iChain 2.2 Support Pack 2 Now Available
Novell Cool Solutions: Feature
Digg This -
Posted: 25 Nov 2003
iChain 2.2 Support Pack 2 - Version 2.2.110
This patch provides enhancements and fixes for issues that have surfaced since iChain 2.2 shipped. It is not recommended to install individual files from the patch.
- Download the Support Pack and get the official installation instructions here: http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967439.htm
- Novell iChain Version 2.2 Support Pack 2 Readme: http://www.novell.com/documentation/lg/ichain22/readme.txt
- Novell iChain Version 2.2 (SP2) Documentation: http://www.novell.com/documentation/lg/ichain22/index.html
|New Features in iChain Version 2.2 SP2|
- Support For OLAC Internal Data Source Feature
- Support for Step-Up Cryptography
- Change to Command for Disabling the Internal Rewriter Per Accelerator
- Troubleshooting HTTP 1.0/1.1
Read the Novell iChain 2.2 SP2 - New Features Summary for more information: http://www.novell.com/documentation/lg/ichain22/whatsnew.txt
|Fixes/Enhancements in this Support Pack (Since ic22sp1.exe)|
- Security Alerts:
- Fixed possibility of getting another user's session if the new user's session is opened on the same port.
- Fixed DoS attack using WGET to abend server.
- Fixes for NISCC vulnerability advisory on SSL and TLS protocols.
- OLAC enhancement to forward authentication profile to back end Web server
- Added CLI SET parameter to force accelerator to talk HTTP1.0 to origin
Syntax: Set accelerator <name> ForceHttp10ToOrigin=Yes|No
- Added CLI SET parameter to disable Internal rewriter for specified
Syntax: SET accelerator <name> DisableRewriter=Yes|No
- GUI performance enhancement
- Added Netscape extension (Server Gated) support for Verisign Secure Site Pro certificates.
- Added SMTP Trap and descriptive error page when LDAP Server is down.
- Added support for the CPQNF3, B57, Q57 and PCNTNW driver's duplex and speed settings in the Admin GUI.
- Added PKTSCAN.NLM for capturing traffic in and out of iChain on multiple interfaces.
- Added sort for selectable IP addresses on web accelerator.
- Improved hashing method used in processing Protected Resource wildcard matches.
- Fixed abend in walking a list of "not initialized" services.
- Fixed STOP.NCF abend on shutdown.
- Abend doing referrals - with LDAP server down.
- Abend when shutting down if LDAP server is down.
- Abend rewriting very large .JSP file.
- Abend if DN in Cert exceeded static buffer.
- Abend after OTWUG caused by RESTART on second boot; Now do a RESET.
- Fixed possible abend in SetSrvIP.NLM
- Added port number to user's IP address in log files.
- Corrected cookie logging.
- Path-based multi-homed child accelerator logging would work only after its parent had logging enabled.
- Fixed error: LogEvent called from an NLM that has not initialized its NLMEventID.
- Fixed "Log volume full" problem when PROXYEXT.CFG is present, but empty.
- On a "Set-Cookie" when the path is added, now check to add a ';' before path=/subpath.
- Could not access iManager through path-based multihoming; Set-Cookie rewritten improperly.
- Http references in the ONCLICK field of an <a href=...> tag were not being rewritten.
- Rewriter was modifying second src img=\"http:// in java input string to src img=\"http:/.
- Fixed rewriting of referer header when multihoming is enabled.
- Fixed download wait when form fill was enabled for the accelerator.
- Users with a CN containing spaces could not authenticate to iChain.
- Removed cookie from the URL on the last 302 redirect during cross-domain authentication.
- CLI (Command Line Interface) config export did not export DSSTART and DSEnd parameters.
- Fixed 500 Internal Server error with "Mutual -OR- LDAP" profiles.
- Changed OTWUG "RESTART SERVER" to "RESET SERVER" to eliminate insufficient memory error.
- Moved the license read code from ACLCHECK to PROXY to eliminate CLI LDAP communication error associated with license read problem.
- A .NAS file import might take the lowest IP address and bind it as the primary address.
- Fixed problems when assigning a new Master accelerator: DNS name would not change and the change required a re-boot.
- If "Return error if host name sent by browser does not match above DNS name" is checked, return error.
- Fixed Netscape 7.1 (Mozilla) login & error page display problems.
- iChain was forwarding without stripping the multihoming path.
- Updated DBNET6.NLM & RDBHOST.NLM.
- Updated NPKIAPI now checks multiple CRL servers in CRL Distribution Point.
- Fixed -649 error importing certificate.
- Fixed multiple HTTP 1.1 compatibility issues with compression/deflate.
- "502 Bad Gateway" error.
- "500 Internal Server Error" processing deflate header.
- 302 redirect will not be forwarded if gzip header is included but data is not compressed.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com