A new minor release of the ECOS SecureBootStick (SBS) and the ECOS SystemManagementAppliance (SMA) is now available in version 7.
Recent changes
Version 7.60.0 introduces support for IPv6-based transport networks between the SBS and VPN gateways. If your environment supports IPv6 and you upgrade your SMA to version 7.60.0 as well, IPv6 addressing will be available immediately after the upgrade.
The network services of the SBS have been updated as part of the system maintenance routine. As a result, the Intel XMM7360 and 7560 LTE modems cannot be used in version 7.60.0. The automatic connection setup after computer startup does not work properly with some WLAN chipsets. Users must start the connection manually in this case.
As of version V61.0, the RDP client version 2.2.0 is no longer supported.
Past changes
With version V7.58.0, the versioning scheme has been changed to semantic versioning. Version 7.58.0 is thus the successor of version 7.0.50. The previous distinction between standard versions and VS-NfD-approved versions at the second position of the version number is no longer applicable and replaced by the build tag +vsnfd.
Versions marked +vsnfd contain only the VPN clients and applications approved for VS-NfD to satisfy the increased security requirements imposed by the VS-NfD approval. +vsnfd versions are mandatory in VS-NfD environments. Outside VS-NfD environments, versions without build tag grant full interoperability with IT infrastructures that may not be VS-NfD compliant (e.g. SSL VPN gateways).
The SMA must be notified of the new versioning scheme to be able to upload and distribute the new update images. ECOS provides a special SMA update for this purpose, which is available at:
files.update.ecos.de/sw/ecos/bbsecupdate_V7.57.999.root
The update contains the minimum required customizations so update mechanisms and security checks accept the new version numbering. Other SMA components remain unaffected. Therefore, the SMA does not change the previous version number when the special update is installed. Other SMA components remain unaffected.
The SMA also supports an improved update image compression as of version 7.58.0 / 7.58.0+vsnfd to provide and process updates more efficiently. If you operate your own update server, the SMA requires at least version 7.0.50/7.1.50 or higher.
Please find further relevant information in our version information in section Notes on versioning.
How to get the update
You can download the update image from our update server via the appliance or the Secure Boot Stick. If your systems do not update automatically, please update via the appliance's administration interface in ECOS Appliance Actions Update or via the SBS desktop menu in System Update software.
Provided a local update server has been configured on the appliance, updates can be downloaded using the URL specified in each changelog and then installed on the appliance. Manual downloads can only be performed using a locally configured update server. A valid download password is required. If you have not yet received a download password, please contact our support team (support[at]ecos.de).
If the SMA is directly connected to the Internet (to hz.update.ecos.de), update images can also be downloaded directly with the Software Update Image object. Go to the download tab, enter the specific version number into the version field, e.g. V7.58.0 or V7.58.0+vsnfd (note that 'V' must be a capital letter) and apply.
V7.61.2+vsnfd is based on the development status V7.61.2 and is approved for VS-NfD, EU and NATO-RESTRICTED.
Download
(requires authentication with download password)
New features
SBS | 1295819 | Support for Lenovo ThinkPad X13 Gen 4 (13" Intel) LTE module |
1273011 | Support for HP EliteBook 645 14 inch G10 notebook PC LTE module | |
1287111 | VMware Horizon client updated to version 2312.1 |
Bug fixes
APP | 1293602 | Rolling out updates and synchronization between appliance instances and between appliance and SBS only ran with limited bandwidth |
1287766 | The subclassification for error states in error tags added with V7.60 could lead to unexpected responses when using the appliance API directly | |
SBS | 1286569 | Starting Citrix Desktop from Citrix Netscaler Start was not possible after update to version 7.60.9 |
1240721 | Video codecs H.264 and H.264-4.4.4 could not be specifically deactivated for VMware Horizon View clients with BLAST protocol via the SMA | |
1272410 | WLAN could not be used on the SBS with the "WPA/WPA2 Enterprise" option |
Download
(requires authentication with download password)
V7.61.1+vsnfd is based on the development status of V7.61.1 and approved for VS-NfD, EU- as well as NATO RESTRICTED.
Download
(requires authentication with download password)
Bug fixes
APP SBS | 1290223 | The update mechanism for both appliance and SBS software encountered an error in version 7.61.0 because authentication via TLS1.3 post handshake failed. TLS1.3 has therefore been temporarily disabled, so that version 7.61.1 now communicates using TLS1.2. This issue will be fixed in a future release to support TLS1.2 and TLS1.3 again. |
Download
(requires authentication with download password)
V7.61.0+vsnfd is based on the development status of V7.61.0 and approved for VS-NfD, EU- as well as NATO RESTRICTED.
Download
(requires authentication with download password)
New features
APP | 1186942 | Update to kernel 5.15 (5.15.140) |
APP | 1230700 | Update of Apache web server to version 2.4.59-r1 |
APP | 1084384 | Support for dashboards with graphical display of central KPIs |
APP | 1122606 | Optimized configuration options for diagrams |
APP | 1198367 | Extended support for network interfaces |
APP | 983737 | Compression of appliance updates switched to Zstandard for greater efficiency |
APP | 1207690 | Download link for Evolis smartcard printer driver |
SBS | 1264194 | Bootloader Shim 15.8 and Grub 2.12 integrated for secure boot with current Microsoft signature |
SBS | 1187502 | Update of Citrix Workspace App to version 23.9.0.24 |
SBS | 1187599 | Update of VMware Horizon client to version 8.11.1 |
SBS | 1206640 | Update of kernel 6.1 (6.1.78) |
SBS | 1206640 | Update of kernel 5.15 (5.15.140) |
SBS | 1206640 | Update of kernel 5.10 (5.10.202) |
SBS | 1257093 | Support for MS Teams relay server (not for VS-NfD) |
SBS | 1125864 | Support for bookmarks with tab navigation in Firefox kiosk mode |
SBS | 1231980 | Support for USB redirection in RDP client |
TMA | 1150266 | Configuration option for assigning serial numbers to certificates (random or consecutive) in admin UI |
TMA | 1204851 | ACME client now supports account binding |
TMA | 1031276 | Support for ACME authorization via DNS challenge |
TMA | 1196726 | Support for ACME orders with multiple identifiers |
TMA | 1128696 | Connection to D-Trust for obtaining public certificates via CMP |
TMA | 1181076 | Support for preconfigured subscriber accounts with assignment to a specific CA |
Deprecated
SBS | RDP client (FreeRDP) version 2.2 removed |
Bug fixes
APP | 1203741 | Duplicating a software image object resulted in an unusable data object on the appliance |
APP | 1148372 | System connector entries were displayed in the log with the name 'Smartcard Enrollment' |
APP | 1197722 | Certificate chains could not be imported if any CA in the chain had previously been imported separately |
APP | 1102607 | Certificate enrollment on a JCOP smartcard sometimes displayed an error message even though the enrollment was successful |
SBS | 1098306 | The internal microphone of Fujitsu E5411 laptops could not be used with the Sound Open Firmware (SOF) driver |
SBS | 1185765 | The use of the RDP client xfreerdp with Kerberos support led to authentication problems |
SBS | 1160826 | Mapping of USB storage devices could not be used in the Citrix client |
SBS | 1181427 | The ASUS USB-N10 NANO WLAN stick could not be used in version 7.60.x |
SBS | 1162358 | Starting a scheduled default destination sometimes caused a connection previously started manually by the user to be terminated |
SBS | 1136456 | Deactivating the option for additional remote servers in the IPsec configuration sometimes meant that a VPN connection could no longer be established |
SBS | 1161758 | Launching applications from desktop icons or context menu could result in lack of user notification in case of error |
SBS | 1009214 | The SSL VPN client always expected the server certificate's subject in the topmost registered VPN server (not for VS-NfD) |
SBS | 1179035 | The IPsec VPN client could not establish any further tunnels in parallel |
SBS | 1048187 | Firefox browser displayed blank entries in kiosk mode due to disabled context menu features |
SBS | 1188277 | The RDP destination for RDS farm environments could not be started |
SBS | 1162554 | Help feature could not be hidden |
SMA | 1214781 | After updating to version 7.60.x, the admin UI could not be started if PXE support for ECOS SOS was active at the same time |
TMA | 1196900 | Smartcard issuance sometimes failed because the container for smartcards and tokens was not automatically created when needed |
TMA | 1215318 | SCEP service logs could not be retrieved via the 'Logs' tab in the admin UI |
TMA | 1198039 | In version 7.60.x, the certificate subject alternative names (SAN) field allowed invalid special characters, meaning no valid certificate could be issued |
Download
(requires authentication with download password)
V7.60.9+vsnfd is based on the development status V7.60.9 and is approved for VS-NfD, EU and NATO-RESTRICTED.
Download
(requires authentication with download password)
Bug fixes
SBS | 1264194 | Bootloader Shim 15.8 and Grub 2.12 integrated for secure boot with current Microsoft signature |
Download
(requires authentication with download password)
V7.60.8+vsnfd is based on the development status V7.60.8 and approved for VS-NfD, EU and NATO-RESTRICTED.
Download
(requires authentication with download password)
Bug fixes
SBS | 1260451 | Bootloader Shim 15.6 and Grub 2.12 integrated for secure boot after MS update 8/24 |
Download
(requires authentication with download password)
V7.60.7+vsnfd is based on the development status V7.60.7. The use of VS-NfD is tolerated by the BSI due to the MS patch 08/24. The operator bears the risk of usage.
Download
(requires authentication with download password)
Bug fixes
SBS | 1260442 | Fix for SBAT EFI entries for Linux boot implemented by MS Update 8/24 |
Download
(requires authentication with download password)
DV7.60.6+vsnfd is based on the development status of V7.60.6. The use for VS-NfD is tolerated by the BSI due to the MS patch 08/24. The operator bears the risk of usage.
Download
(requires authentication with download password)
Bug fixes
SBS | 1260440 | Bootloader Shim 15.8 integrated without Microsoft signature |
Download
(requires authentication with download password)
V7.60.5+vsnfd is based on the development status of V7.60.5 and approved for VS-NfD, EU and NATO RESTRICTED.
Download
(requires authentication with download password)
Bug fixes
SBS | 1240396 | OpenSSH was provided with a patch against “regreSSHion” (CVE-2024-6387) in version 9.4_p1 used by V7.60 |
Download
(requires authentication with download password)
V7.60.4+vsnfd is based on the development status of V7.60.4 and approved for VS-NfD, EU- as well as NATO RESTRICTED.
Download
(requires authentication with download password)
New features
APP | 1208003 | Network components from different manufacturers displayed incorrect behavior when a certificate contained the Netscape comment attribute nsComment. The certificate issuing process of ECOS Appliances has therefore been adjusted. The attribute is no longer used. |
Bug fixes
SBS | 1213065 | When using SBS auto-start destinations in conjunction with an HA network of the SMA, the SBS sometimes repeatedly attempted to establish the VPN connection even though it had already been established. |
SBS | 1211168 | Typos in the configuration menu of the display service on the SMA have been fixed |
SOS | 1209154 | Although the PXE configuration was deleted from the appliance, client devices configured for PXE boot continued to install because the underlying boot configuration for those devices has not been removed (not for VS-NfD) |
Download
(requires authentication with download password)
V7.60.3+vsnfd is based on the development status of V7.60.3 and approved for VS-NfD, EU- as well as NATO RESTRICTED.
Download
(erfordert die Authentisierung per Download-Kennwort)
Bug Fixes
SBS | 1186020 | Audio was severely distorted when using the A-LAW audio codec in an RDP session |
1189399 | During microphone transmission in an RDP session, the signal was sometimes delayed significantly | |
1196709 | When starting a Citrix session, the browser login screen might not appear due to a graphics driver problem |
Download
(requires authentication with download password)
Bug Fixes
SOS | 1089550 | Support for loading the local boot order for PXE boot (not for VS-NfD) |
089523 | Support for PXE installation via HTTP (not for VS-NfD) |
V7.60.0+vsnfd is based on the development status of V7.60.0 and approved for VS-NfD, EU- as well as NATO RESTRICTED.
Download
(requires authentication with download password)
New Features
SBS | 1102913 | OpenConnect VPN client updated to version 9.12 (not for VS-NfD) |
TMA | 1187295 | Certain devices require the provision of EC key material in SEC1 format. As an alternative to the current PKCS#8 format, the TMA now supports exporting EC keys in the older SEC1 format. |
Bug Fixes
SBS | 1128088 | The HP LTE modem Xmm7360 was not initialized correctly with kernel 5.19 and could not be used |
1183456 | Under certain circumstances, it was not possible to use 802.1x authentication on the wireless LAN | |
1179796 | In version 7.60.0 it was not possible to connect to a terminal server farm via RDS gateway and RDS connection broker | |
1185878 | The SSL VPN could not be established with Cisco AnyConnect in version 7.60.0 (not for VS-NfD) | |
APP | 1172603 | The SSH daemon did not send a NAS port ID at tunnel start, therefore OTP authentication via RADIUS was not possible (not for VS-NfD) |
1177656 | RADIUS reply attributes were truncated after the equals sign, and were therefore passed on in an incomplete form (not for VS-NfD) | |
1156153 | RADIUS requests with concatenated attributes may not have been fully resolved (not for VS-NfD) | |
1184869 | In certificate containers, the upload button for certificates was sometimes covered by other elements and could not be selected due to a display error in the admin UI | |
SMA | 1187724 | In HA operation with several fully synchronized master instances (active-active), consistent conflict resolution could not be performed under certain circumstances during simultaneous update operations on the same object |
Download
(requires authentication with download password)
V7.60.0+vsnfd is based on the development status of V7.60.0 and approved for VS-NfD, EU- as well as NATO RESTRICTED.
Download-URLs
(requires authentication with download password)
APP | files.update.ecos.de/sw/ecos/bbsecupdate_V7.60.0+vsnfd.root | |
SBS | files.update.ecos.de/sw/ecos/bbmthc_V7.60.0+vsnfd.root |
New features
SBS | 1127560 | Support for Realtek Semiconductor RTL8852BE (10ec:8852) WLAN chip |
1091438 | Support for Nvidia RTX 3060Ti (10de:2489) graphics chip | |
1132472 | Support for graphics chip driver Nvidia RTX 4080 (10de:2704) and RTX 4090 (10de:2684) | |
1136339 | Support for Nvidia driver version 340 with kernel 5.10 | |
1162585 | Addition of kernel 6.2 (6.2.16) | |
1162583 | Addition of kernel 6.1 (6.1.43) | |
1162579 | Update of kernel 5.15 (5.15.125) | |
1162577 | Update of kernel 5.10 (5.10.189) | |
1162587 | Kernel 5.19 dropped | |
1162575 | Kernel 4.14 dropped | |
1162765 | Citrix Workspace App updated to version 23.7.0.17 | |
1162767 | Citrix Receiver updated to version 2.9.600.2900 | |
991220 | Enabling/disabling of Citrix Adaptive Audio | |
1157741 | Hot plugging for USB headsets during Citrix session | |
1162770 | Cisco Webex client for VDI updated to version 43.6.0.26456 | |
1162772 | VMware Horizon View updated to version 23.06 - 8.10.0 | |
1094580 | Cisco Webex client VDI support for VMware Horizon View | |
1162789 | RDP client (FreeRDP) updated from version 2.7.0 to version 2.9.1-r1 | |
1162775 | Firefox browser updated to version 102.11.0 | |
1089557 | Proxy configuration option for Firefox and Chromium browsers in SMA admin UI | |
1047215 | Whitelisting option for persistent cookies in Firefox browser in SMA admin UI | |
1097404 | Support for IPv6 transport networks | |
981420 | Support for IPv6 transport networks to VPN gateway for IPsec VPN client | |
1089668 | F5 VPN client updated to version 7220.2022.0308.1 (not for VS-NfD) | |
1002622 | Option to open a default destination right after SBS boot | |
1014865 | Option to configure default menu options on the SBS desktop via SMA Admin UI | |
1144795 | Option allowing SBS users to show/hide their WiFi password on entry | |
1151487 | Integration of SBS user manual into SBS image to allow users to read the manual without network connection | |
APP | 1162971 | Update of kernel 5.15 (5.15.129) |
1136429 | Support for Evolis Primacy smartcard printer | |
1115668 | VMware tools updated to version 12.2.0 | |
1064265 | Report option for querying certificate lists related to containers for joint certificate rollout | |
1100366 | Option to select multiple items in a table by copy and paste of a criteria list as a filter in a table column | |
SMA | 1150347 | Ability to disable management connections for SBS while smartcard enrollment service is active |
TMA | 1086003 | NDES client for connection to external (public) CA (not for VS-NfD) |
Deprecated
SBS | 1146487 | RDP client (FreeRDP) version 2.0 removed |
Bug fixes
SBS | 1101422 | The SBS SX/ZX allowed the entry of a startup password, a feature that is not supported for the SBS variants with smartcard |
1118523 | News tabs in the Chromium browser were displayed with a cryptic title | |
1123906 | The "Power off" button in the destination selection dialogue did not respond under certain circumstances | |
1158058 | The Firefox browser could not open PDF documents under certain circumstances | |
1136448 | Additional remote certificates (e.g. for migration of gateways) were not accepted for IPsec VPN configuration | |
1107259 | Multi-monitor support for RDP could not be disabled | |
1117422 | Simultaneous use of a Citrix web destination and a Firefox destination was not possible | |
1143354 | Umlauts were displayed incorrectly when starting a VNC session within a Citrix session | |
1157347 | In version 7.58.x, Easy Enrollment via VPN could not be performed under certain circumstances | |
1156041 | In version 7.58.x, a second browser could not be launched if a Microsoft MFA authentication had previously been performed in the browser and the first browser was still active | |
1150443 | In version 7.58.x, IPsec VPN could not be used with IKEv1 preshared key authentication (not for VS-NfD) | |
ALL | 1145704 | The network interface status incorrectly reported an error when virtual IP addresses were configured on the interface |
APP | 1130729 | Subsequent changes to PKI policies for CRL and OCSP were not automatically updated for the using CA |
1112884 | The application server sometimes did not start after installation and required an additional restart | |
1139120 | The admin UI offered an MTU configuration option for appliance network interfaces that is not supported for appliances and has no effect - the option has been removed | |
1150561 | Upload of license files was aborted with an error in some cases | |
1139797 | In an HA cluster, a directory synchronization configured for a slave node was sometimes performed by a master node | |
1131451 | The OCSP service required a restart after updating the server certificate | |
1146837 | The OCSP service could only be activated if the "S-Proxy" feature was enabled per license file | |
SMA | 1149170 | The certificate attribute "Display status" could be selected in queries, although it is a calculated attribute that is not supported in queries |
TMA | 1102607 | The enrollment of certificates on JCOP cards sometimes showed an error message although the enrollment was performed successfully (not for VS-NfD) |
Download URLs
(requires authentication with download password)
V7.58.3+vsnfd is based on the development status of V7.58.3 and approved for VS-NfD, EU- as well as NATO RESTRICTED.
Download URLs
(requires authentication with download password)
APP | files.update.ecos.de/sw/ecos/bbsecupdate_V7.58.3+vsnfd.root | |
SBS | files.update.ecos.de/sw/ecos/bbmthc_V7.58.3+vsnfd.root |
Bug fixes
SMA | 1144018 | System Connector reports authentication failure during Easy Enrollment (not forVS-NfD) |
Download URLs
(requires authentication with download password)
APP | files.update.ecos.de/sw/ecos/bbsecupdate_V7.58.3.root | |
SBS | files.update.ecos.de/sw/ecos/bbmthc_V7.58.3.root |
V7.58.2+vsnfd is based on the development status of V7.58.2 and approved for VS-NfD, EU- as well as NATO RESTRICTED.
Download URLs
(requires authentication with download password)
APP | files.update.ecos.de/sw/ecos/bbsecupdate_V7.58.2+vsnfd.root | |
SBS | files.update.ecos.de/sw/ecos/bbmthc_V7.58.2+vsnfd.root |
New features
TMA | 1118709 | Support for certificate issuance without OCSP AIA, so devices can be issued certificates that generate errors with OCSP AIA in the device certificate. |
Bug fixes
SBS | 1055442 | The IPsec client (strongswan) blocked outgoing data packets when multiple remote servers were specified in the configuration but not marked as active |
1133287 | In V7.58.0, connected microphones could not be used in Citrix web sessions | |
1127333 | In V7.58.0, mouse wheel clicks were no longer recognized as clicks in a Citrix session | |
1102660 | Printer drivers configured in a printer map could not be used in an RDP session | |
APP | 1110008 | The group ID of the Diffie-Hellman group was not displayed in the key exchange configuration for IPsec client connections |
1136295 | The server-generated shared secret for the appliance's SSL VPN service was sometimes re-computed due to an update (not for VS-NfD) | |
1116559 | Uploading PKCS#12 containers without password was not possible | |
1102692 | The password of cached PKCS#12 containers was not updated when the corresponding key was encrypted with a new passphrase | |
1095939 | Renewing a certificate via wizard generated an error because the passphrase of the private key was not queried | |
1087833 | An authentication error could occur in an HA cluster during smartcard enrollment | |
1129742 | Smartcard enrollment was rejected because the OTPs used for enrollment were sometimes not assigned to the smartcard container. | |
1094774 | Revoking a client certificate restarted the server for the admin UI | |
SMA | 1098313 | Moving an SBS could lead to a failure of the ECOS System Connector |
Download URLs
(requires authentication with download password)
APP | files.update.ecos.de/sw/ecos/bbsecupdate_V7.58.2.root | |
SBS | files.update.ecos.de/sw/ecos/bbmthc_V7.58.2.root |
V7.58.1+vsnfd is based on the development status of V7.58.1 and approved for VS-NfD, EU- as well as NATO RESTRICTED.
Download URLs
(requires authentication with download password)
APP | files.update.ecos.de/sw/ecos/bbsecupdate_V7.58.1+vsnfd.root | |
SBS | files.update.ecos.de/sw/ecos/bbmthc_V7.58.1+vsnfd.root |
Bug fixes
SBS | 1126857 | If first browser and then RDP were started via SBS desktop icons and thus active at the same time, the NAT rules for WebRTC were not cleared and caused connection problems |
1116377 | Multiple destinations launched at the same time could lead to firewall rules blocking each other | |
APP | 1126825 | Configuration checks caused high load and were optimized |
Download URLs
(requires authentication with download password)
APP | files.update.ecos.de/sw/ecos/bbsecupdate_V7.58.1.root | |
SBS | files.update.ecos.de/sw/ecos/bbmthc_V7.58.1.root |
Starting with this version, we change our version numbering scheme to sematic versioning. The version originally planned as 7.1.58 thus spells V7.58.0+vsnfd. Please read the Notes on versioning section carefully before updating and observe the required special SMA update and, if applicable, the intermediate updates.
V7.58.0+vsnfd is based on the development status of V7.58.0 and approved for VS-NfD, EU- as well as NATO RESTRICTED.
Download URLs
(requires authentication with download password)
Starting with this version, we change our version numbering scheme to sematic versioning. The version originally planned as 7.0.58 thus spells V7.58.0. Please read the Notes on versioning section carefully before updating and observe the required special SMA update and, if applicable, the intermediate updates.
New features
ALL | 1066219 | Activation of new speculation protection options for kernel |
SBS | 988213 | The SBS image is delivered in Zstandard compression to allow a more effective compression (requires appliance version 7.0.34 or 7.1.34 and later) |
1089598 | Revision of version numbering according to semantic versioning scheme (https://semver.org/) | |
1064407 | Update of Intel Microcode and firmware blobs | |
1060237 | Support for internal microphone on Dell Latitude 3520 | |
1063484 | Firmware versions for Intel SOF audio drivers now switchable to provide broader hardware support | |
1056663 | Intel SOF audio support for Fujitsu E5411 | |
1066194 | Intel SOF audio support for Lenovo 14G2 ITL | |
1066189 | Intel SOF audio support for Lenovo E14 | |
1066192 | Intel SOF audio support for Lenovo E595 | |
1059796 | Touchpad and trackball support for Lenovo Thinkpad E15 | |
1021776 | Update of driver set for Apple MacBook Pro model year 2018 | |
1043701 | Runtime optimization for hardware profile manager | |
1082665 | Addition of kernel 5.19 (5.19.16) | |
1082665 | Kernel 5.17 dropped | |
1082609 | Update of kernel 5.15 (5.15.74) | |
1082555 | Update of kernel 5.10 (5.10.148) | |
1082504 | Update of kernel 4.14 (4.14.295) | |
1073126 | Citrix client updated to version 22.7.0.20 | |
1013859 | Revision of Citrix client control with new default configuration | |
1094332 | Static client drive mapping for Citrix sessions replaced with support for Citrix Dynamic Client Drive Mapping (CDM) | |
1025644 | VMware View Horizon client updated to version 22.06 - 8.6.0 | |
1001119 | Support for IPsec VPN with IKEv2 and EAP for Watchguard VPN gateways | |
APP | 1082609 | Update of kernel 5.15 (5.15.74) |
708561 | Extension of directory synchronization, so contains directive can now be used multiple times on a source attribute | |
1015071 | Additional configuration options for RADIUS proxy to optimize handling of unstable connections | |
1034541 | EFI boot support for all appliances | |
1087835 | Support for cryptovision PKCS#11 middleware | |
1044984 | Adapted TLS settings for LDAPS regarding compatibility with FreeRADIUS version 3.0.22 and later | |
907120 | Storage of log files moved to internal PostgreSQL database for better analyzability | |
757368 | Extension of encryption and authentication configuration of Postfix mail gateway | |
1017635 | Extension of query and table functions to display links for user OTP codes | |
1017630 | Extension of query and table functions to display links for QR codes of user one-time passwords | |
1017640 | Extension of query and table functions to display links for user TAN lists | |
1047925 | Smartcard enrollment support for multiple smartcard readers connected in parallel | |
1084935 | Improved user guidance for upload function for certificates with associated password CSV | |
1076343 | Support for connectivity with authentication servers for OpenVPN | |
SMA | 1047543 | Optimization of system connector's load behavior |
TMA | 1026146 | ACME client for connection to external (public) CA |
1026142 | SCEP client for connection to external (public) CA | |
1053256 | Support of key and certificate formats for export via Crypto API | |
921169 | Support for optional automated inclusion of IP address as SAN in certificate (in addition to hostname) |
Deprecated
SBS | 1053424 | Support for NX client removed from SBS ('not for VS-NfD) |
SMA | 1053424 | Support for NX client removed from admin interface ('not for VS-NfD) |
Bug fixes
ALL | 1084400 | Multi-line input fields were sometimes not displayed in the correct size when loading a form for the first time |
1084398 | Multiline input fields in read-only mode did not display line breaks | |
SBS | 1072273 | When starting an SSH destination, the user's login name could not be entered interactively |
940985 | No PIN query appeared on SBS SX/ZX for Intel Iris XE and Intel Tiger Lake UHD graphics chips, the PIN had to be entered blindly | |
1058077 | Trackball and touchpad could not be used on Lenovo E14 and E15 series notebooks with AMD CPU | |
1049001 | During Zoom meetings, the Chromium browser could not display or transfer video data because the browser disabled hardware acceleration on certain hardware. Hardware acceleration can now be forced with an option in the admin interface. | |
1072700 | Citrix Receiver detection had to be confirmed by user at each startup | |
1071222 | When using a UMTS/LTE card, the SBS displayed the error message 'Legitimization required: An application attempts to access the default keyring, but it is locked', because there was no wait for keychain to be released | |
1064367 | Desktop icons were only cleared upon reboot after the 'Show destinations on desktop' checkbox was deactivated on the appliance at runtime | |
1088074 | With the 'Show destinations on desktop' checkbox active, the error message 'Failed to restart the panel' appeared sporadically after starting SBS | |
1071165 | After updating to SBS version 7.0.50 or 7.1.50, the own WLAN was no longer displayed under certain circumstances | |
1076364 | TLS1.3 post-authentication failed in Firefox and Chromium browsers | |
1044624 | The graphical bootsplash has been shown displaced with the latest versions of kernels 4.14, 5.15 and 5.17 | |
901095 | The text boot splash was displayed without alignment and illegible with the last versions of kernels 4.14, 5.15 and 5.17 | |
1076856 | When closing a Citrix web target, an incorrect error message ('Unable to flush stdout: Broken Pipe') could occur | |
1071145 | The webcam administration dialog closed after a few seconds if no selection was made | |
SOS | 1056499 | The option to restore the user's numeric keypad setting after a restart did not work |
1089610 | PXE installation sometimes started before an IP address could be obtained from the DHCP server and thus failed | |
APP | 763594 | It was not possible to add a new row to an empty multiple input field or grid (without rows) without reloading the object |
1071582 | If the connection to PostgreSQL was interrupted, the application server could not reconnect under certain circumstances | |
1085243 | The appliance did not update the network configuration for slaves under certain circumstances | |
1087985 | HTTP strict transport security was not enabled on the internal proxy service | |
1002980 | Links were partially not displayed in table views | |
1082145 | OCSP service did not start responder certificate configuration for uploaded CAs | |
1086019 | The OpenVPN service did not start anymore when the 'Client certificate not required' option was enabled | |
1087736 | Configuration backups from version 5 appliances could not be imported into actual appliances under certain circumstances | |
1066852 | The RADIUS service was not restarted after an update of the appliance | |
1084342 | The smartcard enrollment tool did not show English translations | |
SMA | 1089441 | The xfreerdp multimedia client version 2.4.0 could not be selected on the appliance |
1032886 | Changed directory permissions were not recognized during the update process of the SMA under certain circumstances | |
1062901 | The OpenSSL OCSP could block with certain configurations and had to be restarted | |
1064547 | Automatic certificate renewal could not be performed for SBS version 7.0.38 or 7.1.38 onwards |
Download URLs
(requires authentication with download password)
V7.1.57 is based on the development status of V7.0.57 and is approved for VS-NfD, EU- as well as NATO-RESTRICTED.
Download URL appliance (requires authentication with download password):
- Version 7.1.57: https://files.update.ecos.de/sw/ecos/bbsecupdate_7.1.57.root
Download URL SBS (requires authentication with download password):
- Version 7.1.57: https://files.update.ecos.de/sw/ecos/bbmthc_7.1.57.root
New features:
- 1036797: APP: Performance optimization of certificate revocation for a CA with a large inventory
- 1081017: APP: Performance optimization when many clients log on to the appliance at the same time
Bug fixes:
- 1080586: APP: Under certain circumstances, the error "Waitseq Timeout" was reported on the admin UI, although there was no error condition at all
- 1080535: APP: After restarting the database, there was no automatic reconnection of previously established connections to the database
Download URL appliance (requires authentication with download password):
- Version 7.0.57: https://files.update.ecos.de/sw/ecos/bbsecupdate_7.0.57.root
Download URL SBS (requires authentication with download password):
- Version 7.0.57: https://files.update.ecos.de/sw/ecos/bbmthc_7.0.57.root
V7.1.56 is based on the development status of V7.0.56 and approved for VS-NfD, EU- as well as NATO RESTRICTED.
Download URL appliance (requires authentication with download password):
- Version 7.1.56: https://files.update.ecos.de/sw/ecos/bbsecupdate_7.1.56.root
Download URL SBS (requires authentication with download password):
- Version 7.1.56: https://files.update.ecos.de/sw/ecos/bbmthc_7.1.56.root
New features:
- -
Bug fixes:
- 1077655: SBS: WLAN could no longer connect to local WLAN router under certain circumstances - WPA supplicant downgraded from 2.10 to 2.09
Download URL appliance (requires authentication with download password):
- Version 7.0.56: https://files.update.ecos.de/sw/ecos/bbsecupdate_7.0.56.root
Download URL SBS (requires authentication with download password):
- Version 7.0.56: https://files.update.ecos.de/sw/ecos/bbmthc_7.0.56.root
V7.0.55 is an unreleased SCC version..
New features:
- 1068778: SCC: SCC configuration data added to default appliance backup
- 1048755: SCC: Support for meeting welcome message configuration
- 1077062: SCC: Advanced support for authentication to Exchange server
Bug fixes:
- 1077055: SCC: Kurento MCU not executable after new installation due to missing libraries
V7.1.54 is based on the development status of V7.0.54.
Download URL appliance (requires authentication with download password):
- Version 7.1.54: https://files.update.ecos.de/sw/ecos/bbsecupdate_7.1.54.root
Download URL SBS (requires authentication with download password):
- Version 7.1.54: https://files.update.ecos.de/sw/ecos/bbmthc_7.1.54.root
New features:
- -
Bug fixes:
- 1073123: SBS: Quality of webcam within Citrix sessions was very poor as a result of a known bug in Citrix 22.2.0.20
Download URL appliance (requires authentication with download password):
- Version 7.0.54: https://files.update.ecos.de/sw/ecos/bbsecupdate_7.0.54.root
Download URL SBS (requires authentication with download password):
- Version 7.0.54: https://files.update.ecos.de/sw/ecos/bbmthc_7.0.54.root
V7.0.53 is an unreleased SCC version.
New features:
- 1048750: SCC: Support for automated user creation and/or authentication via AD
- 1056167: SCC: Connection to email server for registration and password reset e-mails
- 1048757: SCC: Customizable default presentation
- 1048734: SCC: Configurable password complexity in SCC admin UI
- 1070330: SCC: Support for automated update image acquisition
- 1055645: SCC: Configurable reference to privacy policy
Bug fixes:
- 1068625: SCC: Root partition too small to run updates
V7.1.52 is based on the development status of V7.0.52.
Download URL appliance (requires authentication with download password):
- Version 7.1.52: https://files.update.ecos.de/sw/ecos/bbsecupdate_7.1.52.root
Download URL SBS (requires authentication with download password):
- Version 7.1.52: https://files.update.ecos.de/sw/ecos/bbmthc_7.1.52.root
New features:
- -
Bug fixes:
- 1068235: SBS: Previously created destinations could no longer be started after an update from version 7.0.50 / 7.1.50 under certain circumstances 1068387: APP: The replication service could not efficiently accept connection requests under heavy load
Download URL appliance (requires authentication with download password):
- Version 7.0.52: https://files.update.ecos.de/sw/ecos/bbsecupdate_7.0.52.root
Download URL SBS (requires authentication with download password):
- Version 7.0.52: https://files.update.ecos.de/sw/ecos/bbmthc_7.0.52.root
V7.1.51 is based on the development status of V7.0.51.
Download URL appliance (requires authentication with download password):
- Version 7.1.51: https://files.update.ecos.de/sw/ecos/bbsecupdate_7.1.51.root
Download URL SBS (requires authentication with download password):
- Version 7.1.51: https://files.update.ecos.de/sw/ecos/bbmthc_7.1.51.root
New features:
- -
Bug fixes:
- 1038301: APP: The login to the admin UI with RADIUS authentication did not work after updating the SMA from V7.1.45 to V7.1.50
Download URL appliance (requires authentication with download password):
- Version 7.0.51: https://files.update.ecos.de/sw/ecos/bbsecupdate_7.0.51.root
Download URL SBS (requires authentication with download password):
- Version 7.0.51: https://files.update.ecos.de/sw/ecos/bbmthc_7.0.51.root
V7.1.50 is based on the development status V7.0.50 and is approved for VS-NfD, EU- as well as NATO-RESTRICTED.
Please note: If your current version is 7.1.49 and lower, the update must be split into one update to 7.1.49 and a second update to 7.1.50.
Download URL appliance (requires authentication via download password):
- Version 7.1.50: https://files.update.ecos.de/sw/V7.1.50/bbsecupdate.root
Download URL SBS (requires authentication by download password):
- Version 7.1.50: https://files.update.ecos.de/sw/V7.1.50/bbmthc.root
Please note: If your current version is 7.0.49 and lower, the update must be split into one update to V7.0.49 and a second update to V7.0.50.
New features:
- 1064762: SBS: Bootloader Shim updated to version 15.6
- 823948: SBS: Bootloader GRUB updated to version 2.06
- 1031607: SBS: Support of selective firmware usage for WLAN adapter Killer ath10k
- 830036: SBS: Support of special fan control for Lenovo Thinkpad (thinkfan)
- 825529: SBS: Support of keyboard and mouse on Apple MacBook MJ2015
- 1050502: SBS: Support of Intel Multimedia Audio Controller 0401 (8086:a0c8)
- 1017894: SBS: Optimization of Apple MacBook Pro firmware switches for current kernels
- 1017889: SBS: Optimization of Nvidia graphics driver control
- 1029418: SBS: Extended error messages in boot process for quick analysis of problems at system startup
- 1026876: SBS: Extended hardware test information for hardware profiles for quick analysis of hardware problems
- 1025429: SBS: Extended hardware test information for RandR for problem solving with multi-monitor support
- 1042671: SBS: Cisco Jabber client for VDI updated to version 14.1.1
- 1029360: SBS: Cisco Webex client for VDI updated to version 41.6.3.2560
- 1019555: SBS: Optimization of default parameters for RDP client (xfreerdp)
- 952814: SBS: Support for authentication to destination systems (e.g. Citrix) with smartcard in the integrated smartcard reader (FX/SX/ZX)
- 1027289: SBS: Appearance of Chromium browser startup revised regarding maximization of browser window and automatic hiding of bookmarks bar
- 1025628: SBS: Appearance of Firefox browser startup revised regarding maximization of browser window and automatic hiding of bookmarks bar
- 1014388: APP: Extended user information in OTP QR code for better readability in authenticator apps (e.g. Google Authenticator)
- 1029487: APP: Optimization of the readability of the available hard disk space on ECOS Appliance/Info
- 990890: APP: Support of multiple CAs by one OCSP responder
- 1022891: SMA: Optimized user guidance for Citrix desktop profile configuration
- 1026148: TMA: Extended options for automatic fetching of CRLs from external CAs
Bug fixes:
- 940985: SBS: With certain graphics cards (e.g. Intel Iris XE, Iris Plus, Tiger Lake UHD) no PIN prompt was displayed on the screen and PIN had to be entered blindly
- 1035701: SBS: Time zone settings for SBS users were not correctly implemented on SBS
- 1031156: SBS: When using VNC for remote maintenance of SBS, no data could be copied via clipboard
- 1041363: SBS: When using VNC for remote maintenance of SBS, no special characters could be transferred using the AltGrR key
- 964987: SBS: Local settings were not preserved for Chromium browser type, although checkbox for Access restrictions/Keep local settings was activated in browser configuration
- 972899: SBS: Microphones or cameras allowed by user were not preserved for Firefox browser, although checkbox for Access restrictions/Keep local settings was activated in browser configuration
- 980716: SBS: System-wide Chromium browser policies sometimes prevented simultaneous use of multiple destinations in Chromium browser
- 984236: SBS: Umlauts were not displayed correctly in message window after unsuccessful SBS activation
- 1051530: SBS: Uploaded preferences (prefs.js) were sometimes not applied to Firefox browser type
- 1045942: SBS: Firefox browser did not start when uploaded preferences (prefs.js) were stored
- 1045484: SBS: RDP client sent SBS default user name during session setup when no user name was configured for RDP session. As expected, no name is now sent in this case.
- 1032713: SBS: If configuration changes were made while data synchronization was running, the connection was sometimes interrupted
- 1014675: SBS: Timing control of LAN network interfaces could not be called in admin UI
- 1048909: APP: Revoking a client certificate for the admin UI was not immediately updated on the HTTP server in the CRL
- 1034252: APP: Changes of object paths were not possible in queries
- 950584: APP: Objects with child objects could not be moved by queries with action
- 1002995: APP: Attribute Certificate creation not editable in query result sets
- 1030524: APP: When querying the status of the appliance, the wrong status 'BAD' was returned, although there was no functional error
- 1044555: APP: Certificate subject not adopted by container document during import
- 1033167: SCC: After update, admin UI could not be started because the designated paths could not be created in the file system
- 1035081: SCC: Uploading an SCC image to an appliance was not possible due to configured file sizes limits
Download URL appliance (requires authentication via download password):
- Version 7.0.50: https://files.update.ecos.de/sw/V7.0.50/bbsecupdate.root
Download URL SBS (requires authentication by download password):
- Version 7.0.50: https://files.update.ecos.de/sw/V7.0.50/bbmthc.root
The V7.1.49 is based on the development status V7.0.49 and is approved for VS-NfD, EU- as well as NATO RESTRICTED.
Download URL appliance (requires authentication via download password):
- Version 7.1.49: https://files.update.ecos.de/sw/V7.1.49/bbsecupdate.root
Download URL SBS (requires authentication by download password):
- Version 7.1.49: https://files.update.ecos.de/sw/V7.1.49/bbmthc.root
New features:
-
Bug fixes:
- 1047311: SBS: Genua remote maintenance destinations did not start VPN connection
- 1047567: SBS: The startup parameters for VNC Viewer were not formatted correctly and thus partially ineffective
- 1047317: SBS: Genua remote maintenance destinations not displayed as icon on SBS desktop
Download URL appliance (requires authentication via download password):
- Version 7.0.49: https://files.update.ecos.de/sw/V7.0.49/bbsecupdate.root
Download URL SBS (requires authentication by download password):
- Version 7.0.49: https://files.update.ecos.de/sw/V7.0.49/bbmthc.root
V7.1.48 is based on the development status V7.0.48 and is approved for VS-NfD, EU- as well as NATO RESTRICTED.
Download URL appliance (requires authentication via download password):
- Version 7.1.48: https://files.update.ecos.de/sw/V7.1.48/bbsecupdate.root
Download URL SBS (requires authentication by download password):
- Version 7.1.48: https://files.update.ecos.de/sw/V7.1.48/bbmthc.root
New features:
- 1039998: SBS: Addition of kernel 5.17 (5.17.8)
- 1039998: SBS: Kernel 5.16 dropped
- 1039865: APP: Update of kernel 5.15 (5.15.40)
- 1040005: SBS: Update of kernel 5.10 (5.10.116)
- 1040024: SBS: Update of kernel 4.14 (4.14.279)
- 1019113: SBS: Support for WLAN chip Intel Killer Wi-Fi 6 AX1650i (8086:34f0)
- 1038203: SBS: Support for Realtek 8852 (10ec:8852) WLAN chip
- 1029403: SBS: Cisco Webex client for VDI updated to version 42.5.3.9
Bug fixes:
- 1023202: SBS: An interrupted SBS update could lead to tamper messages
- 1041610: SBS: The routing rule for browser destinations was not set when the default route pointed to VPN
- 1040030: SBS: The WLAN chip Intel Wireless 7260 (8086:08b2) could not be used
- 1041490: SBS: The Internet Wireless Deamon started too early under certain circumstances and blocked the WLAN adapter as a result
- 1042433: SOS: Version for installation could not be determined if the serial number of the device was not previously registered in the SMA
Download URL appliance (requires authentication via download password):
- Version 7.0.48: https://files.update.ecos.de/sw/V7.0.48/bbsecupdate.root
Download URL SBS (requires authentication by download password):
- Version 7.0.48: https://files.update.ecos.de/sw/V7.0.48/bbmthc.root
V7.1.47 is an unreleased interim version.
V7.0.47 is an unreleased interim version.
V7.1.46 is an unreleased interim version.
V7.0.46 is an unreleased interim version.
V7.1.45 is based on the development status of V7.0.42 and approved for VS-NfD, EU and NATO RESTRICTED.
Please note: If your current version is 7.1.29 and lower, the update should be split into one update to 7.1.30 and a second update to the actual version.
Download URL appliance (requires authentication with download password):
- Version 7.1.45: https://files.update.ecos.de/sw/V7.1.45/bbsecupdate.root
Download URL SBS (requires authentication with download password):
- Version 7.1.45: https://files.update.ecos.de/sw/V7.1.45/bbmthc.root
Please note:
It is known that version 7.0.42 on SBS HE variants (not for V7.1.x) could lead to startup problems on specific hardware platforms. Version 7.0.42 has therefore not been released for live operation. This follow-up release solves the issue.
If your current version is 7.1.29 and lower, the update should be split into one update to 7.1.30 and a second update to the actual version.
New features:
- #941407: SBS: Update of Citrix Workspace App to version 2109
- #1024079: SBS: The Chromium browser can now optionally be started in full screen mode and without bookmark bar
Bug fixes:
- #1020495: SBS: HE did not boot reliably on particular hardware platforms in version 7.x.42 (not for 7.1.x)
- #1027125: SBS: Video/audio streaming via WebRTC did not work with specific IPsec configurations
Download URL appliance (requires authentication with download password):
- Version 7.0.45: https://files.update.ecos.de/sw/V7.0.45/bbsecupdate.root
Download URL SBS (requires authentication with download password):
- Version 7.0.45: https://files.update.ecos.de/sw/V7.0.45/bbmthc.root
V7.0.44 is an unreleased interim version.
V7.0.43 is an unreleased interim version.
V7.1.42 is based on the development status of V7.0.42 and is approved for VS-NfD, EU and NATO RESTRICTED.
Please note: It is known that version 7.0.42 on SBS HE variants (not for V7.1.x) could lead to startup problems on specific hardware platforms. Version 7.0.42 has therefore not been released for live operation. The issue is solved by the current successor version 7.0.45.
New Features:
- #1015454: SBS: Addition of kernel 5.16 (5.16.13)
- #1015456: SBS: Addition of kernel 5.15 (5.15.27)
- #960578: SBS: Kernel 5.14 dropped
- #960578: SBS: Kernel 5.4 dropped
- #1015458: SBS: Update of kernel 5.10 (5.10.104)
- #1015460: SBS: Update of kernel 4.14 (4.14.270)
- #1004066: SBS: Update of VMware Horizon View client to version 21.11 - 8.4.0
- #988664: SBS: Control of computer hardware over new hardware profile manager
- #959331: SBS: Optimized control of iwd or wpa_supplicant depending on the installed WLAN chip
- #975894: SBS: Apple Mac Wifi firmware update
- #964506: SBS: Support for Jabra Evolve 40 to use Open Touch via VMware View
- #952165: SBS: Support for simultaneous use of Nvidia and Intel graphics cards installed on a computer
- #838016: SBS: Support for Grundig voice recorders
- #987103: SBS: Support for Citrix Web Applications (ICA files) in Chromium browser
- #880691: SBS: Central video codec settings for VMware View with BLAST protocol
- #948863: SBS/App: New option in admin UI for forwarding of Philips dictation devices in Citrix session
- #1011359: SBS/APP: Initialization of random number generator optimized
- #1004156: SOS: Installation image version can be obtained from SMA, if SMA is specified as image server
- #1004145: SOS: Reset of PXE boot options to boot SOS after PXE installation is completed
- #1009627: APP: New drag-and-drop feature to move objects from lists or query results in admin UI
- #788955: APP: Optional IPsec VPN gateway on appliance (not for 7.1.x)
- #935033: MOS: Support for portable application packages in tunnel profiles
Bug fixes:
- #1007869: SBS: Nvidia graphics cards of the 1600, 2000 and 3000 series could only be used in emergency mode with limited graphics performance
- #982305: SBS: The graphical display in the VMware View client was blurry in connection and thus difficult to read with AMD Ryzen processors
- #993858: SBS: No network connection could be established using the WLAN adapter BCM4352
- #961044: SBS: The Chromium browser did not show bookmarks
- #980712: SBS: Chromium did not launch applications directly via the registered client applications.
- #986336: SBS: After an update of an SBS via ECOS update server, no update message was passed to the update server
- #996632: SBS: With Trusted Network Detection enabled, the dialog for VPN setup was erroneously displayed in internal network
- #1000244: SBS: The keyboard layout sometimes used an English layout, although a German layout was configured
- #1000635: SBS: The VMware View client sometimes used an English keyboard layout, although a German layout was configured
- #1004612: SBS: When logging in for the first time after SBS update, client certificates were not available in the browsers
- #1006524: SBS: In the mouse pad settings, the option "Two-finger scrolling" was not applied
- #1006370: SBS: Transferring copied content between different destination windows via the system clipboard did not work
- #1016604: APP: If a different software image was set in a software source object, the associated configuration was not updated
- #832805: APP: The progress bar for downloads was not continuously updated in the admin UI
- #1017371: APP: When starting the appliance, an error was sporadically and incorrectly reported stating that repldb could not be created
- #808295: APP: After regenerating the configuration (e.g. due to license updates), SSL VPN connections could no longer be established on the running system if the option "Allow only known clients of this organization" was not activated
- #876755: APP: Changes to the display configuration of wizards became visible only when the wizard interface was actively reloaded
- #1006844: APP: Attachments could not be removed from certificate database
- #557498: APP: References to containers could lead to inefficient execution of replication due to multiple mutual comparison in case of multi-master replication
- #989501: APP: If an error occurred in a query with action, other queries with action were sometimes not executed
- #983560: APP: Under certain circumstances, the update server had to be restarted to effectively renew licenses
V7.1.41 is an unreleased interim version
Bug fixes:
- #1009087: SBS: No connection bar in RD Web
Download URL appliance (requires authentication by download password):
- Version 7.0.41: https://files.update.ecos.de/sw/V7.0.41/bbsecupdate.root
Download URL SBS (requires authentication by download password):
- Version 7.0.41: https://files.update.ecos.de/sw/V7.0.41/bbmthc.root
V7.1.40 is an unreleased interim version.
V7.0.40 is an interim version
Download URL appliance (requires authentication by download password):
- Version 7.0.40: https://files.update.ecos.de/sw/V7.0.40/bbsecupdate.root
Download URL SBS (requires authentication by download password):
- Version 7.0.40: https://files.update.ecos.de/sw/V7.0.40/bbmthc.root
V7.1.39 is an unreleased interim version.
New features:
- #963820: SBS: Support for F5 web RDP incl. gateway token
- #913331: MOS: Update of virtualized Firefox to version 92 32Bit
Bug fixes:
- #629107: MOS: CAs from certificate container in appliance did not end up in Firefox certificate store
Download URL appliance (requires authentication with download password):
- Version 7.0.39: https://files.update.ecos.de/sw/V7.0.39/bbsecupdate.root
Download URL SBS (requires authentication with download password):
- Version 7.0.39: https://files.update.ecos.de/sw/V7.0.39/bbmthc.root
V7.1.38 is based on the development status of V7.0.38 and approved for VS-NfD, EU- and NATO-RESTRICTED.
Download URL appliance (requires authentication with download password):
- Version 7.1.38: https://files.update.ecos.de/sw/V7.1.38/bbsecupdate.root
Download URL SBS (requires authentication with download password):
- Version 7.1.38: https://files.update.ecos.de/sw/V7.1.38/bbmthc.root
New features:
- 475303: SBS: Support for Signotech signature pads
- 977706: SBS: Support for Huawei LTE module ME936
- 934641: SBS: Deletion of previous default kernel 5.13 (EOL)
- 969047: SBS: Inclusion of kernel 5.14 (5.14.21) as new default kernel
- 969044: SBS: Update of kernel 5.10 (5.10.83)
- 969041: SBS: Update of kernel 5.4 (5.4.163)
- 969037: SBS: Update of kernel 4.14 (4.14.256)
- 947810: SBS: Update of Internet Wireless Deamon (iwd) to version 1.18
- 947772: SBS: Update of client for Cisco AnyConnect VPN to version 8.10-r6 (not for 7.1.x)
- 963627: SBS: Update of Chromium browser to version 96.0.4664.45-r1
- 983691: SBS: Update of Firefox browser to version 91.3.0
- 977588: SBS: Update of included RDP clients to versions 3.0-beta, 2.4.1, 2.3.2, 2.2.0 and 2.0.0
- 946668: SBS: Support for IPsec VPN authentication with passphrase-protected private key for SBS variants without smartcard (not for 7.1.x)
- 953305: SBS: Improved input validation for genua Remote Maintenance to avoid configuration errors
- 969044: APP: Update of kernel 5.10 (5.10.83)
- 834232: APP: Selection/filtering of user certificates for directory synchronization
- 839880: APP: Improved support for concurrent editing of the source system during directory synchronization - the creation of objects is delayed if the superordinated part is still missing in the destination path during processing
- 927233: APP: Support for Zstandard compression to optimize appliance updates
- 886202: APP: Support for smartcard enrollment for TCOS smartcards in conjunction with the application for SecurePIM (not yet for 7.1.x - for 7.1.x part of a pending approval)
- 926408: TMA: Support for taking over or completing Extended Key Usages (EKU) from CSR
- 921232: TMA: Added support for IPsec End System EKU
Bug fixes:
- 954841: SBS: The option "Show destinations on desktop" displayed an incorrect icon for the Chromium browser
- 956905: SBS: 802.1x authentication could not be performed with multi-level CA chains
- 943091: SBS: Update was interrupted during post-processing of the EFI partition if recoverable I/O errors had previously occurred on the partition
- 939335: APP: Role assignment for users through templates generated an error
- 938687: APP: A modified configuration of the management connection was not replicated correctly in an HA cluster
- 965678: APP: When exporting extensive configuration data, aborts occurred due to timeouts (timeout errors)
- 681993: APP: The admin interface of the appliance was no longer accessible if the certificate file contained binary data after the certificate
- 982345: APP: When switching between different reports on the appliance, the error "Unexpected exception: Can't use string ('*') ..." was sporadically reported
- 936662: SGA: Routes for network interfaces were not set correctly if overlapping network address ranges were configured for them
- 965528: SMA: When trying to format a smartcard, for which a certificate should have been extended according to the configuration, the enrollment program terminated immediately instead of reporting the error
Download URL appliance (requires authentication with download password):
- Version 7.0.38: https://files.update.ecos.de/sw/V7.0.38/bbsecupdate.root
Download URL SBS (requires authentication with download password):
- Version 7.0.38: https://files.update.ecos.de/sw/V7.0.38/bbmthc.root
Unreleased interim version.
Unreleased interim version.
V7.1.36 is based on the development status of V7.0.36 and approved for VS-NfD, EU- and NATO RESTRICTED.
Please note:
If your current version is 7.1.29 and lower, the update should be split into one update to 7.1.30 and a second update to 7.1.36.
When using HDX support with the current Citrix Workspace App version, the HDX version must be set to version 2.9 in the configuration of the destination system on the SMA, as the Citrix Workspace App version 2109 is not compatible with HDX version 2.8 or older.
Download URL appliance (requires authentication with download password):
- Version 7.1.36: https://files.update.ecos.de/sw/V7.1.36/bbsecupdate.root
Download URL SBS (requires authentication with download password):
- Version 7.1.36: https://files.update.ecos.de/sw/V7.1.36/bbmthc.root
Please note:
If your current version is 7.0.29 and lower, the update should be split into one update to 7.0.30 and a second update to 7.0.36.
When using HDX support with the current Citrix Workspace App version, the HDX version must be set to version 2.9 in the configuration of the destination system on the SMA, as the Citrix Workspace App version 2109 is not compatible with HDX version 2.8 or older.
New features:
- 925291: SBS: Update of Intel microcodes (20210608_p20210830)
- 917603: SBS: Support for Intel Pentium Silver and Intel Pentium Gold processors
- 941268: SBS: Support for Intel Pentium Silver/Gold graphics hardware
- 941262: SBS: Update of audio codecs and Sound Open Firmware (SOF) modules
- 919940: SBS: Support/driver update for Philips SpeechMike
- 907934: SBS: Addition of kernel 5.13 (5.13.19) as new default kernel
- 907934: SBS: Deletion of previous default kernel 5.12 (EOL)
- 941272: SBS: Update of kernel 5.10 (5.10.73)
- 934402: SBS: Update of kernel 5.4 (5.4.153)
- 941259: SBS: Update of kernel 4.14 (4.14.250)
- 941407: SBS: Update of Citrix Workspace App to version 2109
- 941401: SBS: Update of VMware Horizon View client to version 21.06.01 - 8.3.1
- 928808: SBS: Update of xfreerdp RDP client to version 2.3.2 and 2.4.0
- 934518: SBS: Update of Chromium browser to version 94.0.4606.81-r1
- 942043: SBS: Firefox browser updated to version 78.15.0
- 946808: SBS: Support for graphics output in framebuffer mode if no graphics driver can be loaded
- 925721: SBS: New item in boot menu to select WPA supplicant for WLAN connection
- 914573: SBS: Option in RDP client to select the smartcard to be forwarded for authentication
- 920884: SBS: Support for remote maintenance of genua components (not yet for 7.1.x - for 7.1.x part of pending approval)
- 936382: SBS: Option for recording encrypted log information in hardware test to make stick manipulation messages analyzable by manufacturer
- 913971: ALL: Optimized update image size with Zstandard compression algorithm
- 931126: APP: Update of kernel 5.10 (5.10.72) with integration of support for Dell PowerEdge RAID Controller H330
- 937898: APP: SMP support of appliance kernel extended to up to 64 CPUs
- 934521: APP: VMware Tools updated to version 11.3.5
- 898785: APP: The maximum download size of logs via admin interface extended to 20MB
- 799950: APP: Configuration option for maximum number of failed login attempts during RADIUS authentication before user account is locked
- 937597: APP: Replication service load balancing revised to increase scalability of the appliance
- 916485: APP: Display of log entries per service object in admin UI
- 937091: TMA: Support for SCEP certificate renewal requests that do not include an encryption certificate in the reply
Bug fixes:
- 892446: SBS: Authentication with Yubikey was not possible in RDP sessions
- 937032: SBS: Support for Cisco Jabber Softphone for VDI was not usable in the version released for VS-NfD (V7.1.x)
- 938925: SBS: When using the TCP/IP+HTTP protocol in a Citrix desktop target, a program crash error was displayed when closing the session
- 916980: SBS: During initial pairing with smartcard, no clearly assignable error message was displayed if the CN of the certificates on the smartcard had an invalid size (more than 64 characters)
- 930141: SBS: An incorrect operation on the SMA (issuing a new certificate instead of renewing it) could prompt the SBS to generate new keys on its smartcard, thus rendering the SBS unusable.
- 927015: SBS: Logging of monitor data by hardware fingerprinting needlessly created too many entries in default log level, thus burdening the SBS system
- 927844: SBS: Support for LTE modem XMM7360 did not work
- 920574: SBS: Selecting user-defined level adjustment with a scaling smaller than 1.0 in the display settings led to freezing of SBS desktop
- 929013: SBS: The Wifi authentication dialog (802.1X authentication) incorrectly displayed the "Ignore CA certificate" option
- 938929: SBS: A device named "Dummy" appeared in the audio configuration of the SBS if the Sound Open Firmware (SOF) modules required for the device were not available
- 916993: SBS: The SBS update process could not be performed in debug mode for error analysis
- 946517: SBS: If multiple VPN gateways were configured for IPsec VPN connections, the firewall permissions on the client were granted only for the first gateway
- 939524: APP: Creating configurations via wizards using templates from the template container did not work
- 925289: APP: In the configuration forms for software updates, the update image object was misleadingly labeled "Software Update Source". The UI labels were changed to "Software Update Image" resp. "Image"
- 881235: APP: Under certain circumstances, RADIUS OTP authentication did not work automatically after a reboot of the appliance
- 924152: APP: After an update of the appliance, error messages of the management connection appeared in the log ("incomplete message") without any underlying error condition
- 914942: TMA: Continuous certificate requests by incorrectly implemented SCEP clients unnecessarily filled the certificate history in the database and affected load behavior
Download URL appliance (requires authentication with download password):
- Version 7.0.36: https://files.update.ecos.de/sw/V7.0.36/bbsecupdate.root
Download URL SBS (requires authentication with download password):
- Version 7.0.36: https://files.update.ecos.de/sw/V7.0.36/bbmthc.root
Unreleased interim version.
Unreleased interim version.
V7.1.34 is based on the development status of V7.0.34 and approved for VS-NfD, EU- and NATO RESTRICTED.
Please note: If your current version is 7.1.29 and lower, the update should be split into one update to 7.1.30 and a second update to 7.1.34.
Download URL appliance (requires authentication with download password):
Version 7.1.34: https://files.update.ecos.de/sw/V7.1.34/bbsecupdate.root
Download URL SBS (requires authentication with download password):
Version 7.1.34: https://files.update.ecos.de/sw/V7.1.34/bbmthc.root
Please note: If your current version is 7.0.29 and lower, the update should be split into one update to 7.0.30 and a second update to 7.0.34.
New features:
- 913697: SBS: Internal microphone support for Apple MacBook Pro 2018/2019
- 913650: SBS: Wifi support for Apple MacBook Pro 2019
- 907944: SBS: Update of VMware Horizon View client to version 21.06-8.3.0
- 917665: SBS: Dynamic resolution support for remote addresses by IPsec VPN client
- 890443: SBS: Cisco Jabber softphone support for Citrix
- 499891: SBS: Additional xfreerdp configuration options for graphics, video and performance optimization
- 854664: SBS: WebEX support in Firefox browser (not for 7.1.x)
- 542146: SBS: Ready-to-use message for smartcard login for Evidian Authentication Manager.
- 872122: SBS: Support of multiple co-established VPN tunnels with related destination profiles (not for 7.1.x)
- 920918: APP: The admin interface now provides an online help in German language to support administrators
- 499891: SMA: The configuration form for RDP profiles has been revised in connection with the extended configuration options
- 882827: TMA: Transfer of valid SANs from uploaded CSR into issued certificate has been extended
- 801142: TMA: Rights-dependent key export option via API
Bug fixes:
- 916480: ALL: Configuration changes executed in rapid sequence (< 1 second) were sometimes not implemented immediately
- 767039: SBS: Special characters were passed with an incorrect character encoding when using a browser-in-the-box application in a web profile
- 876197: SBS: The SBS desktop displayed special characters incorrectly in desktop icons names
- 886480: SBS: The SBS SX started with an incorrect year in the system date (e.g. 2051) on some host computers
- 913705: SBS: The unlock screen was displayed distorted with certain screen settings in connection with multi-monitor use
- 917108: SBS: Audio input/output was not possible when using the Citrix profile type "StoreFront Store"
- 697172: SBS: SSH target profiles were displayed only in the profile start menu, but not as desktop icon
- 918438: APP: The local database (couchdb) stopped after hard disk storage capacity reached its limit and was unable to recover once storage space was available again
- 914169: APP: Queries with restrictions on empty values for numeric attributes led to error messages
- 879034: APP: When changing IP addresses on the network interfaces in an HA cluster, ARP update packets were sometimes sent for the wrong interface
- 869253: APP: When executing wizards, certificates could not be downloaded
- 918444: APP: Non-administrator users could not move documents if access rights were not set for single attributes
- 368297: APP: QR code display in Firefox was covered by scroll bars
- 915317: APP: The default update process could not be executed on appliances with versions greater than 7.0.29
- 921768: APP: Firmware images for VGA20 routers could not be uploaded to the appliance (not for 7.1.x)
- 861174: SMA: Updated CRLs could sometimes not be deployed automatically on slave instances of the appliance
- 913804: SOS: The Secure Boot OS could not be started via PXE boot (not for 7.1.x)
Download URL appliance (requires authentication with download password):
- Version 7.0.34: https://files.update.ecos.de/sw/V7.0.34/bbsecupdate.root
Download URL SBS (requires authentication with download password):
- Version 7.0.34: https://files.update.ecos.de/sw/V7.0.34/bbmthc.root