enPortal v5.6.1 Release Notes

1. Introduction #

This page summarizes the new features, resolved issues, and known issues in enPortal version 5.6.1 released on December 4th, 2015.

2. What is enPortal #

Edge enPortal is the industry’s only secure, vendor-neutral network management integration platform. With pre-built Product Integration Modules (PIMs) for common third-party applications, enPortal is a Commercial Off The Shelf (COTS) solution that quickly integrates these network management tools and offers advanced capabilities including:

  • Integration of existing web-based tools and applications
  • Advanced Security including role/domain-based access via a secure proxy
  • Single Sign-On (SSO) and Sign-Off
  • Integration with external user authentication systems
  • Branding and Customization
  • Dashboard Views
  • Multi-tenancy
  • Scalability

3. New Features #

  • Added BaseTrustedLoginRequestProcessor, to simplify custom login integrations; where an external authorization sits in front of enPortal/AppBoard. (EN-239)
  • Validate Session Filter (enabled by default) ensures all requests with exception to specific pages and resources (login_pages and js) require a session for improved security and supports custom allow paths. (EN-253)
  • Added support for HTTP Method PUT, so that this request will be supported by the CRS. (EN-236)
  • Introduced a short random change password delay to reduce the risk of brute force password attacks. (EN-246)
  • Introduced a check on the enPortalComponentInfo cookie to figure out the correct proxied URL when runtime rules are unable to handle it. (EN-200)

4. Resolved Issues #

  • Fix CRS Channel Refresh. (EN-249)
  • Improved Security of ClassExec channel, requiring whitelist of classes that can be executed. (EN-255)
  • Enhanced access restrictions of system channels. (EN-250)
  • Enhanced security on the initial page rendered from http://host:port/ that did not have appropriate headers X-Content-Type-Options and X-Frame-Options set to prevent clickjacking. (EN-259)
  • Fix CRS URL fragment support. (EN-227)
  • Fixed deadlock in OR mapping framework that could happen under heavy load. (EN-251).
  • Improved performance under heavy load, for both session lookups and runtime variable management. (AB-1140 & AB-1142)
  • Fixed issue where HTML tag was displayed in password policy error message to the user; and updates to allow localization of messages to the user. (EN-224)

5. Known Issues #

  • The Validate Session Filter, added in 2.6.1, will redirect any unauthenticated request to the login page. This was added as a security enhancement. If you see this behavior and want the page to be accessible, you must add an allowed path to the custom configuration file.

6. Contact Information #

For questions or assistance with this release of enPortal, please see the support page for contact information.