enPortal v5.5.2 Release Notes

< enportal | 5.5

Page Contents

1. Introduction

This page summarizes the new features, resolved issues, and known issues in enPortal version 5.5.2 released on March 9th, 2015.

2. What is enPortal

Edge enPortal is the industry's only secure, vendor-neutral network management integration platform. With pre-built Product Integration Modules (PIMs) for common third-party applications, enPortal is a Commercial Off The Shelf (COTS) solution that quickly integrates these network management tools and offers advanced capabilities including:

  • Integration of existing web-based tools and applications
  • Advanced Security including role/domain-based access via a secure proxy
  • Single Sign-On (SSO) and Sign-Off
  • Integration with external user authentication systems
  • Branding and Customization
  • Dashboard Views
  • Multi-tenancy
  • Scalability

3. Supported Platform Changes

  • None

4. New Features

  • Added support for AES-256 level encryption of passwords, in addition to the previously supported AES-128. For more information, see Product Security. (EN-167)
  • Upgraded one-way hashing algorithm for encrypting passwords from SHA-1 to SHA-2 (block size SHA-256). For more information, see Product Security. (EN-168)
  • Improved results of security scans by changing the JSESSIONID cookie whenever a session is created or terminated. (EN-173)
  • Increased the length of the enPortal_sessionid cookie from 16 hex chars (64 bits) to 64 hex chars (256 bits) to exceed the current security recommendation. (EN-174)

5. Resolved Issues

  • Upgraded to Apache Tomcat version 7.0.59 to address CVE-2014-0227. (AB-980)
  • Upgraded to Xalan 2.7.2 and Xerces 2.11.0 Apache libraries to address CVE-2014-0107. (AB-930)
  • Upgraded to HttpClient 4.4 Apache library to address CVE-2014-3577. (EN-187)
  • Upgraded to Commons FileUpload 1.3.1 and POI 3.11 Apache libraries to address multiple CVEs. (AB-965)
  • Fixed an issue where The {webapp.home}/custom/ directory was being excluded from archives in the default configuration. For more information on customizing archives, see Backup and Recovery. (AB-802)
  • Fixed an issue where the post_install script on a Solaris O/S would fail in some cases. (AB-927)
  • Fixed an issue where some cookies were not being sent by the cookie manager because the maxAge value in seconds was being treated as milliseconds. (EN-177)
  • Improved handling of rules in portal.css to better handle @ CSS rules, which were causing silent exceptions. Any portal.css files that include @ CSS rules (for example, @font-face) should be validated to confirm that they are working correctly. (EN-171)
  • Fixed the portal keycreate command to properly handle the encrypting of all system passwords when the system administrator makes a manual key change. For more information on this command, see the Portal Commands documentation. (EN-175)
  • Fixed an issue where an application using a redirect with a "logout=true" request parameter could cause enPortal to interpret the command and terminate the enPortal session. (EN-170)

6. Known Issues

  • There are no major new known issues in this release.

7. Contact Information

For questions or assistance with this release of enPortal, please see the support page for contact information.