Wikis - Page

OpenText Fortify ScanCentral SAST Patch Release Notes 23.2.1

0 Likes

OpenTextTm Fortify Software v23.2.1
Fortify ScanCentral SAST Patch Release Notes
Document Release Date: December 21, 2023
Software Release Date: December 21, 2023

Products and/or Components Updated with this Patch
OpenText Fortify ScanCentral SAST

Fixes

ScanCentral Controller

  • Running the ScanCentral Controller Migration Script
  • Updated the Tomcat server to 9.0.84 to address CVE-2023-46589

ScanCentral Client

  • Fixed ScanCentral Client issue where a “Path component should be ‘/’” error occurred when -diag is specified
  • Fixed job assignment issue when a job requires SCA’s .NET Framework version’s aspcodegen.exe

ScanCentral Controller

Running the ScanCentral Controller Migration Script

If upgrading from a previous version (pre-23.2.0) of the Controller, you must run the migration script. You only need to run the migration script if upgrading from a version earlier than 23.2.0.

To upgrade the Controller to 23.2.1:

  1. (Recommended) Allow all jobs to finish.

            Place the Controller in maintenance mode so that sensors complete all currently running scans.

  1. Shut down the Controller.
  2. Install the new Controller in a different location from the existing Controller directories.

           If you plan to install the Controller as a Windows or Linux service, make sure that you install the Controller in a directory
           where the local service (Windows) or the user or group using the service (Linux) has access.

       4. If your existing config.properties file has been modified, you must manually apply any changes you made to the                                                       new config.properties file. You cannot simply copy the existing config.properties file.

  1. If you are upgrading your Controller from a 23.1.x or earlier version to version 23.2.1, run the migration script as follows.

    a. Navigate to the new 23.2.1 Controller installation directory.
    b. Open a command prompt and navigate to the db-migrate directory.
    c. Identify the cloudCtrlDb and Controller directories for the older (existing) Fortify ScanCentral SAST version. In the following example, the      existing Controller was installed on a Windows system in the C:\scancentral23.1.0 directory:
       
       C:\scancentral23.1.0\tomcat\cloudCtrlDb

       C:\scancentral23.1.0\tomcat\webapps\scancentral-ctrl

             d. Run the following command.

                 This command includes the example directories shown in the preceding step.

        migrate C:\scancentral23.1.0\tomcat\cloudCtrlDb
        C:\scancentral23.1.0\tomcat\webapps\scancentral-ctrl

                     The cloudCtrlDb directory is generated in the current working directory.

          Navigate to the jobFiles and cloudCtrlDb directories of the existing Controller, and then copy them to the corresponding
          directories for the new Controller. To change these directories, edit the job_file_dir and db_dir properties
          in the config.properties file (see “Configuring the Controller” in the OpenTextTm Fortify ScanCentral SAST
          User Guide
).       

          Important! If you migrated the database (Step 5), make sure that you copy the migrated database (cloudCtrlDb directory)
          to the new Controller installation directory.

  1. Start the new Controller.

           The database is automatically migrated.

        7. (optional) Remove/archive the previous version of the Controller.

ScanCentral Client

Fix the job assignment issue when a job requires SCA’s .NET Framework version’s aspcodegen.exe:

If you are using Fortify SCA 23.2.0 as a Windows Sensor, upgrade the Fortify ScanCentral Client in the Fortify Fortify Static Code Analyzer installation to this 23.2.1 patch version. If you have auto update enabled, it should upgrade to this patch automatically the next time you start the Sensor. Otherwise, manually upgrade the ScanCentral Client files by copying the bin and Core directories from the Fortify_ScanCentral_Client_23.2.1_x64 zip to the Fortify Static Code Analyzer 23.2.0 installation directory (overwrite the files).

Important! Prior to copying the files, make sure to save the existing worker.properties and client.properties files in the Core/config directory so you can re-apply those values in the new files.

Documentation

No changes have been made to other documentation. Refer to the documentation for the 23.2.1 release.

Support

If you have questions or comments about using this product, contact Customer Support.

When contacting Customer Support, provide the following product information:

Software Version: 23.2.1
Software Release Date: December 21, 2023

To manage your support cases, acquire licenses, and manage your account: https://www.microfocus.com/support

Legal Notices

Open Text Corporation
275 Frank Tompa Drive, Waterloo, Ontario, Canada, N2L 0A1

Copyright Notice

Copyright 2023 Open Text.

The only warranties for products and services of Open Text and its affiliates and licensors (“Open Text”) are as may be set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Open Text shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.

Trademark Notices

“OpenText” and other Open Text trademarks and service marks are the property of Open Text or its affiliates. All other trademarks or service marks are the property of their respective owners.

Comment List
Related
Recommended