Page History
Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Here's what's new with the Perspectium products
Divbox | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||
ServiceNow GlideEncrypter API Deprecation Click here for more information on our plans with the Perspectium Core application as ServiceNow deprecates the GlideEncrypter API. Meshlets configuration change and security fixes for Spring 2024 vulnerabilities (CVE-2024-22262, CVE-2024-22259 and CVE-2024-22243) To fix these vulnerabilities and upgrade to the latest Spring libraries, there is a required change to the meshlet's application for ServiceNow Helium releaseThe Helium release of the Perspectium application for ServiceNow is available. See the release notes for what's new, enhanced or fixed for the Helium release! DataSync Agent Helium release The Helium release for DataSync Agent is available.See the release notes for what's new, enhanced or fixed for the Helium release!.yml configuration file. See DataSync meshlets and ServiceBond meshlets for more information. Spring Framework Vulnerability Issue The vulnerability impacts Spring MVC and Spring WebFlux applications running on JDK 9+. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. This vulnerability does NOT impact our current DataSync Agent and the variety of Meshlets we offer. In our DataSync Agent, we don't explicitly include spring-webmvc or spring-webflux as a dependency, but it does come with the spring-webflux and spring-webmvc jars and both are versions 5.3.7. This is due to other Spring libraries we include that in turn include the spring-webmvc and spring-webflux libraries. As a result, these libraries are included when we build our official releases of the Agent. In addition, our Agent is not packaged as a WAR nor does it run Tomcat as the Servlet container so it isn't able to be exploited per above. It is run as its own executable jar. The same applies for our Meshlets as they are run as a Spring Boot executable jar so they can't be exploited per the above either. Log4j Vulnerability Issue A solution is now available to help with the vulnerability issue found in the Log4j library. This solution is one of the recommended remediations made by the Apache team. The fix is accomplished by removing the impacted class (JndiLookup.class) and rebuilding the jar file. This is the most expeditious approach to getting a reliable and safe solution. The other common approach of updating to the 2.16.0 version of the jar file requires significantly more time to rebuild and fully test. This will be done in the next planned maintenance release, Iodine 7.0.1.
ServiceNow Slow Queries Flow Issue If you are upgrading to Paris Patch 8 or Quebec Patch 3 and using Flow with Dynamic Shares, you may experience a slow queries issue affecting your instance's performance. This is due to a regression issue with UI actions that interact with the sys_flow_plan_context_binding table. To resolve this issue, see ServiceNow Support's KB0960538 where a workaround is provided. ServiceNow Quebec GlideEncrypter issue In ServiceNow instances with Quebec, obfuscated fields values such as passwords are altered due to issues with GlideEncrypter. This issue will occur for all versions of the Perspectium application for ServiceNow. ServiceNow has an open problem (PRB1480906) in their system for this issue. If your ServiceNow instance has this issue, contact ServiceNow Support to re-install the Key Management Framework (KMF) plugin after upgrading to Quebec.
|
ServiceNow Slow Queries Flow Issue
UI Expand | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
|
Html-bobswift |
---|
<style> #title-text { display: none; } </style> |