Host Access Management and Security Server version 12.4.4 released June 2017. These notes list the features, resolved issues and known issues since version 12.4.0 released.
Host Access Management and Security Server 12.4 Update 4 includes the following features (in addition to the 12.4 features described in Technical Note 2885):
The HTTPS Certificate Utility provides the ability to generate a new private key and a Certificate Signing Request (CSR), and then import the signed certificate and private key.
Java update: 8u131.
Upgrade to Apache Tomcat 8.5.15.
Bouncy Castle is the provider for keystore operations. The cryptographic files have the .bcfks extension. See Technical Note 2900 for more information.
On the Security Proxy Server, multiple cipher suites of the same key type can use the same certificate. That is, all RSA cipher suites use one RSA certificate, and all DSA cipher suites use one DSA certificate.
The Entropy Gathering Device (EGD) was changed to/dev/urandom to resolve issues where installation and starting of applications may be slow or appear to hang on headless UNIX systems.
If your organization does not permit the use of /dev/urandom, see the alternative workaround in the Management and Security Server Installation Guide.
In Administrative Console, when an LDAP Server is configured to use the Security option TLS/SSL, you can search for users or groups on your LDAP server to assign (map) sessions.
Resolved vulnerabilities:
When you access the Administrative WebStation using HTTP and then enable the Require HTTPS option in Security Setup, some features in the Administrative WebStation become unavailable. Logging off produces an error message.
Reason: Security settings added to Management and Security Server prevent a mix of HTTP and HTTPS content in the same browser window.
Workaround: With the Require HTTPS option checked, close the browser, and access the Administrative WebStation again. All requests will be forced to HTTPS, as directed by the Require HTTPS option.
Note: This issue does not occur when you log in to the Administrative WebStation using HTTPS.
When the unix-nojre installer is used to install the product, the following error can occur on 64-bit RedHat Enterprise Linux when executing the "server" shell script. A similar issue might also occur on other Linux or UNIX systems:
./server: /opt/microfocus/mss/server/bin/./wrapper-linux-x86-32: /lib/ld-linux.so.2: bad ELF interpreter: No such file or directory
Workaround: Delete the 32-bit wrapper binary named wrapper-*-32.
On Linux systems, delete wrapper-linux-x86-32
On AIX systems, delete wrapper-aix-ppc-32
Note: This issue does not occur when using an installer that includes an embedded JRE.
If you are installing or upgrading from Reflection ZFE version 2.1.1 or 2.1.0, contact Support.
A workaround is needed to resolve version compatibility between Reflection ZFE and Management and Security Server 12.4.3.
In the Administrative WebStation, the NTLM configuration option, Fall back to Basic authentication, was removed. If this setting is needed, you can set a property. Contact Support for details.
Security Updates: http://support.attachmate.com/security/?prod=MSS
Technical Resources, including documentation and technical notes: http://support.attachmate.com/product/?prod=MSS
Product information, including the Management and Security Server (MSS) Add-Ons: https://www.attachmate.com/products/mss/.
Related Technical Notes:
© 2017 Micro Focus or its affiliates. All rights reserved.
No part of the documentation materials accompanying this Micro Focus software product may be reproduced, transmitted, transcribed, or translated into any language, in any form by any means, without the written permission of Micro Focus. The content of this document is protected under copyright law even if it is not distributed with software that includes an end user license agreement.
The content of this document is furnished for informational use only, is subject to change without notice, and should not be construed as a commitment by Micro Focus. Micro Focus assumes no responsibility or liability for any errors or inaccuracies that may appear in the informational content contained in this document.
Attachmate, the Attachmate logo, and Reflection are registered trademarks of Micro Focus in the USA. All other trademarks, trade names, or company names referenced herein are used for identification only and are the property of their respective owners.