Release notes
Only use LTS19 releases (3.7.x) in combination with nevisProxy LTS19 (3.x).
If you use nevisProxy from LTS21 (4.x), use nevisAdmin LTS21 (3.8.x) instead.
LTS19 licenses have expired on 30 November 2022. Customers with an Extended Life Support (ELS) license have another 6 or 12 months of support. We recommend migrating to nevisAdmin 4 or upgrade to the LTS21 version of nevisAdmin 3.
Known issues
Since JDK version 1.8.0_322, the Glassfish container of nevisAdmin may stop responding to incoming requests after a few minutes.
The reason for this is an error during the SSL handshake with certain browsers.
If you are facing this issue, you may have to disable an algorithm in the java.security file of the JDK.
Where this file is located depends on your operating system. Example:
/usr/lib/jvm/jre-1.8.0/lib/security/java.security.
Search for the configuration of jdk.certpath.disabledAlgorithms in that file,
and add RSASSA-PSS to disable the problematic algorithm.
The configuration looks as follows:
jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
include jdk.disabled.namedCurves, RSASSA-PSS
General upgrade instructions
After installing the nevisAdmin RPM, or upgrading the admin nevisAppliance,
run the following command to ensure that nevisAdmin is redeployed:
nevisadmin redeploy
Release 3.7.5 has fixed a bug where symlinks were missing after upgrading the RPMs. However, old versions are still affected.
Proceed as follows if you are upgrading from a version earlier than 3.7.5. This example is for nevisAgent, do the same for nevisAdmin:
## install new version
rpm -i nevisagent-<new_version>-1.noarch.rpm
## check which versions are installed
rpm -qa nevisagent
## remove previous version
rpm -e nevisagent-<old_version>-1.noarch --noscripts
nevisAdmin 3.7.16 LTS 2019 - 20.04.2023
- NEVISADM-4163: We fixed import of filters with missing
filter-libelement. - NEVISADM-4163: We fixed import of filters which use
Conditionstatements in theFilterRulesinit-param.
nevisAdmin 3.7.15 LTS 2019 - 23.02.2023
- NEVISADM-4162: Support filter-lib for imported filter elements.
nevisAdmin 3.7.14 LTS 2019 - 02.01.2023
- NEVISADM-4158: We upgraded Primefaces to fix a Remote Code Execution vulnerability (CVE-2022-1000486).
nevisAdmin 3.7.13 LTS 2019 - 16.11.2022
- NEVISADM-4153: We fixed a bug with email validation.
nevisAdmin 3.7.12 LTS 2019 - 17.08.2022
- NEVISADM-4150: We upgraded several dependencies.
nevisAdmin 3.7.11 LTS 2019 - 18.05.2022
- NEVISADM-4140: We fixed file upload on Administration / Software repository screen.
- NEVISBASE-2: We updated nevis-op-proxy.sh to report a session count when dynamic session management is used.
- NEVISBASE-3: We fixed nevis-op-idm.sh calculation of max heap size for nevisIDM instances.
nevisAdmin 3.7.10 LTS 2019 - 16.02.2022
- REMOVED: The supplied log4j version 1.2.17 is patched to remove vulnerable classes org/apache/log4j/net/JMSAppender.class and org/apache/log4j/net/SocketServer.class.
nevisAdmin 3.7.9 LTS 2019 - 17.11.2021
- FIXED: In case of a temporary checkout, the repository at a custom path was not deleted. From now on, we delete such temporary repositories.
- FIXED: From now on, env.conf (standalone) is used instead of vmargs.conf (adnjboss) if both files exist in SNMP scripts.
nevisAdmin 3.7.8 LTS 2019 - 18.08.2021
NEW: It is now possible to disable the deployment of /etc/hosts entries.
nevisadmin.properties: ch.nevis.nevisadmin.deploy.disablehosts=trueNEW: As of this release, the nevisProxy status command is configurable.
nevisadmin.properties: ch.nevis.nevisadmin.command.proxy.status=<command>
This is an advanced setting. You should only use it when you encounter problems with the status monitoring.
*NEW: As of this release, you can change the sub-location for the checkout during deployment.
nevisadmin.properties: ch.nevis.nevisadmin.deploy.checkout.sub-path=<sub-path>
This is an advanced setting. You should only use it when you encounter problems with the status monitoring.
- CHANGED: The validation of entered mapping paths is improved.
- CHANGED: The deprecated init-param RegexpType is automatically removed.
- CHANGED: You can now set multiple values in the property hostname to listen to: .
- FIXED: There have been various fixes to SNMP scripts.
- FIXED: An exception was thrown when you tried to upload files. This bug is now fixed.
- FIXED: An exception was thrown when you configured the SMTP server. This bug is now fixed.
nevisAdmin 3.7.7 LTS 2019 - 19.05.2021
- CHANGED: Changed the validation of hostnames to allow hostnames to start with a digit.
- FIXED: The bug where the nevisadmin redeploy command requested a password for the nvbuser.
- FIXED: The bug where uploading to a local mapping was not allowed when the path contained a dot "
."before the last slash "/". - FIXED: The bug where nevisAdmin symlinks went missing when you removed the last nevisAgent package.
- FIXED: The bug where nevisLogrend files were deployed with wrong ownership.
nevisAdmin 3.7.6 LTS 2019 - 17.02.2021
- NEW: Support is now available for the global configuration of the nevisProxy parameters DNSCache / DNSCache.ttl (of the Http(s)ConnectorServlet and Esauth4ConnectorServlet).
- FIXED: The issue with the resolving of environment variables inside the AuthEngine element.
- FIXED: The bug where more than 14 duplicate applications were shown after a copy, when the GUI switched to nested groups.
- FIXED: The bug where user details or e-mails were lost after deployment.
nevisAdmin 3.7.5 LTS 2019 - 18.11.2020
- FIXED: The bug where the symlinks /usr/bin/nevisadmin and /usr/bin/nevisagent were missing after upgrading the RPMs.
- FIXED: The issue with the name validation of custom parameters.
nevisAdmin 3.7.4 LTS 2019 - 26.10.2020
- FIXED: The issue with the generation of nested FilterMappingFilter elements.
- FIXED: The bug where it was not possible to upload to directory paths containing a dot (.) with a slash (/) afterwards. File managers now support upload to this kind of directory paths.
nevisAdmin 3.7.3 LTS 2019 - 20.08.2020
- CHANGED: The init-param RemoveInterceptedRequestAfterAuthentication is no longer part of the filter templates, as this parameter is used for testing only.
- CHANGED: The template for the IdentityCreationFilter now includes the following init-params:
- FIXED: The issue with the error message in the nevisAdmin 3 log file related to the SNMP monitoring of standalone nevisAuth/nevisIDM instances.
- FIXED: The bug where an exception was thrown when nevisAdmin 3 tried to create a nevisLogRend instance in the Infrastructure view and the user was not in the admin group.
- FIXED: The bug where the nevisAgent instance did not start when systemd was enabled.
nevisAdmin 3.7.2 LTS 2019 - 20.05.2020
- CHANGED: Additional permissions now allow non-root users to execute nevisagent commands.
- FIXED: The bug where the RPM postinstall did not add entries to /etc/sudoers. Now, the RPM postinstall does add entries again.
- FIXED: The Swagger UI integration has been improved.
nevisAdmin 3.7.1 LTS 2019 - 30.04.2020
- FIXED: assigned resources of mappings were displayed in a wrong order
- See [Important Fix Available for nevisAdmin 3 (Resource Ordering Problem)] for detailed instructions.
- FIXED: added missing execute permission for some scripts in nevisAgent.
- you use nevisAdmin to perform nevisAppliance upgrades
- you use nevisAdmin to manage /etc/hosts entries
- CHANGE: removed support for 32 bit nevisProxy instances.
- CHANGE: removed support for nevisProxy Apache 2.2.
- FIXED: the header X-Frame-Options: SAMEORIGIN is now also set on the first response of the nevisAdmin login page.
- FIXED: the application import now always updates the order of assigned resources for mappings which already exist in the target environment.
- FIXED: fixed loss of HSM flag for nevisKeybox slots during Discover.
- FIXED: prevent nevisproxy_httpd.conf from being picked up multiple times when calculating the number of connections to a nevisProxy service.
- manually delete the nevisproxy_httpd.conf in the conf folder of the nevisProxy instance (if it exists).
- This operation is safe as recent nevisProxy versions generate the nevisproxy_httpd.confinto the run folder instead.
nevisAdmin 3.7.0 LTS 2019 - 20.11.2019
- NEW: The reference guide now describes how to re-create the nevisAdmin 3 CA, in chapter Re-create nevisAdmin 3 CA.
- CHANGE: The Encryption Filter now supports the parameter ContentType.html.rules.enabled.
- FIXED: The bug where nevisAgent scripts used for SNMP monitoring of nevisAuth and nevisLogRend instances produced incomplete results.
- FIXED: The bug where automatic zone/environment assignment was not persistent across restarts.
- FIXED: The bug where filters assigned to mappings got lost when you loaded an old revision of an environment or imported an application.
- FIXED: The problem with the broken Swagger UI integration, caused by missing JSON resources.
Upgrading
- If your nevisAdmin CA has been created with a nevisAdmin version older than 3.1.4 (2012), it misses the CA flag. This may cause issues in combination with the latest nevisProxy and OpenSSL 1.1.1, as nevisProxy cannot connect to nevisAuth.
- nevisAgent should be upgraded on all servers. The upgrade is mandatory if SNMP is used to monitor standalone nevisAuth or nevisLogRend instances.
- If you upgrade nevisAdmin 3 from a version older than 3.6.12.0, read the release notes of all intermediate versions.