Host Access Management and Security Server - Release Notes
February 2023
Host Access Management and Security Server (MSS) 12.8.6 released February 2023.
What's New
Management and Security Server 12.8.6 released with Host Access for the Cloud 2.7.6 .
All MSS releases are cumulative, and contain the features introduced in earlier releases. For previous versions, see MSS Documentation.
Features and Fixes
-
Applied security updates (12.8.6)
-
Apache Commons Text library updated to version 1.10.0 to mitigate CVE-2022-42889 (12.8.5)
-
Apache Shiro library updated to version 1.10.0 to mitigate CVE-2022-40664 (12.8.5)
-
Removed the JXPath library to mitigate CVE-2022-41852 (12.8.5)
-
Fixed bug that occasionally resulted in SAML related errors on servers under high load. (12.8.4)
-
Applied security updates and additional bug fixes. (12.8.4)
-
Windows Authentication - Kerberos is available for end users launching sessions via the Assigned Sessions list. (12.8.3)
-
Automated Sign-On for Host Access is a new feature that allows an end user to receive a one time, time limited passcode to sign on to back-end host systems. The passcode is associated with the end user's host userid and only issued if the host has authorized the connection. Note: This feature requires some changes on the host. (12.8.2)
-
Host Access for the Cloud sessions can be exported and imported using the MSS Admin Console. (12.8.2)
-
Support added for IPv6 in dual stack (IPv6/IPv4) environments (12.8.2)
-
Log4j library was upgraded to version 2.17.1 to mitigate multiple CVEs. (12.8.1)
-
Documented how to run the MSS Server as a dedicated non-adminstrator user with minimal privileges (12.8.1)
-
MSS Documentation was converted to Markdown. (12.8.1)
Changes in Behavior and Usage
-
MSS is adopting new deployment models, a virtual appliance and Linux RPMs. This change will simplify deployment, security, scaling, high availability and ongoing maintenance. A preview will be provided before the official release.
To ease into this change, MSS will continue to support existing installation types. In our major release, Windows customers will have the option of migrating to the appliance or running the appliance along with their Windows-based MSS installations. In subsequent releases, older installation types will no longer be supported. All of our customers can be assured that MSS will continue to provide all the support necessary to transition to the new virtual appliance.
-
The Java runtime used in MSS has been updated to Java 11. When using the "no JRE" installer, you must now provide a Java 11 JRE. (12.8.3)
-
The updated MSS Administrative Console supports Chrome, Edge or Firefox. You can no longer access the Admin Console using Internet Explorer 11. (12.8.3)
-
IP address SAN entries are no longer added to generated self signed certificates. This change was made to avoid problems resulting from dynamic IP addresses. IP addresses can still be explicitly added during install if necessary. (12.8.2)
-
All servers in an MSS cluster must now be running on the same platform, for example either all Windows servers or all Linux servers. (12.8.2)
-
Due to Microsoft continuing to retire Internet Explorer 11, our ability to resolve IE 11 browser-specific issues will be limited after June 2022. We will continue to support IE 11 on versions of HACloud that currently support it, based on the Product Support Lifecycle, but will be removing support for IE 11 in MSS 14 and greater. (12.8.1)
Known Issues
If you encounter unexpected issues with Management and Security Server, contact Micro Focus Support.
-
When using LDAPS and performing a search on the MSS Administrative Console - Assign Access panel, you may encounter the error "There was a problem processing your request" and find the following error in the MSS
container.log
:java.security.cert.CertificateException: No subject alternative name found matching IP x.x.x.x
.To resolve this issue:
- Open
container.conf
in themss/server/conf/
folder. Insert the following property into to the file, replacingxx
with the next index number in sequence:wrapper.java.additional.xx=-Dorg.bouncycastle.jsse.client.assumeOriginalHostName=true
. - Use a hostname, not an IP address, when specifying the location of your LDAPS server in the MSS Administrative Console.
- Restart MSS
If you're unable to use the workaround above, you must generate a new LDAPS server TLS certificate that contains its IP address as a Subject Alternative Name, and re-import it into MSS.
- Open
Note
With the addition of Windows Authentication - Kerberos, support for NTLMv2 will be removed in an upcoming release.
Contacting Micro Focus
Check these online resources.
-
MSS Security Updates -- contact Micro Focus Support
-
Product information, including the MSS Add-On products and a Free Trial link
-
Support Resources, including Knowledge Base articles
For specific product issues, contact Micro Focus Support.
Legal Notice
© Copyright 2023 Micro Focus or one of its affiliates
The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.