We are pleased to announce the eleventh generation of our industry leading software! You can now experience all the latest innovations designed to provide you with a business advantage.
In addition to the new software features and usability enhancements in this release, we have re-architected the core of our software. This includes the Security layer for greater access control and flexibility, and to address the needs of mobile users; the Networking layer to support new transport modes, and provide greater speeds and better scaling; the Database layer which has been simplified to eliminate potential bottlenecks; the Indexing layer to support multiple databases as well as live edit capabilities; and Deduplication to use an in-memory database to support high availability.
Refer to the Newsletter, which highlights the major new features and capabilities of our software, including a description, applicable agents, use cases, and license information. In addition, the newsletter contains information about Early Release features, providing an advanced look at the very latest capabilities we are adding. The following pages will provide a comprehensive survey of everything new in this release:
Service Pack 7 Automatic Downloads Available on April 15, 2017
Service Pack 7 will be available for automatic download on April 15th, 2017. Customers who would like to get the service pack immediately may download it manually using the instructions linked from Service Pack Installations.
Upgrades from previous versions are supported. When your CommServe is eligible for upgrade, you will see the Request Upgrade to V11 option in your dashboard. If you do not see the option, see Upgrades - FAQ.
For general information about upgrades, see Upgrades.
Oracle has discovered an issue with some versions of their Java software. This issue prevents the CommCell Console from starting when it is accessed as a web-based application. To avoid this issue, you can install Java version 1.8.0_101 and all subsequent CPU (Critical Patch Update) versions. Do not install Java 8 Update 72, 74, 77, 91, 92, or 102 (versions 1.8.0_72, 1.8.0_74, 1.8.0_77, 1.8.0_91, 1.8.0_92, and 1.8.0_102).
For VMware using ESXi 6.0 EP6 (build 3825889), incremental backups that use application quiescing are equivalent to Full Backups
A known issue with VMware ESXi 6.0 EP6 (build 3825889) caused Changed Block Tracking (CBT) to return all blocks for a virtual disk, resulting in backups that were the total size of the virtual disk. This affected backup applications, including Commvault, when incremental backups were run using application consistent quiescing with CBT, for guest virtual machines running Windows 2008 or later.
Note: This issue did not result in data loss, but did increase the size and running time of incremental backups.
You can resolve this issue by applying the patch that was provided by VMware in VMware ESXi 6.0, Patch ESXi-6.0.0-20160804001-standard (2145667).
For more information, see the VMware KB article After upgrading to ESXi 6.0 Build 3825889, incremental virtual machine backups effectively run as full backups when application consistent quiescing is enabled (2145895).
Installing Windows Updates on All Clients in a Client Computer Group
To keep your CommCell environment secure, you must stay up-to-date with all Windows operating system updates. You can use the Install Windows Updates workflow to download and install Microsoft updates on all client computers in a client computer group. Download the Install Windows Updates workflow from Commvault Store. For instructions, see Download Workflows from Commvault Store. For details about the Install Windows Updates workflow, see Install Windows Updates Workflow.
MongoDB Security Implementation
Commvault software uses the MongoDB Enterprise 3.0.2 database program to store and to retrieve comments and replies associated with Edge Drive objects. During the installation of MongoDB, Commvault enables authentication mode and updates the default user credentials with a random password. For more information about Commvault and MongoDB, see MongoDB Security, Usage, Installation, and De-installation on the Commvault knowledge base website.
Detecting Ransomware Malware
Ransomware is a type of malware that restricts access to infected computers and demands that the user make a payment to the malware operators to remove the restriction.
Commvault detects the presence of Ransomware malware on your client computer.
Commvault notifies the CommCell Console administrator immediately by displaying the following event message:
Detected a possible Ransomware attack. Please verify the data on the machine.
This message helps you to investigate the attack on the affected computer and prevents long term damage. The predefined Ransomware alert is configured, and it sends an email to the administrator when ransomware is detected. To remove infected files from the network, you can trigger a workflow based on the Ransomware alert. For more information on alerts and workflows, see Alerts and Notifications - Predefined Alerts and Workflow: Overview.
Cross-protocol attack on TLS on OpenSSL using SSLv2 (DROWN)
We have reviewed the OpenSSL Security Advisory posted on March 1, 2016, and can report that our firewall code uses TLS 1.2 and therefore is unaffected by this potential vulnerability.
For Commvault Web Console or Web Server, ensure that you are using the latest version of Microsoft IIS and that SSLv2 is disabled. Refer to the following articles for more information:
Linux Kernel Vulnerability Posted by NVD
Our engineering team has reviewed the NVD posting regarding a potential vulnerability in the Linux kernel before 4.4.1, as well as the response by RedHat. Based on our review, we can report that Commvault does not use this API in our backup and recovery code, and our File Recovery Enabler for Linux uses Centos 6.x kernels, and thus our software is not vulnerable to this potential threat.
Vulnerability Posted by Software Engineering Institute – CERT Division
Commvault acts swiftly on all security risks to verify the authenticity of the risk and any required resolution of that risk for all supported versions of our software. Our engineering team has reviewed the CERT posting and we have identified a potential security vulnerability in the Web Console through our own testing. At this time, there have been no customer reports of this issue.
This vulnerability is addressed in Version 11 SP1. It is not necessary to download or install any separate Hotfix to address it.
OpenSSL Security Advisory dated 3 Dec 2015 - Update 4 Dec 2015
OpenSSL vulnerabilities CVE-2015-1794, CVE-2015-3193, CVE-2015-3194, and CVE-2015-3195 as described in OpenSSL.org's Security Advisory do not affect Commvault software.
Stack-Based Buffer Overflow Vulnerability
Our engineering team has reviewed the CERT posting on the stack-based buffer overflow vulnerability for Commvault Edge and have addressed this issue in Version 11 Service Pack 7.
For more information, see KB article SEC0013: Stack-based buffer overflow vulnerability.