Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-46660: Release Notes for Manager+Agents | Signiant Help

Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) attacks.

CVE
#web#mac#windows#apple#ubuntu#linux#debian

Updated December 13, 2021

What’s New in Manager+Agents 15.1

This version of Manager+Agents includes usability improvements, bug fixes, and software architecture improvements resulting in better performance and improved security.

In this release:

  • New Agent Picker: A new Agent picker has been added to Media Mover jobs, Agent reports, Agent upgrades, and Manager backups to Agents, allowing you to easily select multiple Agents at a time.

  • Object Mover Jobs: ObjectDropBox and ObjectUploader job templates now support the ability to move source data after a transfer completes.

  • Job Retrying: Object Mover jobs that fail due to lack of available system resources are now retried on the next available Agent.

  • Job Creation Object Mover and Media Mover templates now have conditional prompting to make job creation easier.

  • Field Notes: You can now add Field Notes to Agent, Boolean, and PickList prompts on custom job templates.

  • REST API Improvements: The REST API now allows you to set job labels.

  • REST API Documentation: The native REST API documentation has been updated to provide better and more complete examples.

  • Agent List Improvements: In the Agent List, you can now choose to stop monitoring unreachable Agents.

  • Agent Operating System Changes: Added support for Ubuntu 20.04 LTS Agents.

  • Agent Hardware Changes: Added support for Apple M1 CPUs on macOS Agents.

  • Manager and Agent Operating System Changes: Added support for Rocky Linux 8.4.

  • Active Filename: Jobs now display the Active Filename of the file currently being transferred.

  • Active Filename: Job and Agent queues in resource controls can now display an Active Filename column to show which file is currently being transferred.

  • Job Queueing: Job queuing management has been improved to allow you to easily reorder jobs in the job queue.

  • File Metadata: Jobs now have the option to preserve the original file creation date after being transferred to a destination.

  • File Suffix: Jobs now have the option to add a suffix to new versions of files that have been previously transferred with the same name.

  • Workflow Gateway: Workflow Gateway has been improved to allow file filtering based on the source file date.

  • Health Checks: System health checks have been improved to include more information and details.

Bug Fixes

  • Fixed issues in the Windows installer related to the progress bar, installation summary, and uninstall process.

  • Fixed an issue where the Data Transferred incorrectly displayed the Total Data value.

  • Fixed an issue where the Agent version would not update on the Agent List after upgrading the Agent.

  • Fixed an issue in job views and reports related to date preferences not being preserved.

  • Fixed an issue with Media Mover related to the Skip Source File Not Found On Send prompt causing jobs to fail.

  • Fixed an issue that did not release TCP connections from Agents using version 14.0 or earlier when using Agent monitoring.

  • Fixed an issue where Windows Manager backups would not check for free disk space before trying to restore the system.

  • Fixed an issue where the job status would not show the correct status when a Windows backup failed.

  • Fixed an issue that prevented Workflow Gateway from working after restoring a Windows backup.

  • Security improvements to prevent potential XML External Entity and Cross Domain attacks.

    Note: The security improvements are available to all supported versions of the Manager software. If you are using version 14.1 or higher, it is recommended you download and install the latest bundle to ensure your system is secure. If you are using an earlier version, contact Signiant Customer Support for assistance migrating to a newer version.

Perl Upgrade

New installations of Manager+Agents version 15.1 include Perl version 5.32.1 to improve performance and security. Existing Manager+Agents deployments upgrading to version 15.1 will remain on the same version of Perl and can be manually updated. For more information see Upgrading Perl Versions in Manager+Agents 15.1.

Upgrade Path

This upgrade can be installed on Manager+Agents 13.1 or higher. Previous versions must upgrade to 13.1 before upgrading to this version. Contact Signiant Customer Support for more information.

Agent Configurations

Upgrading Manager+Agents does not preserve additional Agent configuration files other than sigsetup.inf. To save your additional configuration files, back up all INF files contained within the Agent hosts directory.

  • Linux: usr/signiant/dds/3rdparty/jboss/server/default/deploy/signiant.war/secure/hosts/

  • Windows: C:\Program Files\Signiant\Mobilize\3rdparty\jboss\server\default\deploy\signiant.war\secure\hosts\

End of Life Announcements

Manager+Agents 15.1 includes changes to the supported operating systems and deployment options. For more information, contact Signiant Customer Support.

End of Agent Support for Debian Linux 8 / Ubuntu Linux 17

Agent software no longer supports Debian Linux 8 and Ubuntu Linux 17. To upgrade to the latest version of Manager+Agents, you must upgrade any Debian or Ubuntu Linux Agents to a supported operating system.

End of Agent Support for Apple macOS 10.13 and earlier

Agent software no longer supports Apple macOS 10.13 (High Sierra) or earlier. To upgrade to the latest version of Manager+Agents, you must upgrade any macOS agents to version 10.14 (Mojave) or higher.

End of Life Reminders

The following Manager+Agents solutions are no longer supported and may require assistance from Signiant Customer Support to upgrade to a newer version of Manager+Agents.

Manager+Agents supported Media Shuttle portals

Manager+Agents backed Media Shuttle deployments are no longer supported. For more information, contact Signiant Customer Support for assistance migrating your Media Shuttle deployment to the cloud native Signiant Media Shuttle, which provides additional features and functionality to Media Shuttle.

Manager+Agents supported Media Exchange

Media Exchange deployments are not supported by Manager+Agents 15.0 or higher. To continue using Media Exchange, remain at Manager+Agents 14.1 or earlier.

Web Transfer API

Web Transfer API is not supported by Manager+Agents 15.0 or higher. To continue using Agents as TAPI-enabled servers, remain at Manager+Agents 14.1 or earlier.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907