GEO 2.3.47.0 Release Notes
GEO Version 2.3.47.0 is a feature enhancement and bug-fix update released in August 2019. Please read the sections below before installing or upgrading.
Feature Enhancements
The following feature enhancements have been implemented.
Serial Console for Public Cloud Platforms
Serial console support has been enhanced so that you can now connect to the LoadMaster serial console in public clouds, such as AWS and Azure. This allows access to all console interface capabilities, including resetting the password for the administrative login (bal).
Issues Resolved
The following issues have been resolved in this release:
PD-13347 |
Licensing: In previous releases, if a password for a Kemp ID contained a "`" (backtick) character GEO would fail to get a license from the Kemp licensing server. This issue has been fixed so that licensing is successful in this case. |
PD-13308 |
Security: Fixed a potential security vulnerability where javascript could be added to the MOTD via the API. This is now not permitted. |
PD-13307 |
Security: Fixed a potential security vulnerability where a script could be uploaded to the MOTD via the API. This is now not permitted. |
PD-13305 |
GEO: Fixed an issue that caused updates to GEO partners to fail. |
PD-13304 |
Security: In previous releases, it was possible to discover a GEO's private IP address via the API if someone knew only the public IP address. Now, the private IP address is no longer seen in the API response, nor is it seen in the WUI unless a user has logged in. |
PD-13303 |
API: Fixed an issue with the 'lscpi' API that caused an 'xmlParseEntityRef' error to be returned instead of a proper response. |
PD-13293 |
LDAP: In previous releases, configuring multiple LDAP servers on the LDAP Endpoint caused WUI Authentication to fail; however, it works if a single server is specified. This issue has been fixed. |
PD-13266 |
Networking: Changes made to the Bonding mode (e.g., from 802.3ad to Active-Backup) reverted back to the previous value. This issue has been fixed. |
PD-13264 |
Browser Support: In previous releases, the WUI Certificate doesn't have a SAN (Server Alternate Name) value, and this causes a certificate error in the Chrome and Firefox browsers. This issue has been fixed by adding a SAN to the certificate. |
PD-13217 |
SMTP: In previous releases, setting the SMTP Server to "smtp.office365.com" on port 587 does not work. This issue has been fixed, so that "smtp.office365.com" on port 587 with STARTTLS can now be used. |
PD-13154 |
GEO: Fixed an issue that could cause the following spurious error to appear: "GEO_ACL_Automatic_Update: feature is not enabled and/or support is expired. Please contact Kemp support.". |
PD-13100 |
GEO: Fixed an issue that caused segmentation faults on GEO partners. |
PD-13082 |
SSL Certificates: Fixed an error that occurred when a user tries to upload a 4096 byte SSH Private Key via the API. |
PD-13052 |
Licensing: Fixed a licensing related issue on the Azure platform that could cause intermittent failures when attempting to contact the Kemp licensing server. |
PD-13041 |
Licensing: Fixed an issue where the LoadMaster configuration does not get cleared after a "Kill_License" is performed via the LMOS API or licensing server. |
PD-13038 |
SSL Certificates: Fixed an issue where 'Elliptic Curve Cryptography' (ECC) certificates in PFX format can't be uploaded. |
PD-13027 |
Licensing: Fixed an issue that caused a spurious message to be displayed when "Kill License" is initiated from WUI. |
PD-13051 |
Networking / SSL Errors: In previous releases, all client SSL messages are written to the LoadMaster logs, which can result in spurious client alert messages appearing in the logs. To address this issue, a new parameter setting has been added to the WUI under System Configuration > Miscellaneous Options > Network Options labelled Log SSL errors. This is set by default to log "Fatal errors only", which will suppress client errors and spurious messages from appearing in the log. You can also set this parameter to display client errors (but not spurious messages), or to return to the behavior in previous releases where no messages are suppressed. |
PD-12986 |
GEO: Fixed an issue that could cause a 'readremote' failure to appear in the log, followed by a GEO Cluster check failure. |
PD-12981 |
Kernel: Fixed an issue that caused spurious kernel call trace warnings to appear in the log. |
PD-12973 |
GEO: In previous releases, when configuring a Cluster for an FQDN, the Mapping Menu parameter returns an error if a Virtual Service whose name contains a left or right bracket character ('[' or ']') is selected from the drop-down. This issue has been fixed. |
PD-12795 |
RADIUS: In previous releases, the Use Local Account only if AAA Fails option may not work as designed when a RADIUS server and a backup RADIUS server are configured, and no response is received from the backup server. This issue has been fixed. |
PD-12622 |
Licensing: In previous releases, the "readeula" REST API does not work after licensing (except when deployed on AWS). This has been fixed to work properly on all cloud, virtual and hardware models. |
PD-12449 |
API: In previous releases, the LMOS 'stats' and 'listconfig' APIs show an incorrect interface speed when there is no link detected. This issue has been fixed so that the correct speed ('0') is displayed. |
PD-12068 |
GEO: In previous releases, with cluster checking set to 'Remote LM', clusters may not appear on the partner device, or may have invalid entries. This issue has been fixed. |
Known Issues
The following known issues appeared in the Release Notes for the previous release.
PD-12653 |
Networking: A Hyper-V VLM won't boot when a 4th NIC is added. |
PD-12492 |
Downgrade: If an Azure VLM is downgraded to the LTS firmware release (7.1.35.x), the WUI may display in the top right-hand corner that the VLM is a Hyper-V VLM. This indicates that the Azure VLM Add-On Package must be added to the system to provide full Azure VLM functionality. If this occurs, please contact Kemp Support to get the required add-on package. |
PD-11861 |
RADIUS / IPv6: IPv6 is not supported by the current RADIUS implementation in the LoadMaster for both WUI Authorization and ESP Authentication. |
PD-11166 |
Networking: Azure LoadMasters are not translating the additional network address between the Master and Slave correctly. |
PD-11024 |
WUI: The WUI is not accessible on NIC-1 from a non-local subnet. |
PD-10586 |
GEO: If a GEO FQDN is configured with All Available as the Selection Criteria, IP addresses are returned even if the cluster is disabled. |
PD-9765 |
GEO: DNS TCP requests from unknown sources are not supported. |
PD-8853 |
GEO: Location Based failover does not work as expected. |
PD-8725 |
GEO: Proximity and Location Based scheduling do not work with IPv6 source addresses. |