How can we help?

Netsweeper 7.2.7 EA

Follow

Netsweeper 7.2.7 EA is now available for early adopters. This release includes more security improvements and advancements made for the Client Filter.

Customers running 7.2 should upgrade to the 7.2.7 release as we continue to fix major defects and improve stability. Netsweeper is now focused on making progress toward a GA milestone so all customers can upgrade to the 7.2 release. We hope over the next month or two we will be able to deliver the 7.2 GA release and move onto the development of Netsweeper 8.1.

The Netsweeper 7.2 release is available on both EL6 and EL8. Over the course of the 7.2 release cycle, we will be finalizing the EL8 release. Moving forward to Netsweeper 8 releases, we will no longer be releasing new features for the EL6 builds. Netsweeper will continue to provide security fixes to the EL6 builds but will not provide new features to the EL6 based release. Customers are expected to plan a migration to EL8 between now and 2023 if they desire the new features we are introducing.

New Features Summary

Active-Active WebAdmin Features

  • Reporter will not run Reports on a database that has not yet been upgraded
  • Directory Sync does not run unless the database version matches the version required by the DirSync service

Report Export for UTF16

  • A new report instance export format CSV (UTF16), that supports Unicode characters, has been added

Client Filter Branding Permissions

  • New Client Filter Brand permissions added for SysOps to perform Client Filter Settings Brand Management

nMonitor

  • nMonitor Config setting added to the WebAdmin Client Filter Settings

Other Features

  • WebAdmin Settings now loads from external applications to support loading settings, passwords, and other settings from external secure systems
  • Example settings_override.php of how to call external script and cache result are now provided

 

Change Log 7.2.7

Ticket Type Description
25187 SECURITY: Deny Page Reflected Cross Site scripting problem has been resolved.
25214 BUG: The 'Show Groups with No Policies' did not work correctly.
25382 BUG: Setting failure shutdown in the Policy Service would make "auxlist_failure" be processed as a Deny Page and not allow.
25400 BUG: The database upgrade page now redirects to the home page if no error exists.
25438 BUG: Policy Service did not include Intermediate Certificates in the cert chain for SSL/TLS, causing Lets Encrypt generated certificates to display certificate error on MacOS and other operating systems.
25449 SECURITY: The 14 MED WebAdmin "Use of hard-coded credentials" has been fixed.
25485 FEATURE: The Reporter now will not run Reports on a database that has not yet been upgraded.
25486 FEATURE: Do not allow the ns_webadmin, ns_reporter or ns_directorysync packages to be made unless the /sql/XXXX_XXX.sql versions are properly set in the code.
25498 BUG: Added escaping for table request arguments.
25499 SECURITY: GetTableVars in ajaxtable did not escape elements it is forming with a URL.
25501 BUG: The AD Directory Sync, after an upgrade, did not sync unless restarted.
25503 SECURITY: Fixed the WebAdmin security issue, missing authorization check.
25505 SECURITY: Fixed the WebAdmin security issues for Open Redirect.
25506 SECURITY: Review the WebAdmin security issues for Unrestricted external entity references.
25507 SECURITY: Fixed the WebAdmin security issues for Unchecked origin of message event.
25508 SECURITY: Fixed the WebAdmin security issues for Unrestricted External Entity References.
25530 SECURITY: In Linux, a memory corruption vulnerability was discovered that would allow any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration.
25541 BUG: The Dashboard Monitoring Graphs would get an error when changing timeframes.
25542 BUG: There was a database error when searching the Group Name in Lists > Policies > View Table.
25551 BUG: For the timesegment_add API, the error message has been corrected.
25560 BUG: The upgrade through from 7.2.3 to 7.2.6 required the root password to be properly set and maintained if done via the WebAdmin.  The root password maxdays requirement has been removed.
25562 BUG: A duplicate List would appear for a SysOp who is owned by a SysOp.
25565 FEATURE: Directory Sync should not run unless the database version matches the version required by the DirSync service.
25567 FEATURE: Netsweeper 7.2.7 EL8 includes the PHP APCu cache. Netsweeper EL8 can now cache many things in memory for increased WebAdmin performance.
25568 FEATURE: WebAdmin Settings can now load from external applications to support loading settings, passwords, and other settings from external secure systems.
25569 FEATURE: Users can override WebAdmin Settings in /webadmin/config/settings_override.php allowing for external systems to do queries to load settings.
25570 FEATURE: A warning message has been added to nsup2d managed files in order to avoid customers modifying these files.
25572 BUG: The timesegment_query API did not work if the stopday was 0 or Sunday.
25574 SECURITY: Fixed minor logging security issues.
25577 SECURITY: Review WebAdmin Security issues.
25578 FEATURE: A new instance export format CSV (UTF16), that supports Unicode characters, has been added.
25582 BUG: Setting failure shutdown in the nsd.conf will make 'auxlist_failure' be processed as a Deny Page and it will not be allowed.
25583 FEATURE: New Client Filter Brand permissions have been added to allow the SysOp to perform Brand Management.
25584 SECURITY: All EL8 base packages have been updated to the latest packages.
25586 BUG: Deactivate Hosts in Services did not work properly.
25590 SECURITY: The Deny Page editing framework had possible JSON escape XSS attack.
25594 SECURITY: The 5 MED DirSync "Risky cryptographic SSL protocol" and disable SSLv3 in BindSSL has been fixed.
25597 BUG: The Reporter did not properly encode the CSV format causing problems with the Search Keyword functionality.
25598 SECURITY: Updated extended support for RPM on EL6 nss-3.44.0-7.0.2.el6_10.  Fix CVE-2021-43527 [Orabug:33627334].
25599 SECURITY: WebAdmin tables could have possible Reflected Cross Site Scripting attack. This has been fixed.
25600 SECURITY: Updated extended support for RPM on EL6 dhcp-4.1.1-63.P1.0.2.el6_10. Fix for CVE-2021-25217 Orabug:33005948.
25601 BUG: Reporter in 7.2.5 and 7.2.6 may not start after a fresh install as the Reporter database may not have been created yet.   The 7.2.7 release will recheck on an interval and start to run once database is created with the proper version.
25602 BUG: There was a database error when searching in Session Settings.
25603 SECURITY:  DENY response headers in certain places in the WebAdmin. This has been fixed.
25605 FEATURE: The 'Client nMonitor Config' setting has been added to the Client Filter Settings page in the WebAdmin.
25606 FEATURE: The Client nMonitor Config can now be loaded into the Client Settings in the WebAdmin and can be processed as part of the hash for change detection.
25608 UPDATE: The Client Filter Global Uninstall Password had no description in Client Filter Settings.
25612 BUG: The Directory Sync 'Test Connection' did not work in EL8 for SSL/TLS enabled connections. The 'Test Connection' for 7.2.6 in both EL6/EL8 did not check certificate validation if "Disable Certificate Validation" was unchecked.
25614 FEATURE: Example settings_override.php on how to call external script and cache result are now provided.
25615 BUG: Unable to login to WebAdmin without a Reporter database connection. If a database connection error occurs, we do not check the version as a different error will occur in this case.
25624 SECURITY: The Netsweeper version information from the /etc/issue.net has been removed and added to the /etc/motd to maintain version information secure.  Console /etc/issue has versioning information maintained.
25625 BUG: In EL 8, using a hostname instead of IP as a WebDB host caused timeout issues on 7.1.1 to 7.2.6.
25626 BUG: If the logger connection is idle, that logger server closes the connection after 60 sec idling. But the LogMod5 remove connection module (client) in such case logs the error message and reconnects again. The reconnect is OK but the error message is annoying because it is not an error, but the server expected behavior. And if it is idle for hours the LogMod5 fills the error log with such useless messages. This ticket removes this message for the "remote server closed connection" event and leaves it only for real errors.
25627 BUG: Administration > Security Labels Search caused a database error.
25629 BUG: DNS filtering did not work in 7.2.1 to 7.2.6 due to policy service squid25udp processing failure. All UDP processing in policy service was unstable.
25645 UPDATE: The API Test Tool now uses the settings_override.php instead of settings_nsup2d.php to set authentication type to make sure it is not overwritten.
25653 BUG: If the Group name was empty, it could cause a log session to segfault.
25656 FEATURE: New CSV UTF16 formats have been added to the Custom Reports and Report view API.
25672 BUG: Client Filter protocol denied URLS, had unnecessary data appended to the end of the denied URLs.
25686 BUG: The Policy Server 7.2.5 to 7.2.6 could cause Client Filter version and brand name corruption in Client Filter cookie and protocol requests.
25699 BUG: Security Label Mismatch, while a password change is required, caused an error in the table display.
25700 BUG: Report View API Account Owner permissions were not being checked.
25703 BUG: Account Perms List did not check if the user had permission before checking if the Account exists.
25719 BUG: readcns could crash the Policy Service in the 7.2.1 to 7.2.2 release causing a segfault and Policy Service abort.
25726 FEATURE: Netsweeper RPMs can now be installed on top of Rocky Linux, a EL8 based operating system.
25732 BUG: The Policy Server was not reloading a blank Exceptions List in Client Filter Settings.

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request