Docs
uhas
Upgrade Records
Flagship Version Upgrade Package Download

Flagship Edition Upgrade Package Download

I. Upgrade steps for version 3.4.8.0 (including 3.4.8.0) and above (latest version 3.4.37.0)

Upgrade Notes:

1. The upgrade package is large and the upload time is long. It is recommended to modify the web login timeout period and log out and re-login.

2. After the upgrade package is successfully uploaded, a second confirmation will be requested for the upgrade. Click the confirm button to upgrade.

3. The Bastion Machine will shut down and restart during the upgrade process. The upgrade time is about 10 minutes. Please be patient during the upgrade process.

Please be sure to upgrade in this order, the later stage will support the automatic upgrade function of the background

Upgrade Order: 3.4.8.0 → 3.4.37.0

II. Upgrade steps for version 3.4.8.0 and below (not including 3.4.8.0) (according to the following upgrade order, first upgrade to 3.4.8, and then upgrade to 3.4.37.0)

Points to note: The upgrade time of version 3.3.8.0_to_3.4.8.0 is relatively long, about fifteen minutes , other versions upgrade time is about 5 minutes

Upgrade order (multiple manual upgrades required): 3.2.0.0 → 3.2.8.0 → 3.2.14.0 → 3.2.14.1 → 3.3.0.0 → 3.3.0.4 → 3.3.8.0 → 3.4.8.0 → 3.4.37.0

Remarks : Versions 3.3.0.4/3.3.5.0/3.3.6.0 can use the flagship version Bastion 3.3.0.0_to_3.3.8.0 upgrade package to upgrade to version 3.3.8.0, this upgrade package is a full version package

Bastion Edition — 3.X Version Upgrade Package Download

Bastion Edition 3.4.8.0_to_3.4.37.0 Version Upgrade Package

Bastion Edition 3.3.8.0_to_3.4.8.0 Version Upgrade Package

Bastion Edition 3.3.0.4_to_3.3.8.0 Version Upgrade Package (Full Version Update Package: Versions 3.3.04-3.3.6.0 upgrade to 3.3.8 can use this update package)

Bastion Edition 3.3.0.0_to_3.3.0.4 Version Upgrade Package

Bastion Edition 3.2.14.1_to_3.3.0.0 Version Upgrade Package

Bastion Edition 3.2.14.0_to_3.2.14.1 Version Upgrade Package

Bastion Edition 3.2.8.0_to_3.2.14.0 Version Upgrade Package

Bastion Edition 3.2.0.0_to_3.2.8.0 Version Upgrade Package

Version Number: 3.4.37.0 Function Description

New:

1.Support for cluster deployment

2.Bastion machine secret modification

3.Bastion machine supports mobile SMS gateway

4.Provide open interface for historical session - operation record

5.Optimize the interface of login timeout redirection URL

6.Performance test report of application publishing server

  1. FTP/SFTP manual login

  2. Auto fill for application publishing

9.Block browser redirection for application publishing

10.Bastion machine national secret modification

11.Provide an open interface for work order approval - details

12.Provide an open interface for work order approval - approval

13.Adapter Longmai - National Secret USBKey

14.Export selected data for login configuration download

15.Add session security configuration

16.Allow custom enabling of local direct client launch function

17.Exporting according to filter results

18.Bastion machine supports windwos2016, 2019 password change policy modification

19.Support for modifying admin username

Optimization:

1.Database anti-redirection

2.Web-side admin forced password change on first login

3.After admin enters the backend and resets the web admin’s password, the mobile token cannot be unbound

4.Association of dual-person authorization after login - prompt USBKey user not associated with system user

5.[Encryption failed] The config interface leaks version number and other sensitive information

6.Randomization of HA username

Version Number: 3.4.28.0 Function Description

New:

1.Bastion machine randomly generates redis and mysql password

2.Add user password length configuration

3.Provide open interface for operation report

4.Provide open interface for message center

5.Provide an open interface for the desktop

6.Provide an open interface for historical sessions

7.Provide open interface for access control policy

8.Provide open interface for system log

9.Provide open interface for console password modification

10.Provide open interface for system upgrade

11.HA reconstruction

12.Support for fingerprint recognition login

13.Add web console password modification function

14.Add Redis to host type

15.Add port aggregation configuration to web side

16.OCR reconstruction

17.Support web call CRT operating ssh resource

18.Support web call winscp operating ftp\sftp resource

19.Provide interface for login timeout redirection URL

20.Adapt dameng database

Major problems solved:

1.tomcat 8.5.69 version has CVE-2021-42340 vulnerability, should be upgraded to 8.5.72 (CVE-2021-42340)

2.Upgrade conda python to 3.7.11 version

3.After upgrading to 3.4.27.0, the “RDP clipboard” is newly added. This feature is closed by default, which causes the copy and paste function exception, and needs to be turned on by default.

4.The function of using the configuration backup and restoration to restore the new bastion machine results in the plaintext of the export password of the resource account being empty, and the SMS function and the mail sending function are abnormal

Version Number: 3.4.14.0 Function Description

New:

  1. Support for multiple manufacturer USBKeys
  2. Database (MySQL and Oracle protocol) access control
  3. Group adds department attribute
  4. SMS gateway adds encoding
  5. Mobile token supports 360ID
  6. Software and hardware merge version
  7. Domain control verification
  8. H5 supports resolution modification
  9. Custom system type
  10. Automatic verification account
  11. Configuration backup download support encryption
  12. RDP support with parameters /admin login
  13. Routing table displays existing routes
  14. Encrypted AD domain authentication
  15. API interface authentication

Fixed:

  1. Fixed the problem that when H5 is used to operate ssh resources, the format is lost after special white characters such as tabs are copied out
  2. Fixed the problem that the file uploaded to the network disk becomes smaller
  3. Fixed the problem that SSH resources cannot login due to connection timeout, and the modification method is to increase the timeout time
  4. Fixed the problem that the application account has no application address when the resource account is exported
  5. Fixed the problem that the known_hosts file causes the network device configuration backup to fail
  6. Fixed the problem of memory leak
  7. Fixed the loss of some data due to the export of a large amount of data
  8. The network card information is uniformly modified to be returned by the script
  9. In the application publishing session of the historical sessions, the resources accounts recorded are changed from the accounts of the application publishing server to the application accounts at that time
  10. Fixed the problem that quick input commands cannot be intercepted by the command control strategy
  11. The 9696 port is modified to local listening
  12. Fixed known safety issues

Improved:

  1. Labels support deletion
  2. Backend network diagnosis adds tcpdump
  3. The default ordering of users, hosts, application publishing, and application servers is adjusted (ID is arranged in reverse order, the newer ones are first)
  4. Disk space adds default restrictions (5GB, 100MB)
  5. TFTP port adjustment is enabled when in use and closed when not in use
  6. When H5 logs into SSH resources, if there is no file management, it will not log in to SFTP.

Restriction:

  1. The account and password of the application publisher are not allowed to input English double quotes”
  2. System login logs with login methods as SSH, SFTP, and SCP clients, if the result is a failure, are uniformly recorded as SSH clients
  3. When configuring HA, SSH console ports need to be ensured to be the same
  4. Removed the password modification attachment decrypt tool, the password package for modification can only be downloaded from the interface

Version Number: 3.3.8.0 upgraded to 3.4.8.0 Function Description

New:

【1】 AD domain synchronization time can be set to a minimum of 30 minutes

【2】 Direct access to RDP resources using MSTSC

【3】 Replay sessions of resources operated by MSTSC through the Web page

【4】 Play sessions of resources operated by MSTSC using local playback tools offline

【5】 When downloading SSH/Telnet sessions, you can download session record files that can record complete operation records

【6】 When directly accessing resources using MSTSC, the login method of system login log is recorded as RDP client

Fixed:

【1】 Fixed the issue that the connection was interrupted when connection with windows host through IE

【2】 Fixed the problem that password containing # cannot be auto-filled when operating mysql tool in application

【3】 Fixed the problem that Exshange is not available for email sending (752) Fixed the problem that the login and rollback loading time is too long due to too many host resources when using third-party tools to login to the fortress machine

【4】 Fixed the issue where the duration of the same historical session is inconsistent between online playback and offline playback

【5】 The problem of garbled video audit appears when users use Xshell to access resources and use VI editor

【6】 Fixed the issue that the password is not restored to the initial password when reset through the console

【7】 Fixed the problem that all historical sessions will be exported when part of historical sessions is selected (1555) Fixed the problem that the operation time recorded in exported historical sessions only records to date (without recording the specific time)

【8】 Fixed the problem that the database control strategy does not take effect for oracle database

Version Number: 3.3.6.0 upgrade to 3.3.8.0 Function Description

New:

【1】 User account, access control policy, access authorization work order expiration reminder

【2】 Customized complex degree of password randomly generated by password modification strategy

【3】 Role supports control of management scope to prevent privilege escalation

【4】 Application release tool adaptation (Navicat)

【5】 Support work order clone

【6】 Password Pack of password modification strategy sent out increases the use of AB segment password encryption

【7】 Support web page to call Toad for oracle tool to access database

【8】 After the resource expires, the resource will be placed in the expired resource account list

【9】 Hide the validation button for resources that do not support account validation

Fixed:

(1) Fixed the problem of invalid dynamic authorization of database control strategy

(2) Fixed the problem of long page feedback while verifying account

(3) Fixed the problem of system login log and system operation log not being updated

(4) Fixed the problem of CPU anomaly, reaching 100%

(5) Fixed the problem that when selecting some accounts in the shuttle box of quick operation and moving them to the right through keyword screening, the left side shows that no account is found

(6) Fixed the problem of HA data synchronization exception

(7) Fixed the problem of H5 black screen after login to Liunx machine that needs to modify password forcibly for the first time

(8) Fixed the discrepancy between the number of entries screened out by the advanced search command “sz” in historical sessions and the total number of entries displayed at the bottom

(9) Fixed the problem of unable to login to SFTP protocol when Liunx host forcibly modifies the password for the first time through H5

(10) Fixed the problem of no response when clicking new user after logging into the bastion machine through csmp platform

(11) Fixed the problem that “The selected user is not authorized” is prompted when using xshell to operate the host with authority

(12) Fixed the failure of publishing Pastman program

(13) Fixed the failure to display the application port on the web interface when importing the application release, and the application port is filled in the template

(14) Fixed the problem that the right-click and alt keys are invalid when using Excel on the host operating login RDP

(15) Fixed the problem of high CPU usage when users upload files to personal network disk through remote windows

(16) Fixed the problem of constantly prompting to download the sso tool when accessing oracle through public network address by host operation

(17) Fixed the problem that the application can not be used when the fortress machine opens two-way authentication

(18) Fixed the problem of login RDP protocol error caused by the connection not being disconnected

Improved:

(1) User login name prohibits Chinese characters

(2) Optimized privileged account import

(3) A single mobile phone can bind tokens of different bastion machines

(4) Fixed the problem of drift of VNC mouse operated by H5

Limitations:

1. Application publishing account and password are not allowed to input English double quote”

2. Login mode for SSH, SFTP, SCP client’s system login log, if the result is failure, record uniformly as SSH client

3. When configuring HA, it is necessary to ensure that the SSH control terminal ports are the same

4. Remove the decryption tool of password change attachment, and the password package for password change can only be downloaded from the interface

Version Number: 3.3.6.0

.3.3.6.0 Version Description:

New:

  1. The system configuration - security configuration: supports the configuration of the default login mode displayed on the Web page
  2. The clipboard supports individual control of uplink and downlink
  3. You can apply for a visit authorization order by account group
  4. The policy supports the setting of the affiliated department
  5. Application publishing optimized (Navicat)
  6. it supports the cloning of work orders
  7. The password of the change password policy is sent out to increase the use of AB segment password encryption
  8. it supports the proxy filling of the web browser
  9. The bastion machine supports 360ID mobile token
  10. H5 supports resolution setting
  11. It provides the open interface of open operation work order - apply for order list
  12. System login uses the SHA512 algorithm
  13. User added attributes: nickname
  14. Cloud Edge:   * Support monitoring Windows 2016 region   * Regional server support monitoring Oracle area   * Ambari increases host memory size display (unit: M)   * Ambari displays Yarn length information   * Support for adding your own SQL script   * Default 180 days retention period, adjustable via interface   * Odps phone book requires encryption to be displayed   * Supports monitoring disk capacity, CPU and memory usage of Oracle region (requires installation of cloud edge agent on each node of the cluster)   * Support monitoring the memory usage of MySQL and PostgreSQL instances in the Hadoop region and the cloud edge does not support Windows Server 2016.   * Supports monitoring EMR, VPC, RDS, MQ, NAS, OSS, ECS, DRDS, ODPS area CPS (cloud protection), E-HPC (elastic high-performance computing)   * It supports monitoring disk usage, CPU, and memory usage of the ECS area and Windows Server 2016 (requires installing a cloud edge agent on each machine)

Fixed:

  1. Cloud edge Ambari fixes the problem of no map display
  2. Application publishing fixes the lack of control of USB key users and phone token users in dual-person authorization
  3. Cloud Edge does not support Windows Server 2016.
  4. Fixed the problem that the user is still valid in the login page after the user is locked with a double factor authentication
  5. Fixed the problem of adding the suffix to the server area and the odps phone book access list to the person in charge
  6. Cloud edge SAP access rights to increase access rights description
  7. Using GSSAPI’s SSH client tools to log in to the fortress machine has a weaker foundation and is not completely blocked
  8. Fixed the application note prompt typo
  9. Cache account functionality is documented and cached at will and has been turned off
  10. Use SSL client authentication to protect Tomcat
  11. Do not expect to be able to do SFTP alone

Optimized:

  1. Cloud edge Sophos area access right enhanced display mode
  2. Cloud edge allows only administrators to modify the prefix
  3. Cloud edge protects logon passwords and binds identifiers

Version Number: 3.2.0.0

2.3.2 Version Bastion_machine 3.2.0.0 upgrade package

New:

  1. Huawei function: support the encryption of the key; support the start, stop, and restart of resources and instances
  2. Software integration version features_optimization version;
  3. Support AD domain account set password
  4. Support the allocation function when adding cloud edge resources;
  5. Support Sophos cloud service (incomplete, read Sophos cloud edge adapter document)
  6. Enhanced password interception function;
  7. Optimize SFTP: single function, add UID, GID and file mode;
  8. Import Alibaba cloud and etc, increase the import path field
  9. Other background input notes;
  10. Create cloud edge resource group to support input owner and email
  11. Increase to send mail to all users
  12. Cloud edge Hadoop adaptation;

Optimized:

  1. Modify the encoding method of one-time password;
  2. Support the colorful display of SSH direct connection;
  3. Error mail mail to;
  4. Log stored in hour by hour and day by day, size;
  5. D3 Cloud Edge Display Mode;

Fixed:

  1. Modify a series of Huawei bugs;
  2. Repair the password change mode of Gmail and simple password; repair other password modification problems
  3. Fixed the problem of Hua3 and Hua5 with PDF and other file downloads
  4. HTML terminal functionality is reserved, but does not meet my requirements (not sure why)
  5. Repairing RDS, the host encryption function does not work.
  6. Repair SQL Server character recognition

2.X version upgrade steps

  1. Enter the fortress machine’s 【Advanced Management】-【System Maintenance】 for a full backup.

  1. Download the upgrade package.

  2. Enter the fortress machine’s【Advanced Management】-【System Settings】-【Upgrade】, upload the upgrade package and upgrade.

Please do not use the fortress machine during the upgrade process, which lasts for about ten minutes. It will automatically restart after completion.

Historical Upgrade Records

Version number: 2.6.8

Date: 2017.9.28

Version 2.3.2-2.6.7 applies, the display after the upgrade is 2.6.8

1. Fix login problem caused by SMS two-factor authentication.

2. Fixed the issue that the back-end 22-port of the fortress machine is input into the host list. After logging into the back-end of the fortress machine through the SSH client, the input option cannot be displayed.

Version Number: 2.8.0

Date: 2017.10.10

Version 2.3.2-2.8.0 applies, the display after the upgrade is 2.8.0

1. Fixed the abnormal login of SecureCRT client due to port modification.

2. Add memory reclaim feature after abnormal disconnection for 30 minutes.

Version Number: 2.9.0

Date: 2017.12.22

V2.3.2- V2.9.0 range of versions apply, display after upgrade is 2.9.0

User Manual for Flagship EditionBilling Mode