Node Operating System and Software Changelogs

Published April 5, 2023 | Last modified February 7, 2026

Objective

This document provides the release details for F5 Distributed Cloud Services Customer Edge (CE) sites. It covers Node software release versions, Node Operating System (OS) versions and associated changelogs for both the OS and the certified software images (CRT).

The F5 Distributed Cloud Services CE site supports the following types of software images:

  • A CRT image intended for fast roll out of features, enhancements, and bug fixes. Updates to CRT happen dynamically and can contain minor fixes to major updates.
  • An LTS image intended for supporting the CE software for long term and mainly offers a number of bug fixes. Updates on LTS base image can happen dynamically and can contain only bug fixes. However, LTS base images will also change every six months, offering features and bug fixes delivered (via CRT versions) in those six months.

Note: Any release version that is more than 6 months old is not supported. It is recommended to upgrade the software to the latest release.

Node Software Changelogs

CRT Images

This section details information about Node Software Release version and updates related to the specific CRT images.

crt-20250701-0201

Node software version crt-20250701-0201 is updated as part of February 06, 2026 SaaS hotfix release.

A hotfix was implemented to fix csi-azuredisk-node pod crashes for Azure VNET sites with alternate region configuration.

A fix has been released for a critical issue where csi-azuredisk-node pods would crash on Azure VNET sites with alternate region configurations. This behavior, which triggered critical alerts on software version (until crt-20250701-0200) and OS versions (9.2025.17 or 9.2025.39), is fully addressed in the new software version crt-20250701-0201.

crt-20250701-0200

Node software version crt-20250701-0200 have been delivered with the following updates:

This CE release includes Monthly WAF Signatures update published on January 21, 2026.

Updated WAF Attack signatures (2026.01.14), Threat campaigns (2026.01.14), and Bot signatures (2026.01.12) replacing versions that were a month old. This release added 46 new signatures to enhance the detection of potential attack vectors, with updates deployed across all Regional Edges (REs) and new Customer Edge (CE) image was also released.

crt-20250701-0199

Node software version crt-20250701-0199 have been delivered with the following updates:

This CE release includes attack signatures designed to mitigate following vulnerabilities published on December 11, 2025:

React Vulnerability: CVE-2025-55182

React/Next.js Vulnerabilities: CVE-2025-55183, CVE-2025-55184

crt-20250701-0198

Node software version crt-20250701-0198 is updated as part of December 8, 2025 SaaS hotfix release.

Caveat: Incorrect image referenced for download and copy image actions for Secure Mesh Site v2 for GCP.

Workaround:

Until this issue is resolved, F5 recommends you:

  1. Navigate to Manage > Site Management > Secure Mesh Sites v2.

  2. For your site, click ... > Launch Instance. This action opens the CE image listing on GCP Marketplace, in a new browser tab.

Alternatively, you can use this image link to download the image file. Verify the integrity of the file using the MD5 checksum: 7de9389feb1929f5131a9c0fa0f7a3af.

Fixed: Intermittent node-exporter image pull failures due to CRI-O registry handling.

The node-exporter image was hosted on https://gcr.io/. Starting with this release, the same image is now served from https://gcr.download.volterra.io. Due to a known issue in CRI-O, image downloads may intermittently fail when the image digest is identical but sourced from a different container registry.

Fix: The node-exporter image reference has been updated to ensure consistent sourcing from https://gcr.download.volterra.io, eliminating the repository mismatch and preventing intermittent CRI-O pull failures.

crt-20250701-0197

Node software version crt-20250701-0197 is updated as part of December 6, 2025 SaaS Release.

Note: Customer Edge (CE) fixes were released on December 06, 2025. Click here for SaaS changelogs.

crt-20250613-3382

Node software version crt-20250613-3382 is updated as part of September 20, 2025 SaaS Release. Click here for SaaS changelogs.

crt-20250526-3346

Node software version crt-20250526-3346 have been delivered with the following updates:

Description: Memory leak fix for remote-discovered endpoints within DNS-defined origin pools.

Symptoms: Resource exhaustion and instability caused by memory leak due to stale remote endpoint information not being cleaned up during DNS refresh cycles.

Conditions: Occurs when managing remote-discovered endpoints within DNS-defined origin pools during DNS refresh cycles where stale endpoint information is not properly deleted.

Fix: Proper deletion of invalid remote-discovered endpoint data has been implemented, eliminating the memory leak and improving system reliability and resource efficiency.

crt-20250526-3345

Node software version crt-20250526-3345 have been delivered with the following updates:

A Hotfix was Implemented to Address the Bug in the Utility Used to Pull Images in Customer Edge (crio).

Description: Effective with release crt-20250526-3343, we switched the container repository domain to gcr.download.volterra.io from gcr.io. This change has revealed a bug in the crio utility that Customer Edge sites use to download images. As a result, the system may fail to pull images correctly when upgrading from a previous version that used the old address. In this case the versions immediately preceeding crt-20250526-3343 the gubernator version has remained the same but referenced from gcr.io.

Symptoms: This issue affects Customer Edge (CE) sites when upgrading from a software version released before crt-20250526-3343 to version crt-20250526-3343 or any subsequent version. The crt-20250526-3343 image was introduced as part of the June 05, 2025 release.

Conditions: This issue affects Customer Edge (CE) sites when upgrading from a software version released before crt-20250526-3343 to version crt-20250526-3343 or any subsequent version.

Fix: To resolve the crio bug, we will publish a new CE software version that includes an updated gubernator image. This is a one-time fix, as the domain change that caused the issue will not happen again, and we have confirmed no other services are affected in the same way.

crt-20250526-3344

Node software version crt-20250526-3344 have been delivered with the following updates:

Fixed Incorrect Endpoint References in the Production SRE Configuration.

Description: The production SRE configuration referenced incorrect endpoints, causing SMSv2 production sites to attempt connections to staging infrastructure (download.volterra.us) instead of production endpoints (.io domain). This misconfiguration led to the incorrect connections.

Symptoms: The staging endpoint waferdatasetsprod.download.volterra.us:443 was appearing in the production squid proxy logs.

Conditions: NA

Fix: Includes following updates:

Configuration Update: Updated the SRE production model to reference the correct production endpoints with the .io domain instead of the staging endpoints with the .us domain.

Model Repository Changes: Updated the production version prioritization in the model repository to ensure sites restart with the correct configuration.

Testing and Validation:

  • The changes were tested on demo1, CRT, and staging environments to verify their effectiveness.
  • Verified older sites, such as CRT 13.60.209.206, to ensure that the migration from .us to .io endpoints was successful for getappparamsraw.
crt-20250526-3343

Node software version crt-20250526-3343 is updated as part of June 05, 2025 SaaS Release. Click here for SaaS changelogs.

crt-20250321-3112

Node software version crt-20250321-3112 have been delivered with the following updates:

Description: When SMv2 VMware CE is installed with OVA and proxy ip is set in OVF input, Custom Proxy setting in SMv2 UI is not applied to that CE.

Symptoms: When SMv2 vmware CE is installed with OVA and proxy ip is set in OVF input, Custom Proxy setting in SMv2 UI is not applied to that CE.

Conditions: Always seen when smv2 vmware CE is installed with OVA and proxy ip is set in OVF input.

Fix: Priority is fixed for proxy config and smv2 UI configuration overwrites proxy setting used during CE installation.

crt-20250321-3111

Node software version crt-20250321-3111 does not have CE Release Notes.

crt-20250312-3111

Node software version crt-20250312-3111 does not have CE Release Notes.

crt-20250310-3111

Node software version crt-20250310-3111 does not have CE Release Notes.

crt-20250312-3095

Node software version crt-20250312-3095 does not have CE Release Notes.

crt-20250122-3094

Node software version crt-20250122-3094 is updated as part of January 28, 2025 SaaS Release.

crt-20250110-3092

Node software version crt-20250110-3092 does not have CE Release Notes.

crt-20250110-3091

Node software version crt-20250110-3091 does not have CE Release Notes.

crt-20250110-3090

Node software version crt-20250110-3090 have been delivered with the following updates:

Description: Update GeoIP database to correct the geolocations of IPs from Dallas, USA and unblock customer traffic.

Symptoms: For certain customers, traffic from Dallas, USA is geolocated in Jakarta, India and blocked.

Conditions: For certain customers, traffic from Dallas, USA is geolocated in Jakarta, India and blocked.

Fix: Update the GeoIP database to fix the geolocations of IPs from Dallas, USA, and unblock customer traffic.

crt-20250110-3089

Node software version crt-20250110-3089 does not have CE Release Notes.

crt-20241206-3066

Node software version crt-20241206-3066 does not have CE Release Notes.

crt-20241012-3009

Node software version crt-20241012-3009 have been delivered with the following updates:

Description: VLAN interface does not work on Secure Mesh V2 CE.

Symptoms: When VLAN interface is configured on Secure Mesh V2 CE, data plane pods like ver, argo continue restarting.

Conditions: When VLAN interface is configured on Secure Mesh V2 CE.

Fix: Config generation for Secure Mesh V2 VLAN interface is fixed.

crt-20241012-3008

Node software version crt-20241012-3008 have been delivered with the following updates:

Description: Fix SiteCLI Command Line Injection.

Symptoms: SiteCLI arguments can be used to call any command on host.

Conditions: SiteCLI with arguments.

Fix: Sanitize the SiteCLI command input.

crt-20241012-3007

Node software version crt-20241012-3007 have been delivered with the following updates:

Description: Fixed for voucher issue where voucher runs as non-leader in case of single node cluster and manual restart of voucher was required as recovery mechanism.

Symptoms: Voucher runs as a non-leader on single node site incase it failed to renew its leader lease on time.

Conditions: Voucher runs as a non-leader on single node site incase it failed to renew its leader lease on time.

Fix: Added preventive health check in voucher which will make sure leader replica of voucher always be able to renew its lease and incase of failure it will be restarted automatically by kubernetes.

crt-20241012-3006

Node software version crt-20241012-3006 have been delivered with the following updates:

Description: Fix SecureMesh V2 nic naming, JWT proxy, and IPv6 issue.

Symptoms: VMWare CE site cannot configure enableIpv6, RHEL CE occasionally fails to come up after reboot, CE request destination not listed in firewall reference list, CE cannot support nic with capital letters.

Conditions: VMWare CE with IPv6 configuration, RHEL reboot with systemd-resolved enabled, SecureMesh V2 site token proxy endpoint, SecureMesh V2 Azure nic configuration.

Fix: Handle the edge cases for the above symptoms.

crt-20241001-3003

Node software version crt-20241001-3003 have been delivered with the following updates:

Description: Node software is updated as part of October 07, 2024 SaaS Release.

Symptoms: NA

Conditions: NA

Fix: The following updates have been delivered delivered:

  • Updated kernel - 5.14.0-427.35.1.el9_4

  • Fixed CVEs: CVE-2024-26808 CVE-2024-36017 CVE-2021-47548 CVE-2024-27397 CVE-2024-26868 CVE-2024-5564 CVE-2021-47459 CVE-2024-38586 CVE-2023-52626 CVE-2024-35845 CVE-2024-24806 CVE-2024-35857 CVE-2024-35969 CVE-2024-36005 CVE-2024-26982 CVE-2024-26783 CVE-2024-35870 CVE-2024-35960 CVE-2024-27049 CVE-2023-52458 CVE-2024-35958 CVE-2024-36886 CVE-2024-36904 CVE-2023-52667 CVE-2024-26974 CVE-2024-26853 CVE-2024-27052 CVE-2024-35848 CVE-2024-40954 CVE-2024-27046 CVE-2024-35907 CVE-2024-36924 CVE-2024-27435 CVE-2024-27393 CVE-2024-35852 CVE-2024-36941 CVE-2024-4032 CVE-2023-45290 CVE-2024-36952 CVE-2024-26858 CVE-2024-40928 CVE-2024-40961 CVE-2023-52809 CVE-2024-38580 CVE-2023-52638 CVE-2021-47606 CVE-2024-36020 CVE-2024-36971 CVE-2024-40958 CVE-2024-6409 CVE-2024-26880 CVE-2021-47596 CVE-2024-38543 CVE-2024-26828 CVE-2024-35800 CVE-2024-38575 CVE-2024-1737 CVE-2024-4076 CVE-2024-28180 CVE-2024-36957 CVE-2024-26801 CVE-2024-35937 CVE-2024-36489 CVE-2024-36903 CVE-2024-36921 CVE-2024-36270 CVE-2024-26600 CVE-2024-27417 CVE-2024-35911 CVE-2024-38558 CVE-2024-39487 CVE-2024-37353 CVE-2022-48743 CVE-2024-26773 CVE-2024-35885 CVE-2022-48627 CVE-2021-47400 CVE-2023-52864 CVE-2024-35899 CVE-2024-36929 CVE-2024-28176 CVE-2024-26737 CVE-2024-26852 CVE-2024-27030 CVE-2024-38593 CVE-2024-27434 CVE-2024-33621 CVE-2024-1975 CVE-2024-1394 CVE-2024-38663 CVE-2023-31346 CVE-2024-26897 CVE-2024-35823 CVE-2024-37356 CVE-2024-21823 CVE-2024-27065 CVE-2024-35789 CVE-2024-36922

crt-20240819-2917

Node software version crt-20240819-2917 have been delivered with the following updates:

Description: Fixed an issue with SecureMesh Site V2 provisioning and executing Admin CLI on CentOS.

Symptoms: Issue with Securemesh V2 site provisioning and AdminCLI on CentOS.

Condition: Securemesh V2 fails provisioning for traffic issue when processing registration and results in deadlock. AdminCLI fails on all CentOS host.

Fix: Ensure the provisioning check can go through when traffic is interrupted. Resolved the dependency issue for AdminCLI.

crt-20240819-2916

Node software version crt-20240819-2916 have been delivered with the following updates:

Description: Azure Vnet sites registration failure. No known workaround.

Symptoms: Azure Vnet sites registration failure

Condition: Bring up Azure Vnet site.

Fix: For Azure Vnet sites, ensure that proxy is only used when https proxy is present in configuration.

crt-20240819-2915

Node software version crt-20240819-2915 have been delivered with the following updates:

Description: Securemesh V2 sites do not auto register. No known workaround.

Symptoms: Securemesh V2 sites do not auto register.

Condition: Bring up a Securemesh V2 site.

Fix: Enable Securemesh V2 site to register by providing the required information to gather the geo location.

crt-20240809-2914

Node software version crt-20240809-2914 have been delivered with the following updates:

Description: Node software is updated as part of August 2024 SaaS Release.

Symptoms: NA

Condition: NA

Fix: NA

crt-20240730-2798

Node software version crt-20240730-2798 have been delivered with the following updates:

Description: This is to fix ephemeral port leak during session teardown to origin server.

Symptoms: Load balancers would report 5xx error after working fine for couple of days.

Condition: Continuous traffic to Origin server with packet transmission during session teardown.

Fix: TCP session to origin server is source IP and source port translated. Source port is allocated when session is setup, and it is released when session is torn down. After the session has been deleted in forwarding plane due to TCP reset or four way teardown, if CE receives a packet from origin servers belonging to same session which was deleted, then a new session entry was created which was leaking port internally and future TCP session would get affected due to this. TCP packet reception after teardown is rare and happens mostly in race case. Fix ensures that in such scenarios we don't leak ports.

crt-20240528-2794

Node software version crt-20240528-2794 have been delivered with the following updates:

Description: Fixed the SSH configuration for the user to use SSH with public key.

Symptoms: NA

Condition: NA

Fix: NA

crt-20240528-2793

Node software version crt-20240528-2793 is updated as part of May 28, 2024 SaaS Release.

crt-20240329-2728

Node software version crt-20240329-2728 have been delivered with the following updates:

Description: Fixes CVE-2024-30255 for Envoy's nghttp2 library.

Symptoms: This allows an attacker to send a sequence of CONTINUATION frames without the END_HEADERS bit set causing CPU utilization, consuming approximately 1 core per 300Mbit/s of traffic and culminating in denial of service through CPU exhaustion.

Condition: Envoy's HTTP/2 codec allows the client to send an unlimited number of CONTINUATION frames even after exceeding Envoy's header map limits.

Fix: Update envoy with nghttp2 patch to fix this issue and set MAX_CONTINUATIONS in envoy for nghttp2.

crt-20240329-2727

Node software version crt-20240329-2727 have been delivered with the following updates:

Description: Due to internal logging mechanism issue, traffic propagation is slow to reach CE Site.

Symptoms: Slowdown in configuration propagation during heavy load.

Condition: System is trying to auto-mitigate L7 DDoS attack by blocking thousands of IP addresses.

Fix: Internal logging will be bypassed for relevant configuration object, thus unblocking configuration propagation.

crt-20240326-2726

Node software version crt-20240326-2726 is updated as part of March 26, 2024 SaaS Release.

crt-20240318-2652

Node software version crt-20240318-2652 have been delivered with the following updates:

Description: Managed k8s (PK8s) has an insecure private registry configuration. But those are updated only to docker configuration, causing nodes with cri-o unable to pull images from insecure private registry. And updating netapp version for adding missing permission on CRD.

Symptoms: TLS certificate error when pulling image from insecure private registry in PK8s.

Condition: Site enabled with PK8s trying to pull image from insecure private registry.

Fix: Insecure registries from managed k8s configuration is updated to registry configuration in Site nodes.

crt-20240220-2651

Node software version crt-20240220-2651 have been delivered with the following updates:

Description: When Site is created with specific Secure Mesh Site configuration, vhost0 cannot receive IP and lost connectivity.

Symptoms: During pod installation, Site lost connectivity after argo pod started.

Condition: This issue is observed when Site is created with Secure Mesh Site configuration, and Secure Mesh Site does not have static IP for Ethernet interface of vhost0.

Fix: For this case, IP is chosen from existing Ethernet interface on that node.

crt-20240213-2648

Node software version crt-20240213-2648 have been delivered with the following updates:

Description: Fixed an issue with local UI authentication.

Symptoms: Site local UI authentication does not work properly.

Condition: Fixed an issue with local UI authentication.

Fix: The software version has fixed local UI authentication.

crt-20240123-2647

Node software version crt-20240123-2647 have been delivered with the following updates:

Description: This fixes the tunnel flapping observed in CEs due to a warning being treated as error. Certificate validation fails in IKE (as OCSP/CRLs are not configured) and this was being treated as error (with the recent change in IKE) and that resulted in Vega flapping the tunnel.

Symptoms: IPSec tunnel is continuously flapping.

Condition: NA

Fix: This hotfix suppresses the new errors reported from IKE to vega. This will prevent vega from flapping the tunnel.

crt-20240120-2644

Node software version crt-20240120-2644 have been delivered with the following updates:

Description: ENVOY Pod crashed during JavaScript invocation from Layer 7 ACL.

Symptoms: Incoming request have NO User-Agent field and it leads to crash.

Condition: Layer 7 ACL invokes Javascript challenge to safeguard from malicious activity. Javascript challenge relies on user-agent to handle it. Since user-agent is missing in the request, the system was unable to handle and leads to crash.

Fix: Fixed the Envoy Pod crash. After the fix, traffic disruption will not occur.

crt-20240117-2643

Node software version crt-20240117-2643 have been delivered with the following updates:

Description: On the crt-20240117-2642 release, a virtual host route validation is added which may cause specific route to be incorrectly added.

Symptoms: Virtual host route configuration could not get deployed and load balancer may show 404 error.

Condition: When virtual host configuration change or update happens.

Fix: This release reverted the route validation.

crt-20240117-2642

Node software version crt-20240117-2642 is updated as part of January 16, 2024 SaaS Release.

crt-20231223-2640

Node software version crt-20231223-2640 have been delivered with the following updates:

Description: Pod is not evicted during node drain when software version upgrade is happening.

Symptoms: Pod is not evicted during node drain.

Condition: During software upgrade and node drain option enabled.

Fix: Fixed node drain so that it is able to evict pod.

crt-20231223-2639

Node software version crt-20231223-2639 have been delivered with the following updates:

Description: The following issues are fixed:

  • Activate bond members when storage interfaces are configured with bonding
  • When bond of network interface is configured, sometimes DNS configuration is not correctly applied

Symptoms: The following symptoms are observed:

  • when bond is configured for storage interfaces, bond members are not activated until node is rebooted
  • When bond of network interface is configured, when vhost0 interface is created, DNS configuration can become empty

Condition: NA

Fix: VPM is updated to resolve the issues.

crt-20231223-2638

Node software version crt-20231223-2638 have been delivered with the following updates:

Description: This version fixes the following issues:

  • When multiple storage interfaces with static route are configured on RHEL9 Site, static route is not applied correctly
  • When bond interface is used with RHEL9 Site, in some cases, the /etc/resolv.conf becomes empty
  • When HTTP_PROXY is configured on the Site, software update to December 12, 2023 release version fails
  • PVC creation does not work correctly on RHEL9 Site for HPE CSI

Symptoms: NA

Condition: NA

Fix: VPM and CSI images are updated to resolve the issues.

crt-20231218-2637

Node software version crt-20231218-2637 have been delivered with the following updates:

Description: Fixed Argo crash while fetching NAT IP.

Symptoms: Argo daemon used to crash while configuration for physical interface was getting updated, resulting in pod restart.

Condition: Upon configuration change of a physical interface, Argo rebuilds the NAT IP list which would be used for flow setup. As part of change handling NAT IP update was not atomic, and in race case, forwarding threads could see an inconsistent NAT IP list which could be empty, causing segmentation fault.

Fix: NAT IP list update is made atomic by using a covering structure which holds both IP list and count of IP, making update consistent across forwarding threads.

crt-20231212-2636

Node software version crt-20231212-2636 have been delivered with the following updates:

Description: Fixed docker service start issue after Site upgraded to the crt-20231212-2635 version.

Symptoms: When node is installed using 7.2009.27 ISO / OVA or 7.2009.45 OVA, and after it is upgraded to crt-20231212-2635, docker does not start.

Condition: Same as symptoms.

Fix: VPM is updated to resolve the issue.

crt-20231212-2635

Node software version crt-20231212-2635 is updated as part of December 12, 2023 SaaS Release.

crt-20231106-2588

Node software version crt-20231106-2588 have been delivered with the following updates:

Description: Delivered fix for following issue related to RHEL9 and CRI-O.

Symptoms: When static IP address is configured with OVF configuration, RHEL9 OVA does not correctly assign the static IP address.

Condition: This issue is seen when RHEL9 OVA is used with static IP configuration.

Fix: Issue is fixed by updating VPM.

crt-20231106-2587

Node software version crt-20231106-2587 is updated as part of SaaS release performed on November 07, 2023.

crt-20231017-2542

Node software version crt-20231017-2542 have been delivered with the following updates:

Description: Updated attack signatures to mitigate Juniper Junos® OS and Confluence vulnerabilities CVE-2023-36845, CVE-2023-22515, and CVE-2023-22515.

Symptoms: NA

Condition: NA

Fix: NA

crt-20231010-2541

Node software version crt-20231010-2541 have been delivered with the following updates:

Delivered fix for an HTTP/2 vulnerability announced as CVE-2023-44487.

crt-20231003-2540

Node software version crt-20231003-2540 have been delivered with the following updates:

Corrected issue caused by change of signature of logging of SSH login. The fix enables triggering of alerts with the new signature as well.

crt-20230912-2539

Node software version crt-20230912-2539 have been delivered with the following updates:

Corrected issue caused by change to Geo IP data vendors. Use ISO country code GB instead of UK to fix previously configured service policies.

crt-20230910-2538

Node software version crt-20230910-2538 is updated as part of SaaS release performed on September 12, 2023.

crt-20230814-2477

Node software version crt-20230814-2477 have been delivered with the following updates:

Fixed memory leak issue in the VER module when handling DNS requests in Site.

crt-20230811-2476

Node software version crt-20230811-2476 have been delivered with the following update:

  • Vega CPU utilization was high due to redundant processing.

  • Health check status was not propagated from Envoy to Vega correctly.

crt-20230807-2475

Node software version crt-20230807-2475 is updated as part of August 08 SaaS Release.

crt-20230727-2449

Node software version crt-20230727-2449 have been delivered with the following update:

OpenVPN had an issue with resolving the proxy server IP from domain name due to missing libraries in the new container image. This update fixes the issue. This applies only to CE Site deployment.

crt-20230719-2448

Node software version crt-20230719-2448 have been delivered with the following update:

Fast ACL configuration in combination with specific load balancer configuration caused service crash. This crash is fixed now in this hotfix.

crt-20230709-2447

Node software version crt-20230709-2447 is updated as part of July 11, 2023 SaaS Release.

crt-20230628-2422

Node software version crt-20230628-2422 have been delivered with the following update:

ARP requests were erroneously sent as priority tagged packets, resulting in ARP resolution issue in some environments. This is resolved by ensuring that zero VLAN tagging is not performed.

crt-20230609-2421

Node software version crt-20230609-2421 have been delivered with the following update:

Change in configured route handling of load balancer led to issues when multiple routes pointing to weighted cluster are configured in the load balancer. This version resolved that issue.

crt-20230607-2420

Node software version crt-20230607-2420 is updated as part of June 06 SaaS Release.

crt-20230526-2380

Node software version crt-20230526-2380 have been delivered with the following update:

If an incoming HTTP request comes with x-request-id, same will be retained. Otherwise, the old behaviour of generating new uuid to use in x-request-id will be triggered.

crt-20230511-2379

Node software version crt-20230511-2379 have been delivered with the following update:

ALPN negotiation is disabled for HTTP Health check connections. HTTP health checks to origin server can fail if ALPN negotiated protocol and configured protocol in HealthCheck object are different.

crt-20230419-2365

Node software version crt-20230419-2365 have been delivered with the following update:

Flow update may get triggered in different threads and a race condition was resulting in crash. This is fixed with this release.

crt-20230418-2364

Node software version crt-20230418-2364 have been delivered with the following update:

The kubelet may fail to bring up a pod running with static manifest, which causes some expected K8s pod to not run in a desired state. This version fix that issue.

crt-20230417-2363

Node software version crt-20230417-2363 have been delivered with the following update:

A fast ACL configuration was resulting in a load balancer configuration to be not installed, impacting traffic. This is fixed with this version.

crt-20230410-2360

Node software version crt-20230410-2360 have been delivered with the following update:

Fixes an issue with creating a nodeport service. This does not impact any user traffic.

crt-20230327-2320

Node software version crt-20230327-2320 have been delivered with the following update:

Data path change to avoid drops due to "IP Fragment Too Small". Ensure that fragments are greater than 576 bytes.

crt-20230324-2319

Node software version crt-20230324-2319 have been delivered with the following update:

Checksum for fragmented UDP packets was incorrect, fixed with this version.

crt-20230323-2318

Node software version crt-20230323-2318 have been delivered with the following update:

When kubelet-proxy exited unexpectedly, kubelet are unable to bring kubelet-proxy up and causes worker nodes in a NotReady state. This is fixed.

crt-20230301-2265

Node software version crt-20230301-2265 have been delivered with the following update:

Fix for issue where cross-reference between WAF security events are created incorrectly.

crt-20230228-2264

Node software version crt-20230228-2264 have been delivered with the following update:

  • Local kubeapi does not work after upgrading to the latest image.

  • DDoS Auto Mitigation: Fast ACL action not working when the advertisement in load balancer is changed from Regional Edge to Customer Edge and vice versa.

crt-20230131-2238

Node software version crt-20230131-2238 have been delivered with the following update:

Delivered fix for an issue where a drop in access logs is observed.

crt-20230131-2237

Node software version crt-20230131-2237 have been delivered with the following update:

Software is updated to support new attack signatures that are added to F5 Distributed Cloud Services App Firewall.

crt-20230123-2236

Node software version crt-20230123-2236 have been delivered with the following update:

Delivered fixe for custom error issue and a proxy crash. Also increases ETCD keepalive timeout.

crt-20230119-2235

Node software version crt-20230119-2235 have been delivered with the following update:

Delivered fix for an issue where the request length was larger than 5k when analyzing the request ID header, causing coredump.

crt-20230113-2163

Node software version crt-20230113-2163 have been delivered with the following update:

Delivered fix for an issue where namespace-based labels are not getting resolved.

crt-20221207-2162

Node software version crt-20221207-2162 have been delivered with the following update:

Node software is updated as part of the SaaS upgrade.

crt-20221122-2120

Node software version crt-20221122-2120 have been delivered with the following update:

Fix for an issue where some virtual hosts are not generating any access logs is delivered.

crt-20221116-2119

Node software version crt-20221116-2119 have been delivered with the following update:

Fix for a K8s pod crash issue is delivered.

crt-20221109-2118

Node software version crt-20221109-2118 have been delivered with the following update:

  • Requests to load balancer are failing with 5xx response.

  • AWS TGW multi-node Site's Site Local Outside load balancer fails intermittently with upstream connect error.

  • Pod in a specific node is moved to into a deadlock state.

crt-20221104-2117

Node software version crt-20221104-2117 have been delivered with the following update:

OpenVPN upgrade is delivered.

crt-20221101-2116

Node software version crt-20221101-2116 have been delivered with the following update:

Site software is updated as part of regular SaaS upgrade.

crt-20221101-2115

Node software version crt-20221101-2115 have been delivered with the following update:

Delivered fix for an issue where requests from RE to vK8s endpoints are failing is delivered.

crt-20221006-2032

Node software version crt-20221006-2032 have been delivered with the following update:

Delivered fix for an issue where load balancer cannot set priority.

crt-20221006-2032

Node software version crt-20221006-2032 have been delivered with the following update:

Fix for an issue where load balancer does not follow the set priority for an origin pool member.

crt-20220829-1745

Node software version crt-20220829-1745 have been delivered with the following update:

Fix for a MULTUS issue with user defined Pod Security Policy (PSP) is delivered.

crt-20220829-1744

Node software version crt-20220829-1744 have been delivered with the following update:

Fix for an issue that causes post upgrade site failures is delivered.

crt-20220808-1693

Node software version crt-20220808-1693 have been delivered with the following update:

Fix for a bug involving pod-to-pod communication failure is delivered.

crt-20220803-1692

Node software version crt-20220803-1692 have been delivered with the following update:

Updated as part of enhancement to evaluate network policy label on NAT flow.

crt-20220803-1691

Node software version crt-20220803-1691 is updated as part of SaaS update.

crt-20220704-1646

Node software version crt-20220704-1646 have been delivered with the following update:

  • A software issue where in continuous addition of static routes is fixed.

  • AWS Direct Connect enhancements to the Site software are delivered.

crt-20220704-1645

Node software version crt-20220704-1645 have been delivered with the following update:

Fix for an issue with cookie tampering detection is delivered.

crt-20220704-16445

Node software version crt-20220704-16445 have been delivered with the following update:

Fix for an issue with update logs is delivered.

crt-20220609-1615

Node software version crt-20220609-1615 have been delivered with the following update:

Fix for the issue where kubevirt pods are not reachable on a multi-node Site is delivered.

crt-20220607-1610

Node software version crt-20220607-1610 have been delivered with the following update:

Fix for an issue with certificate validation during HTTP to HTTPS redirect is delivered.

crt-20220510-1580

Node software version crt-20220510-1580 have been delivered with the following fixes:

  • Fleet deployment issue on multi-node Site

  • App Stack Site deployment issue for GCP using Terraform

crt-20220510-1579

Node software version crt-20220510-1579 have been delivered with the following fixes:

  • Control nodes not reachable in multi-node Site

  • IP Fabric connectivity issue between multi-node K8s Site to Regional Edge Site

crt-20220510-1578

Node software version crt-20220510-1578 have been delivered with the following update:

Fix for an issue deploying AWS TGW and Azure Sites is delivered.

crt-20220510-1577

Node software version crt-20220510-1577 have been delivered with the following update:

Software is updated to support the regular SaaS update.

crt-20220412-1548

Node software version crt-20220412-1548 have been delivered with the following update:

Software is updated to use user's password instead of default password in rewriting.

crt-20220412-1547

Node software version crt-20220412-1547 have been delivered with the following update:

Software is updated to address expiring client certificates.

crt-20220329-1460

Node software version crt-20220329-1460 have been delivered with the following update:

Fix for Site storage and node deletion issue is delivered.

crt-20220329-1459

Node software version crt-20220329-1459 have been delivered with the following update:

Update to mitigate CVE-2022-22965 (Spring4Shell) is added.

crt-20220329-1458

Node software version crt-20220329-1458 have been delivered with the following update:

A fix for container concurrency issue is delivered.

crt-20220329-1457

Node software version crt-20220329-1457 have been delivered with the following update:

A fix for container deadlock issue is delivered.

crt-20220217-1456

Node software version crt-20220217-1456 have been delivered with the following update:

A fix to ignore WAF detections in case of good traffic is delivered.

crt-20220217-1455

Node software version crt-20220217-1455 have been delivered with the following update:

A fix to reduce delay in deployment time is delivered.

crt-20220217-1454

Node software version crt-20220217-1454 have been delivered with the following update:

A fix for an issue with CRL download is delivered.

crt-20220217-1453

Node software version crt-20220217-1453 have been delivered with the following update:

The site software is updated with security enhancements.

crt-20220217-1452

Node software version crt-20220217-1452 have been delivered with the fix for route processing issue.

crt-20220217-1451

Node software version crt-20220217-1451 have been delivered with the fix for route processing issue.

crt-20220217-1450

Node software version crt-20220217-1450 have been updated as part of the SaaS upgrade. Click here for SaaS changelog.

crt-20220203-1433

Node software version crt-20220203-1433 have been updated as part of the SaaS upgrade. Click here for SaaS changelog.

crt-20220120-1413

Node software version crt-20220120-1413 have been delivered with the following update:

Fix for healthcheck failures is delivered.

crt-20211215-1372

Node software version crt-20211215-1372 have been delivered with the following update:

Fix for a login issue with GCP Node is delivered.

crt-20211215-1371

Node software version crt-20211215-1371 have been delivered with the following update:

WAF violation exception enhancement for the node software is added.

crt-20211214-1367

Node software version crt-20211214-1367 have been delivered with the following update:

Fix for Healthcheck failures due to duplicated endpoints is delivered.

crt-20211213-1365

Node software version crt-20211213-1365 have been delivered with the following update:

Fix for WAF related container crash is delivered.

crt-20211213-1364

Node software version crt-20211213-1364 have been delivered with the following update:

Updated signatures and threat campaign for the Log4j Remote Code Execution (RCE) Common Vulnerabilities and Exposures (CVE).

crt-20210827-1282

Node software version crt-20210827-1282 have been delivered with the following fixes:

Fix for UDP proxy crash is delivered.

crt-20210811-1254

Node software version crt-20210811-1254 have been delivered with the following fixes:

Creating TCP load balancer with domain name is not possible for the Site on Kubernetes after the upgrade. As a result, servion external K8s is not created without SNI by the Site on Kubernetes.

crt-20210729-1221

Node software version crt-20210729-1221 have been delivered with the following fixes:

InterfaIP present in argo NAT pool even when strict mode is set. The fix checks strict mode and avoids adding interfaIP address.

crt-20210708-1192

Node software version crt-20210708-1192 have been delivered with the FRR update and fix for the following issue:

BGP peers are disconnected every 10 seconds.

crt-20210707-1191

Node software version crt-20210707-1191 have been delivered with the following update:

GRPC timeout is incremented to 1 second for internal modules.

crt-20210702-1190

Node software version crt-20210702-1190 have been delivered with the following update:

Delivered fix for the issue of gateway response with code 502. This fix reduces number of responses of type 502.

crt-20210625-1189

Node software version crt-20210625-1189 have been delivered with the following fixes:

Node decommissioning does not delete control node.

crt-20210625-1188

Node software version crt-20210625-1188 have been delivered with the following update:

Node software is updated as part of the SaaS upgrade. Click here for SaaS changelog.

crt-20210518-1098

Node software version crt-20210518-1098 have been delivered with the following fixes:

Control node is not deleted when the node is decommissioned.

crt-20210518-1097

Node software version crt-20210518-1097 have been delivered with the following fixes:

After software upgrade, origin pools with servidiscovery objects stopped functioning.

crt-20210427-1052

Node software version crt-20210427-1052 have been delivered with the following fixes:

Local site discovering the origin pool but does not work when trying to access.

crt-20210420-1051

Node software version crt-20210420-1051 have been delivered with the following update:

NetApp Trident and PSO stopped functioning in version crt-20210420-1049. This upgrade delivers the fix.

crt-20210420-1050

Node software version crt-20210420-1050 have been delivered with the following update:

Introduces allowing of persistent volume in admission by the platform manager.

crt-20210420-1049

Node software version crt-20210420-1049 have been delivered with the following update:

Node software is updated as part of the SaaS upgrade. Click here for SaaS changelog.

crt-20210413-1025

Node software version crt-20210413-1025 have been delivered with the following update:

A render problem with Netapp Trident app is fixed.

crt-20210413-1024

Node software version crt-20210413-1024 have been delivered with the following fixes:

  • TCP Loadbalancer is not functioning.

  • Llink quality monitoring status is not correctly reporting.

crt-20210407-1023

Node software version crt-20210407-1023 have been delivered with the following fixes:

  • Trident backend job continues to stay in running mode.

  • Pure Storage Servivolume expansion does not function. Fix is delivered by upgrading to PSO v6.0.5.

crt-20210407-1022

Node software version crt-20210407-1022 have been delivered with following fixes:

  • Servimesh displays incorrectly in the UI.

  • Session init packets originated by FRR are dropped.

crt-20210405-1020

Node software version crt-20210405-1020 have been delivered with the following update:

Servimesh graph shows node from another tenant. Fix for the same is delivered.

crt-20210403-1019

Node software version crt-20210403-1019 have been delivered with the following update:

Fast ACL performancenhancements are delivered.

crt-20210312-973

Node software version crt-20210312-973 have been delivered with the following update:

Port forwarding enabling for NetApp Trident CSI is added.

crt-20210312-972

Node software version crt-20210312-972 have been delivered with the following update:

Netapp trident version is upgraded to version 21.01.1.

crt-20210312-971

Node software version crt-20210312-971 have been delivered with the following issue fixes for managed K8s.

  • kubectl drain does not function for managed K8s

  • Cluster role, cluster role binding, pod security policy, and storage class creation is not allowed using managed K8s API.

crt-20210312-970

Node software version crt-20210312-970 have been delivered with the following update:

  • Managed K8s resourlimit is enhanced to 8GB.

  • AES encryption support is added for NetApp Trident.

crt-20210220-896

Node software version crt-20210220-896 have been delivered with the following update:

Fix for endpoint discovery failure for routes from REs is delivered. This is in case of HTTP proxy.

crt-20210220-895

Node software version crt-20210220-895 have been delivered with the following update:

Node software is updated as part of regular SaaS upgrade. Click here for more information.

crt-20210203-845

Node software version crt-20210203-845 have been delivered with the following update:

Endpoint reachability (via PSK tunnel) issue for AWS TGW is fixed.

crt-20210126-844

Node software version crt-20210126-844 have been delivered with the following update:

Header manipulation issue for request_headers_to_add value in case of HTTP load balancer is fixed.

crt-20210121-843

Node software version crt-20210121-843 have been delivered with the following update:

Node software is updated as part of regular SaaS upgrade. Click here for more information.

crt-20201204-725

Node software version crt-20201204-725 have been delivered with the following update:

Performance improvements to F5® Distributed Cloud Mesh software are delivered.

Node Operating System Changelogs

Node OS Version

This section details information about Node Operating System (OS) and updates delivered with the specific OS.

9.2026.0

The following updates have been delivered:

  • Updated NFS Utilities: nfs-utils-1:2.5.4-38.el9.x86_64

  • Updated kernel: kernel-5.14.0-611.20.1.el9_7.x86_64

  • Updated CRI: cri-o-1.34.2-5.ves1.el9

  • Updated Docker: docker-ce 3:29.1.4-1.el9

  • Updated Docker CE CLI: docker-ce-cli-1:29.1.4-1.el9

  • Updated Containerd IO: containerd.io-2.2.1-1.el9

  • Removed Falcon Sensor: falcon-sensor-7.21.0-17405.el9.x86_64

  • Updated Red Hat: redhat-release-9.7-0.7.el9

This OS upgrade includes several critical security updates from Red Hat, effective November 24, 2025.

  • sqlite (RHSA-2025:20936 and RHSA-2025:11992) for version 9.8

  • libarchive (RHSA-2025:14130) for version 9.8

  • glib2 (RHSA-2025:11140) for version 9.8

  • socat (RHSA-2025:10353) for version 9.8

  • libxml2 (RHSA-2025:10699) for version 9.1

  • python3.9 (RHSA-2025:10136) for version 9.4

9.2025.39

The following updates have been delivered:

  • Added Hostname: hostname-3.23-6.el9.x86_64

  • Added NFS Utilities: nfs-utils-1:2.5.4-34.el9.x86_64

  • Updated kernel: kernel-5.14.0-570.23.1.el9_6.x86_64

  • Updated CRI: cri-o-1.32.2

  • Modified stig-hardening

9.2025.17

The following updates have been delivered:

  • Updated kernel: kernel-5.14.0-503.35.1.el9_5.x86_64

  • Updated CRI: cri-o-1.32.2

  • Updated Docker: docker-3:28.0.4

  • Updated Docker CE CLI: docker-ce-cli-1:28.0.4

  • Updated Falcon Sensor: falcon-sensor-7.21.0

  • Updated Containerd IO: containerd.io-1.7.27

  • Added fio

9.2024.44

The following updates have been delivered:

  • Fixed CVEs: CVE-2024-6232 CVE-2024-34156 CVE-2021-47383 CVE-2024-2201 CVE-2024-26640 CVE-2024-26826 CVE-2024-26923 CVE-2024-26935 CVE-2024-26961 CVE-2024-36244 CVE-2024-39472 CVE-2024-39504 CVE-2024-40904 CVE-2024-40931 CVE-2024-40960 CVE-2024-40972 CVE-2024-40977 CVE-2024-40995 CVE-2024-40998 CVE-2024-41005 CVE-2024-41013 CVE-2024-41014 CVE-2024-43854 CVE-2024-45018 CVE-2021-47385 CVE-2023-28746 CVE-2023-52658 CVE-2024-27403 CVE-2024-35989 CVE-2024-36889 CVE-2024-36978 CVE-2024-38556 CVE-2024-39483 CVE-2024-39502 CVE-2024-40959 CVE-2024-42079 CVE-2024-42272 CVE-2024-42284 CVE-2024-34155 CVE-2024-34158 CVE-2023-31356 CVE-2024-9341 CVE-2023-20584.
9.2024.40

The following updates have been delivered:

  • Updated kernel: 5.14.0-427.37.1.el9_4

  • Added stig-hardening

  • Optimized OS size

9.2024.31

The following updates have been delivered:

  • Updated kernel: 5.14.0-427.35.1.el9_4

  • Fixed CVEs: CVE-2024-26808 CVE-2024-36017 CVE-2021-47548 CVE-2024-27397 CVE-2024-26868 CVE-2024-5564 CVE-2021-47459 CVE-2024-38586 CVE-2023-52626 CVE-2024-35845 CVE-2024-24806 CVE-2024-35857 CVE-2024-35969 CVE-2024-36005 CVE-2024-26982 CVE-2024-26783 CVE-2024-35870 CVE-2024-35960 CVE-2024-27049 CVE-2023-52458 CVE-2024-35958 CVE-2024-36886 CVE-2024-36904 CVE-2023-52667 CVE-2024-26974 CVE-2024-26853 CVE-2024-27052 CVE-2024-35848 CVE-2024-40954 CVE-2024-27046 CVE-2024-35907 CVE-2024-36924 CVE-2024-27435 CVE-2024-27393 CVE-2024-35852 CVE-2024-36941 CVE-2024-4032 CVE-2023-45290 CVE-2024-36952 CVE-2024-26858 CVE-2024-40928 CVE-2024-40961 CVE-2023-52809 CVE-2024-38580 CVE-2023-52638 CVE-2021-47606 CVE-2024-36020 CVE-2024-36971 CVE-2024-40958 CVE-2024-6409 CVE-2024-26880 CVE-2021-47596 CVE-2024-38543 CVE-2024-26828 CVE-2024-35800 CVE-2024-38575 CVE-2024-1737 CVE-2024-4076 CVE-2024-28180 CVE-2024-36957 CVE-2024-26801 CVE-2024-35937 CVE-2024-36489 CVE-2024-36903 CVE-2024-36921 CVE-2024-36270 CVE-2024-26600 CVE-2024-27417 CVE-2024-35911 CVE-2024-38558 CVE-2024-39487 CVE-2024-37353 CVE-2022-48743 CVE-2024-26773 CVE-2024-35885 CVE-2022-48627 CVE-2021-47400 CVE-2023-52864 CVE-2024-35899 CVE-2024-36929 CVE-2024-28176 CVE-2024-26737 CVE-2024-26852 CVE-2024-27030 CVE-2024-38593 CVE-2024-27434 CVE-2024-33621 CVE-2024-1975 CVE-2024-1394 CVE-2024-38663 CVE-2023-31346 CVE-2024-26897 CVE-2024-35823 CVE-2024-37356 CVE-2024-21823 CVE-2024-27065 CVE-2024-35789 CVE-2024-36922.

9.2024.22

The following updates have been delivered:

  • Updated kernel-dependent packages: kernel-5.14.0-427.22.1.el9_4.x86_64

  • Updated CRI: cri-o-1.29.5-3.ves1.el9.x86_64

  • Updated CRI Tools: cri-tools-1.29.0-1.ves1.el9.x86_64

  • Updated Volterra Scripts: volterra-scripts-0.29-1.ves1.el9.x86_64

  • Updated OpenSSH: openssh-8.7p1-38.el9_4.1.x86_64

  • Fixed CVEs: CVE-2024-6387 in OpenSSH

9.2024.9

The following updates have been delivered:

  • Updated kernel-dependent packages: qat, nvidia-525xx, nvidia-425xx, and nvidia-grid

  • Upgraded RHEL 9.4 (kernel: kernel-5.14.0-427.16.1.el9_4.x86_64)

  • Added rpm packages: kernel-devel, gcc, and sg3_utils

  • Fixed CVEs: CVE-2024-2398, CVE-2023-52425, CVE-2024-28757, CVE-2023-48795, and CVE-2023-51385

9.2024.6

The following updates have been delivered:

  • Updated kernel to kernel-5.14.0-362.18.1.el9_3.x86_64

  • Fix firewall issue

9.2024.2

The following updates have been delivered:

  • Added a kernel patch to remove IPv6 debug log to improve performance. It is recommended to use this Operating System (OS) version.

  • Added multiple tools to improve debugging experience.

9.2023.30

The following updates have been delivered:

  • Added firewall service and this service will be disabled by default.
9.2023.29

The following updates have been delivered:

  • Fixed VPM issue - when static IP address is configured with VMWare OVF configuration, RHEL 9 OVA does not correctly assign the static IP address.

  • Fixed VPM issue - when static IP address is configured for baremetal node with vpm CLI, it does not correctly assign the static IP address.

  • Updated multi-path package with fix for issue - when storage interface is used with multi-path configuration, multi-path to external storage are not correctly configured.

  • Enabled persistent Network Interface Controller (NIC) naming for baremetal and use the same predictable NIC names as CentOS.

References

On this page: