Loadbalancer.org product roadmap – new features, release notes and more (as always, a work in progress)
Published on •22 mins Last updatedUnderstandably, we get quite a few requests for a product roadmap containing release notes and feature updates. We've had a chat about this internally and thought that it would be nice to have a permanent post on the blog that we change on the fly as and when customer requirements change.
Putting this on the blog enables our customers to express their arguments for and against new features etc.
This entry should also give you a better idea of our priorities and how we develop the product.
You can jump straight to our latest update (v8.12.1) here ->
Three Products, One goal – Zero Downtime...
Sometimes corporate mission statements are easy to poke fun at, but I'd like to think that we are making progress towards ours:
"To provide the tools and expertise you need, so that your business systems and your customer’s applications never fail"
To this end we have, or at least will have shortly – three core products:
The Load Balancer Enterprise ADC
Our core product, a fully featured application delivery controller, designed to be an easy to use and yet ultra reliable workhorse. After 20 years of development this product is rock solid and battle tested. Enterprise will be fully supported and steadily improved for at least the next 5 years.
The ADC Portal
Our vendor agnostic cloud platform for managing and automating load balancer deployments. An incredibly easy to use SAAS web based portal for remote management, backup, updates, security analysis and automation.
Official launch 1st April 2024
Endurance
API driven, Next gen, modular, fast, flexible and devops friendly. Built from the ground up over the last 5 years (did I hear anyone say technical debt?).
Likely to enter a long Beta program in the summer of 2024, with launch in 2025.
So what can you expect in the next few months?
We're pretty excited about the launch of the ADC Portal, and guess what we've decided to make it free for our existing customers forever. So you've got no excuse not to go and give it a try!
As for Enterprise, you probably already know that we've spent a very long time completing a huge overhaul of the backup & recovery functionality. The focus being to make it as simple and flexible as possible. Making it far easier to automate and test deployments, and be ready for centralized management.
As of v8.11.1 we finally have Software Updates that can not only Rollforward but more importantly Rollback (online & offline). We've also implemented checkpoints, so you can quickly roll back your own changes.
We're currently concentrating on improving the template system, and we have some big performance improvements for the API in the pipeline. We aim to gradually improve this to support our partners with large and rapid deployments.
Next on the list is improving automation from our ADC Portal, concentrating on restoring/updating and modifying clustered pairs of load balancers with zero downtime.
New features are great, but in 2024 our primary focus is bug fixes, yes I know vendors don't like to talk about bugs. But we have a big list of non-critical but annoying bugs that we want to squash this year.
And we’ve got time to add more..
So shout now if you want something changed — you can contact me directly by emailing malcolm@loadbalancer.org
How do we decide what to do next on our priority list?
Our principles always guide us, this is an overview of the things we feel are most important in a load balancer appliance in order of priority:
- Security
- Fast, rapid and proactive improvements i.e. Heartbleed/Shell Shock and others
- Focus on WAF/DOS/DDOS as well as just simply a secure appliance.
- Compliance with government standards HIPAA, FIPS, FISMA, NIST etc.
- Integration with your current security framework AD, RADIUS etc.
- High-availability
- Constant improvements to underlying systems
- Future enhancements to intelligence, logging and alerting.
- Maintenance
- Constant focus on close to zero downtime for maintenance and security updates
- Helping the customer carry out software updates on servers in the cluster.
- Performance
- Constant re-assessment of the best default configurations for performance
- Renewed focus on special application performance requirements (i.e. lots of small packets or lots of large ones).
- Support
- How can we make the product easier to support and how can we improve our support service?
- Usability
- Improvements to look and feel + intelligence and ease of use
- New platforms
- Integrate new platforms as and when they become customer priorities i.e. azure
- New features
- Assess against our priorities and implement if, and only if they match our stated priorities.
- New products
- Constantly looking for new applications to help customers with their infrastructure requirements.
Hang on, what happened to v9?
The fabled v9 has evolved into our Partner Product, a customizable, and modular solution that simplifies large scale deployment. It’s already seamlessly embedded into hundreds of critical systems across the globe.
In fact it's grown into a bit of a monster. So while we prepare version 9 for general availability aka. Endurance, we have decided to accelerate development of v8 to bring you new and exciting features.
So, what exactly is our partner product?
Put simply, our partner product is a platform for application delivery.
But more importantly it's something we create together — with amazing results. After all not every partner needs all of our services:
- API driven, vendor agnostic, data plane agnostic centralized application delivery
- Fully automated deployment, maintenance & monitoring of your applications
- Tight integration with your development team and your roadmap
- Our support integrated with your customer service team
- OEM Hardware development, deployment, certification and logistics
- Centralized management of ADC security and version control
- Flexible contracts with long term commitments to your roadmap
Why do you need our partner product?
You are a respected technology vendor in your sector. And you have a large number of customers depending on your systems. And it's getting increasingly complex to support them on a global scale — while keeping the pace of innovation going with your own product roadmap.
I'm sure your system has unique requirements:
But wouldn't it be great to work with someone who wants to help you increase your revenue & customer satisfaction, while reducing complexity & costs?
Don't worry: We'll still be updating & supporting v8 for a very long time!
Last updated 31st October 2024
Latest version v8.12.1
Minimum secure version v8.11.3
Minimum version to use with caution if securely configured v8.5.2
[v8.12.1]
31st October 2024
Bug Fixes
- Open VM Tools: Resolved issue which prevented Open VM Tools from starting by default where required.
- Check Points: Resolved issue where invalid check points and releases were available on some images.
- Minor UI improvements: Made it so that more friendly error messages are displayed if the check point system is missing critical files.
- LVS Agent for SNMP: Resolved issue which prevented the full LVS table from being accessed via SNMP.
- MS SQL Health Check Template: The MS SQL check is now available in the health check scripts template dropdown after running the install script.
- Stick Tables in TSD: Corrected an issue where stick tables were omitted from Technical Support Downloads.
- SAN Field in CSR Display: Fixed a display issue caused by particularly long SAN fields in the CSR output.
- Balance Mode Persistence: Updated behavior to ensure that the first Balance Mode does not auto-select persistence as "Stick" on Fallback.
- System Overview Display: Resolved minor display issues affecting icons and labels in the System Overview.
- PBR Local Routes Feature: Added the ability to select "local routes" for PBR in the WebUI.
- Restore and Peer Password Prompt: Resolved an issue where if the appliance is paired then the restore process might block awaiting the entry of the peer's password even in non-interactive situations.
- Rsyslog Remote Protocol: Fixed an issue which caused the rsyslog remote protocol to be set improperly sometimes.
- Timezone Configuration: The selected timezone information is now available to processes other than the WebUI at the OS level.
- Static Routes Restoration: Resolved an issue where restoring did not properly restore static routes at the OS level.
- Gateway to Shuttle Certificate Data: Ensured proper passing of certificate data from gateway to the shuttle.
- SSH Key Format: Corrected an issue where a single invalid SSH key would prevent peer communications even if other valid SSH keys were present.
- VMware Services Start-up: Addressed an issue where VMware services would attempt and fail to start on physical appliances.
- Health Check Scripts on Restore: Fixed an issue where health check scripts were not correctly written during restore.
- Crontab Entry for Updates: Corrected a malformed crontab entry which prevented the update check from running.
- Mod_Security Directory Ownership: Resolved wrong ownership issues for the mod_security directory.
- Cookie Persistence Method: Addressed issues with the cookie persistence method not working correctly on the fallback server.
- HAProxy Manual Configuration: Resolved an issue where using an * as a port range in a layer 7 virtual service caused the reload SYN block to fail.
- Layer 4 Health Checks: Corrected flip-flopping behavior observed with Layer 4 health checks when multiple instances of the same real server are checked under certain configurations.
- Upgrade System Issues: Addressed various issues related to the upgrade system.
- Shuttle Service Update: Made it so that the Shuttle service is more robust when recovering from network issues.
- Fallback Server Label: Layer 7 fallback servers are now always named “backup” to maintain compatibility with existing customer ACLs.
- Proxy Settings on Upgrade: Resolved an issue where proxy settings were removed when installing a release or restoring a configuration.
- SSH Communication After Restore: Fixed a bug where SSH communication broke after restoring from a checkpoint.
- SSH Keys on Appliance Update: Ensured suitable SSH keys are present on appliances updated from older versions.
[v8.11.4]
8th August 2024
Bug Fixes
- Portal access was lost for all existing shuttles, due to an unexpected change in our upstream certificate chain.
- Updated all shuttles with new intermediate security certificates and extra signing authorities as a backup.
- Fallback methods for automatic shuttle updates were also added to ensure this does not happen again.
[v8.11.3]
5th June 2024
Security
- Updated OpenSSH to version 9.8p1, addressing the regreSSHion Bug (CVE-2024-6387).
[v8.11.2]
3rd April 2024
New Features
- Portal Shuttle Proxy Support. The Portal Shuttle will now work through a configured system proxy.
Bug Fixes
- Updated Yum Package: Fixed an issue preventing a small number of customers from upgrading due to the version of yum installed.
- Fixed Layer 7 Health Check: Fixed an issue preventing you from being able to use an external health check scripts.
- OCSP Certificate Enforcement with Stunnel: Stunnel no longer offers the status_request or status_request_v2 extensions to clients so that customers on dark networks can create TLS terminations that will not be rejected by clients with stricter security policies.
- Portal Shuttle Gateway Management Port Changes: You are now able to change the default management Port for the load balancer and the reflect with the Portal Shuttle Gateway.
[v8.11.1]
20th March 2024
NB. From this point you will be able to roll back all updates in a single step, jumping straight back to your working configuration, useful should you experience an issue after an update.
New Features
- Bind Services to Specific Addresses: Increased flexibility and security by allowing binding to specific addresses.
- Added the ability to create checkpoints that allow for rollback if necessary.
- Online and Offline updates now fully support roll forward and rollback over multiple versions.
- Added latest Broadcom BCM57508 NetXtreme-E-Series drivers for 100G cards.
GSLB:
- Safe Reload after Config Changes.
- Member Name Validation: Ensured GSLB member names are validated.
- TTL 0: Allows for quicker propagation of DNS record changes upon health check failure or recovery. Now the default.
- EDNS: Client subnet support added for easier implementation of site affinity and high performance direct to node GSLB.
- GSLB Templating System Integration: Streamlined GSLB configuration with templating support.
- GSLB External Dynamic Weight Based Health Check.
SSL:
- Updated Stunnel to 5.7.1 and fixed issues relating to the process of recovery from errors and to ensure seamless reloads.
- Facility to identify where a certificate is in use for better management.
- Now marks WebUI certificates as "In use" for better management.
- Updated Let's Encrypt support to work correctly with the latest acme.sh version.
- HTTP/2 & SSL Termination on HAProxy: Added support for modern web protocols and secure connections.
Bug Fixes
- Fixed Connection Termination Issue with Fallback Server: Ensured smooth transition back to primary RS when available.
- Fixed Layer 7 Health Check: Resolved the "No checks, always On" issue.
- Fixed Bonding Transmit Policy: Set to layer 2+3 for optimal performance.
- Floating IPs Support in Templating System: You can now specify floating IP addresses as part of templates and choose whether they come up or not as part of the submission.
- Increased reload performance for Layer 7 Virtual Services.
- Improved GSLB templating support.
- Fixed issue where not all parameters for each GSLB pool monitor type were set correctly on importing a template.
- Added ability for health checks (not just health check templates) to be installable/updatable via the template system.
- Deprecated HTTP Pipeline Mode Option Removed: Aligning with HAProxy 2.0 standards.
- Force Lower-cases Header Names: Compliance with new HAProxy 2.0 requirements.
- Addressed issues where LBCLI does not allow Monitor IP to be empty for add and edit GSLB actions, although the WebUI permits these values.
Security
- Removed Default Passwords for Configuser, Maintuser, and Reportuser: Strengthened security posture. Existing passwords will not be affected.
[v8.9.1]
6th July 2023
Improvements
- Improved performance and reliability of the build scripts for cloud platforms.
- Enhanced connectivity of the Portal gateway with the infrastructure, ensuring continuous connection attempts whilst running.
[v8.9]
25th April 2023
Features
- Added new SSL Terminator for HAProxy, allowing for mutual Transport Layer Security (mTLS) configurations.
- Added FQDN support with real servers.
- Added new L7 ACL "path_reg".
- Added option to add mTLS as part of VIP creation under advanced.
Improvements
- Improved readability of white buttons.
- Included open-vm tools for VMware-based deployments on new installations.
- Added a message indicating that the templating system is processing work.
- Updated the UX of the Portal Management page, including hiding connection details under advanced options.
Bug Fixes
- Resolved the ordering of onboard NICs on hardware.
- Fixed issue causing SSL Termination Labels to get lost.
- Fixed template importer to allow for L4 VIPS to be configured with a wildcard port range.
- Resolved issue preventing HA pairing in AWS.
- Fixed issue causing backups to be unable to be restored when special characters were used as part of the encryption process.
Security
- Updated HAProxy to address a security vulnerability in HTX mode (CVE-2023-25725).
This bug is unlikely to effect any of our customers as HTX can only be activated via a manual configuration.
[v8.8.1 Re-roll]
15th March 2023
NB. From this point you will be able to roll forward all updates in a single step, jumping straight to the latest version, saving you valuable time.
Bug Fixes
- Reversed the deprecation of SSH DSA keys
- Reversed the incorrectly reduced Stunnel connection limit
- Fixed bug that deleted some health check files during update
- Block update and display warning until deprecated SSH ciphers are removed
[v8.8.1]
3rd February 2023
Branding
- As we move into 2023, Loadbalancer.org will be rolling out a new look & feel for our brand
We believe the new logo and color scheme is more reflective of our true company personality
The new branding will be introduced in this update of the appliance's webUI
The complete transition to the new brand-look will happen gradually over the next few months
Features
- Rolling online updates: Starting with this release you will now be able to update to the latest version without having to perform incremental updates.
- Added the facility to manage Loadbalancer Portal configuration via the WebUI.
- Added "First" Scheduler and “Last Successful” persistence method.
- Added new ACL type "Reported SNI" to act on the value of the SNI field of an unterminated TLS connection.
- Added Template Importer/Exporter to help with deployment automation.
- Virtual servers can now be bound to traffic on ANY interface by using 0.0.0.0.
Improvements
- Improved gateway address validation to prevent entering an invalid ip.
- Open-vm tools for VMware based deployments on new installations.
- Free-type ACLs may now be multiline.
- Improved HAProxy config error reporting to add more detail.
- Improvements to LBCLI including input and output validation.
- The Stunnel service is now supervised to improve high availability.
- Updated OpenSSH to 9.0p1.
- HAProxy Stats page will now auto-refresh by default.
Bug Fixes
- Fixed having to specify a Floating IP and/or a Gateway when creating a new PBR rule.
- Fixed issue where L4 services would restart when autoscaling in AWS.
- Fixed setup wizard to validate passwords correctly.
- Backend-only virtual services no longer cause a conflict with layer 7 logging.
[v8.7]
19th August 2022
Features
- New and improved revamped backup & restore process.
- New and improved support download page.
- Added the ability online/offline floating IP addresses through the floating IP address page.
- Added the ability to restore a backup without having the floating IP addresses come immediately online.
- Added Intercom as our new live chat solution.
- Added the facility to enable the HAProxy Prometheus exporter via the web user interface.
- Added the facility to update your license via the lbapi.
- Added OPTIONs check to lbapi.
Improvements
- Improved Linux RNG configuration to mitigate TPM errors relating to KVM.
- Updated HAProxy to version 2.0.28
Bug Fixes
- Resolved VIP and Management PBR conflicting.
- WAF - Resolved issue relating to inbound anomaly scores not calculating correctly and hence not logging as expected if they were less than the defined inbound anomaly score threshold.
- Windows Feedback Agent - Resolved an issue relating to the feedback agent incorrectly reporting RIP load.
[v8.6.3]
12th May 2022
Improvements
- Updated the copyright year found as part of our product footer.
Security
- Updated the version of OpenSSL to address a vulnerability (CVE-2022-0778). Loadbalancer.org products are unaffected.
[v8.6.2]
12th April 2022
New Features
- Create and manage multiple HAProxy backends with the web interface, removing the need for manual configurations.
- Added the ability to configure an individual real server to redirect traffic to another site.
- Added the ability to easily create self-signed certificates.
- Added basic HAProxy LUA support.
Bug Fixes
- Fixed the configuration for layer 4 email alerts.
- Fixed the labeling of interface names relating to virtio drivers with KVM.
- Fixed incorrect tooltips showing when configuring network interfaces.
- Fixed potential issue using the WAF with IPv6.
Improvements
- Language improvements relating to cluster member names.
- Updated the PCRE version as part of ModSecurity for performance.
[v8.6.1]
18th January 2022
Bug Fixes
- Prevent Apache update breaking custom SSL certificate for web interface
- Fix 8.6 regression in vlan configuration with bonding
[v8.6]
10th January 2022
New Features
- Configure powerful and extensive ACL Traffic Rules, simply, using our new interface which removes the need for manual configurations.
- External Health Check scripts are now easy to edit and manage across L4/L7 and GSLB.
- ModSecurity CRS3 rules fully integrated into the WAF which will give less false positives.
- Online chat integrated into the product for quick access to support.
Improvements
- 100G mellanox network card drivers updated.
- DHCP configuration now available from the console setup wizard.
- SNMP v3 is now configurable from the web interface.
- Changed Master/Slave Terminology to Primary/Secondary
- Re-generating a self signed certificate for the web interface is now possible.
- A notification is now displayed when an online product update is available.
- A unique host header for each backend server can now be configured using the server label.
- Service reload errors are now visible directly from the blue restart prompt.
- If host header is provided, then Layer 7 health checks default to HTTP 1.1
- The Online update server location is now editable.
Bug Fixes
- Number of threads in use at boot time now correctly displays in the user interface.
- Selecting a non-existent interface with autonat no longer results in an exception.
- Removing a static route now brings back the auto route for the NIC.
- Licence key expiration date now shows immediately after installation, without page refresh.
- Complex PFX certificate passwords are now fully supported.
- Using LBCLI on the passive node no longer triggers potential failover.
- Firewall lockdown wizard now allows layer 7 statistics access by default.
[v8.5.8]
16th September 2021
Bug Fixes
- Fix 8.5.7 regression in the WAF behaviour previously resolved in 8.5.5
- Minor fix for invalid or corrupted XML files when importing backup from historical versions.
- Resolve critical issue in Azure clustering causing invalid Secondary IP address in the configuration file.
[v8.5.7]
27th August 2021
Bug Fixes
- Fixed issue with HTTPS redirect loop when adding force to https to a WAF protected layer 7 service.
[v8.5.6]
4th August 2021
Bug Fixes
- Resolved issue where SNI certificates could not be selected through the web interface for a small number of customers.
- The SSL termination padlock associated with a WAF now shows on the frontend rather than the backend.
- Resolved an issue where LBCLI would return a malformed JSON response for a small number of customers.
[v8.5.5]
27th July 2021
New Features
- Now supports PEM formatted SSH keys allowing better compatibility and useability.
- A new padlock icon showing if a virtual service has an 'SSL Termination' attached is now shown for quick access to linked services.
Improvements
- The HAProxy statistics page is now integrated within the Web UI for easier accessibility. It no longer consumes an additional port (TCP/7777) or requires separate authentication details to access.
- Better handling of recent recommendations regarding cookies, HAProxy now adds 'samesite=none' by default to persistence cookies for better cross-site handling.
Bug Fixes
- Updated defaults for LDirectord allowing XML files with a blank config section to still allow the service to start successfully.
- Fixed an issue when adding a WAF between SNI SSL Terminations and HAProxy, it no longer fails and shows 'HTTP 400 bad request' in a web browser.
- Management gateway PBR rules now start correctly after reboot even when other PBR rules are not in use.
- Changing port on HAProxy service now updates linked Stunnel service.
- Slave appliances in Azure no longer incorrectly write the Masters IP in some SNI configurations
- Restoring an XML file now picks up the configured WebUI port from the configuration file.
[v8.5.3]
16th April 2021
NB. The online update following this patch will jump straight to version 8.5.8
Security
- Update OpenSSL to version 1.1.1k
NB. The Loadbalancer.org product is not vulnerable to the 3 issues fixed in this patch.
[v8.5.2]
31st March 2021
Improvements
- Added the JQ library package
- Large support downloads now ‘stream' using less local disk space
- Fallback server support with SNI now available for VIPs using SSL Pass-through or Re-Encrypt to Backend
Bug Fixes
- Fixed rare issue with feedback agent when updating HAProxy
- Fixed reload process for Stunnel
- Updated SNMPD to resolve rare memory leak
Security
- Various improvements including Stunnel and OpenSSH
[v8.5.1]
26th November 2020
New Features
- WAF now has enhanced support for IPV6
Improvements
- Add new fogroup persistence method in gslb
- Warn user if a network card is not in a fast enough PCI slot.
- Update Haproxy to 1.8.27
Bug Fixes
- Network bonding default mode in GUI corrected to be HA mode 1
- GSLB restart no longer fails without defining config first
- Fix issue when installing an invalid licence key.
- Fix lbcli function negotiate_http_head
- Fix potential issue detecting serial port configuration
- Stop GSLB wizard modifiying user defined SSL options
- Fix for rare but confirmed WAF memory consumption issue
[v8.5]
New Features
9th October 2020
- New SNMP agent and MIBs for Layer 7 services.
- New GSLB graphical interface (automatic upgrade of existing manual configs)
- New GSLB distribution state table
- New and more Flexible bonding of interfaces
Improvements
- Bond mode now selectable from setup wizard.
Bug Fixes
- Disabled access to HAProxy statistics page port 7777 for TLS1.1
- Fixed issue where specific ACL rule broke lb_config
- Fix for samesite cookie issue
- Revert self signed certificate back to localhost.localdomain
- Fix read-only lock when using manual L7 configuration
Security
- Force UI/Console password change from the setup wizard.
- PDNS Updated to 4.3.0
[v8.4.3]
Security
27th April 2020
- OpenSSL updated to mitigate potential but 'unproven in the wild' DOS vulverability CVE-2020-1967
[v8.4.2]
20th April 2020
New Features
- Rsyslog updated to version 7
- Alternate default gateway available for L7 VIPS
- TProxy can now be enabled per VIP
Improvements
- Syslog default communication method now UDP.
- SDK updated for GCP appliances
- Enabled SNI support for re-encrypt to backend.
Bug Fixes
- Editing values on the physical advanced page was disabling PBR
- Erroneous Bond interface showing after running console setup wizard
- Azure appliances ACLs fixed in HA deployment
- Fixed intermittent 502 errors coming from WAF gateways.
- Fixed STunnel slow start on boot
- Source address lost when Stunnel bound L7 VIP had its SSL mode changed
- HAProxy configuration locking fixed
- Manual HAProxy configuration input was incorrectly converting single quotes
Security
- HAProxy Updated to mitigate H2 bug CVE-2020-11100
[v8.4.1]
14th January 2020
Performance & Security enhancements
- Updated STunnel to version 5.56
- Updated HAProxy to version 1.8.23
- Updated OpenSSL to version 1.1.1d
- Fixed XSS vulnerabilities in web interface
New Features
- New graphical menu for console based setup
- Easier bond and vlan configuration at setup
- TLS v1.3 available
Bug Fixes
- Changed placement of SNI Rules page for ease of use.
- Fixed potential error when updating WAF advanced settings.
- Updating L7 child VIP when bound with SNI no longer overwrites parent.
- Fixed potential segfault in STunnel
Improvements
- Changed console default keyboard layout to US.
- Optionally exclude .gz files in support download.
- Improvements to SSL advanced page.
- Improvements to WAF diagnosis functionality.
- Improvements to LBCLI for automated deployments.
- SSL performance improvements
[v8.4]
13th September 2019
Deprecated - Do not use
- Potential segfault in SSL handling - version pulled.
- Changes bellow rolled into v8.4.1
Improvements
- Improved NIC ordering script for physical appliances.
- Improved setup script to clear out user added VLANS.
- Stunnel performance improvements updated to 5.55
Bug Fixes
- Improved SNI domain name validation to now allow '-' in the URL.
- Improved form formatting for L4 negotiate checks.
- Azure WAF - Fix routing traffic when master is unavailable.
- WAF frontends no longer count towards VIP licenced total.
Security
- OpenSSL updated to 1.1.0k
- Haproxy Updated to 1.8.20
- Web Interface fixed to ensure path traversal no longer possible for logged in users CVE-2023-25725.
[v8.3.8]
5th July 2019
Important security update
- This release moves the Loadbalancer.org kernel to v4.9.182.
- This fixes a remote denial of service vulnerability in the SACK implementation.
- Specifically CVEs: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479
[v8.3.7]
5th July 2019
New features
- Duplication of services now available from the edit service page.
- Add HTTP 'Options' method health check at L7.
- Security Lock down by default + option to make it irrevocable.
Improvements
- Modify Virtual Server is now context sensitive with multiple advanced menu options.
- L7 Persistence methods are selectable based on L7 protocol.
- Improved PBR ReadMe Document.
- NIC offloading help corrected.
- SSL Certificate verification of pem files on import.
- Increased default PCRE Limit for the WAF.
- ModSecurity databases removed from support download to reduce size.
- L7 Stats page has deprecated TLS versions disabled.
- Update quick start guide URLS.
Bug Fixes
- SSL certificate elements were not copied to the slave correctly.
- Disaster recovery script now copies WAF configuration correctly from recovery node.
- Edge/IE11 are now able to access HAProxy stats/Layer 7 Status page.
- Stop TPROXY from enabling occasionally when generating a support download.
- Node recovery was not notifying on completion.
- Adding SNI rules incorrectly reverts 'manual' state.
- Improved validation checks for L7 Headers.
- Cannot create a wild card SNI rule.
[V8.3.6]
1st March 2019
HAProxy
- Correctly escaping quotes in header values.
- Replace header is now available from the headers section.
- Inactive HTTP stream reuse is now available.
- We have made the path_beg and path_end ACLS case insensitive.
- When using HEAD checks the response expected box is no longer displayed.
- HAProxy has been updated to 1.8.17 to mitigate against h2 bug.
SSL
- Proxy protocol was getting incorrectly disabled - now fixed.
Other
- Stopped users executing lbcli from the web interface.
- 40Gbit/s mellanox card drivers have been added.
- Fixed incorrect ciphers when enabling HTTPS and the WUI.
- Hardware network interface TCP Offloading is now available
[v8.3.5]
21st November 2018
-
AWS: Reload dialogue displayed un-necessarily when using AWS autoscaling.
-
HAProxy: Restoring XML will no longer remove existing manual configuration files. Added new ACL functionality for query strings.
-
SSL PROXY BIND: Fix read-only issues from 8.3.4 online update - and allow easy removal of existing bindings.
-
Other: Removed disturbing message from CLI when generating support download.
[v8.3.4]
20th September 2018
-
HAProxy: Updated to v1.8.14 for critical fix to HPACK decoder used for HTTP/2 (vulnerable to buffer overflow)
-
Let's Encrypt: Critical fix to the automated certficate renewal script
-
SSL PROXY BIND: Fix broken proxy bind if you modify the layer 7 VIP or delete the termination SSL VIP.
[v8.3.3]
10th September 2018
-
HyperV: We have improved the HyperV live migration and as a result this no longer causes potential heartbeat latency issues.
-
WAF: The WAF interface has now been simplified, and we've added easy log diagnosis & automated whitelist suggestions. We've also added a new fast page cache, for accelerating Wordpress.
-
SSL: The interface has been simplified and OpenSSL has been updated to 1.1.0h.
-- STunnel has been updated to 5.46 to resolve a slow memory leak when reloading 1000's of SNI rules.
-- Automated certificate generation is now available, using Let's Encrypt.
-- We have increased the number of SNI rules you can add via the web interface to 8000! -
HAProxy: Has now been updated to 1.8.11. The core change being the ability to configure multi-threading for greater than 10G performance.
-
Other: Bonded interface limit has increased - you can now create up to 4 bonded pairs with full 802.3ad support.
[v8.3.2]
-
Azure: AZ HA service can now run scripts on failure.
-- SNAT Mode with HA now displays the correct VIP in the system overview on the slave appliance.
-- SNAT Mode with HA wrong slave appliance IP selected on 'modify VIP page'.
-- WALinuxAgent updated to 2.2.21.
-- Kernel updated to 4.9.107 for network performance improvement (reboot required). -
WAF: SecPcreLimit is now configurable from the interface.
-
PBR: You can now set a separate gateway for the management IP.
-
EC2: Enhanced networking (ENA) module available.
-
SSL: Disabling of TLS 1.0, 1.1, 1.2 is now possible from the interface.
-
HAProxy: Has been updated to version 1.7.11. Raw table no track rules are now being written correctly.
-- HTTP HEAD health check is now available.
-- To improve compatibility with websocket tunnel timeout has been added. -
Other: RADIUS and Basic AD authentication is now available for the web interface.
-- lbinsecure now defaults setup user and user interface password correctly.
[v8.3.1]
-
Azure: Added multiple interfaces to Azure.
-
WAF: The system can now direct WAF logs to syslog and therefore a remote syslog server.
-
PBR: You can now start/stop a single set of rules without having to re-write/affect all PBR services.
-
GSLB: GSLB is now available and configurable from the interface. Yup! I didn't believe it either. We have finally caved to your constant demands for GSLB! Actually Aaron finally found some really powerful uses for it on customer sites as explained in his blog about full GSLB support in v8.3.1.
-
Kernel: Kernel is updated to 4.4.110 to mitigate the meltdown attack. (Warning: requires reboot)
-
HAProxy: Haproxy updated to 1.7.10 and re-encrypt to backend is now available in TCP mode.
-
Layer 4: LVS SNAT mode has been added giving you the performance of layer 4 load balancing for TCP and UDP without the requirement of making server or infrastructure changes. Why we didn't do this earlier - I don't know, because it's great!
[v8.3]
- The only change between v8.2.5 and v8.3 was a BIG update of the Linux Kernel from our existing 2.6.35 all the way to 4.4.49.
- We have done a lot of testing with the new Kernel and we are very happy with the performance improvements.
[v8.2.5]
- Enhanced performance and new double login feature for our WAF
- Improved SSL hot reload to guarantee zero downtime
- PROXY protocol no longer requires a separate VIP on port 81
- API fully updated with 98% of functions available
- Big performance updates for the WAF went into v8.2.5, we also added the new double login and Google Authentication features.
[v8]
In the process of designing our WAF implementation we've been having a lot of conversations with Sucuri, these guys are awesome and know everything about web application firewalls and denial of service protection. Sucuri are also way more friendly than Incapsula (who were impossible to get any straight answers from).
[v7.6.6]
- More wizards for setting up specific applications
- Dynamic graphing and dynamic numerical stats
- Re-write and enhancement of the initial configuration wizard(s)
- Layer 7 email alerts - as usual we've released it open source before actually putting it in our product (how do we make any money anyway?)
[v7.6.5]
- Re-write of the security model for pairing master and slave units - for full security compatibility with cloud platforms AWS and Azure.
[v7.6.4]
- Overhaul of system overview
- Loads of improvements to the web interface in general, making it easy to use as well as nice to look at
How can we help you get closer to Zero Downtime?
We are always listening and learning from our customers. We especially love to hear stories about the situations you've had to deal with in the past.
And that helps us figure out simple and effective solutions, rather than adding loads of features that you don't need.
So if you have any interesting stories or ideas..
Please let everyone know in the comment section below.
Thank you.