PGP Universal Server 3.2.0 - Resolved Issues
|Article:TECH187741|||||Created: 2012-04-30|||||Updated: 2013-06-04|||||Article URL http://www.symantec.com/docs/TECH187741|
This article details a list of resolved issues in PGP Universal Server 3.2.0.
PGP Universal Server 3.2 Resolved Issues
- When mail policy rule is set to Send PDF Messenger: Encrypt the entire message body and attachments, external recipients now receive a message with template text stating that the message contents are in the unencrypted PDF attachment. 
- When external users receive a PDF Messenger message and open the attached PDF file, they are no longer prompted to install a language pack.
- In Mozilla Firefox, when you export a GKM key and a cached passphrase, the private key is now exported.
- When you make changes to cluster members, the status of the cluster now displays correctly.[ 21651]
- When an internal user receives an email from a PGP Universal Web Messenger user, custom text can now be added to notify internal users that their reply came from their PGP Universal Web Messenger Inbox.
- The ability to check the certificate chain, which verifies with the KMS whether a certificated is valid, has now been implemented.
- The hexadecimal fingerprint is now displayed in the key properties on the Managed Key page in PGP Universal Server.
- If you change the PGP Universal Server value, and you check the PGPSTAMP value in the registry after you install the client, the changed value is displayed.
- After you upgrade to PGP Universal Server 3.0, the expiration of subkeys is now set to Never.
- Published directory user keys are now signed by Verified Directory Key and, by default, can be searched from an internal database.
- If messaging is disabled for internal users, the internal user encryption key can no longer be found. 
- The email template for the recover passphrase email now allows you to specify a variable with just the password reset token.
- Now, when a WDE computer is removed, if the devices are not associated with any other WDE computer, these devices are also removed ().
- Now, you can search for a user name by typing the full (or part) of the name.
- On the Consumer Policy page, the consumer policies that are marked as Excluded cannot be edited.
- When you configure PGP Universal Server to listen with another interface, after you save the settings, you are directed to the Universal Services Protocol page.
- Under regional settings, if you select Hungary as the location and change the PDF Universal Web Messenger settings to download PGP Universal Satellite, now the EULA displays correctly. PGP Universal Satellite successfully downloads and installs.
- After you import a VKD key from PGP Universal Server, the Revoke button is grayed out in the Managed Keys and Managed Keys Information pages.
- Now, when a user tries to log in with either one of the following:
A valid username and an invalid passpharase
An invalid username and a valid passpharase
a message and the Email Address and Passphrase fields appear. 
- Now, when you delete WDE disks and WDE computers, an event is logged in the Administration log. 
- When an external user is created by receiving a PDF Messenger message, PDF Web Messenger now uses the New User Email -- Establish PDF Messenger Passphrase template, instead of the Establish PDF Messenger Passphrase template.
- Granular policy now uses SKM keys on cluster member without private keys.
- On the Verified Key Directory page, you can now complete a simple search using the name, email address, and key ID.
- You can now search for a VKD key by entering a part of the key ID. 
- Logs of SSH sessions to PGP Universal Server now appear in the syslog server logs.
- On the Internal Users page, when you try to export a deleted key, the error message No key available to export for selected user now appears.
- Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x no longer allow remote attackers to cause a denial of service or execute arbitrary code.
- On the Add External Users page, when a user adds an invalid external user email, the email address is now HTML encoded, using the htmlEncodeEntity function from the commonutils package.
- When searching on the Users page, if you enter an incorrectly spelled term, the LIKE search can be used for a successful search.
- When logging into PGP Universal Server, after entering an incorrect passphrase, if a user tries again with the correct passphrase, the number "1" is displayed on the WDE Disk page. This is the user who is associated with this disk.
- Emails with an equal sign ("=") in the boundary of the MIME message are now processed correctly by the PGP Universal Server proxy and are successfully received.
- On the Mail Policies page, you can now edit the description for a rule.
- The description for PGP Zip has been modified. It now specifies that enabling PGP Zip allows users to also open PGP Zip files. 
- The PGP Universal Server Administration Guide has been updated to clarify that Out of Mail Stream (OOMS) must be enabled for all Key Not Found actions when PGP Desktop processes email.
- When you import a MAK from a key that has only a topkey and has the encrypt-and-sign indicator set, PGP Universal Server now only creates one certificate on this MAK.
- PGP Universal Server now delivers signed VKD keys regardless of the protocol you use.
- PGP updated cyrus-sasl and cyrus-sasl-lib to these versions:
- On the External User Information page, the Public Key Import button has been removed from the Authentication panel. Now, PDF Web Messenger and PDF users can be successfully authenticated.
- The PGP Universal Server 3.2 release notes and Upgrade Guide now have the complete supported client versions.
- The updated Postgresql packages that fixed multiple security issues for Red Hat Enterprise Linux have been incorporated into PGP Universal Server 3.2.
- On the General Settings page, if the time zone is changed, the user is no longer grayed out and displayed as expired. 
- PGP Universal Server now correctly processes S/MIME data with the incorrect signature algorithm identifier.
- The warning message that appears after joining a cluster has been corrected.
- When a cluster is migrated to PGP Universal Server, all rows in the cookie_key column of cluster member table now display the same values.
- The View WDRT button has been removed from WDE Computer Information page and a WDRT column has been added.
- After you select a device and click View WDRT, in the Information section of the Administration log, the device ID now appears.
- When completing an advanced search for internal users by name, only the matching user names are now displayed. 
- The following potential vulnerabilities have been fixed:
- Now on the Managed Keys page, when you complete an Advanced Search and select Delete All Matching, only the keys that match the search results are deleted.
- In PGP Universal Server, if your laptop is marked as stolen, the RDD log now displays the laptop as stolen.
- On Verified Directory page, when you search for a display name, the appropriate results are displayed.
- When using password authentication for outbound SMTP connector, the mail policies now correctly processes messages.
- In PGP Universal Web Messenger, the IP address of the account is now displayed to the user only if the correct password is entered.
- If you use pgpkeymaint to remove an ADK key, this key no longer appears on the Organization Keys page.
- If Active Directory is unreachable, inbound mail is not blocked and is now processed correctly.
- The vulnerabilities with SecureWork's Rapid 7 scan have been fixed.
- PGP Universal Server now correctly uses the Initial Access option from the Consumer Policy page to set up PGP Universal Web Messenger users.
- The vulnerabilities that resulted from the Qualys scan of PGP Universal Server has been fixed.
- The memory errors in pgpproxyd threads, which occasionally terminated and caused the application to hang, have been fixed.
- The relevant strings for the following:
Sent Mail folder page
the confirmation page that appears after you request a passphrase reset have been externalized.
Now, customers can customize the page title.
- Now, when data is present in the store_and_proxy_data table, pgpproxyd no longer crashes.
- In the Alerts page, if you change the default value of the consecutive failed login attempts, an alert appears only after the specified number of incorrect logins.
- After you clear the login failure alerts for a user and this user logs in correctly, login failures no longer appear.
- Several clustering improvements have been made. 
- The vulnerabilities that resulted from the Qualys scan of PGP Universal Server has been fixed.
- If Global Directory is down, PGP Universal Server now moves to the next keyserver or just sends the mail.
- When there is a heavy load of concurrent connections, pgpproxyd now refuses the connection and displays a message.
- When searching for a MAK using USP and search for two attribute-value combination with the AND operator, the MAK UUID is now displayed.
- When an internal user with a separate signing subkey sends a signed S/MIME email, it is now signed with the signature certificate, not the encryption certificate.
- PGP tasks in crontab no longer generates unwanted spam.
- Changes to the Active Directory, such as adding new email addresses, are now properly synchronized with the SKM key.
- When a new user ID is added to an SKM key, this ID is now added to the key.
- On the Services page, if you disable PGP RDD and reboot PGP Universal Server, PGP RDD remains disabled.
- On the Groups page, in the View items per page drop-down menu, you can now change the number of items that can be displayed per page.
- If your Key Not Found (KNF) policy is set to PGP Universal Web Messenger, and OOMS is used to transfer messages to PGP Universal Server, when this policy is triggered, OOMS messages causes the value of messages processed that day to increase.
- When you move a user to the policy with the customized BootGuard, and restart the PGP tray, your customized login screen now appears.
- After migrating to PGP Universal Server 3.1, you can now enter a license or use the default PGP Desktop license in the consumer policy.
- After a fresh ISO installation, the httpd service starts without any issues.
- When Microsoft Internet Explorer is in offline mode, you can no longer view sensitive pages.
- The potential cross-site scripting vulnerability in the Java code has been fixed.
- Now, you can use a custom port for PGP Universal Web Messenger. The policy retrieval issues in PGP Satellite have been fixed.
- Accessing some URLs from the same browser tab now performs the specified action instead of routing the user to the login screen.
- When a PGP Universal Server administrator tries to reset the password of an external PGP Universal Web Messenger user, a warning message appears.
- After upgrading PGP Universal Server, RSA authentication works, and the administrator can log into the administration interface.[ 29199]
- When a PGP Universal Web Messenger user uploads a PGP key to PGP Universal server, the messages are now encrypted to the uploaded key.
- In PGP OS Client log, when performing USP operations, the logged messages now include the user name and the UUID.
- The use of the USP function decodeESK is now logged with the consumer's UUID, name and IP address, and date.
- The user IDs on the client copy of the SKM key are now updated to match the user IDs on the server copy of the SKM key.
- On PGP Universal Server, the generated keys now have an expiration date of Never.
- The mutex deadlock in pgpproxyd that resulted in stalled mail flow in bonnie has been fixed.
- Under a high load, SQL queries no longer get stuck on PostGreG 8.1.X.
- After an SSL certificate is imported and assigned, if you in a clustered environment, the cluster message appears. If you are not in a clustered environment, the message does not appear.
- After you import your new SSL Certificate from the VeriSign Class 3 Secure Server CA - G3, PGP Universal Server is now automatically aware of the certificate. You no longer have to manually accept the certificate.
- The HTTP response splitting (CRLF) issue has been resolved.
- For PGP Universal Web Messenger, when you select Complete Customization, PGP Universal Web Messenger can now identify invalid files.
- Now the time it takes to log in to PGP Universal Server clusters has been greatly reduced.
- Now, when PGP Universal Server signs a certificate request that does not have a key usage set, the key usage set by the certificate policy is enforced.
- After changes are made in LDAP, the primary email address is updated on the Keys page.
- On the Managed Keys page, when you change the status of the key to beyond the expiration date, the key status now appears as Expired.
- When PGP Universal Server receives a key or certificate with an invalid certificate request, the error message is now clearer.
- In Mozilla Firefox, if you select Never Remember History and you reset your PGP Universal Web Messenger password, you can log in with the new password.
- In PGP Universal Server, after the Certificate Revocation List (CRL) is renewed, it is added to the trusted key. The expired CRL is removed.
- On the Whole Disk Encryption tab, when you display the user ID options, the default detailed authentication fields are now disabled.
- When you upload a PUP file, the entire Update dialog box is now visible.
- If PGP Universal Server sends a 421 or 451 status code due to a timeout, an error is returned on the telnet session with a 4xx status code so the email is not bounced. PGP Universal Server now sends the same error as was reported by the mail server. 
- When a trusted key is deleted from the Trusted Keys page, it is now completely removed from the database.
- The issues identified in IOActive report incident 000-15 have been fixed.
- Apache connection reuse no longer causes pgpsyncd connection crosstalk.
- Typing an IP address range in the Hostname/IP field no longer results in a server side exception.
- When an internal user sends an email to a distribution group, the proxyAddresses value "SMTP:" is now used over the values prefixed with "smtp:". The email is delivered to the correct recipient.
- When the mail policy allows clear-sign with S/MIME between internal users, emails can now be sent in the clear.
- The Network Certificates page now has a Key ID column, which helps you determine whether the certificate exists on your PGP Universal Server.
- Users are now mapped based on ObjectGUIDs, because this attribute cannot be modified and guarantees a unique result.
- After a PUP update, the correct version is now displayed in the General Settings page.
- Email that passes through PGP Universal Server no longer strips .tiff attachments and successfully delivers the message to the recipient.
- PGP Universal Server no longer uses keys from PGP Desktop when setting the primary_key. The SKM is now used for encryption, and PGP Desktop successfully decrypts the message.
- Inbound signed mails from Verified Directory users no longer cause 100% CPU load. Now, messages are processed correctly, and CPU utilization is low.
Article URL http://www.symantec.com/docs/TECH187741