Release Notes
Release notes are provided to support the installation of the latest product version. In the notes you will find information about any new functionality that we've added, what fixes are now in place, and if there are existing issues of which you should be aware.
Release 1.0.1 Build:1737
We've made a lot of improvements to Admin UI, there's now support for a mixed replicated/non-replicated SVN repositories. Also, it's now possible to migrate Access Control 4.2 data into Access Control Plus.
Known Limitations
- New password confirm field is required on the self-service page. (ACP-1507)
- We need to add a mechanism which will allow end-users to change their account passwords through the admin UI. (ACP-177)
- When troubleshooting user access problems (in deployments that manage htpasswd/sshd files) you may notice that an active account for which only DENY rules currently apply will generate an authentication rather than authorization error on any Git/SVN access attempt. It's as if the account didn't exist instead of simply not having the appropriate access permissions. This apparent quirk is by design. If an account doesn't have access to any resources at all, we don't bother writing it to the password or sshd rules file. In fact, if the account doesn't have any associated rules then "Deny" rules are applied by default and the account will not be written to the AuthZ file either.
You should note that this does not occur if authentication is delegated to LDAP/AD or any method which does not use passwd/sshd files. (ACP-1503) - Creating a backup currently results in multiple zip files being generated when there should only be one. (ACP-1498)
- The License expiry warning message needs a slight clarification that the provided date is one by which action must be taken. (ACP-1497)
- Currently if an users attributes are changed in Active Directory, the corresponding fields in Access Control Plus are not updated. (ACP-1493)
- Accidently double-clicking the confirm button after adding a rule to a subfolder can result in a jdbcSQLException error. (ACP-1491)
- Testing an LDAP connect can result in errors caused by excessive validation, if the managing node has not been selected. The test should not be checking for a managing node as it is only intended to confirm the presense of the specificed authority. (ACP-1462)
- Deleted repositories remain available to add as resouces and don't show as deleted on the team profile page. (ACP-1427)
- If the common repository path segment (e.g. /opt/Subversion/) is removed from the SVN Auth File Generator then the "Update" button stops working. A refresh of the screen fixes the problem. (ACP-1424)
- An LDAP polling period is not displayed after the user clicks "Save". The polling works properly but just isn't visible. (ACP-1423)
- When running both Git and SVN under Access Control Plus it is currently not possible to assign a Git and an SVN repository to a team if they have the same name. (ACP-1417)
- Accounts that are flagged as "Inactive" are incorrectly added to the password file. (ACP-1411)
- Currently the API documenation contains errors where some classes, such as GeneratorResource include invalid endpoints. (ACP-1410)
- There's insufficient error handling on the part of the installation where the license file is located -- currently it is possible to enter a folder name which will allow the installation to continue but will not allow the application to start. (ACP-1380)
- Email notifications that are set up for the starting and stopping of nodes are not currently being sent. (ACP-1363)
- We need to improvide the way we display which accounts have been disabled in the admin UI. (ACP-1360)
- There is currently no confirmation when aborting an induction task. (ACP-1358)
- Permission errors presented on the Admin UI for auditor type accounts are too generic. (ACP-1354)
- The labelling on the System Stats panel is confusing as it appears to contradict the rest of the values shown on the main Admin UI screen.(ACP-1339)
- There are some limitations to doing searches for resource paths in Git repositories. Currently resources are automatically prefixed with PATH, BRANCH or TAG etc. Searches only work for resources that are applied in an access rule. (ACP-1338)
- When Git MultiSite encounters problems when trying to place generated files (those delivered via the generic file replication system) the log messcages are bit handled correctly. (ACP-1337)
- User data exported from Access Control 4.2 does not contain any information about which accounts are case insensitive. (ACP-1241)
- On the Admin UI's settings page the Node induction input field does not scale gracefully. (ACP-1306)
- On the Admin UI Repository template page it's currently possible to double submit an entry, causing an error message to appear. (ACP-1287)
- After a rollback to an earlier product version, there is currently no way to restart the state machines from the product. Currently there's a a REST API call that can perform a coordinated restart. (ACP-1286)
- When LDAP sync discovers there is already existing account with the same username it will log a warning and not will synchronize this user. The existing username can be local (entered into Access Control Plus directly) or from different LDAP authority. However, if the user exists in LDAP and can authorize against SVN, then it will get in and Authz will apply any rules. (ACP-1255)
- Refreshing the Rule Lookup screen results in stray output information. (ACP-1179)
- We need to provide validation after a settings change to confirm that the Git MultiSite/SVN MultiSite API is still accessible. (ACP-1166)
- On a node with no quorum, the Repository Template screen errors allowing multiple templates to be created. (ACP-1165)
- Nodes that are can't make quorum do not generate appropriate error messages through the Admin UI. (ACP-1164)
- Filtering repositories on type doesn't currently work. (ACP-1141)
- Error handling sometimes doesn't parse stacktrace/message data from the API. (ACP-1121)
- Filter entry field's dropdown arrows not rendering correctly in Firefox browser. (ACP-1116)
- A team leader with suitable permission for disabling accounts is unable to interact with the disable option on the Access Control Plus main screen, although they are able to interact with the option on the team profile screen. (ACP-1095)
- Resource filter currently doesn't work properly for SVN / Git resources. (ACP-1074)
- On the LDAP entry form, the regular expression field is not consistently a required entry - you can leave it blank to test the authority but you must enter it in order to add an authority. (ACP-1058)
- We to take away the "remove" team member option for LDAP-based team members (although it must remain in for local members). (ACP-1053)
- The Rule Lookup screen should handle the return of multiple repositories with the same name. (ACP-1023)
- It's currently not possible to remove repositories that are not associated with a template. (ACP-1009)
- Freeing up account license spaces (by removing accounts) is not detected by Access Control Plus without doing a restart. We need to ensure that removing accounts automatically triggers a license check. (ACP-961)
- When adding a gateway to the notification settings, a newly added gateway is only displayed after a screen refresh. The gateway should be displayed as soon as the Add button is pressed. (ACP-950)
- When an LDAP authority is added, the Test Connection results section (if present) is not cleared. (ACP-949)
- It's currently not possible to deselect/remove an LDAP authority. (ACP-919)
- Email notifications destinations and gateway settings updates don't currently return task IDs. (ACP-889)
- On the search results page, the profile card for permissions/resources may display a space and comma even of no path is available. We need to make this comma conditional on their being a path. (ACP-580)
- When the Enforce mode is turned on and off does not automatically run current batch of changes. (ACP-551)
- When a search is closed, currently the end-user is redirected to the dashboard. (ACP-533)
- On the Team page, adding duplicate resources is currently not handled gracefully. (ACP-530)
- Currently conflicting rules in the authz file are not handled consistently. (ACP-509)
- Extra comma currently appears in account creation model. (ACP-491)
- When logging in to the Admin cosole in FireFox after a manual DConE login, it is possible to get into an infinite Redirect Loop. (ACP-378)
- When making an account a team leader, currently they are not automatically being made members of the team. (ACP-297)
- We need to make improvements to the way that repositories are removed from Access Control Plus's management, so that process always leaves the repository inaccessible to all users. (ACP-286)
- Access Control Plus's REST API documentation remains incomplete. We need to do further work to ensure that all resources and their endpoints are available. (ACP-278)
- Imported team leader accounts are currently not being marked as team members. (ACP-193)
New Features
- Added support for mixed replicated/non-replicated SVN repository environments. (ACP-791)
- Many improvements to the Admin UI.
- Improved styling when the admin UI is placed in the Enforce mode. (ACP-1313)
- Change the "Create Member" button on the Team modal to be consistent with other parts of the UI. (ACP-1276)
- Removed redundant attributes from the account 'profile card' profiles that could result in the appearance of stray commas. (ACP-1240)
- Added a character limit (64 characters) for Team names. (ACP-590)
- Added support for Emergency reconfigurations which will allow WANdisco support to better assist the return to replication should quorum be lost (due to sufficent nodes being lost/disconnected from membership). (ACP-1244)
- The Rest API namespace has been chanegd to make it consistent with MultiSite Products (it's now /api). (ACP-1137)
- The Managing node now correctly defaults to 'self' in stand-alone mode. (ACP-1109)
- Add support to see total number of repositories as well as resources in System Stats. (ACP-718)
- Added feature for downcasing username for situations where we need to support system wide case insensitivity (a requirement for some customers who are migrating from Access Control 4.2 which handles the situation differently. (ACP-1241)
- References to Version Control concepts are now dealt with consistently across the admin UI. (ACP-1235)
- The API GET methods now correctly return 200 OK messages, previously 202 ACCEPTED messages were mostly being returned. (ACP-901)
Issues Addressed
- Hardened the induction process against potential conflicts should a second induction be started before an earlier induction finished. (ACP-1316)
- Fixed an issue where routes would be lost after a node restart, resulting in node failure. (ACP-1256)
- Fixed an issue with the data import that could occasionally result in the wrong permissions being matched against repository resource paths. (ACP-1153)
- Accounts that are disabled will no longer be able to access the admin UI. ACP-887
- The API GET methods now correctly return 200 OK messages, previously 202 ACCEPTED messages were mostly being returned. (ACP-901)
- Multi-byte characters are now supported by the search criteria (ACP-824)
- All search fields are now case insensitive. ACP-1321
- Fixed a noticable slowdown when retriving users for a rule when there's a large number (thousands) of users. (ACP-1062)
Release 1.0.0.2 Build:136502
This release mades a change to the repository repair tool that makes it impossible to miscofigure a repair which could result in wider problems that affect node induction.
- Addressed an issue with the Node Repair tool which did not stop an external nodes from being selected for use as the "helper". The use of non-local nodes as helpers will be supported in a future release but currently some steps in the repair are not replicated. (ACP-1289), (ACP-1254)
- We've put in a temporary change to the Repair Tool that prevents a non-local node from being selected as helper. (ACP-1294)
Known Limitations
- The "Deny" setting (blocking reads or write access) is currently not available for the Git references in Access Control Plus. It will become available if we're able to implement finer grained read permissions on Git repositories. (ACP-912) (Fixed in 1.0.1)
- Access to Access Control Plus's admin console will be blocked by Microsoft Internet Explorer 11 when runing in enterprise mode. To unblock access, add the admin console's URL Internet Explorer's the site list manager to be able to access the admin console.(ACP-790)
See our article on how to Unblock Access Control Plus when using IE11 in Enterprise Mode
- When using Batch updates and switched on, the Pending mode's database needs to initialized by running a batch update. Otherwise the Current mode database will not actually reflect the current state. (ACP-732)
- Team leader (with full permissions) cannot promote sub-team member to team leader as he cannot grant them any permissions. (ACP-993)
- Currently it is not possible to remove LDAP settings that have been applied to teams. This issue will be addressed as a matter of urgency. (ACP-941)
- We strongly recommend that you guard against the adding of LDAP-based accounts that use the same account name. Currently there's no guard against having two accounts with the same name - as accounts can be distributed accross any number of authorities. In the event that you attempt to add two accounts that use the same account name, their addition will fail and an error message will appear in the logs that warns you of an "Incorrect result size: expected 1, actual 2". (ACP-917)
- Repositories (w/o templates) currently can't be deleted until they are assigned a template. (ACP-1027)
- If you have two repositories with the same name (also of the same SCM type) then currently a rule lookup that will display them will currently only show one of the repositories (chosen randomly). We'll address this issue in a future release. (ACP-1024)
- There is currently a small chance that the induction of a node will fail - the induction would appear to freeze with a "Triggering induction" message, with a corresponding pending induction task. If this happens it won't be possible to un-induct the failed node. However, it is possible to induct new nodes, and it is also possible to connect to MultiSite using those nodes. Any changes to Access Control settings (e.g. templates, resources, teams, users, rules etc.) are replicated to all nodes except the broken one. Replication of Apache password and Authz files also work as expected. (ACP-1114)
- Currently the browser-based admin console requires that you include the /ui/ directory in its URL (i.e. http://10.0.0.5:8082/ui/). In a future release we'll ensure that any request on the application port will redirect to the admin console. (ACP-1044)