Release Notes

Release notes support the installation of the latest product version. They describe:

• New functionality
• Fixes made
• Known issues

For additional information go to:

• System requirements
• Installation information

We currently ship Flume 1.5.0.1. Flume 1.5.2 will be shipped in our next release. Flume 1.5.2 has the logic necessary to disable SSL v3.

Release ACP 1.5.3 Build: 2341

1.5.3 Fixes made

• We have fixed a hang in the /last/accounts, /last/repositories, and /accounts REST endpoints where a sufficient amount of stored data required an ACP restart to fix. (US1731)
• GUI now displays "Loading..." when querying for a lot of Account Access Audit data. (US1656)
• You can now create an Account Access Audit report for all repositories' latest access. (US1322)
• You can now create an Account Access Audit report for all accounts' latest access. (US1327)
• You can now create an Account Access Audit report for a single account for all repos. (US1330)
• When clicking on the search result for user, the profile page now displays. (DE153 / ACP-2153)
• Resource refinement field of Rule lookup is no longer grayed out. (DE553 / ACP-2204)

1.5.3 Known issues

• All Flume daemons must be stopped 15 minutes before inducting or repairing ACP instances. (DE672)
• Rule lookup function delivers incorrect results if you are using wildcards. (ACP-1911/US810)
• Default start and kill priorities are incorrect in SUSE 11. (DE661)
• Backup script takes a long time to run. (US692)
• Have better documented pre-placement and post-placement script requirements. (US1666)
• Search does not return results for unrefined resources. (ACP-1628)

Release 1.5 Build: 2237

Fixes made

• Documentation describes how to remove accounts if the system has become read-only because the number of accounts exceeds the license maximum. (ACP-2190)
• The Settings page now properly displays the synchronization period value. (ACP-2161)
• We have fixed an error that caused a notification subsystem failure when upgrading. (ACP-2144)
• Pre-placement script exit values are now properly honored. (ACP-2091)
• Team Leads can now have sufficient privileges to disable accounts in their team(s). (ACP-2085)
• User accounts are now present in AuthZ/authorized_keys/password files even if only have Deny permissions (SVN MultiSite Plus) or inactive permissions (Git MultiSite). (ACP-2075)
• Repository template page works properly in IE10 on Windows 7. (ACP-2051)
• Audit accounts can no longer be added to teams. (ACP-1995)
• The tool-tip for location of Pre/Post placement scripts has been reworded. (ACP-1933)
• The ACP importer now assigns rules to the correct resource. (ACP-1882)
• ACP update install now shows correct port assignments. (ACP-1668)

Known issues

• Default start and kill priorities are incorrect in SUSE 11. (US1490)
• To avoid confusion, do not create anything or make any changes in "Current Mode". (ACP-2143)
• There are misaligned checkboxes on team leader permissions. (ACP-2141)
• You can currently create multiple repository templates in same name - do not do this. (ACP-2134)
• Audit logs do not update <accountName> when a username changes. (ACP-2127)
• Replicator doesn't validate against duplicate generator assignments - do not do this. (ACP-2115)
• You must make sure that path refinements in SVN do not end in '/'. (ACP-2078)
• Currently audit logs do not update <accountName> when a username changes. (ACP-2127)
• Currently you cannot save a repository template using IE11. (ACP-1754)

Release 1.5 Build: 1.5.0.3-15

Fixes made

• Instructions completed for "silent" non-interactive install. (ACP-2158)
• In "Settings" in the "Connect to MultiSite" sub-section, for both SVN MultiSite Plus and Git MultiSite, the current value of the Poll Period (seconds) now displays. (ACP-1691)
• Repository template now works in IE10 on Win7. (ACP-2051)

Known issues

• If you want to upgrade from Access Control Plus 1.0 to 1.5, you must first upgrade to 1.1. Then follow the procedure again to upgrade from 1.1 to 1.5. (ACP-2175)
• To avoid confusion, do not create anything or make any changes in "Current Mode". (ACP-2143)
• There are misaligned checkboxes on team leader permissions. (ACP-2141)
• If you refine the paths of more than 10 resources before confirming them, they might not be displayed nor saved. (ACP-2138)
• You can currently create multiple repository templates in same name - do not do this. (ACP-2134)
• Audit logs do not update <accountName> when a username changes. (ACP-2127)
• Replicator doesn't validate against duplicate generator assignments - do not do this. (ACP-2115)
• The placement logic of generated files ignores exit code of pre-placement script. (ACP-2091)
• You must make sure that path refinements in SVN do not end in '/'. (ACP-2078)

• Currently, when enabling global wildcards you receive no warning that this action cannot be reversed. You receive the message:

  This cannot be undone without reinstalling.

  (ACP-2111)

• Currently audit logs do not update <accountName> when a username changes. (ACP-2127)
• Currently you cannot save a repository template using IE11. (ACP-1754)

Release 1.5.0 Build: 2139

We currently ship Flume 1.5.0.1. Flume 1.5.2 will be shipped in our next release. Flume 1.5.2 has the logic necessary to disable SSL v3.

Fixes made

• This version introduces support for Subversion Wildcards and support for Account Access Auditing. Some features are noted here.
• You can now report when accounts last accessed repositories. (ACP-39)
• You can include more entries in the authorized_keys file by prepending and appending entries to the generated entries. (ACP-1570)
• You can specify the SSHD options to the "command" in the authorized_keys files. (ACP-1606)
• authorized_keys.tmp file is generated before pre-placement script is run. (ACP-1671)
• You can now see the license expiry date in the UI, and tell which license type you have. (ACP-1611)
• Number of licensed users (i.e. not including disabled accounts) is shown in the UI. (ACP-1822)
• Resources can be processed and ordered with wildcards. (ACP-1857)
• You can enable wildcards via the UI. (ACP-1868)
• The UI displays priority conflicts in rules as they happen (ACP-1869), and you are asked to confirm your action (ACP-2067).

Known issues

• flumeReceiverConfig.jar causes Regex change when updating log user password in Flume config. (ACP-2129)
• If you upgrage to ACP 1.5 from an earlier version, the wildcards function defaults to "OFF" with the priority policy set to "Lowest Wins". When you enable wildcards, a proposal is sent to all other nodes to get agreement, then the priority policy is automatically changed to "Highest Wins". Some time passes as node agreement is reached. It is possible that the Administrator might need to refresh the page before the policy shows as set within the UI. (ACP-2000)

• Currently, when enabling global wildcards you receive no warning that this action cannot be reversed. You receive the message:

  This cannot be undone without reinstalling.

  (ACP-2111)

• Currently audit logs do not update <accountName> when a username changes. (ACP-2127)
• You cannot currently select Audit User as a User type when setting up an account from the UI. If you do, you receive an error message. (ACP-1995)
  We recommend that administrators remove all Audit accounts from teams as soon as possible or convert the account type to a different User type.
• A silent install is halted by the request to set the ENABLE_AUDITING variable to true or false, the default. (ACP-2105)
• Currently you cannot save a repository template using IE11. (ACP-1754)

Release 1.1.1 Build: 1992

Fixes made

• This version fixes an issue where the tarball version did not work when upgrading from ACP 1.0.1 to the latest version. (ACP-1753)
• Version 1.1.1 fixes an issue where the filter did not work when adding a new resource to a team. (ACP-1746)
• This version fixes an issue where searching an account returned 0 results. (ACP-1745)
• ACP now provides WARNING messages in the logs when it is unable to communicate with SVN or MultiSite. (ACP-1707)
• When a public key is passed to the API, any new lines are deleted from the end (because this stopped account creation). (ACP-1605)

Known issues

• We will update the UI to display that a search is in progress rather than displaying 0 results immediately. (ACP-1756)
• Currently you cannot save a repository template using IE11. (ACP-1754)

Release 1.1.0.2 Build: 1924

Fix made

• Version 1.1.0.2 fixes an issue in 1.1 and 1.1.0.1 where ACP interacts with SSH Public Keys. Upgrade all of your installed nodes with this release as soon as possible. (ACP-1708)

Known issues

• Currently, when upgrading from 1.1 to 1.1.0.1, the default ports are displayed, not the ports for your implementation. The correct ports are used. (ACP-1668)

Release 1.1.0.1 Build: 1916

Fix made

• The owner of the account (a local user or LDAP user) or an ACP administrator can now update the SSH Keys field of an LDAP account through the API and UI. (ACP-1681)

Known issues

• A future release will enable passwords to be all numbers. (ACP-1663)
• There is a problem in version 1.1 and 1.1.0.1 where ACP interacts with SSH Public Keys. This is fixed in version 1.1.0.2. Upgrade all of your installed nodes with this release as soon as possible. (ACP-1708)

Release 1.1 Build: 1901

We've made improvements to the user interface and LDAP use, plus clarifying some information in the documentation.

New functionality

• Implemented paging of LDAP results. (ACP-1548)
• Users can edit their own SSH key. (There are some limits for audit accounts: see Fixes made and Known issues) (ACP-1348)

Fixes made

• stop command would stop all instances of ACP running on a node instead of just the one intended. Code corrected. (ACP-1596)
• Just a single zip file is now generated when creating a backup. (ACP-1498)
• The UI now shows the correct default mode selected for batch mode view. "Pending" is selected by default, which show what is happening in the API. (ACP-1569)
• Corrected the display of inherited Create/Delete permissions. Access Control Plus now shows DENY permissions for Create/Delete when appropriate. (ACP-1599)
• Documentation includes more information on system requirements, including need for full network connectivity. (ACP-1561)
• Documentation now describes the versions of ACP, ACP GFR, Git MultiSite and Subversion MultiSite Plus that have been tested. It notes to contact WANdisco Support when planning an upgrade from early versions. (ACP-1620)
• Documentation emphasises contacting WANdisco support when upgrading from Access Control 4.2. It also emphasizes that batch updates should be disabled at least an hour before the shutdown for upgrade. (ACP-1601)
• Documentation describes how audit accounts cannot change either their SSH Public Key or their password. They need an administrator to set them. A future release will enable audit account self-service options. (ACP-1564)
• Documentation warns never to change the Type of a repository template. Do not add Generators to a repository template for more than one Type of repository. If you have accidentally started to create the wrong Type of template, always Delete the template and start over. (ACP-1558)
• Documentation warns to configure email notifications correctly on all Git MultiSite and Subversion MultiSite Plus nodes so that you receive notification of GFR failures. Currently the API only returns the success or failure of the node that ACP is directly connected to. Therefore, you need to configure email notifications correctly on your WANdisco product. (ACP-1552)
• Documentation warns that if you configure repository templates to send files, the files are sent even if they are not linked to repositories. Take care when creating repository templates with the same paths. We recommend that you do not configure multiple repository templates with identical files and/or paths. You can do this if your configuration consists of non-overlapping system restrictions. For example, you can use the Advanced features so that repoTemplateA only delivers to systems A, C, E and repoTemplateB only delivers to systems B, D, F. (ACP-1547)
• Creating a backup currently results in multiple zip files being generated when there should only be one. (ACP-1498)
• Case-insensitive user data can now be imported from Access Control 4.2. (ACP-1241)

Known issues

• A future release will enable audit account self-service options. (ACP-1563)
• We need to enable users to specify the SSHD options to the command in the authorized_keys files via optional parameters to the Git and Subversion generators. (ACP-1606)
• Currently RSA public keys cannot be longer than 512 bytes. (ACP-1603)
• We will enable accounts to create a block of authorized_keys file entries that are always included when ACP/GFR delivers any updates. (ACP-1570)
• UI will be updated so that disabled accounts and active accounts can be counted and listed separately. (ACP-1536)
• New password confirm field is required on the self-service page. (ACP-1507)
• Currently if a user's attributes are changed in Active Directory, the corresponding fields in Access Control Plus are not updated. (ACP-1493)
• When user details are updated in an LDAP authority, these details aldo need to be updated in ACP. (ACP-621)
• We need to add a mechanism which will allow end-users to change their account passwords through the admin UI. (ACP-177)
• When troubleshooting user access problems (in deployments that manage htpasswd/sshd files) you may notice that an active account for which only DENY rules currently apply will generate an authentication rather than authorization error on any Git/SVN access attempt. It's as if the account didn't exist instead of simply not having the appropriate access permissions. This apparent quirk is by design. If an account doesn't have access to any resources at all, we don't bother writing it to the password or sshd rules file. In fact, if the account doesn't have any associated rules then "Deny" rules are applied by default and the account will not be written to the AuthZ file either. Note that this does not occur if authentication is delegated to LDAP/AD or any method which does not use passwd/sshd files. (ACP-1503)
• The License expiry warning message needs a slight clarification that the provided date is one by which action must be taken. (ACP-1497)
• Currently if an users attributes are changed in Active Directory, the corresponding fields in Access Control Plus are not updated. (ACP-1493)
• Accidently double-clicking the confirm button after adding a rule to a subfolder can result in a jdbcSQLException error. (ACP-1491)
• Testing an LDAP connect can result in errors caused by excessive validation, if the managing node has not been selected. The test should not be checking for a managing node as it is only intended to confirm the presense of the specificed authority. (ACP-1462)
• Deleted repositories remain available to add as resouces and don't show as deleted on the team profile page. (ACP-1427)
• If the common repository path segment (e.g. /opt/Subversion/) is removed from the SVN Auth File Generator then the Update button stops working. A refresh of the screen fixes the problem. (ACP-1424)
• An LDAP polling period is not displayed after the user clicks "Save". The polling works properly but just isn't visible. (ACP-1423)
• When running both Git and SVN under Access Control Plus it is currently not possible to assign a Git and an SVN repository to a team if they have the same name. (ACP-1417)
• Accounts that are flagged as "Inactive" are incorrectly added to the password file. (ACP-1411)
• Currently the API documenation contains errors where some classes, such as GeneratorResource include invalid endpoints. (ACP-1410)
• There's insufficient error handling on the part of the installation where the license file is located -- currently it is possible to enter a folder name which will allow the installation to continue but will not allow the application to start. (ACP-1380)
• Email notifications that are set up for the starting and stopping of nodes are not currently being sent. (ACP-1363)
• We need to improvide the way we display which accounts have been disabled in the admin UI. (ACP-1360)
• There is currently no confirmation when aborting an induction task. (ACP-1358)
• Permission errors presented on the Admin UI for auditor type accounts are too generic. (ACP-1354)
• The labelling on the System Stats panel is confusing as it appears to contradict the rest of the values shown on the main Admin UI screen. (ACP-1339)
• There are some limitations to doing searches for resource paths in Git repositories. Currently resources are automatically prefixed with PATH, BRANCH or TAG etc. Searches only work for resources that are applied in an access rule. (ACP-1338)
• When Git MultiSite encounters problems when trying to place generated files (those delivered via the generic file replication system) the log messcages are bit handled correctly. (ACP-1337)
• On the Admin UI's settings page the Node induction input field does not scale gracefully. (ACP-1306)
• On the Admin UI Repository template page it's currently possible to double submit an entry, causing an error message to appear. (ACP-1287)
• After a rollback to an earlier product version, there is currently no way to restart the state machines from the product. Currently there's a a REST API call that can perform a coordinated restart. (ACP-1286)
• When LDAP sync discovers there is already existing account with the same username it will log a warning and not will synchronize this user. The existing username can be local (entered into Access Control Plus directly) or from different LDAP authority. However, if the user exists in LDAP and can authorize against SVN, then it will get in and Authz will apply any rules. (ACP-1255)
• Refreshing the Rule Lookup screen results in stray output information. (ACP-1179)
• We need to provide validation after a settings change to confirm that the Git MultiSite/SVN MultiSite API is still accessible. (ACP-1166)
• On a node with no quorum, the Repository Template screen errors allowing multiple templates to be created. (ACP-1165)
• Nodes that are can't make quorum do not generate appropriate error messages through the Admin UI. (ACP-1164)
• Filtering repositories on type doesn't currently work. (ACP-1141)
• Error handling sometimes doesn't parse stacktrace/message data from the API. (ACP-1121)
• Filter entry field's dropdown arrows not rendering correctly in Firefox browser. (ACP-1116)
• A team leader with suitable permission for disabling accounts is unable to interact with the disable option on the Access Control Plus main screen, although they are able to interact with the option on the team profile screen. (ACP-1095)
• Resource filter currently doesn't work properly for SVN / Git resources. (ACP-1074)
• On the LDAP entry form, the regular expression field is not consistently a required entry - you can leave it blank to test the authority but you must enter it in order to add an authority. (ACP-1058)
• We need to take away the "remove" team member option for LDAP-based team members (although it must remain in for local members). (ACP-1053)
• The Rule Lookup screen should handle the return of multiple repositories with the same name. (ACP-1023)
• It's currently not possible to remove repositories that are not associated with a template. (ACP-1009)
• Freeing up account license spaces (by removing accounts) is not detected by Access Control Plus without doing a restart. We need to ensure that removing accounts automatically triggers a license check. (ACP-961)
• When adding a gateway to the notification settings, a newly added gateway is only displayed after a screen refresh. The gateway should be displayed as soon as the Add button is pressed. (ACP-950)
• When an LDAP authority is added, the Test Connection results section (if present) is not cleared. (ACP-949)
• It's currently not possible to deselect/remove an LDAP authority. (ACP-919)
• Email notifications destinations and gateway settings updates don't currently return task IDs. (ACP-889)
• On the search results page, the profile card for permissions/resources may display a space and comma even of no path is available. We need to make this comma conditional on their being a path. (ACP-580)
• When the Enforce mode is turned on and off does not automatically run current batch of changes. (ACP-551)
• When a search is closed, currently the end-user is redirected to the dashboard. (ACP-533)
• On the Team page, adding duplicate resources is currently not handled gracefully. (ACP-530)
• Currently conflicting rules in the authz file are not handled consistently. (ACP-509)
• Extra comma currently appears in account creation model. (ACP-491)
• When logging in to the Admin cosole in FireFox after a manual DConE login, it is possible to get into an infinite Redirect Loop. (ACP-378)
• When making an account a team leader, currently they are not automatically being made members of the team. (ACP-297)
• We need to make improvements to the way that repositories are removed from Access Control Plus's management, so that process always leaves the repository inaccessible to all users. (ACP-286)
• Access Control Plus's REST API documentation remains incomplete. We need to do further work to ensure that all resources and their endpoints are available. (ACP-278)
• Imported team leader accounts are currently not being marked as team members. (ACP-193)