Fixed Issues and Other Changes
The following table lists issues that have been fixed and are resolved by upgrading to the named release.
Release 22.2r1
|
Report Number |
Description |
|
Security |
|
|
VADC-297 |
Fixed a security issue CVE-2024-7593 related to interface that exposes the administrator UI. |
|
VTM-46657 |
Fixed an issue which could lead to heap buffer overflow as mentioned in CVE-2023-4863. |
|
VTM-46643 |
Fixed a security issue CVE-2022-4304 related to openssl. |
|
VTM-46644 |
In vTM, to store the user passwords SHA256 is used now instead of MD5. |
|
VTM-46645 |
Upgraded nghttp2 to 1.49.0 which fixes several security issues. CVE-2020-11080,CVE-2019-9511,CVE-2019-9513 |
|
VTM-46646 |
Upgraded gorilla websocket to version 1.5.0 which fixes CVE-2020-27813 |
|
VTM-46647 |
Upgraded curl and curl-nss to 7.84.0 which fixes several security issues. CVE-2021-22945, CVE-2021-22946 ,CVE-2021-22947, CVE-2021-22897, CVE-2021-22898, CVE-2021-22901, CVE-2021-22876, CVE-2021-22890, CVE-2020-8286, CVE-2020-8285, CVE-2020-8284, CVE-2020-8231, CVE-2019-15601, CVE-2019-5481, CVE-2019-5482, CVE-2019-5435, CVE-2019-5436, CVE-2018-16890, CVE-2019-3822, CVE-2019 3823, CVE-2018-14618, CVE-2018-0500, CVE-2018-1000300, CVE-2018-1000301 |
|
VTM-46648 |
Upgraded libpng to version 1.6.37 which fixes CVE-2019-7317 |
|
SNMP |
|
|
VTM-46649 |
Fixed an issue which gives a wrong picture about the available free memory in the system. |
|
Configuration |
|
|
VTM-46650 |
Fixed an issue where TIP becomes unconfigurable if VA is restored without machine specific information. |
|
Administration Server |
|
|
VTM-46651 |
Fixed the radio button in "Event from" section which even after selecting "Some Pools" couldn't retain the selection. |
|
VTM-46652 |
The fix is to reflect the bind IP properly in UI and configuration files when it's changed from UI so that user can still access GUI smoothly post modification. |
|
VTM-46653 |
Fixed an UI related issue which didn't give enough information on how to add multiple email addresses for alerting events. Both comma and space can be used as delimiter now as per UI info. |
|
Connection Processing |
|
|
VTM-46654 |
Modified the documentation for traffic script function pool.use() to reflect that it may not resolve a hostname to a reachable IP address. |
Pulse Secure Virtual Traffic Manager Appliance
The following table lists issues that have been fixed and are resolved by upgrading to this release.
|
Report Number |
Description |
|
Virtual Appliance |
|
|
VTM-46655 |
Addressed the initial network setup issue, when there is no DHCP setup. |
|
Cloud Platforms |
|
|
VTM-46656 |
Fixed an issue which could lead to IPv4 associations being not displayed properly when vTM software version is installed on AWS CentOS 7. |
Pulse Secure Virtual Web Application Firewall
|
Report Number |
Description |
|
WAF |
|
|
PRS-418947 |
Fixed an issue with Baseline protection deny because of PDF parsing failure. |
|
WAF-1172 |
Fixed the issue by enabling the Logrotator for all the log files generated by vWAF. |
|
WAF-1173 |
Handled the exceptions ReadTimeout and increased the request timeout second. |
|
WAF-1174 |
Internal Security Improvement. Baseline updated with CVE-2021-44228. |
|
WAF-1175 |
WAF Debug binary is now available for 4.10.0006, 4.10.0007, 4.10.0008. Modified the CxFreeze(open source) code to generate debug binary. |
|
WAF-1176 |
Fixed the issue by code changes related to Python 3 generated by vWAF. |
|
WAF-1177 |
Fixed the issue by enabling modification of telemetry config via existing REST API generated by vWAF. |