LoadMaster 7.2.36.1 Release Notes

Refer to the sections below for details about firmware version 7.2.36.1. This was released on 17th November 2016.

7.2.36.1 - New Features

The following features were added to the 7.2.36.1 release:

  • Unified Capabilities Approved Product List (UC APL) updates
  • The following Virtual Service application configuration templates were published:
    • IBM Domino
    • RabbitMQ
    • Epic Medical Systems
    • Pearson PowerSchool
    • vSphere Platform Service Controllers (PSC)
    • Apache Tomcat
    • Apache HTTP
    • Horizon View 7.0
    • Microsoft IIS
  • LoadMaster kernel update
  • Additional Dell support
  • Security Assertion Markup Language (SAML)-based authentication Proof of Concept (PoC)
  • License type selection
  • Digital signing of PowerShell Application Program Interface (API) module
  • Certificate-based authentication added for the PowerShell API module

7.2.36.1 - Feature Enhancements

  • Enhanced special character handling for form-based Edge Security Pack (ESP) logins.
  • Active File Transfer Protocol (FTP) traffic is being Network Address Translated (NATed) to the expected IP address.
  • Updated the OpenSSL version to 1.0.2j.
  • Updated the BIND version on the LoadMaster to 9.10.4-P3 to mitigate against the CVE-2015-5722 and CVE-2015-5986 vulnerabilities.
  • Support added for Dell Broadwell hardware.
  • Enhancements made to the debug checks performed when licensing fails.
  • On newly created Virtual Services, transparency is disabled and Subnet Originating Requests is enabled by default.
  • Improvements made to eliminate the possibility of having duplicate High Availability (HA) Virtual IDs.
  • Three days after deploying a LoadMaster for Amazon Web Services (AWS), you are prompted to type your KEMP ID and password to activate your support subscription.
  • Lightweight Directory Access Protocol (LDAP) health checks added.
  • A header value can be copied into a custom header.
  • Support added for the ModSecurity JavaScript Object Notation (JSON) log format.
  • It is possible to configure the check port for the DNS health check type in the Web User Interface (WUI).
  • SSL certificates, SSO settings and associated settings are now synchronized between cloud-based HA pairs.
  • Added an API command to check the previous firmware version.
  • The showiface API command now lists all interfaces if an interface is not specified.
  • A number of diagnostic commands added to the PowerShell API module.

7.2.36.1 - Issues Resolved

PD-7975

The newest USB drivers for keyboards are supported.

PD-7807

Fixed an issue that was causing the LoadMaster to crash in a specific scenario.

PD-7770

Fixed some issues relating to the GEO proximity Selection Criteria.

PD-7376

Subnet Originating Requests are now respected when the LoadMaster is using a “Sorry” Server.

PD-7939

Fixed an issue that was displaying incorrect Real Server statistics.

PD-7845

It is possible to assign multiple Web Application Firewall (WAF) rules to a Virtual Service using the API.

PD-8004

Fixed an issue with the Real Server icons.

PD-7946

Fixed an issue that caused a reboot loop on Hyper-V with the Intel Skylake processor.

PD-7937

A notification is displayed when the GEO cluster limit is reached.

PD-7915

Fixed an issue with historical graphs.

PD-7787

Fixed an issue with cloud HA synchronization.

PD-7747

Fixed an issue that was causing GEO partner updates to fail.

PD-7738

Stopped a spurious log message from appearing.

PD-7729

Rectified a truncation issue with LinOTP-2 factor PIN.

PD-7726

Fixed an issue that prevented exported templates from working when Detect Malicious Requests is enabled.

PD-7713

Fixed an issue that was causing the health check status to show as unchecked in Azure HA units (even though the health check probe was working correctly).

PD-7678

Fixed an issue that locked out some LoadMaster users when using HA and session management.

PD-7578

Fixed an issue that prevented wildcard UDP Virtual Services from NATing the return traffic as expected.

PD-7757

Fixed an issue that prevented ciphers being selected in the Microsoft Edge and Internet Explorer browsers.

PD-7643

Fixed an issue that was causing the LoadMaster to enter passive mode after rebooting three times without the LoadMaster being up for more than five minutes.

PD-7617

Made improvements to the boot log to make it easier to read.

PD-7752

Improved RADIUS challenge-OTP handling.

PD-7696

It is possible to set the Checked Port using the API.

PD-7556

It is possible to set the Persistence Mode to none using the PowerShell API.

PD-7753

Fixed an issue that required the port to be specified when running the Enable-SecAPIAccess and Disable-SecAPIAccess commands.

PD-7658

Fixed an issue that prevented the netsonsole parameter from being set using the PowerShell API.

PD-7656

Fixed an issue preventing certain values from being unset using the Set-SecRemoteAccess PowerShell API command.

PD-7650

Corrected the API command for WAF commercial rule updates and installations.

PD-7648

Fixed an issue preventing a custom rule data file from being uploaded using the RESTful API.

PD-7608

It is possible to enable the Require SNI hostname flag using API commands.

PD-7540

Fixed a misspelling in a RESTful API command.

PD-7522

Improved error handling for API commands relating to GEO maps.

PD-7516

It is possible to set the GEO location of “everywhere” using the API.

PD-7565

The checker address can be set using the API.

7.2.36.1 - Known Issues

PD-10980

A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.

Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

PD-8725

Proximity and Location Based scheduling do not work with IPv6 source addresses.

PD-9892

Application of SNORT rules does not work.

PD-9950

LoadMaster VNF HA does not work on LoadMaster versions 7.1.35.n and 7.2.36.n. It does work om LoadMaster version 7.2.37 and above.

PD-10155

Issue with configuration corruption causes some GEO features not to function.

PD-8371

ESP SubVS connection logging is not showing Real Servers.

PD-8341

The MTU size is getting reset to 1500 when bonding interfaces together.

PD-8298

There are some issues relating to IPv6 routing.

PD-8285

Some JavaScript appearing in the LoadMaster warn logs is being executed by the browser.

PD-8205

There are some issues with content rules matching multiple requests on the same connection.

PD-8200

It is not possible to manage admin certificates from the individual IP addresses of a HA pair.

PD-8297

The vRealize Operations Manager Adapter setup fails if the API is disabled.

PD-8296

When using the vRealize Operations Manager, the management port must be set to 443 otherwise it fails.

PD-8399

The WUI help text says it is possible to set the L7 Connection Drain Time to 0 but this is not possible. Valid values range between 60 and 86400.

PD-8192

There is some unnecessary output from the Get-NetworkDNSConfiguration API command.

PD-9089

In some cases, after upgrading the LoadMaster firmware from version 7.1.35 to a newer firmware version, historical graphs may not display. To fix this, reset the statistic counters (System Configuration > Logging Options > System Log Files > Debug Options > Reset Statistics).

PD-10160

The API commands to reset the CPU and network graphs do not work.

Was this article helpful?

0 out of 0 found this helpful

Comments