Node Operating and System Changelogs
Objective
This document provides the release details for F5 Distributed Cloud Services Customer Edge (CE) sites. It covers Node software release versions, Node Operating System (OS) versions and associated changelogs for both the OS and the certified software images (CRT).
The F5 Distributed Cloud Services CE site supports the following types of software images:
- A CRT image intended for fast roll out of features, enhancements, and bug fixes. Updates to CRT happen dynamically and can contain minor fixes to major updates.
- An LTS image intended for supporting the CE software for long term and mainly offers a number of bug fixes. Updates on LTS base image can happen dynamically and can contain only bug fixes. However, LTS base images will also change every six months, offering features and bug fixes delivered (via CRT versions) in those six months.
Note: Any release version that is more than 6 months old is not supported. It is recommended to upgrade the software to the latest release.
Node Software Changelogs
CRT Images
This section details information about Node Software Release version and updates related to the specific CRT images.
crt-20250526-3346
Node software version crt-20250526-3346
have been delivered with the following updates:
Description: Memory leak fix for remote-discovered endpoints within DNS-defined origin pools.
Symptoms: Resource exhaustion and instability caused by memory leak due to stale remote endpoint information not being cleaned up during DNS refresh cycles.
Conditions: Occurs when managing remote-discovered endpoints within DNS-defined origin pools during DNS refresh cycles where stale endpoint information is not properly deleted.
Fix: Proper deletion of invalid remote-discovered endpoint data has been implemented, eliminating the memory leak and improving system reliability and resource efficiency.
crt-20250526-3345
Node software version crt-20250526-3345
have been delivered with the following updates:
A Hotfix was Implemented to Address the Bug in the Utility Used to Pull Images in Customer Edge (crio).
Description: Effective with release crt-20250526-3343, we switched the container repository domain to gcr.download.volterra.io
from gcr.io
. This change has revealed a bug in the crio
utility that Customer Edge sites use to download images. As a result, the system may fail to pull images correctly when upgrading from a previous version that used the old address. In this case the versions immediately preceeding crt-20250526-3343 the gubernator version has remained the same but referenced from gcr.io
.
Symptoms: This issue affects Customer Edge (CE) sites when upgrading from a software version released before crt-20250526-3343 to version crt-20250526-3343 or any subsequent version. The crt-20250526-3343 image was introduced as part of the June 05, 2025 release.
Conditions: This issue affects Customer Edge (CE) sites when upgrading from a software version released before crt-20250526-3343 to version crt-20250526-3343 or any subsequent version.
Fix: To resolve the crio
bug, we will publish a new CE software version that includes an updated gubernator
image. This is a one-time fix, as the domain change that caused the issue will not happen again, and we have confirmed no other services are affected in the same way.
crt-20250526-3344
Node software version crt-20250526-3344
have been delivered with the following updates:
Fixed Incorrect Endpoint References in the Production SRE Configuration.
Description: The production SRE configuration referenced incorrect endpoints, causing SMSv2 production sites to attempt connections to staging infrastructure (download.volterra.us
) instead of production endpoints (.io
domain). This misconfiguration led to the incorrect connections.
Symptoms: The staging endpoint waferdatasetsprod.download.volterra.us:443
was appearing in the production squid proxy logs.
Conditions: NA
Fix: Includes following updates:
Configuration Update: Updated the SRE production model to reference the correct production endpoints with the .io
domain instead of the staging endpoints with the .us
domain.
Model Repository Changes: Updated the production version prioritization in the model repository to ensure sites restart with the correct configuration.
Testing and Validation:
- The changes were tested on demo1, CRT, and staging environments to verify their effectiveness.
- Verified older sites, such as CRT 13.60.209.206, to ensure that the migration from
.us
to.io
endpoints was successful forgetappparamsraw
.
crt-20250526-3343
Node software version crt-20250526-3343
is updated as part of June 05, 2025 SaaS Release. Click here for SaaS changelogs.
crt-20250321-3112
Node software version crt-20250321-3112
have been delivered with the following updates:
Description: When SMv2 VMware CE is installed with OVA and proxy ip is set in OVF input, Custom Proxy
setting in SMv2 UI is not applied to that CE.
Symptoms: When SMv2 vmware CE is installed with OVA and proxy ip is set in OVF input, Custom Proxy
setting in SMv2 UI is not applied to that CE.
Conditions: Always seen when smv2 vmware CE is installed with OVA and proxy ip is set in OVF input.
Fix: Priority is fixed for proxy config and smv2 UI configuration overwrites proxy setting used during CE installation.
crt-20250321-3111
Node software version crt-20250321-3111
does not have CE Release Notes.
crt-20250312-3111
Node software version crt-20250312-3111
does not have CE Release Notes.
crt-20250310-3111
Node software version crt-20250310-3111
does not have CE Release Notes.
crt-20250312-3095
Node software version crt-20250312-3095
does not have CE Release Notes.
crt-20250122-3094
Node software version crt-20250122-3094
is updated as part of January 28, 2025 SaaS Release.
crt-20250110-3092
Node software version crt-20250110-3092
does not have CE Release Notes.
crt-20250110-3091
Node software version crt-20250110-3091
does not have CE Release Notes.
crt-20250110-3090
Node software version crt-20250110-3090
have been delivered with the following updates:
Description: Update GeoIP database to correct the geolocations of IPs from Dallas, USA and unblock customer traffic.
Symptoms: For certain customers, traffic from Dallas, USA is geolocated in Jakarta, India and blocked.
Conditions: For certain customers, traffic from Dallas, USA is geolocated in Jakarta, India and blocked.
Fix: Update the GeoIP database to fix the geolocations of IPs from Dallas, USA, and unblock customer traffic.
crt-20250110-3089
Node software version crt-20250110-3089
does not have CE Release Notes.
crt-20241206-3066
Node software version crt-20241206-3066
does not have CE Release Notes.
crt-20241012-3009
Node software version crt-20241012-3009
have been delivered with the following updates:
Description: VLAN interface does not work on Secure Mesh V2 CE.
Symptoms: When VLAN interface is configured on Secure Mesh V2 CE, data plane pods like ver, argo continue restarting.
Conditions: When VLAN interface is configured on Secure Mesh V2 CE.
Fix: Config generation for Secure Mesh V2 VLAN interface is fixed.
crt-20241012-3008
Node software version crt-20241012-3008
have been delivered with the following updates:
Description: Fix SiteCLI Command Line Injection.
Symptoms: SiteCLI arguments can be used to call any command on host.
Conditions: SiteCLI with arguments.
Fix: Sanitize the SiteCLI command input.
crt-20241012-3007
Node software version crt-20241012-3007
have been delivered with the following updates:
Description: Fixed for voucher issue where voucher runs as non-leader in case of single node cluster and manual restart of voucher was required as recovery mechanism.
Symptoms: Voucher runs as a non-leader on single node site incase it failed to renew its leader lease on time.
Conditions: Voucher runs as a non-leader on single node site incase it failed to renew its leader lease on time.
Fix: Added preventive health check in voucher which will make sure leader replica of voucher always be able to renew its lease and incase of failure it will be restarted automatically by kubernetes.
crt-20241012-3006
Node software version crt-20241012-3006
have been delivered with the following updates:
Description: Fix SecureMesh V2 nic naming, JWT proxy, and IPv6 issue.
Symptoms: VMWare CE site cannot configure enableIpv6, RHEL CE occasionally fails to come up after reboot, CE request destination not listed in firewall reference list, CE cannot support nic with capital letters.
Conditions: VMWare CE with IPv6 configuration, RHEL reboot with systemd-resolved enabled, SecureMesh V2 site token proxy endpoint, SecureMesh V2 Azure nic configuration.
Fix: Handle the edge cases for the above symptoms.
crt-20241001-3003
Node software version crt-20241001-3003
have been delivered with the following updates:
Description: Node software is updated as part of October 07, 2024 SaaS Release.
Symptoms: NA
Conditions: NA
Fix: The following updates have been delivered delivered:
-
Updated kernel -
5.14.0-427.35.1.el9_4
-
Fixed CVEs:
CVE-2024-26808
CVE-2024-36017
CVE-2021-47548
CVE-2024-27397
CVE-2024-26868
CVE-2024-5564
CVE-2021-47459
CVE-2024-38586
CVE-2023-52626
CVE-2024-35845
CVE-2024-24806
CVE-2024-35857
CVE-2024-35969
CVE-2024-36005
CVE-2024-26982
CVE-2024-26783
CVE-2024-35870
CVE-2024-35960
CVE-2024-27049
CVE-2023-52458
CVE-2024-35958
CVE-2024-36886
CVE-2024-36904
CVE-2023-52667
CVE-2024-26974
CVE-2024-26853
CVE-2024-27052
CVE-2024-35848
CVE-2024-40954
CVE-2024-27046
CVE-2024-35907
CVE-2024-36924
CVE-2024-27435
CVE-2024-27393
CVE-2024-35852
CVE-2024-36941
CVE-2024-4032
CVE-2023-45290
CVE-2024-36952
CVE-2024-26858
CVE-2024-40928
CVE-2024-40961
CVE-2023-52809
CVE-2024-38580
CVE-2023-52638
CVE-2021-47606
CVE-2024-36020
CVE-2024-36971
CVE-2024-40958
CVE-2024-6409
CVE-2024-26880
CVE-2021-47596
CVE-2024-38543
CVE-2024-26828
CVE-2024-35800
CVE-2024-38575
CVE-2024-1737
CVE-2024-4076
CVE-2024-28180
CVE-2024-36957
CVE-2024-26801
CVE-2024-35937
CVE-2024-36489
CVE-2024-36903
CVE-2024-36921
CVE-2024-36270
CVE-2024-26600
CVE-2024-27417
CVE-2024-35911
CVE-2024-38558
CVE-2024-39487
CVE-2024-37353
CVE-2022-48743
CVE-2024-26773
CVE-2024-35885
CVE-2022-48627
CVE-2021-47400
CVE-2023-52864
CVE-2024-35899
CVE-2024-36929
CVE-2024-28176
CVE-2024-26737
CVE-2024-26852
CVE-2024-27030
CVE-2024-38593
CVE-2024-27434
CVE-2024-33621
CVE-2024-1975
CVE-2024-1394
CVE-2024-38663
CVE-2023-31346
CVE-2024-26897
CVE-2024-35823
CVE-2024-37356
CVE-2024-21823
CVE-2024-27065
CVE-2024-35789
CVE-2024-36922
crt-20240819-2917
Node software version crt-20240819-2917
have been delivered with the following updates:
Description: Fixed an issue with SecureMesh Site V2 provisioning and executing Admin CLI on CentOS.
Symptoms: Issue with Securemesh V2 site provisioning and AdminCLI on CentOS.
Condition: Securemesh V2 fails provisioning for traffic issue when processing registration and results in deadlock. AdminCLI fails on all CentOS host.
Fix: Ensure the provisioning check can go through when traffic is interrupted. Resolved the dependency issue for AdminCLI.
crt-20240819-2916
Node software version crt-20240819-2916
have been delivered with the following updates:
Description: Azure Vnet sites registration failure. No known workaround.
Symptoms: Azure Vnet sites registration failure
Condition: Bring up Azure Vnet site.
Fix: For Azure Vnet sites, ensure that proxy is only used when https proxy is present in configuration.
crt-20240819-2915
Node software version crt-20240819-2915
have been delivered with the following updates:
Description: Securemesh V2 sites do not auto register. No known workaround.
Symptoms: Securemesh V2 sites do not auto register.
Condition: Bring up a Securemesh V2 site.
Fix: Enable Securemesh V2 site to register by providing the required information to gather the geo location.
crt-20240809-2914
Node software version crt-20240809-2914
have been delivered with the following updates:
Description: Node software is updated as part of August 2024 SaaS Release.
Symptoms: NA
Condition: NA
Fix: NA
crt-20240730-2798
Node software version crt-20240730-2798
have been delivered with the following updates:
Description: This is to fix ephemeral port leak during session teardown to origin server.
Symptoms: Load balancers would report 5xx error after working fine for couple of days.
Condition: Continuous traffic to Origin server with packet transmission during session teardown.
Fix: TCP session to origin server is source IP and source port translated. Source port is allocated when session is setup, and it is released when session is torn down. After the session has been deleted in forwarding plane due to TCP reset or four way teardown, if CE receives a packet from origin servers belonging to same session which was deleted, then a new session entry was created which was leaking port internally and future TCP session would get affected due to this. TCP packet reception after teardown is rare and happens mostly in race case. Fix ensures that in such scenarios we don't leak ports.
crt-20240528-2794
Node software version crt-20240528-2794
have been delivered with the following updates:
Description: Fixed the SSH configuration for the user to use SSH with public key.
Symptoms: NA
Condition: NA
Fix: NA
crt-20240528-2793
Node software version crt-20240528-2793
is updated as part of May 28, 2024 SaaS Release.
crt-20240329-2728
Node software version crt-20240329-2728
have been delivered with the following updates:
Description: Fixes CVE-2024-30255
for Envoy's nghttp2
library.
Symptoms: This allows an attacker to send a sequence of CONTINUATION
frames without the END_HEADERS
bit set causing CPU utilization, consuming approximately 1 core per 300Mbit/s of traffic and culminating in denial of service through CPU exhaustion.
Condition: Envoy's HTTP/2 codec allows the client to send an unlimited number of CONTINUATION
frames even after exceeding Envoy's header map limits.
Fix: Update envoy with nghttp2
patch to fix this issue and set MAX_CONTINUATIONS
in envoy for nghttp2
.
crt-20240329-2727
Node software version crt-20240329-2727
have been delivered with the following updates:
Description: Due to internal logging mechanism issue, traffic propagation is slow to reach CE Site.
Symptoms: Slowdown in configuration propagation during heavy load.
Condition: System is trying to auto-mitigate L7 DDoS attack by blocking thousands of IP addresses.
Fix: Internal logging will be bypassed for relevant configuration object, thus unblocking configuration propagation.
crt-20240326-2726
Node software version crt-20240326-2726
is updated as part of March 26, 2024 SaaS Release.
crt-20240318-2652
Node software version crt-20240318-2652
have been delivered with the following updates:
Description: Managed k8s (PK8s) has an insecure private registry configuration. But those are updated only to docker configuration, causing nodes with cri-o
unable to pull images from insecure private registry. And updating netapp version for adding missing permission on CRD.
Symptoms: TLS certificate error when pulling image from insecure private registry in PK8s.
Condition: Site enabled with PK8s trying to pull image from insecure private registry.
Fix: Insecure registries from managed k8s configuration is updated to registry configuration in Site nodes.
crt-20240220-2651
Node software version crt-20240220-2651
have been delivered with the following updates:
Description: When Site is created with specific Secure Mesh Site configuration, vhost0 cannot receive IP and lost connectivity.
Symptoms: During pod installation, Site lost connectivity after argo pod started.
Condition: This issue is observed when Site is created with Secure Mesh Site configuration, and Secure Mesh Site does not have static IP for Ethernet interface of vhost0.
Fix: For this case, IP is chosen from existing Ethernet interface on that node.
crt-20240213-2648
Node software version crt-20240213-2648
have been delivered with the following updates:
Description: Fixed an issue with local UI authentication.
Symptoms: Site local UI authentication does not work properly.
Condition: Fixed an issue with local UI authentication.
Fix: The software version has fixed local UI authentication.
crt-20240123-2647
Node software version crt-20240123-2647
have been delivered with the following updates:
Description: This fixes the tunnel flapping observed in CEs due to a warning being treated as error. Certificate validation fails in IKE (as OCSP/CRLs are not configured) and this was being treated as error (with the recent change in IKE) and that resulted in Vega flapping the tunnel.
Symptoms: IPSec tunnel is continuously flapping.
Condition: NA
Fix: This hotfix suppresses the new errors reported from IKE to vega. This will prevent vega from flapping the tunnel.
crt-20240120-2644
Node software version crt-20240120-2644
have been delivered with the following updates:
Description: ENVOY Pod crashed during JavaScript invocation from Layer 7 ACL.
Symptoms: Incoming request have NO User-Agent
field and it leads to crash.
Condition: Layer 7 ACL invokes Javascript challenge to safeguard from malicious activity. Javascript challenge relies on user-agent to handle it. Since user-agent is missing in the request, the system was unable to handle and leads to crash.
Fix: Fixed the Envoy Pod crash. After the fix, traffic disruption will not occur.
crt-20240117-2643
Node software version crt-20240117-2643
have been delivered with the following updates:
Description: On the crt-20240117-2642
release, a virtual host route validation is added which may cause specific route to be incorrectly added.
Symptoms: Virtual host route configuration could not get deployed and load balancer may show 404 error.
Condition: When virtual host configuration change or update happens.
Fix: This release reverted the route validation.
crt-20240117-2642
Node software version crt-20240117-2642
is updated as part of January 16, 2024 SaaS Release.
crt-20231223-2640
Node software version crt-20231223-2640
have been delivered with the following updates:
Description: Pod is not evicted during node drain when software version upgrade is happening.
Symptoms: Pod is not evicted during node drain.
Condition: During software upgrade and node drain option enabled.
Fix: Fixed node drain so that it is able to evict pod.
crt-20231223-2639
Node software version crt-20231223-2639
have been delivered with the following updates:
Description: The following issues are fixed:
- Activate bond members when storage interfaces are configured with bonding
- When bond of network interface is configured, sometimes DNS configuration is not correctly applied
Symptoms: The following symptoms are observed:
- when bond is configured for storage interfaces, bond members are not activated until node is rebooted
- When bond of network interface is configured, when vhost0 interface is created, DNS configuration can become empty
Condition: NA
Fix: VPM is updated to resolve the issues.
crt-20231223-2638
Node software version crt-20231223-2638
have been delivered with the following updates:
Description: This version fixes the following issues:
- When multiple storage interfaces with static route are configured on RHEL9 Site, static route is not applied correctly
- When bond interface is used with RHEL9 Site, in some cases, the
/etc/resolv.conf
becomes empty - When
HTTP_PROXY
is configured on the Site, software update to December 12, 2023 release version fails - PVC creation does not work correctly on RHEL9 Site for HPE CSI
Symptoms: NA
Condition: NA
Fix: VPM and CSI images are updated to resolve the issues.
crt-20231218-2637
Node software version crt-20231218-2637
have been delivered with the following updates:
Description: Fixed Argo crash while fetching NAT IP.
Symptoms: Argo daemon used to crash while configuration for physical interface was getting updated, resulting in pod restart.
Condition: Upon configuration change of a physical interface, Argo rebuilds the NAT IP list which would be used for flow setup. As part of change handling NAT IP update was not atomic, and in race case, forwarding threads could see an inconsistent NAT IP list which could be empty, causing segmentation fault.
Fix: NAT IP list update is made atomic by using a covering structure which holds both IP list and count of IP, making update consistent across forwarding threads.
crt-20231212-2636
Node software version crt-20231212-2636
have been delivered with the following updates:
Description: Fixed docker service start issue after Site upgraded to the crt-20231212-2635
version.
Symptoms: When node is installed using 7.2009.27
ISO / OVA or 7.2009.45
OVA, and after it is upgraded to crt-20231212-2635, docker does not start.
Condition: Same as symptoms.
Fix: VPM is updated to resolve the issue.
crt-20231212-2635
Node software version crt-20231212-2635
is updated as part of December 12, 2023 SaaS Release.
crt-20231106-2588
Node software version crt-20231106-2588
have been delivered with the following updates:
Description: Delivered fix for following issue related to RHEL9 and CRI-O.
Symptoms: When static IP address is configured with OVF configuration, RHEL9 OVA does not correctly assign the static IP address.
Condition: This issue is seen when RHEL9 OVA is used with static IP configuration.
Fix: Issue is fixed by updating VPM.
crt-20231106-2587
Node software version crt-20231106-2587
is updated as part of SaaS release performed on November 07, 2023.
crt-20231017-2542
Node software version crt-20231017-2542
have been delivered with the following updates:
Description: Updated attack signatures to mitigate Juniper Junos® OS and Confluence vulnerabilities CVE-2023-36845
, CVE-2023-22515
, and CVE-2023-22515
.
Symptoms: NA
Condition: NA
Fix: NA
crt-20231010-2541
Node software version crt-20231010-2541
have been delivered with the following updates:
Delivered fix for an HTTP/2 vulnerability announced as CVE-2023-44487
.
crt-20231003-2540
Node software version crt-20231003-2540
have been delivered with the following updates:
Corrected issue caused by change of signature of logging of SSH login. The fix enables triggering of alerts with the new signature as well.
crt-20230912-2539
Node software version crt-20230912-2539
have been delivered with the following updates:
Corrected issue caused by change to Geo IP data vendors. Use ISO country code GB instead of UK to fix previously configured service policies.
crt-20230910-2538
Node software version crt-20230910-2538
is updated as part of SaaS release performed on September 12, 2023.
crt-20230814-2477
Node software version crt-20230814-2477
have been delivered with the following updates:
Fixed memory leak issue in the VER module when handling DNS requests in Site.
crt-20230811-2476
Node software version crt-20230811-2476
have been delivered with the following update:
-
Vega CPU utilization was high due to redundant processing.
-
Health check status was not propagated from Envoy to Vega correctly.
crt-20230807-2475
Node software version crt-20230807-2475
is updated as part of August 08 SaaS Release.
crt-20230727-2449
Node software version crt-20230727-2449
have been delivered with the following update:
OpenVPN had an issue with resolving the proxy server IP from domain name due to missing libraries in the new container image. This update fixes the issue. This applies only to CE Site deployment.
crt-20230719-2448
Node software version crt-20230719-2448
have been delivered with the following update:
Fast ACL configuration in combination with specific load balancer configuration caused service crash. This crash is fixed now in this hotfix.
crt-20230709-2447
Node software version crt-20230709-2447
is updated as part of July 11, 2023 SaaS Release.
crt-20230628-2422
Node software version crt-20230628-2422
have been delivered with the following update:
ARP requests were erroneously sent as priority tagged packets, resulting in ARP resolution issue in some environments. This is resolved by ensuring that zero VLAN tagging is not performed.
crt-20230609-2421
Node software version crt-20230609-2421
have been delivered with the following update:
Change in configured route handling of load balancer led to issues when multiple routes pointing to weighted cluster are configured in the load balancer. This version resolved that issue.
crt-20230607-2420
Node software version crt-20230607-2420
is updated as part of June 06 SaaS Release.
crt-20230526-2380
Node software version crt-20230526-2380
have been delivered with the following update:
If an incoming HTTP request comes with x-request-id, same will be retained. Otherwise, the old behaviour of generating new uuid to use in x-request-id will be triggered.
crt-20230511-2379
Node software version crt-20230511-2379
have been delivered with the following update:
ALPN negotiation is disabled for HTTP Health check connections. HTTP health checks to origin server can fail if ALPN negotiated protocol and configured protocol in HealthCheck object are different.
crt-20230419-2365
Node software version crt-20230419-2365
have been delivered with the following update:
Flow update may get triggered in different threads and a race condition was resulting in crash. This is fixed with this release.
crt-20230418-2364
Node software version crt-20230418-2364
have been delivered with the following update:
The kubelet may fail to bring up a pod running with static manifest, which causes some expected K8s pod to not run in a desired state. This version fix that issue.
crt-20230417-2363
Node software version crt-20230417-2363
have been delivered with the following update:
A fast ACL configuration was resulting in a load balancer configuration to be not installed, impacting traffic. This is fixed with this version.
crt-20230410-2360
Node software version crt-20230410-2360
have been delivered with the following update:
Fixes an issue with creating a nodeport service. This does not impact any user traffic.
crt-20230327-2320
Node software version crt-20230327-2320
have been delivered with the following update:
Data path change to avoid drops due to "IP Fragment Too Small". Ensure that fragments are greater than 576 bytes.
crt-20230324-2319
Node software version crt-20230324-2319
have been delivered with the following update:
Checksum for fragmented UDP packets was incorrect, fixed with this version.
crt-20230323-2318
Node software version crt-20230323-2318
have been delivered with the following update:
When kubelet-proxy exited unexpectedly, kubelet are unable to bring kubelet-proxy up and causes worker nodes in a NotReady state. This is fixed.
crt-20230301-2265
Node software version crt-20230301-2265
have been delivered with the following update:
Fix for issue where cross-reference between WAF security events are created incorrectly.
crt-20230228-2264
Node software version crt-20230228-2264
have been delivered with the following update:
-
Local
kubeapi
does not work after upgrading to the latest image. -
DDoS Auto Mitigation: Fast ACL action not working when the advertisement in load balancer is changed from Regional Edge to Customer Edge and vice versa.
crt-20230131-2238
Node software version crt-20230131-2238
have been delivered with the following update:
Delivered fix for an issue where a drop in access logs is observed.
crt-20230131-2237
Node software version crt-20230131-2237
have been delivered with the following update:
Software is updated to support new attack signatures that are added to F5 Distributed Cloud Services App Firewall.
crt-20230123-2236
Node software version crt-20230123-2236
have been delivered with the following update:
Delivered fixe for custom error issue and a proxy crash. Also increases ETCD keepalive
timeout.
crt-20230119-2235
Node software version crt-20230119-2235
have been delivered with the following update:
Delivered fix for an issue where the request length was larger than 5k when analyzing the request ID header, causing coredump.
crt-20230113-2163
Node software version crt-20230113-2163
have been delivered with the following update:
Delivered fix for an issue where namespace-based labels are not getting resolved.
crt-20221207-2162
Node software version crt-20221207-2162
have been delivered with the following update:
Node software is updated as part of the SaaS upgrade.
crt-20221122-2120
Node software version crt-20221122-2120
have been delivered with the following update:
Fix for an issue where some virtual hosts are not generating any access logs is delivered.
crt-20221116-2119
Node software version crt-20221116-2119
have been delivered with the following update:
Fix for a K8s pod crash issue is delivered.
crt-20221109-2118
Node software version crt-20221109-2118
have been delivered with the following update:
-
Requests to load balancer are failing with 5xx response.
-
AWS TGW multi-node Site's Site Local Outside load balancer fails intermittently with upstream connect error.
-
Pod in a specific node is moved to into a deadlock state.
crt-20221104-2117
Node software version crt-20221104-2117
have been delivered with the following update:
OpenVPN upgrade is delivered.
crt-20221101-2116
Node software version crt-20221101-2116
have been delivered with the following update:
Site software is updated as part of regular SaaS upgrade.
crt-20221101-2115
Node software version crt-20221101-2115
have been delivered with the following update:
Delivered fix for an issue where requests from RE to vK8s endpoints are failing is delivered.
crt-20221006-2032
Node software version crt-20221006-2032
have been delivered with the following update:
Delivered fix for an issue where load balancer cannot set priority.
crt-20221006-2032
Node software version crt-20221006-2032
have been delivered with the following update:
Fix for an issue where load balancer does not follow the set priority for an origin pool member.
crt-20220829-1745
Node software version crt-20220829-1745
have been delivered with the following update:
Fix for a MULTUS issue with user defined Pod Security Policy (PSP) is delivered.
crt-20220829-1744
Node software version crt-20220829-1744
have been delivered with the following update:
Fix for an issue that causes post upgrade site failures is delivered.
crt-20220808-1693
Node software version crt-20220808-1693
have been delivered with the following update:
Fix for a bug involving pod-to-pod communication failure is delivered.
crt-20220803-1692
Node software version crt-20220803-1692
have been delivered with the following update:
Updated as part of enhancement to evaluate network policy label on NAT flow.
crt-20220803-1691
Node software version crt-20220803-1691
is updated as part of SaaS update.
crt-20220704-1646
Node software version crt-20220704-1646
have been delivered with the following update:
-
A software issue where in continuous addition of static routes is fixed.
-
AWS Direct Connect enhancements to the Site software are delivered.
crt-20220704-1645
Node software version crt-20220704-1645
have been delivered with the following update:
Fix for an issue with cookie tampering detection is delivered.
crt-20220704-16445
Node software version crt-20220704-16445
have been delivered with the following update:
Fix for an issue with update logs is delivered.
crt-20220609-1615
Node software version crt-20220609-1615
have been delivered with the following update:
Fix for the issue where kubevirt pods are not reachable on a multi-node Site is delivered.
crt-20220607-1610
Node software version crt-20220607-1610
have been delivered with the following update:
Fix for an issue with certificate validation during HTTP to HTTPS redirect is delivered.
crt-20220510-1580
Node software version crt-20220510-1580
have been delivered with the following fixes:
-
Fleet deployment issue on multi-node Site
-
App Stack Site deployment issue for GCP using Terraform
crt-20220510-1579
Node software version crt-20220510-1579
have been delivered with the following fixes:
-
Control nodes not reachable in multi-node Site
-
IP Fabric connectivity issue between multi-node K8s Site to Regional Edge Site
crt-20220510-1578
Node software version crt-20220510-1578
have been delivered with the following update:
Fix for an issue deploying AWS TGW and Azure Sites is delivered.
crt-20220510-1577
Node software version crt-20220510-1577
have been delivered with the following update:
Software is updated to support the regular SaaS update.
crt-20220412-1548
Node software version crt-20220412-1548
have been delivered with the following update:
Software is updated to use user's password instead of default password in rewriting.
crt-20220412-1547
Node software version crt-20220412-1547
have been delivered with the following update:
Software is updated to address expiring client certificates.
crt-20220329-1460
Node software version crt-20220329-1460
have been delivered with the following update:
Fix for Site storage and node deletion issue is delivered.
crt-20220329-1459
Node software version crt-20220329-1459
have been delivered with the following update:
Update to mitigate CVE-2022-22965 (Spring4Shell) is added.
crt-20220329-1458
Node software version crt-20220329-1458
have been delivered with the following update:
A fix for container concurrency issue is delivered.
crt-20220329-1457
Node software version crt-20220329-1457
have been delivered with the following update:
A fix for container deadlock issue is delivered.
crt-20220217-1456
Node software version crt-20220217-1456
have been delivered with the following update:
A fix to ignore WAF detections in case of good traffic is delivered.
crt-20220217-1455
Node software version crt-20220217-1455
have been delivered with the following update:
A fix to reduce delay in deployment time is delivered.
crt-20220217-1454
Node software version crt-20220217-1454
have been delivered with the following update:
A fix for an issue with CRL download is delivered.
crt-20220217-1453
Node software version crt-20220217-1453
have been delivered with the following update:
The site software is updated with security enhancements.
crt-20220217-1452
Node software version crt-20220217-1452
have been delivered with the fix for route processing issue.
crt-20220217-1451
Node software version crt-20220217-1451
have been delivered with the fix for route processing issue.
crt-20220217-1450
Node software version crt-20220217-1450
have been updated as part of the SaaS upgrade. Click here for SaaS changelog.
crt-20220203-1433
Node software version crt-20220203-1433
have been updated as part of the SaaS upgrade. Click here for SaaS changelog.
crt-20220120-1413
Node software version crt-20220120-1413
have been delivered with the following update:
Fix for healthcheck failures is delivered.
crt-20211215-1372
Node software version crt-20211215-1372
have been delivered with the following update:
Fix for a login issue with GCP Node is delivered.
crt-20211215-1371
Node software version crt-20211215-1371
have been delivered with the following update:
WAF violation exception enhancement for the node software is added.
crt-20211214-1367
Node software version crt-20211214-1367
have been delivered with the following update:
Fix for Healthcheck failures due to duplicated endpoints is delivered.
crt-20211213-1365
Node software version crt-20211213-1365
have been delivered with the following update:
Fix for WAF related container crash is delivered.
crt-20211213-1364
Node software version crt-20211213-1364
have been delivered with the following update:
Updated signatures and threat campaign for the Log4j Remote Code Execution (RCE) Common Vulnerabilities and Exposures (CVE).
crt-20210827-1282
Node software version crt-20210827-1282
have been delivered with the following fixes:
Fix for UDP proxy crash is delivered.
crt-20210811-1254
Node software version crt-20210811-1254
have been delivered with the following fixes:
Creating TCP load balancer with domain name is not possible for the Site on Kubernetes after the upgrade. As a result, servion external K8s is not created without SNI by the Site on Kubernetes.
crt-20210729-1221
Node software version crt-20210729-1221
have been delivered with the following fixes:
InterfaIP present in argo NAT pool even when strict mode is set. The fix checks strict mode and avoids adding interfaIP address.
crt-20210708-1192
Node software version crt-20210708-1192
have been delivered with the FRR update and fix for the following issue:
BGP peers are disconnected every 10 seconds.
crt-20210707-1191
Node software version crt-20210707-1191
have been delivered with the following update:
GRPC timeout is incremented to 1 second for internal modules.
crt-20210702-1190
Node software version crt-20210702-1190
have been delivered with the following update:
Delivered fix for the issue of gateway response with code 502
. This fix reduces number of responses of type 502
.
crt-20210625-1189
Node software version crt-20210625-1189
have been delivered with the following fixes:
Node decommissioning does not delete control node.
crt-20210625-1188
Node software version crt-20210625-1188
have been delivered with the following update:
Node software is updated as part of the SaaS upgrade. Click here for SaaS changelog.
crt-20210518-1098
Node software version crt-20210518-1098
have been delivered with the following fixes:
Control node is not deleted when the node is decommissioned.
crt-20210518-1097
Node software version crt-20210518-1097
have been delivered with the following fixes:
After software upgrade, origin pools with servidiscovery objects stopped functioning.
crt-20210427-1052
Node software version crt-20210427-1052
have been delivered with the following fixes:
Local site discovering the origin pool but does not work when trying to access.
crt-20210420-1051
Node software version crt-20210420-1051
have been delivered with the following update:
NetApp Trident and PSO stopped functioning in version crt-20210420-1049
. This upgrade delivers the fix.
crt-20210420-1050
Node software version crt-20210420-1050
have been delivered with the following update:
Introduces allowing of persistent volume in admission by the platform manager.
crt-20210420-1049
Node software version crt-20210420-1049
have been delivered with the following update:
Node software is updated as part of the SaaS upgrade. Click here for SaaS changelog.
crt-20210413-1025
Node software version crt-20210413-1025
have been delivered with the following update:
A render problem with Netapp Trident app is fixed.
crt-20210413-1024
Node software version crt-20210413-1024
have been delivered with the following fixes:
-
TCP Loadbalancer is not functioning.
-
Llink quality monitoring status is not correctly reporting.
crt-20210407-1023
Node software version crt-20210407-1023
have been delivered with the following fixes:
-
Trident backend job continues to stay in running mode.
-
Pure Storage Servivolume expansion does not function. Fix is delivered by upgrading to PSO v6.0.5.
crt-20210407-1022
Node software version crt-20210407-1022
have been delivered with following fixes:
-
Servimesh displays incorrectly in the UI.
-
Session init packets originated by FRR are dropped.
crt-20210405-1020
Node software version crt-20210405-1020
have been delivered with the following update:
Servimesh graph shows node from another tenant. Fix for the same is delivered.
crt-20210403-1019
Node software version crt-20210403-1019
have been delivered with the following update:
Fast ACL performancenhancements are delivered.
crt-20210312-973
Node software version crt-20210312-973
have been delivered with the following update:
Port forwarding enabling for NetApp Trident CSI is added.
crt-20210312-972
Node software version crt-20210312-972
have been delivered with the following update:
Netapp trident version is upgraded to version 21.01.1
.
crt-20210312-971
Node software version crt-20210312-971
have been delivered with the following issue fixes for managed K8s.
-
kubectl drain does not function for managed K8s
-
Cluster role, cluster role binding, pod security policy, and storage class creation is not allowed using managed K8s API.
crt-20210312-970
Node software version crt-20210312-970
have been delivered with the following update:
-
Managed K8s resourlimit is enhanced to 8GB.
-
AES encryption support is added for NetApp Trident.
crt-20210220-896
Node software version crt-20210220-896
have been delivered with the following update:
Fix for endpoint discovery failure for routes from REs is delivered. This is in case of HTTP proxy.
crt-20210220-895
Node software version crt-20210220-895
have been delivered with the following update:
Node software is updated as part of regular SaaS upgrade. Click here for more information.
crt-20210203-845
Node software version crt-20210203-845
have been delivered with the following update:
Endpoint reachability (via PSK tunnel) issue for AWS TGW is fixed.
crt-20210126-844
Node software version crt-20210126-844
have been delivered with the following update:
Header manipulation issue for request_headers_to_add
value in case of HTTP load balancer is fixed.
crt-20210121-843
Node software version crt-20210121-843
have been delivered with the following update:
Node software is updated as part of regular SaaS upgrade. Click here for more information.
crt-20201204-725
Node software version crt-20201204-725
have been delivered with the following update:
Performance improvements to F5® Distributed Cloud Mesh software are delivered.
Node Operating System Changelogs
Node OS Version
This section details information about Node Operating System (OS) and updates delivered with the specific OS.
9.2025.39
The following updates have been delivered:
-
Added Hostname:
hostname-3.23-6.el9.x86_64
-
Added NFS Utilities:
nfs-utils-1:2.5.4-34.el9.x86_64
-
Updated kernel:
kernel-5.14.0-570.23.1.el9_6.x86_64
-
Updated CRI:
cri-o-1.32.2
-
Modified stig-hardening
9.2024.44
The following updates have been delivered:
- Fixed CVEs:
CVE-2024-6232
CVE-2024-34156
CVE-2021-47383
CVE-2024-2201
CVE-2024-26640
CVE-2024-26826
CVE-2024-26923
CVE-2024-26935
CVE-2024-26961
CVE-2024-36244
CVE-2024-39472
CVE-2024-39504
CVE-2024-40904
CVE-2024-40931
CVE-2024-40960
CVE-2024-40972
CVE-2024-40977
CVE-2024-40995
CVE-2024-40998
CVE-2024-41005
CVE-2024-41013
CVE-2024-41014
CVE-2024-43854
CVE-2024-45018
CVE-2021-47385
CVE-2023-28746
CVE-2023-52658
CVE-2024-27403
CVE-2024-35989
CVE-2024-36889
CVE-2024-36978
CVE-2024-38556
CVE-2024-39483
CVE-2024-39502
CVE-2024-40959
CVE-2024-42079
CVE-2024-42272
CVE-2024-42284
CVE-2024-34155
CVE-2024-34158
CVE-2023-31356
CVE-2024-9341
CVE-2023-20584
.
9.2024.40
The following updates have been delivered:
-
Updated kernel: 5.14.0-427.37.1.el9_4
-
Added stig-hardening
-
Optimized OS size
9.2024.31
The following updates have been delivered:
-
Updated kernel:
5.14.0-427.35.1.el9_4
-
Fixed CVEs:
CVE-2024-26808
CVE-2024-36017
CVE-2021-47548
CVE-2024-27397
CVE-2024-26868
CVE-2024-5564
CVE-2021-47459
CVE-2024-38586
CVE-2023-52626
CVE-2024-35845
CVE-2024-24806
CVE-2024-35857
CVE-2024-35969
CVE-2024-36005
CVE-2024-26982
CVE-2024-26783
CVE-2024-35870
CVE-2024-35960
CVE-2024-27049
CVE-2023-52458
CVE-2024-35958
CVE-2024-36886
CVE-2024-36904
CVE-2023-52667
CVE-2024-26974
CVE-2024-26853
CVE-2024-27052
CVE-2024-35848
CVE-2024-40954
CVE-2024-27046
CVE-2024-35907
CVE-2024-36924
CVE-2024-27435
CVE-2024-27393
CVE-2024-35852
CVE-2024-36941
CVE-2024-4032
CVE-2023-45290
CVE-2024-36952
CVE-2024-26858
CVE-2024-40928
CVE-2024-40961
CVE-2023-52809
CVE-2024-38580
CVE-2023-52638
CVE-2021-47606
CVE-2024-36020
CVE-2024-36971
CVE-2024-40958
CVE-2024-6409
CVE-2024-26880
CVE-2021-47596
CVE-2024-38543
CVE-2024-26828
CVE-2024-35800
CVE-2024-38575
CVE-2024-1737
CVE-2024-4076
CVE-2024-28180
CVE-2024-36957
CVE-2024-26801
CVE-2024-35937
CVE-2024-36489
CVE-2024-36903
CVE-2024-36921
CVE-2024-36270
CVE-2024-26600
CVE-2024-27417
CVE-2024-35911
CVE-2024-38558
CVE-2024-39487
CVE-2024-37353
CVE-2022-48743
CVE-2024-26773
CVE-2024-35885
CVE-2022-48627
CVE-2021-47400
CVE-2023-52864
CVE-2024-35899
CVE-2024-36929
CVE-2024-28176
CVE-2024-26737
CVE-2024-26852
CVE-2024-27030
CVE-2024-38593
CVE-2024-27434
CVE-2024-33621
CVE-2024-1975
CVE-2024-1394
CVE-2024-38663
CVE-2023-31346
CVE-2024-26897
CVE-2024-35823
CVE-2024-37356
CVE-2024-21823
CVE-2024-27065
CVE-2024-35789
CVE-2024-36922
.
9.2024.22
The following updates have been delivered:
-
Updated kernel-dependent packages:
kernel-5.14.0-427.22.1.el9_4.x86_64
-
Updated CRI:
cri-o-1.29.5-3.ves1.el9.x86_64
-
Updated CRI Tools:
cri-tools-1.29.0-1.ves1.el9.x86_64
-
Updated Volterra Scripts:
volterra-scripts-0.29-1.ves1.el9.x86_64
-
Updated OpenSSH:
openssh-8.7p1-38.el9_4.1.x86_64
-
Fixed CVEs:
CVE-2024-6387
in OpenSSH
9.2024.9
The following updates have been delivered:
-
Updated kernel-dependent packages:
qat
,nvidia-525xx
,nvidia-425xx
, andnvidia-grid
-
Upgraded RHEL 9.4 (kernel: kernel-5.14.0-427.16.1.el9_4.x86_64)
-
Added rpm packages:
kernel-devel
,gcc
, andsg3_utils
-
Fixed CVEs:
CVE-2024-2398
,CVE-2023-52425
,CVE-2024-28757
,CVE-2023-48795
, andCVE-2023-51385
9.2024.6
The following updates have been delivered:
-
Updated kernel to
kernel-5.14.0-362.18.1.el9_3.x86_64
-
Fix firewall issue
9.2024.2
The following updates have been delivered:
-
Added a kernel patch to remove IPv6 debug log to improve performance. It is recommended to use this Operating System (OS) version.
-
Added multiple tools to improve debugging experience.
9.2023.30
The following updates have been delivered:
- Added firewall service and this service will be disabled by default.
9.2023.29
The following updates have been delivered:
-
Fixed VPM issue - when static IP address is configured with VMWare OVF configuration, RHEL 9 OVA does not correctly assign the static IP address.
-
Fixed VPM issue - when static IP address is configured for baremetal node with vpm CLI, it does not correctly assign the static IP address.
-
Updated multi-path package with fix for issue - when storage interface is used with multi-path configuration, multi-path to external storage are not correctly configured.
-
Enabled persistent Network Interface Controller (NIC) naming for baremetal and use the same predictable NIC names as CentOS.