Netsweeper 7.2.8 EA is now available for early adopters. This release mainly includes stability improvements to the 7.2 release.
We expect the 7.2.9 release to be Generally Available (GA) and will be only fixing stability problems and bug reports. All customers should consider upgrading their test environment to the 7.2.8 release and start planning their upgrade path to the 7.2 product. The 7.2.9 release is planned to be made available at the end of April 2022 and should be the first GA release for the 7.2 series.
The Netsweeper 7.2 release is the last release available on both EL6 and EL8. Moving forward, Netsweeper will only be making new feature available on the EL8 platform. Customers are expected to transition from EL6 to EL8 using the Netsweeper 7.2 product. Netsweeper will continue to provide security fixes to the EL6 builds but will not provide new features to the EL6 based release.
New Features Summary
- Azure Active Directory can now synchronize with Microsoft Graph SDK and Microsoft Authentication Library. DirSync type based on the Microsoft Graph SDK with MSAL4J for Azure Directory.
- Changed virtual machine profile to virtual-guest in EL8 or latency-performance when on hardware. This will reduce 100% CPU usage on ESXI and other virtual hosts.
Change Log 7.2.8
| Ticket | Type | Description |
| 25344 | BUG: | The Profile Manager, with misconfigured liger_webadmin_url, could cause a blank profile listing to appear, or, when properly configured, do needless 302 redirects. |
| 25502 | FEATURE: | Azure Active Directory can now synchronize with Microsoft Graph SDK and Microsoft Authentication Library. |
| 25514 | BUG: | The remote server authentication on the WebAdmin SSL Certificate Page was not being saved. |
| 25613 | SECURITY: | There was a duplication in the HSTS header. |
| 25673 | SECURITY: | Log4J has been updated for Directory Sync. |
| 25674 | UPDATE: | Module Name, in Request Logs, now uses the basename if shorter than the max URL display length. |
| 25693 | SECURITY: | Reflected Cross-Site Scripting on '/webadmin/admin/logs.php' page via 'log' parameter. |
| 25694 | SECURITY: | Bruteforce protection bypass via 'webadmin/api/login.php' API call. |
| 25704 | SECURITY: | Account Signup and Forgot Password did not have Rate Limiting allowing an end user to perform Email Bombing. We now use WebAdmin Lockout when enabled to limit the source IP address to a maximum number of attempts. |
| 25721 | BUG: | There was an inability to edit a Report if it was assigned to an Account that did not exist. Admin users can now edit Report for Accounts that do not exist. |
| 25736 | BUG: | Changing a Group name in Simple Group Manager would clear the avatar. |
| 25742 | BUG: | The maximum unique IP default number, in Policy Server Settings, has been updated. |
| 25745 | FEATURE: | There is a new DirSync type based on the Microsoft Graph SDK with MSAL4J for Azure Directory. |
| 25750 | BUG: | The srid=XXX and srspid=XXXX is not properly URL encoded and URL decoded (Profile Manager). |
| 25751 | BUG: | Auto Create Profile Manager profiles, did not get auto created on First Time Login. |
| 25752 | BUG: | The Access control header are not before the includes, so errors (reporter database errors) on remote reporter are not sent to WebAdmin on different host. |
| 25754 | BUG: | The Remote Reporter did not load the database settings properly in 7.2.7. |
| 25755 | BUG: | If an error occurs while getting Report data, we now display the error in the Report chart. |
| 25757 | BUG: | In the Profile Manager, the password fields did not start disabled when no password was selected. |
| 25758 | SECURITY: | The Profile Manager did not use the Login Lockout system. |
| 25759 | BUG: | The CNS did not properly close the connection after the remote server idle timeout. |
| 25761 | FEATURE: | Changed virtual machine profile to virtual-guest in EL8 or latency-performance when on hardware. This will reduce 100% CPU usage on ESXI and other virtual hosts. |
| 25762 | BUG: | DirSync would stop interval synchronization if the server had been shut down for long time. |
| 25763 | BUG: | In the Profile Manager, you could not select the Default Timezone if it was not already selected. |
| 25765 | BUG: | The libevent policy service DNS filtering could cause the policy service to abort. |
| 25771 | BUG: | Forgot Password would not send the email or display a success message in the 7.2 releases. |
| 25772 | BUG: | DirSync did not check the Prefix for Google and Azure Search Bases. |
| 25776 | BUG: | If an error occurred during Account creation, the password was not saved and the 'No Password' option was selected. |
| 25777 | BUG: | The Group Templates > Set Default tab showed all Groups in the dropdown instead of default Group Templates. |
| 25778 | BUG: | The Login Lockout feature could lock out some automated requests permanently. |
| 25787 | SECURITY: | The CSV File export can export Excel functions starting with -+= in a cell. |
| 25788 | SECURITY: | Users without 'Clients Management' permissions were able to export Client Information. |
| 25789 | BUG: | Submitting URLs in the Category Alert caused an error due to a security policy. |
| 25790 | BUG: | The Policy Server could get memory errors at shutdown. |
| 25793 | BUG: | The Override System-Wide Categories option for Accounts displayed the wrong styling. |
| 25797 | BUG: | Formulating the ssl://hostname:port could overflow buffer when extremely long hostnames were used for cns_server and other hostname settings that now support the ssl:// prefix. |
| 25799 | SECURITY: | The Account Permissions List API did not check if the user had permission before checking if the Account existed when logged in as a SysOp. |
| 25800 | BUG: | readcns could crash the policy service in unit tests causing segfault and policy service abort. |
| 25811 | BUG: | Deleting a Simple Group in Group Properties did not return the user to the Simple Group Manager page. |
| 25814 | BUG: | The policy service connection leak could leave connection in CLOSE_WAIT state to the policy service when max connections have been reached. |
| 25815 | BUG: | The CNS server could go offline and never return to a proper online state. |
| 25816 | BUG: | Connection reset by peer message could cause a log file DOS attack. |
| 25822 | BUG: | The Policy Server active connection count could be incorrect since the connection can be dismissed twice causing corrupt counters. |
| 25826 | SECURITY: | Deny Page permissions are now checked when uploading Deny Page content. |
| 25827 | BUG: | Deny Page images were not deleted from the database when the Deny Page was deleted. |
| 25829 | BUG: | Unable to delete a Group Deny Page. |