Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

LoadMaster 7.2.37.1 Release Notes

Refer to the sections below for details about firmware version 7.2.37.1. This was released on 7th February 2017.

New Features

The following features were added to the 7.2.37.1 release:

  • Security Assertion Markup Language (SAML) support added.
  • Edge Security Pack (ESP) form-based to form-based authentication.
  • Hardware health monitoring.
  • Domain Name System Security Extensions (DNSSEC) support.
  • Backup improvements.
  • The following Virtual Service application configuration templates were published:
    • DNS
    • Ellucian Luminis Portal
    • NGINX server
    • Aspera Server
    • TFTP
    • Microsoft Print Server
    • Graylog server

Feature Enhancements

  • Allow TLS version selection for re-encryption.
  • Allow explicitly trusting of self-signed or untrusted Real Server certificates.
  • Updated the kernel to mitigate against the CVE-2016-5195 vulnerability.
  • PowerShell/API enhancements:
    • SSO session monitoring
    • HA status
    • GEO partner status
    • Certificate management
    • Licensing
  • LDAP authentication now supports search scope and Bind DN.
  • LDAP query for group membership (for NTLM).
  • You can set a different syslog destination port when using remote syslog servers.
  • TLS1.1 and TLS1.2 are the default encryption protocols.
  • Support for OCSP stapling for certificate-based client authentication.
  • ESP support for password expiry detection and display of link to change.
  • There is greater visibility and control over the sessions being authenticated using ESP.
  • You can use Security Identifiers (SIDs) instead of canonical names for Permitted Groups in ESP.
  • All LoadMasters for Azure and Amazon Web Services (AWS) have unique serial numbers.
  • Updated the OpenSSL version to 1.0.2k to mitigate against the following vulnerabilities:
    • CVE-2017-3731
    • CVE-2017-3730
    • CVE-2017-3732
    • CVE-2016-7055
    • CVE-2016-9131
    • CVE-2016-9147
    • CVE-2016-9444
    • CVE-2016-9778

Issues Resolved

PD-8417

Removed brackets from X-Forwarded-For header.

PD-7676

Increased PCRE limit from 1500 to 3000.

PD-8010

Improved error message that appears when trying to create a Web Application Firewall (WAF) Virtual Service and the limit of WAF Virtual Services has already been reached.

PD-8339

Enhancements made to WAF-enabled templates.

PD-8596

Error log is no longer generated on a successful FTP automated backup.

PD-8559

Removal of popup message when viewing log files.

PD-8531

The Disable Password Form setting is working with custom image sets.

PD-8453

Fixed an issue with FTP backups.

PD-8451

Fixed an issue which caused a segfault in certain scenarios.

PD-8439

Fixed an issue that reported errors in the logs after upgrading the firmware version on the VLM-1000 model.

PD-8407

Fixed an issue which prevented the ESP client from authenticating locked users.

PD-8371

ESP SubVS connection logs show Real Servers.

PD-8341

The MTU size is no longer getting reset to 1500 when bonding interfaces together.

PD-8298

Fixed some issues relating to IPv6 routing.

PD-8285

Some JavaScript appearing in the LoadMaster warn logs is being executed by the browser.

PD-8281

Resolved issue with IP address assignment in Azure multi-arm deployments.

PD-8205

Fixed some issues with content rules matching multiple requests on the same connection.

PD-8200

It is possible to manage admin certificates from the individual IP addresses of a HA pair.

PD-8101

Fixed SAML response issue.

PD-8097

Fixed some issues with accessing WebSocket when using Firefox and a LoadMaster.

PD-8085

Fixed an issue that was un-setting the admin certificate for the Web User Interface (WUI) when modifying a VLAN interface.

PD-8025

Graphs showing information when SDN add-on is enabled.

PD-8006

Fixed an issue with the “everywhere” option when using location-based selection criteria.

PD-7789

Fixed an issue that caused high CPU utilization when using the Web Application Firewall (WAF) in certain situations.

PD-7778

Fixed an issue that was causing the SSL open/opening connections limit to be reached in certain circumstances, even though there were only a few connections running.

PD-8597

Fixed an issue which was causing a segfault in certain situations.

PD-8463

Fixed an issue which was preventing the Critical option from being set on SubVS health checks.

PD-8399

Fixed API command code failure for L7 Connection Drain Time (secs).

PD-8320

Fixed an issue where the SDN add-on was not passing the username and password to the HP SDN controller.

PD-8072

Fixed an issue which prevented the importing of exported templates.

PD-8430

Fixed LDAP endpoint behaviour for multiple servers.

PD-8372

Fixed an issue with disabling SSO domain LDAP health checks.

PD-8282

Fixed an issue which was causing the system to constantly report disk errors.

PD-8114

Fixed an issue that reported an incorrect Virtual Service status when using ESP and the LDAP StartTLS health check fails.

PD-8030

Fixed an issue which returned SNMP details even when SNMP was disabled.

PD-8225

The correct error message is displayed when incorrect credentials are used when licensing the LoadMaster.

PD-8552

Fixed a permissions issue which prevented users with Virtual Service permissions from changing the Virtual Service IP address and port.

PD-8086

AWS Virtual LoadMasters (VLMs) now have session management enabled.

PD-7998

Improved handling of admin WUI parameters.

PD-8112

Fixed an issue which caused SSL re-encrypt to not function with Sorry Servers as expected.

PD-8397

GEO clusters checking a Virtual Service that uses enhanced health checks reports a down status correctly.

PD-8296

Allowed vRealize Operations/Orchestrator Manager to be configured for a custom management port.

PD-8549

Fixed UI permissions for adding/deleting templates.

PD-8083

Added new PowerShell API commands to get/set the cluster HA mode.

PD-8005

Fixed issues with the PowerShell API that were causing errors with Microsoft Service Management Automation (SMA).

PD-8192

Removed unnecessary output from the Get-NetworkDNSConfiguration API command.

PD-7559

It is possible to add a comment to a block or whitelist entry in the Access Control List (ACL) when using the API.

PD-8555

The Virtual Service status is listed in the stats API command.

PD-8525

It is possible to set some parameter values to null using the Set-LmParameter PowerShell API command.

PD-8307

Improved the licenseinfo API command to report TPS and throughput limits.

PD-8305

Fixed failure message for the aslactivate API command.

PD-8168

Fixed an issue with setting the High Availability (HA) mode using the API.

PD-8164

Removed the credentials and LoadMaster port parameters from the PowerShell cmdlets URL.

PD-8080

Removed unnecessary output from the Get-HAOption PowerShell API command.

PD-8043

Improved the error when saving a file as a result of a PowerShell API command does not work.

PD-8031

Added the LoadMaster HTTP port parameter to commands that were missing it.

PD-7909

Improved error handling for the Set-GeoFQDN PowerShell API command.

PD-8515

Fixed an issue which caused an error when using the FQDN for the LoadBalancer parameter on certain PowerShell API commands.

PD-8233

It is possible to set the persistence mode to none when creating a new Virtual Service using the PowerShell API.

PD-8365

Fixed an issue which was causing the RESTful API show domain command to list domain values even when a non-existing domain name was specified.

PD-8363

Fixed an issue which prevented the getall API command from returning details if HA was not configured.

PD-8358

Added success responses for the Add/Remove Cache/Compression PowerShell API commands.

PD-8346

Added a delay for some PowerShell API commands to prevent the LoadMaster from closing the connection.

PD-8236

Fixed a typo in the license API commands.

PD-8009

The listcluster API command returns a status.

PD-7990

Improved response for the Set-SecAdminAccess API command.

PD-7958

Improved error handling for the New-NetworkRoute PowerShell API command.

PD-7957

Fixed an issue with the Set-NetworkInterface PowerShell API command.

PD-7956

Fixed an issue with the set networking PowerShell API commands.

PD-7863

Fixed an issue where the RESTful API was not displaying the Disable JSON Parser and Disable XML Parser options when Inspect HTML Post Request Content is enabled.

PD-7856

Fixed an issue with the RESTful API where NAT functionality did not work in a specific scenario.

PD-7742

Made DNS query maximum field length value consistent in both the WUI and API (126-character maximum).

PD-7487

Improved return message for addlocaluser and usersetperms API commands.

PD-7338

The listclusters API command returns the correct health check port value.

PD-6817

Made behaviour consistent between WUI and API when creating new Virtual Services for Azure VLMs.

PD-8038

The showcluster API command returns the correct status value.

PD-8290

Fixed an issue that caused browsers to execute JavaScript from warning logs.

Known Issues

PD-10980

A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.

Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

PD-9892

Application of SNORT rules does not work.

PD-10155

Issue with configuration corruption causes some GEO features not to function.

PD-8771

When using SAML, users are being directed to the IdP SSO URL instead of the IdP Logoff URL when logging off.

PD-8760

The LoadMaster is displaying a message saying the WAF rulesets are out-of-date when in some cases, they are not.

PD-8730

In some cases, clients are unable to authenticate using ESP.

PD-8746

Issues downloading/installing WAF rules after doing a factory reset.

PD-8413

Cannot specify wildcard port when creating a Virtual Service from a template.

PD-8766

“Everywhere” shows up twice in location selection.

PD-8725

Proximity and Location Based scheduling does not work with IPv6 source addresses.

PD-8014

A remote LoadMaster cluster does not respond unless the remote LoadMaster has a Virtual Service.

PD-8357

Minor issue with error handling when adding a new cluster using the API.

PD-8196

When using the enablewafremotelogging API command it is possible to set the remote URI to an invalid format.

PD-8118

The GEO Update Interface cannot be set using the API.

PD-7613

The showiface and modiface API commands do not show the User for Cluster Checks and Use for Cluster Updates options.

PD-7156

The VS index parameter is missing from some API commands.

PD-8378

The listvs command fails incorrectly when given bad data.

PD-8716

Locked users are displayed in a format which is not easily readable when running the showdomainlockedusers API command.

PD-8561

No response received when running the createbond/unbond API commands, even when they are successful.

PD-8649

When /tmp is partially full (~17%), the LoadMaster is unable to apply a firmware patch using the API.

PD-10160

The API commands to reset the CPU and network graphs do not work.


Comments