Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

Release Notice: LoadMaster LMOS 7.2.48.5 LTS

Release Notice: LoadMaster LMOS 7.2.48.5 LTS

Release Date: 27th October 2021

 

Update Image Verification:

By default, verification of the digital signature on upgrade images is required in LMOS 7.2.50 and above. See the Update Verification Options setting under System Administration > Miscellaneous Options > WUI Settings. If the unit you are upgrading is set to require validation, you'll need to supply the XML Verification File supplied with this release.

Note that:

  • In previous releases, two verification files were provided: one for pre-7.2.51 systems and one for later systems. This restriction has been removed with this release; use the same XML file regardless of the LMOS version from which you are upgrading.
  • LoadMasters running an LMOS version prior to 7.2.49 do not provide the option of XML file verification in the UI or API. If you are upgrading from one of these releases to this release, you can verify the digital signatures offline using a manual process documented on the support website.

If you are currently running LMOS 7.1.x or an earlier version, please see the article Kemp LoadMaster Firmware Upgrade Path for full upgrade path information.

 

Release Highlights:

New Features:

  • Network Telemetry VLAN Enhancement
    • In previous releases, Network Telemetry could not be enabled on a VLAN with an IP address if the underlying interface was not also assigned an IP address. In this release, Network Telemetry can be enabled on a VLAN regardless of whether the underlying interface has an IP address.

Change Notices:

  • "Allow Access on Server Fail" Now Applies to SSO
  • Certificate Signing Request (CSR) Generation Permissions
  • AWS: Downgrade from LMOS 7.2.55.0

Security Updates:

  • Unblocking 'bal' Account After Failed Login
    • In previous releases, if the 'bal' account became locked (for example, after too many failed login attempts), the user would have to wait at least 10 minutes before login could be attempted again. With this release, the account can be unlocked immediately using the system console / CLI. After logging into the console, use the menu to navigate to Local Administration > Web Address > Unblock Admin WUI access to unblock the 'bal' account.
  • Console Support for WUI Cipher Reset
    • The system console has been enhanced to support resetting the cipher set used by the LoadMaster UI, for use cases where setting a cipher set improperly may cause the UI to be unreachable.
  • Console CLI Security Update
    • The system console has been updated to close vulnerabilities present in the CLI in previous releases that could allow an already authenticated user to obtain a privileged shell. The CVE identifier for this vulnerability is CVE-2021-41068.
  • WUI Template Security Update
    • Validation has been enhanced for the upload of a Virtual Service Template to the system, to close a security vulnerability wherein a carefully constructed file can be uploaded as a template and create unwanted files on the filesystem. The CVE identifier for this vulnerability is CVE-2021-41069.

 

Download Links:

Download Current LTS Version - 7.2.48.5

 

Recommended Reading:

For full details on all the firmware updates, consult the LoadMaster 7.2.48.5 Release Notes

To get the latest firmware updates please visit our Firmware Downloads page.

 


Comments