LoadMaster 7.2.36.1 Release Notes
Refer to the sections below for details about firmware version 7.2.36.1. This was released on 17th November 2016.
New Features
The following features were added to the 7.2.36.1 release:
- Unified Capabilities Approved Product List (UC APL) updates
- The following Virtual Service application configuration templates were published:
- IBM Domino
- RabbitMQ
- Epic Medical Systems
- Pearson PowerSchool
- vSphere Platform Service Controllers (PSC)
- Apache Tomcat
- Apache HTTP
- Horizon View 7.0
- Microsoft IIS
- LoadMaster kernel update
- Additional Dell support
- Security Assertion Markup Language (SAML)-based authentication Proof of Concept (PoC)
- License type selection
- Digital signing of PowerShell Application Program Interface (API) module
- Certificate-based authentication added for the PowerShell API module
Feature Enhancements
- Enhanced special character handling for form-based Edge Security Pack (ESP) logins.
- Active File Transfer Protocol (FTP) traffic is being Network Address Translated (NATed) to the expected IP address.
- Updated the OpenSSL version to 1.0.2j.
- Updated the BIND version on the LoadMaster to 9.10.4-P3 to mitigate against the CVE-2015-5722 and CVE-2015-5986 vulnerabilities.
- Support added for Dell Broadwell hardware.
- Enhancements made to the debug checks performed when licensing fails.
- On newly created Virtual Services, transparency is disabled and Subnet Originating Requests is enabled by default.
- Improvements made to eliminate the possibility of having duplicate High Availability (HA) Virtual IDs.
- Three days after deploying a LoadMaster for Amazon Web Services (AWS), you are prompted to type your KEMP ID and password to activate your support subscription.
- Lightweight Directory Access Protocol (LDAP) health checks added.
- A header value can be copied into a custom header.
- Support added for the ModSecurity JavaScript Object Notation (JSON) log format.
- It is possible to configure the check port for the DNS health check type in the Web User Interface (WUI).
- SSL certificates, SSO settings and associated settings are now synchronized between cloud-based HA pairs.
- Added an API command to check the previous firmware version.
- The showiface API command now lists all interfaces if an interface is not specified.
- A number of diagnostic commands added to the PowerShell API module.
Issues Resolved
PD-7975 |
The newest USB drivers for keyboards are supported. |
PD-7807 |
Fixed an issue that was causing the LoadMaster to crash in a specific scenario. |
PD-7770 |
Fixed some issues relating to the GEO proximity Selection Criteria. |
PD-7376 |
Subnet Originating Requests are now respected when the LoadMaster is using a “Sorry” Server. |
PD-7939 |
Fixed an issue that was displaying incorrect Real Server statistics. |
PD-7845 |
It is possible to assign multiple Web Application Firewall (WAF) rules to a Virtual Service using the API. |
PD-8004 |
Fixed an issue with the Real Server icons. |
PD-7946 |
Fixed an issue that caused a reboot loop on Hyper-V with the Intel Skylake processor. |
PD-7937 |
A notification is displayed when the GEO cluster limit is reached. |
PD-7915 |
Fixed an issue with historical graphs. |
PD-7787 |
Fixed an issue with cloud HA synchronization. |
PD-7747 |
Fixed an issue that was causing GEO partner updates to fail. |
PD-7738 |
Stopped a spurious log message from appearing. |
PD-7729 |
Rectified a truncation issue with LinOTP-2 factor PIN. |
PD-7726 |
Fixed an issue that prevented exported templates from working when Detect Malicious Requests is enabled. |
PD-7713 |
Fixed an issue that was causing the health check status to show as unchecked in Azure HA units (even though the health check probe was working correctly). |
PD-7678 |
Fixed an issue that locked out some LoadMaster users when using HA and session management. |
PD-7578 |
Fixed an issue that prevented wildcard UDP Virtual Services from NATing the return traffic as expected. |
PD-7757 |
Fixed an issue that prevented ciphers being selected in the Microsoft Edge and Internet Explorer browsers. |
PD-7643 |
Fixed an issue that was causing the LoadMaster to enter passive mode after rebooting three times without the LoadMaster being up for more than five minutes. |
PD-7617 |
Made improvements to the boot log to make it easier to read. |
PD-7752 |
Improved RADIUS challenge-OTP handling. |
PD-7696 |
It is possible to set the Checked Port using the API. |
PD-7556 |
It is possible to set the Persistence Mode to none using the PowerShell API. |
PD-7753 |
Fixed an issue that required the port to be specified when running the Enable-SecAPIAccess and Disable-SecAPIAccess commands. |
PD-7658 |
Fixed an issue that prevented the netsonsole parameter from being set using the PowerShell API. |
PD-7656 |
Fixed an issue preventing certain values from being unset using the Set-SecRemoteAccess PowerShell API command. |
PD-7650 |
Corrected the API command for WAF commercial rule updates and installations. |
PD-7648 |
Fixed an issue preventing a custom rule data file from being uploaded using the RESTful API. |
PD-7608 |
It is possible to enable the Require SNI hostname flag using API commands. |
PD-7540 |
Fixed a misspelling in a RESTful API command. |
PD-7522 |
Improved error handling for API commands relating to GEO maps. |
PD-7516 |
It is possible to set the GEO location of “everywhere” using the API. |
PD-7565 |
The checker address can be set using the API. |
Known Issues
PD-10980 |
A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible. Further information can be found here: Mitigation For Remote Access Execution Vulnerability. |
PD-8725 |
Proximity and Location Based scheduling do not work with IPv6 source addresses. |
PD-9892 |
Application of SNORT rules does not work. |
PD-9950 |
LoadMaster VNF HA does not work on LoadMaster versions 7.1.35.n and 7.2.36.n. It does work om LoadMaster version 7.2.37 and above. |
PD-10155 |
Issue with configuration corruption causes some GEO features not to function. |
PD-8371 |
ESP SubVS connection logging is not showing Real Servers. |
PD-8341 |
The MTU size is getting reset to 1500 when bonding interfaces together. |
PD-8298 |
There are some issues relating to IPv6 routing. |
PD-8285 |
Some JavaScript appearing in the LoadMaster warn logs is being executed by the browser. |
PD-8205 |
There are some issues with content rules matching multiple requests on the same connection. |
PD-8200 |
It is not possible to manage admin certificates from the individual IP addresses of a HA pair. |
PD-8297 |
The vRealize Operations Manager Adapter setup fails if the API is disabled. |
PD-8296 |
When using the vRealize Operations Manager, the management port must be set to 443 otherwise it fails. |
PD-8399 |
The WUI help text says it is possible to set the L7 Connection Drain Time to 0 but this is not possible. Valid values range between 60 and 86400. |
PD-8192 |
There is some unnecessary output from the Get-NetworkDNSConfiguration API command. |
PD-9089 |
In some cases, after upgrading the LoadMaster firmware from version 7.1.35 to a newer firmware version, historical graphs may not display. To fix this, reset the statistic counters (System Configuration > Logging Options > System Log Files > Debug Options > Reset Statistics). |
PD-10160 |
The API commands to reset the CPU and network graphs do not work. |