8.5.100.11

What's New

This release contains the following new features and enhancements:

• Configuration Server port segmentation: You can configure separate ports on Configuration Server and Configuration Server Proxy that are restricted for use only by client User Interface (UI) type applications.
• Enhanced security on UNIX:
  • Genesys Security Pack on UNIX now uses OpenSSL instead of RSA to facilitate communication in the SSL/TLS protocol suite.
  • Security Pack scripts have been changed to use SHA1 by default, with an option to use SHA256.
  For more information, refer to the Security Pack on UNIX 8.5.x Release Note.
• Enhanced Logging:To simplify troubleshooting of secure connections, Configuration Server offers additional logging of the secure connection establishment phase when used with Security Pack 8.5.100.06 or newer.
• Updated Language Pack support: Refer to Translation Support for details about the updated language packs supported.
• In this release, Configuration Server external authentication uses OpenSSL version 1.0.2d for secure connections to LDAP Servers.

Resolved Issues

This release contains the following resolved issues:

If Configuration Server is provisioned to use external authentication, but [authentication]library=internal is set at the Tenant level, Configuration Server now authenticates internally all users under that Tenant that have a value in their External ID field. Previously in this scenario, Configuration Server ignored the value of the library option, and authenticated the users externally. (MFWK-17009)

Configuration Server now stores properly objects with option or annex values longer than 254 bytes and containing multi-byte characters. Previously in this scenario, Configuration Server sometimes failed to store the object because of a database SQL execution error. (MFWK-16929)

If the last login synchronization feature is enabled, while processing GETHISTORYLOG requests from clients, Configuration Server Proxy 8.5 no longer stops responding to client requests and no longer consumes up to 100% of its CPU. Previously in this scenario, Configuration Server sometimes stopped responding to client requests and CPU usage rose to 100%. (MFWK-16825)

If, during external authentication, the LDAP server dropped the connection or returned an unexpected error to Configuration Server, Configuration Server in this case ignored the retry-attempts option, repeatedly reestablishing a connection to the LDAP servers and retrying failed authentication attempts. Configuration Server also did not take into account the age of authentication requests in the queue before resending them to LDAP, increasing the processing load by executing requests that had timed out.

To prevent this, Configuration Server now properly limits the number of retry-attempts as specified by this option. Additionally, Configuration Server now limits the time that a client's external (via LDAP) authentication request waits for a response within a given time interval. The time interval is determined by the maximum value of retry-attempts together with retry-interval settings for all specified ldap-url settings.

(MFWK-16442, MFWK-16631)

When using Kerberos external authentication, Configuration Server now accepts connections from all clients that have a valid GSS token and are using Single Sign-on (SSO). Previously in this scenario, Configuration Server accepted a certain number of connections, then rejected the next one. (MFWK-15714)

Upgrade Notes

No special procedure is required to upgrade to release 8.5.100.11.

Supported Languages

See Release 8.5.1 Translation Support.