Host Access Management and Security Server - Release Notes

June 2024

Host Access Management and Security Server (MSS) 14.1.0.1 released.

What's New

All MSS releases are cumulative, and contain the features introduced in earlier releases. For previous versions, see MSS Documentation.

Features and Fixes

• Fixed a defect caused by a too short HTTP timeout that prevented two appliances from being clustered. (14.1.0.1)
• Added support for an OIDC redirect URI landing page, which is required by certain providers. (14.1.0.1)
• Updated third-party libraries, including Java, to address security vulnerabilities. (14.1.0.1)
• Security updates including Java and third-party libraries have been made. (14.1.0)
• Applied security updates to address multiple CVEs. (14.1.0)
• Added support for OpenID Connect (OIDC) based authentication via an external provider. (14.0.1)
• The MSS Admin Console can now be accessed using Micro Focus Advanced Authentication and X.509 authentication. (14.0.1)
• Support for Automated Sign-On for Host Access was re-introduced in the new architecture. (14.0.1)
• X.509 authentication support for Reflection Desktop, when configured for centralized management, was re-introduced in the new architecture. (14.0.1)
• Addressed an issue that prevented the advanced Kubernetes dashboard from loading in a deployment that was not connected to the internet. (14.0.1)
• Added strict Transport Security Headers (HSTS) to enhance security. (14.0.1)
• SiteMinder Agent name is now automatically replicated between nodes. (14.0.1)

Changes in Behavior and Usage

• The SiteMinder and Single sign-on through IIS authentication methods have been deprecated and will be removed in an upcoming update release and in the next major long-term support release.

  If you use either of these methods, we recommend migrating to OIDC, Kerberos, or SAML, which are more secure and compatible with modern authentication standards. Please contact Support with any concerns regarding this change. (14.1.0.1)

• RSA key exchange cipher suites used in TLS connections are now disabled by default. Contact Support if re-enablement is required. (14.1.0)

• The Security Proxy is automatically scaled to one instance when enabled using an activation file. (14.1.0)
• Port 8000 is no longer required for X.509 authentication. (14.1.0)

Known Issues

If you encounter unexpected issues with Management and Security Server, contact Support.

• When joining a node to a cluster, the node shuts down before it joins the cluster. This can result in a delay of perhaps 20 minutes. Let the process continue; it will eventually complete or error-out if there is a problem. (14.1.0)
• If the firewall status on a node changes, the pods on that node become inaccessible. Reboot the node to make the pods accessible. (14.1.0)
• Following initial installation, server node restarts, or adding new nodes to the cluster, it may take approximately 15 minutes for the cluster to stabilize and report itself as 'Healthy.' Numerous warning events may appear in the Cluster Management - Events view during startup. These events are part of the normal operation and will be cleared after approximately 15 minutes. Always wait for the cluster to be reported as healthy before proceeding with cluster operations. (14.0)
• When using the Appliance, the process of downloading a Support Zip can take several minutes, with no feedback in the user interface. After clicking "Ok", please stay on the view until the download completes (14.0)
• When using the migration tool to migrate from a system with Terminal ID manager configured, on the new system Terminal ID manager will fail to start after migration. To work around this issue please contact support. (14.0)
• Support for X.509 authentication through a load balancer is not currently functioning. Contact Support for more information. (14.0)
• Reflection/InfoConnect Desktop FTP sessions that run through the Security Proxy may fail with a "Failed to establish an FTP Gateway session" message. Please contact support for assistance. (14.0)

Contacting Support

Check these online resources.

• MSS Security Updates -- contact Customer Support

• MSS Product Documentation

  - MSS Deployment Guide

  - MSS Admin Console Help

• Product information, including the MSS Add-On products and a Free Trial link

• Support Resources

For specific product issues, contact Customer Support.

Legal Notice

© 2000 - 2024 Rocket Software, Inc. or its affiliates. All Rights Reserved.