Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

LoadMaster 7.1.35.6 Release Notes

Refer to the sections below for details about firmware version 7.1.35.6.

Feature Enhancements

  • Addressed a critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management where an unauthenticated, remote attacker could bypass security protections, gain system privileges, execute elevated commands, and expose certain sensitive system data, such as certificates and private keys. This vulnerability was partially addressed in 7.1.35.5. The expanded scope of this vulnerability, covering exploitation through injection of arbitrary executable commands in cookies, is addressed in this release.

Known Issues

PD-10241

Unable to patch upgrade using the Application Program Interface (API) to newer versions of the LoadMaster.

PD-10138

Only text/XML and application/JSON content types are supported with the Inspect HTML POST Request Content feature.

PD-10192

The LoadMaster is unable to set up an IPsec tunnel to Azure classic/Azure Resource Manager (ARM) endpoints.

PD-10187

Web Application Firewall (WAF) statistics do not get reset on Virtual Service deletion.

PD-10184

An issue exists which prevents some users from accessing some Virtual Services when using WAF.

PD-10183

WAF does not block the response, even when the Process Responses option is enabled on the Virtual Service.

PD-10182

Enabling WAF on a Virtual Service with no rules applied causes a specific web feature to fail.

PD-10181

When an HTTP response contains a status of HTTP/1.1 500 Internal Server Error and the location header is populated, the response to the client is dropped and the client sees nothing.

PD-10180

High CPU utilization can be seen when using WAF in certain situations.

PD-9976

An issue occurs preventing Layer7 from initializing when processing SNORT rules.

PD-9953

A security issue exists causing the initial boot password to be written in the Azure Virtual LoadMaster logs.

PD-9777

Issues can occur when using the license API if the timezone on the LoadMaster is set to GMT-X.

PD-9950

LoadMaster VNF HA does not work on LoadMaster versions 7.1.35.n and 7.2.36.n. It does work on LoadMaster version 7.2.37 and above.

PD-10155

Issue with configuration corruption causes some GEO features not to function.

PD-9901

HA does not work with LTS VNF 7.1.35.4 on the Multi-Tenant LoadMaster.

PD-9770

ESP logs missing some information.

PD-9743

Issues importing some template files that have the default rule assigned.

PD-9666

Headers with underscores are not accepted by Apache 2.4.

PD-9660

The LoadMaster is changing RADIUS passwords in some scenarios.

PD-9633

Unable to set the check host with the port attached in the WUI (it works using the API or CLI).

PD-9517

Unable to authenticate some users when the password is expired and permitted groups are used.

PD-9508

ESP only verifies SAML assertions when using the root certificate.

PD-9504

Some users are experiencing issues with HA failover on Multi-Tenant LoadMaster units.

PD-10159

CPU and network usage graphs are not appearing after firmware upgrade. Resetting the statistic counters does not clear the graph data.

PD-9470

LDAP Real Server health checking is not working optimally.

PD-9453

Some Azure users are having issues licensing due to communication issues with the default gateway.

PD-9359

Some users are unable to authenticate using ESP.

PD-9159

When WAF is enabled there is no traffic on the back-end in certain scenarios.

PD-8697

Some users are having issues detecting the partition when using the Hardware Security Module (HSM).

PD-9768

Security issue in the SSO debug logs relating to the logon transcode option.

PD-9657

Naming a cipher set using - or + results in some issues.

PD-9643

Unable to change the IP address of a Virtual Service in an Azure LoadMaster.

PD-9604

Issues when trying to import some custom templates.

PD-9783

HA status tool tip on slave unit displays incorrect IP addresses.

PD-9758

Some users are unable to edit or access Office files from SharePoint when using SAML and KCD authentication.

PD-7157

When using WAF and KCD, all file attachments in SharePoint fail.

PD-7265

No redirection when the shared IP address is changed using the WUI.

PD-8746

If a LoadMaster licensed with WAF rules has had rules downloaded/installed and then a factory reset is performed, it is not possible to download/install WAF rules.

PD-8413

It is not possible to specify a wildcard port when creating a Virtual Service from a template.

PD-9129

The API command to backup contains an error that breaks the PowerShell wrapper connection.

PD-9779

Discrepancies between the WUI and RESTful API parameter for "Client Authentication Mode".

PD-9596

The showiface RESTful API command shows the wrong interface values in the output for interfaces that are not configured.

PD-9572

There are discrepancies displaying the location latitude/longitude parameter values for some RESTful API commands.

PD-9570

There is a typo in the removecountry API response error message.

PD-9553

There is no API command to disable secure NTP mode.

PD-9539

Issues with the PowerShell New-GeoCluster command in a specific scenario.

PD-9525

The RESTful API returns the value of the failtime parameter in seconds, but it is set in minutes.

PD-9523

In a specific scenario, the RESTful API returns a success message when fetching a non-existing GEO FQDN.

PD-9476

There is no RESTful API command to get/list the installed custom rule data files.

PD-7156

The VSIndex parameter is missing in some API calls.

PD-9575

There are issues with some aclcontrol API commands.

PD-10160

The API commands to reset the CPU and network graphs do not work.

 


Comments