Features Added in COBOL Server 6.0

Back to Top

Support has been added to enable you to work with containers from the IDE. In particular you can now create a Dockerfile for a COBOL project, and build, debug and run a COBOL project in a container, all from the IDE.

Back to Top

The following enhancements are available:

• IPv6 support (EAP) - This feature is in Early Adopter Program (EAP) release status. Some Enterprise Server components and features now support Internet Protocol version 6 (IPv6) network addressing and connectivity. Due to limitations with IPv4, IPv6 is becoming more common within corporate networks and on the public Internet. In some cases, the use of IPv6 can improve interoperability and simplify network configuration.
• Administrative Commands - the add command in cascertreg now contains new options (-cwi setting, -dcas setting, -issuer, and -subject).

Back to Top

This release provides the following enhancements:

• Micro Focus Secrets file storage permissions

  The Micro Focus Secrets feature (also known as the Vault feature) provides centralized storage for sensitive information such as passwords, with some protection against accidental disclosure or discovery by unauthorized users. Prior to this release, the only supported storage mechanism was a conventional file containing encrypted data. In this release, the permissions on the storage file and on the Secrets configuration file are set more restrictively to help protect the secrets.

• Certificate wildcard support

  The X.509 digital certificates used to identify servers when making TLS (SSL) connections permit the use of fully-qualified domain names with wildcards for some parts of the name. This enables administrators to use a single certificate issued to, for example, *.mycorp.com for any number of servers with fully-qualified names like www.mycorp.com, server1.mycorp.com, and so on. These wildcard-bearing certificates are now supported by client programs using Micro Focus communication technology when validating a server's certificate.

• Improved ACL wildcard support

  In the Access Control Lists used for resource access control with LDAP-based security in Enterprise Server, the ".**" wildcard sequence now behaves more similarly to mainframe RACF. A number of additional options for wildcard processing are also available.

• PKIX compliance for TLS certificate validation

  The standard for using X.509 digital certificates to authenticate servers when making TLS (SSL) connections is known as PKIX, for Public Key Infrastructure (X.509). It is defined by a series of IETF RFC documents, currently RFC 5280 and others. In previous releases, the certificate validation performed by this product did not conform to PKIX in a number of ways, most notably in using DNS address-to-name resolution in an attempt to match a certificate to a host. With this release, clients using Micro Focus Common Client technology, such as COBOL web service proxy programs, CAS utility programs, and customer applications that use the CICS Web Services Interface feature, will by default, use stricter procedures for validating certificates which more closely conform to PKIX. This improves TLS security and interoperability.

• Security improvements for XML parsing

  In this release the third-party components used for parsing XML data have been updated, or have had bug fixes integrated into the version used by Micro Focus, to address published security vulnerabilities. Also, XML external-entity support has been disabled except where it is required by a particular product feature; this prevents XML External Entity (XXE) attacks on customer systems by attackers who can trick a customer application into parsing a malicious XML document.

Back to Top

This release offers the following new features and improvements:

• MFDS User Interface functionality replacement - ESCWA can now communicate with remote MFDS instances, and displays the equivalent pages of MFDS. Configuring regions, and their IMS, PL/I, MQ, and XA options, and security, is now available.
• ESMAC User Interface functionality replacement - ESCWA can communicate with remote ESMAC instances, and can replicate functionality and display all the information provided by ESMAC.
• Configurable User Interface access - you can now configure the ESCWA security manager to control user and group access to certain aspects of the user interface, such as, native, and security menu items.
• Usability improvements
  • Starting and stopping regions from the navigation tree.
  • The native menu items are not displayed if the region features are not configured correctly.
  • Configuration of the display colors for MFDS hosts and regions to distinguish them with ease.
• Scale-Out support - ESCWA has improved the way it displays a Scale-Out Repositories (SORs) association with its PAC and member regions.
• Redis support - Redis is supported as a SOR when running this product in a PAC. Features include:
  • Redis cluster support
  • A Mfredis configuration file - enables you to configure reconnection when any network errors occurs. You can also use the file to configure Lua scripts tracing on servers.
  • Authentication support for the standalone Redis server.