It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

Release Notes Version 10.1.1

  • Last updated on
Please Read Before Updating

Before updating to a new firmware version, be sure to back up your configuration and read the release notes for each firmware version that you will apply.

Do not manually reboot your system at any time during an update, unless otherwise instructed by Barracuda Networks Technical Support. The update process typically takes only a few minutes to apply. If the process takes longer, please contact Barracuda Networks Technical Support for assistance.

If a server is added with the hostname, the Barracuda Web Application Firewall will automatically create server entries for all IP addresses that resolve to the configured host name. Deleting the first server that was added with the hostname will now delete all the automatically created server entries. [BNWF-25536]

  • With the OpenSSL1.1.0, certificates signed with MD5 are no longer supported. Please replace such certificates with SHA1/SHA256 signed certificates before upgrading to 10.0.x. If an upgrade is done without replacing these certificates, services using them will go down and rollbacks will occur. [BNWF-31980]
  • Attackdef 1.172 is shipped with this firmware. It has changes relevant to the firmware's interoperability with the Barracuda Block Listed IP database. [BNWF-32541]
Fixes and Enhancements in 10.1.1 
  • Feature: Barracuda WAF now supports integration with two Gemalto Network HSM's in High Availability (HA) mode. [BNWF-34554]
  • Feature: New UI enhancements have been made for the NETWORKS, ACCESS CONTROL and SECURITY POLICIES tab. [BNWF-34470] [BNWF-34070] [BNWF-33972]
  • Feature: The notification alerts and emails have been enhanced to reflect the Content Rule's name in Server Up/Down events. [BNWF-20352]
  • Enhancement: Ability to add multiple fields in headers to filter, cloaking etc., and with a single save, has been enhanced. [BNWF-34034]
  • Enhancement: Migration of ACCESS CONTROL page's older table to New DataTables widget has been enhanced. [BNWF-33982]
  • Enhancement: Enhanced UI Integration to display the configurational fields related to SSL/TLS Quick Settings of Advanced SSL options. [BNWF-33974]
  • Fix: An issue where certificates/services were not visible on the WAF Control Center when HTTPS only was enabled on the connected WAF9(s) is now fixed. [BNWF-45411]
  • Fix: An issue where the user was not able to add a JSON key profile on the WAF via BCC in the Websites > JSON Security page has been addressed. [BNWF-45381]
  • Fix: Internal CA bundle has been updated. [BNWF-45357]
  • Fix: Login IP and Admin name will be correctly logged in Audit logs for configuration updates done by the internal hostname resolution process. [BNWF-45157]
  • Fix: Failed export of access logs to FTP server will be correctly logged in the system logs. [BNWF-45156]
  • Fix: Due to stale entries in the database, there was an issue in deleting some certificates. This issue has been fixed. [BNWF-45099]
  • Fix: An issue where "Configuration rolled back", "Configuration update in progress" were not visible in the proxy view of WAF Control Center. [BNWF-45034]
  • Fix: The certificate failures are recorded with a system log that indicates a "failure in SSL Object creation" with an error string "SSL Object error".[BNWF-45022]
  • Fix: An issue with CRL auto-update process due, which was trying to update the CRLs for a service and did not have client auth enabled, has been fixed. [BNWF-44965]
  • Fix: Memory leak in data path due to SSL fingerprinting has been fixed. [BNWF-44954]
  • Fix: An issue where the status of TLS1.3 for rule group servers displayed incorrectly has been fixed. [BNWF-44940]
  • Fix: An issue that caused the data path outage because of web socket upgrade request when Advance Bot Protection was enabled is now fixed. [BNWF-44938]
  • Fix: If Host header is provided with additional header under Application Layer Health Check, the out-of-band health checks will now use HTTP/1.1 connections along with 'Connection: close' header to make the request non-persistent. [BNWF-44933]
  • Fix: An issue where the configuration reverted to its initial state upon firmware upgrade due to DB corruption has been fixed. [BNWF-44846]"
  • Fix: An issue in the data path that ensures the resources are not locked up for a time longer than 150 seconds has been fixed. [BNWF-44829]
  • Fix: Outage due to enabling "Allowed Groups" for ActiveSync has been fixed. [BNWF-44824]
  • Fix: An outage observed due to Tarpit and Rate Control has been fixed. [BNWF-44815]
  • Fix: An issue with CRL auto-update feature that was causing the auto-update to fail has been fixed. [BNWF-34552]
  • Fix: Memory leak issue with data lake ingestion process has been addressed. [BNWF-34542]
  • Fix: The User Contexts handling for Kerberos is sanitized. [BNWF-34532]
  • Fix: An issue with SNI domains not being visible when the locale was set to French has been fixed. [BNWF-34513]
  • Fix: An issue with memory hog caused by the process responsible for syncing the throughput data to the WAF Control Center has been fixed. [BNWF-34507]
  • Fix: Issues related to the WAF connecting with EventHub have been fixed. [BNWF-34493]
  • Fix: Support has been provided to configure only the ECDSA certificate for the service. [BNWF-34022]
  • Fix: A CPU hog issue caused by the Adaptive Learning feature has been fixed. [BNWF-34019]
  • Fix: An issue that occurred because Configuration Management failed to copy a parameter profile has been fixed. [BNWF-33978]
  • Fix: REST API support to prevent conflicting configuration changes for SSL/TLS Quick settings has been added. [BNWF-33969]
  • Fix: The ECDSA Certificate bound to a service to achieve the Modern SSL/TLS Quick Settings has been enforced. [BNWF-33968]
  • Fix: An issue where the file containing viruses was not getting blocked intermittently has been addressed.[BNWF-33891]
  • Fix: An outage occurred by certain FTP data path handling has been fixed by introducing a new variable in the ADVANCED > System Configuration > Traffic-management page. [BNWF-31766]
  • Fix: The asynchronous event handling is enhanced to avoid possible resource issues seen on some installations. [BNWF-31716]
  • Fix: A rare race-condition that led to continuous configuration rollbacks and eventually to a wipeout of the entire configuration has been fixed. [BNWF-30148]
  • Fix: Binding a custom parameter class to a JSON key profile now works as expected. [BNWF-29886]
  • Fix: Kerberos authentication with case-insensitive domain has been addressed. [BNWF-18362]


Last updated on