3.11.3 Release Notes

edgeCore CVE’s

EC-126 – Upgrade Jackson FasterXML DataBind dependency to address CVE-2019-20330.

EC-126 – Upgraded default login page AngularJS 1.7.8 dependency to address CVE-2019-10768.

EC-126 – Upgraded Spring Framework dependency to address CVE-2020-5398.

EC-177 – Upgrade to Apache 9.0.31 dependency resolving CVE’s:  CVE-2020-1938, CVE-2020-1935, CVE-2019-17569.

EC-178 – Upgrade Jackson FasterXML DataBind dependency to address CVE-2020-8840.

edgeCore Resolved Issues

EC-205 – Resolved issue where stacked visualizations titles were cut-off.

EC-163 – Added es-cli utility to encrypt a property, with ability to write a named property to the appropriate ‘custom.properties’ or ‘local.properties’ file.

EC-4 – Reduce logging by only flagging the following log statements as debug vs warn:  “Link already in list of Incoming/Outgoing Links: linkId”.

EC-208 – Resolved memory leak by ensuring WebSocketClosed events to close data subscriptions.

EC-209 – Improved management of Cache DB tables to allow cleanup via maintenance task.

EC-209 – Addressed JobManagement locking to limit.

EC-209 – Improved thread locking to better handle CustomAuth solutions that set user sec vars.

EC-124 – Resolved issue when creating new failover connections where the new entries values were based on the previous one in the list, updates affected both entries.

EC-139 – Resolved issue where password policy blocked users, by the password min age, from resetting their password after and admin password reset.

EC-81 – Resolved issue where DB and LDAP Pool entries initialized via CyberArk Credential Expressions were not invalidated when the credentials rolled over.

EC-81 – Improved DB Pool and LDAP Pool management when credentials are saved and connections are saved or removed.

EC-37 – Resolved rendering issue where timeline visualization failed to remove entries if subscription went from showing results to showing zero results.

EC-37 – Resolved issue where the ‘Processing …’ message wasn’t removed from the timeline visualization.

EC-95 – Resolved issue where ‘Small Multiples’ visualization failed to render after a restore or after the initial creation without re-editing and saving the visualization.

EC-94 – Resolved issue introduced by MySQL v8 (‘GROUPS’ is a reserved word) causes session log table creation error.  Include providing a reference to the MySQL8Dialect option to use when MySQL  is used as the Auth database.

edgeCore Known Issues

Please review the following known issues:

Bootstrap 4 Updates

Due to the significant upgrade to Bootstrap 4, systems with customizations in the following areas should be tested to determine if they will require updates:

  • HTML Template Visualizations
    • Example 1: Glyphicons are no longer included. If you have custom HTML Templates that used them, in v3.11 they will all be empty.
    • Example 2: EC-204 – updating theme theme=”bootstrap” to theme=”bootstrap4-1″
  • Login Pages
  • Themes

Common Table Expression ‘WITH’ Clauses

edgeCote uses the H2 database in support of the SQL Transforms. SQL that uses Common Table Expression (CTE) ‘WITH’ clauses have been identified as causing two issues.

  1. Lock Timeouts: Transforms fail to run as temporary tables fail to be cleaned up.
  2. Memory Leaks: The temporary table results are not being cleaned up properly in all instances, and it will trigger Out Of Memory on the JVM.

For additional information on this known issue, and remediation options, see SQL Transform.