Read Before Updating
Known Issues
- In the High Availability environment, deleting a Layer 4 service or editing the server associated with the Layer 4 service in the Passive unit is not handled properly in the backend. Barracuda Networks recommends performing these operations on the Active unit. [BNADC-5795]
- The SSL hardware is now disabled by default in the Barracuda Load Balancer ADC 640 and 840. The administrator can enable the SSL hardware functionality if required.
- With the OpenSSL1.1.1, certificates signed with MD5 are no longer supported. Please replace such certificates with SHA1/SHA256 signed certificates before upgrading to 6.4.0.x. If an upgrade is done without replacing these certificates, services using them will go down and rollbacks will occur. [BNADC-10261]
Firmware Version 6.5
Enhancements
- Client Certificate can be sent in base64 encoded format to the backend server by configuring the X509_HDR_FTR_WHOLE macro. [BNADC-10503]
- An option to configure domain name for servers for SNI is provided through URL translation. [BNADC-14916]
- GSLB now supports "@" and "*" as hosts for A, CNAME, MX, TXT, NS record types. [BNADC-10356]
Fixes
Firmware Version 6.5.0.009
- Fix: The high CPU utilization issue caused in 6.5.0.007 release has been addressed. [BNADC-15246]
Fixes
Firmware Version 6.5.0.007
- Fix: Barracuda Load Balancer ADC can now handle HTTP2 response of more than 1MB size. [BNADC-15201]
- Fix: With HTTP(S) and Simple HTTP(S) tests, you can skip the Test Match by providing "skip-match" as the value in the Test Match field. [BNADC-15195]
- Fix: In a rare case where the Data Path crashed with heavy load, has been addressed now. [BNADC-15049]
- Fix: It is now possible to upgrade the firmware on BarracudaLoadBalancerADC-vm4.4.3-fw6.3.0.008-20181114 based VMs. [BNADC-15005]
- Fix: Elliptic curves can be selected when TLSv1.3 is enabled. [BNADC-15003]
- Fix: Cookie-Persistence header value is read even if it is after 16th headers in the HTTP request. [BNADC-14997]
- Fix: High CPU utilization due to parsing of CSS file having URL's in quoted strings, has been addressed. [BNADC-14919]
- Fix: The 'SameSite' cookie attribute is now honored. [BNADC-10486]
- Fix: Extra checks are added to prevent from HTTP Request Smuggling attacks.[BNADC-15174]
- Fix: Issue with Client Impersonation when servers were configured with port ranges, has been addressed. [BNADC-15173]
- Fix: Issue with RSA Authentication on Chrome browsers, has been resolved. [BNADC-15077]
- Fix: Problem related to bind error messages populating in system logs, has been addressed.[BNADC-15044]
- Fix: The GSLB DNS proxy version is not exposed to any lookup command. [BNADC-15170]
- Note: Customers upgrading from 6.5.0.002/6.5.0.003 to this version will lose all the existing logs due to mongod memory usage fix
Firmware Version 6.5.0.004
The higher memory usage seen with mongod binary with previous versions of 6.5 firmware has been addressed.[BNADC-14975]
Firmware Version 6.5.0.003
- The 6.4 firmware that caused a regression leading to a rare condition in presence of dual authentication (here the user information on the authentication header that was passed to back-end server was getting swapped) has been addressed. [BNADC-14945]
- The watchdog functionality that was missing in firmware version 6.5.0.002 has been restored. [BNADC-14955]
- An issue seen in the FTPSSL module leading to a data path crash has been fixed. [BNADC-10248]
Firmware Version 6.5.0.002
- Reporting issues related to choosing multiple filters has been fixed.[BNADC-14882]
- An issue where sometimes other LDAP admins were not able to process the SMB backup taken earlier has been fixed. [BNADC-14872]
- An issue with reporting to support multiple unique attack types as Reporting filters, has been fixed. [BNADC-14854]
- An Issue related to invalid Netmask entry for Policy Based Routing fields, have been fixed. [BNADC-14853]
- Certificates can downloaded using REST API. [BNADC-12705]
- The log rotation issue caused on the latest build hardwares ( platform 5 devices), has been fixed.[BNADC-10566]
- The ACL chains that were missing and causing service interruption, has been addressed now. [BNADC-10550]
- Service rename operation for Servers with configured hostname causing the Configuration Rollback, has been addressed.[BNADC-10520]
- An UI load issue due to improper database logs, has been addressed now. [BNADC-10497]
- An issue with 6.3 firmware upgrade that was resetting few of the parameters to default values of HTTP test , has been addressed now.[BNADC-10489]
- The Response Body Rewrite to support Storefront configurations, has been corrected. [BNADC-10488]
- Stricter checks have been enforced on header names to prevent possible evasions that can be used in the execution of HTTP smuggling attacks. [BNADC- 10445] [BNADC- 10431]
- An issue related to Server Display Name length, has been fixed. [BNADC-10420]
- An issue related to HTTP2 Enabling for Instant SSL service, has been addressed.[BNADC-10361]
- An issue for receiving wrong Subscription Expiration emails and alerts, has been fixed.[BNADC-10360]
- An issue related to Summary Logs Rotation and storage, has been fixed.[BNADC-10354]
- The cef character = is escaped in cookie string. [BNADC-10345]
- Connection Logs format issue for successful ELK integration, has been fixed. [BNADC-10282]
- An issue generated when configuring more than 3000 SNI domains, has been addressed.[BNADC-10277]
- Config Wipeout issue for the faulty configuration changes, has been addressed .[BNADC-10246]
- Country-Code as extended match element in Allow/Deny Rules, can be defined.[BNADC-10183]
- An issue related to SMTP greeting message to use Hostname and Domain, has been addressed.[BNADC-10160]
- Servers with hostnames that were resulting into NULL during the hostname resolution, has been fixed.[BNADC-9938]
- Support for IPV6 netmask value for Persistence Netmask field under Source IP persistence type, has been provided.[BNADC-9737]
- An issue related to Enabling Service Group persistence, has been addressed.[BNADC-9604]
- High CPU usage by the ATD process, has been addressed.[BNADC-9242]
- An issue created when the system memory usage crosses the configured threshold memory on a standalone has been fixed by restart the Data Path Process to avoid system going to hang state.[BNADC-14886]