What's New in ActivID Appliance v8.7

What's New in Hotfix FIXS2603005 (8.7.0.669)

This version provides the following improvements with respect to the previous version:

Security updates:

  • Oracle® Linux Operating System

  • Oracle Database

  • Oracle WebLogic Server

  • Oracle JDK

  • Other Java third-party updates

For details of the updates and fixes, refer to the release notes provided in the hotfix package.

Important: Unless explicitly stated, the ActivID Appliance updates (service packs and hotfixes) are non-cumulative and you must install them in the following order after initializing the appliance:

  1. Install the Hotfix FIXS2412001 (8.7.0.462).

  2. Reboot the ActivID Appliance.

  3. Install the Hotfix FIXS2501002 (8.7.0.517).

    The appliance automatically reboots.

  4. Install the Hotfix FIXS2507000 (8.7.0.592).

    The appliance automatically reboots.

  5. Install the Hotfix FIXS2603005 (8.7.0.669).

    The appliance automatically reboots.

    Note: This hotfix also includes Hotfix FIXS2510005 (8.7.0.597) containing SOAP security enhancements.

This applies to deployments on both VMware® and Microsoft® Azure® platforms.

Previous Updates

This version provides the following improvements with respect to the previous version:

  • Operating system updates

  • Oracle® database updates

  • Oracle WebLogic® updates

  • Oracle JDK updates

For details of the updates and fixes, refer to the release notes provided in the hotfix package.

Important: Unless explicitly stated, the ActivID Appliance updates (service packs and hotfixes) are non-cumulative and you must install them in the following order after initializing the appliance:

  1. Install the Hotfix FIXS2412001 (8.7.0.462).

  2. Reboot the ActivID Appliance.

  3. Install the Hotfix FIXS2501002 (8.7.0.517).

    The appliance automatically reboots .

  4. Install the Hotfix FIXS2507000 (8.7.0.592).

    The appliance automatically reboots .

This applies to deployments on both VMware® and Microsoft® Azure® platforms.

This version provides the following improvements with respect to the previous version:

Added support for deployment using the Microsoft® Azure cloud platform

You can now create and deploy the ActivID Appliance on virtual machines using Microsoft Azure. For details, see Creating the VM using Microsoft Azure.

What's New

  • Operating system updates

  • Oracle® database updates

  • Oracle WebLogic® updates

  • Oracle JDK updates

For details of the updates and fixes, refer to the release notes provided in the hotfix package.

Important: Unless explicitly stated, the ActivID Appliance updates (service packs and hotfixes) are non-cumulative and you must install them in the following order after initializing the appliance:

  1. Install the Hotfix FIXS2412001 (8.7.0.462).

  2. Reboot the ActivID Appliance.

  3. Install the Hotfix FIXS2501002 (8.7.0.517).

    The appliance automatically reboots .

This applies to deployments on both VMware® and Microsoft® Azure® platforms.

This version provides the following improvements with respect to the previous version:

Added support for the Thales Luna Network HSM as an external HSM

For details, see Integrating an Thales® Luna Network HSM.

For optimal performance, it is recommended using the latest Thales Luna HSM firmware version available (the minimum supported version is v7.8.7), which is compatible with the Thales Luna HSM Client 10.7.2 embedded within ActivID Appliance 8.7.

Added metrics for CPU usage in the SNMP monitoring data

For details, see Configure SNMP Monitoring.

Software update improvements

Subsequent software updates are prevented if the ActivID Appliance must be rebooted first.

Restart of the ActivID Appliance is forced if explicitly requested by a hotfix or service pack.

Security updates:

  • Operating system updates

  • Oracle database updates

  • Oracle WebLogic updates

  • Oracle JDK updates

  • Other third-party updates

The ActivID Appliance v8.7 is a security release providing an installation from scratch using an OVA file delivery.

This OVA can be deployed on VMware® ESXi® 8.0 Update 2 and later.

Environment refresh:

  • Operating system updated to Oracle® Linux 8.10

  • Oracle Grid Infrastructure updated to version 19c

  • Oracle Database updated to version 19c

  • Oracle Golden Gate updated to version 19c

  • Oracle WebLogic® Server updated to version 14c

  • Oracle Java Development Kit (JDK) updated to version 11

ActivID RADIUS Front-End:

To avoid potential attacks due to the CVE-2024-3596 (Blast RADIUS) vulnerability, the ActivID RADIUS Front-End now checks for the presence of the Message-Authenticator attribute in the authentication requests and verifies its value.

If the attribute is not present, or the value is invalid, the response is not returned.

In addition, the ActivID RADIUS Front-End also adds the Message-Authenticator attribute to the response.

Note: For compatibility with insecure clients that do not add the Message-Authenticator attribute, you can deactivate the requirement using the require_message_authenticator setting (see Configure ActivID RADIUS Front End Settings).

However, it is not possible to disable the Message-Authenticator attribute added to the response.

Encryption:

  • ActivID Appliance no longer supports the ssh-rsa algorithm for public keys as it is considered weak