Juniper Networks Secure Access Release Notes

Transcription

Juniper Networks Secure Access Release Notes
Juniper Networks Secure Access Release Notes
Junos Pulse Secure Access Service Version 7.3R9 Build # 27965
T his is an incremental release notes describing the changes made from 7.3R1 release to 7.3R9. T he 7.3R1
GA release notes still apply except for the changes mentioned in this document. Please refer to 7.3R1 GA
release notes for the complete version.
Contents
Noteworthy Changes........................................................................................................................ 2
NSM Schema Publication for 7.3R9................................................................................................. 2
General NSM Limitations ................................................................................................................ 2
Best Practices for FIPS Devices ....................................................................................................... 2
Known Issues/Limitations Fixed in 7.3R9 Release ........................................................................... 2
Known Issues/Limitations Fixed in 7.3R8 Release ........................................................................... 4
Known Issues/Limitations Fixed in 7.3R7 Release ........................................................................... 5
Known Issues/Limitations Fixed in 7.3R6 Release ........................................................................... 6
Known Issues/Limitations Not Fixed in 7.3R5 Release ..................................................................... 7
Known Issues/Limitations Fixed in 7.3R5 Release ........................................................................... 7
Known Issues/Limitations Not Fixed in 7.3R4 Release ..................................................................... 9
Known Issues/Limitations Fixed in 7.3R4 Release ........................................................................... 9
Known Issues/Limitations Fixed in 7.3R3 Release ......................................................................... 12
Known Issues/Limitations Fixed in 7.3R2 Release ......................................................................... 13
Noteworthy Changes
Default ESAP
Starting from 7.3R1, the default ESAP has been changed to ESAP 2.2.2. Upon upgrade, if the
active ESAP version on the SA is lower than 2.2.2 then 2.2.2 will become the active version.
NSM Schema Publication for 7.3R9
T he NSM schema for this software version will NOT be published.
General NSM Limitations
If there is a mismatch between software-catalog build version and release build version on the device,
upgrading the device using NSM will not work. For example, 6.5R3 schema was published using build
15215 (software catalog version), but subsequently, 6.5R3.1 was released with build 15255. In this case,
NSM will not recognize build 15255 as a valid upgradable release. However, if device is manually
upgraded to build 15255, since there were no additional schema changes, the device should still be
manageable via NSM (523868).
Best Practices for FIPS Devices
T he following does not apply to configs exported from 6.5R5 and beyond:
1. Do not import a previously exported system config since it might contain a corrupted FIPS
keystore database. If you must import an older system config, the option “Import Device
Certificate(s)” must be unchecked when importing.
2. After upgrading to 6.5R2 it is strongly recommended that the system c onfig be exported to take a
back up of FIPS keystore database. T he newly created system config will contain a clean FIPS
keystore database
3. After upgrading to 6.5R2, in case the admin console reports a “FIPS disassociated” state, go into
serial console and reload the FIPS keystore database (Option 9 -> Sub-option 1).
Known Issues/Limitations Fixed in 7.3R9 Release
1. aaa-client-cert - Error occurs during the launch of Network Connect when certificate restrictions
are used in the realm. (922623)
2. clustering-active-passive – Reserved IP addresses such as 0.0.0.0 are assigned to Network
Connect clients. (904919)
3. cs-jsam-other - Java7 update 45 displays a warning that the Juniper application will be blocked in
the future because the JAR manifest file does not contain the permissions attribute.
(931822)
4. cs-nc-enduser - Certificate checks in realms with variable ‘certAttr.altName.IPAddress’ populates
IPAddress in reverse order for Network Connect adapter. (916625)
5. cs-nc-enduser - Warning messages come up stating that JAR file manifest does not contain the
permissions attribute when using Java7 update 45 on Mac OS. (932519)
6. cs-nc-enduser - Installation of Network Connect on Linux pops up a yellow warning message
when using Java 1.7 Update 45. (933673)
7. cs-nc-other - Due to changes in the JDK, Network Connect stand-alone client upgrade fails on
Mac OS. (914556)
8. cs-nc-other - IVS-based server-side configuration of proxy PAC file does not work properly.
(915303)
9. endpointintegrity-ees – Bookmarks page fails to load after EES check completes. (926262)
10. endpointintegrity-install - Java 7 update 45 displays an error regarding missing manifest .
(933792)
11. endpointintegrity-shavlik - Host Checker goes into a loop when patch assessment policy checks
are configured. (912188)
12. juns-ax-java-installer - Java 7 update 45 displays a security warning with the application name as
"Unknown" when launching Juniper components via Java. (931408)
13. meeting-series-enduser - Secure Meeting/Pulse Collaboration does not properly display UAC
elevation prompt. (889815,934428)
14. pulse-hostchecker - Host Checker with Junos Pulse fails file check if ‘%USERPROFILE%’
variable is used. (906623)
15. sysmgmt-xmlexportimport - XML export fails on virtual appliance SA with traffic segregation
enabled. (886094)
16. system-other - Search for userids in the active users tab in the admin UI is case -sensitive.
(921186)
17. web-admin - Rewriting of the location object fails in some instances. (910193)
18. web-other - Add support to the following date time format in cookie expires header
expires=Friday, 08-Jan-99 13:00:00 GMT ;
expires=Sun, 07 Jun 2000 00:02:03 GMT ;
expires=T hu Feb 3 17:03:55 GMT 1994;
expires=T hu Feb 3 00:00:00 1994 GMT ;
expires=2001-01-31T 11:00:11;
expires=Friday, 08-Jan-99;
expires=Sun, 07 JUN 2000 (892822)
19. web-other - Java manifest file incompatible with security checks with Java 7 update 45 . (933138)
20. web-supportedapps - Lotus Connection 3.0 gives Javascript error when user clicks "Latest
entries" under Apps tab. (908664)
21. asg-web-supportedapps – Multiple file upload to Sharepoint site through rewriter is not work ing.
(913330)
22. win-term-svcs-enduser - When using Java to launch the Windows T erminal Services access
mechanism on a client that is running Java7 update 45, user will see a warning message. (932422)
Known Issues/Limitations Fixed in 7.3R8 Release
1. aaa-admin - Invalid auth server entries may not be removed correctly during upgrade. ( 894382)
2. cachecleaner-end-user - Cache Cleaner deletes explorer.exe and other critical system files when a
registry entry is empty (910987)
3. cs-wsam-admin - WSAM is not resolving destination by FQDN when IVE domain list contains 2
domain names, separated with comma and space (906620)
4. endpointintegrity-ees - EES does not install through the Pulse interface on Spanish XP (864153)
5. endpointintegrity-install - All Host Checker components are digitally signed. (900882)
6. ifmap-client - Juniper Network Secure Access Federation Client sends session data without IP
address to Federation Server when there is a cluster failover, or restart of services or changing of
roles association for export policy. (855219)
7. logging-filter - User Access Log filter query returns an error when more than 4 IDs are queried.
(890693)
8. pulse-other - T unnel set up in pulse fails with large sign-in notification. (868563)
9. pulse-other - RADIUS challenge message is not getting displayed in Pulse UI when RADIUS is
used for secondary authentication. (895219)
10. pulse-proxy - With Split tunneling enabled, Pulse fails to create a merged proxy.pac if client pac
is present and server proxy is not present. (898657)
11. system-other - T he dsagentd process crashes when the SA receives an invalid DNS response.
(917969)
12. web-other - Mobile UI pages are hard to read and webpage footers are not positioned correctly.
(840501)
13. web-other - Un-Rewriting of Post body is failing when post data contains a normal http( s) link
followed by a rewitten link (896197)
14. web-selective-rewrite - Client side rewriting is failing for a specific scenario where function name
starts with top (909229)
15. web-supportedapps - Lotus Connection 3.0 gives javascript error when user clicks ‘Add entry’
field in My Activities. (909024)
16. win-term-svcs-other - Users cannot use multiple monitors with Citrix Listed Applications due to
the Citrix Desktop Viewer toolbar being enabled. (897134)
Known Issues/Limitations Fixed in 7.3R7 Release
1. aaa-saml - iOS users are unable to perform SAML SSO t o backend resource through the rewriter.
(879397)
2. cs-nc-enduser - Some of the Network Connect components need to be digitally signed. (867098)
3. cs-nc-ike – IKEv2 response packets that are duplicates from the originating client are now
ignored if previously handled. (865071)
4. cs-nc-other - If one or more sign-in URLs are configured with GINA and GINA is not
configured for the default sign-in URL, an attempt to bring up an Network Connect -GINA tunnel
fails if there was a reconnect in the previous Network Connect -GINA tunnel instance. (880539)
5. endpointintegrity-others - Virus definition check failing for certain Anti-Virus products even if
the endpoint has virus definition files that are up to date. (833417)
6. logging-admin - If detailed rules are modified in the SAM, File and Web resource policies, the
changes to the resource policies are not logged in the admin access logs. (876448)
7. ui-enduser - On mobile devices, browsing toolbar displays Juniper Networks logo instead of the
custom logo that is uploaded by the SA admin. (876199)
8. web-other - Observed a memory leak in the T NCS process when processing certificates with
"subject alternative names". (846344)
9. web-other - When prelude is added in a CDAT A section, a nested CDAT A is created when
accessed through the rewriter and subsequently breaks XML pages. (886156)
10. win-term-svcs-xml-import-export - XML import of terminal-services policy blocks access until
'Save Changes' is clicked in the T erminal Services resource configuration page of the Admin UI.
(871892)
Known Issues/Limitations Fixed in 7.3R6 Release
1. cifs-other - T here is memory leak when uploading files on windows share. (867996)
2. clustering-install-upgrade - A factory reset SA is unable to join a cluster via console
configuration. (836546)
3. cs-jsam-enduser - On launching or exiting JSAM, users get a "Block potentially unsafe
components from being run" security warning message from Java7 Update 21. (878390)
4. cs-nc-enduser - Windows 8 Professional users, intermittently experience
"nc.apps.windows.23712" error while launching Network Connect. (842932)
5. cs-nc-enduser - Network Connect diagnostic tool incorrectly reports that the tunnel is up even
when the tunnel is down. (855458)
6. cs-nc-other - When an A/P VIP cluster failover occurs, Network Connect sometimes connects in
SSL rather than ESP. (862864)
7. endpointintegrity-custom-check - On Mac OS X, Host Checker Process rule evaluation fails if
full process path is configured (874606)
8. endpointint egrity-custom-check - Host Checker file check process on Windows 64-bit platforms
always look for the files in the <%ProgramFiles(x86)%> directory. (874824)
9. endpointintegrity-install - On launching any client components users get a "Blo ck potentially
unsafe component from being run" security warning message from Java7 Update 21 and Java6
Update 45. (880320)
10. fips-other - Client certificate authentication fails with keys larger than 2048 bit on FIPS
appliances. (865199)
11. juns-ax-java-installer - On launching any client component users get a "Block potentially unsafe
components from being run" security warning message from Java7 Update 21 and Java6 Update
45. (877058)
12. sysmgmt-mgmtport - Virtual SA does not send AAA traffic out of the Management Interface for
Pulse client when the option “ Send AAA traffic via Management interface” is enabled. (873149)
13. sysmgmt-other - In an active/passive cluster, VIP failover will not occur if the active node file
system is loaded as read-only. T o prevent this, the file system state is monitored and the NIC will
be brought down when the file system is loaded as read-only. (863757)
14. system-debugging - On an SA700 if a VLAN interface is enabled the system commands ARP,
NSLookup and T raceroute that are run from the external port use the internal port instead.
(859581)
15. system-other - Under heavy load, the SA enters an unrecoverable state. (862107)
16. system-other - SA device intermittently generating radius core dumps. (875244)
17. system-webserver - web server process snapshots may be created on SA6500FIPS units when
authorization only URLs are configured. (845866)
18. web-other - Javascript error is observed in Internet Explorer 9 if the IVE T oolbar with iframe is
enabled. (859988)
19. web-other - When using authorization only URLs, the backend server hostname is truncated when
using a non-standard port. (869204)
20. web-other - Client side rewriter issue with URLs containing query parameters. (881861)
21. web-selective-rewrite - Custom application yields errors via rewrite. (864233)
22. win-term-svcs-other - When using multi-valued attributes for a RDP bookmark, the values are not
received correctly to create unique bookmarks (553348)
23. win-term-svcs-other - Random disconnects using Citrix T erminal Services (CT S) with weak
wireless connection on Windows 8. (879345)
Known Issues/Limitations Not Fixed in 7.3R5 Release
1. asg-ifmap-client - Pulse SAM session not listed on “Exported” sessions page when the realm
option, “Enable Session Sharing” is enabled. (874288)
Known
Issues/Limitations Fixed in 7.3R5 Release
1. aaa-client-cert - SA is not able to send LDAP traffic to LDAP-CDP server through a port other
than the default port 389. (857691)
2. aaa-saml - If SAML IDP metadata is fetched from a remote location then the operation fails.
(844230, 847760)
3. aaa-sign-in-pages - On the iPhone, the username and password fields are inv isible on the
secondary login page. (827376)
4. clustering-active-passive - Cannot assign previously used A/P cluster VIP IP address as Virtual
Port IP after deleting the cluster. (862628)
5. cs-nc-install-upgrade - With Network Connect client check option enabled, users are unable to
install/start NC. (866688)
6. endpointintegrity-custom-check - Host Check policy for Custom:File fails when multiple MD5
checksums are listed. (857365)
7. endpointintegrity-others - T he SA home page will get st uck and does not load user home-page,
when Host Checker is launched through the Firefox browser 19.x. (865613)
8. endpointintegrity-svw - Secure Virtual Workspace session closes right after launching if the
interval to perform Host Checker check is set to 0 in "Perform Check every " field. (830172)
9. ifmap-client - During an IF-MAP Server cluster VIP fail over event, the SSL VPN will remove
Network Connect session from IF-MAP server cluster. Junos Pulse users are unaffected. (868082)
10. log-upload-java-client - With Java 6 update 39 and greater, JSAM window does not close when
the session ends. (860840)
11. pulse-connmgr - Pulse on Mac OS X fails to connect to sign-in page if Safari browser is
configured to use a Proxy Auto-Config (PAC) file. (743840)
12. pulse-other - Pulse does not follow IC's IPSec setting for UDP encapsulation. (847251)
13. pulse-proxy - On some clients there is a delay between launch of Pulse and traffic going through
channel. (855362)
14. sysmgmt-dmi-agent - T he user role options for terminal services p rofile is not set if the profile is
created through DMI. (842374)
15. system-network - Debug logs shows User error message when the user logs into the SA using
IPV6 address (830841)
16. web-other - Sametime IM with iNotes 8.5.3 FP1 integration will not work through core access.
(821438)
17. web-other - A custom web-based application failed to render properly in IE 9. (838202)
18. web-other – Splunk dashboard does not load properly via rewriter. (852702)
19. web-other - Certain attribute functions are not getting rewritten. (852843)
20. web-supportedapps – Windows 8 users are unable to save files to SharePoint portal via Web
access. (783399)
21. win-term-svcs-enduser - Windows T erminal Services client on a Windows 8 frequently
reconnects over wireless network. (842547)
Known Issues/Limitations Not Fixed in 7.3R4 Release
1. For IKEv2 connections in a network environment with high latency and significant packet drops,
IKEv2 VPN connection might be closed at the IVE side, if packet retransmission times out.
(856329)
Known Issues/Limitations Fixed in 7.3R4 Release
1. aaa-active-directory - When IVE computer name is deleted in the AD server, IVE doesn't do a
successful domain join later but test configuration works fine. (839310)
2. aaa-ldap - Cgi-server crashes in some corner case with iPlanet LDAP Server where user attempt
to change his password fails due to a password policy other than the default password
policy("cn=Password Policy,cn=config") in iP lanet Server. (845370)
3. aaa-other - Log messages do not follow the uniform way of printing user name. (812629)
4. cifs-bookmarks - User cannot access the second bookmark after importing XML config in certain
scenarios. (839489)
5. cs-nc-i18n - Username field string for Credential Provider is incorrect for Japanese language
machines. (828187)
6. cs-nc-ike - IVE may send Malformed ISAKMP packets in an environment with high latency and
packet loss with IKEv2 connection. (797140)
7. cs-nc-install-upgrade - T he versionInfo.ini file for Network Connect is not copied during the
upgrade process. (799743)
8. cs-wsam-admin - Delete confirmation message displays a different WSAM allowed server(s)
entry other than the one you have selected to delete. (833643)
9. cs-wsam-dmi-config - Incorrect SAM ACL created when WSAM policy is pushed using netconf.
(840066)
10. endpointintegrity-custom-check - Host Checker is not able to detect the system level processes
enabled with MD5 checksum for Mac OS. (837319)
11. endpointintegrity-loginflow – When clicking “T ry Again” on Host Checker (agentless)
remediation page, Host Checker launches multiple times, and finally displays the message " Host
Checker did not get installed properly..." (786704)
12. endpointintegrity-others - AV, Firewall and AS policies fail on the machines without the latest
Microsoft runtime libraries installed. (839392)
13. endpointintegrity-shavlik - Shavlik remediation failed to deploy the patches on Windows client.
(835724)
14. endpointintegrity-svw - Host Checker check keeps loading inside SVW with Kaspersky
InternetSecurity 2012. (795731)
15. fips-other - While accessing FIPS Clustered SA through hostname, the user is presented with the
self signed device certificate despite of renewed device certificate. (845446)
16. juns-other - Host Checker prevents Network Connect from closing when the session is terminated
via web on Mac OS 10.6. (830445)
17. juns-other – Host Checker fails to reinstall and launch when JuniperSetupDLL.dll is not present
in the system. (837482)
18. juns-other - In IE 9, user login page hangs during Host check as the "pleasewait.js" is fetched
from the browser cache instead of using the one sent by SA when the SA is upgraded to a higher
build. (838625)
19. juns-other - Query parameter is missing for "Pleasewait.js" when user logs out of SA. (856050)
20. logging-filter - User access logs couldn't filter a Korean letter for both role and realm name.
(839315)
21. meeting-series-other - An email gateway doing MIME verification may reject the Junos Pulse
Collaboration invitation due to invalid MIME parsing. (843617)
22. pulse-connstore - Pulse connections sets are not getting properly updated on the client. (835361)
23. pulse-dsagentd - In some rare instances, Pulse server side process crashes during re -keying of
Pulse ESP sessions. (843922)
24. pulse-dsagentd - When Host Checker inactivity times out and the user falls to remediation role,
SA still allows access to the resource configured for user role. (849209)
25. pulse-hostchecker - Machine certificate policies might fail during evaluation, if the client
machine has more than one certificate installed that matches the policy configured on SA.
(837149)
26. pulse-ive-cm - Pulse users gets disconnected after 5 minutes of inactivity in some networks.
(853631)
27. pulse-mobile-vpn - Custom text in French for Signing-in-Page doesn't show up in French but
appears in English on iOS and Android browsers. (832562)
28. sysmgmt-netconf - Using DMI netconf command line, "<\get-active-users>" command doesn't
populate the Network Connect details. (838888)
29. system-digital-cert - Import fails for device certificate missing CN attribute. (840940)
30. system-kernel - Web server crashes during heavy Authorization only traffic. (839628)
31. system-other - Data URI schemes don't get rewritten properly, causing high CPU utilization on
SA. (825068)
32. uac-other - MSCHAPv2 auth fails until "T est Configuration" for particular AD auth Server is
finished. (818555)
33. uac-sbr - SBR debug logs with level 20 and RADIUS troubleshooting logs displays clear -text
user account password. (841319)
34. web-other - Rewriter fails to load a page containing both javascript and vbscript . (830599)
35. web-other - T he editor and toolbar options are not displaying on the web page Dojo toolkit via
rewriting. (843076)
36. web-ptp-other - Authorization only proxy server crashes when the backend server is not reachable
under heavy load. (849951)
37. web-selective-rewrite - T he IVE is not rewriting the one URL of back -end server, so that background of the web page is not visible via rewrite. (848637)
38. win-term-svcs-other - On Windows7 client with IE9 64 bit browser, users are not able to access
Citrix Listed Xenapp5 through SA. (828666)
Known Issues/Limitations Fixed in 7.3R3 Release
1. aaa-active-directory - In some circumstances, switching from BDC to PDC may be delayed.
(814169)
2. aaa-client-cert – iOS users must choose the certificate a second time after providing user
credentials when certificate authentication is used. (802157)
3. aaa-sign-in-pages - Siteminder injected header is not sent to back -end server from IVE when
using Authorization-only Sign-in policy. (832388)
4. cifs-enduser - Users fail to delete a file with Japanese filename via Core file share from iOS
Safari client. (832577)
5. endpointintegrity-others – Host Checker keeps downloading manifest.xml and hfnetchk6b.xml
when Windows username has an ' (apostrophe) in it. (804270)
6. endpointintegrity-others - Host Checker fails when using Root certificate having German umlaut.
(816415)
7. meeting-series-other - Check Meeting Compatibility gives error saying "Your system is
incompatible with Junos Pulse Collaboration" even though Java is present. (8 29981)
8. msp-ivs - Root sign in page provided when accessing SA via virtual port assigned to IVS.
(830297)
9. pulse-certificates - When existing Server Certificates are removed from the active list following
an upgrade, Connection Set certificates loaded fo r the Pulse client may be affected. (798637)
10. pulse-connmgr - When the Junos Pulse default connection is to a Pulse Secure Access server and
the user logs off the Pulse Secure Access server from a browser, the default connection remains
connected. (516180)
11. pulse-connmgr - If the SA is heavily loaded, Pulse users are randomly getting disconnected.
(831242)
12. pulse-other - Pulse fails to connect to SA when Role level certificate restriction is present.
(833272)
13. vdi-other - Processes can crash when user enables very low periodic snapshot interval. (809973)
14. web-active-x - User is unable to send e-mail attachments in iNotes 8.5.3 FP2. (831990)
15. web-other - Rewriting of empty URL to avoid security warning is preventing the page to be
rendered properly (821421)
16. web-other - In certain cases ( for example links starting with “ Javascript:”) , client side rewriting
of “ GetAttribute” JavaScript function calls fails to remove escape characters. (832726)
17. web-other - Users get Javascript error while accessing customer application. (835408)
18. web-ptp-other - When using PT P, customer's cookie parameter "IDSID" value is getting written
to IVE session cookie "DSID" value and causing the session to end. (823560)
Known Issues/Limitations Fixed in 7.3R2 Release
1. aaa-active-directory - If AD server has more than 1000 groups and “Group Search with LDAP” is
enabled then groups listed after the first 1000 groups are not retrieved by the IVE. (812311)
2. aaa-other - Unix file bookmarks show garbled characters for Japanese language. (696806)
3. aaa-other - Associated sessions with a single user record are not cleared when admin does Delete
All Sessions from admin page. (801500)
4. aaa-other - If the total number of active IVS users is greater than the allotted number of minimum
users for the root IVS, root users cannot complete authentication. (821155)
5. aaa-saml - T he user doesn't logout of an SA automatically when the same user logs out of another
SA, where the user has already logged into two SAs configured as SP and PingFedera te
configured as IDP with Single Logout option enabled. (810967)
6. aaa-saml - Certificate selection was not being honored with SAML Peer SP configuration based
on Metadata when manual certificate selection option is enabled. (820549)
7. cifs-other - No error message or warning is thrown when a file larger than 2GB is downloaded
through file browsing. (784865)
8. email-other - When using the email proxy functionality for IMAP/POP/SMT P traffic, the DNS
resolution for the email servers is done at the time of the in itial connection. T he DNS data is not
refreshed during the email proxy session. (809600)
9. endpointintegrity-esap - When uploading an ESAP package to a 4 -node cluster, the ESAP
package may not get copied to all nodes in the cluster causing some users may not be able to
authenticate. (779118)
10. endpointintegrity-liveupdate - In a clustered environment, the “Auto-update virus signatures list”
occasionally fails to download thereby causing all users to fail the Host Check. (733352)
11. endpointintegrity-others If the client machine is in a time zone for which Daylight saving is
effective and if the "Adjust clock for Day light Savings" option is enabled then checking for latest
Virus Definition might fail, even if the latest updates are installed. (808018)
12. endpointintegrity-others - When a Mac client resumes from sleep, Host checker’s CPU usage
increases significantly. (822138)
13. logging-admin - User access log fails to show bytes sent/received for Pulse in standard view.
(813840)
14. pulse-hostchecker - Finding delay in Host Checker due to Shavlik dlls, even when patch
assessment is not required. (795901)
15. pulse-hostchecker - If Cache Cleaner is enforced on the IVE and if the versions of Pulse and IVE
are different then Pulse is unable to connect to the IVE. (811597)
16. pulse-hostchecker - When Pulse is launched through browser in proxy auth scenario, Host
Checker fails to download files for ESAP, Shavlik and EES if they are required to complete the
T NC handshake. (815046)
17. pulse-sa-nc-am - Pulse session start and end scripts are copied to C:\Windows\T emp instead of
the user's temp folder. (817082)
18. pulse-soft-token - Junos Pulse client does not handle New PIN mode with Blackshield
Cryptocard. (815692)
19. system-other - If a license increment request fails, it is logged every 17 mins on the Enterprise
license server and on the IVE with a log severity level of MAJOR. (800699)
20. system-other - iveDiskNearlyFull SNMP trap being erroneously sent if archiving takes longer
than 30 minutes. (815915)
21. web-other - In some cases of XML data chunks, XML garbage is not handled properly. (722277)
22. web-other - T he "edit" button on the portal page on a Japanese iPad is vertical rather than
horizontal. (798473)
23. web-other - T he ‘add’ and ‘delete’ buttons on the portal page on a Japanese iPad are vertical
rather than horizontal. (798504)
24. web-other - Oracle JDE Enterprise One application when accessed through IVE is calling a
function detectClose() which is closing the previous window when a new window is opened.
(802412)
25. web-other - Certain types of Javascript content greater than 14 K in length are not being rewritten
correctly. (803749)
26. web-other - Javascript error in rewriting the SAP portal page. (820388)
27. web-sso - Rewriter server crashes intermittently during Web SSO. (797257)
28. web-sso - SSO with SAML 2.0 with SA as IdP and using Artifact does not work (810583)
29. web-sso - SA Kerberos SSO requests are not falling back when the KDC is down. (813216)
30. win-term-svcs-other - Under peak load, WSAM, Windows T erminal Services, Citrix T erminal
Services users experience slow response times if RADIUS accounting is enabled for this traffic.
(787199)
31. win-term-svcs-other - T he Hob applet used in the "Premier Java RDP applet" has been upgraded
to version 3.3.0692. (813806)
32. win-term-svcs-other - Clicking the “Restore Window/Maximize Window” buttons in the Premier
Java RDP client window on Mac OS X 10.7/10.8 can cause a crash. (814936)