LoadMaster 7.2.39 Release Notes
Refer to the sections below for details about firmware version 7.2.39. This was released on 2nd August 2017.
New Features
The following features were added to the 7.2.39 release:
- Response body modification rules
- Added HTTP/2 support
- Azure Marketplace Syndication for LoadMaster supported on Azure Stack TP3
- Published the following Virtual Service application configuration templates:
- Aequitas
- Cerner Health
- eClinicalWorks
- Horizon Flex
- Seclore
- NextCloud
- Enhanced cloud High Availability (HA)
Feature Enhancements
- Updated OpenSSH to version 7.5.p1.
- Enhanced the Edge Security Pack (ESP) connection logs.
- Added form-based to form-based authentication support for Microsoft Exchange 2010.
- Added an option to selectively restore ESP Single Sign On (SSO) configuration settings.
- Updated the PowerShell module to reflect Microsoft standards.
Note: This PowerShell module is not backwards compatible with previous PowerShell modules from KEMP Technologies.
- Optimized Web Application Firewall (WAF) logging for disk storage.
Issues Resolved
PD-9627 |
Stopped cookie values displaying in the Web User Interface (WUI). |
PD-9588 |
It is possible to modify the IP address of the shared IP on a VLAN interface. |
PD-9556 |
Fixed an issue with GEO custom locations. |
PD-9551 |
It is possible to have GEO FQDN names containing underscores. |
PD-9549 |
Fixed an issue which prevented some users from accessing some Virtual Services when using WAF. |
PD-9522 |
Fixed an issue that caused content rules to disappear when SSL re-encryption was enabled. |
PD-9492 |
Fixed an issue that was causing LM-5600 models to lose configuration after a reboot. |
PD-9457 |
Fixed an issue that caused an error relating to sending and receiving completion packets. |
PD-9456 |
Fixed automated backup processing for the SCP method to allow underscores in usernames. |
PD-9450 |
Fixed an issue that was causing OCSP to not permit valid users in certain scenarios. |
PD-9402 |
Fixed an issue that was causing users to disconnect when using RSA authentication and logging into different applications with different browsers. |
PD-9401 |
Fixed an issue with the Drop Connections on RS failure that caused high RAM usage. |
PD-9393 |
Fixed a memory issue with the SSO manager. |
PD-9389 |
Fixed an issue that prevented Layer7 from initializing when processing SNORT rules. |
PD-9362 |
Fixed an issue that caused Real Servers to be forced in a disabled state globally, even if it was enabled on all Virtual Services. |
PD-9335 |
Fixed an issue that prevented server-side SSO domains from being deleted. |
PD-9290 |
Removed "deprecated option" SSO manager logs. |
PD-9258 |
Fixed an issue that prevented some users from accessing the LoadMaster after upgrading the firmware. |
PD-9253 |
Removed unnecessary logs relating to WAF in the passive unit. |
PD-9239 |
Fixed an issue that caused the LoadMaster to reboot when the persistence mode of a UDP syslog Virtual Service was changed. |
PD-9236 |
Fixed an issue that was causing HA MELA (Metered Enterprise License Agreement) LoadMasters to have network failure every five minutes. |
PD-9229 |
Fixed an issue that was causing units to reboot and go into a pacified state after upgrading the firmware. |
PD-9218 |
Fixed an issue that was preventing users from signing into the WUI using LDAP credentials. |
PD-9206 |
Improved special character handling for forms-based server-side passwords. |
PD-9183 |
Fixed an issue that was causing a segfault in certain situations. |
PD-9160 |
Fixed an issue that was causing WAF to block the uploading of files larger than 1MB. |
PD-9158 |
Fixed an issue that caused SNMP traps to come from individual IPs and not from the Shared IP, even when the Send SNMP traps from the shared address option was enabled. |
PD-9154 |
Fixed an issue with the OWA expired password functionality in Exchange 2010. |
PD-9136 |
Fixed an issue with subnet originating when doing re-encryption in cluster mode. |
PD-9133 |
Fixed the log level for some licensing response information. |
PD-9123 |
Fixed an issue that was preventing the default content rule from being selected. |
PD-9121 |
Fixed an issue with client certificate authentication. |
PD-9114 |
Fixed an issue that was causing email alerts to not work if the hostname contained an underscore. |
PD-9112 |
Fixed an issue that was preventing the IP address of the SubVS from being shown in the WAF real time statistics. |
PD-9107 |
Fixed an issue that was preventing authentication using LDAP. |
PD-9074 |
Improved error message relating to destination IP addresses and ESP session management. |
PD-9062 |
Fixed an issue that caused simultaneous health check failures. |
PD-9059 |
Improved GEO error handling. |
PD-9045 |
Fixed an issue that caused email logging to not use the current hostname as the MAIL FROM. |
PD-9041 |
Fixed an issue with WAF that caused a specific web feature to fail. |
PD-9039 |
Fixed an issue that caused WAF to break a Virtual Service when a HA pair failed over twice. |
PD-8986 |
Fixed an issue that caused a slow download speed in certain situations. |
PD-8915 |
Fixed an issue with Hyper-V live migration. |
PD-8896 |
Fixed an issue that was preventing some customers from editing or accessing Office files from SharePoint when using SAML authantication. |
PD-8558 |
Fixed an issue that caused Outlook clients to connect slowly through a Virtual Service when set up with a template. |
PD-8320 |
Fixed an issue that prevented SDN from connecting to the HP SDN controller. |
PD-9384 |
Fixed a typo in the Enable Session Management check box hover text. |
PD-9356 |
Syslog entries are no longer duplicated. |
PD-9181 |
Fixed an issue that partially exposed the SCP automated backup key. |
PD-9174 |
Fixed an issue that prevented backing up using FTP using the console. |
PD-8953 |
Fixed a spelling error in the WUI in the Allow Administrative WUI Access check box label. |
PD-7265 |
Users are now redirected to the new shared IP address when it is changed. |
PD-9285 |
Fixed the response code when setting the wuildapep parameter with an invalid LDAP EP. |
PD-9153 |
Fixed an issue that stopped a SubV-generated WAF event from being accepted by mlogc. |
PD-9151 |
The Reset Statistic Counters option now resets WAF stats. |
PD-9060 |
Fixed an issue that caused some mlogc instances taking 100% CPU usage after WAF remote logging was disabled. |
PD-8969 |
Fixed an issue that prevented WAF automated installations from working on initial setup. |
PD-8968 |
Changing the HA shared IP address on a KVM-based LoadMaster happens instantly (without rebooting). |
PD-8750 |
Fixed an issue that was causing WUI access to fail if the multi-interface access was changed. |
PD-9624 |
Mitigated against the CVE-2017-8890 vulnerability. |
PD-9355 |
Fixed an issue with authentication using client certificates in certain scenarios. |
PD-9096 |
Daily, zipped ESP extended log files are automatically generated. |
PD-8958 |
SSO sessions now display sessions when client SAML SSO users login to OWA. |
PD-8413 |
It is possible to specify a wildcard port when creating Virtual Services using a template. |
PD-8196 |
Improved error handling for RESTful API command enablewafremotelogging. |
PD-8118 |
Added a parameter to get the GEO update interface using the API. |
PD-8107 |
Added an option to force an NTP update using the API. |
PD-7613 |
Improved the showiface API command to show more parameters. |
PD-9176 |
Improved the EULA API output for Azure. |
PD-9099 |
Fixed an issue with the delintermediate API command. |
PD-8727 |
It is possible to delete the IP range using the API (even if it includes IPv6). |
PD-9593 |
Fixed an issue that was preventing connectivity to the base IP address when configuring the shared IP address for HA using the RESTful API. |
PD-9581 |
Fixed an issue with the output of the PowerShell Set-GeoMiscParameter command. |
PD-9439 |
Fixed an issue with the output of the Set-LmHAMode command. |
PD-9378 |
Improved error when using the RESTful API to add a white/black list address to an unknown Virtual Service. |
PD-9132 |
Restoring a configuration using the API works. |
PD-9346 |
Fixed an issue with the Uninstall-LmPatch PowerShell command. |
PD-9343 |
Improved error when deleting a non-existing LoadMaster add-on using the RESTful API. |
PD-9260 |
It is possible to change the password of a local user using the RESTful API. |
PD-9255 |
Improved error handling for the RESTful API command uploadsamlidpmd. |
PD-9148 |
It is possible to unset the email server port and syslog server port using the RESTful API. |
PD-9108 |
Improved error handling when deleting non-existing routes using the RESTful API. |
Known Issues
PD-10980 |
A critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible. Further information can be found here: Mitigation For Remote Access Execution Vulnerability. |
PD-8725 |
Proximity and Location Based scheduling does not work with IPv6 source addresses. |
PD-9765 |
GEO does not support DNS TCP requests from unknown sources. |
PD-10392 |
Random reboots can occur on the master unit after upgrading the firmware to 7.2.39. |
PD-9854 |
WAF does not support chunked transfer encoding on the POST body. |
PD-9821 |
Some high memory usage has been observed in firmware version 7.2.39. |
PD-9892 |
Application of SNORT rules does not work. |
PD-10155 |
Issue with configuration corruption causes some GEO features not to function. |
PD-9844 |
An issue is causing LoadMaster reboots. |
PD-9877 |
There is a minor delay in UDP Virtual Services. |
PD-9793 |
WAF does not block attack traffic or requests even though the appropriate rule is assigned in the Virtual Service. To resolve this problem, enable the Inspect HTML POST Request Content check box. |
PD-9758 |
Some users are unable to edit or access Office files from SharePoint when using SAML and KCD authentication. |
PD-9770 |
ESP logs missing some information. |
PD-9159 |
When WAF is enabled there is no traffic on the back-end in certain scenarios. |
PD-9666 |
Headers with underscores are not accepted by Apache 2.4. |
PD-9633 |
Unable to set the check host with the port attached in the WUI (it works using the API or CLI). |
PD-9517 |
Unable to authenticate some users when the password is expired and permitted groups are used. |
PD-9508 |
ESP only verifies SAML assertions when using the root certificate. |
PD-9504 |
Some users are experiencing issues with HA failover on Multi-Tenant LoadMaster units. |
PD-10159 |
CPU and network usage graphs not appearing after firmware upgrade. Resetting the statistic counters does not clear the graph data. |
PD-9470 |
LDAP Real Server health checking is not working optimally. |
PD-9453 |
Some Azure users are having issues licensing due to communication issues with the default gateway. |
PD-9359 |
Some users unable to authenticate using ESP. |
PD-8697 |
Some users having issues detecting the partition when using the Hardware Security Module (HSM). |
PD-9768 |
Security issue in the SSO debug logs relating to the logon transcode option. |
PD-9657 |
Naming a cipher set using - or + results in some issues. |
PD-9643 |
Unable to change the IP address of a Virtual Service in an Azure LoadMaster. |
PD-9604 |
Issues when trying to import some custom templates. |
PD-9747 |
Some issues using HA pairs with certificate authentication. |
PD-9383 |
Some issues with special space characters for local LoadMaster user authentication. |
PD-7157 |
When using WAF and KCD, all file attachments in SharePoint fail. |
PD-7156 |
The VSIndex parameter is missing in some API calls. |
PD-9575 |
There are issues with some aclcontrol API commands. |
PD-9129 |
The API command to backup contains an error that breaks the PowerShell wrapper connection. |
PD-9596 |
The showiface RESTful API command shows the wrong interface values in the output for interfaces that are not configured. |
PD-9572 |
There are discrepancies displaying the location latitude/longitude parameter vales for some RESTful API commands. |
PD-9570 |
There is a typo in the removecountry API response error message. |
PD-9553 |
There is no API command to disable secure NTP mode. |
PD-9539 |
Issues with the PowerShell New-GeoCluster command in a specific scenario. |
PD-9525 |
The RESTful API returns the value of the failtime parameter in seconds, but it is set in minutes. |
PD-9523 |
In a specific scenario, the RESTful API returns a success message when fetching a non-existing GEO FQDN. |
PD-9476 |
There is no RESTful API command to get/list the installed custom rule data files. |
PD-7978 |
The New-TlsHSMClientCert command returns an error when the LoadBalancer and Credential/SubjectCN parameters are used. |
PD-10160 |
The API commands to reset the CPU and network graphs do not work. |