Home
What's new in Domino 12?
Learn about all of the new features for administrators in HCL Domino® 12.
What's new in 12.0.2?
HCL Domino 12.0.2 introduces the following new features.
Features in previous Early Access drops
Earlier HCL Domino 12.0.2 Early Access Program drops provided the following new features and enhancements.
Security new features and enhancements
HCL Domino 12.0.2 provides the following new security features and enhancements.
Virus scanning for message attachments
You can set up HCL Domino to work with any virus scanning server that supports the ICAP protocol to scan attachments in mail messages for viruses.

What's new in Domino 12?
Learn about all of the new features for administrators in HCL Domino® 12.
- What's new in 12.0.2?
  HCL Domino 12.0.2 introduces the following new features.
  - What's new in Early Access drop 5?
    HCL Domino 12.0.2 Early Access Program drop 5 provides these new features and enhancements:
  - Features in Early Access drop 4
    HCL Domino 12.0.2 Early Access Program drop 4 provided these new features and enhancements:
  - Features in previous Early Access drops
    Earlier HCL Domino 12.0.2 Early Access Program drops provided the following new features and enhancements.
    - Improvements to Active Directory Password Sync installation
      Improvements to Active Directory Password Sync installation, including providing an install option as the method of performing the install.
    - Free time lookups of Microsoft 365 users
      The Exchange Busytime Connector task (ExConn) performs searches and returns results so that HCL Notes, Verse, iNotes, and Traveler users can do free time lookups of Microsoft 365 users. For more information, see conf_set_up_free_time_for_office_365_container.html.
    - New option to defer full-text indexing
      With a new option to defer indexing, you can set full-text indexing without its starting automatically. See admn_creatingandupdatingfulltextindexesforsingledataba_t.html.
    - Automatic ODS upgrade on Notes clients
      When you upgrade a Notes client, databases in the data directory are now upgraded to the latest on-disk structure (ODS) file format.
    - Security new features and enhancements
      HCL Domino 12.0.2 provides the following new security features and enhancements.
      - Virus scanning for message attachments
        You can set up HCL Domino to work with any virus scanning server that supports the ICAP protocol to scan attachments in mail messages for viruses.
      - Database encryption improvements
        The following improvements are provided for database encryption in Notes V12.0.2.
      - Authentication to Domino HTTP using signed JWT bearer tokens
      - Domino Console command to create MicroCA certificates for existing servers
        For existing servers, a Domino Console command generates microCA certificates to replace the former process of using self-signed certificates to establish the intitial SSL/TLS connection for the Server Controller and Java-based Domino Console. For details, see admn_use_domino_console_to_create_microca_certs_for_existing_servers.html.
      - Change to default AuthnRequest signature format used for SAML Federated Login
        The default format for signed AuthnRequests sent from the Domino Service Provider to the Identity Provider has been changed from Post Binding to Redirect Binding.
      - New version of OpenSSL
        HCL Domino has upgraded from OpenSSL 1.1.1a to OpenSSL 3.0.1 on the Windows, Linux, and AIX platforms.
      - Keymgmt Show command enhancement
        You can now use the ALL argument with the keymgmt show nek command to show all named encryption keys in a server ID file.
      - Internet CA root certificates updated
        The Internet CA root certificates in the Domino directory and in Certificate Store have been updated to include additional fields.
      - Domino on AIX comes with CertMgr
    - DAOS improvements
      A new server task, DAOS Encryption Manager (daosencmgr), can be used to ensure DAOS objects on an HCL Domino server use a consistent encryption key and key strength.
    - One-touch Domino setup improvements
      The Domino Administrator now provides a tool to validate that a JSON configuration file used for one-touch Domino setup has valid JSON and complies with the one-touch Domino setup schema.
    - Support for snapshot backups with Volume Shadow Copy Service (VSS) writer
      Domino now provides a native Windows VSS writer for snapshot backups for use with the Domino backup and restore. VSS writers are designed for application-aware VSS snapshots.
    - Administration Quick enhancements
      Administration Quick (AdminQ), introduced in HCL Domino 12.0.1, has been enhanced in Domino 12.0.2.
    - Tika full-text search improvements
      In Domino 12.0.2, Tika is upgraded to version 2.4.1, which corrects recent security issues for all platforms, and affords substantially greater reliability for Windows, Linux, and Aix.
    - Command to zip diagnostic files in the IBM_TECHNICAL_SUPPORT directory
      You can use the new tell domino support command to collect diagnostic files recently created in the IBM_TECHNICAL_SUPPORT directory into a .zip file to provide to Support.
    - New version of CKEditor
      CKEditor used in iNotes is now version 4.18.0. Previously it was version 4.5.6.1.
    - Domino directory user interface enhancements
      These Domino directory user interface enhancements are added for improved usability.
    - New Notes policy settings
      The following Notes policy settings are new in this release.
    - JSON mime type added to httpd.cnf
      The httpd.cnf file now contains the JSON mime type so that you no longer need to add it.
    - C API OSLoadLibrary changes
      On Windows, if a fully qualified path is not specified for a library to be loaded, the C API OSLoadLibrary no longer searches the path for the library.
    - Ability to disallow dots (.) and underscores (_) in Domino server names
      Use the notes.ini setting ADMIN_IGNORE_NEW_SERVERNAMING_CONVENTION=0 on a Domino server to prevent it from allowing dots (.) and underscores (_) in Domino server names. By default, these characters are allowed.
- What's new in 12.0.1?
  HCL Domino 12.0.1 introduces the following new features.
- What's new in 12.0?
  HCL Domino 12.0 introduces the following new features.
- Components no longer included in this release
  The following components are no longer included in Domino 12.

Virus scanning for message attachments

You can set up HCL Domino to work with any virus scanning server that supports the ICAP protocol to scan attachments in mail messages for viruses.

This feature requires:

A minimum of Domino 12.0.2.
A third-party ICAP protocol server to do the virus scanning. Domino has been tested with the products Trend Micro Web Security and McAfee Web Gateway. TLS is required to connect to the server.

First released in Early Access Program Drop 1, in Drop 3 virus scanning is now more tightly integrated with the router, thus you no longer need the cscanext Extension Manager library. You may remove EXTMGR_ADDINS=cscanext from your server's notes.ini. It will cause no harm to leave it in your notes.ini, but it is best to remove it.

The templates for the databases cscancfg.nsf, cscanlog.nsf, and cscanquarantine.nsf have been updated. Some additional fields and actions have been added. For example, from cscancfg.nsf there is an action button to open cscanlog.nsf, and documents in that database have actions to open quarantined messages in cscanquarantine.nsf.

When a message has been successfully scanned and is free of viruses, Domino places a secure token item on the message. When other servers in the domain process the message, they avoid scanning the message again if they successfully validate the token and it has not expired or been invalidated.

There is an option to send any virus scanning logging that would normally go to the Domino console to a separate file instead.

The mailscan task now purges documents in cscanlog.nsf and cscanquarantine.nsf that are older than the "Log retention days" and "Quarantine days" settings, respectively, in the cscancfg.nsf configuration document.

Previously, cscanlog.nsf contained documents for scanned attachments only. It now contains documents for scanned messages as well. A message log document has some basic information about the message and an embedded view that links to the attachment log documents.

Basic statistics have been added. Use console commands show stat Mail.AV* and show stat mailscan.* to examine the new statistics.