Resolved Issues

Release 22.8R2.3

Kernel panic was observed on ICS versions 22.8R2 and above due to a kernel bug in the NFQUEUE reinjection path, which could result in an abrupt reboot of the ICS server. This issue has been fixed.

OCSP checks for certificates failed intermittently on ICS versions 22.8R2.1 and above, due to an issue in parsing the OCSP response in the ICS server. This parsing issue has now been resolved.

Release 22.8R2.2

Access & Connectivity

Applications configured with non-standard TCP ports are not accessible through the PSAM tunnel when the Nginx Web Server is enabled in version 22.8R2.

Web bookmarks are not functioning on ICS 22.8R2, caused by issues with JSESSION ID passthrough rewrite.

Users are experiencing unexpected disconnections after upgrading to version 22.7R2.10.

Users are unable to access specific resources through PSAM after upgrading ICS to version 22.8R2.

Web Server & Performance

Nginx crashes frequently observed on ICS 22.8R2, affecting web access features.

Authentication & Security

REST API-based authentication fails when the administrator password contains the special character ":", while the same password works correctly via the admin Web GUI.

TOTP user reset functionality does not work when WAF is enabled in Protection Mode.

HTML5

HTML5 copy paste will not work.

Advanced HTML5 sessions remain active even after the end user logs out.

Advanced HTML5 SSH session fails to log in when using a private key.

End User Portal

A black screen is displayed when accessing a file share bookmark created by the end user.

Web Application Firewall (WAF)

The WAF package reverts to version 1.0.0.

XML import/push config fails with the error message: "Can't download crs package '1.0.0' from controller as gateway is not registered with controller."

WAF issues are observed in the following configurations:

•Manually configured CDP in Sub CA for CRL checking.

•Backup CDP configured in Root CA.

•CRL checking options set to use CDP specified in the trusted CA.

Cluster Management

Event logs display the message "administrator manual failover" when VIP failover occurs due to the active node rebooting.

Release 22.8R2.1

Authentication (AD/LDAP)

When configure an LDAP server, it fails with the error "Invalid server address".

Users are unable to change their AD passwords via the preference page.

After creating the AD server in an Active/Passive (A/P) cluster, the AD username and password fields are empty, even though the 'Save Credentials' setting is enabled.

OAuth time skew is not working as per the configured values.

VPN/Resource Access

VPN ACL configuration push fails with the error message: "Invalid IPv4 address specified."

Users are unable to access the URL https://compliance.login.globalrelay.com/ using a web bookmark and encounter a JavaScript error.

Attempting to access SharePoint results in the error message: "The page you requested could not be found."

Webserver

The Nextgen Webserver service crashes while performing DFS operations.

The Nextgen Webserver crashes frequently observed on systems running version 22.8R2.

"Program nginx recently failed." is observed when uploading a file of 800 MB.

Program Nextgen Webserver recently failed after upgrading to 22.8R2.

Certificates

User login is successful even if we disable client Certificate Negotiation.

Cloud secure configuration fails with the error message: "Failed, no metadata".

The Android ISAC client fails to connect to DFS and displays the error message "Server's security certificate is not trusted." when the next generation server is enabled.

The PSAL client displays the error "Detected Incorrect Data From Server because ICS is not sending the SrvCertMd5 value.

UI/Platform

Some UI pages are inaccessible after upgrading the ISA8K.

Switch to serial console on VM does not bring up Admin/End user UI.

Web Application Firewall (WAF)