LoadMaster LTS Release Notes

1 Software Release Notes Introduction

This document describes the features in the LoadMaster Long Term Support (LTS) releases.

We recommend you fully back up the LoadMaster configuration before upgrading the software. Instructions for backing up the LoadMaster are described in within the documentation which can be found at http://kemptechnologies.com/documentation.

Installation of this software and reloading of the configuration may take up to five minutes, or possibly more, during which time the LoadMaster being upgraded is unavailable to carry traffic.

1.1 Pre-requisites

The following are recommendations for upgrading the software:

The person undertaking the upgrade should be a network administrator or someone with equivalent knowledge.

In case of issues restoring backup configurations, configuring LoadMaster or other maintenance issues, please refer to the LoadMaster documentation which can be found at http://kemptechnologies.com/documentation.

1.2 Support

If there are problems loading the software release, please contact KEMP support staff and a KEMP support Engineer will get in touch with you promptly: http://kemptechnologies.com/load-balancing-support/kemp-support

1.3 Compatible Products

LM-2000

LM-2200

LM-2400

LM-2600

LM-3600

LM-5300

LM-5305

LM-5400

LM-5000

LM-5600

LM-8000

LM-8020 (supported on version 7.1-30 and above)

LM-R320

VLM-100

VLM-200

VLM-Exchange

LM-Exchange

LoadMaster for vCloud Air

LM-3000

LM-4000

VLM-1000

VLM-2000

VLM-5000 

VLM-DR

LM for UCS B Series

LM for UCS C Series

LM for Oracle Sun x86 servers

LM for HP ProLiant servers

LoadMaster for Fujitsu Primergy

LoadMaster for Dell R-Series

LoadMaster for AWS

LoadMaster for Azure

2 Release 7.1.35.4 (Long Term Support)

Refer to the sections below for details about firmware version 7.1.35.4. This was released on 2nd August 2017.

2.1 7.1.35.4 - Feature Enhancements

Updated OpenSSH to version 7.5p1

Improvements made to support a high number of connections.

2.2 7.1.35.4 - Issues Resolved

PD-9678 Fixed an issue that was causing there to be no back-end traffic when the Web Application Firewall (WAF) was enabled.
PD-9650 Fixed an issue that was causing WAF to block the uploading of files larger than 1MB.
PD-9631

It is possible to modify the IP address of the shared IP on a VLAN interface.

PD-9438 Fixed an issue with the Drop Connections on RS failure that caused high RAM usage.
PD-9353 Fixed an issue that caused the LoadMaster to reboot when the persistence mode of a UDP syslog Virtual Service was changed.
PD-9352 Fixed an issue that caused simultaneous health check failures.
PD-9333 Removed "deprecated option" SSO manager logs.
PD-9769 Fixed a security issue with the SSO debug logs relating to the logon transcode option.
PD-9637 Mitigated against the CVE-2017-8890 vulnerability.
PD-9756 Fixed an issue with certificate authentication when using a HA pair.
PD-9569 Fixed an issue with special space characters and local LoadMaster user authentication.
PD-9806 Fixed an issue with some aclcontrol API commands.
PD-9790 The CheckPort and CheckPattern API parameters can be unset using the API.
PD-9773 Fixed an issue that showed different statuses for disabled Virtual Services in the API.

2.3 7.1.35.4 - Known Issues

PD-9770

ESP logs missing some information.

PD-9743 Issues importing some template files that have the default rule assigned.
PD-9666 Headers with underscores are not accepted by Apache 2.4.
PD-9660 The LoadMaster is changing RADIUS passwords in some scenarios.
PD-9633 Unable to set the check host with the port attached in the WUI (it works using the API or CLI).
PD-9517 Unable to authenticate some users when the password is expired and permitted groups are used.
PD-9508 ESP only verifies SAML assertions when using the root certificate.
PD-9504 Some users are experiencing issues with HA failover on Multi-Tenant LoadMaster units.
PD-9489 CPU and network usage graphs not appearing after firmware upgrade.
PD-9470 LDAP Real Server health checking is not working optimally.
PD-9453 Some Azure users are having issues licensing due to communication issues with the default gateway.
PD-9359 Some users unable to authenticate using ESP.
PD-9159 When WAF is enabled there is no traffic on the back-end in certain scenarios.
PD-8697 Some users having issues detecting the partition when using the Hardware Security Module (HSM).
PD-9768 Security issue in the SSO debug logs relating to the logon transcode option.
PD-9657 Naming a cipher set using - or + results in some issues.
PD-9643 Unable to change the IP address of a Virtual Service in an Azure LoadMaster.
PD-9604 Issues when trying to import some custom templates.
PD-9783 HA status tool tip on slave unit displays incorrect IP addresses.

PD-9758

Some users are unable to edit or access Office files from SharePoint when using SAML and KCD authentication.

PD-7157 When using WAF and KCD, all file attachments in SharePoint fail.
PD-7265 No redirection when the shared IP address is changed using the WUI.
PD-8746 If a LoadMaster licensed with WAF rules has had rules downloaded/installed and then a factory reset is performed, it is not possible to download/install WAF rules.
PD-8413 It is not possible to specify a wildcard port when creating a Virtual Service from a template.
PD-9129 The API command to backup contains an error that breaks the PowerShell wrapper connection.
PD-9779 Discrepancies between the WUI and RESTful API parameter for "Client Authentication Mode".
PD-9596 The showiface RESTful API command shows the wrong interface values in the output for interfaces that are not configured.
PD-9572 There are discrepancies displaying the location latitude/longitude parameter vales for some RESTful API commands.
PD-9570 There is a typo in the removecountry API response error message.
PD-9553 There is no API command to disable secure NTP mode.
PD-9539 Issues with the PowerShell New-GeoCluster command in a specific scenario.
PD-9525 The RESTful API returns the value of the failtime parameter in seconds, but it is set in minutes.
PD-9523 In a specific scenario, the RESTful API returns a success message when fetching a non-existing GEO FQDN.
PD-9476 There is no RESTful API command to get/list the installed custom rule data files.
PD-7156 The VSIndex parameter is missing in some API calls.
PD-9575 There are issues with some aclcontrol API commands.

3 Release 7.1.35.3

Refer to the sections below for details about firmware version 7.1.35.3. This was released on 5th April 2017.

3.1 Feature Enhancements

Updated OpenSSH version to 7.4p1.

Updated OpenSSL version to 1.0.2k to mitigate against the following vulnerabilities:

- CVE-2017-3731

- CVE-2017-3730

- CVE-2017-3732

- CVE-2016-7055

Updated BIND to version 9.10.4-P5 to mitigate against the following vulnerabilities:

- CVE-2016-9131

- CVE-2016-9147

- CVE-2016-9444

- CVE-2016-9778

Updated the Copyright Notices on the LoadMaster console and Web User Interface (WUI).

Support added for OWASP CRS 3.0 rules.

 

3.2 Issues Resolved

PD-9042 Removed brackets from IPv6 X-Forwarded-For header.
PD-8643 Increased the connection levels that cause local port exhaustion.
PD-8982 Added an option to not include netstat in backups.

PD-9075

Fixed some session management issues.

PD-8996 Fixed an issue that was causing the SSL open/opening connections limit to be reached incorrectly.
PD-8777 Fixed an issue that prevented clients from authenticating using the Edge Security Pack (ESP) in certain scenarios.
PD-8717 Fixed an issue relating to the ESP Locked_users file.
PD-8569 Stopped an unnecessary error message from being displayed when viewing log files.
PD-9120 The Virtual Service status is listed in the stats Application Program Interface (API) command.

3.3 Known Issues

PD-8009

The listcluster API command does not return a status.

PD-8298

There are some issues relating to IPv6 routing.

PD-8097

There are some issues accessing WebSocket when using Firefox and a LoadMaster.

PD-8005

There are issues with the PowerShell API that are causing errors with Microsoft Service Management Automation (SMA).

PD-8341

The MTU size is getting reset to 1500 when bonding interfaces.

PD-8305

The aslactivate API command always returns a success message even when the activation fails.

PD-8192

The Get-NetworkDNSConfiguration API command returns High Availability (HA) parameters, even when the LoadMaster is not in HA mode.

PD-7778

In some circumstances, the SSL open/opening connections limit is reached, even though there are only a few connections running.

PD-7559

It is not possible to add a comment to a block or whitelist entry in the Access Control List (ACL) when using the API.

PD-8196

There is no validation of the remote URI when enabling WAF logging using the API.

PD-8174

Clusters with a forward slash (/) in the name do not show up in the WUI.

PD-8107

It is not possible to force an NTP update using the API.

PD-8038

In some scenarios, the API is not returning the correct value for the cluster status.

PD-8014

A remote LoadMaster cluster does not respond unless the remote LoadMaster has a Virtual Service.

PD-8225

An incorrect error message is displayed when incorrect credentials are used when licensing the LoadMaster.

PD-8205

When using content rules, the LoadMaster does not match the port when trying to select a Real Server.

PD-7487

When adding a local user and the name of the user is bal, the response is correct but the response stat is invalid – it should be 400/422 or another stat, but not 200.

 

4 Release 7.1.35.2

Refer to the sections below for details about firmware version 7.1.35.2. This was released on 9th November 2016.

4.1 Issues Resolved

PD-8290

Fixed an issue that was causing browsers to execute JavaScript from warning logs.

PD-8240

Fixed an issue with IP assignment in Azure multi-arm LoadMasters.

PD-8193

Fixed a display issue with statistics.

PD-8189

Fixed an issue that allowed unauthorized API commands to be run.

PD-8188

Fixed an issue that caused errors to appear in the Virtual Service when no Web Application Firewall (WAF) rules were assigned.

PD-8187

Updated BIND to version 9.10.4-P3.

4.2 Known Issues

PD-8009

The listcluster API command does not return a status.

PD-8298

There are some issues relating to IPv6 routing.

PD-8097

There are some issues accessing WebSocket when using Firefox and a LoadMaster.

PD-8005

There are issues with the PowerShell API that are causing errors with Microsoft Service Management Automation (SMA).

PD-8341

The MTU size is getting reset to 1500 when bonding interfaces.

PD-8305

The aslactivate API command always returns a success message even when the activation fails.

PD-8192

The Get-NetworkDNSConfiguration API command returns High Availability (HA) parameters, even when the LoadMaster is not in HA mode.

PD-7778

In some circumstances, the SSL open/opening connections limit is reached, even though there are only a few connections running.

PD-7559

It is not possible to add a comment to a block or whitelist entry in the Access Control List (ACL) when using the API.

PD-8196

There is no validation of the remote URI when enabling WAF logging using the API.

PD-8174

Clusters with a forward slash (/) in the name do not show up in the WUI.

PD-8107

It is not possible to force an NTP update using the API.

PD-8038

In some scenarios, the API is not returning the correct value for the cluster status.

PD-8014

A remote LoadMaster cluster does not respond unless the remote LoadMaster has a Virtual Service.

PD-8225

An incorrect error message is displayed when incorrect credentials are used when licensing the LoadMaster.

PD-8205

When using content rules, the LoadMaster does not match the port when trying to select a Real Server.

PD-7487

When adding a local user and the name of the user is bal, the response is correct but the response stat is invalid – it should be 400/422 or another stat, but not 200.

 

Document History

 

Date

Change

Reason for Change

Ver.

Resp

Nov 2016

Release updates

Release 7.1.35.2

1.0

LB

Jan 2017

Minor update

Updated Copyright Notices

2.0

POC

Apr 2017 Release updates Release 7.1.35.3 3.0 LB
Aug 2017 Release updates Release 7.1.35.4 4.0 LB

 

Was this article helpful?

0 out of 0 found this helpful

Comments