Release Notes

WALLIX Bastion 7.0 hotfix 3

Reference: https://doc.wallix.com/en/bastion/7.0/rn-en-7.0.3.pdf
Date: 2019-07-24
Copyright © 2019 WALLIX
Notes
Release
–
3
hotfix
7.0
Bastion
WALLIX
Contents
1. New functionalities and improvements 3
1.1. GUI 3
1.2. Storage of session recordings 3
1.3. RDP sessions 4
1.4. SSH sessions 4
1.5. WALLIX Bastion REST API Web Services 4
1.6. SCIM REST API Web Services 5
1.7. Audit 5
1.8. Plugins 6
2. Changes by corrective level 7
Improvements and fixes in WALLIX Bastion 7.0 hotfix 3 7
Improvements and fixes in WALLIX Bastion 7.0 hotfix 2 7
Improvements and fixes in WALLIX Bastion 7.0 hotfix 1 8
Improvements and fixes in WALLIX Bastion 7.0 9
3. Hardware requirements 13
4. Deploying on a virtual environment 14
5. Upgrading to WALLIX Bastion 7.0 15
5.1. Accessing the upgrade 16
5.1.1. Prerequisites 16
5.1.2. Retrieving the ISO image 16
5.1.3. Creating a USB key from the ISO image 16
5.2. Upgrade from WAB 5.0 or higher version 17
5.2.1. Transferring the upgrade image to Bastion 17
5.2.2. Upgrading a standalone Bastion 18
5.2.3. Upgrading a High Availability cluster 19
5.2.3.1 Prerequisites 19
5.2.3.2. Process sequence 19
5.2.3.3. Procedure 20
6. Known issues 21
7. Compatibility with third-party software 22
8. List of installed packages 23
WALLIX Bastion 7.0 hotfix 3 – Release Notes

1. New functionalities and improvements

This version includes all the improvements and new functionalities from WALLIX Bastion 6.0, reminded in
sections below. The following main improvements and new functionalities have been implemented in
WALLIX Bastion version 7.0.

• #18401: The User groups and Target groups rights have been implemented for profiles
• #18709: The REST API versions 2.0 and 2.1 are deprecated and then no longer available for this
version of WALLIX Bastion
• #19995: Add fields in GUI configuration options for RDP and SSH files to specify the WALLIX
Bastion's FQDN or IP address to which the user will be redirected to when accessing a target
• #20635: Add the possibility to generate an SSH private key for accounts in REST API version 2.4

1.1. GUI
• Addition of a warning message on the login screen for compliance with GDPR. This message can be
customized and translated via "Configuration" > "Connection Parameters".
• The "External Authentications" page has been redesigned for LDAP authentication to support
StartTLS and SSL encryption.
• The "Domains" page related to the creation of a global domain has been redesigned to support the
association of a password external vault with the domain.
• Addition of the "Password Vault Plugins" page including the "Bastion" external password vault plugin
to connect and use the password vault provided by a WALLIX Bastion.
• Inclusion of the protocol version for CIFS and NFS file systems on the "Remote Storage" page.
• Addition of the "Session log policy" page to set the actions carried out by the script launched daily in
a cron job to export and/or purge automatically session recordings stored on local or remote storage.
• The "SNMP" page has been redesigned to support configuration of both SNMPv2 and SNMPv3
agents. When installing WALLIX Bastion, the SNMPv2 agent is disabled by default whereas the
SNMPv3 agent is enabled by default. When upgrading from WALLIX Bastion 6.0.x to WALLIX
Bastion 6.1, the SNMPv2 agent is enabled by default only if it has previously been configured. The
SNMPv3 agent is enabled by default.
• The following data can be edited: the user name, device name, application name, cluster name and
external authentication name.
• The German online help is available for the Administrator or the User connected with German set as
preferred language.
• NTLM authentication method can be selected from the SMTP server configuration page.
• A default timeout is defined for LDAP and RADIUS external authentications.
• A service using RAW TCP/IP protocol can defined on the device.
• The PingID authentication is added on the external authentication configuration page.
• Two-factor authentication (2FA), available after LDAP authentication, is implemented on the WALLIX
Bastion login screen, but also RDP and SSH proxies.
• Second authentication can be selected from the LDAP/AD domain configuration page.

1.2. Storage of session recordings

• Enhancement of script "WABSessionLogExport" to export and/or purge session recordings stored on
local or remote storage.

3
WALLIX Bastion 7.0 hotfix 3 – Release Notes

• Inclusion of a new script launched daily in a cron job to export and/or purge automatically session
recordings stored on local or remote storage. The actions carried out by this script can be set on the
"Session log policy" page from the configuration options.
• Addition of a new script called "bastion-traceman" to move local session recordings to remote
storage.

1.3. RDP sessions

• Addition of options in RDP connection policy to enable/disable NLA and Kerberos authentications.
• Addition of a warning message on the RDP proxy login screen for compliance with GDPR. This
message can be customized and translated via "Configuration" > "Connection Parameters".

1.4. SSH sessions

• Addition of a warning message on the SSH terminal during authentication for compliance with
GDPR. This message can be customized and translated via "Configuration" > "Connection
Parameters".
• Support of SOCKS proxy in the SSH connection policy.

1.5. WALLIX Bastion REST API Web Services

• A new WALLIX Bastion REST API version is available: REST API 2.3. This version includes the
latest updates. For further information, please refer to the REST API documentation available online:
https://bastion_ip_address/api/doc. The REST API version 2.2 is also available and remain
unchanged.
• The method GET /targetpasswords/extendcheckout has been added to extend the password
checkout duration on an account.
• Password vault plugins and related parameters are added to the resource "Domains".
• External vault concept has been removed from resources "Application Accounts" and "Device
Accounts".
• The resource "Accounts" has been added with the method GET /accounts to list all accounts or get
only a specific one. The query string parameter "passwords" is implemented to this method to return
the credentials. These latter are fully displayed. This requires the Password Manager license, the
"Credential recovery" right must be enabled in the profile of the user logged on the API and the
"Credential recovery" option must be enabled in REST API configuration.
• The method GET /sessions/snapshots has been added to get the latest the snapshot of a running
session as a PNG image for an RDP session or a JSON content for an SSH session.
• The method POST/approvals/requests/cancel has been added to allow a user to cancel his/her
approval requests.
• The method GET /targetpasswords/checkin has been enhanced with two query string parameters:
"force" and "comment" to allow an auditor to force credential check-in. In this case, a comment is
required.
• The resource "External Authentications" has been enriched with new fields to support LDAP external
authentication improvements.
• The Location element of the object created by a POST request is returned.
• The resource "Targets" has been added to list all targets.
• The message "ACCOUNT_NOT_LOCKABLE" was formerly sent back by the REST API (from
version 2.0) when it was not possible to lock the account. This error is no longer displayed and now
the answer is OK.

4
WALLIX Bastion 7.0 hotfix 3 – Release Notes

• A new WALLIX Bastion REST API version is available: REST API 2.4. This version includes the
latest updates. For further information, please refer to the REST API documentation available online:
https://bastion_ip_address/api/doc. The REST API versions 2.2 and 2.3 are also available and
remain unchanged.
• A new search system supporting multiple operator types on multiple values and fields has been
implemented.
• The resource "devices/services" has been enriched with the RAWTCPIP protocol.
• The resource "apiauthentications" has been added to list the authentications currently supported on
the REST API.
• The method GET /preferences has been enriched with new fields to return the profile's rights and
limitations.
• The field "authorize_password_retrieval" is now set to "true" by default in the resource
"authorizations" to enable password checkout.
• The resource "ldapdomains" has been added to manage LDAP domains.
• The resource "connectionmessages" has been added to get and set messages at connection time.
• The method POST /syslog writes the source IP in the syslog message when initiating sessions
through Access Manager.
• The method PUT /applications allows to edit the application name.
• The method PUT /clusters allows to edit the cluster name.
• The method PUT /devices allows to edit the device name.
• The method PUT /externalauths allows to edit the external authentication name.
• The method PUT /users allows to edit the user name.
• The method POST /approvals/assignments/cancel has been added to allow the approver to cancel
an accepted request.
• X-Session HTTP headers are implemented to manage session-less requests.
• The method DELETE /domains/accounts/resource has been added to allow deletion of a resource
from the account.
• The method GET /statistics has been added to get statistics related to WALLIX Bastion usage on a
given period (such as the number of simultaneous primary/secondary connections, etc.).
• Bulk updates are supported to allow sending of multiple requests (POST/PUT/DELETE) in a single
HTTP request.

1.6. SCIM REST API Web Services

• A new SCIM REST API (version 2.0) is available. For further information, please refer to the REST
API documentation available online: https://bastion_ip_address/scim/doc
• The method PUT /Users allows to edit the user name.
• X-Session HTTP headers are implemented to manage session-less requests.

1.7. Audit
• The size of the session recordings is displayed on the "Session History" page.
• When the auditor adds comments on the "Session History" page ("Description" area), this action is
logged in the WALLIX Bastion audit log.
• When the auditor displays the detail of a "pending" request on the "Approval History" page, this
action is logged in the WALLIX Bastion audit log.

5
WALLIX Bastion 7.0 hotfix 3 – Release Notes

1.8. Plugins
• API version 1.2.1 has been set for plugins.
• Support of CyberArk external vault plugin.

6
WALLIX Bastion 7.0 hotfix 3 – Release Notes

2. Changes by corrective level

This version includes all the improvements and fixes implemented from WALLIX Bastion 6.0. The
following improvements and fixes have been implemented in WALLIX Bastion 7.0.

Improvements and fixes in WALLIX Bastion 7.0 hotfix 3

• #21003: Allow configuration of default gateway in DHCP
• #21395: Implement display of actions during upgrade on the terminal
• #21423: Issue due to upload of erroneous data when launching command WABX509Setup
• #21751: Authentication failure when the same LDAP domain is declared multiple times in LDAP/AD
domains
• #21793: Failure to authenticate as "admin" after installation
• #21830: Issue when using wildcard symbols with the query string parameter "q" in REST API
• #21834: Issue when using the query string parameter "limit" in REST API for resources "Session
Rights" and "Password Rights"
• #21840: Unable to use wildcard symbol "*" for specific search with the query string parameter "q" in
REST API
• #21841: Issue when using the query string parameter "q" in REST API for resources "Session
Rights" and "Password Rights"
• #21843: Add connection policy option to convert RemoteApp session to Alternate Shell session for
WALLIX Access Manager
• #21861: Issue in REST API when using GET and DELETE methods for resource "Accounts"
• #21865: Failure to authenticate on REST API using X509 authentication with LDAP server
• #21874: Issue when using the query string parameter "fields" in REST API 2.4 for resource "Ldap
Domains"
• #21883: Issue on character displayed at the end of line on the RDP proxy login screen
• #21909: Refine X509 authentication with LDAP server
• #21935: Database issue after upgrade
• #21939: Issue when accessing RDP session recordings
• #21961: CVE-2019-9896 - Security issue related to PuTTY: upgrade WALLIX-PuTTY to version
0.71.3 for WALLIX Bastion 6.0 and 7.0

Improvements and fixes in WALLIX Bastion 7.0 hotfix 2

• #21768: Unable to list approval requests to process for users with auditor or approver+auditor profile
rights
• #21760: Rename field "Check SAN x509v3 email" into "X509 authentication" in .CSV file for
LDAP/AD domains
• #21745: Issue on menu when connecting using Kerberos authentication
• #21726: Issue on the authorization when deleting all accounts in the related target group
• #21775: Issue when authenticating on LDAP/AD domain set as the default domain
• #21758: Issue when using the query string parameter "fields" in REST API 2.2 for field
"plugin_parameters" in resource "Domains"

7
WALLIX Bastion 7.0 hotfix 3 – Release Notes

• #21755: Issue with extra field "plugin_parameters" displayed when using the query string parameter
"fields" in REST API 2.2 in resource "Application local domains"
• #21743: Unable to display the "SIEM Integration" menu at first login after reboot

Improvements and fixes in WALLIX Bastion 7.0 hotfix 1

• #20063: Issue on domain used for secondary connection with vault transformation rule
• #20582: Issue on SIEM log for failed SSH connections
• #20930: Unable to authenticate for AD users using "mail" field as ID
• #21049: Failure to change SSH key when $HOME is not in /home
• #21050: Failure for SSH key reconciliation on Unix Plugin using sudoers accounts
• #21129: Issue when creating a global domain associated with an external vault
• #21155: Issue on keyboard inputs containing "*" when searching in session metadata
• #21198: Unable to open application when approval workflow is enabled
• #21199: Fix RDP session flickering in real-time view under Firefox browser
• #21208: Issue during boot for WALLIX Bastion deployed on AWS
• #21213: Implement logging of checkbox status for Session Probe metadata
• #21224: Issue when upgrading from WALLIX Bastion version 6.0.20.5
• #21235: Issue when sending public SSH key using method PUT /preferences
• #21248: Issue during upgrade
• #21253: Issue for X509 authentication with LDAP server
• #21312: Issue when disconnecting from the RDP session
• #21325: Issue to retrieve password when launching the application using Account Mapping
• #21338: Issue when launching command WABBackupPurge
• #21349: Issue due to the SSH public key when connecting to an SSH session using Account
Mapping
• #21365: Unable to mask out keyboard input in RDP session metadata
• #21370: Failure to access VMRC through RDP session
• #21375: Issue on password change related to option "Automatic SSH key change"
• #21386: Performance issue on REST API using query string parameter "q" for the object
"domains_accounts"
• #21389: Issue when using the query string parameter "fields" in REST API 2.2 for resource
"Applications"
• #21390: Issue when using the query string parameter "fields" in REST API
• #21391: Issue when using the query string parameter "fields" in REST API 2.2 for resource "Devices"
• #21402: Issue when using the query string parameter "q" in REST API for resource "Applications"
• #21405: Issue in logs when trying to authenticate with a locked user
• #21420: Issue when using the query string parameter "fields" in REST API 2.2 for field
"plugin_parameters" in resource "Domains"
• #21422: Issue when using the query string parameter "fields" in REST API 2.2 for field
"external_vault" in resource "Domain Accounts"
• #21489: Issue in REST API for approval request outside timeframe

8
WALLIX Bastion 7.0 hotfix 3 – Release Notes

• #21494: Issue on approval request outside group timeframe

• #21504: Performance issue when running script bastion-traceman
• #21521: Issue when generating video for recorded session
• #21523: Implement data collection for Web navigation in Session Probe
• #21542: Issue with command WABGuiAddCRL in documentation
• #21557: Target connection issue with OTP for RADIUS authentication used as a second factor after
first authenticating via AD
• #21568: Installation failure from ISO
• #21599: Force check-in action for the credentials of an account is available for proxy connections.
However ongoing connections will not be closed when this action is performed.
• #21604: Add fields "x509_condition" and "x509_search_filter" in REST API 2.4 for resource "LDAP
Domains"
• #21605: Add fields "X509 matching condition" and "X509 LDAP search filter" in "LDAP/AD Domains"
page
• #21616: Issue with option "Enable password checkout" in the authorization for the scenario account
• #21641: Implement edition of some data of an account being checked out on the Web interface and
REST API
• #21648: Issue when using the query string parameter "limit" in REST API 2.2 on GET /users
• #21689: Issue on field "user_group" in REST API 2.4 for method GET /ldapmappings
• #21705: Issue with force check-in action when restarting WALLIX Bastion
• #21713: Add fields "x509Condition" and "x509SearchFilter" in .CSV file for LDAP/AD domains
• #21720: Issue when using the query string parameter "q" in REST API for field "description" in
resource "Authorizations"

Improvements and fixes in WALLIX Bastion 7.0

• #11255: Failure to backup or restore directory /var/wab/apache2
• #15084: Wrong message after running command WABSessionLogIntegrityChecker
• #17209: Keyboard issue during VNC session
• #17704: Issue when replaying SSH session from Access Manager 2.1
• #19581: Issue in REST API related to XForward from Access Manager
• #19599: TLS 1.0 and TLS 1.1 cannot be disabled
• #19783: Issue on Intel microcode version
• #19893: Issue on password activity logging
• #19895: Issue in crontab notation for password change between versions 5 and 6
• #19898: Issue when filtering unused resources on the Connection Statistics page
• #19901: Upgrade from version 6.2 cannot be performed without console access
• #19902: Errors displayed at upgrade
• #19903: Failure at upgrade from version 6.2
• #19904: Issue in migration log for RDP proxy when migrating from version 6.0.19
• #19938: Error when upgrading from version 6.2
• #19940: Display issue when a password is entered on the My Preferences page

9
WALLIX Bastion 7.0 hotfix 3 – Release Notes

• #19949: Issue when importing public key for a target account

• #19953: Issue on WABEmergencyCredentialRecovery cron task
• #19957: Delay at reboot after upgrade
• #19959: Issue with the URL in the approval notification email for X509 connected approver
• #19968: Issue for WALLIX-PuTTY during upgrade
• #19977: Issue on user groups for a limited administrator
• #19979: Issue on the authorization form after enabling approval workflow
• #19987: Issue on network interface configuration
• #20025: Performance issue when importing applications and clusters
• #20045: Wrong message when a user is created with an invalid profile in REST API
• #20050: Implement option to not share RemoteApp session
• #20057: Maintenance page when an unauthorized name is defined for a service
• #20081: Issue when configuring service mapping
• #20086: Wrong log message when the user attempts to connect to an unauthorized interface
• #20100: Issue when moving session recordings to remote storage
• #20101: Issue when trying to check out the SSH key for the account
• #20105: Issue when calling REST API
• #20109: Error at the end of setup
• #20145: Implement external vault plugin name on the domain summary page
• #20166: Issue due to symbol "\" when connecting to an RDP session through Remmina
• #20190: Issue when upgrading from version 6.0.19
• #20192: Issue on email sent by WALLIX Bastion for password changes
• #20221: Issue on license generation
• #20230: Fix security issue related to the local password policy
• #20250: Issue on tag version in header for .CSV file
• #20253: Missing columns related to rights for User groups and Target groups when
importing/exporting profiles
• #20254: Issue in REST API when changing passwords via /preferences
• #20272: Failure for network settings during initial configuration
• #20277: Issue when configuring interfaces in DHCP
• #20278: AD user authentication error on the Web interface when users belong to subgroups
• #20279: Support new openssh private key format for algorithms different from ed25519
• #20287: Issue with text cursor in RDP proxy when publishing an application
• #20290: Update OpenSSH and OpenSSL versions
• #20296: Issue on corrupted log file marked as "empty file" on Web interface
• #20302: Issue on remaining time notifications for approval on RDP sessions
• #20323: LDAP authentication issue with attribute memberOf casing
• #20327: Issue when launching command WABCleanTempSessions
• #20334: Issue when sending an incomplete request to the REST API

10
WALLIX Bastion 7.0 hotfix 3 – Release Notes

• #20337: Implement connection policy option to support keyboard behavior for VNC on Windows and
VNC on Unix
• #20342: Wrong message in syslog for a recorded RDP session related to only one target
• #20350: Errors in the upgrade log
• #20362: Failure when exporting users via .CSV file
• #20368: Update supported Windows Clients in the Release Notes
• #20399: Issue when adding external authentication in LDAP/AD domains due to character limitation
• #20402: LDAP users cannot log on to WALLIX Bastion
• #20409: Issue on default checkout policy from the REST API
• #20411: Issue on wrong primary authentication
• #20434: Remmina failure after successful connection to target via RDP proxy
• #20503: Issue when importing LDAP/AD mappings on user groups as a .CSV file
• #20505: Issue when editing a resource group
• #20556: Issue on cluster with multiple accounts on the same device
• #20558: Issue on session recordings when remote storage is enabled
• #20569: Error when removing an account from cluster used as a target by an application
• #20572: Inconsistency between the profile rights and data on the .CSV file
• #20575: Wrong path for the HA fatal_error file in the Administration Guide
• #20585: Error during a search with character "é" in REST API
• #20594: Failure to display user group details with non-ascii characters
• #20598: Issue for application with a target configured with vault transformation rules
• #20609: Issue on application parameters when returning to the selector in RDP session
• #20611: Issue when saving a new user account with no password defined
• #20619: Failure to re-import the same .CSV file for authorizations
• #20632: Fortinet FortiGate password change plugin unavailable for a global domain
• #20657: Failure when launching anonymization script
• #20658: Issue when installing hotfix for version 6.2.4 from 6.2.2
• #20667: Issue at first boot during installation
• #20669: Communication error with MySQL server
• #20677: Issue when trying to backup the configuration
• #20682: Issue when script WABCleanGhostSessions is executed
• #20694: Issue on content of SSH session file
• #20698: Error when switching nodes after stopping the HA service
• #20723: Issue with quorum values when creating an authorization
• #20742: Failure to create directory ‘/run/wabuser_gnupg’ during upgrade
• #20751: Failure to delete authorizations with non-ascii characters in both user and target groups in
REST API
• #20763: Issue for the Session Probe launcher when disabling drive redirection for target on Windows
Server 2008 R2
• #20774: Remove support for backup files of unsupported versions

11
WALLIX Bastion 7.0 hotfix 3 – Release Notes

• #20775: Wrong instructions in hotfix README file

• #20783: Issue with quorum values when exporting .CSV file for authorizations
• #20791: Error on slave node in HA mode when upgrading from 5.0.4 hotfix version
• #20798: Issue on approval workflow with MySQL replication
• #20800: Upgrade issue in HA mode
• #20802: Issue when moving session recordings using script bastion-traceman
• #20805: Errors in upgrade log
• #20806: Issue on MySQL replication when upgrading from version 6.0.X
• #20807: RDP session size is not displayed in session history for a killed session
• #20808: Failure when upgrading from version 6.0.19
• #20809: Error related to version in license context file
• #20810: Issue when upgrading from version 6.2.5
• #20816: Wrong error code value returned when adding an invalid cluster
• #20841: Failure on host reconfiguration
• #20870: Error in character string format in file for CyberArk vault plugin
• #20880: Typo error in file for CyberArk vault plugin
• #20882: Issue when sending the encrypted email after password change
• #20931: Issue on approval in REST API
• #20934: Issue on SSH session when requesting approval for a long duration

12
WALLIX Bastion 7.0 hotfix 3 – Release Notes

3. Hardware requirements
• WALLIX Bastion version 7.0 hotfix 3 requires at least 4GB of RAM and 30GB of disk space. Please
contact WALLIX Technical Support Team if you need further information related to the necessary
sizing parameters.
• External storage is recommended for virtual machines.
• The old appliances Dell R310, R320, R510, R520, R810 and R820 are no longer supported.

13
WALLIX Bastion 7.0 hotfix 3 – Release Notes

4. Deploying on a virtual environment

You can deploy WALLIX Bastion on the following virtual environments:

• Amazon Web Services (AWS)

• Microsoft Azure
• VMware ESXi and vSphere from version 5.5
• Microsoft Hyper-V
Procedures for deployment are available at https://docpub.wallix.com/

14
WALLIX Bastion 7.0 hotfix 3 – Release Notes

5. Upgrading to WALLIX Bastion 7.0

Important

You can only upgrade to WALLIX Bastion 7.0 hotfix 3 from WAB version 5.0.4 or higher version. We
recommend installing first the last hotfix released for your current version before upgrading to WALLIX
Bastion 7.0 hotfix 3.
Please contact WALLIX Support Team if you wish to upgrade from WAB version 4.2.
Your configuration parameters are normally preserved during the upgrade procedure. Nevertheless,
before upgrading your Bastion, we recommend performing a backup of your Bastion configuration.
This is done from the administration Web interface (refer to the Administration Guide for further
information). It is also recommended to run the script bastion-update-lastconnection after the upgrade
to retrieve information related to the last connection dates on the screens of the Web interface. This
process may take a few minutes.
The upgrade process takes at least a few minutes and may run over a longer period in the case of
High Availability clusters containing many session recordings.
In case of an SSH disconnection during the upgrade or the HA setup, you case return to the
input/output of the running script by entering the following command:
# cd /mnt
# ./bastion-upgrade.sh

The old appliances Dell R310, R510 and R810 are no longer supported neither by the manufacturer
nor by WALLIX. Nevertheless, WALLIX Support Team will provide a best-effort assistance on these
products, with no obligation to achieve a fixed result.

15
WALLIX Bastion 7.0 hotfix 3 – Release Notes

5.1. Accessing the upgrade

5.1.1. Prerequisites
In order to upgrade your Bastion, ensure that you have:

• a USB key with WALLIX Bastion version 7.0 hotfix 3 or

• a workstation connected to the Internet in order to retrieve the ISO image of the upgrade and a blank
USB key of 1GB or more you can transfer the image onto.

Note

If you cannot access Internet in order to retrieve the ISO image, please contact WALLIX Support
Team, which will send you the upgrade on a USB key.

5.1.2. Retrieving the ISO image

If you do not have the USB key, the first step consists in retrieving the ISO image of the upgrade
‘bastion-7.0.3.0.iso’ and its checksum file ‘bastion-7.0.3.0.iso.sha256sum’.
The procedure is as follows:

1. Connect to the following address in your Internet browser and enter your WALLIX Support
credentials:
https://support.wallix.com/

2. Click on the “Downloads” tab and download both the image and the integrity check files from the
“Update image” section for WALLIX Bastion version 7.0.3.
3. Check the image by using an appropriate tool, such as HashCheck on Windows
(https://github.com/gurnec/HashCheck), or under Linux by entering the following command :
sha256sum -c bastion-7.0.3.0.iso.sha256sum

5.1.3. Creating a USB key from the ISO image

• On Windows, use a tool similar to Win32DiskImager

(https://sourceforge.net/projects/win32diskimager/)
Change the filter from *.img to *.iso to select the file.
• On Linux, simply use the dd command as follows:
dd if=bastion-7.0.3.0.iso of=<usb_device> bs=4M; sync

then check by entering the following command:

sed 's/bastion-7.0.3.0.iso/-/' bastion-7.0.3.0.iso.sha256sum \
>stdin.sha256sum
head -c `stat -c%s bastion-7.0.3.0.iso` <usb_device>| \
sha256sum -c stdin.sha256sum

where <usb_device> must be replaced by the device onto which the USB key is connected, typically
something like /dev/sdb.

16
WALLIX Bastion 7.0 hotfix 3 – Release Notes

5.2. Upgrade from WAB 5.0 or higher version

The upgrade script records the entire upgrade in the log file in
/root/migration-<PREVIOUS_VERSION>-7.0.3.log, listing all actions executed during script execution. All
the actions during upgrade are also displayed on the terminal.
If the script stops after a few seconds, you must consult the last part of the
/root/migration-<PREVIOUS_VERSION>-7.0.3.log file using the following command:
tail /root/migration-<PREVIOUS_VERSION>-7.0.3.log

where <PREVIOUS_VERSION> must be replaced by the version number from which the upgrade is
performed.
The last line should indicate which problem must be corrected before continuing the upgrade.

5.2.1. Transferring the upgrade image to Bastion

The procedure is as follows:

1. If you have the USB key and a physical appliance, you just need to plug it in a free USB port in the
front or back of the unit.
If Bastion is a virtual machine, you can use the ISO file as a disk image to the VM's optical drive
(CD/DVD drive).
Otherwise you need to transfer the ISO image to Bastion.
2. Use an SCP client (such as WinSCP - http://winscp.net/) to send the two downloaded files to the
Bastion’s /home/wabadmin/ directory (the wabadmin user’s default directory). If you use the High
Availability (HA) mode, the files must be transferred to the Master and to the Slave.
3. Check that the transfer was successful by entering the following command:
wabadmin@wab:~$ sha256sum -c bastion-7.0.3.0.iso.sha256sum
bastion-7.0.3.0.iso: OK

In the case of HA configuration, the above command must be executed on both the master and the
slave.
4. You can now upgrade WALLIX Bastion by following the procedure described in one of the next two
sections, according to your particular configuration.

17
WALLIX Bastion 7.0 hotfix 3 – Release Notes

5.2.2. Upgrading a standalone Bastion

The procedure is as follows:

1. Connect to WALLIX Bastion by entering the wabadmin user name and password.
2. Pass root by entering the following commands and providing the wabsuper password each time you
are prompted:
wabadmin@wab:~$ super
wabsuper@wab:/home/wabadmin$ sudo -i

3. Next, mount the ISO image:

# mount -o loop /home/wabadmin/bastion-7.0.3.0.iso /mnt

or if you are using the USB key (replacing sdb by the device onto which the key is connected):
# mount /dev/sdb /mnt

4. Next, execute the following commands to upgrade your system:

# cd /mnt
# ./bastion-upgrade.sh

WALLIX Bastion will now install the Debian packages and the WALLIX packages in order to perform
the updates of the system and Bastion. It will then migrate the data to the appropriate format.
5. Once the upgrade is completed, press a key to exit the screen displaying the process actions and go
back to the shell. Restart the system by entering the command:
# reboot

After the system reboot, you can use WALLIX Bastion immediately.

18
WALLIX Bastion 7.0 hotfix 3 – Release Notes

5.2.3. Upgrading a High Availability cluster

5.2.3.1 Prerequisites
In order to upgrade a HA cluster, you must upgrade the Master node first then the Slave one. Continuity of
service cannot be maintained during the upgrade process.
You must beforehand check that the network parameters are correctly configured, the Bastion
administrator’s email address has been defined and encryption has been unlocked on the Web User
Interface.
On both the Master and the Slave nodes, the /etc/hosts file must include the following lines:
127.0.0.1 localhost
IP_MASTER HOSTNAME_FQDN_MASTER
IP_SLAVE HOSTNAME_FQDN_SLAVE

On the Master, the /etc/hostname file must include the line:

HOSTNAME_FQDN_MASTER

On the Slave, the /etc/hostname file must include the line:

HOSTNAME_FQDN_SLAVE

Lastly, execute the following command on both machines:

hostname -F /etc/hostname

(Replace the locations indicated in capitals above by the actual values. _FQDN_: the fully qualified
domain name, which must be included in the host name).
We will now call your current Master node as “node1” and your current Slave node as “node2”. You can
determine which machine is the Master and which is the Slave by entering the following command:
WABHAStatus

5.2.3.2. Process sequence

When the upgrade script is launched on node1, HA service is stopped on both nodes (node1 and node2):
a lock file in the directory for node2 prevents HA service from accidentally restarting. This aims to prevent
node2 from becoming the Master node.
When the script has finished execution on node1, HA service must be restarted on this node only! After
reboot, node1 is still the Master node.
When the script is launched on node2 and the execution has finished, HA service must be restarted on
this node. After reboot, node2 is still the Slave node.

19
WALLIX Bastion 7.0 hotfix 3 – Release Notes

5.2.3.3. Procedure
The procedure is as follows:

1. Upgrade node1 (refer to section: 5.2.2. Upgrading a standalone Bastion) then reboot.
2. Upgrade node2 (refer to section: 5.2.2. Upgrading a standalone Bastion) then reboot.

Important

HA service is stopped on node2 when the upgrade script is executed on node 1 until the end
of the script execution on node2. This prevents node2 from becoming the Master node.

3. Test the upgrade:

• Stop HA operation on node1 by executing the following command:

systemctl stop wabha

• Check that after a few seconds node2 does indeed become the new Master and the services
are restored
• If ever the system does not work, stop node2 and restart HA operation on node1 by executing
the following command, then contact WALLIX Support Team:
systemctl start wabha

4. Lastly, to restore your initial configuration:

• Stop HA operation on node2 by executing the command:

systemctl stop wabha

• Restart HA operation on node1 by executing the command:

systemctl start wabha

This will force the switchover to the former Master.

• After node1 has taken control, restart HA operation on node2 by executing the command:
systemctl start wabha

20
WALLIX Bastion 7.0 hotfix 3 – Release Notes

6. Known issues

Important

For troubleshooting with Remote Desktop Connection and failed connection to target, please refer to
section Configure the security level to restore RDP protocol compatibility in the Administration Guide.

The following functionalities are defective:

• Session history:

• The file size of the session recording is not displayed on the "Session History" page when
session has been initiated from a version earlier than WALLIX Bastion 6.2. (Issue #13845)
• RDP session:

• Display issues related to the Microsoft client have been reported when using RemoteApp mode
and multiple monitors. Dysfunctions occur when the primary monitor is not located in the upper
left part of the virtual screen. The recommended workaround is to locate the primary monitor in
the upper left part of the virtual screen. Refer to https://go.microsoft.com/fwlink/?LinkId=191444
for further information on the virtual screen. (Issue #15214)
• It is not possible to run an application whose linked target operates under a Windows 10
operating system. (Issue #13259)
• The client Remote Desktop Connection (MSTSC) connected to Windows Server 2008 or 2012
does not allow several RemoteApp programs to share the same RDP session. There will be as
many RDP sessions created as the number of RemoteApp programs launched. (Issue #13013)
• CIFS file server:

• Unexpected reboots of CIFS file servers may freeze WALLIX Bastion. We recommend you to
reboot your appliance. This issue is currently being investigated. (Issue #16934)
• HA:

• In HA mode, the following error message may be displayed in the migration log on the Slave
node: "Traceback (most recent call last): File "/usr/bin/adminkit", line 52, in <module>".
However, this error does not affect the proper operation of HA. (Issue #19788)

21
WALLIX Bastion 7.0 hotfix 3 – Release Notes

7. Compatibility with third-party software

WALLIX Bastion supports the following third-party software:

• SSH proxy supported clients (primary connection):

• OpenSSH
• PuTTY
• Cygwin (+ Xming for X11 forwarding)
• FileZilla
• WinSCP
• SSH proxy supported servers (secondary connection):

• OpenSSH
• Cisco IOS SSH Server
• RDP proxy supported clients (primary connection):

• Remote Desktop Connection / MSTSC for Windows XP, Windows 7, Windows 8, Windows
10
• rdesktop (Linux)
• FreeRDP (Linux)
• Remmina
• RDP proxy supported servers (secondary connection):

• for RDP protocol: Windows Server 2003 / 2008 / 2008 R2 / 2012 / 2012 R2 / 2016 / 2019 ;
Windows 10 Pro and Enterprise; Windows 8.1 / 8 Pro and Enterprise; Windows 7
Professional, Enterprise and Ultimate
• for VNC protocol: RealVNC (for Windows), TigerVNC
• Web Interface:

• Internet Explorer 11
• Microsoft Edge
• Mozilla Firefox up-to-date version
• Google Chrome up-to-date version
• Systems supported by the password change functionality:

• GNU/Linux (Red Hat Enterprise Linux, SUSE Linux Enterprise Server, Debian GNU/Linux)
• Windows Server 2003 / 2008 / 2008 R2 / 2012 / 2012 R2 / 2016 / 2019
• Cisco IOS 12.4
• Oracle Database: 11g, 12c
• API version for Password Change plugins: 1.2.1
• API version for Password External Vault plugins: 1.2.1

22
WALLIX Bastion 7.0 hotfix 3 – Release Notes

8. List of installed packages

The following packages compiled by WALLIX are installed on WALLIX Bastion:

• adminkit 0.13-wallix6
• backend 7.0.3.3~wallix1
• debcheck 7.0.0.16~wallix1
• grub-common 2.02+dfsg1-5+wallix1
• grub-pc 2.02+dfsg1-5+wallix1
• grub-pc-bin 2.02+dfsg1-5+wallix1
• grub2-common 2.02+dfsg1-5+wallix1
• instantclient 12.1-wallix2
• libapache2-mod-dechunk 1.0+wallix3
• libapache2-mod-proxy-uwsgi 2.0.14+20161117-3+deb9u2+wallix5
• libapache2-mod-xsendfile 0.12+2-wallix1
• libmysqlclient20:amd64 5.7.25+commercial-1debian9+wallix6
• libpython2.7-minimal:amd64 2.7.13-2+wallix2-grsec
• libpython2.7-stdlib:amd64 2.7.13-2+wallix2-grsec
• libpython2.7:amd64 2.7.13-2+wallix2-grsec
• libpython3-stdlib:amd64 3.7.1-1+wallix1-grsec
• libpython3.7-minimal:amd64 3.7.1-1+wallix1-grsec
• libpython3.7-stdlib:amd64 3.7.1-1+wallix1-grsec
• linux-image-4.14-amd64 24~wallix1
• linux-image-4.14.0-wallix1-grsecurity-amd64 4.14.65-1~wallix1
• models 7.0.3.3~wallix1
• mysql-client:amd64 5.7.25+commercial-1debian9+wallix6
• mysql-common 5.7.25+commercial-1debian9+wallix6
• mysql-server 5.7.25+commercial-1debian9+wallix6
• openssh-client 1:7.9p1-10+wallix1
• openssh-server 1:7.9p1-10+wallix1
• openssh-sftp-server 1:7.9p1-10+wallix1
• putty-tools 0.70-5~bpo9+wallix20181130.1074a9be
• python-hvac:amd64 0.6.3-1+wallix1
• python-iptables 0.11.0-4+wallix1-grsec
• python-pbkdf2 1.3+20110613.git2a0fb15~ds0-3+wallix1
• python-statgrab 0.7+wallix2
• python2.7 2.7.13-2+wallix2-grsec
• python2.7-minimal 2.7.13-2+wallix2-grsec
• python3 3.7.1-1+wallix1-grsec
• python3-minimal 3.7.1-1+wallix1-grsec

23
WALLIX Bastion 7.0 hotfix 3 – Release Notes

• python3.7 3.7.1-1+wallix1-grsec
• python3.7-minimal 3.7.1-1+wallix1-grsec
• uwsgi-core 2.0.14+20161117-3+deb9u2+wallix5
• uwsgi-plugin-python 2.0.14+20161117-3+deb9u2+wallix5
• vault 7.0.3.3~wallix1
• wab 7.0.3.3~wallix1
• wab-backupdaemon 7.0.0.16~wallix1
• wab-core 7.0.3.3~wallix1
• wab-grub-custom 1.6-wallix1
• wab-gui 7.0.3.3~wallix1
• wab-ha 7.0.0.16~wallix1
• wab-system-configuration 7.0.3.3~wallix1
• wab-uwsgi 2.0.14+20161117-3+deb9u2+wallix5
• wabchgpwd 7.0.3.3~wallix1
• wabconfig 7.0.0.16~wallix1
• wabcrypto 7.0.3.3~wallix1
• wabengine 7.0.3.3~wallix1
• wabflowscan 7.0.0.16~wallix1
• wabgpg 7.0.0.16~wallix1
• wabrestapi 7.0.3.3~wallix1
• wabsshkeys 7.0.0.16~wallix1
• wabstandardlicenses 7.0.0.16~wallix1
• wabtacplus 1.3.9-wallix3
• wabunicodeutils 7.0.0.16~wallix1
• wabwatchdog 7.0.0.16~wallix1
• wabwebhelp 7.0.0.16~wallix1
• wabx509 7.0.0.16~wallix1
• wabx509setup 7.0.3.3~wallix1
• wallixcelery 7.0.0.16~wallix1
• wallixconst 7.0.3.3~wallix1
• wallixplugins 7.0.3.3~wallix1
• wallixredis 7.0.0.16~wallix1

The following packages are also installed on selected systems, depending on available hardware
configuration:

• wallix-checkraid-megaraid 0.7+2-wallix1
• wabcloudlicenses 7.0.0.13-20190417122859-wab-7.0~wallix1
• wabstandardlicenses 7.0.0.13-20190417122859-wab-7.0~wallix1

24
WALLIX Bastion 7.0 hotfix 3 – Release Notes

The following packages from the binary Debian Stretch GNU/Linux amd64 distribution are installed on
WALLIX Bastion:

• 3270-common 3.3.14ga11-1+b2
• acl 2.2.52-3+b1
• adduser 3.115
• apache2 2.4.25-3+deb9u7
• apache2-bin 2.4.25-3+deb9u7
• apache2-data 2.4.25-3+deb9u7
• apache2-utils 2.4.25-3+deb9u7
• apt 1.4.9
• apt-transport-https 1.4.9
• apt-utils 1.4.9
• arping 2.14-1+b1
• at 3.1.20-3
• attr 1:2.4.47-2+b2
• base-files 9.9+deb9u8
• base-passwd 3.5.43
• bash 4.4-5
• bind9-host 1:9.10.3.dfsg.P4-12.3+deb9u4
• bsdmainutils 9.0.12+nmu1
• bsdutils 1:2.29.2-1+deb9u1
• busybox 1:1.22.0-19+b3
• bzip2 1.0.6-8.1
• ca-certificates 20161130+nmu1+deb9u1
• cifs-utils 2:6.7-1
• connect-proxy 1.105-1
• console-setup 1.164
• console-setup-linux 1.164
• coreutils 8.26-3
• cpio 2.11+dfsg-6
• cracklib-runtime 2.9.2-5
• cron 3.0pl1-128+deb9u1
• cryptsetup 2:1.7.3-4
• cryptsetup-bin 2:1.7.3-4
• dash 0.5.8-2.4
• dbus 1.10.26-0+deb9u1
• debconf 1.5.61
• debconf-i18n 1.5.61
• debian-archive-keyring 2017.5

25
WALLIX Bastion 7.0 hotfix 3 – Release Notes

• debianutils 4.8.1.1
• debsums 2.2.2
• dh-python 2.20170125
• dialog 1.3-20160828-2
• dictionaries-common 1.27.2
• diffutils 1:3.5-3
• discover 2.1.2-7.1+deb9u1
• discover-data 2.2013.01.11
• distro-info-data 0.36
• dmeventd 2:1.02.137-2
• dmidecode 3.0-4
• dmsetup 2:1.02.137-2
• dnsutils 1:9.10.3.dfsg.P4-12.3+deb9u4
• dpkg 1.18.25
• drbd-utils 8.9.10-2
• e2fslibs:amd64 1.43.4-2
• e2fsprogs 1.43.4-2
• emacsen-common 2.0.8
• erlang-asn1 1:19.2.1+dfsg-2+deb9u2
• erlang-base 1:19.2.1+dfsg-2+deb9u2
• erlang-corba 1:19.2.1+dfsg-2+deb9u2
• erlang-crypto 1:19.2.1+dfsg-2+deb9u2
• erlang-diameter 1:19.2.1+dfsg-2+deb9u2
• erlang-edoc 1:19.2.1+dfsg-2+deb9u2
• erlang-eldap 1:19.2.1+dfsg-2+deb9u2
• erlang-erl-docgen 1:19.2.1+dfsg-2+deb9u2
• erlang-eunit 1:19.2.1+dfsg-2+deb9u2
• erlang-ic 1:19.2.1+dfsg-2+deb9u2
• erlang-inets 1:19.2.1+dfsg-2+deb9u2
• erlang-mnesia 1:19.2.1+dfsg-2+deb9u2
• erlang-nox 1:19.2.1+dfsg-2+deb9u2
• erlang-odbc 1:19.2.1+dfsg-2+deb9u2
• erlang-os-mon 1:19.2.1+dfsg-2+deb9u2
• erlang-parsetools 1:19.2.1+dfsg-2+deb9u2
• erlang-percept 1:19.2.1+dfsg-2+deb9u2
• erlang-public-key 1:19.2.1+dfsg-2+deb9u2
• erlang-runtime-tools 1:19.2.1+dfsg-2+deb9u2
• erlang-snmp 1:19.2.1+dfsg-2+deb9u2
• erlang-ssh 1:19.2.1+dfsg-2+deb9u2

26
WALLIX Bastion 7.0 hotfix 3 – Release Notes

• erlang-ssl 1:19.2.1+dfsg-2+deb9u2
• erlang-syntax-tools 1:19.2.1+dfsg-2+deb9u2
• erlang-tools 1:19.2.1+dfsg-2+deb9u2
• erlang-xmerl 1:19.2.1+dfsg-2+deb9u2
• ethtool 1:4.8-1+b1
• file 1:5.30-1+deb9u2
• findutils 4.6.0+git+20161106-2
• firmware-linux-free 3.4
• fontconfig 2.11.0-6.7+b1
• fontconfig-config 2.11.0-6.7
• fonts-dejavu-core 2.37-1
• fuse 2.9.7-1+deb9u2
• gcc-6-base:amd64 6.3.0-18+deb9u1
• gdisk 1.0.1-1
• geoip-database 20170512-1
• gettext-base 0.19.8.1-2
• gnome-icon-theme 3.12.0-2
• gnupg 2.1.18-8~deb9u4
• gnupg-agent 2.1.18-8~deb9u4
• gpgv 2.1.18-8~deb9u4
• grep 2.27-2
• groff-base 1.22.3-9
• gtk-update-icon-cache 3.22.11-1
• guile-2.0-libs:amd64 2.0.13+1-4
• gzip 1.6-5+b1
• haveged 1.9.1-5+deb9u1
• hicolor-icon-theme 0.15-1
• hostname 3.18+b1
• iametrics 1.0.8stretch
• ieee-data 20160613.1
• ifupdown 0.8.19
• init 1.48
• init-system-helpers 1.48
• initramfs-tools 0.130
• initramfs-tools-core 0.130
• installation-report 2.62
• intel-microcode 3.20180807a.2~deb9u1
• iproute2 4.9.0-1+deb9u1
• iptables 1.6.0+snapshot20161117-6

27
WALLIX Bastion 7.0 hotfix 3 – Release Notes

• iputils-ping 3:20161105-1
• irqbalance 1.1.0-2.3
• isc-dhcp-client 4.3.5-3+deb9u1
• isc-dhcp-common 4.3.5-3+deb9u1
• iucode-tool 2.1.1-1
• kbd 2.0.3-2+b1
• keyboard-configuration 1.164
• keyutils 1.5.9-9
• klibc-utils 2.0.4-9
• kmod 23-2
• krb5-config 2.6
• krb5-user 1.15-1+deb9u1
• ldap-utils 2.4.44+dfsg-5+deb9u2
• less 481-2.1
• libacl1:amd64 2.2.52-3+b1
• libaio1:amd64 0.3.110-3
• libapache2-mod-auth-kerb 5.4-2.3
• libapparmor1:amd64 2.11.0-3+deb9u2
• libapr1:amd64 1.5.2-5
• libaprutil1-dbd-sqlite3:amd64 1.5.4-3
• libaprutil1-ldap:amd64 1.5.4-3
• libaprutil1:amd64 1.5.4-3
• libapt-inst2.0:amd64 1.4.9
• libapt-pkg5.0:amd64 1.4.9
• libassuan0:amd64 2.4.3-2
• libatk1.0-0:amd64 2.22.0-1
• libatk1.0-data 2.22.0-1
• libatomic1:amd64 6.3.0-18+deb9u1
• libattr1:amd64 1:2.4.47-2+b2
• libaudit-common 1:2.6.7-2
• libaudit1:amd64 1:2.6.7-2
• libavahi-client3:amd64 0.6.32-2
• libavahi-common-data:amd64 0.6.32-2
• libavahi-common3:amd64 0.6.32-2
• libbind9-140:amd64 1:9.10.3.dfsg.P4-12.3+deb9u4
• libblas-common 3.7.0-2
• libblas3 3.7.0-2
• libblkid1:amd64 2.29.2-1+deb9u1
• libbsd0:amd64 0.8.3-1

28
WALLIX Bastion 7.0 hotfix 3 – Release Notes

• libbson-1.0-0 1.4.2-1
• libbz2-1.0:amd64 1.0.6-8.1
• libc-bin 2.24-11+deb9u4
• libc-l10n 2.24-11+deb9u4
• libc6:amd64 2.24-11+deb9u4
• libcairo2:amd64 1.14.8-1
• libcap-ng0:amd64 0.7.7-3+b1
• libcap2-bin 1:2.25-1
• libcap2:amd64 1:2.25-1
• libcomerr2:amd64 1.43.4-2
• libcrack2:amd64 2.9.2-5
• libcroco3:amd64 0.6.11-3
• libcryptsetup4:amd64 2:1.7.3-4
• libcups2:amd64 2.2.1-8+deb9u3
• libcurl3-gnutls:amd64 7.52.1-5+deb9u9
• libdatrie1:amd64 0.2.10-4+b1
• libdb5.3:amd64 5.3.28-12+deb9u1
• libdbi1:amd64 0.9.0-4+deb9u1
• libdbus-1-3:amd64 1.10.26-0+deb9u1
• libdebconfclient0:amd64 0.227
• libdevmapper-event1.02.1:amd64 2:1.02.137-2
• libdevmapper1.02.1:amd64 2:1.02.137-2
• libdiscover2 2.1.2-7.1+deb9u1
• libdlm3:amd64 4.0.7-1
• libdns-export162 1:9.10.3.dfsg.P4-12.3+deb9u4
• libdns162:amd64 1:9.10.3.dfsg.P4-12.3+deb9u4
• libdpkg-perl 1.18.25
• libdrm2:amd64 2.4.74-1
• libedit2:amd64 3.1-20160903-3
• libelf1:amd64 0.168-1
• libevent-2.0-5:amd64 2.0.21-stable-3
• libevtlog0:amd64 0.2.12-7+b2
• libexpat1:amd64 2.2.0-2+deb9u1
• libfdisk1:amd64 2.29.2-1+deb9u1
• libffi6:amd64 3.2.1-6
• libfile-fnmatch-perl 0.02-2+b3
• libfontconfig1:amd64 2.11.0-6.7+b1
• libfreetype6:amd64 2.6.3-3.2
• libfribidi0:amd64 0.19.7-1+b1

29
WALLIX Bastion 7.0 hotfix 3 – Release Notes

• libfuse2:amd64 2.9.7-1+deb9u2
• libgail-common:amd64 2.24.31-2
• libgail18:amd64 2.24.31-2
• libgc1c2:amd64 1:7.4.2-8
• libgcc1:amd64 1:6.3.0-18+deb9u1
• libgcrypt20:amd64 1.7.6-2+deb9u3
• libgdbm3:amd64 1.8.3-14
• libgdk-pixbuf2.0-0:amd64 2.36.5-2+deb9u2
• libgdk-pixbuf2.0-common 2.36.5-2+deb9u2
• libgeoip1:amd64 1.6.9-4
• libgfortran3:amd64 6.3.0-18+deb9u1
• libglib2.0-0:amd64 2.50.3-2
• libgmime-2.6-0:amd64 2.6.22+dfsg2-1
• libgmp10:amd64 2:6.1.2+dfsg-1
• libgnutls30:amd64 3.5.8-5+deb9u4
• libgpg-error0:amd64 1.26-2
• libgpgme11:amd64 1.8.0-3+b2
• libgraphite2-3:amd64 1.3.10-1
• libgsasl7 1.8.0-8+b2
• libgssapi-krb5-2:amd64 1.15-1+deb9u1
• libgssrpc4:amd64 1.15-1+deb9u1
• libgtk2.0-0:amd64 2.24.31-2
• libgtk2.0-common 2.24.31-2
• libharfbuzz0b:amd64 1.4.2-1
• libhavege1:amd64 1.9.1-5+deb9u1
• libhiredis0.14:amd64 0.14.0-3~bpo9+1
• libhogweed4:amd64 3.3-1+b2
• libicu57:amd64 57.1-6+deb9u2
• libidn11:amd64 1.33-1
• libidn2-0:amd64 0.16-1+deb9u1
• libip4tc0:amd64 1.6.0+snapshot20161117-6
• libip6tc0:amd64 1.6.0+snapshot20161117-6
• libiptc0:amd64 1.6.0+snapshot20161117-6
• libisc-export160 1:9.10.3.dfsg.P4-12.3+deb9u4
• libisc160:amd64 1:9.10.3.dfsg.P4-12.3+deb9u4
• libisccc140:amd64 1:9.10.3.dfsg.P4-12.3+deb9u4
• libisccfg140:amd64 1:9.10.3.dfsg.P4-12.3+deb9u4
• libivykis0:amd64 0.36.2-4
• libjansson4:amd64 2.9-1

30
WALLIX Bastion 7.0 hotfix 3 – Release Notes

• libjbig0:amd64 2.1-3.1+b2
• libjemalloc1 3.6.0-9.1
• libjpeg62-turbo:amd64 1:1.5.1-2
• libjs-jquery 3.1.1-2
• libjs-sphinxdoc 1.4.9-2
• libjs-underscore 1.8.3~dfsg-1
• libjson-c3:amd64 0.12.1-1.1
• libk5crypto3:amd64 1.15-1+deb9u1
• libkadm5clnt-mit11:amd64 1.15-1+deb9u1
• libkadm5srv-mit11:amd64 1.15-1+deb9u1
• libkdb5-8:amd64 1.15-1+deb9u1
• libkeyutils1:amd64 1.5.9-9
• libklibc 2.0.4-9
• libkmod2:amd64 23-2
• libkrb5-3:amd64 1.15-1+deb9u1
• libkrb5support0:amd64 1.15-1+deb9u1
• libksba8:amd64 1.3.5-2
• libkyotocabinet16v5:amd64 1.2.76-4.2+b1
• liblapack3 3.7.0-2
• liblcms2-2:amd64 2.8-4+deb9u1
• libldap-2.4-2:amd64 2.4.44+dfsg-5+deb9u2
• libldap-common 2.4.44+dfsg-5+deb9u2
• libldb1:amd64 2:1.1.27-1+deb9u1
• liblocale-gettext-perl 1.07-3+b1
• libltdl7:amd64 2.4.6-2
• liblua5.1-0:amd64 5.1.5-8.1+b2
• liblua5.2-0:amd64 5.2.4-1.1+b2
• liblvm2app2.2:amd64 2.02.168-2
• liblvm2cmd2.02:amd64 2.02.168-2
• liblwres141:amd64 1:9.10.3.dfsg.P4-12.3+deb9u4
• liblz4-1:amd64 0.0~r131-2+b1
• liblzma5:amd64 5.2.2-1.2+b1
• liblzo2-2:amd64 2.08-1.2+b2
• libmagic-mgc 1:5.30-1+deb9u2
• libmagic1:amd64 1:5.30-1+deb9u2
• libmailutils5:amd64 1:3.1.1-1
• libmariadbclient18:amd64 10.1.37-0+deb9u1
• libmatheval1:amd64 1.1.11+dfsg-3
• libmnl0:amd64 1.0.4-2

31
WALLIX Bastion 7.0 hotfix 3 – Release Notes

• libmongoc-1.0-0 1.4.2-1+b1
• libmount1:amd64 2.29.2-1+deb9u1
• libmpdec2:amd64 2.4.2-1
• libncurses5:amd64 6.0+20161126-1+deb9u2
• libncursesw5:amd64 6.0+20161126-1+deb9u2
• libnet1:amd64 1.1.6+dfsg-3
• libnetfilter-conntrack3:amd64 1.0.6-2
• libnettle6:amd64 3.3-1+b2
• libnewt0.52:amd64 0.52.19-1+b1
• libnfnetlink0:amd64 1.0.1-3
• libnfsidmap2:amd64 0.25-5.1
• libnghttp2-14:amd64 1.18.1-1
• libnotmuch4 0.23.7-3
• libnpth0:amd64 1.3-1
• libntlm0:amd64 1.4-8
• libnuma1:amd64 2.0.11-2.1
• libodbc1:amd64 2.3.4-1
• libopts25:amd64 1:5.18.12-3
• libp11-kit0:amd64 0.23.3-2
• libpam-cracklib:amd64 1.1.8-3.6
• libpam-modules-bin 1.1.8-3.6
• libpam-modules:amd64 1.1.8-3.6
• libpam-runtime 1.1.8-3.6
• libpam-systemd:amd64 232-25+deb9u11
• libpam0g:amd64 1.1.8-3.6
• libpango-1.0-0:amd64 1.40.5-1
• libpangocairo-1.0-0:amd64 1.40.5-1
• libpangoft2-1.0-0:amd64 1.40.5-1
• libpcap0.8:amd64 1.8.1-3
• libpci3:amd64 1:3.5.2-1
• libpcre3:amd64 2:8.39-3
• libperl5.24:amd64 5.24.1-3+deb9u5
• libpgm-5.2-0:amd64 5.2.122~dfsg-2
• libpixman-1-0:amd64 0.34.0-1
• libplymouth4:amd64 0.9.2-4
• libpng16-16:amd64 1.6.28-1
• libpopt0:amd64 1.16-10+b2
• libprocps6:amd64 2:3.3.12-3+deb9u1
• libprotobuf-c1:amd64 1.2.1-2

32
WALLIX Bastion 7.0 hotfix 3 – Release Notes

• libpsl5:amd64 0.17.0-3
• libpython-stdlib:amd64 2.7.13-2
• libquadmath0:amd64 6.3.0-18+deb9u1
• libreadline5:amd64 5.2+dfsg-3+b1
• libreadline7:amd64 7.0-3
• libriemann-client0:amd64 1.9.1-1+b1
• librsvg2-2:amd64 2.40.16-1+b1
• librsvg2-common:amd64 2.40.16-1+b1
• librtmp1:amd64 2.4+20151223.gitfa8646d.1-1+b1
• libsasl2-2:amd64 2.1.27~101-g0780600+dfsg-3
• libsasl2-modules-db:amd64 2.1.27~101-g0780600+dfsg-3
• libsasl2-modules-gssapi-mit:amd64 2.1.27~101-g0780600+dfsg-3
• libsasl2-modules:amd64 2.1.27~101-g0780600+dfsg-3
• libsctp1:amd64 1.0.17+dfsg-1+b1
• libseccomp2:amd64 2.3.1-2.1+deb9u1
• libselinux1:amd64 2.6-3+b3
• libsemanage-common 2.6-2
• libsemanage1:amd64 2.6-2
• libsensors4:amd64 1:3.4.0-4
• libsepol1:amd64 2.6-2
• libslang2:amd64 2.3.1-5
• libsmartcols1:amd64 2.29.2-1+deb9u1
• libsnappy1v5:amd64 1.1.3-3
• libsnmp-base 5.7.3+dfsg-1.7+deb9u1
• libsnmp30:amd64 5.7.3+dfsg-1.7+deb9u1
• libsodium18:amd64 1.0.11-2
• libsqlite3-0:amd64 3.16.2-5+deb9u1
• libss2:amd64 1.43.4-2
• libssh2-1:amd64 1.7.0-1+deb9u1
• libssl1.0.2:amd64 1.0.2r-1~deb9u1
• libssl1.1:amd64 1.1.0j-1~deb9u1
• libstatgrab10 0.91-1+b1
• libstdc++6:amd64 6.3.0-18+deb9u1
• libsystemd0:amd64 232-25+deb9u11
• libtalloc2:amd64 2.1.8-1
• libtasn1-6:amd64 4.10-1.1+deb9u1
• libtdb1:amd64 1.3.11-2
• libtevent0:amd64 0.9.31-1
• libtext-charwidth-perl 0.04-7+b5

33
WALLIX Bastion 7.0 hotfix 3 – Release Notes

• libtext-iconv-perl 1.7-5+b4
• libtext-wrapi18n-perl 0.06-7.1
• libthai-data 0.1.26-1
• libthai0:amd64 0.1.26-1
• libtiff5:amd64 4.0.8-2+deb9u4
• libtinfo5:amd64 6.0+20161126-1+deb9u2
• libtirpc1:amd64 0.2.5-1.2+deb9u1
• libtokyocabinet9:amd64 1.4.48-11+b1
• libudev1:amd64 232-25+deb9u11
• libunistring0:amd64 0.9.6+really0.9.3-0.1
• libusb-0.1-4:amd64 2:0.1.12-30
• libusb-1.0-0:amd64 2:1.0.21-1
• libustr-1.0-1:amd64 1.0.4-6
• libuuid1:amd64 2.29.2-1+deb9u1
• libwbclient0:amd64 2:4.5.16+dfsg-1+deb9u1
• libwebp6:amd64 0.5.2-1
• libwebpdemux2:amd64 0.5.2-1
• libwebpmux2:amd64 0.5.2-1
• libwrap0:amd64 7.6.q-26
• libx11-6:amd64 2:1.6.4-3+deb9u1
• libx11-data 2:1.6.4-3+deb9u1
• libxapian30:amd64 1.4.3-2+deb9u3
• libxau6:amd64 1:1.0.8-1
• libxcb-render0:amd64 1.12-1
• libxcb-shm0:amd64 1.12-1
• libxcb1:amd64 1.12-1
• libxcomposite1:amd64 1:0.4.4-2
• libxcursor1:amd64 1:1.1.14-1+deb9u2
• libxdamage1:amd64 1:1.1.4-2+b3
• libxdmcp6:amd64 1:1.1.2-3
• libxext6:amd64 2:1.3.3-1+b2
• libxfixes3:amd64 1:5.0.3-1
• libxi6:amd64 2:1.7.9-1
• libxinerama1:amd64 2:1.1.3-1+b3
• libxml2:amd64 2.9.4+dfsg1-2.2+deb9u2
• libxrandr2:amd64 2:1.5.1-1
• libxrender1:amd64 1:0.9.10-1
• libxslt1.1:amd64 1.1.29-2.1
• libxtables12:amd64 1.6.0+snapshot20161117-6

34
WALLIX Bastion 7.0 hotfix 3 – Release Notes

• libyajl2:amd64 2.1.0-2+b3
• libyaml-0-2:amd64 0.1.7-2
• libzmq5:amd64 4.2.1-4+deb9u1
• linux-base 4.5
• locales 2.24-11+deb9u4
• login 1:4.4-4.1
• logrotate 3.11.0-0.1
• lsb-base 9.20161125
• lsb-release 9.20161125
• lua-bitop:amd64 1.0.2-4
• lua-cjson:amd64 2.1.0+dfsg-2
• lvm2 2.02.168-2
• mailutils 1:3.1.1-1
• mailutils-common 1:3.1.1-1
• mawk 1.3.3-17+b3
• mime-support 3.60
• mount 2.29.2-1+deb9u1
• msmtp 1.6.6-1
• msmtp-mta 1.6.6-1
• multiarch-support 2.24-11+deb9u4
• mutt 1.7.2-1+deb9u1
• ncurses-base 6.0+20161126-1+deb9u2
• ncurses-bin 6.0+20161126-1+deb9u2
• ncurses-term 6.0+20161126-1+deb9u2
• net-tools 1.60+git20161116.90da8a0-1
• netbase 5.4
• nfs-common 1:1.3.4-2.1
• ntp 1:4.2.8p10+dfsg-3+deb9u2
• ntpdate 1:4.2.8p10+dfsg-3+deb9u2
• ocfs2-tools 1.8.4-4+deb9u1
• openresolv 3.8.0-1
• openssl 1.1.0j-1~deb9u1
• os-prober 1.76~deb9u1
• passwd 1:4.4-4.1
• pciutils 1:3.5.2-1
• perl 5.24.1-3+deb9u5
• perl-base 5.24.1-3+deb9u5
• perl-modules-5.24 5.24.1-3+deb9u5
• pinentry-curses 1.0.0-2

35
WALLIX Bastion 7.0 hotfix 3 – Release Notes

• plymouth 0.9.2-4
• plymouth-theme-wallix 1.00
• plymouth-themes 0.9.2-4
• procps 2:3.3.12-3+deb9u1
• psmisc 22.21-2.1+b2
• python 2.7.13-2
• python-amqp 1.4.9-1
• python-anyjson 0.3.3-1
• python-arrow 0.10.0-1
• python-attr 16.3.0-1
• python-backports.functools-lru-cache 1.3-1
• python-billiard 3.3.0.23-2
• python-bs4 4.5.3-1
• python-cairo 1.8.8-2.2
• python-cairocffi 0.7.2-2
• python-cairosvg 1.0.20-1
• python-celery 3.1.23-7
• python-celery-common 3.1.23-7
• python-cffi 1.9.1-2
• python-cffi-backend 1.9.1-2
• python-chardet 2.3.0-2
• python-click 6.6-1
• python-colorama 0.3.7-1
• python-configobj 5.0.6-2
• python-configparser 3.3.0r2-2
• python-constantly 15.1.0-1
• python-cracklib 2.9.2-5
• python-croniter 0.3.12-2
• python-crontab 1.9.3-2
• python-crypto 2.6.1-7
• python-cryptography 1.7.1-3
• python-dateutil 2.5.3-2
• python-dialog 3.3.0-2
• python-django 1:1.11.20-1~bpo9+1
• python-django-common 1:1.11.20-1~bpo9+1
• python-dnspython 1.15.0-1+deb9u1
• python-enum34 1.1.6-1
• python-falcon 1.0.0-2
• python-flup 1.0.2-5

36
WALLIX Bastion 7.0 hotfix 3 – Release Notes

• python-funcsigs 1.0.2-3
• python-functools32 3.2.3.2-3
• python-future 0.15.2-4
• python-gobject-2 2.28.6-13
• python-gtk2 2.24.0-5.1
• python-html5lib 0.999999999-1
• python-idna 2.2-1
• python-incremental 16.10.1-3
• python-ipaddress 1.0.17-1
• python-jinja2 2.8-1
• python-jsonschema 2.5.1-6
• python-jwt 1.4.2-1+deb9u1
• python-kerberos 1.1.5-2+b2
• python-kombu 3.0.35-1.1
• python-ldap 2.4.28-0.1
• python-ldb 2:1.1.27-1+deb9u1
• python-lxml 3.7.1-1
• python-mailer 0.8.1-2
• python-markupsafe 0.23-3
• python-memcache 1.57-2
• python-mimeparse 0.1.4-3.1~deb9u1
• python-minimal 2.7.13-2
• python-mock 2.0.0-3
• python-mysqldb 1.3.7-1.1
• python-natsort 4.0.3-2
• python-netaddr 0.7.18-2
• python-netifaces 0.10.4-0.1+b2
• python-ntlm 1.1.0-1
• python-numpy 1:1.12.1-3
• python-openssl 16.2.0-1
• python-pam 0.4.2-13.2
• python-pbr 1.10.0-1
• python-pexpect 4.2.1-1
• python-pil:amd64 4.0.0-4
• python-pkg-resources 33.1.1-1
• python-ply 3.9-1
• python-psutil 5.0.1-1
• python-ptyprocess 0.5.1-1
• python-py3270:amd64 0.3.4-1

37
WALLIX Bastion 7.0 hotfix 3 – Release Notes

• python-pyasn1 0.1.9-2
• python-pyasn1-modules 0.0.7-0.1
• python-pycha 0.7.0-2
• python-pycparser 2.17-2
• python-pygal 2.0.12-2
• python-pyicu 1.9.5-1
• python-pyparsing 2.1.10+dfsg1-1
• python-pyrad 2.0-3
• python-redis 2.10.5-2
• python-requests 2.12.4-1
• python-samba 2:4.5.16+dfsg-1+deb9u1
• python-scapy 2.3.3-1
• python-serial 3.2.1-1
• python-service-identity 16.0.0-2
• python-setproctitle:amd64 1.1.10-1
• python-setuptools 33.1.1-1
• python-six 1.10.0-3
• python-sqlalchemy 1.0.15+ds1-1
• python-sqlalchemy-ext 1.0.15+ds1-1
• python-stevedore 1.17.1-2
• python-talloc 2.1.8-1
• python-tdb 1.3.11-2
• python-twisted-bin:amd64 16.6.0-2
• python-twisted-conch 1:16.6.0-2
• python-twisted-core 16.6.0-2
• python-twisted-web 16.6.0-2
• python-tz 2016.7-0.3
• python-tzlocal 1.3-1
• python-urllib3 1.19.1-1
• python-webencodings 0.5-2
• python-yaml 3.12-1
• python-zope.component 4.3.0-1
• python-zope.event 4.2.0-1
• python-zope.hookable 4.0.4-4+b2
• python-zope.interface 4.3.2-1
• python-zope.schema 4.4.2-3
• python3-pkg-resources 33.1.1-1
• rabbitmq-server 3.6.6-1
• readline-common 7.0-3

38
WALLIX Bastion 7.0 hotfix 3 – Release Notes

• redemption 1.3.176stretch
• redis-server 5:5.0.3-3~bpo9+2
• redis-tools 5:5.0.3-3~bpo9+2
• rng-tools5 5-1
• rpcbind 0.2.3-0.6
• rsync 3.1.2-1+deb9u1
• s3270 3.3.14ga11-1+b2
• samba-common 2:4.5.16+dfsg-1+deb9u1
• samba-common-bin 2:4.5.16+dfsg-1+deb9u1
• samba-libs:amd64 2:4.5.16+dfsg-1+deb9u1
• sashimi 7.0.1.0.1stretch
• screen 4.5.0-6
• sed 4.4-1
• sensible-utils 0.0.9+deb9u1
• shared-mime-info 1.8-1+deb9u1
• smartmontools 6.5+svn4324-1
• snmpd 5.7.3+dfsg-1.7+deb9u1
• sshfs 2.8-1
• sshpass 1.06-1
• strace 4.15-2
• stunnel4 3:5.39-2
• sudo 1.8.19p1-2.1
• syslog-ng 3.8.1-10
• syslog-ng-core 3.8.1-10
• syslog-ng-mod-add-contextual-data 3.8.1-10
• syslog-ng-mod-graphite 3.8.1-10
• syslog-ng-mod-journal 3.8.1-10
• syslog-ng-mod-json 3.8.1-10
• syslog-ng-mod-mongodb 3.8.1-10
• syslog-ng-mod-python 3.8.1-10
• syslog-ng-mod-riemann 3.8.1-10
• syslog-ng-mod-sql 3.8.1-10
• systemd 232-25+deb9u11
• systemd-sysv 232-25+deb9u11
• sysvinit-utils 2.88dsf-59.9
• tar 1.29b-1.1
• tcpd 7.6.q-26
• tcpdump 4.9.2-1~deb9u1
• telnet 0.17-41

39
WALLIX Bastion 7.0 hotfix 3 – Release Notes

• traceroute 1:2.1.0-2
• ttyrec 1.0.8-5+b2
• tzdata 2018i-0+deb9u1
• ucf 3.0036
• udev 232-25+deb9u11
• unzip 6.0-21
• usbutils 1:007-4+b1
• util-linux 2.29.2-1+deb9u1
• vim-common 2:8.0.0197-4+deb9u1
• vim-tiny 2:8.0.0197-4+deb9u1
• wabscytale 1.0.60
• wfrench 1.2.3-10.1
• wget 1.18-5+deb9u3
• whiptail 0.52.19-1+b1
• wngerman 20161207-1
• wswiss 20161207-1
• xkb-data 2.19-1+deb9u1
• xxd 2:8.0.0197-4+deb9u1
• xz-utils 5.2.2-1.2+b1
• zlib1g:amd64 1:1.2.8.dfsg-5

40