den 21 maj 2012 av Mikko Vartiainen
Clavister har släppt version 9.30.04 av CorePlus. Releasen innehåller mestadels stabilitetsförbättrningar och buggfixar, men även inkluderar även en åtgärdad sårbarhet.
Certezza rekommenderar samtliga kunder som har installationer av CorePlus 9.30 att uppgradera till denna version.
Kontakta Certezza Support vid frågor
Telefon: 08-791 92 00
||The dconsole CLI command did not always print a prompt after the listing.
||The CLI command 'sslvpn' was limited to listing 30 sessions. A new parameter,
'-num=', has been added to list more lines than the default limit.
||The SG4300 unit could in some situations with heavy load of IPsec traffic freeze
during reconfigure when tunnels were renegotiated quickly.
||Unexpected behavior could occur due to memory management issues
associated with LDAP authentication.
||A configuration with the now obsolete selection of Log And Event Receiver
category '36 (USAGE)' would send out empty log data. The configuration is now silently
updated to not include this category.
||In rare High Availability scenarios where a large amount of IPsec traffic (with a
very large number of tunnels) was causing high utilization of the Security Gateway's
resources, it was possible that both nodes were set as the active node.
||Synchronization of routes in an HA scenario on the SG10/SG50/SG60 appliances
could in rare occasions result in unexpected behavior because of unaligned data access.
||The destination IP filter on the Connections Status page was not working
||Route Fail Over did not work properly for IPsec tunnels.
||In rare occasions there was a small risk of an unexpected reboot of the Security
Gateway in a scenario with web authentication and multiple users.
||In scenarios where all routes announced in an OSPF area are added to a routing
table, pre-existing static routes could be overwritten. Now static routes received from the
OSPF process will not replace pre-existing static routes in a routing table.
||Not defining a DNS server in the static IP section while running the
Configuration Wizard triggered a false error notice after the deployment.
||The decoding of a URL containing an encoded NULL was not properly handled.
This vulnerability has been addressed and URLs containing "%00" are considered invalid.