Table of Contents
edgeCore Security Updates
ES2019-777 – Upgraded Apache Tomcat to v9.0.30 with a number of resolved CVEs.
ES2019-784 – Upgraded Jackson-databind to v184.108.40.206 (addressed CVE-2019-16942 / CVE-2019-16943) and removed sonar-runner-api.
ES2019-785 – Upgraded to the latest Apache LDAP (api-all) v2.0.0 (from v1.0.3): CVE-2018-1000632
ES2019-786 – Upgraded to the latest v4.1.1 release (from v4.1.0) to address Apache POI vulnerability: CVE-2019-12415
ES2019-787 – Updated HarLib library to remove dependency on a legacy Jackson Core library.
edgeSuite New Features #
ES2019-603 – Enhanced Custom Filter counts in Visualizations to update when a search filter narrows the data.
ES2019-729 – Enhanced pipeline nodes presentation to show visual indication of current node status, including error and success counts.
ES2019-741 – Enhanced the Icon Map Visualization to provide improved control for configuring the clustering and aggregation of map markers.
ES2019-778 – Enhanced pipeline node job status icons to reflect current state instead of historical data.
Updates to edge.sh Command Line Interface (CLI) #
ES2019-498 – Enhanced usability of CLI on Windows by creating direct es-cli.bat command and updating edge.bat to bring parity with Unix CLI.
ES2019-533 – Enhanced the CLI version command to include display of the version of the CLI command/application.
ES2019-742 – Fixed an issue where running a restore in the CLI caused unexpected behavior in the web client after completing the restore operation.
edgeCore Resolved Issues #
ES2019-662 – Fixed issue where the first page of a carousel in Kiosk mode was not loading if a Page Variable exists.
ES2019-669 – Fixed issue in configuration dialogs where validation of numbers was not immediate (required leaving the field).
ES2019-673 – Fixed issue where user-level Secured Variable values were lost on upgrade to v3.11 from certain earlier versions.
ES2019-675 – Fixed issue in which the maximum Tooltip width was observed to be reduced in v3.11.
ES2019-679 – Fixed issue in the Bullet Chart Visualization in v3.11 where a red outline was observed around the bars in the chart.
ES2019-680 – Fixed a regression where the Server Time Zone information was lost from the System Info display.
ES2019-682 – Enhanced configuration fields in Pipeline Connections and Feeds by modifying parameters to allow the evaluation of System Variables in them.
ES2019-693 – Updated backup/restore configuration to recognize Cyberark.properties file and include it in a full export and restore.
ES2019-730 – Enhanced Push data source to improve handling HTTP response codes and messages (see also ES2019-770 below).
ES2019-745 – Fixed issue where entering the string “null” into some configuration fields in the pipeline UI, and saving, would cause the field to become empty on re-edit.
ES2019-749 – Fixed issue where it was possible for a job with missing upstream results to not get scheduled after an update.
ES2019-758 – Fixed issue where a Push Feed would initially receive data but then not retain the data on client refresh.
ES2019-763 – Fixed regression where Backup interface did not display an error message when a corrupted zip file was uploaded.
ES2019-766 – Enhanced SQL Transforms to warn users from saving transforms that use
with query syntax (see Known Issue below regarding ‘WITH’ clauses).
ES2019-770 – Enhance Push data source to provide client with a set of known/documented success/failure response codes (see also ES2019-730 above).
ES2019-771 – Fixed an issue where, when attempting to restore an HTML Template Visualization from JSON backup, the code preview (Renderer tab) displays the content appropriately but when switching to the Preview tab, code is not rendered into HTML elements.
ES2019-780 – Fixed a regression where Job changes to enable or disable ServerJob scheduling were not applied to the active pipeline.
ES2019-781 – Fixed a regression in the LDAP Authenticator where a user could have a failed login due to account inactivity and password expiration.
edgeCore Known Issues #
Please review the following known issues:
Bootstrap 4 Updates #
Due to the significant upgrade to Bootstrap 4, systems with customizations in the following areas should be tested to determine if they will require updates:
- HTML Template Visualizations
- Example: Glyphicons are no longer included. If you have custom HTML Templates that used them, in v3.11 they will all be empty.
- Login Pages
Common Table Expression ‘WITH’ Clauses #
edgeSuite uses H2 database in support of the SQL Transforms. SQL that uses Common Table Expression (CTE) ‘WITH’ clauses have been identified as causing two issues.
- Lock Timeouts: Transforms fail to run; as temporary tables fail to be cleaned up.
- Memory Leaks: The temporary table results are not being cleaned up properly in all instances; and it will trigger Out Of Memory on the JVM.
For additional information on this known issue, and remediation options, see SQL Transform.