GEO 2.3.44 Release Notes
Refer to the sections below for details about firmware version 2.3.44. This was released on 31st October 2018.
Feature Enhancements
- The GEO LoadMaster Operating System Linux kernel was upgraded from linux-4.9.58 to linux-4.9.124 to provide security and stability improvements.
- The Top utility on the GEO LoadMaster has been enhanced to provide more detailed configuration error messages and limits have been set on the configuration values to allow easier setup.
- SNMP can now be used to retrieve SSL certificate information. Created a new certs MIB module (OID: 1.3.6.1.4.1.12196.14.1) that displays the SSL certificate information for all installed SSL certificates on the GEO LoadMaster. There is a limit of a maximum of 256 SSL Certs that can be displayed. The following information is contained in the new MIB module:
- certIdx - Unique Certificate Id
- certFileName - Certificate file name
- certSubjectName - Certificate name
- certSerialNumber - Certificate Serial Number
- certStartDate - Certificate Start Date
- certEndDate - Certificate End Date
- certIssuer - Certificate Issuer
- SNMP can now be used to retrieve disk usage information. Added the dskEntry information to the UCD-SNMP-MIB Module (OID: 1.3.6.1.4.1.2021.9) to provide GEO LoadMaster disk partition information related to the /var/log and /var/log/userlog partitions.
- The KEMP ID user registration link on the homepage of an unlicensed GEO LoadMaster has been updated to https://kemptechnologies.com/kemp-id-registration/.
Issues Resolved
PD-11859 |
Addressed a further critical vulnerability (CVE-2018-9091) in the GEO LoadMaster Operating System (LMOS) related to Session Management that could, in certain circumstances, allow an unauthorized, remote attacker to bypass security protections, and gain access to sensitive system data, thereby compromising the system. This vulnerability was partially addressed in 7.2.42.0. The expanded scope of this vulnerability covers exploitation through the use of insecure Web User Interface (WUI) endpoints associated with historical graphs and licensing. These vulnerabilities have been addressed in this release. Further information can be found here: Mitigation For Remote Access Execution Vulnerability. |
PD-11778 |
Previously, configuration changes made to GEO FQDN site mapping were not replicated to the GEO partner. Now, the issue has been fixed and changes made to the FQDN site mapping are replicated to the GEO partner. |
PD-11503 |
Previously, in GEO, an incorrect message (GEO ACL Automatic Update file not found) was reported in the logs, even when Enable Automated GEO IP Blacklist data Updates was disabled. Now, this issue has been fixed and the message is no longer reported in the logs. |
PD-10435 |
Previously, under certain specific conditions, the GEO application logs could fill the allocated partition, which caused the unit to not log any further messages.Now, GEO application logging has been improved. |
Known Issues
PD-8725 |
GEO Proximity and Location Based scheduling do not work with IPv6 source addresses. |
PD-8853 |
GEO Location Based failover does not work as expected. |
PD-9765 |
GEO does not support DNS TCP requests from unknown sources. |
PD-10155 |
An issue with configuration corruption is causing some GEO features to not function. |
PD-10586 |
If a GEO FQDN is configured with All Available as the Selection Criteria, IP addresses are returned even if the cluster is disabled. |
PD-11621 |
In a GEO configuration with Stickiness set in the Miscellaneous Params WUI screen, a requested Fully Qualified Domain Name (FQDN) is not returned correctly if the Fail Over location is set to Everywhere. |