What's New in ActivID Appliance v8.7

The ActivID Appliance 8.7 is a security release providing an installation from scratch using an OVA file delivery.

This OVA can be deployed on VMware® ESXi® 8.0 Update 2 and later.

New Features and Enhancements

Environment refresh:

  • Operating system updated to Oracle® Linux 8.10

  • Oracle Grid Infrastructure updated to version 19c

  • Oracle Database updated to version 19c

  • Oracle Golden Gate updated to version 19c

  • Oracle WebLogic® Server updated to version 14c

  • Oracle Java Development Kit (JDK) updated to version 11

ActivID RADIUS Front-End:

To avoid potential attacks due to the CVE-2024-3596 (Blast RADIUS) vulnerability, the ActivID RADIUS Front-End now checks for the presence of the Message-Authenticator attribute in the authentication requests and verifies its value.

If the attribute is not present, or the value is invalid, the response is not returned.

In addition, the ActivID RADIUS Front-End also adds the Message-Authenticator attribute to the response.

Note: For compatibility with insecure clients that do not add the Message-Authenticator attribute, you can deactivate the requirement using the require_message_authenticator setting (see Configure ActivID RADIUS Front End Settings).

However, it is not possible to disable the Message-Authenticator attribute added to the response.

Encryption:

  • ActivID Appliance no longer supports the ssh-rsa algorithm for public keys as it is considered weak

Known Issues and Limitations

  • Powering off the virtual machine might cause a loss of data such as system configuration (see VMware documentation (Managing Power States of a Virtual Machine)

    Instead, shutdown the ActivID Appliance using the ActivID Console or UNIX terminal.

  • The hostname limitation of 46 characters will be fixed in a future version

  • The applications must be restarted after resetting the customization to the default design

    However, the prompt is not displayed in the Reset to the Default Labels and Icons interface.

  • If the export of the migration package to the SFTP server fails, an error message is not displayed in the Migration interface

    An error message is only displayed in the Dashboard.

  • Notifications concerning ActivID Management Console and API-based operations are not displayed in the ActivID Console's Dashboard

    Complete details of these operations are available in the audit log.

  • The ActivID Appliance is limited to approximately 50 million audit records (19 audit/s per cluster during 30 days)

  • When a Report Data schedule is defined, the status is displayed as None

    However, the configured schedule works correctly.

  • If you modify the settings of a DNS server when multiple DNS servers are defined, the network configuration script only confirms the modified DNS server

    However, all the defined DNS servers remain correctly configured.

  • After performing a Repair Domain operation on a front-end appliance, you have to deactivate and then reactivate the RADIUS Front End for the security domain to re-enable RADIUS authentication via the front-end appliance

  • After migration to ActivID Appliance 8.7, verify the expiry date of the System User's certificate in their Wallet (see View a User’s Details)

    If it is close to expiration, Recover the System User (under the Security Domain's Repair function) to renew the user’s self-signed certificates and keys.

Note: Importing perpetual licenses is only supported for existing/migrated deployments which already use perpetual licenses. New ActivID Appliance deployments only support subscription licenses.