LoadMaster 7.2.38 Release Notes
Refer to the sections below for details about firmware version 7.2.38. This was released on 3rd April 2017.
New Features
The following features were added to the 7.2.38 release:
- Introduced a tiered subscription licensing model.
- The following Virtual Service application configuration templates were published:
- Zimbra
- Deepnet DualShield
- Luminis (Banner)
Feature Enhancements
- Updated the OpenSSH version to 7.4p1.
- Updated the OpenSSL version to 1.0.2k to mitigate against the following vulnerabilities:
- CVE-2017-3731
- CVE-2017-3730
- CVE-2017-3732
- CVE-2016-7055
- The LoadMaster passes more configuration information back to KEMP.
- Support added for OWASP CRS 3.0 rules.
- Improved the hover text for High Availability (HA) status indicators.
- Automated backups can use SCP and FTP.
- Improved debugging API command XML output.
Issues Resolved
PD-8602 |
Logs display both the Fully Qualified Domain Name (FQDN) and IP address for Real Server messages when the FQDN is used as the Real Server. |
PD-8477 |
Improved the icon used to indicate the default Real Server when using fixed weighting. |
PD-8985 |
Fixed an issue with creating custom cipher sets. |
PD-8983 |
Fixed an issue that stopped ActiveSync from working. |
PD-8966 |
Fixed an issue with remote syslog ports. |
PD-8947 |
Fixed an issue that was preventing compression from working with HTTP Virtual Services. |
PD-8890 |
Fixed an issue with the Edge Security Pack (ESP) Username field. |
PD-8846 |
Fixed a GEO issue that was giving private answers to public clients. |
PD-8771 |
Fixed a SAML issue that was directing users to the IdP SSO URL instead of the IdP Logoff URL when logging off. |
PD-8760 |
The LoadMaster no longer displays an incorrect message saying the Web Application Firewall (WAF) rulesets are out-of-date when, in some cases, they are not. |
PD-8730 |
Fixed an issue preventing clients from authenticating using ESP, in some cases. |
PD-8657 |
Fixed an issue preventing some files hosted by PowerSchool from downloading. |
PD-8642 |
Stopped an incorrect error log being generated when an automated backup is successful. |
PD-8636 |
Fixed an issue that showed FQDNs as enabled even if it was disabled globally. |
PD-8581 |
Fixed an issue preventing filtered ESP logs from displaying. |
PD-8568 |
Stopped an unnecessary error message from being displayed when viewing log files. |
PD-8953 |
Fixed a typo in the Remote Access screen in the Web User Interface (WUI). |
PD-8869 |
An error message appears when adding an extra port that conflicts with another Virtual Service. |
PD-9031 |
Stopped unnecessary errors from appearing in the LoadMaster console screen. |
PD-8972 |
Fixed a WUI issue that was not displaying the RADIUS Server(s) or RADIUS Shared Secret fields values. |
PD-8772 |
Fixed an issue that was obstructing the serial number field in the LoadMaster console. |
PD-8965 |
You can enable/disable TCP Multiple Connect even when the license does not have Multiple Connect. |
PD-8014 |
Remote GEO LoadMasters are marked as up, even if they contain no Virtual Service addresses. |
PD-8766 |
"Everywhere" only appears once in the GEO location selection. |
PD-8713 |
Fixed an issue that was preventing some content rules from matching in certain scenarios. |
PD-8882 |
Fixed an issue that was preventing the Real Server destination port from being set using the Application Program Interface (API). |
PD-8654 |
Fixed an issue preventing the Use HTTP/1.1 setting from being configured using the API. |
PD-8716 |
Improved the output of the showdomainlockedusers API command. |
PD-8545 |
Fixed an issue with the Initialize-LoadBalancer PowerShell API command. |
PD-8848 |
Improved error handling for the Request-KEMPLicenseOffline and Update-KEMPLicenseOffline PowerShell API commands. |
PD-8988 |
Fixed an issue that was causing kernel panic in some scenarios. |
PD-8649 |
Fixed an issue that prevented firmware patches from being applied when /tmp is partially full (~17%). |
PD-8746 |
Fixed issues with downloading/installing WAF rules after doing a factory reset. |
PD-8378 |
Improved error handling with the listvs API command. |
PD-8561 |
Improved the response for the createbond and unbond API commands. |
PD-8357 |
Fixed an issue with error handling when adding a new cluster using the API. |
PD-8992 |
Improved email logging. |
PD-8656 |
Fixed an issue with the aslactivate API command. |
PD-8731 |
Fixed an issue with the GEO blacklist functionality. |
PD-8857 |
Improved output of the Get-LicenseType command. |
PD-8411 |
Fixed an issue with importing the PowerShell module file. |
Known Issues
PD-10980 |
A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible. Further information can be found here: Mitigation For Remote Access Execution Vulnerability. |
PD-9892 |
Application of SNORT rules does not work. |
PD-10155 |
Issue with configuration corruption causes some GEO features not to function. |
PD-7265 |
When you change the Shared IP Address in a HA pair, you are not redirected to the new Shared IP Address. |
PD-8413 |
Cannot specify wildcard port when creating a Virtual Service from a template. |
PD-8725 |
Proximity and Location Based scheduling does not work with IPv6 source addresses. |
PD-8561 |
No response received when running the createbond/unbond API commands, even when they are successful. |
PD-8196 |
When using the enablewafremotelogging API command it is possible to set the remote URI to an invalid format. |
PD-8118 |
The GEO Update Interface cannot be set using the API. |
PD-8107 |
It is not possible to force an NTP update using the API. |
PD-7613 |
The showiface and modiface API commands do not show the User for Cluster Checks and Use for Cluster Updates options. |
PD-7156 |
The VS index parameter is missing from some API commands. |
PD-9070 |
Check Interval not displaying correct value when using API |
PD-9059 |
GEO Error Messages |
PD-8881 |
Powershell Get-Virtualservice: the cmdlet does not return a valid PS object |
PD-7265 |
No redirection when Shared IP is changed using the WUI |
PD-10160 |
The API commands to reset the CPU and network graphs do not work. |