Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

GEO 2.3.45.0 Release Notes

Refer to the sections below for details about firmware version 2.3.45.0. This was released on 23rd January 2019.

New Features

The following new features were added to the 2.3.45.0 release:

  • Added TLS 1.3 Support in GEO LoadMasters.
    • Supported as a TLS protocol on GEO LoadMasters for administration Web User Interface (WUI) access.
  • Created a new hard disk partitioning structure for hardware GEO LoadMasters.
    • Previously, the GEO LoadMaster Operating System (LMOS) did not make full use of all the hard disk capacity that was available. With these changes, all the available space on the hard disk is now accessible to the GEO LMOS.

Feature Enhancements

  • Added support for new MaxMind GeoLite2 database.
    • The GEO LoadMaster now supports the new MaxMind GeoLite2 database. The GeoLite Legacy database has been discontinued by MaxMind and is no longer supported on GEO LoadMaster firmware 2.3.45.0 onwards.
  • Added the ability to set and send the Remote Authentication Dial-In User Service (RADIUS) Network Access Server (NAS) identifier attribute in RADIUS requests.
    • The GEO LoadMaster Web User Interface (WUI) and Application Programming Interfaces (REST and PowerShell APIs) now allow the setting and sending of NAS-ID attribute in RADIUS requests for WUI Authorization.
  • Added support for SFTP as an option for GEO LoadMaster Automated Backups feature.
    • SFTP can now be configured in the GEO LoadMaster WUI as a backup method for Automated Backups. Options are also available to configure automated backups using SFTP with the REST and PowerShell APIs. 
  • The LoadMaster Disk Management capabilities have been enhanced.
    • Improvements have been made to the management of log files. Users now have greater control over log file management with the ability to download and delete individual log files. The logrotate utility has been made more robust.
  • Updated OpenSSH from version 7.5p1 to 7.9p1.
    • This is to mitigate against some security vulnerabilities - specifically CVE-2018-15473.

Issues Resolved

PD-12388

Addressed a further vulnerability (CVE-2018-9091) in the GEO LoadMaster Operating System (LMOS) related to Session Management that allows a logged in user to gain access to sensitive system data, thereby compromising the system.

The expanded scope of this vulnerability covers exploitation through the use of insecure Web User Interface (WUI) endpoints. These vulnerabilities have been addressed in this release. Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

PD-12205

Fixed the issue where the SNMP user password changes when editing SNMP configuration.

PD-12203

Improved the GEO Nameserver Statistic output that is displayed from the System Log files WUI page

PD-12084

Corrected some inconsistencies in the description of LoadMaster SNMP MIB parameters.

PD-12077

 

A validly-configured RADIUS user can now login to the LoadMaster WUI with Session Management enabled or disabled.

PD-12070

Previously, a GEO Cluster could be created without a name. This caused problems when selecting this cluster as part of the FQDN configuration as the name would be a blank entry in the Cluster drop down selection area.

Now, if a name is not specified when creating a new GEO Cluster, the IP address is automatically used as the name.

PD-12062

Added missing parameter syslognone to the Set-LogSyslogConfiguration PowerShell cmdlet.

PD-9553

A user can disable secure NTP by setting the REST API parameter ntpkeysecret to an empty string.

 

Known Issues

PD-12424

Special characters for LDAP String Representation of Search Filters are not currently supported on the GEO LoadMaster for LDAP WUI Authorization.

PD-12357

WUI Multi-Interface access does not work on any port other than the default port 443.

PD-11861

IPv6 is not supported by the current RADIUS implementation in the GEO LoadMaster for WUI Authorization.

PD-11024

The WUI is not accessible on NIC-1 from a non-local subnet.

PD-10586

If a GEO FQDN is configured with All Available as the Selection Criteria, IP addresses are returned even if the cluster is disabled.

PD-10155

An issue with configuration corruption is causing some GEO features to not function.

PD-9765

GEO does not support DNS TCP requests from unknown sources.

PD-8853

GEO Location Based failover does not work as expected.

PD-8725

GEO Proximity and Location Based scheduling do not work with IPv6 source addresses.


Comments