Reflection for the Web - Release Notes

July 2022

1.0 Version 13.1 Hotfix 11

released July 2022

  • Java Security update 1.8.0_342

2.0 Version 13.1 Hotfix 10

released April 2022

  • Java Security update 1.8.0_332

3.0 Version 13.1 Hotfix 9

released February 2022

  • Updated log4j library to version 2.17.1 to mitigate CVE-2021-44832, CVE-2021-45105, CVE-2021-44228, and CVE-2021-45046

  • Java Security update 1.8.0_322

4.0 Version 13.1 Hotfix 8

released October 2021

  • Java Security update 1.8.0_312

5.0 Version 13.1 Hotfix 7

released July 2021

  • Java Security update 1.8.0_302

6.0 Version 13.1 Hotfix 6

released May 2021

  • Java Security update 1.8.0_292

  • Updated Apache Tomcat HTTP components

7.0 Version 13.1 Hotfix 5

released January 2021

  • Java Security update 1.8.0_282

  • Updated Apache Tomcat to v9.0.39 for the remote/stand-alone installation of Reflection for the Web

8.0 Version 13.1 Hotfix 4

released October 2020

  • Java Security update 1.8.0_272

  • Updated Tomcat, Spring, and Jackson libraries to the latest available security release for the remote/stand-alone installation of Reflection for the Web.

  • Added Reflection for the Web Launcher installers to the rweb-client.war file.

9.0 Version 13.1 Hotfix 3

released September 2020

Resolved issue:

  • Resolved an HP emulation issue where a Host-initiated backspace incorrectly deletes screen content when the destructive backspace is enabled on the user's keyboard.

10.0 Version 13.1 Hotfix 2

released July 2020

  • Java Security update 1.8.0_262

11.0 Version 13.1 Hotfix 1

released June 2020

Resolved issue:

  • The keystoreLocation parameter correctly resolves the location of the private key and trust stores, when using the Reflection for the Web SDK.

12.0 Version 13.1

released May 2020

12.1 What’s New in 13.1

All releases are cumulative, and contain the features introduced in earlier releases. See what’s new since version 13.0

New Features

  • The Reflection for the Web Launcher eliminates the requirement for Oracle Java and the Netscape Plugin API (NPAPI) for both administrators and end users.

    • Administrators: Session management in the MSS Administrative Console no longer requires Oracle Java or the NPAPI. Sessions can be created and edited using the Reflection for the Web Launcher.

    • End Users: Since version 13.0, workstations no longer require Oracle Java or the NPAPI to launch sessions.

  • When sessions are launched using the Reflection for the Web Launcher, a warning dialog is presented when the Links List Applet is closing and emulator sessions are still open, providing the user with the opportunity to abort the closure operation.

  • When an individual session is launched directly using the Reflection for the Web Launcher, a second window may appear for authentication purposes. Once authentication succeeds, the second window is automatically hidden.

  • Added a Windows shortcut for the Reflection for the Web Launcher Settings application, which provides configuration of the Reflection for the Web Launcher.

  • Updated Management and Security Server (MSS) to version 12.6 SP1, which is required to manage and secure your Reflection for the Web sessions.

Third-party software changes

  • Updated Apache Tomcat to v9.0.33 for the remote/stand-alone installation mode

  • Updated Java to the latest available security release: OpenJDK 1.8.0_252

  • Removed Apache Struts dependency. Reflection for the Web is now a Struts-free product.

12.2 Resolved issues

since Reflection for the Web 13.0 Hotfix 5

  • Resolved Security Vulnerability: CVE-2020-1938. See 7024547 for details.

  • When using the Reflection for the Web Launcher, you can use:

    – the custom protocol named mfjnlp

    – authentication via smart-card based certificates

    – transparent authentication via Windows Single Sign-On

    – Metering via HTTPS

  • The Links List displays only Reflection for the Web session types.

  • Improved support for web proxies.

  • Restored the ability to generate static HTML for Reflection for the Web sessions in the MSS Administrative Console.

  • Resolved the opening of embedded sessions in multiple tabs of the browser.

12.3 Known issue

  • A 500 error may be reported by the server when the Display Links List button is pressed when a session is launched directly.

    Workaround: Refresh the browser page.

13.0 About Upgrading

The upgrade process varies depending on the version you are upgrading from. For more information, refer to the Reflection for the Web Installation Guide - Upgrading.

The Reflection for the Web automated installer provides the option to install/upgrade both Reflection for the Web and the compatible version of MSS. Versions must be compatible to implement security updates and other functions.

13.1 Compatibility Requirements

Check to be sure these versions are compatible.

  • Reflection for the Web Launcher

    When you upgrade Reflection for the Web, be sure to install the latest Reflection for the Web Launcher to be able to manage (Add or Edit) sessions in the MSS Administrative Console.

    To update the Launcher, click DOWNLOAD when you launch a Reflection for the Web session, and run the installation wizard. See Installing the Reflection for the Web Launcher in the MSS Installation Guide.

  • MSS Add-on Products

    The Security Proxy (or any MSS Add-on product) must be the same <major>.<minor>.<update> version as Management and Security Server (MSS). For example, when you upgrade to Reflection for the Web 13.1, which uses MSS version 12.6 SP1, be sure to upgrade the Security Proxy to version 12.6 SP1.

    See the MSS Installation Guide -Upgrading for assistance.

14.0 If you are Evaluating

When you run an evaluation copy, the product will be fully functional for 120 days. During that time you can install, configure, and test Reflection for the Web version 13.1.

Follow the installation steps in the Reflection for the Web Installation Guide, and then walk through the evaluation scenario presented in Evaluating Reflection for the Web.

Please contact Micro Focus or your authorized reseller to obtain the full-use version of the software.

15.0 Resources

Security Updates:

Support Resources

Support resources include Knowledge Base articles and Contact Support information.

Reflection for the Web Documentation:

  • Reflection for the Web Installation Guide

  • Reflection for the Web Reference Guide, includes:

    • API and Scripting
    • Using ECL
    • Applet Attributes and Parameters
    • HTML Samples
    • Host-initiated RCL Support

Management and Security Server (MSS) Documentation: