Self Service Password Reset 4.2 Patch Update 6 Release Notes

August 2019

This patch update resolves specific previous issues. This document outlines why you should install this patch update.

Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the Self Service Password Reset forum on Micro Focus Forums, our online community that also includes product information, blogs, and links to helpful resources.

1.0 What’s New?

The following sections outline the issues resolved in this release:

1.1 Security Improvements

NetIQ Self Service Password Reset includes the following security improvements:

Security Updates

If you are running the Self Service Password Reset Appliance, this patch update contains operating system and security updates. This patch also resolves a potential authorization bypass issue described in CVE-2019-11652.

Updated Versions of Java and Tomcat

For the Windows versions of Self Service Password Reset, Java and Tomcat have been updated to the latest versions. The appliance is updated through the OS update channel. (Bug 1143468)

Java: Zulu 8u122-04 (zulu8.38.0.13-ca-jdk8.0.212)

Tomcat: 8.5.43

2.0 System Requirements

Self Service Password Reset includes support for the following operating system versions:

  • Cloud Platforms

    • Microsoft Azure Marketplace

    • Amazon Web Service

  • Red Hat Enterprise Linux Server 7.3 or later (64-bit)

  • SUSE Linux Enterprise Server 12 SP2 or later (64-bit)

  • SUSE Linux Enterprise Server 11 SP4 (64-bit)

  • Windows

    • Server 2016

    • Server 2012 R2 (64-bit)

Self Service Password Reset is also available as an appliance since the 4.0 release. The appliance runs on the following virtual systems:

  • Hyper-V 4.0

  • VMware 5.5 or later

For detailed information on system requirements, supported operating systems, and browsers, see Deployment Requirements of Self Service Password Reset in the Self Service Password Reset 4.2 Installation Guide.

3.0 Installing this Patch Update

Installing the patch update is different for each platform that Self Service Password Reset supports. You must follow the steps for your specific deployment to install this patch update. For more information, see Adding a Patch Update in the Self Service Password Reset 4.2 Administration Guide.

4.0 Verifying the Installation

Complete the following steps to verify that the installation was successful.

To check the installed version:

  1. Log in to the Self Service Password Reset administration console as an administrator.

  2. In the toolbar, click your name, then click Administration.

  3. Click the About tab, then verify that the SSPR Version is b331 r39785.

5.0 Known Issues

Issue: Due to an operating system update, if you are using the appliance, you cannot upgrade from to The patch contains an important security fix. For more information, see Section 1.1, Security Improvements.

Workaround: If you are running and you want the security update, you must migrate Self Service Password Reset to a supported version. To migrate, you create a copy of your configuration file, deploy a supported version of Self Service Password Reset appliance, import the configuration file, and then delete the old appliance. For more information, see Migrating Self Service Password Reset in the Self Service Password Reset 4.2 Installation Guide.

6.0 Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information website.

For general corporate and product information, see the NetIQ Corporate website.

For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.

7.0 Legal Notice

For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see

Copyright © 2019 NetIQ Corporation. All Rights Reserved.