSH_COM) (TFS 375033)

  • Added ability to allow user-agent to skip 2FA/MFA (UserAgentHeaderSkipOTP) (TFS 374817)

  • Added a new advanced property that would allow admins to export AWE tasks from EFT's database to their legacy file paths (AutoExportAllAWTasksToFiles) (TFS 374755)

AS2

  • Added functionality

  • Added the ability to allow values that exceed 600 seconds for the response and message send timeout setting (TFS 374078, Case 69531)

COM API

  • Added the following ICISite methods:

    • AddUploadForm

    • DeleteUploadForm

    • EnableUsers

    • GetUploadForm

    • UpdateUploadForm

  • Added the following ICISite properties:

    • EnableMfa

    • MfaType

    • SmsProviderProfile

    • UploadFormsList

    • WebSSORedirectToSsoServiceBypassingLoginPage

    • WorkspacesMfaType

    • WorkspacesOAIMfaType

  • ICIClientSettingInterface, added the following functions:

    • GetRequireMfa

    • SetRequireMfa

  • ICIEventRule, added the AddLoopDatasetStatement method

  • ICIActionStatements, added the following methods:

    • AddActionStatement

    • AddIfStatement

    • AddLoopDatasetStatement

  • Added the ICILoopDatasetStatement interface, with the following methods:

    • AddActionStatement

    • AddIfStatement

    • AddLoopDatasetStatement

    • DeleteStatement

    • GetParams and SetParams

    • StatementsCount

    • Statement

  • Added ICICsvExportActionParams and ICICsvImportActionParams

  • Added ICIGetListingActionParams Interface

  • Added ICILoopDatasetStatement Interface

  • Added ICILoopDatasetStatementParams Interface

  • Added ICIUploadForm interface

  • Added ICIUploadFormElement interface

  • Added ICITwilioSmsProviderProfile interface

  • In the ICISimpleCondition interface, added the UseRegex property.

  • Enums added:

    • MFA type to specify whether to use email, SMS or either for second authentication

    • LoopDatasetStatement to EventRuleStatementType enum

    • LoopOrderType, used in the ICILoopDatasetStatementParams LoopOrder property

    • GetListingAction, LoopBreakAction, CsvImportAction, and CsvExportAction to EventActionType

    • FileDateFormat

    • UploadFormComType

    • UploadFormElementComType

REST API

  • Added functionality

  • Added underlying support for RESTful APIs in accordance with JSON:API principles (TFS 374144)

  • Added the ability to assign REST permissions to EFT administrator accounts (TFS 375336)

  • Added RESTful API endpoints for user account and VFS management configuration (TFS 374152)

  • Added the ability to create granular permissions for RESTful access to end points, down to the individual element (TFS 375337)

  • Added support for REST which allows EFT admins to create users and read all their settings but not delete them [users] or update them [users](TFS 375337)

  • Added support for REST which allows EFT admins to create users except for a user name matching "Administrator"(TFS 375337)

  • Added support for REST which allows EFT admins to read all the configuration for all users for a given site named (TFS 375337)

  • Added support for REST which allows EFT admins to read the AllowSecureFolderSharing value for users in the Guest template, but cannot read any other values or do anything else (TFS 375337)

  • Added support for REST which allows EFT admins to read the configuration to find out everything about all users in Site under template "Guest Users" but not make any changes to those users (TFS 375337)

  • Added support for REST which allows EFT admins to update everything about any user (TFS 375337)

  • Added support for REST which allows EFT admins to update everything about any user except for changing their SFTP key (TFS 375337)

  • Added support for REST which allows EFT admins to update all users except for a user matching a specific name (TFS 375337)

  • Added support for REST which allows EFT admins to update users but not create them or delete them (TFS 375337)

  • Added support for REST which allows EFT admins to delete users (TFS 375337)

  • Added support for REST which allows EFT admins to delete all users except for a specific user name (TFS 375337)

  • Added support for REST which allows EFT admins to execute the Generate pass function for all users (TFS 375337)

SAML

  • Added the ability to leverage federated authentication for Guest users, including SSO and JIT, where desirable (TFS 374120)

SSH/SFTP

  • Added support for aes256-gcm@openssh.com SSH cipher in both FIPS and Non-FIPS mode (TFS 372451)

  • Added support for rijndael-cbc@lysator.liu.se SSH cipher in both FIPS and Non-FIPS mode (TFS 372451)

  • Added support for aes192-ctr SSH cipher in Non-FIPS mode (TFS 372451)

  • Added support for aes192-cbc SSH cipher in Non-FIPS mode (TFS 372451)

  • Added support for aes128-gcm@openssh.com SSH cipher in both FIPS and Non-FIPS mode (TFS 372451)

  • Added support for chacha20-poly1305@openssh.com SSH cipher in Non-FIPS mode (TFS 372451)

  • Added legacy support for cast128-cbc SSH cipher in Non-FIPS mode (TFS 372451)

  • Added legacy support for blowfish-cbc SSH cipher in Non-FIPS mode (TFS 372451)

  • Added legacy support for arcfour SSH cipher in Non-FIPS mode (TFS 372451)

  • Added new advanced properties to enable/disable certain ciphers for client outbound (TFS 372451)

  • Added support for hmac-sha2-512-etm@openssh.com SSH MAC in both FIPS and Non-FIPS mode (TFS 375033)

  • Added support for hmac-sha2-256-etm@openssh.com SSH MAC in both FIPS and Non-FIPS mode (TFS 375033)

  • Added support for hmac-sha1-etm@openssh.com SSH MAC in both FIPS and Non-FIPS mode (TFS 375033)

  • Added support for umac-64-etm@openssh.com SSH MAC in Non-FIPS mode (TFS 375033)

  • Added support for umac-64@openssh.com SSH MAC in Non-FIPS mode (TFS 375033)

  • Added new advanced properties to enable/disable certain MACs for client outbound (TFS 375033)

  • EFT now provides the ability to choose SFTP key type upon creation (TFS 370229)

  • EFT now supports backwards compatibility for DSS keys (TFS 372452)

  • Added support for ecdh-sha2-nistp521 SSH KEX in both FIPS and Non-FIPS mode (TFS 372613, Case 77147)

  • Added support for ecdh-sha2-nistp384 SSH KEX in both FIPS and Non-FIPS mode (TFS 372613, Case 77147)

  • Added support for ecdh-sha2-nistp256 SSH KEX in both FIPS and Non-FIPS mode (TFS 372613, Case 77147)

  • Added support for diffie-hellman-group18-sha512 SSH KEX in both FIPS and Non-FIPS mode (TFS 372613, Case 77147)

  • Added support for curve25519-sha256 SSH KEX in Non-FIPS mode (TFS 372613, Case 77147)

  • Added support for curve25519-sha256@libssh.org SSH KEX in Non-FIPS mode (TFS 372613, Case 77147)

  • Added support for sntrup4591761x25519-sha512@tinyssh.org SSH KEX in Non-FIPS mode (TFS 372613, Case 77147)

  • Added back the ability to see negotiated SFTP cipher suites to EFT's client (outbound) logs (TFS 373618)

Web Transfer Client (WTC) & Workspaces Changes

  • Added support for SMS 2nd factor validation for guest account enrollment (registration) and for normal authentication (TFS 374817)

  • Added a new shared folder (Workspaces) history section to the Web Transfer Client for owners and participants (TFS 374884)

  • Added a Received items (inbox) section to the Web Transfer Client for users to see messages and files sent to them (TFS 370375)

  • Added a Sent items (outbox) section to the Web Transfer Client for users to see messages and files they've sent to others (TFS 370374)

Enhancements

EFT Administration

  • Updated the text under the Logs tab to reflect "Audit event rule client outbound transfer" instead of "Diagnostic Logging Settings" (TFS 376313)

  • Optimized EFT's folder monitor polling so that it wouldn't attempt to open file hands for files matching extension exclusion conditions (TFS 373182)

  • Modified EFT's import/export of Event Rules to match the json format supported by EFT's RESTful APIs (TFS 374054)

  • Modified the 'Variable' action so that it utilized only a single line, making it easier to visually parse (TFS 374308)

  • Modified encrypted folder and personal data secrets so they are randomized by default and can be viewed or overridden by admins (TFS 373411)

Advanced Properties

  • Updated default value for Advanced Property SFTP2_ARCFOUR to False (TFS 372451)

  • Updated default value for Advanced Property SFTP2_Blowfish to False (TFS 372451)

  • Updated default value for Advanced Property SFTP2_CAST128 to False (TFS 372451)

  • Updated default value for Advanced Property SFTP2_MD5 to False (TFS 375033)

  • Updated default value for Advanced Property SFTP2_MD5_96 to False (TFS 375033)

  • Updated default value for Advanced Property SFTP2_SHA1_96 to False (TFS 375033)

REST API

  • Modified EFT's existing RESTful APIs for Server and Site endpoints to adhere to JSON:API (TFS 374361)

SSH/SFTP

  • Prohibit the ability to generate rsa SSH keys less than 2048 bit in FIPS mode (TFS 375076)

  • Prohibit the ability to use SSH keys other than rsa/dsa keys >=2048 bits or ecdsa keys >= 224 bits (for both client and server) in FIPS mode (TFS 375076)

  • Prohibit the use of "diffie-hellman-group1-sha1" SSH KEX (for both client and server) in FIPS mode (TFS 375076)

  • Prohibit the use of "hmac-sha1-96" SSH MAC (for both client and server) in FIPS mode (TFS 375076)

  • Enabled by default "hmac-sha1" SSH MAC (for client) in both FIPS and non-FIPS mode (TFS 375076)

  • Prohibit the ability to generate rsa SSH keys less than 2048 bit (in GUI only) in non-FIPS mode (TFS 375076)

  • Ciphers are now ordered by strength, favoring FIPS approved ciphers, with only FIPS approved ciphers enabled by default (TFS 372451)

  • EFT admins will now be warned if they enable insecure ciphers (3des-cbc, cast128-cbc, blowfish-cbc, arcfour) in Non-FIPS mode (TFS 372451)

  • EFT admins will now be warned if they enable insecure cipher 3des-cbc in FIPS mode (TFS 372451)

  • The following ciphers are now enabled by default (due to FIPS-compliance): aes256-gcm@openssh.com, aes256-ctr, aes256-cbc, rijndael-cbc@lysator.liu.se, aes192-ctr, aes192-cbc, aes128-gcm@openssh, aes128-ctr, aes128-cbc (TFS 372451)

  • The following ciphers are now enabled on upgrade: aes256-gcm@openssh.com, aes128-gcm@openssh, rijndael-cbc@lysator.liu.se, aes192-ctr, aes192-cbc (TFS 372451)

  • Improved TED6 log verbosity with newer SSH library (TFS 373819, Case 72767)

  • The following MACs are now enabled by default (due to FIPS-compliance): hmac-sha2-512-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha1-etm@openssh.com (TFS 375033)

  • The following MACs are now enabled on upgrade: hmac-sha2-512-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha1-etm@openssh.com (TFS 375033)

  • KEX ciphers are now ordered by strength, favoring FIPS approved KEXes, with only FIPS approved KEXes enabled by default (TFS 372613, Case 77147)

  • The following KEX ciphers are now enabled by default (due to FIPS-compliance): ecdh-sha2-nistp521, ecdh-sha2-nistp384, ecdh-sha2-nistp256, diffie-hellman-group16-sha512, diffie-hellman-group14-sha256, diffie-hellman-group-exchange-sha256 (TFS 372613, Case 77147)

  • KEX cipher diffie-hellman-group18-sha512 will not be enabled by default (despite the fact that its FIPS-compliance) due to its poor performance behavior (TFS 372613, Case 77147)

  • The following KEX ciphers are now enabled on upgrade: ecdh-sha2-nistp521, ecdh-sha2-nistp384, ecdh-sha2-nistp256 (TFS 372613, Case 77147)

  • The following KEX ciphers are enabled by default for Client connections in both FIPS and Non-FIPS mode: ecdh-sha2-nistp521, ecdh-sha2-nistp384, ecdh-sha2-nistp256, diffie-hellman-group18-sha512, diffie-hellman-group16-sha512, diffie-hellman-group14-sha256, diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1 (TFS 372613, Case 77147)

  • The following KEX ciphers are enabled by default for Client connections in Non-FIPS mode: curve25519-sha256, curve25519-sha256@libssh.org, sntrup4591761x25519-sha512@tinyssh.org, diffie-hellman-group-exchange-sha1 (TFS 372613, Case 77147)

SSL

  • Updated SSL Library to 1.0.2u (TFS 375029)

  • Prohibit the ability to generate rsa SSL keys less than 2048 bit in FIPS mode (TFS 375076)

  • Prohibit the ability to use SSL keys other than rsa/dsa keys >=2048 bits or ecdsa keys >= 224 bits (for both client and server) in FIPS mode (TFS 375076)

  • Prohibit the ability to generate rsa SSL keys less than 2048 bit (in GUI only) in non-FIPS mode (TFS 375076)

Web Transfer Client (WTC) & Workspaces

  • Updated jQuery to v3.5.1 (TFS 376501, Case 80133)

Outlook Add-in (OAI)

  • Modified functionality

  • Modified the Outlook Add-in to avoid message preparation when the add-in is not being used to handle attachments (TFS 377131, Case 80889)

COM API

  • Changed nKeyBits to nKeyParams in ICIServer CreateSSHKey and CreateSSHKeyRemotely

  • Changed nKeyBits to nKeyParams inICISite CreateSSHKeyPair

Fixes

EFT Administration

  • Fixed an issue where EFT could hang after applying a change to the group and domain for an AD site (TFS 369730, Case 65993)

  • Fixed an issue where EFT would fail to create a GSAuth account when RSA manage password is enabled (TFS 375388, Case 78173)

  • Fixed an issue where a deadlock could be exhibited when stopping the EFT service via the Service Manager (TFS 371230, Case 70079)

  • Fixed an issue where the quick search produced incorrect results for connection profiles in upload/download actions (TFS 375328, Case 77625)

  • Fixed an issue where LDAP users could no longer login after changing the OU (TFS 374566, Case 75760)

  • Fixed an issue where the AWE mail registry SMTP Password would be overwritten when the EFT Admin GUI's SMTP settings were modified (TFS 376198, Case 78079)

  • Fixed an issue where a potential deadlock could cause a hang on the EFT Admin GUI (TFS 376222,376433,376389, Case 78656,79826, 80385, 80914)

  • Fixed an issue where a potential deadlock could cause HTTPs connections to fail (TFS 377021, Case 81348)

  • Fixed an issue where FTP listing on chrome would list an empty directory (TFS 377050, Case 80506)

  • Fixed an issue where plain FTP via DMZ would not work (TFS 376912, Case 78948)

  • Fixed an issue where upgrades to EFT 8.0 could fail when duplicate Event Rule folder names existed (TFS 377445, Case 82273)

  • Fixed an issue where upgrades to EFT 8.0 could fail when duplicate ssh public existed (TFS 377002, Case 80370)

  • Fixed an issue where upgrades to EFT 8.0 could fail when workspaces included duplicate names in upper and lowercase (TFS 376973, Case 80443)

  • Fixed an issue where server admin permissions could disappear after upgrading to EFT 8.0 (TFS 377672, Case 81472)

  • Fixed an issue where upgrades to EFT 8.0 could fail when a certificate resided in both the pending and trusted list (TFS 376153, Case 79408)

  • Fixed an issue where upgrades to EFT 8.0 could fail when an Event Rule contained Mail action (TFS 377457, Case 82232)

  • Fixed an issue where the EFT Admin GUI could run out of memory with heavy configurations (TFS 377338, Case 82025)

  • Fixed an issue where EFT Admins would receive an error when specifying remote SSH keys in Event Rules (TFS 376118)

ARM

  • Fixed an issue where the Activity - by Users reports were misleading with the data being pulled. (TFS 374125)

  • Fixed an issue where the reports using fact tables would group several lines for each group. (TFS 374454)

  • Fixed an issue where EFT would audit 0kb when AS2 transactions are successful (TFS 376257, Case 79486)

AWE

  • Fixed an issue where a race condition was seen when running GSAWE.exe that caused an AWE licensing error (TFS 372374, 71032)

  • Fixed an issue where the AWE OCR action would not work (TFS 375343, Case 76553)

COM API

  • Fixed an issue where user admins could not enable a user account via COM (TFS 373315, Case 74441)

Event Rules

  • Fixed an issue where Timer Event Rules - Exclude UK Holidays had missing days (TFS 376875, Case 78879)

  • Fixed an issue where the Event Rule change log would not properly update after clicking Apply (TFS 376277, Case 79465)

HA (High Availability)

  • Fixed an issue where Event Rule master would send MSMQ tasking message to itself when it shouldn't be (TFS 376320)

ICAP/CIC

  • Fixed an issue where the host header in a CIC request would send a request to http.example.com (TFS 377358, Case 81443)

Installer

  • Fixed an issue where EFT would fail installation when CWDIllegalInDllSearch registry is configured (TFS 373910, Case 70840)

Logging

  • Changed log level to ERROR for AML export errors (TFS 376480)

  • Fixed an issue where the wrong log level for Folder Monitor reconnect events was used (TFS 375800, Case 78333)

Outlook Add-in

  • Fixed an issue where duplicate email stuck in outbox when encrypted with zed mail (TFS 374623, Case 75460)

PCI

  • Fixed an issue where PCI compliance reports would report failures due to password security for remote agents (TFS 377808, Case 82083)

  • Remote Agent (RAM)

  • Fixed an issue where a remote agent could crash when the source path is configured with a virtual local path (TFS 376602, Case 80300)

SAML

  • Fixed an issue where the SAML SSO JIT user template pulldown can set incorrect user setting template (TFS 375614)

  • Fixed an issue where the SAML SSO JIT user email attribute taken from username attribute, not email attribute (TFS 375677)

  • Fixed an issue where users were presented with a 404 on the reply portal when using SSO (TFS 374791, Case 76465)

SSH/SFTP

  • Fixed an issue where EFT could crash when opening a file/folder (TFS 375556, Case 78436)

VFS

  • Fixed an issue where EFT startup performance would be affected by large number of virtual folders (TFS 374893, Case 76483)

Web Transfer Client (WTC) & Workspaces

  • Fixed an issue where "Expires:" headers were sent twice via our WTC page (TFS 375389)

  • Fixed an issue where Workspaces participants could not share their root folder (TFS 376164)

  • Fixed an issue where the From field in Send requests did not enforce server side validation (TFS 376091)

  • Fixed an issue where password resets were treated as successful but actually failed (TFS 375161, Case 76747)

  • Fixed an issue where customization changes in theme.json were not properly applied (TFS 374598)

  • Fixed an issue when viewing a workspace (as invitee) the update is active but would not display a progress bar (TFS 376221)

  • Fixed an issue where session tokens were not properly randomized (TFS 376419, Case 79654)

  • Fixed an issue where default datetime format was not defaulted to US (TFS 376870)

  • Fixed an issue where passwords with trailing spaces would get trimmed (TFS 375354, Case 77494)

  • Fixed an issue where Workspace invitation acceptance would fail if user already had a session open (TFS 377040, Case 81196)

  • Fixed an issue where duplicate file uploads to WTC could break upload functionality in the current session (TFS 377266, Case 80852)

  • Fixed an issue where copy/paste function when inviting someone to a workspace would fail in IE11 (TFS 376708, Case 80348)

  • Fixed an issue where a folder with "#" in the name would cause an error in WTC (TFS 375243, Case 77426)

  • Fixed an issue where EFT's Terms of Service and forced password reset would cause a permission denied error (TFS 376510, Case 79430)

  • Fixed an issue where WTC retry would fail with error 406 on Firefox (TFS 376199, Case 78233)

EFT Arcus

Version 8.0.3.9

May 10, 2020

New Features
  • Basic Tier clients can now create one Remote Agent (additional fee applies)

  • BulkUserExport: Upload a JSON file named "ExportUsersSettings.json" into the BulkUserExport folder to dump the user list for a specific site (or all sites if the value is empty).

  • PGP keys, SSH keys, and SSL certificates can be imported into EFT Arcus through the Arcus Management Template

  • Added ability to use the SAML assertion map attribute Email field in JIT or LDAP after an IDP- or SP-initiated login to create an account in EFT

  • OpenPGP key pairs are defined and managed on a Site instead of the Server

  • Added privacy and other GDPR-related features:

    • User agreements and consent options on the General Tab of a User Node

    • Privacy options on the User Account Action in Event Rules

    • Privacy options for EFT on the Site > Web tab and in the WTC

    • Terms of Service agreement options for EFT web portal on the Site > Web tab

    • User Account Details Template on Site > Security tab to apply GDPR-related privacy settings to all user accounts on a Site

    • Optional permission on Server > Administration tab to give administrator accounts permission to manage personal data for users

    • GDPR-related event, context variables, and user conditions

    • Personally identifiable information (PII) / personal data is encrypted by default (beyond normal Arcus disk encryption)

    • Removed email address from User > General tab

  • ARM reports:

    • Privacy-related, pre-defined ARM reports

    • More performant ARM reporting functions

  • New Event Rule features:

    • Create or set variable Action

    • Call (GoTo) Event Rule Subroutine Action

    • Ability to scan metadata with Content Integrity Control Action

    • "Enable this account" option in the User Account Action. (Refer to Workspaces Invitations for an example of using the User Account Action to enable an expired Guest account.)

    • Context variable to take anything after the last dot (before the extension) and place it into this context variable

    • New context variables for date and time stamps in ISO8601 format

    • Event Rules are now saved in JSON (instead of XML) for import/export

  • Workspaces changes:

    • Site > Web tab to configure web portals and their features. (Replaces Workspaces tabs.)

    • Now support moving files between Workspaces

    • Ability to retain Workspaces files on disk after link has expired

    • Password-protected pickup - Allow or require senders to require recipients to provide a, out-of-band passcode before accessing files

    • Securely send an email without an attachment (applies to browser-based sends and the Outlook Add-In)

Updates
  • Updated PGP library to IP*Works! OpenPGP 2016

  • Updated to Advanced Workflow Engine version that includes several bug fixes

DMZ Gateway

Version 3.5.0

March 25, 2020

Updates
  • Updated build with EFT v8.0.2-compatible DEI library

Back to Top

 

GoAnywhere


GoAnywhere MFT

Version 6.4.3
  • Updated Gateway Manager to support SSL termination and SSL rewrap for GoAnywhere Gateway version 2.8.0.
  • Upgraded the Netty library from version 4.1.42 to version 4.1.48.
  • Fixed an issue where an input stream was left open causing Agent server threads to get hung up.

GoAnywhere Gateway

Version 2.8.1
  • Fixed an issue where the key store type was not defaulting to JKS when not supplied for configurations using Control SSL or SSL Termination.
Version 2.8.0
  • Added support for SSL Termination and SSL ReWrapping.
  • Fixed an issue where an extra line feed or carriage return would cause a license to be invalid.
  • Upgraded Apache Commons-Collections from 3.2 to 3.2.2.
  • Upgraded the Netty library from 4.1.33 to 4.1.48.

GoAnywhere Desktop Client for Windows

Version 3.1.0
  • Added a new feature to navigate directly to a folder path within the Web User's Secure Folders.
  • Added a timestamp to notifications for GoDrive events.
  • Added the ability to enabled or disable Windows Authentication for existing device accounts.
  • Upgraded the internal storage used for GoDrive data to support newer and stronger cryptography.
  • Improved the cleanup process for accounts that don't complete the registration process.
  • Improved the startup process when there are multiple accounts.
  • Fixed an issue where, in rare cases, the device would continuously try to authenticate when the Web User was disabled.

Back to Top

 

IBM Partnership


Rational Developer for i

Version: 9.6.0.8
Enhancements
  • /copy and /include files now can be opened from source stored on IFS.
  • ACS now can be launched from RDi without requiring a separate Java Runtime Environment installation.
Other Fixes
  • Fixed option selection UI problem in the Add Procedure Parameter dialog.
  • SQL is no longer autoformatted. Formatting now occurs when the user invokes the format action (APAR SE68862).
  • Enabling LPEX preference "display whitespace characters" makes some terms in RDPLE source harder to see (APAR SE69572).
  • Screen designer may show an incorrect value in the properties view for a referenced field (APAR SE70098).
  • Embedded CRLF sequences in SQL are not handled by the Remote Systems LPEX editor (APAR SE70241).
  • Editing an RPGLE member that references a copy member with DBCS characters in a variable name results in a parser error (APAR SE70349).
  • Updating RDi to v9.6.0.5 may result in some web tooling views not displaying the correct information (APAR SE70532).
  • IllegalArgumentException observed after a second and subsequent attempts to verify source in an IFS file (APAR SE70867).
  • Restarting RDi with open members and no connection to the host causes an excessive number of connection dialogs (APAR SE71085).
  • Browse/Edit toggle not available for CBL source type in the Remote Systems LPEX editor (APAR SE71091).
  • ILE RPG EXTPROC defined with no arguments not handled correctly by the parser and content assist (APAR SE71230).
  • Extract constants can produce a constant name the same as a procedure name causing msgrnf7421 during compilation (APAR SE71501).
  • i Project changes not always pushed when "push selected resources if there are any changes" is selected (APAR SE72138).
  • Indicators are not properly represented in the outline view when editing ILE RPG source (APAR SE72250).
  • Source opened from the error list view opened in edit mode when preferences are set to open in browse mode (APAR SE72370).
  • Embedded SQL statements in ILE RPG continued from column 80 may result in an ArrayIndexOutOfBoundsException (APAR SE72392).
  • Unsupported syntax checking and program verify preferences for ILE RPG, RPG/400, and COBOL no longer show as enabled in macOS environments (APAR SE72449).
  • Field size not reported correctly in the Outline view (APAR SE72827).
  • Content assist will not insert a proposal if the inserted value would flow past column 80 in **free ILE RPG (APAR SE72840).
  • Column sensitive editing preference affects editing fully free RPG source (APAR SE72953) .
  • When editing SQLRPGLE source with the Remote Systems LPEX editor, the SQL FETCH statement does not format well (APAR SE73285).

Back to Top

 

Intermapper


Version: 6.4.3

Apl 14, 2020

Enhancements
  • Changes were made to enhance map loading time at startup with large numbers of maps and charts.

  • The ability to detect corrupted chart files and repair them has been improved significantly.

  • A number of improvements in memory management and CPU usage have been completed. Even with large numbers of maps and charts, memory and CPU usage have been signficantly reduced.

Other Fixes
  • When exporting a mix of old and new chart data to Intermapper Database, the export now completes reliably.

  • The WMI Logged-on Users probe now works properly with Windows Server 2012 R2.

Back to Top

 

JAMS


Version: 7.1.557

Apr 13, 2020

Enhancements
  • Installer
    • Updated the installer to improve upgrades from JAMS V6.X to JAMS V7.1.557. The changes include:
      • When converting a JAMS V6.X Menu Definition to JAMS V7.1.557, the installer now includes Jobs if the V6.X Menu had "Include Setups" selected.
      • Enhanced the installer to identify and log potential inconsistencies before upgrading from JAMS V6.X to JAMS V7.1.557.
      • Updated to save the JAMS V6.X Job Override name as the Job name in the V7.1.557 History View.
      • Converted the SubmitDate and SubmitTime properties.
      • Assigned Setup Jobs that have different Agents to the Submit Job Tasks in the JAMS V7.1.557 Sequence.
      • Added a default user to a Root Folder, if no Credential was assigned to the Folder.
      • Converted Setup Job properties on Setup Definitions in JAMS V6 to Schedule Items and/or Properties on Sequence Tasks in JAMS V7.1.557.
      • Updated the Sample Jobs to use the Samples Credential.
      • Updated the Current Schedule Report in V6.X for JAMS V7.1.557.
  • Desktop Client
    • Added additional available columns to the History, Job, and Monitor Views for better visibility and usability.
    • Included a new PowerShell button to let a user open PowerShell ISE and edit the Job source.
    • Added the ability to create an Audit report.
    • Added right-click options for "Select All" and "Copy" to the Log File in the Monitor Detail.
    • Added the ability to change the Agent Type and Platform when editing an Agent Definition, if the Agent is not referenced by other JAMS Objects.
    • Added the ability to change the Connection Type when editing a Connection Definition, if the Connection Type is not referenced by other JAMS Objects.
    • Updated the Sequence Editor and Viewer to display inherited Properties and Schedule Items for a Submit Job Task and allow overriding of values.
    • Updated the Monitor View to add new right-click options to view Sequences and Workflows within the Entry Details screen.
    • Added a Monitor View query option to filter by Entries submitted by a user.
  • Scheduler
    • Added the Schedule for Date and Scheduled Time properties for Triggers.
    • Added support for AmazonS3 Connections on File Transfer Sequence Tasks.
  • Web Client
    • Added additional available columns to the History, Job Definition, and Monitor Views for better visibility and usability.

 

Other Fixes
  • API
    • Resolved an issue where Job properties were not updated properly when performing a POST to api/submit.

  • Desktop Client
    • Resolved an issue where the order of Parameters was not saved.

    • Resolved an issue where an error occurred when submitting a File Transfer Task on a SFTP Connection Store.

    • Updated the help text for the Success or Failure Trigger Parameter.

    • Resolved an issue where all columns could be removed from the Definitions screen.

    • Added a warning dialog when attempting to delete an Execution Method that is in use by existing Job Definitions.

    • Updated the Monitor View to display the row count for only the active tab.

    • Resolved an issue where renamed Agents were incorrectly displayed in Queues.

    • Updated the error description on the SQL Stored Procedure Task when it fails to retrieve stored procedures from the database.

    • Resolved an issue where the Pass Parameters value on the PowerShell and PowerShell32 Execution Methods were set incorrectly after upgrading from JAMS V7.0 to V7.1.

    • Resolved an issue with Informatica Cloud Jobs where edits to the selected Task may not be saved after closing and re-opening the Job.

    • Resolved an issue where moving a Sequence Task would display an error when using a JAMS V7.1 Client with a JAMS V7.0 Server.

    • Updated the descriptions for the Server Name and Node Name on the JAMS Agent Edit screen.

  • PowerShell
    • Resolved an issue where the Stop-JAMSEntry command was not properly using the -FolderName option.
    • Resolved an issue that prevented the folder's qualified name from being fully displayed.
    • Resolved an issue where the Variable Delete() method could only delete Variables in the Root Folder.
  • Scheduler
    • Resolved an issue with the Mail Watch Job property not converting from 7.0 IMAP Agents to 7.1 Connection Store objects.
    • Resolved an issue where inherited permissions were changed to explicit permissions after changes to folder security.
    • Resolved an issue with SSL mode in FTP Workflow activities.
    • Resolved an issue where the Debug mode did not disable recurrence options when the Job is submitted via PowerShell.
    • Optimized the Sequence editor to let a user view the Job properties by right-clicking on a Submit Job Task.
    • Optimized the memory usage in the JAMS Server for Projected Schedule with a large number of Jobs.
    • Resolved an issue where a Duplicate Interval Error was displayed for Jobs with a Retry and Interval Triggers.
    • Added support for the latest version of the Informatica API.
    • Added SCOM Notify objects to the Schedule tab.
    • Resolved an issue that could prevent Job log files from being copied to the common log location.
    • Resolved an issue that could cause the S3Session Activity for Workflow Jobs to display a System.NullReferenceException error.
    • Resolved an issue where Jobs or Sequences were failing with a final status of "Job was executing, sending missing event". The issue also caused Entries to stay in the "executing" state and Interval Triggers to stop executing.
    • Resolved an issue where a Job that was waiting on a precheck Job could not be released from its precheck requirement.
    • Resolved an issue where an FTP Job failed and displayed an error message indicating it was unable to get the file size.
    • Resolved an issue where Audit Trail Entries were duplicated in the Monitor Detail View.
    • Resolved an issue where a user without Submit access to all Jobs may see a "Submit access to this Job was denied" error when opening a Projected Schedule.
    • Restored the ability to manually cancel a Job Entry and override the CompletedKept value to remove the Entry from the Monitor View.
    • Added support for multiple Schedule Windows on Jobs.
    • Resolved an issue where the ScheduleMaxDownAction was not taken when the ScheduleMaxDowntime was exceeded.
    • Resolved an issue where date-specific Job Dependencies with Depend on Date = "today" would not look more than 5 hours in the past.
    • Resolved an issue where a Schedule Window action of No Action was not used for auto-submitted Jobs.
    • Updated support for Date/Time comparisons in Variable Triggers.
    • Improved the Monitor View performance by clearing all related and completed Entries when an Entry is restarted.
    • Updated to allow unattended installations of JAMS without specifying the path for the JAMS Database and log file.
    • Updated to remove precheck Jobs based on their retain settings to reduce the number of repeating Entries.
    • Improved the performance of large Sequence Jobs entering the Monitor View.
    • Resolved an issue with using private key Credentials in a File Transfer Job.
    • Improved error reporting on the JAMSConvertHistoryJob Job that is used to convert history records from JAMS V6.X to JAMS V7.1.557.
  • Web Client
    • Resolved an issue to correctly display the time between 12:00PM and 12:59PM.
    • Resolved an issue where days or months could not be changed in the calendar for the Audit Trail and Projected Schedule Views.

Back to Top

 

Powertech


BoKS Web Services Interface

Version 7.1.0.2

Apr 9, 2020

  • Added the ability to set a configurable timeout for calls to the BoKS admin server, BCCAS. You can configure the time for the timeout. If the call fails, an error is logged. Request timeout is configured using the parameter requesttimeout in the config.yaml file and is specified in seconds. The default is 60 seconds.

  • Added enhanced error logging capabilities for failed requests.

  • Fixed an issue where an incorrect content length setting for UTF-8 characters in combination with the system locale not being set to UTF-8 could cause the WSI server to stop responding.

  • Update of third-party dependencies.

Compliance Monitor

Version 4.1

Apr 27, 2020

  • Security information for the connection certificate is now encrypted for installations in which TLS is used to encrypt communication between the Consolidator and the browser-based user interface.

Exit Point Manager

Version 7.24

Apr 16, 2020

  • A problem causing incorrect hex-encoded SQL transaction data in reports has been resolved.
  • PTNSLOGEXT no longer omits *FTPSIGNON activity when the Include User Profile (USR) parameter is used.
  • A problem causing some reports to omit column headings from stream-file output has been resolved.
  • Errors in the help text for the PNSLOGEXT command have been corrected.
  • A problem that caused the PNSLOGEXT command to fail when processing failed journal entries has been resolved.
  • An issue that could cause missing QSOCONNECT transactions on reports has been corrected.
  • A problem causing functions to display as numeric values instead of text has been resolved.

Password Self Help

Version 3.004

Apr 27, 2020

  • An issue causing the "Same Answer Allowed" setting to fail in some configurations has been corrected.
  • The message "unsupported version of PSH installed" no longer incorrectly appears when creating a product connection to a supported version of Password Self Help from HelpSystems Insite. The correct product version is now displayed.

Risk Assessor

Version 3.1

Apr 14, 2020

  • A problem causing ‘/’ to be incorrectly listed in place of ‘/QOpenSys’ in the SKYASSESS document has been corrected.
  • An issue causing the SKYGRPPTF report to be empty when the IBM i does not have an Internet connection has been resolved. The report is now populated with the group PTFs that are currently installed.
  • In the System Value table of the SKYASSESS document, the QATNPGM value is no longer incorrectly flagged as deviating from the Recommended setting. (It is at the recommended setting.)
  • An issue causing the PTF Group SF99333 to be incorrect in the SKYGRPPTF report in some cases has been corrected.
  • A CPF3309 error caused by a large number of trigger programs on the system has been addressed, and no longer results in assessment failures.

SIEM Agent for IBM i

Version 4.1

Apr 2, 2020

  • Outputs can no longer be created without specifying a Format.
  • A problem causing incorrect data to be added to T:SV (System Value change) transactions has been resolved.
  • A rules processing improvement removes the requirement to create catch-all rules in certain scenarios, improving the user experience.
  • The inability to resolve the IP address when a fully qualified domain name is set as the Location for an Output has been corrected.
  • A journal monitor performance issue has been resolved.
  • The inability to create Output files in some scenarios has been corrected.
  • A problem causing the field values in Conditions to not be included in copied rules has been resolved.

Back to Top

 

Robot


Robot Reports

Version 7.72

Apl 13, 2020

  • Fixed issue with extended subject line compatibility for Alert 6 and above.

Back to Top

 

Sequel


Viewpoint 11

Version: 11.20.093

Apr 7, 2020

Other Fixes
  • Improved visualization of the join relationships in the View Designer File & Field tab.

  • The Excel Add-in supports views with *SERVER syntax.

Back to Top

 

Showcase


Viewpoint 10

Version: 10.20.093

Apr 7, 2020

Other Fixes
  • Improved visualization of the join relationships in the View Designer File & Field tab.

  • The Excel Add-in supports views with *SERVER syntax.

C&DS Migration Utility

Version: 10.20.093

Apr 7, 2020

  • No updates for this release.

Back to Top

 

Titus


Titus Classification Suite for Mac

Version 2020.0

April 2020

Enhancements
  • The product now provides sufficient logs generated at all levels to help to trace activities as well as diagnose any problems through Apple’s native logging system. Administrators can troubleshoot on the client machine with the native logging system Apple provides without third party applications.

  • EWS dependencies have been removed in order to unblock enterprise deployment and to improve the send process efficiency in Outlook. The product can be distributed easier through an MDM solution without use of App Password. Also, product performance has been improved.

Other Fixes
  • When the TMC add-in is not installed in TCS for Mac and Outlook is unchecked in automation setting, TCS for Mac still flags the error - "Automation (disabled) must be enabled for Office Apps to use TCS for Mac"

  • A custom property is interpreted to numbers in Word while Excel and PowerPoint represent this value accurately in the custom property tab.

  • When Titus Add-in is installed, the Add- in UI is not loaded in Word/Excel/PowerPoint, and the “Developer Add-ins” dialog remains open.

Titus Classification Suite for Windows

Version 2020.1

April 2020

New Features
  • Titus Classification for Desktop allows a user to apply Titus metadata to a file which could automatically trigger VERA protection to secure files.

Enhancements
  • Improvements were made for accessibility, usability, user experience, and to handle display scale factor changes dynamically.

  • Titus has ensured the color icons and Field Values in the Ribbon and the Select dialog align properly.

Other Fixes
  • Configuration files did not download to client systems when using HTTPS if only Transport Layer Security (TLS) 1.2 was enabled. If TLS 1.0 or 1.1 was enabled, configuration files downloaded as expected.

  • When replying to emails received with a First Line of Text (FLOT), only one condition value was shown when there were multiple. During FLOT parsing, multiple values were being selected for classification.A trusted label icon appeared on some emails even though the Trusted Labels functionality was not enabled in the configuration.

  • Rich text formatting in Policy Alerts were not showing with the proper format.

  • Non-Titus watermarks were removed when Titus metadata and markings were updated on Microsoft Word documents that were already classified.

  • The FLOT parser was only considering first line from patterns when finding a match.

  • Australian Email Protective Marking Standard parser evaluated namespace from Sender’s email instead of gov.au namespace.

  • If a user activated the "TITUS Software License Agreement", the focus was not in the scrollable area of the text window.

  • When trying to open http://www.titus.com link from the About dialog box using a keyboard, users had to go through several keystrokes to activate the link.

  • Ribbon Help/Select text was not shown when opening classified messages.

  • Schema Downgrade rules could be bypassed by canceling the Select dialog.

  • Long (multi-line) schema field name text was truncated in the Select dialog.

  • Drop-down fields containing numerous (100+) values sometimes displayed with blank entries in the Select dialog.

Version 2020.0 SP1 HF2

April 2020

Other Fixes
  • If the ‘Suggested’ field in a schema value to ‘No’ then Patrol will not detect an unclassified file if the rule in the policy uses “” as the condition when checking File.Metadata.Classification.

Back to Top