General Enhancements

• The FIPS edition of Harmony now uses the IBM FIPS 140-3 validated JCE (certificate: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4755).
• Added new REST API endpoints for system configuration: settings/{options|listener|proxies}.
• Added support for using SAML authentication for WebAdmin. 
• Fixed an issue using TLS 1.3 where the legacy_version header was set incorrectly in the "Client Hello" message.
• Fixed an issue that caused Windows Server 2022 and later versions to crash when the Log errors in System Event file option was enabled.
• Added support for SHA256 and SHA512 in the OFTP signing algorithm dropdown.
• Added support for SHA256 and SHA512 in the RNIF signing algorithm dropdown.
• SFTP client now discovers which signature algorithms are supported by the server and uses the rsa-sha2-256 key authentication algorithm instead of sha-rsa when supported.
• When running on an unsupported operating system, fixed an issue where software update check would incorrectly indicate the product was on the current release and patch levels.

Connector Enhancements

• Added Splunk Connector that allows for log events to be sent to Splunk.
• Fixed an issue where using a Compression Type of snappy, lz4, or zstd in a Kafka connector would cause a NoClassDefFoundError to occur.

Security Updates and Enhancements

• Added an HTTP/s Synchronization Port that you can configure to have the synchronization between VersaLex instances on a TCP/IP port that is not accessible from outside the Customer environment.
• Changed Portal downloads to use a temporary access token in the request.  The access token is only valid for one request and expires 30 seconds after it is issued.
• Changed the 'cleo.portal.sso_authentication' SAML cookie used by Portal to be HttpOnly.
• Version 5.8.1 contains other security-related improvements. For customer protection, Cleo does not disclose all security update details. For further information, please contact customer support. For critical security updates or if there is a known exploit, Cleo will publish a security bulletin and notify customers.

When upgrading to Cleo Harmony version 5.8.1, Cleo recommends the following:

• Back up your configuration using the Export functionality. In the Web UI, go to Administration > System > Export. In the native UI, go to File > Export. Performing an Export will save your data in a format that you can import using the Cleo Harmony Import functionality should the need arise.
• Make sure your system meets the system requirements for Cleo Harmony version 5.8.1, as it requires greater resources than earlier versions. All new installs must be 64-bit. Visit Cleo Harmony 5.8.1 System Requirements to view the System Requirements for your product.
• Because this release of Cleo Harmony uses OpenJDK, if you are using the Web UI on a Unix system, you might need to install the latest fontconfig. The command is dependent on the flavor of Unix you are using. For example:
  • Red Hat: yum install fontconfig
  • Ubuntu: apt-get install -y --no-install-recommends libfontconfig
• Run the Cleo Harmony 5.8.1 installer to perform an in-place upgrade. Your data and configuration remain intact from the previous version of the Cleo Harmony software.

Further Considerations for Upgrade

Starting with version 5.8.0.4, the VersaLex database table, VLUserEntityGroupTreeAccess, now includes a new column, RawPayloadNeedsHostPermissions. VersaLex will attempt to add the new column to the table automatically. If VersaLex cannot update the table because of a lack of permissions or some other failure, the column must be created manually from outside of VersaLex. Use "Export Database Definition..." to see the updated schema based on the database type. In addition, a constraint, FK_kiqmsjj7xcmcgywamfx7f0mtn, was corrected in the VersaLex table, UTShareGroupAndShare. If VersaLex, does not have permission to modify the database schema, and the FK_kiqmsjj7xcmcgywamfx7f0mtn is incorrect, the constraint must be dropped and recreated outside of VersaLex. Use "Export Database Definition..." for the syntax based on the database type.

If you are upgrading from VersaLex 5.7.0.1 or older and you use Cleo Dashboards, you must upgrade Cleo Dashboards to v3.3.6 or newer because of database changes in VersaLex. In addition, Cleo Dashboards v3.3.6 requires Clarify v5.1.16 or newer.

Security - Framework

• Added an HTTP/s Synchronization Port that can optionally be configured to have the synchronization between VersaLex instances on a TCP/IP port that is not accessible from outside the Customer environment. Note: This port should not be allowed through the Customer firewall.
• Fixed an issue where clients were able to negotiate elliptical curve ciphers outside of the VersaLex Local Listener settings.  Also removed deprecated named elliptical curves from the Local Listener according to RFC 8422. Lastly, VersaLex now honors the existing Local Listener advanced property "SSL Ignore Client Cipher Preference Order" for elliptical curve ciphers as well. Note: VLProxy 3.10.1.0 is required if using VLProxy.
• This update contains other security-related improvements. For customer protection, Cleo does not disclose all security update details. For further information, please contact customer support. For critical security updates or if there is a known exploit, Cleo will publish a security bulletin and notify customers.

Security - Portal

• Changed Portal downloads to use a temporary access token in the request.  The access token is only valid for one request and expires 30 seconds after it is issued.
• Changed the 'cleo.portal.sso_authentication' SAML cookie used by Portal to be HttpOnly. 

Major Enhancements - Framework

• The FIPS edition of Harmony/VLTrader now uses the IBM FIPS 140-3 validated JCE (certificate: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4755). Please be aware that the FIPS 140-3 standard is more stringent and eliminates algorithms previously allowed under FIPS 140-2, for example SHA1 and 3DES. Therefore, after upgrading, existing connections and services may require changes.

Major Enhancements - IBMMQ

• Added a new connector to allow integration with IBM MQ.  Refer to the Info tab within the Templates > Generic > Generic IBMMQ host for more details.

Major Enhancements - SharePoint

• Added a new connector to allow integration with Microsoft SharePoint.  Refer to the Info tab within the Templates > Generic > Generic SharePoint host for more details.

Major Enhancements - Splunk

• Added Splunk Connector which allows for log events to be sent to Splunk.  Refer to the Info tab within the Templates > Generic > Generic Splunk host for more details.

Enhancements - Framework

• Added new REST API endpoints for system configuration: settings/{options|listener|proxies}. Please see developer.cleo.com for information on these new endpoints.
• Added an option to the Password Policy to prevent the Password Policy from being overridden in hosts.
• Added support for using SAML authentication for WebAdmin.  This option can be enabled by going to Administration >> User Management >> SAML >> Enable SAML for WebAdmin.  Once SAML is enabled for WebAdmin only the Administrators group will be able to login locally all other user groups will need to login through their SSO login.  VLNavigator will not be accessible.  Admin user management should be done by logging into the WebAdmin and going to Administration >> User Management >> Admin Users.  SAML can only be enabled for either Portal or WebAdmin.
• Improved performance when mailboxes are configured using a LDAP connector for authentication.
• Macro replacement is now supported in a wildcarded GET or LCOPY command source.  Note that macro replacement is still not supported in a source containing a regular expression.
• Added two settings to the LDAP connector to control caching of users. 'Cache Refresh (Minutes)' controls how often a full refresh of the user cache will be completed and 'Lookup Interval' controls the number of minutes between querying the LDAP server for a user if the user was attempted to be authenticated but is not in the cache.
• Added the ability for the LDAP connector to use a public key stored in LDAP for SSHFTP Public Key Authentication.  Two new settings were added to the LDAP Connector: 'Authentication Method' controls how users are authenticated through the connector and 'Ssh Public Key Attribute' is the attribute on the LDAP server that is storing the public key.
• - Fixed an issue where importing a PKCS#12 file would fail if the certificate was generated with a brainpool elliptic curve.
• REST API responses from listing events, transfers, resourceFolders, actions, and connections will now use gzip or deflate compression if the request is sent with the Accept-Encoding: gzip or Accept-Encoding: deflate header.
• Added a new option 'Automatically Reload Event Logs' to the WebUI in My Account >> Preferences.  When this option is selected, navigating to the Logs page will load the logs.  When this option is deselected, navigating to the Logs page will not load any logs until a server side filter is applied or the "Refresh" button is clicked.
• Upgraded the moment.js library used by Portal and Web Admin UIs to 2.30.1
• Added a REST API endpoint, /api/authentication/refresh,  which allows for a new access token to be issued using a refresh token which is provided along with the access token.  This enables the WebUI to get a new access token preventing a user from being logged out when the access token expires.
• The Archive Receivedbox now correctly reflects filenames when files are renamed by an SSHFTP or FTP connection.  
• - If there is an error reading an XML config file and it's not a syntax exception, the stack trace of the causing exception is now logged to assist in diagnosis.
• - PGP certify, sign, and encrypt key usage flags are now being set (refer to https://www.rfc-editor.org/rfc/rfc4880#section-5.2.3.21). These flags may be required by other software packages when exchanging PGP keys.  
• Added the Activity tab to Users configured with LDAP or a Connector.  Note, the dates tracked are the most recent activity dates for any user within the LDAP group or Connector.
• Upgraded Apache Log4j library to version 2.22.0  
• Added a system property, 'cleo.monitor.storagepath', that can be set to override the disk monitored for 'Disk Storage Usage' monitoring.  Note: this system property needs to be set on each VersaLex system.
• Improved performance of the /api/resourceFolders REST API endpoint when a large number of folders are configured in the host tree.
• Added support for configuring local packaging through the REST API for connector authenticators and system LDAP authenticators.  Also, fixed an issue where partner packaging was not showing up for these authenticators after 5.8.0.6.  The local packaging schema added mirrors the partner packaging schema that was already present.  Note: As part of this change the following two corrections were also made to the parent authenticator schema: 1) renamed the 'partnerPackaging' section to 'packaging' as the properties apply to both local and partner packaging.  
• Removed a warning message that would appear when sending bundled Database Payload and setting the property 'Clear.Set.Properties' in the VLOutgoingProperties table.  
• Separating update and insert database operations for EDI Tracking.
• Added new Users advanced property 'Request And Response Events', which indicates where FTP and SSH FTP user session request and response events should be captured.  Possible values are Log (default), Debug, or None.  For high-volume systems, not logging these events could help with overall system performance.
• Users with VLNavigator permissions set to only view the Transfer report can no longer see the Administration tab through the web UI.
• Added the ability to track the login time of FTP and SSHFTP users.  This is accessible through the API by using ISessionScript.getConnectedUsers().
• Added the option to log FTP and SSHFTP users off of the system after they have been logged in for a configurable amount of time.  The setting to control how long a session can be active is "FTP Session Timeout(minutes)".  The default is -1 which means there is no timeout and can be set for any amount of minutes.  Note: VLProxy 3.10.0.4 is required if using VLProxy.
• Added the ability for User hosts to track the last login and transfer date for HTTP, SSHFTP, and FTP.  These dates will be shown in the "Activity" tab of the User hosts.  This only applies to Native and SAML user types.  After the patch is applied, users will have all dates marked as "Unknown" until they log in and/or perform a transfer for the first time.  Newly created users that have not logged in and/or performed a transfer will be shown as "No activity".
• Added support for configuring authenticator user local packaging through the REST API.  The local packaging schema that was added mirrors the partner packaging schema that was already present.  Note: As part of this change also made the following two corrections to the parent authenticator schema: 1) renamed the 'partnerPackaging' section to 'packaging' as the properties apply to both local and partner packaging and 2) only advanced pgp/xml encryption/decryption packaging properties are settable at the authenticator level (and are now not accepted at the authenticator user level).  Refer to developer.cleo.com for details.
• Added the ability to generate a CA certificate from a OpenPGP/SSHFTP key through REST API.  
• Updated the password policy to allow for minimum password lengths of up to 24.  
• Added the ability to move a user mailbox to a different user host.
• The File and SMB host connections now support OpenPGP, where files can be PGP-packaged (encrypted/signed/compressed/armored) when putting files and PGP-unpackaged (unencrypted/signature verified/uncompressed/unarmored) when getting files.
• Added support for getting/setting all applicable connector host advanced properties through the REST API. 

Enhancements - AMQP

• Added support for setting message properties in an action when sending to AMQP. Example syntax: SET AMQP.MessageProperties=[{"name":"Key1","value":"SomeValue"},{"name":"Key2","value":"SomeOtherValue"}] 

Enhancements - AS4

• Added support for chunked transfer encoding both inbound and outbound. To enable for outbound, 'Transfer-Encoding=chunked' should be added as a header for the PUT command. For inbound, chunked encoding is detected automatically.
• Added support for ECDSA and ED25519 signature algorithms in AS4.

Enhancements - FTP

• Improved performance when updating Activity Dates for User hosts.  This addresses a possible slowdown if there are many logins occurring at the start of a new calendar day.

Enhancements - FTPConnector

• Added new connector, FTPConnector, that can be used by the Users host Virtual File System or directly in URIs to connect to FTP servers.

Enhancements - File

• Added the ability to use the ReReceive and ReSend options for the File connector.

Enhancements - GCPBucket

• Added the ability to use the ReReceive and ReSend options for the GCPBucket connector.
• Modified GCP Bucket connector send behavior to issue only one 'storage.objects.create' per file.

Enhancements - HTTP

• Added the ability to use macros in the source of HTTP and HTTP/s actions.

Enhancements - IBMMQ

• Added a new property 'CCSID' to the IBM MQ Connector to allow overriding the default CCSID when sending messages to an IBM MQ Queue.  
• Added Messages Selectors to the IBM MQ Connector Receiver to filter messages from the queue.
• Added an option to IBM MQ Connector to disable username and password authentication when connecting to MQ Server.
• Added CHECK command support for the IBMMQ Connector.  
• Added the ability for the IBMMQ Connector to use macros for the queue name when overriding the property. 

Enhancements - Kafka

• Added four properties, 'SASL Mechanism', 'SASL Security Protocol', 'Username' and 'Password' to the Kafka Connector used to support PLAIN, SCRAM-SHA-256 and SCRAM-SHA-512 SASL mechanisms. The Kafka Connector Receiver was also updated to properly start and stop based on connector settings. Updated Kafka library to version 3.3.1. Due to this upgrade, the previous 'Client Dns Lookup' default value of 'default' has been deprecated. If this value is currently configured, the setting must be changed to either 'use_all_dns_ips' or 'resolve_canonical_bootstrap_servers_only' in order for the Kafka connector to function.

Enhancements - OFTP

• Added support for SHA256 and SHA512 in the OFTP signing algorithm dropdown.

Enhancements - Portal

• Added an Idle Timeout for Portal that will log out the user after a timeout period.  The timeout can be set by going to Options >> Other >> Portal Idle Timeout.  A value of -1 will disable the idle timeout.  
• Added the ability for SAML users to be specificed by User hosts.  To enable this feature, select 'Enable SAML for Native Users' in Administration > User Management > SAML.
• Added a SAML authorization-specific error message for Portal.
• Added a query string parameter that can be added to the /Portal endpoint to skip the mixed mode login.  The URL should be specified as '/Portal?sso=true'.
• Added a time picker to the Portal Transfers page so transfers can be filtered by date and time.

Enhancements - RNIF

• Added support for SHA256 and SHA512 in the RNIF signing algorithm dropdown.
• Added option 'Add Filename to Attachment Content Type' for RNIF to add the filename of the attachment to the Content-Type MIME header.
• Removed RNIF 1.1 Content-Type header check for "version=1.0" so it is compatible with systems that do not send the version.
• Added support for CIDX (Chemical Industry Data eXchange). CIDX can be enabled in an RNIF host by selecting 'RNIF Version' v1.1 and selecting the 'CIDX' checkbox. A new 'Incoming content format', MIME, has been added which will store the incoming MIME data instead of just the service content. A new Advanced property, Save Received Ack As Payload, has also been added. Enabling this property will copy the Received Ack into the Inbox and Receivedbox. Note: VLProxy 3.10.0.7 is required if using VLProxy.

Enhancements - S3

• Added the ability to use the ReReceive and ReSend options for the S3 connector.

Enhancements - SFTPConnector

• Added new connector, SFTPConnector, that can be used by the Users host Virtual File System or directly in URIs to connect to SFTP servers.

Enhancements - SMB

• Added the ability to use the ReReceive and ReSend options for the SMB connector.

Enhancements - SMTP

• Added new SMTP host advanced property 'Keep All Multipart Alternative Parts', which defaults to false.  When there is a multipart/alternative part in an incoming SMTP multipart message, this property indicates whether all of the parts should be kept rather than only attachments or text/plain content.

Enhancements - SSH FTP

• SFTP client now discovers which signature algorithms are supported by the server and uses the rsa-sha2-256 key authentication algorithm instead of sha-rsa when supported.
• Added support for hmac-sha2-256-etm@openssh.com and hmac-sha2-512-etm@openssh.com algorithms for both client and server SFTP connections. Note: VLProxy 3.10.0.10 is required if using VLProxy.  
• In FIPS mode, added support for SSH aes128-ctr, aes192-ctr and aes256-ctr cipher algorithms. Note: VLProxy 3.10.0.8 is required on the server side if using VLProxy.
• Added a new SSH FTP "Large File Transfer" property. It uses a large window size and sends a simple@putty.projects.tartarus.org channel request to the server indicating that the server should also use a large window size, as there will only be one channel open on the connection.  
• A set of SSH FTP server private keys can now be configured rather than just one. A private key for each supported key algorithm is allowed, which includes ssh-rsa, ssh-dss, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, and ssh-ed25519. Note that if an ssh-rsa key is configured, the rsa-sha2-256 and rsa-sha2-512 algorithms are also enabled. The order of the keys configured dictates the order of the algorithms presented to clients. If there are already connected trading partners, recommendation is to keep the current key at the top so as to not change the key presented to the existing clients. The ssh-ed25519 algorithm is not supported in FIPS mode. Note: VLProxy 3.10.0.3 is required if using VLProxy.
• On both the SFTP client and server sides, added support for the rsa-sha2-256 and rsa-sha2-512 public key algorithms. Note: VLProxy 3.10.0.3 is required if using VLProxy.
• On the SFTP client side, added support for the ssh-ed25519 public key algorithm. This algorithm is not supported in FIPS mode.
• Added support for ECDSA and Ed25519 algorithms during SFTP key authentication for both client and server connections. ECDSA and Ed25519 keys can be imported or generated, but note that these can only be used with SFTP. Ed25519 is not supported in FIPS mode. Note: VLProxy 3.10.0.2 is required if using VLProxy. 

Enhancements - SharePoint

• Updated SharePoint file upload to improve performance by increasing chunk size. Also added upload progress logging.
• Added the ability to authenticate the SharePoint connector using client certificate authentication.  
• Added new SharePoint connector properties 'Proxy Address' and 'Proxy Port' to allow use of an HTTP proxy for connections to SharePoint. Note: VLProxy 3.10.0.5 is required if using VLProxy as the HTTP proxy.
• Added support for multiple proxies in the SharePoint connector.

Bug Fixes - Framework

• Fixed an issue using TLS 1.3 where the legacy_version header was set incorrectly in the "Client Hello" message. It is now set to TLS 1.2 in accordance with the RFC.
• Fixed an issue where a NullPointerException could be thrown if there was an issue listing folders while doing file cleanup at startup.  This was introduced in 5.8.0.24.
• Fixed an issue where syncing receipts would fail with a `403 Forbidden` if the receipt storage location was set to an absolute folder path.  This was introduced in 5.8.0.24.
• Fixed an issue where an incoming HTTP request parameter name with special characters would corrupt the product's XML log file.
• Fixed an XML transfer logging issue where if the filename being transferred included multiple non-ASCII characters, the XML transfer log file would become corrupted at that point and any subsequent transfers would not show up in the transfer report.
• Added extra synchronization when reading and updating the schedule to prevent possible loss of scheduled items.
• Made some minor trigger processing updates and updated the trigger debug logging
• Fixed issue where 'java.io.IOException: Tried to write too many bytes' followed by 'Problem getting scheduled action status back from Harmony` would occasionally occur.
• VLTrader only: Fixed an issue where not being licensed for IP Filters could cause performance issues when using VLProxy and modifying User hosts.
• Removed the option to disable strong protection when exporting user certificate and private key due to weak protection no longer being supported.
• Fixed an issue that caused Windows Server 2022 and later versions to crash when the Log errors in System Event file option was enabled.
• Fixed an issue where users would not be able to log in if an LDAP connector was invalid and used to authenticate users in a Users host.
• Fixed an issue where the default HTTP and HTTPs proxy settings were not fully cleared without a restart and would sometimes still be used in connections.
• Removed an error message from being logged for stale WebUI sessions.  This was introduced in 5.8.0.20.
• In the FIPS edition, fixed an issue where configured passwords were considered invalid when not in FIPS mode. This issue was first introduced in 5.8.0.18.
• Fixed an issue where an Authenticator Connector error could result in VLProxy failing to receive user data correctly (which prevents VLProxy from starting correctly) and VersaLex failing to load the host that had the error.
• Fixed an issue where triggered actions that are part of a connector host would not show up in the Transfers page in the WebUI.
• Fixed an issue with the Web UI where users could still schedule actions to run continuously without polling for files.
• Fixed an issue where the Certificate Signing Request generated for an ECDSA certificate had an invalid signature.
• Fixed an issue introduced in 5.8.0.16 where if running on Windows a file renamed through SSHFTP or FTP with an Archive Receivedbox enabled would cause a 60-second delay.
• Fixed an issue where files placed in the Archive Receivedbox with the Date/Time added would not be renamed correctly when files are renamed by an SSHFTP or FTP connection.
• Fixed a memory leak introduced in 5.8.0.6 that could occur when the "FTP Session Timeout(minutes)" was enabled.
• Fixed an issue where a System LDAP or Connector Host type user mailbox that did not match any users would cause the total license mailbox count to be incorrect.
• Fixed a REST problem where a non-existent extend subfolder was being returned for an authenticator user.
• Fixed a problem where a PKCS#12 certificate/private key using the ECDSA or Ed25519 algorithm could not be imported. Note: Ed25519 is not supported in FIPS mode. Also fixed a problem in FIPS mode where a missing cryptography library was causing all PKCS#12 imports to fail.
• Fixed an issue where RSA user certificates could only be generated using the SHA-1 signature algorithm through the REST API.
• For Local Listener > Web Browser > Advanced Response Headers, fixed the format of the Content-Security-Policy header value example in the documentation. Also fixed Portal and Web Admin UI issues using a properly formatted Content-Security-Policy header value.  Please see the updated documentation.
• Added home.subfolders.extend to REST API Authenticators that use a connector or system LDAP.
• Fixed an issue where when renaming a file in the ReceivedBox, the file would be duplicated and renamed (resulting in two files in the ReceivedBox). The ReceivedBox will now contain only a single renamed file.
• Fixed an issue where a certificate signing request (CSR) could not be generated on a user certificate with an ECDSA or ED25519 private key.
• Fixed an issue where a NullPointerException would cause the /api/actions REST API call to fail, resulting in the Scheduler WebUI page to fail.
• Added an error message indicating which key an encrypted file was encrypted with if OpenPGP Packaging decryption failed.  This message was already present in versions before 5.8.0.5.
• Modified generated aliases for temporary actions of connectors to use a random string of characters rather than the time in milliseconds to ensure unique aliases are created.
• When running VersaLex commandline, eliminated a "WARN StatusConsoleListener" deprecation warning that would be printed multiple times to the console at the beginning of execution.  This warning started appearing with version 5.8.0.14.
• Fixed an issue where all LDAP SSHFTP/FTP users would not be able to login if an LDAP connector configured for a User host was removed or renamed.
• If any of the user database tables fail to automatically upgrade, it is considered a fatal error and the error is written, along with any SQL, into logs/exception.txt so the SQL can be executed externally to Harmony/VLTrader. This could occur if upgrading to a patch of at least 5.8.0.14 from a version prior to 5.8.0.4, where the VLUserEntityGroupTreeAccess database table was updated to include the new RawPayloadNeedsHostPermissions column. Also, a constraint, FK_kiqmsjj7xcmcgywamfx7f0mtn, was corrected in the UTShareGroupAndShare table. If Harmony/VLTrader does not have permission to modify the database schema, and the FK_kiqmsjj7xcmcgywamfx7f0mtn is incorrect, the constraint must be dropped and recreated external to Harmony/VLTrader. See VLNavigator > Applications, Export Database Definition for the syntax based on the database type.
• Fixed an issue where a mailbox could be counted twice for licensing resulting in the mailbox being disabled.
• Fixed an issue where licenses for specific protocols would not count User mailbox's correctly causing mailboxes to be disabled.
• Fixed an issue where transfers could fail if a user was logged in through FTP and SSHFTP.
• Fixed issues with creating/listing/updating/deleting the newer SAML user type through the REST API.
• Unify Only: Fixed an issue where some Unify features (such as ellipses and right clicks) would not work on new Chromium browsers (such as Chrome and Edge) due to browser updates.
• Added a warning message to the top of the Certificate Exchange dialog if a scheduled certificate exchange/update is being delayed because the dialog is open.
• Fixed an issue where a certificate could appear to be missing causing exceptions when listing certificate through the REST API.
• When not polling for files, can no longer set a new schedule for an action to run continuously.  The schedule recurrence must now be at least 5 seconds.
• Fixed a memory leak that would occur when a Connector was used as a source or destination with EDI Tracking turned on.
• Fixed an issue where EDI Tracking could cause data loss in tracked files.
• Fixed an issue introduced in 5.8.0.6 where a NullPointerException could be thrown which would cause the number of maximum connected FTP/SFTP users to be reached.  Note: VLProxy 3.10.0.5 is required if using VLProxy.
• Fixed an issue where a CA store certificate that was previously browsed and selected for configuration (e.g. OpenPGP encryption/signature verification certificate) was not being properly re-selected for the same configuration when re-browsing.
• Fixed an issue where 'Local packaging encryption is not allowed for appended transfers' would be reported if '-ape' was contained in the filename while using packaging.
• Fixed an issue where OpenPGP unpackaging could fail depending on the packaged file size.
• Fixed a REST API issue on newer connectors where a GET /api/connections?includeDefaults=true request was missing defaults for common advanced properties.
• Fixed an issue in VLNavigator where toggling the "Accessing raw payload from transfer reports requires Host permissions" checkbox would not enable the Apply and Rest buttons in the Native UI. Fixed an issue where the "Accessing raw payload from transfer reports requires Host permissions" setting would not be stored in the database. Updated the VLUserEntityGroupTreeAccess database table to include a new column, RawPayloadNeedsHostPermissions. VersaLex will attempt to create the column automatically. If VersaLex cannot due to permissions or some other failure, then the column must be created manually. Use "Export Database Definition..." to see the updated schema.
• Fixed an issue where 'System Scheme Name' property on a connector host would be cleared when syncing to another node.
• Fixed an issue where, when the VLProxy Remote Read Timeout is set higher than 150 seconds, VLProxy reverse forward connections would error out on VLProxy after 150 seconds with an IOStreamConnector exception. Note: VLProxy Remote Read Timeout should not be set higher than the Local Listener FTP Idle Timeout, as this can also cause IOStreamConnector exceptions on VLProxy.
• Fixed a problem where ExecuteOn for a specific mailbox was being limited to three concurrent execution threads (e.g. ExecuteOnSuccessfulReceive for a user mailbox).
• Fixed an issue where the WebUI would fail to launch after a Javascript action was run on Windows.
• Fixed an issue where user mailboxes using LDAP connectors were sometimes counting an extra user against the license. This could potentially cause some licensed mailboxes to be automatically disabled.
• Fixed an issue where the DocumentDB would not start correctly if the system did not have access to the internet.  Also, fixed an issue where spaces in the directory path for VersaLex on Windows would cause the DocumentDB to not start.
• Fixed a problem when generating an X509 certificate with or from an OpenPGP keyring where the master key expiration was not being set.
• Fixed a problem when re-receiving a transfer that was locally packaged where the content would be locally packaged a second time (i.e. double encrypted).
• Fixed an issue where including non-ASCII characters in the VLTransfers.ResultText database field could cause the value to be too large for the database. All entries are now truncated to the correct length regardless of included chars.
• When VersaLex is running on an unsupported operating system, fixed an issue where software update check would incorrectly indicate the product was on the current release and patch levels.

Bug Fixes - AMQP

• Fixed an issue where the AMQP connector could not write to a RabbitMQ durable queue. For durable queues, /amq/queue/ should precede the queue name. Example: /amq/queue/MY-DURABLE-QUEUE
• Fixed an issue where SET commands in the action were not honored.
• Fixed an issue where the AMQP Receiver would not stop when requested.  
• Fixed an issue where AMQP connector transfers would not show up in the Transfer Report. Also added 'Log Transfers For Put And Get', 'Log Individual LCOPY Results To Transfer Logging', and EOL (End Of Line) Advanced properties into the AMQP connector.

Bug Fixes - AS4

• Fixed an AS4 issue where an XML namespace could be empty in the returned response.  
• Fixed an issue where the HTTP headers and parameters specified in the AS4 host would be ignored on a GET command (AS4 pull request).
• The <SignedInfo> element no longer requires a namespace.
• Fixed an issue where two <Security> elements would be generated when both authorization and signing (or encryption) were enabled. This could cause the receiving side to reject the AS4 message.
• Fixed an issue where Harmony could not decode an AS4 X509 PKIPath format Binary Security Token. This previously resulted in a "Certificate SEQUENCE must have 3 components" error.
• Fixed a problem where an AS4 wsse:Security attribute was incorrect for SOAP 1.2.
• Fixed a problem in the AS4 service where using the Subject Key Identifier Security Token Reference Type could result in false failures.
• Fixed a problem that occurs when parsing an AS4 SOAP envelope. The following exception was logged when the problem occurred: "The matching wildcard is strict, but no declaration can be found for element 'ec:InclusiveNamespaces'".
• Fixed an issue where AS4 transfers could randomly fail with a SAXParseException referencing a schema (.xsd) file. Schema retrieval was being throttled by the hosting website due to too many requests in a short time period.

Bug Fixes - AzureBlob

• Fixed an issue with the AzureBlob connector where overwriting a file would incorrectly go through the default HTTP proxy.
• Fixed an issue with the AzureBlob connector where various operations would still use the default HTTP/s system forward proxy if a proxy was not configured in the connector itself.
• Fixed an issue with the AzureBlob connector where the connector would use the default HTTP/s system forward proxy if a proxy was not configured in the connector itself. This left no way to opt out of using the default proxy. Now the default proxy does not apply to the AzureBlob connector and a proxy must be explicitly configured in the connector. 

Bug Fixes - EEI

• Fixed an issue with the store-and-forward feature of the EEI connector where the temporary files and directories were not deleted after a forwarding attempt. 

Bug Fixes - FTP

• When the Security Mode in an FTPs host is changed to none, the Advanced "Explicit SSL Post Command" property value is now cleared if it is still set to the default of "PBSZ 0;PROT P".  Refer to the Explicit SSL Post Command documentation for more information.
• Fixed an issue introduced in 5.8.0.6 that could cause synchronization collisions between two nodes when the 'Activity Date' for a transfer is updated for an Omnihost user.
• When the FTP Session Timeout advanced property was only set overall in the Local Listener and not specifically in a Users host, fixed an issue where the timeout was being applied to FTP user sessions but not SFTP user sessions.  Also fixed an issue where the thread to end FTP/SFTP user sessions would run continuously.   Note: VLProxy 3.10.0.6 is required if using VLProxy.

Bug Fixes - HTTP

• Fixed an issue in HTTP/s hosts (e.g. AS2, ebMS, ...) where the SET ReuseSSLSessionsAcrossActions=False command was having no effect (i.e. the action's SSL/TLS sessions would still be reused across actions). 

Bug Fixes - IBMMQ

• Fixed an issue with the IBMMQ connector where multiple actions started at the same time could throw an error if the cached connection to the MQ Server was no longer valid.
• Fixed an issue where using SSL with the IBMMQ connector could cause failures with the GCPBucket connector.
• Fixed an issue where the IBMMQ connector would create debug files in a directory named 'FFDC' for each exception.  A debug file is now created one time for each type of exception and all debug files in the 'FFDC' are cleaned up after 3 days.
• Fixed an issue where the IBMMQ Receiver would reconnect often if Synchronization was enabled.
• Fixed an issue where the IBMMQ connector would fail if the filename was not present for a entry on the queue.
• Fixed an issue where the IBMMQ connector would fail to delete the file transferred when a 'PUT -DEL' was run.
• Fixed an issue where the IBM MQ connector would use an invalid cached connection if the MQ Server went down.  Also, the IBM MQ connector receiver will automatically reconnect if there is a connection failure to the MQ Server.
• Fixed an issue with the IBMMQ Connector where GET -DEL commands would fail to remove the file after a successful receive.
• Fixed an issue where the IBM MQ connector would not receive files correctly when the connector is being used as a receiver and receiving BYTE type messages.
• Fixed a memory leak that could occur when the IBMMQ connector is configured in receiver mode with an incorrect queue.
• Fixed an issue where GET commands would fail on the IBMMQ Connector.
• Fixed an issue where the IBMMQ Connector would throw an error when attempting to put a file to a remote queue.  
• Fixed an issue where IBMMQ connector transfers would not show up in the Transfer Report. Also added 'Log Transfers For Put And Get', 'Log Individual LCOPY Results To Transfer Logging', EOL (End Of Line) Advanced properties into the IBMMQ connector.

Bug Fixes - ICAP

• An ICAP incoming filter registered through the Antivirus Scan action will now be disabled if the Antivirus Scan action is disabled. Please see the ICAP Info tab for more information. 

Bug Fixes - Kafka

• Fixed an issue where SET commands in the action were not honored.
• Fixed an issue where Kafka connector transfers would not show up in the Transfer Report. Also added 'Log Transfers For Put And Get', 'Log Individual LCOPY Results To Transfer Logging', and EOL (End Of Line) Advanced properties into the Kafka connector.  
• Fixed an issue where using a Compression Type of snappy, lz4, or zstd in a Kafka connector would cause a NoClassDefFoundError to occur. 

Bug Fixes - LDAP

• Fixed an issue where the LDAP connector would not release connections to the LDAP server properly causing the number of connections to the LDAP server to grow.

Bug Fixes - Portal

• Fixed an issue in Portal introduced in 5.8.0.19 where selecting one file and clicking the download button would result in an "Invalid user/password" error.
• Fixed an issue with Portal where new users with 'Require password reset before first use' enabled were not able to log in.
• Fixed an issue with Portal where refreshing the page would cause a blank page to be displayed.
• Fixed an issue where the password reset page would never load.
• Changed Portal SAML authentication storage to clear when the Portal page is closed\
• Fixed an issue where Two-Factor Authentication Registration and Registration pages would redirect to the incorrect page when Mixed Mode logins are enabled.
• Fixed an issue where Portal password resets would redirect to the incorrect page when Mixed Mode logins are enabled.
• Fixed an issue where SAML signature validation would fail if the RelayState parameter was not set.

Bug Fixes - RNIF

• Fixed an issue in RNIF 1.1 where 'inReponseTo.ActionIdentity.InstanceIdentifier' in the acknowledgement did not match the original Request/Response message.

Bug Fixes - Router

• Fixed an issue with the Router connector where a partial EDI document would cause a NullPointerException.

Bug Fixes - S3

• A cross-account assume role can now be configured in the S3 connector without explicitly configuring an access key in the connector as well. In other words, assume role can now be used with the default credentials provider chain.
• Fixed an issue hat could cause a BadDigest when uploading files from the S3 connector if the incoming buffer is not divisible by 1024 bytes. 

Bug Fixes - SMTP

• Fixed an issue where an incoming SMTP filename could include end-of-line characters, which could cause subsequent processing issues.

Bug Fixes - SSH FTP

• Fixed an issue where active SSHFTP connections would cause a 'ConcurrentModificationException' when shutting down the SSHFTP server.
• Fixed an issue where a user's SSHFTP login count would not be decremented if the connection was interrupted before Versalex replied to the authorization request.  
• Fixed a problem where a valid regular expression configured for one of the system level Client SSH FTP Pattern properties could cause no client algorithms to be listed at runtime depending on which algorithms match the regular expression.
• Fixed an issue where a cleartext file sent to a mailbox configured with Partner Packaging OpenPGP Decryption and 'Allow non-OpenPGP' option would not fully transfer.  
• Fixed a problem where the SFTP server was producing an error with each file left open on a session end. Now any open files on session end are just ignored.  
• Fixed a problem during diffie-hellman-group-exchange-sha256 key exchange where VersaLex was incorrectly ignoring a reply message, causing the next message read to be unexpected and resulting in an InvalidMessageException.  

Bug Fixes - SharePoint

• Updated error logging so it is more clear what caused the issue.

Bug Fixes - Users

• When a user is cloned, the email address value is now cleared since an email address cannot be repeated.

Bug Fixes - ebMS

• Fixed an issue where the ebXML Message Service was only accepting requests that used an "xlink" namespace prefix.