Release Notes
Host Access for the Cloud version 3.0.0.2 released January 2024. These release notes list the features, notable changes, and known issues in this release. Host Access for the Cloud provides terminal emulation for 3270, 5250, VT, ALC, UTS, and T27 host types, while requiring only an HTML 5-capable browser.
What’s New
Host Access for the Cloud version 3.0.0.2 released with Management and Security Server (MSS) version 14.0.0.2.
All releases are cumulative and contain the features introduced in earlier releases. For previous versions, see HACloud Documentation.
Features and fixes include
-
Updated Java and applied security updates to address CVEs and additional bug fixes. (3.0.0.2)
-
Addressed vulnerability that involved the potential for MSS session hijacking. (3.0.0.1)
-
Applied security updates to address multiple CVEs. (HACloud 3.0.0.1)
-
Addressed an issue that prevented the administrative advanced Kubernetes dashboard from loading in a deployment that was not connected to the internet. (3.0.0.1)
-
Strict Transport Security Headers (HSTS) added to MSS to enhance security. (3.0.0.1)
-
SiteMinder Agent name is now automatically replicated between nodes in MSS. (3.0.0.1)
-
Windows Connector updated to v2.1 which includes mitigation for CVE-2023-4863 and other CVEs (3.0.0.1)
-
Host Access for the Cloud has adopted a new architecture that simplifies deployment, tightens security, improves scaling and high availability, and eases ongoing maintenance. There are two new deployment options, a virtual software appliance and Linux installers. See the deployment guide for information and how to choose the deployment that best fits your needs (3.0).
-
Some benefits provided by the new architecture:
-
A single certificate is used for the entire cluster. TLS is used to secure end-to-end communication.
-
Services are self healing and automatically distributed across cluster nodes, providing built in high availability and fault tolerance.
-
Scaling to handle changes in capacity has been greatly simplified.
-
Clustering workflows have been improved and no longer require complicated certificate management.
-
Load balancers are now optional and no longer require complicated configurations.
-
Management workflows and basic monitoring of the cluster have been both simplified and expanded.
-
The new architecture is built on standards so common tools can be used when working with the cluster.
-
The virtual software appliance provides a convenient update channel for applying product and operating system updates.
-
Send messages to all users on a session server, for example for upcoming maintenance.
-
Easily download emulation host traces from one location.
-
Single place to manage and deploy client and server side session server extensions.
-
-
-
Security updates including Java and third party libraries (3.0)
-
The ACCOUNT field is now supported when making FTP connections (2.7.7)
-
"Upload as..." is now available in FTP to allow the user to specify a custom name for the destination file (2.7.7)
-
In FTP a file can be downloaded from any path without having to navigate to the folder first (2.7.7)
-
File listings in FTP can now optionally be lazily loaded on demand (2.7.7)
-
Various bug fixes related to Max Record Length and IND$FILE transfers (2.7.7)
-
AutoSignOn for Mainframes improved in SAML environments (2.7.7)
-
The UTS emulator no longer stops responding when Ctrl + X is used in the browser (2.7.6)
-
Fixed a collection of defects related to IND$FILE file transfers (2.7.6)
-
Host printer sessions can be configured to output either a text file (new) or a PDF (2.7.6)
-
Apache Commons Text library updated to version 1.10.0 to mitigate CVE-2022-42889 (2.7.5)
-
Apache Shiro library updated to version 1.10.0 to mitigate CVE-2022-40664 (2.7.5)
-
Removed the JXPath library to mitigate CVE-2022-41852 (2.7.5)
-
Fixed bug that occasionally led to inconsistencies in user preference data in a clustered deployment. (2.7.4)
-
Fixed bug that occasionally resulted in SAML related errors on servers under high load. (2.7.4)
-
Windows Authentication - Kerberos is available for end users launching sessions via the Assigned Sessions list. (2.7.3)
-
Automated Sign-On for Host Access is a new feature that allows an end user to receive a one time, time limited passcode to sign on to back-end host systems. The passcode is associated with the end user's host userid and only issued if the host has authorized the connection. Note: This feature requires some changes on the host. (2.7.2)
-
Host Access for the Cloud sessions can be exported and imported using the MSS Admin Console. (2.7.2)
-
Support added for IPv6 in dual stack (IPv6/IPv4) environments (2.7.2)
-
Thymeleaf library upgraded to mitigate a critical CVE. (2.7.2)
-
Users can now double-click to select a word in the Web Client terminal. (2.7.1)
-
Log4j library has been upgraded to version 2.17.1 to mitigate multiple CVEs. (2.7.1)
Changes in Behavior
-
Web Client and Server Side Event Extensions are now enabled or disabled together from a single UI toggle. Use of the "extensions_enabled" property is no longer used to enable or disable extensions. The new toggle resides at MSS Admin Console > Host Access for the Cloud > Extensions. See the documentation for more information. (3.0.0.1)
-
The minimum disk space requirement for the Appliance and Linux based installers has been increased from 60GB to 100GB. (3.0.0.1)
-
The process for configuring X.509 authentication has changed slightly. Please see the documentation for the updated steps. (3.0.0.1)
-
Information related to deployment and administration has been moved from the Web Client Help to a separate Deployment Guide document (3.0)
-
The location for accessing the session server web client has changed from https://hostname:7443 to https://hostname/webclient. (3.0)
-
A collection of features that were believed to be unused have been deprecated and removed from the MSS Admin Console. Please contact support if a feature has been removed that you depended upon. (3.0)
-
Metering no longer requires configuration and is enabled by default. (3.0)
-
The configuration process in the Terminal ID Manager has been updated and simplified. (3.0)
-
The Terminal ID Manager Console and Metering Admin Console now share the same password as the MSS Admin Console. (3.0)
-
Support for NTLM based authentication has been removed and replaced with support for Kerberos. (3.0)
-
Microsoft has retired Internet Explorer 11, and as such, our ability to resolve IE 11 browser specific issues in older versions of HACloud is limited. Support for IE 11 has been removed from HACloud 3.0 and greater. However, we will continue to support IE 11 for older versions of HACloud that currently support it, as per the Product Support Lifecycle. (3.0)
-
Based on customer feedback, the Web Client paste settings Wrap to next field on current line and Wrap to next line are now enabled by default in newly created sessions. (2.7.3)
-
To help prevent cross-site request forgery attacks, the default SameSite attribute on the session server cookie has been updated from None to Lax. This change may affect the JavaScript SDK and SAML authentication behind a load balancer. You can edit this attribute if needed. See Setting the SameSite Attribute. (2.7.1)
Known Issues
Technical Support is always available to help you with any issues you may encounter in Host Access for the Cloud.
-
Certain X.509 capabilities related to OCSP, CRL and multi-LDAP support are not fully supported in this release. Please contact support if these capabilities are critical to your deployment. (3.0.0.1)
-
Following initial installation, server node restarts, or adding new nodes to the cluster, it may take approximately 15 minutes for the cluster to stabilize and report itself as 'Healthy.' Numerous warning events may appear in the Cluster Management - Events view during startup. These are part of the normal operation and will be cleared after approximately 15 minutes. Always wait for the cluster to be reported as healthy before proceeding with cluster operations. (3.0)
-
Occasionally upon initial installation of the product, a session server will fail to start due to a problem with the underlying storage engine. This can be recognized in the Cluster Management console > Cluster Health, the session server(s) will show as not ready. To work around this issue, access the server node using SSH and run
cspctl cluster reset
. Be aware that this command resets the node to a clean state and any application data is lost, so only run it as needed on first installation if this issue appears. (3.0) -
When using the Appliance, the process of downloading a Support Zip can take several minutes, with no feedback in the user interface. After clicking "Ok", please stay on the view until the download completes (3.0)
-
When using the migration tool to migrate from a system with Terminal ID manager configured, on the new system Terminal ID manager will fail to start after migration. To work around this issue please contact support. (3.0)
-
Support for X.509 authentication through a load balancer is not currently functioning. (3.0)
Release Tracks
Host Access of the Cloud provides the following release tracks for you to choose from depending on your needs.
Long-Term Support Release
-
Recommended for all customers.
-
Only receives critical security updates. No new features.
-
Release cadence is approximately once per year.
-
Version numbering example: 3.0
Incremental Release
Recommended for customers interested in the latest features.
-
Contains major changes - new features and bug fixes.
-
No patches / updates will be provided.
-
Security updates are obtained by upgrading to the next Incremental or Long-Term Support Release.
-
Release cadence is approximately four to six times per year.
-
Each Incremental Release is a step toward the next Long-Term Support Release.
-
Version numbering example: 3.0.1
Contacting Open Text
Additional technical information or advice is available from several sources:
-
Product documentation, Knowledge Base articles and videos - see Support for Host Access for the Cloud.
-
Community pages – see Communities.
Legal Notice
© 2024 Open Text
The only warranties for products and services of Open Text and its affiliates and licensors (“Open Text”) are as may be set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Open Text shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.