Guidance for Selecting LoadMaster Releases

Updated: February 21, 2023 19:42

Contents

Recommended Production Releases

When downloading a LoadMaster installation or upgrade image for deployment, customers need to understand the content of each release stream so they can make an informed decision. The choice you make will likely depend on the relative stability and content of each release stream.

The following are our recommendations for production use based on how we label our new releases, in order of preference.

LTSF Long Term Support Feature Release	This is the recommended release for production deployments for all customers, unless a specific feature or fix in the GA release is required. LMOS 7.2.54 is the LTSF release branch, with the current release being 7.2.54.4. It contains all features and bug fixes from earlier releases, along with critical fixes, security fixes, and selected features from GA releases of LMOS 7.2.55 and above.
GA General Availability Release	This is the recommended release for production deployments for customers that require new features and fixes not present in the LTSF release. LMOS 7.2.58.0 is the current GA release. It contains all features and bug fixes from earlier releases, including of course the LTSF and LTS branches.
LTS Long Term Support Release	This is the earliest supported production deployment release and is the gateway release for customers running legacy versions of LMOS prior to 7.2.48.0 that are no longer supported. LMOS 7.2.48 is the LTS release branch, with the current release being 7.2.48.8. This branch is updated with critical bug fixes and security fixes from later LMOS releases on a priority basis. New features from GA releases are not added to the LTS release. LMOS 7.2.48.8 is the release version evaluated for Common Criteria certification, achieved by LoadMaster on 27 January 2023.
EA Early Access Release	Early access releases are made available on as as-needed basis to give customers the opportunity to try out new features before they are included in a production release and are not recommended for production use. There is no EA release of LMOS currently available.

LMOS Release Feature Contents

In addition to the above, the following sections list the major features in each of the releases described above to help you decide which release is appropriate for your deployment.

GA Features

The current LMOS GA release contains the following major new features, not present in the LTSF and earlier releases. See the Release Notes for the indicated versions for more information.

7.2.58

New Features
ACME Support for DigiCert SSL Certificate Management
Virtual Service Sorting
Virtual Service Filtering
Duplicating a Sub Virtual Service (SubVS)
Chef Template and Deployment Guide
DataDirect Template and Deployment Guide
License Mobility
Change Notices
GEO: Ignore ECS for Public/Private Decisions
WAF PCRE Limit Enhancements
Official Support for VMware 7.0 Update 3d
Security Updates
Weak Ciphers Removed from FIPS Cipher Set
FIPS Mode Cipher Sets Modified to Remove Less Secure Ciphers
Local User Certificate Login Behavior Switch

7.2.57

New Features
GEO: BIND Upgrade and EDNS Client Subnet (ECS) Support
GEO: Manage FQDN UI Sorting and Filtering
GEO: Increase Limit on IPs per FQDN to 256
WAF: UI Updates
Change Notices
Kubernetes Ingress Controller (KIC): Support for Kubernetes 1.22
WAF: Increased Request Body Size Limit
WAF: Order of Rule Processing
Security Updates
WAF: Engine Update for CVE-2021-42717

7.2.56

New Features
TLS 1.3 Cipher Suite Selection
Change Notices
SNMPv3 Authentication Updates
SSO Domain Configuration Field Character Limit Increased
Downgrading on AWS
UI Usability Updates
Security Updates
CLI Security Fix (Privilege Escalation)

7.2.55

New Features
Support for Newer AWS Machine Types
WAF: Clearing the False Positive Analysis Counters and Events
WAF: Configurable OWASP POST Body Size
WAF: Remote Logging TLS Version
GEO: Capacity, Performance, and UI Enhancements
Change Notices
SSL Renegotiation Disabled By Default
Ciphers Use for Re-encryption
Network Telemetry VLAN Enhancement
Increased Size Limitation for SSO Custom Form Images
RPS Limiting UI Removed for Non-Offloaded HTTPS Port 443 VSs
Security Updates
Update OpenSSL to Version 1.1.1k
Strict Transport Security Header Settings
Single Sign On: SameSite and Secure Options
Console Support for WUI Cipher Reset
Certificate Chain of Trust for UI Authentication
Console Security Update
WUI Template Security Update

LTSF Features

The current LMOS LTSF release (7.2.54.4) contains the following major new features, not present in the LTS and earlier releases. See the Release Notes for the indicated versions for more information.

7.2.54.4 and Earlier 7.2.54 Releases

New Features
WAF: Clearing the False Positive Analysis Counters and Events
WAF Enhancements (WAF 1.5)
Change Notices
AWS: Downgrade from LMOS 7.2.55.0
Pre-7.2.53 WAF Rules Retired -- No Further Updates Available
Security Updates
Console CLI Security Update
CVE-2022-0778

7.2.53

New Features
Network Telemetry
Let's Encrypt Support
Bandwidth Rate Limiting & QoS
StoreFront Pre-Authentication (ESP) for Citrix Workspace/Receiver
Kemp Ingress Controller for Kubernetes
OpenID Connect Support
Increase strength of DHE key exchange keys for SSL/TLS to 4096
HA: Interface Reboot Feature
GEO: Additional Record Types Supported
GEO: Layer 7 HTTP/HTTPS Site Health Checks
Client Certificate Authentication with No Server Side Authentication
Change Notices
Enhanced ESP Client Session Logging
Changes Affecting Long-Lived UDP Connections
LoadMaster Change of Ownership - Improve existing workflow
Content Rules and 512-byte Response Limit
Cavium III SSL Accelerator Performance Switch
IRQ Pinning Default for LoadMaster MT VNFs
Certificate Signing Request (CSR) Generation Permissions
LoadMaster Licensing FQDN Change
GEO: Option to Prevent a Disabled GEO Cluster from Responding
Updated RSA Root Certificate for Self-Signed Certificates
Security Updates
NTLM Proxy Mode
Elliptical Curve CA Certificate Regenerated
OpenSSH Update
Updated Certificate PIV Support (Smartcard) for SSO & WUI
X.509 Certificate Format Updated
Outbound Connection Certificate Validation

7.2.52

New Features
Rate Limiting / Quality of Service (QoS) for Incoming Connections
SSL Information in Client Request Headers
DHCPv6 Support
Radius 2 Factor + LDAP Enhancement
Content Rule Page Updates
Ability to use SNI in SubVS, as well as SNI-Hostname Pass Through
Permitted Groups in Multi-Domain Environment
HTTP/HTTPS Health Check OPTIONS Method Support
Quality of Service DSCP Pass Through Support
GEO: TXT Record Support
Change Notices
Best Practices Cipher Set Updated
Adjustable Timeout for KCD Connections
Per-VS Health Check Settings
Disabling SSL Master Secret Extension Handling
Modified EC Curves in LoadMaster Client Hello
Enhanced HA Sync Parameters
Security Updates
Best Practices Cipher Set Updated
GEO: Response Contains Internal IP Address
Enhanced Server-Side KCD Authentication Cipher Option
Certificate Signing Request (CSR) Generation
Syslog and LDAPS Server Certificate Validity Checking
Enhanced Random Number Generator Seeding
Enhanced NTP Key Exchange Algorithms

7.2.51

New Features
Citrix StoreFront Gateway for External Virtual Apps and Desktops
Rate Limiting of Real Servers
Redundant Key Distribution Center for KCD Authentication
UI Login Integration with Cisco ACS / ISE
Change Notices
Configurable KCD Authentication Request Wait Time
Specifying the Protocol for Remote Logging
Port Following on Generic Virtual Services in UI
Enhanced Single Sign On Log Messages
Security Updates
Updated NIST FIPS Cryptographic Module Certification
Assigning Intermediate Certificates to Virtual Services
Regeneration of SSH Host Key

7.2.50

New Features
JSON Web Token Support
UI Access Control
Factory Reset Secure Delete
ESP Logging Common Event Format (CEF) Option
Minimum Password Length
Securing Outbound Connections
OCSP Stapling for Outbound Connections
Elliptic Curve Cipher Sets
Elliptic Curve Self-Signed Certificates
Elliptic Curve Certificate Signing Requests
IRQ Pinning
Azure Support for 10 Gb Interfaces
API Support for Adding & Removing Non-Local Sorry Servers
Console Logging Enhancements
Change Notices
Signature Verification of Updates and Add-Ons Enabled By Default
URL Hash Scheduling Mechanism Optimization
GEO Limit for IP Addresses in an FQDN Increased from 16 to 64
GEO HA Configuration Issues in AWS and Azure Cloud Platforms
VMware Hardware Compatibility Level
LDAP: Username Only Authentication to Real Server
Log Format Enhancements
Azure Agent Version Upgrade
Backup Includes Custom HTML Files for Redirection Handling
Improved Metered Licensing Transitions
API Version 2 Enhancements (Beta)

7.2.49.1

New Features
Digital Verification of Upgrade Patches and Add-On Packages
CAPTCHA V2 for Forms Based Authentication
SNMP: Real Server Statistics Values
Content Rules Enhancement: Flag Negation Logic for Conditional Rule Execution
WAF Support for Chunked Transfer Encoded POST/PUT Requests
High Availability Broadcast Support
Change Notices
Reduced Frequency of License Expiry Notifications
IPv6 Address Handling Enhancements
UI Safe Edit Mode (Beta)
Call Home Transitions to Kemp Analytics
Relicensing SPLA LoadMasters

LTS Features

The current LMOS LTS release (7.2.48.7) contains the following major new features, not present in earlier releases. See the Release Notes for more information.

Note that the LTS release contains the legacy version of the LoadMaster Web Application Firewall (WAF) feature, which has been deprecated. To obtain the latest version of WAF and receive automated rule updates, please install either the LTSF or GA versions of LoadMaster.

7.2.48.8

Security Updates
Weak Ciphers Removed from FIPS Cipher Set
FIPS Mode Cipher Sets Modified to Remove Less Secure Ciphers

7.2.48.7

Security Updates
CVE-2022-0778

7.2.48.6 and Earlier 7.2.48 Releases

New Features
Network Telemetry VLAN Enhancement
Network Telemetry
IPv6 Certification
DHCPv6 Support
Azure Support for 10 Gb Interfaces
IRQ Pinning
Minimum Password Length
Console Logging Enhancements
Securing Outbound Connections
OCSP Stapling for Outbound Connections
Elliptic Curve Cipher Sets
Elliptic Curve Self-Signed Certificates
Elliptic Curve Certificate Signing Requests
Secure Factory Reset
High Availability Broadcast Support
Change Notices
LoadMaster Licensing FQDN Change
"Allow Access on Server Fail" Now Applies to SSO
Certificate Signing Request (CSR) Generation Permissions
AWS: Downgrade from LMOS 7.2.55.0
Best Practices Cipher Set Updated
Cavium III SSL Accelerator Performance Switch
IRQ Pinning Default for LoadMaster MT VNFs
Modified EC Curves in LoadMaster Client Hello
Signature Verification of Updates and Add-Ons Required By Default
Log Format Enhancements
Specifying the Protocol for Remote Logging
Custom HTML Files for Redirection Handling Added to Backup
Security Updates
NTLM Proxy Mode
Unblocking 'bal' Account After Failed Login
Console Support for WUI Cipher Reset
Console CLI Security Update
WUI Template Security Update
Best Practices Cipher Set Updated
Syslog and LDAPS Server Certificate Validity Checking
Enhanced Server-Side KCD Authentication Cipher Option
Enhanced NTP Key Exchange Algorithms
Regeneration of SSH Host Key
Certificate Signing Request (CSR) Generation Permissions
Certificate Signing Request (CSR) Generation Key Display
X.509 Certificate Format Updated
Outbound Connection Certificate Validation
Updated NIST FIPS Cryptographic Module Certification
Assigning Intermediate Certificates to Virtual Services
Syslog and LDAPS Server Certificate Validity Checking
Enhanced Random Number Generator Seeding

Release History

Release Date	LMOS Version
2023-02-03	7.2.48.9 (LTS)
2022-11-29	7.2.48.8 (LTS)
2022-10-27	7.2.58
2022-06-30	7.2.57
2022-04-27	7.2.54.4 (LTSF)
2022-04-25	7.2.48.7 (LTS)
2022-04-25	7.2.56
2022-02-17	7.2.48.6 (LTS)
2021-12-21	7.2.54.3 (LTSF)
2021-11-01	7.2.54.2
2021-10-27	7.2.48.5 (LTS)
2021-09-15	7.2.55
2021-06-01	7.2.54.1
2021-04-01	7.2.54.0
2021-03-01	7.2.53
2021-03-01	7.2.48.4 (LTS)
2020-12-01	7.2.48.3
2020-11-01	7.2.48.2
2020-10-01	7.2.52
2020-07-01	7.2.51
2020-04-01	7.2.50
2020-03-01	7.2.49.1
2019-11-01	7.2.48.1
2019-10-01	7.2.48.0

Kemp Support, how can we help?