Node Operating and System Changelogs

Node software version crt-20250526-3346 have been delivered with the following updates:

Description: Memory leak fix for remote-discovered endpoints within DNS-defined origin pools.

Symptoms: Resource exhaustion and instability caused by memory leak due to stale remote endpoint information not being cleaned up during DNS refresh cycles.

Conditions: Occurs when managing remote-discovered endpoints within DNS-defined origin pools during DNS refresh cycles where stale endpoint information is not properly deleted.

Fix: Proper deletion of invalid remote-discovered endpoint data has been implemented, eliminating the memory leak and improving system reliability and resource efficiency.

Node software version crt-20250526-3345 have been delivered with the following updates:

A Hotfix was Implemented to Address the Bug in the Utility Used to Pull Images in Customer Edge (crio).

Description: Effective with release crt-20250526-3343, we switched the container repository domain to gcr.download.volterra.io from gcr.io. This change has revealed a bug in the crio utility that Customer Edge sites use to download images. As a result, the system may fail to pull images correctly when upgrading from a previous version that used the old address. In this case the versions immediately preceeding crt-20250526-3343 the gubernator version has remained the same but referenced from gcr.io.

Symptoms: This issue affects Customer Edge (CE) sites when upgrading from a software version released before crt-20250526-3343 to version crt-20250526-3343 or any subsequent version. The crt-20250526-3343 image was introduced as part of the June 05, 2025 release.

Conditions: This issue affects Customer Edge (CE) sites when upgrading from a software version released before crt-20250526-3343 to version crt-20250526-3343 or any subsequent version.

Fix: To resolve the crio bug, we will publish a new CE software version that includes an updated gubernator image. This is a one-time fix, as the domain change that caused the issue will not happen again, and we have confirmed no other services are affected in the same way.

Node software version crt-20250526-3344 have been delivered with the following updates:

Fixed Incorrect Endpoint References in the Production SRE Configuration.

Description: The production SRE configuration referenced incorrect endpoints, causing SMSv2 production sites to attempt connections to staging infrastructure (download.volterra.us) instead of production endpoints (.io domain). This misconfiguration led to the incorrect connections.

Symptoms: The staging endpoint waferdatasetsprod.download.volterra.us:443 was appearing in the production squid proxy logs.

Conditions: NA

Fix: Includes following updates:

Configuration Update: Updated the SRE production model to reference the correct production endpoints with the .io domain instead of the staging endpoints with the .us domain.

Model Repository Changes: Updated the production version prioritization in the model repository to ensure sites restart with the correct configuration.

Testing and Validation:

• The changes were tested on demo1, CRT, and staging environments to verify their effectiveness.
• Verified older sites, such as CRT 13.60.209.206, to ensure that the migration from .us to .io endpoints was successful for getappparamsraw.

Node software version crt-20250526-3343 is updated as part of June 05, 2025 SaaS Release. Click here for SaaS changelogs.

Node software version crt-20250321-3112 have been delivered with the following updates:

Description: When SMv2 VMware CE is installed with OVA and proxy ip is set in OVF input, Custom Proxy setting in SMv2 UI is not applied to that CE.

Symptoms: When SMv2 vmware CE is installed with OVA and proxy ip is set in OVF input, Custom Proxy setting in SMv2 UI is not applied to that CE.

Conditions: Always seen when smv2 vmware CE is installed with OVA and proxy ip is set in OVF input.

Fix: Priority is fixed for proxy config and smv2 UI configuration overwrites proxy setting used during CE installation.

Node software version crt-20250321-3111 does not have CE Release Notes.

Node software version crt-20250312-3111 does not have CE Release Notes.

Node software version crt-20250310-3111 does not have CE Release Notes.

Node software version crt-20250312-3095 does not have CE Release Notes.

Node software version crt-20250122-3094 is updated as part of January 28, 2025 SaaS Release.

Node software version crt-20250110-3092 does not have CE Release Notes.

Node software version crt-20250110-3091 does not have CE Release Notes.

Node software version crt-20250110-3090 have been delivered with the following updates:

Description: Update GeoIP database to correct the geolocations of IPs from Dallas, USA and unblock customer traffic.

Symptoms: For certain customers, traffic from Dallas, USA is geolocated in Jakarta, India and blocked.

Conditions: For certain customers, traffic from Dallas, USA is geolocated in Jakarta, India and blocked.

Fix: Update the GeoIP database to fix the geolocations of IPs from Dallas, USA, and unblock customer traffic.

Node software version crt-20250110-3089 does not have CE Release Notes.

Node software version crt-20241206-3066 does not have CE Release Notes.

Node software version crt-20241012-3009 have been delivered with the following updates:

Description: VLAN interface does not work on Secure Mesh V2 CE.

Symptoms: When VLAN interface is configured on Secure Mesh V2 CE, data plane pods like ver, argo continue restarting.

Conditions: When VLAN interface is configured on Secure Mesh V2 CE.

Fix: Config generation for Secure Mesh V2 VLAN interface is fixed.

Node software version crt-20241012-3008 have been delivered with the following updates:

Description: Fix SiteCLI Command Line Injection.

Symptoms: SiteCLI arguments can be used to call any command on host.

Conditions: SiteCLI with arguments.

Fix: Sanitize the SiteCLI command input.

Node software version crt-20241012-3007 have been delivered with the following updates:

Description: Fixed for voucher issue where voucher runs as non-leader in case of single node cluster and manual restart of voucher was required as recovery mechanism.

Symptoms: Voucher runs as a non-leader on single node site incase it failed to renew its leader lease on time.

Conditions: Voucher runs as a non-leader on single node site incase it failed to renew its leader lease on time.

Fix: Added preventive health check in voucher which will make sure leader replica of voucher always be able to renew its lease and incase of failure it will be restarted automatically by kubernetes.

Node software version crt-20241012-3006 have been delivered with the following updates:

Description: Fix SecureMesh V2 nic naming, JWT proxy, and IPv6 issue.

Symptoms: VMWare CE site cannot configure enableIpv6, RHEL CE occasionally fails to come up after reboot, CE request destination not listed in firewall reference list, CE cannot support nic with capital letters.

Conditions: VMWare CE with IPv6 configuration, RHEL reboot with systemd-resolved enabled, SecureMesh V2 site token proxy endpoint, SecureMesh V2 Azure nic configuration.

Fix: Handle the edge cases for the above symptoms.

Node software version crt-20241001-3003 have been delivered with the following updates:

Description: Node software is updated as part of October 07, 2024 SaaS Release.

Symptoms: NA

Conditions: NA

Fix: The following updates have been delivered delivered:

• Updated kernel - 5.14.0-427.35.1.el9_4

• Fixed CVEs: CVE-2024-26808 CVE-2024-36017 CVE-2021-47548 CVE-2024-27397 CVE-2024-26868 CVE-2024-5564 CVE-2021-47459 CVE-2024-38586 CVE-2023-52626 CVE-2024-35845 CVE-2024-24806 CVE-2024-35857 CVE-2024-35969 CVE-2024-36005 CVE-2024-26982 CVE-2024-26783 CVE-2024-35870 CVE-2024-35960 CVE-2024-27049 CVE-2023-52458 CVE-2024-35958 CVE-2024-36886 CVE-2024-36904 CVE-2023-52667 CVE-2024-26974 CVE-2024-26853 CVE-2024-27052 CVE-2024-35848 CVE-2024-40954 CVE-2024-27046 CVE-2024-35907 CVE-2024-36924 CVE-2024-27435 CVE-2024-27393 CVE-2024-35852 CVE-2024-36941 CVE-2024-4032 CVE-2023-45290 CVE-2024-36952 CVE-2024-26858 CVE-2024-40928 CVE-2024-40961 CVE-2023-52809 CVE-2024-38580 CVE-2023-52638 CVE-2021-47606 CVE-2024-36020 CVE-2024-36971 CVE-2024-40958 CVE-2024-6409 CVE-2024-26880 CVE-2021-47596 CVE-2024-38543 CVE-2024-26828 CVE-2024-35800 CVE-2024-38575 CVE-2024-1737 CVE-2024-4076 CVE-2024-28180 CVE-2024-36957 CVE-2024-26801 CVE-2024-35937 CVE-2024-36489 CVE-2024-36903 CVE-2024-36921 CVE-2024-36270 CVE-2024-26600 CVE-2024-27417 CVE-2024-35911 CVE-2024-38558 CVE-2024-39487 CVE-2024-37353 CVE-2022-48743 CVE-2024-26773 CVE-2024-35885 CVE-2022-48627 CVE-2021-47400 CVE-2023-52864 CVE-2024-35899 CVE-2024-36929 CVE-2024-28176 CVE-2024-26737 CVE-2024-26852 CVE-2024-27030 CVE-2024-38593 CVE-2024-27434 CVE-2024-33621 CVE-2024-1975 CVE-2024-1394 CVE-2024-38663 CVE-2023-31346 CVE-2024-26897 CVE-2024-35823 CVE-2024-37356 CVE-2024-21823 CVE-2024-27065 CVE-2024-35789 CVE-2024-36922

Node software version crt-20240819-2917 have been delivered with the following updates:

Description: Fixed an issue with SecureMesh Site V2 provisioning and executing Admin CLI on CentOS.

Symptoms: Issue with Securemesh V2 site provisioning and AdminCLI on CentOS.

Condition: Securemesh V2 fails provisioning for traffic issue when processing registration and results in deadlock. AdminCLI fails on all CentOS host.

Fix: Ensure the provisioning check can go through when traffic is interrupted. Resolved the dependency issue for AdminCLI.

Node software version crt-20240819-2916 have been delivered with the following updates:

Description: Azure Vnet sites registration failure. No known workaround.

Symptoms: Azure Vnet sites registration failure

Condition: Bring up Azure Vnet site.

Fix: For Azure Vnet sites, ensure that proxy is only used when https proxy is present in configuration.

Node software version crt-20240819-2915 have been delivered with the following updates:

Description: Securemesh V2 sites do not auto register. No known workaround.

Symptoms: Securemesh V2 sites do not auto register.

Condition: Bring up a Securemesh V2 site.

Fix: Enable Securemesh V2 site to register by providing the required information to gather the geo location.

Node software version crt-20240809-2914 have been delivered with the following updates:

Description: Node software is updated as part of August 2024 SaaS Release.

Symptoms: NA

Condition: NA

Fix: NA

Node software version crt-20240730-2798 have been delivered with the following updates:

Description: This is to fix ephemeral port leak during session teardown to origin server.

Symptoms: Load balancers would report 5xx error after working fine for couple of days.

Condition: Continuous traffic to Origin server with packet transmission during session teardown.

Fix: TCP session to origin server is source IP and source port translated. Source port is allocated when session is setup, and it is released when session is torn down. After the session has been deleted in forwarding plane due to TCP reset or four way teardown, if CE receives a packet from origin servers belonging to same session which was deleted, then a new session entry was created which was leaking port internally and future TCP session would get affected due to this. TCP packet reception after teardown is rare and happens mostly in race case. Fix ensures that in such scenarios we don't leak ports.

Node software version crt-20240528-2794 have been delivered with the following updates:

Description: Fixed the SSH configuration for the user to use SSH with public key.

Symptoms: NA

Condition: NA

Fix: NA

Node software version crt-20240528-2793 is updated as part of May 28, 2024 SaaS Release.

Node software version crt-20240329-2728 have been delivered with the following updates:

Description: Fixes CVE-2024-30255 for Envoy's nghttp2 library.

Symptoms: This allows an attacker to send a sequence of CONTINUATION frames without the END_HEADERS bit set causing CPU utilization, consuming approximately 1 core per 300Mbit/s of traffic and culminating in denial of service through CPU exhaustion.

Condition: Envoy's HTTP/2 codec allows the client to send an unlimited number of CONTINUATION frames even after exceeding Envoy's header map limits.

Fix: Update envoy with nghttp2 patch to fix this issue and set MAX_CONTINUATIONS in envoy for nghttp2.

Node software version crt-20240329-2727 have been delivered with the following updates:

Description: Due to internal logging mechanism issue, traffic propagation is slow to reach CE Site.

Symptoms: Slowdown in configuration propagation during heavy load.

Condition: System is trying to auto-mitigate L7 DDoS attack by blocking thousands of IP addresses.

Fix: Internal logging will be bypassed for relevant configuration object, thus unblocking configuration propagation.

Node software version crt-20240326-2726 is updated as part of March 26, 2024 SaaS Release.

Node software version crt-20240318-2652 have been delivered with the following updates:

Description: Managed k8s (PK8s) has an insecure private registry configuration. But those are updated only to docker configuration, causing nodes with cri-o unable to pull images from insecure private registry. And updating netapp version for adding missing permission on CRD.

Symptoms: TLS certificate error when pulling image from insecure private registry in PK8s.

Condition: Site enabled with PK8s trying to pull image from insecure private registry.

Fix: Insecure registries from managed k8s configuration is updated to registry configuration in Site nodes.

Node software version crt-20240220-2651 have been delivered with the following updates:

Description: When Site is created with specific Secure Mesh Site configuration, vhost0 cannot receive IP and lost connectivity.

Symptoms: During pod installation, Site lost connectivity after argo pod started.

Condition: This issue is observed when Site is created with Secure Mesh Site configuration, and Secure Mesh Site does not have static IP for Ethernet interface of vhost0.

Fix: For this case, IP is chosen from existing Ethernet interface on that node.

Node software version crt-20240213-2648 have been delivered with the following updates:

Description: Fixed an issue with local UI authentication.

Symptoms: Site local UI authentication does not work properly.

Condition: Fixed an issue with local UI authentication.

Fix: The software version has fixed local UI authentication.

Node software version crt-20240123-2647 have been delivered with the following updates:

Description: This fixes the tunnel flapping observed in CEs due to a warning being treated as error. Certificate validation fails in IKE (as OCSP/CRLs are not configured) and this was being treated as error (with the recent change in IKE) and that resulted in Vega flapping the tunnel.

Symptoms: IPSec tunnel is continuously flapping.

Condition: NA

Fix: This hotfix suppresses the new errors reported from IKE to vega. This will prevent vega from flapping the tunnel.

Node software version crt-20240120-2644 have been delivered with the following updates:

Description: ENVOY Pod crashed during JavaScript invocation from Layer 7 ACL.

Symptoms: Incoming request have NO User-Agent field and it leads to crash.

Condition: Layer 7 ACL invokes Javascript challenge to safeguard from malicious activity. Javascript challenge relies on user-agent to handle it. Since user-agent is missing in the request, the system was unable to handle and leads to crash.

Fix: Fixed the Envoy Pod crash. After the fix, traffic disruption will not occur.

Node software version crt-20240117-2643 have been delivered with the following updates:

Description: On the crt-20240117-2642 release, a virtual host route validation is added which may cause specific route to be incorrectly added.

Symptoms: Virtual host route configuration could not get deployed and load balancer may show 404 error.

Condition: When virtual host configuration change or update happens.

Fix: This release reverted the route validation.

Node software version crt-20240117-2642 is updated as part of January 16, 2024 SaaS Release.

Node software version crt-20231223-2640 have been delivered with the following updates:

Description: Pod is not evicted during node drain when software version upgrade is happening.

Symptoms: Pod is not evicted during node drain.

Condition: During software upgrade and node drain option enabled.

Fix: Fixed node drain so that it is able to evict pod.

Node software version crt-20231223-2639 have been delivered with the following updates:

Description: The following issues are fixed:

• Activate bond members when storage interfaces are configured with bonding
• When bond of network interface is configured, sometimes DNS configuration is not correctly applied

Symptoms: The following symptoms are observed:

• when bond is configured for storage interfaces, bond members are not activated until node is rebooted
• When bond of network interface is configured, when vhost0 interface is created, DNS configuration can become empty

Condition: NA

Fix: VPM is updated to resolve the issues.

Node software version crt-20231223-2638 have been delivered with the following updates:

Description: This version fixes the following issues:

• When multiple storage interfaces with static route are configured on RHEL9 Site, static route is not applied correctly
• When bond interface is used with RHEL9 Site, in some cases, the /etc/resolv.conf becomes empty
• When HTTP_PROXY is configured on the Site, software update to December 12, 2023 release version fails
• PVC creation does not work correctly on RHEL9 Site for HPE CSI

Symptoms: NA

Condition: NA

Fix: VPM and CSI images are updated to resolve the issues.

Node software version crt-20231218-2637 have been delivered with the following updates:

Description: Fixed Argo crash while fetching NAT IP.

Symptoms: Argo daemon used to crash while configuration for physical interface was getting updated, resulting in pod restart.

Condition: Upon configuration change of a physical interface, Argo rebuilds the NAT IP list which would be used for flow setup. As part of change handling NAT IP update was not atomic, and in race case, forwarding threads could see an inconsistent NAT IP list which could be empty, causing segmentation fault.

Fix: NAT IP list update is made atomic by using a covering structure which holds both IP list and count of IP, making update consistent across forwarding threads.

Node software version crt-20231212-2636 have been delivered with the following updates:

Description: Fixed docker service start issue after Site upgraded to the crt-20231212-2635 version.

Symptoms: When node is installed using 7.2009.27 ISO / OVA or 7.2009.45 OVA, and after it is upgraded to crt-20231212-2635, docker does not start.

Condition: Same as symptoms.

Fix: VPM is updated to resolve the issue.

Node software version crt-20231212-2635 is updated as part of December 12, 2023 SaaS Release.

Node software version crt-20231106-2588 have been delivered with the following updates:

Description: Delivered fix for following issue related to RHEL9 and CRI-O.

Symptoms: When static IP address is configured with OVF configuration, RHEL9 OVA does not correctly assign the static IP address.

Condition: This issue is seen when RHEL9 OVA is used with static IP configuration.

Fix: Issue is fixed by updating VPM.

Node software version crt-20231106-2587 is updated as part of SaaS release performed on November 07, 2023.

Node software version crt-20231017-2542 have been delivered with the following updates:

Description: Updated attack signatures to mitigate Juniper Junos® OS and Confluence vulnerabilities CVE-2023-36845, CVE-2023-22515, and CVE-2023-22515.

Symptoms: NA

Condition: NA

Fix: NA

Node software version crt-20231010-2541 have been delivered with the following updates:

Delivered fix for an HTTP/2 vulnerability announced as CVE-2023-44487.

Node software version crt-20231003-2540 have been delivered with the following updates:

Corrected issue caused by change of signature of logging of SSH login. The fix enables triggering of alerts with the new signature as well.

Node software version crt-20230912-2539 have been delivered with the following updates:

Corrected issue caused by change to Geo IP data vendors. Use ISO country code GB instead of UK to fix previously configured service policies.

Node software version crt-20230910-2538 is updated as part of SaaS release performed on September 12, 2023.

Node software version crt-20230814-2477 have been delivered with the following updates:

Fixed memory leak issue in the VER module when handling DNS requests in Site.

Node software version crt-20230811-2476 have been delivered with the following update:

• Vega CPU utilization was high due to redundant processing.

• Health check status was not propagated from Envoy to Vega correctly.

Node software version crt-20230807-2475 is updated as part of August 08 SaaS Release.

Node software version crt-20230727-2449 have been delivered with the following update:

OpenVPN had an issue with resolving the proxy server IP from domain name due to missing libraries in the new container image. This update fixes the issue. This applies only to CE Site deployment.

Node software version crt-20230719-2448 have been delivered with the following update:

Fast ACL configuration in combination with specific load balancer configuration caused service crash. This crash is fixed now in this hotfix.

Node software version crt-20230709-2447 is updated as part of July 11, 2023 SaaS Release.

Node software version crt-20230628-2422 have been delivered with the following update:

ARP requests were erroneously sent as priority tagged packets, resulting in ARP resolution issue in some environments. This is resolved by ensuring that zero VLAN tagging is not performed.

Node software version crt-20230609-2421 have been delivered with the following update:

Change in configured route handling of load balancer led to issues when multiple routes pointing to weighted cluster are configured in the load balancer. This version resolved that issue.

Node software version crt-20230607-2420 is updated as part of June 06 SaaS Release.

Node software version crt-20230526-2380 have been delivered with the following update:

If an incoming HTTP request comes with x-request-id, same will be retained. Otherwise, the old behaviour of generating new uuid to use in x-request-id will be triggered.

Node software version crt-20230511-2379 have been delivered with the following update:

ALPN negotiation is disabled for HTTP Health check connections. HTTP health checks to origin server can fail if ALPN negotiated protocol and configured protocol in HealthCheck object are different.

Node software version crt-20230419-2365 have been delivered with the following update:

Flow update may get triggered in different threads and a race condition was resulting in crash. This is fixed with this release.

Node software version crt-20230418-2364 have been delivered with the following update:

The kubelet may fail to bring up a pod running with static manifest, which causes some expected K8s pod to not run in a desired state. This version fix that issue.

Node software version crt-20230417-2363 have been delivered with the following update:

A fast ACL configuration was resulting in a load balancer configuration to be not installed, impacting traffic. This is fixed with this version.

Node software version crt-20230410-2360 have been delivered with the following update:

Fixes an issue with creating a nodeport service. This does not impact any user traffic.

Node software version crt-20230327-2320 have been delivered with the following update:

Data path change to avoid drops due to "IP Fragment Too Small". Ensure that fragments are greater than 576 bytes.

Node software version crt-20230324-2319 have been delivered with the following update:

Checksum for fragmented UDP packets was incorrect, fixed with this version.

Node software version crt-20230323-2318 have been delivered with the following update:

When kubelet-proxy exited unexpectedly, kubelet are unable to bring kubelet-proxy up and causes worker nodes in a NotReady state. This is fixed.

Node software version crt-20230301-2265 have been delivered with the following update:

Fix for issue where cross-reference between WAF security events are created incorrectly.

Node software version crt-20230228-2264 have been delivered with the following update:

• Local kubeapi does not work after upgrading to the latest image.

• DDoS Auto Mitigation: Fast ACL action not working when the advertisement in load balancer is changed from Regional Edge to Customer Edge and vice versa.

Node software version crt-20230131-2238 have been delivered with the following update:

Delivered fix for an issue where a drop in access logs is observed.

Node software version crt-20230131-2237 have been delivered with the following update:

Software is updated to support new attack signatures that are added to F5 Distributed Cloud Services App Firewall.

Node software version crt-20230123-2236 have been delivered with the following update:

Delivered fixe for custom error issue and a proxy crash. Also increases ETCD keepalive timeout.

Node software version crt-20230119-2235 have been delivered with the following update:

Delivered fix for an issue where the request length was larger than 5k when analyzing the request ID header, causing coredump.

Node software version crt-20230113-2163 have been delivered with the following update:

Delivered fix for an issue where namespace-based labels are not getting resolved.

Node software version crt-20221207-2162 have been delivered with the following update:

Node software is updated as part of the SaaS upgrade.

Node software version crt-20221122-2120 have been delivered with the following update:

Fix for an issue where some virtual hosts are not generating any access logs is delivered.

Node software version crt-20221116-2119 have been delivered with the following update:

Fix for a K8s pod crash issue is delivered.

Node software version crt-20221109-2118 have been delivered with the following update:

• Requests to load balancer are failing with 5xx response.

• AWS TGW multi-node Site's Site Local Outside load balancer fails intermittently with upstream connect error.

• Pod in a specific node is moved to into a deadlock state.

Node software version crt-20221104-2117 have been delivered with the following update:

OpenVPN upgrade is delivered.

Node software version crt-20221101-2116 have been delivered with the following update:

Site software is updated as part of regular SaaS upgrade.

Node software version crt-20221101-2115 have been delivered with the following update:

Delivered fix for an issue where requests from RE to vK8s endpoints are failing is delivered.

Node software version crt-20221006-2032 have been delivered with the following update:

Delivered fix for an issue where load balancer cannot set priority.

Node software version crt-20221006-2032 have been delivered with the following update:

Fix for an issue where load balancer does not follow the set priority for an origin pool member.

Node software version crt-20220829-1745 have been delivered with the following update:

Fix for a MULTUS issue with user defined Pod Security Policy (PSP) is delivered.

Node software version crt-20220829-1744 have been delivered with the following update:

Fix for an issue that causes post upgrade site failures is delivered.

Node software version crt-20220808-1693 have been delivered with the following update:

Fix for a bug involving pod-to-pod communication failure is delivered.

Node software version crt-20220803-1692 have been delivered with the following update:

Updated as part of enhancement to evaluate network policy label on NAT flow.

Node software version crt-20220803-1691 is updated as part of SaaS update.

Node software version crt-20220704-1646 have been delivered with the following update:

• A software issue where in continuous addition of static routes is fixed.

• AWS Direct Connect enhancements to the Site software are delivered.

Node software version crt-20220704-1645 have been delivered with the following update:

Fix for an issue with cookie tampering detection is delivered.

Node software version crt-20220704-16445 have been delivered with the following update:

Fix for an issue with update logs is delivered.

Node software version crt-20220609-1615 have been delivered with the following update:

Fix for the issue where kubevirt pods are not reachable on a multi-node Site is delivered.

Node software version crt-20220607-1610 have been delivered with the following update:

Fix for an issue with certificate validation during HTTP to HTTPS redirect is delivered.

Node software version crt-20220510-1580 have been delivered with the following fixes:

• Fleet deployment issue on multi-node Site

• App Stack Site deployment issue for GCP using Terraform

Node software version crt-20220510-1579 have been delivered with the following fixes:

• Control nodes not reachable in multi-node Site

• IP Fabric connectivity issue between multi-node K8s Site to Regional Edge Site

Node software version crt-20220510-1578 have been delivered with the following update:

Fix for an issue deploying AWS TGW and Azure Sites is delivered.

Node software version crt-20220510-1577 have been delivered with the following update:

Software is updated to support the regular SaaS update.

Node software version crt-20220412-1548 have been delivered with the following update:

Software is updated to use user's password instead of default password in rewriting.

Node software version crt-20220412-1547 have been delivered with the following update:

Software is updated to address expiring client certificates.

Node software version crt-20220329-1460 have been delivered with the following update:

Fix for Site storage and node deletion issue is delivered.

Node software version crt-20220329-1459 have been delivered with the following update:

Update to mitigate CVE-2022-22965 (Spring4Shell) is added.

Node software version crt-20220329-1458 have been delivered with the following update:

A fix for container concurrency issue is delivered.

Node software version crt-20220329-1457 have been delivered with the following update:

A fix for container deadlock issue is delivered.

Node software version crt-20220217-1456 have been delivered with the following update:

A fix to ignore WAF detections in case of good traffic is delivered.

Node software version crt-20220217-1455 have been delivered with the following update:

A fix to reduce delay in deployment time is delivered.

Node software version crt-20220217-1454 have been delivered with the following update:

A fix for an issue with CRL download is delivered.

Node software version crt-20220217-1453 have been delivered with the following update:

The site software is updated with security enhancements.

Node software version crt-20220217-1452 have been delivered with the fix for route processing issue.

Node software version crt-20220217-1451 have been delivered with the fix for route processing issue.

Node software version crt-20220217-1450 have been updated as part of the SaaS upgrade. Click here for SaaS changelog.

Node software version crt-20220203-1433 have been updated as part of the SaaS upgrade. Click here for SaaS changelog.

Node software version crt-20220120-1413 have been delivered with the following update:

Fix for healthcheck failures is delivered.

Node software version crt-20211215-1372 have been delivered with the following update:

Fix for a login issue with GCP Node is delivered.

Node software version crt-20211215-1371 have been delivered with the following update:

WAF violation exception enhancement for the node software is added.

Node software version crt-20211214-1367 have been delivered with the following update:

Fix for Healthcheck failures due to duplicated endpoints is delivered.

Node software version crt-20211213-1365 have been delivered with the following update:

Fix for WAF related container crash is delivered.

Node software version crt-20211213-1364 have been delivered with the following update:

Updated signatures and threat campaign for the Log4j Remote Code Execution (RCE) Common Vulnerabilities and Exposures (CVE).

Node software version crt-20210827-1282 have been delivered with the following fixes:

Fix for UDP proxy crash is delivered.

Node software version crt-20210811-1254 have been delivered with the following fixes:

Creating TCP load balancer with domain name is not possible for the Site on Kubernetes after the upgrade. As a result, servion external K8s is not created without SNI by the Site on Kubernetes.

Node software version crt-20210729-1221 have been delivered with the following fixes:

InterfaIP present in argo NAT pool even when strict mode is set. The fix checks strict mode and avoids adding interfaIP address.

Node software version crt-20210708-1192 have been delivered with the FRR update and fix for the following issue:

BGP peers are disconnected every 10 seconds.

Node software version crt-20210707-1191 have been delivered with the following update:

GRPC timeout is incremented to 1 second for internal modules.

Node software version crt-20210702-1190 have been delivered with the following update:

Delivered fix for the issue of gateway response with code 502. This fix reduces number of responses of type 502.

Node software version crt-20210625-1189 have been delivered with the following fixes:

Node decommissioning does not delete control node.

Node software version crt-20210625-1188 have been delivered with the following update:

Node software is updated as part of the SaaS upgrade. Click here for SaaS changelog.

Node software version crt-20210518-1098 have been delivered with the following fixes:

Control node is not deleted when the node is decommissioned.

Node software version crt-20210518-1097 have been delivered with the following fixes:

After software upgrade, origin pools with servidiscovery objects stopped functioning.

Node software version crt-20210427-1052 have been delivered with the following fixes:

Local site discovering the origin pool but does not work when trying to access.

Node software version crt-20210420-1051 have been delivered with the following update:

NetApp Trident and PSO stopped functioning in version crt-20210420-1049. This upgrade delivers the fix.

Node software version crt-20210420-1050 have been delivered with the following update:

Introduces allowing of persistent volume in admission by the platform manager.

Node software version crt-20210420-1049 have been delivered with the following update:

Node software is updated as part of the SaaS upgrade. Click here for SaaS changelog.

Node software version crt-20210413-1025 have been delivered with the following update:

A render problem with Netapp Trident app is fixed.

Node software version crt-20210413-1024 have been delivered with the following fixes:

• TCP Loadbalancer is not functioning.

• Llink quality monitoring status is not correctly reporting.

Node software version crt-20210407-1023 have been delivered with the following fixes:

• Trident backend job continues to stay in running mode.

• Pure Storage Servivolume expansion does not function. Fix is delivered by upgrading to PSO v6.0.5.

Node software version crt-20210407-1022 have been delivered with following fixes:

• Servimesh displays incorrectly in the UI.

• Session init packets originated by FRR are dropped.

Node software version crt-20210405-1020 have been delivered with the following update:

Servimesh graph shows node from another tenant. Fix for the same is delivered.

Node software version crt-20210403-1019 have been delivered with the following update:

Fast ACL performancenhancements are delivered.

Node software version crt-20210312-973 have been delivered with the following update:

Port forwarding enabling for NetApp Trident CSI is added.

Node software version crt-20210312-972 have been delivered with the following update:

Netapp trident version is upgraded to version 21.01.1.

Node software version crt-20210312-971 have been delivered with the following issue fixes for managed K8s.

• kubectl drain does not function for managed K8s

• Cluster role, cluster role binding, pod security policy, and storage class creation is not allowed using managed K8s API.

Node software version crt-20210312-970 have been delivered with the following update:

• Managed K8s resourlimit is enhanced to 8GB.

• AES encryption support is added for NetApp Trident.

Node software version crt-20210220-896 have been delivered with the following update:

Fix for endpoint discovery failure for routes from REs is delivered. This is in case of HTTP proxy.

Node software version crt-20210220-895 have been delivered with the following update:

Node software is updated as part of regular SaaS upgrade. Click here for more information.

Node software version crt-20210203-845 have been delivered with the following update:

Endpoint reachability (via PSK tunnel) issue for AWS TGW is fixed.

Node software version crt-20210126-844 have been delivered with the following update:

Header manipulation issue for request_headers_to_add value in case of HTTP load balancer is fixed.

Node software version crt-20210121-843 have been delivered with the following update:

Node software is updated as part of regular SaaS upgrade. Click here for more information.

Node software version crt-20201204-725 have been delivered with the following update:

Performance improvements to F5® Distributed Cloud Mesh software are delivered.

The following updates have been delivered:

• Added Hostname: hostname-3.23-6.el9.x86_64

• Added NFS Utilities: nfs-utils-1:2.5.4-34.el9.x86_64

• Updated kernel: kernel-5.14.0-570.23.1.el9_6.x86_64

• Updated CRI: cri-o-1.32.2

• Modified stig-hardening

The following updates have been delivered:

• Fixed CVEs: CVE-2024-6232 CVE-2024-34156 CVE-2021-47383 CVE-2024-2201 CVE-2024-26640 CVE-2024-26826 CVE-2024-26923 CVE-2024-26935 CVE-2024-26961 CVE-2024-36244 CVE-2024-39472 CVE-2024-39504 CVE-2024-40904 CVE-2024-40931 CVE-2024-40960 CVE-2024-40972 CVE-2024-40977 CVE-2024-40995 CVE-2024-40998 CVE-2024-41005 CVE-2024-41013 CVE-2024-41014 CVE-2024-43854 CVE-2024-45018 CVE-2021-47385 CVE-2023-28746 CVE-2023-52658 CVE-2024-27403 CVE-2024-35989 CVE-2024-36889 CVE-2024-36978 CVE-2024-38556 CVE-2024-39483 CVE-2024-39502 CVE-2024-40959 CVE-2024-42079 CVE-2024-42272 CVE-2024-42284 CVE-2024-34155 CVE-2024-34158 CVE-2023-31356 CVE-2024-9341 CVE-2023-20584.

The following updates have been delivered:

• Updated kernel: 5.14.0-427.37.1.el9_4

• Added stig-hardening

• Optimized OS size

The following updates have been delivered:

• Updated kernel: 5.14.0-427.35.1.el9_4

• Fixed CVEs: CVE-2024-26808 CVE-2024-36017 CVE-2021-47548 CVE-2024-27397 CVE-2024-26868 CVE-2024-5564 CVE-2021-47459 CVE-2024-38586 CVE-2023-52626 CVE-2024-35845 CVE-2024-24806 CVE-2024-35857 CVE-2024-35969 CVE-2024-36005 CVE-2024-26982 CVE-2024-26783 CVE-2024-35870 CVE-2024-35960 CVE-2024-27049 CVE-2023-52458 CVE-2024-35958 CVE-2024-36886 CVE-2024-36904 CVE-2023-52667 CVE-2024-26974 CVE-2024-26853 CVE-2024-27052 CVE-2024-35848 CVE-2024-40954 CVE-2024-27046 CVE-2024-35907 CVE-2024-36924 CVE-2024-27435 CVE-2024-27393 CVE-2024-35852 CVE-2024-36941 CVE-2024-4032 CVE-2023-45290 CVE-2024-36952 CVE-2024-26858 CVE-2024-40928 CVE-2024-40961 CVE-2023-52809 CVE-2024-38580 CVE-2023-52638 CVE-2021-47606 CVE-2024-36020 CVE-2024-36971 CVE-2024-40958 CVE-2024-6409 CVE-2024-26880 CVE-2021-47596 CVE-2024-38543 CVE-2024-26828 CVE-2024-35800 CVE-2024-38575 CVE-2024-1737 CVE-2024-4076 CVE-2024-28180 CVE-2024-36957 CVE-2024-26801 CVE-2024-35937 CVE-2024-36489 CVE-2024-36903 CVE-2024-36921 CVE-2024-36270 CVE-2024-26600 CVE-2024-27417 CVE-2024-35911 CVE-2024-38558 CVE-2024-39487 CVE-2024-37353 CVE-2022-48743 CVE-2024-26773 CVE-2024-35885 CVE-2022-48627 CVE-2021-47400 CVE-2023-52864 CVE-2024-35899 CVE-2024-36929 CVE-2024-28176 CVE-2024-26737 CVE-2024-26852 CVE-2024-27030 CVE-2024-38593 CVE-2024-27434 CVE-2024-33621 CVE-2024-1975 CVE-2024-1394 CVE-2024-38663 CVE-2023-31346 CVE-2024-26897 CVE-2024-35823 CVE-2024-37356 CVE-2024-21823 CVE-2024-27065 CVE-2024-35789 CVE-2024-36922.

The following updates have been delivered:

• Updated kernel-dependent packages: kernel-5.14.0-427.22.1.el9_4.x86_64

• Updated CRI: cri-o-1.29.5-3.ves1.el9.x86_64

• Updated CRI Tools: cri-tools-1.29.0-1.ves1.el9.x86_64

• Updated Volterra Scripts: volterra-scripts-0.29-1.ves1.el9.x86_64

• Updated OpenSSH: openssh-8.7p1-38.el9_4.1.x86_64

• Fixed CVEs: CVE-2024-6387 in OpenSSH

The following updates have been delivered:

• Updated kernel-dependent packages: qat, nvidia-525xx, nvidia-425xx, and nvidia-grid

• Upgraded RHEL 9.4 (kernel: kernel-5.14.0-427.16.1.el9_4.x86_64)

• Added rpm packages: kernel-devel, gcc, and sg3_utils

• Fixed CVEs: CVE-2024-2398, CVE-2023-52425, CVE-2024-28757, CVE-2023-48795, and CVE-2023-51385

The following updates have been delivered:

• Updated kernel to kernel-5.14.0-362.18.1.el9_3.x86_64

• Fix firewall issue

The following updates have been delivered:

• Added a kernel patch to remove IPv6 debug log to improve performance. It is recommended to use this Operating System (OS) version.

• Added multiple tools to improve debugging experience.

The following updates have been delivered:

• Added firewall service and this service will be disabled by default.

The following updates have been delivered:

• Fixed VPM issue - when static IP address is configured with VMWare OVF configuration, RHEL 9 OVA does not correctly assign the static IP address.

• Fixed VPM issue - when static IP address is configured for baremetal node with vpm CLI, it does not correctly assign the static IP address.

• Updated multi-path package with fix for issue - when storage interface is used with multi-path configuration, multi-path to external storage are not correctly configured.

• Enabled persistent Network Interface Controller (NIC) naming for baremetal and use the same predictable NIC names as CentOS.