Environment
Novell eDirectory 8.8.x for All Platforms
Novell iManager 2.7.x
Situation
Where is a comprehensive list of all Novell iManager fixes since iManager 2.7 was released?
Resolution
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP7 Patch 11
September 2017
Tomcat: 7.0.81
JVM: 1.8.0_144
NICI: 2.77.2
Framework
- Enhancement: RHEL 7.4 platform added (Bug 1059078)
- Clicking the apply button quickly multiple times can remove members from a group using Firefox (Bug 1030758)
- After selecting more than 100-300 objects no task is presented when clicking the button (Bug 986230)
- Special character in user object home directory path causes JDOMParseException (Bug 990034)
- iManager shows "cannot add empty strings" when selecting cancel on field editing (Bug 992077)
- Object selector not honoring results per page setting (Bug 988525)
- iManager workstation does not run on box running Novell Secure Login 6.1
- Cannot uninstall plugins if both iManager Workstation 3.x and 2.77.x are installed on the same workstation (Bug 1037834)
- Popup thrown while moving to other page from 'password restriction page' even if there is no change (Bug 1043049
- Timezone attribute is not interpreted correctly (Bug 1044618)
- "Illegal character range near index 110" seen in driver's status log (Bug 1045485)
- Blank page appears for 'Extend Schema' Plugin (Bug 1050867)
- OES Plugin upgrade is failing with error message 'Return code = 1' (Bug 1039626)
- Object selector window does not display the page properly in IE10 on Windows 8 (Bug 794723)
- XSS attack hole closed (Bug 1001625) (CVE-2017-9276: internally found)
- OES11SP3 getting exception while performing an ICE plugin operation (Bug 1039634)
- Attempting to access 'Files' using the File Access plugin on OES results in a 404 error (Bug 1040083)
Plugin Installation
- Unable to uninstall 'NetIQ iManager Password Management' plugin (Bug 1017060)
- Server redirection during a plugin download not properly taken care of (Bug 1039588)
Other
- NICI: cannot login to iMgr 3 after upgrading from 2.7 SP6 (Bug 840409)
- NICI: some upgrades failed to properly update NICI (Bug 377639/1029861)
- Some plugins could not be uninstalled (Bug 1054173)
- Update Tomcat and JRE (Bug 1048461)
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP7 Patch 10 HF2
July 2017
Tomcat: 7.0.78
JVM: 1.8.0_131
Framework
- Reflected XSS vulnerabilities (Bug 1033646) (CVE-2017-7425)
- Views: unable to add an IP address restriction to a user object (Bug 1034291)
Tomcat
- Tomcat updated to 7.0.78 (Bug 1014464) (Resolves: CVE-2016-3092,CVE-2016-0762,CVE-2016-5018,CVE-2016-6794,CVE-2016-6796,CVE-2016-6797,CVE-2016-6816,CVE-2016-8735)
JVM
- Java updated to 1.8.0_131 (Bug 1046064)
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP7 Patch 10 HF1
May 2017
- Potential webshell upload vulnerability (Bug 1027619) (CVE-2017-7432)
- Framework: persistent XSS vulnerability (Bug 1024959) (CVE-2017-7430)
- Object Mgt: vulnerable to persistent XSRF (Bug 1024963) (CVE-2017-7431)
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP7 Patch 10
April 2017
NICI 2.7.7-0.04
NTLS: 8.8.8.10
Tomcat: 7.0.68
JVM: 1.8.0_112
FRAMEWORK
- Red Hat 7.3 now supported. (Bug 1027055)
- View Objects -> Search -> Object -> there is no Modify Object operation shown. (Bug 932196)
- Partition\Replica Mgt: replica view does not show all replicas when [Public] is restricted. (Bug 894802)
- Views: older version of plugins are displayed while installing the imanager 2.7.7 patch6 framework. (Bug 981931)
TOMCAT
- Difference of delay in invalid user vs. invalid password. (Bug 995600)
- iManager not coming up in OES after the January patch. (Bug 1020100)
- Trusted keystore default password was written to the iManager installation log. (Bug 1024716)
- Nessus scan reports in SSL 64-bit Block Size Cipher Suites Supported (SWEET32) in imanager 2.7.7 patch8. (Bug 1010733)
- Restrict client initiated SSL renegotiation. (Bug 1024954)
NTLS
- Updated to 8.8.8.10. (Bug 1030622)
NICI
- NICI updated to 2.7.7-0.04. (Bug 1030572)
OTHER
- Plugin installation: password management plugin still shows as available after installation. (Bug 990934)
- Plugin installation: unable to uinstall Password Management plugin. (Bug 1017060)
- ICE plugin - import, no longer works after applying Patch 8. (Bug 1007687)
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP7 Patch 9
February 2017
NAUDIT\XDAS
- iManager failing to connect Sentinel 7.4.2 and above version (Bug 1019789) (CVE-2017-5186)
Auditing collectors, platform agents, instrumentation, etc. have been modified to use eDirectory certificates in order to connect to Sentinel servers versioned 7.4.2 and above. The previously used embedded certificate can no longer be used with Java 1.8. This certificate issue has required the modification of the following components. The updated files can be found on the respective product's patch page.
1019041/987162 – eDir
1021637/1019789 – iMgr
999186/1019573 – PA
1019543\1011208 – IDM
1021391 – RBPM
1013758 - Naudit connector
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP7 Patch 8
November 2016
Tomcat: 1.8.0_102
Java: 1.8.0_112
PA: 2011.1r4
FRAMEWORK
- Added support for SLES12 SP2 (Bug 994327/994328)
- Added support for RH 6.8 (Bug 988300)
- Not displaying correct error when later version exists on server (Bug 905252)
- After upgrading iManager a secondary loopback is given as suggested address (Bug 924351/948128)
- There should be a warning when attempting to downgrade from iManager 3.0 to 277 (Bug 939172)
- Nessus Scan Vulnerability-Medium:66036 -Novell iManager < 2.7.6 Patch 1 Multiple Vulnerabilities (CVE-2013-1088/CVE-2013-3268) (Bug 889206)
- Uninstall of iManager 2.7.7 leaves remnants (Bug 984921/1002721)
- Applying patch 4 to iManager 277 removes groups from novlwww user (Bug 941702)
- Installer now disallows the direct upgrade from 2.7.6 to 2.7.7 patch8 (Bug 962714)
- Able to see "tomcat4" message in NetIQ_iManager_2.7.7.x_InstallLog.log after upgrading imanager 2.7.7 base (Bug 973118)
- Consume latest Tomcat (995947)
- Consume latest Java: 1.8.0_112 (Bug 1006943)
- Cross-Site-Request-Forgery-Prevention not Working properly under heavy load (Bug 975185)
- Reflected Cross Site Scripting attack against iManager (Bug 975187)
- Potential command execution vulnerability resolved (Bug 946043)
- iFrame manipulation possible with login page in 4.2 (Bug 975192)
- Need to remove .htaccess file from iManager config (Bug 975193)
- NAudit and XDAS configuration files are getting reset on upgrade (Bug 1010429 )
- Nessus scan reports in SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam) in imanager 3.0
- Need to mask IDP server backtrace when exceptions occur (Bug 978379/980261)
- User Enumeration problem in IManager (Bug 980665)
TOMCAT
- Nessus scan reports in SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam) (Bug 976308) (CVE-2015-4000)
- Tomcat process runs from system account (Bug 978440)
PA
- Latest version of PA 2011.1r4 (NAuditPA.jar) 2.0.2-79 has been bundled (Bug 1005511)
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP7 Patch 7
June 2016
Tomcat: 7.0.68
JAVA: 1.8.0_92
TOMCAT
- Updated Tomcat to resolve vulnerabilities: CVE-2016-0706/0714/0763. (Bug 971085)
- iManager not listening after rebooting RHEL 7.2 server. (Bug 975679)
- Nessus scan reporting iManager is potentially vulnerable to Clickjacking. (OTG-CLIENT-009) (Bug 976309)
JAVA
- JRE updated to 1.8.0_92 to resolve CVE-2016-0636 vulnerability. (Bug 975076/968391/976606)
PLUGINS
- Cannot remove dash from phone number. (Bug 938353)
- Import user certificate is failing with error message 'PKI-error-1214'. (Bug 962260)
- LDAP plugin: now a warning is displayed to restart LDAP after a cipher change. (Bug 870756)
- LDAP plugin allows a LDAP server to be associated to a broken certificate (import state). (Bug 955160)
OTHER
- Platform enhancement: SLES11 SP4 and SLES12 SP1 platforms added. (Bug 972970/967579/981747)
- Updated help section for XDAS, Novell Audit and the PA. (Bug 843710\900201)
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP7 Patch 6
January 2016
Tomcat: 7.0.56
JAVA: 1.8.0_66
JAVA
- Sun JRE updated to 1.8.0_66 (Bug 961541)
The primary focus of this patch was to support IDM 4.5.3.
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP7 Patch 5
September 2015
Tomcat: 7.0.56
JAVA: 1.8.0_60
New Platform support: SLES11 SP4, Redhat 6.7, RHEL & 7.1 (Bug 942873)
New browsers versions tested: Mozilla 40, Google Chrome 44, 45 and Microsoft Edge
FRAMEWORK
- Reflected Cross Site Scripting (XSS) vulnerability (Bug 904674)
- IE11: clicking next in browse tab under view objects causes browser to logout (Bug 925484)
- When viewing an rbsMember the full FQDN is not displayed (Bug 919285)
- Adding or removing a static member from a nested group removes the security equals for existing users (Bug 912513)
- javax.servlet.ServletException when changing configuration changes (Bug 907024)
- IDM tasks are greyed out after reinstalling modules into RBS (Bug 870937)
- Selection filter fails to find user objects with Polish characters in their name (Bug 867631)
- iManager upgrades were not saving the old configuration details (Bug 843774)
JAVA
- Sun JRE updated to 1.8.0_60 (Bug 934859)
PLUGINS
- PKI: Enhancement: default certificates now created using the SHA2 signature algorithm if the CA is changed to SHA2 (Bug 940809)
- ICE Wizard: exporting data results in a java.lang.NullPointerException error (Bug 921636)
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP7 Patch 4
April 2015
Tomcat: 7.0.56
JAVA: 1.8.0_25
New Platform support: Redhat 6.6 (Bug 912823)
New browsers versions tested: IE11, Firefox 34.0.5 & Chrome 10 (Bug 911549)
FRAMEWORK
- Reflected Cross Site Scripting (XSS) vulnerability (Bug 904674) (CVE-2014-5216)
- OES Branch: imanauthentication returns 200 to HEAD method instead of 403 (Bug 875982)
- Cross site Request Forgery (Bug 904679) (CVE-2014-5217)
- NAM: defaults should be remember login credentials = disabled and hide reason for login failure = enabled (Bug 908810)
- Not able to access Samba Plugin with iManager 277 Patch 3 (Bug 910241)
- Latest wbem.jar included from novell-wbemservices (Bug 915132)
JAVA
- Enhancement: updated to Java 8 (Bug 907433)
PLUG-IN STUDIO
- RegEX validation on Multivalued Attributes happens on the wrong attribute (Bug 903969)
PLUGINS
- iManager group plugin throws an error if there are unspecified addresses (Bug 865164)
- File Overwrite Vulnerability in schema plugin (Bug 858107)
- XXS vulerability found in schema plugin (Bug 858132)
____________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP7 Patch 3
December 2014
Tomcat: 7.0.56
JAVA: 1.7.0_72
FRAMEWORK
- Security Vulnerability: XML eXternal Entity Injection (XXE) (Bug 904669)
- Object Selector and History buttons missing after applying 2.7.7.1 (Bug 865938)
TOMCAT
- Security Vulnerability: Poodle vulnerability in Tomcat (Bug 903782) (CVE-2014-3566)
- Security Vulnerability: Integer overflow (Bug 881886) (CVE-2014-0075)
- Security Vulnerability: DefaultServlet.java does not properly restrict XSLT stylesheets (Bug 881886) (CVE-2014-0096)
INSTALLATION
- Enhancement: iManager 2.7 SP7 now supports SLES12 & Redhat 7 (Bug 907305/895039)
- Removed messages indicating no support for RHEL 5.10 & 5.11 (Bug 905447)
- Removed platforms.xml and its dependancies to allow installation on all platforms (Bug 903433)
- Jcache process unable to start on a Integrated installer setup (Bug 895980)
- JDK version updated to 1.7.0_72 (Bug 895209/892887)
- Certificate Server plugin not getting installed when using the integrated installer (Bug 884239)
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP7 Patch 2
October 2014
Framework
- Provides new browser support: Safari 7, Firefox 32 and Chrome 37 (Bug 897231)
- Java script issue where "Force periodic password changes" on Chrome and Safari resets value to 0 (Bug 889413)
- Help icon does not correctly link to the help page (Bug 880036)
Install
- /etc/eMFrameInstall.properties file not updated when upgrading (Bug 889643)
- Icon cleanup (Bug 889343\884494)
- Old eDirectory SDK's included in Patch 1 (Bug 883509)
- Unnamed Execute Custom Code seen during patch install (Bug 814175)
Audit
- Handshake errors: platform agent modified to use stronger cypher in certificate (Bug 890686\896140) (KB 7014219)
- Appenders attempt to contact server even if XDAS is not configured (Bug 855363)
Plugin (standalone build: 2.7.20140903)
- New site created for getting the latest iManager plugins: https://www.netiq.com/support/imanager/plugins (Bug 829879)
- XDAS plugin: "Error: Failed to update the database" when selecting the Novell Audit tabe (Bug 855872\857007)
_____________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP7 Patch 1 Hotfix 1
July 2014
NTLS 2.0.6.1
- Security Vulnerability: SSL/TLS MITM (Bug 881950\882376) (CVE-2014-0224)
- Security Vulnerability: Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack (Bug 881950) (CVE-2014-0076)
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP7 Patch 1 (and eDirectory 8.8 SP8 Patch 1 plugins)
January 2014
Tomcat 7.0.42\Java 1.7.0_25
- New platform support: Windows 2012 R2 for iManager server and Windows 8.1 for iManager workstation (Bug 854635)
- New browser support: Firefox 25 & 26, Chrome 30 & 31 and IE 11 (non-Metro compatibility mode) (Bug 854635)
- IDM plugin not working with iManager 2.7.7 (Bug 848425)
- Core: 'Unvalued' attributes show the wrong attribute (Bug 824571)
- Obj Mgt: Users are created with uniqueID instead of CN as naming attribute if LUM enabled user is used as template and "Create home directory" is selected (Bug 825419)
- Documentation: admin guide re-written. iManager Event table added. (Bug 722460)
- SLES10 SP4 32-bit has been dropped as a supported platform (Bug 826395)
- Audit: XDAS event format should be consistent across standalone and OES iManager (Bug 841808)
- Audit: syslog host preconfigured with 192.168.1.5:1468 (Bug 851922)
- Audit: XDAS auditing now bundled in OES11 SP2 (Bug 841774)
- Audit: All sub events should be de-selected when XDAS audit is disabled (Bug 842007)
- ZENworks 7.0 Server Management plugin is no longer supported on iManager (Bug 837414)
- Netstorage and iFolder plugins should only be listed for Linux machines not Windows (Bug 838442)
- Some OES plugins are not working with iManager 2.7 SP7 (Bug 842238)
- Now adding wbem.jar from novell-wbemservices rpm so Storage Management plugin will work (Bug 843203)
- XDAS audit: setting MaxFileSize to 1MB and MaxBackupIndex to 0 results in only one event getting written (Bug 842045)
- Clicking "Next" after Searching in "View Objects" causes IE to redirect to Login Screen (Bug 850120)
- 192.168.1.5:1468 automatically added as syslog host (Bug 851922)
- Localization fix in installation (Bug 838381)
- Simplified Chinese localization fix for help - displayed as question marks (Bug 835600)
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP7 (Standlone - non-OES - only)
September 2013
Tomcat 7.0.42\Java 1.7.0_25
- Enhancement: iManager now supports a pure IPv6 configuration (Bug 818534/827733/825625)
- Enhancement: iManager now has XDAS event capability (Bug 823591\827280)
- Tomcat hardening: Removed host-manager & manager folders from tomcat zip file (Bug 792595)
- Tomcat updated to 7.0.42 (Bug 819968)
- JAVA updated to 1.7.0_25 (Bug 829440\811775)
- Workflow Administration Plugin no longer works after upgrading to iManager 2.7.6 (Bug 828335)
- Install: RHEL 5.7, 5.8, 5.9 and 6.3 platform installations returning "Unsupported Platform" error (Bug 798232/829873/830560)
- NICI: NICI upgraded to the latest version: 2.77 (2.77.2.0) (Bug 822795)
- Plugin Studio: 'HTML Area' attribute's control properties are not working (Bug 829174)
- Plugin Studio: default value for attributes should only appear if there are no other values (Bug 501094)
- TextAreas is being displayed over 8 rows tall (Bug 760559)
- Error: -601 with extended characters and object selector when viewing effective rights (Bug 815627)
- Removed unnecessary files and folders (Bug 818734)
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP6 Patch 1 - Hotfix 2
August 2013 - OES: November 2013
Tomcat 7.0.32\Java 1.7.0_04
- Unable to access a cluster from the cluster plug-in (Bug 826578)
- Invalid DER file after exporting CA object certificate using iManager 2.7.6 (Bug 828129)
- Error with extended characters and object selector (Bug 815627)
- Create new Server Certificate task logs user off the iManager (Bug 834675)
- OpenSSL is not accepting the format of exported certificates after applying 2.7.6 patch 1 (Bug 827706/830992)
- Exporting certificates results in a corrupted file (Bug 835108)
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP6 Patch 1 - Hotfix 1
May 2013 - OES: November 2013
- Error: -613 'unexpected results have occurred' is seen when users change their passwords (Bug 817422) (KB 7012403)
Note: Both this patch as well as eDirectory 8.8 SP7 Patch3 is required to fully resolve this issue.
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP6 Patch 1
April 10, 2013 - OES: November 2013
Tomcat 7.0.32. and Java 1.7.0_04
- Installer for iManager patches is now available (Bug 803961)
- Security Vulnerability: iManager vulnerable to XSS Request Forgery (Bug 726260) (CVE-2013-1088)
- Security Vulnerability: Token is not refreshed after logout (Bug 807429)
- Check for supported platforms (Bug 809290)
- Only 128 files/folders are displayed in the Files and Folders list in 'Rights to Files and Folders' (Bug 790645-8873-Jclient\799773-2761-iManager)
- Plugin Studio: Plugins with special characters in the id does not work after upgrade to iManager 2.7.5 (Bug 789981)
- Windows 8 support (Bug 809133)
- IE 10 support (Bug 800490)
- iManager: Changing languages reverts localization to English (Bug 785999)
- Other localization fixes (Bug 795849)
- Redirection after logout going to iManager login screen no matter what URL is put in (Bug 505804)
- Using a password already in the password history would return a non-meaningful -216 error (Bug 769509)
- iManager: After changinglanguages previous iManager configurations are set back to default (785999)
- OES: Unable to uninstall iprint linux management plug (Bug 791172)
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP6
December 6, 2012
Tomcat 7.0.32/Java 1.7.0_04
IMANAGER
- New installer\upgrader (Bug 774338)
- iManager check for unsupported platforms and ability to add new ones (Bug 770076\779956)
- Windows 2012 support (Bug 791868)
- IE 10 support - compatibility mode (Bug 770577\791870)
- Can now enable and disable Identity Manager view as Default view (Bug 787785/784418)
- iManager doesn't delete temporary jsp files of auxilary class (Bug 786708)
- Added ability to manage more than 999 objects in a container (Bug 758374)
- Error 404 after installing to a Red Hat 6.2 server (Bug 765594\777108)
- After changing the syntax of an attribute the "other" tab still shows old syntax (Bug 786435)
- iManager 2.7.5 crashes when extending an object with an aux class (Bug 778255)
Java
- Java updated to 1.7.0 u4 (765023)
Tomcat
- Tomcat updated to TC7 (Bug 764710)
NICI
- NICI updated to 2.7.6 (Bug 777985)
Localization
Bugs 787518 and 787331
Documentation
- Bugs 766726, 787785, 777987, 771660, 773445, 753716 and 784856
_______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP5
April 30, 2012
Tomcat V 5.5.28/JRE 1.6.0_18
iManager
- Many localization fixes
- Safari support (Bug 755987)
- Integer 64 support (Bug 751818)
- Audit: treename missing from events (Bug 753492)
- Object view: Unable to correct or alter the load and unload scripts of the Master_IP_Address (Bug 753319)
- When creating a device object the child window does not close (Bug 752995)
- Only display the last installed patch\support pack (Bug 751084)
- RBS Configuration: Configure iManager - RBS - selecting dynamicgroupobjectsaux for the dynamic group search type throws error (Bug 744957)
- JDOMParseException when creating a profile object (Bug 741273)
- Schema Management: Unable to edit schema OID with imanager 2.7.4 on SLES 11 (Bug 722246)
Tomcat
- Security vulnerability: server will reject requests to change the method from POST to GET (Bug 726265)
- Security vulnerability: Tomcat must generate a new session id with each successful authentication (Bug 726257)
Install
- iManager upgrades do not backup/restore key configuration files (Bug 638542)
_______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 Refresh 6
April 27, 2012
Tomcat
- Vulnerability was found and fixed in Java1.6.0_31 (Bug 749515)
- Updated Tomcat from 5.5.34 to 5.5.35 to include security vulnerability fixes (Bug 747547/669846)
Install
- Install fails on SLES11 SP2 (Bug 745517)
- Installing a Framework patch break existing IDM plugins (Bug 736254)
_______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP4 Patch 4
March 2012
Tomcat V 5.5.28/JRE V 1.6.0_18
iManager
- Performance degrades when multiple users access iManager (Bug 632217)
- iManager should not allow MEDIUM/LOW/EXPORT/Not encrypted cipher levels (Bug 674747)
Tomcat
- After restarting Tomcat, RBS collection owner is only logged in with assigned access (Bug 721112)
Authentication
- iManager ignores search base for authentication (Bug 707073)
- iManager is resolving objects to a server with a replica of root rather than locally (Bug 712602)
Object Management
- Long delays when clicking on the " Other " tab in Modify Object View (Bug 714042)
Object Search and Selection
- Long delays when selecting NCP objects in Directory Administration --> Modify Object (Bug 718116)
- Objects with a slash / in the DN are not displayed in the simple selection list (Bug 700609)
Plugin Studio
- Custom plugin fails to function while modifying the attribute values (Bug 718319)
Configuration
- Selecting Roles and Tasks --> Users --> Enable Account/Disable Account resulted in a default value of uniqueID rather than Common name (Bug 695519)
RBS
- Users see all roles when only assigned to one role the first time logging into iManager (Bug 709962)
Plugin Installation
- iManager showing earlier patches as available (Bug 642088/659793 )
Other:
- FireFox 9.0.1 support added.
________________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP4 Patch 3
July 2011
JRE V 1.6.0_18 and Tomcat V 5.5.28
- An auxiliary class can now be added to other classes if one of the mandatory attributes of this auxiliary class is an optional attribute for other classes.
- posixAccount can now be added to a user object.
- The word wrapping works properly when you edit a login script in iManager.
- The following security issues have been resolved:
- XSS reflect and XSS store security vulnerabilities.
- SQL injection attacks.
Other:
- FireFox 4.0.1 and Microsoft Internet Explorer 9 web browser support added.
________________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP4 Patch 2
April 2011
Configuration
- iManager mobile, after installing latest plugins, still shows newer ones are available (Bug 682743)
- All available ciphers are now displayed in the Configure iManager - Encryption section (Bug 654459)
Group Management
- Groupnames with FDNs up to 128 characters can now be viewed in the Group Memberships tab (Bug 653109)
Workstation
- iManager was not remembering the username after checking the option to remember login credentials (Bug 655527)
________________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP4 Patch 1
- Getting a blank page when trying to access the device manager console using Microsoft Internet Explorer 8 (Bug 656741)
- Security vulnerability resolved in Tomcat 5.5.30
________________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP4
December 2010
TC 5.5.29/JRE 1.6.0_20
Tomcat
- Security vulnerability: iManager stack buffer overflow (Bug 602542)
- Security Vulnerability: iManager off-by-one DoS (Bug 602557) (Secunia Advisory SA40281)
- Update to Tomcat 5.5.29 to address multiple vulnerabilities (Bug 608635/550668)
Other:
- Installation on SLES 11 is now supported (Bug 582765)
- Security Vulnerability: OpenSSL Handshake renegotion of existing connections (Bug 626751) (CVE-2009-3555)
- User adds now correctly reported to collector (Bug 471688)
- After successful uninstall of iManager 2.7, reinstall of iManager reports failure (Bug 388999)
- IDM 3.6 plugins stop working on windows (Bug 471758)
- Unable to add, modify, or view the photo attribute for a user object (Bug 494093)
- Adding a group to a template object gives error and does not update group membership (Bug 550567)
- Simple Selection sort does not work (Bug 546952)
- History now available to all plugins that support less than 12 object types (Bug 512239)
- Namespace Error when replacing single-valued DN attribute using Mutliple Object selector (Bug 546947)
- IDM 3.6.1 plugin installation taking too much time to complete (Bug 485943)
- Simple search favorites feature is available.
- Security vulnerabilities fixed in JRE 1.6.0_20 (Bug 594697) (CVE-2010-0886/CVE-2010-0887)
- <os> tag in iman_mod_desc.xml is being ignored if there is more than one (Bug 568650)
- Hungarian translation issue (Bug 575101)
- Installing patch will fail with a bogus message about a previous patch now being un-installed (Bug 607185)
- Plugin Studio Security Vulnerability: privileged user can instigate a DOS under the context of the service (Bug 608531)
- Plugin Studio: Audit log now properly shows the event of uploading of an npm (Bug 7608531)
- After updating the PKI plugin it loads with a JAVA error (Bug 557400)
- Error: " Unable to create AdminNamespace.java.lang.NoClassDefFoundError " when logging in (Bug 566473)
- Modify of Multiple objects fails (Bug 597690)
- Fail to perform multiple operations correctly (Bug 504371)
________________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP3 FTF4
August 2010
Issues Resolved:
- iManager 2.7.3 FTF 3 installation hangs if earlier FTF installation files have not been uninstalled.
- Security Vulnerability - iManager stack buffer overflow - Creating a class name with more than 32 characters by using other scripts (perl / python).
- Security Vulnerability - iManager off-by-one DoS - If login request is sent with a Tree field length of 256 characters.
- Security Vulnerability - CVE-2009-3555 - OpenSSL Handshake renegotiation of the existing connections.
- Privileged User can instigate a DoS under the context of the service. (No Trace) - Providing Auditing and logs while authorized users upload the npm files.
Enhancements:
- In addition to the existing platforms and Web browsers, iManager 2.7.3 FTF 4 supports Windows 7 (32-bit and 64-bit), Windows 2008 R2 platforms, and Internet Explorer 8 (IE 8).
- “Hide” and “Show Hidden” Buttons in the Available Novell Modules Page
- Preferred Object Selection Method for a Task of a Property Book
- Ability to Add Organizational Role to the Authorized Users and Groups List
- iManager Caches Login Information for Faster Login
- Ability to Configure the Proxy by using DNS
________________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP3 FTF3
- Delay in the next login attempt after a login failure.
- The Case Ignore List adding multiple attribute values to a single attribute.
- Unauthenticated files that get uploaded onto Access Manager.
________________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP3 FTF2
- The security vulnerability issue faced during installation of external plug-ins.
________________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP3 FTF1
- The Others tab while modifying user is empty with iManager 2.7.3.
- Cannot browse/select objects from IE 8 browser.
- In IE 8, the iManager Tree view option was not listing.
- iManager plugin fails to uninstall cleanly.
- Objects created with alternate naming attribute in some cases.
________________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP3
- Error message for deleting obvject is not localized.
- Configure iManager task is not displayed for the member of a nested group which is an Authorized user.
- Plug-ins are not removed when you select Select all plug-ins option in the Available Novell Plug-in Modules page, deselect one or more plug-ins in the list, and click Remove.
- iManager (2.7 with Tomcat 5.5) login screen, by default, has Autocomplete enabled which results in security vulnerability.
- Replace option under the Identification tab of the Modify User page does not work.
- Large number of XSS vulnerabilities exist in iManager 2.7.
- iManager 2.7.2 removes RBS collection ownership for a user when the user is added to / removed from a group object.
- Plug-in allows inconsistency of group and group membership.
- A user, who has logged in to iManager through Internet Explorer, as a t1 trustee user cannot view the property pages.
- Plug-in download does not function when you add a plug-in with name same as that of one of the existing plug-ins, and rename the exiting plug-in of the same name.
- Plug-ins are not displayed because of clash between .jar files.
- Uniqueness scan does not work if a tree has more than 7000 users.
- Login script that is created with Novell client appears blank in iManager.
- iManager tree view filter does not work when you use scandinavian characters.
________________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP2
December 2008
- The TreeName Display appears to be set only by the Roles and Tasks view instead of the Header Display. (395379)
- iManager 2.7.2 allows plug-ins with Max-iManager-Version set to 2.7.0 to be installed in it.
- The user cannot log in to iManager if he/she doesn?t have Public Browse Entry right.
- Password Policies assignment list is not sorted. It is difficult for the user to navigate and validate individual assignments when the size of list increases.
- A Custom Plug-in with Photo/JpegPhoto control gives HTTP 501 error while uploading larger files.
- In the Edit Member Association page, under Role Based Services, an error page is displayed when you click a link.
- A large size description control should be added to the General Property Book page and the Create User task. (175533)
- After upgrading the iManager version to 2.7.1, Audit does not send events to the Novell Audit server, SLS.
- Simple Selection default values are wrong. (414442)
- Improper short length truncations for Members and Group Membership controls. (414803)10. iManager does not respond when you log in with a copied user object.
- Advanced Properties - Add to Create Object task is not saved in plug-in studio.
- Plug-in Studio - Ability to set Page Order exists on Property Book Pages, but is missing from Tasks for Create/Modify (353003)
- Proper Error Handling is required for Plug-in Studio Import task. The user should not get the Null Pointer Exception.
- The way the attributes with syntax case ignore list are displayed, is not useful.
- In the Modify Object dialog box, under the Members tab, unexpected characters appear in the string, Member.
- In OES 2, INVALID_ATTRIBUTE Namespace error is displayed while performing the Copy Object operation.
- In the Object Extensions task, CLASS NOT DEFINED error is displayed while adding an auxiliary class (name with serial spaces).
- Can't login if Public does not have Browse Entry rights (416327)
________________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP1
July 2008
- The TreeName Display appears to be set only by the Roles and Tasks view instead of the Header Display. (395379)
- Setting up LDAP interfaces breaks dynamic group functionality.
- Adding more than one logic group in Advanced search filter for dynamic members query are not saved.
- Cannot add multiple users to multiple groups at the same time.
- The user cannot modify the chapter and page ordering while creating a property book, and while modifying the page list of an existing property book. (336071)
- Cannot export custom plug-in using Internet Explorer.
- Security vulnerability: Any user can delete Plug-in Studio created Property Book Pages. (336168)
- Only one value on a multi-valued attribute with path syntax is displayed on Edit Attribute page.
- When you export a plug-in, the manifest.mf file doesn't include Min-imanager-version, because of which when you import it back again fails.
- Plug-in Studio's Task for Create: When creating users from these custom-created tasks, it is not making a uniqueID matching the CN. (346647)
- Cannot truly assign Property Book Pages to the Existing chapter of General. (344410)
- ASCII Values field cannot be edited in the Octet String editor.
- Excessive DS Operations while modifying objects. (308623)
- Simple Selection is broken in the Configure > Views > iManager Views task screen. (336365)
- Creation of a Volume object should have a Physical Volume name entry that is populated with all possible values.
- Configure > Views > iManager Views task is broken. (343239)
- On the Modify Object page of Directory Administration, the user's password cannot be set.
- Option to use a proxy server to download plug-ins. (96942)
- iManager-Group object could define a Collection Owner.
- iManager 2.7 Octet String Editor does not work.
- If the user changes passwords in such a way that they don't meet Universal Password Policy, proper messages are not displayed.
- System Error occurs when the user tries to edit a stream attribute containing xml data.
- Cannot add replica if the server exists as S/R replica in a ring.
- The Object View, Tree, and Browse tabs return unsorted results.
- Specific files that the user wants to browse for, are not listed under View Objects-Browse view.
- The user cannot delete attributes from Auxiliary Classes by using iManager. Customer ldap scripts must be used to delete them.
________________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP7 Patch 11
September 2017
Tomcat: 7.0.81
JVM: 1.8.0_144
NICI: 2.77.2
Framework
- Enhancement: RHEL 7.4 platform added (Bug 1059078)
- Clicking the apply button quickly multiple times can remove members from a group using Firefox (Bug 1030758)
- After selecting more than 100-300 objects no task is presented when clicking the button (Bug 986230)
- Special character in user object home directory path causes JDOMParseException (Bug 990034)
- iManager shows "cannot add empty strings" when selecting cancel on field editing (Bug 992077)
- Object selector not honoring results per page setting (Bug 988525)
- iManager workstation does not run on box running Novell Secure Login 6.1
- Cannot uninstall plugins if both iManager Workstation 3.x and 2.77.x are installed on the same workstation (Bug 1037834)
- Popup thrown while moving to other page from 'password restriction page' even if there is no change (Bug 1043049
- Timezone attribute is not interpreted correctly (Bug 1044618)
- "Illegal character range near index 110" seen in driver's status log (Bug 1045485)
- Blank page appears for 'Extend Schema' Plugin (Bug 1050867)
- OES Plugin upgrade is failing with error message 'Return code = 1' (Bug 1039626)
- Object selector window does not display the page properly in IE10 on Windows 8 (Bug 794723)
- XSS attack hole closed (Bug 1001625) (CVE-2017-9276: internally found)
- OES11SP3 getting exception while performing an ICE plugin operation (Bug 1039634)
- Attempting to access 'Files' using the File Access plugin on OES results in a 404 error (Bug 1040083)
Plugin Installation
- Unable to uninstall 'NetIQ iManager Password Management' plugin (Bug 1017060)
- Server redirection during a plugin download not properly taken care of (Bug 1039588)
Other
- NICI: cannot login to iMgr 3 after upgrading from 2.7 SP6 (Bug 840409)
- NICI: some upgrades failed to properly update NICI (Bug 377639/1029861)
- Some plugins could not be uninstalled (Bug 1054173)
- Update Tomcat and JRE (Bug 1048461)
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP7 Patch 10 HF2
July 2017
Tomcat: 7.0.78
JVM: 1.8.0_131
Framework
- Reflected XSS vulnerabilities (Bug 1033646) (CVE-2017-7425)
- Views: unable to add an IP address restriction to a user object (Bug 1034291)
Tomcat
- Tomcat updated to 7.0.78 (Bug 1014464) (Resolves: CVE-2016-3092,CVE-2016-0762,CVE-2016-5018,CVE-2016-6794,CVE-2016-6796,CVE-2016-6797,CVE-2016-6816,CVE-2016-8735)
JVM
- Java updated to 1.8.0_131 (Bug 1046064)
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP7 Patch 10 HF1
May 2017
- Potential webshell upload vulnerability (Bug 1027619) (CVE-2017-7432)
- Framework: persistent XSS vulnerability (Bug 1024959) (CVE-2017-7430)
- Object Mgt: vulnerable to persistent XSRF (Bug 1024963) (CVE-2017-7431)
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP7 Patch 10
April 2017
NICI 2.7.7-0.04
NTLS: 8.8.8.10
Tomcat: 7.0.68
JVM: 1.8.0_112
FRAMEWORK
- Red Hat 7.3 now supported. (Bug 1027055)
- View Objects -> Search -> Object -> there is no Modify Object operation shown. (Bug 932196)
- Partition\Replica Mgt: replica view does not show all replicas when [Public] is restricted. (Bug 894802)
- Views: older version of plugins are displayed while installing the imanager 2.7.7 patch6 framework. (Bug 981931)
TOMCAT
- Difference of delay in invalid user vs. invalid password. (Bug 995600)
- iManager not coming up in OES after the January patch. (Bug 1020100)
- Trusted keystore default password was written to the iManager installation log. (Bug 1024716)
- Nessus scan reports in SSL 64-bit Block Size Cipher Suites Supported (SWEET32) in imanager 2.7.7 patch8. (Bug 1010733)
- Restrict client initiated SSL renegotiation. (Bug 1024954)
NTLS
- Updated to 8.8.8.10. (Bug 1030622)
NICI
- NICI updated to 2.7.7-0.04. (Bug 1030572)
OTHER
- Plugin installation: password management plugin still shows as available after installation. (Bug 990934)
- Plugin installation: unable to uinstall Password Management plugin. (Bug 1017060)
- ICE plugin - import, no longer works after applying Patch 8. (Bug 1007687)
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP7 Patch 9
February 2017
NAUDIT\XDAS
- iManager failing to connect Sentinel 7.4.2 and above version (Bug 1019789) (CVE-2017-5186)
Auditing collectors, platform agents, instrumentation, etc. have been modified to use eDirectory certificates in order to connect to Sentinel servers versioned 7.4.2 and above. The previously used embedded certificate can no longer be used with Java 1.8. This certificate issue has required the modification of the following components. The updated files can be found on the respective product's patch page.
1019041/987162 – eDir
1021637/1019789 – iMgr
999186/1019573 – PA
1019543\1011208 – IDM
1021391 – RBPM
1013758 - Naudit connector
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP7 Patch 8
November 2016
Tomcat: 1.8.0_102
Java: 1.8.0_112
PA: 2011.1r4
FRAMEWORK
- Added support for SLES12 SP2 (Bug 994327/994328)
- Added support for RH 6.8 (Bug 988300)
- Not displaying correct error when later version exists on server (Bug 905252)
- After upgrading iManager a secondary loopback is given as suggested address (Bug 924351/948128)
- There should be a warning when attempting to downgrade from iManager 3.0 to 277 (Bug 939172)
- Nessus Scan Vulnerability-Medium:66036 -Novell iManager < 2.7.6 Patch 1 Multiple Vulnerabilities (CVE-2013-1088/CVE-2013-3268) (Bug 889206)
- Uninstall of iManager 2.7.7 leaves remnants (Bug 984921/1002721)
- Applying patch 4 to iManager 277 removes groups from novlwww user (Bug 941702)
- Installer now disallows the direct upgrade from 2.7.6 to 2.7.7 patch8 (Bug 962714)
- Able to see "tomcat4" message in NetIQ_iManager_2.7.7.x_InstallLog.log after upgrading imanager 2.7.7 base (Bug 973118)
- Consume latest Tomcat (995947)
- Consume latest Java: 1.8.0_112 (Bug 1006943)
- Cross-Site-Request-Forgery-Prevention not Working properly under heavy load (Bug 975185)
- Reflected Cross Site Scripting attack against iManager (Bug 975187)
- Potential command execution vulnerability resolved (Bug 946043)
- iFrame manipulation possible with login page in 4.2 (Bug 975192)
- Need to remove .htaccess file from iManager config (Bug 975193)
- NAudit and XDAS configuration files are getting reset on upgrade (Bug 1010429 )
- Nessus scan reports in SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam) in imanager 3.0
- Need to mask IDP server backtrace when exceptions occur (Bug 978379/980261)
- User Enumeration problem in IManager (Bug 980665)
TOMCAT
- Nessus scan reports in SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam) (Bug 976308) (CVE-2015-4000)
- Tomcat process runs from system account (Bug 978440)
PA
- Latest version of PA 2011.1r4 (NAuditPA.jar) 2.0.2-79 has been bundled (Bug 1005511)
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP7 Patch 7
June 2016
Tomcat: 7.0.68
JAVA: 1.8.0_92
TOMCAT
- Updated Tomcat to resolve vulnerabilities: CVE-2016-0706/0714/0763. (Bug 971085)
- iManager not listening after rebooting RHEL 7.2 server. (Bug 975679)
- Nessus scan reporting iManager is potentially vulnerable to Clickjacking. (OTG-CLIENT-009) (Bug 976309)
JAVA
- JRE updated to 1.8.0_92 to resolve CVE-2016-0636 vulnerability. (Bug 975076/968391/976606)
PLUGINS
- Cannot remove dash from phone number. (Bug 938353)
- Import user certificate is failing with error message 'PKI-error-1214'. (Bug 962260)
- LDAP plugin: now a warning is displayed to restart LDAP after a cipher change. (Bug 870756)
- LDAP plugin allows a LDAP server to be associated to a broken certificate (import state). (Bug 955160)
OTHER
- Platform enhancement: SLES11 SP4 and SLES12 SP1 platforms added. (Bug 972970/967579/981747)
- Updated help section for XDAS, Novell Audit and the PA. (Bug 843710\900201)
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP7 Patch 6
January 2016
Tomcat: 7.0.56
JAVA: 1.8.0_66
JAVA
- Sun JRE updated to 1.8.0_66 (Bug 961541)
The primary focus of this patch was to support IDM 4.5.3.
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP7 Patch 5
September 2015
Tomcat: 7.0.56
JAVA: 1.8.0_60
New Platform support: SLES11 SP4, Redhat 6.7, RHEL & 7.1 (Bug 942873)
New browsers versions tested: Mozilla 40, Google Chrome 44, 45 and Microsoft Edge
FRAMEWORK
- Reflected Cross Site Scripting (XSS) vulnerability (Bug 904674)
- IE11: clicking next in browse tab under view objects causes browser to logout (Bug 925484)
- When viewing an rbsMember the full FQDN is not displayed (Bug 919285)
- Adding or removing a static member from a nested group removes the security equals for existing users (Bug 912513)
- javax.servlet.ServletException when changing configuration changes (Bug 907024)
- IDM tasks are greyed out after reinstalling modules into RBS (Bug 870937)
- Selection filter fails to find user objects with Polish characters in their name (Bug 867631)
- iManager upgrades were not saving the old configuration details (Bug 843774)
JAVA
- Sun JRE updated to 1.8.0_60 (Bug 934859)
PLUGINS
- PKI: Enhancement: default certificates now created using the SHA2 signature algorithm if the CA is changed to SHA2 (Bug 940809)
- ICE Wizard: exporting data results in a java.lang.NullPointerException error (Bug 921636)
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP7 Patch 4
April 2015
Tomcat: 7.0.56
JAVA: 1.8.0_25
New Platform support: Redhat 6.6 (Bug 912823)
New browsers versions tested: IE11, Firefox 34.0.5 & Chrome 10 (Bug 911549)
FRAMEWORK
- Reflected Cross Site Scripting (XSS) vulnerability (Bug 904674) (CVE-2014-5216)
- OES Branch: imanauthentication returns 200 to HEAD method instead of 403 (Bug 875982)
- Cross site Request Forgery (Bug 904679) (CVE-2014-5217)
- NAM: defaults should be remember login credentials = disabled and hide reason for login failure = enabled (Bug 908810)
- Not able to access Samba Plugin with iManager 277 Patch 3 (Bug 910241)
- Latest wbem.jar included from novell-wbemservices (Bug 915132)
JAVA
- Enhancement: updated to Java 8 (Bug 907433)
PLUG-IN STUDIO
- RegEX validation on Multivalued Attributes happens on the wrong attribute (Bug 903969)
PLUGINS
- iManager group plugin throws an error if there are unspecified addresses (Bug 865164)
- File Overwrite Vulnerability in schema plugin (Bug 858107)
- XXS vulerability found in schema plugin (Bug 858132)
____________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP7 Patch 3
December 2014
Tomcat: 7.0.56
JAVA: 1.7.0_72
FRAMEWORK
- Security Vulnerability: XML eXternal Entity Injection (XXE) (Bug 904669)
- Object Selector and History buttons missing after applying 2.7.7.1 (Bug 865938)
TOMCAT
- Security Vulnerability: Poodle vulnerability in Tomcat (Bug 903782) (CVE-2014-3566)
- Security Vulnerability: Integer overflow (Bug 881886) (CVE-2014-0075)
- Security Vulnerability: DefaultServlet.java does not properly restrict XSLT stylesheets (Bug 881886) (CVE-2014-0096)
INSTALLATION
- Enhancement: iManager 2.7 SP7 now supports SLES12 & Redhat 7 (Bug 907305/895039)
- Removed messages indicating no support for RHEL 5.10 & 5.11 (Bug 905447)
- Removed platforms.xml and its dependancies to allow installation on all platforms (Bug 903433)
- Jcache process unable to start on a Integrated installer setup (Bug 895980)
- JDK version updated to 1.7.0_72 (Bug 895209/892887)
- Certificate Server plugin not getting installed when using the integrated installer (Bug 884239)
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP7 Patch 2
October 2014
Framework
- Provides new browser support: Safari 7, Firefox 32 and Chrome 37 (Bug 897231)
- Java script issue where "Force periodic password changes" on Chrome and Safari resets value to 0 (Bug 889413)
- Help icon does not correctly link to the help page (Bug 880036)
Install
- /etc/eMFrameInstall.properties file not updated when upgrading (Bug 889643)
- Icon cleanup (Bug 889343\884494)
- Old eDirectory SDK's included in Patch 1 (Bug 883509)
- Unnamed Execute Custom Code seen during patch install (Bug 814175)
Audit
- Handshake errors: platform agent modified to use stronger cypher in certificate (Bug 890686\896140) (KB 7014219)
- Appenders attempt to contact server even if XDAS is not configured (Bug 855363)
Plugin (standalone build: 2.7.20140903)
- New site created for getting the latest iManager plugins: https://www.netiq.com/support/imanager/plugins (Bug 829879)
- XDAS plugin: "Error: Failed to update the database" when selecting the Novell Audit tabe (Bug 855872\857007)
_____________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP7 Patch 1 Hotfix 1
July 2014
NTLS 2.0.6.1
- Security Vulnerability: SSL/TLS MITM (Bug 881950\882376) (CVE-2014-0224)
- Security Vulnerability: Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack (Bug 881950) (CVE-2014-0076)
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP7 Patch 1 (and eDirectory 8.8 SP8 Patch 1 plugins)
January 2014
Tomcat 7.0.42\Java 1.7.0_25
- New platform support: Windows 2012 R2 for iManager server and Windows 8.1 for iManager workstation (Bug 854635)
- New browser support: Firefox 25 & 26, Chrome 30 & 31 and IE 11 (non-Metro compatibility mode) (Bug 854635)
- IDM plugin not working with iManager 2.7.7 (Bug 848425)
- Core: 'Unvalued' attributes show the wrong attribute (Bug 824571)
- Obj Mgt: Users are created with uniqueID instead of CN as naming attribute if LUM enabled user is used as template and "Create home directory" is selected (Bug 825419)
- Documentation: admin guide re-written. iManager Event table added. (Bug 722460)
- SLES10 SP4 32-bit has been dropped as a supported platform (Bug 826395)
- Audit: XDAS event format should be consistent across standalone and OES iManager (Bug 841808)
- Audit: syslog host preconfigured with 192.168.1.5:1468 (Bug 851922)
- Audit: XDAS auditing now bundled in OES11 SP2 (Bug 841774)
- Audit: All sub events should be de-selected when XDAS audit is disabled (Bug 842007)
- ZENworks 7.0 Server Management plugin is no longer supported on iManager (Bug 837414)
- Netstorage and iFolder plugins should only be listed for Linux machines not Windows (Bug 838442)
- Some OES plugins are not working with iManager 2.7 SP7 (Bug 842238)
- Now adding wbem.jar from novell-wbemservices rpm so Storage Management plugin will work (Bug 843203)
- XDAS audit: setting MaxFileSize to 1MB and MaxBackupIndex to 0 results in only one event getting written (Bug 842045)
- Clicking "Next" after Searching in "View Objects" causes IE to redirect to Login Screen (Bug 850120)
- 192.168.1.5:1468 automatically added as syslog host (Bug 851922)
- Localization fix in installation (Bug 838381)
- Simplified Chinese localization fix for help - displayed as question marks (Bug 835600)
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP7 (Standlone - non-OES - only)
September 2013
Tomcat 7.0.42\Java 1.7.0_25
- Enhancement: iManager now supports a pure IPv6 configuration (Bug 818534/827733/825625)
- Enhancement: iManager now has XDAS event capability (Bug 823591\827280)
- Tomcat hardening: Removed host-manager & manager folders from tomcat zip file (Bug 792595)
- Tomcat updated to 7.0.42 (Bug 819968)
- JAVA updated to 1.7.0_25 (Bug 829440\811775)
- Workflow Administration Plugin no longer works after upgrading to iManager 2.7.6 (Bug 828335)
- Install: RHEL 5.7, 5.8, 5.9 and 6.3 platform installations returning "Unsupported Platform" error (Bug 798232/829873/830560)
- NICI: NICI upgraded to the latest version: 2.77 (2.77.2.0) (Bug 822795)
- Plugin Studio: 'HTML Area' attribute's control properties are not working (Bug 829174)
- Plugin Studio: default value for attributes should only appear if there are no other values (Bug 501094)
- TextAreas is being displayed over 8 rows tall (Bug 760559)
- Error: -601 with extended characters and object selector when viewing effective rights (Bug 815627)
- Removed unnecessary files and folders (Bug 818734)
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP6 Patch 1 - Hotfix 2
August 2013 - OES: November 2013
Tomcat 7.0.32\Java 1.7.0_04
- Unable to access a cluster from the cluster plug-in (Bug 826578)
- Invalid DER file after exporting CA object certificate using iManager 2.7.6 (Bug 828129)
- Error with extended characters and object selector (Bug 815627)
- Create new Server Certificate task logs user off the iManager (Bug 834675)
- OpenSSL is not accepting the format of exported certificates after applying 2.7.6 patch 1 (Bug 827706/830992)
- Exporting certificates results in a corrupted file (Bug 835108)
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP6 Patch 1 - Hotfix 1
May 2013 - OES: November 2013
- Error: -613 'unexpected results have occurred' is seen when users change their passwords (Bug 817422) (KB 7012403)
Note: Both this patch as well as eDirectory 8.8 SP7 Patch3 is required to fully resolve this issue.
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP6 Patch 1
April 10, 2013 - OES: November 2013
Tomcat 7.0.32. and Java 1.7.0_04
- Installer for iManager patches is now available (Bug 803961)
- Security Vulnerability: iManager vulnerable to XSS Request Forgery (Bug 726260) (CVE-2013-1088)
- Security Vulnerability: Token is not refreshed after logout (Bug 807429)
- Check for supported platforms (Bug 809290)
- Only 128 files/folders are displayed in the Files and Folders list in 'Rights to Files and Folders' (Bug 790645-8873-Jclient\799773-2761-iManager)
- Plugin Studio: Plugins with special characters in the id does not work after upgrade to iManager 2.7.5 (Bug 789981)
- Windows 8 support (Bug 809133)
- IE 10 support (Bug 800490)
- iManager: Changing languages reverts localization to English (Bug 785999)
- Other localization fixes (Bug 795849)
- Redirection after logout going to iManager login screen no matter what URL is put in (Bug 505804)
- Using a password already in the password history would return a non-meaningful -216 error (Bug 769509)
- iManager: After changinglanguages previous iManager configurations are set back to default (785999)
- OES: Unable to uninstall iprint linux management plug (Bug 791172)
______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP6
December 6, 2012
Tomcat 7.0.32/Java 1.7.0_04
IMANAGER
- New installer\upgrader (Bug 774338)
- iManager check for unsupported platforms and ability to add new ones (Bug 770076\779956)
- Windows 2012 support (Bug 791868)
- IE 10 support - compatibility mode (Bug 770577\791870)
- Can now enable and disable Identity Manager view as Default view (Bug 787785/784418)
- iManager doesn't delete temporary jsp files of auxilary class (Bug 786708)
- Added ability to manage more than 999 objects in a container (Bug 758374)
- Error 404 after installing to a Red Hat 6.2 server (Bug 765594\777108)
- After changing the syntax of an attribute the "other" tab still shows old syntax (Bug 786435)
- iManager 2.7.5 crashes when extending an object with an aux class (Bug 778255)
Java
- Java updated to 1.7.0 u4 (765023)
Tomcat
- Tomcat updated to TC7 (Bug 764710)
NICI
- NICI updated to 2.7.6 (Bug 777985)
Localization
Bugs 787518 and 787331
Documentation
- Bugs 766726, 787785, 777987, 771660, 773445, 753716 and 784856
_______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP5
April 30, 2012
Tomcat V 5.5.28/JRE 1.6.0_18
iManager
- Many localization fixes
- Safari support (Bug 755987)
- Integer 64 support (Bug 751818)
- Audit: treename missing from events (Bug 753492)
- Object view: Unable to correct or alter the load and unload scripts of the Master_IP_Address (Bug 753319)
- When creating a device object the child window does not close (Bug 752995)
- Only display the last installed patch\support pack (Bug 751084)
- RBS Configuration: Configure iManager - RBS - selecting dynamicgroupobjectsaux for the dynamic group search type throws error (Bug 744957)
- JDOMParseException when creating a profile object (Bug 741273)
- Schema Management: Unable to edit schema OID with imanager 2.7.4 on SLES 11 (Bug 722246)
Tomcat
- Security vulnerability: server will reject requests to change the method from POST to GET (Bug 726265)
- Security vulnerability: Tomcat must generate a new session id with each successful authentication (Bug 726257)
Install
- iManager upgrades do not backup/restore key configuration files (Bug 638542)
_______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 Refresh 6
April 27, 2012
Tomcat
- Vulnerability was found and fixed in Java1.6.0_31 (Bug 749515)
- Updated Tomcat from 5.5.34 to 5.5.35 to include security vulnerability fixes (Bug 747547/669846)
Install
- Install fails on SLES11 SP2 (Bug 745517)
- Installing a Framework patch break existing IDM plugins (Bug 736254)
_______________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP4 Patch 4
March 2012
Tomcat V 5.5.28/JRE V 1.6.0_18
iManager
- Performance degrades when multiple users access iManager (Bug 632217)
- iManager should not allow MEDIUM/LOW/EXPORT/Not encrypted cipher levels (Bug 674747)
Tomcat
- After restarting Tomcat, RBS collection owner is only logged in with assigned access (Bug 721112)
Authentication
- iManager ignores search base for authentication (Bug 707073)
- iManager is resolving objects to a server with a replica of root rather than locally (Bug 712602)
Object Management
- Long delays when clicking on the " Other " tab in Modify Object View (Bug 714042)
Object Search and Selection
- Long delays when selecting NCP objects in Directory Administration --> Modify Object (Bug 718116)
- Objects with a slash / in the DN are not displayed in the simple selection list (Bug 700609)
Plugin Studio
- Custom plugin fails to function while modifying the attribute values (Bug 718319)
Configuration
- Selecting Roles and Tasks --> Users --> Enable Account/Disable Account resulted in a default value of uniqueID rather than Common name (Bug 695519)
RBS
- Users see all roles when only assigned to one role the first time logging into iManager (Bug 709962)
Plugin Installation
- iManager showing earlier patches as available (Bug 642088/659793 )
Other:
- FireFox 9.0.1 support added.
________________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP4 Patch 3
July 2011
JRE V 1.6.0_18 and Tomcat V 5.5.28
- An auxiliary class can now be added to other classes if one of the mandatory attributes of this auxiliary class is an optional attribute for other classes.
- posixAccount can now be added to a user object.
- The word wrapping works properly when you edit a login script in iManager.
- The following security issues have been resolved:
- XSS reflect and XSS store security vulnerabilities.
- SQL injection attacks.
Other:
- FireFox 4.0.1 and Microsoft Internet Explorer 9 web browser support added.
________________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP4 Patch 2
April 2011
Configuration
- iManager mobile, after installing latest plugins, still shows newer ones are available (Bug 682743)
- All available ciphers are now displayed in the Configure iManager - Encryption section (Bug 654459)
Group Management
- Groupnames with FDNs up to 128 characters can now be viewed in the Group Memberships tab (Bug 653109)
Workstation
- iManager was not remembering the username after checking the option to remember login credentials (Bug 655527)
________________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP4 Patch 1
- Getting a blank page when trying to access the device manager console using Microsoft Internet Explorer 8 (Bug 656741)
- Security vulnerability resolved in Tomcat 5.5.30
________________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP4
December 2010
TC 5.5.29/JRE 1.6.0_20
Tomcat
- Security vulnerability: iManager stack buffer overflow (Bug 602542)
- Security Vulnerability: iManager off-by-one DoS (Bug 602557) (Secunia Advisory SA40281)
- Update to Tomcat 5.5.29 to address multiple vulnerabilities (Bug 608635/550668)
Other:
- Installation on SLES 11 is now supported (Bug 582765)
- Security Vulnerability: OpenSSL Handshake renegotion of existing connections (Bug 626751) (CVE-2009-3555)
- User adds now correctly reported to collector (Bug 471688)
- After successful uninstall of iManager 2.7, reinstall of iManager reports failure (Bug 388999)
- IDM 3.6 plugins stop working on windows (Bug 471758)
- Unable to add, modify, or view the photo attribute for a user object (Bug 494093)
- Adding a group to a template object gives error and does not update group membership (Bug 550567)
- Simple Selection sort does not work (Bug 546952)
- History now available to all plugins that support less than 12 object types (Bug 512239)
- Namespace Error when replacing single-valued DN attribute using Mutliple Object selector (Bug 546947)
- IDM 3.6.1 plugin installation taking too much time to complete (Bug 485943)
- Simple search favorites feature is available.
- Security vulnerabilities fixed in JRE 1.6.0_20 (Bug 594697) (CVE-2010-0886/CVE-2010-0887)
- <os> tag in iman_mod_desc.xml is being ignored if there is more than one (Bug 568650)
- Hungarian translation issue (Bug 575101)
- Installing patch will fail with a bogus message about a previous patch now being un-installed (Bug 607185)
- Plugin Studio Security Vulnerability: privileged user can instigate a DOS under the context of the service (Bug 608531)
- Plugin Studio: Audit log now properly shows the event of uploading of an npm (Bug 7608531)
- After updating the PKI plugin it loads with a JAVA error (Bug 557400)
- Error: " Unable to create AdminNamespace.java.lang.NoClassDefFoundError " when logging in (Bug 566473)
- Modify of Multiple objects fails (Bug 597690)
- Fail to perform multiple operations correctly (Bug 504371)
________________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP3 FTF4
August 2010
Issues Resolved:
- iManager 2.7.3 FTF 3 installation hangs if earlier FTF installation files have not been uninstalled.
- Security Vulnerability - iManager stack buffer overflow - Creating a class name with more than 32 characters by using other scripts (perl / python).
- Security Vulnerability - iManager off-by-one DoS - If login request is sent with a Tree field length of 256 characters.
- Security Vulnerability - CVE-2009-3555 - OpenSSL Handshake renegotiation of the existing connections.
- Privileged User can instigate a DoS under the context of the service. (No Trace) - Providing Auditing and logs while authorized users upload the npm files.
Enhancements:
- In addition to the existing platforms and Web browsers, iManager 2.7.3 FTF 4 supports Windows 7 (32-bit and 64-bit), Windows 2008 R2 platforms, and Internet Explorer 8 (IE 8).
- “Hide” and “Show Hidden” Buttons in the Available Novell Modules Page
- Preferred Object Selection Method for a Task of a Property Book
- Ability to Add Organizational Role to the Authorized Users and Groups List
- iManager Caches Login Information for Faster Login
- Ability to Configure the Proxy by using DNS
________________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP3 FTF3
- Delay in the next login attempt after a login failure.
- The Case Ignore List adding multiple attribute values to a single attribute.
- Unauthenticated files that get uploaded onto Access Manager.
________________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP3 FTF2
- The security vulnerability issue faced during installation of external plug-ins.
________________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP3 FTF1
- The Others tab while modifying user is empty with iManager 2.7.3.
- Cannot browse/select objects from IE 8 browser.
- In IE 8, the iManager Tree view option was not listing.
- iManager plugin fails to uninstall cleanly.
- Objects created with alternate naming attribute in some cases.
________________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP3
- Error message for deleting obvject is not localized.
- Configure iManager task is not displayed for the member of a nested group which is an Authorized user.
- Plug-ins are not removed when you select Select all plug-ins option in the Available Novell Plug-in Modules page, deselect one or more plug-ins in the list, and click Remove.
- iManager (2.7 with Tomcat 5.5) login screen, by default, has Autocomplete enabled which results in security vulnerability.
- Replace option under the Identification tab of the Modify User page does not work.
- Large number of XSS vulnerabilities exist in iManager 2.7.
- iManager 2.7.2 removes RBS collection ownership for a user when the user is added to / removed from a group object.
- Plug-in allows inconsistency of group and group membership.
- A user, who has logged in to iManager through Internet Explorer, as a t1 trustee user cannot view the property pages.
- Plug-in download does not function when you add a plug-in with name same as that of one of the existing plug-ins, and rename the exiting plug-in of the same name.
- Plug-ins are not displayed because of clash between .jar files.
- Uniqueness scan does not work if a tree has more than 7000 users.
- Login script that is created with Novell client appears blank in iManager.
- iManager tree view filter does not work when you use scandinavian characters.
________________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP2
December 2008
- The TreeName Display appears to be set only by the Roles and Tasks view instead of the Header Display. (395379)
- iManager 2.7.2 allows plug-ins with Max-iManager-Version set to 2.7.0 to be installed in it.
- The user cannot log in to iManager if he/she doesn?t have Public Browse Entry right.
- Password Policies assignment list is not sorted. It is difficult for the user to navigate and validate individual assignments when the size of list increases.
- A Custom Plug-in with Photo/JpegPhoto control gives HTTP 501 error while uploading larger files.
- In the Edit Member Association page, under Role Based Services, an error page is displayed when you click a link.
- A large size description control should be added to the General Property Book page and the Create User task. (175533)
- After upgrading the iManager version to 2.7.1, Audit does not send events to the Novell Audit server, SLS.
- Simple Selection default values are wrong. (414442)
- Improper short length truncations for Members and Group Membership controls. (414803)10. iManager does not respond when you log in with a copied user object.
- Advanced Properties - Add to Create Object task is not saved in plug-in studio.
- Plug-in Studio - Ability to set Page Order exists on Property Book Pages, but is missing from Tasks for Create/Modify (353003)
- Proper Error Handling is required for Plug-in Studio Import task. The user should not get the Null Pointer Exception.
- The way the attributes with syntax case ignore list are displayed, is not useful.
- In the Modify Object dialog box, under the Members tab, unexpected characters appear in the string, Member.
- In OES 2, INVALID_ATTRIBUTE Namespace error is displayed while performing the Copy Object operation.
- In the Object Extensions task, CLASS NOT DEFINED error is displayed while adding an auxiliary class (name with serial spaces).
- Can't login if Public does not have Browse Entry rights (416327)
________________________________________________________________________________________________________________________
Issues resolved in iManager 2.7 SP1
July 2008
- The TreeName Display appears to be set only by the Roles and Tasks view instead of the Header Display. (395379)
- Setting up LDAP interfaces breaks dynamic group functionality.
- Adding more than one logic group in Advanced search filter for dynamic members query are not saved.
- Cannot add multiple users to multiple groups at the same time.
- The user cannot modify the chapter and page ordering while creating a property book, and while modifying the page list of an existing property book. (336071)
- Cannot export custom plug-in using Internet Explorer.
- Security vulnerability: Any user can delete Plug-in Studio created Property Book Pages. (336168)
- Only one value on a multi-valued attribute with path syntax is displayed on Edit Attribute page.
- When you export a plug-in, the manifest.mf file doesn't include Min-imanager-version, because of which when you import it back again fails.
- Plug-in Studio's Task for Create: When creating users from these custom-created tasks, it is not making a uniqueID matching the CN. (346647)
- Cannot truly assign Property Book Pages to the Existing chapter of General. (344410)
- ASCII Values field cannot be edited in the Octet String editor.
- Excessive DS Operations while modifying objects. (308623)
- Simple Selection is broken in the Configure > Views > iManager Views task screen. (336365)
- Creation of a Volume object should have a Physical Volume name entry that is populated with all possible values.
- Configure > Views > iManager Views task is broken. (343239)
- On the Modify Object page of Directory Administration, the user's password cannot be set.
- Option to use a proxy server to download plug-ins. (96942)
- iManager-Group object could define a Collection Owner.
- iManager 2.7 Octet String Editor does not work.
- If the user changes passwords in such a way that they don't meet Universal Password Policy, proper messages are not displayed.
- System Error occurs when the user tries to edit a stream attribute containing xml data.
- Cannot add replica if the server exists as S/R replica in a ring.
- The Object View, Tree, and Browse tabs return unsorted results.
- Specific files that the user wants to browse for, are not listed under View Objects-Browse view.
- The user cannot delete attributes from Auxiliary Classes by using iManager. Customer ldap scripts must be used to delete them.
________________________________________________________________________________________________________________________