Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

LoadMaster 7.2.41.2 Release Notes

Refer to the sections below for details about firmware version 7.2.41.2. This was released on 23rd March 2018.

New Features

The following feature was added to the 7.2.41.2 release:

  • Added support for the new LM-X series of LoadMaster hardware.

Issues Resolved

PD-10980

Previously, a critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.
Now, this vulnerability has been mitigated against with more stringent security checks. Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

Known Issues

PD-10193

Using WAF with ESP and KCD is not supported with Microsoft Exchange 2010.

PD-9854

WAF does not support chunked transfer encoding on the POST body.

PD-9765

GEO does not support DNS TCP requests from unknown sources.

PD-8697

Some users are experiencing issues detecting the partition when using the Hardware Security Module (HSM).

PD-9375

Microsoft Office files in SharePoint do not work in Firefox and Chrome when using SAML authentication.

PD-9649

Some users are experiencing a SAML error "Could not base64 decode the SAMLResp".

PD-9821

Some high memory usage has been observed.

PD-10129

There is a discrepancy in validation between global-level connection timeout and Virtual Service-level timeout.

PD-10131

There are some problems attaching files in SharePoint when using WAF with Process Responses enabled and Kerberos Constrained Delegation (KCD).

PD-10149

It has been observed that Alternative Domain selection and handling is not always reliable. While an Alternative Domain may be selected appropriately, the Virtual Service association is not always consistent. As a result, Form Based Authentication (FBA) on the server side is not triggered when expected. Furthermore, some characters are not permitted to be included in the server side FBA post to the Real Server.

PD-10159

When upgrading firmware from version 7.1.35.n, CPU and network usage graphs are not appearing. As a workaround, reset the statistics in the WUI.

PD-10188

When adding a Real Server to a Virtual Service or SubVS on a Safari browser, the list of available Real Servers is not available.

PD-10197

Cluster Virtual Service and Real Server home page statistics are reported incorrectly.

PD-10207

The ESP LDAP logs need to be enhanced.

PD-10259

When under load, WAF does not read all of the Real Server responses and closes the connection prematurely.

PD-10332

When you try to add a duplicate VLAN ID/VXLAN ID, text saying "Duplicate VLAN id/VXLAN id Cache-Control: no-cache" appears in the WUI.

PD-10381

Removing Application Generic rule sets from the Virtual Service causes WAF misconfiguration.

PD-10445

Some websites do not work when the WAF Process Responses option is enabled.

PD-10455

Amazon Web Services (AWS) cannot use the admin certificate after a reboot.

PD-10474

A SNORT rule is triggering a false positive in certain scenarios.

PD-10478

Custom SSO image set is not displaying in the SSO Image Set drop-down list after the ESP SSO configuration is restored from a backup.

PD-10488

Occasionally WAF is getting stopped with an "errno 24" error.

PD-10525

Some users are experiencing WAF read errors when connections are closing.

PD-10538

Cannot create body rules when single quotes are in separate capture groups.

PD-10545

Virtual LoadMasters become inaccessible on Azure cloud when the WUI is moved to NIC-1.

PD-10572

The extended log view fails when the selected range is in different years.

PD-10584

There are some SAML User Principal Name (UPN) and SAM-Account-Name interaction issues.

PD-10590

Automatic WAF rule downloads are not working on the second HA node even if it is active.

PD-10616

When WAF Process Responses is enabled, the response is cut.

PD-10627

There are issues when replacing clustered nodes.

PD-10702

There are spurious KCD credentials expired log messages.

PD-10586

If a GEO FQDN is configured with All Available as the Selection Criteria, IPs are returned even if the cluster is disabled.

PD-10155

An issue with configuration corruption is causing some GEO features to not function.

PD-8725

Proximity and Location Based scheduling do not work with IPv6 source addresses.

PD-8853

Location Based failover does not work as expected.

PD-7156

The VSIndex parameter is missing in some API commands.

PD-9476

There is no RESTful API command to get/list the installed custom rule data files.

PD-9507

Unable to add an SDN controller using the RESTful API/WUI in a specific scenario.

PD-9553

There is no API command to disable secure NTP mode.

PD-9816

There is an API command to list individual rules in a ruleset, but there is no command to list the available rulesets themselves.

PD-9947

Virtual Services/Real Servers can report as "Up" in the API even if SubVSs are disabled.

PD-10363

The PowerShell API is missing the ServerFbaPath and ServerFBAPost parameters.

PD-10421

Setting options for the syslog server settings multiple times for different levels using the API causes events to repeat.

PD-10490

The vsremovewafrule RESTful API command does not allow multiple rules to be removed.

PD-10577

Some API calls are failing due to NULL pointers.

PD-10598

There is no PowerShell API parameter to modify the IdP Certificate Match option.


Comments