LoadMaster 7.2.40.1 Release Notes

The following issues have been resolved in this hotfix release. If you require this LoadMaster firmware version please contact KEMP Customer Support at https://support.kemptechnologies.com/hc/en-us/requests/new

Refer to the sections below for details about firmware version 7.2.40.1.

7.2.40.1 - Issues Resolved

PD-10392

Improved LoadMaster stability when upgrading from firmware version 7.2.39 to 7.2.40.1.

PD-10367

Previously, a race condition on a connection close (local) and reset (peer) may have caused the system to become unstable. Now, protective error handling mitigates this behavior.

PD-10258

Previously, HTTP Strict Transport Security (HSTS) headers were added by default during processing of responses which caused issues with some non-SSL services. Now, the behavior is configurable within the Virtual Service SSL Properties.

PD-10249

Previously, non-XML/JSON payloads were not passed through the Web Application Firewall (WAF) engine for inspection, therefore avoiding potential detection of malicious content. Now, all content type payloads can be inspected based on WAF configuration options.

PD-10191

Previously, IPsec connections were failing to establish due to a change in cryptography requirements. Now, connections can be established because the LoadMaster was updated to support the required cryptography.

PD-10177

Previously, the HTTP/2 stack in certain web apps mishandled cookies causing inconsistent behavior in different browsers. Now, the cookie behavior is normalized for all browsers.

PD-10114

Previously, the Edge Security Pack (ESP) user logs did not contain User Agent information. Now, User Agent information can be included by enabling the Include User Agent Header in User Logs check box in the L7 Configuration screen.

7.2.40.1 - Known Issues

PD-10980

A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.
Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

PD-8725

Proximity and Location Based scheduling does not work with IPv6 source addresses.

PD-9765

GEO does not support DNS TCP requests from unknown sources.

PD-10155

Issue with configuration corruption causes some GEO features not to function.

PD-10374

User credentials are shown in LDAP Endpoint health check Wireshark captures.

PD-10355

There are some authentication issues with SAML when opening a second tab before authenticating.

PD-10245

Extended logs can only be selected by date.

PD-10239

The IPsec Pre Shared Key (PSK) is stored in plain text in backups.

PD-10235

The Adaptive Agent log file is causing the disk to become full when the SDN Adaptive add-on is not enabled.

PD-10207

The ESP logs need to be made more accurate.

PD-10205

The ESP Form Authentication Path does not support underscores or dashes.

PD-10197

The status of cluster Virtual Services and Real Servers are reported incorrectly on the home page.

PD-9944

There is an incorrect character limitation on Header Modification Rules.

PD-10409

WAF does not block attack requests if the POST request does not contain the "content-type" header.

PD-10141

Service check interval configuration causes dropped connections.

PD-10193

A WAF, ESP, and KCD configuration with Microsoft Exchange 2010 is not supported.

PD-10126

Issues with cache causes connection problems.

PD-10086

When selecting the 'Use for Default Gateway' option on a new interface, access to the LoadMaster WUI is lost. However, there is still access to the LoadMaster using the local IP address.

PD-10083

There is an issue displaying a large number of Virtual Services/SubVSs when using SNMP.

PD-10080

Failover issues occur with bonded interfaces that are configured to use the default gateway.

PD-10042

WAF statistics do not get reset on Virtual Service deletion.

PD-10040

WAF does not support chunked transfer encoding on the POST body.

PD-10039

The HTTP/2 feature is only supported in the Internet Explorer (IE) browser.

PD-9975

When testing LDAP-based users by using the Test AAA for User on the WUI Authentication and Authorization page, logs were not generated or visible in syslog.

PD-9764

The LoadMaster is unable to set up an IPsec tunnel to Azure classic/Azure Resource Manager (ARM) endpoints.

PD-8697

Some users are having issues detecting the partition when using the Hardware Security Module (HSM).

PD-10188

When adding a Real Server to a Virtual Service or SubVS on a Safari browser, the list of available Real Servers is not available.

PD-10131

Problems attaching files in SharePoint when using WAF with process response enabled and Kerberos Constrained Delegation (KCD).

PD-10159

When upgrading firmware from 7.1.35.x, CPU and network usage graphs are not appearing. As a workaround, reset the statistics in the WUI.

PD-10143

Access is denied when KCD, the WAF Process Responses option and the creditcard_track_pan rule are enabled.

PD-9375

Microsoft Office files in SharePoint do not work in Firefox and Chrome when using SAML authentication.

PD-10095

When L7 debugging is enabled, Virtual LoadMasters may reboot in certain situations.

PD-7156

The VSIndex parameter is missing in some API commands.

PD-9476

There is no RESTful API command to get/list the installed custom rule data files.

PD-9525

The RESTful API returns the value of the failtime parameter in seconds, but it is set in minutes.

PD-9539

There are issues with the PowerShell New-GeoCluster command in a specific scenario.

PD-9553

There is no API command to disable secure NTP mode.

PD-9570

There is a typo in the removecountry API response error message.

PD-9572

There are discrepancies displaying the location latitude/longitude parameter values for some RESTful API commands.

Was this article helpful?

0 out of 0 found this helpful

Comments