Release Warnings Regarding enaio®

This information is updated periodically as soon as our analyses deliver new findings. Please check back periodically.

Last Update: 23 August 2024, 9:15 AM CET

enaio® editor-for-workflow 10.10

enaio® editor-for-workflow as part of the MSIs enaio_administration_ansi.msi and enaio_administration_unicode.msi, versions 10.10.31 and 10.10.32, deletes the workflow organization data.

The data can only be restored by a database backup or by importing a previous export of the workflow organization data.

The MSIs must not be installed.

The problem is fixed with the MSIs version 10.10.33 from August 21th, 2024.

The versions affected are:

enaio® version10.10

End of Support of Microsoft Windows® 8.10

Microsoft has announced the end of support of Windows 8.10 (https://learn.microsoft.com/en-us/lifecycle/products/windows-81). enaio® 10.10 will therefore no longer support this operating system. It is no longer guaranteed that the software will continue to run smoothly on Windows 8.10 in the future. Affected clients must be updated to a new Windows version as soon as possible.

The versions affected are:

enaio® version10.10

XSLT directory synchronization with Microsoft Active Directory and DSDE.exe

Using XSLT directory syn chronization in conjunction with DSDE.exe causes problems. Please check in the enaio® administrator under 'Automatic actions' whether you are using XSLT directory synchronization in conjunction with DSDE.exe.

The versions affected are:

enaio® version 11.0, 10.10, 10.0, 9.10 and older

Only enaio® versions 11.0 and 10.10 are currently maintained.

Symptoms

The XSLT directory synchronization generates an Export.xml with data from the connected Microsoft Active Directory. This XML file can become so large that the affected hard disk fills up and can therefore no longer be used.

Solution

The Softerra LDAP Browser is available as a solution. This application can be used for enaio® systems from version 8.50 SP1.

Since enaio® version 10.0 OPTIMAL SYSTEMS offers the Softerra LDAP Browser as a replacement for the DSDE.exe.

The DSDE.exe is no longer supported since enaio® version 10.10 and has been removed from the setup.

The Softerra LDAP Browser must be downloaded and installed from the manufacturer's website.

In the automatic action for XSLT directory synchronization, the AD call must be changed compared to the call with DSDE.exe.

The call parameters may vary and must be checked in any case. For the Softerra LDAP Browser call the PATH system variable should be modified for the Softerra LDAP browser to include the path to the installation.

Details on the configuration can be found in the documentation of the automatic action.

The call parameters may vary and must be checked in any case.

If you have any questions, please get in touch with your contact at OPTIMAL SYSTEMS, OS Support or your OS partner company.

End of support for Apache Tomcat 8.5.x

The Apache Tomcat development team has announced that support for Apache Tomcat 8.5.x will end on March 31, 2024. This means that further releases by the Apache Software Foundation from the Tomcat 8.5.x branch are highly unlikely after March 31, 2024.

Bugs that only affect the Tomcat 8.5.x branch will then not be fixed by the Apache Software Foundation and reports of security vulnerabilities will not be synchronized with the Tomcat 8.5.x branch. In addition, three months later, approximately June 30, 2024, the Tomcat 8.5.x branch will be set read-only by the Apache Software Foundation.

enaio® Versions

  • enaio® Version 11.0

    The current enaio® version 11.0 is not affected by this and already has the latest Apache Tomcat versions.

  • enaio® Version 10.10

    The enaio® version 10.10 will have the latest Apache Tomcat versions by March 2024, for which we can provide corresponding hotfixes.

  • enaio® Version 10.0 and older

    Older enaio® versions use Apache Tomcat version 8.5 or older. From March 31, 2024, these versions may be potentially vulnerable to future security risks. We will no longer be able to provide patches for these versions.

We therefore recommend that you start planning an update to enaio® version 11.0 to ensure that your productive systems are properly backed up. Please get in touch with your contact at OPTIMAL SYSTEMS or your OPTIMAL SYSTEMS partner company.

End-to-end SSL encryption

Version 10.10Version 11.0

From version 10.10, enaio® offers end-to-end SSL encryption for all components in the system. This includes xml-rpc communication with enaio® server, https communication with public API endpoints and communication between services.

The detailed documentation of the configuration can be found in the developer area.

For enaio® version 10.10 it is necessary to update the following components at the same time. The updates are also necessary if you are not using end-to-end SSL encryption. No updates are necessary for enaio® version 11.0.

You can obtain the components via the service portal.

System update TLS/SSL 10.10
ComponentVersion

os_service-manager_setup.exe

The setup updates all microservices.

The Service-Manager-Update directory with individual microservices is temporarily unavailable to prevent the accidental downgrade of microservices.

10.10.0.1
enaio-server-patch.exe 10.10.0011

enaio_client_ansi.msi

enaio_client_unicode.msi

10.10.0026

10.10.0026

enaio_administration_ansi.msi

enaio_administration_unicode.msi

10.10.0020

10.10.0020

enaio_capture_ansi.msi

enaio_capture_unicode.msi

10.10.0013

10.10.0013

enaio_index_manager_ansi.msi

enaio_index_manager_unicode.msi

10.10.0007

10.10.0007

enaio_server_communication_ansi.msi

enaio_server_communication_unicode.msi

10.10.0006

10.10.0006

oswebservices_setup.exe 10.10.0.4
enaio_repositorymanager_client_components.msi 10.10.0005
enaio_barcode.msi 10.10.0001

enaio® appconnector

Version 9.10 Version 10.0 Version 10.10 Version 11.0

Under certain conditions enaio® appconnector can be susceptible to session hijacking and depending on the configuration also to escalation of privileges.

Due to potential sensitivity of the found security issue, the patch is available not only for the enaio® versions that are currently in support (10.10 and 11.0), but also for enaio® 9.10 and 10.0 which are not supported anymore. Nevertheless, we strongly recommend updating to one of the newer supported versions, to continue receiving this and many other security updates and bug fixes.

The issue is resolved with following hotfixes:

  • osappconnector_setup.exe 9.10.0.150

  • osappconnector_setup.exe 10.0.0.150

  • osappconnector_setup.exe 10.10.0.150

  • osappconnector_setup.exe 11.0.0.150

enaio® appconnector has been discontinued as of enaio 10.0. From version 10.0 onwards, it receives only security and bug fixes and is not further developed. The DMS microservice is available as an alternative. This currently comes with a significantly smaller scope but with a new technology stack: scalable, cloud-enabled microservice and built for large systems. The long-term goal is to gradually grow this REST API and to align its functional scope with that of enaio® appconnector. For concrete requests from your side in the context of new projects please contact directly pm@optimal-systems.de

enaio® client

Version 10.0

The following version may cause issues:

  • Client MSI 10.0.41 (ANSI) or

  • Client MSI 10.0.35 (Unicode) / client 10.0.722

Data in table fields are displayed incorrectly on index data forms if

  • scripts are active in the form and

  • the table field(s) are in a page control.

This may cause index data records to be saved with wrong data.

 

Please update enaio® client and install the current MSI packages:

  • 10.0.42 (ANSI)

  • 10.0.36 (UNICODE)

The packages are available for download in our Service Portal.

Please check the data records that have been saved since the last update if the above mentioned criteria apply.

enaio® gateway

Version 9.10 Version 10.0 Version 10.10

With the installation of the version fixes for enaio® gateway, there may be problems with the logon via NTLM, as well as with the display of dashlets. The following hotfixes are affected:

  • enaio®Version 9.10 – osgateway_hotfix – 9.10.0.27

  • enaio®Version 10.0 – osgateway_hotfix – 10.0.0.11

  • enaio®Version 10.10– osgateway_setup – 10.10.0.5

These version fixes were withdrawn and are no longer available in the Service Portal.

If these version fixes have been installed, the following respective version must be installed instead:

  • enaio®Version 9.10 – osgateway_hotfix 9.10.28

  • enaio®Version 10.0 – osgateway_hotfix 10.0.12

  • enaio®Version 10.10 – osgateway_hotfix 10.10.6

You can download the latest versions in our Service Portal.

OpenSSL Components

Version 9.10

Updating the OpenSSL components to Version 3.0 is required for all subsequent enaio® hotfixes after September 2022 and absolutely must be done. If it is not, the functionality will no longer exist on the client and server side.

The OpenSSL components update must be performed for all affected components.

The file setup.inx is exchanged in the Setup directory (...\Win32\Disk1). If the entire setup with all directories is not downloaded, please make sure to manually import this file from the ...\SP\setup.inx\ directory into the setup directory. This file must not be copied into the SP directory itself. The setup can only be carried out using the updated setup.inx. If the OpenSSL files that were previously in the SP directory are still available after the download, make sure that they are deleted. This applies to:

  • libssl-1_1.dll

  • libcrypto-1_1.dll

There must be an OpenSSL Update directory in the SP directory so that the content of this directory is copied into the directories of existing server/client directories when performing a reinstallation, an update, or maintenance.

IMPORTANT: In addition to the 32-Bit product setup, the following new MSIs/setups are available for the OpenSSL libraries update and the affected components. These must also be updated in order to ensure that all the relevant enaio® components are equipped with the same OpenSSL versions.

  • Client MSI as of version 9.10.0055 and later

  • Capture MSI as of version 9.10.0025 and later

  • Index Manager MSI as of version 9.10.0011 and later

  • OSServerCommunication setup as of version 9.10.0004

  • Server X64 as of patch 9.10.0040 and later

  • Administration X64 MSI as of version 9.10.0021 and later

  • enaio_search.msi version 9.10.5 and later (incl. new osssl.cfg)

Please contact us if you have any questions.

ODBC Driver

Version 10.10

Previously, the system requirements recommended the MS ODBC Driver for SQL Server – 18.0.1.1 (64-bit) for the database connection. This driver may cause problems with ADO connections in Unicode installations. This is because of the columns that have an NVARCHAR(MAX) data type, which were introduced in enaio® 10.10. The data in these columns is not read from the respective tables correctly. This means that it is not possible to create queries containing these columns.

The SQL Server ODBC driver must be used for Unicode systems in enaio®Version 10.10 and later. This is in the system by default after a Windows installation.

We also recommend using the SQL Server ODBC driver for ANSI installations, as the MS ODBC Driver for SQL Server will discontinued as of enaio® Version 11.0.