Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Resolved Issues

The resolved issues addressed in the JSA 7.5.0 Update Package 2 are listed below:

  • QRadar app install fails with ‘No token header present in request…’ error after 30 minutes.

  • Asset list can fail to load when a null pointer exception occurs.

  • Assets can fail to be updated with flow data as expected.

  • LDAP group authentication can fail with special characters in usernames.

  • LDAP auth can fail when LDAP group name has a special character and multiple groups assigned to same security profile and user role.

  • Offenses no longer generated after restoring a deployment config backup and offense data from different dates.

  • Log sources imported using the content management tool can fail due to password decryption issues.

  • Python exceptions generated while attempting to add a data gateway.

  • FIPS appliances with IMQ passwords containing '$' can experience add host or deploy issues.

  • Deleted managed hosts with an incorrect status in the JSA database can cause patches to complete successfully but with errors.

  • The option to remove domain information from normalized event forwarding is not honored.

  • Using the DSM editor to modify a configuration property for a specific event collector does not save the change.

  • Repeated SSH debug messages can be observed in /var/log/messages.

  • Online forwarding can leave behind stale TCP sockets if the connection is reset by the peer.

  • Unable to retrieve maxmind geolite2-city.mmdb updates using a configured proxy in JSA.

  • High availability appliance join can fail when the /store partition on the secondary appliance is busy.

  • Offense ‘save criteria’ dialog box does not work due to specific interval value being ‘null’.

  • Events and offenses buttons are not highlighted on the device summary toolbar preventing searches.

  • Deleting a rule in the Use Case Manager (UCM) app does not create an appropriate audit event.

  • JSA vulnerability manager: Scheduled scans do not run after upgrading to JSA 7.5.0 Update Package 1.

  • JSA vulnerability manager scans are not displayed on the scheduled scans screen.

  • JSA vulnerability manager scan result export can include all scanned assets.

  • Time series reports and dashboards not displaying data after the accumulator fails to load a globalview.

  • Rules with network tests can sometimes fail to work as expected.

  • Reference rule response stops working after all domains removed.

  • Double match count flow rules can misfire due to IPv6 addresses being evaluated in rules before IPv4 addresses.

  • Using a locale other than English, countries are not displayed in alphabetical order when modifying geographic rule conditions.

  • Ariel searches in JSA can take longer than expected to complete when using a log source type filter.

  • 'Runtime exception processing request get query status - querystatuswait' during ariel searches in JSA logging.

  • JSA is affected by a remote code execution in spring framework.

  • JSA can fail to pass events from ecs-ec-ingress collection proccess to the ecs-ec process.

  • System notification for expensive custom properties fails to work as expected in JSA 7.4.2 and newer.

  • Upgrades to 7.5.0 Update Package 1 can experience hostcontext issues due to unrestricted jce jar files.

  • JSA patching to version 7.5.0 or newer can fail on managed hosts with "error: could not create unique index...".

  • Issue reported when upgrading to JSA 7.5.0 Update Package 1 if the patch fails in patchmode.

  • Upgrades on managed hosts can fail due to script connection timeout.

  • Postgres re-install on managed host can fail after patching to JSA 7.5.0 Update Package 1.

  • Patch installer fails with error message “Discovered extra databases which must be removed before continuing”.

  • JSA does not automatically clean up failed replication files in /store/replication/failed.

  • JSA patch pretest fails to run on managed hosts until console is patched.

  • JSA patching process can hang at message "updating : systemd-219-78.el7.x86_64".

  • TCPV6 socket leak from real-time streaming causing tomcat outages.

  • System rules might not display changes as expected from the UI or API.

  • Cannot access remote networks and services configuration from the left tree menu.

  • 'Application error' is displayed when accessing the admin tab when there is an empty file in /opt/qradar/conf/licensekey.

  • After patching to JSA 7.5.0 Update Package 1, Vulnerability Assessment (VA) scanners no longer work.

  • The software menu displays unsupported functionalities.