Cisco heeft een firmware-update uitgebracht voor haar Content Security Management Appliances, die afgekort worden tot SMA. De techniek stamt af van IronPort Systems, dat in 2007 door Cisco werd gekocht, hoewel dat dus al meer dan een decennium geleden is, hoor je ook nog steeds de naam IronPort terugkomen voor deze appliances. Voor de ondersteunde upgrade paths is het raadzaam om de documentatie door te nemen of om contact op the nemen met Cisco's TAC. Deze firmware heet 14.3 Refresh en kent 14.3.0-120 als exact versienummer; hiermee worden ook de recente sql-injectie- en http-response-header-injectie-problemen mee aangepakt. De lijst met vernieuwingen ziet er als volgt uit:
What’s New in this Release
Custom User Role for AMP. The administrator can define a custom user role that provides access to view the AMP-related reports for all email gateways or the selected Reporting Group. The administrator can then assign this custom user role to a user. The administrator can navigate to System Administrator > User Role > Add Email User Role and select AMP Reports in Access to data in Reporting Group or Access to data in all Email Appliances dropdown list for the Email Reporting field to create the AMP custom user role. For more information, see “Access to Email Reporting” section in the “Distributing Administrative Tasks” chapter of the user guide.
Changes in Behavior
Print and Clear subcommands are available for the Certconfig command. Before this release, you could not print or clear the different certificates or keys installed for inbound, outbound, HTTPS management access, and LDAPS services. After you upgrade to this release, you can print or clear the different certificates or keys installed for inbound, outbound, HTTPS management access, and LDAPS services. You can use Certconfig > Print or Clear subcommand in the CLI to print or clear the different certificates or keys installed.
JWT token - error message changes. Before this release, when you used JSON Web Token (JWT) token to make any API request, and if the JWT token was expired, the expired token error message was displayed. From this release onwards, when you use the JWT token to make any API request, if the JWT token used is older than 12 hours, an invalid token or expired token error message is displayed. The expired token error message is displayed only up to 12 hours from token generation.
Modifications to the SPoG feature. When you enable or disable SPoG, the session of all the users concurrently logged into the new web interface becomes invalid, and a new request to the server logs them out. The users must log in again. Also, if a Secure Email and Web Manager is added to SPoG, and you are currently logged into the new web interface of the same Secure Email and Web Manager, then you will be logged out due to a change in the flow of JWT validation.
Message Tracking - Remediation Action Changes.Syslog disk buffer size configuration changes.
- Before this release, you could enter a-z, A-Z, 0-9, and any special characters for the Remediation Batch Name and Description fields in the Confirm Remediation dialog box.
- From this release onwards, you can only enter a-z, A-Z, 0-9, _, -, and spaces for the Remediation Batch Name and Description fields in the Confirm Remediation dialog box. Any other special characters are not allowed.
[Applicable for AsyncOS upgrade only]: During the upgrade, the system automatically reduces the maximum disk buffer size value to 1GB if the existing configured value is more than 1 GB before the upgrade.
- Before this release, the maximum syslog disk buffer size allowed for syslog push log subscription was 10GB.
- From this release onwards, the maximum syslog disk buffer size allowed for syslog push log subscription is 1GB.
