Reflection for the Web - Release Notes

July 2020

1.0 Version 13.1 Hotfix 2

released July 2020

Java Security update 1.8.0_262

2.0 Version 13.1 Hotfix 1

released June 2020

Resolved issue:

The keystoreLocation parameter correctly resolves the location of the private key and trust stores, when using the Reflection for the Web SDK.

3.0 Version 13.1

released May 2020

3.1 What’s New

All releases are cumulative, and contain the features introduced in earlier releases. See what’s new since version 13.0

New Features

The Reflection for the Web Launcher eliminates the requirement for Oracle Java and the Netscape Plugin API (NPAPI) for both administrators and end users.
- Administrators: Session management in the MSS Administrative Console no longer requires Oracle Java or the NPAPI. Sessions can be created and edited using the Reflection for the Web Launcher.
- End Users: Since version 13.0, workstations no longer require Oracle Java or the NPAPI to launch sessions.
When sessions are launched using the Reflection for the Web Launcher, a warning dialog is presented when the Links List Applet is closing and emulator sessions are still open, providing the user with the opportunity to abort the closure operation.
When an individual session is launched directly using the Reflection for the Web Launcher, a second window may appear for authentication purposes. Once authentication succeeds, the second window is automatically hidden.
Added a Windows shortcut for the Reflection for the Web Launcher Settings application, which provides configuration of the Reflection for the Web Launcher.
Updated Management and Security Server (MSS) to version 12.6 SP1, which is required to manage and secure your Reflection for the Web sessions.

Third-party software changes

Updated Apache Tomcat to v9.0.33 for the remote/stand-alone installation mode
Updated Java to the latest available security release: OpenJDK 1.8.0_252
Removed Apache Struts dependency. Reflection for the Web is now a Struts-free product.

3.2 Resolved issues

since Reflection for the Web 13.0 Hotfix 5

Resolved Security Vulnerability: CVE-2020-1938. See 7024547 for details.
When using the Reflection for the Web Launcher, you can use:

– the custom protocol named mfjnlp

– authentication via smart-card based certificates

– transparent authentication via Windows Single Sign-On

– Metering via HTTPS
The Links List displays only Reflection for the Web session types.
Improved support for web proxies.
Restored the ability to generate static HTML for Reflection for the Web sessions in the MSS Administrative Console.
Resolved the opening of embedded sessions in multiple tabs of the browser.

3.3 Known issue

A 500 error may be reported by the server when the Display Links List button is pressed when a session is launched directly.

Workaround: Refresh the browser page.

4.0 About Upgrading

The upgrade process varies depending on the version you are upgrading from. For more information, refer to the Reflection for the Web Installation Guide - Upgrading.

The Reflection for the Web automated installer provides the option to install/upgrade both Reflection for the Web and the compatible version of MSS. Versions must be compatible to implement security updates and other functions.

4.1 Compatibility Requirements

Check to be sure these versions are compatible.

Reflection for the Web Launcher

When you upgrade Reflection for the Web, be sure to install the latest Reflection for the Web Launcher to be able to manage (Add or Edit) sessions in the MSS Administrative Console.

To update the Launcher, click DOWNLOAD when you launch a Reflection for the Web session, and run the installation wizard. See Installing the Reflection for the Web Launcher in the MSS Installation Guide.
MSS Add-on Products

The Security Proxy (or any MSS Add-on product) must be the same <major>.<minor>.<update> version as Management and Security Server (MSS). For example, when you upgrade to Reflection for the Web 13.1, which uses MSS version 12.6 SP1, be sure to upgrade the Security Proxy to version 12.6 SP1.

See the MSS Installation Guide -Upgrading for assistance.

5.0 If you are Evaluating

When you run an evaluation copy, the product will be fully functional for 120 days. During that time you can install, configure, and test Reflection for the Web version 13.1.

Follow the installation steps in the Reflection for the Web Installation Guide, and then walk through the evaluation scenario presented in Evaluating Reflection for the Web.

Please contact Micro Focus or your authorized reseller to obtain the full-use version of the software.

6.0 Resources

Security Updates:

Support Resources

Support resources include Knowledge Base articles and Contact Support information.

Reflection for the Web Documentation:

Reflection for the Web Installation Guide
Reflection for the Web Reference Guide, includes:
- API and Scripting
- Using ECL
- Applet Attributes and Parameters
- HTML Samples
- Host-initiated RCL Support

Management and Security Server (MSS) Documentation:

MSS 12.6 SP1 Installation Guide
MSS 12.6 SP1 Administrator Guide (online Help)

7.0 Legal Notice

The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.