Monthly Release Notes - July 2020

Jump to:


Automate Schedule

Version 4.5.1

Jul 7, 2020

IMPORTANT: When updating to Automate Schedule version 4.4.1 or later, it is recommended you manually update your scripts to ensure proper connectivity to Automate Schedule web services. See Running the Automate Schedule Web Service for more information.

  • Upgraded Apache Tomcat to 7.0.104 to enhance security and performance.
  • Upgraded to OpenJDK Java 11.0.7 to enhance security and performance.
  • Universal Connector version 1.3.3
    • Upgraded Apache Tomcat to 8.5.55 to enhance security and performance.
Other Fixes
  • Fixed an issue where creating a new job using the web service jobservice script and an XML file results in the command being incomplete.
  • Fixed an issue where LDAP lookup fails if the Active Directory server is restricted to use TLS 1.1 or higher.
  • Fixed an issue where IBMi job logs were not being appended to the Automate Schedule job log.
  • The SAP NetWeaver System Definition Where Used feature now shows the correct number of System Environments, ABAP Step Sets, Run Intercepted Jobs, Command Sets, Jobs, and Member Jobs in use, including SAP NetWeaver Job, Process Chain, Event, and Variant commands.

Back to Top


Core Security

Core Impact

Version: 19.1.12

Jul 31, 2020

  • New Exploits
    • Pydio Cells Mailer Configuration Remote OS Command Injection Exploit: The administrative console in Pydio Cells allows a user with administrator role to set the path for the sendmail binary executable, when the "sendmail" option is selected in the mailer configuration. Due to lack of sanitization in the given parameter, an administrator user can set the path to an arbitrary binary. (CVE-2020-12847)

    • F5 BIG-IP TMUI Directory Traversal Remote Code Execution Vulnerability Exploit: A directory traversal vulnerability in F5 BIG-IP Traffic Management User Interface (TMUI) allows unauthenticated attackers to run remote code on the underlying operating system as root. (CVE-2020-5902)

    • Microsoft Windows Win32k DrawIcon OOB Local Privilege Escalation Exploit: An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory. (CVE-2020-1054)

    • Microsoft Windows Win32k xxxPaintSwitchWindow Vulnerability Exploit: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1458)

Other Fixes
  • AMSI Bypass Implementation for Exploits and Agents: This update implements a new technique to avoid or reduce detection of remoteCommandExecution attack methods and commands executed on powershell consoles that are monitored by AMSI (Anti-Malware Scan Interface).

Visual Identity Suite (VIS)

Version 2.4.0

Jul 6, 2020

New Features
  • New, simplified role design includes intelligence that proposes Smart Roles to the designer. The VIS intelligence engine utilizes existing role definitions and overall access relationships to generate an optimum set of roles, that are proposed to the user, who may accept, modify, and save any of these proposed role definitions. The role designer and the VIS system can create roles to publish quickly for use within an Access Management system, such as Core Access in AAS.
  • Role definition view enables users to view and manage role definitions by providing a list of roles on one axis and a list of entitlements along the other axis. Users are now able to simultaneously see multiple role definitions and easily identify any role overlap or duplication.
  • A new matrix screen enables users to view a list of users on one axis and a list of roles on the other axis, which provides the user with a view of which roles have been assigned to each user. The matrix utilizes the existing controls to filter the data set to a manageable volume, such as selecting users with a specific job title or users in a specific department.
  • All matrix views now have a new display control. Users can click a button and swap the axis that the data is displayed on; this enables users to control the viewing area based upon their preference.
  • When using the matrix views, users can select filtering criteria to narrow the focus of the displayed information. Users can now specify how they want their filtering criteria treated when they select multiple items by toggling the Any/All button in the filter panel.
  • Automatic adjustment of the matrix view in response to the role selection. Depending upon which matrix view the user is utilizing, the amount of data may exceed the capacity of the viewing area. Therefore, as the user selects or deselects items to view, the matrix will automatically adjust the viewing area to display all the selected items so the user can see where they are located within the overall matrix.
  • VIS branding has been updated to reflect Core Security as a HelpSystems company.
  • Expanded role design capabilities. A user can edit, publish, and delete roles. Unpublished roles can be viewed in a work area, where designers prepare the roles for publishing to an access management system, such as Core Access in the Core Access Assurance Suite (AAS).
  • Enhanced role design capability separates published (shared w/ AAS) and unpublished (local) roles. Users can use theRole Management panel to work with published, unpublished, and Smart Roles in their separate categories.
  • Enhanced control over search filters enabling users to control how multiple selections in the filter are treated.
  • All searches with in VIS, both VIS Role Designer and VIS Certify, are now case-insensitive to enable users to search VIS easier.
  • Improved file import process uses workflow-like steps and provides templates. The environmental data is uploaded into VIS via an admin file import process implementing a step-by-step workflow to help ensure that the data is properly aligned and stored in the system.
Other Fixes
  • Fixed issue where draft roles imported in a Role Details CSV delete user-role relationships if the role already exists in VIS.
  • In the Views panel of Role Designer, the full names of users in the Managers section are displayed instead of the ID.
  • When creating or editing a role, Users and Entitlements can be removed using the tables in the Mapping tab.

  • Target names of entitlements are now highlighted for ease of use.

Back to Top


Document Management (RJS)


Version: 1.2.16

Jul 9, 2020

New Features
  • Added Login Page to Administrative Web UI.
  • Added User Maintenance Pages for the management of DeliverNow users.
  • Added Logout Button to Administrative Web UI.
Other Fixes
  • Fixed issue where SSL connections to IBMi systems would not use the secure port when creating the connection.
  • Removed windows user account requirement from installer.
  • Fixed issue where log file clear action could corrupt database.

Webdocs Forms Management

Version: 7.4.0

Jul 10, 2020

New Features
  • The Visual Rule Builder supports functions/expressions.
  • The Email step for workflows has been renamed to Anonymous Task. This added functionality greatly enhances the rule builder's ability to create more powerful rules reducing the need to manually add JavaScript.
  • The Rule Builder provides Lookup, Help and validation support for new expressions.
  • Ability to turn on an unsaved changes warning that displays in Use mode when the form/flow browser window/tab is closed without saving/submitting and changes have been made to the data.
  • Ability to display a customized warning message when a user tries to delete a repeating section or table row.
  • System Metrics to monitor Platform Stability / Performance - Cloud Only.
  • Turn on DEBUG level logging for Live Forms using a simple property.
  • Spaces generate menu item url's using parentheses instead of curly braces.
  • The Insight Server war is now included in the frevvo.war file.
  • Customization of On Premise installations is done in a single properties file named <frevvo-home>\conf\
  • On Premise customers using the tomcat bundle, will no longer see an insight.war file in <frevvo-home>\tomcat\webapps.
  • Log entries for the Insight Server are captured in the frevvo log.
  • Configuration Property to turn on JSON logging for the frevvo log - On Premise only.
  • Connectors directory including the PVE and Google connectors removed from the frevvo tomcat bundle.

Webdocs Windows

Version: 2.1.7

Jul 30, 2020

New Features
  • Added the ability to utilize multiple processes and multiple servers when hosting Webdocs web application. To allow for customers to load balance an application across several application pools if necessary.
  • Added ability to configure application for external session management using ASP.NET session manager.
  • Documents can now be exported with an indexed list from the Web UI. A single zip file will be sent to the user on completion.
  • XML Serialization in REST API updated to include strongly typed objects for License and Settings endpoints.
  • Changed sort order of folders in dropdown on move folder page to match other areas of system.
  • Added administrative option to run search optimization on the search index files.
  • Added change password feature to mobile site.
  • Updated Document Viewer component for increased support of docx containing image files.
  • Optimized search indexer performance by optimizing SQL indexes.
  • Added administrator configurable options for search indexing, to allow setting of fields used in generic search at a application level. Default is all fields.
  • Optimized memory used in search results when results set is very large.
  • Added administrator configurable options for search indexing process.
  • XML Serialization of REST API has been added in addition to existing JSON format.
  • Added administrator configurable options for search indexing process.
  • Added control to allow rotation of pages in document preview. Rotations are read only and not saved with new file versions.
  • XML Serialization in REST API updated to include strongly typed objects for License and Settings endpoints.
  • Added icons to support additional Audio and Video file types as well as PPTX.
  • Default sorting when no search criteria is present to Insert Date.
  • Added support for additional 665 MIME types for document downloads from REST API.
  • Added basic (single field) search to the REST API.
  • Route notification emails now include additional information about the document, including: Title, Document Key, Document Type, Folder Name, Check-in Date, Index keys.
  • Additional file types are now supported in the document viewer: : XLSX, BMP, PNG, TXT, GIF, ODT, PSD, RTF, JIF
  • Optimized process of re-indexing entire search content.
  • Document Exports have been moved from the website to the service to increase performance and reduce impact of large exports on other users.
Other Fixes
  • Optimized Folder display loading to utilize less resources and perform faster.
  • Optimized folder and doctype count display algorithm on search results.
  • Session Timeout no longer blocked by unsaved changes.
  • Login page session timeout optimization, to avoid having to click login twice after timeout.
  • Fixed Print Icon display issue.
  • Improved temporary disk space management.
  • Improved Webforms integration with custom URL searching.
  • Removed additional white space below document viewer component in UI.
  • Fixed issue where swagger Try It button would fail when using SSL.
  • Added filter to folder creation, to no longer allow special characters in the folder name which can produce undesired behavior in Webdocs.
  • Login page no longer attempts a login when changing the language.
  • Improved session timeout handling to no longer require a double login after session expiration.
  • Updated Document Viewer component to center images in view.
  • Updated Response Model on Settings REST API Swagger documentation.
  • Fixed issue in REST API where /api/searches/Fields could not utilize a date range when specifying the InsertDate as one of the criteria to search on.
  • Improved efficiency of the Full Text Index service.
  • Optimized Excel Export to support up to 150,000 rows exported.
  • Updated MSSQL Prerequisite digital certificate

Back to Top



Robot HA

Version 13.01

Jul 22, 2020

  • CHGTRGRSF now checks trigger state prior to changing file.

  • Fixed issue with spooled file sync failing on spooled files with 0 pages.

  • Option ER now correctly ends the remote apply job.

Version 13.00

Jul 14, 2020

New Features
  • New Work With Sync Attributes panel improves usability and visibility of important information with a 27x132 display.
  • New Subset window allows you to select a subset of Sync Attributes to be displayed.
  • HA status, audit status, and general information can now be monitored using Insite Analytics within HelpSystems Insite
  • Key fields on Sync Attributes are not editable after creation.
  • New Work With Sync Attributes panel is now only available as option 1 from the Robot HA Main Menu
  • New Work With Sync Attributes panel now refreshes after new Sync Attribute is added.
Other Fixes
  • Fixed issue with Add IFS Sync Attribute not accepting directory paths that include single or double quotation marks.

  • Fixed issue with DSPSYSRSF ending with "Value cannot be converted to type implied by receiver".

Back to Top