Release Notes Version 6.4

Before installing any firmware version, back up your configuration and read all release notes that apply to versions more recent than the one currently running on your system.
Before upgrading a virtual machine, it is highly recommended to take a snapshot of that virtual machine.
Do not manually reboot your system at any time during an update unless otherwise instructed by Barracuda Networks Technical Support. Depending on your current firmware version and other system factors, updating can take up to 10 minutes. If the process takes longer, contact Barracuda Networks Technical Support for further assistance.

In the High Availability environment, deleting a Layer 4 service or editing the server associated with the Layer 4 service in the Passive unit is not handled properly in the backend. It is recommended to perform these operations on the Active unit. [BNADC-5795]
The SSL hardware is now disabled by default in the Barracuda Load Balancer ADC 640 and 840. The administrator can enable the SSL hardware functionality if required.
With the OpenSSL1.1.1, certificates signed with MD5 are no longer supported. Please replace such certificates with SHA1/SHA256 signed certificates before upgrading to 6.4.0.x. If an upgrade is done without replacing these certificates, services using them will go down and rollbacks will occur. [BNADC-10261]

Barracuda Load Balancer ADC now supports TLSv1.3 protocol. [BNADC-9179]
Ability to configure service port ranges for TCP/UDP proxy services is supported. [BNADC-3239][BNADC-3175]
Barracuda Load Balancer ADC now supports load balancing Citrix Storefront and Xen App/Desktop. [BNADC-9783]

Ability to schedule reports at any hour of the day is added.[BNADC-9525]
Ability to send value of Basic Authorization Header as part of HTTP query parameter after successful authentication of the user is added. [BNADC-10043]

Resolved: TCP SACK vulnerabilities CVE-2019-11478, CVE-2019-11479.[BNSEC-8325][BNADC-10272]
Resolved: HTTP/2 Dos attack vulnerability CVE-2019-9511 to CVE-2019-9518 discovered by Netflix. [BNSEC-8464][BNADC-10376]
Resolved: Post-authentication sensitive information leak [BNSEC-8552][BNADC-10399]. Thank you to Steven Campbell from Rapid7 for reporting this to us.
Addressed Scheduled Report Summarization issue in heavy traffic. [BNADC_10253]
Issue in using ECDSA certificate chain for service is fixed now. [BNADC-10390]

Enhancement: Ability to select Group Membership Format as UserDN or User for LDAP authentication is provided [BNADC-10060]

System timezone from the System Configuration Backup file is honored correctly. [BNADC-10083]
Intermittent connection failure in RDP Server Monitor Testing Method, is addressed. [BNADC-9996]
User Authentication failure due to special characters (%) in the password, is addressed. [BNADC-9897]
The Authentication page which was not rendering on chrome 72 browsers is addressed now. [BNADC-10113]
The user authentication fails when user is part of too many groups, is addressed. [BNADC-9850]
Support for special characters in the user name for LDAP Authentications, is addressed. [BNADC-9846]
The increase in the memory usage of the server health monitor over a time for DNS test, is addressed. [BNADC-9794]
An uneven load balancing seen when WLR algorithm and client IP impersonation was configured, is addressed. [BNADC-9327]
All the logs from the system are now shown with System Timezone correctly on 6.3.0.008 based VM instances.[ BNADC-10051]
Issue with MS Sharepoint server monitor testing method where the domain was not forwarded to the sharepoint server, is addressed.[BNADC-10112]