- This topic has 4 replies, 4 voices, and was last updated 2 years ago by
.
-
Topic
-
On behalf of the Infor Product Management and Development teams, I am pleased to announce the release of the Cloverleaf 20.1.1.0 maintenance patch.
A significant change was made in terms of platform support. Moving forward, including the Cloverleaf 20.1.1 patch, we are no longer certifying Cloverleaf products on CentOS 8. This is due to the announcement made by IBM that CentOS 8 will be end-of-life as of December 2021.
The replacement platform we have chosen for CentOS 8 is Amazon Linux 2, which is available both in AWS and on-premise. On-premise customers running CentOS 8 will need to plan to migrate to Amazon Linux 2. Amazon has committed to supporting this Linux distribution.
We will continue to certify CentOS 7, as it will be supported through 2024.
Other highlights of this patch include:
- Java Driver and UPoC whitelist
- This enhancement has been made to support increased security requirements. The Cloverleaf engine will only run whitelisted .jar / .class files.
- We ship a pre-populated whitelist for the Java that we include with Cloverleaf.
- For user customized .jar or .class files, the user will need to whitelist these in order for the engine to run them. Detailed instructions on how to do this are provided in release notes.
- Ability to easily set customized HTTP headers in Web Services client configurations
- “Single directory only” option for Inbound fileset-ftp. This removes the requirement to surround single directory names with braces.
- Support “SEND” disposition in DTC rollback procs
- IDE supports download of server-side files via File->Download
- Advanced alert output is now more uniform and easier to parse
- Support for date/time datatype in JSON parser
- Messages resent from SMAT honor GUI sort order
- XML pathname display in Xlate configurator can be shortened
- Changing passwords in Certificate Manager as administrator no longer requires old password
- hciroutetest can now display the message between translations in chain/branch
- Validation can now be disabled when saving NetConfig. Many users indicated that validation took too long and wanted to only validate on-demand.
- File->Reload objects from IDE is now disabled by default. Several users indicated this was too easy to execute and was disruptive to the environment. A system administrator can re-enable it by setting “hcireloadobjects=1” in rootInfo
- Many CLAPI enhancements
Please review the release notes for further details.
Rob Abbott
Cloverleaf Emeritus - Java Driver and UPoC whitelist
-
Replies
-
-
Hi Rob,
Great news that the 20.1.1 patch is available (although I can’t find it on the download page).
But I’m surprised you are dropping Centos8 support for this patch. If the major version 20.1 is supported on Centos8 then patches for this same major version should not drop support for a OS that’s supported by the major version. Knowing that Centos8 will be EOL at the end of the year it’s logical that the next major version of Cloverleaf would drop support for Centos8 but not for a patch level of the current version.
We were planning to migrate our Centos8 systems to Redhat Linux 8 before the EOL of Centos8 but dropping support now for Centos8 with this much needed patch complicates a lot.
Regards,
Peter Cosman
-
Rob,
Looks like the CIS 20.1.1 patch is not listed yet under downloads.
We have the CIS 20.1 that we upgraded to on our non-prod sites. I was researching an issue with reload objects and saw that with this new patch, it will be disabled by default. which would be nice since it is too easy to run and I have seen issues like unloadable xlt errors following reload objects.
-
I pulled the trigger a bit early on this announcement, you should see 20.1.1 on the DLC as of April 23.
Peter I realize it complicates things, but IBM really disrupted plans across multiple industries with this announcement. We were provided direction from our senior leadership to get off CentOS 8 as soon as possible. You do have several options for alternative Linux distributions. You can also decide to continue to run CentOS 8, it will most likely work, but we cannot spend any more resources on certification for this platform moving forward.
Rob Abbott
Cloverleaf Emeritus -
Are there any examples on how to set up an alert in v20.1.2 to call a PowerShell script (I think this would be the same for CMD script)?
In v19.1, I would create an alert and then choose EXEC and enter the path to my script like this;
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe “&{D:\Qdx_work\Custom_Scripts\CloverleafInterfaceRecycle.ps1}”I’ve upgraded our DEV system to v20.1.2 and the alert is no longer working.
From the CL Release Notes:
External commands on exec alert do not need full path
(25728)
Changing each “exec” alert so that there is the full path is cumbersome when there are many alerts.
However, this is required for CIS 19.1 and newer, due to the Security Whitelist feature.
Global variables can now be added to the whitelist. This requires the user to update the command path
in one place instead of the previous scheme that required each entry to be updated.
The external command must first be added to the whitelist, and then it must be added to one of the
env PATH folder.
There is no more requirement to add a full path for external commands when configuring an alert.I added the example below to the Whitelist.
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeBut I still have to enter the full path in the EXEC section. If I don’t enter the PowerShell path, my alert will not work.
IE: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe “&{D:\Qdx_work\Custom_Scripts\CloverleafInterfaceRecycle.ps1}”After reading the release notes, I’m thinking I don’t have to enter the full path of PowerShell, just this:
D:\Qdx_work\Custom_Scripts\CloverleafInterfaceRecycle.ps1I tried adding this to the PowerShell location to the environment variables, PATH
C:\Windows\System32\WindowsPowerShell\v1.0
Then rebooted, but I cannot enter the shortened EXEC in the alert. It will not fire.
Am I misunderstanding the release notes, or missing a configuration?
-
- You must be logged in to reply to this topic.
