Environment
Situation
This technical note describes the features, fixes, and release notes for EXTRA! 9.2 Service Pack 1 (SP1).
Note: For information about new features in EXTRA! X-treme 9.3 see KB 7021710.
Resolution
Obtaining the Service Pack
Maintained customers are eligible to download the latest product releases from the Attachmate Download Library web site: https://download.attachmate.com/Upgrades/. For more information about logging into and using the Download Library, see KB 7021965.
EXTRA! 9.2 SP1 New Features and Fixes
EXTRA! 9.2 Service Pack 1 includes the following:
Comply with federal and private regulations using updated security components
Both the Reflection Security Components and Reflection FTP Client have been updated to include the latest security features, to help comply with various regulations, including HIPAA, PCI DSS, FIPS, and FDCC/USGCB.
Capture SSH session level data
You can configure EDP session files to display significant SSH events from the Reflection Security Components (RSC) in the EXTRA! Status Application. Additionally, the EXTRA! Communications Trace can now capture both received packets (SSH Rx) and transmitted data (SSH Tx). All three types of data can be logged using the AOMDemon tracing tool.
For more information, see KB 7021784.
Maintain host connections during system sleep mode
A new registry setting enables low- or battery-powered computers, such as laptops and notebooks, to enter system standby or “sleep mode†while maintaining host connections. Unlike the global preference Prevent System Sleep, which maintains host connections by preventing the computer from entering system sleep mode, this registry setting permits the computer to enter a low-energy state. For details on configuring this registry setting, see KB 7021708.
Read hidden fields in Tandem 6530 terminal sessions
You can now read hidden field data in 6530 sessions with the newly enhanced security setting, Password Protection. When this setting is enabled, you can use OLE automation to copy this information via the Screen object’s GetString method (Screen.GetString).
To read hidden fields in 6530 sessions, open a session and from the Options menu, choose Security. Click the Options tab, choose Tools from the Category menu, and then select the check box for Password Protection. When this check box is unselected, GetString will no longer return the hidden data.
For information about controlling COM objects using their methods and properties, see the EXTRA! COM Help (EPC_OLE.HLP).
Ensure compatibility with an updated 6530 Client Option Pack
This service pack includes updates from CAIL and other enhancements for the Client 6530 Option Pack to ensure compatibility with your Tandem and HP NonStop host connections.
SSH padlock icon added
A padlock icon has been added to the status bar of sessions that use SSH to connect to the host. When the encryption strength is equal to or greater than 128 bits, the padlock icon appears gold. When the encryption strength is less than 128 bits, the padlock icon appears blue. When the data transmitted between EXTRA! and an SSH server uses FIPS-validated encryption algorithms, the padlock icon appears bright green.
SSL padlock icon enhanced
The padlock icon that appears in the status bar when a host session is secured with SSL will now display the encryption key strength currently in use. The key strength appears as a tooltip when the mouse pointer hovers over the padlock image.
Resolved Issues
API Issues
- Fixed issue where under certain conditions, HLLAPI Function 22 (Query Session Status) could cause an unhandled exception error in API program.
- Resolved issue with incorrect registry values that were created when switching HLLAPI Shortname Associations from “Unique to each user†to “Shared among all users.â€
- HLLAPI Function 10 (QuerySessions) call correctly returns the Host session's information when an EXTRA! Basic macro reconnects the session.
- HLLAPI Function10 (QuerySessions) no longer gives an incorrect return code of 65538, when a request for configured sessions is made.
- Fixed issue where ATMConnectSession returned -1 when using Enhanced Transport HLLAPI.
- ATMConnectSession no longer requires at least 500ms to complete.
- An application error no longer occurs when using fully-qualified object names, like System.Sessions.Item(i).Name, in a Visual Basic program or macro.
- The session title bar no longer resets after being changed via HLLAPI function 106 when "Show Host Name on the TaskBar Icon when session is minimized" is set.
Macro Issues
- Running shared EXTRA! Basic macros with Windows 7 as a standard user from a network drive now works correctly.
- The EXTRA! window caption is now updated after a Session.SaveAs is issued from a macro.
File Transfer Issues
- IND$FILE File Transfer upload to host no longer fails if host file transfer program does not set the Modified Data Tag (MDT) bits correctly in the data stream.
- Errors no longer occur when doing a 5250 transfer download using BIFF format on a physical file member that is empty.
Other Issues
- Launching an EXTRA! session no longer causes a Nortel VPN Client to disconnect from a remote network.
- Abrupt network disconnects no longer cause an EXTRA! session configured for SSL with Microsoft Security to crash.
- Resolved issue where EXTRA! sessions with visible Quickpads would sometimes disappear with no warning or error message.
- Problems with pasted data not showing as visible in VT Telnet sessions have been corrected.
- The EXTRA! command line now correctly imports SSL settings from a template *.EDP file.
- A newline character is no longer added when text is copied from an EXTRA! session and pasted into a Microsoft Excel spreadsheet.
- Resolved timing issue where EXTRA! sessions connected via Microsoft HIS Server appeared to hang under conditions when SSCP data arrives after the SNA BIND.
- VT session screen now displays correctly when using Ctrl+Up arrow to scroll into the VT session History buffer.
- A STRPCCMD command, run on an AS/400 system, no longer requires extra quotation marks to run an application executable when using the Start option.
- Resolved a Windows installer error 1606 that can occur when installing a Service Pack on machines with a network-redirected \My Documents folder.
- Improved the reliability of saving session files (*.EDP) in EXTRA! to prevent sporadic occurrences of zero-length files.
- Resolved an issue that could cause random conflicts between EXTRA! and Chrome which could cause either or both applications to hang.
Reflection FTP Client 14.1 SP1
Reflection FTP Client 14.1 SP1 (included with EXTRA! 9.2 SP1) includes the following new features and resolved issues.
New Features
- SFTP transfers now support SFTP version 4. This change provides UTF-8 character support. A new keyword, SftpVersion, is available to configure which version is used. Valid values are 3 and 4. When this setting is 4 (the default), the connection uses SFTP version 4 if the server supports it, and drops to version 3 if the server doesn’t support version 4. If this setting is 3, the client always uses SFTP version 3.
- You can now configure default permissions for directories created by the client. To configure a global default, use Tools > Options > Directory Attributes > Set default directory attributes on creation. To see a confirmation dialog before a new directory is created, open the site Properties dialog box and use Directories > Show attributes before creating directory.
- The FTP Client now supports connections to Sterling Connect servers. To configure connections to these servers, open the site Properties dialog box and set "Server type" to "Auto detect" the default) or "Sterling Connect."
- The FTP Client API includes a new SSHConfigDir property for specifying the folder used for storing the Secure Shell config file, known host keys, and user keys. This property is only relevant when UseSSH is True.
- You can now specify which certificate to use for client authentication in SSL/TLS connections. To configure this, open the Security Properties dialog box, enable "Use SSL/TLS security," and click Configure PKI. Under Client Authentication, select "Use selected certificate for authentication," then click Select.
Resolved Issues
- The client now consistently saves passwords when "Save my password as obfuscated text" is enabled.
- Large SFTP file downloads that are interrupted by a network failure no longer cause the client to shut down with an rftpc.exe Application Error.
- An issue where the Reflection FTP Client is subject to a heap overflow that could result in remote code execution at the authenticated user's privilege level has been resolved. For more information, see Security Alerts - Extra!.
- An issue where the SSL 3.0 implementation in the Reflection SSL client does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer, has been resolved. For more information, see Security Alerts - Extra!.
Secure Shell Updates
The following Secure Shell updates apply to Reflection FTP Client 14.1 SP1.
New Secure Shell Features
- SFTP transfers now support SFTP version 4. This change provides UTF-8 character support. A new keyword, SftpVersion, is available to configure which version is used. Valid values are 3 and 4. When this setting is 4 (the default), the connection uses SFTP version 4 if the server supports it, and drops to version 3 if the server doesn’t support version 4. If this setting is 3, the client always uses SFTP version 3.
- You can now configure the client to automatically add keys used for authentication to the Key Agent. To configure this in the Secure Shell settings dialog box, open the User Keys tab and select "Add key used for authenticating to host to key agent." To configure this in the config file, set AddAuthKeyToAgent=yes.
- You can now configure the client to attempt public key authentication using all available keys, regardless of whether the Use checkbox is selected on the User Keys tab. To configure this in the Secure Shell settings dialog box, open the User Keys tab and select "Use all keys for authenticating to the host." To configure this in the config file, set AuthUseAllKeys=yes.
Resolved Secure Shell Issues
- The registry key UseSshConfigSchemes now works correctly with the ssh2, scp2, and sftp2 command line utilities running on Windows 2008 R2.
- Executing a sftp -l file-name command now returns an error as expected if the filename includes a hyphen (-) and the specified file doesn’t exist.
- The scp command now executes as expected when the command includes two filenames that include an absolute path.
- The scp command now correctly handles transfers in which more than four files are specified on a single scp command line.
- You can now run an sftp batch file using the Task Scheduler on Windows Server 2008 and Windows Server 2003.
- The sftp get command now handles wildcard characters correctly when logged into a chrooted environment.
- When an scp copy to the server is interrupted by a server reboot, the error returned is now 7. Previously the client received a message saying, "an existing connection was forcibly closed by the remote host, Connection closed to xxxx error: Send message failed." however, the return code was zero.
- Smart card authentication no longer fails after about 30-50 repeated connections.
- Entries in the ssh config file are now consistently case-sensitive.
- When Reflection is configured for PKCS #11, it now automatically detects ActivIdentity client DLLs that are installed to the default Program Files folder as well as older DLLs that are installed in Windows\System32.
- Connections to servers using the SSH1 protocol now work as expected.
- From the Reflection Customization Manager, you can now select the Reflection Key Agent in the list of available features to install; and the Key Agent is now available in the list of Shortcuts to edit.
Additional Information
For more information about EXTRA!, see the following resources:
Documentation: https://support.microfocus.com/manuals/extra.html
Product Support Lifecycle: https://support.microfocus.com/programs/lifecycle/version-status.html?extra