Micro FocusMicro Focus is now a part of OpenText
Change Guardian 6.2.0.1 Release Notes
1.0 What is New?
1.1 Log4j Vulnerability Fix
2.0 System Requirements
3.0 Installing Change Guardian 6.2.0.1
4.0 Upgrading to Change Guardian 6.2.0.1
5.0 Known Issues
5.1 Common Appliance Framework Page Shows Error RemoteLookupFailureException
5.2 Events Do Not Show Command Line Details
5.3 FIPS Enabled Solaris Agent Shows Offline in Agent Health Tab
5.4 Appliance Reports Errors During Boot
5.5 Launching Alerts Dashboard Displays Conflict Error Message in FIPS Mode
5.6 Events Do Not Show the Windows Process Description
5.7 Internet Explorer 11 Does Not Save Events Dashboard Customizations
5.8 Events Dashboard Appears Blank
6.0 Legal Notice
pdfepubprintcomment

Change Guardian 6.2.0.1 Release Notes

January 2022

Change Guardian 6.2.0.1 addresses the Log 4j vulnerability.

The documentation for this product is available on the Micro Focus website in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click comment on this topic at the bottom of any page in the HTML version of the documentation posted at the Change Guardian Documentation page. To download this product and patches, see the Micro Focus Downloads website.

1.0 What is New?#

The following issue has been resolved in this release:

1.1 Log4j Vulnerability Fix#

The Log4j vulnerability allows malicious attackers to execute code remotely on any targeted system.

  • A series of high severity vulnerabilities (CVE-2021-44228), (CVE-2021-45105), (CVE-2021-45046), and (CVE-2021-44832) for new Apache Log4j 2 version 2.14.1 are disclosed publicly and this has been addressed in this release by upgrading log4j to latest version 2.17.1

  • A series of high severity vulnerabilities (CVE-2021-4104) and (CVE-2019-17571) for older Apache log4j version log4j-1.2.17.jar are disclosed publicly and it has been mitigated by removing vulnerable classes SocketServer.class and JMSAppender.class from log4j-1.2.17.jar as the next version is not available and bundled in Change Guardian.

  • The vulnerable class JndiLookup.class is removed from the Elasticsearch bundled log4j-core-2.11.1.jar used in Change Guardian.

2.0 System Requirements#

For more information about hardware requirements, supported operating systems, and browsers, see the System Requirements for Change Guardian 6.2.

3.0 Installing Change Guardian 6.2.0.1#

You can install Change Guardian 6.2.0.1 on supported platforms. For more information about the installation procedure, see Change Guardian Installation and Administration Guide.

4.0 Upgrading to Change Guardian 6.2.0.1#

You can upgrade to Change Guardian 6.2.0.1 from Change Guardian 6.2. For information about the upgrade procedure, see Upgrading Change Guardian in the Change Guardian Installation and Administration Guide.

NOTE:Install/Upgrade to Change Guardian 6.2.0.1 is only supported by Traditional Installer.

5.0 Known Issues#

Micro Focus strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.

5.1 Common Appliance Framework Page Shows Error RemoteLookupFailureException#

Issue: Upon launching, the CAF page fails to load and shows RemoteLookupFailureException error.(Defect 379090)

Workaround: Restart the datamodel service on the Change Guardian Appliance server with: rcvabase-datamodel restart. Ensure that it shows active (running) with: rcvabase-datamodel status and open the Change Guardian Appliance Management Console Page with: https://IPAddressOfServer:9443.

5.2 Events Do Not Show Command Line Details#

Issue: If a process is terminated within a second of its creation, the Change Guardian Agent for Windows cannot collect the command line details such as Command Line, Command Line Length, Command Line Parameter, and Command Line Parameter Length. Events that are generated for these processes do not display the command line details.(Defect 292163)

Workaround: None.

5.3 FIPS Enabled Solaris Agent Shows Offline in Agent Health Tab#

Issue: When you assign policies to Solaris UNIX Agent machine, the VigilEntAgent service may go down. (Defect 353077)

Workaround: When the server receives the next heartbeat, the Agent turns online and sends events normally.

5.4 Appliance Reports Errors During Boot#

Issue: When the Change Guardian appliance boots after installation, the appliance reports that some services have failed to start: (Defect 174273)

Failed to start LSB: NetIQ LDAP Expander.
Failed to start LSB: Sentinel Server.

Workaround: The services start correctly. You can ignore such error messages.

5.5 Launching Alerts Dashboard Displays Conflict Error Message in FIPS Mode#

Issue: After installing or upgrading Change Guardian in FIPS mode, when you launch Alerts Dashboard for the first time, a conflict error message is displayed. (Defect 302233)

Workaround: Refresh the page and ignore the conflict error message as there is no functionality impact.

5.6 Events Do Not Show the Windows Process Description#

Issue: The assembly path for certain Windows processes is not available to the Change Guardian Agent for Windows, due to which the agent cannot collect the Windows process description. Events that are generated as a result of such processes do not display the process description.(Defect 290154)

Workaround: None.

5.7 Internet Explorer 11 Does Not Save Events Dashboard Customizations#

Issue: If you use certain versions of Internet Explorer 11, such as versions 11.0.10240.16384 and 11.1098.17763.0, to view and modify Events Dashboard settings, Internet Explorer does not display the saved settings.(Defect 155003)

Workaround: Use a different web browser that is supported.

5.8 Events Dashboard Appears Blank#

Issue: If you click DASHBOARDS > EVENTS, the Events Dashboard is displayed. If you click on DASHBOARDS again, the Event Dashboard appears blank.(Defect 189391)

Workaround: Refresh the page to view the Events Dashboard.

6.0 Legal Notice#

For information about Micro Focus legal notices, see https://www.microfocus.com/about/legal/

Copyright © 2022 Micro Focus or one of its affiliates.