{{indexmenu_n>20210330}}

====== NetYCE 7.2.0 Build_20210330 ======
====== Release notes ======
Date: 2021-03-30


\\ 
<WRAP widths 60% box safety>
===== Enhancement =====
</WRAP>

==== Node groups ====
<WRAP indent>
Node groups are used to dynamically select the desired nodes for a task using given criteria.
These criteria are implemented using Rules consisting of Conditions. The conditions accept 
lists of strings (with or without wildcards) to match the different values. And as long as 
these lists consists of single words, the whitespace separator being used causes no problems.

However, when trying to use a condition match string that included spaces proved to be impossible.
To resolve the issue, conditions now accepts lists of strings where the values may be enclosed
in quotes. By using quotes around values using spaces the lists can be properly separated.
</WRAP>

==== Compliance REST signal ====
<WRAP indent>
Changed CMPL REST-api signal config to use <variables> in (custom) attributes. Instead of
sending a fixed-format Rest/Json post, the message payload can now be custom formatted
using a number of '<variables>' which are substituted in the defined signal template.
</WRAP>

==== HP C7 file transfer ====
<WRAP indent>
When transferring a (configuration) file from a HP Comware7 device, the use of the 
'management vpn' is mandatory. As one customer found out, adding the management vpn
to their extensively modelled nodes was time consuming.

To relieve this problem, we created an option to add the missing vpn to transfer command
based on a Tweak specific to a node-type or class.
</WRAP>

==== Aruba MM vendor module ====
<WRAP indent>
The new vendor module 'Aruba MM' was added to support the Aruba Mobility Master Controller family
of devices.
</WRAP>


\\ 
<WRAP widths 60% box safety>
===== Change =====
</WRAP>

==== IPsec GRE api ====
<WRAP indent>
In version 7.2 the form supporting IPsec GRE tunnels was dropped from the product as
it was designed to support a specific customer design that was phased out. 

In its stead two XCH API calls were created to provide continued support of this
design during its migration phase.
</WRAP>

==== Compliance traps ====
<WRAP indent>
The optional SNMP Traps that can be issued on a changing Compliance status are now 'spoofed'
by default. Here the 'spoofing' refers to the 'faking' of the source ip-address of the Trap
message by replacing the server address with the node address.

The SNMP Trap will use the node ip-address instead of the NetYCE server as the source if the
node-fqdn can be resolved using the DNS in an ipv4 address. Otherwise the NetYCE server will
be used as the source address. 

If this functionality is not desired, it can be disabled using the signal_cmpl.conf setup file.
</WRAP>


\\ 
<WRAP widths 60% box safety>
===== Fix =====
</WRAP>

==== Compliance fixes ====
<WRAP indent>
A fair number of relatively minor fixes and improvements were incorporated 
in the NCCM and Compliance modules:
  * Front-end fix for error on condition include change
  * Nccm daemon fix for misaligned condition types
  * Fixes in compliance reporting entries
  * Fixed compliance report filenames and detail levels
  * Front-end fix for report templates with both a policy id and a group name
  * Front-end fox in report vendor type search
  * You can now search for a numerical status in the cmpl api
  * Modified the report details for multiconfig compliance
  * Bug fix in compliance reporting XCH api call
  * Fixed the hyperlink in the compliance signal report details
  * Cleaned up the report details for configuration rules
  * Added report details to report view for policy reports
  * Added optional runtime statistics to the nccmd daemon for tuning purposes: Change Nccm_lookup variable Nccm_stats' Num_value 0 -> 1
  * Compliance report on 'ordered' blocks
  * Added a timestamp column to the cmpl condition edit form
  * Condition evaluation time streamlined giving better performance
  * Enhancements to the 'new logic' form
  * Compliance policy test timeout catch
  * Nccm daemon optimizations to reduce memory load
  * Condition exclude match now logs the exact line that has matched
  * All excluded lines are now reported with a threshold of 20

</WRAP>

==== Cisco IOS vendor ====
<WRAP indent>
Some Cisco IOS devices are using a different on-screen layout to display their 
version output. The fix now detects and extracts the firmware version from
either layout.

</WRAP>

==== Huawei CE/S vendors ====
<WRAP indent>
Some device types use a different on-screen confirmation prompt than others which caused time-outs
on some transactions. Now either format is detected.

On devices using a different hostname than used in the NetYCE node, the configuration backup 
file was using an incorrect filename.
</WRAP>

==== Cookie failure ====
<WRAP indent>
Browsers keep improving their security levels enforcing older and newer guidelines. One of them,
'SameSite cookies' was causing some issues. This is now corrected.
</WRAP>

==== Ldap/AD password failure ====
<WRAP indent>
After an AD or Ldap password change some users could no longer login to NetYCE. The reason
proved to be the inclusion of a backslash (\) character in the new password. These backslashes
are commonly incorporated password generated by a tool.

As these backslashes require a 'protect' not to be discarded on encryption, the corresponding 
'unprotect' before submitting to AD/Ldap was neglected, causing the password to be rejected. 
This is now corrected.
</WRAP>

==== Aruba MC vendor ====
<WRAP indent>
Aruba MC view config failed to show any configuration lines. Resolved the issue by adding
the missing web formatter to the module
=== Vendor session timeout ==

When interacting with some devices that use a sub-prompt the session would not properly timeout
if this prompt was not 'expected'. The session would end up in a loop basically indefinitely.

The handling of timeouts was extended to include these situations. Now, when an unexpected 
(sub-)prompt is presented, an <enter> is given after 10 seconds as before, but not forever. 
If the same prompt is encountered six times in a row (1 minute), the session is aborted.
</WRAP>

==== 'XXXXX' error flag fix ====
<WRAP indent>
The string 'XXXXX' is used in templates and scenarios to flag an error when a variable
substitution fails. This flag was chosen over 'error' or 'failed' because of its uniqueness.

But as it turns out, not unique enough. Customers that created templates which included the 
'XXXXX' string found that the template was rejected or was reported to have an error.
To resolve this issue, the handling of this flag was altered to make this distinction in 
context. Using the XXXXX string in templates is now supported without raising errors,
but the flag will still be highlighted in red when using the various tools.
</WRAP>

==== Site-type name fix ====
<WRAP indent>
It was found that the front-end accepted Site_types with a slash (/) in its name. When using
web-technologies, these slashes have special meaning and need to be protecting (escaping)
to prevent them from getting lost when communicating with the server. This was properly
incorporated as expected, but not once but twice. In the message routing these slashes
resulted in the server receiving a name it should not find in the database preventing returning
the correct data.

This problem was resolved for the site-types to support existing customer configurations. Other
instances where slashes are currently accepted will be modified to deny them.
</WRAP>

==== Huawei_S Hardware-model ====
<WRAP indent>
During job execution the Hardware-model of the device is read using a version command. On some 
Huawei models this led to inaccurate model names.

The issue was resolved resulting in improved accuracy of hardware model determination.
</WRAP>