We are pleased to announce the eleventh generation of our industry leading software! You can now experience all the latest innovations designed to provide you with a business advantage.
In addition to the new software features and usability enhancements in this release, we have rearchitected the core of our software. This includes the following:
- The Security layer for greater access control and flexibility, and to address the needs of mobile users.
- The Networking layer to support new transport modes, and provide greater speeds and better scaling.
- The Database layer which has been simplified to eliminate potential bottlenecks.
- The Indexing layer to support multiple databases as well as live edit capabilities.
- Deduplication to use an in-memory database to support high availability.
Refer to the New Features list, which highlights the major new features and capabilities of our software, including a description, applicable agents, use cases, and license information. In addition, the New Features list contains information about Early Release features, which provides an advanced look at the very latest capabilities we are adding. Other topics provide a more information of everything new in in this version of the Commvault software:
Service Pack 11 Automatic Downloads Available on May 15, 2018
Service Pack 11 will be available for automatic downloads. Customers who would like to get the service pack immediately may download it manually using the instructions linked from Service Pack Installations. For customers that use the default schedules, the software automatically downloads on or after May 15, 2018.
Upgrades from previous versions are supported. When your CommServe is eligible for upgrade, you will see the Request Upgrade to V11 option in your dashboard. If you do not see the option, see Upgrades - FAQ.
For general information about upgrades, see Upgrades.
Java Runtime Environment (JRE)
Oracle has discovered an issue with some versions of their Java software. This issue prevents the CommCell Console from starting when it is accessed as a web-based application. To avoid this issue, you can install Java version 1.8.0_101 and all subsequent CPU (Critical Patch Update) versions. Do not install Java 8 Update 72, 74, 77, 91, 92, or 102 (versions 1.8.0_72, 1.8.0_74, 1.8.0_77, 1.8.0_91, 1.8.0_92, and 1.8.0_102).
CommServe Server and MediaAgents Can Be a Virtual Machine
You can use virtual machines instead of physical clients for the CommServe server and MediaAgents. Virtual machines must meet the same hardware specifications as physical clients, such as CPU, RAM, IOPs, and network requirements.
We recommend that you manage extra-large backend data (up to 400 TB) with a single extra-large MediaAgent using two DDB (deduplication database) partitions. For more information, see Deduplication Extended Mode.
For other information about CommServe server and MediaAgent sizing, see the following topics:
- Hardware Specifications for the CommServe Server
- Hardware Specifications for Deduplication Mode
- Hardware Specifications for Deduplication Two Partitioned Mode
- Hardware Specifications for Deduplication Two Partitioned Extended Mode
- Hardware Specifications for Deduplication Four Partitioned Mode
- Hardware Specifications for Deduplication Four Partitioned Extended Mode
- Hardware Specifications for Non-Deduplication Mode
- Indexing Requirements
For VMware using ESXi 6.0 EP6 (build 3825889), incremental backups that use application quiescing are equivalent to Full Backups
A known issue with VMware ESXi 6.0 EP6 (build 3825889) caused Changed Block Tracking (CBT) to return all blocks for a virtual disk, resulting in backups that were the total size of the virtual disk. This affected backup applications, including Commvault, when incremental backups were run using application consistent quiescing with CBT, for guest virtual machines running Windows 2008 or later.
Note: This issue did not result in data loss, but did increase the size and running time of incremental backups.
You can resolve this issue by applying the patch that was provided by VMware in VMware ESXi 6.0, Patch ESXi-6.0.0-20160804001-standard (2145667).
For more information, see the VMware KB article After upgrading to ESXi 6.0 Build 3825889, incremental virtual machine backups effectively run as full backups when application consistent quiescing is enabled (2145895).
Vulnerability in 7-Zip (CVE-2018-10115 )
Our engineering team has reviewed the MS-ISAC Advisory number 2018-049 and CVE-2018-10115 reports regarding the vulnerability in 7-Zip. Based on our review, we can report that Commvault software does not use RAR compression and does not allow remote execution of the 7-Zip binaries. All versions of V10 and V11 Commvault software are unaffected by this potential vulnerability.
For more information, see KB article SEC0015: A Vulnerability in 7-Zip Could Allow for Arbitrary Code Execution (CVE-2018-10115).
Apache Tomcat Vulnerability Posted by NVD
Our engineering team has reviewed the NVD posting regarding the CVE-2017-12617 vulnerability in Apache Tomcat software, as well as the response by Apache. Based on our review, we can report that the configuration used by Commvault Tomcat installations does not include the WebDav servlet and does not alter the default value of "true" for default servlet init-param "readonly". All versions of V10 and V11 Commvault software are unaffected by this potential vulnerability.
Commvault Communication Service (CVD) Command Injection Vulnerability
We reviewed the vulnerability, identified by MetaSploit, in the CVD.exe service and addressed this issue in Version 11 Service Pack 7.
For more information, see KB article CVD0006: Commvault Communication Service (CVD) Command Injection Vulnerability.
Installing Windows Updates on All Clients in a Client Computer Group
To keep your CommCell environment secure, you must stay up-to-date with all Windows operating system updates. You can use the Install Windows Updates workflow to download and install Microsoft updates on all client computers in a client computer group. Download the Install Windows Updates workflow from Commvault Store. For instructions, see Download Workflows from Commvault Store. For details about the Install Windows Updates workflow, see Install Windows Updates Workflow.
MongoDB Security Implementation
Commvault software uses the MongoDB database program to store and to retrieve comments and replies associated with Edge Drive objects. During the installation of MongoDB, Commvault enables authentication mode and updates the default user credentials with a random password. For more information about Commvault and MongoDB, see MongoDB Security, Usage, Installation, and De-installation on the Commvault knowledge base website.
Cross-protocol attack on TLS on OpenSSL using SSLv2 (DROWN)
We have reviewed the OpenSSL Security Advisory posted on March 1, 2016, and can report that our firewall code uses TLS 1.2 and therefore is unaffected by this potential vulnerability.
For Commvault Web Console or Web Server, ensure that you are using the latest version of Microsoft IIS and that SSLv2 is disabled. Refer to the following articles for more information:
Linux Kernel Vulnerability Posted by NVD
Our engineering team has reviewed the NVD posting regarding a potential vulnerability in the Linux kernel before 4.4.1, as well as the response by RedHat. Based on our review, we can report that Commvault does not use this API in our backup and recovery code, and our File Recovery Enabler for Linux uses Centos 6.x kernels, and thus our software is not vulnerable to this potential threat.
Vulnerability Posted by Software Engineering Institute – CERT Division
Commvault acts swiftly on all security risks to verify the authenticity of the risk and any required resolution of that risk for all supported versions of our software. Our engineering team has reviewed the CERT posting and we have identified a potential security vulnerability in the Web Console through our own testing. At this time, there have been no customer reports of this issue.
This vulnerability is addressed in Version 11 SP1. It is not necessary to download or install any separate Hotfix to address it.
OpenSSL Security Advisory dated 3 Dec 2015 - Update 4 Dec 2015
OpenSSL vulnerabilities CVE-2015-1794, CVE-2015-3193, CVE-2015-3194, and CVE-2015-3195 as described in OpenSSL.org's Security Advisory do not affect Commvault software.
Stack-Based Buffer Overflow Vulnerability
Our engineering team has reviewed the CERT posting on the stack-based buffer overflow vulnerability for Commvault Edge and have addressed this issue in Version 11 Service Pack 7.
For more information, see KB article SEC0013: Stack-based buffer overflow vulnerability.
Last modified: 6/21/2018 7:29:54 PM