=============================================================================== Maintenance for Sterling External Authentication Server SEAS6000 iFix 1 March 2019 =============================================================================== This cumulative maintenance archive includes fixes for the issues listed below. Contents: I. HIPER (High Impact PERvasive) Fixes / Fixes Requiring Action II. Summary of Fixes by Patch/APAR (Latest iFix / FixPack first) III. Detailed Description of Fixes =============================================================================== I. HIPER (High Impact PERvasive) Fixes / Fixes Requiring Action =============================================================================== In SEAS60000 iFix 1 (March 2019): NONE - In SEAS60000 GA (February 2019): ACTION - JRE 1.8 SR5 FP27 (8.0.5.27) introduced changes to disable SHA1 certificates. See PSIRT12959 and PSIRT13809 for more details. =============================================================================== II. Summary of Fixes by iFix / FixPack /APAR (Latest iFix / FixPack first) =============================================================================== ------------------------------------------------------------------------------- Fixes for SEAS 6.0.0.0 iFix 01 Build 110 (Mar 2019) ------------------------------------------------------------------------------- SEAS-452/No APAR (CM,Engine,PS,SEAS) - Support for Windows 2016 SEAS-468/SEAS-465 - GUI description box for new SSO Token Group member does no data screening SEAS-696/No APAR - SEAS GUI Log level setting is not getting honored =============================================================================== III. Detailed Description of Fixes (in Defect ascending order) =============================================================================== PSIRT12959, - Update JRE 1.8 to SR5 FP27 (8.0.5.27) for security PSIRT13809 patches. Resolution: Update the JRE 1.8 to bring it up to the Oracle October 2018 level to satisfy the CVEs in PSIRT advisories 12959 and 13809. See http://www.ibm.com/support/docview.wss?uid=ibm10872778 for the Security Bulletin. ACTION - JRE 1.8 SR5 FP27 (8.0.5.27) introduced a change to disable SHA1 certificates via the jdk.certpath.disabledAlgorithms parameter in the /jre/lib/security/java.security file. For more information, read the comments in the java.security file which relate to the added parm: jdk.certpath.disabledAlgorithms= * * *, SHA1 jdkCA & usage TLSServer, SEAS-452/No APAR (CM,Engine,PS,SEAS) - Support for Windows 2016 Resolution: Add support for Windows 2016 - Upgraded all installers to use InstallAnywhere 2018 SP1. SEAS-468/SEAS-465 - GUI description box for new SSO Token Group member does no data screening SSO Token Synchronization was introduced in SEAS 6.0.0.0. The SSO Token Group tab contains a description field which allows any sort of unprintable data to be pasted in. Resolution: Now filter the data allowed in the SSO Token Group description field. SEAS-696/No APAR - SEAS GUI Log level setting is not getting honored After upgrading to log4j2 in SEAS 6.0, setting the log level in the GUI is not changing the log level used in the log being generated. Resolution: Updated the GUI to correctly change the logging level.