Release Notes

Release notes support the installation of the latest product version. They describe:

• New functionality
• Fixes made
• Known issues

For additional information go to:

• System requirements
• Installation information

Release 1.1.1 Build: 1992

Fixes made

• This version fixes an issue where the tarball version did not work when upgrading from ACP 1.0.1 to the latest version. (ACP-1753)
• Version 1.1.1 fixes an issue where the filter did not work when adding a new resource to a team. (ACP-1746)
• This version fixes an issue where searching an account returned 0 results. (ACP-1745)
• ACP now provides WARNING messages in the logs when it is unable to communicate with SVN or MultiSite. (ACP-1707)
• When a public key is passed to the API, any new lines are deleted from the end (because this stopped account creation). (ACP-1605)

Known issues

• We will update the UI to display that a search is in progress rather than displaying 0 results immediately. (ACP-1756)
• Currently you cannot save a repository template using IE11. (ACP-1754)

Release 1.1.0.2 Build: 1924

Fix made

• Version 1.1.0.2 fixes an issue in 1.1 and 1.1.0.1 where ACP interacts with SSH Public Keys. Upgrade all of your installed nodes with this release as soon as possible. (ACP-1708)

Known issues

• Currently, when upgrading from 1.1 to 1.1.0.1, the default ports are displayed, not the ports for your implementation. The correct ports are used. (ACP-1668)

Release 1.1.0.1 Build: 1916

Fix made

• The owner of the account (a local user or LDAP user) or an ACP administrator can now update the SSH Keys field of an LDAP account through the API and UI. (ACP-1681)

Known issues

• A future release will enable passwords to be all numbers. (ACP-1663)
• There is a problem in version 1.1 and 1.1.0.1 where ACP interacts with SSH Public Keys. This is fixed in version 1.1.0.2. Upgrade all of your installed nodes with this release as soon as possible. (ACP-1708)

Release 1.1 Build: 1901

We've made improvements to the user interface and LDAP use, plus clarifying some information in the documentation.

New functionality

• Implemented paging of LDAP results. (ACP-1548)
• Users can edit their own SSH key. (There are some limits for audit accounts: see Fixes made and Known issues) (ACP-1348)

Fixes made

• stop command would stop all instances of ACP running on a node instead of just the one intended. Code corrected. (ACP-1596)
• Just a single zip file is now generated when creating a backup. (ACP-1498)
• The UI now shows the correct default mode selected for batch mode view. "Pending" is selected by default, which show what is happening in the API. (ACP-1569)
• Corrected the display of inherited Create/Delete permissions. Access Control Plus now shows DENY permissions for Create/Delete when appropriate. (ACP-1599)
• Documentation includes more information on system requirements, including need for full network connectivity. (ACP-1561)
• Documentation now describes the versions of ACP, ACP GFR, Git MultiSite and Subversion MultiSite Plus that have been tested. It notes to contact WANdisco Support when planning an upgrade from early versions. (ACP-1620)
• Documentation emphasises contacting WANdisco support when upgrading from Access Control 4.2. It also emphasizes that batch updates should be disabled at least an hour before the shutdown for upgrade. (ACP-1601)
• Documentation describes how audit accounts cannot change either their SSH Public Key or their password. They need an administrator to set them. A future release will enable audit account self-service options. (ACP-1564)
• Documentation warns never to change the Type of a repository template. Do not add Generators to a repository template for more than one Type of repository. If you have accidentally started to create the wrong Type of template, always Delete the template and start over. (ACP-1558)
• Documentation warns to configure email notifications correctly on all Git MultiSite and Subversion MultiSite Plus nodes so that you receive notification of GFR failures. Currently the API only returns the success or failure of the node that ACP is directly connected to. Therefore, you need to configure email notifications correctly on your WANdisco product. (ACP-1552)
• Documentation warns that if you configure repository templates to send files, the files are sent even if they are not linked to repositories. Take care when creating repository templates with the same paths. We recommend that you do not configure multiple repository templates with identical files and/or paths. You can do this if your configuration consists of non-overlapping system restrictions. For example, you can use the Advanced features so that repoTemplateA only delivers to systems A, C, E and repoTemplateB only delivers to systems B, D, F. (ACP-1547)
• Creating a backup currently results in multiple zip files being generated when there should only be one. (ACP-1498)
• Case-insensitive user data can now be imported from Access Control 4.2. (ACP-1241)

Known issues

• A future release will enable audit account self-service options. (ACP-1563)
• We need to enable users to specify the SSHD options to the command in the authorized_keys files via optional parameters to the Git and Subversion generators. (ACP-1606)
• Currently RSA public keys cannot be longer than 512 bytes. (ACP-1603)
• We will enable accounts to create a block of authorized_keys file entries that are always included when ACP/GFR delivers any updates. (ACP-1570)
• UI will be updated so that disabled accounts and active accounts can be counted and listed separately. (ACP-1536)
• New password confirm field is required on the self-service page. (ACP-1507)
• Currently if a user's attributes are changed in Active Directory, the corresponding fields in Access Control Plus are not updated. (ACP-1493)
• When user details are updated in an LDAP authority, these details aldo need to be updated in ACP. (ACP-621)
• We need to add a mechanism which will allow end-users to change their account passwords through the admin UI. (ACP-177)
• When troubleshooting user access problems (in deployments that manage htpasswd/sshd files) you may notice that an active account for which only DENY rules currently apply will generate an authentication rather than authorization error on any Git/SVN access attempt. It's as if the account didn't exist instead of simply not having the appropriate access permissions. This apparent quirk is by design. If an account doesn't have access to any resources at all, we don't bother writing it to the password or sshd rules file. In fact, if the account doesn't have any associated rules then "Deny" rules are applied by default and the account will not be written to the AuthZ file either. Note that this does not occur if authentication is delegated to LDAP/AD or any method which does not use passwd/sshd files. (ACP-1503)
• The License expiry warning message needs a slight clarification that the provided date is one by which action must be taken. (ACP-1497)
• Currently if an users attributes are changed in Active Directory, the corresponding fields in Access Control Plus are not updated. (ACP-1493)
• Accidently double-clicking the confirm button after adding a rule to a subfolder can result in a jdbcSQLException error. (ACP-1491)
• Testing an LDAP connect can result in errors caused by excessive validation, if the managing node has not been selected. The test should not be checking for a managing node as it is only intended to confirm the presense of the specificed authority. (ACP-1462)
• Deleted repositories remain available to add as resouces and don't show as deleted on the team profile page. (ACP-1427)
• If the common repository path segment (e.g. /opt/Subversion/) is removed from the SVN Auth File Generator then the Update button stops working. A refresh of the screen fixes the problem. (ACP-1424)
• An LDAP polling period is not displayed after the user clicks "Save". The polling works properly but just isn't visible. (ACP-1423)
• When running both Git and SVN under Access Control Plus it is currently not possible to assign a Git and an SVN repository to a team if they have the same name. (ACP-1417)
• Accounts that are flagged as "Inactive" are incorrectly added to the password file. (ACP-1411)
• Currently the API documenation contains errors where some classes, such as GeneratorResource include invalid endpoints. (ACP-1410)
• There's insufficient error handling on the part of the installation where the license file is located -- currently it is possible to enter a folder name which will allow the installation to continue but will not allow the application to start. (ACP-1380)
• Email notifications that are set up for the starting and stopping of nodes are not currently being sent. (ACP-1363)
• We need to improvide the way we display which accounts have been disabled in the admin UI. (ACP-1360)
• There is currently no confirmation when aborting an induction task. (ACP-1358)
• Permission errors presented on the Admin UI for auditor type accounts are too generic. (ACP-1354)
• The labelling on the System Stats panel is confusing as it appears to contradict the rest of the values shown on the main Admin UI screen. (ACP-1339)
• There are some limitations to doing searches for resource paths in Git repositories. Currently resources are automatically prefixed with PATH, BRANCH or TAG etc. Searches only work for resources that are applied in an access rule. (ACP-1338)
• When Git MultiSite encounters problems when trying to place generated files (those delivered via the generic file replication system) the log messcages are bit handled correctly. (ACP-1337)
• On the Admin UI's settings page the Node induction input field does not scale gracefully. (ACP-1306)
• On the Admin UI Repository template page it's currently possible to double submit an entry, causing an error message to appear. (ACP-1287)
• After a rollback to an earlier product version, there is currently no way to restart the state machines from the product. Currently there's a a REST API call that can perform a coordinated restart. (ACP-1286)
• When LDAP sync discovers there is already existing account with the same username it will log a warning and not will synchronize this user. The existing username can be local (entered into Access Control Plus directly) or from different LDAP authority. However, if the user exists in LDAP and can authorize against SVN, then it will get in and Authz will apply any rules. (ACP-1255)
• Refreshing the Rule Lookup screen results in stray output information. (ACP-1179)
• We need to provide validation after a settings change to confirm that the Git MultiSite/SVN MultiSite API is still accessible. (ACP-1166)
• On a node with no quorum, the Repository Template screen errors allowing multiple templates to be created. (ACP-1165)
• Nodes that are can't make quorum do not generate appropriate error messages through the Admin UI. (ACP-1164)
• Filtering repositories on type doesn't currently work. (ACP-1141)
• Error handling sometimes doesn't parse stacktrace/message data from the API. (ACP-1121)
• Filter entry field's dropdown arrows not rendering correctly in Firefox browser. (ACP-1116)
• A team leader with suitable permission for disabling accounts is unable to interact with the disable option on the Access Control Plus main screen, although they are able to interact with the option on the team profile screen. (ACP-1095)
• Resource filter currently doesn't work properly for SVN / Git resources. (ACP-1074)
• On the LDAP entry form, the regular expression field is not consistently a required entry - you can leave it blank to test the authority but you must enter it in order to add an authority. (ACP-1058)
• We need to take away the "remove" team member option for LDAP-based team members (although it must remain in for local members). (ACP-1053)
• The Rule Lookup screen should handle the return of multiple repositories with the same name. (ACP-1023)
• It's currently not possible to remove repositories that are not associated with a template. (ACP-1009)
• Freeing up account license spaces (by removing accounts) is not detected by Access Control Plus without doing a restart. We need to ensure that removing accounts automatically triggers a license check. (ACP-961)
• When adding a gateway to the notification settings, a newly added gateway is only displayed after a screen refresh. The gateway should be displayed as soon as the Add button is pressed. (ACP-950)
• When an LDAP authority is added, the Test Connection results section (if present) is not cleared. (ACP-949)
• It's currently not possible to deselect/remove an LDAP authority. (ACP-919)
• Email notifications destinations and gateway settings updates don't currently return task IDs. (ACP-889)
• On the search results page, the profile card for permissions/resources may display a space and comma even of no path is available. We need to make this comma conditional on their being a path. (ACP-580)
• When the Enforce mode is turned on and off does not automatically run current batch of changes. (ACP-551)
• When a search is closed, currently the end-user is redirected to the dashboard. (ACP-533)
• On the Team page, adding duplicate resources is currently not handled gracefully. (ACP-530)
• Currently conflicting rules in the authz file are not handled consistently. (ACP-509)
• Extra comma currently appears in account creation model. (ACP-491)
• When logging in to the Admin cosole in FireFox after a manual DConE login, it is possible to get into an infinite Redirect Loop. (ACP-378)
• When making an account a team leader, currently they are not automatically being made members of the team. (ACP-297)
• We need to make improvements to the way that repositories are removed from Access Control Plus's management, so that process always leaves the repository inaccessible to all users. (ACP-286)
• Access Control Plus's REST API documentation remains incomplete. We need to do further work to ensure that all resources and their endpoints are available. (ACP-278)
• Imported team leader accounts are currently not being marked as team members. (ACP-193)