PD-11977

Addressed a further critical vulnerability (CVE-2018-9091) in the Multi-Tenant LoadMaster Operating System (MT-LMOS) related to Session Management that could, in certain circumstances, allow an unauthorized, remote attacker to bypass security protections, and gain access to sensitive system data, thereby compromising the system. This vulnerability was partially addressed in 7.1.35.4.

The expanded scope of this vulnerability covers exploitation through the use of insecure Web User Interface (WUI) endpoints associated with historical graphs and licensing. These vulnerabilities have been addressed in this release. Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

PD-11854

Previously, the LoadMaster Virtual Network Function (VNF) always used the default Port and Interface for the IP address hyperlink on Status of Installed VNFs.

Now, the hyperlink displays the correct IP address and Port (other than the default 443) on the VNF Status page.

PD-11672

Previously, a user with just User Administration privileges was not able to add\modify\delete other users on the system.

Now, the correct permissions are assigned, and a user with these permissions can administer other users on the system.

PD-10214

Previously, VLAN IDs were referenced using their HEX identifiers or the equivalent integer value. In cases where multiple VLANs were configured, this led to difficulty identifying the appropriate VLAN IDs.

 Now, VLAN IDs are easily identified throughout the WUI with the IDs set during configuration.

PD-10064

 Previously, RADIUS-based users did not get the correct Web User Interface (WUI) administration permissions when WUI Session Management was enabled.

Now, the correct user permissions are assigned.

PD-9950

High Availability (HA) on the Multi-Tenant LoadMaster does not work with LoadMaster VNF firmware versions LTS 7.1.35.x and V7.2.36.x.

PD-10098

The following error message appears if no local users are configured on the Multi-Tenant host WUI: '_RO_USERS: No such file or directory'. There is no functional impact relating to this error.

PD-10194

You cannot update the license of a Multi-Tenant LoadMaster VNF.

PD-10203

Users cannot apply a WUI certificate using the RESTful API or WUI.

PD-10437

Bonded VNF interfaces are not removed correctly after a VNF Factory Reset operation.

PD-11327

You cannot restore backup files on Multi-Tenant LoadMaster VNFs.

PD-11334

There are some issues when bonding more than two interfaces on a Multi-Tenant host.

PD-11458

The operation of the AutoStart button for Instantiated VNFs could be made clearer.

PD-11500

There is a limit to the VNF size of the max number of cores of a single CPU on a multi-core platform. For example, a dual CPU system with 6 cores per CPU, the max size that can be configured for a single VNF is 6 cores.

PD-11678

Some user permissions that are available for selection are not valid for a user on a Multi-Tenant LoadMaster.

PD-11679

Unable to download the backup file via the RESTful API if Session Management is enabled.

PD-11716

With Session Management enabled, the Test AAA for User functionality for the RADIUS user does not work and displays an “Authentication failed” message.

PD-11718

Characters allowed in the VNF name during creation are invalid when the name is modified.