GoldMine 2018.2 – because Data Security is more important than ever.

GoldMine 2018.2 has just been released and includes key changes to help with the GDPR Article 25 requirement that systems incorporate "data protection by design and by default".

Here is an overview of the updates:

When the General Data Protection Regulation (GDPR) came into force via the enactment of the Data Protection Act 2018 (DPA 2018) in May, it caused a lot of questions about security and privacy in GoldMine.

Ivanti’s security team have reviewed a number of areas and the result is a version of GoldMine that focusses on security and will help you on your road to GDPR compliance.

Anyone who uses GoldMine should ensure that they apply this build as soon as possible.  The GDPR introduces a principal of ‘accountability’ –

“The controller shall implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed.”

In plain English, this means you must apply your updates in a timely manner!

 

Do you still need help with GDPR?

If you are concerned about any aspect of your DPA 2018/GDPR compliance, please get in touch and we will be happy to suggest ways in which we can help you.  You can also find further details about our GDPR support pack here.

Please do not try to apply this upgrade yourself.  Contact Brian Coome, our support manager, by emailing support@prior-analytics.com or calling on 0345 658 8121 and he will advise on the suitability of this build for your specific environment.

 

Overview of Key Changes:

  • Enhanced database connection security
  • Database connection encryption and support for TLS1.2
  • Numerous password complexity enhancements
  • GoldMine Connect will now require a certificate for HTTPS secure connection
  • Cumulative service pack incudes more than 35 customer requested updates
  • Support has been added for SQL server 2017

 

What’s New in GoldMine 2018.2 ?

GoldMine Connect

Uses https by default

  • For new installations GoldMine Connect will be installed to use port 443 by default
  • The https implementation needs a certificate installed on the web server
  • If you don’t have a certificate from an external trusted authority, then you need to create a self-signed certificate
  • For existing installations there will be a redirect from http to https
  • Please note that in the case of existing installations, we use URL Rewriter to perform the redirect. If URL Rewriter is not installed previously, then the GoldMine Connect installer will do the installation
  • In case of upgrade if there is no certificate installed on the web server, the admin needs to configure one (either from a CA or a self-signed one) prior to the installation    

Email Merge Code for primary and additional contact

  • Added E-mail Merge Code in Contact Record > Details section > Email address
  • Added E-mail Merge Code in Contact Record > Additional Contacts section

 

 

GoldMine Link for Microsoft Outlook

Upgrade of Redemption library

  • The Redemption library was updated to version 5.16

 

GoldMine Premium Edition

Chilkat Upgrade

  • The Chilkat library was updated to version 9.5.0.71. The following known issues in GoldMine were fixed by this library upgrade:
  • The boundary string appended to the end of Gmail emails won’t be added anymore
  • Emails with the charset charset iso-2022-jp will be properly parsed
  • Some spaces that were being added to the subject of emails will be fixed/removed (at least for HTML emails) 

Open SSL upgrade

  • Open SSL library was upgraded to version 1.0.2n which is their latest LTS version
  • This version uses TLS 1.2 by default

TLS 1.2 support for database communication

  • In 2018.2 version we added support for TLS 1.2, the most used cryptographic protocol.
Encrypted database connection
  • GoldMine uses protocol encryption and validate database server certificate by default to adhere to the “Secure by default” security principle and “Privacy by default” principle
  • A new step “Database Encryption” was added to the installer, where the user is asked if he wants to validate that the database server certificate is a trusted one. The default option is Yes.
  • If a certificate was configured on the database server and that certificate is trusted, then the user should leave the default selection and press on Next button
  • If on the database server there is no trusted certificate configurated, then the user must choose No in this step, otherwise GoldMine will not be able to connect to the database

User password complexity

  • As a part of security enhancements, a password complexity is in place. All defined passwords need to respect the following rules:
  • Contains 1 uppercase
  • Contains 1 lowercase
  • Contains 1 digit
  • Contains 1 special character
  • Has a length of 8 characters or the length setup by the administrator in system settings.
  • The password complexity is enforced by default for newly created users
  • For existing users, password complexity will not be enforced by default.  However, once they decide to change their current password, the newly set password will need to respect the password complexity.

“Removal” of master user account for new installations

  • For all fresh installations of GoldMine, the default user named “master” will not be created by default. However, a new step was added at the end of the installation process in which the end user will be required to create a master user which will have full administrative access to the application.
  • For existing installations there will be no changes to the existent user named Master, however we advise that the default password be changed or to create a new user with full administrative rights and disable the default one, to strengthen the security of your application.

Addition of a read-only account for SQL Query and Filters

  • The SQL Query Editor functionality requires now to be enabled from System Settings and a read-only user to be set
  • For Filters functionality to work, the SQL Query Editor functionality needs to be enabled and the read-only database user defined.
  • A new tab named “SQL Query” was added to System Settings (Tools->Configure->System Settings) from where you can enable the SQL Queries functionality
  • Once you enable the functionality you need to set a read-only database user and password for the SQL Query functionality to work
  • The read-only database user will be created as a part of the installation/upgrade process, but it needs to be manually set in the System Settings

Versioning of installation files

  • All .exe and .dll files created by the GoldMine application during installation will be versioned
  • The version on the files should be the same version you will find in About GoldMine screen 

File signing

  • All .exe and .dll files created by the GoldMine are signed, using SHA256 digest signature.

SQL Native Client usage as DB connector

  • SQL Native Client 11 is used as a DB Connecter starting with GoldMine 2018.2
  • If SQL Native Client is not previously installed on the machine, the installation will be done by the GoldMine installer  

 

We are making you aware of this new release of GoldMine based on either legitimate interest or on the basis of our contract with your company.  If you do not wish to receive these updates in future please ‘Opt Out’ here.

What if I don’t have a HTTPS certificate

If you don’t have a certificate from an external trusted authority, then you need to create a self-signed certificate

What do I do If on the database server there is no trusted certificate configurated?

If a certificate was configured on the database server and that certificate is trusted, then the user should leave the default selection and press on Next button

If on the database server there is no trusted certificate configurated, then the user must choose No in this step, otherwise GoldMine will not be able to connect to the database

Do I need to change my password?

The password complexity is enforced by default for newly created users

For existing users, password complexity will not be enforced by default. However, once they decide to change their current password, the newly set password will need to respect the password complexity.

What will happen to my ‘Master’ user?

For existing installations there will be no changes to the existent user named Master, however we advise that the default password be changed or to create a new user with full administrative rights and disable the default one, to strengthen the security of your application.