Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

LoadMaster 7.2.39 Release Notes

Refer to the sections below for details about firmware version 7.2.39. This was released on 2nd August 2017.

New Features

The following features were added to the 7.2.39 release:

  • Response body modification rules
  • Added HTTP/2 support
  • Azure Marketplace Syndication for LoadMaster supported on Azure Stack TP3
  • Published the following Virtual Service application configuration templates:
    • Aequitas
    • Cerner Health
    • eClinicalWorks
    • Horizon Flex
    • Seclore
    • NextCloud
  • Enhanced cloud High Availability (HA)

Feature Enhancements

  • Updated OpenSSH to version 7.5.p1.
  • Enhanced the Edge Security Pack (ESP) connection logs.
  • Added form-based to form-based authentication support for Microsoft Exchange 2010.
  • Added an option to selectively restore ESP Single Sign On (SSO) configuration settings.
  • Updated the PowerShell module to reflect Microsoft standards.

Note: This PowerShell module is not backwards compatible with previous PowerShell modules from KEMP Technologies.

  • Optimized Web Application Firewall (WAF) logging for disk storage.

Issues Resolved

PD-9627

Stopped cookie values displaying in the Web User Interface (WUI).

PD-9588

It is possible to modify the IP address of the shared IP on a VLAN interface.

PD-9556

Fixed an issue with GEO custom locations.

PD-9551

It is possible to have GEO FQDN names containing underscores.

PD-9549

Fixed an issue which prevented some users from accessing some Virtual Services when using WAF.

PD-9522

Fixed an issue that caused content rules to disappear when SSL re-encryption was enabled.

PD-9492

Fixed an issue that was causing LM-5600 models to lose configuration after a reboot.

PD-9457

Fixed an issue that caused an error relating to sending and receiving completion packets.

PD-9456

Fixed automated backup processing for the SCP method to allow underscores in usernames.

PD-9450

Fixed an issue that was causing OCSP to not permit valid users in certain scenarios.

PD-9402

Fixed an issue that was causing users to disconnect when using RSA authentication and logging into different applications with different browsers.

PD-9401

Fixed an issue with the Drop Connections on RS failure that caused high RAM usage.

PD-9393

Fixed a memory issue with the SSO manager.

PD-9389

Fixed an issue that prevented Layer7 from initializing when processing SNORT rules.

PD-9362

Fixed an issue that caused Real Servers to be forced in a disabled state globally, even if it was enabled on all Virtual Services.

PD-9335

Fixed an issue that prevented server-side SSO domains from being deleted.

PD-9290

Removed "deprecated option" SSO manager logs.

PD-9258

Fixed an issue that prevented some users from accessing the LoadMaster after upgrading the firmware.

PD-9253

Removed unnecessary logs relating to WAF in the passive unit.

PD-9239

Fixed an issue that caused the LoadMaster to reboot when the persistence mode of a UDP syslog Virtual Service was changed.

PD-9236

Fixed an issue that was causing HA MELA (Metered Enterprise License Agreement) LoadMasters to have network failure every five minutes.

PD-9229

Fixed an issue that was causing units to reboot and go into a pacified state after upgrading the firmware.

PD-9218

Fixed an issue that was preventing users from signing into the WUI using LDAP credentials.

PD-9206

Improved special character handling for forms-based server-side passwords.

PD-9183

Fixed an issue that was causing a segfault in certain situations.

PD-9160

Fixed an issue that was causing WAF to block the uploading of files larger than 1MB.

PD-9158

Fixed an issue that caused SNMP traps to come from individual IPs and not from the Shared IP, even when the Send SNMP traps from the shared address option was enabled.

PD-9154

Fixed an issue with the OWA expired password functionality in Exchange 2010.

PD-9136

Fixed an issue with subnet originating when doing re-encryption in cluster mode.

PD-9133

Fixed the log level for some licensing response information.

PD-9123

Fixed an issue that was preventing the default content rule from being selected.

PD-9121

Fixed an issue with client certificate authentication.

PD-9114

Fixed an issue that was causing email alerts to not work if the hostname contained an underscore.

PD-9112

Fixed an issue that was preventing the IP address of the SubVS from being shown in the WAF real time statistics.

PD-9107

Fixed an issue that was preventing authentication using LDAP.

PD-9074

Improved error message relating to destination IP addresses and ESP session management.

PD-9062

Fixed an issue that caused simultaneous health check failures.

PD-9059

Improved GEO error handling.

PD-9045

Fixed an issue that caused email logging to not use the current hostname as the MAIL FROM.

PD-9041

Fixed an issue with WAF that caused a specific web feature to fail.

PD-9039

Fixed an issue that caused WAF to break a Virtual Service when a HA pair failed over twice.

PD-8986

Fixed an issue that caused a slow download speed in certain situations.

PD-8915

Fixed an issue with Hyper-V live migration.

PD-8896

Fixed an issue that was preventing some customers from editing or accessing Office files from SharePoint when using SAML authantication.

PD-8558

Fixed an issue that caused Outlook clients to connect slowly through a Virtual Service when set up with a template.

PD-8320

Fixed an issue that prevented SDN from connecting to the HP SDN controller.

PD-9384

Fixed a typo in the Enable Session Management check box hover text.

PD-9356

Syslog entries are no longer duplicated.

PD-9181

Fixed an issue that partially exposed the SCP automated backup key.

PD-9174

Fixed an issue that prevented backing up using FTP using the console.

PD-8953

Fixed a spelling error in the WUI in the Allow Administrative WUI Access check box label.

PD-7265

Users are now redirected to the new shared IP address when it is changed.

PD-9285

Fixed the response code when setting the wuildapep parameter with an invalid LDAP EP.

PD-9153

Fixed an issue that stopped a SubV-generated WAF event from being accepted by mlogc.

PD-9151

The Reset Statistic Counters option now resets WAF stats.

PD-9060

Fixed an issue that caused some mlogc instances taking 100% CPU usage after WAF remote logging was disabled.

PD-8969

Fixed an issue that prevented WAF automated installations from working on initial setup.

PD-8968

Changing the HA shared IP address on a KVM-based LoadMaster happens instantly (without rebooting).

PD-8750

Fixed an issue that was causing WUI access to fail if the multi-interface access was changed.

PD-9624

Mitigated against the CVE-2017-8890 vulnerability.

PD-9355

Fixed an issue with authentication using client certificates in certain scenarios.

PD-9096

Daily, zipped ESP extended log files are automatically generated.

PD-8958

SSO sessions now display sessions when client SAML SSO users login to OWA.

PD-8413

It is possible to specify a wildcard port when creating Virtual Services using a template.

PD-8196

Improved error handling for RESTful API command enablewafremotelogging.

PD-8118

Added a parameter to get the GEO update interface using the API.

PD-8107

Added an option to force an NTP update using the API.

PD-7613

Improved the showiface API command to show more parameters.

PD-9176

Improved the EULA API output for Azure.

PD-9099

Fixed an issue with the delintermediate API command.

PD-8727

It is possible to delete the IP range using the API (even if it includes IPv6).

PD-9593

Fixed an issue that was preventing connectivity to the base IP address when configuring the shared IP address for HA using the RESTful API.

PD-9581

Fixed an issue with the output of the PowerShell Set-GeoMiscParameter command.

PD-9439

Fixed an issue with the output of the Set-LmHAMode command.

PD-9378

Improved error when using the RESTful API to add a white/black list address to an unknown Virtual Service.

PD-9132

Restoring a configuration using the API works.

PD-9346

Fixed an issue with the Uninstall-LmPatch PowerShell command.

PD-9343

Improved error when deleting a non-existing LoadMaster add-on using the RESTful API.

PD-9260

It is possible to change the password of a local user using the RESTful API.

PD-9255

Improved error handling for the RESTful API command uploadsamlidpmd.

PD-9148

It is possible to unset the email server port and syslog server port using the RESTful API.

PD-9108

Improved error handling when deleting non-existing routes using the RESTful API.

Known Issues

PD-10980

A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.

Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

PD-8725

Proximity and Location Based scheduling does not work with IPv6 source addresses.

PD-9765

GEO does not support DNS TCP requests from unknown sources.

PD-10392

Random reboots can occur on the master unit after upgrading the firmware to 7.2.39.

PD-9854

WAF does not support chunked transfer encoding on the POST body.

PD-9821

Some high memory usage has been observed in firmware version 7.2.39.

PD-9892

Application of SNORT rules does not work.

PD-10155

Issue with configuration corruption causes some GEO features not to function.

PD-9844

An issue is causing LoadMaster reboots.

PD-9877

There is a minor delay in UDP Virtual Services.

PD-9793

WAF does not block attack traffic or requests even though the appropriate rule is assigned in the Virtual Service. To resolve this problem, enable the Inspect HTML POST Request Content check box.

PD-9758

Some users are unable to edit or access Office files from SharePoint when using SAML and KCD authentication.

PD-9770

ESP logs missing some information.

PD-9159

When WAF is enabled there is no traffic on the back-end in certain scenarios.

PD-9666

Headers with underscores are not accepted by Apache 2.4.

PD-9633

Unable to set the check host with the port attached in the WUI (it works using the API or CLI).

PD-9517

Unable to authenticate some users when the password is expired and permitted groups are used.

PD-9508

ESP only verifies SAML assertions when using the root certificate.

PD-9504

Some users are experiencing issues with HA failover on Multi-Tenant LoadMaster units.

PD-10159

CPU and network usage graphs not appearing after firmware upgrade. Resetting the statistic counters does not clear the graph data.

PD-9470

LDAP Real Server health checking is not working optimally.

PD-9453

Some Azure users are having issues licensing due to communication issues with the default gateway.

PD-9359

Some users unable to authenticate using ESP.

PD-8697

Some users having issues detecting the partition when using the Hardware Security Module (HSM).

PD-9768

Security issue in the SSO debug logs relating to the logon transcode option.

PD-9657

Naming a cipher set using - or + results in some issues.

PD-9643

Unable to change the IP address of a Virtual Service in an Azure LoadMaster.

PD-9604

Issues when trying to import some custom templates.

PD-9747

Some issues using HA pairs with certificate authentication.

PD-9383

Some issues with special space characters for local LoadMaster user authentication.

PD-7157

When using WAF and KCD, all file attachments in SharePoint fail.

PD-7156

The VSIndex parameter is missing in some API calls.

PD-9575

There are issues with some aclcontrol API commands.

PD-9129

The API command to backup contains an error that breaks the PowerShell wrapper connection.

PD-9596

The showiface RESTful API command shows the wrong interface values in the output for interfaces that are not configured.

PD-9572

There are discrepancies displaying the location latitude/longitude parameter vales for some RESTful API commands.

PD-9570

There is a typo in the removecountry API response error message.

PD-9553

There is no API command to disable secure NTP mode.

PD-9539

Issues with the PowerShell New-GeoCluster command in a specific scenario.

PD-9525

The RESTful API returns the value of the failtime parameter in seconds, but it is set in minutes.

PD-9523

In a specific scenario, the RESTful API returns a success message when fetching a non-existing GEO FQDN.

PD-9476

There is no RESTful API command to get/list the installed custom rule data files.

PD-7978

The New-TlsHSMClientCert command returns an error when the LoadBalancer and Credential/SubjectCN parameters are used.

PD-10160

The API commands to reset the CPU and network graphs do not work.


Comments