Table of Contents
1. Introduction #
This page summarizes the new features, resolved issues, and known issues in enPortal version 5.6.1 released on December 4th, 2015.
2. What is enPortal #
Edge enPortal is the industry’s only secure, vendor-neutral network management integration platform. With pre-built Product Integration Modules (PIMs) for common third-party applications, enPortal is a Commercial Off The Shelf (COTS) solution that quickly integrates these network management tools and offers advanced capabilities including:
- Integration of existing web-based tools and applications
- Advanced Security including role/domain-based access via a secure proxy
- Single Sign-On (SSO) and Sign-Off
- Integration with external user authentication systems
- Branding and Customization
- Dashboard Views
3. New Features #
- Added BaseTrustedLoginRequestProcessor, to simplify custom login integrations; where an external authorization sits in front of enPortal/AppBoard. (EN-239)
- Validate Session Filter (enabled by default) ensures all requests with exception to specific pages and resources (login_pages and js) require a session for improved security and supports custom allow paths. (EN-253)
- Added support for HTTP Method PUT, so that this request will be supported by the CRS. (EN-236)
- Introduced a short random change password delay to reduce the risk of brute force password attacks. (EN-246)
- Introduced a check on the enPortalComponentInfo cookie to figure out the correct proxied URL when runtime rules are unable to handle it. (EN-200)
4. Resolved Issues #
- Fix CRS Channel Refresh. (EN-249)
- Improved Security of ClassExec channel, requiring whitelist of classes that can be executed. (EN-255)
- Enhanced access restrictions of system channels. (EN-250)
- Enhanced security on the initial page rendered from http://host:port/ that did not have appropriate headers X-Content-Type-Options and X-Frame-Options set to prevent clickjacking. (EN-259)
- Fix CRS URL fragment support. (EN-227)
- Fixed deadlock in OR mapping framework that could happen under heavy load. (EN-251).
- Improved performance under heavy load, for both session lookups and runtime variable management. (AB-1140 & AB-1142)
- Fixed issue where HTML tag was displayed in password policy error message to the user; and updates to allow localization of messages to the user. (EN-224)
5. Known Issues #
- The Validate Session Filter, added in 2.6.1, will redirect any unauthenticated request to the login page. This was added as a security enhancement. If you see this behavior and want the page to be accessible, you must add an allowed path to the custom configuration file.
6. Contact Information #
For questions or assistance with this release of enPortal, please see the support page for contact information.