Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

16th December 2021

Files

File Name

MD5

SHA512

yarnman-2.5.16-master-f39e234-signed.ova

d6a12503e5733f722a7027dddf565d88

6ecb75821687bf6766c9182b3a9afe28b5ff4b14f08df6f76a7924ed18e4d3f248212b233ca0b12b5b917121dcd0cf08234cee61b455a1151398211dfc168f7b

yarnman-app-2.5.16-master-f39e234.tar.gz.sig

c0126b6be3cedc96f6fb0af0cc09f92d

f6778bd66d3c8578fd1c261366d7fa5d016c3feaa541089bf9d3f4ec95d460695d38a7cc40a9f71dde5fae25012727fa07810d8bd1df4e09d1aa3320ea8a5918

Wrangler

Resolved Issues

  • YMN-4540 UCMC - UCXN Call Handler determine correct template when deploying handler in target

  • YMN-4436 UCMC - UCXN Schedules partially migrated, not including schedule details + OwnerPersonalRuleSetObjectId set to null

  • YMN-4496 UCMC - UCXN execute-add-ucxn-call-handler informix.ccnullfkfilter_tbl_callhandler_recipient

  • YMN-4529 UCMC - roll back is not filtered by selected sites for roll back and all sites are rolled back

  • YMN-4538 UCMC - add additional retries for ECONNREFUSED ETIMEDOUT

    • This issue added additional retries for TCP connection refused and timeouts that can happen intermittently for large clusters or due to network impairments

  • YMN-4553 UCMC - validation rule fails on save with EPIPE for large clusters

  • YMN-4430 UCMC - UCXN some user attributes not being migrated correctly

Known issues

  • YMN-4263 UCMC - AXL getserviceprofile fails due to bad source data (CSCvz61706 workaround)

Testmate

Nil

Yarngate

Nil

Log4JShell note

Our platform yarn_man that hosts both test_mate, yarn_gate and wranger_ predominantly uses node.js and javascript is the programming language which is not affected as this does not use the java logging library log4j. There is a small java module jade-berlin that provides the interface to JTAPI that is part of yarn_man but this does not use the log4j logging library.
We have done a detailed review of the 3rd party dependencies and none are reported to be affected by CVE-2021-45046 and CVE-2021-44228.

There is an potential indirect dependency on the Cisco jtapi.jar java libary that test_mate uses for JTAPI connectivity. The jtapi.jar uses log4j although the attack surface is minimal as to exploit would require authenticated user level access to test_mate and manipulation of the JTAPI connection string used on the CUCM interface.
Once Cisco releases the fix for CUCM the jtapi.jar can be easily updated via the yarn_man administration portal, it should be noted that this jar shipped by Cisco based on the specific version of CUCM.

  • No labels