Release Notes

Rocket® Host Access Management and Security Server (MSS) 14.1.1 released with Host Access for the Cloud 3.1.1.

Features and Fixes

All releases are cumulative, and contain the features introduced in earlier releases. For previous versions, see MSS Documentation.

Automated Sign-On for Host Access now works with multiple hosts. Additionally, you can now set one-time password rules and host-based authorization directly in the Admin Console UI. (14.1.1)
A button to upgrade the operating system has been added to the console for appliance-based deployments. The button is only visible when an OS upgrade is available. (14.1.1)
Fixed a defect that caused TLS connections to fail intermittently. (14.1.1)
Added support for an OIDC redirect URI landing page, which is required by certain providers. (14.1.1)
Updated third-party libraries, including Java, to address security vulnerabilities. (14.1.1)
Fixed a problem where Automated Sign-On for the Mainframe now properly uses an updated Cluster DNS certificate. (14.1.1)
Added container images that were missing in an air-gapped environment. (14.1.1)
Fixed a problem that prevented nodes from clustering reliably in some environments. (14.1.1)
Fixed a problem causing slow SAML authentication. (14.1.1)
Set default Socket timeouts to prevent MSS from freezing. (14.1.1)
Updated third-party libraries, including Java, to address security vulnerabilities. (14.1.0)

The SiteMinder and Single Sign-on through IIS authentication methods have been deprecated and will be removed in an upcoming release and in the next major long-term support release. If you use either of these methods, we recommend migrating to OIDC, Kerberos, or SAML, which are more secure and compatible with modern authentication standards. Please contact Customer Support with any concerns regarding this change. (14.1.1)
Rebranding to Rocket Software is in progress. Inconsistencies in branding may be apparent until the next major long-term release. (14.1.1)
RSA key exchange cipher suites used in TLS connections are now disabled by default. Contact Support if re-enablement is required. (14.1.0)
The Security Proxy is automatically scaled to one instance when enabled using an activation file. (14.1.0)
Port 8000 is no longer required for X.509 authentication. (14.1.0)

If you encounter unexpected issues with Management and Security Server, contact Customer Support.

When joining a node to a cluster, the node shuts down before it joins the cluster. This can result in a delay of perhaps 20 minutes. Let the process continue; it will eventually complete or error-out if there is a problem. (14.1.0)
If the firewall status on a node changes, the pods on that node become inaccessible. Reboot the node to make the pods accessible. (14.1.0)
The Active Directory Locator Service for LDAP authentication is not working (14.0).
Following initial installation, server node restarts, or adding new nodes to the cluster, it may take approximately 15 minutes for the cluster to stabilize and report itself as 'Healthy.' Numerous warning events may appear in the Cluster Management - Events view during startup. These events are part of the normal operation and will be cleared after approximately 15 minutes. Always wait for the cluster to be reported as healthy before proceeding with cluster operations. (14.0)
When using the Appliance, the process of downloading a Support Zip can take several minutes, with no feedback in the user interface. After clicking "Ok", please stay on the view until the download completes (14.0)
Support for X.509 authentication through a load balancer is not currently functioning. Contact Support for more information. (14.0)
Reflection/InfoConnect Desktop FTP sessions that run through the Security Proxy may fail with a "Failed to establish an FTP Gateway session" message. Please contact support for assistance. (14.0)