The eleventh generation of Commvault, our industry leading software, has all of the latest innovations designed to provide you with a business advantage.
In addition to the new software features and usability enhancements in this platform release, we have rearchitected the core of our software. This includes the following:
-
The Security layer has greater access for control and flexibility, and addresses the needs of mobile users.
-
The Networking layer supports new transport modes, and provides greater speeds and better scaling.
-
The Database layer has been simplified to eliminate potential bottlenecks.
-
The Indexing layer supports multiple databases as well as live-edit capabilities.
Refer to the New Features list, which highlights the major new features and capabilities of our software, including a description, applicable agents, use cases, and license information. Other topics provide more information about the changes in this version of the Commvault software. For information, see Cumulative Information for Version 11.
To see new features and changes for recent feature releases, go to the feature release documentation (for example, "Feature Release 20") listed under "What's New".
If you are a new user of our software, start by reading the Software Overview pages, and try out our software by following the Quick Start Guide.
HyperScale X Appliance Released on July 21, 2020
Commvault HyperScaleTM X Appliance delivers Commvault’s industry leading technology in a scale-out infrastructure that simplifies hybrid cloud data protection to provide the following features:
-
Simple, flexible data protection for all workloads including containers, virtual machines, and databases.
-
Optimized scalability to easily grow as needed, on-premise and cloud environments.
-
Trusted security and resiliency including built-in ransomware protection.
For more information about the appliance, see HyperScale X Appliance.
Deployment
Beginning in Feature Release 20, the installation wizard was simplified so that the user needs to enter either the gateway hostname and port, or the CommServe server hostname and port.
Release Schedule and Lifecycles
For Commvault releases schedules and lifecycles, see Platform Release Schedule and Lifecycles.
For information about the end of support for Commvault releases, see Deprecated Releases.
Feature Release 20 Automatic Downloads Available on August 15, 2020
Feature Release 20 will be available for automatic downloads. Customers who would like to get the feature release immediately may download it manually using the instructions linked from Running Feature Release Installations Manually. For customers that use the default schedules, the software automatically downloads on or after August 15, 2020.
Maintenance Release Schedule Change
Beginning September, 2020, maintenance releases are posted on a monthly schedule.
For more information, see Feature Release Schedule and Lifecycles.
Release Versioning
In Feature Release 11.19, release versioning terms and numbering conventions were changed.
The following release versioning terms were changed:
-
"Version" was changed to "platform release".
-
"Service pack" was changed to "feature release".
-
"Hotfix pack" was changed to "maintenance release".
The release versioning numbering convention was also changed. In Service Pack 18 and older service packs, the version of the software was referred to as "Version 11" or "V11", and the service pack was referred to as "Service Pack 18" or "SP18". In Feature Release 11.19 and newer releases, the release version is expressed as a combination of the platform release, the feature release, and the maintenance release. For example, a release version of 11.19.5 refers to Platform Release 11, Feature Release 11.19, and Maintenance Release 5.
Web-Based CommCell Console Will Stop Working When Oracle Removes the Support for Java Web Start
As described in the Oracle Java SE Support Roadmap web page, Oracle will continue to provide public updates and auto updates of Java "until at least the end of January 2019 for Commercial Users". After that time, Java Web Start and the Java Plug-in will be removed and Commvault users will no longer be able to access the CommCell Console as a Java Web Start application.
Commvault users will be able to access the CommCell Console using the Java Web Start application up until the end of January 2019, and the Java deprecation warning will appear during that time. After January 2019, Commvault users will not be able to access the CommCell Console using the Java Web Start application.
After January 2019, Commvault users can access the CommCell Console only by using one of the following methods:
Security
CV_2021_08_1: Authentication Bypass Vulnerabilities on CVWebService Endpoint
Advisory ID: CV_2021_08_1
External Reporting IDs: CVE-2021-34993, CVE-2021-34994, CVE-2021-34995, CVE-2021-34996, CVE-2021-34997
Issued On: August 08, 2021
Updated On: August 08, 2021
Severity: Medium
Version: 1.0
Description
The following security vulnerabilities were reported with Commvault’s CVWebService Web Server endpoint:
-
Authentication bypass on a subset of web server APIs allows unauthorized users to download files from the web server.
-
CommCell users that do not have administrator permissions can upload files to the Download Center or to Commvault App Studio.
Affected Products
This vulnerability affects the Commvault Web Server on Service Pack 16 and Feature Releases 11.20-11.24.
Resolution
To fix these vulnerabilities, download and install the following maintenance release (or a more recent release), for your Feature Release on the CommServe and Web Server.
|
Feature Release |
Maintenance Release |
|---|---|
|
11.24 |
7 |
|
11.23 |
21 |
|
11.22 |
36 |
|
11.20 |
64 |
|
SP16 |
116 |
Acknowledgments
We acknowledge Trend Micro for reporting this issue to us.
Security Vulnerability with XML Parser
As part of our continuous Security Maintenance, we discovered a security vulnerability with the XML parser in Commvault’s CVWebService Web Server endpoint. The vulnerability allows a malicious XML payload to be inserted as an authentication token and executed as part of a denial of service, information disclosure XXE, XML External Entity attack.
Download and install the following maintenance release (or a more recent release), for your service pack level on the CommServe and WebServer.
|
Feature Release |
Maintenance Release |
|---|---|
|
SP16 |
80 |
|
SP18 |
52 |
|
SP19 |
38 |
|
11.20 |
27 |
Note
SP17 has reached the end of life phase. You must plan an upgrade to 11.20 feature release.
If you have any questions, contact Customer Support.
Vulnerability with Carbon Black Software
The Carbon Black software interferes with the proper functioning of the Commvault software by locking up binaries.
As a work around, exclude the Commvault installation, job results, index cache, and data folders from monitoring.
Examples:
-
C:\Program Files\Commvault\ContentStore
-
C:\Program Files\Commvault\ContentStore\iDataAgent\JobResults
-
C:\Program Files\Commvault\ContentStore\index cache
-
E:\Data
Security Vulnerability with Viewing Log files
The following hotfix packs, dated March 12, 2020, contain a fix for a security vulnerability that is related to viewing log files in the CommCell environment. With this fix, viewing log files is limited to the log files folder only.
Download and install the hotfix pack, dated March 12, 2020 (or later), for your service pack level on all the clients in the CommCell environment.
The security vulnerability does not exist in Feature release 11.19 and later releases.
|
Service Pack |
Hotfix Pack Number |
|---|---|
|
SP14 |
14.68 |
|
SP15 |
15.58 |
|
SP16 |
16.44 |
|
SP17 |
17.29 |
|
SP18 |
18.13 |
Commvault Ransomware Protection Is Safe from RIPlace
The Commvault ransomware protection feature is not affected by the RIPlace bypass technique that was recently reported about in the news. For more information about RIPlace and Commvault, see Commvault’s Ransomware Protection Is Safe From RIPlace.
For more information about the Commvault ransomware protection feature, see Ransomware Protection.
Security Vulnerability With MongoDB Versions
Commvault has reviewed the security concerns with MongoDB versions as reported in CVE-2016-6494, and recommends that you upgrade the MongoDB instance installed by the Commvault software as described in the KB article SEC0019:Security Vulnerability Issues with MongoDB Versions.
Deprecation and End-of-Life
Infinishare for SharePoint Support Is Ending
Beginning in Service Pack 14, the SharePoint Server Agent will not support Infinishare for SharePoint.
Microsoft SharePoint Storage Manager Support Is Ending
Beginning in Service Pack 14, the SharePoint Server Agent will not support Microsoft SharePoint Storage Manager.
Microsoft SharePoint Server 2007 Support Has Ended
Beginning in Service Pack 13, the SharePoint Server Agent does not support Microsoft SharePoint Server 2007.
SharePoint Server Agent Direct Database Access Support Has Ended
Beginning in Service Pack 13, the SharePoint Server Agent does not support the direct database access option.
Support for the memdb Option with the SIDB2 Tool Has Ended
Beginning in Feature Release 19, the SIDB2 tool does not support the use of the memdb option that can convert a deduplication database to a transactional deduplication database.
Support for AIX 5.2 and AIX 5.3 TL 05 or higher, 32-bit is Ending
Beginning in Feature Release 21, support for AIX 5.2 and AIX 5.3 TL 05 or higher, 32-bit is ending. These platforms will be deprecated in 11.21, but will be on extended support up to and including 11.22, using 11.20 media.
Support for Z-Linux - Linux on zSeries (System z9/z10), s390 31-bit is Ending
Beginning in Feature Release 21, support for Z-Linux - Linux on zSeries (System z9/z10) 31-bit is ending.
End of Support for Windows 2008 and Windows 2008 R2
Newer versions of Windows include important performance, stability, and reliability improvements. Therefore, new installations on Windows 2008 and Windows 2008 R2 are not supported for the following Commvault platforms:
-
CommServe
-
MediaAgent
-
Web Console
-
Web Server
-
Workflow
-
Metrics Report
-
Search Engine and Analytics
Support for existing deployments is now discontinued. You should plan to upgrade the operating system in the near future, to maintain supportability and to take advantage of the improvements offered with newer versions of Windows.
Support for Windows Server 2012 and Windows Server 2012 R2 Has Ended
Beginning April 15, 2022, support for these products has ended for the following Commvault platforms:
-
CommServe
-
Web Server
Support for Microsoft SQL Server 2012 and Microsoft SQL Server 2014 Has Ended
Beginning April 15, 2022, support for these products has ended for the following Commvault platforms:
-
CommServe
-
Web Server
For more information on upgrading Microsoft SQL Server, see Upgrading Microsoft SQL Server Editions.