Features Added in COBOL Server 6.0

Containers

Back to Top

Support has been added to enable you to work with containers from the IDE. In particular you can now create a Dockerfile for a COBOL project, and build, debug and run a COBOL project in a container, all from the IDE.

Support has been added to enable the use of tools that are compatible with the Open Container Initiative (OCI) on platforms where they are supported. This is currently available on Red Hat Enterprise Linux 8.

Data File Tools

Back to Top

The following enhancements have been made to the Data File Editor:

  • Double-byte character sets are now supported within the editor.
  • Insert mode is now available when editing a formatted record, except for numeric fields.
  • When editing DBCS data in EBCDIC files, the required Shift-out and Shift-in characters are automatically added when editing a formatted record and you are editing in Insert mode.
  • You can now load and unload structure files for an open data file.
  • A ruler at the top of the editing pane can be toggled on/off.

Enterprise Server

Back to Top

The following enhancements are available:

  • IPv6 support (EAP) - This feature is in Early Adopter Program (EAP) release status. Some Enterprise Server components and features now support Internet Protocol version 6 (IPv6) network addressing and connectivity. Due to limitations with IPv4, IPv6 is becoming more common within corporate networks and on the public Internet. In some cases, the use of IPv6 can improve interoperability and simplify network configuration.
  • Administrative Commands - the add command in cascertreg now contains new options (-cwi setting, -dcas setting, -issuer, and -subject).

Enterprise Server Security

Back to Top

This release provides the following enhancements:

  • Micro Focus Secrets file storage permissions

    The Micro Focus Secrets feature (also known as the Vault feature) provides centralized storage for sensitive information such as passwords, with some protection against accidental disclosure or discovery by unauthorized users. Prior to this release, the only supported storage mechanism was a conventional file containing encrypted data. In this release, the permissions on the storage file and on the Secrets configuration file are set more restrictively to help protect the secrets.

  • Certificate wildcard support

    The X.509 digital certificates used to identify servers when making TLS (SSL) connections permit the use of fully-qualified domain names with wildcards for some parts of the name. This enables administrators to use a single certificate issued to, for example, *.mycorp.com for any number of servers with fully-qualified names like www.mycorp.com, server1.mycorp.com, and so on. These wildcard-bearing certificates are now supported by client programs using Micro Focus communication technology when validating a server's certificate.

  • Improved ACL wildcard support

    In the Access Control Lists used for resource access control with LDAP-based security in Enterprise Server, the ".**" wildcard sequence now behaves more similarly to mainframe RACF. A number of additional options for wildcard processing are also available.

  • PAM ESM module

    On Linux platforms, Enterprise Server now includes an External Security Manager module which integrates with the Pluggable Authentication Modules (PAM) operating system feature. The PAM ESM module can be used to authenticate Enterprise Server users with the same mechanism used for Linux users, or with any other mechanism available through PAM.

  • PKIX compliance for TLS certificate validation

    The standard for using X.509 digital certificates to authenticate servers when making TLS (SSL) connections is known as PKIX, for Public Key Infrastructure (X.509). It is defined by a series of IETF RFC documents, currently RFC 5280 and others. In previous releases, the certificate validation performed by this product did not conform to PKIX in a number of ways, most notably in using DNS address-to-name resolution in an attempt to match a certificate to a host. With this release, clients using Micro Focus Common Client technology, such as COBOL web service proxy programs, CAS utility programs, and customer applications that use the CICS Web Services Interface feature, will by default, use stricter procedures for validating certificates which more closely conform to PKIX. This improves TLS security and interoperability.

  • Security improvements for XML parsing

    In this release the third-party components used for parsing XML data have been updated, or have had bug fixes integrated into the version used by Micro Focus, to address published security vulnerabilities. Also, XML external-entity support has been disabled except where it is required by a particular product feature; this prevents XML External Entity (XXE) attacks on customer systems by attackers who can trick a customer application into parsing a malicious XML document.

Enterprise Server Common Web Administration (ESCWA)

Back to Top

This release offers the following new features and improvements:

  • MFDS User Interface functionality replacement - ESCWA can now communicate with remote MFDS instances, and displays the equivalent pages of MFDS. Configuring regions, and their IMS, PL/I, MQ, and XA options, and security, is now available.
  • ESMAC User Interface functionality replacement - ESCWA can communicate with remote ESMAC instances, and can replicate functionality and display all the information provided by ESMAC.
  • Configurable User Interface access - you can now configure the ESCWA security manager to control user and group access to certain aspects of the user interface, such as, native, and security menu items.
  • Usability improvements
    • Starting and stopping regions from the navigation tree.
    • The native menu items are not displayed if the region features are not configured correctly.
    • Configuration of the display colors for MFDS hosts and regions to distinguish them with ease.
  • Scale-Out support - ESCWA has improved the way it displays a Scale-Out Repositories (SORs) association with its PAC and member regions.
  • Redis support - Redis is supported as a SOR when running this product in a PAC. Features include:
    • Redis cluster support
    • A Mfredis configuration file - enables you to configure reconnection when any network errors occurs. You can also use the file to configure Lua scripts tracing on servers.
    • Authentication support for the standalone Redis server.
  • Kubernetes support - when ESCWA is run in a Kubernetes cluster, it is now possible to configure it to automatically discover the pods hosting MFDS within the cluster, and display them in the ESCWA user interface.

File Handling

Back to Top

Fileshare password files can now be stored in the Vault Facility, ensuring that sensitive user credentials are encrypted. Firstly, create the password file in the usual way, and then upload it, with a path of microfocus/fh, using the mfsecretsadmin utility.

To ensure the Fileshare server uses the file stored in the vault, start the server with the /uv option.

Multi-Threaded Applications

Back to Top

This release includes the following improvements:

  • Improved validation of detached threads on UNIX - the reliability for applications with many threads, when using the CBL_THREAD_KILL routine and during abnormal process termination, such as when an error occurs, has been improved.
  • Thread local storage optimizations - the thread termination in applications with many threads has been optimized.

New Platform Support

Back to Top

Support is now available for COBOL Server for the following additional platforms to the same level that other UNIX platforms (different than Linux) are supported:

  • Ubuntu Linux 18.04.x (LTS) on 64-bit Intel (x86-family)
  • CentOS v7 and v8 on Intel x86-64

For a full list of the supported operating systems, check the Product Availability section on the Micro Focus Customer Care Web site: http://supportline.microfocus.com/prodavail.aspx.

Problem Determination

Back to Top

The following enhancement is available:

  • Consolidated Tracing Facility (CTF) on UNIX - CTF is now always present during process termination, such as when an application, or a third-party code, calls exit() directly.