|This release contains the following new features or enhancements.
- Support for the Microsoft Edge browser.
- Both strict baseDN syntax and FQDN formats are supported when you add or change an AD user server.
- Third-party component upgrades:
- Tomcat - 8.5.90
- PostGRE SQL - 12.15-2
- OpenJDK - 20.0.1
- Increased the length of the proxy password to 5000 characters.
This release contains the following fixes:
Fixed the incorrect event logging on AD/LDAP login failure.
Resolved import failure with "Unknown" exception that occurs while saving the specified Location profile.
Fixed issue with scheduled jobs failing to run after upgrade.
- This release contains the following new features or enhancements.
- You can now encrypt the authentication process to the LiveUpdate Administrator console using LDAPS (LDAP over SSL). Add or modify an Active Directory account and select the option Use Secure Connection. When you select this option, the default port is changed to port 636.
- You can upgrade LiveUpdate Administrator from the same version, but with an older build number.
- This release contains the following fixes:
- Issue: Customers are unable to add a directory server because their BaseDN does not fix the data field. Fix: The maximum length of the BaseDN field has been increased to 200 characters.
- Issue: Tasks finish abruptly during download/distribution tasks. Fix: The email exceptions that arose during download/distribution tasks no longer cause the tasks to finish abruptly without proper cleanups and without releasing the acquired locks.
- Issue: Imports fail. Fix: UseTlsSMTP and ServerPort
fields in lua.xml no longer result in import failures.
- Issue: Imports fail while saving location profiles. Fix: Imports no longer fail while saving location profiles.
- This release contains no new features or enhancements.
- Issue: Components of LiveUpdate Administrator contain log4j versions that are known to be an exposed vulnerability and may be impacted. Fix: Install LiveUpdate Administrator 2.3.10 to upgrade log4j to version 2.16, which addresses the log4j vulnerability. For more information, see: Log4j2 vulnerability (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105) information and mitigation steps for on-premises manager and LiveUpdate Administrator
- Issue: LiveUpdate Administrator reports a failure deleting files that were actually deleted. Fix: Changed the event logging code to not include the file names, which did not exist at the time of delete operation.
- Issue: LiveUpdate Administrator download task started to fail due to "Unknown exception while commit index info" exception. Fix: Increased the size of the concerned column of the table precondition to accommodate bigger precondition values. Updated the Postgres binaries to the latest from pgsql 10 series.
- Create a customizable warning banner to appear on the login screen to deter unauthorized access. The warning banner text is updated in the properties file.
- You can now reach the LiveUpdate servers if you use an HTTPS proxy to handle traffic.
- This release of LiveUpdate Administrator contains changes in the way the product uses the proxy host and port to make connections. LiveUpdate Administrator no longer uses the properties that have a JVM-wide impact. Instead, LiveUpdate Administrator uses the local objects to create these connections, which stops LiveUpdate Administrator from inadvertently using proxies. This new feature resolves the issue in which a few system properties were supposed to be applied only to one connection, but were unintentionally propagated to all connection objects.
- You can upgrade from 2.3.1 and later to 2.3.8 on supported operating systems.
- LiveUpdate Administrator is packaged with the following updated third-party components (64-bit):
- Apache Tomcat 8.5.56
- OpenJDK 14.0.1
- PostgreSQL 10.12-3
- LiveUpdate Administrator supports separate notifications for task successes and task failures.
- Use Microsoft Active Directory (AD) credentials to access and manage LiveUpdate Administrator.
- Tomcat logs auto purging
- Fixes in content purge functionality for distribution center
- Fixes in proxy configuration for liveupdate source servers
- Fix for downloading content to support WLU and LUX clients (related to Symantec Endpoint Protection)
- You can now select all validated definitions and pass them all at the same time.
- Added an option to use TLS for sending SMTP email notifications.
- Improved the retention of failed logon attempts during an upgrade.
- This version of LiveUpdate Administrator updates the Help system to SymHelp 7.0.0.
- LiveUpdate Administrator is packaged with the following updated third-party components:
- Apache Tomcat 8.5.31
- Oracle Java Runtime Environment (JRE) 8u172
- PostgreSQL 10.4
- Fix ID 4134405: You upgrade Symantec Endpoint Protection to 14.0.1 and add its content to
LiveUpdate Administrator’s Download Schedules. However, this action causes LiveUpdate
Administrator to stop downloading content. Solution: Updated the processes by which content
downloads to LiveUpdate Administrator.
- Fix ID 4129120: The number of purged distribution center files reported in the LiveUpdate Administrator
event log differs from the actual number of purged distribution center files. Solution: Refined the
process by which files are tabulated as successfully deleted.
- You can upgrade from 2.3.1 through 2.3.5 to 2.3.6 on supported operating systems.
- LiveUpdate is packaged with Apache Tomcat version 8.0.41, JRE 8u121 (1.8.0_121), and
PostgreSQL version 9.6.1.
- LiveUpdate Administrator now runs on Windows Server 2016 and Windows 10 (64-bit only).
- LiveUpdate Administrator drops support for versions of Internet Explorer earlier than 11.
- Support is added for IPv6.
- Fix ID 3911724: When you upgrade to a newer version of LUA, if the database shutdown took longer
than 125 seconds, then the database would become corrupted.
- Fix ID 3991178: LiveUpdate Administrator fails intermittently due to heap space exhaustion, which is
caused by database cleanup failures over a long period of use.
- Fix ID 3903255: A distribution job never ends when there is no more disk space.
- Fix ID 3978643: When the LiveUpdate Administrator catalog updates and parses the existing catalog
information, if there is an error, then the process quits and does not attempt to download the new
- Fix ID 3987105: When you click Troubleshoot on the home page, the debug files do not update as
expected. The page continues to display old information.
- Fix ID 4029103: After you use the Wipe command in Distribution Centers, the distribution centers
are no longer accessible via HTTP or HTTPS. When you examine the distribution center’s folder
structure, you find that the root directory is missing.
- Fix ID 3940361: When you upgrade LiveUpdate Administrator, your custom configurations to the
Tomcat shutdown port, the Tomcat HTTP port, the Tomcat HTTPS Port, and the PostgreSQL port are
reverted to the default values.
- Fix ID 3953127: If you click the Delete command on the Manage Updates page and select a content
item, the command only deletes the latest revision from the content item, and not the entire content
- Fix ID 3994975: All the LiveUpdate Administrator URLs contain the localhost prefix, including the URL
for a password reset.
- Upgrades: You can upgrade directly to 2.3.5 from any earlier versions from 2.3.1. to 2.3.4.
- LiveUpdate is packaged with:
- Apache Tomcat version 8.0.26
- JRE 8u74
- PostgreSQL version 9.4.6
- The PostgreSQL database requires the 32-bit Microsoft Visual C++ 2013 redistributable
- The URLs within LiveUpdate Administrator can now use both the HTTP protocol and the
HTTPS protocol. The new Convert to HTTPS or Convert to HTTP link at the top of any
LiveUpdate Administrator screen lets you switch back and forth between the protocols.
- Fix ID 3419701: The word "CRITICAL" in the Severity column does not translate correctly when event
logs are exported to CSV
- Fix ID 3566806: In the "Update details" page, the OK button is still enabled after locking any revision to
the distribution center
- Fix ID 3658259: An option should be provided on the console to migrate from HTTPS to HTTP and vice
- Fix ID 3723393: The Distribution Center status is "Unreachable" in the Chinese Hong Kong version
- Fix ID 3849811: LiveUpdate Administrator server runs out of disk space
- Fix ID 3887170: The following error appears: "The page you tried to access does not exist."
- Fix ID 3230097: Test mails are not sent until the Update button is clicked on the Preferences page
- Fix ID 3700389: Content download intermittently fails with Unknown exception while saving the
- Fix ID 3873418: The SMTP Server User Name field on the Preferences page does not accept a valid
- Fix ID 3874573: Content Distribution request is skipped whenever purge tasks takes too long to
- Fix ID 3863204: Purge fails when LUA mistakenly falls back to an older version of SPC
- Fix ID 3888337: The LUA download schedule hangs between 95% to 99% and eventually fails
- Fix ID 3857967: Content distributions fail to distribute content after importing the
- LiveUpdate Administrator is packaged with:
- Apache Tomcat version 7.0.55
- PostgreSQL version 9.3.5.
- On the Home page, you can see the top 10 distribution centers that do not have the latest
- In previous releases, the contents in the distribution centers occasionally become corrupted
and you have had to delete the contents manually. You can now delete the contents from a
distribution center by clicking Configure > Distribution Centers > Edit > Select Desired location
to clear > Wipe.
- You can change the SMTP server port number on the Configure > Preferences page.
- The Activity Monitor includes a new status, called Distributing. The Distributing status appears
when a distribution task is in progress. A distribution task occurs when the content is
downloaded to the LiveUpdate clients. You can also view the statuses on the Download &
Distribute page, click Activity Monitor.
- Support added for Windows Server 2012.
- Fix ID 3633378: Asterisk insertion of password field in LUA web interface causing proxy authentication
configuration confusion/mistakes (TECH225574)
- Fix ID 3589609: Some characters in admin password not supported by LUA Tomcat
- Fix ID 3582353: LUA reports successful install but Postgres SQL service is not created
- Fix ID 3422461: Old Hub set of SEP for Macintosh AV definition are not purged that causes low disk
- Fix ID 3463502: Files are not deleted in the purge process of distribution center (TECH178155)
- Fix ID 3601150: Upgrade HTTP Client and HTTP MIME
- During the installation of LiveUpdate Administrator, the installation folder, temporary folder,
and download folder cannot be empty. Also, the root drive (such as C:\ or D:\) must use a
subfolder that does not contain other files. The subfolder should use a local path, as file share
is not allowed. The similar validations are applicable on Preference page while changing
Download and Temporary directory.
- Removes non-supported products from Symantec Product Catalog.
- To increase security, all administrator passwords to log on to LiveUpdate Administrator must
be a minimum of 8 characters, be alphanumeric, and include one special character. For users
using plain passwords without above recommendation, would still be able to log in into
application with same password after upgrade to LUA 2.3.3.
- The default protocol for Distribution Centers is HTTP. You can now configure the default
Distribution Center to support either HTTP (7070) or HTTPS (7073), or the port that you
configured when you installed LiveUpdate Administrator. The LiveUpdate Administrator URL’s
now use the HTTPS protocol instead of the HTTP protocol.
- The Export / Import workflow changes for LUA 2.3.0, LUA 2.3.1 and LUA 2.3.2. Please refer
to the Procedure to import configuration section for more details.
- If you forget your password, click Forgot your password to send a link to the registered email
address. The link is valid for 48 hours. Clicking on that link lets you change your password.
- Fix ID 3389946: Distributions to HTTPS servers fail with Java heap memory exhaustion (TECH222933)
- Fix ID 3521391: Installation failure on Japanese OS
- Fix ID 3521393: Log on to LUA console default DC "clu-prod" is always unreachable
- Fix ID 3521532: Change "profile" to "account" for adding and editing user profiles (UI change)
- Fix ID 3532311: LUA DC shows "Unreachable" after install issue on build 220.127.116.11
- Fix ID 3538335: Tomcat service cannot auto-start when restarting the computer
- Fix ID 3539939: Unable to send test mail in Japanese LUA
- Fix ID 3539958: Distribution function does not work well in localized LUA
- Fix ID 3541750: Configured the SEPM to point to the LUA and LU is failing
- Fix ID 3541756: Service does not start when the server restarts
- Fix ID 3544836: The login ID is garbage in Export configuration recovery file for localized LUA
- Packaged with Apache Tomcat version 7.0.26 and PostgreSQL version 9.1.3. defects
- Packaged with JRE 1.7 (private JRE, automatically bundled, installed, and configured by the
- Enhanced security with advanced features to protect the user interface from certain attacks.
- Added the ability to modify the LUA download directory path at any time (not just during installation).
- Product Catalog now automatically updates to ensure catalog changes become available
without any user initiated action being required.
- Daylight savings time changes are now correctly handled for scheduled tasks.
- Email notifications can be sent whenever a new LUA version is available, relevant catalog
changes occur and as an early warning in advance of large monthly content downloads.
- Enhanced content purging to ensure it works reliably, even if an external 3rd party source
(e.g. Robocopy) is also accessing the content.
- The LUA web server service now automatically restarts if it crashes or terminates
- LUA now automatically installs and uses an optimized private Java Runtime Environment
(version 1.6 update 27). This also means it is no longer necessary to separately install a
public JRE for use by LUA.
- It is now possible for LUA to automatically run multiple specified distribution tasks after a
download task completes.
- New quick link added to the user interface which allows customers to quickly and easily
capture all LUA-related troubleshooting information that Symantec Technical Support may
require if answering a query or investigating a reported issue.
- Other new quick links added to the user interface:
- How to configure a Remote Distribution Center (Article and Video)
- Product Selection Guide: Which sub-components to select (Article)
- Added ability for LUA to automatically send email notification on successful completion of a
task (as well as failure of a task).
- LUA now automatically sends an email notification when disk space is running low on the
drive to which LUA is installed (the LUA database is at risk of becoming corrupted if disk
space runs low).
- Email notification appearance has been enhanced (now HTML based).
- Security within the user interface has been enhanced to ensure protection from specific
potential attack scenarios.
- LUA now periodically sends anonymous product information to Symantec
(can be disabled if required).
- LUA now installs and uses the latest available versions of Apache Tomcat (7.0.21) and
- 25 other third-party components upgraded.
Note: Versions of LUA 2.3.0 and earlier use versions of PostgreSQL that have reached end of life. If you are using this earlier version, you should migrate to the latest version as soon as possible.
- Rapid configuration export and restore.
- LUA download tasks can now automatically resume and retry file downloads.
- Event-driven email notification (with SMTP authentication support) to notify user(s) in case of
- Ability to auto-start a distribution task after a specified download task.
- Automatic LUA database maintenance, to ensure reliable and responsive operations.
- Partially completed download and distribution tasks now show an accurate percentage of
completion by the activity monitor.
- Fast access to Symantec’s LUA best practice recommendations provided by the installation
wizard and program menu.
- Optimized load times for the LUA console home page and event log.
- Fix ID 2014599: Intermittent "Package is not trusted" errors for various product update files during LUA
- Fix ID 2174087: Error: "value too long for type character varying(100) when processing
- SYM11-005: LUA Cross-Site Request Forgery vulnerability (CVE-2011-0545,
Security Response writeup)
- Usage of JRE version 6 update 24 or higher is strongly recommended, to ensure maximum application
stability and security. Usage of previous versions, in certain situations, may lead to system instability
- If hard disk space is extremely low on an LUA computer, it can cause tasks to fail and in turn, cause
LUA to not clean up task related temp content files.
- “Null%” can intermittently appear in relation to the completion percentage in the email notifications for
failed distribution tasks.
- If two download tasks attempt to access LUA’s temp directory at the same time, it can cause the
following error to occur: “Failed to obtain write lock on content repository while committing download
request id X”
- Sometimes, the Tomcat service "LUA Apache Tomcat" stops after doing random and multiple
navigations in the application. This issue can be solved by using the latest available server JVM (JDK)
instead of a client JVM (JRE). Please use the following instructions:
- Install the latest JDK 1.6 (note, it is JDK and not JRE)
- Set your Path variable and JAVA_HOME to point to this JDK. To check if you are using the right
Java in the path, open a command prompt and type java-version. It should show the version you
had just downloaded and installed.
- Server JVM is used. These steps are documented in TECH96391, in the Tomcat configuration section.
- Restart the LUA Tomcat service from the Services control panel.
- For proxy connection configurations for source, failover servers, and distribution locations, if FTP
protocol is selected, application uses SOCKS to connect to a proxy server.
- For browsing between pages, please use the toolbar and bread crumbs provided. Do not use the
browser's Back button. Its usage can result in unexpected behavior.
- Users are forced to save twice to add a Failover Server to a Source Server. When adding a failover
server to a Source Server, you must first add and save the failover server details, and then save the
Source Server record to fully commit the failover server addition. If not, the failover server is not added.
The same is true for the Central LiveUpdate Server (CLU).
- In Source Server and Distribution center configurations, application is supporting proxies with Basic
and NTLM authentication. For configuring NTLM proxies in LiveUpdate Administrator, the user needs
to specify Domain to which proxy is connected. There is no separate input field for entering domain
name. User should enter proxy user name as "domain_name\user_name", which is domain_name
followed by "\" and then user_name.
- When a manual distribution is initiated by user, sometimes it takes more time to display activity
monitor page when moving from page 2 of 2 of distribution wizard.