General Enhancements

• New REST API-based import for P12 certificates – Enhanced endpoint now allows importing certificates.
• New three-level support for nested ExecuteOn commands – Commands are now supported up to three levels.
• New Advanced Users property for Archive Nested Subdirectories – Archive file transfers to the user and system sent/received boxes.
• Enhanced change HTTP status code return – Ability to control the status return code when basic authentication is disabled
• Enhanced report generation – Go beyond the UI grid to access file path transfer information

Connector Enhancements

• Enhanced Amazon S3 Connector – Enable cross-account access using AWS's AssumeRole in S3.
• Enhanced Google Cloud Platform Bucket Connector – Improved GCPBucket connections support for forward proxying; Support Pseudo Folders Property for GCPBuckets.
• Enhanced SMTP proxy configuration – Configure individual SMTP proxies to use start TLS property

Security Updates and Enhancements

• Upgraded to the latest version of log4j v2
• New SFTP algorithms and MQ SSL cipher specs
• New Admin-user level configuration to control accessibility to host visibility
• Enable Explicit AUTH Required setting for FTP
• Ensure paths in filenames on incoming requests are ignored for AS2, ebMS, RNIF, and SMTP protocols that do not support paths
• Removed the default OSGi HTTP listening port 8181

Additional Enhancements and Fixes

• New support for MySQL 8
• Enhanced ability to execute post processing commands after a file is written
• Enhanced ebMS to modify the format of the Content-Id header and new advanced property setting
• Enhanced Message Queuing support for MQ SSL cipher specs
• Enhanced ebMS (ebMXL) configuration and advanced property settings with new Allow Incoming Request With Missing Role Element property.
• Enhanced HTTP with new Save Error Response Content On Put Plus Get advanced property setting
• Updated support for multiple SFTP client and server-side algorithms.
• Updated outbound AS4 signed messages with multiple attachments now orders digest messages the same as the attachments.
• Improved performance of SSH FTP directory listings for Linux
• Improved performance of SMB connector
• Improved S3 UI performance on startup

When upgrading to Cleo Harmony version 5.8, Cleo recommends the following:

• Back up your configuration using the Export functionality. In the Web UI, go to Administration > System > Export. In the native UI, go to File > Export. Performing an Export will save your data in a format that you can import using the Cleo Harmony Import functionality should the need arise.
• Make sure your system meets the system requirements for Cleo Harmony version 5.8, as it requires greater resources than earlier versions. All new installs must be 64-bit. Visit Cleo Harmony 5.8 System Requirements to view the System Requirements for your product.
• Because this release of Cleo Harmony uses OpenJDK, if you are using the Web UI on a Unix system, you might need to install the latest fontconfig. The command is dependent on the flavor of Unix you are using. For example:
  • Red Hat: yum install fontconfig
  • Ubuntu: apt-get install -y --no-install-recommends libfontconfig
• Run the Cleo Harmony 5.8 installer to perform an in-place upgrade. Your data and configuration remain intact from the previous version of the Cleo Harmony software.

Further Considerations for Upgrade

Cleo Harmony and Cleo VLTrader: The Unify file/folder share and anonymous download link options have been removed as Unify is no longer being offered within Portal and the VersaLex REST API. As part of this, the embedded Graph DB was also removed. If upgrading a system where Unify in Portal is in use, the product installer will block the upgrade until the system option "Disable Unify In Portal" is set to "True". (Go to Administration > System > Other to find "Disable Unify in Portal".) The Portal Two-Factor Authentication (TFA) option, which was previously tied to Unify In Portal licensing, is still supported. But if upgrading, the product installer will also block the upgrade if TFA is in use and the last 5.7 patch has not been installed (which will migrate TFA away from the Graph DB).

Cleo Harmony and Cleo VLTrader: MySQL 8 is now supported. However, as part of this, the 'Recursive' column in the 'VLSLAKPI' database table had to be renamed to 'Recurse' as 'Recursive' is now a reserved keyword in MySQL 8. The column rename was applied to ALL databases and versions, not just MySQL 8. VersaLex will attempt to rename the column at startup after upgrade, but if the database user configured in VersaLex does not have DDL privilege or if the column rename otherwise fails, the column must be renamed outside of VersaLex. There is also a database view 'View_Checkpoints' where the 'Recursive' column was renamed. VersaLex will actually first attempt to drop this view, then rename the table column, and then recreate the view. For reference, use [Export Database Definition...] in the Transfers configuration window and find references to 'Recursive' in the CREATE TABLE VLSLAKPI and CREATE VIEW View_Checkpoints statements.

Cleo Harmony only: If you are upgrading from VersaLex 5.7.0.1 or older and you use Cleo Dashboards, you must upgrade Cleo Dashboards to v3.3.6 or newer because of database changes in VersaLex. In addition, Cleo Dashboards v3.3.6 requires Clarify v5.1.16 or newer.

Enhancements - Framework

• Added an option to the Password Policy to prevent the Password Policy from being overridden in hosts.

Enhancements - SharePoint

• Updated SharePoint file upload to improve performance by increasing chunk size. Also added upload progress logging.

Bug Fixes - AzureBlob

• Fixed an issue with the AzureBlob connector where overwriting a file would incorrectly go through the default HTTP proxy. 

Bug Fixes - EEI

• Fixed an issue with the store-and-forward feature of the EEI connector where the temporary files and directories were not deleted after a forwarding attempt.

Bug Fixes - IBMMQ

• Fixed an issue with the IBMMQ connector where multiple actions started at the same time could throw an error if the cached connection to the MQ Server was no longer valid.
• Fixed an issue where using SSL with the IBMMQ connector could cause failures with the GCPBucket connector.

Bug Fixes - LDAP

• Fixed an issue where the LDAP connector would not release connections to the LDAP server properly causing the number of connections to the LDAP server to grow.

Bug Fixes - ebMS

• Fixed an issue where the ebXML Message Service was only accepting requests that used an "xlink" namespace prefix.

Bug Fixes - HTTP

• Fixed an issue in HTTP/s hosts (e.g. AS2, ebMS, ...) where the SET ReuseSSLSessionsAcrossActions=False command was having no effect (i.e. the action's SSL/TLS sessions would still be reused across actions).

Security - Framework

• This update contains security related improvements. For customer protection, Cleo does not disclose all security update details. For further information, please contact customer support. For critical security updates or if there is a known exploit, Cleo will publish a security bulletin and notify customers.

Bug Fixes - Framework

• Fixed an issue where a mailbox could be counted twice for licensing resulting in the mailbox being disabled.
• Fixed an issue where licenses for specific protocols would not count User mailbox's correctly causing mailboxes to be disabled.

Bug Fixes - Portal

• Changed Portal SAML authentication storage to clear when the Portal page is closed.

Security - Framework

• Added an HTTP/s Synchronization Port that can optionally be configured to have the synchronization between VersaLex instances on a TCP/IP port that is not accessible from outside the Customer environment. Note: This port should not be allowed through the Customer firewall.
• This update contains other security-related improvements. For customer protection, Cleo does not disclose all security update details. For further information, please contact customer support. For critical security updates or if there is a known exploit, Cleo will publish a security bulletin and notify customers.

Bug Fixes - Framework

• Fixed an issue where syncing receipts would fail with a `403 Forbidden` if the receipt storage location was set to an absolute folder path. This was introduced in 5.8.0.24.
• Fixed an issue where a NullPointerException could be thrown if there was an issue listing folders while doing file cleanup at startup. This was introduced in 5.8.0.24.

Security - Framework

• Addresses a critical vulnerability which exploits the ability for unrestricted file upload and download and execute malicious host definitions in the product (pending CVE). After applying the patch, errors are logged for any files found at startup related to this exploit, and those files are removed.

Enhancements - File

• Added the ability to use the ReReceive and ReSend options for the File connector.

Enhancements - GCPBucket

• Added the ability to use the ReReceive and ReSend options for the GCPBucket connector.

Enhancements - S3

• Added the ability to use the ReReceive and ReSend options for the S3 connector.

Enhancements - SMB

• Added the ability to use the ReReceive and ReSend options for the SMB connector.

Bug Fixes - Framework

• Made some minor trigger processing updates and updated the trigger debug logging.
• Fixed issue where 'java.io.IOException: Tried to write too many bytes' followed by 'Problem getting scheduled action status back from Harmony` would occasionally occur.
• Added extra synchronization when reading and updating the schedule to prevent possible loss of scheduled items.
• Removed the option to disable strong protection when exporting user certificate and private key due to weak protection no longer being supported.

Bug Fixes - Framework

• Fixed an issue where users would not be able to log in if an LDAP connector was invalid and used to authenticate users in a Users host.
• Fixed an issue where the default HTTP and HTTPs proxy settings were not fully cleared without a restart and would sometimes still be used in connections.

Bug Fixes - IBMMQ

• Fixed an issue where the IBMMQ connector would create debug files in a directory named 'FFDC' for each exception. A debug file is now created one time for each type of exception and all debug files in the 'FFDC' are cleaned up after 3 days.
• Fixed an issue where the IBMMQ Receiver would reconnect often if Synchronization was enabled

Bug Fixes - Portal

• Fixed an issue in Portal introduced in 5.8.0.19 where selecting one file and clicking the download button would result in an "Invalid user/password" error.
• Fixed an issue with Portal where new users with 'Require password reset before first use' enabled were not able to log in.

Note: For information about applying patch 5.8.0.21, click here.

Security - Framework

• Address additional discovered potential attack vectors of the identified unrestricted file upload and download vulnerability (CVE-2024-50623). After applying the patch, the system logs an error if a file is detected as previously modified (and has been restored). If detected, the error log will also be emailed to the System Administrator. Please ensure to configure a System Administrator email address in system options before applying the patch.

Enhancements - Framework

• Improved performance when mailboxes are configured using a LDAP connector for authentication.

Bug Fixes - Framework

• Removed an error message from being logged for stale WebUI sessions. This was introduced in 5.8.0.20.
• In the FIPS edition, fixed an issue where configured passwords were considered invalid when not in FIPS mode. This issue was first introduced in 5.8.0.18.
• Fixed an issue where an Authenticator Connector error could result in VLProxy failing to receive user data correctly (which prevents VLProxy from starting correctly) and VersaLex failing to load the host that had the error.
• Fixed an issue where triggered actions that are part of a connector host would not show up in the Transfers page in the WebUI.

Bug Fixes - Portal

• Fixed an issue with Portal where refreshing the page would cause a blank page to be displayed.

Bug Fixes - Framework

• Fixed an issue with the Web UI where users could still schedule actions to run continuously without polling for files. 

Bug Fixes - Sharepoint

• Cleo Harmony only: Updated error logging so it is more clear what caused the issue.

Security - Framework

• Fixed a vulnerability which could lead to injection of malicious JavaScript.Fixed a vulnerability which could lead to injection of malicious JavaScript.

Known issues in version 5.8.0.20

• In Certificate Manager, when exporting a user certificate and private key to a PKCK#12 file, "Enable strong protection" must be selected. Otherwise, the export will fail.

Enhancements - Framework

• Macro replacement is now supported in a wildcarded GET or LCOPY command source. Note that macro replacement is still not supported in a source containing a regular expression.

Enhancements - Connector

• Cleo Harmony and Cleo VLTrader only:Added support for multiple proxies in the SharePoint connector.

Enhancements - RNIF

• Added option 'Add Filename to Attachment Content Type' for RNIF to add the filename of the attachment to the Content-Type MIME header.

Enhancements - SharePoint

• Cleo Harmony only: Added the ability to authenticate the SharePoint connector using client certificate authentication.

Bug Fixes - Framework

• Fixed an issue where the Certificate Signing Request generated for an ECDSA certificate had an invalid signature.

Bug Fixes - AS4

• Cleo Harmony only: Fixed an issue where the HTTP headers and parameters specified in the AS4 host would be ignored on a GET command (AS4 pull request).

Bug Fixes - IBMMQ

• Cleo Harmony only: Fixed an issue with the IBMMQ Connector where GET -DEL commands would fail to remove the file after a successful receive.

Bug Fixes - Portal

• Cloud only: Fixed an issue where pressing the reset password button never sent an email.
• Cleo Harmony only: Fixed an issue where the password reset page would never load.

Security - Portal

• Cleo Harmony only: Changed Portal downloads to use a temporary access token in the request. The access token is only valid for one request and expires 30 seconds after it is issued.
• Cleo Harmony only: Changed the 'cleo.portal.sso_authentication' SAML cookie used by Portal to be HttpOnly.

Enhancements - Framework

• Added two settings to the LDAP connector to control caching of users. 'Cache Refresh (Minutes)' controls how often a full refresh of the user cache will be completed and 'Lookup Interval' controls the number of minutes between querying the LDAP server for a user if the user was attempted to be authenticated but is not in the cache.
• Added the ability for the LDAP connector to use a public key stored in LDAP for SSHFTP Public Key Authentication. Two new settings were added to the LDAP Connector: 'Authentication Method' controls how users are authenticated through the connector and 'Ssh Public Key Attribute' is the attribute on the LDAP server that is storing the public key.
• Fixed an issue where importing a PKCS#12 file would fail if the certificate was generated with a brainpool elliptic curve.

Enhancements - SSH FTP

• Added support for hmac-sha2-256-etm@openssh.com and hmac-sha2-512-etm@openssh.com algorithms for both client and server SFTP connections. Note: VLProxy 3.10.0.10 is required if using VLProxy.

Bug Fixes - IBMMQ

• Fixed a memory leak that could occur when the IBMMQ connector is configured in receiver mode with an incorrect queue.
• Fixed an issue where GET commands would fail on the IBMMQ Connector.

Bug Fixes - Framework

• Fixed an issue introduced in 5.8.0.16 where if running on Windows a file renamed through SSHFTP or FTP with an Archive Receivedbox enabled would cause a 60-second delay.
• Fixed an issue where files placed in the Archive Receivedbox with the Date/Time added would not be renamed correctly when files are renamed by an SSHFTP or FTP connection.
• Fixed a memory leak introduced in 5.8.0.6 that could occur when the "FTP Session Timeout(minutes)" was enabled.
• Fixed an issue where a System LDAP or Connector Host type user mailbox that did not match any users would cause the total license mailbox count to be incorrect.

Enhancements - AS4

• Cleo Harmony only: Added support for chunked transfer encoding both inbound and outbound. To enable for outbound, 'Transfer-Encoding=chunked' should be added as a header for the PUT command. For inbound, chunked encoding is detected automatically.

Bug Fixes - Framework

• Fixed a problem where a PKCS#12 certificate/private key using the ECDSA or Ed25519 algorithm could not be imported. Note: Ed25519 is not supported in FIPS mode. Also fixed a problem in FIPS mode where a missing cryptography library was causing all PKCS#12 imports to fail.
• Cleo Harmony and Cleo VLTrader only: Fixed an issue where RSA user certificates could only be generated using the SHA-1 signature algorithm through the REST API.
• Cleo Harmony and Cleo VLTrader only: Fixed a REST problem where a non-existent extend subfolder was being returned for an authenticator user.

Bug Fixes - AS4

• Cleo Harmony only: The <SignedInfo> element no longer requires a namespace.

Enhancements - Framework

• Cleo Harmony and Cleo VLTrader only: Added a new option 'Automatically Reload Event Logs' to the WebUI in My Account > Preferences. When this option is selected, navigating to the Logs page will load the logs. When this option is deselected, navigating to the Logs page will not load any logs until a server side filter is applied or the "Refresh" button is clicked.
• Cleo Harmony and Cleo VLTrader only: REST API responses from listing events, transfers, resourceFolders, actions, and connections will now use gzip or deflate compression if the request is sent with the Accept-Encoding: gzip or Accept-Encoding: deflate header.
• Cleo Harmony and Cleo VLTrader only: Upgraded the moment.js library used by Portal and Web Admin UIs to 2.30.1
• Added a REST API endpoint, /api/authentication/refresh, which allows for a new access token to be issued using a refresh token which is provided along with the access token. This enables the WebUI to get a new access token preventing a user from being logged out when the access token expires.
• Cleo Harmony and Cleo VLTrader only: The Archive Receivedbox now correctly reflects filenames when files are renamed by an SSHFTP or FTP connection.

Enhancements - AS4

• Cleo Harmony only: Added support for ECDSA and ED25519 signature algorithms in AS4.

Bug Fixes - Framework

• Cleo Harmony and Cleo VLTrader only: For Local Listener > Web Browser > Advanced Response Headers, fixed the format of the Content-Security-Policy header value example in the documentation. Also fixed Portal and Web Admin UI issues using a properly formatted Content-Security-Policy header value. Please see the updated documentation - Response Headers in Local Listener Web Browser Service.
• Cleo Harmony and Cleo VLTrader only:  Added home.subfolders.extend to REST API Authenticators that use a connector or system LDAP.
• Fixed an issue where a certificate signing request (CSR) could not be generated on a user certificate with an ECDSA or ED25519 private key.
• Cleo Harmony and Cleo VLTrader only:  Fixed an issue where when renaming a file in the ReceivedBox, the file would be duplicated and renamed (resulting in two files in the ReceivedBox). The ReceivedBox will now contain only a single renamed file.

Bug Fixes - SSH FTP

• Cleo Harmony and Cleo VLTrader only: Fixed an issue where active SSHFTP connections would cause a 'ConcurrentModificationException' when shutting down the SSHFTP server.

Bug Fixes - IBMMQ

• Cleo Harmony only: Fixed an issue where the IBMMQ connector would fail if the filename was not present for an entry on the queue.
• Cleo Harmony only: Fixed an issue where the IBMMQ connector would fail to delete the file transferred when a 'PUT -DEL' was run.

Bug Fixes - S3

• Cleo Harmony only: A cross-account assume role can now be configured in the S3 connector without explicitly configuring an access key in the connector as well. In other words, assume role can now be used with the default credentials provider chain.

Enhancements - Framework

• If there is an error reading an XML config file and it's not a syntax exception, the stack trace of the causing exception is now logged to assist in diagnosis.
• PGP certify, sign, and encrypt key usage flags are now being set (refer to https://www.rfc-editor.org/rfc/rfc4880#section-5.2.3.21). These flags may be required by other software packages when exchanging PGP keys.

Enhancements - IBMMQ

• Cleo Harmony only: Added a new property 'CCSID' to the IBM MQ Connector to allow overriding the default CCSID when sending messages to an IBM MQ Queue.

Enhancements - RNIF

• Removed RNIF 1.1 Content-Type header check for "version=1.0" so it is compatible with systems that do not send the version.

Enhancements - SSH FTP

• Cleo Harmony and Cleo VLTrader only: In FIPS mode, added support for SSH aes128-ctr, aes192-ctr and aes256-ctr cipher algorithms. Note: VLProxy 3.10.0.8 is required on the server side if using VLProxy.

Bug Fixes - Framework

• Cleo Harmony and Cleo VLTrader only: Fixed an issue where a NullPointerException would cause the /api/ actions REST API call to fail, resulting in the Scheduler WebUI page to fail.
• Cleo Harmony and Cleo VLTrader only: Added an error message indicating which key an encrypted file was encrypted with if OpenPGP Packaging decryption failed. This message was already present in versions before 5.8.0.5.
• Modified generated aliases for temporary actions of connectors to use a random string of characters rather than the time in milliseconds to ensure unique aliases are created.
• When running VersaLex commandline, eliminated a "WARN StatusConsoleListener" deprecation warning that would be printed multiple times to the console at the beginning of execution. This warning started appearing with version 5.8.0.14.

Bug Fixes - IBMMQ

• Fixed an issue where the IBM MQ connector would use an invalid cached connection if the MQ Server went down. Also, the IBM MQ connector receiver will automatically reconnect if there is a connection failure to the MQ Server.

Bug Fixes - ICAP

• An ICAP incoming filter registered through the Antivirus Scan action will now be disabled if the Antivirus Scan action is disabled. Please see the ICAP Info tab for more information.

Enhancements - Framework

• Added the Activity tab to Users configured with LDAP or a Connector. Note, the dates tracked are the most recent activity dates for any user within the LDAP group or Connector.
• Upgraded Apache Log4j library to version 2.22.0.

Enhancements - GCPBucket

• Modified GCP Bucket connector send behavior to issue only one 'storage.objects.create' per file.

Enhancements - HTTP

• Added the ability to use macros in the source of HTTP and HTTP/s actions.

Enhancements - SSH FTP

• In FIPS mode, added support for SSH aes128-ctr, aes192-ctr and aes256-ctr cipher algorithms. Note: VLProxy 3.10.0.8 is required on the server side if using VLProxy.

Bug Fixes - Framework

• Fixed an issue where all LDAP SSHFTP/FTP users would not be able to login if an LDAP connector configured for a User host was removed or renamed.
• If any of the user database tables fail to automatically upgrade, it is considered a fatal error and the error is written, along with any SQL, into logs/exception.txt so the SQL can be executed externally to Harmony/VLTrader. This could occur if upgrading to a patch of at least 5.8.0.14 from a version prior to 5.8.0.4, where the VLUserEntityGroupTreeAccess database table was updated to include the new RawPayloadNeedsHostPermissions column. Also, a constraint, FK_kiqmsjj7xcmcgywamfx7f0mtn, was corrected in the UTShareGroupAndShare table. If Harmony/VLTrader does not have permission to modify the database schema, and the FK_kiqmsjj7xcmcgywamfx7f0mtn is incorrect, the constraint must be dropped and recreated external to Harmony/VLTrader. See VLNavigator > Applications, Export Database Definition for the syntax based on the database type.

Bug Fixes - AMQP

• Fixed an issue where the AMQP connector could not write to a RabbitMQ durable queue. For durable queues, /amq/queue/ should precede the queue name. Example: /amq/queue/MY-DURABLE-QUEUE

Enhancements - Framework

• Added a system property, 'cleo.monitor.storagepath', that can be set to override the disk monitored for 'Disk Storage Usage' monitoring. Note: this system property needs to be set on each VersaLex system.
• Improved performance of the /api/resourceFolders REST API endpoint when a large number of folders are configured in the host tree.

Enhancements - IBMMQ

• Added Messages Selectors to the IBM MQ Connector Receiver to filter messages from the queue.

Enhancements - SSH FTP

• Added a new SSH FTP "Large File Transfer" property. It uses a large window size and sends a simple@putty.projects.tartarus.org channel request to the server indicating that the server should also use a large window size, as there will only be one channel open on the connection.

Bug Fixes - Framework

• Fixed issues with creating/listing/updating/deleting the newer SAML user type through the REST API.
• Fixed an issue where some Unify features (such as ellipses and right clicks) would not work on new Chromium browsers (such as Chrome and Edge) due to browser updates.
• Added a warning message to the top of the Certificate Exchange dialog if a scheduled certificate exchange/update is being delayed because the dialog is open.

Bug Fixes - AzureBlob

• Fixed an issue with the AzureBlob connector where the connector would use the default HTTP/s system forward proxy if a proxy was not configured in the connector itself. This left no way to opt out of using the default proxy. Now the default proxy does not apply to the AzureBlob connector and a proxy must be explicitly configured in the connector.

Enhancements - Framework

• Added support for configuring local packaging through the REST API for connector authenticators and system LDAP authenticators. Also, fixed an issue where partner packaging was not showing up for these authenticators after 5.8.0.6. The local packaging schema added mirrors the partner packaging schema that was already present.
  Note: As part of this change, the 'partnerPackaging' section was renamed to 'packaging' as it applies to both local and partner packaging.

Bug Fixes - Framework

• Fixed an issue where a certificate could appear to be missing causing exceptions when listing certificate through the REST API.
• When not polling for files, can no longer set a new schedule for an action to run continuously. The schedule recurrence must now be at least 5 seconds.
• Bug Fixes - FTP
• When the Security Mode in an FTPs host is changed to none, the Advanced "Explicit SSL Post Command" property value is now cleared if it is still set to the default of "PBSZ 0;PROT P". See Explicit SSL Post Command for more information.

Bug Fixes - SMTP

• Fixed an issue where an incoming SMTP filename could include end-of-line characters, which could cause subsequent processing issues.

Bug Fixes - SSH FTP

• Fixed an issue where a user's SSHFTP login count would not be decremented if the connection was interrupted before Versalex replied to the authorization request.

Enhancements - FTPConnector

• Added new connector, FTPConnector, that can be used by the Users host Virtual File System or directly in URIs to connect to FTP servers.

Enhancements - SFTPConnector

• Added new connector, SFTPConnector, that can be used by the Users host Virtual File System or directly in URIs to connect to SFTP servers.

Bug Fixes - Portal

• Fixed an issue where Two-Factor Authentication Registration and Registration pages would redirect to the incorrect page when Mixed Mode logins are enabled.

Enhancements - AMPQ

• Improved performance when updating Activity Dates for User hosts. This addresses a possible slowdown if there are many logins occurring at the start of a new calendar day.

Enhancements - IBMMQ

• Added an option to IBM MQ Connector to disable username and password authentication when connecting to MQ Server.

Enhancements - RNIF

• Added support for CIDX (Chemical Industry Data eXchange). CIDX can be enabled in an RNIF host by selecting 'RNIF Version' v1.1 and selecting the 'CIDX' checkbox. A new 'Incoming content format', MIME, has been added which will store the incoming MIME data instead of just the service content. A new Advanced property, Save Received Ack As Payload, has also been added. Enabling this property will copy the Received Ack into the Inbox and Receivedbox.
  Note: VLProxy 3.10.0.7 is required if using VLProxy.

Bug Fixes - FTP

• Fixed an issue introduced in 5.8.0.6 that could cause synchronization collisions between two nodes when the 'Activity Date' for a transfer is updated for an Omnihost user.

Bug Fixes - IBMMQ

• Fixed an issue where the IBM MQ connector would not receive files correctly when the connector is being used as a receiver and receiving BYTE type messages.

Bug Fixes - Portal

• Fixed an issue where Portal password resets would redirect to the incorrect page when Mixed Mode logins are enabled.

Enhancements - AMQP

• Cleo Harmony only: Added support for setting message properties in an action when sending to AMQP. Example syntax: SET AMQP.MessageProperties=[{"name":"Key1","value":"SomeValue"},{"name":"Key2","value":"SomeOtherValue"}]

Bug Fixes - AMQP

• Cleo Harmony only:  Fixed an issue where SET commands in the action were not honored.

Bug Fixes - FTP

• Cleo Harmony and Cleo VLTrader only:  Fixed an issue introduced in 5.8.0.6 that could cause synchronization collisions between two nodes when the 'Activity Date' is updated for an Omnihost user.

Bug Fixes - Kafka

• Cleo Harmony only:  Fixed an issue where SET commands in the action were not honored.

Enhancements - Framework

• Removed a warning message that would appear when sending bundled Database Payload and setting the property 'Clear.Set.Properties' in the VLOutgoingProperties table.

Enhancements - IBM MQ

• Cleo Harmony only: Added CHECK command support for the IBMMQ Connector.

Bug Fixes - Framework

• Cleo Harmony and Cleo VLTrader only: Fixed a memory leak that would occur when a Connector was used as a source or destination with EDI Tracking turned on.
• Cleo Harmony and Cleo VLTrader only:  Fixed an issue where EDI Tracking could cause data loss in tracked files.

Bug Fixes - FTP

• Cleo Harmony and Cleo VLTrader only:  When the FTP Session Timeout advanced property was only set overall in the Local Listener and not specifically in a Users host, fixed an issue where the timeout was being applied to FTP user sessions but not SFTP user sessions. Also fixed an issue where the thread to end FTP/SFTP user sessions would run continuously.
  Note:  VLProxy 3.10.0.6 is required if using VLProxy as the FTP or SFTP proxy.

Bug Fixes - Router

• Cleo Harmony and Cleo VLTrader only:  Fixed an issue with the Router connector where a partial EDI document would cause a NullPointerException.

Enhancements - Framework

• Cleo Harmony and Cleo VLTrader only: Separating update and insert database operations for EDI Tracking.
• Cleo Harmony and Cleo VLTrader only: Added new Users advanced property 'Request And Response Events', which indicates where FTP and SSH FTP user session request and response events should be captured. Possible values are Log (default), Debug, or None. For high-volume systems, not logging these events could help with overall system performance.

Enhancements - SMTP

• Cleo Harmony and Cleo VLTrader only: Added new SMTP host advanced property 'Keep All Multipart Alternative Parts', which defaults to false. When there is a multipart/alternative part in an incoming SMTP multipart message, this property indicates whether all of the parts should be kept rather than only attachments or text/plain content.

Enhancements - SharePoint

• Cleo Harmony only: Added new SharePoint connector properties 'Proxy Address' and 'Proxy Port' to allow use of an HTTP proxy for connections to SharePoint. Note: VLProxy 3.10.0.5 is required if using VLProxy as the HTTP proxy.

Bug Fixes - Framework

• Cleo Harmony and Cleo VLTrader only: Fixed an issue introduced in 5.8.0.6 where a NullPointerException could be thrown which would cause the number of maximum connected FTP/SFTP users to be reached. Note: VLProxy 3.10.0.5 is required if using VLProxy.
• Fixed an issue where a CA store certificate that was previously browsed and selected for configuration (e.g. OpenPGP encryption/signature verification certificate) was not being properly re-selected for the same configuration when re-browsing.

Bug Fixes - AMQP

• Cleo Harmony only: Fixed an issue where the AMQP Receiver would not stop when requested.

Bug Fixes - AS4

• Cleo Harmony only: Fixed an issue where two <Security> elements would be generated when both authorization and signing (or encryption) were enabled. This could cause the receiving side to reject the AS4 message.
• Cleo Harmony only: Fixed an issue where Harmony could not decode an AS4 X509 PKIPath format Binary Security Token. This previously resulted in a "Certificate SEQUENCE must have 3 components" error.

Enhancements - Framework

• Added the ability to track the login time of FTP and SSHFTP users. This is accessible through the API by using ISessionScript.getConnectedUsers().
• Added the option to log FTP and SSHFTP users off of the system after they have been logged in for a configurable amount of time. The setting to control how long a session can be active is "FTP Session Timeout(minutes)". The default is -1 which means there is no timeout and can be set for any amount of minutes.
• Added the ability for User hosts to track the last login and transfer date for HTTP, SSHFTP, and FTP. These dates will be shown in the "Activity" tab of the User hosts. This only applies to Native and SAML user types. After the patch is applied, users will have all dates marked as "Unknown" until they log in and/or perform a transfer for the first time. Newly created users that have not logged in and/or performed a transfer will be shown as "No activity".
• Added support for configuring authenticator user local packaging through the REST API. The local packaging schema that was added mirrors the partner packaging schema that was already present. Note: As part of this change also made the following two corrections to the parent authenticator schema: 1) renamed the 'partnerPackaging' section to 'packaging' as the properties apply to both local and partner packaging and 2) only advanced pgp/xml encryption/decryption packaging properties are settable at the authenticator level (and are now not accepted at the authenticator user level). Refer to developer.cleo.com for details.
• Added the ability to generate a CA certificate from a OpenPGP/SSHFTP key through REST API.
• Updated the password policy to allow for minimum password lengths of up to 24.
• The File and SMB host connections now support OpenPGP, where files can be PGP-packaged (encrypted/signed/compressed/armored) when putting files and PGP-unpackaged (unencrypted/signature verified/uncompressed/unarmored) when getting files.

Enhancements - IBMMQ

• Added the ability for the IBMMQ Connector to use macros for the queue name when overriding the property.

Bug Fixes - Framework

• Fixed an issue where OpenPGP unpackaging could fail depending on the packaged file size.
• Fixed a REST API issue on newer connectors where a GET /api/ connections?includeDefaults=true request was missing defaults for common advanced properties.

Bug Fixes - SSHFTP

• Fixed a problem where a valid regular expression configured for one of the system level Client SSH FTP Pattern properties could cause no client algorithms to be listed at runtime depending on which algorithms match the regular expression.

Bug Fixes - IBMMQ

• Fixed an issue where the IBMMQ Connector would throw an error when attempting to put a file to a remote queue.

Bug Fixes - AMQP

• Fixed an issue where AMQP connector transfers would not show up in the Transfer Report. Also added 'Log Transfers For Put And Get', 'Log Individual LCOPY Results To Transfer Logging', and EOL (End Of Line) Advanced properties into the AMQP connector.

Bug Fixes - Kafka

• Fixed an issue where Kafka connector transfers would not show up in the Transfer Report. Also added 'Log Transfers For Put And Get', 'Log Individual LCOPY Results To Transfer Logging', and EOL (End Of Line) Advanced properties into the Kafka connector.

Bug Fixes - AS4

• Fixed a problem where an AS4 wsse:Security attribute was incorrect for SOAP 1.2.

Enhancements - SSH FTP

• On both the SFTP client and server sides, added support for the rsa-sha2-256 and rsa-sha2-512 public key algorithms. Note: VLProxy 3.10.0.3 is required if using VLProxy.
• A set of SSH FTP server private keys can now be configured rather than just one. A private key for each supported key algorithm is allowed, which includes ssh-rsa, ssh-dss, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, and ssh-ed25519. Note that if an ssh-rsa key is configured, the rsa-sha2-256 and rsa-sha2-512 algorithms are also enabled. The order of the keys configured dictates the order of the algorithms presented to clients. If there are already connected trading partners, recommendation is to keep the current key at the top so as to not change the key presented to the existing clients. The ssh-ed25519 algorithm is not supported in FIPS mode. Note: VLProxy 3.10.0.3 is required if using VLProxy.

Enhancements - Portal

• Added a query string parameter that can be added to the /Portal endpoint to skip the mixed mode login. The URL should be specified as '/Portal?sso=true'.
• Added a SAML authorization-specific error message for Portal.
• Added the ability for SAML users to be specificed by User hosts. To enable this feature, select 'Enable SAML for Native Users' in Administration > User Management > SAML.
• Added an Idle Timeout for Portal that will log out the user after a timeout period. The timeout can be set by going to Options >> Other >> Portal Idle Timeout. A value of -1 will disable the idle timeout.

Bug Fixes - SSH FTP

• Fixed an issue where a cleartext file sent to a mailbox configured with Partner Packaging OpenPGP Decryption and 'Allow non-OpenPGP' option would not fully transfer.

Bug Fixes - Portal

• Fixed an issue where SAML signature validation would fail if the RelayState parameter was not set.

Enhancements - SSH FTP

• On the SFTP client side, added support for the ssh-ed25519 public key algorithm. This algorithm is not supported in FIPS mode.

Bug Fixes - Framework

• Fixed an issue in VLNavigator where toggling the "Accessing raw payload from transfer reports requires Host permissions" checkbox would not enable the Apply and Rest buttons in the Native UI. Fixed an issue where the "Accessing raw payload from transfer reports requires Host permissions" setting would not be stored in the database. Updated the VLUserEntityGroupTreeAccess database table to include a new column, RawPayloadNeedsHostPermissions. VersaLex will attempt to create the column automatically. If VersaLex cannot due to permissions or some other failure, then the column must be created manually. Use "Export Database Definition..." to see the updated schema.

Bug Fixes - AS4

• Fixed a problem in the AS4 service where using the Subject Key Identifier Security Token Reference Type could result in false failures.

Major Enhancements - IBMMQ

• Added a new connector to allow integration with IBM MQ. Refer to the Info tab within the Templates > Generic > Generic IBMMQ host for more details.

Major Enhancements - SharePoint

• Added a new connector to allow integration with Microsoft SharePoint. Refer to the Info tab within the Templates > Generic > Generic SharePoint host for more details.

Enhancements - SSH FTP

• Added support for ECDSA and Ed25519 algorithms during SFTP key authentication for both client and server connections. ECDSA and Ed25519 keys can be imported or generated, but note that these can only be used with SFTP. Ed25519 is not supported in FIPS mode.
  Note: VLProxy 3.10.0.2 is required if using Cleo VLProxy.

Enhancements - Kafka

• Added four properties, 'SASL Mechanism', 'SASL Security Protocol', 'Username' and 'Password' to the Kafka Connector used to support PLAIN, SCRAM-SHA-256 and SCRAM-SHA-512 SASL mechanisms. The Kafka Connector Receiver was also updated to properly start and stop based on connector settings. Updated Kafka library to version 3.3.1. Due to this upgrade, the previous 'Client Dns Lookup' default value of 'default' has been deprecated. If this value is currently configured, the setting must be changed to either 'use_all_dns_ips' or 'resolve_canonical_bootstrap_servers_only' in order for the Kafka connector to function.

Bug Fixes - Framework

• Fixed an issue where 'System Scheme Name' property on a connector host would be cleared when syncing to another node.
• Fixed an issue where, when the VLProxy Remote Read Timeout is set higher than 150 seconds, Cleo VLProxy reverse forward connections would error out on VLProxy after 150 seconds with an IOStreamConnector exception.
  Note: VLProxy Remote Read Timeout should not be set higher than the Local Listener FTP Idle Timeout, as this can also cause IOStreamConnector exceptions on Cleo VLProxy.
• Fixed a problem where ExecuteOn for a specific mailbox was being limited to three concurrent execution threads (e.g. ExecuteOnSuccessfulReceive for a user mailbox).

Bug Fixes - SSH FTP

• Fixed a problem where the SFTP server was producing an error with each file left open on a session end. Now any open files on session end are just ignored.

Bug Fixes - AS4

• Fixed a problem that occurs when parsing an AS4 SOAP envelope. The following exception was logged when the problem occurred: "The matching wildcard is strict, but no declaration can be found for element 'ec:InclusiveNamespaces'"

Bug Fixes - Users

• When a user is cloned, the email address value is now cleared since an email address cannot be repeated.

Enhancements - Framework

• Added support for getting/setting all applicable connector host advanced properties through the REST API.

Enhancements - Portal

• Added a time picker to the Portal Transfers page so transfers can be filtered by date and time.

Bug Fixes - Framework

• Fixed an issue where the WebUI would fail to launch after a Javascript action was run on Windows.
• Fixed an issue where user mailboxes using LDAP connectors were sometimes counting an extra user against the license. This could potentially cause some licensed mailboxes to be automatically disabled.
• Fixed an issue where the DocumentDB would not start correctly if the system did not have access to the internet. Also, fixed an issue where spaces in the directory path for VersaLex on Windows would cause the DocumentDB to not start.
• Fixed a problem when generating an X509 certificate with or from an OpenPGP keyring where the master key expiration was not being set.
• Fixed a problem when re-receiving a transfer that was locally packaged where the content would be locally packaged a second time (i.e. double encrypted).
• Fixed an issue where including non-ASCII characters in the VLTransfers.ResultText database field could cause the value to be too large for the database. All entries are now truncated to the correct length regardless of included chars. 

Bug Fixes - SSH FTP

• Fixed a problem during diffie-hellman-group-exchange-sha256 key exchange where VersaLex was incorrectly ignoring a reply message, causing the next message read to be unexpected and resulting in an InvalidMessageException.

Bug Fixes - S3

• Fixed an issue that could cause a BadDigest when uploading files from the S3 connector if the incoming buffer is not divisible by 1024 bytes.

Security - Framework

• Fixed an issue where clients were able to negotiate elliptical curve ciphers outside of the VersaLex Local Listener settings. Also removed deprecated named elliptical curves from the Local Listener according to RFC 8422. Lastly, VersaLex now honors the existing Local Listener advanced property "SSL Ignore Client Cipher Preference Order" for elliptical curve ciphers as well. Note: VLProxy 3.10.0.1 is required if using VLProxy.

Security - Framework

• Cleo Harmony and Cleo VLTrader only: Removed the default OSGi HTTP listening port 8181. This port was not necessary and was not locally bound.
• VersaLex now ensures that any paths in filenames on incoming requests are ignored for protocols that do not support paths, including AS2, ebMS, RNIF, and SMTP.
• For the main VersaLex process, upgraded log4j v1 to the latest version of log4j v2.

Security - Portal

• Cleo Harmony only: When logging into Portal, the session cookie is now changed after login to help prevent session fixation attacks.
• Cleo Harmony and Cleo VLTrader only: Increased web session cookie id length to be greater than 32 characters.
• Cleo Harmony and Cleo VLTrader only: Set-Cookie header now includes the secure flag when redirecting Portal from an http connection to an https connection.

Enhancements - Framework

• Added a new property called "Accessing raw payload from transfer reports requires Host permissions" to Administrator User configuration. Setting this property to "false" allows users with the ability to view transfer reports (but without the ability to view hosts) to view or email raw payload. By default, this is set to "true" to replicate current functionality.
• When sending bundled Database Payload, added the ability for each file to use additional properties only when explicitly set in the VLOutgoingProperties table. All other settings use the defaults from the host, mailbox, or action. To enable this, set 'Clear.Set.Properties' to 'True' in the VLOutgoingProperties table for each file.
• Cleo Harmony and Cleo VLTrader only: Added support for new %resttransferid% macro. This macro can be used wherever the traditional %transferid% macro can be used, but resolves to the REST API transfer id (also known as the document DB transfer id).
• Added the ability to change the HTTP status code returned when 'Disable Basic Access Authentication for REST API Requests' is turned on.
• Cleo Harmony and Cleo VLTrader only: Added support for using SAML with a custom authentication connector. By default, the user's SAML nameId assertion attribute is verified as included in the custom auth connector's set of usernames; however, the full set of assertions are available and this verification can be further customized in the auth connector implementation itself (by overriding the 'lookupUserByAssertions' method).
• Cleo Harmony and Cleo VLTrader only: Added new Users advanced property, 'Archive Nested Subdirs'. When set on, file transfers to subdirectories within the configured upload and download folders will also be archived both to the user's and the system sent/received boxes.
• Nested ExecuteOn... commands are now supported up to three levels. An example would be an ExecuteOnFail from a failure result of an ExeucteOnCheckConditionsMet (this would be two levels).
• The Generate Report option in the admin web UI Transfers page would previously include only the information viewable from the UI grid. Now all available transfer information, such as file path, is included in the generated report. Also, a report generated from classic mode specifically now includes the file path if it is enabled in the user's group.
• Cleo Harmony and Cleo VLTrader only: If a file share has already timed out, then any subsequent scheduler failures on the file share during the configured 'Wait Time For Nonresponsive File Systems' are now logged as warnings rather than errors. This helps to cut down on email-on-fail alerts for the same file share issue.
• Added the ability to import a P12 certificate through the REST API.
• Cleo Harmony and Cleo VLTrader only: Added virtual subfolder support in Users hosts at the sub-folder level. Previously virtual subfolders could only be specified at the root level. Also added LIST-DIRS and LIST-FILES permissions to allow directories or files to show in the directory listing.
• Improved performance renaming/moving files within the same connector.

Enhancements - AS4

• Cleo Harmony only: When sending signed messages with multiple attachments, the digest references are now ordered the same as the attachments.

Enhancements - FTP

• Cleo Harmony and Cleo VLTrader only: Added a "Before Login" option on the FTP/S Explicit AUTH Required setting. The option is located in the Local Listener |FTP| tab. With this new option turned on when AUTH is required, a user must issue the AUTH command before the USER and PASS commands.

Enhancements - HTTP

• Added a new HTTP 'Save Error Response Content On Put Plus Get' advanced property, which when set on causes the response content from a PUT+GET command request to be saved to the inbox even on error responses.

Enhancements - SSH FTP

• Added an option to SSHFTP Client host named 'Ignore STAT Errors' which will ignore any FXP_STAT errors when opening a directory.
• Added system options for limiting client-side SSH FTP cipher, key exchange, mac, and public key algorithms for all client connections. Go to Administration>System>Other in the admin web UI and filter on Protocols to configure regular expressions for each algorithm.
• Cleo Harmony and Cleo VLTrader only: Improved performance of SSHFTP directory listings when VersaLex is the server on Linux.
• All negotiated algorithms are now logged at the beginning of each SFTP client and server session.
• Added support for the following SFTP algorithms: Public Key: ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa- sha2-nistp521, Key Exchange: ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, and MAC: hmac- sha2-512, hmac-sha2-256-96, hmac-sha2-512-96. The new Public Key algorithms are available on the client side only, while the new Key Exchange and MAC algorithms are available on both client and server side (although server side only applies to VLTrader and Harmony). The new Key Exchange algorithms are not available in FIPS mode.

Enhancements - ebMS

• Added an option to ebXML to modify the format of the Content-Id header.
• Added new ebMS "Allow Incoming Request With Missing Role Element" advanced property, which when enabled allows an incoming request without a role element value to be processed if it otherwise matches a configured ebMS mailbox.

Enhancements - OFTP

• Added a new OFTP host advanced property "Allow Duplicate SFIDs". Setting this property to True allows files with duplicate SFIDs to be accepted and simply log a message if a duplicate is received.
• Added support for configuring EERP timeouts and resends at the OFTP host level through two new advanced properties: 'Async EERP Timeout (minutes)' and 'Async EERP Resends'. If these values are changed from default, they override the values set in the Local Listener. The REST API has been updated with these new properties and the OFTP property 'outgoing.signEerp' was moved to 'outgoing.receipt.sign'.

Enhancements - MQ

• Added support for the following MQ SSL cipher specs: ECDHE_RSA_AES_128_GCM_SHA256 and TLS_AES_256_GCM_SHA384.

Enhancements - SMTP

• Added the ability to configure individual SMTP Proxies to use Start TLS via the property 'Use Start TLS' in the proxy configuration screen. This property defaults to 'True' to match existing functionality.

Enhancements - File

• Cleo Harmony and Cleo VLTrader only: Added ability to the File: connector to run a 'Post Processing Command' that can execute a script or command after a file has been written.

Enhancements - SMB

• Cleo Harmony and Cleo VLTrader only: Added an option 'Force Make Directories' to the SMB connector to enable the connector to create any parent folders that do not exist for the destination of a file.
• Cleo Harmony and Cleo VLTrader only: Improved performance of the SMB connector by caching file attributes for all files in a specific folder for two seconds if more than five files are accessed from that folder within ten seconds.

Enhancements - S3

• Cleo Harmony only: Added three new optional S3 connection properties: 1)'User Metadata' can be used to specify metadata key/value pairs which are added to new S3 objects, 2)'Put Object Key' is an expression used to name new S3 objects, 3)'Force Unique' forces all new S3 objects to be uniquely named. After upgrade, refer to the S3 connection |S3| and |Info| tabs for more information.
• Added support for cross-account access using AWS's AssumeRole feature in the S3 Connector.
• Added new S3 connector property, AccessControlList (ACL), for cross-account use. This new property applies the selected ACL permissions on objects PUT to a bucket.

Enhancements - GCPBucket

• Cleo Harmony only: Added support for being able to use CMEK keys in GCP buckets.
• Cleo Harmony and Cleo VLTrader only: Fixed an issue with the GCPBucket connector where not all traffic would be directed through the specified proxy. Also, introduced support for multiple proxies in the GCPBucket connector.

Enhancements - AzureBlob/GCPBucket

• Cleo Harmony only: Like the S3 connector, the AzureBlob and GCPBucket connectors now support the Pseudo Folders property which indicates whether actual folder objects are created and required for holding file objects.

Bug Fixes - Framework

• Fixed an issue where cloning a connector host that has a 'System Scheme Name' defined would break directories using the original connector's 'System Scheme Name'.
• Fixed an issue where failed DocumentDB events on disk could be attempted continuously. These events are now moved to a subfolder to allow for investigation and corrective action
• Cleo Harmony and Cleo VLTrader only: TLS v1.2 is now supported when in FIPS mode.
• Fixed an issue where api/resourceFolders endpoint would fail after a change was made to a host through the command line. This would impact the WebUI displaying the hosts.
• Cleo Harmony and Cleo VLTrader only: For the database payload feature, removed unnecessary table identifiers in a SQL UPDATE statement that was causing a syntax error on Postgres.
• Upgraded BouncyCastle library to 1.70 and upgraded JCIFS-NG library to 2.17.
• Fixed a bug where placing & or && after LREPLACE or LDELETE commands would cause the action to fail when run through the REST API.
• Cleo Harmony and Cleo VLTrader only: Fixed a bug where, when using SAML with a custom authentication connector and the email address could not be found, the mailbox name would be displayed in Portal instead. Now, the nameID is shown if email address is not found. Also, added some debug that can be turned on by enabling debug on the custom auth connector.
• Fixed an issue where generating a User certificate with a DSA key would fail.
• Fixed an issue, introduced in 5.7.0.0, where importing a User certificate with a DSA key would fail.
• Fixed an issue where connecting to the WebUI through a HTTP/s port with FIPS mode enabled would cause the web browser to report a cipher error and prevent the page from loading.
• Fixed an issue where updating a host's certificate through REST API would set the host to 'Not Ready' when the certificate is a PGP key-generated certificate.
• Cleo Harmony and Cleo VLTrader only: Fixed an issue where using a connector as the inbox/outbox for a connector would result in a NullPointerException.

Bug Fixes - AS2

• Fixed an issue where, if the AS2 Receipt-Delivery-Option header contained a username:password in the URL, it would fail to send the MDN to the trading partner.

Bug Fixes - AS4

• Cleo Harmony only: Fixed an issue where a delay in deleting files pulled through AS4 would allow the same file to be pulled multiple times.
• Cleo Harmony only: Fixed an issue where AS4 transfers would fail if schema validation was enabled. This was corrected by adding additional schemas to the Harmony AS4/schemas folder.

Bug Fixes - FTP

• Fixed a problem where, if the FTP AUTH TLS command (or variant) should throw an exception and command retries are in effect, the command would not be re-invoked.
• Fixed an FTPs Active mode issue introduced in 5.7.0.0 where, when the 'SSL Maximum Protocol Version' was set below the new maximum of 'TLS 1.3', it would fail to find an open data port in the specified range or it would fail in SSL negotiation.

Bug Fixes - HTTP

• Fixed an issue where SSL connections could fail with a NullPointerException when SSL Debug was enabled.

Bug Fixes - SSH FTP

• Cleo Harmony and Cleo VLTrader only: Fixed an issue where deleting file/folders from an SSH FTP server concurrently using SSH_FXP_REMOVE could result in the file/folder not being deleted and a ConcurrentModificationException logged to the console.
• Fixed a potential SFTP server problem where a file stat request would not return a response. This could occur after a file upload, if a file stat request from a client occurred at the same time that the file was deleted or moved by the server.
• Fixed an issue where, if the trading partner's SSH server prematurely closed a client connection during the initial protocol version negotiation, the result could be excessive CPU usage up to the configured connection timeout.
• Cleo Harmony and Cleo VLTrader only: Fixed an issue introduced in 5.6.2.8 where a zero-byte file uploaded through SFTP would not be written to disk.

Bug Fixes - SMTP

• Cleo Harmony and Cleo VLTrader only: Added SMTP server debug for inbound content type filtering. If the allowed inbound content types are being restricted and SMTP debug is turned on, the content type is logged for each file being checked.
• Cleo Harmony and Cleo VLTrader only: Fixed an issue where the VLMailc utility did not support TLS version 1.1 or higher when negotiating a secure connection.

Bug Fixes - Portal

• Cleo Harmony and Cleo VLTrader only: Fixed an issue with SAML authentication where IDP-initiated login would sometimes fail when using a Chromium-based browser.
• Cleo Harmony and Cleo VLTrader only: Fixed an issue where a user password change through Cleo Portal could be lost if an admin was updating the user's mailbox at the same time.

Bug Fixes - File

• Cleo Harmony and Cleo VLTrader only: In the File connector, for Windows, the DIR command no longer shows inaccessible directories.

Bug Fixes - SMB

• Cleo Harmony and Cleo VLTrader only: Fixed a small memory leak in the SMB connector when sending or receiving an SMB file.
• Cleo Harmony and Cleo VLTrader only: Fixed an issue where the SMB connector would fail when connecting to AS400 IFS SMB shares with the following error: "TreeID is invalid".
• Cleo Harmony and Cleo VLTrader only: Fixed a bug where VersaLex would not start up if FIPS was enabled due to an issue with the SMB connector. Also, fixed an issue with the SMB connector connecting to shares in FIPS mode.

Bug Fixes - S3

• Cleo Harmony only: Fixed a problem where an S3 directory listing would be truncated at 1000 objects.
• Cleo Harmony only: Fixed an issue where temp files could remain after a transfer when using the S3 connector on certain operating systems.
• Cleo Harmony only: Fixed an issue with the S3 connector that could prevent the UI from starting correctly.
• Cleo Harmony only: Fixed an issue where if a special character, such as a colon ':', were used in an S3 path, then a directory listing and subsequent wildcard GET would fail.
• Cleo Harmony only: Fixed a memory leak that occurred when transferring files with the S3 connector.
• S3 connectors can now be used as send/receive archive directories for local user hosts.

Bug Fixes - AzureBlob

• Fixed a bug where SFTP transfers would hang if the file was an AzureBlob and the client tried to set the file time.
• Fixed an issue where users would not be able to CD into a subdirectory of an Azure Blob connector when the Azure Blob container was set up as Data Lake Storage.