RSA Governance & Lifecycle 8.0 Patch 10 Release Notes
a day ago

What's New

RSA Governance & Lifecycle version 8.0.0 P10 introduces features designed to enhance system efficiency, automate key tasks, and improve visibility. With updates like Compare User (in User Review), Pluggable Password Vault, Search Filter, and New User Interface for Reviews (Account and Group Reviews, My Reviews, and Home Page) this release reduces manual intervention, optimizes performance, and bolsters security.

Highlighted Features

Compare User (in User Review) [BETA]

The User Review section in the enhanced UI now features an entitlement comparison tool. By selecting up to four users, reviewers can easily identify entitlements assigned to each of the selected users. This added visibility ensures more informed decision-making when approving or revoking user entitlements.

Pluggable Password Vault

RSA G&L currently supports only CyberArk vault integration. Part of this solution system will expose a plugin-based vault integration where customers, partners, and RSA PS can build and upload their own Password Vault Manager (PVM) providers (via UI) to supply credentials to collectors and connectors. The framework defines common interfaces, metadata-driven configuration for vault configuration and profiles, automatic class loading of new providers. As a part of this feature a Local Vault is introduced which stores the credential name and password within the product; to help the customers who do not have the external vaults. 

Search Filter

In the existing Search Filter functionality, the search text is applied across all visible columns on the UI, which can lead to increased response time. For column-specific searches, users must explicitly click the search icon (magnifying glass) in the Search Filter box to open the Advanced Search dialog.
With this enhancement, clicking anywhere within the Search Filter box will automatically open the Advanced Search dialog. This encourages users to perform more targeted, column-specific searches, improving performance and usability. To enable this feature, set the custom flag enableEnhancedFilterSearch to true from Admin > System > Settings > Custom. Removing the flag or setting the flag’s value to false reverts to the previous behavior.
When this feature is enabled, users can still search across all visible columns by selecting the Any Column option in the Advanced Search dropdown. To restrict the option to select Any Column for non-System Admin users, set another flag disableQuickFilterSearch to true; this flag defaults to false.

New User Interface for Reviews

This feature is not intended for production use and is hidden by a custom feature flag named FeatureFlag.UseEnhancedUIForReviews. When this feature is enabled (only by Admin user), from Admin > System > Settings tab > Edit > Custom, reviewers are provided with a toggle option from Home > Reviews > My Reviews page > Use the new UI toggle, to allow experiencing the new UI.

  • When the toggle is turned ON, opening any of the respective reviews will provide the new UI experience.
  • By turning the toggle OFF, users will be able to perform the respective reviews using existing UI.

You should reload the page to display the new UI.

This beta feature is available to all customers for testing. If you test the new UI, please send us your feedback or questions via gl-beta-feedback@rsa.com.

Please do not contact RSA Technical Support or do not open a Technical Support Case if you have any feedback on this beta feature.

 

Account and Group Review

The user interface has been introduced for the Account and the Group Review pages. It enhances the user experience and provides a better display for the respective data.

My Reviews Page

The My Reviews page UI has been enhanced to be displayed in two views; Cards view (by default), List view. More features have been introduced and others enhanced. To display your reviews, log in as a Reviewer, and click the My Reviews card on the Home page.

In addition to the UI changes, new Reviews Statuses, new Filter fields, and a Full Screen view have been introduced to the page for better experience.

Home Page

A new Home page has been introduced to RSA G&L that is being displayed in the new interface by setting the FeatureFlag.UseEnhancedUIForHomePage custom flag under Admin > System > Settings tab. This custom flag must be set to true to enable displaying the new Home page in the new UI. It provides better usability and user experience.

 

 New Features

FeatureDescription

ACM-136202

Reviews - New UI: In the Reviews New UI, the Collaborate feature is renamed to Share.

ACM-134647

Role Invalid Membership Rule: If an Invalid Membership rule is established for the Role, the Indirect Relationship Processing (IRP) will encounter failure. This enhancement ensures that such issues are managed gracefully, preventing the IRP from failing. A new ValidMembership Rule field is introduced in the Role table to facilitate the identification of any invalid membership rules associated with the role. This information is also prominently displayed on the Role General page and the Membership tab.

ACM-135524

A limit is set to the Risk CR evaluation. The maximum value is now 365 days and the default is 90 days.

ACM-134835

Unused space in the AWS-RDS for RSA G&L Cloud is now reclaimed by shrinking the database files. The procedure to shrink the database files is carried out when necessary, by the RSA SaaS Ops team.

ACM-134832

The Lite User category is removed from the ASR report, and now they count as Active users.

ACM-134567

The Self-Service Access Request page performance is improved.

ACM-133932

The commons-beanutils.jar is upgraded to version 1.9.4.

ACM-133930

The sshd-common.jar is upgraded from version 2.13.2 to version 2.16.0.

ACM-133855

Ability to Download and Delete Archive Dump Files: new buttons for Archive runs in RSA G&L Cloud are added under Monitoring > Data Runs.

  • Download: downloads the archive dump file from the S3 bucket in G&L Cloud to the local system which can be used to import to the customer’s on-premises database.
  • Delete: deletes the archive dump files from the S3 bucket in G&L Cloud.

This feature is only available in RSA G&L Cloud.

ACM-132475,

ACM-129559,

ACM-129558,

ACM-125625

Handling First & Last Names in Auto-generated Passwords: Violations are added for not using the First Name or Last Name in user’s password.
If the last name has a single character and it exists in the auto-generated password, and the password policy with single character for first name/last name is ignored.

ACM-119149

Support for External CA-Signed Certificates: The application now supports the import of external CA-signed certificates into both server and client keystores. Instead of using the default internal RSA CA for communication between ACM and AFX/Remote Agents, customers can now use  the import utility to configure their own CA-signed certificates.

 

Enhancements

FeatureDescription

ACM-136294

The Database Connector is now showing a View Changes section to help identify the SSL information for migrated and imported Connector.

ACM-136253,

ACM-135782,

ACM-135781

All the LDAP Directory Wizards are enhanced to support secure/SSL connections for the LDAP Connectors.

ACM-135205

In the Directory Wizards, based on the Use SSL checkbox selection, the connector screen fields will be enabled/disabled or displayed/hidden accordingly.

All LDAP connectors will support SSL connections only. The Use Secure Connection option will be selected by default, and the SSL port value will be populated automatically.

ACM-134941,

ACM-134939,

ACM-134938

Logging in AFX startup and Auto upgrade is enhanced.

ACM-134218

Debug Logs and Checks for Data Source are enhanced during WildFly configuration.

ACM-132575,

SF-02710275

ACM-135134

MuleSoft component in AFX Server is updated from version 4.7.1 to 4.6.24 LTS.

ACM-128147

In the Generic REST IDC, the attribute mapping page is now supporting a drop-down feature that allows the users to select attributes.

ACM-121745

Tokens acquired by loginTrustedApp expire as per the configured time threshold.

 

Fixed Issues

IssueDescription

ACM-137052

A validation is added to check for a trailing backslash in the JAVA_HOME path to prevent AFX installation failure on Windows systems.

ACM-137051

The Log4j version is upgraded to prevent Remote Agent startup failure when running as a service on Windows systems.

SF-02728501

ACM-136461

Entitlements are now filtered correctly once the Entitlements Rules are applied. For example, when the RoleSet policy is set to Deny, no Roles can be added as Entitlements.

SF-02725113

ACM-136208

The Indirect Relationship Processing is now working successfully during collections since the date format is changed from 01-jan-2026 to 01-01-2026 in the SQL packages.

SF-02717614

ACM-135814

In the Fulfillment Workflow, the Transition button is no longer shown when the option Show this button on the workflow form is unchecked in the transition line.

SF-02716848 

ACM-135739

The Amazon AWS Collector and Connector are updated to properly connect to the endpoint through HTTP proxy.

SF-02717991

ACM-135594

The Generic REST EDCs are now generating tokens successfully when the collector is configured to use a POST request with Basic Authentication.

SF-02711882

ACM-135433

In the Generic REST Connector, the proxy port is made a non-mandatory field.

SF-02714814

ACM-135432

In the AFX Database Connector, the stored procedure configuration with new lines is now supported.

SF-02711755

ACM-135289

A preservation step is added to mask the ampersands (&) in query parameters (&parameter) before sanitization and restore them afterward, preventing accidental decoding and ensuring that the drop-down options load correctly in Request Forms.

SF-02696248

ACM-135188,

ACM-135158

The Risk Data processing no longer takes a long time to load; whether for completion or failure.

SF-02696677

ACM-135016

Logging has been enhanced to provide more detailed diagnostic information for workflow jobs.

SF-02706235

ACM-134949

The Notifications menu title is no longer written all in upper case. It is “Notifications” instead of “NOTIFICATIONS”.

SF-02707091

ACM-134928

In the Rules menu, the Workflow option is correctly highlighted if the current page being shown is Rules > Workflows.

ACM-134924

Response Timeout is optimized to reduce the number of requests in Open State (sent from AFX to ACM) to avoid the load on the ACM when it is not reachable for some time.

 

Platform Matrix

 

RSA Governance &  Lifecycle Software Bundle

Software Only (WebLogic or WebSphere)

RSA Governance &  Lifecycle Virtual Application

Container

Application Server Version

WildFly 24.0.1 Included

Qualified

N/A

Qualified

Qualified

WebLogic 14.1.1.0

N/A

Qualified

N/A

N/A

WebSphere 9.0.5.21

N/A

Qualified

N/A

N/A

JDK Version Certified

AdoptOpenJDK 1.8.0_482

Qualified

N/A

Qualified

N/A

Oracle JDK 1.8.0_481

(WebLogic)

N/A

Qualified

N/A

N/A

IBM JDK 1.8.0_481

(WebSphere)

N/A

Qualified

N/A

N/A

Operating Systems

SUSE (SLES 12 SP5, and SLES 15 SP7)

Qualified

N/A

Qualified

N/A

Red Hat (RHEL 8.10 and RHEL 9.7)

Qualified

N/A

N/A

N/A

*RSA Governance & Lifecycle Virtual Application deployments are now supported on Nutanix through the OVA file installation method.

 

Prerequisites for Applying Patch (v8.0 P07 or later)

Note: In case you are upgrading directly to P10 from patch P06 or earlier, you must perform the following procedure.

When using a customer-supplied Oracle Database, or RSA-Supplied Database installed remotely, update the AVUSER and AVCSUSER schema as follows:

  1. Log in as SYS user (or another user with SYSDBA privilege) in SQLPLUS (or another database tool like SQL Developer).
  2. Run the following script to grant permission on the following objects:

GRANT EXECUTE ON SYS.DBMS_CRYPTO TO AVUSER;

GRANT EXECUTE ON SYS.DBMS_LOCK TO AVCSUSER;

Note: If the AVUSER schema name is other than AVUSER, replace AVUSER with the appropriate schema name.

 

Product Support with Operating System

RSA Governance & Lifecycle version 8.0 P05 and later software bundle is now supported on RHEL 9.4+, however, RSA Governance & Lifecycle 8.0 must first be installed on RHEL 8, complete all the pre-requisites described below, and then upgrade the operating system from RHEL 8 to RHEL 9.4+.

Installing RSA Governance & Lifecycle on Red Hat 9.4+

RSA Governance & Lifecycle version 8.0 P05 and later software bundle is now supported on RHEL 9.4+, however, RSA Governance & Lifecycle 8.0 must first be installed on RHEL 8, complete all the pre-requisites described below, and then upgrade the operating system from RHEL 8 to RHEL 9.4+.

 

Before upgrading your system from RHEL 8 to RHEL 9.4, ensure the following steps are completed:

  1. Apply patch 8.0.0 P05 or later successfully on the existing RHEL 8 system.
  2. Apply the latest Appliance Updater for Oracle Database to the existing RHEL 8 system containing the RSA-provided database. 

After completing the upgrade to RHEL 9.4, assure the following:

  • The RSA-supplied JDK is installed and available. 

The following packages are required for Red Hat Enterprise Linux 9.4 environments, and may need to be explicitly installed in addition to the operating system.

binutils-2.35.2-43.el9.x86_64make-4.3-8.el9.x86_64
gcc-11.4.1-3.el9.x86_64sysstat-12.5.4-7.el9.x86_64
gcc-c++-11.4.1-3.el9.x86_64javapackages-tools
glibc-2.34-100.el9.x86_64lcms2
glibc-devel-2.34-100.el9.x86_64rsync
kshsyslinux
libaio-0.3.111-13.el9.x86_64dejavu-sans-fonts
libaio-devel-0.3.111-13.el9.x86_64dejavu-serif-fonts
libgcc-11.4.1-3.el9.x86_64dejavu-sans-mono-fonts
libstdc++-11.4.1-3.el9.x86_64fontconfig
libstdc++-devel-11.4.1-3.el9.x86_64zip
libXi-1.7.10-8.el9.x86_64unzip
libXtst-1.2.3-16.el9.x86_64libns

RSA Governance & Lifecycle Product Version Lifecycle
RSA has a defined End of Primary Support policy associated with all major versions. For more details, please refer to the Product Version Life Cycle for RSA Governance & Lifecycle.
As of RSA Governance & Lifecycle v8.0.0 P08, RSA G&L v7.5.2 is now EOPS.

Don't see what you're looking for?