SiteProtector SP8.1 Update - README ===================================================================== Last modified: January 28th, 2013 Copyright © 1994-2013 Internet Security Systems, Inc. All rights reserved worldwide. PLEASE READ THIS DOCUMENT IN ITS ENTIRETY. ===================================================================== CONTENTS ===================================================================== - Description - Compatibility - Applying the Update - Getting the latest Documentation - Customer Support - Reporting product issues - Files included with The Update DESCRIPTION ===================================================================== This is a Cumulative SiteProtector Patch. Please see the list of issues covered below. Cumulative Patch -- 01/28/2013 ========================================= APAR IV33526 --------------- When running a report from the analysis view from a console set to use a different timezone than the timezone of the app server and using custom time filters the title page of the report may display filter times that have an offset timezone. This update changes the design of how views are serialized for the purposes of passing view timezones to reporting. NOTE: Because this is a change in how views get parameterized, old saved report templates may need to be re-created before they can be re-run. The fix will only affect reports created after applying the patch. WARNING: This change is a serialization change and will therefore require that every patch applied after this one (up until the next core xpu) have a synchronized Console and App Server patch level. This means the App Server and every single console that connects to it must be patched if any are patched or you may experience serialization errors. APAR IV34825 --------------- When running a report from the analysis view from a console set to use a different timezone than the timezone of the app server and using charts in the report that include times labelled on the axis, the time labels may appear offset even though the data itself is otherwise correct. This update adjusts the dates output in the chart labels on the axis to reflect the timezone of the console. APAR IV34850 --------------- When filtering analysis data that includes IPv6 addresses and attempting to filter using a NOT filter, all of the IPv4 addresses may be filtered out in addition to the filter applied. This update allows the returned results to properly include the IPv4 addresses if they are not otherwise filtered out. APAR IV34847 --------------- When filtering analysis data by IPv6 addresses, unexpected results may occur if a certain combination of IPv6 filters is used. The result may be that all not all of the IPv6 addresses in the filter list are filtered, or that none of the IPv6 addresses get filtered. This update allows the IPv6 addresses to be properly filtered when multiple IPv6 filters are applied. Rollup Core XPU 2.0 for SP8.1 -- 10/18/2012 ========================================= Note: all the issues below this point are covered by the SP 8.1 XPU 2.0 core rollup xpu. However, if you need the patch for any new issues, then the core xpu should still be applied first or other fixes may be missed. Cumulative Patch -- 08/27/2012 ========================================= Role file update -------------------------------------------- With the release of Update Server version 2.9.0.1 you may no longer see your Update Server agent listed in the policy tab. This is due to a change in versioning from 2.9 to 2.9.0.1 and stricter versioning required when the patch is applied. This update contains an updated role file that allows the 2.9.0.1 policy to be properly displayed. Cumulative Patch -- 07/23/2012 ========================================= Issue ID 407915 --------------- If attempting to view a very large number of agents in the Agent tab (over 65,000 agents) you may receieve a database error when attempting to query the health statuses for the agents due to a limitation in SQL Server. This update adds health status query batching to work around the SQL limitation. Issue ID 407867 --------------- When performing a scheduled analysis export on a subgroup and selecting an analysis view using the view dropdown box, the group can become unselected. This update allows SiteProtector to maintain selection on the group after choosing an analysis view from the scheduled analysis dropdown box. Issue ID 407839 --------------- When performing a scheduled analysis export, using the additional Filters button in the scheduled analysis export dialog, and selecting a different view from the scheduled analysis view dropdown box, it may be possible for the view to become unselected and the original view to be used instead. This update allows SiteProtector to correctly use the currently selected view from the view dropdown box when also using the additional Filters button in the scheduled analysis export dialog. Issue ID 27737 --------------- A console timeout feature was added to enhance the security of the console. When the idle timeout expires the user will be prompted to re-enter their password to continue viewing the console. If you wish to use this feature, it will need to be enabled in the file: \Program Files\ISS\SiteProtector\Console\config\console.xml To enable it, log in and out of the console while this patch is applied, then locate the lockoutTime tag in the base section of the console.xml file and change the enabled flag to "true". For example: The value in this configuration represents the number of minutes before the idle timer expires. Note: the timeout login screen does not support two-factor authentication. Cumulative Patch -- 02/15/2012 ========================================= Issue ID 407575 --------------- When using Central Responses your SNMP Responses may stop working after about fifty days if you have not restarted the SiteProtector services at any time, such as by rebooting the machine for Windows updates. This update changes the way SNMP responses work so that after fifty days the uptime parameter is reset. This will cause an incorrect uptime parameter to be displayed but will prevent SNMP responses from not firing. Cumulative Patch -- 11/11/2011 ========================================= Issue ID 407642 --------------- When viewing Proventia Server for VMWare Proventia Server for VMWare agents tied to SiteProtector, the license will be highlighted in red. This update resolves an issue with the agent license counting mechanism for Proventia Server for VMWare. Cumulative Patch -- 09/13/2011 ========================================= Issue ID 407567 --------------- When viewing the analysis view and the Auto Refresh option is enabled it is possible for the console to start consuming a large amount of memory over time depending on your console environment. This update allows SiteProtector to properly clean up the analysis view objects to prevent improper console memory increases. Cumulative Patch -- 08/01/2011 ========================================= Issue ID 407533 --------------- When deploying policies, a command window appears that allows you to pick targets, policies, and a schedule for the deployment. On some sites with a large number of agents, this window may take a long time to appear. This update allows SiteProtector to ignore processing of agent specific repositories when deploying policies at a group level, increasing performance of the deploy policy command window. Issue ID 407507 --------------- When editing the Security Events policy and using multiple nested repositories you may see an incorrect blocking configuration in the policy if a higher level repository has a different block setting than the lower level repository. This update allows SiteProtector to correctly display the lower level block setting from the lower level repository when editing a policy at a lower level repository. Cumulative Patch -- 05/24/2011 ========================================= Issue ID 407454 --------------- When using analysis reports from the reporting tab and choosing to save them as CSV files you may see numbered column names instead of the textual column names. This does not occur when using the data export to CSV via the Analysis tab. This update updates the code to populate the textual information for the templates to use, and updates the template to use this information. Note: You must apply the analysis.rptdesign file included in the patch or your reports will no longer function after applying this patch. Cumulative Patch -- 02/14/2011 ========================================= Issue ID 407305 --------------- When performing many console actions while attempting to deploy a policy to many agents with the Force Heartbeat option enabled, it may be possible to get a conflict in console actions. This will prevent further actions from occurring and will cause the application server to stop doing some actions until restarted. The user may see an error such as: "Multiple concurrent threads attempted to access a single broker." This update forces SiteProtector to handle the multiple actions to help prevent multiple accesses from different threads. Issue ID 407321 --------------- There has been a vulnerability discovered in the Deployment Manager where an attacker could use a cross-site scripting attack from the network that the Deployment Manager is on. This update contains the fix for this but needs to be applied in combination with Deployment Manager files. The Deployment Manager files will be released as a separate patch due to them not being applicable unless you have a currently installed Deployment Manager. All other items in this patch will work normally without these additional files. Cumulative Patch -- 11/08/2010 ========================================= Issue ID 407203 --------------- When using two factor authentication in SiteProtector is it possible for the console to stop refreshing data correctly if left idle for a long period of time. This is caused by an expired token requesting a re-login, which fails due to an improper initialization. This update allows SiteProtector to correctly process the login after the console has gone idle for a long period of time. This also allows the login dialog to properly redisplay after the idle period has expired. NOTE: Although the fixes in the cumulative patch are normally included in the next release version, this fix is an exception to that rule due to the release schedule. If you need this fix, another cumulative patch will be released after the core xpu that also includes this fix. This note is not applicable to the below fixes or patches after XPU 1.0. Cumulative Patch -- 09/27/2010 ========================================= Issue ID 407130 --------------- When applying xpu's on Chinese systems (Traditional), the text describing the XPU is not readable. This is a cosmetic issue that does not impede functionality. This problem occurs due to the Chinese systems' inability to display italicized characters. The italics have been removed. Cumulative Patch -- 09/02/2010 ========================================= Issue ID 407104 --------------- When migrating a locally managed Proventia M to a repository you may encounter problems with the Proventia M not accepting the SSL VPN policy after migration. The Proventia M will go into an Active with Errors state even though the policy will otherwise look normal in the Policy Editor. This occurs because temporary variables are left in the SSL VPN policy after migration and normally removed upon the next edit of the policy, but the Proventia M does not correctly parse these temporary variables if it receives the migrated policy before it is edited. This update allows SiteProtector to perform the migration without leaving the temporary variables in the policy so the Proventia M will stay active even if there are no additional edits to the policy. Note: If you are migrating Proventia Ms to repository, it is recommended to also get the "Migrate to Repository SSL VPN Portal Resources Fix", Patch ID 1366. Cumulative Patch -- 08/16/2010 ========================================= Issue ID 405821 --------------- When attempting to use the Event Collector Failover scripts provided with SiteProtector SP7 - 8.1, users may experience a race condition between the SensorController and the EC Failover Scripts. This will cause the sensors to not get the proper EC assignment and go "Offline". This patch removes the race condition and allows proper EC assignment. Cumulative Patch -- 08/11/2010 ========================================= Issue ID 407102 --------------- When viewing events in the SiteProtector analysis view on a console with the timezone option set differently from the system clock, the view's time filters may not work as expected. This fix allows SiteProtector to correctly filter time based on the timezone set in the options of the console. Note: this does not affect the behavior of changing timezones in the options while in use. If you change the timezone option after connecting the console, please reconnect the console to ensure the option change is able to propogate. Cumulative Patch -- 07/30/2010 ========================================= Issue ID 407072 --------------- On sites that contain Central Response rules that were manually created without specifying a vulnerability status, you may see responses trigger on rules they were not meant to trigger on. This fix allows SiteProtector to correctly treat Central Response rules with no vulnerability status specified as an "any" vulnerability status filter. NOTE: Because a new policy will need to be pushed out AFTER the fix is applied, be sure to delete CAPolicy.xml from the PF\ISS\SiteProtector\Application Server\temp\CentralResponseServer directory OR temporarily make a minor change to the Central Response policy to trigger an automatic policy push after you have applied the fix. ========================================= To resolve this, follow the steps to replace files in the APPLYING THE UPDATE section carefully. Be sure to read any notes on individual fixes. MD5 for the files included in this update: - 6b61e64cd0044e45dcb73d6f7fa3621a Console\SiteProtector.jar - 18cfddbc46d5074f183b40a8e8f16253 Server\SiteProtector.jar Build Number: 2.8.1.259 COMPATIBILITY ===================================================================== This update is applicable only to: - SiteProtector 2.0 (SP8.1 XPU 2.0) NOTE: Do NOT apply this update to a SP8.1 XPU 0 system or a SP8.1 XPU 1.0 system. You should apply the 1.0 and 2.0 xpus first as they contain additional fixes. The version can be viewed in the console by looking at the SiteProtector Core component's version on the agent tab. APPLYING THE UPDATE ===================================================================== To apply the update: Step 0 - Verify you are applying this patch to a system on core version SP8.1 XPU 2.0. If not, you will need to apply the core XPU 2.0 first. The version can be viewed in the console by looking at the SiteProtector Core component's version on the agent tab. Step 1 - Close out all SiteProtector consoles. Step 2 - On the Application Server, stop the three SiteProtector services: SiteProtector Application Server Service SiteProtector Sensor Controller Service SiteProtector Web Server Step 3 - Put the SiteProtector.jar file from the Console directory in the patch in the following location on all Consoles. Be sure to backup the original files first. \Program Files\ISS\SiteProtector\Console\bin\ Step 4 - Put the SiteProtector.jar file from the Server directory in the patch in the following locations on the Application Server. Be sure to backup the original files first. \Program Files\ISS\SiteProtector\Application Server\bin\ \Program Files\ISS\SiteProtector\Application Server\deployed-apps\iss\SiteProtector.ear\lib\ Warning: Never place back up files in the deployment directories. Step 7 - On the Application Server, start the three SiteProtector services back up: SiteProtector Application Server Service SiteProtector Sensor Controller Service SiteProtector Web Server If you feel the need to remove the patch at a later date, the original files can be restored using the same process. GETTING THE LATEST DOCUMENTATION ===================================================================== For the latest version of the SiteProtector Readme file, go to the IBM Security download center: https://webapp.iss.net/myiss/login.jsp?action=download For the latest version of the product documentation, go to the IBM Security Product Information Center: http://publib.boulder.ibm.com/infocenter/sprotect/v2r8m0/index.jsp CONTACT IBM SUPPORT WORLDWIDE ===================================================================== IBM Security offers a variety of contact options. To view these options, please visit the IBM Support Portal: http://www.ibm.com/support/entry/portal INFORMATION REQUIRED FOR REPORTING PRODUCT ISSUES ===================================================================== If you encounter a problem with this product, please make notes that are as detailed as possible about the following: - Component and Build versions - Specific failure symptoms or undesirable behavior This information helps us reproduce the problem and resolve it as quickly as possible. FILES INCLUDED ===================================================================== - Console\SiteProtector.jar - Server\SiteProtector.jar ===================================================================== =====================================================================