Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

LoadMaster 7.2.38 Release Notes

Refer to the sections below for details about firmware version 7.2.38. This was released on 3rd April 2017.

New Features

The following features were added to the 7.2.38 release:

  • Introduced a tiered subscription licensing model.
  • The following Virtual Service application configuration templates were published:
    • Zimbra
    • Deepnet DualShield
    • Luminis (Banner)

Feature Enhancements

  • Updated the OpenSSH version to 7.4p1.
  • Updated the OpenSSL version to 1.0.2k to mitigate against the following vulnerabilities:
    • CVE-2017-3731
    • CVE-2017-3730
    • CVE-2017-3732
    • CVE-2016-7055
  • The LoadMaster passes more configuration information back to KEMP.
  • Support added for OWASP CRS 3.0 rules.
  • Improved the hover text for High Availability (HA) status indicators.
  • Automated backups can use SCP and FTP.
  • Improved debugging API command XML output.

Issues Resolved

PD-8602

Logs display both the Fully Qualified Domain Name (FQDN) and IP address for Real Server messages when the FQDN is used as the Real Server.

PD-8477

Improved the icon used to indicate the default Real Server when using fixed weighting.

PD-8985

Fixed an issue with creating custom cipher sets.

PD-8983

Fixed an issue that stopped ActiveSync from working.

PD-8966

Fixed an issue with remote syslog ports.

PD-8947

Fixed an issue that was preventing compression from working with HTTP Virtual Services.

PD-8890

Fixed an issue with the Edge Security Pack (ESP) Username field.

PD-8846

Fixed a GEO issue that was giving private answers to public clients.

PD-8771

Fixed a SAML issue that was directing users to the IdP SSO URL instead of the IdP Logoff URL when logging off.

PD-8760

The LoadMaster no longer displays an incorrect message saying the Web Application Firewall (WAF) rulesets are out-of-date when, in some cases, they are not.

PD-8730

Fixed an issue preventing clients from authenticating using ESP, in some cases.

PD-8657

Fixed an issue preventing some files hosted by PowerSchool from downloading.

PD-8642

Stopped an incorrect error log being generated when an automated backup is successful.

PD-8636

Fixed an issue that showed FQDNs as enabled even if it was disabled globally.

PD-8581

Fixed an issue preventing filtered ESP logs from displaying.

PD-8568

Stopped an unnecessary error message from being displayed when viewing log files.

PD-8953

Fixed a typo in the Remote Access screen in the Web User Interface (WUI).

PD-8869

An error message appears when adding an extra port that conflicts with another Virtual Service.

PD-9031

Stopped unnecessary errors from appearing in the LoadMaster console screen.

PD-8972

Fixed a WUI issue that was not displaying the RADIUS Server(s) or RADIUS Shared Secret fields values.

PD-8772

Fixed an issue that was obstructing the serial number field in the LoadMaster console.

PD-8965

You can enable/disable TCP Multiple Connect even when the license does not have Multiple Connect.

PD-8014

Remote GEO LoadMasters are marked as up, even if they contain no Virtual Service addresses.

PD-8766

"Everywhere" only appears once in the GEO location selection.

PD-8713

Fixed an issue that was preventing some content rules from matching in certain scenarios.

PD-8882

Fixed an issue that was preventing the Real Server destination port from being set using the Application Program Interface (API).

PD-8654

Fixed an issue preventing the Use HTTP/1.1 setting from being configured using the API.

PD-8716

Improved the output of the showdomainlockedusers API command.

PD-8545

Fixed an issue with the Initialize-LoadBalancer PowerShell API command.

PD-8848

Improved error handling for the Request-KEMPLicenseOffline and Update-KEMPLicenseOffline PowerShell API commands.

PD-8988

Fixed an issue that was causing kernel panic in some scenarios.

PD-8649

Fixed an issue that prevented firmware patches from being applied when /tmp is partially full (~17%).

PD-8746

Fixed issues with downloading/installing WAF rules after doing a factory reset.

PD-8378

Improved error handling with the listvs API command.

PD-8561

Improved the response for the createbond and unbond API commands.

PD-8357

Fixed an issue with error handling when adding a new cluster using the API.

PD-8992

Improved email logging.

PD-8656

Fixed an issue with the aslactivate API command.

PD-8731

Fixed an issue with the GEO blacklist functionality.

PD-8857

Improved output of the Get-LicenseType command.

PD-8411

Fixed an issue with importing the PowerShell module file.

Known Issues

PD-10980

A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.

Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

PD-9892

Application of SNORT rules does not work.

PD-10155

Issue with configuration corruption causes some GEO features not to function.

PD-7265

When you change the Shared IP Address in a HA pair, you are not redirected to the new Shared IP Address.

PD-8413

Cannot specify wildcard port when creating a Virtual Service from a template.

PD-8725

Proximity and Location Based scheduling does not work with IPv6 source addresses.

PD-8561

No response received when running the createbond/unbond API commands, even when they are successful.

PD-8196

When using the enablewafremotelogging API command it is possible to set the remote URI to an invalid format.

PD-8118

The GEO Update Interface cannot be set using the API.

PD-8107

It is not possible to force an NTP update using the API.

PD-7613

The showiface and modiface API commands do not show the User for Cluster Checks and Use for Cluster Updates options.

PD-7156

The VS index parameter is missing from some API commands.

PD-9070

Check Interval not displaying correct value when using API

PD-9059

GEO Error Messages

PD-8881

Powershell Get-Virtualservice: the cmdlet does not return a valid PS object

PD-7265

No redirection when Shared IP is changed using the WUI

PD-10160

The API commands to reset the CPU and network graphs do not work.


Comments