Access Manager Appliance 4.5 Hotfix 1 Release Notes

May 2019

Access Manager Appliance 4.5 Hotfix 1 (4.5.0.1) supersedes Access Manager Appliance 4.5.

For the list of software fixes and enhancements in the previous release, see Access Manager Appliance 4.5 Release Notes.

For information about Access Manager support lifecycle, see the Product Support Lifecycle page.

1.0 What’s New?

This release includes the fix for the following issues:

  • Apache Vulnerability in Access Gateway (CVE-2019-2011).

1.1 The AMEVENTID Values Are Missing in the Log File

Access Gateway does not log the AMEVENTID values in the Apache or Embedded Service Provider log file. (Bug 1133573)

2.0 Verifying Version Numbers Before Upgrading to 4.5.0.1

To ensure that you have the Access Manager 4.5 files before upgrading to Access Manager 4.5.0.1, verify the existing Access Manager version by clicking Troubleshooting > Version.

3.0 Upgrading to Access Manager 4.5 Hotfix 1

IMPORTANT:In a cluster setup, ensure that you install the hotfix on each node of the Access Manager setup.

3.1 Downloading the Hotfix

The hotfix helps in upgrading to the latest Access Manager with ease.

If you have multiple components installed on the same system, the hotfix installation process will take care of updating all the binaries of these components. For example, if you have both Identity Server and Administration Console installed on a system, installing the hotfix takes care of updating the binaries of Identity Server and Administration Console.

IMPORTANT:Ensure that you are currently on Access Manager 4.5 before upgrading to Access Manager 4.5.0.1.

To download Access Manager Appliance 4.5.0.1, perform the following steps:

  1. Go to NetIQ Downloads Page.

  2. Under Patches, click Search Patches.

  3. Specify AM_4501.zip in the search box and download the file.

  4. Save the hotfix file to the server running Access Manager. If you have multiple servers in your set up, ensure that you copy this zip file to all the servers.

    NOTE:This hotfix is not required for Analytics Server.

3.2 Upgrading to Access Manager 4.5 Hotfix 1

You can upgrade to Access Manager 4.5 Hotfix 1 by using the proceeding steps. This requires few manual interventions to continue the upgrade process. If you do not require any manual intervention while upgrading to the hotfix, see Section 3.3, Silent Hotfix Upgrade.

NOTE:This installation is not applicable for Analytics Server.

  1. Extract the hotfix file by using the unzip AM_4501.zip command.

    After extraction, the following files and folders are created in the AM_4501 folder:

    Table 1 Files and folders created in the AM_4501 folder after extracting the hotfix installer ZIP file

    File/Folder Name

    Description

    rpm

    Contains rpm files for the hotfix to run on a Linux server.

    Patchtool

    Contains logging properties file and files necessary for the hotfix to run on a Windows server.

    installPtool.sh

    Script to install the hotfix and the hotfix tool on a Linux server.

    installPatch.sh

    Script to install the hotfix tool and the updated binaries on a Linux server.

    installPtool.cmd

    Script to install the hotfix on a Windows server.

  2. Log in as the root user.

  3. (Conditional) To automate the hotfix installation, perform the steps mentioned in Section 3.3, Silent Hotfix Upgrade, else continue with Step 4.

  4. Go to the location where you have extracted the hotfix files.

  5. Run the installPatch.sh command.

    This command installs the hotfix and the bundled binaries.

    NOTE:To manage the Access Manager hotfix file, refer Managing Hotfix.

If the hotfix is already installed, the installer exits with a message.

3.3 Silent Hotfix Upgrade

Perform the following steps to automate the installation of the hotfix.

  1. Go to /opt/novell/nam/patching/bin/ and add the following in the patch file:

    -Dcom.netiq.nam.patching.enableautomation=true

    This updates the patch file as following:

    /opt/novell/java/bin/java -cp ../lib/*: \
    -Dcom.netiq.nam.patching.enableautomation=true -Djava.util.logging.config.file=logging.properties com.netiq.nam.patching.PatchInstaller $@
  2. Run the following command at /opt/novell/nam/patching/bin/:

    ./patch -i /<path where you extracted the hotfix>/AM_4501/AM_4501-5.patch

3.4 Managing Hotfix

  1. After the hotfix is installed, go to the following folder:

    /opt/novell/nam/patching/bin

  2. Use the following options to manage the Access Manager hotfix file:

Option

Description

Command on Linux server

-qa

Lists all installed hotfixes.

patch.sh -qa

-q

Lists details of an installed hotfix.

patch.sh –q

Example: patch.sh –q AM_4501-5

-i

Installs a hotfix. During installation of a hotfix, all running services are stopped temporarily. After a hotfix is installed, all services are restarted and details of the operation are written to log files.

patch.sh –i <location and hotfix name>

Example: patch.sh –i /opt/novell/nam/Patches/AM_4501/AM_4501-5.patch

-e

Removes an installed hotfix. The hotfix maintains content relationship among hotfixes. So, if you have installed hotfix 1 and hotfix 2, hotfix 1 cannot be removed without removing hotfix 2. This is because hotfix 2 contains details of hotfix 1 as well.During the hotfix process, all the running services are stopped temporarily.

patch.sh –e <hotfix name>

Example: patch.sh –e AM_4501-5

-qpl

Lists details of a hotfix that is not installed. If you want to view the changes that are included in the hotfix file without installing it on your server, use this option

patch.sh –qpl <location and hotfix name>

Example: patch.sh –qpl /opt/novell/nam/Patches/AM_4501/ AM_4501-5.patch

-v

Verifies integrity of a hotfix.

patch.sh –v <location and hotfix name>

Example: patch.sh –v /opt/novell/nam/Patches/AM_4501/ AM_4501-5.patch

-t

Verifies if services can be restored by the installer. Use this option to stop/start all services after the installation of hotfix.

patch.sh –t <location and hotfix name>

Example: patch.sh –t /opt/novell/nam/Patches/AM_4501/ AM_4501-5.patch

4.0 Verifying Version Numbers After Upgrading to 4.5.0.1

After upgrading to Access Manager 4.5.0.1, verify that the version number of the component is indicated as 4.5.0.1-5. To verify the version number, perform the following steps:

  1. In Administration Console Dashboard, click Troubleshooting > Version.

  2. Verify that the Version field displays 4.5.0.1-5.

5.0 Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information website.

For general corporate and product information, see the NetIQ Corporate website.

For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.

6.0 Legal Notice

For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.

Copyright © 2019 NetIQ Corporation, a Micro Focus company. All Rights Reserved.