LoadMaster 7.1.35.7 Release Notes
Refer to the sections below for details about firmware version 7.1.35.7. This was released on 5th December 2018.
Note: This firmware is not available in the Microsoft Azure Marketplace. However it is still possible to patch upgrade from the LTS version 7.1.35.6 which is available in the Marketplace.
Feature Enhancements
- Updated OpenSSH to version 7.9p1 to mitigate against CVE-2018-15473.
- Previously, there was no Redundant Array of Independent Disks (RAID) monitoring facility available for hardware LoadMaster's that supported disk RAID configurations.
Now, in the Debug Options page on the LoadMaster Web User Interface (WUI), there are options to display the RAID controller and RAID disk information. Status information in relation to RAID events is also available in the LoadMaster message logs and using Syslog.
Issues Resolved
PD-11990 |
Addressed a further critical vulnerability (CVE-2018-9091) in the LoadMaster Operating System (LMOS) related to Session Management that could, in certain circumstances, allow an unauthorized, remote attacker to bypass security protections, and gain access to sensitive system data, thereby compromising the system. This vulnerability was partially addressed in 7.1.35.6. The expanded scope of this vulnerability covers exploitation through the use of insecure Web User Interface (WUI) endpoints associated with historical graphs and licensing. These vulnerabilities have been addressed in this release. Further information can be found here: Mitigation For Remote Access Execution Vulnerability. |
PD-11981 |
Previously, there was no RAID monitoring facility available for Hardware LoadMasters that supported Disk RAID configurations. Now, in the Debug Options page on the LoadMaster WUI there are options to display the RAID Controller and RAID Disk information. Status information in relation to RAID events is also available in LoadMaster message logs, using Syslog and with API commands. |
Known Issues
PD-11762 |
The LoadMaster does not return a complete list of Virtual Services (VSs) or Real Servers (RSs) for queries using a MIB browser or SNMP walk command. |
PD-11286 |
Following upgrade of LoadMaster LTS version there may be issues with accessing Edge Security Pack (ESP) User, Security, or Connection logs using some browsers. |
PD-10812 |
For Virtual LoadMasters (VLMs) in Azure using Bring Your Own License (BYOL) type, the Offline licensing functionality is not available. |
PD-10241 |
Unable to patch upgrade using the Application Program Interface (API) to newer versions of the LoadMaster. |
PD-10192 |
The LoadMaster is unable to set up an IPsec tunnel to Azure classic/Azure Resource Manager (ARM) endpoints. |
PD-10187 |
Web Application Firewall (WAF) statistics do not get reset on Virtual Service deletion. |
PD-10184 |
An issue exists which prevents some users from accessing some Virtual Services when using WAF. |
PD-10183 |
WAF does not block the response, even when the Process Responses option is enabled on the Virtual Service. |
PD-10182 |
Enabling WAF on a Virtual Service with no rules applied causes a specific web feature to fail. |
PD-10181 |
When an HTTP response contains a status of HTTP/1.1 500 Internal Server Error and the location header is populated, the response to the client is dropped and the client sees nothing. |
PD-10180 |
High CPU utilization can be seen when using WAF in certain situations. |
PD-10160 |
The API commands to reset the CPU and network graphs do not work. |
PD-10159 |
CPU and network usage graphs are not appearing after firmware upgrade. Resetting the statistic counters does not clear the graph data. |
PD-10155 |
Issue with configuration corruption causes some GEO features not to function. |
PD-10138 |
Only text/XML and application/JSON content types are supported with the Inspect HTML POST Request Content feature. |
PD-9976 |
An issue occurs preventing Layer7 from initializing when processing SNORT rules. |
PD-9953 |
A security issue exists causing the initial boot password to be written in the Azure Virtual LoadMaster logs. |
PD-9950 |
LoadMaster VNF HA does not work on LoadMaster versions 7.1.35.n and 7.2.36.n. It does work on LoadMaster version 7.2.37 and above. |
PD-9901 |
HA does not work with LTS VNF 7.1.35.4 on the Multi-Tenant LoadMaster. |
PD-9783 |
HA status tool tip on slave unit displays incorrect IP addresses. |
PD-9779 |
Discrepancies between the WUI and RESTful API parameter for Client Authentication Mode. |
PD-9777 |
Issues can occur when using the license API if the time zone on the LoadMaster is set to GMT-X. |
PD-9770 |
ESP logs missing some information. |
PD-9768 |
Security issue in the SSO debug logs relating to the logon transcode option. |
PD-9758 |
Some users are unable to edit or access Office files from SharePoint when using SAML and KCD authentication. |
PD-9743 |
Issues importing some template files that have the default rule assigned. |
PD-9666 |
Headers with underscores are not accepted by Apache 2.4. |
PD-9660 |
The LoadMaster is changing RADIUS passwords in some scenarios. |
PD-9657 |
Naming a cipher set using - or + results in some issues. |
PD-9643 |
Unable to change the IP address of a Virtual Service in an Azure LoadMaster. |
PD-9633 |
Unable to set the check host with the port attached in the WUI (it works using the API or CLI). |
PD-9604 |
Issues when trying to import some custom templates. |
PD-9596 |
The showiface RESTful API command shows the wrong interface values in the output for interfaces that are not configured. |
PD-9575 |
There are issues with some aclcontrol API commands. |
PD-9572 |
There are discrepancies displaying the location latitude/longitude parameter values for some RESTful API commands. |
PD-9570 |
There is a typo in the removecountry API response error message. |
PD-9553 |
There is no API command to disable secure NTP mode. |
PD-9539 |
Issues with the PowerShell New-GeoCluster command in a specific scenario. |
PD-9525 |
The RESTful API returns the value of the failtime parameter in seconds, but it is set in minutes. |
PD-9523 |
In a specific scenario, the RESTful API returns a success message when fetching a non-existing GEO FQDN. |
PD-9517 |
Unable to authenticate some users when the password is expired and permitted groups are used. |
PD-9508 |
ESP only verifies SAML assertions when using the root certificate. |
PD-9504 |
Some users are experiencing issues with HA failover on Multi-Tenant LoadMaster units. |
PD-9476 |
There is no RESTful API command to get/list the installed custom rule data files. |
PD-9470 |
LDAP Real Server health checking is not working optimally. |
PD-9453 |
Some Azure users are having issues licensing due to communication issues with the default gateway. |
PD-9359 |
Some users are unable to authenticate using ESP. |
PD-9159 |
When WAF is enabled there is no traffic on the back-end in certain scenarios. |
PD-9129 |
The API command to backup contains an error that breaks the PowerShell wrapper connection. |
PD-8746 |
If a LoadMaster licensed with WAF rules has had rules downloaded/installed and then a factory reset is performed, it is not possible to download/install WAF rules. |
PD-8697 |
Some users are having issues detecting the partition when using the Hardware Security Module (HSM). |
PD-8413 |
It is not possible to specify a wildcard port when creating a Virtual Service from a template. |
PD-7265 |
No redirection when the shared IP address is changed using the WUI. |
PD-7157 |
When using WAF and KCD, all file attachments in SharePoint fail. |
PD-7156 |
The VSIndex parameter is missing in some API calls. |