Clavister har släppt en uppdaterad version av cOS Core 10.22 som innehåller ett stort antal buggfixar, samt förbättringar gällande konsolen vid virtualiserade installationer.
Kontakta Certezza Support vid frågor,
E-post: support@certezza.net
Telefon: 08-791 92 00
| ID | Description |
| COP-2592 | The VLAN CLI command did not show virtual routing (PBR membership) information. |
| COP-8040 | When configuring the Security Gateway to clear the TCP URG flag, the corresponding non-zero TCP Urgent pointer was not cleared. |
| COP-10795 | When using High Availability, the private IP address was used as the responder IP for traceroute. Now the shared IP address is used. |
| COP-12700 | After closing an IPsec tunnel used for L2TPv3 traffic, the Security Gateway in some rare occasions rebooted unexpectedly. |
| COP-13505 | The values for Private Router IDs on an OSPF process did not follow the setting the OSPFProcess object. |
| COP-13518 | The pcapdump tool erroneously captured IPsec traffic when the Ethernet Address filter was used. |
| COP-13572 | Non printable characters were sent in raw code to log receivers. |
| COP-13701 | When using “script -create” on a Security Gateway with global domain objects, not all global domain objects were created. |
| COP-13779 | Anti-virus scanning of certain types of zip-files could in rare occasions lead to an unexpected restart. |
| COP-14383 | The Security Gateway would drop non-first IPv6 fragments with a length shorter than the layer 4 header. |
| COP-14427 | Application Control did not identify all Netflix traffic as Netflix. |
| COP-14583 | If SSH remote management was configured for a specific interface, the SSH server could only be accessed using the core IP address for that specific interface. This fix changes the behavior of SSH remote management to allow access from an interface using any core IP address, consistent with how HTTP remote management works. |
| COP-14698 | There was no log when an IPRule or IPPolicy was changed. |
| COP-14850 | There was no notification message in the WebUI in the event that the IDP subscription had expired. |
| COP-14858 | When adding IPv6 address ranges in the Web User Interface, the validation sometimes failed even if the IPv6 range was correct. |
| COP-14889 | Under certain circumstances the Security Gateway would show unexpected behavior when the SIP module handled a non answered incoming call. |
| COP-14901 | Traffic over the L2TP/IPsec server could halt when the L2TP client’s IP address was changed. |
| COP-14916 | IKE rekey negotiations could fail if the Userauth rule was configured to allow only one simultaneous user. |
| COP-14930 | Traffic allowed by forward fast rules going into an IPsec tunnel was sometimes interrupted if hardware acceleration was used. |
| COP-14980 | PPP LCP request containing data outside the range of the length field was incorrectly dropped. |
| COP-14987 | It was not possible to open an outbound connection when using SAT or SLB together with NAT through an IPsec tunnel if such tunnel had manually specified the address that corresponds to the local net. This was only a problem when using High Availability. |
| COP-15069 | RADIUS attributes “acct-input-gigawords” and “acct-output-gigawords” were not included in the statistics messages when their values were zero. |
| COP-15073 | The HTTP-ALG truncated long blacklist/whitelist filter URLs to 63 characters without a warning, creating an invalid filter matching nothing. Now there is a configuration warning that too long filters will be truncated. |
| COP-15075 | Some log messages did not correctly display the access_level for some users. |
| COP-15082 | IPsec tunnels with remote endpoint configured with a DNS name could take 5 minutes to establish after a fail over in a high availability setup. The problem occurred when using addresses not publicly routable as the private IPs. Now this DNS information is synced to the inactive node to keep both peers correctly up to date. |
| COP-15086 | The output of the CLI command “buffers -recent” and the output of pcapdump when displaying the packets in the CLI were incorrect for IPv6 packets with extension headers. |
| COP-15088 | The fragment IDs in packets were displayed in the wrong byte order on certain Security Gateway models. |
| COP-15105 | Under some circumstances, L2TPv3 tunnels could stop operating after reconfiguring the Security Gateway. |
| COP-15151 | Having two OSPF “point-to-multipoint” interfaces to the same neighbor would result in incorrect routing. |
| COP-15174 | IPsec tunnels from IPsec clients using long Remote Identities were not correctly synced to the inactive High Availability node. |
| COP-15179 | In rare occasions the Security Gateway could make an unexpected restart when releasing DHCP-leases for an IP-Pool if the leases had not yet been populated. |
| COP-15186 | The system sometimes malfunctioned when issuing shutdown if ongoing IPsec negotiations existed. |
| COP-15203 | The lowest configured DH group for PFS was always used when initiating an IPsec rekey instead of the first configured. |
| COP-15238 | Under certain situations the HTML Page Parameter %REDIRHOST% for WebAuth could cause the Security Gateway to render unprintable symbols in the HTTP banners. |
| COP-15275 | The log message generated by the authentication system when a user logged in did not include configured authentication source. |
| COP-15286 | Specifying an OSPF reference bandwidth larger than ~4Gbps sometimes resulted in unexpected reconfiguration errors. |
| COP-15302 | The system could unexpectedly restart if a reconfigure failed due to configuration errors within the interface configuration. |
| COP-15308 | IPsec SA log event details differed between High Availability nodes. |
| COP-15317 | In some circumstances the Security Gateway needed to be restarted in order to retry a failed HTTP POSTER request. |
| COP-15330 | Memory used by the Anti-Virus engine when inspecting compressed files was not included in the memory statistics. |
| COP-15337 | There was a small memory leak related to POP3 email processing. |
| COP-15402 | Certain web pages were not shown correctly in the web browser when the HTTP ALG was used with Anti-Virus scanning and the web server sent the data using chunked encoding. |
| COP-15414 | Not possible to get Ethernet link when forcing speed and duplex on Ethernet device. Affected models: Eagle Series E80, Wolf Series W20 and W30. |
| COP-15433 | The parameter “size” for the console’s command “selftest -burnin” was not shown when using the tab completion. |
| COP-15444 | Time sync operations performed after startup of the system could fail continously if the time drift of the system clock was larger than the configured maximum allowed time drift. To mitigate this problem, the maximum time drift protection is not enabled for the first ten minutes after startup of the system, allowing the time synchronization procedure to correct the system time after startup even if time drift is larger than the configured maximum time drift. |
| COP-15497 | The system did not report a “bad_user_credentials” log (ID 03700104) for login attempts with incorrect credentials for L2TP, PPTP or SSLVPN tunnels. |
| COP-15587 | Synchronization of ESP sequence numbers between cluster peers could during some circumstances be done with wrong sequence numbers which lead to packet loss after HA fail over. |
| COP-15608 | Memory used by the system when compressing or decompressing data was not included in the memory statistics. |
| COP-15620 | Some POP3 ALG features did not work as intended for certain rare messages. |
| COP-15626 | Trial subscription date properties in the Web UI license page were displayed as “N/A” when not present. Now they are not displayed at all. |
| COP-15753 | In some rare cases it was impossible to access the Web Interface if the primary RADIUS authentication server was non-responsive. |
| COP-15763 | SSH Remote Access users could in some rare scenarios gain higher privileges than intended. |
| COP-15767 | The IPsec Remote Identity was not always synced correctly to the inactive High Availability node during IPsec tunnel setup. |
Mikko Vartiainen
