AD360 Fixes and Enhancements [2021]

AD360 Fixes and Enhancements [2021]


Release notes for build 4302 (Jan 19, 2022)

Issues fixed:
  • A local privilege escalation vulnerability reported by Lukasz through our bug bounty program has been fixed by changing the default installation path to C:\Program Files\ManageEngine and by removing unnecessary product file permissions. Existing customers can refer this guide to remove the unnecessary product file permissions for AD360. If you wish to migrate the existing installation directory to C:\Program Files, please contact the AD360 support team.
  • Log4j dependency in AD360 has been removed to ensure security. Customers who have enabled or would like to enable RSA SecurID configuration for TFA, read this forum post to know how to manually update the latest authapi.jar file and its corresponding Log4j JAR files.

Release notes for build 4300 (Dec 03, 2021)

Enhancements:
  • Updated Tomcat server: The Tomcat server which comes bundled with the product has been updated to version 8.5.57.
  • Updated jQuery: The jQuery used by the product has been updated to version 3.5.1.
  • Secure backup archives: AD360 database backup archives are now password protected.

Release notes for build 4238 (Oct 19, 2021)

Issue fix:
  • This release includes a fix to prevent unauthorized remote code execution (RCE).

Release notes for build 4237 (Sep 22, 2021)

Highlights:
  • Security Hardening: This feature provides access to all of the product's existing security- related settings under a single tab to ensure better accessibility to the security configurations. You can also get to know how secured your product is with Product Security Hardening.
  • Default Product Accounts' Password Change Notification: Admins will be notified if the product in-built users' default password is yet to be changed, through email, and in the AD360's notification center.
Enhancements:
  • Two-factor authentication: You can now enable a second authentication factor for the default product users apart from the already existing support for domain users.

Release notes for build 4235 (Jul 30, 2021)

Issues Fixed:
  • Fixed the account takeover issue reported by HaYiCle, by enforcing SAML signature verification before logging in users through SAML SSO (CVE-2021-37927).
  • Fixed the Post-Auth OS command injection issue that occurs while configuring database backup in an external location. It was reported by Thai Nguyen (CVE-2021-37925).

Release notes for build 4234 (Jul 10, 2021)

Enhancements:
  • Load all the integrated components instantly: All of AD360's integrated components will now load automatically once you log into AD360. This saves the time spent waiting to load the components individually.
  • Reorder the components in apps pane: AD360 now gives you the option to reorder the components in the apps pane. You can simply drag and drop the components to the desired position.
  • JumpTo UI revamped: The featured components of AD360 are now organized into sections.
  • Revamped integration settings: The integration settings have been revamped to present the components in a simple, user-friendly fashion.
  • Improved downtime notifications: Downtime notifications will be sent to the admins if the product is down due to unexpected causes including out of memory errors or database access failures.
  • Support for Chinese (Traditional): AD360 can be now set up to use traditional Chinese as the user interface language.

Release notes for build 4233 (Mar 10, 2021)

Enhancements:
  • AD360 now includes provisions to set TLS protocol versions and configure cipher suites.

Issues fixed:
  • Minor bugs have been fixed.