GEO 2.2.35.6 Release Notes

Updated: May 25, 2021 18:53

Refer to the sections below for details about firmware version 2.2.35.6.

Feature Enhancements

Addressed a critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management where an unauthenticated, remote attacker could bypass security protections, gain system privileges, execute elevated commands, and expose certain sensitive system data, such as certificates and private keys. This vulnerability was partially addressed in 7.1.35.5. The expanded scope of this vulnerability, covering exploitation through injection of arbitrary executable commands in cookies, is addressed in this release.

PD-10155	Issue with configuration corruption causes some GEO features not to function.
PD-9572	There are discrepancies displaying the location latitude/longitude parameter values for some RESTful API commands.
PD-9570	There is a typo in the removecountry API response error message.
PD-9539	Issues with the PowerShell New-GeoCluster command in a specific scenario.
PD-9523	In a specific scenario, the RESTful API returns a success message when fetching a non-existing GEO FQDN.