LoadMaster 7.2.37.1 Release Notes
Refer to the sections below for details about firmware version 7.2.37.1. This was released on 7th February 2017.
New Features
The following features were added to the 7.2.37.1 release:
- Security Assertion Markup Language (SAML) support added.
- Edge Security Pack (ESP) form-based to form-based authentication.
- Hardware health monitoring.
- Domain Name System Security Extensions (DNSSEC) support.
- Backup improvements.
- The following Virtual Service application configuration templates were published:
- DNS
- Ellucian Luminis Portal
- NGINX server
- Aspera Server
- TFTP
- Microsoft Print Server
- Graylog server
Feature Enhancements
- Allow TLS version selection for re-encryption.
- Allow explicitly trusting of self-signed or untrusted Real Server certificates.
- Updated the kernel to mitigate against the CVE-2016-5195 vulnerability.
- PowerShell/API enhancements:
- SSO session monitoring
- HA status
- GEO partner status
- Certificate management
- Licensing
- LDAP authentication now supports search scope and Bind DN.
- LDAP query for group membership (for NTLM).
- You can set a different syslog destination port when using remote syslog servers.
- TLS1.1 and TLS1.2 are the default encryption protocols.
- Support for OCSP stapling for certificate-based client authentication.
- ESP support for password expiry detection and display of link to change.
- There is greater visibility and control over the sessions being authenticated using ESP.
- You can use Security Identifiers (SIDs) instead of canonical names for Permitted Groups in ESP.
- All LoadMasters for Azure and Amazon Web Services (AWS) have unique serial numbers.
- Updated the OpenSSL version to 1.0.2k to mitigate against the following vulnerabilities:
- CVE-2017-3731
- CVE-2017-3730
- CVE-2017-3732
- CVE-2016-7055
- CVE-2016-9131
- CVE-2016-9147
- CVE-2016-9444
- CVE-2016-9778
Issues Resolved
PD-8417 |
Removed brackets from X-Forwarded-For header. |
PD-7676 |
Increased PCRE limit from 1500 to 3000. |
PD-8010 |
Improved error message that appears when trying to create a Web Application Firewall (WAF) Virtual Service and the limit of WAF Virtual Services has already been reached. |
PD-8339 |
Enhancements made to WAF-enabled templates. |
PD-8596 |
Error log is no longer generated on a successful FTP automated backup. |
PD-8559 |
Removal of popup message when viewing log files. |
PD-8531 |
The Disable Password Form setting is working with custom image sets. |
PD-8453 |
Fixed an issue with FTP backups. |
PD-8451 |
Fixed an issue which caused a segfault in certain scenarios. |
PD-8439 |
Fixed an issue that reported errors in the logs after upgrading the firmware version on the VLM-1000 model. |
PD-8407 |
Fixed an issue which prevented the ESP client from authenticating locked users. |
PD-8371 |
ESP SubVS connection logs show Real Servers. |
PD-8341 |
The MTU size is no longer getting reset to 1500 when bonding interfaces together. |
PD-8298 |
Fixed some issues relating to IPv6 routing. |
PD-8285 |
Some JavaScript appearing in the LoadMaster warn logs is being executed by the browser. |
PD-8281 |
Resolved issue with IP address assignment in Azure multi-arm deployments. |
PD-8205 |
Fixed some issues with content rules matching multiple requests on the same connection. |
PD-8200 |
It is possible to manage admin certificates from the individual IP addresses of a HA pair. |
PD-8101 |
Fixed SAML response issue. |
PD-8097 |
Fixed some issues with accessing WebSocket when using Firefox and a LoadMaster. |
PD-8085 |
Fixed an issue that was un-setting the admin certificate for the Web User Interface (WUI) when modifying a VLAN interface. |
PD-8025 |
Graphs showing information when SDN add-on is enabled. |
PD-8006 |
Fixed an issue with the “everywhere” option when using location-based selection criteria. |
PD-7789 |
Fixed an issue that caused high CPU utilization when using the Web Application Firewall (WAF) in certain situations. |
PD-7778 |
Fixed an issue that was causing the SSL open/opening connections limit to be reached in certain circumstances, even though there were only a few connections running. |
PD-8597 |
Fixed an issue which was causing a segfault in certain situations. |
PD-8463 |
Fixed an issue which was preventing the Critical option from being set on SubVS health checks. |
PD-8399 |
Fixed API command code failure for L7 Connection Drain Time (secs). |
PD-8320 |
Fixed an issue where the SDN add-on was not passing the username and password to the HP SDN controller. |
PD-8072 |
Fixed an issue which prevented the importing of exported templates. |
PD-8430 |
Fixed LDAP endpoint behaviour for multiple servers. |
PD-8372 |
Fixed an issue with disabling SSO domain LDAP health checks. |
PD-8282 |
Fixed an issue which was causing the system to constantly report disk errors. |
PD-8114 |
Fixed an issue that reported an incorrect Virtual Service status when using ESP and the LDAP StartTLS health check fails. |
PD-8030 |
Fixed an issue which returned SNMP details even when SNMP was disabled. |
PD-8225 |
The correct error message is displayed when incorrect credentials are used when licensing the LoadMaster. |
PD-8552 |
Fixed a permissions issue which prevented users with Virtual Service permissions from changing the Virtual Service IP address and port. |
PD-8086 |
AWS Virtual LoadMasters (VLMs) now have session management enabled. |
PD-7998 |
Improved handling of admin WUI parameters. |
PD-8112 |
Fixed an issue which caused SSL re-encrypt to not function with Sorry Servers as expected. |
PD-8397 |
GEO clusters checking a Virtual Service that uses enhanced health checks reports a down status correctly. |
PD-8296 |
Allowed vRealize Operations/Orchestrator Manager to be configured for a custom management port. |
PD-8549 |
Fixed UI permissions for adding/deleting templates. |
PD-8083 |
Added new PowerShell API commands to get/set the cluster HA mode. |
PD-8005 |
Fixed issues with the PowerShell API that were causing errors with Microsoft Service Management Automation (SMA). |
PD-8192 |
Removed unnecessary output from the Get-NetworkDNSConfiguration API command. |
PD-7559 |
It is possible to add a comment to a block or whitelist entry in the Access Control List (ACL) when using the API. |
PD-8555 |
The Virtual Service status is listed in the stats API command. |
PD-8525 |
It is possible to set some parameter values to null using the Set-LmParameter PowerShell API command. |
PD-8307 |
Improved the licenseinfo API command to report TPS and throughput limits. |
PD-8305 |
Fixed failure message for the aslactivate API command. |
PD-8168 |
Fixed an issue with setting the High Availability (HA) mode using the API. |
PD-8164 |
Removed the credentials and LoadMaster port parameters from the PowerShell cmdlets URL. |
PD-8080 |
Removed unnecessary output from the Get-HAOption PowerShell API command. |
PD-8043 |
Improved the error when saving a file as a result of a PowerShell API command does not work. |
PD-8031 |
Added the LoadMaster HTTP port parameter to commands that were missing it. |
PD-7909 |
Improved error handling for the Set-GeoFQDN PowerShell API command. |
PD-8515 |
Fixed an issue which caused an error when using the FQDN for the LoadBalancer parameter on certain PowerShell API commands. |
PD-8233 |
It is possible to set the persistence mode to none when creating a new Virtual Service using the PowerShell API. |
PD-8365 |
Fixed an issue which was causing the RESTful API show domain command to list domain values even when a non-existing domain name was specified. |
PD-8363 |
Fixed an issue which prevented the getall API command from returning details if HA was not configured. |
PD-8358 |
Added success responses for the Add/Remove Cache/Compression PowerShell API commands. |
PD-8346 |
Added a delay for some PowerShell API commands to prevent the LoadMaster from closing the connection. |
PD-8236 |
Fixed a typo in the license API commands. |
PD-8009 |
The listcluster API command returns a status. |
PD-7990 |
Improved response for the Set-SecAdminAccess API command. |
PD-7958 |
Improved error handling for the New-NetworkRoute PowerShell API command. |
PD-7957 |
Fixed an issue with the Set-NetworkInterface PowerShell API command. |
PD-7956 |
Fixed an issue with the set networking PowerShell API commands. |
PD-7863 |
Fixed an issue where the RESTful API was not displaying the Disable JSON Parser and Disable XML Parser options when Inspect HTML Post Request Content is enabled. |
PD-7856 |
Fixed an issue with the RESTful API where NAT functionality did not work in a specific scenario. |
PD-7742 |
Made DNS query maximum field length value consistent in both the WUI and API (126-character maximum). |
PD-7487 |
Improved return message for addlocaluser and usersetperms API commands. |
PD-7338 |
The listclusters API command returns the correct health check port value. |
PD-6817 |
Made behaviour consistent between WUI and API when creating new Virtual Services for Azure VLMs. |
PD-8038 |
The showcluster API command returns the correct status value. |
PD-8290 |
Fixed an issue that caused browsers to execute JavaScript from warning logs. |
Known Issues
PD-10980 |
A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible. Further information can be found here: Mitigation For Remote Access Execution Vulnerability. |
PD-9892 |
Application of SNORT rules does not work. |
PD-10155 |
Issue with configuration corruption causes some GEO features not to function. |
PD-8771 |
When using SAML, users are being directed to the IdP SSO URL instead of the IdP Logoff URL when logging off. |
PD-8760 |
The LoadMaster is displaying a message saying the WAF rulesets are out-of-date when in some cases, they are not. |
PD-8730 |
In some cases, clients are unable to authenticate using ESP. |
PD-8746 |
Issues downloading/installing WAF rules after doing a factory reset. |
PD-8413 |
Cannot specify wildcard port when creating a Virtual Service from a template. |
PD-8766 |
“Everywhere” shows up twice in location selection. |
PD-8725 |
Proximity and Location Based scheduling does not work with IPv6 source addresses. |
PD-8014 |
A remote LoadMaster cluster does not respond unless the remote LoadMaster has a Virtual Service. |
PD-8357 |
Minor issue with error handling when adding a new cluster using the API. |
PD-8196 |
When using the enablewafremotelogging API command it is possible to set the remote URI to an invalid format. |
PD-8118 |
The GEO Update Interface cannot be set using the API. |
PD-7613 |
The showiface and modiface API commands do not show the User for Cluster Checks and Use for Cluster Updates options. |
PD-7156 |
The VS index parameter is missing from some API commands. |
PD-8378 |
The listvs command fails incorrectly when given bad data. |
PD-8716 |
Locked users are displayed in a format which is not easily readable when running the showdomainlockedusers API command. |
PD-8561 |
No response received when running the createbond/unbond API commands, even when they are successful. |
PD-8649 |
When /tmp is partially full (~17%), the LoadMaster is unable to apply a firmware patch using the API. |
PD-10160 |
The API commands to reset the CPU and network graphs do not work. |