16th December 2021
Files
File Name | MD5 | SHA512 |
---|---|---|
yarnman-2.5.16-master-f39e234-signed.ova | d6a12503e5733f722a7027dddf565d88 | 6ecb75821687bf6766c9182b3a9afe28b5ff4b14f08df6f76a7924ed18e4d3f248212b233ca0b12b5b917121dcd0cf08234cee61b455a1151398211dfc168f7b |
yarnman-app-2.5.16-master-f39e234.tar.gz.sig | c0126b6be3cedc96f6fb0af0cc09f92d | f6778bd66d3c8578fd1c261366d7fa5d016c3feaa541089bf9d3f4ec95d460695d38a7cc40a9f71dde5fae25012727fa07810d8bd1df4e09d1aa3320ea8a5918 |
Wrangler
Resolved Issues
YMN-4540 UCMC - UCXN Call Handler determine correct template when deploying handler in target
YMN-4436 UCMC - UCXN Schedules partially migrated, not including schedule details + OwnerPersonalRuleSetObjectId set to null
YMN-4496 UCMC - UCXN execute-add-ucxn-call-handler informix.ccnullfkfilter_tbl_callhandler_recipient
YMN-4529 UCMC - roll back is not filtered by selected sites for roll back and all sites are rolled back
YMN-4538 UCMC - add additional retries for ECONNREFUSED ETIMEDOUT
This issue added additional retries for TCP connection refused and timeouts that can happen intermittently for large clusters or due to network impairments
YMN-4553 UCMC - validation rule fails on save with EPIPE for large clusters
YMN-4430 UCMC - UCXN some user attributes not being migrated correctly
Known issues
YMN-4263 UCMC - AXL getserviceprofile fails due to bad source data (CSCvz61706 workaround)
Testmate
Nil
Yarngate
Nil
Log4JShell note
Our platform yarn_man that hosts both test_mate, yarn_gate and wranger_ predominantly uses node.js and javascript is the programming language which is not affected as this does not use the java logging library log4j. There is a small java module jade-berlin that provides the interface to JTAPI that is part of yarn_man but this does not use the log4j logging library.
We have done a detailed review of the 3rd party dependencies and none are reported to be affected by CVE-2021-45046 and CVE-2021-44228.
There is an potential indirect dependency on the Cisco jtapi.jar java libary that test_mate uses for JTAPI connectivity. The jtapi.jar uses log4j although the attack surface is minimal as to exploit would require authenticated user level access to test_mate and manipulation of the JTAPI connection string used on the CUCM interface.
Once Cisco releases the fix for CUCM the jtapi.jar can be easily updated via the yarn_man administration portal, it should be noted that this jar shipped by Cisco based on the specific version of CUCM.