Resolved Issues
The resolved issues addressed in the JSA 7.5.0 Update Package 2 are listed below:
-
QRadar app install fails with ‘No token header present in request…’ error after 30 minutes.
-
Asset list can fail to load when a null pointer exception occurs.
-
Assets can fail to be updated with flow data as expected.
-
LDAP group authentication can fail with special characters in usernames.
-
LDAP auth can fail when LDAP group name has a special character and multiple groups assigned to same security profile and user role.
-
Offenses no longer generated after restoring a deployment config backup and offense data from different dates.
-
Log sources imported using the content management tool can fail due to password decryption issues.
-
Python exceptions generated while attempting to add a data gateway.
-
FIPS appliances with IMQ passwords containing '$' can experience add host or deploy issues.
-
Deleted managed hosts with an incorrect status in the JSA database can cause patches to complete successfully but with errors.
-
The option to remove domain information from normalized event forwarding is not honored.
-
Using the DSM editor to modify a configuration property for a specific event collector does not save the change.
-
Repeated SSH debug messages can be observed in /var/log/messages.
-
Online forwarding can leave behind stale TCP sockets if the connection is reset by the peer.
-
Unable to retrieve maxmind geolite2-city.mmdb updates using a configured proxy in JSA.
-
High availability appliance join can fail when the /store partition on the secondary appliance is busy.
-
Offense ‘save criteria’ dialog box does not work due to specific interval value being ‘null’.
-
Events and offenses buttons are not highlighted on the device summary toolbar preventing searches.
-
Deleting a rule in the Use Case Manager (UCM) app does not create an appropriate audit event.
-
JSA vulnerability manager: Scheduled scans do not run after upgrading to JSA 7.5.0 Update Package 1.
-
JSA vulnerability manager scans are not displayed on the scheduled scans screen.
-
JSA vulnerability manager scan result export can include all scanned assets.
-
Time series reports and dashboards not displaying data after the accumulator fails to load a globalview.
-
Rules with network tests can sometimes fail to work as expected.
-
Reference rule response stops working after all domains removed.
-
Double match count flow rules can misfire due to IPv6 addresses being evaluated in rules before IPv4 addresses.
-
Using a locale other than English, countries are not displayed in alphabetical order when modifying geographic rule conditions.
-
Ariel searches in JSA can take longer than expected to complete when using a log source type filter.
-
'Runtime exception processing request get query status - querystatuswait' during ariel searches in JSA logging.
-
JSA is affected by a remote code execution in spring framework.
-
JSA can fail to pass events from ecs-ec-ingress collection proccess to the ecs-ec process.
-
System notification for expensive custom properties fails to work as expected in JSA 7.4.2 and newer.
-
Upgrades to 7.5.0 Update Package 1 can experience hostcontext issues due to unrestricted jce jar files.
-
JSA patching to version 7.5.0 or newer can fail on managed hosts with "error: could not create unique index...".
-
Issue reported when upgrading to JSA 7.5.0 Update Package 1 if the patch fails in patchmode.
-
Upgrades on managed hosts can fail due to script connection timeout.
-
Postgres re-install on managed host can fail after patching to JSA 7.5.0 Update Package 1.
-
Patch installer fails with error message “Discovered extra databases which must be removed before continuing”.
-
JSA does not automatically clean up failed replication files in /store/replication/failed.
-
JSA patch pretest fails to run on managed hosts until console is patched.
-
JSA patching process can hang at message "updating : systemd-219-78.el7.x86_64".
-
TCPV6 socket leak from real-time streaming causing tomcat outages.
-
System rules might not display changes as expected from the UI or API.
-
Cannot access remote networks and services configuration from the left tree menu.
-
'Application error' is displayed when accessing the admin tab when there is an empty file in /opt/qradar/conf/licensekey.
-
After patching to JSA 7.5.0 Update Package 1, Vulnerability Assessment (VA) scanners no longer work.
-
The software menu displays unsupported functionalities.