10.5.5 - Release Notes - Micetro

Micetro Release Notes
ft:locale
en-US
Product name
Micetro

December 5, 2023

Known Issues

Issue: Micetro Unable to Locate Python Executable with Spaces in Path

Micetro experiences difficulty locating the Python executable when the PythonExecutablePath preference points to a path that contains spaces, impacting external and LDAP authentication configurations.

Workarounds:

  • Add the Python path to the PATH environment variable in Windows.

    -OR-

  • Encase the PythonExecutablePath preference value with quotation marks on either side. Example: <PythonExecutablePath value="&quot;C:\Path with spaces\python.exe&quot;"/>

Improvements

  • Enhanced Session ID Algorithm: We’ve updated the algorithm for generating session IDs. It now uses non-deterministic random values that are automatically seeded from the underlying OS, improving security and unpredictability. This improvement addresses the security vulnerability outlined in CVE-2023-4080.
  • Script Name Fields: The script name fields (Admin > Configuraiton > Event Hoots) now only accept script names and validate the existence of the script in a folder named "scripts" under Central's data folder. Default paths are "C:\ProgramData\Men and Mice\Central\scripts" on Windows and /var/mmsuite/mmcentral/scripts on Linux. This improvement addresses the security vulnerability outlined in CVE-2023-4079.

    While existing values for script names will continue to function, updating the value requires moving referenced scripts to the scripts folder before they can be selected in the UI.

    The system setting "Folder for scripts to be run from the API" (RunCommandsFromDirectory) has been deprecated. The current value remains functional but cannot be modified, only cleared. The default value is the scripts folder mentioned above. Scripts invoked through the RunCommand API should also be moved to the scripts folder.

    The 'parameters' argument to the RunCommand API has been deprecated.

    While these changes are not breaking, administrators are advised to take necessary actions, as all script invocations are expected to be limited to the scripts folder in a future major release.

Bug Fixes

  • Resolved an issue where SNMP profiles were not displayed in the table when the number of profiles exceeded a specific threshold.
  • Fixed an issue where records in recently promoted AuthServe zones could not be edited.
  • Addressed an error where the importing of host records for IP addresses would fail.
  • Resolved slowness issues when deleting a zone with a few records from AuthServe. Improved performance when deleting a zone on a Central with a PostgreSQL database.
  • Various bug fixes and improvements.