Wednesday, March 1, 2023

Are older versions of Domino a security issue?

What are the risks of running older versions of Domino? What could have possibly changed? Well, the answer is a lot. To make it easier for you, Preemptive has created a web app to look up the changes in one easy step. Click on the link below and then come back and get some of the details.

CLICK HERE – > What security updates are you missing from Domino?

Now, the length of the list may vary greatly based on the version of Domino that you are utilising. You can take some solace in the fact that many updates are minor, and others may be improvements. Only you can determine the risk. If, on the other hand, you are using an earlier version of Windows, then that is an entirely different situation. 

Running old and outdated software can pose a significant cybersecurity risk. This is because older software versions may contain known vulnerabilities and security weaknesses that cyber attackers can exploit. As time passes, these vulnerabilities may become increasingly well-known and exploited by attackers, making it easier for them to compromise systems running outdated software.

In addition, outdated software may not be receiving security patches or updates from the vendor, leaving systems and networks exposed to known vulnerabilities. This is particularly concerning in cases where the vendor no longer supports the software, and no further updates will be released to address vulnerabilities.

Rule of thumb “Running old and outdated software from a cybersecurity perspective is generally not recommended”

It’s also worth noting that running outdated software can lead to insurance issues and compliance issues with regulatory requirements, such as those related to data protection and privacy. Therefore, it’s important for organisations to keep their software up-to-date not only for cybersecurity reasons but also for compliance reasons.

Because this is so critical to the health of an organisation, the Australian Federal Government provides guidance in this area via its Essential Eight program.

The Essential Eight is a set of cyber security strategies recommended by the Australian Cyber Security Centre (ACSC) to help organisations protect against cyber threats, and one of its key recommendations is regular software maintenance and updating as a critical part of an organisation’s cyber security strategy.

So you might be thinking, Is Domino still being updated and relevant? The answer to which is absolutely!

HCL acquired IBM Domino on July 1, 2019, and since then, they have patched and modernised the product’s security features. They have also added support for new versions of Operating Systems, containerisation, and a number of excellent new features. Below is an outline of some of those changes:

Note: Domino 10 was the last version that supported Windows 2008. If you need to update Windows beyond Windows 2008 (and you should), you must be on version 11 or higher.

HCL Domino Version 11 (12 Dec 2019):

– Support for Windows Server 2012, 2012 R2, 2016, 2019
– Improved Security, including support for multi-factor authentication (MFA) and improved SSL/TLS security.
– New licensing model, no longer a server license charge – no more PVUs!
– Domino Query Language (DQL)
– Mobile Application Access – Notes Apps on iOS or Android
– Node.js Integration
– Docker Support
– Performance Improvements

HCL Domino Version 11.0.1 (19 Apr 2020): 

– Support for CentOS
– Enhanced Security, with improved support for OAuth 2.0 and more granular control over certificate revocation.
– More performance improvements, such as faster indexing and improved memory utilisation.
– Improved Client Experience, improved searching and sorting capabilities, and support for Office 365.
– Support for the latest web browsers

Note: Domino 11 was the last version that supported Windows 2012. If you need to update Windows beyond Windows 2012, you must be on version 12 or higher.

HCL Domino Version 12 (7 Jun 2021):

– The ability to run Notes Applications in a web browser (no client required)
– Improved Security, such as enhanced TLS support, improvements to password management, and support for certificate-based authentication.
– Support for Windows Server 2016, 2019
– OpenID Connect and OAuth 2.0 Support
– Integration with HCL Volt
– Enhanced Performance, such as faster indexing and improved memory management, resulting in faster response times and improved scalability.
– Java 11 Support
– Web Application Enhancements, such as improved support for modern web standards, better integration with JavaScript frameworks, and improved user interface controls.


HCL Domino Version 12.0.1 (14 Dec 2021):

– Support for Microsoft Windows Server 2022
– Updated OpenSSL version, providing improved Security and compatibility with modern TLS standards.
– Client Experience Enhancements, such as improved support for Microsoft Office integration and improved performance when accessing large mailboxes.
– Docker Support Enhancements, such as improved compatibility with Kubernetes and support for deploying Domino in a cloud-native environment.

HCL Domino Version 12.0.2 (17 Nov 2022):

– Support for OpenID Connect
– CertMgr updates making SSL certificate management a dream.
– Core SSL upgraded from OpenSSL 1.1.1a to OpenSSL 3.0.5. The Windows, Linux, and AIX platforms use the FIPS provider for FIPS 140-2 approved algorithms such as SHA-1, SHA-2, 3DES, AES, 2048+ bit RSA, ECDSA, ECDHE, and EdDSA.
– Improved database encryption with better support for AES 256.

In addition to the above, HCL has also announced significant updates planned for the next five years. 

In summary, if your organisation runs older versions of Domino (and maybe on older versions of Windows), then now is the time to act! There are lots to consider, and we’d be delighted to assist or point you in the right direction

No comments: