Skip to main content

ECOS Release Notes

Version 7

The following release notes contain information about new features, enhancements and bug fixes of ECOS products in each release.

Release notes per newsletter

Subscribe now!

A new minor release of the ECOS SecureBootStick (SBS) and the ECOS SystemManagementAppliance (SMA) is now available in version 7.

Recent changes

Version 7.60.0 introduces support for IPv6-based transport networks between the SBS and VPN gateways. If your environment supports IPv6 and you upgrade your SMA to version 7.60.0 as well, IPv6 addressing will be available immediately after the upgrade.

The network services of the SBS have been updated as part of the system maintenance routine. As a result, the Intel XMM7360 and 7560 LTE modems cannot be used in version 7.60.0. The automatic connection setup after computer startup does not work properly with some WLAN chipsets. Users must start the connection manually in this case.

Past changes

With version V7.58.0, the versioning scheme has been changed to semantic versioning. Version 7.58.0 is thus the successor of version 7.0.50. The previous distinction between standard versions and VS-NfD-approved versions at the second position of the version number is no longer applicable and replaced by the build tag +vsnfd.

Versions marked +vsnfd contain only the VPN clients and applications approved for VS-NfD to satisfy the increased security requirements imposed by the VS-NfD approval. +vsnfd versions are mandatory in VS-NfD environments. Outside VS-NfD environments, versions without build tag grant full interoperability with IT infrastructures that may not be VS-NfD compliant (e.g. SSL VPN gateways).

The SMA must be notified of the new versioning scheme to be able to upload and distribute the new update images. ECOS provides a special SMA update for this purpose, which is available at:

files.update.ecos.de/sw/ecos/bbsecupdate_V7.57.999.root

The update contains the minimum required customizations so update mechanisms and security checks accept the new version numbering. Other SMA components remain unaffected. Therefore, the SMA does not change the previous version number when the special update is installed. Other SMA components remain unaffected.

The SMA also supports an improved update image compression as of version 7.58.0 / 7.58.0+vsnfd to provide and process updates more efficiently. If you operate your own update server, the SMA requires at least version 7.0.50/7.1.50 or higher.

Please find further relevant information in our version information in section Notes on versioning.

How to get the update

You can download the update image from our update server via the appliance or the Secure Boot Stick. If your systems do not update automatically, please update via the appliance's administration interface in ECOS Appliance  Actions  Update or via the SBS desktop menu in System  Update software.

Provided a local update server has been configured on the appliance, updates can be downloaded using the URL specified in each changelog and then installed on the appliance. Manual downloads can only be performed using a locally configured update server. A valid download password is required. If you have not yet received a download password, please contact our support team (support[at]ecos.de).

If the SMA is directly connected to the Internet (to hz.update.ecos.de), update images can also be downloaded directly with the Software Update Image object. Go to the download tab, enter the specific version number into the version field, e.g. V7.58.0 or V7.58.0+vsnfd (note that 'V' must be a capital letter) and apply.

Upcoming changes

With the upcoming version 7.61.0, support for the RDP client version 2.2.0 will be discontinued. If you are still using this client, please upgrade your configuration to a newer version as soon as possible.

Changes in detail

V7.60.4+vsnfd is based on the development status of V7.60.4 and approved for VS-NfD, EU- as well as NATO RESTRICTED.
 

 Download 

(requires authentication with download password)

 New features 

APP1208003Network components from different manufacturers displayed incorrect behavior when a certificate contained the Netscape comment attribute nsComment. The certificate issuing process of ECOS Appliances has therefore been adjusted. The attribute is no longer used.

 

 Bug fixes 

SBS1213065When using SBS auto-start destinations in conjunction with an HA network of the SMA, the SBS sometimes repeatedly attempted to establish the VPN connection even though it had already been established.
SBS1211168Typos in the configuration menu of the display service on the SMA have been fixed
SOS1209154Although the PXE configuration was deleted from the appliance, client devices configured for PXE boot continued to install because the underlying boot configuration for those devices has not been removed (not for VS-NfD)

 

 Download 

(requires authentication with download password)

V7.60.3+vsnfd is based on the development status of V7.60.3 and approved for VS-NfD, EU- as well as NATO RESTRICTED.
 

 Download 

(erfordert die Authentisierung per Download-Kennwort)

 

Bug Fixes

SBS1186020Audio was severely distorted when using the A-LAW audio codec in an RDP session
 1189399During microphone transmission in an RDP session, the signal was sometimes delayed significantly
 1196709When starting a Citrix session, the browser login screen might not appear due to a graphics driver problem

 

 Download 

(requires authentication with download password)

 

Bug Fixes

SOS1089550Support for loading the local boot order for PXE boot (not for VS-NfD)
 089523Support for PXE installation via HTTP (not for VS-NfD)

V7.60.0+vsnfd is based on the development status of V7.60.0 and approved for VS-NfD, EU- as well as NATO RESTRICTED.

 

 Download 

(requires authentication with download password)

 New Features 

SBS1102913OpenConnect VPN client updated to version 9.12 (not for VS-NfD)
TMA1187295Certain devices require the provision of EC key material in SEC1 format. As an alternative to the current PKCS#8 format, the TMA now supports exporting EC keys in the older SEC1 format.

 

Bug Fixes

SBS1128088The HP LTE modem Xmm7360 was not initialized correctly with kernel 5.19 and could not be used
 1183456Under certain circumstances, it was not possible to use 802.1x authentication on the wireless LAN
 1179796In version 7.60.0 it was not possible to connect to a terminal server farm via RDS gateway and RDS connection broker
 1185878The SSL VPN could not be established with Cisco AnyConnect in version 7.60.0 (not for VS-NfD)
APP1172603The SSH daemon did not send a NAS port ID at tunnel start, therefore OTP authentication via RADIUS was not possible (not for VS-NfD)
 1177656RADIUS reply attributes were truncated after the equals sign, and were therefore passed on in an incomplete form (not for VS-NfD)
 1156153RADIUS requests with concatenated attributes may not have been fully resolved (not for VS-NfD)
 1184869In certificate containers, the upload button for certificates was sometimes covered by other elements and could not be selected due to a display error in the admin UI
SMA1187724In HA operation with several fully synchronized master instances (active-active), consistent conflict resolution could not be performed under certain circumstances during simultaneous update operations on the same object

 

 Download 

(requires authentication with download password)

V7.60.0+vsnfd is based on the development status of V7.60.0 and approved for VS-NfD, EU- as well as NATO RESTRICTED.
 

  Download-URLs  

(requires authentication with download password)

 

New features

SBS    1127560    Support for Realtek Semiconductor RTL8852BE (10ec:8852) WLAN chip
 1091438Support for Nvidia RTX 3060Ti (10de:2489) graphics chip
 1132472Support for graphics chip driver Nvidia RTX 4080 (10de:2704) and RTX 4090 (10de:2684)
 1136339Support for Nvidia driver version 340 with kernel 5.10
 1162585Addition of kernel 6.2 (6.2.16)
 1162583Addition of kernel 6.1 (6.1.43)
 1162579Update of kernel 5.15 (5.15.125)
 1162577Update of kernel 5.10 (5.10.189)
 1162587Kernel 5.19 dropped
 1162575Kernel 4.14 dropped
 1162765Citrix Workspace App updated to version 23.7.0.17
 1162767Citrix Receiver updated to version 2.9.600.2900
 991220Enabling/disabling of Citrix Adaptive Audio
 1157741Hot plugging for USB headsets during Citrix session
 1162770Cisco Webex client for VDI updated to version 43.6.0.26456
 1162772VMware Horizon View updated to version 23.06 - 8.10.0
 1094580Cisco Webex client VDI support for VMware Horizon View
 1162789RDP client (FreeRDP) updated from version 2.7.0 to version 2.9.1-r1
 1162775Firefox browser updated to version 102.11.0
 1089557Proxy configuration option for Firefox and Chromium browsers in SMA admin UI
 1047215Whitelisting option for persistent cookies in Firefox browser in SMA admin UI
 1097404Support for IPv6 transport networks
 981420Support for IPv6 transport networks to VPN gateway for IPsec VPN client
 1089668F5 VPN client updated to version 7220.2022.0308.1 (not for VS-NfD)
 1002622Option to open a default destination right after SBS boot
 1014865Option to configure default menu options on the SBS desktop via SMA Admin UI
 1144795Option allowing SBS users to show/hide their WiFi password on entry
 1151487Integration of SBS user manual into SBS image to allow users to read the manual without network connection
APP1162971Update of kernel 5.15 (5.15.129)
 1136429Support for Evolis Primacy smartcard printer
 1115668VMware tools updated to version 12.2.0
 1064265Report option for querying certificate lists related to containers for joint certificate rollout
 1100366Option to select multiple items in a table by copy and paste of a criteria list as a filter in a table column
SMA1150347Ability to disable management connections for SBS while smartcard enrollment service is active
TMA1086003NDES client for connection to external (public) CA (not for VS-NfD)

 

 Deprecated 

SBS    1146487    RDP client (FreeRDP) version 2.0 removed

 

   Bug fixes   

SBS    1101422    The SBS SX/ZX allowed the entry of a startup password, a feature that is not supported for the SBS variants with smartcard
 1118523News tabs in the Chromium browser were displayed with a cryptic title
 1123906The "Power off" button in the destination selection dialogue did not respond under certain circumstances
 1158058The Firefox browser could not open PDF documents under certain circumstances
 1136448Additional remote certificates (e.g. for migration of gateways) were not accepted for IPsec VPN configuration
 1107259Multi-monitor support for RDP could not be disabled
 1117422Simultaneous use of a Citrix web destination and a Firefox destination was not possible
 1143354Umlauts were displayed incorrectly when starting a VNC session within a Citrix session
 1157347In version 7.58.x, Easy Enrollment via VPN could not be performed under certain circumstances
 1156041In version 7.58.x, a second browser could not be launched if a Microsoft MFA authentication had previously been performed in the browser and the first browser was still active
 1150443In version 7.58.x, IPsec VPN could not be used with IKEv1 preshared key authentication (not for VS-NfD)
ALL1145704The network interface status incorrectly reported an error when virtual IP addresses were configured on the interface
APP1130729Subsequent changes to PKI policies for CRL and OCSP were not automatically updated for the using CA
 1112884The application server sometimes did not start after installation and required an additional restart
 1139120The admin UI offered an MTU configuration option for appliance network interfaces that is not supported for appliances and has no effect - the option has been removed
 1150561Upload of license files was aborted with an error in some cases
 1139797In an HA cluster, a directory synchronization configured for a slave node was sometimes performed by a master node
 1131451The OCSP service required a restart after updating the server certificate
 1146837The OCSP service could only be activated if the "S-Proxy" feature was enabled per license file
SMA1149170The certificate attribute "Display status" could be selected in queries, although it is a calculated attribute that is not supported in queries
TMA1102607The enrollment of certificates on JCOP cards sometimes showed an error message although the enrollment was performed successfully (not for VS-NfD)

Download URLs

(requires authentication with download password)

V7.58.3+vsnfd is based on the development status of V7.58.3 and approved for VS-NfD, EU- as well as NATO RESTRICTED.
 

Download URLs

(requires authentication with download password)

 

   Bug fixes   

SMA1144018 System Connector reports authentication failure during Easy Enrollment (not forVS-NfD)

 

Download URLs

(requires authentication with download password)

 

V7.58.2+vsnfd is based on the development status of V7.58.2 and approved for VS-NfD, EU- as well as NATO RESTRICTED.
 

Download URLs

(requires authentication with download password)

 

New features

TMA1118709 Support for certificate issuance without OCSP AIA, so devices can be issued certificates that generate errors with OCSP AIA in the device certificate.

 

   Bug fixes   

SBS 1055442 The IPsec client (strongswan) blocked outgoing data packets when multiple remote servers were specified in the configuration but not marked as active
 1133287In V7.58.0, connected microphones could not be used in Citrix web sessions
 1127333In V7.58.0, mouse wheel clicks were no longer recognized as clicks in a Citrix session
 1102660Printer drivers configured in a printer map could not be used in an RDP session
APP1110008The group ID of the Diffie-Hellman group was not displayed in the key exchange configuration for IPsec client connections
 1136295The server-generated shared secret for the appliance's SSL VPN service was sometimes re-computed due to an update (not for VS-NfD)
 1116559Uploading PKCS#12 containers without password was not possible
 1102692The password of cached PKCS#12 containers was not updated when the corresponding key was encrypted with a new passphrase
 1095939Renewing a certificate via wizard generated an error because the passphrase of the private key was not queried
 1087833An authentication error could occur in an HA cluster during smartcard enrollment
 1129742Smartcard enrollment was rejected because the OTPs used for enrollment were sometimes not assigned to the smartcard container.
 1094774Revoking a client certificate restarted the server for the admin UI
SMA1098313Moving an SBS could lead to a failure of the ECOS System Connector

 

Download URLs

(requires authentication with download password)

 

V7.58.1+vsnfd is based on the development status of V7.58.1 and approved for VS-NfD, EU- as well as NATO RESTRICTED.
 

Download URLs

(requires authentication with download password)

 

   Bug fixes   

SBS1126857If first browser and then RDP were started via SBS desktop icons and thus active at the same time, the NAT rules for WebRTC were not cleared and caused connection problems
 1116377Multiple destinations launched at the same time could lead to firewall rules blocking each other
APP 1126825 Configuration checks caused high load and were optimized

 

Download URLs

(requires authentication with download password)

 

Starting with this version, we change our version numbering scheme to sematic versioning. The version originally planned as  7.1.58 thus spells V7.58.0+vsnfd. Please read the Notes on versioning section carefully before updating and observe the required special SMA update and, if applicable, the intermediate updates.
 

V7.58.0+vsnfd is based on the development status of V7.58.0 and approved for VS-NfD, EU- as well as NATO RESTRICTED.
 

Download URLs

(requires authentication with download password)

Starting with this version, we change our version numbering scheme to sematic versioning. The version originally planned as  7.0.58 thus spells V7.58.0. Please read the Notes on versioning section carefully before updating and observe the required special SMA update and, if applicable, the intermediate updates.
 

New features

ALL    1066219    Activation of new speculation protection options for kernel
SBS988213The SBS image is delivered in Zstandard compression to allow a more effective compression (requires appliance version 7.0.34 or 7.1.34 and later)
 1089598Revision of version numbering according to semantic versioning scheme (https://semver.org/)
 1064407Update of Intel Microcode and firmware blobs
 1060237Support for internal microphone on Dell Latitude 3520
 1063484Firmware versions for Intel SOF audio drivers now switchable to provide broader hardware support
 1056663Intel SOF audio support for Fujitsu E5411
 1066194Intel SOF audio support for Lenovo 14G2 ITL
 1066189Intel SOF audio support for Lenovo E14
 1066192Intel SOF audio support for Lenovo E595
 1059796Touchpad and trackball support for Lenovo Thinkpad E15
 1021776Update of driver set for Apple MacBook Pro model year 2018
 1043701Runtime optimization for hardware profile manager
 1082665Addition of kernel 5.19 (5.19.16)
 1082665Kernel 5.17 dropped
 1082609Update of kernel 5.15 (5.15.74)
 1082555Update of kernel 5.10 (5.10.148)
 1082504Update of kernel 4.14 (4.14.295)
 1073126Citrix client updated to version 22.7.0.20
 1013859Revision of Citrix client control with new default configuration
 1094332Static client drive mapping for Citrix sessions replaced with support for Citrix Dynamic Client Drive Mapping (CDM)
 1025644VMware View Horizon client updated to version 22.06 - 8.6.0
 1001119Support for IPsec VPN with IKEv2 and EAP for Watchguard VPN gateways
APP1082609Update of kernel 5.15 (5.15.74)
 708561Extension of directory synchronization, so contains directive can now be used multiple times on a source attribute
 1015071Additional configuration options for RADIUS proxy to optimize handling of unstable connections
 1034541EFI boot support for all appliances
 1087835Support for cryptovision PKCS#11 middleware
 1044984Adapted TLS settings for LDAPS regarding compatibility with FreeRADIUS version 3.0.22 and later
 907120Storage of log files moved to internal PostgreSQL database for better analyzability
 757368Extension of encryption and authentication configuration of Postfix mail gateway
 1017635Extension of query and table functions to display links for user OTP codes
 1017630Extension of query and table functions to display links for QR codes of user one-time passwords
 1017640Extension of query and table functions to display links for user TAN lists
 1047925Smartcard enrollment support for multiple smartcard readers connected in parallel
 1084935Improved user guidance for upload function for certificates with associated password CSV
 1076343Support for connectivity with authentication servers for OpenVPN
SMA1047543Optimization of system connector's load behavior
TMA1026146ACME client for connection to external (public) CA
 1026142SCEP client for connection to external (public) CA
 1053256Support of key and certificate formats for export via Crypto API
 921169Support for optional automated inclusion of IP address as SAN in certificate (in addition to hostname)

 

 Deprecated 

SBS    1053424    Support for NX client removed from SBS ('not for VS-NfD)
SMA1053424Support for NX client removed from admin interface ('not for VS-NfD)

 

   Bug fixes   

ALL1084400 Multi-line input fields were sometimes not displayed in the correct size when loading a form for the first time
 1084398Multiline input fields in read-only mode did not display line breaks
SBS1072273When starting an SSH destination, the user's login name could not be entered interactively
 940985No PIN query appeared on SBS SX/ZX for Intel Iris XE and Intel Tiger Lake UHD graphics chips, the PIN had to be entered blindly
 1058077Trackball and touchpad could not be used on Lenovo E14 and E15 series notebooks with AMD CPU
 1049001During Zoom meetings, the Chromium browser could not display or transfer video data because the browser disabled hardware acceleration on certain hardware. Hardware acceleration can now be forced with an option in the admin interface.
 1072700Citrix Receiver detection had to be confirmed by user at each startup
 1071222When using a UMTS/LTE card, the SBS displayed the error message 'Legitimization required: An application attempts to access the default keyring, but it is locked', because there was no wait for keychain to be released
 1064367Desktop icons were only cleared upon reboot after the 'Show destinations on desktop' checkbox was deactivated on the appliance at runtime
 1088074With the 'Show destinations on desktop' checkbox active, the error message 'Failed to restart the panel' appeared sporadically after starting SBS
 1071165After updating to SBS version 7.0.50 or 7.1.50, the own WLAN was no longer displayed under certain circumstances
 1076364TLS1.3 post-authentication failed in Firefox and Chromium browsers
 1044624The graphical bootsplash has been shown displaced with the latest versions of kernels 4.14, 5.15 and 5.17
 901095The text boot splash was displayed without alignment and illegible with the last versions of kernels 4.14, 5.15 and 5.17
 1076856When closing a Citrix web target, an incorrect error message ('Unable to flush stdout: Broken Pipe') could occur
 1071145The webcam administration dialog closed after a few seconds if no selection was made
SOS1056499The option to restore the user's numeric keypad setting after a restart did not work
 1089610PXE installation sometimes started before an IP address could be obtained from the DHCP server and thus failed
APP763594It was not possible to add a new row to an empty multiple input field or grid (without rows) without reloading the object
 1071582If the connection to PostgreSQL was interrupted, the application server could not reconnect under certain circumstances
 1085243The appliance did not update the network configuration for slaves under certain circumstances
 1087985HTTP strict transport security was not enabled on the internal proxy service
 1002980Links were partially not displayed in table views
 1082145OCSP service did not start responder certificate configuration for uploaded CAs
 1086019The OpenVPN service did not start anymore when the 'Client certificate not required' option was enabled
 1087736Configuration backups from version 5 appliances could not be imported into actual appliances under certain circumstances
 1066852The RADIUS service was not restarted after an update of the appliance
 1084342The smartcard enrollment tool did not show English translations
SMA1089441The xfreerdp multimedia client version 2.4.0 could not be selected on the appliance
 1032886Changed directory permissions were not recognized during the update process of the SMA under certain circumstances
 1062901The OpenSSL OCSP could block with certain configurations and had to be restarted
 1064547Automatic certificate renewal could not be performed for SBS version 7.0.38 or 7.1.38 onwards

 

Download URLs

(requires authentication with download password)

V7.1.57 is based on the development status of V7.0.57 and is approved for VS-NfD, EU- as well as NATO-RESTRICTED.


Download URL appliance (requires authentication with download password):

Download URL SBS (requires authentication with download password):

New features:

  • 1036797: APP: Performance optimization of certificate revocation for a CA with a large inventory
  • 1081017: APP: Performance optimization when many clients log on to the appliance at the same time

Bug fixes:

  • 1080586: APP: Under certain circumstances, the error "Waitseq Timeout" was reported on the admin UI, although there was no error condition at all
  • 1080535: APP: After restarting the database, there was no automatic reconnection of previously established connections to the database

 

Download URL appliance (requires authentication with download password):

Download URL SBS (requires authentication with download password):

 

V7.1.56 is based on the development status of V7.0.56 and approved for VS-NfD, EU- as well as NATO RESTRICTED.


Download URL appliance (requires authentication with download password):

Download URL SBS (requires authentication with download password):

New features:

  • -

Bug fixes:

  • 1077655: SBS: WLAN could no longer connect to local WLAN router under certain circumstances - WPA supplicant downgraded from 2.10 to 2.09

 

Download URL appliance (requires authentication with download password):

Download URL SBS (requires authentication with download password):

     

    V7.0.55 is an unreleased SCC version..

    New features:

    • 1068778: SCC: SCC configuration data added to default appliance backup
    • 1048755: SCC: Support for meeting welcome message configuration
    • 1077062: SCC: Advanced support for authentication to Exchange server

    Bug fixes:

    • 1077055: SCC: Kurento MCU not executable after new installation due to missing libraries

    V7.1.54 is based on the development status of V7.0.54.


    Download URL appliance (requires authentication with download password):

    Download URL SBS (requires authentication with download password):

    New features:

    • -

    Bug fixes:

    • 1073123: SBS: Quality of webcam within Citrix sessions was very poor as a result of a known bug in Citrix 22.2.0.20

     

    Download URL appliance (requires authentication with download password):

    Download URL SBS (requires authentication with download password):

     

    V7.0.53 is an unreleased SCC version.

    New features:

    • 1048750: SCC: Support for automated user creation and/or authentication via AD
    • 1056167: SCC: Connection to email server for registration and password reset e-mails
    • 1048757: SCC: Customizable default presentation
    • 1048734: SCC: Configurable password complexity in SCC admin UI
    • 1070330: SCC: Support for automated update image acquisition
    • 1055645: SCC: Configurable reference to privacy policy

    Bug fixes:

    • 1068625: SCC: Root partition too small to run updates

    V7.1.52 is based on the development status of V7.0.52.

     

    Download URL appliance (requires authentication with download password):

    Download URL SBS (requires authentication with download password):

    New features:

    • -

    Bug fixes:

    • 1068235: SBS: Previously created destinations could no longer be started after an update from version 7.0.50 / 7.1.50 under certain circumstances 1068387: APP: The replication service could not efficiently accept connection requests under heavy load


    Download URL appliance (requires authentication with download password):

    Download URL SBS (requires authentication with download password):

     

    V7.1.51 is based on the development status of V7.0.51.


    Download URL appliance (requires authentication with download password):

    Download URL SBS (requires authentication with download password):

    New features:

    • -

    Bug fixes:

    • 1038301: APP: The login to the admin UI with RADIUS authentication did not work after updating the SMA from V7.1.45 to V7.1.50

     

    Download URL appliance (requires authentication with download password):

    Download URL SBS (requires authentication with download password):

     

    V7.1.50 is based on the development status V7.0.50 and is approved for VS-NfD, EU- as well as NATO-RESTRICTED.

    Please note: If your current version is 7.1.49 and lower, the update must be split into one update to 7.1.49 and a second update to 7.1.50.


    Download URL appliance (requires authentication via download password):

    Download URL SBS (requires authentication by download password):

    Please note: If your current version is 7.0.49 and lower, the update must be split into one update to V7.0.49 and a second update to V7.0.50.


    New features:

    • 1064762: SBS: Bootloader Shim updated to version 15.6
    • 823948: SBS: Bootloader GRUB updated to version 2.06
    • 1031607: SBS: Support of selective firmware usage for WLAN adapter Killer ath10k
    • 830036: SBS: Support of special fan control for Lenovo Thinkpad (thinkfan)
    • 825529: SBS: Support of keyboard and mouse on Apple MacBook MJ2015
    • 1050502: SBS: Support of Intel Multimedia Audio Controller 0401 (8086:a0c8)
    • 1017894: SBS: Optimization of Apple MacBook Pro firmware switches for current kernels
    • 1017889: SBS: Optimization of Nvidia graphics driver control
    • 1029418: SBS: Extended error messages in boot process for quick analysis of problems at system startup
    • 1026876: SBS: Extended hardware test information for hardware profiles for quick analysis of hardware problems
    • 1025429: SBS: Extended hardware test information for RandR for problem solving with multi-monitor support 
    • 1042671: SBS: Cisco Jabber client for VDI updated to version 14.1.1
    • 1029360: SBS: Cisco Webex client for VDI updated to version 41.6.3.2560
    • 1019555: SBS: Optimization of default parameters for RDP client (xfreerdp)
    • 952814: SBS: Support for authentication to destination systems (e.g. Citrix) with smartcard in the integrated smartcard reader (FX/SX/ZX)
    • 1027289: SBS: Appearance of Chromium browser startup revised regarding maximization of browser window and automatic hiding of bookmarks bar
    • 1025628: SBS: Appearance of Firefox browser startup revised regarding maximization of browser window and automatic hiding of bookmarks bar
    • 1014388: APP: Extended user information in OTP QR code for better readability in authenticator apps (e.g. Google Authenticator)
    • 1029487: APP: Optimization of the readability of the available hard disk space on ECOS Appliance/Info
    • 990890: APP: Support of multiple CAs by one OCSP responder
    • 1022891: SMA: Optimized user guidance for Citrix desktop profile configuration
    • 1026148: TMA: Extended options for automatic fetching of CRLs from external CAs

    Bug fixes:

    • 940985: SBS: With certain graphics cards (e.g. Intel Iris XE, Iris Plus, Tiger Lake UHD) no PIN prompt was displayed on the screen and PIN had to be entered blindly
    • 1035701: SBS: Time zone settings for SBS users were not correctly implemented on SBS
    • 1031156: SBS: When using VNC for remote maintenance of SBS, no data could be copied via clipboard
    • 1041363: SBS: When using VNC for remote maintenance of SBS, no special characters could be transferred using the AltGrR key
    • 964987: SBS: Local settings were not preserved for Chromium browser type, although checkbox for Access restrictions/Keep local settings was activated in browser configuration
    • 972899: SBS: Microphones or cameras allowed by user were not preserved for Firefox browser, although checkbox for Access restrictions/Keep local settings was activated in browser configuration
    • 980716: SBS: System-wide Chromium browser policies sometimes prevented simultaneous use of multiple destinations in Chromium browser
    • 984236: SBS: Umlauts were not displayed correctly in message window after unsuccessful SBS activation
    • 1051530: SBS: Uploaded preferences (prefs.js) were sometimes not applied to Firefox browser type
    • 1045942: SBS: Firefox browser did not start when uploaded preferences (prefs.js) were stored
    • 1045484: SBS: RDP client sent SBS default user name during session setup when no user name was configured for RDP session. As expected, no name is now sent in this case.
    • 1032713: SBS: If configuration changes were made while data synchronization was running, the connection was sometimes interrupted
    • 1014675: SBS: Timing control of LAN network interfaces could not be called in admin UI
    • 1048909: APP: Revoking a client certificate for the admin UI was not immediately updated on the HTTP server in the CRL
    • 1034252: APP: Changes of object paths were not possible in queries
    • 950584: APP: Objects with child objects could not be moved by queries with action
    • 1002995: APP: Attribute Certificate creation not editable in query result sets
    • 1030524: APP: When querying the status of the appliance, the wrong status 'BAD' was returned, although there was no functional error
    • 1044555: APP: Certificate subject not adopted by container document during import
    • 1033167: SCC: After update, admin UI could not be started because the designated paths could not be created in the file system
    • 1035081: SCC: Uploading an SCC image to an appliance was not possible due to configured file sizes limits


    Download URL appliance (requires authentication via download password):

    Download URL SBS (requires authentication by download password):

    The V7.1.49 is based on the development status V7.0.49 and is approved for VS-NfD, EU- as well as NATO RESTRICTED.


    Download URL appliance (requires authentication via download password):

    Download URL SBS (requires authentication by download password):

    New features:
    -

    Bug fixes:

    • 1047311: SBS: Genua remote maintenance destinations did not start VPN connection
    • 1047567: SBS: The startup parameters for VNC Viewer were not formatted correctly and thus partially ineffective
    • 1047317: SBS: Genua remote maintenance destinations not displayed as icon on SBS desktop


    Download URL appliance (requires authentication via download password):

    Download URL SBS (requires authentication by download password):

    V7.1.48 is based on the development status V7.0.48 and is approved for VS-NfD, EU- as well as NATO RESTRICTED.


    Download URL appliance (requires authentication via download password):

    Download URL SBS (requires authentication by download password):

    New features:

    • 1039998: SBS: Addition of kernel 5.17 (5.17.8)
    • 1039998: SBS: Kernel 5.16 dropped
    • 1039865: APP: Update of kernel 5.15 (5.15.40)
    • 1040005: SBS: Update of kernel 5.10 (5.10.116)
    • 1040024: SBS: Update of kernel 4.14 (4.14.279)
    • 1019113: SBS: Support for WLAN chip Intel Killer Wi-Fi 6 AX1650i (8086:34f0)
    • 1038203: SBS: Support for Realtek 8852 (10ec:8852) WLAN chip
    • 1029403: SBS: Cisco Webex client for VDI updated to version 42.5.3.9

    Bug fixes:

    • 1023202: SBS: An interrupted SBS update could lead to tamper messages
    • 1041610: SBS: The routing rule for browser destinations was not set when the default route pointed to VPN
    • 1040030: SBS: The WLAN chip Intel Wireless 7260 (8086:08b2) could not be used
    • 1041490: SBS: The Internet Wireless Deamon started too early under certain circumstances and blocked the WLAN adapter as a result
    • 1042433: SOS: Version for installation could not be determined if the serial number of the device was not previously registered in the SMA


    Download URL appliance (requires authentication via download password):

    Download URL SBS (requires authentication by download password):

    V7.1.47 is an unreleased interim version.

    V7.0.47 is an unreleased interim version.

    V7.1.46 is an unreleased interim version.

    V7.0.46 is an unreleased interim version.

    V7.1.45 is based on the development status of V7.0.42 and approved for VS-NfD, EU and NATO RESTRICTED.

    Please note: If your current version is 7.1.29 and lower, the update should be split into one update to 7.1.30 and a second update to the actual version.

     

    Download URL appliance (requires authentication with download password):

    Download URL SBS (requires authentication with download password):

    Please note:

    It is known that version 7.0.42 on SBS HE variants (not for V7.1.x) could lead to startup problems on specific hardware platforms. Version 7.0.42 has therefore not been released for live operation. This follow-up release solves the issue.

    If your current version is 7.1.29 and lower, the update should be split into one update to 7.1.30 and a second update to the actual version.

    New features:

    • #941407: SBS: Update of Citrix Workspace App to version 2109
    • #1024079: SBS: The Chromium browser can now optionally be started in full screen mode and without bookmark bar

    Bug fixes:

    • #1020495: SBS: HE did not boot reliably on particular hardware platforms in version 7.x.42 (not for 7.1.x)
    • #1027125: SBS: Video/audio streaming via WebRTC did not work with specific IPsec configurations

     

    Download URL appliance (requires authentication with download password):

    Download URL SBS (requires authentication with download password):

    V7.0.44 is an unreleased interim version.

    V7.0.43 is an unreleased interim version.

    V7.1.42 is based on the development status of V7.0.42 and is approved for VS-NfD, EU and NATO RESTRICTED.

    Please note: It is known that version 7.0.42 on SBS HE variants (not for V7.1.x) could lead to startup problems on specific hardware platforms. Version 7.0.42 has therefore not been released for live operation. The issue is solved by the current successor version 7.0.45.

    New Features:

    • #1015454: SBS: Addition of kernel 5.16 (5.16.13)
    • #1015456: SBS: Addition of kernel 5.15 (5.15.27)
    • #960578: SBS: Kernel 5.14 dropped
    • #960578: SBS: Kernel 5.4 dropped
    • #1015458: SBS: Update of kernel 5.10 (5.10.104)
    • #1015460: SBS: Update of kernel 4.14 (4.14.270)
    • #1004066: SBS: Update of VMware Horizon View client to version 21.11 - 8.4.0
    • #988664: SBS: Control of computer hardware over new hardware profile manager
    • #959331: SBS: Optimized control of iwd or wpa_supplicant depending on the installed WLAN chip
    • #975894: SBS: Apple Mac Wifi firmware update
    • #964506: SBS: Support for Jabra Evolve 40 to use Open Touch via VMware View
    • #952165: SBS: Support for simultaneous use of Nvidia and Intel graphics cards installed on a computer
    • #838016: SBS: Support for Grundig voice recorders
    • #987103: SBS: Support for Citrix Web Applications (ICA files) in Chromium browser
    • #880691: SBS: Central video codec settings for VMware View with BLAST protocol
    • #948863: SBS/App: New option in admin UI for forwarding of Philips dictation devices in Citrix session
    • #1011359: SBS/APP: Initialization of random number generator optimized
    • #1004156: SOS: Installation image version can be obtained from SMA, if SMA is specified as image server
    • #1004145: SOS: Reset of PXE boot options to boot SOS after PXE installation is completed
    • #1009627: APP: New drag-and-drop feature to move objects from lists or query results in admin UI
    • #788955: APP: Optional IPsec VPN gateway on appliance (not for 7.1.x)
    • #935033: MOS: Support for portable application packages in tunnel profiles

    Bug fixes:

    • #1007869: SBS: Nvidia graphics cards of the 1600, 2000 and 3000 series could only be used in emergency mode with limited graphics performance
    • #982305: SBS: The graphical display in the VMware View client was blurry in connection and thus difficult to read with AMD Ryzen processors
    • #993858: SBS: No network connection could be established using the WLAN adapter BCM4352
    • #961044: SBS: The Chromium browser did not show bookmarks
    • #980712: SBS: Chromium did not launch applications directly via the registered client applications.
    • #986336: SBS: After an update of an SBS via ECOS update server, no update message was passed to the update server
    • #996632: SBS: With Trusted Network Detection enabled, the dialog for VPN setup was erroneously displayed in internal network
    • #1000244: SBS: The keyboard layout sometimes used an English layout, although a German layout was configured
    • #1000635: SBS: The VMware View client sometimes used an English keyboard layout, although a German layout was configured
    • #1004612: SBS: When logging in for the first time after SBS update, client certificates were not available in the browsers
    • #1006524: SBS: In the mouse pad settings, the option "Two-finger scrolling" was not applied
    • #1006370: SBS: Transferring copied content between different destination windows via the system clipboard did not work
    • #1016604: APP: If a different software image was set in a software source object, the associated configuration was not updated
    • #832805: APP: The progress bar for downloads was not continuously updated in the admin UI
    • #1017371: APP: When starting the appliance, an error was sporadically and incorrectly reported stating that repldb could not be created
    • #808295: APP: After regenerating the configuration (e.g. due to license updates), SSL VPN connections could no longer be established on the running system if the option "Allow only known clients of this organization" was not activated
    • #876755: APP: Changes to the display configuration of wizards became visible only when the wizard interface was actively reloaded
    • #1006844: APP: Attachments could not be removed from certificate database
    • #557498: APP: References to containers could lead to inefficient execution of replication due to multiple mutual comparison in case of multi-master replication
    • #989501: APP: If an error occurred in a query with action, other queries with action were sometimes not executed
    • #983560: APP: Under certain circumstances, the update server had to be restarted to effectively renew licenses

    V7.1.41 is an unreleased interim version

    Bug fixes:

    • #1009087: SBS: No connection bar in RD Web

     

    Download URL appliance (requires authentication by download password):

    Download URL SBS (requires authentication by download password):

    V7.1.40 is an unreleased interim version.

    V7.0.40 is an interim version

     

    Download URL appliance (requires authentication by download password):

    Download URL SBS (requires authentication by download password):

    V7.1.39 is an unreleased interim version.

    New features:

    • #963820: SBS: Support for F5 web RDP incl. gateway token
    • #913331: MOS: Update of virtualized Firefox to version 92 32Bit

    Bug fixes:

    • #629107: MOS: CAs from certificate container in appliance did not end up in Firefox certificate store

     

    Download URL appliance (requires authentication with download password):

    Download URL SBS (requires authentication with download password):

    V7.1.38 is based on the development status of V7.0.38 and approved for VS-NfD, EU- and NATO-RESTRICTED.

    Download URL appliance (requires authentication with download password):

    Download URL SBS (requires authentication with download password):

    New features:

    • 475303: SBS: Support for Signotech signature pads
    • 977706: SBS: Support for Huawei LTE module ME936
    • 934641: SBS: Deletion of previous default kernel 5.13 (EOL)
    • 969047: SBS: Inclusion of kernel 5.14 (5.14.21) as new default kernel
    • 969044: SBS: Update of kernel 5.10 (5.10.83)
    • 969041: SBS: Update of kernel 5.4 (5.4.163)
    • 969037: SBS: Update of kernel 4.14 (4.14.256)
    • 947810: SBS: Update of Internet Wireless Deamon (iwd) to version 1.18
    • 947772: SBS: Update of client for Cisco AnyConnect VPN to version 8.10-r6 (not for 7.1.x)
    • 963627: SBS: Update of Chromium browser to version 96.0.4664.45-r1
    • 983691: SBS: Update of Firefox browser to version 91.3.0
    • 977588: SBS: Update of included RDP clients to versions 3.0-beta, 2.4.1, 2.3.2, 2.2.0 and 2.0.0
    • 946668: SBS: Support for IPsec VPN authentication with passphrase-protected private key for SBS variants without smartcard (not for 7.1.x)
    • 953305: SBS: Improved input validation for genua Remote Maintenance to avoid configuration errors
    • 969044: APP: Update of kernel 5.10 (5.10.83)
    • 834232: APP: Selection/filtering of user certificates for directory synchronization
    • 839880: APP: Improved support for concurrent editing of the source system during directory synchronization - the creation of objects is delayed if the superordinated part is still missing in the destination path during processing
    • 927233: APP: Support for Zstandard compression to optimize appliance updates
    • 886202: APP: Support for smartcard enrollment for TCOS smartcards in conjunction with the application for SecurePIM (not yet for 7.1.x - for 7.1.x part of a pending approval)
    • 926408: TMA: Support for taking over or completing Extended Key Usages (EKU) from CSR
    • 921232: TMA: Added support for IPsec End System EKU

    Bug fixes:

    • 954841: SBS: The option "Show destinations on desktop" displayed an incorrect icon for the Chromium browser
    • 956905: SBS: 802.1x authentication could not be performed with multi-level CA chains
    • 943091: SBS: Update was interrupted during post-processing of the EFI partition if recoverable I/O errors had previously occurred on the partition
    • 939335: APP: Role assignment for users through templates generated an error
    • 938687: APP: A modified configuration of the management connection was not replicated correctly in an HA cluster
    • 965678: APP: When exporting extensive configuration data, aborts occurred due to timeouts (timeout errors)
    • 681993: APP: The admin interface of the appliance was no longer accessible if the certificate file contained binary data after the certificate
    • 982345: APP: When switching between different reports on the appliance, the error "Unexpected exception: Can't use string ('*') ..." was sporadically reported
    • 936662: SGA: Routes for network interfaces were not set correctly if overlapping network address ranges were configured for them
    • 965528: SMA: When trying to format a smartcard, for which a certificate should have been extended according to the configuration, the enrollment program terminated immediately instead of reporting the error

    Download URL appliance (requires authentication with download password):

    Download URL SBS (requires authentication with download password):

    Unreleased interim version.

    Unreleased interim version.

    V7.1.36 is based on the development status of V7.0.36 and approved for VS-NfD, EU- and NATO RESTRICTED.

    Please note:

    If your current version is 7.1.29 and lower, the update should be split into one update to 7.1.30 and a second update to 7.1.36.

    When using HDX support with the current Citrix Workspace App version, the HDX version must be set to version 2.9 in the configuration of the destination system on the SMA, as the Citrix Workspace App version 2109 is not compatible with HDX version 2.8 or older. 

    Download URL appliance (requires authentication with download password):

    Download URL SBS (requires authentication with download password):

    Please note:

    If your current version is 7.0.29 and lower, the update should be split into one update to 7.0.30 and a second update to 7.0.36.

    When using HDX support with the current Citrix Workspace App version, the HDX version must be set to version 2.9 in the configuration of the destination system on the SMA, as the Citrix Workspace App version 2109 is not compatible with HDX version 2.8 or older.

    New features:

    • 925291: SBS: Update of Intel microcodes (20210608_p20210830)
    • 917603: SBS: Support for Intel Pentium Silver and Intel Pentium Gold processors
    • 941268: SBS: Support for Intel Pentium Silver/Gold graphics hardware
    • 941262: SBS: Update of audio codecs and Sound Open Firmware (SOF) modules
    • 919940: SBS: Support/driver update for Philips SpeechMike
    • 907934: SBS: Addition of kernel 5.13 (5.13.19) as new default kernel
    • 907934: SBS: Deletion of previous default kernel 5.12 (EOL)
    • 941272: SBS: Update of kernel 5.10 (5.10.73)
    • 934402: SBS: Update of kernel 5.4 (5.4.153)
    • 941259: SBS: Update of kernel 4.14 (4.14.250)
    • 941407: SBS: Update of Citrix Workspace App to version 2109
    • 941401: SBS: Update of VMware Horizon View client to version 21.06.01 - 8.3.1
    • 928808: SBS: Update of xfreerdp RDP client to version 2.3.2 and 2.4.0
    • 934518: SBS: Update of Chromium browser to version 94.0.4606.81-r1
    • 942043: SBS: Firefox browser updated to version 78.15.0
    • 946808: SBS: Support for graphics output in framebuffer mode if no graphics driver can be loaded
    • 925721: SBS: New item in boot menu to select WPA supplicant for WLAN connection
    • 914573: SBS: Option in RDP client to select the smartcard to be forwarded for authentication
    • 920884: SBS: Support for remote maintenance of genua components (not yet for 7.1.x - for 7.1.x part of pending approval)
    • 936382: SBS: Option for recording encrypted log information in hardware test to make stick manipulation messages analyzable by manufacturer
    • 913971: ALL: Optimized update image size with Zstandard compression algorithm
    • 931126: APP: Update of kernel 5.10 (5.10.72) with integration of support for Dell PowerEdge RAID Controller H330
    • 937898: APP: SMP support of appliance kernel extended to up to 64 CPUs
    • 934521: APP: VMware Tools updated to version 11.3.5
    • 898785: APP: The maximum download size of logs via admin interface extended to 20MB
    • 799950: APP: Configuration option for maximum number of failed login attempts during RADIUS authentication before user account is locked
    • 937597: APP: Replication service load balancing revised to increase scalability of the appliance
    • 916485: APP: Display of log entries per service object in admin UI
    • 937091: TMA: Support for SCEP certificate renewal requests that do not include an encryption certificate in the reply

    Bug fixes:

    • 892446: SBS: Authentication with Yubikey was not possible in RDP sessions
    • 937032: SBS: Support for Cisco Jabber Softphone for VDI was not usable in the version released for VS-NfD (V7.1.x)
    • 938925: SBS: When using the TCP/IP+HTTP protocol in a Citrix desktop target, a program crash error was displayed when closing the session
    • 916980: SBS: During initial pairing with smartcard, no clearly assignable error message was displayed if the CN of the certificates on the smartcard had an invalid size (more than 64 characters)
    • 930141: SBS: An incorrect operation on the SMA (issuing a new certificate instead of renewing it) could prompt the SBS to generate new keys on its smartcard, thus rendering the SBS unusable.
    • 927015: SBS: Logging of monitor data by hardware fingerprinting needlessly created too many entries in default log level, thus burdening the SBS system
    • 927844: SBS: Support for LTE modem XMM7360 did not work
    • 920574: SBS: Selecting user-defined level adjustment with a scaling smaller than 1.0 in the display settings led to freezing of SBS desktop
    • 929013: SBS: The Wifi authentication dialog (802.1X authentication) incorrectly displayed the "Ignore CA certificate" option
    • 938929: SBS: A device named "Dummy" appeared in the audio configuration of the SBS if the Sound Open Firmware (SOF) modules required for the device were not available
    • 916993: SBS: The SBS update process could not be performed in debug mode for error analysis
    • 946517: SBS: If multiple VPN gateways were configured for IPsec VPN connections, the firewall permissions on the client were granted only for the first gateway
    • 939524: APP: Creating configurations via wizards using templates from the template container did not work 
    • 925289: APP: In the configuration forms for software updates, the update image object was misleadingly labeled "Software Update Source". The UI labels were changed to "Software Update Image" resp. "Image"
    • 881235: APP: Under certain circumstances, RADIUS OTP authentication did not work automatically after a reboot of the appliance
    • 924152: APP: After an update of the appliance, error messages of the management connection appeared in the log ("incomplete message") without any underlying error condition
    • 914942: TMA: Continuous certificate requests by incorrectly implemented SCEP clients unnecessarily filled the certificate history in the database and affected load behavior

    Download URL appliance (requires authentication with download password):

    Download URL SBS (requires authentication with download password):

    Unreleased interim version.

    Unreleased interim version.

    V7.1.34 is based on the development status of V7.0.34 and approved for VS-NfD, EU- and NATO RESTRICTED.

    Please note: If your current version is 7.1.29 and lower, the update should be split into one update to 7.1.30 and a second update to 7.1.34.


    Download URL appliance (requires authentication with download password):
    Version 7.1.34: https://files.update.ecos.de/sw/V7.1.34/bbsecupdate.root

    Download URL SBS (requires authentication with download password):
    Version 7.1.34: https://files.update.ecos.de/sw/V7.1.34/bbmthc.root

    Please note: If your current version is 7.0.29 and lower, the update should be split into one update to 7.0.30 and a second update to 7.0.34.

    New features:

    • 913697: SBS: Internal microphone support for Apple MacBook Pro 2018/2019
    • 913650: SBS: Wifi support for Apple MacBook Pro 2019
    • 907944: SBS: Update of VMware Horizon View client to version 21.06-8.3.0
    • 917665: SBS: Dynamic resolution support for remote addresses by IPsec VPN client
    • 890443: SBS: Cisco Jabber softphone support for Citrix
    • 499891: SBS: Additional xfreerdp configuration options for graphics, video and performance optimization
    • 854664: SBS: WebEX support in Firefox browser (not for 7.1.x)
    • 542146: SBS: Ready-to-use message for smartcard login for Evidian Authentication Manager.
    • 872122: SBS: Support of multiple co-established VPN tunnels with related destination profiles (not for 7.1.x)
    • 920918: APP: The admin interface now provides an online help in German language to support administrators
    • 499891: SMA: The configuration form for RDP profiles has been revised in connection with the extended configuration options
    • 882827: TMA: Transfer of valid SANs from uploaded CSR into issued certificate has been extended
    • 801142: TMA: Rights-dependent key export option via API

    Bug fixes:

    • 916480: ALL: Configuration changes executed in rapid sequence (< 1 second) were sometimes not implemented immediately
    • 767039: SBS: Special characters were passed with an incorrect character encoding when using a browser-in-the-box application in a web profile
    • 876197: SBS: The SBS desktop displayed special characters incorrectly in desktop icons names
    • 886480: SBS: The SBS SX started with an incorrect year in the system date (e.g. 2051) on some host computers
    • 913705: SBS: The unlock screen was displayed distorted with certain screen settings in connection with multi-monitor use
    • 917108: SBS: Audio input/output was not possible when using the Citrix profile type "StoreFront Store"
    • 697172: SBS: SSH target profiles were displayed only in the profile start menu, but not as desktop icon
    • 918438: APP: The local database (couchdb) stopped after hard disk storage capacity reached its limit and was unable to recover once storage space was available again
    • 914169: APP: Queries with restrictions on empty values for numeric attributes led to error messages
    • 879034: APP: When changing IP addresses on the network interfaces in an HA cluster, ARP update packets were sometimes sent for the wrong interface
    • 869253: APP: When executing wizards, certificates could not be downloaded
    • 918444: APP: Non-administrator users could not move documents if access rights were not set for single attributes
    • 368297: APP: QR code display in Firefox was covered by scroll bars
    • 915317: APP: The default update process could not be executed on appliances with versions greater than 7.0.29
    • 921768: APP: Firmware images for VGA20 routers could not be uploaded to the appliance (not for 7.1.x)
    • 861174: SMA: Updated CRLs could sometimes not be deployed automatically on slave instances of the appliance
    • 913804: SOS: The Secure Boot OS could not be started via PXE boot (not for 7.1.x)

    Download URL appliance (requires authentication with download password):

    Download URL SBS (requires authentication with download password):


     

    Acronyms

    ACA     Authentication Control Appliance
    ALL      All ECOS Solutions
    API      HTTP Application Programming Interface
    APP      All ECOS Appliances
    SBS      Secure Boot Stick
    SCC      Secure Conference Center
    SOS     SecureOS
    SMA    System Management Appliance
    TMA    Trust Management Appliance