LoadMaster 7.2.40.1 Release Notes
Refer to the sections below for details about firmware version 7.2.40.1. This was released on 29th November 2017.
Issues Resolved
PD-10392 |
Improved LoadMaster stability when upgrading from firmware version 7.2.39 to 7.2.40.1. |
PD-10367 |
Previously, a race condition on a connection close (local) and reset (peer) may have caused the system to become unstable. Now, protective error handling mitigates this behavior. |
PD-10258 |
Previously, HTTP Strict Transport Security (HSTS) headers were added by default during processing of responses which caused issues with some non-SSL services. Now, the behavior is configurable within the Virtual Service SSL Properties. |
PD-10249 |
Previously, non-XML/JSON payloads were not passed through the Web Application Firewall (WAF) engine for inspection, therefore avoiding potential detection of malicious content. Now, all content type payloads can be inspected based on WAF configuration options. |
PD-10191 |
Previously, IPsec connections were failing to establish due to a change in cryptography requirements. Now, connections can be established because the LoadMaster was updated to support the required cryptography. |
PD-10177 |
Previously, the HTTP/2 stack in certain web apps mishandled cookies causing inconsistent behavior in different browsers. Now, the cookie behavior is normalized for all browsers. |
PD-10114 |
Previously, the Edge Security Pack (ESP) user logs did not contain User Agent information. Now, User Agent information can be included by enabling the Include User Agent Header in User Logs check box in the L7 Configuration screen. |
Known Issues
PD-10980 |
A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible. |
PD-8725 |
Proximity and Location Based scheduling does not work with IPv6 source addresses. |
PD-9765 |
GEO does not support DNS TCP requests from unknown sources. |
PD-10155 |
Issue with configuration corruption causes some GEO features not to function. |
PD-10374 |
User credentials are shown in LDAP Endpoint health check Wireshark captures. |
PD-10355 |
There are some authentication issues with SAML when opening a second tab before authenticating. |
PD-10245 |
Extended logs can only be selected by date. |
PD-10239 |
The IPsec Pre Shared Key (PSK) is stored in plain text in backups. |
PD-10235 |
The Adaptive Agent log file is causing the disk to become full when the SDN Adaptive add-on is not enabled. |
PD-10207 |
The ESP logs need to be made more accurate. |
PD-10205 |
The ESP Form Authentication Path does not support underscores or dashes. |
PD-10197 |
The status of cluster Virtual Services and Real Servers are reported incorrectly on the home page. |
PD-9944 |
There is an incorrect character limitation on Header Modification Rules. |
PD-10409 |
WAF does not block attack requests if the POST request does not contain the "content-type" header. |
PD-10141 |
Service check interval configuration causes dropped connections. |
PD-10193 |
A WAF, ESP, and KCD configuration with Microsoft Exchange 2010 is not supported. |
PD-10126 |
Issues with cache causes connection problems. |
PD-10086 |
When selecting the 'Use for Default Gateway' option on a new interface, access to the LoadMaster WUI is lost. However, there is still access to the LoadMaster using the local IP address. |
PD-10083 |
There is an issue displaying a large number of Virtual Services/SubVSs when using SNMP. |
PD-10080 |
Failover issues occur with bonded interfaces that are configured to use the default gateway. |
PD-10042 |
WAF statistics do not get reset on Virtual Service deletion. |
PD-9854 |
WAF does not support chunked transfer encoding on the POST body. |
PD-10039 |
The HTTP/2 feature is only supported in the Internet Explorer (IE) browser. |
PD-9975 |
When testing LDAP-based users by using the Test AAA for User on the WUI Authentication and Authorization page, logs were not generated or visible in syslog. |
PD-9764 |
The LoadMaster is unable to set up an IPsec tunnel to Azure classic/Azure Resource Manager (ARM) endpoints. |
PD-8697 |
Some users are having issues detecting the partition when using the Hardware Security Module (HSM). |
PD-10188 |
When adding a Real Server to a Virtual Service or SubVS on a Safari browser, the list of available Real Servers is not available. |
PD-10131 |
Problems attaching files in SharePoint when using WAF with process response enabled and Kerberos Constrained Delegation (KCD). |
PD-10159 |
When upgrading firmware from 7.1.35.x, CPU and network usage graphs are not appearing. As a workaround, reset the statistics in the WUI. |
PD-10143 |
Access is denied when KCD, the WAF Process Responses option and the creditcard_track_pan rule are enabled. |
PD-9375 |
Microsoft Office files in SharePoint do not work in Firefox and Chrome when using SAML authentication. |
PD-10095 |
When L7 debugging is enabled, Virtual LoadMasters may reboot in certain situations. |
PD-7156 |
The VSIndex parameter is missing in some API commands. |
PD-9476 |
There is no RESTful API command to get/list the installed custom rule data files. |
PD-9525 |
The RESTful API returns the value of the failtime parameter in seconds, but it is set in minutes. |
PD-9539 |
There are issues with the PowerShell New-GeoCluster command in a specific scenario. |
PD-9553 |
There is no API command to disable secure NTP mode. |
PD-9570 |
There is a typo in the removecountry API response error message. |
PD-9572 |
There are discrepancies displaying the location latitude/longitude parameter values for some RESTful API commands. |