AUBURN, Calif., October. 4, 2019 – 

What’s New in this Release of Acuity Connect™ v7.32

This release improves overall security and addresses vulnerabilities that have been discovered since the last release.  Updates to the Java®, Apache Tomcat®, and Apache HTTP Server™ platforms are included.

 

Security Improvements

Acuity Connect v7.32 includes the following fixes to address vulnerabilities and security concerns:

  • Implemented the AllowedMethods method in Apache HTTP Server to prevent malicious actors from obtaining server configurations through an insecure use of the OPTIONS method.
  • Fixed a bug that could allow a malicious actor to access the Apache HTTP Server environment’s as well as any new directories that were added after implementation.
  • Updated HTML doctype directives to ensure a malicious actor cannot downgrade sessions from the browser’s modern “standards mode” to a more insecure “quirks mode”.
  • Deprecated support for version 1.1 of the TLS connection protocol to prevent malicious actors from downgrading a session’s encryption algorithm to an older, rarely used, and potentially less secure protocol. Acuity Connect will now only support connections using TLS version 1.2. ·
  • Updated the jQuery® implementation used by Acuity Connect from 2.2.4 to 3.4.1 to address several vulnerabilities. A detailed change log can be found at the following website:  https://github.com/jquery/jquery/compare/2.2.4…3.4.1

Platform Updates

Acuity Connect v7.32 also includes significant updates to the supplied software platforms. ·

  • Java: This release moves Acuity Connect from a 32-bit (x86) Java 8 Runtime Environment (JRE) platform to the most recent LTS 64-bit Java 11 Development Kit (JDK) release.  This update includes a JDK software package as Oracle® has deprecated standalone JRE releases.  For detailed upgrade instructions, refer to the Acuity Connect v7.32 Installation Guide.

o    For a list of changes, refer to the Java 11 release notes.

  • Apache Tomcat: This release moves Acuity Connect from a 32-bit (x86) Apache Tomcat 8 environment to a 64-bit Apache Tomcat 9 environment.  This new version fixes several bugs and known vulnerabilities.  For details instructions on backing up and replacing Apache Tomcat installations, refer to the Acuity Connect v7.32 Installation Guide.

o  For a list of changes, refer to the Apache Tomcat 9 change logs.

  • Apache HTTP Server: This release moves Acuity Connect from a 32-bit (x86) Apache HTTP Server 2.4 environment to the latest 64-bit version of the server software.  This new version fixes several bugs and known vulnerabilities.  For detailed instructions on backing up and replacing Apache HTTP Server, refer to the Acuity Connect v7.32 Installation Guide.

o  For a list of changes, refer to the Apache HTTP Server 2.4 fixed vulnerability list.

Bug Fixes

Acuity Connect v7.32 also addresses the following functionality issue: ·

  • Fixed a bug that prevented Auto Approval Rules from accepting and saving changes to the Assessment Form checkbox.

 

 

Copyrights and Trademarks

ACUITY Advanced Care, ACUITY, Acuity Connect, AcuPort, AcuStrat, AcuPrint, and AcuCare are trademarks of TCS Healthcare Technologies.  All rights reserved.

Microsoft SQL Server and all Microsoft Windows products are registered trademarks of Microsoft Corporation of the United States.

CPT five-digit codes, descriptions, and other data only are copyright American Medical Association.  All rights reserved.  Fee schedules, relative value units, conversion factors and/or related components are not assigned by the AMA, are not part of CPT, and the AMA is not recommending their use.   The AMA does not directly or indirectly practice medicine or dispense medical services.  The AMA assumes no liability for data contained or not contained herein.  CPT is a registered trademark of the American Medical Association.   Applicable FARS / DFARS; restrictions apply to government use.

Oracle and Java are registered trademarks of Oracle and/or its affiliates.  Other names may be trademarks of their respective owners.

Advanced Installer is a trademark of Caphyon software.  All rights reserved.

Apache, Apache HTTP Server, Apache Tomcat, and the Apache feather logo are either registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries.

jQuery is a registered trademark of the JS Foundation in the United States and/or other countries.

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org).   Web user interfaces and PDF technologies in Acuity Connect utilize components from Kendo UI by Progress.  Progress, Telerik, and Kendo UI are registered trademarks of Progress Software Corporation in the U.S. and other countries.  All rights reserved.