Table of Contents

NetYCE 8.0.0 Build_20220719

Release notes

Date: 2022-07-20


Enhancement

Rename stored jobs

Command jobs can save jobs definitions for future re-use as 'stored jobs'. These jobs are created using a name as defined by the user, and when made public, other users can use and adapt them. To change the name of an existing 'stored job', the user has to first create a copy using the new name, and then delete the original. This sequence is not very practical for day-to-day use.

To simplify this operation, a 'Rename' button is added next to the 'Save' button. This will allow the user to update an existing stored job under a different name.

Clicking on their menu or navbar item now refreshes the cgi tool

When you click on the menu item or navbar item for an operating tool, this tool now gets refreshed, resetting the tool

Maximum file upload size

The maximum file upload size has been changed from 1Gig to 4Gig

Site State Field Widened

The Site state field was a bit too short for some of the states and provinces that the world supports. This has been enlarged now to 40 characters. The site address field has also been enlarged to support a maximum of 100 characters


Fix

Removed SQL Injection Vulnerability

There was a vulnerability where some backend urls were susceptible to sql injection attacks. This is fixed now.

Login ldap failure message is now the same as a regular login failure message

The message for a failed login for ldap and regular user accounts used to be different. This could be used by a malicious third party to harvest a list of usernames. This is now fixed and all login failed messages are the same now.

XSS fix

Cross-site scripting allows a malicious party to insert html text which will then get printed. A number of cgi tools were vulnerable to this exploit. This has been rectified.

Evpn form fix

There was a bug in javascript causing the Evpn form to fail when trying to submit. This has been fixed now

Compliance regex error fix

When you had a compliance condition with faulty regular expressions (for example, containing a misplaced '*'), the error you got was not handled properly by the daemon. Now it is, and you get a notification in the nccmd logs.

F5 Multiconfig Compliance ever-changing timestamp

A line in F5 configs was found that changes with every config that was not properly filtered out, leading to a mismatch in multiconfig compliance. This has now been fixed. The line in question was:

last-modified-time 2022-06-14:14:37:46

Once in a while, the sidebar menu would not load. This sometimes happened when visiting the site for the first time, or from a sleeping browser. This has been fixed.