Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

GEO 2.3.47.0 Release Notes

GEO Version 2.3.47.0 is a feature enhancement and bug-fix update released in August 2019. Please read the sections below before installing or upgrading. 

Feature Enhancements

The following feature enhancements have been implemented.

Serial Console for Public Cloud Platforms

Serial console support has been enhanced so that you can now connect to the LoadMaster serial console in public clouds, such as AWS and Azure. This allows access to all console interface capabilities, including resetting the password for the administrative login (bal).

Issues Resolved

The following issues have been resolved in this release:

PD-13347

Licensing: In previous releases, if a password for a Kemp ID contained a "`" (backtick) character GEO would fail to get a license from the Kemp licensing server. This issue has been fixed so that licensing is successful in this case.

PD-13308

Security: Fixed a potential security vulnerability where javascript could be added to the MOTD via the API. This is now not permitted.

PD-13307

Security: Fixed a potential security vulnerability where a script could be uploaded to the MOTD via the API. This is now not permitted.

PD-13305

GEO: Fixed an issue that caused updates to GEO partners to fail.

PD-13304

Security: In previous releases, it was possible to discover a GEO's private IP address via the API if someone knew only the public IP address. Now, the private IP address is no longer seen in the API response, nor is it seen in the WUI unless a user has logged in.

PD-13303

API: Fixed an issue with the 'lscpi' API that caused an 'xmlParseEntityRef' error to be returned instead of a proper response.

PD-13293

LDAP: In previous releases, configuring multiple LDAP servers on the LDAP Endpoint caused WUI Authentication to fail; however, it works if a single server is specified. This issue has been fixed.

PD-13266

Networking: Changes made to the Bonding mode (e.g., from 802.3ad to Active-Backup) reverted back to the previous value. This issue has been fixed.

PD-13264

Browser Support: In previous releases, the WUI Certificate doesn't have a SAN (Server Alternate Name) value, and this causes a certificate error in the Chrome and Firefox browsers. This issue has been fixed by adding a SAN to the certificate.

PD-13217

SMTP: In previous releases, setting the SMTP Server to "smtp.office365.com" on port 587 does not work. This issue has been fixed, so that "smtp.office365.com" on port 587 with STARTTLS can now be used.

PD-13154

GEO: Fixed an issue that could cause the following spurious error to appear: "GEO_ACL_Automatic_Update: feature is not enabled and/or support is expired. Please contact Kemp support.".

PD-13100

GEO: Fixed an issue that caused segmentation faults on GEO partners.

PD-13082

SSL Certificates: Fixed an error that occurred when a user tries to upload a 4096 byte SSH Private Key via the API.

PD-13052

Licensing: Fixed a licensing related issue on the Azure platform that could cause intermittent failures when attempting to contact the Kemp licensing server.

PD-13041

Licensing: Fixed an issue where the LoadMaster configuration does not get cleared after a "Kill_License" is performed via the LMOS API or licensing server.

PD-13038

SSL Certificates: Fixed an issue where 'Elliptic Curve Cryptography' (ECC) certificates in PFX format can't be uploaded.

PD-13027

Licensing: Fixed an issue that caused a spurious message to be displayed when "Kill License" is initiated from WUI.

PD-13051
PD-13026

Networking / SSL Errors: In previous releases, all client SSL messages are written to the LoadMaster logs, which can result in spurious client alert messages appearing in the logs. To address this issue, a new parameter setting has been added to the WUI under System Configuration > Miscellaneous Options > Network Options labelled Log SSL errors. This is set by default to log "Fatal errors only", which will suppress client errors and spurious messages from appearing in the log. You can also set this parameter to display client errors (but not spurious messages), or to return to the behavior in previous releases where no messages are suppressed.

PD-12986

GEO: Fixed an issue that could cause a 'readremote' failure to appear in the log, followed by a GEO Cluster check failure.

PD-12981

Kernel: Fixed an issue that caused spurious kernel call trace warnings to appear in the log.

PD-12973

GEO: In previous releases, when configuring a Cluster for an FQDN, the Mapping Menu parameter returns an error if a Virtual Service whose name contains a left or right bracket character ('[' or ']') is selected from the drop-down. This issue has been fixed.

PD-12795

RADIUS: In previous releases, the Use Local Account only if AAA Fails option may not work as designed when a RADIUS server and a backup RADIUS server are configured, and no response is received from the backup server. This issue has been fixed.

PD-12622

Licensing: In previous releases, the "readeula" REST API does not work after licensing (except when deployed on AWS). This has been fixed to work properly on all cloud, virtual and hardware models.

PD-12449

API: In previous releases, the LMOS 'stats' and 'listconfig' APIs show an incorrect interface speed when there is no link detected. This issue has been fixed so that the correct speed ('0') is displayed.

PD-12068

GEO: In previous releases, with cluster checking set to 'Remote LM', clusters may not appear on the partner device, or may have invalid entries. This issue has been fixed.

 

Known Issues

The following known issues appeared in the Release Notes for the previous release.

PD-12653

Networking: A Hyper-V VLM won't boot when a 4th NIC is added.

PD-12492

Downgrade: If an Azure VLM is downgraded to the LTS firmware release (7.1.35.x), the WUI may display in the top right-hand corner that the VLM is a Hyper-V VLM. This indicates that the Azure VLM Add-On Package must be added to the system to provide full Azure VLM functionality. If this occurs, please contact Kemp Support to get the required add-on package.

PD-11861

RADIUS / IPv6: IPv6 is not supported by the current RADIUS implementation in the LoadMaster for both WUI Authorization and ESP Authentication.

PD-11166

Networking: Azure LoadMasters are not translating the additional network address between the Master and Slave correctly.

PD-11024

WUI: The WUI is not accessible on NIC-1 from a non-local subnet.

PD-10586

GEO: If a GEO FQDN is configured with All Available as the Selection Criteria, IP addresses are returned even if the cluster is disabled.

PD-9765

GEO: DNS TCP requests from unknown sources are not supported.

PD-8853

GEO: Location Based failover does not work as expected.

PD-8725

GEO: Proximity and Location Based scheduling do not work with IPv6 source addresses.


Comments