Release Notes Version 8.1

Similar documents
Barracuda Firewall Release Notes 6.6.X

Release Notes Version 7.8

McAfee Network Security Platform 9.1

Barracuda Load Balancer ADC REST API Version 2

akkadian Global Directory 3.0 System Administration Guide

McAfee Gateway Appliance Patch 7.5.3

Microsoft Exchange Server 2013 and 2016 Deployment

Barracuda Link Balancer

McAfee Network Security Platform 9.2

Document Sub Title. Yotpo. Technical Overview 07/18/ Yotpo

McAfee Network Security Platform 8.3

Barracuda Firewall Release Notes 6.5.x

AccessEnforcer Version 4.0 Features List

Viewing System Status, page 404. Backing Up and Restoring a Configuration, page 416. Managing Certificates for Authentication, page 418

StreamSets Control Hub Installation Guide

Failover Configuration Bomgar Privileged Access

Load Balancing Overview

Configuring Failover

Failover Dynamics and Options with BeyondTrust 3. Methods to Configure Failover Between BeyondTrust Appliances 4

Attacks Description - Action Policy

Network Security Platform 8.1

provides several new features and enhancements, and resolves several issues reported by WatchGuard customers.

Using ANM With Virtual Data Centers

Cloud Computing /AWS Course Content

McAfee Network Security Platform 8.3

User Manual. Admin Report Kit for IIS 7 (ARKIIS)

SonicWall Web Application Firewall 2.0. AWS Deployment Guide

McAfee Network Security Platform 8.3

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Administrative Tasks CHAPTER

ClientNet. Portal Admin Guide

Security Management System Release Notes

McAfee Network Security Platform 9.1

Privileged Remote Access Failover Configuration

How to Configure Authentication and Access Control (AAA)

SAML-Based SSO Configuration

Sign in and Meeting Issues

McAfee Network Security Platform 8.3

McAfee Network Security Platform 8.3

To keep our customers informed, the known issues list and the release of hotfixes resolving these known issues are now updated regularly.

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

Citrix NetScaler Basic and Advanced Administration Bootcamp

McAfee Network Security Platform 8.3

Fireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.

McAfee Network Security Platform 8.1

BCCPP Q&As. Blue Coat Certified Proxy Professional. Pass Blue Coat BCCPP Exam with 100% Guarantee

StorageGRID Webscale 11.0 Tenant Administrator Guide

Antivirus Solution Guide. NetApp Clustered Data ONTAP 8.2.1

vrealize Suite Lifecycle Manager 1.0 Installation and Management vrealize Suite 2017

Antivirus Solution Guide for Clustered Data ONTAP: Symantec

ForeScout CounterACT. Configuration Guide. Version 3.4

ForeScout Open Integration Module: Data Exchange Plugin

PCoIP Connection Manager for Amazon WorkSpaces

Cisco TelePresence Conductor with Cisco Unified Communications Manager

RECOMMENDED DEPLOYMENT PRACTICES. The F5 and Okta Solution for High Security SSO

BIG-IP Access Policy Manager : Implementations. Version 12.1

Administering vrealize Log Insight. September 20, 2018 vrealize Log Insight 4.7

Setting Up the Server

CPM. Quick Start Guide V2.4.0

Scan Report Executive Summary

AWS Reference Architecture - CloudGen Firewall Auto Scaling Cluster

CUSTOMER CONTROL PANEL... 2 DASHBOARD... 3 HOSTING &

NGF0502 AWS Student Slides

File Reputation Filtering and File Analysis

NGFW Security Management Center

KEMP360 Central. 1 Introduction. KEMP360 Central. Feature Description

The Balabit s Privileged Session Management 5 F5 Azure Reference Guide

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

Cisco TelePresence Conductor with Cisco Unified Communications Manager

AppGate 11.0 RELEASE NOTES

Configuring Virtual Servers

Release Notes for Cisco IronPort AsyncOS for Web

System Description. System Architecture. System Architecture, page 1 Deployment Environment, page 4

WatchGuard Dimension v2.1.1 Update 3 Release Notes

Data Protection Guide

McAfee Network Security Platform 8.3

McAfee Network Security Platform 9.1

VMware Horizon View Deployment

McAfee Network Security Platform 8.3

VMware AirWatch Content Gateway Guide For Linux

Load Balancing Microsoft IIS. Deployment Guide v Copyright Loadbalancer.org

Cisco TelePresence Conductor with Unified CM

This option lets you reset the password that you use to log in if you do not remember it. To change the password,

System Administration

Load Balancing For Clustered Barracuda CloudGen WAF Instances in the New Microsoft Azure Management Portal

Administering vrealize Log Insight. 12-OCT-2017 vrealize Log Insight 4.5

Security in Bomgar Remote Support

VMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway

vrealize Suite Lifecycle Manager 1.1 Installation, Upgrade, and Management vrealize Suite 2017

Release Notes for Cisco IronPort AsyncOS 7.8 for Security Management

Barracuda Web Application Firewall Foundation - WAF01. Lab Guide

Administering vrealize Log Insight. 05-SEP-2017 vrealize Log Insight 4.3

McAfee Network Security Platform 9.1

VE6023 Telephone Page Server User Manual

This Readme describes the NetIQ Access Manager 3.1 SP5 release.

Scan Report Executive Summary

Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.

NGFW Security Management Center

Release Notes. Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 2 Known Issues... 3 Resolved Issues...

Transcription:

Please Read Before Updating Before updating to a new firmware version, be sure to back up your configuration and read the release notes for each firmware version which you will apply. Do not manually reboot your system at any time during an update, unless otherwise instructed by Barracuda Networks Technical Support. The update process typically takes only a few minutes to apply. If the process takes longer, please contact Barracuda Networks Technical Support for assistance. Uploaded file names are now validated for metacharacters, and if the file name contains metacharacters after the first dot, the request will be blocked. [BNWF-14832] Requests with Content-Type as "text/plain", are now not included in deep inspection to prevent false positives. [BNWF-19588] The POST body, in passive mode, is now inspected only till a predefined and hardcoded length of 8K. [BNWF-21937] Attempt to append extra characters than what is permissible for CAPTCHA answer, is now blocked and the client is treated as a bot. [BNWF-21353] GET requests with content-length headers are now allowed. [BNWF-20098] XML RPC has been deprecated since Version 8.0.1. Use REST API to make API calls. Fixes and Enhancements in 8.1 Security Feature: A new Web Scraping feature provides advanced protection against web scraping or harvesting threats. [BNWF-2938] Feature: Security policy can now be associated with the rule group of a service. This makes it possible to associate security policies granularly at a URL level rather than a service level only. [BNWF-2786] Feature: Ability to create Certificate Signing Request (CSR)/self-signed SAN certificate on the Barracuda Web Application Firewall. [BNWF-14144] Feature: HTTP Strict Transport Security (HSTS) support is added for the HTTPS services. [BNWF-20512] Feature: JSON key profile support is added. Specific rules and security measures can be configured for the keys in JSON requests using the JSON key profile. [BNWF-20666] Enhancement: It is now possible to enable SSL Compatibility Mode for a server, and restrict the list of ciphers to be used to connect with legacy servers. [BNWF-19436] Enhancement: Parameter names in the URL are now validated for metacharacters when Validate Parameter Name is set to "Yes". [BNWF-19329] Enhancement: New identity theft patterns (microsoft-errors, oracle-errors, php-errors, postgres-errors and mysql-errors) are now available in the SECURITY POLICIES > Data Theft Protection page. [BNWF-22323] Security Fix: SSH protocol version 1 (v1) is completely disabled. [BNWF-21609] Fix: After upgrading to version 8.1, the Default Mode For Updated Patterns will be changed to Active. Therefore, all patterns that gets updated as part of the latest version of attack definition will set the Operating Mode to Active under "Attack Types" on the ADVANCED > View Internal Patterns page. [BNWF-22171] Fix: The "Policy Fix" for Metacharacter in parameter now removes the metacharacter found in the request from the "Denied Metacharacters" list in "Parameter Protection". [BNWF-21926] Fix: The PROT command is now forwarded to the FTP server when SSL is enabled for the service. [BNWF-21700] 1 / 6

Fix: After upgrading to 8.1 version, all JSON profiles will be configured with application/json as default MIME type, therefore, by default requests with Content-Type as application/json will be validated against JSON profiles. [BNWF-21446] Fix: The data path crash issue with the JSON requests having keys/values more than 256KB characters, has been addressed. [BNWF-21151] Fix: A rare issue that blocked the exempted client IP address/addresses configured in Exception Clients on the WEBSITES > Advanced Security page, has been fixed now. [BNWF-20591] Fix: Exception profiling fixes for the logs that have been already purged from the database, are now handled gracefully. [BNWF-20105] Fix: Policy fix can now handle case sensitive parameters gracefully. In other words, if the Barracuda Web Application Firewall encounters a parameter name in two different cases (uppercase and lowercase), two parameter profiles will be created for the parameter when policy fix is applied. [BNWF-13798] Fix: Private key will not be exported in the backup when the certificate is uploaded with "Allow Private Key Export set to "No". Fix: If Allow Private Key Export is set to No for an uploaded certificate, the private key will not be included in the certificate when the certificate is downloaded. [BNWF-20474] Fix: Data theft protection is now applied to responses with application/xml content. [BNWF-21001] Fix: A rare issue that resulted in service outage when bruteforce policy was applied, has been fixed. [BNWF-20945] Access Control System Enhancement: IDP entity ID is now automatically populated from the IDP metadata. [BNWF-20776] Enhancement: An IDP selection response page is now automatically associated to the service that is enabled with SAML authentication service. [BNWF-19523] Feature: Ability to configure supported SSL protocols for the web interface. (SSL protocols can be selected on the ADVANCED > Secure Administration page.) [BNWF-20528] Feature: Threshold for bandwidth, incoming requests/connections and live sessions for the system can now be configured in the BASIC > Dashboard page, Preferences window. If the system exceeds the configured threshold, an email notification is sent to the configured email address/addresses with the download link of the file in it. [BNWF-22387] Feature: Servers using hostname as the identifier can now be resolved to multiple IPs, and the system performs load balancing across these IP addresses This is especially important in IaaS environments.[bnwf-22367] Enhancement: SSLv3 is now disabled by default for new services. [BNWF-20774] Enhancement: Ability to copy an existing security policy and create a new security policy has been added. [BNWF-20350] Enhancement: CPU usage calculation in multi-core systems has been improved. [BNWF-15607] Enhancement: Square brackets are now supported in the exempted cookie list. [BNWF-21270] Enhancement: New servers added by name resolution will now have unique server names. [BNWF-22594] Enhancement: The backslash (0x5c) and SOH (%01) are now included in the default denied metacharacters list. [BNWF-21403] Enhancement: Re-provisioning capability has been added for virtual machines. [BNWF-20970] Enhancement: The default value of Profile Update Interval is now set to 300 seconds to reduce the configuration update interval. [BNWF-22619] Fix: Memory leak issue that was observed when uploading files as multipart/form-data, has been fixed. [BNWF-22360] Fix: Organization Name can include ampersand (&) character when creating a certificate. [BNWF-22328] 2 / 6

Fix: A race condition issue in the monitoring process that caused service outage, has been fixed. [BNWF-22251] Fix: Alert notification for memory usage is sent only when total memory (RAM + SWAP) exceeds 85%. [BNWF-22237] Fix: A trusted host group can now be deleted if it is not associated with any service. [BNWF-21970] Fix: Login issue that occurred when restoring the backup, has been fixed. [BNWF-21681] Fix: An issue that marked the service down when client impersonation was enabled, has been fixed. [BNWF-21320] Fix: The URL field in the URL profile can now be configured with the ampersand (&) character in it. [BNWF-19844] Fix: If the primary DNS server is not reachable, or unable to resolve the hostname, the Barracuda Web Application Firewall uses secondary DNS server (if configured) to resolve the hostname. [BNWF-22145] Fix: A possible race condition while processing burst of requests, is now handled gracefully. [BNWF-21695] Fix: In case of connection failures during backend connectivity, the errors are logged less frequently to avoid voluminous logs in the system. [BNWF-21398] Fix: If < and > are present in the POST request, the normalizes these characters before pattern matching. [BNWF-21240] Fix: An issue that put the system into maintenance mode, has been fixed. [BNWF-22005] Fix: When there is no rewrite being done on the response pages by any modules in the Barracuda Web Application Firewall, the response is not chunk encoded until and unless the server itself sends the chunk encoded response. [BNWF-21171] Fix: A possible memory leak in the path of persistence, has been fixed. [BNWF-17331] Fix: An issue with hostname resolution when TTL 0 was received, has been fixed. [BNWF-21077] Fix: An issue where an old snapshot was loaded when web interface operation failed, has been fixed. [BNWF-19373] Fix: Restarting the log module will no more cause service disruption. [BNWF-21066] Fix: Servers configured with server names under a content rule can now be edited. [BNWF-21125] Fix: Threshold value for CPU Temperature is updated according to the configured temperature scale in the ADVANCED > Appearance page, Web Interface section. [BNWF-17293] Fix: In rare circumstances, memory leak issue observed in the configuration database, has been fixed. [BNWF-22585] Logging and Reporting Feature: AMQP (1.0 version) protocol support added to export logs to external aggregators that are compliant to AMQP message queuing, including Microsoft Azure's Event Hub. [BNWF-20551] Feature: Ability to set the frequency to export access logs to the FTP server. [BNWF-4285] Enhancement: Layer 7 health check failure errors now display Source IP/Port, Destination IP/Port when the log level is set to "Information". [BNWF-20135] Enhancement: Custom log format can be defined for System Logs and Network Firewall Logs on the ADVANCED > Export Logs page. [BNWF-20318] [BNWF-22013] Enhancement: The "Log level" for "Web Firewall Logs" export is set to "1-Alert" by default. [BNWF-24190] Fix: Memory leak issue that was observed when logging web firewall logs at a high rate, has been fixed. [BNWF-21846] Fix: Mismatched IP Cookie Replay Attack" logs are not generated on the BASIC > Web Firewall Logs page when "Cookie Replay Protection Type" is set to None. [BNWF-21678] Fix: Junk characters are now handled properly while generating a unique ID for a web firewall log, and traffic is processed without interruption. [BNWF-21218] Fix: Server Username in FTP Access Logs can now include <domain name>/<username>. [BNWF-21035] Fix: An issue with unreadable characters for "Invalid Method" in access logs when the URLs come in a non-ascii charset, has been fixed. [BNWF-18982] Fix: The client IP/port and server IP/port are now logged in the system logs if client certificate is not 3 / 6

presented during the SSL handshake. [BNWF-14829] Fix: All fields in Web Firewall Logs and Access Logs have been normalized to handle multi-byte charsets and escape sequence characters. [BNWF-19136] Fix: Logs exported to the CSV format now displays the text in English irrespective of the language setting in the browser. [BNWF-19633] Fix: High resource utilization by logging and reporting process, has been addressed. [BNWF-20658] User Interface Feature: Ability to add custom MIME types for JSON profiles. [BNWF-20372] Enhancement: Infinite-scrolling is implemented on the BASIC > Services page to improve performance. [BNWF-20991] Enhancement: The "OR" conjunction has been removed from the logs page. The logs can now be filtered using the "In/Not In (comma-separated)" options. Note: Old filters created and saved using the OR option cannot be applied. [BNWF-19765] Enhancement: "Outbound Attacks" has been renamed to "Cloaked Responses" in the "Attacks" graph and statistics table on the BASIC > Dashboard page. [BNWF-18198] Fix: It is now possible to delete URL profiles and parameter profiles when the profiles are filtered based on the directories. [BNWF-22331] Fix: The "api.cgi" file is no longer exposed in the web interface. [BNWF-20961] Fix: Directory access on the 's management web interface now returns 404 instead of 403. [BNWF-20960] Fix: Web interface vulnerability for caching and content-type has been addressed. [BNWF-18372] Fix: An issue that did not allow intermediate certificates to be uploaded when the web interface language was set to "German", has been fixed now. [BNWF-19783] Fix: Delay in opening edit window for URL and parameter profiles, has been fixed. [BNWF-22394] Management Feature: URL optimizers has been implemented to handle large number of URL profiles, where multiple URL profiles can be coalesced into one. [BNWF-20657] Feature: Parameter optimizers has been implemented to handle large number of parameter profiles, where multiple parameters profiles can be coalesced into one. [BNWF-21294] Fix: Hard disk cleanup has been improvised to handle space issues. [BNWF-22438] Fix: Compilation error seen with NNM's MIB compiler for SNMP has been fixed. [BNWF-21388] Fix: Total Bandwidth and Services: Bandwidth graphs on the BASIC > Dashboard page now display correct data. [BNWF-21278] High Availability Fix: Local host entries are now not synchronized in the cluster environment. [BNWF-21284] Cloud Hosting Feature: Auto scaling and bootstrapping capability added for the on AWS. [BNWF-20259] Fix: A rare issue where creating a security policy in an AWS instance, model BWFCAW001a resulted in generating improper values. This issue has been fixed. [BNWF-21103] Fix: Virus scan can now be enabled on the A2 instances in Microsoft Azure and Amazon to check the presence of viruses in the files uploaded through multipart/form-data messages. [BNWF-18922] REST API Enhancements and Fixes Enhancement: URL and parameter profiles for a service can now be added/updated/retrieved/deleted using REST API. [BNWF-20804] 4 / 6

Enhancement: URL client authentication can now be configured using REST API. [BNWF-20627] Fix: Server Name Indication (SNI) for servers can now be enabled/disabled using REST API. [BNWF-22359] Fix: REST API now honors camel case in server name. [BNWF-21376] Fix: Local administrators created on the ADVANCED > Admin Access Control page can now update/modify vsites data using REST API. [BNWF-21102] Fix: Updating the server details using REST API does not insert junk values into the DB. [BNWF-20819] 5 / 6

6 / 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback