Release Notes 1.1.4.4

Metadata

This release documentation version 1.0.

Release	1.1.4.4
Release date	2024-09-30
Release type	Full release or Patch
Future	Main branch release
Server version	1.1.4.4+1.1.4.4-b9ca1f9
Log Server version	1.1.4.4+1.1.4.4-9fd2c26
HostScreen Server version	1.1.4.4+1.1.4.4-ed24c740
Web Terminal Hub version	1.1.4.4+1.1.4.4-04eec6a
Web Terminal Client version	1.1.4.4+1.1.4.4-68c4b7c
Management Console	1.1.4.4+1.1.4.4-e0f7049
Log Viewer	1.1.4.4+1.1.4.4-cc7f417

.NET Platform

.NET Release	8.0.8
.NET Runtime	8.0.8
ASP.NET Core Runtime	8.0.8
Notable changes	Link

Web Terminal Client Renderer File Names (checksum)

Location: Program Files\Flynet\Jubilant\WebTerminal\web

renderer.4b7269853ded7ff1a8af.js	renderer.6de4dcfc18d8e189ec9e.js
renderer.7b60e0ba28d5470bdbc8.js	renderer.8e1c52fae1486d84b902.js
renderer.978ba985dba414cac7f7.js	renderer.6391f6655d1351279a81.js
renderer.1786339ff31cacb897f3.js	renderer.b6e91dce7ab74396b284.js
renderer.e17bad2ec3aca6daedfe.js	renderer.ec0247d8677bbd127024.js

Upgrade Recommendations

This upgrade is highly recommended for security updates.

This update is recommended for most users because of an increased screen communication efficiency.

Security Notes

This upgrade is recommended for security reasons.

.NET Security

.NET 8.0.8 is used this release of Jubilant that includes security updates. Maximum severity: Important. However, these vulnerabilities are not surfaced in Jubilant. Please see these notable changes.

This release also introduces for the first time fixes found in .NET 8.0.7. Maximum severity: Important. However, only one of these vulnerabilities could under limited circumstances have surfaced in Jubilant (CVE-2024-30105). Please see these .NET 8.0.7 notable changes.

Node and Nuget Packages Security

An upgrade to Node Packages (web development) includes security updates. Maximum severity: High. See Security updates.

High Importance Fix Notes

This upgrade is recommended for an improvement to screen communication efficiency that remedies edge-case high CPU consumption.

It is also recommended for organizations where:

1. 3270 IND$FILE is used.
2. Non-US latin characters are used (for example characters with accents such as å, or non-US-English specific, such as ß.)

In this Release

New

ID	Protocols	Description
HSB.25	All	Improved debug for ScreenBuffer enumeration.
HSB.27	All	Improved trace for ScreenBuffer reads and writes.
WTH.42	All	Custom reply, ssl offloading and reduced nonce for OpenID Connect.
HSS.61	All	Code pages for French, Spanish and Italian along with their Euro counter parts.

Fix

ID	Protocols	Description
HSB.30	All	Increased terminal screen interprocess communication efficiency.
WTH.36	All	Increased throughput for session start and stop.
WTC.318	3270	Fixed handling of IND$FILE append and new flags.
LS.9	All	Fixed the setting of the failover log level.
LS.10	All	Fixed the retrieval of log file cleanup parameters.
WTC.323	All	Fixed pasting extended characters (non-US) into the web terminal results in incorrect double width characters.

Security

ID	Protocols	Description
WTC.325	All	Node packages upgraded to remove reported vulnerabilities.
S.7	All	Nuget packages upgraded to remove reported vulnerabilities.
HSB.31	All	Nuget packages upgraded to remove reported vulnerabilities.
HSS.63	All	Nuget packages upgraded to remove reported vulnerabilities.
WTH.46	All	Nuget packages upgraded to remove reported vulnerabilities.
MC.30	All	Nuget and Node packages upgraded to remove reported vulnerabilities.
LV.16	All	Nuget and Node packages upgraded to remove reported vulnerabilities.
.Net 8.x	All	See .Net Security Notes.

Change Notes

HSB.25 - Improved debug for ScreenBuffer enumeration

In rare occasions the ScreenBuffer can become invalid because of external inputs. A new debug log exception message reports the invalid ScreenBuffer and the position within the buffer that caused the issue.

HSB.27 - Improved trace for ScreenBuffer reads and writes

When logging is at Trace level, ScreenBuffer reads as well as writes are written in the session log file.

WTH.42 - Custom reply, ssl offloading and reduced nonce for OpenID Connect

New settings have been added to give added flexility to OpenID Connect solutions.

These are additions to the OpenIdConnect settings found in WebTerminalSettings.json.

"OpenIdConnect": {
    "DisableTelemetry": true,
    "ExternalHubUrl": "",
    "NonceByteLength": 0,
    "RequireTimeStampInNonce": true
  }

DisableTelemetry (boolean, default true)

While this is set to true, the Microsoft OpenID Connect will not add the following entries to the authentication request:

x-client-SKU=ID_NET8_0
x-client-ver=7.1.2.0

Values will vary based on version of .NET and the Microsoft OpenID Connect client.

ExternalHubUrl (string URL, default empty)

Setting this value forcibly sets the redirect_uri on the authentication request to {ExternalHubUrl}{CallbackPath} By default CallbackPath is /redirect.

This is useful when the Jubilant server is behind a proxy or load balancer, and the URL is not correctly determined, such as SSL offloading being in place, or a different host name.

For example, if ExternalHubUrl was set to https://jubilant.external.com/fjterm/hub, the redirect_uri value will be set to https://jubilant.external.com/fjterm/hub/redirect regardless of how intermediate land balancers or proxies altered the hostname, path, port or if https/http.

NonceByteLength (int, default zero)

Anything less than 1 means that this setting will be ignored. Applying this setting is not recommended as any reduction in nonce size could result in a less secure configuration.

Setting this value indicates how many bytes must be used to generate the nonce.

RequireTimeStampInNonce (boolean, default true)

Setting this setting to false, therefore removing the time stamp, is not recommended as it could result in a less secure configuration.

This setting indicates whether a prefix of .Net Epoch time must be placed in front of the nonce value, using a period delimiter. If this value is required, it will be validated on return to Jubilant.

HSS.61 - Code pages for French, Spanish and Italian along with their Euro counter parts

Added code pages for French, Spanish and Italian along with their Euro counter parts.

1. Italy 280
2. Italy with Euro 1144
3. France 297
4. France with Euro 1147
5. Spain/Latin America 284
6. Spain/Latin America 1145

HSB.30 - Increased terminal screen interprocess communication efficiency

By removing the use of a separate thread to handle screen interprocess communication, the CPU / thread-launch effort required when reading and writing the shared ScreenBuffer has been greatly reduced in a lot of cases.

WTH.36 - Increased throughput for session start and stop

An improvement to the session dictionary used by the Web Terminal Hub has increased the speed at which sessions can be started and stopped.

WTC.318 - Fixed handling of IND$FILE append and new flags

3270 IND$FILE Append and New file flags are correctly applied during an upload.

The user interface has been updated so that it correctly only allows the user to select only one of Append, Replace or New.

LS.9 - Fixed the setting of the failover log level

The failover log level when the logging server is unavailable was not always being applied correctly. This has been fixed.

LS.10 - Fixed the retrieval of log file cleanup parameters

The Management Console was unable to immediately display updated log file cleanup parameters. This fix updates the Log Server Provider so that the live cleanup parameters are fetched for the Management Console every time.

WTC.323 - Fixed pasting extended characters (non-US) into the web terminal results in incorrect double width characters

When pasting Non-US latin characters into the terminal screen they would sometimes be incorrectly interpreted as double byte characters. This fix allows the correct pasting of these characters.

Example characters are those with accents such as å, or non-US-English specific, such as ß.

WTC.325 - Node packages upgraded to remove reported vulnerabilities

All Node packages with reported issues have been upgraded to remove any theoretical vulnerabilities.

S.7 - Nuget packages upgraded to remove reported vulnerabilities

All Nuget packages with reported issues have been upgraded to remove any theoretical vulnerabilities.

HSB.31 - Nuget packages upgraded to remove reported vulnerabilities

All Nuget packages with reported issues have been upgraded to remove any theoretical vulnerabilities.

HSS.63 - Nuget packages upgraded to remove reported vulnerabilities

All Nuget packages with reported issues have been upgraded to remove any theoretical vulnerabilities.

WTH.46 - Nuget packages upgraded to remove reported vulnerabilities

All Nuget packages with reported issues have been upgraded to remove any theoretical vulnerabilities.

MC.30 - Nuget and Node packages upgraded to remove reported vulnerabilities

All Nuget and Node packages with reported issues have been upgraded to remove any theoretical vulnerabilities.

LV.16 - Nuget and Node packages upgraded to remove reported vulnerabilities

All Nuget and Node packages with reported issues have been upgraded to remove any theoretical vulnerabilities.

Installation

Fresh Install

Please see the Jubilant Admin Manual for Fresh Install Instructions.

Upgrade

Note

Please note the specials steps below if upgrading from a 1.0.x build to a 1.1.x or later build.

If upgrading from Jubilant 1.0.x to 1.1.x extra steps must be carried out before and after the install steps below.

Upgrade is carried out using Jubilant scripts.

1. Unzip the installer into a folder.
2. Close any web browsers.
3. Close any Services windows.
4. Open PowerShell ISE as Administrator.
5. In the PowerShell ISE open the Jubilant PowerShell script: "JubilantUpdate.ps1".
6. Run the required script by pressing the green play / run script button on the toolbar.
7. The upgrade of Jubilant is complete.

If this is an upgrade from Jubilant 1.0.x to 1.1.x, make sure the after install steps are also completed.

Version Validation

Find out how to validate the installed version.