What’s New

This chapter describes enhancements implemented in AccuRev 7.8.

Password policy implemented for all AccuRev user interfaces

This release enforces a password policy across all AccuRev user interfaces, including CLI, AcGui, WebUI, and Git-Server. Based on PSec guidelines, the policy uses a username-password authentication mechanism that mandates strong and complex passwords to enhance the security.

    Note:
  • The password policy applies only when both server and clients are updated to version 7.8.
  • If you use clients older than version 7.8 while the server is updated to version 7.8, the new password policy does not apply to those clients.

Password guidelines

The following table lists the password policy guidelines. Before upgrading to AccuRev 7.8, admins must make sure that all AccuRev users have reset their existing password based on the password policy.

Password guideline Details
Password length

Minimum of 8 characters, and maximum of 128 characters.
Requirements

Password must contain one uppercase letter, one lowercase letter, one number, and one special character.
Restrictions
  • Password cannot be the same as the username.
  • New password cannot be the same as the old password.
  • Password must not contain space.

Password policy configuration

After upgrading to version 7.8, the password policy feature is enabled by default. Admins can use the following parameters in the acserver.cnf file to configure the password policy:

  • To disable the password policy feature, set the ENFORCE_PASSWORD_POLICY parameter to false.
  • To disable the password expiry feature, set the ENFORCE_PASSWORD_POLICY_EXPIRATION parameter to false.

Password expiration and reset

If both the ENFORCE_PASSWORD_POLICY and ENFORCE_PASSWORD_POLICY_EXPIRATION parameters are set to true, users will be notified about password expiration every 90 days, in compliance with PSec guidelines. While the 90-day cycle is not explicitly listed in the configuration file, users will receive password expiry warnings starting from the 80th day until the 90th day. If the user does not reset their password within this time period, after the 90 days, the account will be locked. Admins can reset the user’s account using the maintain chpasswd command.

Back to top

Product rebranding

AccuRev user interfaces (CLI, AcGui, WebUI, and Git-Server) are updated to reflect CE rebranding edition.

Back to top

PulseUno updated to version 24.2

PulseUno has been upgraded to version 24.2 in AccuRev version 7.8.

Following are some of the enhancements in PulseUno:

  • UI look and feel have been changed.
  • Security fixes.

Back to top

Git-Server enhancements

Git-Server has the following enhancements:

  • UI look and feel have been changed due to library updates.
  • Security fixes.

Back to top

Third-party component and security upgrades

AccuRev version 7.8 includes the following third-party component and security upgrades:

  • The AccuRev JRE for server installer and client installer has been upgraded to 17.28.13.
  • Tomcat has been upgraded to 9.0.86.
  • The source code in all AccuRev components has been extensively reviewed and amended to address security vulnerabilities.

Back to top

See also: