Enhancements are available in the following areas:
Support has been added to enable you to work with containers from the IDE. In particular you can now create a Dockerfile for a COBOL project, and build, debug and run a COBOL project in a container, all from the IDE.
The following enhancements have been made to the Data File Editor:
The following enhancements are available:
This release provides the following enhancements:
The Micro Focus Secrets Vault provides centralized storage for sensitive information such as passwords, with some protection against accidental disclosure or discovery by unauthorized users. Prior to this release, the only supported storage mechanism was a conventional file containing encrypted data. In this release, the permissions on the storage file and on the Secrets configuration file are set more restrictively to help protect the secrets.
The X.509 digital certificates used to identify servers when making TLS (SSL) connections permit the use of fully-qualified domain names with wildcards for some parts of the name. This enables administrators to use a single certificate issued to, for example, *.mycorp.com for any number of servers with fully-qualified names like www.mycorp.com, server1.mycorp.com, and so on. These wildcard-bearing certificates are now supported by client programs using Micro Focus communication technology when validating a server's certificate.
In the Access Control Lists used for resource access control with LDAP-based security in Enterprise Server, the ".**" wildcard sequence now behaves more similarly to mainframe RACF. A number of additional options for wildcard processing are also available.
The standard for using X.509 digital certificates to authenticate servers when making TLS (SSL) connections is known as PKIX, for Public Key Infrastructure (X.509). It is defined by a series of IETF RFC documents, currently RFC 5280 and others. In previous releases, the certificate validation performed by this product did not conform to PKIX in a number of ways, most notably in using DNS address-to-name resolution in an attempt to match a certificate to a host. With this release, clients using Micro Focus Common Client technology, such as COBOL web service proxy programs, CAS utility programs, and customer applications that use the CICS Web Services Interface feature, will by default, use stricter procedures for validating certificates which more closely conform to PKIX. This improves TLS security and interoperability.
In this release the third-party components used for parsing XML data have been updated, or have had bug fixes integrated into the version used by Micro Focus, to address published security vulnerabilities. Also, XML external-entity support has been disabled except where it is required by a particular product feature; this prevents XML External Entity (XXE) attacks on customer systems by attackers who can trick a customer application into parsing a malicious XML document.
This release offers the following new features and improvements:
Fileshare password files can now be stored in the Vault Facility, ensuring that sensitive user credentials are encrypted. Firstly, create the password file in the usual way, and then upload it, with a path of microfocus/fh, using the mfsecretsadmin utility.
To ensure the Fileshare server uses the file stored in the vault, start the server with the /uv option.
This release includes the following improvements: