From 4fdac6a038408a9e453897199e5e606f7f8f4d98 Mon Sep 17 00:00:00 2001 From: jeffmart-jnpr Date: Mon, 25 Nov 2024 23:03:10 +0000 Subject: [PATCH] deploy: 99efb614d0054bf59d141ec4abfa759ad2973ce3 --- 404.html | 2 +- api/release_notes_128t_5.6.json | 2 +- assets/js/12973385.673551c2.js | 1 + assets/js/12973385.f93eefe2.js | 1 - assets/js/26681f38.0e721675.js | 1 + assets/js/26681f38.f1723c5e.js | 1 - ...n.7dbcb504.js => runtime~main.d12e5e52.js} | 2 +- docs/CONTRIBUTING/index.html | 2 +- docs/about_128t/index.html | 2 +- docs/about_certified_platforms/index.html | 2 +- docs/about_releases/index.html | 6 +- docs/about_security_policy/index.html | 2 +- docs/about_support_policy/index.html | 2 +- docs/about_supported_drivers/index.html | 2 +- docs/about_supported_platforms/index.html | 2 +- docs/about_svr_savings/index.html | 2 +- docs/another_file/index.html | 2 +- docs/bcp_att_avpn_configuration/index.html | 2 +- docs/bcp_conductor_deployment/index.html | 2 +- docs/bcp_dhcp_relay_overview/index.html | 2 +- docs/bcp_fib_design/index.html | 2 +- docs/bcp_lte_peering/index.html | 2 +- docs/bcp_monitoring_headends/index.html | 2 +- .../index.html | 2 +- docs/bcp_qos_msft_expressroute/index.html | 2 +- docs/bcp_salt_pillars/index.html | 2 +- docs/bcp_sdwan_design_guide/index.html | 2 +- docs/bcp_service-policy_defaults/index.html | 2 +- .../index.html | 2 +- docs/bcp_tenants/index.html | 2 +- docs/bcp_using_128T_as_ntp_server/index.html | 2 +- docs/cc_fips_access_mgmt/index.html | 2 +- docs/cc_fips_appendix/index.html | 2 +- docs/cc_fips_banners/index.html | 2 +- docs/cc_fips_compliance_guidelines/index.html | 2 +- docs/cc_fips_conductor_install/index.html | 2 +- docs/cc_fips_config_audit_event/index.html | 2 +- docs/cc_fips_config_ntp_auth/index.html | 2 +- .../index.html | 2 +- docs/cc_fips_downloading_iso/index.html | 2 +- .../index.html | 2 +- docs/cc_fips_intro/index.html | 2 +- docs/cc_fips_intro_installation/index.html | 2 +- docs/cc_fips_otp_router_install/index.html | 2 +- docs/cc_fips_router_install/index.html | 2 +- .../cc_fips_sec_firewall_filtering/index.html | 2 +- docs/cc_fips_secure_deliver/index.html | 2 +- docs/cc_fips_software_upgrades/index.html | 2 +- docs/cc_fips_ssr_security_scope/index.html | 2 +- docs/cc_fips_titlepage/index.html | 2 +- docs/cli_reference/index.html | 2 +- docs/cli_stats_reference/index.html | 2 +- docs/concepts_EthOverSVR/index.html | 2 +- docs/concepts_STEP/index.html | 2 +- docs/concepts_appid/index.html | 2 +- .../concepts_application_discovery/index.html | 2 +- docs/concepts_fib/index.html | 2 +- docs/concepts_fib_construction/index.html | 2 +- docs/concepts_fib_design/index.html | 2 +- docs/concepts_glossary/index.html | 2 +- docs/concepts_ha_theoryofoperation/index.html | 2 +- docs/concepts_interface_types/index.html | 2 +- docs/concepts_kni/index.html | 2 +- docs/concepts_learning_VRF_routes/index.html | 2 +- .../concepts_linux_host_networking/index.html | 2 +- .../concepts_machine_communication/index.html | 2 +- docs/concepts_metadata/index.html | 2 +- docs/concepts_metrics/index.html | 2 +- docs/concepts_monitoring/index.html | 2 +- docs/concepts_network_planes/index.html | 2 +- docs/concepts_pcli/index.html | 2 +- docs/concepts_session_timer/index.html | 2 +- docs/concepts_ssr_idp/index.html | 2 +- docs/concepts_traf_eng/index.html | 2 +- docs/concepts_waypoint_ports/index.html | 2 +- docs/conductor_upgrade/index.html | 2 +- docs/config_EthoSVR/index.html | 2 +- docs/config_EthoSVR_activestandby/index.html | 2 +- docs/config_RBAC/index.html | 2 +- docs/config_STEP/index.html | 2 +- docs/config_access_mgmt/index.html | 2 +- .../index.html | 2 +- docs/config_alarm_suppression/index.html | 2 +- docs/config_app_ident/index.html | 2 +- docs/config_application_steering/index.html | 2 +- .../index.html | 2 +- docs/config_audit_event/index.html | 2 +- docs/config_basics/index.html | 2 +- docs/config_bfd/index.html | 2 +- docs/config_bfd_tunnel/index.html | 2 +- docs/config_bgp/index.html | 2 +- docs/config_command_guide/index.html | 2 +- docs/config_dev_intf_traf_eng/index.html | 2 +- docs/config_dhcp/index.html | 2 +- docs/config_dnat/index.html | 2 +- docs/config_dns_proxy/index.html | 2 +- .../config_domain-based_web_filter/index.html | 2 +- docs/config_dscp_preservation/index.html | 2 +- docs/config_dscp_steering/index.html | 2 +- docs/config_dual_router_ha/index.html | 2 +- docs/config_firewall_ports/index.html | 2 +- docs/config_flow_perf_mon/index.html | 2 +- .../index.html | 2 +- docs/config_gre_tunnel/index.html | 2 +- docs/config_ha/index.html | 2 +- docs/config_ha_vrrp/index.html | 2 +- docs/config_idp/index.html | 2 +- docs/config_in-memory_metrics/index.html | 2 +- docs/config_lacp/index.html | 2 +- docs/config_ldap/index.html | 2 +- .../index.html | 2 +- docs/config_multicast/index.html | 2 +- docs/config_nat_pools/index.html | 2 +- .../index.html | 2 +- docs/config_ntp_auth/index.html | 2 +- docs/config_ospf/index.html | 2 +- docs/config_password_policies/index.html | 2 +- docs/config_radius/index.html | 2 +- docs/config_radsec/index.html | 2 +- docs/config_rate_limiting/index.html | 2 +- docs/config_reference_guide/index.html | 2 +- docs/config_service_health/index.html | 2 +- docs/config_session_optimization/index.html | 2 +- docs/config_session_recovery/index.html | 2 +- docs/config_snmp/index.html | 2 +- docs/config_snmp_metrics/index.html | 2 +- docs/config_source-dest_nat/index.html | 2 +- .../config_static_hostname_mapping/index.html | 2 +- docs/config_static_nat/index.html | 2 +- docs/config_step_ha/index.html | 2 +- docs/config_syslog_tls/index.html | 2 +- docs/config_te_net_intf/index.html | 2 +- docs/config_templates/index.html | 2 +- docs/config_tenants/index.html | 2 +- .../index.html | 2 +- docs/config_transport_encryption/index.html | 2 +- docs/config_vrf_learning/index.html | 2 +- docs/config_vrf_route_leaking/index.html | 2 +- docs/config_wan_assurance/index.html | 2 +- docs/config_webserver_certs/index.html | 2 +- docs/events_alarms/index.html | 2 +- docs/events_events/index.html | 2 +- docs/events_overview/index.html | 2 +- docs/ha_conductor_install/index.html | 2 +- docs/hdwr_ssr_device_port_layout/index.html | 2 +- docs/hdwr_whitebox_port_layout/index.html | 2 +- docs/how_to_local_config_override/index.html | 2 +- docs/how_to_use_app_summary/index.html | 2 +- docs/howto_STEP_GUI/index.html | 2 +- docs/howto_conductor_migration/index.html | 2 +- docs/howto_config_PPPoE/index.html | 2 +- docs/howto_config_snmp/index.html | 2 +- docs/howto_extend_gui_nav/index.html | 2 +- docs/howto_lte/index.html | 2 +- docs/howto_maintenance_mode/index.html | 2 +- docs/howto_ms365/index.html | 2 +- docs/howto_pppoe_vlan/index.html | 2 +- docs/howto_reset_user_password/index.html | 2 +- docs/howto_router_migration/index.html | 2 +- docs/howto_trusted_ca_certificate/index.html | 2 +- docs/howto_tune_bfd/index.html | 2 +- docs/howto_update_bios/index.html | 2 +- docs/initialize_u-iso_adv_workflow/index.html | 2 +- docs/initialize_u-iso_device/index.html | 2 +- docs/initializer_cli_reference/index.html | 2 +- docs/initializer_preferences/index.html | 2 +- docs/install_conductor_overview/index.html | 2 +- docs/install_qcow2_deployment/index.html | 2 +- docs/install_univ_iso/index.html | 2 +- docs/install_vmware_config/index.html | 2 +- docs/installer_cli_reference/index.html | 2 +- docs/installer_preferences/index.html | 2 +- docs/intro_basic_conductor_config/index.html | 2 +- docs/intro_basic_router_config/index.html | 2 +- docs/intro_creating_bootable_usb/index.html | 2 +- docs/intro_downloading_iso/index.html | 2 +- docs/intro_getting_started/index.html | 2 +- docs/intro_initialize_HA_conductor/index.html | 2 +- .../index.html | 2 +- docs/intro_installation/index.html | 2 +- docs/intro_installation_aws/index.html | 2 +- docs/intro_installation_azure/index.html | 2 +- docs/intro_installation_azure_mist/index.html | 2 +- .../index.html | 2 +- .../index.html | 2 +- .../index.html | 2 +- docs/intro_installation_image/index.html | 2 +- docs/intro_installation_installer/index.html | 2 +- docs/intro_installation_legacy/index.html | 2 +- .../index.html | 2 +- .../index.html | 2 +- .../index.html | 2 +- .../index.html | 2 +- docs/intro_installation_univ-iso/index.html | 2 +- docs/intro_otp_iso_install/index.html | 2 +- docs/intro_rest_graphql_apis/index.html | 2 +- docs/intro_rollback/index.html | 2 +- docs/intro_system_reqs/index.html | 2 +- docs/intro_upgrade_considerations/index.html | 2 +- docs/intro_upgrading/index.html | 2 +- .../index.html | 2 +- .../index.html | 2 +- docs/legacy_OTP_install/index.html | 2 +- docs/merged_markdown_example/index.html | 2 +- docs/onboard_ssr_device_otp/index.html | 2 +- docs/onboard_ssr_to_conductor/index.html | 2 +- docs/plugin_bgp_community_services/index.html | 2 +- docs/plugin_cloud_ha/index.html | 2 +- docs/plugin_dns_app_id/index.html | 2 +- docs/plugin_dns_cache/index.html | 2 +- docs/plugin_gre/index.html | 2 +- docs/plugin_ha_sync_redundancy/index.html | 2 +- docs/plugin_http_probe/index.html | 2 +- .../index.html | 2 +- docs/plugin_intro/index.html | 2 +- docs/plugin_ipsec_client/index.html | 2 +- docs/plugin_kni_namespace_scripts/index.html | 2 +- docs/plugin_loopback_static_routes/index.html | 2 +- docs/plugin_m800_watchdog/index.html | 2 +- docs/plugin_monitoring_agent/index.html | 2 +- docs/plugin_mosh/index.html | 2 +- docs/plugin_set_hostname/index.html | 2 +- docs/plugin_sip_alg/index.html | 2 +- docs/plugin_wireguard/index.html | 2 +- docs/release_notes_128t_4.0/index.html | 2 +- docs/release_notes_128t_4.1/index.html | 2 +- docs/release_notes_128t_4.2/index.html | 2 +- docs/release_notes_128t_4.3/index.html | 2 +- docs/release_notes_128t_4.4/index.html | 2 +- docs/release_notes_128t_4.5/index.html | 2 +- docs/release_notes_128t_5.0/index.html | 2 +- docs/release_notes_128t_5.1/index.html | 2 +- docs/release_notes_128t_5.2/index.html | 2 +- docs/release_notes_128t_5.3/index.html | 2 +- docs/release_notes_128t_5.4/index.html | 2 +- docs/release_notes_128t_5.5/index.html | 2 +- docs/release_notes_128t_5.6/index.html | 171 ++++++++++++++++-- docs/release_notes_128t_6.0/index.html | 2 +- docs/release_notes_128t_6.1/index.html | 2 +- docs/release_notes_128t_6.2/index.html | 2 +- docs/release_notes_128t_6.3/index.html | 2 +- .../index.html | 2 +- .../index.html | 2 +- .../index.html | 2 +- .../index.html | 2 +- .../index.html | 2 +- .../index.html | 2 +- .../index.html | 2 +- .../index.html | 2 +- .../index.html | 2 +- .../index.html | 2 +- docs/release_notes_byol/index.html | 2 +- docs/release_notes_byol_2.0/index.html | 2 +- .../index.html | 2 +- .../index.html | 2 +- .../index.html | 2 +- .../index.html | 2 +- .../index.html | 2 +- .../index.html | 2 +- .../index.html | 2 +- .../index.html | 2 +- docs/sec_adaptive_encrypt/index.html | 2 +- docs/sec_firewall_filtering/index.html | 2 +- docs/sec_hardening_guidelines/index.html | 2 +- docs/sec_security_policy/index.html | 2 +- docs/single_conductor_config/index.html | 2 +- docs/single_conductor_install/index.html | 2 +- docs/supported_cloud_platforms/index.html | 2 +- docs/ts_ap_duplicate_assets/index.html | 2 +- docs/ts_ap_salt_minion/index.html | 2 +- docs/ts_applications/index.html | 2 +- docs/ts_connecting_to_routers/index.html | 2 +- docs/ts_cpu_spikes/index.html | 2 +- docs/ts_fib/index.html | 2 +- docs/ts_forwarding_resource_pools/index.html | 2 +- docs/ts_idp/index.html | 2 +- docs/ts_logs/index.html | 2 +- docs/ts_mac_uniqueness/index.html | 2 +- docs/ts_nat_troubleshooting/index.html | 2 +- docs/ts_packet_capture/index.html | 2 +- docs/ts_serial_console_tsing/index.html | 2 +- docs/ts_session_processing/index.html | 2 +- docs/ts_step/index.html | 2 +- docs/ts_t1_troubleshooting/index.html | 2 +- docs/ts_traceroute/index.html | 2 +- docs/ts_troubleshooting_vrf/index.html | 2 +- docs/upgrade_ibu_conductor/index.html | 2 +- docs/upgrade_legacy/index.html | 2 +- docs/upgrade_restricted_access/index.html | 2 +- docs/upgrade_router/index.html | 2 +- .../index.html | 2 +- .../index.html | 2 +- .../index.html | 2 +- .../index.html | 2 +- .../index.html | 2 +- .../index.html | 2 +- docs/wan_onboarding_ssrdevice/index.html | 2 +- docs/wan_onboarding_whitebox/index.html | 2 +- docs/wan_overview/index.html | 2 +- docs/wan_staging/index.html | 2 +- docs/wan_telemetry_enable/index.html | 2 +- docs/wan_telemetry_features/index.html | 2 +- docs/wan_telemetry_site_assign/index.html | 2 +- docs/wan_telemetry_troubleshooting/index.html | 2 +- index.html | 2 +- kb/2024/04/24/I95-55904/index.html | 2 +- kb/2024/04/25/I95-54541/index.html | 2 +- kb/2024/04/25/I95-56233/index.html | 2 +- kb/2024/04/25/I95-56437/index.html | 2 +- kb/2024/04/25/I95-57085/index.html | 2 +- kb/2024/05/29/I95-56484/index.html | 2 +- kb/2024/06/25/I95-54838/index.html | 2 +- kb/2024/08/05/PLUGIN-2550/index.html | 2 +- kb/2024/08/30/I95-56628/index.html | 2 +- kb/2024/11/06/PLUGIN-2776/index.html | 2 +- kb/archive/index.html | 2 +- kb/index.html | 2 +- kb/tags/5-6-13/index.html | 2 +- kb/tags/5-6/index.html | 2 +- kb/tags/6-1-5/index.html | 2 +- kb/tags/6-1-7/index.html | 2 +- kb/tags/6-1/index.html | 2 +- kb/tags/6-2-3-r-2/index.html | 2 +- kb/tags/6-2-3/index.html | 2 +- kb/tags/6-2-4/index.html | 2 +- kb/tags/6-2/index.html | 2 +- kb/tags/6-3/index.html | 2 +- kb/tags/index.html | 2 +- kb/tags/ipsec-client-3-6-1/index.html | 2 +- kb/tags/saltstack-sip-alg/index.html | 2 +- 330 files changed, 482 insertions(+), 347 deletions(-) create mode 100644 assets/js/12973385.673551c2.js delete mode 100644 assets/js/12973385.f93eefe2.js create mode 100644 assets/js/26681f38.0e721675.js delete mode 100644 assets/js/26681f38.f1723c5e.js rename assets/js/{runtime~main.7dbcb504.js => runtime~main.d12e5e52.js} (99%) diff --git a/404.html b/404.html index 9ffbc8fad5..6deef41379 100644 --- a/404.html +++ b/404.html @@ -6,7 +6,7 @@ Page Not Found | SSN Docs - + diff --git a/api/release_notes_128t_5.6.json b/api/release_notes_128t_5.6.json index af6c497ca9..f85c07bd91 100644 --- a/api/release_notes_128t_5.6.json +++ b/api/release_notes_128t_5.6.json @@ -1 +1 @@ -{"content":"---\ntitle: SSR 5.6 Release Notes\nsidebar_label: '5.6'\n---\n:::info\nIssues resolved in a release are merged into subsequent releases chronologically AND lexicographically. \n\nIf you do not see an issue listed below, it may have been resolved in another recently released version. A link to the Release Notes for the most recent chronological release of SSR Software is provided.\n\nAlternatively, refer to the **[List of Releases](about_releases.mdx)** page for release dates and links to all SSR Release Notes; or, if you know the Issue ID Number, enter that into the Search field at the top right of this page.\n:::\n\n### Upgrade Considerations\n\n:::important\nBefore upgrading please review the [**Upgrade Considerations**](intro_upgrade_considerations.md) and the [**Rolling Back Software**](intro_rollback.md) pages. Several modifications have been made to the process for verifying configurations, which will impact existing configurations.\n:::\n\n- **I95-43243/IN-460 Upgrade and Rollback:** Upgrading or rolling back a system (conductor peer or router) with the interactive installer `install128t`, that is managed by a conductor may result in the system becoming unresponsive. It is highly recommended that upgrades be performed through the conductor UI. Manual upgrades and rollbacks may not be resilient to failures. See [Rolling Back Software](intro_rollback.md) for more information on these operations.\n------\n- **I95-42452 Conductor Upgrade Time:** Upgrades to version 5.4 and above can take up to 40 minutes due to the number of rpms being upgraded. Please plan accordingly.\n------\n- **I95-42624 Upgrade Installer:** Before **upgrading to, or installing** version 5.4 and above, update the Installer to at least version 3.1.0. Failing to upgrade the installer may result in a rollback failure, should a rollback be necessary at any time. The Installer typically prompts you update when a new version is available. Select **Update** when prompted.\n------\n- **Plugin Upgrades:** If you are running with plugins, updates are required for some plugins **before** upgrading the conductor to SSR version 5.4.0 or higher. Please review the [Plugin Configuration Generation Changes](intro_upgrade_considerations.md#plugin-configuration-generation-changes) for additional information. \n\n## Release 5.6.15-1\n\n**Release Date:** June 27, 2024\n\n### Resolved Issues\n\n- **The following CVE's have been identified and addressed in this release:** CVE-2024-2973\n\n## Release 5.6.14-7\n\n**Release Date:** May 14, 2024\n\n### Resolved Issues\n\n- **The following CVE's have been identified and addressed in this release:** CVE-2020-22218, CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952, CVE-2023-40217, CVE-2023-20569, CVE-2022-43552, CVE-2023-48795, CVE-2023-2176, CVE-2023-40283, CVE-2023-4623, CVE-2024-22019, CVE-2023-46724,CVE-2023-46728, CVE-2023-49285, CVE-2023-49286, CVE-2023-50269, CVE-2024-25617.\n------\n- **I95-50697 RFC1918 sessions (private IP addresses) are reclassified in error:** When a session destined for a private IP (RFC1918) experiences an App-ID modify, the session will now only be reclassified if the classification data reflects a positive classification change.\n------\n- **I95-52251 Changes to the conductor address on the router result in loss of ssh connection to the router:** Resolved an issue where changing the router level `conductor-address` did not update the salt-created services with the new addresses.\n------\n- **I95-52500 SVR multi-hop failover causes traffic to drop when using outbound-only:** Added a session ID lookup to resolve a situation where sessions failing between multi-hop SVR and direct SVR connections may lead to duplicate flow exceptions and dropped traffic.\n------\n- **I95-53216 Unable to change password for users managed through external user databases (such as LDAP or RADIUS):** Resolved an issue that caused a Password Change dialog to appear for remotely authenticated users.\n------\n- **I95-54127 Users managed through external user databases (such as LDAP or RADIUS) cannot generate or view TSI:** Resolved an issue that did not provide a home directory for custom roles, which prevented LDAP users from viewing the systemd journal.\n------\n- **I95-54750 Load Balancer API Calls not working:** The original API and Swagger documentation used `Load Balancer`, which was misleading. The `Reachability Detection` REST APIs have been updated to use `Reachability Detection` as reference, instead of `Load Balancer`.\n------\n- **I95-54833 HA port is showing as redundant:** Resolved an issue where adding a device-interface back into the configuration after it was removed did not recreate the device-state.\n------\n- **I95-54867 SSR-1300 baud rate set incorrectly:** Resolved an issue where the incorrect baud rate was allowed. The only allowed baud rate for the SSR is now 115200. This is the default rate.\n------\n- **I95-54918 Highway process crashed on the active node of a router:** Resolved a crash caused by a race condition when the last instance of a capture filter referencing a particular file-name is removed while a packet is in the process of being captured.\n------\n- **I95-55069 One HA node is missing from the Mist GUI:** Resolved an issue where a managed router had an empty product version config metadata field, which resulted in the conductor version metadata field being cleared.\n------\n- **I95-55164 Dropping GRE encapsulated packets:** Classification support for Enhanced GRE Header, version 1, as defined by RFC 2637 Point-to-Point Tunneling Protocol (PPTP) has been added.\n------\n- **I95-55208 Asset fails to transition state and never reaches RUNNING:** In some cases where the RPM database may be corrupt or another process holds an indefinite lock, the highstate will block other processes from starting. A timeout has been added for the `rpm -q` process in highstate to allow other processes to run. \n------\n- **I95-55226 Validation incorrectly allows a network interface to be used as both DHCP relay and server:** The validation process has been updated to include several checks against DHCP relays, clients, servers, and access-policies.\n------\n- **I95-55270 DHCP server not coming up:** Resolved an issue where a network namespace was using a namespace ID that was not cleaned up properly after removal.\n------\n- **I95-55389 Queries for private domains with Websense classified as Miscellaneous:** Domains categorized by Websense as Uncategorized are now classified as Uncategorized/Uncategorized, rather than Miscellaneous/Uncategorized.\n------\n- **I95-55550 node0 went down and did not fail over to node1:** Multiple disk errors caused corruption on the `128T_root` filesystem causing it to enter `read-only` mode and becoming non-responsive. To resolve this issue, issues in the filesystem now result in kernel panic mode, launching a reboot and in HA systems, failover. Additionally, the filesystem check is run to check and repair the filesystem. \n------\n- **I95-55586 GraphQL API returns `IsActive` incorrectly if the `device-interface` is `vrrp_standby`:** The `router-peer-path` setting now returns the correct value when in `vrrp-standby`.\n------\n- **I95-55591 Some network interface stats are not updated:** Some network interface stats are not updated with the port name when a device interface is renamed. Device interface name changes are now handled correctly, and `network-interface` metrics are properly updated when `device-interface name` changes.\n------\n- **I95-55603 HA router stuck in connected state due to runtime corruption issue:** Resolved an issue causing an unzip race condition with Python files. The packaging and installation process has been improved to prevent this issue.\n------\n- **I95-55762 Unable to view more than 50 prefixes in BGP:** Updated the routing engine to display all rows for BGP show commands if a count parameter is not specified.\n------\n- **I95-55764 Race condition and highway crash with DHCP devices:** Resolved a race condition that caused a highway crash when the DHCP client is configured for LTE or PPPoE, and the respective link flaps prior to the lease being assigned.\n------\n- **I95-55830 Rollback results in missing Admin user:** Resolved an issue where HA nodes running mixed versions of 5.6.0 or greater with versions less than 5.6.0, the admin user could be temporarily removed until both nodes were upgraded or rolled back to the same version.\n------\n- **I95-55848 / I95-56403 Session traffic is black-holed during path failover when `nat-keep-alive` is in use:** Resolved an issue where an outbound-only session with a `nat-keep-alive` moved from a dogleg path to a direct inter-router path. This causes repeated session modifications on the hub side and drops reverse traffic.\n------\n\n- **I95-55904 No service-paths seen after upgrade:** Resolved an issue where adding services with overlapping address prefixes prevented the configuration from being applied. For additional details, refer to the Knowledge Base article [Upgrade from 5.6 to 6.1 may result in missing FIB entries](../kb/2024/04/24/I95-55904). \n------\n- **I95-55912 Validate Patterns for Service Domains and URLs:** The `url` and `domain-name` fields on a service were an unformatted string. This allowed you to configure fields that would be silently discarded. The `domain-name` and `url` fields within services are now validated for correctness and viability from an App-ID perspective. Anything to be ignored during validation now triggers a config warning.\n------\n- **I95-55949 Silicom Valencia Atom C1130 CPU flags are not properly detected:** Resolved an issue where the `cpuinfo` parser fails due to a collision between the processor key name and value - the Silicom Valencia model name in the `cpuinfo` contains the word `processor`. \n------\n- **I95-56263 Add `show capacity`, and debugging commands to the TSI output:** Support for additional information in the TSI output has been added.\n------\n- **I95-56475 HA-sync network interface shows warning after router upgrade:** Resolved an issue where non-forwarding interfaces would appear to be administratively down in the web UI when they were not.\n------\n- **I95-56492 Sessions configured for outbound-only with nat-keep-alive enabled experience reverse flow packet drops after flow migration:** A flow move from a WAN path to an inter-router path causes repeated session modifies on the hub side causing reverse traffic packet drops due to NAT keepalives incorrectly testing the failed WAN path for the migrated session. This issue has been resolved.\n------\n- **I95-56541 Include kernel journal entries in TSI:** A separate `kernel.log` journal file is now created in the TSI output.\n------\n- **I95-56575 Reduce polling rate of disk monitoring and add optimization:** The `ComponentDiskUtilizationMonitor` checks the disk usage too frequently and is inefficient. Reduced the frequency that disk usage is checked, and streamlined the process.\n------\n- **I95-56600 Add `show tenant members` to the TSI output:** `show tenant members` and additional network scripts have been added to the TSI output.\n\n## Release 5.6.13-7\n\n**Release Date:** January 30, 2024\n\n### Resolved Issues\n\n- **The following CVE's have been identified and addressed in this release:** CVE-2022-41974, CVE-2023-32360, CVE-2023-22045, CVE-2023-22049, CVE-2022-41741, CVE-2022-41742, CVE-2020-12321, CVE-2023-2650, CVE-2023-3446, CVE-2023-3817, CVE-2023-3341, CVE-2023-22081, CVE-2022-0934, CVE-2023-46847, CVE-2021-43975, CVE-2022-28388, CVE-2022-3594, CVE-2022-3640, CVE-2022-38457, CVE-2022-40133, CVE-2022-40982, CVE-2022-42895, CVE-2022-45869, CVE-2022-45887, CVE-2022-4744, CVE-2023-0458, CVE-2023-0590, CVE-2023-0597, CVE-2023-1073, CVE-2023-1074, CVE-2023-1075, CVE-2023-1079, CVE-2023-1118, CVE-2023-1206, CVE-2023-1252, CVE-2023-1382, CVE-2023-1855, CVE-2023-1989, CVE-2023-1998, CVE-2023-23455, CVE-2023-2513, CVE-2023-26545, CVE-2023-28328, CVE-2023-28772, CVE-2023-30456, CVE-2023-31084, CVE-2023-3141, CVE-2023-31436, CVE-2023-3161, CVE-2023-3212, CVE-2023-3268, CVE-2023-33203, CVE-2023-33951, CVE-2023-33952, CVE-2023-35823, CVE-2023-35824, CVE-2023-35825, CVE-2023-3609, CVE-2023-3611, CVE-2023-3772, CVE-2023-4128, CVE-2023-4132, CVE-2023-4155, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208, CVE-2023-4732, CVE-2022-45884, CVE-2022-45886, CVE-2022-45919, CVE-2023-1192, CVE-2023-2163, CVE-2023-3812, CVE-2023-5178, CVE-2023-38406, CVE-2023-38407, CVE-2023-47234, CVE-2023-47235.\n------\n- **I95-38188 Re-Homing an SSR in certain circumstances leaves residual services:** If an SSR is rehomed from an HA conductor to a standalone conductor, the services pointing to the second node of the HA conductor were not removed. Resolved the issue where the reverse SSH tunnels from a managed router to the second HA conductor node were not cleaned up if the conductor was converted back to a standalone conductor.\n------\n- **I95-48783 Conductor process logs are unbounded, risking storage exhaustion:** `auditd` logs consuming the disk space when the node monitor is in a disconnected state and the audit logs are left unconsumed. There was a limit to the log file size, but not the number of files. The number of files is now limited.\n------\n- **I95-50493 Memory calculation for alarms is confusing:** This alarm was designed to trigger when memory usage went above 90% and clear only when memory usage went below 80%, causing confusion. The memory usage alarm no longer requires memory usage to go below 80% to clear; it will clear when memory usage goes below 90%.\n------\n- **I95-50540 Denied traffic events not displaying in the GUI or PCLI:** Resolved an issue that prevented displaying denied traffic events in the `show events` PCLI command and in the GUI. Users would see `% Error: Unhandled TypeError: list indices must be integers or slices` in the PCLI, and `An unknown traffic event occurred` in the GUI. \n------\n- **I95-51191 BFD metrics not cleaned up properly:** The BFDAgent holds onto the stats for peer paths; If the config is changed on a router, new stats are made but the old ones were not being deleted. The old BFD by-peer-path stats are now deleted when a VLAN configuration change is made.\n------\n- **I95-51459 Logs and exception pcaps are periodically filled with error logs and truncated packets:** Resolved an issue where ICMP error respond packets for encapsulated traffic caused `PacketBufferDataNotFound: Could not find specified data in packet` error logs to be generated, or truncated packets to arrive in the FastLane exceptions pcap. \n------\n- **I95-51492 Password expiration not working:** This issue has been resolved. Adminstrators must use the global setting `configure authority password-policy lifetime N ` to indicate that all user passwords must be changed every `N` days.\n------\n- **I95-51663 TCP port reuse causing application steering crashes:** Resolved an issue where backwards state transitions was causing an issue with the TCP client reusing ports. \n------\n- **I95-52018 Overlapping IP Prefix validation may be incorrect, causing a false configuration warning:** Configuration validation for IP Prefixes has been corrected.\n------\n- **I95-52414 RBAC not being honored for `show fib` output:** Resolved an issue where `show fib` included entries that the current user did not have permission to view.\n------\n- **I95-52540 Metrics infrastructure resource consumption:** The reporting infrastructure reaching load capacity led to data gaps in custom graphs. Several internal optimizations have been implemented to address this issue. However, to reduce the metrics infrastructure load, metrics in the GUI regarding firmware-generated services, service routes, and tenants will no longer be tracked.\n------\n- **I95-52799 Display Lock Status/Failed Login Attempts in the PCLI and GUI:** Add a \"Lock Status\" column to the User table as well as the User Details pane, with more details availble on hover. The `show user` command now includes two new rows, \"Lock Status\" and \"Last Failed Login\". For command details, please see [`show user lock-status`](cli_reference.md#show-user-lock-status).\n------\n- **I95-52889 Highway crash caused by a false negative waypoint exhaustion check:** Waypoint ports reinitialization that is triggered by a false negative exhaustion check can lead to duplicate waypoints and reverse flows on two sessions resulting in a highway crash. This issue has been resolved.\n------\n- **I95-53344 Exception on device interface tear down terminates process:** Resolved a rare case where Highway process can terminate and core during config changes if there is an underlying exception to a device-interface on removal.\n------\n- **I95-53393 Empty password attempts not counting towards user lockout:** The SSR counts login attempts with an empty password as failed login attempts. These contribute to locking a user account if they reach the threshold (the value configured in `configure authority password-policy deny`,) within a short time window. \n------\n- **I95-53472 Service Routes passing validation on conductor but then failing on local router:** The validation process on the conductor has been updated to identify service-routes with deleted or empty destination lists as invalid. \n------\n- **I95-53538 Custom audit rules not preserved on SSR upgrade:** Resolved an issue where the image-based upgrade (IBU) was not preserving audit rules or `dnf.conf`.\n------\n- **I95-53787 Stats not present on conductor:** Running `show device-interface router all` on a conductor caused stats (in-octets, in-unicast-pkts, etc.) to be incorrectly displayed as \"n/a\" instead of the correct value. This issue has been resolved.\n------\n- **I95-53852 `host-service snmp-server` blocks SVR pings to a `network-interface` owned address:** Ping traffic was hitting the generated (wildcarded) snmp-server service. The session could not setup due to security policy conflicts. This issue has been resolved; the generated service from an snmp-server host-service now has a UDP transport.\n------\n- **I95-53858 Active sessions counter continuously incrementing:** The SSC active sessions counter has been updated to correctly handle session removal. \n------\n- **I95-53875 The `show stats service-area sent success` metric was retained longer than needed:** Resolved an issue where the `stats default retention short` setting was not being honored.\n------\n- **I95-53894 DNS cache-service does not start:** Resolved a race condition that causes the DNS process to fail to start. The log message `No TimeoutQueue:` can be seen in the logs during this condition.\n------\n- **I95-53916 Pre-existing Teams interfaces conflict with HA interfaces:** In a Mist-managed HA configuration where an HA node has been configured with non-default HA interfaces, performing a release operation on a node in an HA pair leaves the pre-configured HA interfaces in place, and creates a conflict when a new configuration is pushed down from Mist. This would prevent the HA node from operating correctly and forming its HA connections again. This issue has been resolved, and the release operation now removes any pre-existing HA interfaces.\n------\n- **I95-53920 Password expiration being applied to remote users:** Resolved an issue that incorrectly enforced password expiration (`configure authority password-policy lifetime`) to RADIUS users.\n------\n- **I95-53986 `nodeMonitor` failed to get data for `show platform disk`:** Some of the dynamic access for `smartctl` objects were not protected. A check for the object existence has been added before attempting to read it.\n------\n- **I95-54086 Conductor memory exceeded:** In certain cases the salt master on the conductor could grow indefinitely in memory. This may be related to situations with both poor connectivity and the use of the `asset-connection-resiliency` feature. An update to the salt package has been made to resolve this issue.\n------\n- **I95-54155 nodeMonitor coredump on secondary node after upgrade:** During an upgrade where `deviceType` was `LTE` the attempt to get a linux interface name (not supported) failed. This issue has been resolved by implementing a device interface type verification.\n------\n- **I95-54180 Unable to fetch reports from Conductor GUI:** A refactor moved the connectivity check exception, which prevented a service restart. This has been resolved, and the stats now being written to the database and GUI tables.\n------\n- **I95-54189 Application mapping does not correctly match services:** Resolved an issue where the application director was misclassifying sessions due to IP overlap; this is a valid configuration, when services use an IP address with different ports assigned to different services. The SSR now recognizes these different port configurations.\n------\n- **I95-54271 Race condition after a configuration change related to the source nat:** Resolved a rare condition wherethe SharedNatPool was being reset while it was accessed for session setup. This caused a race condition that led to a highway process crash. \n------\n- **I95-54294 Unable to delete capture-filter created with `&&` operator:** Resolved an issue that disallowed deleting capture-filters containing `&&`. Customers on older versions of software can work around this by creating capture-filters using `and` instead of `&&`.\n------\n- **I95-54340 Hub-to-spoke sessions break when failing over from outbound-only Path:** When a session modify occurs due to an ingress change (inter-node -> inter-router) AND an egress change is also detected, the incorrect security was being looked up for the old flow, causing an exception to be thrown and the modify to fail. This would present itself as dropped packets and in logs as a SecurityNotFound error. This issue has been resolved. \n------\n- **I95-54490 Permission denied when trying to open a user config file:** Resolved a permissions issue for the `connect router` command by adding ACLs for reverse SSH so that this is accessible for admin users.\n------\n- **I95-54512 SSR130 moved into an HA cluster does not come up properly:** Resolved an issue where the generation of an improper configuration could lead to a crash loop in the NodeMonitor process.\n------\n- **I95-54803 Control packets are treated with equal priority in overload conditions, causing drops:** Control packets now have preferential treatment under overload conditions, reducing the drop rate. \n------\n- **I95-55002 Password reset loop:** Resolved an issue that caused users created with the **Require password change on first login?** set to `yes` to get stuck in an infinite loop of password changes when logging in using the GUI.\n------\n- **WAN-2486 SSR data reporting values that are unrealistically high:** When capturing application usage for application summary learned apps, we sometimes observe really high values for bandwidth and other metrics.\nResolution: The high value was due to an internal corruption when the metrics for these learned applications were removed and added. During such transition there may be memory corruption resulting in the bogus high value. The part of the solution is to ensure the transition happens more gracefully.\n------\n- **WAN-2547 Invalid memory access producing incorrect bandwidth values:** Implemented a resolution that identifies the invalid memory access, and drops values that are out of scope or otherwise invalid.\n\n## Release 5.6.12-1\n\n**Release Date:** October 20, 2023\n\n### Resolved Issues\n\n- **I95-53833 Timeout prevents startup:** Resolved a regression introduced in 5.6.11 in the SSR reboot startup logic. If any of the processes took longer than 30 seconds to complete, the startup sequence was abandoned and rendered the platform inoperable. This issue has been resolved.\n\n## Release 5.6.11-4\n\n**Release Date:** October 2, 2023\n\n### Resolved Issues Requiring Configuration Changes\n\n- **I95-48174 Expand supported values for DHCP option:** DHCP option 43 is now a supported option, as well as a binary encoded-type (hex/byte) support. Valid examples are `0xabcdef` and `0x123456`.\n------\n- **I95-51181 Improve `save-tech-support-info` command:** The PCLI command `save tech-support-info` now has a default of one day. Additionally, a `since` argument has been added that limits log collection to only logs generated after the specified value. The `since` argument can be a relative time delta or an absolute timestamp. The GUI's About and Logs pages has the same functionality with a drop down that allows limiting the time window for the displayed/downloaded logs/tech-support-info.\n------\n- **I95-52406 Add ability to download MIBs from GUI:** A button has been added to the GUI, in the Documentation pane of the About Page, to download the SNMP MIB definitions for SSR.\n\n### Resolved Issues\n\n- **The following CVE's have been identified and addressed in this release:** CVE-2021-26341, CVE-2021-33655, CVE-2021-33656, CVE-2022-1462, CVE-2022-1679, CVE-2022-1789, CVE-2022-2196, CVE-2022-2663, CVE-2022-3028, CVE-2022-3239, CVE-2022-3522, CVE-2022-3524, CVE-2022-3564, CVE-2022-3566, CVE-2022-3567, CVE-2022-3619 ,CVE-2022-3623, CVE-2022-3625, CVE-2022-3628, CVE-2022-3707, CVE-2022-4129, CVE-2022-20141, CVE-2022-25265, CVE-2022-30594, CVE-2022-39188, CVE-2022-39189, CVE-2022-41218, CVE-2022-41674, CVE-2022-42703, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722, CVE-2022-43750, CVE-2022-47929, CVE-2023-0394, CVE-2023-0461, CVE-2023-1195, CVE-2023-1582, CVE-2023-23454, CVE-2023-32233, CVE-2023-28466, CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968, CVE-2023-24329, CVE-2023-32067, CVE-2023-24329, CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968, CVE-2023-2828, CVE-2023-38408, CVE-2023-20569, CVE-2023-20593, CVE-2023-38802.\n------\n- **I95-42466 Changing the physical linux address of an HA interface breaks the configuration:** Resolved an issue where moving a non-forwarding fabric HA sync device-interface from one PCI address to another PCI address would not properly clean up the team interface from the old PCI address.\n------\n- **I95-50671 Office365 traffic is not recognized:** Resolved an issue where Office365 traffic was being miscategorized and therefore not fully qualified. O365 traffic, when traversing over SVR, is no longer miscategorized.\n------\n- **I95-50708 Time series data for memory of the salt_master process periodically significantly decreases:** Incorrect method for polling application memory data; this resulted in dips in application memory being presented. This issue has been resolved.\n------\n- **I95-51864 Ethernet Over SVR (EoSVR) not working for multi-hop SVR scenarios:** When EoSVR traffic traverses over a dogleg path in a HA node topology, traffic failed to traverse the middle node. EoSVR packets are no longer incorrectly dropped when routed over an inter-node path when coming from an SVR path.\n------\n- **I95-52491 Crash in highway process due to segmented metadata:** Resolved an issue processing metadata that is segmented across two packet buffers. The segmented packets are no longer discarded and the dataplane no longer crashes when processing a packet comprised of segmented metadata.\n------\n- **I95-52599 Conductors display different assets on different HA nodes:** If the state table of an inactive HA node becomes out of sync with the active HA node, then some assets were being skipped when parsing the asset state response. This issue has been resolved through the reporting of asset IDs from the active node state table.\n------\n- **I95-52822 ARP fails to resolve:** An earlier change caused ports on an X553 that use SFPs to no longer correctly report link status. This issue has been resolved and the link status is now reported accurately.\n------\n- **I95-52855 DHCP Relay stopped functioning after removing disabled DHCP Servers:** When a number of disabled DHCP servers were deleted from the configuration, the server interface mappings were deleted as well. Updates have been made to re-enable DHCP relay when a DHCP server or interface is removed. \n------\n- **I95-52859 Issue moving interface between chassis of hypervisor platforms running SSR (e.g., ENCS):** When swapping physical cable from active node to standby node, the customer experienced low rate packet loss on traffic-engineering enabled device-interfaces. To resolve this issue, the `traffic-engineering transmit-cap` is no longer ignored on device-interfaces which have unresolved link-speed. \n------\n- **I95-52994 Routers continue to request the conductor configuration:** Resolved an issue where a managed router continued to request the configuration from the conductor even after a validation or datamodel incompatibility issue.\n------\n- **I95-53000 process highway disconnected messages caused by NIC driver bug:** The DPDK driver code for the Broadcom NICs contained a bug that caused the querying of the extended statistic to fail. The Broadcom NIC driver has been upgraded to resolve the issue.\n------\n- **I95-53002 NTP setup check fails on startup:** Resolved an issue in the NTP startup sequence, due to an incorrect path for the NTP configuration.\n------\n- **I95-53015 Highway log has large number of unnecessary INFO messages:** A previous log message of icmp response packet failed was incorrectly logged at INFO level. It is neither an error nor actually informational, and has now been downgraded to DEBUG level.\n------\n- **I95-53017 Some files incorrectly marked as executable:** While strengthening the security posture of the platform, some files with superfluous executable bits set have been identified and correctly marked.\n------\n- **I95-53105 Conductor to router API RBAC rules not being followed:** Resolved an issue where the user is getting elevated to admin on the managed router, thus returning more data than necessary.\n------\n- **I95-53114 Broadcom interfaces stuck in `admin down` after upgrade:** Resolved an issue where device-interfaces on Broadcom NICs wouldn't come up properly if initially configured with `enabled false`.\n------\n- **I95-53185 Rare race condition causing highway crash:** Resolved a rare race condition between flow install and flow lookup causing a highway crash.\n------\n- **I95-53253 Include `dmesg` and `systemd journal unit` in TSI:** Include output from `dmesg` and `systemd journal` unit in TSI in order to assist in debugging future platform related issues.\n------\n- **I95-53259 Initialization time out may result in SSR failing to start:** Resolved an issue where SSR may fail to start. An example of this would be unreachable audit server was configured that would delay the startup initialization causing SSR to exceed the timeout and fail to start.\n------\n- **I95-53285 User datastore issue when renaming a router:** Resolved an issue where HTTP requests would stop working to a router after the router's name was changed, but before the SSR was restarted.\n------\n- **I95-53321 Syslog datamodel is limited:** Added the following configurable syslog facility values `auth`, `authpriv`, `cron`, `daemon`, `kern`, `lpr`, `mail`, `news`, `syslog`, `user`, and `uucp`.\n\n### Caveats\n\n- **I95-53833 Timeout prevents startup:** 5.6.11 introduced a regression in the SSR reboot startup logic. If any of the processes take longer than 30 seconds to complete, the startup sequence is abandoned and renders the platform inoperable. The system can be recovered by manually restarting the SSR software. This issue is tracked by I95-53833.\n\n## Release 5.6.10-6\n\n**Release Date:** August 29, 2023\n\n### Resolved Issues Requiring Configuration Changes\n\n- **I95-52198 Handle incoming public keys from peer conductor node:** Added functionality to allow conductor nodes to share the authorized keys of managed routers between each other. If the SSH public key is retrieved from a managed router by one conductor node, then it is automatically shared with its conductor peer node.\n------\n- **I95-52316 Enhancements to Overlapping FIB Services:** The [`fib-service-match`](config_command_guide.md#configure-authority-fib-service-match) command allows you to configure either `best-match-only` or `any-match`. \n\t- `best-match-only` considers the best matching prefix length. In cases of transport overlap, services are visited in alphabetical order.\n\t- Using `any-match` will consider all services that match the route update but do not have the best match service address when creating FIB entries, minimizing missed entries. The transports from the service with the longest prefix are considered first.\n------\n- **I95-52517 Allow users the ability to configure the OSPF SPF timers:** Support for user-configured values for SPF delay has been added. Users can now specify values for spf delay, hold-time, and maximum-hold-time. For additional information, see [OSPF SPF Timers](config_command_guide.md#configure-authority-router-routing-ospf-timers-spf).\n\n### Resolved Issues\n\n- **The following CVE have been identified and addressed in this release:** I95-51758, I95-52495, I95-52496, I95-52497, I95-52509, I95-52625. \n------\n- **I95-41386/I95-52114 HA pair device interface's redundancy status stays non-redundant even though the interface operational status is up:** Resolved a race condition when selecting the active components between HA nodes.\n------\n- **I95-51336 App-ID memory leak for some uncommon cases, such as duplicate flow:** Resolved an issue where the `app-id stats` entry was not added to the `Expiring` list to be cleaned up.\n------\n- **I95-51800 Radius authentication failure - Incorrect NAS IP address:** The ability to specify the NAS-IP-Address and NAS-Identifier has been added to the data model for configuring these Radius options per node. This can be used in cases where the Radius server is configured to use an identifier, or in cases where it is necessary to match the source IP address of the Radius requests behind SSR or NAT.\n------\n- **I95-52208 Metrics queries return incomplete data when FIPS is enabled:** Resolved an issue where a FIPS-incompatible hashing function was causing missing or incomplete metrics data. \n------\n- **I95-52283 Correct the Domain Matching order:** When using web filtering, the SSR now properly enforces the [Service Matching Order.](config_domain-based_web_filter.md#service-matching-order)\n------\n- **I95-52305 Compacting rate limit exceeded:** Resolved memory and CPU issues resulting from attempting to compact very large application identification documents.\n------\n- **I95-52402 Router stuck in `Upgrading` state:** Resolved an issue with `conductor-only` mode, where the conductor was attempting to download the installer before the software access proxies were in place, preventing an update to the installer.\n------\n- **I95-50562 / I95-52626 Forwarding plane control message bursts create exception, causing a packet buffer leak:** Resolved a condition where backpressure caused the messaging mechanism to develop buffer leaks. Proper handling of exceptions now prevents buffer leaks. The control buffer capacity has been increased to better handle bursts as part of the resolution.\n------\n- **I95-52650 Asset state transition on conductor is slow for deployments with greater than 250 routers:** An optimization was made to an internal calculation and improve the speed at which synchronization requests are processed.\n------\n- **I95-52816 Config Validation may generate errors in the wrong field:** Resolved an issue during the validation of BGP graceful-restart configuration settings that could lead to generating incorrect errors/warnings during configuration validation.\n------\n- **WAN-2090 Conductor managed SSR Applications in WAN Insights Showing up as Numbers:** Resolved an issue with stats APIs, which were not properly handling some internal service names.\n\n## Release 5.6.9-3\n\n**Release Date:** July 19, 2023\n\n### Resolved Issues Requiring Configuration Changes\n\n- **I95-50949 Add packet buffer tracking to help analyze buffer exhaustion:** Packet buffer location tracking has been added, and the following PCLI commands have been created for buffer tracking.\n\t- `show packet-buffer locations`\n\t- `save packet-buffer snapshot`\n------\n- **I95-51450 Support for 100/Full Speed/Duplex on Intel I225-V Driver NICs:** The DPDK driver has been updated to allow fixed speed and duplex configuration to work with IGC i225 NICs.\n\n### Resolved Issues\n\n- **I95-47960 Incorrect progress message for `show dns resolutions`:** The progress message for this command now correctly displays `Retrieving dns resolutions...`.\n------\n- **I95-48931 Service area Highway crash:** Now prevent crashing in SSR's highway process in rare race conditions when a session's flow is removed before the session is fully established.\n------\n- **I95-49587 ICMP session classification improvement:** The application lookup for ICMP sessions now accurately identifies the correct service.\n------\n- **I95-50722 Highway crashes during session migration:** Resolved a crash in the SSR's highway process, due to a race condition between configuration changes and BFD sessions.\n------\n- **I95-51053 ESP session stuck in Incomplete state:** Resolved an issue where SVR sessions from network-interfaces with dscp-steering enabled can be stuck in an incomplete state.\n------\n- **I95-51167 Unable to override auto-generated peer service-route:** The user can now provision a service-route with the same name as an automatically-generated one. The user's service-route takes precedence and will be used instead of the generated one.\n------\n- **I95-51177 Ethernet over SVR setting wrong egress MAC address:** Ethernet over SVR now correctly sets the egress MAC address when using outbound-only mode.\n------\n- **I95-51178 Increase default juteMaxBufferSize:** The default juteMaxBufferSize has been increased to 10MB, which addresses issues where the device is unable to commit very large configurations.\n------\n- **I95-51284 Routers remain in the connected state:** Updated the dependencies within the salt minion to resolve an issue where an asset is stuck in the connected state, displaying the error: `Error getting asset's public key: 'ssh.set_auth_key', retrying....`\n------\n- **I95-51296 Show Time in Status in the show assets detail view:** The asset Time in Status field has been added to the Detail view.\n------\n- **I95-51359 Unable to set the OSPF MTU:** Added the ability for users to set the MTU to a non-default value.\n------\n- **I95-51403 GUI displays download in progress even after the download is complete:** Resolved an issue where a download success event is never created even though the version shows as downloaded in the software versions.\n------\n- **I95-51427 GUI not displaying all the version information:** The GUI About page now displays additional version information previously only displayed in the PCLI `show system version detail.`\n------\n- **I95-51650 `log-category PCLI` command not working:** Resolved an issue that disallowed setting `config authority router system log-category PCLI`. We now also allow configuring the following log categories:\n\t- CFGD\n\t- SNMP\n\t- HTTP\n------\n- **I95-51658 Allow sync command in resynchronizing state:** Resolved an issue where the user received an error when executing the send command sync command while an asset was in the resynchronizing state.\n------\n- **I95-51734 Remove duplicate transport port-ranges from modules before adding to service:** Resolved an issue where FIB entries are not installed when app-id modules have conflicting or overlapping port-ranges, and are being placed into one service.\n------\n- **I95-51788 Path index is not displayed correctly for `show sessions by-id`:** `show sessions by-id` has been updated to display MTU and PathIndex.\n------\n- **I95-51792 Low MTU threshold causing metadata fragmentation:** Fixed the incorrect handling of packets where metadata is fragmented due to unreasonably low MTU, causing the packet buffers to become exhausted.\n------\n- **I95-51793 Path MTU discovery dropping very low:** Fixed PMTU discovery from ever resolving to an unreasonably low MTU, which could previously occur during a link flap event.\n------\n- **I95-51794 Core dump on systems with greater than 10 physical interfaces, such as Lenovo SR-650:** Resolved an issue where the SR-650 was crashing due to uninitialized flags field. Support has been added for these devices.\n------\n- **I95-51865 NTP not syncing for HA nodes:** Added the ability to configure the orphan stratum for the HA peer node. This was previously hard-coded to 5 but this change allows an HA peer to be able to sync when the upstream server is of a lower stratum, if so desired by the user.\n------\n- **I95-51915 Report buffer allocation failures to watchdog:** `alloc-failure` stats are now gathered per device and included in the device stats, allowing the watchdog to detect a failure and respond.\n------\n- **I95-52104 URI escape characters handled incorrectly:** The `lookup application by-domain` and `clear app-id cache-entry url` were handling url parameters incorrectly, in lookup, creating and clearing cache entries. This has been resolved and each command now performs the correct operation. \n------\n- **I95 52105 Permissions error when attempting to `delete certificate webserver`:** Resolved an issue where `delete certificate webserver` and `create cerificate webserver` with an existing certificate were failing. On older versions of software this can be worked around by running `sudo rm -rf /etc/128technology/pki/webserver.pem`. \n\n## Release 5.6.8-9\n\n**Release Date:** May 25, 2023\n\n### Resolved Issues Requiring Configuration Changes\n\n- **I95-48862 Load balance sessions across BGP RIB Entries with multiple paths:** Resolved an issue when BGP was used to build a routing table, only the first next hop was used. All next hops are now used, and load balancing occurs over all routing protocol routes. \n------\n- **I95-50510 New fields for IPFIX:** The SSR IPFIX implementation was not sending the industry standard fields of flowStartMilliseconds and flowEndMilliseconds. In the new implementation, all IPFIX records include these fields. The start time is set to the start time of the flow, and the end time is always set to the time the last packet was received on the flow. For intermediate records, this indicates that the flow is still ongoing but provides the last activity timestamp. For the end records, this indicates when the last packet was received on the flow prior to the session terminating. For additional information, see [IPFIX](concepts_application_discovery.md#ipfix).\n------\n- **I95-50571 Add packet buffer tracking to help analyze buffer exhaustion:** The following features have been added to help diagnose packet buffer pool depletions in certain environments:\n\t- Track packet buffer locations.\n\t- Enforce setting of packet location.\n\t- Add the ability to walk packet buffer pools, count the locations, and display.\n------\n- **I95-51169, I95-51173 Buffer tracking improvements:** The following improvements have been made to Buffer Tracking:\n\t- Refined packet buffer location tracking to better identify buffers in use for `TSI` collection.\n\t- Provide more diagnostic information, when possible.\n\t- The following new metrics have been added for tracking utilization of packet pools. These can be found under `show stats packet-processing pool-utilization`. \n\t\t- `fastlane-generated-packet-pool`\n\t\t- `host-packet-pool`\n\t\t- `network-packet-pool`\n\t\t- `tcp-proxy-packet-pool`\n------\n- **I95-51316 Add Resynchronization state:** Transition an asset into the `Resynchronizing` state instead of `Connected` when a configuration change is made, or when the user executes the `send command sync` command from the PCLI. This better identifies the actions being performed within the SSR, and is not an indicator of the device health. Previously when an asset required a highstate due to a config change or running the `sync` command, the device would transition to `Connected` from `Running`, which caused concern with users. \n\n### Resolved Issues\n\n- **The following CVE have been identified and addressed in this release:** I95-48448, I95-49456, I95-50358, I95-50359, I95-50506, I95-50508, I95-50535, I95-50790.\n------\n- **I95-37833 Apply password policy more consistently:** The password policy for SSR users has been updated, and now requires passwords to have a special character in addition to previous requirements. \n:::important\nPlease refer to [Password Policies](config_password_policies.md) for updated password requirements.\n:::\n------\n- **I95-47776 Tank hostname parsing errors:** Resolved two issues in the Tank instance where the localhost could not resolve to an IP address, and Tank was not identifying non-default ports. These issues have been resolved. \n------\n- **I95-48518 Application Identification not recognizing Apps on HA systems:** Resolved an issue where the GUI was only pulling Application data from one node in an HA configuration. Application ID Summary display now aggregates data from both nodes.\n------\n- **I95-48965, I95-51086 Race condition with routing updates inducing crash in highway process:** Resolved an issue where a routing change that affects the `forwarding-table` can incur a race condition with sessions completing and being removed, which could lead to a highway crash and restart.\n------\n- **I95-49594 Highway Crash:** Resolved an issue for systems where any of the following are configured:\n - `application-identification` is enabled, \n - a service is defined with `domain-name child services`, or \n - a `service address` is configured as a `domain`\nand there are established flows for any of these services, a link flap triggering a flow invalidation (changes to FIB) will induce a crash in the highway process of the SSR. This issue exists in versions 6.1.0 and 6.1.1, and is resolved in 6.1.2.\n------\n- **I95-49603 Process Manager crash:** When a long running process was being cleaned up by the subprocess, the cleanup would fail causing a crash. Long running processes are now properly terminated, which allows the cleanup subprocess to complete correctly. \n------\n- **I95-49675 Incorrect path in console help message for `export config running`:** The help message now correctly identifies the export path: **Exported files are stored in `/etc/128technology/config-exports/` and are stored as GZIP compressed files.**\n------\n- **I95-49754 Waypoint re-use causing duplicate reverse flows:** Resolved a case where when the waypoint pool is nearly depleted, released waypoints were reused prematurely causing errors when installing reverse flows.\n------\n- **I95-49791 Add audit rules to track modification of grub config files:** Added rules to log notifications in case of changes to grub configuration files.\n------\n- **I95-49925 GRE tunnel health-check not migrating sessions when path is down:** The GRE tunnel manager now removes all sessions before adding new ones rather than modifying the existing sessions.\n------\n- **I95-49969 Permission Denied error when attempting to self-generate a webserver certificate:** Resolved an issue that prevented users with the admin role from creating a new self-signed web certificate via the PCLI command `create certificate self-signed webserver`.\n------\n- **I95-49974 Stuck flow not cleared when reverse metadata is incomplete:** Resolved an issue where reverse metadata is coming through incomplete - without the source tenant. The source tenant has been added to the reverse metadata.\n------\n- **I95-50047 Conductor config unable to pass local validation on one of the routers:** Resolved an issue where a router missing the `reachability-profile` configuration may pass validation on conductor.\n------\n- **I95-50050 VRRP High Availability gets stuck in Active/Active:** The DPDK version has been updated to resolve this issue.\n------\n- **I95-50247 Duplicate peer path alarms:** Resolved an issue where both BFD and the path MTU feature were generating alarms for the same peer path being down. The criteria for which peer path state changes can trigger peer path events has been tightened.\n------\n- **I95-50262 Routers disconnected from their conductor may have incorrect log rotation settings:** Resolved an issue where a managed router was not able to pull down the configuration from the Conductor - which includes the log rotation config. The default salt log rotation configuration has been improved, preventing the log from growing too large before the connection to the Conductor can be established. \n------\n- **I95-50269 Router clone operation fails:** Implemented checks to prevent cloning obsolete elements and internal lists/containers on legacy versions of the SSR software.\n------\n- **I95-50286 Rebooting a node of an HA pair from Linux breaks routing:** Resolved an issue where a delay in the shutdown process caused a node to take over a VRRP interface, creating routing issues. \n------\n- **I95-50331 System fails to synchronize keys on startup:** The SSR now dynamically updates the `rsync IP host address` from the non forwarding HA sync interfaces, and will fall back to the `global.init` host IPs if they don't exist.\n------\n- **I95-50363 MOS Metrics not refreshing:** Resolved an issue where the SLA and MOS values were not being updated in the stats (or PeerPathTable) when a BFD session was brought down. The SLA and MOS stats are now set to 0 when the BFD session is brought down.\n------\n- **I95-50376 Failure to make config changes after rollback:** Resolved an issue where commits would not take effect after rolling back an HA router, because of older/newer version conflicts. \n------\n- **I95-50445, I95-49377 i40e and ice devices enter malicious descriptor detection state, preventing forwarding of traffic:** Resolved an issue where fragmented packet chains larger than 8 buffers were discarded causing a malicious descriptor event. \n - The below `dpdk.log` snippet provides an example of the event:\n```\n[DPDK| -- ] ERROR (00007f03ec18e700) i40e_dev_alarm_handler(): ICR0: malicious programming detected\n[DPDK| -- ] WARN (00007f03ec18e700) i40e_handle_mdd_event(): Malicious Driver Detection event 0x02 on TX queue 6 PF number 0x01 VF number 0x00 device 0000:08:00.1\n[DPDK| -- ] WARN (00007f03ec18e700) i40e_handle_mdd_event(): TX driver issue detected on PF\n```\n - Added hooks for the NIC driver to trigger an unrecoverable event and invoke the Highway lockup detector mechanism.\n------\n- **I95-50534 Race condition between NetworkInterfaceManager and FastLane:** Resolved a race condition caused by adding and deleting the same network interface in a very short window of time, potentially causing a system crash.\n------\n- **I95-50554 No dynamic synchronization of repos to the routers:** Resolved an issue where it was necessary to restart 128T on the Conductor in order for the Conductor to recognize newly added repositories and sync them down to the assets. Authenticated repos are now automatically synchronized when repos are added to the conductor.\n------\n- **I95-50656 Improve metrics for REST API performance:** Performance improvements have been made in metrics REST APIs to alleviate intermittent metrics graphs on heavily loaded systems.\n------\n- **I95-50710 Configuration cannot be applied to router when its time is ahead of the conductor:** Implemented time detection for configurations using a future time that is corrected upon commit. This resulted in an `mtime` older than what is in the datastore, and the configurations were rejected.\n------\n- **I95-50736 SSH key change not propogated to secondary conductor:** Resolved an issue where an SSH key change to `/etc/128technology/ssh/pdc_ssh_key` was not automatically detected and resynced between peer node and conductor nodes.\n------\n- **I95-50754 Race condition between ICMP ping request and a reverse flow:** Resolved a crash due to a race condition when `service ping icmp-request` is matched against a partially installed flow.\n------\n- **I95-50778 Event History filter not working:** Resolved an issue where searching on the Event History page didn't show matching results when the search string is only found in the Details column.\n------\n- **I95-50787 Rebooting the OS from the conductor throws error code 400:** Resolved an issue in the GUI with the reboot button on the Router page. When trying to reboot a router, the button would fail and display **Error: EOF**. \n------\n- **I95-50823 Support for time-offset DHCP option:** `int-32 encoded-type` has been added to provide support for the time-offset DHCP option.\n------\n- **I95-50967 SSR is not allowing other DHCP relay traffic to pass through:** When the SSR acts as a DHCP Relay, it will no longer drop packets received from other relay agents on the network. Instead the packets will be routed appropriately as per the configured policies.\n------\n- **I95-50977 Installer fails to download software when the Conductor software proxy is enabled:** Resolved an issue where when the Conductor software proxy is being used, DNF transactions to the conductor repo go through the proxy, despite the repo pointing to a local tunnel to the conductor. These transactions now go through the proper tunnel.\n------\n- **I95-50979 Routers remain in connected state:** Resolved an issue where assets will perform a new highstate unnecessarily if a commit occurs while a highstate is already in progress, causing assets to take a long time to get to the running state.\n------\n- **I95-51006 Nodes stuck in connected state after upgrade:** On an HA conductor, if the user is performing an upgrade on the first conductor node and that user makes a config commit during the upgrade, then the configuration's modified time will become out of sync between the two conductor nodes. When the conductor first node is finished upgrading the result is a loop where the configuration keeps getting committed by each node back and forth until a new commit is made. This issue has been resolved by allowing the peer conductor node to accept the config despite the perceived version disparity. Please note performing a commit mid-upgrade is not supported.\n------\n- **I95-51007 Conductor is incorrectly honoring core pinning:** The cpuProperties cores setting in /etc/128technology/local.init was erroneously isolating cores on conductor nodes when set, even though this setting is intended for a router. This would cause a reduction in available processing cores for normal conductor operations. This setting will now be ignored on the conductor.\n------\n- **I95-51044 Hide `forwarding-core-mode` on conductor:** Disabled the `forwarding-core-mode` setting on conductor nodes, since this setting doesn't apply to conductor.\n------\n- **I95-51087 SSR fails to download firmware after upgrading the conductor:** Resolved an issue where the first time a conductor is upgraded and **conductor-only** is selected in the software-update settings, the proxy service on the conductor does not work correctly, and downloads fail. The downloads no longer fail. \n------\n- **WAN-1958 Mist agent crashes:** Increased internal file system limits which were preventing some services from starting correctly at boot. Limits were raised based on expected system usage.\n\n## Release 5.6.7-4\n\n**Release Date:** March 16, 2023\n\n### Resolved Issues Requiring Configuration Changes\n\n- **I95-48928 Set Time using PCLI command:** Add a new PCLI command `set time` which allows an admin to bootstrap a system without NTP connectivity. The PCLI uses the date(1) shell command and accepts a wide variety of inputs. To see more documentation about the date format see setting the time or the -d option on options for date.\n------\n- **I95-49354 Display SSD smartctl info in `show platform disk`:** We now display the following disk info, if supported by the disk, in `show platform disk`:\n\t- Lifetime used\n\t- Power On Hours\n\t- TBW (Terabyte Written)\n\t- TBW per year\n------\n- **I95-50072 Support for ConnectX-6 Lx PCIe device:** Support has been added for this device. \n\n### Resolved Issues \n\n:::important\n- **I95-49594 Highway Crash:** In a system where any of the following are configured:\n\t- `application-identification` is enabled, \n\t- a service is defined with `domain-name child services`, or \n\t- a `service address` is configured as a `domain`\nand there are established flows for any of these services, a link flap triggering a flow invalidation (changes to FIB) will induce a crash in the highway process of the SSR. This issue exists in versions 5.6.3 through 5.6.6, and is resolved in 5.6.7.\n:::\n\n- **The following CVE have been identified and addressed in this release:** I95-48445, I95-48643, I95-48859, I95-48907, I95-49079, I95-49445, I95-49745, I95-49746, I95-49747, I95-49748.\n------\n- **I95-48054 STEP not working in Core Network:** Resolved an issue where processing STEP route updates can cause modification of unrelated FIB entries, potentially interrupting existing sessions.\n------\n- **I95-48232 Ability to ping lost after failover:** We now prevent unnecessary FIB changes (which may lead to a short traffic interruption) when new routes are added to the RIB that are more specific than some configured service IP prefixes.\n------\n- **I95-48485 Broadcom NIC (NetXtreme) fails to initialize properly:** Resolved an issue with initization errors during memzone creation. \n------\n- **I95-48590 ACK RTT Improvements:** Resolved an issue where the stats were not resetting properly, and added supporting sampling to ACK RTT tracking. \n------\n- **I95-48927 Audit log disk failure mode:** Added a Failure Notification parameter and failure mode to inform users that the `auditd.conf` log disk is nearing capacity, or has reached capacity, and that action is required.\n------\n- **I95-48942 Routing policy filter condition reference type not validated:** Added a check to verify that when a routing policy condition references a filter, the condition type and filter type match. \n------\n- **I95-49118 HA LTE Interfaces go down and impact BGPoSVR and Conductor:** The handling of FIB updates due to interface state changes has been optimized to avoid possible traffic loss for unaffected FIB entries.\n------\n- **I95-49242 When HMAC is disabled, the automatic MSS adjustment calculation for `enforced-mss = automatic` may be wrong:** The Automatic MSS adjustment calculation has been corrected (expanded). \n------\n- **I95-49350 BFD echo generating latency overhead:** BFD echo tests are now staggered to minimize application latency's contribution to overall peer path latency.\n------\n- **I95-49377 Transmit packets dropped by NIC for established sessions - packet counters are incrementing and can be seen in packet capture, but not seen by next-hop:** Added hooks for NIC driver to trigger an unrecoverable event and invoke the Highway lockup detector mechanism. \n------\n- **I95-49431 Unable to edit or add static route config from Conductor GUI:** When editing configuration on the stand-by node of an HA pair, creating a list item with a slash, /, such as specifying the destination-address of a static-route, caused an error. This has been resolved.\n------\n- **I95-49447 Conditional BGP advertisement is not respected:** Resolved an issue that if a peer went down and came back up, the conditional advertisement was no longer respected. \n------\n- **I95-49454 Error while creating a new Radius user from the GUI:** The create user API now rejects requests with invalid input parameters. \n------\n- **I95-49514 Linux interfaces bounced on startup:** Resolved an issue where all Linux interfaces managed by 128T are bounced once on 128T startup.\n------\n- **I95-49564 Reduce volume of logs during pending lookups:** The error logs during a pending lookup has been changed to a muted error log with a stat.\n------\n- **I95-49604 Alarm when a node is disconnected:** An alarm is now raised when a node is disconnected from the internal synchronization database.\n------\n- **I95-49633 Validation not strict for static assignment within DHCP server configuration:** Configuration for static addresses within DHCP server exists in multiple locations per design. Cross-validation has been added to prevent the same ip-address from being configured and assigned to multiple dhcp-clients.\n------\n- **I95-49655 Cutting and pasting the output of `show flat` does not work for OSPF:** Resolved the issue that prevented editing the OSPF list.\n------\n- **I95-49722 Event filter does not work on HA router nodes:** Resolved issues with filtering by node, and an incorrect value was displayed for the node column in the GUI.\n------\n- **I95-49756 RDP sessions failure over peer path:** Resolved an issue that caused RDP traffic to fail when adaptive encryption and AppId are both enabled.\n------\n- **I95-49778 Conductor GUI not showing data metrics for routers running:** Resolved an issue where API keys were not properly synced down to the managed routers which caused certain router data to not show up on the GUI.\n------\n- **I95-50014 Hitting Buffer Overflow during configuration changes:** Resolved an issue where a config change request may not make it to a managed router, and returns a buffer overflow error.\n------\n- **I95-50034 Issues with stuck sessions in load balancer:** Resolved an issue with session modify, where gateway changes on the same egress interface can fail due to a missing ARP.\n------\n- **I95-50050 VRRP High Availability gets stuck in Active/Active:** The DPDK version has been updated to resolve this issue. \n------\n- **I95-50058 Performance regression in Running Config APIs:** Resolved a constant cache miss for a specific set of the running config APIs.\n------\n- **I95-50076 EthResource descriptor calcs don't account for variable defaults:** Resolved an issue where Mellanox ConnectX-5 and ConnectX-6 could be initialized with insufficient packet receive capacity.\n------\n- **I95-50139 Include PID in User-Agent header:** Added a debugging aid to identify which process is sending requests.\n------\n- **I95-50172 Download error not cleared until next successful download:** Resolved an issue where failed download errors are not cleared when a new download starts.\n\n## Release 5.6.6-7\n\n**Release Date:** January 18, 2023\n\n### Resolved Issues Requiring Configuration Changes\n\n- **I95-47947 Increase max CoreDump size to 4GB:** The maximum size of coredumps now defaults to 4G. This value can be configured in environment config by modifying the `maxCoredumpSize` field of the new `crashReporting` object. Any manual modifications to `coredump.conf` will be overwritten whenever the service is started. \n\n:::important\nUpgrading to this release version will cause `coredump.conf` to be re-written with 4G limits for coredumps even if `coredump.conf` had been updated manually for a higher value!\n:::\n\n### Resolved Issues\n\n- **I95-46336 Peer connection not established after AWS upgrade:** Resolved an issue where an AWS C5 instance size can fail to initialize when more than one accelerated network interface is configured.\n------\n- **I95-48352 Application ID is not identifying MS-Teams correctly:** Resolved an issue where sessions with IP addresses as their domain names were not classified correctly when the information was received via HTTP web proxy. Sessions with IP addresses as their domain name are now verified against the IP tree, and not the domain name database.\n------\n- **I95-48447 JWTs signing does not meet stringent security standards:** Changed how JWTs are signed to increase security posture.\n------\n- **I95-48464 This CVE has been addressed.**\n------\n- **I95-49139 `show network-interface application` renders poorly for empty hostnames:** The DHCP server state script has been updated to not escape `` hostname.\n------\n- **I95-49166 OSPF is not configurable using the GUI:** This issue has been resolved.\n------\n- **I95-49225 Packets containing only path-metrics metadata are dropped:** Resolved an issue where FPM calculations caused these packets to be dropped when flows were affected due to routing changes.\n------\n- **I95-49326 New sessions become associated with defunct sessions on next-hop routers:** Enhanced session reuse detection to validate all incoming metadata once a session-id has been properly latched.\n\n### Caveats\n\n- **I95-49724 Quickstart URL Upload not working:** In Release 5.6.6, the QuickStart file upload using the `https:///quick-start` URL is not working. This is currently being worked on and will be fixed in 5.6.7. No other patches/releases are affected. \n\n**Workaround:** Upload the Quickstart file using a USB as outlined in [Configure the SSR and Network Interfaces](https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/intro_otp_iso_install#2-configure-the-ssr-and-network-interfaces) section of the [Router Installation Using OTP](https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/intro_otp_iso_install) guide. \n\n## Release 5.6.5-5\n\n**Release Date:** December 28, 2022\n\n### Resolved Issues\n\n- **The following CVE have been addressed and resolved:** I95-48644, I95-48648, I95-48650, I95-48653, I95-49039.\n------\n- **I95-34384 Rotated datastores with different permissions:** Resolved an issue where some rotated datastore files had different permissions.\n------\n- **I95-44926 Configuration validation for `as-path` incorrect for certain values:** Resolved an issue where a subset of 4-byte BGP private AS numbers was not accepted inside AS path specifications for routing policy `modify-as-path` actions.\n------\n- **I95-45478 Segmentation Fault in the Dynamic Peer Update process:** Resolved an issue with multi-threaded access to a data member, leading to a segmentation fault.\n------\n- **I95-47797 Packet duplication does not interoperate well with outbound-only adjacencies:** When utilizing the packet-duplication feature (`service-policy -> session-resiliency = packet-duplication`), any peer adjacencies marked as `outbound-only` are no longer used. Packets are only duplicated along bidirectional paths.\n------\n- **I95-47929 Missing BGP advertisement after deleting all sessions after an upgrade:** Resolved an issue where BGP update suppress was not removing any pending withdrawls.\n------\n- **I95-47992 HTTP service not working in WAN Assurance:** Resolved an issue where HTTP traffic is dropped when using a combination of application-identification, adaptive-encryption, and spoke-to-hub-to-spoke topology (outbound-only peer-connectivity).\n------\n- **I95-48107 EoSVR sessions not stable:** Resolved an issue with loss of connectivity to STEP EoSVR peer. The STEP route is now held in place and available when STEP connectivity is restored. \n------\n- **I95-48163 Only services with load-balanced paths are shown in `show services`:** Resolved an issue where services without load-balanced paths weremissing from show services output.\n------\n- **I95-48324 Application Identification not parsing domain names:** The App-ID parsing mode has been updated to correctly parse domain names.\n------\n- **I95-48396 `show-rib` limited to 512 entries:** The `show rib` count maximum has been increased.\n------\n- **I95-48529 BFD sending link notification before hold-down timer expires:** Resolved an issue where peer service-paths do not remain down while the BFD session / peer status is in the hold-down period after transitioning from down to up. Peer service-paths status now correctly reflect the peer status. Sessions will not be moved back to peers that have re-established connectivity but are still in the hold-down period.\n------\n- **I95-48580 Application summary classification fails for hub-to-spoke sessions:** The spoke now learns application names for sessions when receiving packets from a hub with application identification disabled.\n------\n- **I95-48582 `show bfd` command ignoring parameters:** The query parameters are now passed to the REST endpoint to be used byt the `show bfd` command.\n------\n- **I95-48641 Recreating BFD flow when an outbound-only session is reset:** Flow creation is now deferred until a reverse packet arrives from the peer, similar to the initial creation case.\n------\n- **I95-48656 Reduce TSI service log limit:** The size of the Tech Support Info journal has been restricted to prevent excessive resource consumption.\n------\n- **I95-48684 SSR not answering ARP requests:** Increased `internal-application traffic-engineering` rates for ARP traffic which was being dropped in a multiple packet-processing core environment incorrectly due to an over aggressive traffic engineering profile.\n------\n- **I95-48685 GUI and/or PCLI unresponsive:** Resolved an issue where on an HA conductor the user interface would become unresponsive if a managed router was offline or unreachable.\n------\n- **I95-48689 Top Sessions not displaying source address:** Restored the **Source** column in the Top Sessions table. \n------\n- **I95-48723 HA sync not running after systems reconnect:** Historical metrics and events are synced between HA nodes after extended downtime.\n------\n- **I95-48772 `show running config` command displays an error:** Resolved an issue where `show config` requests on the PCLI failed if enum leaf-list entries were changed.\n------\n- **I95-48872 `show sessions by-id` doesn't display correctly tcp state or retransmission counts:** `show sessions by-id` now correctly display `tcp state` and `retransmissions` when `udp-transform` is enabled for a session.\n------\n- **I95-48897 Adaptive encryption breaks after flow move:** Resolved an issue where the session breaks during failover when adaptive encryption is enabled.\n------\n- **I95-48904 Stuck pinhole session after flow invalidation:** Resolved an issue with a stuck session that was setup from hub to HA spoke after a routing change.\n------\n- **I95-48950 Application identification modify packet is dropped:** Packets with `inline-modify` that traverse the BFD pinhole are now handled correctly.\n------\n- **I95-48988 High CPU for packet processing core:** Resolved an issue where the CPU can spike to 100% after a failover from internode/interrouter path to local breakout when failover is enabled for local breakout.\n------\n- **I95-49106 Degradation in performance during file rotation:** This issue has been resolved.\n------\n- **I95-49124 `show network-interface application` always has `unavailable` router name:** This issue has been resolved.\n------\n- **I95-49134 DHCP server does not work when device IDs on HA interface do not match:** Resolved an issue where a DHCP server interface may instead forward DHCP requests through the `service-area` and out to the WAN.\n------\n- **I95-49157 Poor GUI and PCLI performance for other users during a change/validate/commit operation:** Resolved the performance issue by optimizing the export config API.\n\n## Release 5.6.4-3\n\n**Release Date:** November 18, 2022\n\n### Resolved Issues Requiring Configuration Changes\n\n- **I95-48223 Add Application-specific information to `show sessions by-id`:** The following information has been added to `show sessions by-id`: \n\t- domainName\n\t- uri\n\t- category\n\t- overrideServiceName\n\t- appStatsTrackingKey (combination of application, client ip, ingress-interface, next-hop, and traffic-class) \n\n### Resolved Issues\n\n- **I95-48076 SSR Failover on GRE tunnels not working:** The base interface giid is now used to identify the state of a GRE tunnel next-hop.\n------\n- **I95-48158 Unable to capture child services using session capture:** When a session capture is configured on a child service (e.g., `social.internet` instead of `internet`), the session is now recorded.\n------\n- **I95-48427 BGP ignoring multihop TTL (Time To Live) setting leading to invalid nexthop:** Resolved an issue where BGP may temporarily \"forget\" about the TTL value configured for a neighbor.\n------\n- **I95-48508 Keep-alive cache may cause worker core CPU spikes:** Resolved potential worker core utilization CPU spikes by utilizing aggressive keep-alive timeouts.\n------\n- **I95-48600 Compare Session ID's to prevent flow collisions:** Re-use of sessions is prevented when waypoint pool is exhausted and sessions linger on egress router.\n------\n- **I95-48685 GUI and/or PCLI unresponsive:** Resolved an issue where on an HA conductor the user interface would become unresponsive if a managed router was offline or unreachable.\n------\n- **I95-48686 Transmitted packet buffers held too long:** The packet pool sizing has been adjusted to prevent pool depletion when local.init overrides for descriptor counts are present.\n------\n- **I95-48731 Sessions created on a `fin-ack` may get stuck:** Resolved an issue where, if tcp-state-enforcement is set to allow, a TCP session is established from a fin-ack may not get torn down in a timely manner.\n------\n- **WAN-1372 Improve CPU Usage Reporting:** Devised a more efficient collection scheme to minimize the CPU impact when collecting the CPU and memory data.\n\n## Release 5.6.3-6\n\n:::important\nThe following issue has been discovered in the releases listed here:\n\n- 5.6.2 \n- 5.6.3\n\nIf an HA Conductor queries a disconnected router from the Conductor GUI Router page or from the Conductor PCLI, the conductor may encounter periods of poor performance until the requests time out. The issue has been resolved in the next patch release with I95-48685. \n\nFor immediate resolution on the impacted releases, contact Juniper Technical Support, or your SE.\n:::\n\n**Release Date:** November 7, 2022\n\n### Resolved Issues\n\n- **I95-32789 Peer metrics unavailable after Conflux synchronization:** Resolved an issue with HA routers where the metrics application stops streaming metrics to the peer node after loading configuration.\n------\n- **I95-43302 Rename Third-Party menu text:** The menu text has been changed to **External** to more accurately reflect the links to other Juniper platforms.\n------\n- **I95-44957 Azure is not able to identify the asset-id of the depolyed conductor and router:** The Azure ID has been modified to a value that can be processed by Azure.\n------\n- **I95-45478 Segmentation Fault in the Dynamic Peer Update process:** Resolved an issue with multi-threaded access to a data member, leading to a segmentation fault.\n------\n- **I95-46561 Peer table Sort by Destination does not work consistently:** Resolved an issue with sorting for Peer Path Source/Destination columns in the GUI.\n------\n- **I95-46677 Modify GUI to not resize dashboard tiles:** Dashboard tiles now do not resize when the window is resized.\n------\n- **I95-46879 ICMP error responses are not NATed when sent over SVR:** Certain ICMP error messages can now be encapsulated over SVR when enabled within the neighborhood or adjacency configuration: Flows that are UDP over SVR are able to have their ICMP error messages encapsulated. \n------\n- **I95-46904 Labels in Reachability Profile are not correct:** Added missing labels to Traffic Class and Time to Establishment information screens.\n------\n- **I95-47075 Disable weak SSH ciphers:** Resolved issues where the remote SSH server was configured to allow weak key exchange algorithms on `tcp/22` and `tcp/930`. \n------\n- **I95-47271 VRRP Alarm for Backup becoming Primary:** There is now an alarm when the backup VRRP node in an HA pair takes over as the primary.\n------\n- **I95-47438 ESP Session Missing:** Resolved an issue that created stuck sessions when a NAT device was rebinding and failing to establish sessions from reverse packets.\n------\n- **I95-47475 Session capture not downloadable for a read only user:** Adjusted permissions to provide access to session capture files to read-only users.\n------\n- **I95-47476 Session table associated paths not scalable, scroll bar hidden:** The Session Table window has been enlarged to more clearly show information.\n------\n- **I95-47529 Outbound-only sessions get stuck after NAT rebinding:** Resolved an issue that created stuck sessions when a NAT device was rebinding and failing to establish sessions from reverse packets.\n------\n- **I95-47642 Plugin state summary (table view) for HA router overlays both nodes:** The Plugin state table has been separated by node.\n------\n- **I95-47787 Worker core packet processing spikes to 100%:** Added the ability to tune the [Reverse Packet Session Resiliency](config_reference_guide.md#reverse-packet-session-resiliency) `Minimum Packet Count` (default is 3) and `Detection Interval` (default is 5) settings for session failover without requiring forward packet, and resolved the underlying issue that caused excessively high worker-core CPU.\n------\n- **I95-47909 Handle GRE tunnels in ICMP reachability probe:** The base interface for egress is now used if the `icmp-probe probe-address` is the same as the tunnel destination, and the `internal-address` is used as the source if the `egress-interface` is `gre-overlay`.\n------\n- **I95-47967 Cloud bootstrapper does not bootstrap the deployed Conductor:** Resolved an issue where the configuration was being rejected by the cloud bootstrapper when the device was a conductor.\n------\n- **I95-48019 Issue with deleting a flow on reverse metadata:** Resolved an issue that created stuck sessions when a NAT device was rebinding and failing to establish sessions from reverse packets.\n------\n- **I95-48103 Commit triggered BGP issue:** Resolved an issue where BGP neighbors configured with a short hold time might experience a BGP session flap during a configuration commit when app-ID is enabled.\n------\n- **I95-48108 Service Ping for a Service without Source NAT uses Source IP Address:** The service-ping now uses the source-ip as the packet source-ip if provided.\n------\n- **I95-48125 Save TSI streaming from router to conductor not working:** Adding a node and router argument to the PCLI command `save tech-support-info` now works correctly.\n------\n- **I95-48138 Enabling metadata only works for packets that match the port-range specified:** Resolved this issue by identifying the specific flow, and enabling reverse metadata for a that flow.\n------\n- **I95-48181 \"Failed to send IPFIX interim record\" log messages:** Changed log level from Error to appropriate logging level for the cases when ipfix records should not be generated.\n------\n- **I95-48246 Peer path GQL query should provide a node filter:** Added a parameter to stats on peer-path so that the node can be overwritten.\n------\n- **I95-48357 CoreDump on Failover with DSCP Steering:** Resolved an issue where DSCP Steering sessions would fail to move a flow under certain circumstances and, when using DSCP value 0, crash.\n------\n- **I95-483381 Race condition in session teardown:** Shared context is now maintained to allow all packet processing to be completed before session teardown. \n------\n- **I95-48507 VLAN packets are generated without a valid VLAN from the flow-move cache:** Resolved an issue where sessions could be modified incorrectly when a VLAN is present and session resiliency is enabled for failover.\n\n## Release 5.6.2-7\n\n**Release Date:** October 4, 2022\n\n### Resolved Issues Requiring Configuration Changes\n\n- **I95-35571 Enhanced Syslog:** The SSR can be configured to send system generated events over a secure TLS or TCP connection to a remote-logging server for analysis and storage. For more information, see [Secure Syslog Transport](config_audit_event.md#secure-syslog-transport)\n------\n- **I95-44863 Automatic Core Assignment after Reboot:** On systems where `forwarding-core-mode` is set to `automatic`, if the CPU core count changes the software will automatically recalculate the core count and allocation at reboot.\n------\n- **I95-47077 Configuration options for User Accounts:** Added configuration options for number of login attempts before locking user account, and number of seconds that user account will be locked before being able to attempt to login again. For information, see [Password Policies](config_password_policies.md).\n------\n- **I95-47418 Audit Events for Plugins:** A new audit event has been added that tracks when a plugin is installed or uninstalled. This can be viewed on the Audit History page in the GUI or in the PCLI by running `show events type admin.plugin`.\n\n### Resolved Issues\n\n- **The following CVE have been addressed and resolved:** I95-45056, I95-45059, I95-45060, I95-45123, I95-45165, I95-47482, I95-47483, I95-47484, I95-47485, I95-47805, I95-48048, I95-48049. \n------\n- **I95-39454 Created User cannot access PCLI operations:** Resolved an issue where in rare cases, during bulk user additions, it was possible for the operation to fail, leaving the new user created but unable to login.\n------\n- **I95-42320 BGP aggregate-address not working:** Add support for BGP address summarization.\n------\n- **I95-44434 Peer metric sends IP of WAN interface instead of the expected string:** Logic has been added to show the available destination address.\n------\n- **I95-44976 Highway issue when modifying an app-id session:** SSR software versions 5.1.5 and greater are susceptible to a crash during a flow migration when `application-identification` is enabled (modes `tls` or `all`) on spoke to hub traffic traversing over SVR. The condition occurs for sessions migrating that have timed out or that are traversing the ha-fabric link in the reverse direction.\n------\n- **I95-45847 Duplicate Alarms on Multiple Routers:** Resolved duplicate alarms by obtaining alarms from only one node in an HA pair.\n------\n- **I95-46056 `show ntp` has no output from PCLI, even though NTP is configured:** The output of show ntp will now report IP addresses of the time servers rather than resolve hostnames.\n------\n- **I95-46126 Router Status:** Resolved an issue in HA configurations when a router is connected to HA Conductor 1, but not directly connected to HA Conductor 2, alarms generated on the router are now seen on Conductor 2 - the conductor to which the router is not directly connected. \n------\n- **I95-46281 Update Kernel to RHCK 8.6:** Updated the kernel to integrate the latest security fixes.\n------\n- **I95-46545 Conductor Validation passing when a URL is configured in a Parent Service:** Validation for application-identification has been updated to include URL and subcategory. \n------\n- **I95-46641 Modem lockup after reset on dual LTE system:** Resolved an issue with dual LTE modem lockup after reset.\n------\n- **I95-46662 Tenant prefix differences on two HA router nodes are not validating correctly:** Added a validation check to ensure that the tenant-prefixes between two redundant interfaces are identical.\n------\n- **I95-46701 Packet Loss on Headend Router:** Added device-interface rx/tx descriptor ring size to resolve this issue.\n------\n- **I95-46807 Validation insufficient for reachability-detection:** Added validation logic to report and error when `service-route > reachability-detection` was configured, but neither `icmp-probe-profile` or `reachability-profile` exist.\n------\n- **I95-46826 Carrier detection logic not recognizing disaster recovery modem:** Updated the carrier detection logic to properly recognize the carrier when a modem is attached to a disaster recovery cell tower.\n------\n- **I95-46918 GUI and PCLI out of sync when new configuration elements added/modified:** Resolved an issue where `show network-interface` and `show config` were not updating properly.\n------\n- **I95-46919 LDAP Users Not Shown in GUI Users Display:** Updated username requirements and the ability to identify issues with usernames not meeting those requirements. See [Username and Password Policies](config_password_policies.md) for username requirements.\n------\n- **I95-46921 `128status.sh` script incorrectly checks for non-existent listening port:** Removed port 830 check for software versions 5.3.0 and greater\n------\n- **I95-46966 BGP Connection Restarts on SVR Peer Failover:** Resolved an issue with FIB entry setup that was causing BGP connection reset when the session fails over.\n------\n- **I95-47129 Metadata is not disabled after flow-move for EoSVR sessions:** Added a metadata turnoff after session failover for EoSVR.\n------\n- **I95-47336 Running configuration change events are missing:** Updates have been made to include `username` in the running configuration change events log. \n------\n- **I95-47414 Skip the AD lookup in highway for ICMP:** ICMP is now skipped during AD lookup to keep the App stats reults relevant.\n------\n- **I95-47437 TSI creation is leading into Network Failure - BGP BFD went down:** Refined the output for TSI to prevent failures. \n------\n- **I95-47537/I95-47556 Synchronize writing to files to avoid a race condition:** Added a common file lock to synchronize writes.\n------\n- **I95-47551 Keep-alives are not generated for unidirectional outbound-only sessions:** Resolved an issue with keep-alive generation for unidirectional outbound-only sessions.\n------\n- **I95-47552 LTE modem not coming up after upgrade:** Resolved an issue with modem detection and port scanning for Quectel EC25.\n------\n- **I95-47585 Transmit-failure increments when TE is enabled:** When `device-interface traffic-engineering` is enabled, the `stats/packet-processing/sent/interface-failure` statistic is no longer erroneously incremented.\n------\n- **I95-47655 BGP issues with VRRP:** VRRP failover may cause routing to not function if internal device numbering is not consistent across the redundant nodes.\n------\n- **I95-47767 Next Hop choice of \"Blackhole\" does not stay visible in Conductor:** This option was displayed in error, as the option is ignored. It has been removed.\n------\n- **I95-47872 App-ID summary tracking of failed sessions still incremented when feature disabled:** App-ID stats tracking for failed sessions now checks the feature enabled flag and responds appropriately. \n------\n- **I95-47969 Increased Memory use when generating TSI:** Resolved an issue where the `save runtime-stats` command and TSI generation could result in particularly high memory usage when Application Identification was enabled.\n\n\tThe `save runtime-stats` command no longer operates across multiple nodes and routers, and will not aggregate the metrics to disk on the conductor. This is to protect against excessive memory consumption. This is a change in functionality; however the public metrics APIs achieve the same result and are the preferred mechanism to collect authority wide metrics.\n------\n- **I95-47981 Ignore VRRP advertisements if the VRID doesn't match:** The VRID is now validated before accepting an advertisement to resolv an issue where VRRP advertisements intended for a different router were being processed.\n------\n- **I95-48018 APP-ID implementation with proxy web server unable to identify traffic correctly:** Resolved an issue reading certain HTTP headers that was causing Application Identification to miss them.\n------\n- **I95-48038 502 Error returned if managed routers are offline:** Resolved an issue that caused HTTP requests on the conductor to return a 502 error for all requests if a managed router is offline.\n\n## Release 5.6.1-18\n\n**Release Date:** August 1, 2022\n\n### Resolved Issues Requiring Configuration Changes\n\n- **I95-35610 Session Failover without a Forward Packet:** A keep-alive mechanism has been added for flow moves. When flow move is triggered, the SSR detects inactivity in forward traffic and generates a keep-alive packet in the forward direction.\n------\n- **I95-40195 LDAP does not allow search base to be configured correctly:** Search base parameters, filter generation, certificate assurance, and logging enhancements have been added to the `ldap-server` configuration. See [LDAP](config_ldap.md) for more information.\n------\n- **I95-40333 Save credentials for accessing SSR software repositories:** `set software access-token` is a new PCLI command to save credentials for accessing SSR software repositories. This provides a way to run `install128t repo authenticate` without dropping to a linux shell. For additional information on this command, see [`set software access-token`](cli_reference.md#set-software-access-token).\n------\n- **I95-43048 NIST FIPS Validated Cryptography:** FIPS Enforcement Mode has been added to the package-based installation processes. Refer to [FIPS Enforcement Mode](intro_installation_bootable_media.mdx#fips-enforcement-mode) for details.\n------\n- **I95-43785 DSCP Tag Preservation:** When set to `true` the `preserve-dscp` command allows you to preserve DSCP values that have been set in a service class or received on a LAN-Interface, over an SVR path. See [DSCP Preservation](config_dscp_preservation.md) for more inforamation.\n------\n- **I95-44769 Add Linux system logs to the Tech Support Information data:** This patch allows for customizations of the systemd journal content included in the `tech-support-info` bundle, and includes additional default content.\n------\n- **I95-44863 Automatic Core Assignment after Reboot:** On systems where `forwarding-core-mode` is set to `automatic`, if the CPU core count changes the software will automatically recalculate the core count and allocation at reboot.\n------\n- **I95-44870 Mist Self-Registration and Onboarding:** Onboarding a Mist Managed SSR instance can be accomplished as part of the installation process. For details, refer to the steps to [Associate the Router with Mist](intro_installation_image.md#associate-the-router-with-mist) as part of the image-based installation. \n------\n- **I95-45670 BGP Conditional Advertisement:** When an SSR prefers a given provider for outbound traffic, it can now be configured to receive locally destined traffic specifically from that provider. For details and configuration information, see [BGP Conditional Advertisement.](config_bgp.md#bgp-conditional-advertisement)\n------\n- **I95-45679 Round trip time to packet acknowledgement:** A new TCP metric that samples round trip time from data sent to acknowledgement has been added.\n------\n- **I95-46562 Allow targeting another router or node when saving tech-support-info:** GUI: A button has been added to the **Logs** page in the GUI to download a tech-support-info bundle. This allows downloading a router's `tech-support-info` directly from the Conductor GUI.
\nPCLI: The PCLI command `save tech-support-info` can now collect logs from another node. Using the Conductor's PCLI, a `tech-support-info` bundle can be collected from a Managed Router or the HA peer.\n------\n- **I95-46747 Improved the Password user experience:** You now are re-propmpted up to three times for the current password if it is incorrect. If a new password does not meet the strength check, you are prompted with that information, and required to update the password. \n\n### Resolved Issues\n\n- **The following CVE have been addressed and resolved:** I95-45054, I9-45056, I95-45059, I95-45060, I95-45165, I95-46020, I95-46359. \n------\n- **I95-35228 DHCP waypoint addresses not displayed on standby node in UI:** Resolved an issue where the PCLI logic was not matching the GUI Network Interface table.\n------\n- **I95-39274 DNS-based services kill asset connection resiliency:** Resolved an issue where an internal commit was bouncing the kni254 interface and causing a series of connection resets.\n------\n- **I95-42438 Save Tech Support tries to run when SSR service is down:** In situations where the PCLI is still active, but the SSR service is down, trying to run `save tech support` will appear to work, but does not return any info. This issue has been resolved, and will return a message when information is not retrievable. \n------\n- **I95-43606 No communication between Routers:** In rare instances the BFD Pinhole feature experienced collisions between forward session flows. Session modification has been addressed and collisions are now avoided.\n------\n- **I95-43779 DHCP IP Address not releasing appropriately:** When the cable is physically disconnected and reconnected from DHCP-enabled interfaces, the interfaces are now triggered to send out a DHCP Request for their current IP address.\n------\n- **I95-44001 Peer uptime showing \"Unavailable\":** Peer path uptime now displays the correct values.\n------\n- **I95-44548 Application Summary Sort Order:** Resolved an issue with the Application Summary sort order changing unintentionally.\n------\n- **I95-44551 DHCP Relay not working after upgrade:** A packet for traffic matching a summary service may be dropped because it was incorrectly flagged as hierarchical on the SVR peer. Well known non-hierarchical services such as DHCP relay will no longer perform hierarchical service checks on the peer.\n------\n- **I95-44726 Invalid return code returned by T1 card firmware creating a memory leak:** Resolved a buffer leak in the wanpipe driver.\n------\n- **I95-44988 SSR Stuck in Upgrade status:** Improved logging to detect when an installer session is started and there is an already an active interactive installer session; for example when an interactive installer session was left open.\n------\n- **I95-45094 Unnecessary rotation of salt minion config:** Resolved an issue where the global.init and salt minion config are unnecessarily rotated and updated with no changes to the actual contents of the file.\n------\n- **I95-45126 Split-brain after the sync interface goes down:** Resolved an issue that if the SSR software experienced a crash while it owned an interface from an X553 device, other devices hosted by the same chip could be impacted.\n------\n- **I95-45164 `show-active-peers` missing some information:** Resolved a corner case where an RFC-compliant device ahead of a non-compliant device with a smaller MTU, the SSR misinterprets the non-compliant device's timeouts and the MTU will be unresolvable.\n------\n- **I95-45271 Error while trying to change appearance or selecting custom reports:** In some cases where error messages are vague, a path to the error location is provided. \n------\n- **I95-45372 Filters in the Routers Tab not working:** Resolved a logic issue with the GUI table.\n------\n- **I95-45489 `ifcfg` custom options issues:** Resolved an issue where interface ifcfg option changes were not being processed.\n------\n- **I95-45814 No Bandwidth statistics visible in GUI:** Resolved an issue when processing high numbers of services and service routes which prevented a subset of stats from being stored and displayed.\n------\n- **I95-45842 PCLI `show events` does not paginate correctly:** This issue has been resolved.\n------\n- **I95-45882 Rare case where an invalid DHCP server configuration generated:** This issue has been resolved.\n------\n- **I95-45890 Service paths for BGP over SVR routes are not being rebuilt:** Resolved an issue when the vector configuration is changed on a network interface, the service paths for BGP over SVR routes are not being rebuilt. \n------\n- **I95-45999 Azure Router Crash:** Added support for NetVSC/VF hotswapping to resolve this issue.\n------\n- **I95-46055 Add warning when transmit caps are too low:** Users now get a warning when configuring a traffic-engineering transmit-cap under 1Mbps.\n------\n- **I95-46114 SSR flooded with Highway messages:** The chatty `InterfaceMap::Exception: Unable to find path to peer` highway log has been suppressed. \n------\n- **I95-46136 Unused Application ID stats not being purged fast enough:** Resolved an issue where application ID stats tracked per client, per app, per next-hop are not cleaned up when inactive.\n------\n- **I95-46169 RIB Doesn't Update Connected Route After Changing Network Interface Address Prefix from /24 to /27:** Resolved an issue when changing the prefix length for a network interface address, the RIB was not updated and routing protocols were not aware of the change.\n------\n- **I95-46230 Highway Crash:** Resolved an issue where uncaught exceptions were causing highway issues.\n------\n- **I95-46314 Configuring Static Assignment with Client-Identifier Causes DHCP failure:** Updated config validation to verify that, within a single DHCP server host-service, all static assignments use unique client-identifiers.\n------\n- **I95-46332 VRRP Does Not Work with Ethernet Controller X710 for 10GbE SFP+:** Configuring VRRP on an Intel X700 series NIC can see discard broadcast packets due to the source pruning feature which is enabled by default. This change disables source pruning when VRRP is enabled on these NICs.\n------\n- **I95-46411 PPPoE over VLAN interface status missing in `show` commands:** Added atttribute to show the missing information. \n------ \n- **I95-46419 Forward Error Correction (FEC) with OutBound Only Fails:** Resolved an issue where FEC actions are not installed properly after the modifcation to resolve the outbound only path.\n------\n- **I95-46454 ICMP manager excessively logs ICMP echo replies with no matching context:** This issue has been resolved.\n------\n- **I95-46458 `set password` from PCLI hangs at \"Modifying password\":** This issue has been resolved. \n------\n- **I95-46613 Flow move may not happen without forward packet for outbound only sessions:** Resolved an issue that when a session has been idle for more than 10 seconds, sessions for outbound-only connections may not failover properly without a forward packet.\n------\n- **I95-46641 Modem lockup after reset on dual LTE system:** Resolved an issue with dual LTE modem lockup after reset.\n------\n- **I95-46822 Revertible failover traffic not restored when reverse traffic is present:** For a \"revertible-failover\" service policy, when the preferred path is restored and a session no longer traverses an internode dogleg path, it was taking several seconds for traffic to be restored when forward traffic is present; in situations where only reverse traffic is present, traffic may not be restored. This issue has been resolved.\n------\n- **I95-46931 Hardware using ConnectX6-DX fails to initialize:** Added support for this card variant.\n------\n- **I95-46959 PPPoE over VLAN not working when target interface is down:** Added code to bring up parent interface before VLAN interface.\n------\n- **I95-47111 Issues with redundant interfaces on startup:** Resolved an issue where the notifications for active interfaces may get lost when using VRRP for redundancy.\n\n## Release 5.6.0-44\n\n**Release Date:** May 20, 2022\n\n### New Features\n\n- **I95-10056 RADIUS support for Multi-Factor Authentication:** Integration between Radius user access and Role-based Access Control allows the SSR to support Multi-Factor Authentication using Yubikey. \n------\n- **I95-200118 Configuration Concurrency at Scale:** Support for multiple users concurrently editing the SSR configuration is now supported. For more information, see [Candidate Configuration](config_basics.md#candidate-configuration).\n------\n- **I95-32820 and I95-41915 STEP High Availability:** See [STEP High Availability](config_step_ha.md) for more information. \n------\n- **I95-37417 Additional factory default session-type configuration:** Added factory-default session-types for NetBIOS Name Service, NTP, and LDAP over UDP.\n------\n- **I95-37648 Configurable Password Policy:** The SSR password policies have been updated to provide a more secure experience. See [Password Policies](config_password_policies.md) for additional information.\n------\n- **I95-38430 Support for PPPoE over VLAN:** Added support for PPPoE over VLAN. See [VLAN Support on a PPPoE Interface](howto_pppoe_vlan.md) for configuration information. \n------\n- **I95-39712 Hierarchical Service Inheritance For STEP Learned Routes:** Child services now inherit routes of their parent services, when the parent route is learned through STEP. For more information see [Hierarchical Services.](config_STEP.md#hierarchical-services)\n------\n- **I95-40130 Factory Defaults for Conductor Communication:** Added SaltStack, Conductor, and IKE default session-types. For new deployments, SIP, SIPS, and IPSEC-NAT use NAT Keep Alive by default, and the timeout for IPSEC-NAT is 125 seconds.\n------\n- **I95-40660 Kernel Upgrade:** The OS kernel has been upgraded to address several CVEs and provide support for Wireguard and Cordoba.\n------\n- **I95-41449 NTP Authentication with SHA1 or better:** Support for NTP authentication provides options for external NTP server authentication. See [NTP Authentication](config_ntp_auth.md) for more information.\n------\n- **I95-41509 STEP Route Computation enhancements:** STEP uses additional service policy information when computing the best path scenario. See [STEP Route Computation](config_STEP.md#route-computation) for more information.\n------\n- **I95-41557 Software Lifecycle Management:** The download, upgrade, and software lifecycle process is more easily managed from a single location in the GUI. See [Software Lifecycle](upgrade_router.md#upgrade-using-the-conductors-gui) for additional information. \n------\n- **I95-42483 STEP Page in the GUI:** [The STEP page in the GUI](howto_STEP_GUI.md) provides graphical representations of STEP data. \n------\n- **I95-42887 Real-time alerts for Audit failure events:** A service has been added a service that warns all logged in users if auditd fails to start and audit logging capability is impacted. See [Audit Events](config_audit_event.md#basic-configuration) for more information. \n------\n- **I95-42888 Logout mechanism for administrator-initiated communication sessions:** A PCLI command and audit log are available to verify session closure.\n------\n- **I95-43039 File permissions, ownership/membership of system files and commands remain static:** Unauthorized or unintended changes are not introduced during the operation of the SSR Software.\n------\n- **I95-43040 Non-certificate trusted host is not allowed SSH logon to the system:** The SSH daemon performs strict mode checking and does not allow a non-trusted host SSH to logon to the system.\n------\n- **I95-43041 Datagram Congestion Control Protocol (DCCP) kernel module is disabled unless required:** The DCCP module is prevented from loading unless it is specifically required. \n------\n- **I95-43047 Local initialization files do not execute world-writable programs:** The directories are not world-writable.\n------\n- **I95-43049 The audit system notifies the user when there is an error sending audit records to a remote system:** Remote logging for audit logs and appropriate messaging has been added. See [Audit Events](config_audit_event.md#basic-configuration) for more information.\n------\n- **I95-43050 Strict mode checking of home directory configuration files:** The SSH daemon performs strict mode checking home directory configuration files.\n------\n- **I95-43051 Remote X connections are disabled except to fulfill documented and validated requirements:** X server is disabled as part of the mode checking of home directory configuration files. \n------\n- **I95-43496 BFD for Routing Protocols:** BFD support for BGP and OSPF protocols has been added. See [Optimizing Routing Protocols: BFD](config_bfd.md) for more information.\n\n## Resolved Issues\n\n- **I95-36758 Redistributed service route distance not configurable:** Support has been added for the configuration of admin distance for kernel routes generated by services with service routes and for BGP over SVR services. \n------\n- **I95-38408 DHCP server on wrong vlan sends offer in response to discover message:** Hosted DHCP servers that do not have an explicit vlan configured are now explicitly treated as vlan 0, and handle any DHCP packets that are untagged/vlan 0, in order to prevent those packets from being multicasted to multiple DHCP servers.\n------\n- **I95-40904 Power save mode not working:** This issue has been resolved.\n------\n- **I95-41992 Warning for Rate-Limit with Flow-Limit values at 0:** A warning has been added to advise users that this will cause dropped packets.\n------\n- **I95-43239 LTE APN on Modem not set up correctly:** The APN is now always written to the the modem using the default index of 1. \n------\n- **I95-44142 Automated Provisioner Race condition:** Resolved a rare crash where applications would attempt to get information about already-closed sockets when responding to API requests.\n------\n- **I95-44435 Save Tech Support should include Service Paths:** `save tech-support-info` includes `show service-path` and `show rib`.\n------\n- **I95-44722 Time series HMAC failures after rebooting node in HA router:** Device interfaces are flushed upon becoming active to avoid handling of packets which have been delayed due to inactivity.\n------\n- **I95-44726 Invalid return code returned by T1 firmware creating a memory leak:** Resolved a buffer leak in the wanpipe driver.\n------\n- **I95-44823 Conductor upgrade failure - extra space in integer is invalid:** Extra spaces on integer types are now trimmed off to avoid this issue.\n------\n- **I95-44854 Extra \"Application\" column in Top Sessions panel:** The extra column has been removed. \n------\n- **I95-44913 kmod-i40e metapackage causing upgrade issues:** The metapackage has been removed and upgrade issues have been resolved.\n------\n- **I95-44985 Update salt-minion minimum version to resolve CVEs:** This issue has been resolved. \n------\n- **I95-44991 SSR not passing Aruba data on GRE Tunnels:** Resolved an issue where GRE packets with reserved bit in the header are incorrectly dropped as invalid.\n------\n- **I95-45063 SSR azure instances unstable on large machine types:** Resolved an unpgrade issue causing instability in Azure instances using Mellanox5. \n------\n- **I95-45113 snmp override of the IfTable:** An issue with SNMP reporting has been resolved.\n------\n- **I95-45123 CVE Issue:** The latest Security vulnerabilities have been identified and addressed.\n------\n- **I95-45124 RBAC Config Endpoints Leaking Information:** Resolved an issue where some configuration endpoints would allow users with incorrect permissions make requests.\n------\n- **I95-45146 GUI error message for users authenticated by LDAP to Active Directory Server:** This issue has been resolved.\n------\n- **I95-45162 Improve download/upgrade error message if a router name does not exist:** In situations where a router does not exist, the download and upgrade message now indicates that the router does not exist.\n------\n- **I95-45211 New users run into permissions errors:** Access Control Lists are now preserved on file rotations.\n------\n- **I95-45220 Conductor local forwarding parameters not dynamic:** Resolved an issue when transitioning a conductor from standalone to HA the managed routers were not automatically connecting to the newly added conductor node.\n------\n- **I95-45268 Third-party-drivers rpm install hung:** Resolved an issue where the installation hangs when running a post-install scriptlet. The script is not necessary at that stage and has been disabled.\n------\n- **I95-45348 Update salt master and minion to 3002.8:** This update resolves several CVE and requires that the conductor must be running this release containing these fixes **before** upgrading a router. \n**Important** Please see the Caveat below for additional important information about HA upgrades.\n------\n- **I95-45374 Router Dropping SIP traffic:** A warning is displayed if users configure a service-class to rate-limit but don't set max-flow-burst/max-flow-rate values (default is set to 0).\n------\n- **I95-45541 LDAP users are unable to login to the PCLI due to permission errors:** This issue has been resolved.\n------\n- **I95-45559 Corrupted resolv.conf after ODM imaging:** Resolved an issue on SSR systems running dns-proxy services with external interfaces configured using PEERDNS=yes, where a race condition may occur that results in corrupt nameservers being added to the /etc/resolv.conf file.\n------\n- **I95-45583 HA Connection lost during commit:** Resolved an issue where session was missing necessary path data information relating to the peer path.\n------\n- **I95-45618 MAC address issue in Azure environment:** Non-ethernet MAC addresses are now handled correctly during MLX device discovery.\n------\n- **I95-45641 Stuck BGPoSVR Sessions after Failover:** Made changes to provide updates to less specific FIB entries when routes are updated to resolve this issue.\n------\n- **I95-45643 User created users missing after upgrade:** Resolved an issue where the XML values true/false are also handled as 1/0.\n------\n- **I95-45696 Memory leak in pam challenge library:** Resolved a memory leak in the PAM challenge library. \n------\n- **I95-45779 LDAP user login blocked during HA upgrade:** Resolved an issue where the LDAP user login was blocked until the upgrade was complete on both HA conductors.\n------\n- **I95-45761 SSH ClientAliveInterval change:** The SSH `ClientAliveInterval` has been reset to 900.\n------\n- **I95-45783 User home directories different across the topology during upgrade:** Resolved an issue with incorrect LDAP user roles during upgrade.\n------\n- **I95-45816 \"TCP State Stream Parse Error\" filling up the flpp.log:** This log issue has been addressed. \n\n## Caveats\n\n- **I95-45348: Update salt master and minion to 3002.8:** When upgrading an HA pair to version 5.6.0, please be aware of the following: While updating the conductors in an HA pair, the upgraded conductor node asset state will remain DISCONNECTED if the active `automatedProvisioner` is not running a corrected version. When performing an HA conductor upgrade the node running the oldest software assumes leadership. However, the older version will not be able to talk to the new software on the upgraded conductor. \n\nThe active `automatedProvisioner` can be determined by running the command `show system processes`. Once the upgrade begins on the old node, the newly upgraded conductor takes over.\n\n#### Corrected Versions\n\n| Router Software Version | Minimum Required Conductor Version |\n| --- | --- |\n| 5.6.0 | 5.6.0 or later |\n\n"} \ No newline at end of file +{"content":"---\ntitle: SSR 5.6 Release Notes\nsidebar_label: '5.6'\n---\n:::info\nIssues resolved in a release are merged into subsequent releases chronologically AND lexicographically. \n\nIf you do not see an issue listed below, it may have been resolved in another recently released version. A link to the Release Notes for the most recent chronological release of SSR Software is provided.\n\nAlternatively, refer to the **[List of Releases](about_releases.mdx)** page for release dates and links to all SSR Release Notes; or, if you know the Issue ID Number, enter that into the Search field at the top right of this page.\n:::\n\n### Upgrade Considerations\n\n:::important\nBefore upgrading please review the [**Upgrade Considerations**](intro_upgrade_considerations.md) and the [**Rolling Back Software**](intro_rollback.md) pages. Several modifications have been made to the process for verifying configurations, which will impact existing configurations.\n:::\n\n- **I95-43243/IN-460 Upgrade and Rollback:** Upgrading or rolling back a system (conductor peer or router) with the interactive installer `install128t`, that is managed by a conductor may result in the system becoming unresponsive. It is highly recommended that upgrades be performed through the conductor UI. Manual upgrades and rollbacks may not be resilient to failures. See [Rolling Back Software](intro_rollback.md) for more information on these operations.\n------\n- **I95-42452 Conductor Upgrade Time:** Upgrades to version 5.4 and above can take up to 40 minutes due to the number of rpms being upgraded. Please plan accordingly.\n------\n- **I95-42624 Upgrade Installer:** Before **upgrading to, or installing** version 5.4 and above, update the Installer to at least version 3.1.0. Failing to upgrade the installer may result in a rollback failure, should a rollback be necessary at any time. The Installer typically prompts you update when a new version is available. Select **Update** when prompted.\n------\n- **Plugin Upgrades:** If you are running with plugins, updates are required for some plugins **before** upgrading the conductor to SSR version 5.4.0 or higher. Please review the [Plugin Configuration Generation Changes](intro_upgrade_considerations.md#plugin-configuration-generation-changes) for additional information. \n\n## Release 5.6.16-16\n\n**Release Date:** November 25, 2024\n\n### Resolved Issues\n\n- **The following CVE's have been identified and addressed in this release:** \nCVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094, CVE-2019-13631, CVE-2019-15505, CVE-2019-25162, CVE-2020-25656, CVE-2020-36777, CVE-2021-3753, CVE-2021-4204, CVE-2021-46934, CVE-2021-47013, CVE-2021-47055, CVE-2021-47118, CVE-2021-47153, CVE-2021-47171, CVE-2021-47185, CVE-2022-0500, CVE-2022-23222, CVE-2022-3565, CVE-2022-45934, CVE-2022-48627, CVE-2022-48669, CVE-2023-1513, CVE-2023-24023, CVE-2023-25775, CVE-2023-28464, CVE-2023-31083, CVE-2023-3567, CVE-2023-37453, CVE-2023-38409, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-39198, CVE-2023-4133, CVE-2023-4244, CVE-2023-42754, CVE-2023-42755, CVE-2023-45863, CVE-2023-51779, CVE-2023-51780, CVE-2023-52340, CVE-2023-52434, CVE-2023-52439, CVE-2023-52445, CVE-2023-52448, CVE-2023-52477, CVE-2023-52489, CVE-2023-52513, CVE-2023-52520, CVE-2023-52528, CVE-2023-52565, CVE-2023-52574, CVE-2023-52578, CVE-2023-52580, CVE-2023-52581, CVE-2023-52594, CVE-2023-52595, CVE-2023-52598, CVE-2023-52606, CVE-2023-52607, CVE-2023-52610, CVE-2023-52620, CVE-2023-6121, CVE-2023-6176, CVE-2023-6240, CVE-2023-6622, CVE-2023-6915, CVE-2023-6932, CVE-2024-0340, CVE-2024-0841, CVE-2024-23307, CVE-2024-25742, CVE-2024-25743, CVE-2024-25744, CVE-2024-26593, CVE-2024-26602, CVE-2024-26603, CVE-2024-26609, CVE-2024-26610, CVE-2024-26615, CVE-2024-26642, CVE-2024-26643, CVE-2024-26659, CVE-2024-26664, CVE-2024-26671, CVE-2024-26693, CVE-2024-26694, CVE-2024-26743, CVE-2024-26744, CVE-2024-26779, CVE-2024-26872, CVE-2024-26892, CVE-2024-26897, CVE-2024-26901, CVE-2024-26919, CVE-2024-26933, CVE-2024-26934, CVE-2024-26964, CVE-2024-26973, CVE-2024-26993, CVE-2024-27014, CVE-2024-27048, CVE-2024-27052, CVE-2024-27056, CVE-2024-27059, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602, CVE-2024-32487, CVE-2023-4408, CVE-2023-50387, CVE-2023-50868, CVE-2023-4408, CVE-2023-50387, CVE-2023-50868, CVE-2024-3596.\n------\n- **I95-47195, I95-47196, I95-49015, I95-49599, I95-56682 Forwarding plane crash, causing stranded network namespaces when LTE/PPPoE network-interface name is changed:** Implemented reinit script to reiniatilize namespace, KNI and target-interface after a configuration change in the network-interface.\n------\n- **I95-49018 Peers are not coming up for PPPoE interface on a standalone setup:** Reintroduced network `reinit` script to reinitialize namespace, KNI, and target-interface after a config change in the `network-interface`, or under abnormal conditions such as the `target-interface` being moved out from the namespace.\n------\n- **I95-49218 Filter OSPF routes using RIB Policy routes:** Use the `configure authority router routing rib-policy` command from either the routing default-instance (`configure authority router routing`) or inside `configure authority router routing vrf` to provide addtional filtering for OSPF routes. For more information see [`configure authority router routing rib-policy`](config_command_guide.md#configure-authority-router-routing-rib-policy) and [`configure authority router routing vrf rib-policy`](config_command_guide.md#configure-authority-router-routing-vrf-rib-policy).\n------\n- **I95-49712 Configuration validation error uniformative:** Resolved an issue that when configuring an SSR, invalid configuration parameters were returning errors that were not specific enough to allow the user to locate the invalid configuration. Now when invalid configuration elements are identified during validation, the messages include relevant information for the invalid element, such as an IP address, node name, router name, interface names, etc.\n------\n- **I95-56203 The First Article Inspection (FAI) scan archive is empty:** Resolved an issue with `logrotate` clearing all the FAI scan archives. This was due to each archive having a unique name using a timestamp. A different service is now used to rotate the FAI scan files.\n------\n- **I95-56236 Routers unable to onboard after upgrading the Conductor:** Resolved an issue where the automated provisioner and the Quickstart processes overlapped, preventing the device state from being reviewed for errors, which stopped the onboarding process. \n------\n- **I95-56326 / I95-57000 Potential crash while collecting TSI:** Added protection against unmapped memory access to resolve an issue where, if a TSI is collected at just the wrong time, it can cause a highway crash.\n------\n- **I95-56455 Zero-byte files when updating conductor hardware using an OTP image:** A check has been added to verify that `api.key` and `router-api.key` are non-zero length and valid. If not, the keys are regenerated.\n------\n- **I95-56527 Failure to validate and commit config; system incorrectly expected escape sequence:** Resolved an issue where capture-filter expected an escape sequence for input when it was not necessary. \n------\n- **I95-56575 Reduce polling rate of disk monitoring and add optimization:** The disk monitoring agent polling frequently is inefficient. Reduced the frequency that disk usage is checked, and streamlined the process.\n------\n- **I95-56612 `fib-service-match any-match` missing some FIB entries:** Resolved an issue when a service-address was more specific than the last route update, a search for other less specific services was not performed. Now when the service address update is more specific, additional searches will continue. \n------\n- **I95-56715 Address validation in migrate feature in conductor UI is not working correctly:** Resolved an isssue between the client and the server during the use of the GUI `migrate` operation, where the conductor address was not read correctly, and returning an irrelevant error message. \n------\n- **I95-56726 `No Timeout Queue` message logged in cases where a config commit fails, or a conductor fails to load a config on startup:** Resolved an issue with `ThreadPoolWithExternalPoller` that resulted in a stack trace in the logs which starts with message `No TimeoutQueue:`.\n------\n- **I95-56727 Domain names that begin with numbers are not allowed to be configured:** Warnings are no longer generated for domain-name elements of service configurations which have labels beginning with a number, for example `123.abc.com`.\n------\n- **I95-56822 Router stuck in a continuous upgrade/failure state:** DNS name servers changes on the conductor are not honored. In cases where the DNS configuration changed post boot, the conductor software proxy would not reload the config. In this scenario the proxied router software requests would use an out of date DNS configuration for the proxied requests, resulting in failure. \n------\n- **I95-56827 NTP Auth key only permits keys of 20 or 40 characters:** Loosened restrictions on NTP server key length to allow plaintext keys.\n------\n- **I95-56843 Error logs filled with irrelevant KNI network script info:** The log output has been reduced to provide related information.\n------\n- **I95-56847 lte / pppoe default-route check incorrectly reporting warnings:** Resolved an issue where warnings were incorrectly shown on the conductor for interfaces without `default-route` or `management-vector` configured.\n------\n- **I95-56850 Overlap warning on router not present on conductor:** Resolved a case where a service on a router is configured with `applies-to`, and the same service is configured on the conductor (overlap) but does not have `applies-to` configured, the validation process will generate a warning on the router but not the conductor. \n------\n- **I95-56879 PPPoE stopped working:** Resolved an issue where the system configuration for the PPPoE interface was missing LCP_FAILURE and LCP_INTERVAL fileds. These fields are now set correctly.\n------\n- **I95-56973 Child services do not inherit the service-path configurations from the parent service:** Resolved an issue where child service routes for peers were not inheriting vectors and the `enable-failover` field.\n------\n- **I95-57017 Application ID failed to block some domains:** Resolved an issue where DPI failed to identify the domain-name from SNI if the `client-hello` is split up into multiple TCP packet segments.\n------\n- **I95-57082 Unable to delete a capture-filter that contains a forward slash (/):** This issue has been resolved. \n------\n- **I95-57110 Crash seen during add and delete peers while sending traffic:** A race condition has been fixed that could cause a crash in the packet-processing highway process if a peer-path is removed from configuration.\n------\n- **I95-57114 Unable to upgrade AWS Conductor:** Resolved an issue where an incorrect package version was installed, triggering a downgrade and preventing the upgrade.\n------\n- **I95-57205 Race condition on startup with DHCP configured on LTE or PPPoE interface, causing system to crash:** This issue has been resolved.\n------\n- **I95-57538 WayPoint exception - failing to allocate waypoint ports on mesh peer re-establishment:** Resolved an issue where a configuration change may cause existing waypoint ports to become invalidated, creating an exhaustion scenario.\n------\n- **I95-57578 Candidate configuration values not showing in GUI:** Resolved an issue that caused configuration drop-downs in the GUI for tenants and services to only display values from the running configuration, not the candidate configuration.\n------\n- **I95-57593 No option to require password change on first login:** Added a Require Password Change On First Login checkbox to the Create User dialog. Previously this feature was only available in the create-user command.\n------\n- **I95-58201 Increase AMD performance:** Throughput performance on AMD processors has been improved through the tuning of some kernel parameters.\n------\n- **I95-58528 SSR OS renaming:** The SSR OS has been renamed/rebranded from \"CentOS7\" to \"SSR OS\" to more accurately reflect its customized Linux distribution. All internal naming has been updated. \n------\n- **I95-58682 Adjust the inactivity timer range to allow for Azure policy limits:** Updated the `inactivity-timer` range to allow for values as low as 30 seconds. Resoved an issue that would have used an incorrect default setting of 3600 instead of 900 seconds in certain scenarios. \n\n## Release 5.6.15-1\n\n**Release Date:** June 27, 2024\n\n### Resolved Issues\n\n- **The following CVE's have been identified and addressed in this release:** CVE-2024-2973\n\n## Release 5.6.14-7\n\n**Release Date:** May 14, 2024\n\n### Resolved Issues\n\n- **The following CVE's have been identified and addressed in this release:** CVE-2020-22218, CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952, CVE-2023-40217, CVE-2023-20569, CVE-2022-43552, CVE-2023-48795, CVE-2023-2176, CVE-2023-40283, CVE-2023-4623, CVE-2024-22019, CVE-2023-46724,CVE-2023-46728, CVE-2023-49285, CVE-2023-49286, CVE-2023-50269, CVE-2024-25617.\n------\n- **I95-50697 RFC1918 sessions (private IP addresses) are reclassified in error:** When a session destined for a private IP (RFC1918) experiences an App-ID modify, the session will now only be reclassified if the classification data reflects a positive classification change.\n------\n- **I95-52251 Changes to the conductor address on the router result in loss of ssh connection to the router:** Resolved an issue where changing the router level `conductor-address` did not update the salt-created services with the new addresses.\n------\n- **I95-52500 SVR multi-hop failover causes traffic to drop when using outbound-only:** Added a session ID lookup to resolve a situation where sessions failing between multi-hop SVR and direct SVR connections may lead to duplicate flow exceptions and dropped traffic.\n------\n- **I95-53216 Unable to change password for users managed through external user databases (such as LDAP or RADIUS):** Resolved an issue that caused a Password Change dialog to appear for remotely authenticated users.\n------\n- **I95-54127 Users managed through external user databases (such as LDAP or RADIUS) cannot generate or view TSI:** Resolved an issue that did not provide a home directory for custom roles, which prevented LDAP users from viewing the systemd journal.\n------\n- **I95-54750 Load Balancer API Calls not working:** The original API and Swagger documentation used `Load Balancer`, which was misleading. The `Reachability Detection` REST APIs have been updated to use `Reachability Detection` as reference, instead of `Load Balancer`.\n------\n- **I95-54833 HA port is showing as redundant:** Resolved an issue where adding a device-interface back into the configuration after it was removed did not recreate the device-state.\n------\n- **I95-54867 SSR-1300 baud rate set incorrectly:** Resolved an issue where the incorrect baud rate was allowed. The only allowed baud rate for the SSR is now 115200. This is the default rate.\n------\n- **I95-54918 Highway process crashed on the active node of a router:** Resolved a crash caused by a race condition when the last instance of a capture filter referencing a particular file-name is removed while a packet is in the process of being captured.\n------\n- **I95-55069 One HA node is missing from the Mist GUI:** Resolved an issue where a managed router had an empty product version config metadata field, which resulted in the conductor version metadata field being cleared.\n------\n- **I95-55164 Dropping GRE encapsulated packets:** Classification support for Enhanced GRE Header, version 1, as defined by RFC 2637 Point-to-Point Tunneling Protocol (PPTP) has been added.\n------\n- **I95-55208 Asset fails to transition state and never reaches RUNNING:** In some cases where the RPM database may be corrupt or another process holds an indefinite lock, the highstate will block other processes from starting. A timeout has been added for the `rpm -q` process in highstate to allow other processes to run. \n------\n- **I95-55226 Validation incorrectly allows a network interface to be used as both DHCP relay and server:** The validation process has been updated to include several checks against DHCP relays, clients, servers, and access-policies.\n------\n- **I95-55270 DHCP server not coming up:** Resolved an issue where a network namespace was using a namespace ID that was not cleaned up properly after removal.\n------\n- **I95-55389 Queries for private domains with Websense classified as Miscellaneous:** Domains categorized by Websense as Uncategorized are now classified as Uncategorized/Uncategorized, rather than Miscellaneous/Uncategorized.\n------\n- **I95-55550 node0 went down and did not fail over to node1:** Multiple disk errors caused corruption on the `128T_root` filesystem causing it to enter `read-only` mode and becoming non-responsive. To resolve this issue, issues in the filesystem now result in kernel panic mode, launching a reboot and in HA systems, failover. Additionally, the filesystem check is run to check and repair the filesystem. \n------\n- **I95-55586 GraphQL API returns `IsActive` incorrectly if the `device-interface` is `vrrp_standby`:** The `router-peer-path` setting now returns the correct value when in `vrrp-standby`.\n------\n- **I95-55591 Some network interface stats are not updated:** Some network interface stats are not updated with the port name when a device interface is renamed. Device interface name changes are now handled correctly, and `network-interface` metrics are properly updated when `device-interface name` changes.\n------\n- **I95-55603 HA router stuck in connected state due to runtime corruption issue:** Resolved an issue causing an unzip race condition with Python files. The packaging and installation process has been improved to prevent this issue.\n------\n- **I95-55762 Unable to view more than 50 prefixes in BGP:** Updated the routing engine to display all rows for BGP show commands if a count parameter is not specified.\n------\n- **I95-55764 Race condition and highway crash with DHCP devices:** Resolved a race condition that caused a highway crash when the DHCP client is configured for LTE or PPPoE, and the respective link flaps prior to the lease being assigned.\n------\n- **I95-55830 Rollback results in missing Admin user:** Resolved an issue where HA nodes running mixed versions of 5.6.0 or greater with versions less than 5.6.0, the admin user could be temporarily removed until both nodes were upgraded or rolled back to the same version.\n------\n- **I95-55848 / I95-56403 Session traffic is black-holed during path failover when `nat-keep-alive` is in use:** Resolved an issue where an outbound-only session with a `nat-keep-alive` moved from a dogleg path to a direct inter-router path. This causes repeated session modifications on the hub side and drops reverse traffic.\n------\n\n- **I95-55904 No service-paths seen after upgrade:** Resolved an issue where adding services with overlapping address prefixes prevented the configuration from being applied. For additional details, refer to the Knowledge Base article [Upgrade from 5.6 to 6.1 may result in missing FIB entries](../kb/2024/04/24/I95-55904). \n------\n- **I95-55912 Validate Patterns for Service Domains and URLs:** The `url` and `domain-name` fields on a service were an unformatted string. This allowed you to configure fields that would be silently discarded. The `domain-name` and `url` fields within services are now validated for correctness and viability from an App-ID perspective. Anything to be ignored during validation now triggers a config warning.\n------\n- **I95-55949 Silicom Valencia Atom C1130 CPU flags are not properly detected:** Resolved an issue where the `cpuinfo` parser fails due to a collision between the processor key name and value - the Silicom Valencia model name in the `cpuinfo` contains the word `processor`. \n------\n- **I95-56263 Add `show capacity`, and debugging commands to the TSI output:** Support for additional information in the TSI output has been added.\n------\n- **I95-56475 HA-sync network interface shows warning after router upgrade:** Resolved an issue where non-forwarding interfaces would appear to be administratively down in the web UI when they were not.\n------\n- **I95-56492 Sessions configured for outbound-only with nat-keep-alive enabled experience reverse flow packet drops after flow migration:** A flow move from a WAN path to an inter-router path causes repeated session modifies on the hub side causing reverse traffic packet drops due to NAT keepalives incorrectly testing the failed WAN path for the migrated session. This issue has been resolved.\n------\n- **I95-56541 Include kernel journal entries in TSI:** A separate `kernel.log` journal file is now created in the TSI output.\n------\n- **I95-56575 Reduce polling rate of disk monitoring and add optimization:** The `ComponentDiskUtilizationMonitor` checks the disk usage too frequently and is inefficient. Reduced the frequency that disk usage is checked, and streamlined the process.\n------\n- **I95-56600 Add `show tenant members` to the TSI output:** `show tenant members` and additional network scripts have been added to the TSI output.\n\n## Release 5.6.13-7\n\n**Release Date:** January 30, 2024\n\n### Resolved Issues\n\n- **The following CVE's have been identified and addressed in this release:** CVE-2022-41974, CVE-2023-32360, CVE-2023-22045, CVE-2023-22049, CVE-2022-41741, CVE-2022-41742, CVE-2020-12321, CVE-2023-2650, CVE-2023-3446, CVE-2023-3817, CVE-2023-3341, CVE-2023-22081, CVE-2022-0934, CVE-2023-46847, CVE-2021-43975, CVE-2022-28388, CVE-2022-3594, CVE-2022-3640, CVE-2022-38457, CVE-2022-40133, CVE-2022-40982, CVE-2022-42895, CVE-2022-45869, CVE-2022-45887, CVE-2022-4744, CVE-2023-0458, CVE-2023-0590, CVE-2023-0597, CVE-2023-1073, CVE-2023-1074, CVE-2023-1075, CVE-2023-1079, CVE-2023-1118, CVE-2023-1206, CVE-2023-1252, CVE-2023-1382, CVE-2023-1855, CVE-2023-1989, CVE-2023-1998, CVE-2023-23455, CVE-2023-2513, CVE-2023-26545, CVE-2023-28328, CVE-2023-28772, CVE-2023-30456, CVE-2023-31084, CVE-2023-3141, CVE-2023-31436, CVE-2023-3161, CVE-2023-3212, CVE-2023-3268, CVE-2023-33203, CVE-2023-33951, CVE-2023-33952, CVE-2023-35823, CVE-2023-35824, CVE-2023-35825, CVE-2023-3609, CVE-2023-3611, CVE-2023-3772, CVE-2023-4128, CVE-2023-4132, CVE-2023-4155, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208, CVE-2023-4732, CVE-2022-45884, CVE-2022-45886, CVE-2022-45919, CVE-2023-1192, CVE-2023-2163, CVE-2023-3812, CVE-2023-5178, CVE-2023-38406, CVE-2023-38407, CVE-2023-47234, CVE-2023-47235.\n------\n- **I95-38188 Re-Homing an SSR in certain circumstances leaves residual services:** If an SSR is rehomed from an HA conductor to a standalone conductor, the services pointing to the second node of the HA conductor were not removed. Resolved the issue where the reverse SSH tunnels from a managed router to the second HA conductor node were not cleaned up if the conductor was converted back to a standalone conductor.\n------\n- **I95-48783 Conductor process logs are unbounded, risking storage exhaustion:** `auditd` logs consuming the disk space when the node monitor is in a disconnected state and the audit logs are left unconsumed. There was a limit to the log file size, but not the number of files. The number of files is now limited.\n------\n- **I95-50493 Memory calculation for alarms is confusing:** This alarm was designed to trigger when memory usage went above 90% and clear only when memory usage went below 80%, causing confusion. The memory usage alarm no longer requires memory usage to go below 80% to clear; it will clear when memory usage goes below 90%.\n------\n- **I95-50540 Denied traffic events not displaying in the GUI or PCLI:** Resolved an issue that prevented displaying denied traffic events in the `show events` PCLI command and in the GUI. Users would see `% Error: Unhandled TypeError: list indices must be integers or slices` in the PCLI, and `An unknown traffic event occurred` in the GUI. \n------\n- **I95-51191 BFD metrics not cleaned up properly:** The BFDAgent holds onto the stats for peer paths; If the config is changed on a router, new stats are made but the old ones were not being deleted. The old BFD by-peer-path stats are now deleted when a VLAN configuration change is made.\n------\n- **I95-51459 Logs and exception pcaps are periodically filled with error logs and truncated packets:** Resolved an issue where ICMP error respond packets for encapsulated traffic caused `PacketBufferDataNotFound: Could not find specified data in packet` error logs to be generated, or truncated packets to arrive in the FastLane exceptions pcap. \n------\n- **I95-51492 Password expiration not working:** This issue has been resolved. Adminstrators must use the global setting `configure authority password-policy lifetime N ` to indicate that all user passwords must be changed every `N` days.\n------\n- **I95-51663 TCP port reuse causing application steering crashes:** Resolved an issue where backwards state transitions was causing an issue with the TCP client reusing ports. \n------\n- **I95-52018 Overlapping IP Prefix validation may be incorrect, causing a false configuration warning:** Configuration validation for IP Prefixes has been corrected.\n------\n- **I95-52414 RBAC not being honored for `show fib` output:** Resolved an issue where `show fib` included entries that the current user did not have permission to view.\n------\n- **I95-52540 Metrics infrastructure resource consumption:** The reporting infrastructure reaching load capacity led to data gaps in custom graphs. Several internal optimizations have been implemented to address this issue. However, to reduce the metrics infrastructure load, metrics in the GUI regarding firmware-generated services, service routes, and tenants will no longer be tracked.\n------\n- **I95-52799 Display Lock Status/Failed Login Attempts in the PCLI and GUI:** Add a \"Lock Status\" column to the User table as well as the User Details pane, with more details availble on hover. The `show user` command now includes two new rows, \"Lock Status\" and \"Last Failed Login\". For command details, please see [`show user lock-status`](cli_reference.md#show-user-lock-status).\n------\n- **I95-52889 Highway crash caused by a false negative waypoint exhaustion check:** Waypoint ports reinitialization that is triggered by a false negative exhaustion check can lead to duplicate waypoints and reverse flows on two sessions resulting in a highway crash. This issue has been resolved.\n------\n- **I95-53344 Exception on device interface tear down terminates process:** Resolved a rare case where Highway process can terminate and core during config changes if there is an underlying exception to a device-interface on removal.\n------\n- **I95-53393 Empty password attempts not counting towards user lockout:** The SSR counts login attempts with an empty password as failed login attempts. These contribute to locking a user account if they reach the threshold (the value configured in `configure authority password-policy deny`,) within a short time window. \n------\n- **I95-53472 Service Routes passing validation on conductor but then failing on local router:** The validation process on the conductor has been updated to identify service-routes with deleted or empty destination lists as invalid. \n------\n- **I95-53538 Custom audit rules not preserved on SSR upgrade:** Resolved an issue where the image-based upgrade (IBU) was not preserving audit rules or `dnf.conf`.\n------\n- **I95-53787 Stats not present on conductor:** Running `show device-interface router all` on a conductor caused stats (in-octets, in-unicast-pkts, etc.) to be incorrectly displayed as \"n/a\" instead of the correct value. This issue has been resolved.\n------\n- **I95-53852 `host-service snmp-server` blocks SVR pings to a `network-interface` owned address:** Ping traffic was hitting the generated (wildcarded) snmp-server service. The session could not setup due to security policy conflicts. This issue has been resolved; the generated service from an snmp-server host-service now has a UDP transport.\n------\n- **I95-53858 Active sessions counter continuously incrementing:** The SSC active sessions counter has been updated to correctly handle session removal. \n------\n- **I95-53875 The `show stats service-area sent success` metric was retained longer than needed:** Resolved an issue where the `stats default retention short` setting was not being honored.\n------\n- **I95-53894 DNS cache-service does not start:** Resolved a race condition that causes the DNS process to fail to start. The log message `No TimeoutQueue:` can be seen in the logs during this condition.\n------\n- **I95-53916 Pre-existing Teams interfaces conflict with HA interfaces:** In a Mist-managed HA configuration where an HA node has been configured with non-default HA interfaces, performing a release operation on a node in an HA pair leaves the pre-configured HA interfaces in place, and creates a conflict when a new configuration is pushed down from Mist. This would prevent the HA node from operating correctly and forming its HA connections again. This issue has been resolved, and the release operation now removes any pre-existing HA interfaces.\n------\n- **I95-53920 Password expiration being applied to remote users:** Resolved an issue that incorrectly enforced password expiration (`configure authority password-policy lifetime`) to RADIUS users.\n------\n- **I95-53986 `nodeMonitor` failed to get data for `show platform disk`:** Some of the dynamic access for `smartctl` objects were not protected. A check for the object existence has been added before attempting to read it.\n------\n- **I95-54086 Conductor memory exceeded:** In certain cases the salt master on the conductor could grow indefinitely in memory. This may be related to situations with both poor connectivity and the use of the `asset-connection-resiliency` feature. An update to the salt package has been made to resolve this issue.\n------\n- **I95-54155 nodeMonitor coredump on secondary node after upgrade:** During an upgrade where `deviceType` was `LTE` the attempt to get a linux interface name (not supported) failed. This issue has been resolved by implementing a device interface type verification.\n------\n- **I95-54180 Unable to fetch reports from Conductor GUI:** A refactor moved the connectivity check exception, which prevented a service restart. This has been resolved, and the stats now being written to the database and GUI tables.\n------\n- **I95-54189 Application mapping does not correctly match services:** Resolved an issue where the application director was misclassifying sessions due to IP overlap; this is a valid configuration, when services use an IP address with different ports assigned to different services. The SSR now recognizes these different port configurations.\n------\n- **I95-54271 Race condition after a configuration change related to the source nat:** Resolved a rare condition wherethe SharedNatPool was being reset while it was accessed for session setup. This caused a race condition that led to a highway process crash. \n------\n- **I95-54294 Unable to delete capture-filter created with `&&` operator:** Resolved an issue that disallowed deleting capture-filters containing `&&`. Customers on older versions of software can work around this by creating capture-filters using `and` instead of `&&`.\n------\n- **I95-54340 Hub-to-spoke sessions break when failing over from outbound-only Path:** When a session modify occurs due to an ingress change (inter-node -> inter-router) AND an egress change is also detected, the incorrect security was being looked up for the old flow, causing an exception to be thrown and the modify to fail. This would present itself as dropped packets and in logs as a SecurityNotFound error. This issue has been resolved. \n------\n- **I95-54490 Permission denied when trying to open a user config file:** Resolved a permissions issue for the `connect router` command by adding ACLs for reverse SSH so that this is accessible for admin users.\n------\n- **I95-54512 SSR130 moved into an HA cluster does not come up properly:** Resolved an issue where the generation of an improper configuration could lead to a crash loop in the NodeMonitor process.\n------\n- **I95-54803 Control packets are treated with equal priority in overload conditions, causing drops:** Control packets now have preferential treatment under overload conditions, reducing the drop rate. \n------\n- **I95-55002 Password reset loop:** Resolved an issue that caused users created with the **Require password change on first login?** set to `yes` to get stuck in an infinite loop of password changes when logging in using the GUI.\n------\n- **WAN-2486 SSR data reporting values that are unrealistically high:** When capturing application usage for application summary learned apps, we sometimes observe really high values for bandwidth and other metrics.\nResolution: The high value was due to an internal corruption when the metrics for these learned applications were removed and added. During such transition there may be memory corruption resulting in the bogus high value. The part of the solution is to ensure the transition happens more gracefully.\n------\n- **WAN-2547 Invalid memory access producing incorrect bandwidth values:** Implemented a resolution that identifies the invalid memory access, and drops values that are out of scope or otherwise invalid.\n\n## Release 5.6.12-1\n\n**Release Date:** October 20, 2023\n\n### Resolved Issues\n\n- **I95-53833 Timeout prevents startup:** Resolved a regression introduced in 5.6.11 in the SSR reboot startup logic. If any of the processes took longer than 30 seconds to complete, the startup sequence was abandoned and rendered the platform inoperable. This issue has been resolved.\n\n## Release 5.6.11-4\n\n**Release Date:** October 2, 2023\n\n### Resolved Issues Requiring Configuration Changes\n\n- **I95-48174 Expand supported values for DHCP option:** DHCP option 43 is now a supported option, as well as a binary encoded-type (hex/byte) support. Valid examples are `0xabcdef` and `0x123456`.\n------\n- **I95-51181 Improve `save-tech-support-info` command:** The PCLI command `save tech-support-info` now has a default of one day. Additionally, a `since` argument has been added that limits log collection to only logs generated after the specified value. The `since` argument can be a relative time delta or an absolute timestamp. The GUI's About and Logs pages has the same functionality with a drop down that allows limiting the time window for the displayed/downloaded logs/tech-support-info.\n------\n- **I95-52406 Add ability to download MIBs from GUI:** A button has been added to the GUI, in the Documentation pane of the About Page, to download the SNMP MIB definitions for SSR.\n\n### Resolved Issues\n\n- **The following CVE's have been identified and addressed in this release:** CVE-2021-26341, CVE-2021-33655, CVE-2021-33656, CVE-2022-1462, CVE-2022-1679, CVE-2022-1789, CVE-2022-2196, CVE-2022-2663, CVE-2022-3028, CVE-2022-3239, CVE-2022-3522, CVE-2022-3524, CVE-2022-3564, CVE-2022-3566, CVE-2022-3567, CVE-2022-3619 ,CVE-2022-3623, CVE-2022-3625, CVE-2022-3628, CVE-2022-3707, CVE-2022-4129, CVE-2022-20141, CVE-2022-25265, CVE-2022-30594, CVE-2022-39188, CVE-2022-39189, CVE-2022-41218, CVE-2022-41674, CVE-2022-42703, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722, CVE-2022-43750, CVE-2022-47929, CVE-2023-0394, CVE-2023-0461, CVE-2023-1195, CVE-2023-1582, CVE-2023-23454, CVE-2023-32233, CVE-2023-28466, CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968, CVE-2023-24329, CVE-2023-32067, CVE-2023-24329, CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968, CVE-2023-2828, CVE-2023-38408, CVE-2023-20569, CVE-2023-20593, CVE-2023-38802.\n------\n- **I95-42466 Changing the physical linux address of an HA interface breaks the configuration:** Resolved an issue where moving a non-forwarding fabric HA sync device-interface from one PCI address to another PCI address would not properly clean up the team interface from the old PCI address.\n------\n- **I95-50671 Office365 traffic is not recognized:** Resolved an issue where Office365 traffic was being miscategorized and therefore not fully qualified. O365 traffic, when traversing over SVR, is no longer miscategorized.\n------\n- **I95-50708 Time series data for memory of the salt_master process periodically significantly decreases:** Incorrect method for polling application memory data; this resulted in dips in application memory being presented. This issue has been resolved.\n------\n- **I95-51864 Ethernet Over SVR (EoSVR) not working for multi-hop SVR scenarios:** When EoSVR traffic traverses over a dogleg path in a HA node topology, traffic failed to traverse the middle node. EoSVR packets are no longer incorrectly dropped when routed over an inter-node path when coming from an SVR path.\n------\n- **I95-52491 Crash in highway process due to segmented metadata:** Resolved an issue processing metadata that is segmented across two packet buffers. The segmented packets are no longer discarded and the dataplane no longer crashes when processing a packet comprised of segmented metadata.\n------\n- **I95-52599 Conductors display different assets on different HA nodes:** If the state table of an inactive HA node becomes out of sync with the active HA node, then some assets were being skipped when parsing the asset state response. This issue has been resolved through the reporting of asset IDs from the active node state table.\n------\n- **I95-52822 ARP fails to resolve:** An earlier change caused ports on an X553 that use SFPs to no longer correctly report link status. This issue has been resolved and the link status is now reported accurately.\n------\n- **I95-52855 DHCP Relay stopped functioning after removing disabled DHCP Servers:** When a number of disabled DHCP servers were deleted from the configuration, the server interface mappings were deleted as well. Updates have been made to re-enable DHCP relay when a DHCP server or interface is removed. \n------\n- **I95-52859 Issue moving interface between chassis of hypervisor platforms running SSR (e.g., ENCS):** When swapping physical cable from active node to standby node, the customer experienced low rate packet loss on traffic-engineering enabled device-interfaces. To resolve this issue, the `traffic-engineering transmit-cap` is no longer ignored on device-interfaces which have unresolved link-speed. \n------\n- **I95-52994 Routers continue to request the conductor configuration:** Resolved an issue where a managed router continued to request the configuration from the conductor even after a validation or datamodel incompatibility issue.\n------\n- **I95-53000 process highway disconnected messages caused by NIC driver bug:** The DPDK driver code for the Broadcom NICs contained a bug that caused the querying of the extended statistic to fail. The Broadcom NIC driver has been upgraded to resolve the issue.\n------\n- **I95-53002 NTP setup check fails on startup:** Resolved an issue in the NTP startup sequence, due to an incorrect path for the NTP configuration.\n------\n- **I95-53015 Highway log has large number of unnecessary INFO messages:** A previous log message of icmp response packet failed was incorrectly logged at INFO level. It is neither an error nor actually informational, and has now been downgraded to DEBUG level.\n------\n- **I95-53017 Some files incorrectly marked as executable:** While strengthening the security posture of the platform, some files with superfluous executable bits set have been identified and correctly marked.\n------\n- **I95-53105 Conductor to router API RBAC rules not being followed:** Resolved an issue where the user is getting elevated to admin on the managed router, thus returning more data than necessary.\n------\n- **I95-53114 Broadcom interfaces stuck in `admin down` after upgrade:** Resolved an issue where device-interfaces on Broadcom NICs wouldn't come up properly if initially configured with `enabled false`.\n------\n- **I95-53185 Rare race condition causing highway crash:** Resolved a rare race condition between flow install and flow lookup causing a highway crash.\n------\n- **I95-53253 Include `dmesg` and `systemd journal unit` in TSI:** Include output from `dmesg` and `systemd journal` unit in TSI in order to assist in debugging future platform related issues.\n------\n- **I95-53259 Initialization time out may result in SSR failing to start:** Resolved an issue where SSR may fail to start. An example of this would be unreachable audit server was configured that would delay the startup initialization causing SSR to exceed the timeout and fail to start.\n------\n- **I95-53285 User datastore issue when renaming a router:** Resolved an issue where HTTP requests would stop working to a router after the router's name was changed, but before the SSR was restarted.\n------\n- **I95-53321 Syslog datamodel is limited:** Added the following configurable syslog facility values `auth`, `authpriv`, `cron`, `daemon`, `kern`, `lpr`, `mail`, `news`, `syslog`, `user`, and `uucp`.\n\n### Caveats\n\n- **I95-53833 Timeout prevents startup:** 5.6.11 introduced a regression in the SSR reboot startup logic. If any of the processes take longer than 30 seconds to complete, the startup sequence is abandoned and renders the platform inoperable. The system can be recovered by manually restarting the SSR software. This issue is tracked by I95-53833.\n\n## Release 5.6.10-6\n\n**Release Date:** August 29, 2023\n\n### Resolved Issues Requiring Configuration Changes\n\n- **I95-52198 Handle incoming public keys from peer conductor node:** Added functionality to allow conductor nodes to share the authorized keys of managed routers between each other. If the SSH public key is retrieved from a managed router by one conductor node, then it is automatically shared with its conductor peer node.\n------\n- **I95-52316 Enhancements to Overlapping FIB Services:** The [`fib-service-match`](config_command_guide.md#configure-authority-fib-service-match) command allows you to configure either `best-match-only` or `any-match`. \n\t- `best-match-only` considers the best matching prefix length. In cases of transport overlap, services are visited in alphabetical order.\n\t- Using `any-match` will consider all services that match the route update but do not have the best match service address when creating FIB entries, minimizing missed entries. The transports from the service with the longest prefix are considered first.\n------\n- **I95-52517 Allow users the ability to configure the OSPF SPF timers:** Support for user-configured values for SPF delay has been added. Users can now specify values for spf delay, hold-time, and maximum-hold-time. For additional information, see [OSPF SPF Timers](config_command_guide.md#configure-authority-router-routing-ospf-timers-spf).\n\n### Resolved Issues\n\n- **The following CVE have been identified and addressed in this release:** I95-51758, I95-52495, I95-52496, I95-52497, I95-52509, I95-52625. \n------\n- **I95-41386/I95-52114 HA pair device interface's redundancy status stays non-redundant even though the interface operational status is up:** Resolved a race condition when selecting the active components between HA nodes.\n------\n- **I95-51336 App-ID memory leak for some uncommon cases, such as duplicate flow:** Resolved an issue where the `app-id stats` entry was not added to the `Expiring` list to be cleaned up.\n------\n- **I95-51800 Radius authentication failure - Incorrect NAS IP address:** The ability to specify the NAS-IP-Address and NAS-Identifier has been added to the data model for configuring these Radius options per node. This can be used in cases where the Radius server is configured to use an identifier, or in cases where it is necessary to match the source IP address of the Radius requests behind SSR or NAT.\n------\n- **I95-52208 Metrics queries return incomplete data when FIPS is enabled:** Resolved an issue where a FIPS-incompatible hashing function was causing missing or incomplete metrics data. \n------\n- **I95-52283 Correct the Domain Matching order:** When using web filtering, the SSR now properly enforces the [Service Matching Order.](config_domain-based_web_filter.md#service-matching-order)\n------\n- **I95-52305 Compacting rate limit exceeded:** Resolved memory and CPU issues resulting from attempting to compact very large application identification documents.\n------\n- **I95-52402 Router stuck in `Upgrading` state:** Resolved an issue with `conductor-only` mode, where the conductor was attempting to download the installer before the software access proxies were in place, preventing an update to the installer.\n------\n- **I95-50562 / I95-52626 Forwarding plane control message bursts create exception, causing a packet buffer leak:** Resolved a condition where backpressure caused the messaging mechanism to develop buffer leaks. Proper handling of exceptions now prevents buffer leaks. The control buffer capacity has been increased to better handle bursts as part of the resolution.\n------\n- **I95-52650 Asset state transition on conductor is slow for deployments with greater than 250 routers:** An optimization was made to an internal calculation and improve the speed at which synchronization requests are processed.\n------\n- **I95-52816 Config Validation may generate errors in the wrong field:** Resolved an issue during the validation of BGP graceful-restart configuration settings that could lead to generating incorrect errors/warnings during configuration validation.\n------\n- **WAN-2090 Conductor managed SSR Applications in WAN Insights Showing up as Numbers:** Resolved an issue with stats APIs, which were not properly handling some internal service names.\n\n## Release 5.6.9-3\n\n**Release Date:** July 19, 2023\n\n### Resolved Issues Requiring Configuration Changes\n\n- **I95-50949 Add packet buffer tracking to help analyze buffer exhaustion:** Packet buffer location tracking has been added, and the following PCLI commands have been created for buffer tracking.\n\t- `show packet-buffer locations`\n\t- `save packet-buffer snapshot`\n------\n- **I95-51450 Support for 100/Full Speed/Duplex on Intel I225-V Driver NICs:** The DPDK driver has been updated to allow fixed speed and duplex configuration to work with IGC i225 NICs.\n\n### Resolved Issues\n\n- **I95-47960 Incorrect progress message for `show dns resolutions`:** The progress message for this command now correctly displays `Retrieving dns resolutions...`.\n------\n- **I95-48931 Service area Highway crash:** Now prevent crashing in SSR's highway process in rare race conditions when a session's flow is removed before the session is fully established.\n------\n- **I95-49587 ICMP session classification improvement:** The application lookup for ICMP sessions now accurately identifies the correct service.\n------\n- **I95-50722 Highway crashes during session migration:** Resolved a crash in the SSR's highway process, due to a race condition between configuration changes and BFD sessions.\n------\n- **I95-51053 ESP session stuck in Incomplete state:** Resolved an issue where SVR sessions from network-interfaces with dscp-steering enabled can be stuck in an incomplete state.\n------\n- **I95-51167 Unable to override auto-generated peer service-route:** The user can now provision a service-route with the same name as an automatically-generated one. The user's service-route takes precedence and will be used instead of the generated one.\n------\n- **I95-51177 Ethernet over SVR setting wrong egress MAC address:** Ethernet over SVR now correctly sets the egress MAC address when using outbound-only mode.\n------\n- **I95-51178 Increase default juteMaxBufferSize:** The default juteMaxBufferSize has been increased to 10MB, which addresses issues where the device is unable to commit very large configurations.\n------\n- **I95-51284 Routers remain in the connected state:** Updated the dependencies within the salt minion to resolve an issue where an asset is stuck in the connected state, displaying the error: `Error getting asset's public key: 'ssh.set_auth_key', retrying....`\n------\n- **I95-51296 Show Time in Status in the show assets detail view:** The asset Time in Status field has been added to the Detail view.\n------\n- **I95-51359 Unable to set the OSPF MTU:** Added the ability for users to set the MTU to a non-default value.\n------\n- **I95-51403 GUI displays download in progress even after the download is complete:** Resolved an issue where a download success event is never created even though the version shows as downloaded in the software versions.\n------\n- **I95-51427 GUI not displaying all the version information:** The GUI About page now displays additional version information previously only displayed in the PCLI `show system version detail.`\n------\n- **I95-51650 `log-category PCLI` command not working:** Resolved an issue that disallowed setting `config authority router system log-category PCLI`. We now also allow configuring the following log categories:\n\t- CFGD\n\t- SNMP\n\t- HTTP\n------\n- **I95-51658 Allow sync command in resynchronizing state:** Resolved an issue where the user received an error when executing the send command sync command while an asset was in the resynchronizing state.\n------\n- **I95-51734 Remove duplicate transport port-ranges from modules before adding to service:** Resolved an issue where FIB entries are not installed when app-id modules have conflicting or overlapping port-ranges, and are being placed into one service.\n------\n- **I95-51788 Path index is not displayed correctly for `show sessions by-id`:** `show sessions by-id` has been updated to display MTU and PathIndex.\n------\n- **I95-51792 Low MTU threshold causing metadata fragmentation:** Fixed the incorrect handling of packets where metadata is fragmented due to unreasonably low MTU, causing the packet buffers to become exhausted.\n------\n- **I95-51793 Path MTU discovery dropping very low:** Fixed PMTU discovery from ever resolving to an unreasonably low MTU, which could previously occur during a link flap event.\n------\n- **I95-51794 Core dump on systems with greater than 10 physical interfaces, such as Lenovo SR-650:** Resolved an issue where the SR-650 was crashing due to uninitialized flags field. Support has been added for these devices.\n------\n- **I95-51865 NTP not syncing for HA nodes:** Added the ability to configure the orphan stratum for the HA peer node. This was previously hard-coded to 5 but this change allows an HA peer to be able to sync when the upstream server is of a lower stratum, if so desired by the user.\n------\n- **I95-51915 Report buffer allocation failures to watchdog:** `alloc-failure` stats are now gathered per device and included in the device stats, allowing the watchdog to detect a failure and respond.\n------\n- **I95-52104 URI escape characters handled incorrectly:** The `lookup application by-domain` and `clear app-id cache-entry url` were handling url parameters incorrectly, in lookup, creating and clearing cache entries. This has been resolved and each command now performs the correct operation. \n------\n- **I95 52105 Permissions error when attempting to `delete certificate webserver`:** Resolved an issue where `delete certificate webserver` and `create cerificate webserver` with an existing certificate were failing. On older versions of software this can be worked around by running `sudo rm -rf /etc/128technology/pki/webserver.pem`. \n\n## Release 5.6.8-9\n\n**Release Date:** May 25, 2023\n\n### Resolved Issues Requiring Configuration Changes\n\n- **I95-48862 Load balance sessions across BGP RIB Entries with multiple paths:** Resolved an issue when BGP was used to build a routing table, only the first next hop was used. All next hops are now used, and load balancing occurs over all routing protocol routes. \n------\n- **I95-50510 New fields for IPFIX:** The SSR IPFIX implementation was not sending the industry standard fields of flowStartMilliseconds and flowEndMilliseconds. In the new implementation, all IPFIX records include these fields. The start time is set to the start time of the flow, and the end time is always set to the time the last packet was received on the flow. For intermediate records, this indicates that the flow is still ongoing but provides the last activity timestamp. For the end records, this indicates when the last packet was received on the flow prior to the session terminating. For additional information, see [IPFIX](concepts_application_discovery.md#ipfix).\n------\n- **I95-50571 Add packet buffer tracking to help analyze buffer exhaustion:** The following features have been added to help diagnose packet buffer pool depletions in certain environments:\n\t- Track packet buffer locations.\n\t- Enforce setting of packet location.\n\t- Add the ability to walk packet buffer pools, count the locations, and display.\n------\n- **I95-51169, I95-51173 Buffer tracking improvements:** The following improvements have been made to Buffer Tracking:\n\t- Refined packet buffer location tracking to better identify buffers in use for `TSI` collection.\n\t- Provide more diagnostic information, when possible.\n\t- The following new metrics have been added for tracking utilization of packet pools. These can be found under `show stats packet-processing pool-utilization`. \n\t\t- `fastlane-generated-packet-pool`\n\t\t- `host-packet-pool`\n\t\t- `network-packet-pool`\n\t\t- `tcp-proxy-packet-pool`\n------\n- **I95-51316 Add Resynchronization state:** Transition an asset into the `Resynchronizing` state instead of `Connected` when a configuration change is made, or when the user executes the `send command sync` command from the PCLI. This better identifies the actions being performed within the SSR, and is not an indicator of the device health. Previously when an asset required a highstate due to a config change or running the `sync` command, the device would transition to `Connected` from `Running`, which caused concern with users. \n\n### Resolved Issues\n\n- **The following CVE have been identified and addressed in this release:** I95-48448, I95-49456, I95-50358, I95-50359, I95-50506, I95-50508, I95-50535, I95-50790.\n------\n- **I95-37833 Apply password policy more consistently:** The password policy for SSR users has been updated, and now requires passwords to have a special character in addition to previous requirements. \n:::important\nPlease refer to [Password Policies](config_password_policies.md) for updated password requirements.\n:::\n------\n- **I95-47776 Tank hostname parsing errors:** Resolved two issues in the Tank instance where the localhost could not resolve to an IP address, and Tank was not identifying non-default ports. These issues have been resolved. \n------\n- **I95-48518 Application Identification not recognizing Apps on HA systems:** Resolved an issue where the GUI was only pulling Application data from one node in an HA configuration. Application ID Summary display now aggregates data from both nodes.\n------\n- **I95-48965, I95-51086 Race condition with routing updates inducing crash in highway process:** Resolved an issue where a routing change that affects the `forwarding-table` can incur a race condition with sessions completing and being removed, which could lead to a highway crash and restart.\n------\n- **I95-49594 Highway Crash:** Resolved an issue for systems where any of the following are configured:\n - `application-identification` is enabled, \n - a service is defined with `domain-name child services`, or \n - a `service address` is configured as a `domain`\nand there are established flows for any of these services, a link flap triggering a flow invalidation (changes to FIB) will induce a crash in the highway process of the SSR. This issue exists in versions 6.1.0 and 6.1.1, and is resolved in 6.1.2.\n------\n- **I95-49603 Process Manager crash:** When a long running process was being cleaned up by the subprocess, the cleanup would fail causing a crash. Long running processes are now properly terminated, which allows the cleanup subprocess to complete correctly. \n------\n- **I95-49675 Incorrect path in console help message for `export config running`:** The help message now correctly identifies the export path: **Exported files are stored in `/etc/128technology/config-exports/` and are stored as GZIP compressed files.**\n------\n- **I95-49754 Waypoint re-use causing duplicate reverse flows:** Resolved a case where when the waypoint pool is nearly depleted, released waypoints were reused prematurely causing errors when installing reverse flows.\n------\n- **I95-49791 Add audit rules to track modification of grub config files:** Added rules to log notifications in case of changes to grub configuration files.\n------\n- **I95-49925 GRE tunnel health-check not migrating sessions when path is down:** The GRE tunnel manager now removes all sessions before adding new ones rather than modifying the existing sessions.\n------\n- **I95-49969 Permission Denied error when attempting to self-generate a webserver certificate:** Resolved an issue that prevented users with the admin role from creating a new self-signed web certificate via the PCLI command `create certificate self-signed webserver`.\n------\n- **I95-49974 Stuck flow not cleared when reverse metadata is incomplete:** Resolved an issue where reverse metadata is coming through incomplete - without the source tenant. The source tenant has been added to the reverse metadata.\n------\n- **I95-50047 Conductor config unable to pass local validation on one of the routers:** Resolved an issue where a router missing the `reachability-profile` configuration may pass validation on conductor.\n------\n- **I95-50050 VRRP High Availability gets stuck in Active/Active:** The DPDK version has been updated to resolve this issue.\n------\n- **I95-50247 Duplicate peer path alarms:** Resolved an issue where both BFD and the path MTU feature were generating alarms for the same peer path being down. The criteria for which peer path state changes can trigger peer path events has been tightened.\n------\n- **I95-50262 Routers disconnected from their conductor may have incorrect log rotation settings:** Resolved an issue where a managed router was not able to pull down the configuration from the Conductor - which includes the log rotation config. The default salt log rotation configuration has been improved, preventing the log from growing too large before the connection to the Conductor can be established. \n------\n- **I95-50269 Router clone operation fails:** Implemented checks to prevent cloning obsolete elements and internal lists/containers on legacy versions of the SSR software.\n------\n- **I95-50286 Rebooting a node of an HA pair from Linux breaks routing:** Resolved an issue where a delay in the shutdown process caused a node to take over a VRRP interface, creating routing issues. \n------\n- **I95-50331 System fails to synchronize keys on startup:** The SSR now dynamically updates the `rsync IP host address` from the non forwarding HA sync interfaces, and will fall back to the `global.init` host IPs if they don't exist.\n------\n- **I95-50363 MOS Metrics not refreshing:** Resolved an issue where the SLA and MOS values were not being updated in the stats (or PeerPathTable) when a BFD session was brought down. The SLA and MOS stats are now set to 0 when the BFD session is brought down.\n------\n- **I95-50376 Failure to make config changes after rollback:** Resolved an issue where commits would not take effect after rolling back an HA router, because of older/newer version conflicts. \n------\n- **I95-50445, I95-49377 i40e and ice devices enter malicious descriptor detection state, preventing forwarding of traffic:** Resolved an issue where fragmented packet chains larger than 8 buffers were discarded causing a malicious descriptor event. \n - The below `dpdk.log` snippet provides an example of the event:\n```\n[DPDK| -- ] ERROR (00007f03ec18e700) i40e_dev_alarm_handler(): ICR0: malicious programming detected\n[DPDK| -- ] WARN (00007f03ec18e700) i40e_handle_mdd_event(): Malicious Driver Detection event 0x02 on TX queue 6 PF number 0x01 VF number 0x00 device 0000:08:00.1\n[DPDK| -- ] WARN (00007f03ec18e700) i40e_handle_mdd_event(): TX driver issue detected on PF\n```\n - Added hooks for the NIC driver to trigger an unrecoverable event and invoke the Highway lockup detector mechanism.\n------\n- **I95-50534 Race condition between NetworkInterfaceManager and FastLane:** Resolved a race condition caused by adding and deleting the same network interface in a very short window of time, potentially causing a system crash.\n------\n- **I95-50554 No dynamic synchronization of repos to the routers:** Resolved an issue where it was necessary to restart 128T on the Conductor in order for the Conductor to recognize newly added repositories and sync them down to the assets. Authenticated repos are now automatically synchronized when repos are added to the conductor.\n------\n- **I95-50656 Improve metrics for REST API performance:** Performance improvements have been made in metrics REST APIs to alleviate intermittent metrics graphs on heavily loaded systems.\n------\n- **I95-50710 Configuration cannot be applied to router when its time is ahead of the conductor:** Implemented time detection for configurations using a future time that is corrected upon commit. This resulted in an `mtime` older than what is in the datastore, and the configurations were rejected.\n------\n- **I95-50736 SSH key change not propogated to secondary conductor:** Resolved an issue where an SSH key change to `/etc/128technology/ssh/pdc_ssh_key` was not automatically detected and resynced between peer node and conductor nodes.\n------\n- **I95-50754 Race condition between ICMP ping request and a reverse flow:** Resolved a crash due to a race condition when `service ping icmp-request` is matched against a partially installed flow.\n------\n- **I95-50778 Event History filter not working:** Resolved an issue where searching on the Event History page didn't show matching results when the search string is only found in the Details column.\n------\n- **I95-50787 Rebooting the OS from the conductor throws error code 400:** Resolved an issue in the GUI with the reboot button on the Router page. When trying to reboot a router, the button would fail and display **Error: EOF**. \n------\n- **I95-50823 Support for time-offset DHCP option:** `int-32 encoded-type` has been added to provide support for the time-offset DHCP option.\n------\n- **I95-50967 SSR is not allowing other DHCP relay traffic to pass through:** When the SSR acts as a DHCP Relay, it will no longer drop packets received from other relay agents on the network. Instead the packets will be routed appropriately as per the configured policies.\n------\n- **I95-50977 Installer fails to download software when the Conductor software proxy is enabled:** Resolved an issue where when the Conductor software proxy is being used, DNF transactions to the conductor repo go through the proxy, despite the repo pointing to a local tunnel to the conductor. These transactions now go through the proper tunnel.\n------\n- **I95-50979 Routers remain in connected state:** Resolved an issue where assets will perform a new highstate unnecessarily if a commit occurs while a highstate is already in progress, causing assets to take a long time to get to the running state.\n------\n- **I95-51006 Nodes stuck in connected state after upgrade:** On an HA conductor, if the user is performing an upgrade on the first conductor node and that user makes a config commit during the upgrade, then the configuration's modified time will become out of sync between the two conductor nodes. When the conductor first node is finished upgrading the result is a loop where the configuration keeps getting committed by each node back and forth until a new commit is made. This issue has been resolved by allowing the peer conductor node to accept the config despite the perceived version disparity. Please note performing a commit mid-upgrade is not supported.\n------\n- **I95-51007 Conductor is incorrectly honoring core pinning:** The cpuProperties cores setting in /etc/128technology/local.init was erroneously isolating cores on conductor nodes when set, even though this setting is intended for a router. This would cause a reduction in available processing cores for normal conductor operations. This setting will now be ignored on the conductor.\n------\n- **I95-51044 Hide `forwarding-core-mode` on conductor:** Disabled the `forwarding-core-mode` setting on conductor nodes, since this setting doesn't apply to conductor.\n------\n- **I95-51087 SSR fails to download firmware after upgrading the conductor:** Resolved an issue where the first time a conductor is upgraded and **conductor-only** is selected in the software-update settings, the proxy service on the conductor does not work correctly, and downloads fail. The downloads no longer fail. \n------\n- **WAN-1958 Mist agent crashes:** Increased internal file system limits which were preventing some services from starting correctly at boot. Limits were raised based on expected system usage.\n\n## Release 5.6.7-4\n\n**Release Date:** March 16, 2023\n\n### Resolved Issues Requiring Configuration Changes\n\n- **I95-48928 Set Time using PCLI command:** Add a new PCLI command `set time` which allows an admin to bootstrap a system without NTP connectivity. The PCLI uses the date(1) shell command and accepts a wide variety of inputs. To see more documentation about the date format see setting the time or the -d option on options for date.\n------\n- **I95-49354 Display SSD smartctl info in `show platform disk`:** We now display the following disk info, if supported by the disk, in `show platform disk`:\n\t- Lifetime used\n\t- Power On Hours\n\t- TBW (Terabyte Written)\n\t- TBW per year\n------\n- **I95-50072 Support for ConnectX-6 Lx PCIe device:** Support has been added for this device. \n\n### Resolved Issues \n\n:::important\n- **I95-49594 Highway Crash:** In a system where any of the following are configured:\n\t- `application-identification` is enabled, \n\t- a service is defined with `domain-name child services`, or \n\t- a `service address` is configured as a `domain`\nand there are established flows for any of these services, a link flap triggering a flow invalidation (changes to FIB) will induce a crash in the highway process of the SSR. This issue exists in versions 5.6.3 through 5.6.6, and is resolved in 5.6.7.\n:::\n\n- **The following CVE have been identified and addressed in this release:** I95-48445, I95-48643, I95-48859, I95-48907, I95-49079, I95-49445, I95-49745, I95-49746, I95-49747, I95-49748.\n------\n- **I95-48054 STEP not working in Core Network:** Resolved an issue where processing STEP route updates can cause modification of unrelated FIB entries, potentially interrupting existing sessions.\n------\n- **I95-48232 Ability to ping lost after failover:** We now prevent unnecessary FIB changes (which may lead to a short traffic interruption) when new routes are added to the RIB that are more specific than some configured service IP prefixes.\n------\n- **I95-48485 Broadcom NIC (NetXtreme) fails to initialize properly:** Resolved an issue with initization errors during memzone creation. \n------\n- **I95-48590 ACK RTT Improvements:** Resolved an issue where the stats were not resetting properly, and added supporting sampling to ACK RTT tracking. \n------\n- **I95-48927 Audit log disk failure mode:** Added a Failure Notification parameter and failure mode to inform users that the `auditd.conf` log disk is nearing capacity, or has reached capacity, and that action is required.\n------\n- **I95-48942 Routing policy filter condition reference type not validated:** Added a check to verify that when a routing policy condition references a filter, the condition type and filter type match. \n------\n- **I95-49118 HA LTE Interfaces go down and impact BGPoSVR and Conductor:** The handling of FIB updates due to interface state changes has been optimized to avoid possible traffic loss for unaffected FIB entries.\n------\n- **I95-49242 When HMAC is disabled, the automatic MSS adjustment calculation for `enforced-mss = automatic` may be wrong:** The Automatic MSS adjustment calculation has been corrected (expanded). \n------\n- **I95-49350 BFD echo generating latency overhead:** BFD echo tests are now staggered to minimize application latency's contribution to overall peer path latency.\n------\n- **I95-49377 Transmit packets dropped by NIC for established sessions - packet counters are incrementing and can be seen in packet capture, but not seen by next-hop:** Added hooks for NIC driver to trigger an unrecoverable event and invoke the Highway lockup detector mechanism. \n------\n- **I95-49431 Unable to edit or add static route config from Conductor GUI:** When editing configuration on the stand-by node of an HA pair, creating a list item with a slash, /, such as specifying the destination-address of a static-route, caused an error. This has been resolved.\n------\n- **I95-49447 Conditional BGP advertisement is not respected:** Resolved an issue that if a peer went down and came back up, the conditional advertisement was no longer respected. \n------\n- **I95-49454 Error while creating a new Radius user from the GUI:** The create user API now rejects requests with invalid input parameters. \n------\n- **I95-49514 Linux interfaces bounced on startup:** Resolved an issue where all Linux interfaces managed by 128T are bounced once on 128T startup.\n------\n- **I95-49564 Reduce volume of logs during pending lookups:** The error logs during a pending lookup has been changed to a muted error log with a stat.\n------\n- **I95-49604 Alarm when a node is disconnected:** An alarm is now raised when a node is disconnected from the internal synchronization database.\n------\n- **I95-49633 Validation not strict for static assignment within DHCP server configuration:** Configuration for static addresses within DHCP server exists in multiple locations per design. Cross-validation has been added to prevent the same ip-address from being configured and assigned to multiple dhcp-clients.\n------\n- **I95-49655 Cutting and pasting the output of `show flat` does not work for OSPF:** Resolved the issue that prevented editing the OSPF list.\n------\n- **I95-49722 Event filter does not work on HA router nodes:** Resolved issues with filtering by node, and an incorrect value was displayed for the node column in the GUI.\n------\n- **I95-49756 RDP sessions failure over peer path:** Resolved an issue that caused RDP traffic to fail when adaptive encryption and AppId are both enabled.\n------\n- **I95-49778 Conductor GUI not showing data metrics for routers running:** Resolved an issue where API keys were not properly synced down to the managed routers which caused certain router data to not show up on the GUI.\n------\n- **I95-50014 Hitting Buffer Overflow during configuration changes:** Resolved an issue where a config change request may not make it to a managed router, and returns a buffer overflow error.\n------\n- **I95-50034 Issues with stuck sessions in load balancer:** Resolved an issue with session modify, where gateway changes on the same egress interface can fail due to a missing ARP.\n------\n- **I95-50050 VRRP High Availability gets stuck in Active/Active:** The DPDK version has been updated to resolve this issue. \n------\n- **I95-50058 Performance regression in Running Config APIs:** Resolved a constant cache miss for a specific set of the running config APIs.\n------\n- **I95-50076 EthResource descriptor calcs don't account for variable defaults:** Resolved an issue where Mellanox ConnectX-5 and ConnectX-6 could be initialized with insufficient packet receive capacity.\n------\n- **I95-50139 Include PID in User-Agent header:** Added a debugging aid to identify which process is sending requests.\n------\n- **I95-50172 Download error not cleared until next successful download:** Resolved an issue where failed download errors are not cleared when a new download starts.\n\n## Release 5.6.6-7\n\n**Release Date:** January 18, 2023\n\n### Resolved Issues Requiring Configuration Changes\n\n- **I95-47947 Increase max CoreDump size to 4GB:** The maximum size of coredumps now defaults to 4G. This value can be configured in environment config by modifying the `maxCoredumpSize` field of the new `crashReporting` object. Any manual modifications to `coredump.conf` will be overwritten whenever the service is started. \n\n:::important\nUpgrading to this release version will cause `coredump.conf` to be re-written with 4G limits for coredumps even if `coredump.conf` had been updated manually for a higher value!\n:::\n\n### Resolved Issues\n\n- **I95-46336 Peer connection not established after AWS upgrade:** Resolved an issue where an AWS C5 instance size can fail to initialize when more than one accelerated network interface is configured.\n------\n- **I95-48352 Application ID is not identifying MS-Teams correctly:** Resolved an issue where sessions with IP addresses as their domain names were not classified correctly when the information was received via HTTP web proxy. Sessions with IP addresses as their domain name are now verified against the IP tree, and not the domain name database.\n------\n- **I95-48447 JWTs signing does not meet stringent security standards:** Changed how JWTs are signed to increase security posture.\n------\n- **I95-48464 This CVE has been addressed.**\n------\n- **I95-49139 `show network-interface application` renders poorly for empty hostnames:** The DHCP server state script has been updated to not escape `` hostname.\n------\n- **I95-49166 OSPF is not configurable using the GUI:** This issue has been resolved.\n------\n- **I95-49225 Packets containing only path-metrics metadata are dropped:** Resolved an issue where FPM calculations caused these packets to be dropped when flows were affected due to routing changes.\n------\n- **I95-49326 New sessions become associated with defunct sessions on next-hop routers:** Enhanced session reuse detection to validate all incoming metadata once a session-id has been properly latched.\n\n### Caveats\n\n- **I95-49724 Quickstart URL Upload not working:** In Release 5.6.6, the QuickStart file upload using the `https:///quick-start` URL is not working. This is currently being worked on and will be fixed in 5.6.7. No other patches/releases are affected. \n\n**Workaround:** Upload the Quickstart file using a USB as outlined in [Configure the SSR and Network Interfaces](https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/intro_otp_iso_install#2-configure-the-ssr-and-network-interfaces) section of the [Router Installation Using OTP](https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/intro_otp_iso_install) guide. \n\n## Release 5.6.5-5\n\n**Release Date:** December 28, 2022\n\n### Resolved Issues\n\n- **The following CVE have been addressed and resolved:** I95-48644, I95-48648, I95-48650, I95-48653, I95-49039.\n------\n- **I95-34384 Rotated datastores with different permissions:** Resolved an issue where some rotated datastore files had different permissions.\n------\n- **I95-44926 Configuration validation for `as-path` incorrect for certain values:** Resolved an issue where a subset of 4-byte BGP private AS numbers was not accepted inside AS path specifications for routing policy `modify-as-path` actions.\n------\n- **I95-45478 Segmentation Fault in the Dynamic Peer Update process:** Resolved an issue with multi-threaded access to a data member, leading to a segmentation fault.\n------\n- **I95-47797 Packet duplication does not interoperate well with outbound-only adjacencies:** When utilizing the packet-duplication feature (`service-policy -> session-resiliency = packet-duplication`), any peer adjacencies marked as `outbound-only` are no longer used. Packets are only duplicated along bidirectional paths.\n------\n- **I95-47929 Missing BGP advertisement after deleting all sessions after an upgrade:** Resolved an issue where BGP update suppress was not removing any pending withdrawls.\n------\n- **I95-47992 HTTP service not working in WAN Assurance:** Resolved an issue where HTTP traffic is dropped when using a combination of application-identification, adaptive-encryption, and spoke-to-hub-to-spoke topology (outbound-only peer-connectivity).\n------\n- **I95-48107 EoSVR sessions not stable:** Resolved an issue with loss of connectivity to STEP EoSVR peer. The STEP route is now held in place and available when STEP connectivity is restored. \n------\n- **I95-48163 Only services with load-balanced paths are shown in `show services`:** Resolved an issue where services without load-balanced paths weremissing from show services output.\n------\n- **I95-48324 Application Identification not parsing domain names:** The App-ID parsing mode has been updated to correctly parse domain names.\n------\n- **I95-48396 `show-rib` limited to 512 entries:** The `show rib` count maximum has been increased.\n------\n- **I95-48529 BFD sending link notification before hold-down timer expires:** Resolved an issue where peer service-paths do not remain down while the BFD session / peer status is in the hold-down period after transitioning from down to up. Peer service-paths status now correctly reflect the peer status. Sessions will not be moved back to peers that have re-established connectivity but are still in the hold-down period.\n------\n- **I95-48580 Application summary classification fails for hub-to-spoke sessions:** The spoke now learns application names for sessions when receiving packets from a hub with application identification disabled.\n------\n- **I95-48582 `show bfd` command ignoring parameters:** The query parameters are now passed to the REST endpoint to be used byt the `show bfd` command.\n------\n- **I95-48641 Recreating BFD flow when an outbound-only session is reset:** Flow creation is now deferred until a reverse packet arrives from the peer, similar to the initial creation case.\n------\n- **I95-48656 Reduce TSI service log limit:** The size of the Tech Support Info journal has been restricted to prevent excessive resource consumption.\n------\n- **I95-48684 SSR not answering ARP requests:** Increased `internal-application traffic-engineering` rates for ARP traffic which was being dropped in a multiple packet-processing core environment incorrectly due to an over aggressive traffic engineering profile.\n------\n- **I95-48685 GUI and/or PCLI unresponsive:** Resolved an issue where on an HA conductor the user interface would become unresponsive if a managed router was offline or unreachable.\n------\n- **I95-48689 Top Sessions not displaying source address:** Restored the **Source** column in the Top Sessions table. \n------\n- **I95-48723 HA sync not running after systems reconnect:** Historical metrics and events are synced between HA nodes after extended downtime.\n------\n- **I95-48772 `show running config` command displays an error:** Resolved an issue where `show config` requests on the PCLI failed if enum leaf-list entries were changed.\n------\n- **I95-48872 `show sessions by-id` doesn't display correctly tcp state or retransmission counts:** `show sessions by-id` now correctly display `tcp state` and `retransmissions` when `udp-transform` is enabled for a session.\n------\n- **I95-48897 Adaptive encryption breaks after flow move:** Resolved an issue where the session breaks during failover when adaptive encryption is enabled.\n------\n- **I95-48904 Stuck pinhole session after flow invalidation:** Resolved an issue with a stuck session that was setup from hub to HA spoke after a routing change.\n------\n- **I95-48950 Application identification modify packet is dropped:** Packets with `inline-modify` that traverse the BFD pinhole are now handled correctly.\n------\n- **I95-48988 High CPU for packet processing core:** Resolved an issue where the CPU can spike to 100% after a failover from internode/interrouter path to local breakout when failover is enabled for local breakout.\n------\n- **I95-49106 Degradation in performance during file rotation:** This issue has been resolved.\n------\n- **I95-49124 `show network-interface application` always has `unavailable` router name:** This issue has been resolved.\n------\n- **I95-49134 DHCP server does not work when device IDs on HA interface do not match:** Resolved an issue where a DHCP server interface may instead forward DHCP requests through the `service-area` and out to the WAN.\n------\n- **I95-49157 Poor GUI and PCLI performance for other users during a change/validate/commit operation:** Resolved the performance issue by optimizing the export config API.\n\n## Release 5.6.4-3\n\n**Release Date:** November 18, 2022\n\n### Resolved Issues Requiring Configuration Changes\n\n- **I95-48223 Add Application-specific information to `show sessions by-id`:** The following information has been added to `show sessions by-id`: \n\t- domainName\n\t- uri\n\t- category\n\t- overrideServiceName\n\t- appStatsTrackingKey (combination of application, client ip, ingress-interface, next-hop, and traffic-class) \n\n### Resolved Issues\n\n- **I95-48076 SSR Failover on GRE tunnels not working:** The base interface giid is now used to identify the state of a GRE tunnel next-hop.\n------\n- **I95-48158 Unable to capture child services using session capture:** When a session capture is configured on a child service (e.g., `social.internet` instead of `internet`), the session is now recorded.\n------\n- **I95-48427 BGP ignoring multihop TTL (Time To Live) setting leading to invalid nexthop:** Resolved an issue where BGP may temporarily \"forget\" about the TTL value configured for a neighbor.\n------\n- **I95-48508 Keep-alive cache may cause worker core CPU spikes:** Resolved potential worker core utilization CPU spikes by utilizing aggressive keep-alive timeouts.\n------\n- **I95-48600 Compare Session ID's to prevent flow collisions:** Re-use of sessions is prevented when waypoint pool is exhausted and sessions linger on egress router.\n------\n- **I95-48685 GUI and/or PCLI unresponsive:** Resolved an issue where on an HA conductor the user interface would become unresponsive if a managed router was offline or unreachable.\n------\n- **I95-48686 Transmitted packet buffers held too long:** The packet pool sizing has been adjusted to prevent pool depletion when local.init overrides for descriptor counts are present.\n------\n- **I95-48731 Sessions created on a `fin-ack` may get stuck:** Resolved an issue where, if tcp-state-enforcement is set to allow, a TCP session is established from a fin-ack may not get torn down in a timely manner.\n------\n- **WAN-1372 Improve CPU Usage Reporting:** Devised a more efficient collection scheme to minimize the CPU impact when collecting the CPU and memory data.\n\n## Release 5.6.3-6\n\n:::important\nThe following issue has been discovered in the releases listed here:\n\n- 5.6.2 \n- 5.6.3\n\nIf an HA Conductor queries a disconnected router from the Conductor GUI Router page or from the Conductor PCLI, the conductor may encounter periods of poor performance until the requests time out. The issue has been resolved in the next patch release with I95-48685. \n\nFor immediate resolution on the impacted releases, contact Juniper Technical Support, or your SE.\n:::\n\n**Release Date:** November 7, 2022\n\n### Resolved Issues\n\n- **I95-32789 Peer metrics unavailable after Conflux synchronization:** Resolved an issue with HA routers where the metrics application stops streaming metrics to the peer node after loading configuration.\n------\n- **I95-43302 Rename Third-Party menu text:** The menu text has been changed to **External** to more accurately reflect the links to other Juniper platforms.\n------\n- **I95-44957 Azure is not able to identify the asset-id of the depolyed conductor and router:** The Azure ID has been modified to a value that can be processed by Azure.\n------\n- **I95-45478 Segmentation Fault in the Dynamic Peer Update process:** Resolved an issue with multi-threaded access to a data member, leading to a segmentation fault.\n------\n- **I95-46561 Peer table Sort by Destination does not work consistently:** Resolved an issue with sorting for Peer Path Source/Destination columns in the GUI.\n------\n- **I95-46677 Modify GUI to not resize dashboard tiles:** Dashboard tiles now do not resize when the window is resized.\n------\n- **I95-46879 ICMP error responses are not NATed when sent over SVR:** Certain ICMP error messages can now be encapsulated over SVR when enabled within the neighborhood or adjacency configuration: Flows that are UDP over SVR are able to have their ICMP error messages encapsulated. \n------\n- **I95-46904 Labels in Reachability Profile are not correct:** Added missing labels to Traffic Class and Time to Establishment information screens.\n------\n- **I95-47075 Disable weak SSH ciphers:** Resolved issues where the remote SSH server was configured to allow weak key exchange algorithms on `tcp/22` and `tcp/930`. \n------\n- **I95-47271 VRRP Alarm for Backup becoming Primary:** There is now an alarm when the backup VRRP node in an HA pair takes over as the primary.\n------\n- **I95-47438 ESP Session Missing:** Resolved an issue that created stuck sessions when a NAT device was rebinding and failing to establish sessions from reverse packets.\n------\n- **I95-47475 Session capture not downloadable for a read only user:** Adjusted permissions to provide access to session capture files to read-only users.\n------\n- **I95-47476 Session table associated paths not scalable, scroll bar hidden:** The Session Table window has been enlarged to more clearly show information.\n------\n- **I95-47529 Outbound-only sessions get stuck after NAT rebinding:** Resolved an issue that created stuck sessions when a NAT device was rebinding and failing to establish sessions from reverse packets.\n------\n- **I95-47642 Plugin state summary (table view) for HA router overlays both nodes:** The Plugin state table has been separated by node.\n------\n- **I95-47787 Worker core packet processing spikes to 100%:** Added the ability to tune the [Reverse Packet Session Resiliency](config_reference_guide.md#reverse-packet-session-resiliency) `Minimum Packet Count` (default is 3) and `Detection Interval` (default is 5) settings for session failover without requiring forward packet, and resolved the underlying issue that caused excessively high worker-core CPU.\n------\n- **I95-47909 Handle GRE tunnels in ICMP reachability probe:** The base interface for egress is now used if the `icmp-probe probe-address` is the same as the tunnel destination, and the `internal-address` is used as the source if the `egress-interface` is `gre-overlay`.\n------\n- **I95-47967 Cloud bootstrapper does not bootstrap the deployed Conductor:** Resolved an issue where the configuration was being rejected by the cloud bootstrapper when the device was a conductor.\n------\n- **I95-48019 Issue with deleting a flow on reverse metadata:** Resolved an issue that created stuck sessions when a NAT device was rebinding and failing to establish sessions from reverse packets.\n------\n- **I95-48103 Commit triggered BGP issue:** Resolved an issue where BGP neighbors configured with a short hold time might experience a BGP session flap during a configuration commit when app-ID is enabled.\n------\n- **I95-48108 Service Ping for a Service without Source NAT uses Source IP Address:** The service-ping now uses the source-ip as the packet source-ip if provided.\n------\n- **I95-48125 Save TSI streaming from router to conductor not working:** Adding a node and router argument to the PCLI command `save tech-support-info` now works correctly.\n------\n- **I95-48138 Enabling metadata only works for packets that match the port-range specified:** Resolved this issue by identifying the specific flow, and enabling reverse metadata for a that flow.\n------\n- **I95-48181 \"Failed to send IPFIX interim record\" log messages:** Changed log level from Error to appropriate logging level for the cases when ipfix records should not be generated.\n------\n- **I95-48246 Peer path GQL query should provide a node filter:** Added a parameter to stats on peer-path so that the node can be overwritten.\n------\n- **I95-48357 CoreDump on Failover with DSCP Steering:** Resolved an issue where DSCP Steering sessions would fail to move a flow under certain circumstances and, when using DSCP value 0, crash.\n------\n- **I95-483381 Race condition in session teardown:** Shared context is now maintained to allow all packet processing to be completed before session teardown. \n------\n- **I95-48507 VLAN packets are generated without a valid VLAN from the flow-move cache:** Resolved an issue where sessions could be modified incorrectly when a VLAN is present and session resiliency is enabled for failover.\n\n## Release 5.6.2-7\n\n**Release Date:** October 4, 2022\n\n### Resolved Issues Requiring Configuration Changes\n\n- **I95-35571 Enhanced Syslog:** The SSR can be configured to send system generated events over a secure TLS or TCP connection to a remote-logging server for analysis and storage. For more information, see [Secure Syslog Transport](config_audit_event.md#secure-syslog-transport)\n------\n- **I95-44863 Automatic Core Assignment after Reboot:** On systems where `forwarding-core-mode` is set to `automatic`, if the CPU core count changes the software will automatically recalculate the core count and allocation at reboot.\n------\n- **I95-47077 Configuration options for User Accounts:** Added configuration options for number of login attempts before locking user account, and number of seconds that user account will be locked before being able to attempt to login again. For information, see [Password Policies](config_password_policies.md).\n------\n- **I95-47418 Audit Events for Plugins:** A new audit event has been added that tracks when a plugin is installed or uninstalled. This can be viewed on the Audit History page in the GUI or in the PCLI by running `show events type admin.plugin`.\n\n### Resolved Issues\n\n- **The following CVE have been addressed and resolved:** I95-45056, I95-45059, I95-45060, I95-45123, I95-45165, I95-47482, I95-47483, I95-47484, I95-47485, I95-47805, I95-48048, I95-48049. \n------\n- **I95-39454 Created User cannot access PCLI operations:** Resolved an issue where in rare cases, during bulk user additions, it was possible for the operation to fail, leaving the new user created but unable to login.\n------\n- **I95-42320 BGP aggregate-address not working:** Add support for BGP address summarization.\n------\n- **I95-44434 Peer metric sends IP of WAN interface instead of the expected string:** Logic has been added to show the available destination address.\n------\n- **I95-44976 Highway issue when modifying an app-id session:** SSR software versions 5.1.5 and greater are susceptible to a crash during a flow migration when `application-identification` is enabled (modes `tls` or `all`) on spoke to hub traffic traversing over SVR. The condition occurs for sessions migrating that have timed out or that are traversing the ha-fabric link in the reverse direction.\n------\n- **I95-45847 Duplicate Alarms on Multiple Routers:** Resolved duplicate alarms by obtaining alarms from only one node in an HA pair.\n------\n- **I95-46056 `show ntp` has no output from PCLI, even though NTP is configured:** The output of show ntp will now report IP addresses of the time servers rather than resolve hostnames.\n------\n- **I95-46126 Router Status:** Resolved an issue in HA configurations when a router is connected to HA Conductor 1, but not directly connected to HA Conductor 2, alarms generated on the router are now seen on Conductor 2 - the conductor to which the router is not directly connected. \n------\n- **I95-46281 Update Kernel to RHCK 8.6:** Updated the kernel to integrate the latest security fixes.\n------\n- **I95-46545 Conductor Validation passing when a URL is configured in a Parent Service:** Validation for application-identification has been updated to include URL and subcategory. \n------\n- **I95-46641 Modem lockup after reset on dual LTE system:** Resolved an issue with dual LTE modem lockup after reset.\n------\n- **I95-46662 Tenant prefix differences on two HA router nodes are not validating correctly:** Added a validation check to ensure that the tenant-prefixes between two redundant interfaces are identical.\n------\n- **I95-46701 Packet Loss on Headend Router:** Added device-interface rx/tx descriptor ring size to resolve this issue.\n------\n- **I95-46807 Validation insufficient for reachability-detection:** Added validation logic to report and error when `service-route > reachability-detection` was configured, but neither `icmp-probe-profile` or `reachability-profile` exist.\n------\n- **I95-46826 Carrier detection logic not recognizing disaster recovery modem:** Updated the carrier detection logic to properly recognize the carrier when a modem is attached to a disaster recovery cell tower.\n------\n- **I95-46918 GUI and PCLI out of sync when new configuration elements added/modified:** Resolved an issue where `show network-interface` and `show config` were not updating properly.\n------\n- **I95-46919 LDAP Users Not Shown in GUI Users Display:** Updated username requirements and the ability to identify issues with usernames not meeting those requirements. See [Username and Password Policies](config_password_policies.md) for username requirements.\n------\n- **I95-46921 `128status.sh` script incorrectly checks for non-existent listening port:** Removed port 830 check for software versions 5.3.0 and greater\n------\n- **I95-46966 BGP Connection Restarts on SVR Peer Failover:** Resolved an issue with FIB entry setup that was causing BGP connection reset when the session fails over.\n------\n- **I95-47129 Metadata is not disabled after flow-move for EoSVR sessions:** Added a metadata turnoff after session failover for EoSVR.\n------\n- **I95-47336 Running configuration change events are missing:** Updates have been made to include `username` in the running configuration change events log. \n------\n- **I95-47414 Skip the AD lookup in highway for ICMP:** ICMP is now skipped during AD lookup to keep the App stats reults relevant.\n------\n- **I95-47437 TSI creation is leading into Network Failure - BGP BFD went down:** Refined the output for TSI to prevent failures. \n------\n- **I95-47537/I95-47556 Synchronize writing to files to avoid a race condition:** Added a common file lock to synchronize writes.\n------\n- **I95-47551 Keep-alives are not generated for unidirectional outbound-only sessions:** Resolved an issue with keep-alive generation for unidirectional outbound-only sessions.\n------\n- **I95-47552 LTE modem not coming up after upgrade:** Resolved an issue with modem detection and port scanning for Quectel EC25.\n------\n- **I95-47585 Transmit-failure increments when TE is enabled:** When `device-interface traffic-engineering` is enabled, the `stats/packet-processing/sent/interface-failure` statistic is no longer erroneously incremented.\n------\n- **I95-47655 BGP issues with VRRP:** VRRP failover may cause routing to not function if internal device numbering is not consistent across the redundant nodes.\n------\n- **I95-47767 Next Hop choice of \"Blackhole\" does not stay visible in Conductor:** This option was displayed in error, as the option is ignored. It has been removed.\n------\n- **I95-47872 App-ID summary tracking of failed sessions still incremented when feature disabled:** App-ID stats tracking for failed sessions now checks the feature enabled flag and responds appropriately. \n------\n- **I95-47969 Increased Memory use when generating TSI:** Resolved an issue where the `save runtime-stats` command and TSI generation could result in particularly high memory usage when Application Identification was enabled.\n\n\tThe `save runtime-stats` command no longer operates across multiple nodes and routers, and will not aggregate the metrics to disk on the conductor. This is to protect against excessive memory consumption. This is a change in functionality; however the public metrics APIs achieve the same result and are the preferred mechanism to collect authority wide metrics.\n------\n- **I95-47981 Ignore VRRP advertisements if the VRID doesn't match:** The VRID is now validated before accepting an advertisement to resolv an issue where VRRP advertisements intended for a different router were being processed.\n------\n- **I95-48018 APP-ID implementation with proxy web server unable to identify traffic correctly:** Resolved an issue reading certain HTTP headers that was causing Application Identification to miss them.\n------\n- **I95-48038 502 Error returned if managed routers are offline:** Resolved an issue that caused HTTP requests on the conductor to return a 502 error for all requests if a managed router is offline.\n\n## Release 5.6.1-18\n\n**Release Date:** August 1, 2022\n\n### Resolved Issues Requiring Configuration Changes\n\n- **I95-35610 Session Failover without a Forward Packet:** A keep-alive mechanism has been added for flow moves. When flow move is triggered, the SSR detects inactivity in forward traffic and generates a keep-alive packet in the forward direction.\n------\n- **I95-40195 LDAP does not allow search base to be configured correctly:** Search base parameters, filter generation, certificate assurance, and logging enhancements have been added to the `ldap-server` configuration. See [LDAP](config_ldap.md) for more information.\n------\n- **I95-40333 Save credentials for accessing SSR software repositories:** `set software access-token` is a new PCLI command to save credentials for accessing SSR software repositories. This provides a way to run `install128t repo authenticate` without dropping to a linux shell. For additional information on this command, see [`set software access-token`](cli_reference.md#set-software-access-token).\n------\n- **I95-43048 NIST FIPS Validated Cryptography:** FIPS Enforcement Mode has been added to the package-based installation processes. Refer to [FIPS Enforcement Mode](intro_installation_bootable_media.mdx#fips-enforcement-mode) for details.\n------\n- **I95-43785 DSCP Tag Preservation:** When set to `true` the `preserve-dscp` command allows you to preserve DSCP values that have been set in a service class or received on a LAN-Interface, over an SVR path. See [DSCP Preservation](config_dscp_preservation.md) for more inforamation.\n------\n- **I95-44769 Add Linux system logs to the Tech Support Information data:** This patch allows for customizations of the systemd journal content included in the `tech-support-info` bundle, and includes additional default content.\n------\n- **I95-44863 Automatic Core Assignment after Reboot:** On systems where `forwarding-core-mode` is set to `automatic`, if the CPU core count changes the software will automatically recalculate the core count and allocation at reboot.\n------\n- **I95-44870 Mist Self-Registration and Onboarding:** Onboarding a Mist Managed SSR instance can be accomplished as part of the installation process. For details, refer to the steps to [Associate the Router with Mist](intro_installation_image.md#associate-the-router-with-mist) as part of the image-based installation. \n------\n- **I95-45670 BGP Conditional Advertisement:** When an SSR prefers a given provider for outbound traffic, it can now be configured to receive locally destined traffic specifically from that provider. For details and configuration information, see [BGP Conditional Advertisement.](config_bgp.md#bgp-conditional-advertisement)\n------\n- **I95-45679 Round trip time to packet acknowledgement:** A new TCP metric that samples round trip time from data sent to acknowledgement has been added.\n------\n- **I95-46562 Allow targeting another router or node when saving tech-support-info:** GUI: A button has been added to the **Logs** page in the GUI to download a tech-support-info bundle. This allows downloading a router's `tech-support-info` directly from the Conductor GUI.
\nPCLI: The PCLI command `save tech-support-info` can now collect logs from another node. Using the Conductor's PCLI, a `tech-support-info` bundle can be collected from a Managed Router or the HA peer.\n------\n- **I95-46747 Improved the Password user experience:** You now are re-propmpted up to three times for the current password if it is incorrect. If a new password does not meet the strength check, you are prompted with that information, and required to update the password. \n\n### Resolved Issues\n\n- **The following CVE have been addressed and resolved:** I95-45054, I9-45056, I95-45059, I95-45060, I95-45165, I95-46020, I95-46359. \n------\n- **I95-35228 DHCP waypoint addresses not displayed on standby node in UI:** Resolved an issue where the PCLI logic was not matching the GUI Network Interface table.\n------\n- **I95-39274 DNS-based services kill asset connection resiliency:** Resolved an issue where an internal commit was bouncing the kni254 interface and causing a series of connection resets.\n------\n- **I95-42438 Save Tech Support tries to run when SSR service is down:** In situations where the PCLI is still active, but the SSR service is down, trying to run `save tech support` will appear to work, but does not return any info. This issue has been resolved, and will return a message when information is not retrievable. \n------\n- **I95-43606 No communication between Routers:** In rare instances the BFD Pinhole feature experienced collisions between forward session flows. Session modification has been addressed and collisions are now avoided.\n------\n- **I95-43779 DHCP IP Address not releasing appropriately:** When the cable is physically disconnected and reconnected from DHCP-enabled interfaces, the interfaces are now triggered to send out a DHCP Request for their current IP address.\n------\n- **I95-44001 Peer uptime showing \"Unavailable\":** Peer path uptime now displays the correct values.\n------\n- **I95-44548 Application Summary Sort Order:** Resolved an issue with the Application Summary sort order changing unintentionally.\n------\n- **I95-44551 DHCP Relay not working after upgrade:** A packet for traffic matching a summary service may be dropped because it was incorrectly flagged as hierarchical on the SVR peer. Well known non-hierarchical services such as DHCP relay will no longer perform hierarchical service checks on the peer.\n------\n- **I95-44726 Invalid return code returned by T1 card firmware creating a memory leak:** Resolved a buffer leak in the wanpipe driver.\n------\n- **I95-44988 SSR Stuck in Upgrade status:** Improved logging to detect when an installer session is started and there is an already an active interactive installer session; for example when an interactive installer session was left open.\n------\n- **I95-45094 Unnecessary rotation of salt minion config:** Resolved an issue where the global.init and salt minion config are unnecessarily rotated and updated with no changes to the actual contents of the file.\n------\n- **I95-45126 Split-brain after the sync interface goes down:** Resolved an issue that if the SSR software experienced a crash while it owned an interface from an X553 device, other devices hosted by the same chip could be impacted.\n------\n- **I95-45164 `show-active-peers` missing some information:** Resolved a corner case where an RFC-compliant device ahead of a non-compliant device with a smaller MTU, the SSR misinterprets the non-compliant device's timeouts and the MTU will be unresolvable.\n------\n- **I95-45271 Error while trying to change appearance or selecting custom reports:** In some cases where error messages are vague, a path to the error location is provided. \n------\n- **I95-45372 Filters in the Routers Tab not working:** Resolved a logic issue with the GUI table.\n------\n- **I95-45489 `ifcfg` custom options issues:** Resolved an issue where interface ifcfg option changes were not being processed.\n------\n- **I95-45814 No Bandwidth statistics visible in GUI:** Resolved an issue when processing high numbers of services and service routes which prevented a subset of stats from being stored and displayed.\n------\n- **I95-45842 PCLI `show events` does not paginate correctly:** This issue has been resolved.\n------\n- **I95-45882 Rare case where an invalid DHCP server configuration generated:** This issue has been resolved.\n------\n- **I95-45890 Service paths for BGP over SVR routes are not being rebuilt:** Resolved an issue when the vector configuration is changed on a network interface, the service paths for BGP over SVR routes are not being rebuilt. \n------\n- **I95-45999 Azure Router Crash:** Added support for NetVSC/VF hotswapping to resolve this issue.\n------\n- **I95-46055 Add warning when transmit caps are too low:** Users now get a warning when configuring a traffic-engineering transmit-cap under 1Mbps.\n------\n- **I95-46114 SSR flooded with Highway messages:** The chatty `InterfaceMap::Exception: Unable to find path to peer` highway log has been suppressed. \n------\n- **I95-46136 Unused Application ID stats not being purged fast enough:** Resolved an issue where application ID stats tracked per client, per app, per next-hop are not cleaned up when inactive.\n------\n- **I95-46169 RIB Doesn't Update Connected Route After Changing Network Interface Address Prefix from /24 to /27:** Resolved an issue when changing the prefix length for a network interface address, the RIB was not updated and routing protocols were not aware of the change.\n------\n- **I95-46230 Highway Crash:** Resolved an issue where uncaught exceptions were causing highway issues.\n------\n- **I95-46314 Configuring Static Assignment with Client-Identifier Causes DHCP failure:** Updated config validation to verify that, within a single DHCP server host-service, all static assignments use unique client-identifiers.\n------\n- **I95-46332 VRRP Does Not Work with Ethernet Controller X710 for 10GbE SFP+:** Configuring VRRP on an Intel X700 series NIC can see discard broadcast packets due to the source pruning feature which is enabled by default. This change disables source pruning when VRRP is enabled on these NICs.\n------\n- **I95-46411 PPPoE over VLAN interface status missing in `show` commands:** Added atttribute to show the missing information. \n------ \n- **I95-46419 Forward Error Correction (FEC) with OutBound Only Fails:** Resolved an issue where FEC actions are not installed properly after the modifcation to resolve the outbound only path.\n------\n- **I95-46454 ICMP manager excessively logs ICMP echo replies with no matching context:** This issue has been resolved.\n------\n- **I95-46458 `set password` from PCLI hangs at \"Modifying password\":** This issue has been resolved. \n------\n- **I95-46613 Flow move may not happen without forward packet for outbound only sessions:** Resolved an issue that when a session has been idle for more than 10 seconds, sessions for outbound-only connections may not failover properly without a forward packet.\n------\n- **I95-46641 Modem lockup after reset on dual LTE system:** Resolved an issue with dual LTE modem lockup after reset.\n------\n- **I95-46822 Revertible failover traffic not restored when reverse traffic is present:** For a \"revertible-failover\" service policy, when the preferred path is restored and a session no longer traverses an internode dogleg path, it was taking several seconds for traffic to be restored when forward traffic is present; in situations where only reverse traffic is present, traffic may not be restored. This issue has been resolved.\n------\n- **I95-46931 Hardware using ConnectX6-DX fails to initialize:** Added support for this card variant.\n------\n- **I95-46959 PPPoE over VLAN not working when target interface is down:** Added code to bring up parent interface before VLAN interface.\n------\n- **I95-47111 Issues with redundant interfaces on startup:** Resolved an issue where the notifications for active interfaces may get lost when using VRRP for redundancy.\n\n## Release 5.6.0-44\n\n**Release Date:** May 20, 2022\n\n### New Features\n\n- **I95-10056 RADIUS support for Multi-Factor Authentication:** Integration between Radius user access and Role-based Access Control allows the SSR to support Multi-Factor Authentication using Yubikey. \n------\n- **I95-200118 Configuration Concurrency at Scale:** Support for multiple users concurrently editing the SSR configuration is now supported. For more information, see [Candidate Configuration](config_basics.md#candidate-configuration).\n------\n- **I95-32820 and I95-41915 STEP High Availability:** See [STEP High Availability](config_step_ha.md) for more information. \n------\n- **I95-37417 Additional factory default session-type configuration:** Added factory-default session-types for NetBIOS Name Service, NTP, and LDAP over UDP.\n------\n- **I95-37648 Configurable Password Policy:** The SSR password policies have been updated to provide a more secure experience. See [Password Policies](config_password_policies.md) for additional information.\n------\n- **I95-38430 Support for PPPoE over VLAN:** Added support for PPPoE over VLAN. See [VLAN Support on a PPPoE Interface](howto_pppoe_vlan.md) for configuration information. \n------\n- **I95-39712 Hierarchical Service Inheritance For STEP Learned Routes:** Child services now inherit routes of their parent services, when the parent route is learned through STEP. For more information see [Hierarchical Services.](config_STEP.md#hierarchical-services)\n------\n- **I95-40130 Factory Defaults for Conductor Communication:** Added SaltStack, Conductor, and IKE default session-types. For new deployments, SIP, SIPS, and IPSEC-NAT use NAT Keep Alive by default, and the timeout for IPSEC-NAT is 125 seconds.\n------\n- **I95-40660 Kernel Upgrade:** The OS kernel has been upgraded to address several CVEs and provide support for Wireguard and Cordoba.\n------\n- **I95-41449 NTP Authentication with SHA1 or better:** Support for NTP authentication provides options for external NTP server authentication. See [NTP Authentication](config_ntp_auth.md) for more information.\n------\n- **I95-41509 STEP Route Computation enhancements:** STEP uses additional service policy information when computing the best path scenario. See [STEP Route Computation](config_STEP.md#route-computation) for more information.\n------\n- **I95-41557 Software Lifecycle Management:** The download, upgrade, and software lifecycle process is more easily managed from a single location in the GUI. See [Software Lifecycle](upgrade_router.md#upgrade-using-the-conductors-gui) for additional information. \n------\n- **I95-42483 STEP Page in the GUI:** [The STEP page in the GUI](howto_STEP_GUI.md) provides graphical representations of STEP data. \n------\n- **I95-42887 Real-time alerts for Audit failure events:** A service has been added a service that warns all logged in users if auditd fails to start and audit logging capability is impacted. See [Audit Events](config_audit_event.md#basic-configuration) for more information. \n------\n- **I95-42888 Logout mechanism for administrator-initiated communication sessions:** A PCLI command and audit log are available to verify session closure.\n------\n- **I95-43039 File permissions, ownership/membership of system files and commands remain static:** Unauthorized or unintended changes are not introduced during the operation of the SSR Software.\n------\n- **I95-43040 Non-certificate trusted host is not allowed SSH logon to the system:** The SSH daemon performs strict mode checking and does not allow a non-trusted host SSH to logon to the system.\n------\n- **I95-43041 Datagram Congestion Control Protocol (DCCP) kernel module is disabled unless required:** The DCCP module is prevented from loading unless it is specifically required. \n------\n- **I95-43047 Local initialization files do not execute world-writable programs:** The directories are not world-writable.\n------\n- **I95-43049 The audit system notifies the user when there is an error sending audit records to a remote system:** Remote logging for audit logs and appropriate messaging has been added. See [Audit Events](config_audit_event.md#basic-configuration) for more information.\n------\n- **I95-43050 Strict mode checking of home directory configuration files:** The SSH daemon performs strict mode checking home directory configuration files.\n------\n- **I95-43051 Remote X connections are disabled except to fulfill documented and validated requirements:** X server is disabled as part of the mode checking of home directory configuration files. \n------\n- **I95-43496 BFD for Routing Protocols:** BFD support for BGP and OSPF protocols has been added. See [Optimizing Routing Protocols: BFD](config_bfd.md) for more information.\n\n## Resolved Issues\n\n- **I95-36758 Redistributed service route distance not configurable:** Support has been added for the configuration of admin distance for kernel routes generated by services with service routes and for BGP over SVR services. \n------\n- **I95-38408 DHCP server on wrong vlan sends offer in response to discover message:** Hosted DHCP servers that do not have an explicit vlan configured are now explicitly treated as vlan 0, and handle any DHCP packets that are untagged/vlan 0, in order to prevent those packets from being multicasted to multiple DHCP servers.\n------\n- **I95-40904 Power save mode not working:** This issue has been resolved.\n------\n- **I95-41992 Warning for Rate-Limit with Flow-Limit values at 0:** A warning has been added to advise users that this will cause dropped packets.\n------\n- **I95-43239 LTE APN on Modem not set up correctly:** The APN is now always written to the the modem using the default index of 1. \n------\n- **I95-44142 Automated Provisioner Race condition:** Resolved a rare crash where applications would attempt to get information about already-closed sockets when responding to API requests.\n------\n- **I95-44435 Save Tech Support should include Service Paths:** `save tech-support-info` includes `show service-path` and `show rib`.\n------\n- **I95-44722 Time series HMAC failures after rebooting node in HA router:** Device interfaces are flushed upon becoming active to avoid handling of packets which have been delayed due to inactivity.\n------\n- **I95-44726 Invalid return code returned by T1 firmware creating a memory leak:** Resolved a buffer leak in the wanpipe driver.\n------\n- **I95-44823 Conductor upgrade failure - extra space in integer is invalid:** Extra spaces on integer types are now trimmed off to avoid this issue.\n------\n- **I95-44854 Extra \"Application\" column in Top Sessions panel:** The extra column has been removed. \n------\n- **I95-44913 kmod-i40e metapackage causing upgrade issues:** The metapackage has been removed and upgrade issues have been resolved.\n------\n- **I95-44985 Update salt-minion minimum version to resolve CVEs:** This issue has been resolved. \n------\n- **I95-44991 SSR not passing Aruba data on GRE Tunnels:** Resolved an issue where GRE packets with reserved bit in the header are incorrectly dropped as invalid.\n------\n- **I95-45063 SSR azure instances unstable on large machine types:** Resolved an unpgrade issue causing instability in Azure instances using Mellanox5. \n------\n- **I95-45113 snmp override of the IfTable:** An issue with SNMP reporting has been resolved.\n------\n- **I95-45123 CVE Issue:** The latest Security vulnerabilities have been identified and addressed.\n------\n- **I95-45124 RBAC Config Endpoints Leaking Information:** Resolved an issue where some configuration endpoints would allow users with incorrect permissions make requests.\n------\n- **I95-45146 GUI error message for users authenticated by LDAP to Active Directory Server:** This issue has been resolved.\n------\n- **I95-45162 Improve download/upgrade error message if a router name does not exist:** In situations where a router does not exist, the download and upgrade message now indicates that the router does not exist.\n------\n- **I95-45211 New users run into permissions errors:** Access Control Lists are now preserved on file rotations.\n------\n- **I95-45220 Conductor local forwarding parameters not dynamic:** Resolved an issue when transitioning a conductor from standalone to HA the managed routers were not automatically connecting to the newly added conductor node.\n------\n- **I95-45268 Third-party-drivers rpm install hung:** Resolved an issue where the installation hangs when running a post-install scriptlet. The script is not necessary at that stage and has been disabled.\n------\n- **I95-45348 Update salt master and minion to 3002.8:** This update resolves several CVE and requires that the conductor must be running this release containing these fixes **before** upgrading a router. \n**Important** Please see the Caveat below for additional important information about HA upgrades.\n------\n- **I95-45374 Router Dropping SIP traffic:** A warning is displayed if users configure a service-class to rate-limit but don't set max-flow-burst/max-flow-rate values (default is set to 0).\n------\n- **I95-45541 LDAP users are unable to login to the PCLI due to permission errors:** This issue has been resolved.\n------\n- **I95-45559 Corrupted resolv.conf after ODM imaging:** Resolved an issue on SSR systems running dns-proxy services with external interfaces configured using PEERDNS=yes, where a race condition may occur that results in corrupt nameservers being added to the /etc/resolv.conf file.\n------\n- **I95-45583 HA Connection lost during commit:** Resolved an issue where session was missing necessary path data information relating to the peer path.\n------\n- **I95-45618 MAC address issue in Azure environment:** Non-ethernet MAC addresses are now handled correctly during MLX device discovery.\n------\n- **I95-45641 Stuck BGPoSVR Sessions after Failover:** Made changes to provide updates to less specific FIB entries when routes are updated to resolve this issue.\n------\n- **I95-45643 User created users missing after upgrade:** Resolved an issue where the XML values true/false are also handled as 1/0.\n------\n- **I95-45696 Memory leak in pam challenge library:** Resolved a memory leak in the PAM challenge library. \n------\n- **I95-45779 LDAP user login blocked during HA upgrade:** Resolved an issue where the LDAP user login was blocked until the upgrade was complete on both HA conductors.\n------\n- **I95-45761 SSH ClientAliveInterval change:** The SSH `ClientAliveInterval` has been reset to 900.\n------\n- **I95-45783 User home directories different across the topology during upgrade:** Resolved an issue with incorrect LDAP user roles during upgrade.\n------\n- **I95-45816 \"TCP State Stream Parse Error\" filling up the flpp.log:** This log issue has been addressed. \n\n## Caveats\n\n- **I95-45348: Update salt master and minion to 3002.8:** When upgrading an HA pair to version 5.6.0, please be aware of the following: While updating the conductors in an HA pair, the upgraded conductor node asset state will remain DISCONNECTED if the active `automatedProvisioner` is not running a corrected version. When performing an HA conductor upgrade the node running the oldest software assumes leadership. However, the older version will not be able to talk to the new software on the upgraded conductor. \n\nThe active `automatedProvisioner` can be determined by running the command `show system processes`. Once the upgrade begins on the old node, the newly upgraded conductor takes over.\n\n#### Corrected Versions\n\n| Router Software Version | Minimum Required Conductor Version |\n| --- | --- |\n| 5.6.0 | 5.6.0 or later |\n\n"} \ No newline at end of file diff --git a/assets/js/12973385.673551c2.js b/assets/js/12973385.673551c2.js new file mode 100644 index 0000000000..6be4f9f589 --- /dev/null +++ b/assets/js/12973385.673551c2.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunk_128t_docs=self.webpackChunk_128t_docs||[]).push([[3965],{35493:(e,s,r)=>{r.r(s),r.d(s,{assets:()=>j,contentTitle:()=>u,default:()=>b,frontMatter:()=>_,metadata:()=>h,toc:()=>x});var l=r(74848),a=r(28453),t=(r(96540),r(32885));const o=()=>({}),n=e=>{let{columns:s,data:r,getHeaderProps:a=o,getColumnProps:n=o}=e;const{getTableProps:d,getTableBodyProps:i,headerGroups:c,rows:_,prepareRow:u}=(0,t.useTable)({columns:s,data:r},t.useSortBy);return(0,l.jsxs)("table",{...d(),children:[(0,l.jsx)("thead",{children:c.map((e=>(0,l.jsx)("tr",{...e.getHeaderGroupProps(),children:e.headers.map((e=>(0,l.jsxs)("th",{...e.getHeaderProps([{className:e.className},a(e),n(e),e.getSortByToggleProps()]),children:[e.render("Header"),(0,l.jsx)("span",{children:e.isSorted?e.isSortedDesc?" \u25bc":" \u25b2":""})]})))})))}),(0,l.jsx)("tbody",{...i(),children:_.map(((e,s)=>(u(e),(0,l.jsx)("tr",{...e.getRowProps(),children:e.cells.map((e=>(0,l.jsx)("td",{...e.getCellProps([{className:e.column.className,style:e.column.style},n(e.column)]),children:e.render("Cell")})))}))))})]})};var d=r(86025);const i=[{version:"5.6.16",url:"/docs/release_notes_128t_5.6#release-5616-16",releaseDate:"November 25, 2024"},{version:"6.1.11",url:"/docs/release_notes_128t_6.1#release-6111-5-lts",releaseDate:"October 17, 2024"},{version:"6.2.7",url:"/docs/release_notes_128t_6.2#release-627-4-sts",releaseDate:"October 3, 2024"},{version:"6.3.0",url:"/docs/release_notes_128t_6.3#release-630-107r1",releaseDate:"September 30, 2024"},{version:"6.2.6",url:"/docs/release_notes_128t_6.2#release-626-15-sts",releaseDate:"September 6, 2024"},{version:"6.1.10",url:"/docs/release_notes_128t_6.1#release-6110-8-lts",releaseDate:"August 22, 2024"},{version:"5.6.15",url:"/docs/release_notes_128t_5.6#release-5615-1",releaseDate:"June 27, 2024"},{version:"6.1.9",url:"/docs/release_notes_128t_6.1#release-619-2-lts",releaseDate:"June 27, 2024"},{version:"6.2.5",url:"/docs/release_notes_128t_6.2#release-625-5r2",releaseDate:"June 6, 2024"},{version:"5.6.14",url:"/docs/release_notes_128t_5.6#release-5614-7",releaseDate:"May 14, 2024"},{version:"6.1.8",url:"/docs/release_notes_128t_6.1#release-618-15-lts",releaseDate:"May 3, 2024"},{version:"6.2.4",url:"/docs/release_notes_128t_6.2#release-624-14r2",releaseDate:"March 29, 2024"},{version:"5.5.12",url:"/docs/release_notes_128t_5.5#release-5512-9",releaseDate:"February 22, 2024"},{version:"6.1.7",url:"/docs/release_notes_128t_6.1#release-617-3-lts",releaseDate:"February 17, 2024"},{version:"5.6.13",url:"/docs/release_notes_128t_5.6#release-5613-7",releaseDate:"January 30, 2024"},{version:"6.1.6",url:"/docs/release_notes_128t_6.1#release-616-7-lts",releaseDate:"January 2, 2024"},{version:"6.2.3",url:"/docs/release_notes_128t_6.2#release-623-14r2",releaseDate:"December 15, 2023"},{version:"6.2.0",url:"/docs/release_notes_128t_6.2#release-620-39r1",releaseDate:"November 16, 2023"},{version:"5.6.12",url:"/docs/release_notes_128t_5.6#release-5612-1",releaseDate:"October 20, 2023"},{version:"5.6.11",url:"/docs/release_notes_128t_5.6#release-5611-4",releaseDate:"October 2, 2023"},{version:"6.1.5",url:"/docs/release_notes_128t_6.1#release-615-14-lts",releaseDate:"September 22, 2023"},{version:"5.6.10",url:"/docs/release_notes_128t_5.6#release-5610-6",releaseDate:"August 29, 2023"},{version:"5.5.11",url:"/docs/release_notes_128t_5.5#release-5511-4",releaseDate:"August 21, 2023"},{version:"5.5.10",url:"/docs/release_notes_128t_5.5#release-5510-6",releaseDate:"July 31, 2023"},{version:"5.6.9",url:"/docs/release_notes_128t_5.6#release-569-3",releaseDate:"July 19, 2023"},{version:"6.1.4",url:"/docs/release_notes_128t_6.1#release-614-23r2",releaseDate:"July 14, 2023"},{version:"5.5.9",url:"/docs/release_notes_128t_5.5#release-559-4",releaseDate:"June 2, 2023"},{version:"5.6.8",url:"/docs/release_notes_128t_5.6#release-568-9",releaseDate:"May 25, 2023"},{version:"6.1.3",url:"/docs/release_notes_128t_6.1#release-613-4r1",releaseDate:"May 22, 2023"},{version:"6.1.2",url:"/docs/release_notes_128t_6.1#release-612-7r1",releaseDate:"May 12, 2023"},{version:"6.0.10",url:"/docs/release_notes_128t_6.0#release-6010-5",releaseDate:"May 12, 2023"},{version:"6.1.1",url:"/docs/release_notes_128t_6.1#release-611-6r1",releaseDate:"April 28, 2023"},{version:"6.1.0",url:"/docs/release_notes_128t_6.1#release-610-55r1",releaseDate:"April 14, 2023"},{version:"6.0.9",url:"/docs/release_notes_128t_6.0#release-609-3",releaseDate:"April 3, 2023"},{version:"5.6.7",url:"/docs/release_notes_128t_5.6#release-567-4",releaseDate:"March 16, 2023"},{version:"6.0.8",url:"/docs/release_notes_128t_6.0#release-608-20",releaseDate:"March 7, 2023"},{version:"5.5.8",url:"/docs/release_notes_128t_5.5#release-558-7",releaseDate:"February 1, 2023"},{version:"5.6.6",url:"/docs/release_notes_128t_5.6#release-566-7",releaseDate:"January 18, 2023"},{version:"5.4.11",url:"/docs/release_notes_128t_5.4#release-5411-4",releaseDate:"December 30, 2022"},{version:"5.6.5",url:"/docs/release_notes_128t_5.6#release-565-5",releaseDate:"December 28, 2022"},{version:"6.0.7",url:"/docs/release_notes_128t_6.0#release-607-8",releaseDate:"December 5, 2022"},{version:"5.4.10",url:"/docs/release_notes_128t_5.4#release-5410-3",releaseDate:"November 23, 2022"},{version:"5.6.4",url:"/docs/release_notes_128t_5.6#release-564-3",releaseDate:"November 18, 2022"},{version:"5.5.7",url:"/docs/release_notes_128t_5.5#release-557-3",releaseDate:"November 15, 2022"},{version:"5.6.3",url:"/docs/release_notes_128t_5.6#release-563-6",releaseDate:"November 7, 2022"},{version:"5.4.9",url:"/docs/release_notes_128t_5.4#release-549-7",releaseDate:"November 9, 2022"},{version:"5.5.6",url:"/docs/release_notes_128t_5.5#release-556-2",releaseDate:"October 21, 2022"},{version:"6.0.5",url:"/docs/release_notes_128t_6.0#release-605-17",releaseDate:"October 14, 2022"},{version:"5.4.8",url:"/docs/release_notes_128t_5.4#release-548-8",releaseDate:"October 11, 2022"},{version:"5.6.2",url:"/docs/release_notes_128t_5.6#release-562-7",releaseDate:"October 4, 2022"},{version:"5.5.5",url:"/docs/release_notes_128t_5.5#release-555-3",releaseDate:"September 23, 2022"},{version:"5.5.4",url:"/docs/release_notes_128t_5.5#release-554-8",releaseDate:"September 19, 2022"},{version:"6.0.4",url:"/docs/release_notes_128t_6.0#release-604-11",releaseDate:"September 12, 2022"},{version:"6.0.2",url:"/docs/release_notes_128t_6.0#release-602-8",releaseDate:"August 16, 2022"},{version:"6.0.1",url:"/docs/release_notes_128t_6.0#release-601-12",releaseDate:"August 15, 2022"},{version:"5.5.3",url:"/docs/release_notes_128t_5.5#release-553-4",releaseDate:"August 19, 2022"},{version:"5.4.7",url:"/docs/release_notes_128t_5.4#release-547-7",releaseDate:"August 4, 2022"},{version:"5.6.1",url:"/docs/release_notes_128t_5.6#release-561-18",releaseDate:"August 1, 2022"},{version:"6.0.0",url:"/docs/release_notes_128t_6.0#release-600-56",releaseDate:"July 18, 2022"},{version:"5.2.4",url:"/docs/release_notes_128t_5.2#release-524-1",releaseDate:"July 7, 2022"},{version:"5.5.2",url:"/docs/release_notes_128t_5.5#release-552-5",releaseDate:"June 30, 2022"},{version:"5.4.6",url:"/docs/release_notes_128t_5.4#release-546-9",releaseDate:"June 28, 2022"},{version:"5.5.1",url:"/docs/release_notes_128t_5.5#release-551-6",releaseDate:"June 1, 2022"},{version:"5.6.0",url:"/docs/release_notes_128t_5.6",releaseDate:"May 20, 2022"},{version:"5.2.3",url:"/docs/release_notes_128t_5.2#release-523",releaseDate:"May 20, 2022"},{version:"5.4.5",url:"/docs/release_notes_128t_5.4#release-545-8",releaseDate:"May 11, 2022"},{version:"5.1.9",url:"/docs/release_notes_128t_5.1#release-519-1",releaseDate:"March 16, 2022"},{version:"5.5.0",url:"/docs/release_notes_128t_5.5",releaseDate:"March 7, 2022"},{version:"5.4.4",url:"/docs/release_notes_128t_5.4#release-544-9",releaseDate:"February 18, 2022"},{version:"5.4.3",url:"/docs/release_notes_128t_5.4#release-543-8",releaseDate:"January 27, 2022"},{version:"5.1.8",url:"/docs/release_notes_128t_5.1#release-518",releaseDate:"January 18, 2022"},{version:"5.4.2",url:"/docs/release_notes_128t_5.4#release-542-5",releaseDate:"December 22, 2021"},{version:"5.1.7",url:"/docs/release_notes_128t_5.1#release-517",releaseDate:"December 9, 2021"},{version:"5.4.1",url:"/docs/release_notes_128t_5.4#release-541-4",releaseDate:"November 23, 2021"},{version:"5.4.0",url:"/docs/release_notes_128t_5.4#release-540-104",releaseDate:"November 18, 2021"},{version:"5.1.6",url:"/docs/release_notes_128t_5.1#release-516",releaseDate:"October 27, 2021"},{version:"4.5.11",url:"/docs/release_notes_128t_4.5#release-4511",releaseDate:"September 7, 2021"},{version:"5.2.2",url:"/docs/release_notes_128t_5.2#release-522",releaseDate:"August 24, 2021"},{version:"5.1.5",url:"/docs/release_notes_128t_5.1#release-515",releaseDate:"August 13, 2021"},{version:"5.3.0",url:"/docs/release_notes_128t_5.3#release-53",releaseDate:"August 6, 2021"},{version:"5.2.1",url:"/docs/release_notes_128t_5.2#release-521",releaseDate:"July 20, 2021"},{version:"5.1.4",url:"/docs/release_notes_128t_5.1#release-514",releaseDate:"July 7, 2021"},{version:"4.5.10",url:"/docs/release_notes_128t_4.5#release-4510",releaseDate:"June 8, 2021"},{version:"4.5.9",url:"/docs/release_notes_128t_4.5#release-459",releaseDate:"May 20, 2021 "},{version:"5.1.3",url:"/docs/release_notes_128t_5.1#release-513",releaseDate:"May 17, 2021"},{version:"5.2.0",url:"/docs/release_notes_128t_5.2#release-5.2",releaseDate:"May 10, 2021"},{version:"5.1.2",url:"/docs/release_notes_128t_5.1#release-512",releaseDate:"April 30, 2021"},{version:"4.5.8",url:"/docs/release_notes_128t_4.5#release-458",releaseDate:"April 28, 2021"},{version:"5.1.1",url:"/docs/release_notes_128t_5.1#release-511",releaseDate:"April 12, 2021"},{version:"5.0.1",url:"/docs/release_notes_128t_5.0#release-501",releaseDate:"April 12, 2021"},{version:"4.5.7",url:"/docs/release_notes_128t_4.5#release-457",releaseDate:"April 12, 2021"},{version:"4.5.6",url:"/docs/release_notes_128t_4.5#release-456",releaseDate:"March 26, 2021"},{version:"5.1.0",url:"/docs/release_notes_128t_5.1#release-5.1",releaseDate:"March 15, 2021"},{version:"4.3.12",url:"/docs/release_notes_128t_4.3#release-4311",releaseDate:"March 12, 2021 "},{version:"4.5.5",url:"/docs/release_notes_128t_4.5#release-455",releaseDate:"February 10, 2021"},{version:"5.0.0",url:"/docs/release_notes_128t_5.0#release-5.0",releaseDate:"December 18, 2020"},{version:"4.5.4",url:"/docs/release_notes_128t_4.5#release-454",releaseDate:"December 16, 2020"},{version:"4.5.3",url:"/docs/release_notes_128t_4.5#release-453",releaseDate:"November 25, 2020"},{version:"4.2.9",url:"/docs/release_notes_128t_4.2#release-429",releaseDate:"November 20, 2020"},{version:"4.3.11",url:"/docs/release_notes_128t_4.3#release-4311",releaseDate:"November 13, 2020"},{version:"4.3.10",url:"/docs/release_notes_128t_4.3#release-4310",releaseDate:"October 20, 2020"},{version:"4.5.2",url:"/docs/release_notes_128t_4.5#release-452",releaseDate:"October 13, 2020"},{version:"4.5.1",url:"/docs/release_notes_128t_4.5#release-451",releaseDate:"September 16, 2020"},{version:"4.4.2",url:"/docs/release_notes_128t_4.3#release-442",releaseDate:"September 3, 2020"},{version:"4.3.9",url:"/docs/release_notes_128t_4.3#release-439",releaseDate:"August 12, 2020"},{version:"4.5.0",url:"/docs/release_notes_128t_4.5#release-450",releaseDate:"July 23, 2020"},{version:"4.4.1",url:"/docs/release_notes_128t_4.3#release-441",releaseDate:"July 10, 2020"},{version:"4.3.8",url:"/docs/release_notes_128t_4.3#release-438",releaseDate:"June 26, 2020"},{version:"4.3.7",url:"/docs/release_notes_128t_4.3#release-437",releaseDate:"June 9, 2020"},{version:"4.2.8",url:"/docs/release_notes_128t_4.2#release-428",releaseDate:"June 5, 2020"},{version:"4.3.6",url:"/docs/release_notes_128t_4.3#release-436",releaseDate:"May 28, 2020"},{version:"4.1.10",url:"/docs/release_notes_128t_4.1#release-4110",releaseDate:"May 28, 2020"},{version:"4.3.5",url:"/docs/release_notes_128t_4.3#release-435",releaseDate:"May 22, 2020"},{version:"4.4.0",url:"/docs/release_notes_128t_4.4#release-440",releaseDate:"May 19, 2020"},{version:"4.3.4",url:"/docs/release_notes_128t_4.3#release-434",releaseDate:"May 1, 2020"},{version:"4.2.7",url:"/docs/release_notes_128t_4.2#release-427",releaseDate:"May 1, 2020"},{version:"4.1.9",url:"/docs/release_notes_128t_4.1#release-419",releaseDate:"May 1, 2020"},{version:"4.3.3",url:"/docs/release_notes_128t_4.3#release-433",releaseDate:"April 12, 2020"},{version:"4.3.2",url:"/docs/release_notes_128t_4.3#release-432",releaseDate:"April 10, 2020"},{version:"4.2.6",url:"/docs/release_notes_128t_4.2#release-426",releaseDate:"April 8, 2020"},{version:"4.2.5",url:"/docs/release_notes_128t_4.2#release-425",releaseDate:"March 26, 2020"},{version:"4.3.1",url:"/docs/release_notes_128t_4.3#release-431",releaseDate:"March 6, 2020 "},{version:"4.1.8",url:"/docs/release_notes_128t_4.1#release-418",releaseDate:"Februray 28, 2020"},{version:"4.2.4",url:"/docs/release_notes_128t_4.2#release-424",releaseDate:"February 14, 2020"},{version:"4.3.0",url:"/docs/release_notes_128t_4.3#release-430",releaseDate:"February 8, 2020"},{version:"4.2.3",url:"/docs/release_notes_128t_4.2#release-423",releaseDate:"January 27, 2020"},{version:"4.1.7",url:"/docs/release_notes_128t_4.1#release-417",releaseDate:"January 8, 2020"},{version:"4.2.2",url:"/docs/release_notes_128t_4.2#release-422",releaseDate:"December 20, 2019"},{version:"4.2.1",url:"/docs/release_notes_128t_4.2#release-421",releaseDate:"December 13, 2019"},{version:"4.1.6",url:"/docs/release_notes_128t_4.1#release-416",releaseDate:"December 6, 2019"},{version:"4.2.0",url:"/docs/release_notes_128t_4.2#release-420",releaseDate:"November 21, 2019"},{version:"4.1.5",url:"/docs/release_notes_128t_4.1#release-415",releaseDate:"July 24, 2019"},{version:"4.1.4",url:"/docs/release_notes_128t_4.1#release-414",releaseDate:"June 9, 2019"},{version:"4.1.3",url:"/docs/release_notes_128t_4.1#release-413",releaseDate:"April 26, 2019"},{version:"4.1.2",url:"/docs/release_notes_128t_4.1#release-412",releaseDate:"April 16, 2019"},{version:"4.1.1",url:"/docs/release_notes_128t_4.1#release-411",releaseDate:"March 5, 2019"},{version:"4.1.0",url:"/docs/release_notes_128t_4.1#release-410",releaseDate:"February 7, 2019"},{version:"4.0.1",url:"/docs/release_notes_128t_4.0#release-401",releaseDate:"January 22, 2019"},{version:"4.0.0",url:"",releaseDate:"December 18, 2018"},{version:"3.2.8",url:"",releaseDate:"November 12, 2018"}],c=[{Header:"Version",accessor:"version",className:"pester-data-table left",Cell:e=>{let{cell:{value:s},row:{original:r}}=e;return(0,l.jsx)("a",{href:(0,d.A)(""+r.url),children:s})}},{Header:"Release Date",accessor:"releaseDate",className:"pester-data-table left",sortType:function(e,s){var r=new Date(e).getTime(),l=new Date(s).getTime();return r{r.r(s),r.d(s,{assets:()=>j,contentTitle:()=>u,default:()=>b,frontMatter:()=>_,metadata:()=>h,toc:()=>x});var l=r(74848),a=r(28453),t=(r(96540),r(32885));const o=()=>({}),n=e=>{let{columns:s,data:r,getHeaderProps:a=o,getColumnProps:n=o}=e;const{getTableProps:d,getTableBodyProps:i,headerGroups:c,rows:_,prepareRow:u}=(0,t.useTable)({columns:s,data:r},t.useSortBy);return(0,l.jsxs)("table",{...d(),children:[(0,l.jsx)("thead",{children:c.map((e=>(0,l.jsx)("tr",{...e.getHeaderGroupProps(),children:e.headers.map((e=>(0,l.jsxs)("th",{...e.getHeaderProps([{className:e.className},a(e),n(e),e.getSortByToggleProps()]),children:[e.render("Header"),(0,l.jsx)("span",{children:e.isSorted?e.isSortedDesc?" \u25bc":" \u25b2":""})]})))})))}),(0,l.jsx)("tbody",{...i(),children:_.map(((e,s)=>(u(e),(0,l.jsx)("tr",{...e.getRowProps(),children:e.cells.map((e=>(0,l.jsx)("td",{...e.getCellProps([{className:e.column.className,style:e.column.style},n(e.column)]),children:e.render("Cell")})))}))))})]})};var d=r(86025);const i=[{version:"6.1.11",url:"/docs/release_notes_128t_6.1#release-6111-5-lts",releaseDate:"October 17, 2024"},{version:"6.2.7",url:"/docs/release_notes_128t_6.2#release-627-4-sts",releaseDate:"October 3, 2024"},{version:"6.3.0",url:"/docs/release_notes_128t_6.3#release-630-107r1",releaseDate:"September 30, 2024"},{version:"6.2.6",url:"/docs/release_notes_128t_6.2#release-626-15-sts",releaseDate:"September 6, 2024"},{version:"6.1.10",url:"/docs/release_notes_128t_6.1#release-6110-8-lts",releaseDate:"August 22, 2024"},{version:"5.6.15",url:"/docs/release_notes_128t_5.6#release-5615-1",releaseDate:"June 27, 2024"},{version:"6.1.9",url:"/docs/release_notes_128t_6.1#release-619-2-lts",releaseDate:"June 27, 2024"},{version:"6.2.5",url:"/docs/release_notes_128t_6.2#release-625-5r2",releaseDate:"June 6, 2024"},{version:"5.6.14",url:"/docs/release_notes_128t_5.6#release-5614-7",releaseDate:"May 14, 2024"},{version:"6.1.8",url:"/docs/release_notes_128t_6.1#release-618-15-lts",releaseDate:"May 3, 2024"},{version:"6.2.4",url:"/docs/release_notes_128t_6.2#release-624-14r2",releaseDate:"March 29, 2024"},{version:"5.5.12",url:"/docs/release_notes_128t_5.5#release-5512-9",releaseDate:"February 22, 2024"},{version:"6.1.7",url:"/docs/release_notes_128t_6.1#release-617-3-lts",releaseDate:"February 17, 2024"},{version:"5.6.13",url:"/docs/release_notes_128t_5.6#release-5613-7",releaseDate:"January 30, 2024"},{version:"6.1.6",url:"/docs/release_notes_128t_6.1#release-616-7-lts",releaseDate:"January 2, 2024"},{version:"6.2.3",url:"/docs/release_notes_128t_6.2#release-623-14r2",releaseDate:"December 15, 2023"},{version:"6.2.0",url:"/docs/release_notes_128t_6.2#release-620-39r1",releaseDate:"November 16, 2023"},{version:"5.6.12",url:"/docs/release_notes_128t_5.6#release-5612-1",releaseDate:"October 20, 2023"},{version:"5.6.11",url:"/docs/release_notes_128t_5.6#release-5611-4",releaseDate:"October 2, 2023"},{version:"6.1.5",url:"/docs/release_notes_128t_6.1#release-615-14-lts",releaseDate:"September 22, 2023"},{version:"5.6.10",url:"/docs/release_notes_128t_5.6#release-5610-6",releaseDate:"August 29, 2023"},{version:"5.5.11",url:"/docs/release_notes_128t_5.5#release-5511-4",releaseDate:"August 21, 2023"},{version:"5.5.10",url:"/docs/release_notes_128t_5.5#release-5510-6",releaseDate:"July 31, 2023"},{version:"5.6.9",url:"/docs/release_notes_128t_5.6#release-569-3",releaseDate:"July 19, 2023"},{version:"6.1.4",url:"/docs/release_notes_128t_6.1#release-614-23r2",releaseDate:"July 14, 2023"},{version:"5.5.9",url:"/docs/release_notes_128t_5.5#release-559-4",releaseDate:"June 2, 2023"},{version:"5.6.8",url:"/docs/release_notes_128t_5.6#release-568-9",releaseDate:"May 25, 2023"},{version:"6.1.3",url:"/docs/release_notes_128t_6.1#release-613-4r1",releaseDate:"May 22, 2023"},{version:"6.1.2",url:"/docs/release_notes_128t_6.1#release-612-7r1",releaseDate:"May 12, 2023"},{version:"6.0.10",url:"/docs/release_notes_128t_6.0#release-6010-5",releaseDate:"May 12, 2023"},{version:"6.1.1",url:"/docs/release_notes_128t_6.1#release-611-6r1",releaseDate:"April 28, 2023"},{version:"6.1.0",url:"/docs/release_notes_128t_6.1#release-610-55r1",releaseDate:"April 14, 2023"},{version:"6.0.9",url:"/docs/release_notes_128t_6.0#release-609-3",releaseDate:"April 3, 2023"},{version:"5.6.7",url:"/docs/release_notes_128t_5.6#release-567-4",releaseDate:"March 16, 2023"},{version:"6.0.8",url:"/docs/release_notes_128t_6.0#release-608-20",releaseDate:"March 7, 2023"},{version:"5.5.8",url:"/docs/release_notes_128t_5.5#release-558-7",releaseDate:"February 1, 2023"},{version:"5.6.6",url:"/docs/release_notes_128t_5.6#release-566-7",releaseDate:"January 18, 2023"},{version:"5.4.11",url:"/docs/release_notes_128t_5.4#release-5411-4",releaseDate:"December 30, 2022"},{version:"5.6.5",url:"/docs/release_notes_128t_5.6#release-565-5",releaseDate:"December 28, 2022"},{version:"6.0.7",url:"/docs/release_notes_128t_6.0#release-607-8",releaseDate:"December 5, 2022"},{version:"5.4.10",url:"/docs/release_notes_128t_5.4#release-5410-3",releaseDate:"November 23, 2022"},{version:"5.6.4",url:"/docs/release_notes_128t_5.6#release-564-3",releaseDate:"November 18, 2022"},{version:"5.5.7",url:"/docs/release_notes_128t_5.5#release-557-3",releaseDate:"November 15, 2022"},{version:"5.6.3",url:"/docs/release_notes_128t_5.6#release-563-6",releaseDate:"November 7, 2022"},{version:"5.4.9",url:"/docs/release_notes_128t_5.4#release-549-7",releaseDate:"November 9, 2022"},{version:"5.5.6",url:"/docs/release_notes_128t_5.5#release-556-2",releaseDate:"October 21, 2022"},{version:"6.0.5",url:"/docs/release_notes_128t_6.0#release-605-17",releaseDate:"October 14, 2022"},{version:"5.4.8",url:"/docs/release_notes_128t_5.4#release-548-8",releaseDate:"October 11, 2022"},{version:"5.6.2",url:"/docs/release_notes_128t_5.6#release-562-7",releaseDate:"October 4, 2022"},{version:"5.5.5",url:"/docs/release_notes_128t_5.5#release-555-3",releaseDate:"September 23, 2022"},{version:"5.5.4",url:"/docs/release_notes_128t_5.5#release-554-8",releaseDate:"September 19, 2022"},{version:"6.0.4",url:"/docs/release_notes_128t_6.0#release-604-11",releaseDate:"September 12, 2022"},{version:"6.0.2",url:"/docs/release_notes_128t_6.0#release-602-8",releaseDate:"August 16, 2022"},{version:"6.0.1",url:"/docs/release_notes_128t_6.0#release-601-12",releaseDate:"August 15, 2022"},{version:"5.5.3",url:"/docs/release_notes_128t_5.5#release-553-4",releaseDate:"August 19, 2022"},{version:"5.4.7",url:"/docs/release_notes_128t_5.4#release-547-7",releaseDate:"August 4, 2022"},{version:"5.6.1",url:"/docs/release_notes_128t_5.6#release-561-18",releaseDate:"August 1, 2022"},{version:"6.0.0",url:"/docs/release_notes_128t_6.0#release-600-56",releaseDate:"July 18, 2022"},{version:"5.2.4",url:"/docs/release_notes_128t_5.2#release-524-1",releaseDate:"July 7, 2022"},{version:"5.5.2",url:"/docs/release_notes_128t_5.5#release-552-5",releaseDate:"June 30, 2022"},{version:"5.4.6",url:"/docs/release_notes_128t_5.4#release-546-9",releaseDate:"June 28, 2022"},{version:"5.5.1",url:"/docs/release_notes_128t_5.5#release-551-6",releaseDate:"June 1, 2022"},{version:"5.6.0",url:"/docs/release_notes_128t_5.6",releaseDate:"May 20, 2022"},{version:"5.2.3",url:"/docs/release_notes_128t_5.2#release-523",releaseDate:"May 20, 2022"},{version:"5.4.5",url:"/docs/release_notes_128t_5.4#release-545-8",releaseDate:"May 11, 2022"},{version:"5.1.9",url:"/docs/release_notes_128t_5.1#release-519-1",releaseDate:"March 16, 2022"},{version:"5.5.0",url:"/docs/release_notes_128t_5.5",releaseDate:"March 7, 2022"},{version:"5.4.4",url:"/docs/release_notes_128t_5.4#release-544-9",releaseDate:"February 18, 2022"},{version:"5.4.3",url:"/docs/release_notes_128t_5.4#release-543-8",releaseDate:"January 27, 2022"},{version:"5.1.8",url:"/docs/release_notes_128t_5.1#release-518",releaseDate:"January 18, 2022"},{version:"5.4.2",url:"/docs/release_notes_128t_5.4#release-542-5",releaseDate:"December 22, 2021"},{version:"5.1.7",url:"/docs/release_notes_128t_5.1#release-517",releaseDate:"December 9, 2021"},{version:"5.4.1",url:"/docs/release_notes_128t_5.4#release-541-4",releaseDate:"November 23, 2021"},{version:"5.4.0",url:"/docs/release_notes_128t_5.4#release-540-104",releaseDate:"November 18, 2021"},{version:"5.1.6",url:"/docs/release_notes_128t_5.1#release-516",releaseDate:"October 27, 2021"},{version:"4.5.11",url:"/docs/release_notes_128t_4.5#release-4511",releaseDate:"September 7, 2021"},{version:"5.2.2",url:"/docs/release_notes_128t_5.2#release-522",releaseDate:"August 24, 2021"},{version:"5.1.5",url:"/docs/release_notes_128t_5.1#release-515",releaseDate:"August 13, 2021"},{version:"5.3.0",url:"/docs/release_notes_128t_5.3#release-53",releaseDate:"August 6, 2021"},{version:"5.2.1",url:"/docs/release_notes_128t_5.2#release-521",releaseDate:"July 20, 2021"},{version:"5.1.4",url:"/docs/release_notes_128t_5.1#release-514",releaseDate:"July 7, 2021"},{version:"4.5.10",url:"/docs/release_notes_128t_4.5#release-4510",releaseDate:"June 8, 2021"},{version:"4.5.9",url:"/docs/release_notes_128t_4.5#release-459",releaseDate:"May 20, 2021 "},{version:"5.1.3",url:"/docs/release_notes_128t_5.1#release-513",releaseDate:"May 17, 2021"},{version:"5.2.0",url:"/docs/release_notes_128t_5.2#release-5.2",releaseDate:"May 10, 2021"},{version:"5.1.2",url:"/docs/release_notes_128t_5.1#release-512",releaseDate:"April 30, 2021"},{version:"4.5.8",url:"/docs/release_notes_128t_4.5#release-458",releaseDate:"April 28, 2021"},{version:"5.1.1",url:"/docs/release_notes_128t_5.1#release-511",releaseDate:"April 12, 2021"},{version:"5.0.1",url:"/docs/release_notes_128t_5.0#release-501",releaseDate:"April 12, 2021"},{version:"4.5.7",url:"/docs/release_notes_128t_4.5#release-457",releaseDate:"April 12, 2021"},{version:"4.5.6",url:"/docs/release_notes_128t_4.5#release-456",releaseDate:"March 26, 2021"},{version:"5.1.0",url:"/docs/release_notes_128t_5.1#release-5.1",releaseDate:"March 15, 2021"},{version:"4.3.12",url:"/docs/release_notes_128t_4.3#release-4311",releaseDate:"March 12, 2021 "},{version:"4.5.5",url:"/docs/release_notes_128t_4.5#release-455",releaseDate:"February 10, 2021"},{version:"5.0.0",url:"/docs/release_notes_128t_5.0#release-5.0",releaseDate:"December 18, 2020"},{version:"4.5.4",url:"/docs/release_notes_128t_4.5#release-454",releaseDate:"December 16, 2020"},{version:"4.5.3",url:"/docs/release_notes_128t_4.5#release-453",releaseDate:"November 25, 2020"},{version:"4.2.9",url:"/docs/release_notes_128t_4.2#release-429",releaseDate:"November 20, 2020"},{version:"4.3.11",url:"/docs/release_notes_128t_4.3#release-4311",releaseDate:"November 13, 2020"},{version:"4.3.10",url:"/docs/release_notes_128t_4.3#release-4310",releaseDate:"October 20, 2020"},{version:"4.5.2",url:"/docs/release_notes_128t_4.5#release-452",releaseDate:"October 13, 2020"},{version:"4.5.1",url:"/docs/release_notes_128t_4.5#release-451",releaseDate:"September 16, 2020"},{version:"4.4.2",url:"/docs/release_notes_128t_4.3#release-442",releaseDate:"September 3, 2020"},{version:"4.3.9",url:"/docs/release_notes_128t_4.3#release-439",releaseDate:"August 12, 2020"},{version:"4.5.0",url:"/docs/release_notes_128t_4.5#release-450",releaseDate:"July 23, 2020"},{version:"4.4.1",url:"/docs/release_notes_128t_4.3#release-441",releaseDate:"July 10, 2020"},{version:"4.3.8",url:"/docs/release_notes_128t_4.3#release-438",releaseDate:"June 26, 2020"},{version:"4.3.7",url:"/docs/release_notes_128t_4.3#release-437",releaseDate:"June 9, 2020"},{version:"4.2.8",url:"/docs/release_notes_128t_4.2#release-428",releaseDate:"June 5, 2020"},{version:"4.3.6",url:"/docs/release_notes_128t_4.3#release-436",releaseDate:"May 28, 2020"},{version:"4.1.10",url:"/docs/release_notes_128t_4.1#release-4110",releaseDate:"May 28, 2020"},{version:"4.3.5",url:"/docs/release_notes_128t_4.3#release-435",releaseDate:"May 22, 2020"},{version:"4.4.0",url:"/docs/release_notes_128t_4.4#release-440",releaseDate:"May 19, 2020"},{version:"4.3.4",url:"/docs/release_notes_128t_4.3#release-434",releaseDate:"May 1, 2020"},{version:"4.2.7",url:"/docs/release_notes_128t_4.2#release-427",releaseDate:"May 1, 2020"},{version:"4.1.9",url:"/docs/release_notes_128t_4.1#release-419",releaseDate:"May 1, 2020"},{version:"4.3.3",url:"/docs/release_notes_128t_4.3#release-433",releaseDate:"April 12, 2020"},{version:"4.3.2",url:"/docs/release_notes_128t_4.3#release-432",releaseDate:"April 10, 2020"},{version:"4.2.6",url:"/docs/release_notes_128t_4.2#release-426",releaseDate:"April 8, 2020"},{version:"4.2.5",url:"/docs/release_notes_128t_4.2#release-425",releaseDate:"March 26, 2020"},{version:"4.3.1",url:"/docs/release_notes_128t_4.3#release-431",releaseDate:"March 6, 2020 "},{version:"4.1.8",url:"/docs/release_notes_128t_4.1#release-418",releaseDate:"Februray 28, 2020"},{version:"4.2.4",url:"/docs/release_notes_128t_4.2#release-424",releaseDate:"February 14, 2020"},{version:"4.3.0",url:"/docs/release_notes_128t_4.3#release-430",releaseDate:"February 8, 2020"},{version:"4.2.3",url:"/docs/release_notes_128t_4.2#release-423",releaseDate:"January 27, 2020"},{version:"4.1.7",url:"/docs/release_notes_128t_4.1#release-417",releaseDate:"January 8, 2020"},{version:"4.2.2",url:"/docs/release_notes_128t_4.2#release-422",releaseDate:"December 20, 2019"},{version:"4.2.1",url:"/docs/release_notes_128t_4.2#release-421",releaseDate:"December 13, 2019"},{version:"4.1.6",url:"/docs/release_notes_128t_4.1#release-416",releaseDate:"December 6, 2019"},{version:"4.2.0",url:"/docs/release_notes_128t_4.2#release-420",releaseDate:"November 21, 2019"},{version:"4.1.5",url:"/docs/release_notes_128t_4.1#release-415",releaseDate:"July 24, 2019"},{version:"4.1.4",url:"/docs/release_notes_128t_4.1#release-414",releaseDate:"June 9, 2019"},{version:"4.1.3",url:"/docs/release_notes_128t_4.1#release-413",releaseDate:"April 26, 2019"},{version:"4.1.2",url:"/docs/release_notes_128t_4.1#release-412",releaseDate:"April 16, 2019"},{version:"4.1.1",url:"/docs/release_notes_128t_4.1#release-411",releaseDate:"March 5, 2019"},{version:"4.1.0",url:"/docs/release_notes_128t_4.1#release-410",releaseDate:"February 7, 2019"},{version:"4.0.1",url:"/docs/release_notes_128t_4.0#release-401",releaseDate:"January 22, 2019"},{version:"4.0.0",url:"",releaseDate:"December 18, 2018"},{version:"3.2.8",url:"",releaseDate:"November 12, 2018"}],c=[{Header:"Version",accessor:"version",className:"pester-data-table left",Cell:e=>{let{cell:{value:s},row:{original:r}}=e;return(0,l.jsx)("a",{href:(0,d.A)(""+r.url),children:s})}},{Header:"Release Date",accessor:"releaseDate",className:"pester-data-table left",sortType:function(e,s){var r=new Date(e).getTime(),l=new Date(s).getTime();return r{s.r(n),s.d(n,{assets:()=>l,contentTitle:()=>t,default:()=>h,frontMatter:()=>o,metadata:()=>a,toc:()=>d});var r=s(74848),i=s(28453);const o={title:"SSR 5.6 Release Notes",sidebar_label:"5.6"},t=void 0,a={id:"release_notes_128t_5.6",title:"SSR 5.6 Release Notes",description:"Issues resolved in a release are merged into subsequent releases chronologically AND lexicographically.",source:"@site/docs/release_notes_128t_5.6.md",sourceDirName:".",slug:"/release_notes_128t_5.6",permalink:"/docs/release_notes_128t_5.6",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{title:"SSR 5.6 Release Notes",sidebar_label:"5.6"},sidebar:"docs",previous:{title:"6.0",permalink:"/docs/release_notes_128t_6.0"},next:{title:"5.5",permalink:"/docs/release_notes_128t_5.5"}},l={},d=[{value:"Upgrade Considerations",id:"upgrade-considerations",level:3},{value:"Release 5.6.16-16",id:"release-5616-16",level:2},{value:"Resolved Issues",id:"resolved-issues",level:3},{value:"Release 5.6.15-1",id:"release-5615-1",level:2},{value:"Resolved Issues",id:"resolved-issues-1",level:3},{value:"Release 5.6.14-7",id:"release-5614-7",level:2},{value:"Resolved Issues",id:"resolved-issues-2",level:3},{value:"Release 5.6.13-7",id:"release-5613-7",level:2},{value:"Resolved Issues",id:"resolved-issues-3",level:3},{value:"Release 5.6.12-1",id:"release-5612-1",level:2},{value:"Resolved Issues",id:"resolved-issues-4",level:3},{value:"Release 5.6.11-4",id:"release-5611-4",level:2},{value:"Resolved Issues Requiring Configuration Changes",id:"resolved-issues-requiring-configuration-changes",level:3},{value:"Resolved Issues",id:"resolved-issues-5",level:3},{value:"Caveats",id:"caveats",level:3},{value:"Release 5.6.10-6",id:"release-5610-6",level:2},{value:"Resolved Issues Requiring Configuration Changes",id:"resolved-issues-requiring-configuration-changes-1",level:3},{value:"Resolved Issues",id:"resolved-issues-6",level:3},{value:"Release 5.6.9-3",id:"release-569-3",level:2},{value:"Resolved Issues Requiring Configuration Changes",id:"resolved-issues-requiring-configuration-changes-2",level:3},{value:"Resolved Issues",id:"resolved-issues-7",level:3},{value:"Release 5.6.8-9",id:"release-568-9",level:2},{value:"Resolved Issues Requiring Configuration Changes",id:"resolved-issues-requiring-configuration-changes-3",level:3},{value:"Resolved Issues",id:"resolved-issues-8",level:3},{value:"Release 5.6.7-4",id:"release-567-4",level:2},{value:"Resolved Issues Requiring Configuration Changes",id:"resolved-issues-requiring-configuration-changes-4",level:3},{value:"Resolved Issues",id:"resolved-issues-9",level:3},{value:"Release 5.6.6-7",id:"release-566-7",level:2},{value:"Resolved Issues Requiring Configuration Changes",id:"resolved-issues-requiring-configuration-changes-5",level:3},{value:"Resolved Issues",id:"resolved-issues-10",level:3},{value:"Caveats",id:"caveats-1",level:3},{value:"Release 5.6.5-5",id:"release-565-5",level:2},{value:"Resolved Issues",id:"resolved-issues-11",level:3},{value:"Release 5.6.4-3",id:"release-564-3",level:2},{value:"Resolved Issues Requiring Configuration Changes",id:"resolved-issues-requiring-configuration-changes-6",level:3},{value:"Resolved Issues",id:"resolved-issues-12",level:3},{value:"Release 5.6.3-6",id:"release-563-6",level:2},{value:"Resolved Issues",id:"resolved-issues-13",level:3},{value:"Release 5.6.2-7",id:"release-562-7",level:2},{value:"Resolved Issues Requiring Configuration Changes",id:"resolved-issues-requiring-configuration-changes-7",level:3},{value:"Resolved Issues",id:"resolved-issues-14",level:3},{value:"Release 5.6.1-18",id:"release-561-18",level:2},{value:"Resolved Issues Requiring Configuration Changes",id:"resolved-issues-requiring-configuration-changes-8",level:3},{value:"Resolved Issues",id:"resolved-issues-15",level:3},{value:"Release 5.6.0-44",id:"release-560-44",level:2},{value:"New Features",id:"new-features",level:3},{value:"Resolved Issues",id:"resolved-issues-16",level:2},{value:"Caveats",id:"caveats-2",level:2},{value:"Corrected Versions",id:"corrected-versions",level:4}];function c(e){const n={a:"a",admonition:"admonition",code:"code",h2:"h2",h3:"h3",h4:"h4",hr:"hr",li:"li",p:"p",pre:"pre",strong:"strong",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",ul:"ul",...(0,i.R)(),...e.components};return(0,r.jsxs)(r.Fragment,{children:[(0,r.jsxs)(n.admonition,{type:"info",children:[(0,r.jsx)(n.p,{children:"Issues resolved in a release are merged into subsequent releases chronologically AND lexicographically."}),(0,r.jsx)(n.p,{children:"If you do not see an issue listed below, it may have been resolved in another recently released version. A link to the Release Notes for the most recent chronological release of SSR Software is provided."}),(0,r.jsxs)(n.p,{children:["Alternatively, refer to the ",(0,r.jsx)(n.strong,{children:(0,r.jsx)(n.a,{href:"/docs/about_releases",children:"List of Releases"})})," page for release dates and links to all SSR Release Notes; or, if you know the Issue ID Number, enter that into the Search field at the top right of this page."]})]}),"\n",(0,r.jsx)(n.h3,{id:"upgrade-considerations",children:"Upgrade Considerations"}),"\n",(0,r.jsx)(n.admonition,{type:"important",children:(0,r.jsxs)(n.p,{children:["Before upgrading please review the ",(0,r.jsx)(n.a,{href:"/docs/intro_upgrade_considerations",children:(0,r.jsx)(n.strong,{children:"Upgrade Considerations"})})," and the ",(0,r.jsx)(n.a,{href:"/docs/intro_rollback",children:(0,r.jsx)(n.strong,{children:"Rolling Back Software"})})," pages. Several modifications have been made to the process for verifying configurations, which will impact existing configurations."]})}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-43243/IN-460 Upgrade and Rollback:"})," Upgrading or rolling back a system (conductor peer or router) with the interactive installer ",(0,r.jsx)(n.code,{children:"install128t"}),", that is managed by a conductor may result in the system becoming unresponsive. It is highly recommended that upgrades be performed through the conductor UI. Manual upgrades and rollbacks may not be resilient to failures. See ",(0,r.jsx)(n.a,{href:"/docs/intro_rollback",children:"Rolling Back Software"})," for more information on these operations."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-42452 Conductor Upgrade Time:"})," Upgrades to version 5.4 and above can take up to 40 minutes due to the number of rpms being upgraded. Please plan accordingly."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-42624 Upgrade Installer:"})," Before ",(0,r.jsx)(n.strong,{children:"upgrading to, or installing"})," version 5.4 and above, update the Installer to at least version 3.1.0. Failing to upgrade the installer may result in a rollback failure, should a rollback be necessary at any time. The Installer typically prompts you update when a new version is available. Select ",(0,r.jsx)(n.strong,{children:"Update"})," when prompted."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"Plugin Upgrades:"})," If you are running with plugins, updates are required for some plugins ",(0,r.jsx)(n.strong,{children:"before"})," upgrading the conductor to SSR version 5.4.0 or higher. Please review the ",(0,r.jsx)(n.a,{href:"/docs/intro_upgrade_considerations#plugin-configuration-generation-changes",children:"Plugin Configuration Generation Changes"})," for additional information."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-5616-16",children:"Release 5.6.16-16"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," November 25, 2024"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"The following CVE's have been identified and addressed in this release:"}),"\nCVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094, CVE-2019-13631, CVE-2019-15505, CVE-2019-25162, CVE-2020-25656, CVE-2020-36777, CVE-2021-3753, CVE-2021-4204, CVE-2021-46934, CVE-2021-47013, CVE-2021-47055, CVE-2021-47118, CVE-2021-47153, CVE-2021-47171, CVE-2021-47185, CVE-2022-0500, CVE-2022-23222, CVE-2022-3565, CVE-2022-45934, CVE-2022-48627, CVE-2022-48669, CVE-2023-1513, CVE-2023-24023, CVE-2023-25775, CVE-2023-28464, CVE-2023-31083, CVE-2023-3567, CVE-2023-37453, CVE-2023-38409, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-39198, CVE-2023-4133, CVE-2023-4244, CVE-2023-42754, CVE-2023-42755, CVE-2023-45863, CVE-2023-51779, CVE-2023-51780, CVE-2023-52340, CVE-2023-52434, CVE-2023-52439, CVE-2023-52445, CVE-2023-52448, CVE-2023-52477, CVE-2023-52489, CVE-2023-52513, CVE-2023-52520, CVE-2023-52528, CVE-2023-52565, CVE-2023-52574, CVE-2023-52578, CVE-2023-52580, CVE-2023-52581, CVE-2023-52594, CVE-2023-52595, CVE-2023-52598, CVE-2023-52606, CVE-2023-52607, CVE-2023-52610, CVE-2023-52620, CVE-2023-6121, CVE-2023-6176, CVE-2023-6240, CVE-2023-6622, CVE-2023-6915, CVE-2023-6932, CVE-2024-0340, CVE-2024-0841, CVE-2024-23307, CVE-2024-25742, CVE-2024-25743, CVE-2024-25744, CVE-2024-26593, CVE-2024-26602, CVE-2024-26603, CVE-2024-26609, CVE-2024-26610, CVE-2024-26615, CVE-2024-26642, CVE-2024-26643, CVE-2024-26659, CVE-2024-26664, CVE-2024-26671, CVE-2024-26693, CVE-2024-26694, CVE-2024-26743, CVE-2024-26744, CVE-2024-26779, CVE-2024-26872, CVE-2024-26892, CVE-2024-26897, CVE-2024-26901, CVE-2024-26919, CVE-2024-26933, CVE-2024-26934, CVE-2024-26964, CVE-2024-26973, CVE-2024-26993, CVE-2024-27014, CVE-2024-27048, CVE-2024-27052, CVE-2024-27056, CVE-2024-27059, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602, CVE-2024-32487, CVE-2023-4408, CVE-2023-50387, CVE-2023-50868, CVE-2023-4408, CVE-2023-50387, CVE-2023-50868, CVE-2024-3596."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47195, I95-47196, I95-49015, I95-49599, I95-56682 Forwarding plane crash, causing stranded network namespaces when LTE/PPPoE network-interface name is changed:"})," Implemented reinit script to reiniatilize namespace, KNI and target-interface after a configuration change in the network-interface."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49018 Peers are not coming up for PPPoE interface on a standalone setup:"})," Reintroduced network ",(0,r.jsx)(n.code,{children:"reinit"})," script to reinitialize namespace, KNI, and target-interface after a config change in the ",(0,r.jsx)(n.code,{children:"network-interface"}),", or under abnormal conditions such as the ",(0,r.jsx)(n.code,{children:"target-interface"})," being moved out from the namespace."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49218 Filter OSPF routes using RIB Policy routes:"})," Use the ",(0,r.jsx)(n.code,{children:"configure authority router routing rib-policy"})," command from either the routing default-instance (",(0,r.jsx)(n.code,{children:"configure authority router routing"}),") or inside ",(0,r.jsx)(n.code,{children:"configure authority router routing vrf"})," to provide addtional filtering for OSPF routes. For more information see ",(0,r.jsx)(n.a,{href:"/docs/config_command_guide#configure-authority-router-routing-rib-policy",children:(0,r.jsx)(n.code,{children:"configure authority router routing rib-policy"})})," and ",(0,r.jsx)(n.a,{href:"/docs/config_command_guide#configure-authority-router-routing-vrf-rib-policy",children:(0,r.jsx)(n.code,{children:"configure authority router routing vrf rib-policy"})}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49712 Configuration validation error uniformative:"})," Resolved an issue that when configuring an SSR, invalid configuration parameters were returning errors that were not specific enough to allow the user to locate the invalid configuration. Now when invalid configuration elements are identified during validation, the messages include relevant information for the invalid element, such as an IP address, node name, router name, interface names, etc."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-56203 The First Article Inspection (FAI) scan archive is empty:"})," Resolved an issue with ",(0,r.jsx)(n.code,{children:"logrotate"})," clearing all the FAI scan archives. This was due to each archive having a unique name using a timestamp. A different service is now used to rotate the FAI scan files."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-56236 Routers unable to onboard after upgrading the Conductor:"})," Resolved an issue where the automated provisioner and the Quickstart processes overlapped, preventing the device state from being reviewed for errors, which stopped the onboarding process."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-56326 / I95-57000 Potential crash while collecting TSI:"})," Added protection against unmapped memory access to resolve an issue where, if a TSI is collected at just the wrong time, it can cause a highway crash."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-56455 Zero-byte files when updating conductor hardware using an OTP image:"})," A check has been added to verify that ",(0,r.jsx)(n.code,{children:"api.key"})," and ",(0,r.jsx)(n.code,{children:"router-api.key"})," are non-zero length and valid. If not, the keys are regenerated."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-56527 Failure to validate and commit config; system incorrectly expected escape sequence:"})," Resolved an issue where capture-filter expected an escape sequence for input when it was not necessary."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-56575 Reduce polling rate of disk monitoring and add optimization:"})," The disk monitoring agent polling frequently is inefficient. Reduced the frequency that disk usage is checked, and streamlined the process."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-56612 ",(0,r.jsx)(n.code,{children:"fib-service-match any-match"})," missing some FIB entries:"]})," Resolved an issue when a service-address was more specific than the last route update, a search for other less specific services was not performed. Now when the service address update is more specific, additional searches will continue."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-56715 Address validation in migrate feature in conductor UI is not working correctly:"})," Resolved an isssue between the client and the server during the use of the GUI ",(0,r.jsx)(n.code,{children:"migrate"})," operation, where the conductor address was not read correctly, and returning an irrelevant error message."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-56726 ",(0,r.jsx)(n.code,{children:"No Timeout Queue"})," message logged in cases where a config commit fails, or a conductor fails to load a config on startup:"]})," Resolved an issue with ",(0,r.jsx)(n.code,{children:"ThreadPoolWithExternalPoller"})," that resulted in a stack trace in the logs which starts with message ",(0,r.jsx)(n.code,{children:"No TimeoutQueue:"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-56727 Domain names that begin with numbers are not allowed to be configured:"})," Warnings are no longer generated for domain-name elements of service configurations which have labels beginning with a number, for example ",(0,r.jsx)(n.code,{children:"123.abc.com"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-56822 Router stuck in a continuous upgrade/failure state:"})," DNS name servers changes on the conductor are not honored. In cases where the DNS configuration changed post boot, the conductor software proxy would not reload the config. In this scenario the proxied router software requests would use an out of date DNS configuration for the proxied requests, resulting in failure."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-56827 NTP Auth key only permits keys of 20 or 40 characters:"})," Loosened restrictions on NTP server key length to allow plaintext keys."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-56843 Error logs filled with irrelevant KNI network script info:"})," The log output has been reduced to provide related information."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-56847 lte / pppoe default-route check incorrectly reporting warnings:"})," Resolved an issue where warnings were incorrectly shown on the conductor for interfaces without ",(0,r.jsx)(n.code,{children:"default-route"})," or ",(0,r.jsx)(n.code,{children:"management-vector"})," configured."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-56850 Overlap warning on router not present on conductor:"})," Resolved a case where a service on a router is configured with ",(0,r.jsx)(n.code,{children:"applies-to"}),", and the same service is configured on the conductor (overlap) but does not have ",(0,r.jsx)(n.code,{children:"applies-to"})," configured, the validation process will generate a warning on the router but not the conductor."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-56879 PPPoE stopped working:"})," Resolved an issue where the system configuration for the PPPoE interface was missing LCP_FAILURE and LCP_INTERVAL fileds. These fields are now set correctly."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-56973 Child services do not inherit the service-path configurations from the parent service:"})," Resolved an issue where child service routes for peers were not inheriting vectors and the ",(0,r.jsx)(n.code,{children:"enable-failover"})," field."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-57017 Application ID failed to block some domains:"})," Resolved an issue where DPI failed to identify the domain-name from SNI if the ",(0,r.jsx)(n.code,{children:"client-hello"})," is split up into multiple TCP packet segments."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-57082 Unable to delete a capture-filter that contains a forward slash (/):"})," This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-57110 Crash seen during add and delete peers while sending traffic:"})," A race condition has been fixed that could cause a crash in the packet-processing highway process if a peer-path is removed from configuration."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-57114 Unable to upgrade AWS Conductor:"})," Resolved an issue where an incorrect package version was installed, triggering a downgrade and preventing the upgrade."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-57205 Race condition on startup with DHCP configured on LTE or PPPoE interface, causing system to crash:"})," This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-57538 WayPoint exception - failing to allocate waypoint ports on mesh peer re-establishment:"})," Resolved an issue where a configuration change may cause existing waypoint ports to become invalidated, creating an exhaustion scenario."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-57578 Candidate configuration values not showing in GUI:"})," Resolved an issue that caused configuration drop-downs in the GUI for tenants and services to only display values from the running configuration, not the candidate configuration."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-57593 No option to require password change on first login:"})," Added a Require Password Change On First Login checkbox to the Create User dialog. Previously this feature was only available in the create-user command."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-58201 Increase AMD performance:"})," Throughput performance on AMD processors has been improved through the tuning of some kernel parameters."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-58528 SSR OS renaming:"}),' The SSR OS has been renamed/rebranded from "CentOS7" to "SSR OS" to more accurately reflect its customized Linux distribution. All internal naming has been updated.']}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-58682 Adjust the inactivity timer range to allow for Azure policy limits:"})," Updated the ",(0,r.jsx)(n.code,{children:"inactivity-timer"})," range to allow for values as low as 30 seconds. Resoved an issue that would have used an incorrect default setting of 3600 instead of 900 seconds in certain scenarios."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-5615-1",children:"Release 5.6.15-1"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," June 27, 2024"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-1",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"The following CVE's have been identified and addressed in this release:"})," CVE-2024-2973"]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-5614-7",children:"Release 5.6.14-7"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," May 14, 2024"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-2",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"The following CVE's have been identified and addressed in this release:"})," CVE-2020-22218, CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952, CVE-2023-40217, CVE-2023-20569, CVE-2022-43552, CVE-2023-48795, CVE-2023-2176, CVE-2023-40283, CVE-2023-4623, CVE-2024-22019, CVE-2023-46724,CVE-2023-46728, CVE-2023-49285, CVE-2023-49286, CVE-2023-50269, CVE-2024-25617."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50697 RFC1918 sessions (private IP addresses) are reclassified in error:"})," When a session destined for a private IP (RFC1918) experiences an App-ID modify, the session will now only be reclassified if the classification data reflects a positive classification change."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52251 Changes to the conductor address on the router result in loss of ssh connection to the router:"})," Resolved an issue where changing the router level ",(0,r.jsx)(n.code,{children:"conductor-address"})," did not update the salt-created services with the new addresses."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52500 SVR multi-hop failover causes traffic to drop when using outbound-only:"})," Added a session ID lookup to resolve a situation where sessions failing between multi-hop SVR and direct SVR connections may lead to duplicate flow exceptions and dropped traffic."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53216 Unable to change password for users managed through external user databases (such as LDAP or RADIUS):"})," Resolved an issue that caused a Password Change dialog to appear for remotely authenticated users."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-54127 Users managed through external user databases (such as LDAP or RADIUS) cannot generate or view TSI:"})," Resolved an issue that did not provide a home directory for custom roles, which prevented LDAP users from viewing the systemd journal."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-54750 Load Balancer API Calls not working:"})," The original API and Swagger documentation used ",(0,r.jsx)(n.code,{children:"Load Balancer"}),", which was misleading. The ",(0,r.jsx)(n.code,{children:"Reachability Detection"})," REST APIs have been updated to use ",(0,r.jsx)(n.code,{children:"Reachability Detection"})," as reference, instead of ",(0,r.jsx)(n.code,{children:"Load Balancer"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-54833 HA port is showing as redundant:"})," Resolved an issue where adding a device-interface back into the configuration after it was removed did not recreate the device-state."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-54867 SSR-1300 baud rate set incorrectly:"})," Resolved an issue where the incorrect baud rate was allowed. The only allowed baud rate for the SSR is now 115200. This is the default rate."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-54918 Highway process crashed on the active node of a router:"})," Resolved a crash caused by a race condition when the last instance of a capture filter referencing a particular file-name is removed while a packet is in the process of being captured."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55069 One HA node is missing from the Mist GUI:"})," Resolved an issue where a managed router had an empty product version config metadata field, which resulted in the conductor version metadata field being cleared."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55164 Dropping GRE encapsulated packets:"})," Classification support for Enhanced GRE Header, version 1, as defined by RFC 2637 Point-to-Point Tunneling Protocol (PPTP) has been added."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55208 Asset fails to transition state and never reaches RUNNING:"})," In some cases where the RPM database may be corrupt or another process holds an indefinite lock, the highstate will block other processes from starting. A timeout has been added for the ",(0,r.jsx)(n.code,{children:"rpm -q"})," process in highstate to allow other processes to run."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55226 Validation incorrectly allows a network interface to be used as both DHCP relay and server:"})," The validation process has been updated to include several checks against DHCP relays, clients, servers, and access-policies."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55270 DHCP server not coming up:"})," Resolved an issue where a network namespace was using a namespace ID that was not cleaned up properly after removal."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55389 Queries for private domains with Websense classified as Miscellaneous:"})," Domains categorized by Websense as Uncategorized are now classified as Uncategorized/Uncategorized, rather than Miscellaneous/Uncategorized."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55550 node0 went down and did not fail over to node1:"})," Multiple disk errors caused corruption on the ",(0,r.jsx)(n.code,{children:"128T_root"})," filesystem causing it to enter ",(0,r.jsx)(n.code,{children:"read-only"})," mode and becoming non-responsive. To resolve this issue, issues in the filesystem now result in kernel panic mode, launching a reboot and in HA systems, failover. Additionally, the filesystem check is run to check and repair the filesystem."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-55586 GraphQL API returns ",(0,r.jsx)(n.code,{children:"IsActive"})," incorrectly if the ",(0,r.jsx)(n.code,{children:"device-interface"})," is ",(0,r.jsx)(n.code,{children:"vrrp_standby"}),":"]})," The ",(0,r.jsx)(n.code,{children:"router-peer-path"})," setting now returns the correct value when in ",(0,r.jsx)(n.code,{children:"vrrp-standby"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55591 Some network interface stats are not updated:"})," Some network interface stats are not updated with the port name when a device interface is renamed. Device interface name changes are now handled correctly, and ",(0,r.jsx)(n.code,{children:"network-interface"})," metrics are properly updated when ",(0,r.jsx)(n.code,{children:"device-interface name"})," changes."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55603 HA router stuck in connected state due to runtime corruption issue:"})," Resolved an issue causing an unzip race condition with Python files. The packaging and installation process has been improved to prevent this issue."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55762 Unable to view more than 50 prefixes in BGP:"})," Updated the routing engine to display all rows for BGP show commands if a count parameter is not specified."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55764 Race condition and highway crash with DHCP devices:"})," Resolved a race condition that caused a highway crash when the DHCP client is configured for LTE or PPPoE, and the respective link flaps prior to the lease being assigned."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55830 Rollback results in missing Admin user:"})," Resolved an issue where HA nodes running mixed versions of 5.6.0 or greater with versions less than 5.6.0, the admin user could be temporarily removed until both nodes were upgraded or rolled back to the same version."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-55848 / I95-56403 Session traffic is black-holed during path failover when ",(0,r.jsx)(n.code,{children:"nat-keep-alive"})," is in use:"]})," Resolved an issue where an outbound-only session with a ",(0,r.jsx)(n.code,{children:"nat-keep-alive"})," moved from a dogleg path to a direct inter-router path. This causes repeated session modifications on the hub side and drops reverse traffic."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55904 No service-paths seen after upgrade:"})," Resolved an issue where adding services with overlapping address prefixes prevented the configuration from being applied. For additional details, refer to the Knowledge Base article ",(0,r.jsx)(n.a,{href:"../kb/2024/04/24/I95-55904",children:"Upgrade from 5.6 to 6.1 may result in missing FIB entries"}),". "]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55912 Validate Patterns for Service Domains and URLs:"})," The ",(0,r.jsx)(n.code,{children:"url"})," and ",(0,r.jsx)(n.code,{children:"domain-name"})," fields on a service were an unformatted string. This allowed you to configure fields that would be silently discarded. The ",(0,r.jsx)(n.code,{children:"domain-name"})," and ",(0,r.jsx)(n.code,{children:"url"})," fields within services are now validated for correctness and viability from an App-ID perspective. Anything to be ignored during validation now triggers a config warning."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55949 Silicom Valencia Atom C1130 CPU flags are not properly detected:"})," Resolved an issue where the ",(0,r.jsx)(n.code,{children:"cpuinfo"})," parser fails due to a collision between the processor key name and value - the Silicom Valencia model name in the ",(0,r.jsx)(n.code,{children:"cpuinfo"})," contains the word ",(0,r.jsx)(n.code,{children:"processor"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-56263 Add ",(0,r.jsx)(n.code,{children:"show capacity"}),", and debugging commands to the TSI output:"]})," Support for additional information in the TSI output has been added."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-56475 HA-sync network interface shows warning after router upgrade:"})," Resolved an issue where non-forwarding interfaces would appear to be administratively down in the web UI when they were not."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-56492 Sessions configured for outbound-only with nat-keep-alive enabled experience reverse flow packet drops after flow migration:"})," A flow move from a WAN path to an inter-router path causes repeated session modifies on the hub side causing reverse traffic packet drops due to NAT keepalives incorrectly testing the failed WAN path for the migrated session. This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-56541 Include kernel journal entries in TSI:"})," A separate ",(0,r.jsx)(n.code,{children:"kernel.log"})," journal file is now created in the TSI output."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-56575 Reduce polling rate of disk monitoring and add optimization:"})," The ",(0,r.jsx)(n.code,{children:"ComponentDiskUtilizationMonitor"})," checks the disk usage too frequently and is inefficient. Reduced the frequency that disk usage is checked, and streamlined the process."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-56600 Add ",(0,r.jsx)(n.code,{children:"show tenant members"})," to the TSI output:"]})," ",(0,r.jsx)(n.code,{children:"show tenant members"})," and additional network scripts have been added to the TSI output."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-5613-7",children:"Release 5.6.13-7"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," January 30, 2024"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-3",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"The following CVE's have been identified and addressed in this release:"})," CVE-2022-41974, CVE-2023-32360, CVE-2023-22045, CVE-2023-22049, CVE-2022-41741, CVE-2022-41742, CVE-2020-12321, CVE-2023-2650, CVE-2023-3446, CVE-2023-3817, CVE-2023-3341, CVE-2023-22081, CVE-2022-0934, CVE-2023-46847, CVE-2021-43975, CVE-2022-28388, CVE-2022-3594, CVE-2022-3640, CVE-2022-38457, CVE-2022-40133, CVE-2022-40982, CVE-2022-42895, CVE-2022-45869, CVE-2022-45887, CVE-2022-4744, CVE-2023-0458, CVE-2023-0590, CVE-2023-0597, CVE-2023-1073, CVE-2023-1074, CVE-2023-1075, CVE-2023-1079, CVE-2023-1118, CVE-2023-1206, CVE-2023-1252, CVE-2023-1382, CVE-2023-1855, CVE-2023-1989, CVE-2023-1998, CVE-2023-23455, CVE-2023-2513, CVE-2023-26545, CVE-2023-28328, CVE-2023-28772, CVE-2023-30456, CVE-2023-31084, CVE-2023-3141, CVE-2023-31436, CVE-2023-3161, CVE-2023-3212, CVE-2023-3268, CVE-2023-33203, CVE-2023-33951, CVE-2023-33952, CVE-2023-35823, CVE-2023-35824, CVE-2023-35825, CVE-2023-3609, CVE-2023-3611, CVE-2023-3772, CVE-2023-4128, CVE-2023-4132, CVE-2023-4155, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208, CVE-2023-4732, CVE-2022-45884, CVE-2022-45886, CVE-2022-45919, CVE-2023-1192, CVE-2023-2163, CVE-2023-3812, CVE-2023-5178, CVE-2023-38406, CVE-2023-38407, CVE-2023-47234, CVE-2023-47235."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-38188 Re-Homing an SSR in certain circumstances leaves residual services:"})," If an SSR is rehomed from an HA conductor to a standalone conductor, the services pointing to the second node of the HA conductor were not removed. Resolved the issue where the reverse SSH tunnels from a managed router to the second HA conductor node were not cleaned up if the conductor was converted back to a standalone conductor."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48783 Conductor process logs are unbounded, risking storage exhaustion:"})," ",(0,r.jsx)(n.code,{children:"auditd"})," logs consuming the disk space when the node monitor is in a disconnected state and the audit logs are left unconsumed. There was a limit to the log file size, but not the number of files. The number of files is now limited."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50493 Memory calculation for alarms is confusing:"})," This alarm was designed to trigger when memory usage went above 90% and clear only when memory usage went below 80%, causing confusion. The memory usage alarm no longer requires memory usage to go below 80% to clear; it will clear when memory usage goes below 90%."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50540 Denied traffic events not displaying in the GUI or PCLI:"})," Resolved an issue that prevented displaying denied traffic events in the ",(0,r.jsx)(n.code,{children:"show events"})," PCLI command and in the GUI. Users would see ",(0,r.jsx)(n.code,{children:"% Error: Unhandled TypeError: list indices must be integers or slices"})," in the PCLI, and ",(0,r.jsx)(n.code,{children:"An unknown traffic event occurred"})," in the GUI."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51191 BFD metrics not cleaned up properly:"})," The BFDAgent holds onto the stats for peer paths; If the config is changed on a router, new stats are made but the old ones were not being deleted. The old BFD by-peer-path stats are now deleted when a VLAN configuration change is made."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51459 Logs and exception pcaps are periodically filled with error logs and truncated packets:"})," Resolved an issue where ICMP error respond packets for encapsulated traffic caused ",(0,r.jsx)(n.code,{children:"PacketBufferDataNotFound: Could not find specified data in packet"})," error logs to be generated, or truncated packets to arrive in the FastLane exceptions pcap."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51492 Password expiration not working:"})," This issue has been resolved. Adminstrators must use the global setting ",(0,r.jsx)(n.code,{children:"configure authority password-policy lifetime N "})," to indicate that all user passwords must be changed every ",(0,r.jsx)(n.code,{children:"N"})," days."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51663 TCP port reuse causing application steering crashes:"})," Resolved an issue where backwards state transitions was causing an issue with the TCP client reusing ports."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52018 Overlapping IP Prefix validation may be incorrect, causing a false configuration warning:"})," Configuration validation for IP Prefixes has been corrected."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-52414 RBAC not being honored for ",(0,r.jsx)(n.code,{children:"show fib"})," output:"]})," Resolved an issue where ",(0,r.jsx)(n.code,{children:"show fib"})," included entries that the current user did not have permission to view."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52540 Metrics infrastructure resource consumption:"})," The reporting infrastructure reaching load capacity led to data gaps in custom graphs. Several internal optimizations have been implemented to address this issue. However, to reduce the metrics infrastructure load, metrics in the GUI regarding firmware-generated services, service routes, and tenants will no longer be tracked."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52799 Display Lock Status/Failed Login Attempts in the PCLI and GUI:"}),' Add a "Lock Status" column to the User table as well as the User Details pane, with more details availble on hover. The ',(0,r.jsx)(n.code,{children:"show user"}),' command now includes two new rows, "Lock Status" and "Last Failed Login". For command details, please see ',(0,r.jsx)(n.a,{href:"/docs/cli_reference#show-user-lock-status",children:(0,r.jsx)(n.code,{children:"show user lock-status"})}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52889 Highway crash caused by a false negative waypoint exhaustion check:"})," Waypoint ports reinitialization that is triggered by a false negative exhaustion check can lead to duplicate waypoints and reverse flows on two sessions resulting in a highway crash. This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53344 Exception on device interface tear down terminates process:"})," Resolved a rare case where Highway process can terminate and core during config changes if there is an underlying exception to a device-interface on removal."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53393 Empty password attempts not counting towards user lockout:"})," The SSR counts login attempts with an empty password as failed login attempts. These contribute to locking a user account if they reach the threshold (the value configured in ",(0,r.jsx)(n.code,{children:"configure authority password-policy deny"}),",) within a short time window."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53472 Service Routes passing validation on conductor but then failing on local router:"})," The validation process on the conductor has been updated to identify service-routes with deleted or empty destination lists as invalid."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53538 Custom audit rules not preserved on SSR upgrade:"})," Resolved an issue where the image-based upgrade (IBU) was not preserving audit rules or ",(0,r.jsx)(n.code,{children:"dnf.conf"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53787 Stats not present on conductor:"})," Running ",(0,r.jsx)(n.code,{children:"show device-interface router all"}),' on a conductor caused stats (in-octets, in-unicast-pkts, etc.) to be incorrectly displayed as "n/a" instead of the correct value. This issue has been resolved.']}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-53852 ",(0,r.jsx)(n.code,{children:"host-service snmp-server"})," blocks SVR pings to a ",(0,r.jsx)(n.code,{children:"network-interface"})," owned address:"]})," Ping traffic was hitting the generated (wildcarded) snmp-server service. The session could not setup due to security policy conflicts. This issue has been resolved; the generated service from an snmp-server host-service now has a UDP transport."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53858 Active sessions counter continuously incrementing:"})," The SSC active sessions counter has been updated to correctly handle session removal."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-53875 The ",(0,r.jsx)(n.code,{children:"show stats service-area sent success"})," metric was retained longer than needed:"]})," Resolved an issue where the ",(0,r.jsx)(n.code,{children:"stats default retention short"})," setting was not being honored."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53894 DNS cache-service does not start:"})," Resolved a race condition that causes the DNS process to fail to start. The log message ",(0,r.jsx)(n.code,{children:"No TimeoutQueue:"})," can be seen in the logs during this condition."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53916 Pre-existing Teams interfaces conflict with HA interfaces:"})," In a Mist-managed HA configuration where an HA node has been configured with non-default HA interfaces, performing a release operation on a node in an HA pair leaves the pre-configured HA interfaces in place, and creates a conflict when a new configuration is pushed down from Mist. This would prevent the HA node from operating correctly and forming its HA connections again. This issue has been resolved, and the release operation now removes any pre-existing HA interfaces."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53920 Password expiration being applied to remote users:"})," Resolved an issue that incorrectly enforced password expiration (",(0,r.jsx)(n.code,{children:"configure authority password-policy lifetime"}),") to RADIUS users."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-53986 ",(0,r.jsx)(n.code,{children:"nodeMonitor"})," failed to get data for ",(0,r.jsx)(n.code,{children:"show platform disk"}),":"]})," Some of the dynamic access for ",(0,r.jsx)(n.code,{children:"smartctl"})," objects were not protected. A check for the object existence has been added before attempting to read it."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-54086 Conductor memory exceeded:"})," In certain cases the salt master on the conductor could grow indefinitely in memory. This may be related to situations with both poor connectivity and the use of the ",(0,r.jsx)(n.code,{children:"asset-connection-resiliency"})," feature. An update to the salt package has been made to resolve this issue."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-54155 nodeMonitor coredump on secondary node after upgrade:"})," During an upgrade where ",(0,r.jsx)(n.code,{children:"deviceType"})," was ",(0,r.jsx)(n.code,{children:"LTE"})," the attempt to get a linux interface name (not supported) failed. This issue has been resolved by implementing a device interface type verification."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-54180 Unable to fetch reports from Conductor GUI:"})," A refactor moved the connectivity check exception, which prevented a service restart. This has been resolved, and the stats now being written to the database and GUI tables."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-54189 Application mapping does not correctly match services:"})," Resolved an issue where the application director was misclassifying sessions due to IP overlap; this is a valid configuration, when services use an IP address with different ports assigned to different services. The SSR now recognizes these different port configurations."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-54271 Race condition after a configuration change related to the source nat:"})," Resolved a rare condition wherethe SharedNatPool was being reset while it was accessed for session setup. This caused a race condition that led to a highway process crash."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-54294 Unable to delete capture-filter created with ",(0,r.jsx)(n.code,{children:"&&"})," operator:"]})," Resolved an issue that disallowed deleting capture-filters containing ",(0,r.jsx)(n.code,{children:"&&"}),". Customers on older versions of software can work around this by creating capture-filters using ",(0,r.jsx)(n.code,{children:"and"})," instead of ",(0,r.jsx)(n.code,{children:"&&"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-54340 Hub-to-spoke sessions break when failing over from outbound-only Path:"})," When a session modify occurs due to an ingress change (inter-node -> inter-router) AND an egress change is also detected, the incorrect security was being looked up for the old flow, causing an exception to be thrown and the modify to fail. This would present itself as dropped packets and in logs as a SecurityNotFound error. This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-54490 Permission denied when trying to open a user config file:"})," Resolved a permissions issue for the ",(0,r.jsx)(n.code,{children:"connect router"})," command by adding ACLs for reverse SSH so that this is accessible for admin users."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-54512 SSR130 moved into an HA cluster does not come up properly:"})," Resolved an issue where the generation of an improper configuration could lead to a crash loop in the NodeMonitor process."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-54803 Control packets are treated with equal priority in overload conditions, causing drops:"})," Control packets now have preferential treatment under overload conditions, reducing the drop rate."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55002 Password reset loop:"})," Resolved an issue that caused users created with the ",(0,r.jsx)(n.strong,{children:"Require password change on first login?"})," set to ",(0,r.jsx)(n.code,{children:"yes"})," to get stuck in an infinite loop of password changes when logging in using the GUI."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"WAN-2486 SSR data reporting values that are unrealistically high:"})," When capturing application usage for application summary learned apps, we sometimes observe really high values for bandwidth and other metrics.\nResolution: The high value was due to an internal corruption when the metrics for these learned applications were removed and added. During such transition there may be memory corruption resulting in the bogus high value. The part of the solution is to ensure the transition happens more gracefully."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"WAN-2547 Invalid memory access producing incorrect bandwidth values:"})," Implemented a resolution that identifies the invalid memory access, and drops values that are out of scope or otherwise invalid."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-5612-1",children:"Release 5.6.12-1"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," October 20, 2023"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-4",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53833 Timeout prevents startup:"})," Resolved a regression introduced in 5.6.11 in the SSR reboot startup logic. If any of the processes took longer than 30 seconds to complete, the startup sequence was abandoned and rendered the platform inoperable. This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-5611-4",children:"Release 5.6.11-4"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," October 2, 2023"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-requiring-configuration-changes",children:"Resolved Issues Requiring Configuration Changes"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48174 Expand supported values for DHCP option:"})," DHCP option 43 is now a supported option, as well as a binary encoded-type (hex/byte) support. Valid examples are ",(0,r.jsx)(n.code,{children:"0xabcdef"})," and ",(0,r.jsx)(n.code,{children:"0x123456"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-51181 Improve ",(0,r.jsx)(n.code,{children:"save-tech-support-info"})," command:"]})," The PCLI command ",(0,r.jsx)(n.code,{children:"save tech-support-info"})," now has a default of one day. Additionally, a ",(0,r.jsx)(n.code,{children:"since"})," argument has been added that limits log collection to only logs generated after the specified value. The ",(0,r.jsx)(n.code,{children:"since"})," argument can be a relative time delta or an absolute timestamp. The GUI's About and Logs pages has the same functionality with a drop down that allows limiting the time window for the displayed/downloaded logs/tech-support-info."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52406 Add ability to download MIBs from GUI:"})," A button has been added to the GUI, in the Documentation pane of the About Page, to download the SNMP MIB definitions for SSR."]}),"\n"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-5",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"The following CVE's have been identified and addressed in this release:"})," CVE-2021-26341, CVE-2021-33655, CVE-2021-33656, CVE-2022-1462, CVE-2022-1679, CVE-2022-1789, CVE-2022-2196, CVE-2022-2663, CVE-2022-3028, CVE-2022-3239, CVE-2022-3522, CVE-2022-3524, CVE-2022-3564, CVE-2022-3566, CVE-2022-3567, CVE-2022-3619 ,CVE-2022-3623, CVE-2022-3625, CVE-2022-3628, CVE-2022-3707, CVE-2022-4129, CVE-2022-20141, CVE-2022-25265, CVE-2022-30594, CVE-2022-39188, CVE-2022-39189, CVE-2022-41218, CVE-2022-41674, CVE-2022-42703, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722, CVE-2022-43750, CVE-2022-47929, CVE-2023-0394, CVE-2023-0461, CVE-2023-1195, CVE-2023-1582, CVE-2023-23454, CVE-2023-32233, CVE-2023-28466, CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968, CVE-2023-24329, CVE-2023-32067, CVE-2023-24329, CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968, CVE-2023-2828, CVE-2023-38408, CVE-2023-20569, CVE-2023-20593, CVE-2023-38802."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-42466 Changing the physical linux address of an HA interface breaks the configuration:"})," Resolved an issue where moving a non-forwarding fabric HA sync device-interface from one PCI address to another PCI address would not properly clean up the team interface from the old PCI address."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50671 Office365 traffic is not recognized:"})," Resolved an issue where Office365 traffic was being miscategorized and therefore not fully qualified. O365 traffic, when traversing over SVR, is no longer miscategorized."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50708 Time series data for memory of the salt_master process periodically significantly decreases:"})," Incorrect method for polling application memory data; this resulted in dips in application memory being presented. This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51864 Ethernet Over SVR (EoSVR) not working for multi-hop SVR scenarios:"})," When EoSVR traffic traverses over a dogleg path in a HA node topology, traffic failed to traverse the middle node. EoSVR packets are no longer incorrectly dropped when routed over an inter-node path when coming from an SVR path."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52491 Crash in highway process due to segmented metadata:"})," Resolved an issue processing metadata that is segmented across two packet buffers. The segmented packets are no longer discarded and the dataplane no longer crashes when processing a packet comprised of segmented metadata."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52599 Conductors display different assets on different HA nodes:"})," If the state table of an inactive HA node becomes out of sync with the active HA node, then some assets were being skipped when parsing the asset state response. This issue has been resolved through the reporting of asset IDs from the active node state table."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52822 ARP fails to resolve:"})," An earlier change caused ports on an X553 that use SFPs to no longer correctly report link status. This issue has been resolved and the link status is now reported accurately."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52855 DHCP Relay stopped functioning after removing disabled DHCP Servers:"})," When a number of disabled DHCP servers were deleted from the configuration, the server interface mappings were deleted as well. Updates have been made to re-enable DHCP relay when a DHCP server or interface is removed."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52859 Issue moving interface between chassis of hypervisor platforms running SSR (e.g., ENCS):"})," When swapping physical cable from active node to standby node, the customer experienced low rate packet loss on traffic-engineering enabled device-interfaces. To resolve this issue, the ",(0,r.jsx)(n.code,{children:"traffic-engineering transmit-cap"})," is no longer ignored on device-interfaces which have unresolved link-speed."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52994 Routers continue to request the conductor configuration:"})," Resolved an issue where a managed router continued to request the configuration from the conductor even after a validation or datamodel incompatibility issue."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53000 process highway disconnected messages caused by NIC driver bug:"})," The DPDK driver code for the Broadcom NICs contained a bug that caused the querying of the extended statistic to fail. The Broadcom NIC driver has been upgraded to resolve the issue."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53002 NTP setup check fails on startup:"})," Resolved an issue in the NTP startup sequence, due to an incorrect path for the NTP configuration."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53015 Highway log has large number of unnecessary INFO messages:"})," A previous log message of icmp response packet failed was incorrectly logged at INFO level. It is neither an error nor actually informational, and has now been downgraded to DEBUG level."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53017 Some files incorrectly marked as executable:"})," While strengthening the security posture of the platform, some files with superfluous executable bits set have been identified and correctly marked."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53105 Conductor to router API RBAC rules not being followed:"})," Resolved an issue where the user is getting elevated to admin on the managed router, thus returning more data than necessary."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-53114 Broadcom interfaces stuck in ",(0,r.jsx)(n.code,{children:"admin down"})," after upgrade:"]})," Resolved an issue where device-interfaces on Broadcom NICs wouldn't come up properly if initially configured with ",(0,r.jsx)(n.code,{children:"enabled false"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53185 Rare race condition causing highway crash:"})," Resolved a rare race condition between flow install and flow lookup causing a highway crash."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-53253 Include ",(0,r.jsx)(n.code,{children:"dmesg"})," and ",(0,r.jsx)(n.code,{children:"systemd journal unit"})," in TSI:"]})," Include output from ",(0,r.jsx)(n.code,{children:"dmesg"})," and ",(0,r.jsx)(n.code,{children:"systemd journal"})," unit in TSI in order to assist in debugging future platform related issues."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53259 Initialization time out may result in SSR failing to start:"})," Resolved an issue where SSR may fail to start. An example of this would be unreachable audit server was configured that would delay the startup initialization causing SSR to exceed the timeout and fail to start."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53285 User datastore issue when renaming a router:"})," Resolved an issue where HTTP requests would stop working to a router after the router's name was changed, but before the SSR was restarted."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53321 Syslog datamodel is limited:"})," Added the following configurable syslog facility values ",(0,r.jsx)(n.code,{children:"auth"}),", ",(0,r.jsx)(n.code,{children:"authpriv"}),", ",(0,r.jsx)(n.code,{children:"cron"}),", ",(0,r.jsx)(n.code,{children:"daemon"}),", ",(0,r.jsx)(n.code,{children:"kern"}),", ",(0,r.jsx)(n.code,{children:"lpr"}),", ",(0,r.jsx)(n.code,{children:"mail"}),", ",(0,r.jsx)(n.code,{children:"news"}),", ",(0,r.jsx)(n.code,{children:"syslog"}),", ",(0,r.jsx)(n.code,{children:"user"}),", and ",(0,r.jsx)(n.code,{children:"uucp"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.h3,{id:"caveats",children:"Caveats"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53833 Timeout prevents startup:"})," 5.6.11 introduced a regression in the SSR reboot startup logic. If any of the processes take longer than 30 seconds to complete, the startup sequence is abandoned and renders the platform inoperable. The system can be recovered by manually restarting the SSR software. This issue is tracked by I95-53833."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-5610-6",children:"Release 5.6.10-6"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," August 29, 2023"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-requiring-configuration-changes-1",children:"Resolved Issues Requiring Configuration Changes"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52198 Handle incoming public keys from peer conductor node:"})," Added functionality to allow conductor nodes to share the authorized keys of managed routers between each other. If the SSH public key is retrieved from a managed router by one conductor node, then it is automatically shared with its conductor peer node."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52316 Enhancements to Overlapping FIB Services:"})," The ",(0,r.jsx)(n.a,{href:"/docs/config_command_guide#configure-authority-fib-service-match",children:(0,r.jsx)(n.code,{children:"fib-service-match"})})," command allows you to configure either ",(0,r.jsx)(n.code,{children:"best-match-only"})," or ",(0,r.jsx)(n.code,{children:"any-match"}),".","\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.code,{children:"best-match-only"})," considers the best matching prefix length. In cases of transport overlap, services are visited in alphabetical order."]}),"\n",(0,r.jsxs)(n.li,{children:["Using ",(0,r.jsx)(n.code,{children:"any-match"})," will consider all services that match the route update but do not have the best match service address when creating FIB entries, minimizing missed entries. The transports from the service with the longest prefix are considered first."]}),"\n"]}),"\n"]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52517 Allow users the ability to configure the OSPF SPF timers:"})," Support for user-configured values for SPF delay has been added. Users can now specify values for spf delay, hold-time, and maximum-hold-time. For additional information, see ",(0,r.jsx)(n.a,{href:"/docs/config_command_guide#configure-authority-router-routing-ospf-timers-spf",children:"OSPF SPF Timers"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-6",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"The following CVE have been identified and addressed in this release:"})," I95-51758, I95-52495, I95-52496, I95-52497, I95-52509, I95-52625."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-41386/I95-52114 HA pair device interface's redundancy status stays non-redundant even though the interface operational status is up:"})," Resolved a race condition when selecting the active components between HA nodes."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51336 App-ID memory leak for some uncommon cases, such as duplicate flow:"})," Resolved an issue where the ",(0,r.jsx)(n.code,{children:"app-id stats"})," entry was not added to the ",(0,r.jsx)(n.code,{children:"Expiring"})," list to be cleaned up."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51800 Radius authentication failure - Incorrect NAS IP address:"})," The ability to specify the NAS-IP-Address and NAS-Identifier has been added to the data model for configuring these Radius options per node. This can be used in cases where the Radius server is configured to use an identifier, or in cases where it is necessary to match the source IP address of the Radius requests behind SSR or NAT."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52208 Metrics queries return incomplete data when FIPS is enabled:"})," Resolved an issue where a FIPS-incompatible hashing function was causing missing or incomplete metrics data."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52283 Correct the Domain Matching order:"})," When using web filtering, the SSR now properly enforces the ",(0,r.jsx)(n.a,{href:"/docs/config_domain-based_web_filter#service-matching-order",children:"Service Matching Order."})]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52305 Compacting rate limit exceeded:"})," Resolved memory and CPU issues resulting from attempting to compact very large application identification documents."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-52402 Router stuck in ",(0,r.jsx)(n.code,{children:"Upgrading"})," state:"]})," Resolved an issue with ",(0,r.jsx)(n.code,{children:"conductor-only"})," mode, where the conductor was attempting to download the installer before the software access proxies were in place, preventing an update to the installer."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50562 / I95-52626 Forwarding plane control message bursts create exception, causing a packet buffer leak:"})," Resolved a condition where backpressure caused the messaging mechanism to develop buffer leaks. Proper handling of exceptions now prevents buffer leaks. The control buffer capacity has been increased to better handle bursts as part of the resolution."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52650 Asset state transition on conductor is slow for deployments with greater than 250 routers:"})," An optimization was made to an internal calculation and improve the speed at which synchronization requests are processed."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52816 Config Validation may generate errors in the wrong field:"})," Resolved an issue during the validation of BGP graceful-restart configuration settings that could lead to generating incorrect errors/warnings during configuration validation."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"WAN-2090 Conductor managed SSR Applications in WAN Insights Showing up as Numbers:"})," Resolved an issue with stats APIs, which were not properly handling some internal service names."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-569-3",children:"Release 5.6.9-3"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," July 19, 2023"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-requiring-configuration-changes-2",children:"Resolved Issues Requiring Configuration Changes"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50949 Add packet buffer tracking to help analyze buffer exhaustion:"})," Packet buffer location tracking has been added, and the following PCLI commands have been created for buffer tracking.","\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsx)(n.li,{children:(0,r.jsx)(n.code,{children:"show packet-buffer locations"})}),"\n",(0,r.jsx)(n.li,{children:(0,r.jsx)(n.code,{children:"save packet-buffer snapshot"})}),"\n"]}),"\n"]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51450 Support for 100/Full Speed/Duplex on Intel I225-V Driver NICs:"})," The DPDK driver has been updated to allow fixed speed and duplex configuration to work with IGC i225 NICs."]}),"\n"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-7",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-47960 Incorrect progress message for ",(0,r.jsx)(n.code,{children:"show dns resolutions"}),":"]})," The progress message for this command now correctly displays ",(0,r.jsx)(n.code,{children:"Retrieving dns resolutions..."}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48931 Service area Highway crash:"})," Now prevent crashing in SSR's highway process in rare race conditions when a session's flow is removed before the session is fully established."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49587 ICMP session classification improvement:"})," The application lookup for ICMP sessions now accurately identifies the correct service."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50722 Highway crashes during session migration:"})," Resolved a crash in the SSR's highway process, due to a race condition between configuration changes and BFD sessions."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51053 ESP session stuck in Incomplete state:"})," Resolved an issue where SVR sessions from network-interfaces with dscp-steering enabled can be stuck in an incomplete state."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51167 Unable to override auto-generated peer service-route:"})," The user can now provision a service-route with the same name as an automatically-generated one. The user's service-route takes precedence and will be used instead of the generated one."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51177 Ethernet over SVR setting wrong egress MAC address:"})," Ethernet over SVR now correctly sets the egress MAC address when using outbound-only mode."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51178 Increase default juteMaxBufferSize:"})," The default juteMaxBufferSize has been increased to 10MB, which addresses issues where the device is unable to commit very large configurations."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51284 Routers remain in the connected state:"})," Updated the dependencies within the salt minion to resolve an issue where an asset is stuck in the connected state, displaying the error: ",(0,r.jsx)(n.code,{children:"Error getting asset's public key: 'ssh.set_auth_key', retrying...."})]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51296 Show Time in Status in the show assets detail view:"})," The asset Time in Status field has been added to the Detail view."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51359 Unable to set the OSPF MTU:"})," Added the ability for users to set the MTU to a non-default value."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51403 GUI displays download in progress even after the download is complete:"})," Resolved an issue where a download success event is never created even though the version shows as downloaded in the software versions."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51427 GUI not displaying all the version information:"})," The GUI About page now displays additional version information previously only displayed in the PCLI ",(0,r.jsx)(n.code,{children:"show system version detail."})]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-51650 ",(0,r.jsx)(n.code,{children:"log-category PCLI"})," command not working:"]})," Resolved an issue that disallowed setting ",(0,r.jsx)(n.code,{children:"config authority router system log-category PCLI"}),". We now also allow configuring the following log categories:","\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsx)(n.li,{children:"CFGD"}),"\n",(0,r.jsx)(n.li,{children:"SNMP"}),"\n",(0,r.jsx)(n.li,{children:"HTTP"}),"\n"]}),"\n"]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51658 Allow sync command in resynchronizing state:"})," Resolved an issue where the user received an error when executing the send command sync command while an asset was in the resynchronizing state."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51734 Remove duplicate transport port-ranges from modules before adding to service:"})," Resolved an issue where FIB entries are not installed when app-id modules have conflicting or overlapping port-ranges, and are being placed into one service."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-51788 Path index is not displayed correctly for ",(0,r.jsx)(n.code,{children:"show sessions by-id"}),":"]})," ",(0,r.jsx)(n.code,{children:"show sessions by-id"})," has been updated to display MTU and PathIndex."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51792 Low MTU threshold causing metadata fragmentation:"})," Fixed the incorrect handling of packets where metadata is fragmented due to unreasonably low MTU, causing the packet buffers to become exhausted."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51793 Path MTU discovery dropping very low:"})," Fixed PMTU discovery from ever resolving to an unreasonably low MTU, which could previously occur during a link flap event."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51794 Core dump on systems with greater than 10 physical interfaces, such as Lenovo SR-650:"})," Resolved an issue where the SR-650 was crashing due to uninitialized flags field. Support has been added for these devices."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51865 NTP not syncing for HA nodes:"})," Added the ability to configure the orphan stratum for the HA peer node. This was previously hard-coded to 5 but this change allows an HA peer to be able to sync when the upstream server is of a lower stratum, if so desired by the user."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51915 Report buffer allocation failures to watchdog:"})," ",(0,r.jsx)(n.code,{children:"alloc-failure"})," stats are now gathered per device and included in the device stats, allowing the watchdog to detect a failure and respond."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52104 URI escape characters handled incorrectly:"})," The ",(0,r.jsx)(n.code,{children:"lookup application by-domain"})," and ",(0,r.jsx)(n.code,{children:"clear app-id cache-entry url"})," were handling url parameters incorrectly, in lookup, creating and clearing cache entries. This has been resolved and each command now performs the correct operation."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95 52105 Permissions error when attempting to ",(0,r.jsx)(n.code,{children:"delete certificate webserver"}),":"]})," Resolved an issue where ",(0,r.jsx)(n.code,{children:"delete certificate webserver"})," and ",(0,r.jsx)(n.code,{children:"create cerificate webserver"})," with an existing certificate were failing. On older versions of software this can be worked around by running ",(0,r.jsx)(n.code,{children:"sudo rm -rf /etc/128technology/pki/webserver.pem"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-568-9",children:"Release 5.6.8-9"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," May 25, 2023"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-requiring-configuration-changes-3",children:"Resolved Issues Requiring Configuration Changes"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48862 Load balance sessions across BGP RIB Entries with multiple paths:"})," Resolved an issue when BGP was used to build a routing table, only the first next hop was used. All next hops are now used, and load balancing occurs over all routing protocol routes."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50510 New fields for IPFIX:"})," The SSR IPFIX implementation was not sending the industry standard fields of flowStartMilliseconds and flowEndMilliseconds. In the new implementation, all IPFIX records include these fields. The start time is set to the start time of the flow, and the end time is always set to the time the last packet was received on the flow. For intermediate records, this indicates that the flow is still ongoing but provides the last activity timestamp. For the end records, this indicates when the last packet was received on the flow prior to the session terminating. For additional information, see ",(0,r.jsx)(n.a,{href:"/docs/concepts_application_discovery#ipfix",children:"IPFIX"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50571 Add packet buffer tracking to help analyze buffer exhaustion:"})," The following features have been added to help diagnose packet buffer pool depletions in certain environments:","\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsx)(n.li,{children:"Track packet buffer locations."}),"\n",(0,r.jsx)(n.li,{children:"Enforce setting of packet location."}),"\n",(0,r.jsx)(n.li,{children:"Add the ability to walk packet buffer pools, count the locations, and display."}),"\n"]}),"\n"]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51169, I95-51173 Buffer tracking improvements:"})," The following improvements have been made to Buffer Tracking:","\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:["Refined packet buffer location tracking to better identify buffers in use for ",(0,r.jsx)(n.code,{children:"TSI"})," collection."]}),"\n",(0,r.jsx)(n.li,{children:"Provide more diagnostic information, when possible."}),"\n",(0,r.jsxs)(n.li,{children:["The following new metrics have been added for tracking utilization of packet pools. These can be found under ",(0,r.jsx)(n.code,{children:"show stats packet-processing pool-utilization"}),".","\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsx)(n.li,{children:(0,r.jsx)(n.code,{children:"fastlane-generated-packet-pool"})}),"\n",(0,r.jsx)(n.li,{children:(0,r.jsx)(n.code,{children:"host-packet-pool"})}),"\n",(0,r.jsx)(n.li,{children:(0,r.jsx)(n.code,{children:"network-packet-pool"})}),"\n",(0,r.jsx)(n.li,{children:(0,r.jsx)(n.code,{children:"tcp-proxy-packet-pool"})}),"\n"]}),"\n"]}),"\n"]}),"\n"]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51316 Add Resynchronization state:"})," Transition an asset into the ",(0,r.jsx)(n.code,{children:"Resynchronizing"})," state instead of ",(0,r.jsx)(n.code,{children:"Connected"})," when a configuration change is made, or when the user executes the ",(0,r.jsx)(n.code,{children:"send command sync"})," command from the PCLI. This better identifies the actions being performed within the SSR, and is not an indicator of the device health. Previously when an asset required a highstate due to a config change or running the ",(0,r.jsx)(n.code,{children:"sync"})," command, the device would transition to ",(0,r.jsx)(n.code,{children:"Connected"})," from ",(0,r.jsx)(n.code,{children:"Running"}),", which caused concern with users."]}),"\n"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-8",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"The following CVE have been identified and addressed in this release:"})," I95-48448, I95-49456, I95-50358, I95-50359, I95-50506, I95-50508, I95-50535, I95-50790."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-37833 Apply password policy more consistently:"})," The password policy for SSR users has been updated, and now requires passwords to have a special character in addition to previous requirements."]}),"\n"]}),"\n",(0,r.jsx)(n.admonition,{type:"important",children:(0,r.jsxs)(n.p,{children:["Please refer to ",(0,r.jsx)(n.a,{href:"/docs/config_password_policies",children:"Password Policies"})," for updated password requirements."]})}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47776 Tank hostname parsing errors:"})," Resolved two issues in the Tank instance where the localhost could not resolve to an IP address, and Tank was not identifying non-default ports. These issues have been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48518 Application Identification not recognizing Apps on HA systems:"})," Resolved an issue where the GUI was only pulling Application data from one node in an HA configuration. Application ID Summary display now aggregates data from both nodes."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48965, I95-51086 Race condition with routing updates inducing crash in highway process:"})," Resolved an issue where a routing change that affects the ",(0,r.jsx)(n.code,{children:"forwarding-table"})," can incur a race condition with sessions completing and being removed, which could lead to a highway crash and restart."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49594 Highway Crash:"})," Resolved an issue for systems where any of the following are configured:","\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.code,{children:"application-identification"})," is enabled,"]}),"\n",(0,r.jsxs)(n.li,{children:["a service is defined with ",(0,r.jsx)(n.code,{children:"domain-name child services"}),", or"]}),"\n",(0,r.jsxs)(n.li,{children:["a ",(0,r.jsx)(n.code,{children:"service address"})," is configured as a ",(0,r.jsx)(n.code,{children:"domain"}),"\nand there are established flows for any of these services, a link flap triggering a flow invalidation (changes to FIB) will induce a crash in the highway process of the SSR. This issue exists in versions 6.1.0 and 6.1.1, and is resolved in 6.1.2."]}),"\n"]}),"\n"]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49603 Process Manager crash:"})," When a long running process was being cleaned up by the subprocess, the cleanup would fail causing a crash. Long running processes are now properly terminated, which allows the cleanup subprocess to complete correctly."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-49675 Incorrect path in console help message for ",(0,r.jsx)(n.code,{children:"export config running"}),":"]})," The help message now correctly identifies the export path: ",(0,r.jsxs)(n.strong,{children:["Exported files are stored in ",(0,r.jsx)(n.code,{children:"/etc/128technology/config-exports/"})," and are stored as GZIP compressed files."]})]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49754 Waypoint re-use causing duplicate reverse flows:"})," Resolved a case where when the waypoint pool is nearly depleted, released waypoints were reused prematurely causing errors when installing reverse flows."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49791 Add audit rules to track modification of grub config files:"})," Added rules to log notifications in case of changes to grub configuration files."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49925 GRE tunnel health-check not migrating sessions when path is down:"})," The GRE tunnel manager now removes all sessions before adding new ones rather than modifying the existing sessions."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49969 Permission Denied error when attempting to self-generate a webserver certificate:"})," Resolved an issue that prevented users with the admin role from creating a new self-signed web certificate via the PCLI command ",(0,r.jsx)(n.code,{children:"create certificate self-signed webserver"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49974 Stuck flow not cleared when reverse metadata is incomplete:"})," Resolved an issue where reverse metadata is coming through incomplete - without the source tenant. The source tenant has been added to the reverse metadata."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50047 Conductor config unable to pass local validation on one of the routers:"})," Resolved an issue where a router missing the ",(0,r.jsx)(n.code,{children:"reachability-profile"})," configuration may pass validation on conductor."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50050 VRRP High Availability gets stuck in Active/Active:"})," The DPDK version has been updated to resolve this issue."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50247 Duplicate peer path alarms:"})," Resolved an issue where both BFD and the path MTU feature were generating alarms for the same peer path being down. The criteria for which peer path state changes can trigger peer path events has been tightened."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50262 Routers disconnected from their conductor may have incorrect log rotation settings:"})," Resolved an issue where a managed router was not able to pull down the configuration from the Conductor - which includes the log rotation config. The default salt log rotation configuration has been improved, preventing the log from growing too large before the connection to the Conductor can be established."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50269 Router clone operation fails:"})," Implemented checks to prevent cloning obsolete elements and internal lists/containers on legacy versions of the SSR software."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50286 Rebooting a node of an HA pair from Linux breaks routing:"})," Resolved an issue where a delay in the shutdown process caused a node to take over a VRRP interface, creating routing issues."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50331 System fails to synchronize keys on startup:"})," The SSR now dynamically updates the ",(0,r.jsx)(n.code,{children:"rsync IP host address"})," from the non forwarding HA sync interfaces, and will fall back to the ",(0,r.jsx)(n.code,{children:"global.init"})," host IPs if they don't exist."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50363 MOS Metrics not refreshing:"})," Resolved an issue where the SLA and MOS values were not being updated in the stats (or PeerPathTable) when a BFD session was brought down. The SLA and MOS stats are now set to 0 when the BFD session is brought down."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50376 Failure to make config changes after rollback:"})," Resolved an issue where commits would not take effect after rolling back an HA router, because of older/newer version conflicts."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50445, I95-49377 i40e and ice devices enter malicious descriptor detection state, preventing forwarding of traffic:"})," Resolved an issue where fragmented packet chains larger than 8 buffers were discarded causing a malicious descriptor event.","\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:["The below ",(0,r.jsx)(n.code,{children:"dpdk.log"})," snippet provides an example of the event:"]}),"\n"]}),"\n"]}),"\n"]}),"\n",(0,r.jsx)(n.pre,{children:(0,r.jsx)(n.code,{children:"[DPDK| -- ] ERROR (00007f03ec18e700) i40e_dev_alarm_handler(): ICR0: malicious programming detected\n[DPDK| -- ] WARN (00007f03ec18e700) i40e_handle_mdd_event(): Malicious Driver Detection event 0x02 on TX queue 6 PF number 0x01 VF number 0x00 device 0000:08:00.1\n[DPDK| -- ] WARN (00007f03ec18e700) i40e_handle_mdd_event(): TX driver issue detected on PF\n"})}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsx)(n.li,{children:"Added hooks for the NIC driver to trigger an unrecoverable event and invoke the Highway lockup detector mechanism."}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50534 Race condition between NetworkInterfaceManager and FastLane:"})," Resolved a race condition caused by adding and deleting the same network interface in a very short window of time, potentially causing a system crash."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50554 No dynamic synchronization of repos to the routers:"})," Resolved an issue where it was necessary to restart 128T on the Conductor in order for the Conductor to recognize newly added repositories and sync them down to the assets. Authenticated repos are now automatically synchronized when repos are added to the conductor."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50656 Improve metrics for REST API performance:"})," Performance improvements have been made in metrics REST APIs to alleviate intermittent metrics graphs on heavily loaded systems."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50710 Configuration cannot be applied to router when its time is ahead of the conductor:"})," Implemented time detection for configurations using a future time that is corrected upon commit. This resulted in an ",(0,r.jsx)(n.code,{children:"mtime"})," older than what is in the datastore, and the configurations were rejected."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50736 SSH key change not propogated to secondary conductor:"})," Resolved an issue where an SSH key change to ",(0,r.jsx)(n.code,{children:"/etc/128technology/ssh/pdc_ssh_key"})," was not automatically detected and resynced between peer node and conductor nodes."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50754 Race condition between ICMP ping request and a reverse flow:"})," Resolved a crash due to a race condition when ",(0,r.jsx)(n.code,{children:"service ping icmp-request"})," is matched against a partially installed flow."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50778 Event History filter not working:"})," Resolved an issue where searching on the Event History page didn't show matching results when the search string is only found in the Details column."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50787 Rebooting the OS from the conductor throws error code 400:"})," Resolved an issue in the GUI with the reboot button on the Router page. When trying to reboot a router, the button would fail and display ",(0,r.jsx)(n.strong,{children:"Error: EOF"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50823 Support for time-offset DHCP option:"})," ",(0,r.jsx)(n.code,{children:"int-32 encoded-type"})," has been added to provide support for the time-offset DHCP option."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50967 SSR is not allowing other DHCP relay traffic to pass through:"})," When the SSR acts as a DHCP Relay, it will no longer drop packets received from other relay agents on the network. Instead the packets will be routed appropriately as per the configured policies."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50977 Installer fails to download software when the Conductor software proxy is enabled:"})," Resolved an issue where when the Conductor software proxy is being used, DNF transactions to the conductor repo go through the proxy, despite the repo pointing to a local tunnel to the conductor. These transactions now go through the proper tunnel."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50979 Routers remain in connected state:"})," Resolved an issue where assets will perform a new highstate unnecessarily if a commit occurs while a highstate is already in progress, causing assets to take a long time to get to the running state."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51006 Nodes stuck in connected state after upgrade:"})," On an HA conductor, if the user is performing an upgrade on the first conductor node and that user makes a config commit during the upgrade, then the configuration's modified time will become out of sync between the two conductor nodes. When the conductor first node is finished upgrading the result is a loop where the configuration keeps getting committed by each node back and forth until a new commit is made. This issue has been resolved by allowing the peer conductor node to accept the config despite the perceived version disparity. Please note performing a commit mid-upgrade is not supported."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51007 Conductor is incorrectly honoring core pinning:"})," The cpuProperties cores setting in /etc/128technology/local.init was erroneously isolating cores on conductor nodes when set, even though this setting is intended for a router. This would cause a reduction in available processing cores for normal conductor operations. This setting will now be ignored on the conductor."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-51044 Hide ",(0,r.jsx)(n.code,{children:"forwarding-core-mode"})," on conductor:"]})," Disabled the ",(0,r.jsx)(n.code,{children:"forwarding-core-mode"})," setting on conductor nodes, since this setting doesn't apply to conductor."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51087 SSR fails to download firmware after upgrading the conductor:"})," Resolved an issue where the first time a conductor is upgraded and ",(0,r.jsx)(n.strong,{children:"conductor-only"})," is selected in the software-update settings, the proxy service on the conductor does not work correctly, and downloads fail. The downloads no longer fail."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"WAN-1958 Mist agent crashes:"})," Increased internal file system limits which were preventing some services from starting correctly at boot. Limits were raised based on expected system usage."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-567-4",children:"Release 5.6.7-4"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," March 16, 2023"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-requiring-configuration-changes-4",children:"Resolved Issues Requiring Configuration Changes"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48928 Set Time using PCLI command:"})," Add a new PCLI command ",(0,r.jsx)(n.code,{children:"set time"})," which allows an admin to bootstrap a system without NTP connectivity. The PCLI uses the date(1) shell command and accepts a wide variety of inputs. To see more documentation about the date format see setting the time or the -d option on options for date."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-49354 Display SSD smartctl info in ",(0,r.jsx)(n.code,{children:"show platform disk"}),":"]})," We now display the following disk info, if supported by the disk, in ",(0,r.jsx)(n.code,{children:"show platform disk"}),":","\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsx)(n.li,{children:"Lifetime used"}),"\n",(0,r.jsx)(n.li,{children:"Power On Hours"}),"\n",(0,r.jsx)(n.li,{children:"TBW (Terabyte Written)"}),"\n",(0,r.jsx)(n.li,{children:"TBW per year"}),"\n"]}),"\n"]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50072 Support for ConnectX-6 Lx PCIe device:"})," Support has been added for this device."]}),"\n"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-9",children:"Resolved Issues"}),"\n",(0,r.jsx)(n.admonition,{type:"important",children:(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49594 Highway Crash:"})," In a system where any of the following are configured:","\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.code,{children:"application-identification"})," is enabled,"]}),"\n",(0,r.jsxs)(n.li,{children:["a service is defined with ",(0,r.jsx)(n.code,{children:"domain-name child services"}),", or"]}),"\n",(0,r.jsxs)(n.li,{children:["a ",(0,r.jsx)(n.code,{children:"service address"})," is configured as a ",(0,r.jsx)(n.code,{children:"domain"}),"\nand there are established flows for any of these services, a link flap triggering a flow invalidation (changes to FIB) will induce a crash in the highway process of the SSR. This issue exists in versions 5.6.3 through 5.6.6, and is resolved in 5.6.7."]}),"\n"]}),"\n"]}),"\n"]})}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"The following CVE have been identified and addressed in this release:"})," I95-48445, I95-48643, I95-48859, I95-48907, I95-49079, I95-49445, I95-49745, I95-49746, I95-49747, I95-49748."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48054 STEP not working in Core Network:"})," Resolved an issue where processing STEP route updates can cause modification of unrelated FIB entries, potentially interrupting existing sessions."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48232 Ability to ping lost after failover:"})," We now prevent unnecessary FIB changes (which may lead to a short traffic interruption) when new routes are added to the RIB that are more specific than some configured service IP prefixes."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48485 Broadcom NIC (NetXtreme) fails to initialize properly:"})," Resolved an issue with initization errors during memzone creation."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48590 ACK RTT Improvements:"})," Resolved an issue where the stats were not resetting properly, and added supporting sampling to ACK RTT tracking."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48927 Audit log disk failure mode:"})," Added a Failure Notification parameter and failure mode to inform users that the ",(0,r.jsx)(n.code,{children:"auditd.conf"})," log disk is nearing capacity, or has reached capacity, and that action is required."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48942 Routing policy filter condition reference type not validated:"})," Added a check to verify that when a routing policy condition references a filter, the condition type and filter type match."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49118 HA LTE Interfaces go down and impact BGPoSVR and Conductor:"})," The handling of FIB updates due to interface state changes has been optimized to avoid possible traffic loss for unaffected FIB entries."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-49242 When HMAC is disabled, the automatic MSS adjustment calculation for ",(0,r.jsx)(n.code,{children:"enforced-mss = automatic"})," may be wrong:"]})," The Automatic MSS adjustment calculation has been corrected (expanded)."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49350 BFD echo generating latency overhead:"})," BFD echo tests are now staggered to minimize application latency's contribution to overall peer path latency."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49377 Transmit packets dropped by NIC for established sessions - packet counters are incrementing and can be seen in packet capture, but not seen by next-hop:"})," Added hooks for NIC driver to trigger an unrecoverable event and invoke the Highway lockup detector mechanism."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49431 Unable to edit or add static route config from Conductor GUI:"})," When editing configuration on the stand-by node of an HA pair, creating a list item with a slash, /, such as specifying the destination-address of a static-route, caused an error. This has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49447 Conditional BGP advertisement is not respected:"})," Resolved an issue that if a peer went down and came back up, the conditional advertisement was no longer respected."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49454 Error while creating a new Radius user from the GUI:"})," The create user API now rejects requests with invalid input parameters."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49514 Linux interfaces bounced on startup:"})," Resolved an issue where all Linux interfaces managed by 128T are bounced once on 128T startup."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49564 Reduce volume of logs during pending lookups:"})," The error logs during a pending lookup has been changed to a muted error log with a stat."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49604 Alarm when a node is disconnected:"})," An alarm is now raised when a node is disconnected from the internal synchronization database."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49633 Validation not strict for static assignment within DHCP server configuration:"})," Configuration for static addresses within DHCP server exists in multiple locations per design. Cross-validation has been added to prevent the same ip-address from being configured and assigned to multiple dhcp-clients."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-49655 Cutting and pasting the output of ",(0,r.jsx)(n.code,{children:"show flat"})," does not work for OSPF:"]})," Resolved the issue that prevented editing the OSPF list."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49722 Event filter does not work on HA router nodes:"})," Resolved issues with filtering by node, and an incorrect value was displayed for the node column in the GUI."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49756 RDP sessions failure over peer path:"})," Resolved an issue that caused RDP traffic to fail when adaptive encryption and AppId are both enabled."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49778 Conductor GUI not showing data metrics for routers running:"})," Resolved an issue where API keys were not properly synced down to the managed routers which caused certain router data to not show up on the GUI."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50014 Hitting Buffer Overflow during configuration changes:"})," Resolved an issue where a config change request may not make it to a managed router, and returns a buffer overflow error."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50034 Issues with stuck sessions in load balancer:"})," Resolved an issue with session modify, where gateway changes on the same egress interface can fail due to a missing ARP."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50050 VRRP High Availability gets stuck in Active/Active:"})," The DPDK version has been updated to resolve this issue."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50058 Performance regression in Running Config APIs:"})," Resolved a constant cache miss for a specific set of the running config APIs."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50076 EthResource descriptor calcs don't account for variable defaults:"})," Resolved an issue where Mellanox ConnectX-5 and ConnectX-6 could be initialized with insufficient packet receive capacity."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50139 Include PID in User-Agent header:"})," Added a debugging aid to identify which process is sending requests."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50172 Download error not cleared until next successful download:"})," Resolved an issue where failed download errors are not cleared when a new download starts."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-566-7",children:"Release 5.6.6-7"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," January 18, 2023"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-requiring-configuration-changes-5",children:"Resolved Issues Requiring Configuration Changes"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47947 Increase max CoreDump size to 4GB:"})," The maximum size of coredumps now defaults to 4G. This value can be configured in environment config by modifying the ",(0,r.jsx)(n.code,{children:"maxCoredumpSize"})," field of the new ",(0,r.jsx)(n.code,{children:"crashReporting"})," object. Any manual modifications to ",(0,r.jsx)(n.code,{children:"coredump.conf"})," will be overwritten whenever the service is started."]}),"\n"]}),"\n",(0,r.jsx)(n.admonition,{type:"important",children:(0,r.jsxs)(n.p,{children:["Upgrading to this release version will cause ",(0,r.jsx)(n.code,{children:"coredump.conf"})," to be re-written with 4G limits for coredumps even if ",(0,r.jsx)(n.code,{children:"coredump.conf"})," had been updated manually for a higher value!"]})}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-10",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46336 Peer connection not established after AWS upgrade:"})," Resolved an issue where an AWS C5 instance size can fail to initialize when more than one accelerated network interface is configured."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48352 Application ID is not identifying MS-Teams correctly:"})," Resolved an issue where sessions with IP addresses as their domain names were not classified correctly when the information was received via HTTP web proxy. Sessions with IP addresses as their domain name are now verified against the IP tree, and not the domain name database."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48447 JWTs signing does not meet stringent security standards:"})," Changed how JWTs are signed to increase security posture."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsx)(n.li,{children:(0,r.jsx)(n.strong,{children:"I95-48464 This CVE has been addressed."})}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-49139 ",(0,r.jsx)(n.code,{children:"show network-interface application"})," renders poorly for empty hostnames:"]})," The DHCP server state script has been updated to not escape ",(0,r.jsx)(n.code,{children:""})," hostname."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49166 OSPF is not configurable using the GUI:"})," This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49225 Packets containing only path-metrics metadata are dropped:"})," Resolved an issue where FPM calculations caused these packets to be dropped when flows were affected due to routing changes."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49326 New sessions become associated with defunct sessions on next-hop routers:"})," Enhanced session reuse detection to validate all incoming metadata once a session-id has been properly latched."]}),"\n"]}),"\n",(0,r.jsx)(n.h3,{id:"caveats-1",children:"Caveats"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49724 Quickstart URL Upload not working:"})," In Release 5.6.6, the QuickStart file upload using the ",(0,r.jsx)(n.code,{children:"https:///quick-start"})," URL is not working. This is currently being worked on and will be fixed in 5.6.7. No other patches/releases are affected."]}),"\n"]}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Workaround:"})," Upload the Quickstart file using a USB as outlined in ",(0,r.jsx)(n.a,{href:"https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/intro_otp_iso_install#2-configure-the-ssr-and-network-interfaces",children:"Configure the SSR and Network Interfaces"})," section of the ",(0,r.jsx)(n.a,{href:"https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/intro_otp_iso_install",children:"Router Installation Using OTP"})," guide."]}),"\n",(0,r.jsx)(n.h2,{id:"release-565-5",children:"Release 5.6.5-5"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," December 28, 2022"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-11",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"The following CVE have been addressed and resolved:"})," I95-48644, I95-48648, I95-48650, I95-48653, I95-49039."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-34384 Rotated datastores with different permissions:"})," Resolved an issue where some rotated datastore files had different permissions."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-44926 Configuration validation for ",(0,r.jsx)(n.code,{children:"as-path"})," incorrect for certain values:"]})," Resolved an issue where a subset of 4-byte BGP private AS numbers was not accepted inside AS path specifications for routing policy ",(0,r.jsx)(n.code,{children:"modify-as-path"})," actions."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45478 Segmentation Fault in the Dynamic Peer Update process:"})," Resolved an issue with multi-threaded access to a data member, leading to a segmentation fault."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47797 Packet duplication does not interoperate well with outbound-only adjacencies:"})," When utilizing the packet-duplication feature (",(0,r.jsx)(n.code,{children:"service-policy -> session-resiliency = packet-duplication"}),"), any peer adjacencies marked as ",(0,r.jsx)(n.code,{children:"outbound-only"})," are no longer used. Packets are only duplicated along bidirectional paths."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47929 Missing BGP advertisement after deleting all sessions after an upgrade:"})," Resolved an issue where BGP update suppress was not removing any pending withdrawls."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47992 HTTP service not working in WAN Assurance:"})," Resolved an issue where HTTP traffic is dropped when using a combination of application-identification, adaptive-encryption, and spoke-to-hub-to-spoke topology (outbound-only peer-connectivity)."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48107 EoSVR sessions not stable:"})," Resolved an issue with loss of connectivity to STEP EoSVR peer. The STEP route is now held in place and available when STEP connectivity is restored."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-48163 Only services with load-balanced paths are shown in ",(0,r.jsx)(n.code,{children:"show services"}),":"]})," Resolved an issue where services without load-balanced paths weremissing from show services output."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48324 Application Identification not parsing domain names:"})," The App-ID parsing mode has been updated to correctly parse domain names."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-48396 ",(0,r.jsx)(n.code,{children:"show-rib"})," limited to 512 entries:"]})," The ",(0,r.jsx)(n.code,{children:"show rib"})," count maximum has been increased."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48529 BFD sending link notification before hold-down timer expires:"})," Resolved an issue where peer service-paths do not remain down while the BFD session / peer status is in the hold-down period after transitioning from down to up. Peer service-paths status now correctly reflect the peer status. Sessions will not be moved back to peers that have re-established connectivity but are still in the hold-down period."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48580 Application summary classification fails for hub-to-spoke sessions:"})," The spoke now learns application names for sessions when receiving packets from a hub with application identification disabled."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-48582 ",(0,r.jsx)(n.code,{children:"show bfd"})," command ignoring parameters:"]})," The query parameters are now passed to the REST endpoint to be used byt the ",(0,r.jsx)(n.code,{children:"show bfd"})," command."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48641 Recreating BFD flow when an outbound-only session is reset:"})," Flow creation is now deferred until a reverse packet arrives from the peer, similar to the initial creation case."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48656 Reduce TSI service log limit:"})," The size of the Tech Support Info journal has been restricted to prevent excessive resource consumption."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48684 SSR not answering ARP requests:"})," Increased ",(0,r.jsx)(n.code,{children:"internal-application traffic-engineering"})," rates for ARP traffic which was being dropped in a multiple packet-processing core environment incorrectly due to an over aggressive traffic engineering profile."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48685 GUI and/or PCLI unresponsive:"})," Resolved an issue where on an HA conductor the user interface would become unresponsive if a managed router was offline or unreachable."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48689 Top Sessions not displaying source address:"})," Restored the ",(0,r.jsx)(n.strong,{children:"Source"})," column in the Top Sessions table."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48723 HA sync not running after systems reconnect:"})," Historical metrics and events are synced between HA nodes after extended downtime."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-48772 ",(0,r.jsx)(n.code,{children:"show running config"})," command displays an error:"]})," Resolved an issue where ",(0,r.jsx)(n.code,{children:"show config"})," requests on the PCLI failed if enum leaf-list entries were changed."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-48872 ",(0,r.jsx)(n.code,{children:"show sessions by-id"})," doesn't display correctly tcp state or retransmission counts:"]})," ",(0,r.jsx)(n.code,{children:"show sessions by-id"})," now correctly display ",(0,r.jsx)(n.code,{children:"tcp state"})," and ",(0,r.jsx)(n.code,{children:"retransmissions"})," when ",(0,r.jsx)(n.code,{children:"udp-transform"})," is enabled for a session."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48897 Adaptive encryption breaks after flow move:"})," Resolved an issue where the session breaks during failover when adaptive encryption is enabled."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48904 Stuck pinhole session after flow invalidation:"})," Resolved an issue with a stuck session that was setup from hub to HA spoke after a routing change."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48950 Application identification modify packet is dropped:"})," Packets with ",(0,r.jsx)(n.code,{children:"inline-modify"})," that traverse the BFD pinhole are now handled correctly."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48988 High CPU for packet processing core:"})," Resolved an issue where the CPU can spike to 100% after a failover from internode/interrouter path to local breakout when failover is enabled for local breakout."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49106 Degradation in performance during file rotation:"})," This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-49124 ",(0,r.jsx)(n.code,{children:"show network-interface application"})," always has ",(0,r.jsx)(n.code,{children:"unavailable"})," router name:"]})," This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49134 DHCP server does not work when device IDs on HA interface do not match:"})," Resolved an issue where a DHCP server interface may instead forward DHCP requests through the ",(0,r.jsx)(n.code,{children:"service-area"})," and out to the WAN."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49157 Poor GUI and PCLI performance for other users during a change/validate/commit operation:"})," Resolved the performance issue by optimizing the export config API."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-564-3",children:"Release 5.6.4-3"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," November 18, 2022"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-requiring-configuration-changes-6",children:"Resolved Issues Requiring Configuration Changes"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-48223 Add Application-specific information to ",(0,r.jsx)(n.code,{children:"show sessions by-id"}),":"]})," The following information has been added to ",(0,r.jsx)(n.code,{children:"show sessions by-id"}),":","\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsx)(n.li,{children:"domainName"}),"\n",(0,r.jsx)(n.li,{children:"uri"}),"\n",(0,r.jsx)(n.li,{children:"category"}),"\n",(0,r.jsx)(n.li,{children:"overrideServiceName"}),"\n",(0,r.jsx)(n.li,{children:"appStatsTrackingKey (combination of application, client ip, ingress-interface, next-hop, and traffic-class)"}),"\n"]}),"\n"]}),"\n"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-12",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48076 SSR Failover on GRE tunnels not working:"})," The base interface giid is now used to identify the state of a GRE tunnel next-hop."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48158 Unable to capture child services using session capture:"})," When a session capture is configured on a child service (e.g., ",(0,r.jsx)(n.code,{children:"social.internet"})," instead of ",(0,r.jsx)(n.code,{children:"internet"}),"), the session is now recorded."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48427 BGP ignoring multihop TTL (Time To Live) setting leading to invalid nexthop:"}),' Resolved an issue where BGP may temporarily "forget" about the TTL value configured for a neighbor.']}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48508 Keep-alive cache may cause worker core CPU spikes:"})," Resolved potential worker core utilization CPU spikes by utilizing aggressive keep-alive timeouts."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48600 Compare Session ID's to prevent flow collisions:"})," Re-use of sessions is prevented when waypoint pool is exhausted and sessions linger on egress router."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48685 GUI and/or PCLI unresponsive:"})," Resolved an issue where on an HA conductor the user interface would become unresponsive if a managed router was offline or unreachable."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48686 Transmitted packet buffers held too long:"})," The packet pool sizing has been adjusted to prevent pool depletion when local.init overrides for descriptor counts are present."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-48731 Sessions created on a ",(0,r.jsx)(n.code,{children:"fin-ack"})," may get stuck:"]})," Resolved an issue where, if tcp-state-enforcement is set to allow, a TCP session is established from a fin-ack may not get torn down in a timely manner."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"WAN-1372 Improve CPU Usage Reporting:"})," Devised a more efficient collection scheme to minimize the CPU impact when collecting the CPU and memory data."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-563-6",children:"Release 5.6.3-6"}),"\n",(0,r.jsxs)(n.admonition,{type:"important",children:[(0,r.jsx)(n.p,{children:"The following issue has been discovered in the releases listed here:"}),(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsx)(n.li,{children:"5.6.2"}),"\n",(0,r.jsx)(n.li,{children:"5.6.3"}),"\n"]}),(0,r.jsx)(n.p,{children:"If an HA Conductor queries a disconnected router from the Conductor GUI Router page or from the Conductor PCLI, the conductor may encounter periods of poor performance until the requests time out. The issue has been resolved in the next patch release with I95-48685."}),(0,r.jsx)(n.p,{children:"For immediate resolution on the impacted releases, contact Juniper Technical Support, or your SE."})]}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," November 7, 2022"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-13",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-32789 Peer metrics unavailable after Conflux synchronization:"})," Resolved an issue with HA routers where the metrics application stops streaming metrics to the peer node after loading configuration."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-43302 Rename Third-Party menu text:"})," The menu text has been changed to ",(0,r.jsx)(n.strong,{children:"External"})," to more accurately reflect the links to other Juniper platforms."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44957 Azure is not able to identify the asset-id of the depolyed conductor and router:"})," The Azure ID has been modified to a value that can be processed by Azure."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45478 Segmentation Fault in the Dynamic Peer Update process:"})," Resolved an issue with multi-threaded access to a data member, leading to a segmentation fault."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46561 Peer table Sort by Destination does not work consistently:"})," Resolved an issue with sorting for Peer Path Source/Destination columns in the GUI."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46677 Modify GUI to not resize dashboard tiles:"})," Dashboard tiles now do not resize when the window is resized."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46879 ICMP error responses are not NATed when sent over SVR:"})," Certain ICMP error messages can now be encapsulated over SVR when enabled within the neighborhood or adjacency configuration: Flows that are UDP over SVR are able to have their ICMP error messages encapsulated."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46904 Labels in Reachability Profile are not correct:"})," Added missing labels to Traffic Class and Time to Establishment information screens."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47075 Disable weak SSH ciphers:"})," Resolved issues where the remote SSH server was configured to allow weak key exchange algorithms on ",(0,r.jsx)(n.code,{children:"tcp/22"})," and ",(0,r.jsx)(n.code,{children:"tcp/930"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47271 VRRP Alarm for Backup becoming Primary:"})," There is now an alarm when the backup VRRP node in an HA pair takes over as the primary."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47438 ESP Session Missing:"})," Resolved an issue that created stuck sessions when a NAT device was rebinding and failing to establish sessions from reverse packets."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47475 Session capture not downloadable for a read only user:"})," Adjusted permissions to provide access to session capture files to read-only users."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47476 Session table associated paths not scalable, scroll bar hidden:"})," The Session Table window has been enlarged to more clearly show information."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47529 Outbound-only sessions get stuck after NAT rebinding:"})," Resolved an issue that created stuck sessions when a NAT device was rebinding and failing to establish sessions from reverse packets."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47642 Plugin state summary (table view) for HA router overlays both nodes:"})," The Plugin state table has been separated by node."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47787 Worker core packet processing spikes to 100%:"})," Added the ability to tune the ",(0,r.jsx)(n.a,{href:"/docs/config_reference_guide#reverse-packet-session-resiliency",children:"Reverse Packet Session Resiliency"})," ",(0,r.jsx)(n.code,{children:"Minimum Packet Count"})," (default is 3) and ",(0,r.jsx)(n.code,{children:"Detection Interval"})," (default is 5) settings for session failover without requiring forward packet, and resolved the underlying issue that caused excessively high worker-core CPU."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47909 Handle GRE tunnels in ICMP reachability probe:"})," The base interface for egress is now used if the ",(0,r.jsx)(n.code,{children:"icmp-probe probe-address"})," is the same as the tunnel destination, and the ",(0,r.jsx)(n.code,{children:"internal-address"})," is used as the source if the ",(0,r.jsx)(n.code,{children:"egress-interface"})," is ",(0,r.jsx)(n.code,{children:"gre-overlay"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47967 Cloud bootstrapper does not bootstrap the deployed Conductor:"})," Resolved an issue where the configuration was being rejected by the cloud bootstrapper when the device was a conductor."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48019 Issue with deleting a flow on reverse metadata:"})," Resolved an issue that created stuck sessions when a NAT device was rebinding and failing to establish sessions from reverse packets."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48103 Commit triggered BGP issue:"})," Resolved an issue where BGP neighbors configured with a short hold time might experience a BGP session flap during a configuration commit when app-ID is enabled."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48108 Service Ping for a Service without Source NAT uses Source IP Address:"})," The service-ping now uses the source-ip as the packet source-ip if provided."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48125 Save TSI streaming from router to conductor not working:"})," Adding a node and router argument to the PCLI command ",(0,r.jsx)(n.code,{children:"save tech-support-info"})," now works correctly."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48138 Enabling metadata only works for packets that match the port-range specified:"})," Resolved this issue by identifying the specific flow, and enabling reverse metadata for a that flow."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:'I95-48181 "Failed to send IPFIX interim record" log messages:'})," Changed log level from Error to appropriate logging level for the cases when ipfix records should not be generated."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48246 Peer path GQL query should provide a node filter:"})," Added a parameter to stats on peer-path so that the node can be overwritten."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48357 CoreDump on Failover with DSCP Steering:"})," Resolved an issue where DSCP Steering sessions would fail to move a flow under certain circumstances and, when using DSCP value 0, crash."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-483381 Race condition in session teardown:"})," Shared context is now maintained to allow all packet processing to be completed before session teardown."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48507 VLAN packets are generated without a valid VLAN from the flow-move cache:"})," Resolved an issue where sessions could be modified incorrectly when a VLAN is present and session resiliency is enabled for failover."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-562-7",children:"Release 5.6.2-7"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," October 4, 2022"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-requiring-configuration-changes-7",children:"Resolved Issues Requiring Configuration Changes"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-35571 Enhanced Syslog:"})," The SSR can be configured to send system generated events over a secure TLS or TCP connection to a remote-logging server for analysis and storage. For more information, see ",(0,r.jsx)(n.a,{href:"/docs/config_audit_event#secure-syslog-transport",children:"Secure Syslog Transport"})]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44863 Automatic Core Assignment after Reboot:"})," On systems where ",(0,r.jsx)(n.code,{children:"forwarding-core-mode"})," is set to ",(0,r.jsx)(n.code,{children:"automatic"}),", if the CPU core count changes the software will automatically recalculate the core count and allocation at reboot."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47077 Configuration options for User Accounts:"})," Added configuration options for number of login attempts before locking user account, and number of seconds that user account will be locked before being able to attempt to login again. For information, see ",(0,r.jsx)(n.a,{href:"/docs/config_password_policies",children:"Password Policies"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47418 Audit Events for Plugins:"})," A new audit event has been added that tracks when a plugin is installed or uninstalled. This can be viewed on the Audit History page in the GUI or in the PCLI by running ",(0,r.jsx)(n.code,{children:"show events type admin.plugin"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-14",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"The following CVE have been addressed and resolved:"})," I95-45056, I95-45059, I95-45060, I95-45123, I95-45165, I95-47482, I95-47483, I95-47484, I95-47485, I95-47805, I95-48048, I95-48049."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-39454 Created User cannot access PCLI operations:"})," Resolved an issue where in rare cases, during bulk user additions, it was possible for the operation to fail, leaving the new user created but unable to login."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-42320 BGP aggregate-address not working:"})," Add support for BGP address summarization."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44434 Peer metric sends IP of WAN interface instead of the expected string:"})," Logic has been added to show the available destination address."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44976 Highway issue when modifying an app-id session:"})," SSR software versions 5.1.5 and greater are susceptible to a crash during a flow migration when ",(0,r.jsx)(n.code,{children:"application-identification"})," is enabled (modes ",(0,r.jsx)(n.code,{children:"tls"})," or ",(0,r.jsx)(n.code,{children:"all"}),") on spoke to hub traffic traversing over SVR. The condition occurs for sessions migrating that have timed out or that are traversing the ha-fabric link in the reverse direction."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45847 Duplicate Alarms on Multiple Routers:"})," Resolved duplicate alarms by obtaining alarms from only one node in an HA pair."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-46056 ",(0,r.jsx)(n.code,{children:"show ntp"})," has no output from PCLI, even though NTP is configured:"]})," The output of show ntp will now report IP addresses of the time servers rather than resolve hostnames."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46126 Router Status:"})," Resolved an issue in HA configurations when a router is connected to HA Conductor 1, but not directly connected to HA Conductor 2, alarms generated on the router are now seen on Conductor 2 - the conductor to which the router is not directly connected."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46281 Update Kernel to RHCK 8.6:"})," Updated the kernel to integrate the latest security fixes."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46545 Conductor Validation passing when a URL is configured in a Parent Service:"})," Validation for application-identification has been updated to include URL and subcategory."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46641 Modem lockup after reset on dual LTE system:"})," Resolved an issue with dual LTE modem lockup after reset."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46662 Tenant prefix differences on two HA router nodes are not validating correctly:"})," Added a validation check to ensure that the tenant-prefixes between two redundant interfaces are identical."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46701 Packet Loss on Headend Router:"})," Added device-interface rx/tx descriptor ring size to resolve this issue."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46807 Validation insufficient for reachability-detection:"})," Added validation logic to report and error when ",(0,r.jsx)(n.code,{children:"service-route > reachability-detection"})," was configured, but neither ",(0,r.jsx)(n.code,{children:"icmp-probe-profile"})," or ",(0,r.jsx)(n.code,{children:"reachability-profile"})," exist."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46826 Carrier detection logic not recognizing disaster recovery modem:"})," Updated the carrier detection logic to properly recognize the carrier when a modem is attached to a disaster recovery cell tower."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46918 GUI and PCLI out of sync when new configuration elements added/modified:"})," Resolved an issue where ",(0,r.jsx)(n.code,{children:"show network-interface"})," and ",(0,r.jsx)(n.code,{children:"show config"})," were not updating properly."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46919 LDAP Users Not Shown in GUI Users Display:"})," Updated username requirements and the ability to identify issues with usernames not meeting those requirements. See ",(0,r.jsx)(n.a,{href:"/docs/config_password_policies",children:"Username and Password Policies"})," for username requirements."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-46921 ",(0,r.jsx)(n.code,{children:"128status.sh"})," script incorrectly checks for non-existent listening port:"]})," Removed port 830 check for software versions 5.3.0 and greater"]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46966 BGP Connection Restarts on SVR Peer Failover:"})," Resolved an issue with FIB entry setup that was causing BGP connection reset when the session fails over."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47129 Metadata is not disabled after flow-move for EoSVR sessions:"})," Added a metadata turnoff after session failover for EoSVR."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47336 Running configuration change events are missing:"})," Updates have been made to include ",(0,r.jsx)(n.code,{children:"username"})," in the running configuration change events log."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47414 Skip the AD lookup in highway for ICMP:"})," ICMP is now skipped during AD lookup to keep the App stats reults relevant."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47437 TSI creation is leading into Network Failure - BGP BFD went down:"})," Refined the output for TSI to prevent failures."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47537/I95-47556 Synchronize writing to files to avoid a race condition:"})," Added a common file lock to synchronize writes."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47551 Keep-alives are not generated for unidirectional outbound-only sessions:"})," Resolved an issue with keep-alive generation for unidirectional outbound-only sessions."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47552 LTE modem not coming up after upgrade:"})," Resolved an issue with modem detection and port scanning for Quectel EC25."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47585 Transmit-failure increments when TE is enabled:"})," When ",(0,r.jsx)(n.code,{children:"device-interface traffic-engineering"})," is enabled, the ",(0,r.jsx)(n.code,{children:"stats/packet-processing/sent/interface-failure"})," statistic is no longer erroneously incremented."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47655 BGP issues with VRRP:"})," VRRP failover may cause routing to not function if internal device numbering is not consistent across the redundant nodes."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:'I95-47767 Next Hop choice of "Blackhole" does not stay visible in Conductor:'})," This option was displayed in error, as the option is ignored. It has been removed."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47872 App-ID summary tracking of failed sessions still incremented when feature disabled:"})," App-ID stats tracking for failed sessions now checks the feature enabled flag and responds appropriately."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:["\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"I95-47969 Increased Memory use when generating TSI:"})," Resolved an issue where the ",(0,r.jsx)(n.code,{children:"save runtime-stats"})," command and TSI generation could result in particularly high memory usage when Application Identification was enabled."]}),"\n",(0,r.jsxs)(n.p,{children:["The ",(0,r.jsx)(n.code,{children:"save runtime-stats"})," command no longer operates across multiple nodes and routers, and will not aggregate the metrics to disk on the conductor. This is to protect against excessive memory consumption. This is a change in functionality; however the public metrics APIs achieve the same result and are the preferred mechanism to collect authority wide metrics."]}),"\n"]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47981 Ignore VRRP advertisements if the VRID doesn't match:"})," The VRID is now validated before accepting an advertisement to resolv an issue where VRRP advertisements intended for a different router were being processed."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48018 APP-ID implementation with proxy web server unable to identify traffic correctly:"})," Resolved an issue reading certain HTTP headers that was causing Application Identification to miss them."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48038 502 Error returned if managed routers are offline:"})," Resolved an issue that caused HTTP requests on the conductor to return a 502 error for all requests if a managed router is offline."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-561-18",children:"Release 5.6.1-18"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," August 1, 2022"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-requiring-configuration-changes-8",children:"Resolved Issues Requiring Configuration Changes"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-35610 Session Failover without a Forward Packet:"})," A keep-alive mechanism has been added for flow moves. When flow move is triggered, the SSR detects inactivity in forward traffic and generates a keep-alive packet in the forward direction."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-40195 LDAP does not allow search base to be configured correctly:"})," Search base parameters, filter generation, certificate assurance, and logging enhancements have been added to the ",(0,r.jsx)(n.code,{children:"ldap-server"})," configuration. See ",(0,r.jsx)(n.a,{href:"/docs/config_ldap",children:"LDAP"})," for more information."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-40333 Save credentials for accessing SSR software repositories:"})," ",(0,r.jsx)(n.code,{children:"set software access-token"})," is a new PCLI command to save credentials for accessing SSR software repositories. This provides a way to run ",(0,r.jsx)(n.code,{children:"install128t repo authenticate"})," without dropping to a linux shell. For additional information on this command, see ",(0,r.jsx)(n.a,{href:"/docs/cli_reference#set-software-access-token",children:(0,r.jsx)(n.code,{children:"set software access-token"})}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-43048 NIST FIPS Validated Cryptography:"})," FIPS Enforcement Mode has been added to the package-based installation processes. Refer to ",(0,r.jsx)(n.a,{href:"/docs/intro_installation_bootable_media#fips-enforcement-mode",children:"FIPS Enforcement Mode"})," for details."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-43785 DSCP Tag Preservation:"})," When set to ",(0,r.jsx)(n.code,{children:"true"})," the ",(0,r.jsx)(n.code,{children:"preserve-dscp"})," command allows you to preserve DSCP values that have been set in a service class or received on a LAN-Interface, over an SVR path. See ",(0,r.jsx)(n.a,{href:"/docs/config_dscp_preservation",children:"DSCP Preservation"})," for more inforamation."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44769 Add Linux system logs to the Tech Support Information data:"})," This patch allows for customizations of the systemd journal content included in the ",(0,r.jsx)(n.code,{children:"tech-support-info"})," bundle, and includes additional default content."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44863 Automatic Core Assignment after Reboot:"})," On systems where ",(0,r.jsx)(n.code,{children:"forwarding-core-mode"})," is set to ",(0,r.jsx)(n.code,{children:"automatic"}),", if the CPU core count changes the software will automatically recalculate the core count and allocation at reboot."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44870 Mist Self-Registration and Onboarding:"})," Onboarding a Mist Managed SSR instance can be accomplished as part of the installation process. For details, refer to the steps to ",(0,r.jsx)(n.a,{href:"/docs/intro_installation_image#associate-the-router-with-mist",children:"Associate the Router with Mist"})," as part of the image-based installation."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45670 BGP Conditional Advertisement:"})," When an SSR prefers a given provider for outbound traffic, it can now be configured to receive locally destined traffic specifically from that provider. For details and configuration information, see ",(0,r.jsx)(n.a,{href:"/docs/config_bgp#bgp-conditional-advertisement",children:"BGP Conditional Advertisement."})]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45679 Round trip time to packet acknowledgement:"})," A new TCP metric that samples round trip time from data sent to acknowledgement has been added."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46562 Allow targeting another router or node when saving tech-support-info:"})," GUI: A button has been added to the ",(0,r.jsx)(n.strong,{children:"Logs"})," page in the GUI to download a tech-support-info bundle. This allows downloading a router's ",(0,r.jsx)(n.code,{children:"tech-support-info"})," directly from the Conductor GUI. ",(0,r.jsx)("br",{}),"\nPCLI: The PCLI command ",(0,r.jsx)(n.code,{children:"save tech-support-info"})," can now collect logs from another node. Using the Conductor's PCLI, a ",(0,r.jsx)(n.code,{children:"tech-support-info"})," bundle can be collected from a Managed Router or the HA peer."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46747 Improved the Password user experience:"})," You now are re-propmpted up to three times for the current password if it is incorrect. If a new password does not meet the strength check, you are prompted with that information, and required to update the password."]}),"\n"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-15",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"The following CVE have been addressed and resolved:"})," I95-45054, I9-45056, I95-45059, I95-45060, I95-45165, I95-46020, I95-46359."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-35228 DHCP waypoint addresses not displayed on standby node in UI:"})," Resolved an issue where the PCLI logic was not matching the GUI Network Interface table."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-39274 DNS-based services kill asset connection resiliency:"})," Resolved an issue where an internal commit was bouncing the kni254 interface and causing a series of connection resets."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-42438 Save Tech Support tries to run when SSR service is down:"})," In situations where the PCLI is still active, but the SSR service is down, trying to run ",(0,r.jsx)(n.code,{children:"save tech support"})," will appear to work, but does not return any info. This issue has been resolved, and will return a message when information is not retrievable."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-43606 No communication between Routers:"})," In rare instances the BFD Pinhole feature experienced collisions between forward session flows. Session modification has been addressed and collisions are now avoided."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-43779 DHCP IP Address not releasing appropriately:"})," When the cable is physically disconnected and reconnected from DHCP-enabled interfaces, the interfaces are now triggered to send out a DHCP Request for their current IP address."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:'I95-44001 Peer uptime showing "Unavailable":'})," Peer path uptime now displays the correct values."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44548 Application Summary Sort Order:"})," Resolved an issue with the Application Summary sort order changing unintentionally."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44551 DHCP Relay not working after upgrade:"})," A packet for traffic matching a summary service may be dropped because it was incorrectly flagged as hierarchical on the SVR peer. Well known non-hierarchical services such as DHCP relay will no longer perform hierarchical service checks on the peer."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44726 Invalid return code returned by T1 card firmware creating a memory leak:"})," Resolved a buffer leak in the wanpipe driver."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44988 SSR Stuck in Upgrade status:"})," Improved logging to detect when an installer session is started and there is an already an active interactive installer session; for example when an interactive installer session was left open."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45094 Unnecessary rotation of salt minion config:"})," Resolved an issue where the global.init and salt minion config are unnecessarily rotated and updated with no changes to the actual contents of the file."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45126 Split-brain after the sync interface goes down:"})," Resolved an issue that if the SSR software experienced a crash while it owned an interface from an X553 device, other devices hosted by the same chip could be impacted."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-45164 ",(0,r.jsx)(n.code,{children:"show-active-peers"})," missing some information:"]})," Resolved a corner case where an RFC-compliant device ahead of a non-compliant device with a smaller MTU, the SSR misinterprets the non-compliant device's timeouts and the MTU will be unresolvable."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45271 Error while trying to change appearance or selecting custom reports:"})," In some cases where error messages are vague, a path to the error location is provided."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45372 Filters in the Routers Tab not working:"})," Resolved a logic issue with the GUI table."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-45489 ",(0,r.jsx)(n.code,{children:"ifcfg"})," custom options issues:"]})," Resolved an issue where interface ifcfg option changes were not being processed."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45814 No Bandwidth statistics visible in GUI:"})," Resolved an issue when processing high numbers of services and service routes which prevented a subset of stats from being stored and displayed."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-45842 PCLI ",(0,r.jsx)(n.code,{children:"show events"})," does not paginate correctly:"]})," This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45882 Rare case where an invalid DHCP server configuration generated:"})," This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45890 Service paths for BGP over SVR routes are not being rebuilt:"})," Resolved an issue when the vector configuration is changed on a network interface, the service paths for BGP over SVR routes are not being rebuilt."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45999 Azure Router Crash:"})," Added support for NetVSC/VF hotswapping to resolve this issue."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46055 Add warning when transmit caps are too low:"})," Users now get a warning when configuring a traffic-engineering transmit-cap under 1Mbps."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46114 SSR flooded with Highway messages:"})," The chatty ",(0,r.jsx)(n.code,{children:"InterfaceMap::Exception: Unable to find path to peer"})," highway log has been suppressed."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46136 Unused Application ID stats not being purged fast enough:"})," Resolved an issue where application ID stats tracked per client, per app, per next-hop are not cleaned up when inactive."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46169 RIB Doesn't Update Connected Route After Changing Network Interface Address Prefix from /24 to /27:"})," Resolved an issue when changing the prefix length for a network interface address, the RIB was not updated and routing protocols were not aware of the change."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46230 Highway Crash:"})," Resolved an issue where uncaught exceptions were causing highway issues."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46314 Configuring Static Assignment with Client-Identifier Causes DHCP failure:"})," Updated config validation to verify that, within a single DHCP server host-service, all static assignments use unique client-identifiers."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46332 VRRP Does Not Work with Ethernet Controller X710 for 10GbE SFP+:"})," Configuring VRRP on an Intel X700 series NIC can see discard broadcast packets due to the source pruning feature which is enabled by default. This change disables source pruning when VRRP is enabled on these NICs."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-46411 PPPoE over VLAN interface status missing in ",(0,r.jsx)(n.code,{children:"show"})," commands:"]})," Added atttribute to show the missing information."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46419 Forward Error Correction (FEC) with OutBound Only Fails:"})," Resolved an issue where FEC actions are not installed properly after the modifcation to resolve the outbound only path."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46454 ICMP manager excessively logs ICMP echo replies with no matching context:"})," This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-46458 ",(0,r.jsx)(n.code,{children:"set password"}),' from PCLI hangs at "Modifying password":']})," This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46613 Flow move may not happen without forward packet for outbound only sessions:"})," Resolved an issue that when a session has been idle for more than 10 seconds, sessions for outbound-only connections may not failover properly without a forward packet."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46641 Modem lockup after reset on dual LTE system:"})," Resolved an issue with dual LTE modem lockup after reset."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46822 Revertible failover traffic not restored when reverse traffic is present:"}),' For a "revertible-failover" service policy, when the preferred path is restored and a session no longer traverses an internode dogleg path, it was taking several seconds for traffic to be restored when forward traffic is present; in situations where only reverse traffic is present, traffic may not be restored. This issue has been resolved.']}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46931 Hardware using ConnectX6-DX fails to initialize:"})," Added support for this card variant."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46959 PPPoE over VLAN not working when target interface is down:"})," Added code to bring up parent interface before VLAN interface."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47111 Issues with redundant interfaces on startup:"})," Resolved an issue where the notifications for active interfaces may get lost when using VRRP for redundancy."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-560-44",children:"Release 5.6.0-44"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," May 20, 2022"]}),"\n",(0,r.jsx)(n.h3,{id:"new-features",children:"New Features"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-10056 RADIUS support for Multi-Factor Authentication:"})," Integration between Radius user access and Role-based Access Control allows the SSR to support Multi-Factor Authentication using Yubikey."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-200118 Configuration Concurrency at Scale:"})," Support for multiple users concurrently editing the SSR configuration is now supported. For more information, see ",(0,r.jsx)(n.a,{href:"/docs/config_basics#candidate-configuration",children:"Candidate Configuration"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-32820 and I95-41915 STEP High Availability:"})," See ",(0,r.jsx)(n.a,{href:"/docs/config_step_ha",children:"STEP High Availability"})," for more information."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-37417 Additional factory default session-type configuration:"})," Added factory-default session-types for NetBIOS Name Service, NTP, and LDAP over UDP."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-37648 Configurable Password Policy:"})," The SSR password policies have been updated to provide a more secure experience. See ",(0,r.jsx)(n.a,{href:"/docs/config_password_policies",children:"Password Policies"})," for additional information."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-38430 Support for PPPoE over VLAN:"})," Added support for PPPoE over VLAN. See ",(0,r.jsx)(n.a,{href:"/docs/howto_pppoe_vlan",children:"VLAN Support on a PPPoE Interface"})," for configuration information."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-39712 Hierarchical Service Inheritance For STEP Learned Routes:"})," Child services now inherit routes of their parent services, when the parent route is learned through STEP. For more information see ",(0,r.jsx)(n.a,{href:"/docs/config_STEP#hierarchical-services",children:"Hierarchical Services."})]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-40130 Factory Defaults for Conductor Communication:"})," Added SaltStack, Conductor, and IKE default session-types. For new deployments, SIP, SIPS, and IPSEC-NAT use NAT Keep Alive by default, and the timeout for IPSEC-NAT is 125 seconds."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-40660 Kernel Upgrade:"})," The OS kernel has been upgraded to address several CVEs and provide support for Wireguard and Cordoba."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-41449 NTP Authentication with SHA1 or better:"})," Support for NTP authentication provides options for external NTP server authentication. See ",(0,r.jsx)(n.a,{href:"/docs/config_ntp_auth",children:"NTP Authentication"})," for more information."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-41509 STEP Route Computation enhancements:"})," STEP uses additional service policy information when computing the best path scenario. See ",(0,r.jsx)(n.a,{href:"/docs/config_STEP#route-computation",children:"STEP Route Computation"})," for more information."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-41557 Software Lifecycle Management:"})," The download, upgrade, and software lifecycle process is more easily managed from a single location in the GUI. See ",(0,r.jsx)(n.a,{href:"/docs/upgrade_router#upgrade-using-the-conductors-gui",children:"Software Lifecycle"})," for additional information."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-42483 STEP Page in the GUI:"})," ",(0,r.jsx)(n.a,{href:"/docs/howto_STEP_GUI",children:"The STEP page in the GUI"})," provides graphical representations of STEP data."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-42887 Real-time alerts for Audit failure events:"})," A service has been added a service that warns all logged in users if auditd fails to start and audit logging capability is impacted. See ",(0,r.jsx)(n.a,{href:"/docs/config_audit_event#basic-configuration",children:"Audit Events"})," for more information."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-42888 Logout mechanism for administrator-initiated communication sessions:"})," A PCLI command and audit log are available to verify session closure."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-43039 File permissions, ownership/membership of system files and commands remain static:"})," Unauthorized or unintended changes are not introduced during the operation of the SSR Software."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-43040 Non-certificate trusted host is not allowed SSH logon to the system:"})," The SSH daemon performs strict mode checking and does not allow a non-trusted host SSH to logon to the system."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-43041 Datagram Congestion Control Protocol (DCCP) kernel module is disabled unless required:"})," The DCCP module is prevented from loading unless it is specifically required."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-43047 Local initialization files do not execute world-writable programs:"})," The directories are not world-writable."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-43049 The audit system notifies the user when there is an error sending audit records to a remote system:"})," Remote logging for audit logs and appropriate messaging has been added. See ",(0,r.jsx)(n.a,{href:"/docs/config_audit_event#basic-configuration",children:"Audit Events"})," for more information."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-43050 Strict mode checking of home directory configuration files:"})," The SSH daemon performs strict mode checking home directory configuration files."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-43051 Remote X connections are disabled except to fulfill documented and validated requirements:"})," X server is disabled as part of the mode checking of home directory configuration files."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-43496 BFD for Routing Protocols:"})," BFD support for BGP and OSPF protocols has been added. See ",(0,r.jsx)(n.a,{href:"/docs/config_bfd",children:"Optimizing Routing Protocols: BFD"})," for more information."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"resolved-issues-16",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-36758 Redistributed service route distance not configurable:"})," Support has been added for the configuration of admin distance for kernel routes generated by services with service routes and for BGP over SVR services."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-38408 DHCP server on wrong vlan sends offer in response to discover message:"})," Hosted DHCP servers that do not have an explicit vlan configured are now explicitly treated as vlan 0, and handle any DHCP packets that are untagged/vlan 0, in order to prevent those packets from being multicasted to multiple DHCP servers."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-40904 Power save mode not working:"})," This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-41992 Warning for Rate-Limit with Flow-Limit values at 0:"})," A warning has been added to advise users that this will cause dropped packets."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-43239 LTE APN on Modem not set up correctly:"})," The APN is now always written to the the modem using the default index of 1."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44142 Automated Provisioner Race condition:"})," Resolved a rare crash where applications would attempt to get information about already-closed sockets when responding to API requests."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44435 Save Tech Support should include Service Paths:"})," ",(0,r.jsx)(n.code,{children:"save tech-support-info"})," includes ",(0,r.jsx)(n.code,{children:"show service-path"})," and ",(0,r.jsx)(n.code,{children:"show rib"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44722 Time series HMAC failures after rebooting node in HA router:"})," Device interfaces are flushed upon becoming active to avoid handling of packets which have been delayed due to inactivity."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44726 Invalid return code returned by T1 firmware creating a memory leak:"})," Resolved a buffer leak in the wanpipe driver."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44823 Conductor upgrade failure - extra space in integer is invalid:"})," Extra spaces on integer types are now trimmed off to avoid this issue."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:'I95-44854 Extra "Application" column in Top Sessions panel:'})," The extra column has been removed."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44913 kmod-i40e metapackage causing upgrade issues:"})," The metapackage has been removed and upgrade issues have been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44985 Update salt-minion minimum version to resolve CVEs:"})," This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44991 SSR not passing Aruba data on GRE Tunnels:"})," Resolved an issue where GRE packets with reserved bit in the header are incorrectly dropped as invalid."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45063 SSR azure instances unstable on large machine types:"})," Resolved an unpgrade issue causing instability in Azure instances using Mellanox5."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45113 snmp override of the IfTable:"})," An issue with SNMP reporting has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45123 CVE Issue:"})," The latest Security vulnerabilities have been identified and addressed."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45124 RBAC Config Endpoints Leaking Information:"})," Resolved an issue where some configuration endpoints would allow users with incorrect permissions make requests."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45146 GUI error message for users authenticated by LDAP to Active Directory Server:"})," This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45162 Improve download/upgrade error message if a router name does not exist:"})," In situations where a router does not exist, the download and upgrade message now indicates that the router does not exist."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45211 New users run into permissions errors:"})," Access Control Lists are now preserved on file rotations."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45220 Conductor local forwarding parameters not dynamic:"})," Resolved an issue when transitioning a conductor from standalone to HA the managed routers were not automatically connecting to the newly added conductor node."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45268 Third-party-drivers rpm install hung:"})," Resolved an issue where the installation hangs when running a post-install scriptlet. The script is not necessary at that stage and has been disabled."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45348 Update salt master and minion to 3002.8:"})," This update resolves several CVE and requires that the conductor must be running this release containing these fixes ",(0,r.jsx)(n.strong,{children:"before"})," upgrading a router.\n",(0,r.jsx)(n.strong,{children:"Important"})," Please see the Caveat below for additional important information about HA upgrades."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45374 Router Dropping SIP traffic:"})," A warning is displayed if users configure a service-class to rate-limit but don't set max-flow-burst/max-flow-rate values (default is set to 0)."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45541 LDAP users are unable to login to the PCLI due to permission errors:"})," This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45559 Corrupted resolv.conf after ODM imaging:"})," Resolved an issue on SSR systems running dns-proxy services with external interfaces configured using PEERDNS=yes, where a race condition may occur that results in corrupt nameservers being added to the /etc/resolv.conf file."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45583 HA Connection lost during commit:"})," Resolved an issue where session was missing necessary path data information relating to the peer path."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45618 MAC address issue in Azure environment:"})," Non-ethernet MAC addresses are now handled correctly during MLX device discovery."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45641 Stuck BGPoSVR Sessions after Failover:"})," Made changes to provide updates to less specific FIB entries when routes are updated to resolve this issue."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45643 User created users missing after upgrade:"})," Resolved an issue where the XML values true/false are also handled as 1/0."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45696 Memory leak in pam challenge library:"})," Resolved a memory leak in the PAM challenge library."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45779 LDAP user login blocked during HA upgrade:"})," Resolved an issue where the LDAP user login was blocked until the upgrade was complete on both HA conductors."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45761 SSH ClientAliveInterval change:"})," The SSH ",(0,r.jsx)(n.code,{children:"ClientAliveInterval"})," has been reset to 900."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45783 User home directories different across the topology during upgrade:"})," Resolved an issue with incorrect LDAP user roles during upgrade."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:'I95-45816 "TCP State Stream Parse Error" filling up the flpp.log:'})," This log issue has been addressed."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"caveats-2",children:"Caveats"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45348: Update salt master and minion to 3002.8:"})," When upgrading an HA pair to version 5.6.0, please be aware of the following: While updating the conductors in an HA pair, the upgraded conductor node asset state will remain DISCONNECTED if the active ",(0,r.jsx)(n.code,{children:"automatedProvisioner"})," is not running a corrected version. When performing an HA conductor upgrade the node running the oldest software assumes leadership. However, the older version will not be able to talk to the new software on the upgraded conductor."]}),"\n"]}),"\n",(0,r.jsxs)(n.p,{children:["The active ",(0,r.jsx)(n.code,{children:"automatedProvisioner"})," can be determined by running the command ",(0,r.jsx)(n.code,{children:"show system processes"}),". Once the upgrade begins on the old node, the newly upgraded conductor takes over."]}),"\n",(0,r.jsx)(n.h4,{id:"corrected-versions",children:"Corrected Versions"}),"\n",(0,r.jsxs)(n.table,{children:[(0,r.jsx)(n.thead,{children:(0,r.jsxs)(n.tr,{children:[(0,r.jsx)(n.th,{children:"Router Software Version"}),(0,r.jsx)(n.th,{children:"Minimum Required Conductor Version"})]})}),(0,r.jsx)(n.tbody,{children:(0,r.jsxs)(n.tr,{children:[(0,r.jsx)(n.td,{children:"5.6.0"}),(0,r.jsx)(n.td,{children:"5.6.0 or later"})]})})]})]})}function h(e={}){const{wrapper:n}={...(0,i.R)(),...e.components};return n?(0,r.jsx)(n,{...e,children:(0,r.jsx)(c,{...e})}):c(e)}},28453:(e,n,s)=>{s.d(n,{R:()=>t,x:()=>a});var r=s(96540);const i={},o=r.createContext(i);function t(e){const n=r.useContext(o);return r.useMemo((function(){return"function"==typeof e?e(n):{...n,...e}}),[n,e])}function a(e){let n;return n=e.disableParentContext?"function"==typeof e.components?e.components(i):e.components||i:t(e.components),r.createElement(o.Provider,{value:n},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/26681f38.f1723c5e.js b/assets/js/26681f38.f1723c5e.js deleted file mode 100644 index 4651ae9da7..0000000000 --- a/assets/js/26681f38.f1723c5e.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunk_128t_docs=self.webpackChunk_128t_docs||[]).push([[9941],{399:(e,n,s)=>{s.r(n),s.d(n,{assets:()=>l,contentTitle:()=>t,default:()=>h,frontMatter:()=>o,metadata:()=>a,toc:()=>d});var r=s(74848),i=s(28453);const o={title:"SSR 5.6 Release Notes",sidebar_label:"5.6"},t=void 0,a={id:"release_notes_128t_5.6",title:"SSR 5.6 Release Notes",description:"Issues resolved in a release are merged into subsequent releases chronologically AND lexicographically.",source:"@site/docs/release_notes_128t_5.6.md",sourceDirName:".",slug:"/release_notes_128t_5.6",permalink:"/docs/release_notes_128t_5.6",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{title:"SSR 5.6 Release Notes",sidebar_label:"5.6"},sidebar:"docs",previous:{title:"6.0",permalink:"/docs/release_notes_128t_6.0"},next:{title:"5.5",permalink:"/docs/release_notes_128t_5.5"}},l={},d=[{value:"Upgrade Considerations",id:"upgrade-considerations",level:3},{value:"Release 5.6.15-1",id:"release-5615-1",level:2},{value:"Resolved Issues",id:"resolved-issues",level:3},{value:"Release 5.6.14-7",id:"release-5614-7",level:2},{value:"Resolved Issues",id:"resolved-issues-1",level:3},{value:"Release 5.6.13-7",id:"release-5613-7",level:2},{value:"Resolved Issues",id:"resolved-issues-2",level:3},{value:"Release 5.6.12-1",id:"release-5612-1",level:2},{value:"Resolved Issues",id:"resolved-issues-3",level:3},{value:"Release 5.6.11-4",id:"release-5611-4",level:2},{value:"Resolved Issues Requiring Configuration Changes",id:"resolved-issues-requiring-configuration-changes",level:3},{value:"Resolved Issues",id:"resolved-issues-4",level:3},{value:"Caveats",id:"caveats",level:3},{value:"Release 5.6.10-6",id:"release-5610-6",level:2},{value:"Resolved Issues Requiring Configuration Changes",id:"resolved-issues-requiring-configuration-changes-1",level:3},{value:"Resolved Issues",id:"resolved-issues-5",level:3},{value:"Release 5.6.9-3",id:"release-569-3",level:2},{value:"Resolved Issues Requiring Configuration Changes",id:"resolved-issues-requiring-configuration-changes-2",level:3},{value:"Resolved Issues",id:"resolved-issues-6",level:3},{value:"Release 5.6.8-9",id:"release-568-9",level:2},{value:"Resolved Issues Requiring Configuration Changes",id:"resolved-issues-requiring-configuration-changes-3",level:3},{value:"Resolved Issues",id:"resolved-issues-7",level:3},{value:"Release 5.6.7-4",id:"release-567-4",level:2},{value:"Resolved Issues Requiring Configuration Changes",id:"resolved-issues-requiring-configuration-changes-4",level:3},{value:"Resolved Issues",id:"resolved-issues-8",level:3},{value:"Release 5.6.6-7",id:"release-566-7",level:2},{value:"Resolved Issues Requiring Configuration Changes",id:"resolved-issues-requiring-configuration-changes-5",level:3},{value:"Resolved Issues",id:"resolved-issues-9",level:3},{value:"Caveats",id:"caveats-1",level:3},{value:"Release 5.6.5-5",id:"release-565-5",level:2},{value:"Resolved Issues",id:"resolved-issues-10",level:3},{value:"Release 5.6.4-3",id:"release-564-3",level:2},{value:"Resolved Issues Requiring Configuration Changes",id:"resolved-issues-requiring-configuration-changes-6",level:3},{value:"Resolved Issues",id:"resolved-issues-11",level:3},{value:"Release 5.6.3-6",id:"release-563-6",level:2},{value:"Resolved Issues",id:"resolved-issues-12",level:3},{value:"Release 5.6.2-7",id:"release-562-7",level:2},{value:"Resolved Issues Requiring Configuration Changes",id:"resolved-issues-requiring-configuration-changes-7",level:3},{value:"Resolved Issues",id:"resolved-issues-13",level:3},{value:"Release 5.6.1-18",id:"release-561-18",level:2},{value:"Resolved Issues Requiring Configuration Changes",id:"resolved-issues-requiring-configuration-changes-8",level:3},{value:"Resolved Issues",id:"resolved-issues-14",level:3},{value:"Release 5.6.0-44",id:"release-560-44",level:2},{value:"New Features",id:"new-features",level:3},{value:"Resolved Issues",id:"resolved-issues-15",level:2},{value:"Caveats",id:"caveats-2",level:2},{value:"Corrected Versions",id:"corrected-versions",level:4}];function c(e){const n={a:"a",admonition:"admonition",code:"code",h2:"h2",h3:"h3",h4:"h4",hr:"hr",li:"li",p:"p",pre:"pre",strong:"strong",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",ul:"ul",...(0,i.R)(),...e.components};return(0,r.jsxs)(r.Fragment,{children:[(0,r.jsxs)(n.admonition,{type:"info",children:[(0,r.jsx)(n.p,{children:"Issues resolved in a release are merged into subsequent releases chronologically AND lexicographically."}),(0,r.jsx)(n.p,{children:"If you do not see an issue listed below, it may have been resolved in another recently released version. A link to the Release Notes for the most recent chronological release of SSR Software is provided."}),(0,r.jsxs)(n.p,{children:["Alternatively, refer to the ",(0,r.jsx)(n.strong,{children:(0,r.jsx)(n.a,{href:"/docs/about_releases",children:"List of Releases"})})," page for release dates and links to all SSR Release Notes; or, if you know the Issue ID Number, enter that into the Search field at the top right of this page."]})]}),"\n",(0,r.jsx)(n.h3,{id:"upgrade-considerations",children:"Upgrade Considerations"}),"\n",(0,r.jsx)(n.admonition,{type:"important",children:(0,r.jsxs)(n.p,{children:["Before upgrading please review the ",(0,r.jsx)(n.a,{href:"/docs/intro_upgrade_considerations",children:(0,r.jsx)(n.strong,{children:"Upgrade Considerations"})})," and the ",(0,r.jsx)(n.a,{href:"/docs/intro_rollback",children:(0,r.jsx)(n.strong,{children:"Rolling Back Software"})})," pages. Several modifications have been made to the process for verifying configurations, which will impact existing configurations."]})}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-43243/IN-460 Upgrade and Rollback:"})," Upgrading or rolling back a system (conductor peer or router) with the interactive installer ",(0,r.jsx)(n.code,{children:"install128t"}),", that is managed by a conductor may result in the system becoming unresponsive. It is highly recommended that upgrades be performed through the conductor UI. Manual upgrades and rollbacks may not be resilient to failures. See ",(0,r.jsx)(n.a,{href:"/docs/intro_rollback",children:"Rolling Back Software"})," for more information on these operations."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-42452 Conductor Upgrade Time:"})," Upgrades to version 5.4 and above can take up to 40 minutes due to the number of rpms being upgraded. Please plan accordingly."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-42624 Upgrade Installer:"})," Before ",(0,r.jsx)(n.strong,{children:"upgrading to, or installing"})," version 5.4 and above, update the Installer to at least version 3.1.0. Failing to upgrade the installer may result in a rollback failure, should a rollback be necessary at any time. The Installer typically prompts you update when a new version is available. Select ",(0,r.jsx)(n.strong,{children:"Update"})," when prompted."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"Plugin Upgrades:"})," If you are running with plugins, updates are required for some plugins ",(0,r.jsx)(n.strong,{children:"before"})," upgrading the conductor to SSR version 5.4.0 or higher. Please review the ",(0,r.jsx)(n.a,{href:"/docs/intro_upgrade_considerations#plugin-configuration-generation-changes",children:"Plugin Configuration Generation Changes"})," for additional information."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-5615-1",children:"Release 5.6.15-1"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," June 27, 2024"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"The following CVE's have been identified and addressed in this release:"})," CVE-2024-2973"]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-5614-7",children:"Release 5.6.14-7"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," May 14, 2024"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-1",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"The following CVE's have been identified and addressed in this release:"})," CVE-2020-22218, CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952, CVE-2023-40217, CVE-2023-20569, CVE-2022-43552, CVE-2023-48795, CVE-2023-2176, CVE-2023-40283, CVE-2023-4623, CVE-2024-22019, CVE-2023-46724,CVE-2023-46728, CVE-2023-49285, CVE-2023-49286, CVE-2023-50269, CVE-2024-25617."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50697 RFC1918 sessions (private IP addresses) are reclassified in error:"})," When a session destined for a private IP (RFC1918) experiences an App-ID modify, the session will now only be reclassified if the classification data reflects a positive classification change."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52251 Changes to the conductor address on the router result in loss of ssh connection to the router:"})," Resolved an issue where changing the router level ",(0,r.jsx)(n.code,{children:"conductor-address"})," did not update the salt-created services with the new addresses."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52500 SVR multi-hop failover causes traffic to drop when using outbound-only:"})," Added a session ID lookup to resolve a situation where sessions failing between multi-hop SVR and direct SVR connections may lead to duplicate flow exceptions and dropped traffic."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53216 Unable to change password for users managed through external user databases (such as LDAP or RADIUS):"})," Resolved an issue that caused a Password Change dialog to appear for remotely authenticated users."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-54127 Users managed through external user databases (such as LDAP or RADIUS) cannot generate or view TSI:"})," Resolved an issue that did not provide a home directory for custom roles, which prevented LDAP users from viewing the systemd journal."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-54750 Load Balancer API Calls not working:"})," The original API and Swagger documentation used ",(0,r.jsx)(n.code,{children:"Load Balancer"}),", which was misleading. The ",(0,r.jsx)(n.code,{children:"Reachability Detection"})," REST APIs have been updated to use ",(0,r.jsx)(n.code,{children:"Reachability Detection"})," as reference, instead of ",(0,r.jsx)(n.code,{children:"Load Balancer"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-54833 HA port is showing as redundant:"})," Resolved an issue where adding a device-interface back into the configuration after it was removed did not recreate the device-state."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-54867 SSR-1300 baud rate set incorrectly:"})," Resolved an issue where the incorrect baud rate was allowed. The only allowed baud rate for the SSR is now 115200. This is the default rate."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-54918 Highway process crashed on the active node of a router:"})," Resolved a crash caused by a race condition when the last instance of a capture filter referencing a particular file-name is removed while a packet is in the process of being captured."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55069 One HA node is missing from the Mist GUI:"})," Resolved an issue where a managed router had an empty product version config metadata field, which resulted in the conductor version metadata field being cleared."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55164 Dropping GRE encapsulated packets:"})," Classification support for Enhanced GRE Header, version 1, as defined by RFC 2637 Point-to-Point Tunneling Protocol (PPTP) has been added."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55208 Asset fails to transition state and never reaches RUNNING:"})," In some cases where the RPM database may be corrupt or another process holds an indefinite lock, the highstate will block other processes from starting. A timeout has been added for the ",(0,r.jsx)(n.code,{children:"rpm -q"})," process in highstate to allow other processes to run."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55226 Validation incorrectly allows a network interface to be used as both DHCP relay and server:"})," The validation process has been updated to include several checks against DHCP relays, clients, servers, and access-policies."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55270 DHCP server not coming up:"})," Resolved an issue where a network namespace was using a namespace ID that was not cleaned up properly after removal."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55389 Queries for private domains with Websense classified as Miscellaneous:"})," Domains categorized by Websense as Uncategorized are now classified as Uncategorized/Uncategorized, rather than Miscellaneous/Uncategorized."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55550 node0 went down and did not fail over to node1:"})," Multiple disk errors caused corruption on the ",(0,r.jsx)(n.code,{children:"128T_root"})," filesystem causing it to enter ",(0,r.jsx)(n.code,{children:"read-only"})," mode and becoming non-responsive. To resolve this issue, issues in the filesystem now result in kernel panic mode, launching a reboot and in HA systems, failover. Additionally, the filesystem check is run to check and repair the filesystem."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-55586 GraphQL API returns ",(0,r.jsx)(n.code,{children:"IsActive"})," incorrectly if the ",(0,r.jsx)(n.code,{children:"device-interface"})," is ",(0,r.jsx)(n.code,{children:"vrrp_standby"}),":"]})," The ",(0,r.jsx)(n.code,{children:"router-peer-path"})," setting now returns the correct value when in ",(0,r.jsx)(n.code,{children:"vrrp-standby"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55591 Some network interface stats are not updated:"})," Some network interface stats are not updated with the port name when a device interface is renamed. Device interface name changes are now handled correctly, and ",(0,r.jsx)(n.code,{children:"network-interface"})," metrics are properly updated when ",(0,r.jsx)(n.code,{children:"device-interface name"})," changes."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55603 HA router stuck in connected state due to runtime corruption issue:"})," Resolved an issue causing an unzip race condition with Python files. The packaging and installation process has been improved to prevent this issue."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55762 Unable to view more than 50 prefixes in BGP:"})," Updated the routing engine to display all rows for BGP show commands if a count parameter is not specified."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55764 Race condition and highway crash with DHCP devices:"})," Resolved a race condition that caused a highway crash when the DHCP client is configured for LTE or PPPoE, and the respective link flaps prior to the lease being assigned."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55830 Rollback results in missing Admin user:"})," Resolved an issue where HA nodes running mixed versions of 5.6.0 or greater with versions less than 5.6.0, the admin user could be temporarily removed until both nodes were upgraded or rolled back to the same version."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-55848 / I95-56403 Session traffic is black-holed during path failover when ",(0,r.jsx)(n.code,{children:"nat-keep-alive"})," is in use:"]})," Resolved an issue where an outbound-only session with a ",(0,r.jsx)(n.code,{children:"nat-keep-alive"})," moved from a dogleg path to a direct inter-router path. This causes repeated session modifications on the hub side and drops reverse traffic."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55904 No service-paths seen after upgrade:"})," Resolved an issue where adding services with overlapping address prefixes prevented the configuration from being applied. For additional details, refer to the Knowledge Base article ",(0,r.jsx)(n.a,{href:"../kb/2024/04/24/I95-55904",children:"Upgrade from 5.6 to 6.1 may result in missing FIB entries"}),". "]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55912 Validate Patterns for Service Domains and URLs:"})," The ",(0,r.jsx)(n.code,{children:"url"})," and ",(0,r.jsx)(n.code,{children:"domain-name"})," fields on a service were an unformatted string. This allowed you to configure fields that would be silently discarded. The ",(0,r.jsx)(n.code,{children:"domain-name"})," and ",(0,r.jsx)(n.code,{children:"url"})," fields within services are now validated for correctness and viability from an App-ID perspective. Anything to be ignored during validation now triggers a config warning."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55949 Silicom Valencia Atom C1130 CPU flags are not properly detected:"})," Resolved an issue where the ",(0,r.jsx)(n.code,{children:"cpuinfo"})," parser fails due to a collision between the processor key name and value - the Silicom Valencia model name in the ",(0,r.jsx)(n.code,{children:"cpuinfo"})," contains the word ",(0,r.jsx)(n.code,{children:"processor"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-56263 Add ",(0,r.jsx)(n.code,{children:"show capacity"}),", and debugging commands to the TSI output:"]})," Support for additional information in the TSI output has been added."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-56475 HA-sync network interface shows warning after router upgrade:"})," Resolved an issue where non-forwarding interfaces would appear to be administratively down in the web UI when they were not."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-56492 Sessions configured for outbound-only with nat-keep-alive enabled experience reverse flow packet drops after flow migration:"})," A flow move from a WAN path to an inter-router path causes repeated session modifies on the hub side causing reverse traffic packet drops due to NAT keepalives incorrectly testing the failed WAN path for the migrated session. This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-56541 Include kernel journal entries in TSI:"})," A separate ",(0,r.jsx)(n.code,{children:"kernel.log"})," journal file is now created in the TSI output."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-56575 Reduce polling rate of disk monitoring and add optimization:"})," The ",(0,r.jsx)(n.code,{children:"ComponentDiskUtilizationMonitor"})," checks the disk usage too frequently and is inefficient. Reduced the frequency that disk usage is checked, and streamlined the process."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-56600 Add ",(0,r.jsx)(n.code,{children:"show tenant members"})," to the TSI output:"]})," ",(0,r.jsx)(n.code,{children:"show tenant members"})," and additional network scripts have been added to the TSI output."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-5613-7",children:"Release 5.6.13-7"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," January 30, 2024"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-2",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"The following CVE's have been identified and addressed in this release:"})," CVE-2022-41974, CVE-2023-32360, CVE-2023-22045, CVE-2023-22049, CVE-2022-41741, CVE-2022-41742, CVE-2020-12321, CVE-2023-2650, CVE-2023-3446, CVE-2023-3817, CVE-2023-3341, CVE-2023-22081, CVE-2022-0934, CVE-2023-46847, CVE-2021-43975, CVE-2022-28388, CVE-2022-3594, CVE-2022-3640, CVE-2022-38457, CVE-2022-40133, CVE-2022-40982, CVE-2022-42895, CVE-2022-45869, CVE-2022-45887, CVE-2022-4744, CVE-2023-0458, CVE-2023-0590, CVE-2023-0597, CVE-2023-1073, CVE-2023-1074, CVE-2023-1075, CVE-2023-1079, CVE-2023-1118, CVE-2023-1206, CVE-2023-1252, CVE-2023-1382, CVE-2023-1855, CVE-2023-1989, CVE-2023-1998, CVE-2023-23455, CVE-2023-2513, CVE-2023-26545, CVE-2023-28328, CVE-2023-28772, CVE-2023-30456, CVE-2023-31084, CVE-2023-3141, CVE-2023-31436, CVE-2023-3161, CVE-2023-3212, CVE-2023-3268, CVE-2023-33203, CVE-2023-33951, CVE-2023-33952, CVE-2023-35823, CVE-2023-35824, CVE-2023-35825, CVE-2023-3609, CVE-2023-3611, CVE-2023-3772, CVE-2023-4128, CVE-2023-4132, CVE-2023-4155, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208, CVE-2023-4732, CVE-2022-45884, CVE-2022-45886, CVE-2022-45919, CVE-2023-1192, CVE-2023-2163, CVE-2023-3812, CVE-2023-5178, CVE-2023-38406, CVE-2023-38407, CVE-2023-47234, CVE-2023-47235."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-38188 Re-Homing an SSR in certain circumstances leaves residual services:"})," If an SSR is rehomed from an HA conductor to a standalone conductor, the services pointing to the second node of the HA conductor were not removed. Resolved the issue where the reverse SSH tunnels from a managed router to the second HA conductor node were not cleaned up if the conductor was converted back to a standalone conductor."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48783 Conductor process logs are unbounded, risking storage exhaustion:"})," ",(0,r.jsx)(n.code,{children:"auditd"})," logs consuming the disk space when the node monitor is in a disconnected state and the audit logs are left unconsumed. There was a limit to the log file size, but not the number of files. The number of files is now limited."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50493 Memory calculation for alarms is confusing:"})," This alarm was designed to trigger when memory usage went above 90% and clear only when memory usage went below 80%, causing confusion. The memory usage alarm no longer requires memory usage to go below 80% to clear; it will clear when memory usage goes below 90%."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50540 Denied traffic events not displaying in the GUI or PCLI:"})," Resolved an issue that prevented displaying denied traffic events in the ",(0,r.jsx)(n.code,{children:"show events"})," PCLI command and in the GUI. Users would see ",(0,r.jsx)(n.code,{children:"% Error: Unhandled TypeError: list indices must be integers or slices"})," in the PCLI, and ",(0,r.jsx)(n.code,{children:"An unknown traffic event occurred"})," in the GUI."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51191 BFD metrics not cleaned up properly:"})," The BFDAgent holds onto the stats for peer paths; If the config is changed on a router, new stats are made but the old ones were not being deleted. The old BFD by-peer-path stats are now deleted when a VLAN configuration change is made."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51459 Logs and exception pcaps are periodically filled with error logs and truncated packets:"})," Resolved an issue where ICMP error respond packets for encapsulated traffic caused ",(0,r.jsx)(n.code,{children:"PacketBufferDataNotFound: Could not find specified data in packet"})," error logs to be generated, or truncated packets to arrive in the FastLane exceptions pcap."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51492 Password expiration not working:"})," This issue has been resolved. Adminstrators must use the global setting ",(0,r.jsx)(n.code,{children:"configure authority password-policy lifetime N "})," to indicate that all user passwords must be changed every ",(0,r.jsx)(n.code,{children:"N"})," days."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51663 TCP port reuse causing application steering crashes:"})," Resolved an issue where backwards state transitions was causing an issue with the TCP client reusing ports."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52018 Overlapping IP Prefix validation may be incorrect, causing a false configuration warning:"})," Configuration validation for IP Prefixes has been corrected."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-52414 RBAC not being honored for ",(0,r.jsx)(n.code,{children:"show fib"})," output:"]})," Resolved an issue where ",(0,r.jsx)(n.code,{children:"show fib"})," included entries that the current user did not have permission to view."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52540 Metrics infrastructure resource consumption:"})," The reporting infrastructure reaching load capacity led to data gaps in custom graphs. Several internal optimizations have been implemented to address this issue. However, to reduce the metrics infrastructure load, metrics in the GUI regarding firmware-generated services, service routes, and tenants will no longer be tracked."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52799 Display Lock Status/Failed Login Attempts in the PCLI and GUI:"}),' Add a "Lock Status" column to the User table as well as the User Details pane, with more details availble on hover. The ',(0,r.jsx)(n.code,{children:"show user"}),' command now includes two new rows, "Lock Status" and "Last Failed Login". For command details, please see ',(0,r.jsx)(n.a,{href:"/docs/cli_reference#show-user-lock-status",children:(0,r.jsx)(n.code,{children:"show user lock-status"})}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52889 Highway crash caused by a false negative waypoint exhaustion check:"})," Waypoint ports reinitialization that is triggered by a false negative exhaustion check can lead to duplicate waypoints and reverse flows on two sessions resulting in a highway crash. This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53344 Exception on device interface tear down terminates process:"})," Resolved a rare case where Highway process can terminate and core during config changes if there is an underlying exception to a device-interface on removal."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53393 Empty password attempts not counting towards user lockout:"})," The SSR counts login attempts with an empty password as failed login attempts. These contribute to locking a user account if they reach the threshold (the value configured in ",(0,r.jsx)(n.code,{children:"configure authority password-policy deny"}),",) within a short time window."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53472 Service Routes passing validation on conductor but then failing on local router:"})," The validation process on the conductor has been updated to identify service-routes with deleted or empty destination lists as invalid."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53538 Custom audit rules not preserved on SSR upgrade:"})," Resolved an issue where the image-based upgrade (IBU) was not preserving audit rules or ",(0,r.jsx)(n.code,{children:"dnf.conf"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53787 Stats not present on conductor:"})," Running ",(0,r.jsx)(n.code,{children:"show device-interface router all"}),' on a conductor caused stats (in-octets, in-unicast-pkts, etc.) to be incorrectly displayed as "n/a" instead of the correct value. This issue has been resolved.']}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-53852 ",(0,r.jsx)(n.code,{children:"host-service snmp-server"})," blocks SVR pings to a ",(0,r.jsx)(n.code,{children:"network-interface"})," owned address:"]})," Ping traffic was hitting the generated (wildcarded) snmp-server service. The session could not setup due to security policy conflicts. This issue has been resolved; the generated service from an snmp-server host-service now has a UDP transport."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53858 Active sessions counter continuously incrementing:"})," The SSC active sessions counter has been updated to correctly handle session removal."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-53875 The ",(0,r.jsx)(n.code,{children:"show stats service-area sent success"})," metric was retained longer than needed:"]})," Resolved an issue where the ",(0,r.jsx)(n.code,{children:"stats default retention short"})," setting was not being honored."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53894 DNS cache-service does not start:"})," Resolved a race condition that causes the DNS process to fail to start. The log message ",(0,r.jsx)(n.code,{children:"No TimeoutQueue:"})," can be seen in the logs during this condition."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53916 Pre-existing Teams interfaces conflict with HA interfaces:"})," In a Mist-managed HA configuration where an HA node has been configured with non-default HA interfaces, performing a release operation on a node in an HA pair leaves the pre-configured HA interfaces in place, and creates a conflict when a new configuration is pushed down from Mist. This would prevent the HA node from operating correctly and forming its HA connections again. This issue has been resolved, and the release operation now removes any pre-existing HA interfaces."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53920 Password expiration being applied to remote users:"})," Resolved an issue that incorrectly enforced password expiration (",(0,r.jsx)(n.code,{children:"configure authority password-policy lifetime"}),") to RADIUS users."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-53986 ",(0,r.jsx)(n.code,{children:"nodeMonitor"})," failed to get data for ",(0,r.jsx)(n.code,{children:"show platform disk"}),":"]})," Some of the dynamic access for ",(0,r.jsx)(n.code,{children:"smartctl"})," objects were not protected. A check for the object existence has been added before attempting to read it."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-54086 Conductor memory exceeded:"})," In certain cases the salt master on the conductor could grow indefinitely in memory. This may be related to situations with both poor connectivity and the use of the ",(0,r.jsx)(n.code,{children:"asset-connection-resiliency"})," feature. An update to the salt package has been made to resolve this issue."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-54155 nodeMonitor coredump on secondary node after upgrade:"})," During an upgrade where ",(0,r.jsx)(n.code,{children:"deviceType"})," was ",(0,r.jsx)(n.code,{children:"LTE"})," the attempt to get a linux interface name (not supported) failed. This issue has been resolved by implementing a device interface type verification."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-54180 Unable to fetch reports from Conductor GUI:"})," A refactor moved the connectivity check exception, which prevented a service restart. This has been resolved, and the stats now being written to the database and GUI tables."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-54189 Application mapping does not correctly match services:"})," Resolved an issue where the application director was misclassifying sessions due to IP overlap; this is a valid configuration, when services use an IP address with different ports assigned to different services. The SSR now recognizes these different port configurations."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-54271 Race condition after a configuration change related to the source nat:"})," Resolved a rare condition wherethe SharedNatPool was being reset while it was accessed for session setup. This caused a race condition that led to a highway process crash."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-54294 Unable to delete capture-filter created with ",(0,r.jsx)(n.code,{children:"&&"})," operator:"]})," Resolved an issue that disallowed deleting capture-filters containing ",(0,r.jsx)(n.code,{children:"&&"}),". Customers on older versions of software can work around this by creating capture-filters using ",(0,r.jsx)(n.code,{children:"and"})," instead of ",(0,r.jsx)(n.code,{children:"&&"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-54340 Hub-to-spoke sessions break when failing over from outbound-only Path:"})," When a session modify occurs due to an ingress change (inter-node -> inter-router) AND an egress change is also detected, the incorrect security was being looked up for the old flow, causing an exception to be thrown and the modify to fail. This would present itself as dropped packets and in logs as a SecurityNotFound error. This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-54490 Permission denied when trying to open a user config file:"})," Resolved a permissions issue for the ",(0,r.jsx)(n.code,{children:"connect router"})," command by adding ACLs for reverse SSH so that this is accessible for admin users."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-54512 SSR130 moved into an HA cluster does not come up properly:"})," Resolved an issue where the generation of an improper configuration could lead to a crash loop in the NodeMonitor process."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-54803 Control packets are treated with equal priority in overload conditions, causing drops:"})," Control packets now have preferential treatment under overload conditions, reducing the drop rate."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-55002 Password reset loop:"})," Resolved an issue that caused users created with the ",(0,r.jsx)(n.strong,{children:"Require password change on first login?"})," set to ",(0,r.jsx)(n.code,{children:"yes"})," to get stuck in an infinite loop of password changes when logging in using the GUI."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"WAN-2486 SSR data reporting values that are unrealistically high:"})," When capturing application usage for application summary learned apps, we sometimes observe really high values for bandwidth and other metrics.\nResolution: The high value was due to an internal corruption when the metrics for these learned applications were removed and added. During such transition there may be memory corruption resulting in the bogus high value. The part of the solution is to ensure the transition happens more gracefully."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"WAN-2547 Invalid memory access producing incorrect bandwidth values:"})," Implemented a resolution that identifies the invalid memory access, and drops values that are out of scope or otherwise invalid."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-5612-1",children:"Release 5.6.12-1"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," October 20, 2023"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-3",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53833 Timeout prevents startup:"})," Resolved a regression introduced in 5.6.11 in the SSR reboot startup logic. If any of the processes took longer than 30 seconds to complete, the startup sequence was abandoned and rendered the platform inoperable. This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-5611-4",children:"Release 5.6.11-4"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," October 2, 2023"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-requiring-configuration-changes",children:"Resolved Issues Requiring Configuration Changes"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48174 Expand supported values for DHCP option:"})," DHCP option 43 is now a supported option, as well as a binary encoded-type (hex/byte) support. Valid examples are ",(0,r.jsx)(n.code,{children:"0xabcdef"})," and ",(0,r.jsx)(n.code,{children:"0x123456"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-51181 Improve ",(0,r.jsx)(n.code,{children:"save-tech-support-info"})," command:"]})," The PCLI command ",(0,r.jsx)(n.code,{children:"save tech-support-info"})," now has a default of one day. Additionally, a ",(0,r.jsx)(n.code,{children:"since"})," argument has been added that limits log collection to only logs generated after the specified value. The ",(0,r.jsx)(n.code,{children:"since"})," argument can be a relative time delta or an absolute timestamp. The GUI's About and Logs pages has the same functionality with a drop down that allows limiting the time window for the displayed/downloaded logs/tech-support-info."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52406 Add ability to download MIBs from GUI:"})," A button has been added to the GUI, in the Documentation pane of the About Page, to download the SNMP MIB definitions for SSR."]}),"\n"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-4",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"The following CVE's have been identified and addressed in this release:"})," CVE-2021-26341, CVE-2021-33655, CVE-2021-33656, CVE-2022-1462, CVE-2022-1679, CVE-2022-1789, CVE-2022-2196, CVE-2022-2663, CVE-2022-3028, CVE-2022-3239, CVE-2022-3522, CVE-2022-3524, CVE-2022-3564, CVE-2022-3566, CVE-2022-3567, CVE-2022-3619 ,CVE-2022-3623, CVE-2022-3625, CVE-2022-3628, CVE-2022-3707, CVE-2022-4129, CVE-2022-20141, CVE-2022-25265, CVE-2022-30594, CVE-2022-39188, CVE-2022-39189, CVE-2022-41218, CVE-2022-41674, CVE-2022-42703, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722, CVE-2022-43750, CVE-2022-47929, CVE-2023-0394, CVE-2023-0461, CVE-2023-1195, CVE-2023-1582, CVE-2023-23454, CVE-2023-32233, CVE-2023-28466, CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968, CVE-2023-24329, CVE-2023-32067, CVE-2023-24329, CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968, CVE-2023-2828, CVE-2023-38408, CVE-2023-20569, CVE-2023-20593, CVE-2023-38802."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-42466 Changing the physical linux address of an HA interface breaks the configuration:"})," Resolved an issue where moving a non-forwarding fabric HA sync device-interface from one PCI address to another PCI address would not properly clean up the team interface from the old PCI address."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50671 Office365 traffic is not recognized:"})," Resolved an issue where Office365 traffic was being miscategorized and therefore not fully qualified. O365 traffic, when traversing over SVR, is no longer miscategorized."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50708 Time series data for memory of the salt_master process periodically significantly decreases:"})," Incorrect method for polling application memory data; this resulted in dips in application memory being presented. This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51864 Ethernet Over SVR (EoSVR) not working for multi-hop SVR scenarios:"})," When EoSVR traffic traverses over a dogleg path in a HA node topology, traffic failed to traverse the middle node. EoSVR packets are no longer incorrectly dropped when routed over an inter-node path when coming from an SVR path."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52491 Crash in highway process due to segmented metadata:"})," Resolved an issue processing metadata that is segmented across two packet buffers. The segmented packets are no longer discarded and the dataplane no longer crashes when processing a packet comprised of segmented metadata."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52599 Conductors display different assets on different HA nodes:"})," If the state table of an inactive HA node becomes out of sync with the active HA node, then some assets were being skipped when parsing the asset state response. This issue has been resolved through the reporting of asset IDs from the active node state table."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52822 ARP fails to resolve:"})," An earlier change caused ports on an X553 that use SFPs to no longer correctly report link status. This issue has been resolved and the link status is now reported accurately."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52855 DHCP Relay stopped functioning after removing disabled DHCP Servers:"})," When a number of disabled DHCP servers were deleted from the configuration, the server interface mappings were deleted as well. Updates have been made to re-enable DHCP relay when a DHCP server or interface is removed."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52859 Issue moving interface between chassis of hypervisor platforms running SSR (e.g., ENCS):"})," When swapping physical cable from active node to standby node, the customer experienced low rate packet loss on traffic-engineering enabled device-interfaces. To resolve this issue, the ",(0,r.jsx)(n.code,{children:"traffic-engineering transmit-cap"})," is no longer ignored on device-interfaces which have unresolved link-speed."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52994 Routers continue to request the conductor configuration:"})," Resolved an issue where a managed router continued to request the configuration from the conductor even after a validation or datamodel incompatibility issue."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53000 process highway disconnected messages caused by NIC driver bug:"})," The DPDK driver code for the Broadcom NICs contained a bug that caused the querying of the extended statistic to fail. The Broadcom NIC driver has been upgraded to resolve the issue."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53002 NTP setup check fails on startup:"})," Resolved an issue in the NTP startup sequence, due to an incorrect path for the NTP configuration."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53015 Highway log has large number of unnecessary INFO messages:"})," A previous log message of icmp response packet failed was incorrectly logged at INFO level. It is neither an error nor actually informational, and has now been downgraded to DEBUG level."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53017 Some files incorrectly marked as executable:"})," While strengthening the security posture of the platform, some files with superfluous executable bits set have been identified and correctly marked."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53105 Conductor to router API RBAC rules not being followed:"})," Resolved an issue where the user is getting elevated to admin on the managed router, thus returning more data than necessary."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-53114 Broadcom interfaces stuck in ",(0,r.jsx)(n.code,{children:"admin down"})," after upgrade:"]})," Resolved an issue where device-interfaces on Broadcom NICs wouldn't come up properly if initially configured with ",(0,r.jsx)(n.code,{children:"enabled false"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53185 Rare race condition causing highway crash:"})," Resolved a rare race condition between flow install and flow lookup causing a highway crash."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-53253 Include ",(0,r.jsx)(n.code,{children:"dmesg"})," and ",(0,r.jsx)(n.code,{children:"systemd journal unit"})," in TSI:"]})," Include output from ",(0,r.jsx)(n.code,{children:"dmesg"})," and ",(0,r.jsx)(n.code,{children:"systemd journal"})," unit in TSI in order to assist in debugging future platform related issues."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53259 Initialization time out may result in SSR failing to start:"})," Resolved an issue where SSR may fail to start. An example of this would be unreachable audit server was configured that would delay the startup initialization causing SSR to exceed the timeout and fail to start."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53285 User datastore issue when renaming a router:"})," Resolved an issue where HTTP requests would stop working to a router after the router's name was changed, but before the SSR was restarted."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53321 Syslog datamodel is limited:"})," Added the following configurable syslog facility values ",(0,r.jsx)(n.code,{children:"auth"}),", ",(0,r.jsx)(n.code,{children:"authpriv"}),", ",(0,r.jsx)(n.code,{children:"cron"}),", ",(0,r.jsx)(n.code,{children:"daemon"}),", ",(0,r.jsx)(n.code,{children:"kern"}),", ",(0,r.jsx)(n.code,{children:"lpr"}),", ",(0,r.jsx)(n.code,{children:"mail"}),", ",(0,r.jsx)(n.code,{children:"news"}),", ",(0,r.jsx)(n.code,{children:"syslog"}),", ",(0,r.jsx)(n.code,{children:"user"}),", and ",(0,r.jsx)(n.code,{children:"uucp"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.h3,{id:"caveats",children:"Caveats"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-53833 Timeout prevents startup:"})," 5.6.11 introduced a regression in the SSR reboot startup logic. If any of the processes take longer than 30 seconds to complete, the startup sequence is abandoned and renders the platform inoperable. The system can be recovered by manually restarting the SSR software. This issue is tracked by I95-53833."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-5610-6",children:"Release 5.6.10-6"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," August 29, 2023"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-requiring-configuration-changes-1",children:"Resolved Issues Requiring Configuration Changes"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52198 Handle incoming public keys from peer conductor node:"})," Added functionality to allow conductor nodes to share the authorized keys of managed routers between each other. If the SSH public key is retrieved from a managed router by one conductor node, then it is automatically shared with its conductor peer node."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52316 Enhancements to Overlapping FIB Services:"})," The ",(0,r.jsx)(n.a,{href:"/docs/config_command_guide#configure-authority-fib-service-match",children:(0,r.jsx)(n.code,{children:"fib-service-match"})})," command allows you to configure either ",(0,r.jsx)(n.code,{children:"best-match-only"})," or ",(0,r.jsx)(n.code,{children:"any-match"}),".","\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.code,{children:"best-match-only"})," considers the best matching prefix length. In cases of transport overlap, services are visited in alphabetical order."]}),"\n",(0,r.jsxs)(n.li,{children:["Using ",(0,r.jsx)(n.code,{children:"any-match"})," will consider all services that match the route update but do not have the best match service address when creating FIB entries, minimizing missed entries. The transports from the service with the longest prefix are considered first."]}),"\n"]}),"\n"]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52517 Allow users the ability to configure the OSPF SPF timers:"})," Support for user-configured values for SPF delay has been added. Users can now specify values for spf delay, hold-time, and maximum-hold-time. For additional information, see ",(0,r.jsx)(n.a,{href:"/docs/config_command_guide#configure-authority-router-routing-ospf-timers-spf",children:"OSPF SPF Timers"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-5",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"The following CVE have been identified and addressed in this release:"})," I95-51758, I95-52495, I95-52496, I95-52497, I95-52509, I95-52625."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-41386/I95-52114 HA pair device interface's redundancy status stays non-redundant even though the interface operational status is up:"})," Resolved a race condition when selecting the active components between HA nodes."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51336 App-ID memory leak for some uncommon cases, such as duplicate flow:"})," Resolved an issue where the ",(0,r.jsx)(n.code,{children:"app-id stats"})," entry was not added to the ",(0,r.jsx)(n.code,{children:"Expiring"})," list to be cleaned up."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51800 Radius authentication failure - Incorrect NAS IP address:"})," The ability to specify the NAS-IP-Address and NAS-Identifier has been added to the data model for configuring these Radius options per node. This can be used in cases where the Radius server is configured to use an identifier, or in cases where it is necessary to match the source IP address of the Radius requests behind SSR or NAT."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52208 Metrics queries return incomplete data when FIPS is enabled:"})," Resolved an issue where a FIPS-incompatible hashing function was causing missing or incomplete metrics data."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52283 Correct the Domain Matching order:"})," When using web filtering, the SSR now properly enforces the ",(0,r.jsx)(n.a,{href:"/docs/config_domain-based_web_filter#service-matching-order",children:"Service Matching Order."})]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52305 Compacting rate limit exceeded:"})," Resolved memory and CPU issues resulting from attempting to compact very large application identification documents."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-52402 Router stuck in ",(0,r.jsx)(n.code,{children:"Upgrading"})," state:"]})," Resolved an issue with ",(0,r.jsx)(n.code,{children:"conductor-only"})," mode, where the conductor was attempting to download the installer before the software access proxies were in place, preventing an update to the installer."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50562 / I95-52626 Forwarding plane control message bursts create exception, causing a packet buffer leak:"})," Resolved a condition where backpressure caused the messaging mechanism to develop buffer leaks. Proper handling of exceptions now prevents buffer leaks. The control buffer capacity has been increased to better handle bursts as part of the resolution."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52650 Asset state transition on conductor is slow for deployments with greater than 250 routers:"})," An optimization was made to an internal calculation and improve the speed at which synchronization requests are processed."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52816 Config Validation may generate errors in the wrong field:"})," Resolved an issue during the validation of BGP graceful-restart configuration settings that could lead to generating incorrect errors/warnings during configuration validation."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"WAN-2090 Conductor managed SSR Applications in WAN Insights Showing up as Numbers:"})," Resolved an issue with stats APIs, which were not properly handling some internal service names."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-569-3",children:"Release 5.6.9-3"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," July 19, 2023"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-requiring-configuration-changes-2",children:"Resolved Issues Requiring Configuration Changes"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50949 Add packet buffer tracking to help analyze buffer exhaustion:"})," Packet buffer location tracking has been added, and the following PCLI commands have been created for buffer tracking.","\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsx)(n.li,{children:(0,r.jsx)(n.code,{children:"show packet-buffer locations"})}),"\n",(0,r.jsx)(n.li,{children:(0,r.jsx)(n.code,{children:"save packet-buffer snapshot"})}),"\n"]}),"\n"]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51450 Support for 100/Full Speed/Duplex on Intel I225-V Driver NICs:"})," The DPDK driver has been updated to allow fixed speed and duplex configuration to work with IGC i225 NICs."]}),"\n"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-6",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-47960 Incorrect progress message for ",(0,r.jsx)(n.code,{children:"show dns resolutions"}),":"]})," The progress message for this command now correctly displays ",(0,r.jsx)(n.code,{children:"Retrieving dns resolutions..."}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48931 Service area Highway crash:"})," Now prevent crashing in SSR's highway process in rare race conditions when a session's flow is removed before the session is fully established."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49587 ICMP session classification improvement:"})," The application lookup for ICMP sessions now accurately identifies the correct service."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50722 Highway crashes during session migration:"})," Resolved a crash in the SSR's highway process, due to a race condition between configuration changes and BFD sessions."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51053 ESP session stuck in Incomplete state:"})," Resolved an issue where SVR sessions from network-interfaces with dscp-steering enabled can be stuck in an incomplete state."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51167 Unable to override auto-generated peer service-route:"})," The user can now provision a service-route with the same name as an automatically-generated one. The user's service-route takes precedence and will be used instead of the generated one."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51177 Ethernet over SVR setting wrong egress MAC address:"})," Ethernet over SVR now correctly sets the egress MAC address when using outbound-only mode."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51178 Increase default juteMaxBufferSize:"})," The default juteMaxBufferSize has been increased to 10MB, which addresses issues where the device is unable to commit very large configurations."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51284 Routers remain in the connected state:"})," Updated the dependencies within the salt minion to resolve an issue where an asset is stuck in the connected state, displaying the error: ",(0,r.jsx)(n.code,{children:"Error getting asset's public key: 'ssh.set_auth_key', retrying...."})]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51296 Show Time in Status in the show assets detail view:"})," The asset Time in Status field has been added to the Detail view."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51359 Unable to set the OSPF MTU:"})," Added the ability for users to set the MTU to a non-default value."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51403 GUI displays download in progress even after the download is complete:"})," Resolved an issue where a download success event is never created even though the version shows as downloaded in the software versions."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51427 GUI not displaying all the version information:"})," The GUI About page now displays additional version information previously only displayed in the PCLI ",(0,r.jsx)(n.code,{children:"show system version detail."})]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-51650 ",(0,r.jsx)(n.code,{children:"log-category PCLI"})," command not working:"]})," Resolved an issue that disallowed setting ",(0,r.jsx)(n.code,{children:"config authority router system log-category PCLI"}),". We now also allow configuring the following log categories:","\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsx)(n.li,{children:"CFGD"}),"\n",(0,r.jsx)(n.li,{children:"SNMP"}),"\n",(0,r.jsx)(n.li,{children:"HTTP"}),"\n"]}),"\n"]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51658 Allow sync command in resynchronizing state:"})," Resolved an issue where the user received an error when executing the send command sync command while an asset was in the resynchronizing state."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51734 Remove duplicate transport port-ranges from modules before adding to service:"})," Resolved an issue where FIB entries are not installed when app-id modules have conflicting or overlapping port-ranges, and are being placed into one service."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-51788 Path index is not displayed correctly for ",(0,r.jsx)(n.code,{children:"show sessions by-id"}),":"]})," ",(0,r.jsx)(n.code,{children:"show sessions by-id"})," has been updated to display MTU and PathIndex."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51792 Low MTU threshold causing metadata fragmentation:"})," Fixed the incorrect handling of packets where metadata is fragmented due to unreasonably low MTU, causing the packet buffers to become exhausted."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51793 Path MTU discovery dropping very low:"})," Fixed PMTU discovery from ever resolving to an unreasonably low MTU, which could previously occur during a link flap event."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51794 Core dump on systems with greater than 10 physical interfaces, such as Lenovo SR-650:"})," Resolved an issue where the SR-650 was crashing due to uninitialized flags field. Support has been added for these devices."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51865 NTP not syncing for HA nodes:"})," Added the ability to configure the orphan stratum for the HA peer node. This was previously hard-coded to 5 but this change allows an HA peer to be able to sync when the upstream server is of a lower stratum, if so desired by the user."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51915 Report buffer allocation failures to watchdog:"})," ",(0,r.jsx)(n.code,{children:"alloc-failure"})," stats are now gathered per device and included in the device stats, allowing the watchdog to detect a failure and respond."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-52104 URI escape characters handled incorrectly:"})," The ",(0,r.jsx)(n.code,{children:"lookup application by-domain"})," and ",(0,r.jsx)(n.code,{children:"clear app-id cache-entry url"})," were handling url parameters incorrectly, in lookup, creating and clearing cache entries. This has been resolved and each command now performs the correct operation."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95 52105 Permissions error when attempting to ",(0,r.jsx)(n.code,{children:"delete certificate webserver"}),":"]})," Resolved an issue where ",(0,r.jsx)(n.code,{children:"delete certificate webserver"})," and ",(0,r.jsx)(n.code,{children:"create cerificate webserver"})," with an existing certificate were failing. On older versions of software this can be worked around by running ",(0,r.jsx)(n.code,{children:"sudo rm -rf /etc/128technology/pki/webserver.pem"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-568-9",children:"Release 5.6.8-9"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," May 25, 2023"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-requiring-configuration-changes-3",children:"Resolved Issues Requiring Configuration Changes"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48862 Load balance sessions across BGP RIB Entries with multiple paths:"})," Resolved an issue when BGP was used to build a routing table, only the first next hop was used. All next hops are now used, and load balancing occurs over all routing protocol routes."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50510 New fields for IPFIX:"})," The SSR IPFIX implementation was not sending the industry standard fields of flowStartMilliseconds and flowEndMilliseconds. In the new implementation, all IPFIX records include these fields. The start time is set to the start time of the flow, and the end time is always set to the time the last packet was received on the flow. For intermediate records, this indicates that the flow is still ongoing but provides the last activity timestamp. For the end records, this indicates when the last packet was received on the flow prior to the session terminating. For additional information, see ",(0,r.jsx)(n.a,{href:"/docs/concepts_application_discovery#ipfix",children:"IPFIX"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50571 Add packet buffer tracking to help analyze buffer exhaustion:"})," The following features have been added to help diagnose packet buffer pool depletions in certain environments:","\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsx)(n.li,{children:"Track packet buffer locations."}),"\n",(0,r.jsx)(n.li,{children:"Enforce setting of packet location."}),"\n",(0,r.jsx)(n.li,{children:"Add the ability to walk packet buffer pools, count the locations, and display."}),"\n"]}),"\n"]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51169, I95-51173 Buffer tracking improvements:"})," The following improvements have been made to Buffer Tracking:","\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:["Refined packet buffer location tracking to better identify buffers in use for ",(0,r.jsx)(n.code,{children:"TSI"})," collection."]}),"\n",(0,r.jsx)(n.li,{children:"Provide more diagnostic information, when possible."}),"\n",(0,r.jsxs)(n.li,{children:["The following new metrics have been added for tracking utilization of packet pools. These can be found under ",(0,r.jsx)(n.code,{children:"show stats packet-processing pool-utilization"}),".","\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsx)(n.li,{children:(0,r.jsx)(n.code,{children:"fastlane-generated-packet-pool"})}),"\n",(0,r.jsx)(n.li,{children:(0,r.jsx)(n.code,{children:"host-packet-pool"})}),"\n",(0,r.jsx)(n.li,{children:(0,r.jsx)(n.code,{children:"network-packet-pool"})}),"\n",(0,r.jsx)(n.li,{children:(0,r.jsx)(n.code,{children:"tcp-proxy-packet-pool"})}),"\n"]}),"\n"]}),"\n"]}),"\n"]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51316 Add Resynchronization state:"})," Transition an asset into the ",(0,r.jsx)(n.code,{children:"Resynchronizing"})," state instead of ",(0,r.jsx)(n.code,{children:"Connected"})," when a configuration change is made, or when the user executes the ",(0,r.jsx)(n.code,{children:"send command sync"})," command from the PCLI. This better identifies the actions being performed within the SSR, and is not an indicator of the device health. Previously when an asset required a highstate due to a config change or running the ",(0,r.jsx)(n.code,{children:"sync"})," command, the device would transition to ",(0,r.jsx)(n.code,{children:"Connected"})," from ",(0,r.jsx)(n.code,{children:"Running"}),", which caused concern with users."]}),"\n"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-7",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"The following CVE have been identified and addressed in this release:"})," I95-48448, I95-49456, I95-50358, I95-50359, I95-50506, I95-50508, I95-50535, I95-50790."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-37833 Apply password policy more consistently:"})," The password policy for SSR users has been updated, and now requires passwords to have a special character in addition to previous requirements."]}),"\n"]}),"\n",(0,r.jsx)(n.admonition,{type:"important",children:(0,r.jsxs)(n.p,{children:["Please refer to ",(0,r.jsx)(n.a,{href:"/docs/config_password_policies",children:"Password Policies"})," for updated password requirements."]})}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47776 Tank hostname parsing errors:"})," Resolved two issues in the Tank instance where the localhost could not resolve to an IP address, and Tank was not identifying non-default ports. These issues have been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48518 Application Identification not recognizing Apps on HA systems:"})," Resolved an issue where the GUI was only pulling Application data from one node in an HA configuration. Application ID Summary display now aggregates data from both nodes."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48965, I95-51086 Race condition with routing updates inducing crash in highway process:"})," Resolved an issue where a routing change that affects the ",(0,r.jsx)(n.code,{children:"forwarding-table"})," can incur a race condition with sessions completing and being removed, which could lead to a highway crash and restart."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49594 Highway Crash:"})," Resolved an issue for systems where any of the following are configured:","\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.code,{children:"application-identification"})," is enabled,"]}),"\n",(0,r.jsxs)(n.li,{children:["a service is defined with ",(0,r.jsx)(n.code,{children:"domain-name child services"}),", or"]}),"\n",(0,r.jsxs)(n.li,{children:["a ",(0,r.jsx)(n.code,{children:"service address"})," is configured as a ",(0,r.jsx)(n.code,{children:"domain"}),"\nand there are established flows for any of these services, a link flap triggering a flow invalidation (changes to FIB) will induce a crash in the highway process of the SSR. This issue exists in versions 6.1.0 and 6.1.1, and is resolved in 6.1.2."]}),"\n"]}),"\n"]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49603 Process Manager crash:"})," When a long running process was being cleaned up by the subprocess, the cleanup would fail causing a crash. Long running processes are now properly terminated, which allows the cleanup subprocess to complete correctly."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-49675 Incorrect path in console help message for ",(0,r.jsx)(n.code,{children:"export config running"}),":"]})," The help message now correctly identifies the export path: ",(0,r.jsxs)(n.strong,{children:["Exported files are stored in ",(0,r.jsx)(n.code,{children:"/etc/128technology/config-exports/"})," and are stored as GZIP compressed files."]})]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49754 Waypoint re-use causing duplicate reverse flows:"})," Resolved a case where when the waypoint pool is nearly depleted, released waypoints were reused prematurely causing errors when installing reverse flows."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49791 Add audit rules to track modification of grub config files:"})," Added rules to log notifications in case of changes to grub configuration files."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49925 GRE tunnel health-check not migrating sessions when path is down:"})," The GRE tunnel manager now removes all sessions before adding new ones rather than modifying the existing sessions."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49969 Permission Denied error when attempting to self-generate a webserver certificate:"})," Resolved an issue that prevented users with the admin role from creating a new self-signed web certificate via the PCLI command ",(0,r.jsx)(n.code,{children:"create certificate self-signed webserver"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49974 Stuck flow not cleared when reverse metadata is incomplete:"})," Resolved an issue where reverse metadata is coming through incomplete - without the source tenant. The source tenant has been added to the reverse metadata."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50047 Conductor config unable to pass local validation on one of the routers:"})," Resolved an issue where a router missing the ",(0,r.jsx)(n.code,{children:"reachability-profile"})," configuration may pass validation on conductor."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50050 VRRP High Availability gets stuck in Active/Active:"})," The DPDK version has been updated to resolve this issue."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50247 Duplicate peer path alarms:"})," Resolved an issue where both BFD and the path MTU feature were generating alarms for the same peer path being down. The criteria for which peer path state changes can trigger peer path events has been tightened."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50262 Routers disconnected from their conductor may have incorrect log rotation settings:"})," Resolved an issue where a managed router was not able to pull down the configuration from the Conductor - which includes the log rotation config. The default salt log rotation configuration has been improved, preventing the log from growing too large before the connection to the Conductor can be established."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50269 Router clone operation fails:"})," Implemented checks to prevent cloning obsolete elements and internal lists/containers on legacy versions of the SSR software."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50286 Rebooting a node of an HA pair from Linux breaks routing:"})," Resolved an issue where a delay in the shutdown process caused a node to take over a VRRP interface, creating routing issues."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50331 System fails to synchronize keys on startup:"})," The SSR now dynamically updates the ",(0,r.jsx)(n.code,{children:"rsync IP host address"})," from the non forwarding HA sync interfaces, and will fall back to the ",(0,r.jsx)(n.code,{children:"global.init"})," host IPs if they don't exist."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50363 MOS Metrics not refreshing:"})," Resolved an issue where the SLA and MOS values were not being updated in the stats (or PeerPathTable) when a BFD session was brought down. The SLA and MOS stats are now set to 0 when the BFD session is brought down."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50376 Failure to make config changes after rollback:"})," Resolved an issue where commits would not take effect after rolling back an HA router, because of older/newer version conflicts."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50445, I95-49377 i40e and ice devices enter malicious descriptor detection state, preventing forwarding of traffic:"})," Resolved an issue where fragmented packet chains larger than 8 buffers were discarded causing a malicious descriptor event.","\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:["The below ",(0,r.jsx)(n.code,{children:"dpdk.log"})," snippet provides an example of the event:"]}),"\n"]}),"\n"]}),"\n"]}),"\n",(0,r.jsx)(n.pre,{children:(0,r.jsx)(n.code,{children:"[DPDK| -- ] ERROR (00007f03ec18e700) i40e_dev_alarm_handler(): ICR0: malicious programming detected\n[DPDK| -- ] WARN (00007f03ec18e700) i40e_handle_mdd_event(): Malicious Driver Detection event 0x02 on TX queue 6 PF number 0x01 VF number 0x00 device 0000:08:00.1\n[DPDK| -- ] WARN (00007f03ec18e700) i40e_handle_mdd_event(): TX driver issue detected on PF\n"})}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsx)(n.li,{children:"Added hooks for the NIC driver to trigger an unrecoverable event and invoke the Highway lockup detector mechanism."}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50534 Race condition between NetworkInterfaceManager and FastLane:"})," Resolved a race condition caused by adding and deleting the same network interface in a very short window of time, potentially causing a system crash."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50554 No dynamic synchronization of repos to the routers:"})," Resolved an issue where it was necessary to restart 128T on the Conductor in order for the Conductor to recognize newly added repositories and sync them down to the assets. Authenticated repos are now automatically synchronized when repos are added to the conductor."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50656 Improve metrics for REST API performance:"})," Performance improvements have been made in metrics REST APIs to alleviate intermittent metrics graphs on heavily loaded systems."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50710 Configuration cannot be applied to router when its time is ahead of the conductor:"})," Implemented time detection for configurations using a future time that is corrected upon commit. This resulted in an ",(0,r.jsx)(n.code,{children:"mtime"})," older than what is in the datastore, and the configurations were rejected."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50736 SSH key change not propogated to secondary conductor:"})," Resolved an issue where an SSH key change to ",(0,r.jsx)(n.code,{children:"/etc/128technology/ssh/pdc_ssh_key"})," was not automatically detected and resynced between peer node and conductor nodes."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50754 Race condition between ICMP ping request and a reverse flow:"})," Resolved a crash due to a race condition when ",(0,r.jsx)(n.code,{children:"service ping icmp-request"})," is matched against a partially installed flow."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50778 Event History filter not working:"})," Resolved an issue where searching on the Event History page didn't show matching results when the search string is only found in the Details column."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50787 Rebooting the OS from the conductor throws error code 400:"})," Resolved an issue in the GUI with the reboot button on the Router page. When trying to reboot a router, the button would fail and display ",(0,r.jsx)(n.strong,{children:"Error: EOF"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50823 Support for time-offset DHCP option:"})," ",(0,r.jsx)(n.code,{children:"int-32 encoded-type"})," has been added to provide support for the time-offset DHCP option."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50967 SSR is not allowing other DHCP relay traffic to pass through:"})," When the SSR acts as a DHCP Relay, it will no longer drop packets received from other relay agents on the network. Instead the packets will be routed appropriately as per the configured policies."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50977 Installer fails to download software when the Conductor software proxy is enabled:"})," Resolved an issue where when the Conductor software proxy is being used, DNF transactions to the conductor repo go through the proxy, despite the repo pointing to a local tunnel to the conductor. These transactions now go through the proper tunnel."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50979 Routers remain in connected state:"})," Resolved an issue where assets will perform a new highstate unnecessarily if a commit occurs while a highstate is already in progress, causing assets to take a long time to get to the running state."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51006 Nodes stuck in connected state after upgrade:"})," On an HA conductor, if the user is performing an upgrade on the first conductor node and that user makes a config commit during the upgrade, then the configuration's modified time will become out of sync between the two conductor nodes. When the conductor first node is finished upgrading the result is a loop where the configuration keeps getting committed by each node back and forth until a new commit is made. This issue has been resolved by allowing the peer conductor node to accept the config despite the perceived version disparity. Please note performing a commit mid-upgrade is not supported."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51007 Conductor is incorrectly honoring core pinning:"})," The cpuProperties cores setting in /etc/128technology/local.init was erroneously isolating cores on conductor nodes when set, even though this setting is intended for a router. This would cause a reduction in available processing cores for normal conductor operations. This setting will now be ignored on the conductor."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-51044 Hide ",(0,r.jsx)(n.code,{children:"forwarding-core-mode"})," on conductor:"]})," Disabled the ",(0,r.jsx)(n.code,{children:"forwarding-core-mode"})," setting on conductor nodes, since this setting doesn't apply to conductor."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-51087 SSR fails to download firmware after upgrading the conductor:"})," Resolved an issue where the first time a conductor is upgraded and ",(0,r.jsx)(n.strong,{children:"conductor-only"})," is selected in the software-update settings, the proxy service on the conductor does not work correctly, and downloads fail. The downloads no longer fail."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"WAN-1958 Mist agent crashes:"})," Increased internal file system limits which were preventing some services from starting correctly at boot. Limits were raised based on expected system usage."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-567-4",children:"Release 5.6.7-4"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," March 16, 2023"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-requiring-configuration-changes-4",children:"Resolved Issues Requiring Configuration Changes"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48928 Set Time using PCLI command:"})," Add a new PCLI command ",(0,r.jsx)(n.code,{children:"set time"})," which allows an admin to bootstrap a system without NTP connectivity. The PCLI uses the date(1) shell command and accepts a wide variety of inputs. To see more documentation about the date format see setting the time or the -d option on options for date."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-49354 Display SSD smartctl info in ",(0,r.jsx)(n.code,{children:"show platform disk"}),":"]})," We now display the following disk info, if supported by the disk, in ",(0,r.jsx)(n.code,{children:"show platform disk"}),":","\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsx)(n.li,{children:"Lifetime used"}),"\n",(0,r.jsx)(n.li,{children:"Power On Hours"}),"\n",(0,r.jsx)(n.li,{children:"TBW (Terabyte Written)"}),"\n",(0,r.jsx)(n.li,{children:"TBW per year"}),"\n"]}),"\n"]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50072 Support for ConnectX-6 Lx PCIe device:"})," Support has been added for this device."]}),"\n"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-8",children:"Resolved Issues"}),"\n",(0,r.jsx)(n.admonition,{type:"important",children:(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49594 Highway Crash:"})," In a system where any of the following are configured:","\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.code,{children:"application-identification"})," is enabled,"]}),"\n",(0,r.jsxs)(n.li,{children:["a service is defined with ",(0,r.jsx)(n.code,{children:"domain-name child services"}),", or"]}),"\n",(0,r.jsxs)(n.li,{children:["a ",(0,r.jsx)(n.code,{children:"service address"})," is configured as a ",(0,r.jsx)(n.code,{children:"domain"}),"\nand there are established flows for any of these services, a link flap triggering a flow invalidation (changes to FIB) will induce a crash in the highway process of the SSR. This issue exists in versions 5.6.3 through 5.6.6, and is resolved in 5.6.7."]}),"\n"]}),"\n"]}),"\n"]})}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"The following CVE have been identified and addressed in this release:"})," I95-48445, I95-48643, I95-48859, I95-48907, I95-49079, I95-49445, I95-49745, I95-49746, I95-49747, I95-49748."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48054 STEP not working in Core Network:"})," Resolved an issue where processing STEP route updates can cause modification of unrelated FIB entries, potentially interrupting existing sessions."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48232 Ability to ping lost after failover:"})," We now prevent unnecessary FIB changes (which may lead to a short traffic interruption) when new routes are added to the RIB that are more specific than some configured service IP prefixes."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48485 Broadcom NIC (NetXtreme) fails to initialize properly:"})," Resolved an issue with initization errors during memzone creation."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48590 ACK RTT Improvements:"})," Resolved an issue where the stats were not resetting properly, and added supporting sampling to ACK RTT tracking."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48927 Audit log disk failure mode:"})," Added a Failure Notification parameter and failure mode to inform users that the ",(0,r.jsx)(n.code,{children:"auditd.conf"})," log disk is nearing capacity, or has reached capacity, and that action is required."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48942 Routing policy filter condition reference type not validated:"})," Added a check to verify that when a routing policy condition references a filter, the condition type and filter type match."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49118 HA LTE Interfaces go down and impact BGPoSVR and Conductor:"})," The handling of FIB updates due to interface state changes has been optimized to avoid possible traffic loss for unaffected FIB entries."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-49242 When HMAC is disabled, the automatic MSS adjustment calculation for ",(0,r.jsx)(n.code,{children:"enforced-mss = automatic"})," may be wrong:"]})," The Automatic MSS adjustment calculation has been corrected (expanded)."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49350 BFD echo generating latency overhead:"})," BFD echo tests are now staggered to minimize application latency's contribution to overall peer path latency."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49377 Transmit packets dropped by NIC for established sessions - packet counters are incrementing and can be seen in packet capture, but not seen by next-hop:"})," Added hooks for NIC driver to trigger an unrecoverable event and invoke the Highway lockup detector mechanism."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49431 Unable to edit or add static route config from Conductor GUI:"})," When editing configuration on the stand-by node of an HA pair, creating a list item with a slash, /, such as specifying the destination-address of a static-route, caused an error. This has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49447 Conditional BGP advertisement is not respected:"})," Resolved an issue that if a peer went down and came back up, the conditional advertisement was no longer respected."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49454 Error while creating a new Radius user from the GUI:"})," The create user API now rejects requests with invalid input parameters."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49514 Linux interfaces bounced on startup:"})," Resolved an issue where all Linux interfaces managed by 128T are bounced once on 128T startup."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49564 Reduce volume of logs during pending lookups:"})," The error logs during a pending lookup has been changed to a muted error log with a stat."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49604 Alarm when a node is disconnected:"})," An alarm is now raised when a node is disconnected from the internal synchronization database."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49633 Validation not strict for static assignment within DHCP server configuration:"})," Configuration for static addresses within DHCP server exists in multiple locations per design. Cross-validation has been added to prevent the same ip-address from being configured and assigned to multiple dhcp-clients."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-49655 Cutting and pasting the output of ",(0,r.jsx)(n.code,{children:"show flat"})," does not work for OSPF:"]})," Resolved the issue that prevented editing the OSPF list."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49722 Event filter does not work on HA router nodes:"})," Resolved issues with filtering by node, and an incorrect value was displayed for the node column in the GUI."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49756 RDP sessions failure over peer path:"})," Resolved an issue that caused RDP traffic to fail when adaptive encryption and AppId are both enabled."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49778 Conductor GUI not showing data metrics for routers running:"})," Resolved an issue where API keys were not properly synced down to the managed routers which caused certain router data to not show up on the GUI."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50014 Hitting Buffer Overflow during configuration changes:"})," Resolved an issue where a config change request may not make it to a managed router, and returns a buffer overflow error."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50034 Issues with stuck sessions in load balancer:"})," Resolved an issue with session modify, where gateway changes on the same egress interface can fail due to a missing ARP."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50050 VRRP High Availability gets stuck in Active/Active:"})," The DPDK version has been updated to resolve this issue."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50058 Performance regression in Running Config APIs:"})," Resolved a constant cache miss for a specific set of the running config APIs."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50076 EthResource descriptor calcs don't account for variable defaults:"})," Resolved an issue where Mellanox ConnectX-5 and ConnectX-6 could be initialized with insufficient packet receive capacity."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50139 Include PID in User-Agent header:"})," Added a debugging aid to identify which process is sending requests."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-50172 Download error not cleared until next successful download:"})," Resolved an issue where failed download errors are not cleared when a new download starts."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-566-7",children:"Release 5.6.6-7"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," January 18, 2023"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-requiring-configuration-changes-5",children:"Resolved Issues Requiring Configuration Changes"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47947 Increase max CoreDump size to 4GB:"})," The maximum size of coredumps now defaults to 4G. This value can be configured in environment config by modifying the ",(0,r.jsx)(n.code,{children:"maxCoredumpSize"})," field of the new ",(0,r.jsx)(n.code,{children:"crashReporting"})," object. Any manual modifications to ",(0,r.jsx)(n.code,{children:"coredump.conf"})," will be overwritten whenever the service is started."]}),"\n"]}),"\n",(0,r.jsx)(n.admonition,{type:"important",children:(0,r.jsxs)(n.p,{children:["Upgrading to this release version will cause ",(0,r.jsx)(n.code,{children:"coredump.conf"})," to be re-written with 4G limits for coredumps even if ",(0,r.jsx)(n.code,{children:"coredump.conf"})," had been updated manually for a higher value!"]})}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-9",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46336 Peer connection not established after AWS upgrade:"})," Resolved an issue where an AWS C5 instance size can fail to initialize when more than one accelerated network interface is configured."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48352 Application ID is not identifying MS-Teams correctly:"})," Resolved an issue where sessions with IP addresses as their domain names were not classified correctly when the information was received via HTTP web proxy. Sessions with IP addresses as their domain name are now verified against the IP tree, and not the domain name database."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48447 JWTs signing does not meet stringent security standards:"})," Changed how JWTs are signed to increase security posture."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsx)(n.li,{children:(0,r.jsx)(n.strong,{children:"I95-48464 This CVE has been addressed."})}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-49139 ",(0,r.jsx)(n.code,{children:"show network-interface application"})," renders poorly for empty hostnames:"]})," The DHCP server state script has been updated to not escape ",(0,r.jsx)(n.code,{children:""})," hostname."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49166 OSPF is not configurable using the GUI:"})," This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49225 Packets containing only path-metrics metadata are dropped:"})," Resolved an issue where FPM calculations caused these packets to be dropped when flows were affected due to routing changes."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49326 New sessions become associated with defunct sessions on next-hop routers:"})," Enhanced session reuse detection to validate all incoming metadata once a session-id has been properly latched."]}),"\n"]}),"\n",(0,r.jsx)(n.h3,{id:"caveats-1",children:"Caveats"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49724 Quickstart URL Upload not working:"})," In Release 5.6.6, the QuickStart file upload using the ",(0,r.jsx)(n.code,{children:"https:///quick-start"})," URL is not working. This is currently being worked on and will be fixed in 5.6.7. No other patches/releases are affected."]}),"\n"]}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Workaround:"})," Upload the Quickstart file using a USB as outlined in ",(0,r.jsx)(n.a,{href:"https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/intro_otp_iso_install#2-configure-the-ssr-and-network-interfaces",children:"Configure the SSR and Network Interfaces"})," section of the ",(0,r.jsx)(n.a,{href:"https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/intro_otp_iso_install",children:"Router Installation Using OTP"})," guide."]}),"\n",(0,r.jsx)(n.h2,{id:"release-565-5",children:"Release 5.6.5-5"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," December 28, 2022"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-10",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"The following CVE have been addressed and resolved:"})," I95-48644, I95-48648, I95-48650, I95-48653, I95-49039."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-34384 Rotated datastores with different permissions:"})," Resolved an issue where some rotated datastore files had different permissions."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-44926 Configuration validation for ",(0,r.jsx)(n.code,{children:"as-path"})," incorrect for certain values:"]})," Resolved an issue where a subset of 4-byte BGP private AS numbers was not accepted inside AS path specifications for routing policy ",(0,r.jsx)(n.code,{children:"modify-as-path"})," actions."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45478 Segmentation Fault in the Dynamic Peer Update process:"})," Resolved an issue with multi-threaded access to a data member, leading to a segmentation fault."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47797 Packet duplication does not interoperate well with outbound-only adjacencies:"})," When utilizing the packet-duplication feature (",(0,r.jsx)(n.code,{children:"service-policy -> session-resiliency = packet-duplication"}),"), any peer adjacencies marked as ",(0,r.jsx)(n.code,{children:"outbound-only"})," are no longer used. Packets are only duplicated along bidirectional paths."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47929 Missing BGP advertisement after deleting all sessions after an upgrade:"})," Resolved an issue where BGP update suppress was not removing any pending withdrawls."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47992 HTTP service not working in WAN Assurance:"})," Resolved an issue where HTTP traffic is dropped when using a combination of application-identification, adaptive-encryption, and spoke-to-hub-to-spoke topology (outbound-only peer-connectivity)."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48107 EoSVR sessions not stable:"})," Resolved an issue with loss of connectivity to STEP EoSVR peer. The STEP route is now held in place and available when STEP connectivity is restored."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-48163 Only services with load-balanced paths are shown in ",(0,r.jsx)(n.code,{children:"show services"}),":"]})," Resolved an issue where services without load-balanced paths weremissing from show services output."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48324 Application Identification not parsing domain names:"})," The App-ID parsing mode has been updated to correctly parse domain names."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-48396 ",(0,r.jsx)(n.code,{children:"show-rib"})," limited to 512 entries:"]})," The ",(0,r.jsx)(n.code,{children:"show rib"})," count maximum has been increased."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48529 BFD sending link notification before hold-down timer expires:"})," Resolved an issue where peer service-paths do not remain down while the BFD session / peer status is in the hold-down period after transitioning from down to up. Peer service-paths status now correctly reflect the peer status. Sessions will not be moved back to peers that have re-established connectivity but are still in the hold-down period."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48580 Application summary classification fails for hub-to-spoke sessions:"})," The spoke now learns application names for sessions when receiving packets from a hub with application identification disabled."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-48582 ",(0,r.jsx)(n.code,{children:"show bfd"})," command ignoring parameters:"]})," The query parameters are now passed to the REST endpoint to be used byt the ",(0,r.jsx)(n.code,{children:"show bfd"})," command."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48641 Recreating BFD flow when an outbound-only session is reset:"})," Flow creation is now deferred until a reverse packet arrives from the peer, similar to the initial creation case."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48656 Reduce TSI service log limit:"})," The size of the Tech Support Info journal has been restricted to prevent excessive resource consumption."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48684 SSR not answering ARP requests:"})," Increased ",(0,r.jsx)(n.code,{children:"internal-application traffic-engineering"})," rates for ARP traffic which was being dropped in a multiple packet-processing core environment incorrectly due to an over aggressive traffic engineering profile."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48685 GUI and/or PCLI unresponsive:"})," Resolved an issue where on an HA conductor the user interface would become unresponsive if a managed router was offline or unreachable."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48689 Top Sessions not displaying source address:"})," Restored the ",(0,r.jsx)(n.strong,{children:"Source"})," column in the Top Sessions table."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48723 HA sync not running after systems reconnect:"})," Historical metrics and events are synced between HA nodes after extended downtime."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-48772 ",(0,r.jsx)(n.code,{children:"show running config"})," command displays an error:"]})," Resolved an issue where ",(0,r.jsx)(n.code,{children:"show config"})," requests on the PCLI failed if enum leaf-list entries were changed."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-48872 ",(0,r.jsx)(n.code,{children:"show sessions by-id"})," doesn't display correctly tcp state or retransmission counts:"]})," ",(0,r.jsx)(n.code,{children:"show sessions by-id"})," now correctly display ",(0,r.jsx)(n.code,{children:"tcp state"})," and ",(0,r.jsx)(n.code,{children:"retransmissions"})," when ",(0,r.jsx)(n.code,{children:"udp-transform"})," is enabled for a session."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48897 Adaptive encryption breaks after flow move:"})," Resolved an issue where the session breaks during failover when adaptive encryption is enabled."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48904 Stuck pinhole session after flow invalidation:"})," Resolved an issue with a stuck session that was setup from hub to HA spoke after a routing change."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48950 Application identification modify packet is dropped:"})," Packets with ",(0,r.jsx)(n.code,{children:"inline-modify"})," that traverse the BFD pinhole are now handled correctly."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48988 High CPU for packet processing core:"})," Resolved an issue where the CPU can spike to 100% after a failover from internode/interrouter path to local breakout when failover is enabled for local breakout."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49106 Degradation in performance during file rotation:"})," This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-49124 ",(0,r.jsx)(n.code,{children:"show network-interface application"})," always has ",(0,r.jsx)(n.code,{children:"unavailable"})," router name:"]})," This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49134 DHCP server does not work when device IDs on HA interface do not match:"})," Resolved an issue where a DHCP server interface may instead forward DHCP requests through the ",(0,r.jsx)(n.code,{children:"service-area"})," and out to the WAN."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-49157 Poor GUI and PCLI performance for other users during a change/validate/commit operation:"})," Resolved the performance issue by optimizing the export config API."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-564-3",children:"Release 5.6.4-3"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," November 18, 2022"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-requiring-configuration-changes-6",children:"Resolved Issues Requiring Configuration Changes"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-48223 Add Application-specific information to ",(0,r.jsx)(n.code,{children:"show sessions by-id"}),":"]})," The following information has been added to ",(0,r.jsx)(n.code,{children:"show sessions by-id"}),":","\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsx)(n.li,{children:"domainName"}),"\n",(0,r.jsx)(n.li,{children:"uri"}),"\n",(0,r.jsx)(n.li,{children:"category"}),"\n",(0,r.jsx)(n.li,{children:"overrideServiceName"}),"\n",(0,r.jsx)(n.li,{children:"appStatsTrackingKey (combination of application, client ip, ingress-interface, next-hop, and traffic-class)"}),"\n"]}),"\n"]}),"\n"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-11",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48076 SSR Failover on GRE tunnels not working:"})," The base interface giid is now used to identify the state of a GRE tunnel next-hop."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48158 Unable to capture child services using session capture:"})," When a session capture is configured on a child service (e.g., ",(0,r.jsx)(n.code,{children:"social.internet"})," instead of ",(0,r.jsx)(n.code,{children:"internet"}),"), the session is now recorded."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48427 BGP ignoring multihop TTL (Time To Live) setting leading to invalid nexthop:"}),' Resolved an issue where BGP may temporarily "forget" about the TTL value configured for a neighbor.']}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48508 Keep-alive cache may cause worker core CPU spikes:"})," Resolved potential worker core utilization CPU spikes by utilizing aggressive keep-alive timeouts."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48600 Compare Session ID's to prevent flow collisions:"})," Re-use of sessions is prevented when waypoint pool is exhausted and sessions linger on egress router."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48685 GUI and/or PCLI unresponsive:"})," Resolved an issue where on an HA conductor the user interface would become unresponsive if a managed router was offline or unreachable."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48686 Transmitted packet buffers held too long:"})," The packet pool sizing has been adjusted to prevent pool depletion when local.init overrides for descriptor counts are present."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-48731 Sessions created on a ",(0,r.jsx)(n.code,{children:"fin-ack"})," may get stuck:"]})," Resolved an issue where, if tcp-state-enforcement is set to allow, a TCP session is established from a fin-ack may not get torn down in a timely manner."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"WAN-1372 Improve CPU Usage Reporting:"})," Devised a more efficient collection scheme to minimize the CPU impact when collecting the CPU and memory data."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-563-6",children:"Release 5.6.3-6"}),"\n",(0,r.jsxs)(n.admonition,{type:"important",children:[(0,r.jsx)(n.p,{children:"The following issue has been discovered in the releases listed here:"}),(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsx)(n.li,{children:"5.6.2"}),"\n",(0,r.jsx)(n.li,{children:"5.6.3"}),"\n"]}),(0,r.jsx)(n.p,{children:"If an HA Conductor queries a disconnected router from the Conductor GUI Router page or from the Conductor PCLI, the conductor may encounter periods of poor performance until the requests time out. The issue has been resolved in the next patch release with I95-48685."}),(0,r.jsx)(n.p,{children:"For immediate resolution on the impacted releases, contact Juniper Technical Support, or your SE."})]}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," November 7, 2022"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-12",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-32789 Peer metrics unavailable after Conflux synchronization:"})," Resolved an issue with HA routers where the metrics application stops streaming metrics to the peer node after loading configuration."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-43302 Rename Third-Party menu text:"})," The menu text has been changed to ",(0,r.jsx)(n.strong,{children:"External"})," to more accurately reflect the links to other Juniper platforms."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44957 Azure is not able to identify the asset-id of the depolyed conductor and router:"})," The Azure ID has been modified to a value that can be processed by Azure."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45478 Segmentation Fault in the Dynamic Peer Update process:"})," Resolved an issue with multi-threaded access to a data member, leading to a segmentation fault."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46561 Peer table Sort by Destination does not work consistently:"})," Resolved an issue with sorting for Peer Path Source/Destination columns in the GUI."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46677 Modify GUI to not resize dashboard tiles:"})," Dashboard tiles now do not resize when the window is resized."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46879 ICMP error responses are not NATed when sent over SVR:"})," Certain ICMP error messages can now be encapsulated over SVR when enabled within the neighborhood or adjacency configuration: Flows that are UDP over SVR are able to have their ICMP error messages encapsulated."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46904 Labels in Reachability Profile are not correct:"})," Added missing labels to Traffic Class and Time to Establishment information screens."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47075 Disable weak SSH ciphers:"})," Resolved issues where the remote SSH server was configured to allow weak key exchange algorithms on ",(0,r.jsx)(n.code,{children:"tcp/22"})," and ",(0,r.jsx)(n.code,{children:"tcp/930"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47271 VRRP Alarm for Backup becoming Primary:"})," There is now an alarm when the backup VRRP node in an HA pair takes over as the primary."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47438 ESP Session Missing:"})," Resolved an issue that created stuck sessions when a NAT device was rebinding and failing to establish sessions from reverse packets."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47475 Session capture not downloadable for a read only user:"})," Adjusted permissions to provide access to session capture files to read-only users."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47476 Session table associated paths not scalable, scroll bar hidden:"})," The Session Table window has been enlarged to more clearly show information."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47529 Outbound-only sessions get stuck after NAT rebinding:"})," Resolved an issue that created stuck sessions when a NAT device was rebinding and failing to establish sessions from reverse packets."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47642 Plugin state summary (table view) for HA router overlays both nodes:"})," The Plugin state table has been separated by node."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47787 Worker core packet processing spikes to 100%:"})," Added the ability to tune the ",(0,r.jsx)(n.a,{href:"/docs/config_reference_guide#reverse-packet-session-resiliency",children:"Reverse Packet Session Resiliency"})," ",(0,r.jsx)(n.code,{children:"Minimum Packet Count"})," (default is 3) and ",(0,r.jsx)(n.code,{children:"Detection Interval"})," (default is 5) settings for session failover without requiring forward packet, and resolved the underlying issue that caused excessively high worker-core CPU."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47909 Handle GRE tunnels in ICMP reachability probe:"})," The base interface for egress is now used if the ",(0,r.jsx)(n.code,{children:"icmp-probe probe-address"})," is the same as the tunnel destination, and the ",(0,r.jsx)(n.code,{children:"internal-address"})," is used as the source if the ",(0,r.jsx)(n.code,{children:"egress-interface"})," is ",(0,r.jsx)(n.code,{children:"gre-overlay"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47967 Cloud bootstrapper does not bootstrap the deployed Conductor:"})," Resolved an issue where the configuration was being rejected by the cloud bootstrapper when the device was a conductor."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48019 Issue with deleting a flow on reverse metadata:"})," Resolved an issue that created stuck sessions when a NAT device was rebinding and failing to establish sessions from reverse packets."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48103 Commit triggered BGP issue:"})," Resolved an issue where BGP neighbors configured with a short hold time might experience a BGP session flap during a configuration commit when app-ID is enabled."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48108 Service Ping for a Service without Source NAT uses Source IP Address:"})," The service-ping now uses the source-ip as the packet source-ip if provided."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48125 Save TSI streaming from router to conductor not working:"})," Adding a node and router argument to the PCLI command ",(0,r.jsx)(n.code,{children:"save tech-support-info"})," now works correctly."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48138 Enabling metadata only works for packets that match the port-range specified:"})," Resolved this issue by identifying the specific flow, and enabling reverse metadata for a that flow."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:'I95-48181 "Failed to send IPFIX interim record" log messages:'})," Changed log level from Error to appropriate logging level for the cases when ipfix records should not be generated."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48246 Peer path GQL query should provide a node filter:"})," Added a parameter to stats on peer-path so that the node can be overwritten."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48357 CoreDump on Failover with DSCP Steering:"})," Resolved an issue where DSCP Steering sessions would fail to move a flow under certain circumstances and, when using DSCP value 0, crash."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-483381 Race condition in session teardown:"})," Shared context is now maintained to allow all packet processing to be completed before session teardown."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48507 VLAN packets are generated without a valid VLAN from the flow-move cache:"})," Resolved an issue where sessions could be modified incorrectly when a VLAN is present and session resiliency is enabled for failover."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-562-7",children:"Release 5.6.2-7"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," October 4, 2022"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-requiring-configuration-changes-7",children:"Resolved Issues Requiring Configuration Changes"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-35571 Enhanced Syslog:"})," The SSR can be configured to send system generated events over a secure TLS or TCP connection to a remote-logging server for analysis and storage. For more information, see ",(0,r.jsx)(n.a,{href:"/docs/config_audit_event#secure-syslog-transport",children:"Secure Syslog Transport"})]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44863 Automatic Core Assignment after Reboot:"})," On systems where ",(0,r.jsx)(n.code,{children:"forwarding-core-mode"})," is set to ",(0,r.jsx)(n.code,{children:"automatic"}),", if the CPU core count changes the software will automatically recalculate the core count and allocation at reboot."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47077 Configuration options for User Accounts:"})," Added configuration options for number of login attempts before locking user account, and number of seconds that user account will be locked before being able to attempt to login again. For information, see ",(0,r.jsx)(n.a,{href:"/docs/config_password_policies",children:"Password Policies"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47418 Audit Events for Plugins:"})," A new audit event has been added that tracks when a plugin is installed or uninstalled. This can be viewed on the Audit History page in the GUI or in the PCLI by running ",(0,r.jsx)(n.code,{children:"show events type admin.plugin"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-13",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"The following CVE have been addressed and resolved:"})," I95-45056, I95-45059, I95-45060, I95-45123, I95-45165, I95-47482, I95-47483, I95-47484, I95-47485, I95-47805, I95-48048, I95-48049."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-39454 Created User cannot access PCLI operations:"})," Resolved an issue where in rare cases, during bulk user additions, it was possible for the operation to fail, leaving the new user created but unable to login."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-42320 BGP aggregate-address not working:"})," Add support for BGP address summarization."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44434 Peer metric sends IP of WAN interface instead of the expected string:"})," Logic has been added to show the available destination address."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44976 Highway issue when modifying an app-id session:"})," SSR software versions 5.1.5 and greater are susceptible to a crash during a flow migration when ",(0,r.jsx)(n.code,{children:"application-identification"})," is enabled (modes ",(0,r.jsx)(n.code,{children:"tls"})," or ",(0,r.jsx)(n.code,{children:"all"}),") on spoke to hub traffic traversing over SVR. The condition occurs for sessions migrating that have timed out or that are traversing the ha-fabric link in the reverse direction."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45847 Duplicate Alarms on Multiple Routers:"})," Resolved duplicate alarms by obtaining alarms from only one node in an HA pair."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-46056 ",(0,r.jsx)(n.code,{children:"show ntp"})," has no output from PCLI, even though NTP is configured:"]})," The output of show ntp will now report IP addresses of the time servers rather than resolve hostnames."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46126 Router Status:"})," Resolved an issue in HA configurations when a router is connected to HA Conductor 1, but not directly connected to HA Conductor 2, alarms generated on the router are now seen on Conductor 2 - the conductor to which the router is not directly connected."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46281 Update Kernel to RHCK 8.6:"})," Updated the kernel to integrate the latest security fixes."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46545 Conductor Validation passing when a URL is configured in a Parent Service:"})," Validation for application-identification has been updated to include URL and subcategory."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46641 Modem lockup after reset on dual LTE system:"})," Resolved an issue with dual LTE modem lockup after reset."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46662 Tenant prefix differences on two HA router nodes are not validating correctly:"})," Added a validation check to ensure that the tenant-prefixes between two redundant interfaces are identical."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46701 Packet Loss on Headend Router:"})," Added device-interface rx/tx descriptor ring size to resolve this issue."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46807 Validation insufficient for reachability-detection:"})," Added validation logic to report and error when ",(0,r.jsx)(n.code,{children:"service-route > reachability-detection"})," was configured, but neither ",(0,r.jsx)(n.code,{children:"icmp-probe-profile"})," or ",(0,r.jsx)(n.code,{children:"reachability-profile"})," exist."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46826 Carrier detection logic not recognizing disaster recovery modem:"})," Updated the carrier detection logic to properly recognize the carrier when a modem is attached to a disaster recovery cell tower."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46918 GUI and PCLI out of sync when new configuration elements added/modified:"})," Resolved an issue where ",(0,r.jsx)(n.code,{children:"show network-interface"})," and ",(0,r.jsx)(n.code,{children:"show config"})," were not updating properly."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46919 LDAP Users Not Shown in GUI Users Display:"})," Updated username requirements and the ability to identify issues with usernames not meeting those requirements. See ",(0,r.jsx)(n.a,{href:"/docs/config_password_policies",children:"Username and Password Policies"})," for username requirements."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-46921 ",(0,r.jsx)(n.code,{children:"128status.sh"})," script incorrectly checks for non-existent listening port:"]})," Removed port 830 check for software versions 5.3.0 and greater"]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46966 BGP Connection Restarts on SVR Peer Failover:"})," Resolved an issue with FIB entry setup that was causing BGP connection reset when the session fails over."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47129 Metadata is not disabled after flow-move for EoSVR sessions:"})," Added a metadata turnoff after session failover for EoSVR."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47336 Running configuration change events are missing:"})," Updates have been made to include ",(0,r.jsx)(n.code,{children:"username"})," in the running configuration change events log."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47414 Skip the AD lookup in highway for ICMP:"})," ICMP is now skipped during AD lookup to keep the App stats reults relevant."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47437 TSI creation is leading into Network Failure - BGP BFD went down:"})," Refined the output for TSI to prevent failures."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47537/I95-47556 Synchronize writing to files to avoid a race condition:"})," Added a common file lock to synchronize writes."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47551 Keep-alives are not generated for unidirectional outbound-only sessions:"})," Resolved an issue with keep-alive generation for unidirectional outbound-only sessions."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47552 LTE modem not coming up after upgrade:"})," Resolved an issue with modem detection and port scanning for Quectel EC25."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47585 Transmit-failure increments when TE is enabled:"})," When ",(0,r.jsx)(n.code,{children:"device-interface traffic-engineering"})," is enabled, the ",(0,r.jsx)(n.code,{children:"stats/packet-processing/sent/interface-failure"})," statistic is no longer erroneously incremented."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47655 BGP issues with VRRP:"})," VRRP failover may cause routing to not function if internal device numbering is not consistent across the redundant nodes."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:'I95-47767 Next Hop choice of "Blackhole" does not stay visible in Conductor:'})," This option was displayed in error, as the option is ignored. It has been removed."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47872 App-ID summary tracking of failed sessions still incremented when feature disabled:"})," App-ID stats tracking for failed sessions now checks the feature enabled flag and responds appropriately."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:["\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"I95-47969 Increased Memory use when generating TSI:"})," Resolved an issue where the ",(0,r.jsx)(n.code,{children:"save runtime-stats"})," command and TSI generation could result in particularly high memory usage when Application Identification was enabled."]}),"\n",(0,r.jsxs)(n.p,{children:["The ",(0,r.jsx)(n.code,{children:"save runtime-stats"})," command no longer operates across multiple nodes and routers, and will not aggregate the metrics to disk on the conductor. This is to protect against excessive memory consumption. This is a change in functionality; however the public metrics APIs achieve the same result and are the preferred mechanism to collect authority wide metrics."]}),"\n"]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47981 Ignore VRRP advertisements if the VRID doesn't match:"})," The VRID is now validated before accepting an advertisement to resolv an issue where VRRP advertisements intended for a different router were being processed."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48018 APP-ID implementation with proxy web server unable to identify traffic correctly:"})," Resolved an issue reading certain HTTP headers that was causing Application Identification to miss them."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-48038 502 Error returned if managed routers are offline:"})," Resolved an issue that caused HTTP requests on the conductor to return a 502 error for all requests if a managed router is offline."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-561-18",children:"Release 5.6.1-18"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," August 1, 2022"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-requiring-configuration-changes-8",children:"Resolved Issues Requiring Configuration Changes"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-35610 Session Failover without a Forward Packet:"})," A keep-alive mechanism has been added for flow moves. When flow move is triggered, the SSR detects inactivity in forward traffic and generates a keep-alive packet in the forward direction."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-40195 LDAP does not allow search base to be configured correctly:"})," Search base parameters, filter generation, certificate assurance, and logging enhancements have been added to the ",(0,r.jsx)(n.code,{children:"ldap-server"})," configuration. See ",(0,r.jsx)(n.a,{href:"/docs/config_ldap",children:"LDAP"})," for more information."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-40333 Save credentials for accessing SSR software repositories:"})," ",(0,r.jsx)(n.code,{children:"set software access-token"})," is a new PCLI command to save credentials for accessing SSR software repositories. This provides a way to run ",(0,r.jsx)(n.code,{children:"install128t repo authenticate"})," without dropping to a linux shell. For additional information on this command, see ",(0,r.jsx)(n.a,{href:"/docs/cli_reference#set-software-access-token",children:(0,r.jsx)(n.code,{children:"set software access-token"})}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-43048 NIST FIPS Validated Cryptography:"})," FIPS Enforcement Mode has been added to the package-based installation processes. Refer to ",(0,r.jsx)(n.a,{href:"/docs/intro_installation_bootable_media#fips-enforcement-mode",children:"FIPS Enforcement Mode"})," for details."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-43785 DSCP Tag Preservation:"})," When set to ",(0,r.jsx)(n.code,{children:"true"})," the ",(0,r.jsx)(n.code,{children:"preserve-dscp"})," command allows you to preserve DSCP values that have been set in a service class or received on a LAN-Interface, over an SVR path. See ",(0,r.jsx)(n.a,{href:"/docs/config_dscp_preservation",children:"DSCP Preservation"})," for more inforamation."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44769 Add Linux system logs to the Tech Support Information data:"})," This patch allows for customizations of the systemd journal content included in the ",(0,r.jsx)(n.code,{children:"tech-support-info"})," bundle, and includes additional default content."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44863 Automatic Core Assignment after Reboot:"})," On systems where ",(0,r.jsx)(n.code,{children:"forwarding-core-mode"})," is set to ",(0,r.jsx)(n.code,{children:"automatic"}),", if the CPU core count changes the software will automatically recalculate the core count and allocation at reboot."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44870 Mist Self-Registration and Onboarding:"})," Onboarding a Mist Managed SSR instance can be accomplished as part of the installation process. For details, refer to the steps to ",(0,r.jsx)(n.a,{href:"/docs/intro_installation_image#associate-the-router-with-mist",children:"Associate the Router with Mist"})," as part of the image-based installation."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45670 BGP Conditional Advertisement:"})," When an SSR prefers a given provider for outbound traffic, it can now be configured to receive locally destined traffic specifically from that provider. For details and configuration information, see ",(0,r.jsx)(n.a,{href:"/docs/config_bgp#bgp-conditional-advertisement",children:"BGP Conditional Advertisement."})]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45679 Round trip time to packet acknowledgement:"})," A new TCP metric that samples round trip time from data sent to acknowledgement has been added."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46562 Allow targeting another router or node when saving tech-support-info:"})," GUI: A button has been added to the ",(0,r.jsx)(n.strong,{children:"Logs"})," page in the GUI to download a tech-support-info bundle. This allows downloading a router's ",(0,r.jsx)(n.code,{children:"tech-support-info"})," directly from the Conductor GUI. ",(0,r.jsx)("br",{}),"\nPCLI: The PCLI command ",(0,r.jsx)(n.code,{children:"save tech-support-info"})," can now collect logs from another node. Using the Conductor's PCLI, a ",(0,r.jsx)(n.code,{children:"tech-support-info"})," bundle can be collected from a Managed Router or the HA peer."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46747 Improved the Password user experience:"})," You now are re-propmpted up to three times for the current password if it is incorrect. If a new password does not meet the strength check, you are prompted with that information, and required to update the password."]}),"\n"]}),"\n",(0,r.jsx)(n.h3,{id:"resolved-issues-14",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"The following CVE have been addressed and resolved:"})," I95-45054, I9-45056, I95-45059, I95-45060, I95-45165, I95-46020, I95-46359."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-35228 DHCP waypoint addresses not displayed on standby node in UI:"})," Resolved an issue where the PCLI logic was not matching the GUI Network Interface table."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-39274 DNS-based services kill asset connection resiliency:"})," Resolved an issue where an internal commit was bouncing the kni254 interface and causing a series of connection resets."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-42438 Save Tech Support tries to run when SSR service is down:"})," In situations where the PCLI is still active, but the SSR service is down, trying to run ",(0,r.jsx)(n.code,{children:"save tech support"})," will appear to work, but does not return any info. This issue has been resolved, and will return a message when information is not retrievable."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-43606 No communication between Routers:"})," In rare instances the BFD Pinhole feature experienced collisions between forward session flows. Session modification has been addressed and collisions are now avoided."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-43779 DHCP IP Address not releasing appropriately:"})," When the cable is physically disconnected and reconnected from DHCP-enabled interfaces, the interfaces are now triggered to send out a DHCP Request for their current IP address."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:'I95-44001 Peer uptime showing "Unavailable":'})," Peer path uptime now displays the correct values."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44548 Application Summary Sort Order:"})," Resolved an issue with the Application Summary sort order changing unintentionally."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44551 DHCP Relay not working after upgrade:"})," A packet for traffic matching a summary service may be dropped because it was incorrectly flagged as hierarchical on the SVR peer. Well known non-hierarchical services such as DHCP relay will no longer perform hierarchical service checks on the peer."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44726 Invalid return code returned by T1 card firmware creating a memory leak:"})," Resolved a buffer leak in the wanpipe driver."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44988 SSR Stuck in Upgrade status:"})," Improved logging to detect when an installer session is started and there is an already an active interactive installer session; for example when an interactive installer session was left open."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45094 Unnecessary rotation of salt minion config:"})," Resolved an issue where the global.init and salt minion config are unnecessarily rotated and updated with no changes to the actual contents of the file."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45126 Split-brain after the sync interface goes down:"})," Resolved an issue that if the SSR software experienced a crash while it owned an interface from an X553 device, other devices hosted by the same chip could be impacted."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-45164 ",(0,r.jsx)(n.code,{children:"show-active-peers"})," missing some information:"]})," Resolved a corner case where an RFC-compliant device ahead of a non-compliant device with a smaller MTU, the SSR misinterprets the non-compliant device's timeouts and the MTU will be unresolvable."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45271 Error while trying to change appearance or selecting custom reports:"})," In some cases where error messages are vague, a path to the error location is provided."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45372 Filters in the Routers Tab not working:"})," Resolved a logic issue with the GUI table."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-45489 ",(0,r.jsx)(n.code,{children:"ifcfg"})," custom options issues:"]})," Resolved an issue where interface ifcfg option changes were not being processed."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45814 No Bandwidth statistics visible in GUI:"})," Resolved an issue when processing high numbers of services and service routes which prevented a subset of stats from being stored and displayed."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-45842 PCLI ",(0,r.jsx)(n.code,{children:"show events"})," does not paginate correctly:"]})," This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45882 Rare case where an invalid DHCP server configuration generated:"})," This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45890 Service paths for BGP over SVR routes are not being rebuilt:"})," Resolved an issue when the vector configuration is changed on a network interface, the service paths for BGP over SVR routes are not being rebuilt."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45999 Azure Router Crash:"})," Added support for NetVSC/VF hotswapping to resolve this issue."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46055 Add warning when transmit caps are too low:"})," Users now get a warning when configuring a traffic-engineering transmit-cap under 1Mbps."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46114 SSR flooded with Highway messages:"})," The chatty ",(0,r.jsx)(n.code,{children:"InterfaceMap::Exception: Unable to find path to peer"})," highway log has been suppressed."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46136 Unused Application ID stats not being purged fast enough:"})," Resolved an issue where application ID stats tracked per client, per app, per next-hop are not cleaned up when inactive."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46169 RIB Doesn't Update Connected Route After Changing Network Interface Address Prefix from /24 to /27:"})," Resolved an issue when changing the prefix length for a network interface address, the RIB was not updated and routing protocols were not aware of the change."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46230 Highway Crash:"})," Resolved an issue where uncaught exceptions were causing highway issues."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46314 Configuring Static Assignment with Client-Identifier Causes DHCP failure:"})," Updated config validation to verify that, within a single DHCP server host-service, all static assignments use unique client-identifiers."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46332 VRRP Does Not Work with Ethernet Controller X710 for 10GbE SFP+:"})," Configuring VRRP on an Intel X700 series NIC can see discard broadcast packets due to the source pruning feature which is enabled by default. This change disables source pruning when VRRP is enabled on these NICs."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-46411 PPPoE over VLAN interface status missing in ",(0,r.jsx)(n.code,{children:"show"})," commands:"]})," Added atttribute to show the missing information."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46419 Forward Error Correction (FEC) with OutBound Only Fails:"})," Resolved an issue where FEC actions are not installed properly after the modifcation to resolve the outbound only path."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46454 ICMP manager excessively logs ICMP echo replies with no matching context:"})," This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsxs)(n.strong,{children:["I95-46458 ",(0,r.jsx)(n.code,{children:"set password"}),' from PCLI hangs at "Modifying password":']})," This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46613 Flow move may not happen without forward packet for outbound only sessions:"})," Resolved an issue that when a session has been idle for more than 10 seconds, sessions for outbound-only connections may not failover properly without a forward packet."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46641 Modem lockup after reset on dual LTE system:"})," Resolved an issue with dual LTE modem lockup after reset."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46822 Revertible failover traffic not restored when reverse traffic is present:"}),' For a "revertible-failover" service policy, when the preferred path is restored and a session no longer traverses an internode dogleg path, it was taking several seconds for traffic to be restored when forward traffic is present; in situations where only reverse traffic is present, traffic may not be restored. This issue has been resolved.']}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46931 Hardware using ConnectX6-DX fails to initialize:"})," Added support for this card variant."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-46959 PPPoE over VLAN not working when target interface is down:"})," Added code to bring up parent interface before VLAN interface."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-47111 Issues with redundant interfaces on startup:"})," Resolved an issue where the notifications for active interfaces may get lost when using VRRP for redundancy."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"release-560-44",children:"Release 5.6.0-44"}),"\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Release Date:"})," May 20, 2022"]}),"\n",(0,r.jsx)(n.h3,{id:"new-features",children:"New Features"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-10056 RADIUS support for Multi-Factor Authentication:"})," Integration between Radius user access and Role-based Access Control allows the SSR to support Multi-Factor Authentication using Yubikey."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-200118 Configuration Concurrency at Scale:"})," Support for multiple users concurrently editing the SSR configuration is now supported. For more information, see ",(0,r.jsx)(n.a,{href:"/docs/config_basics#candidate-configuration",children:"Candidate Configuration"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-32820 and I95-41915 STEP High Availability:"})," See ",(0,r.jsx)(n.a,{href:"/docs/config_step_ha",children:"STEP High Availability"})," for more information."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-37417 Additional factory default session-type configuration:"})," Added factory-default session-types for NetBIOS Name Service, NTP, and LDAP over UDP."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-37648 Configurable Password Policy:"})," The SSR password policies have been updated to provide a more secure experience. See ",(0,r.jsx)(n.a,{href:"/docs/config_password_policies",children:"Password Policies"})," for additional information."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-38430 Support for PPPoE over VLAN:"})," Added support for PPPoE over VLAN. See ",(0,r.jsx)(n.a,{href:"/docs/howto_pppoe_vlan",children:"VLAN Support on a PPPoE Interface"})," for configuration information."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-39712 Hierarchical Service Inheritance For STEP Learned Routes:"})," Child services now inherit routes of their parent services, when the parent route is learned through STEP. For more information see ",(0,r.jsx)(n.a,{href:"/docs/config_STEP#hierarchical-services",children:"Hierarchical Services."})]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-40130 Factory Defaults for Conductor Communication:"})," Added SaltStack, Conductor, and IKE default session-types. For new deployments, SIP, SIPS, and IPSEC-NAT use NAT Keep Alive by default, and the timeout for IPSEC-NAT is 125 seconds."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-40660 Kernel Upgrade:"})," The OS kernel has been upgraded to address several CVEs and provide support for Wireguard and Cordoba."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-41449 NTP Authentication with SHA1 or better:"})," Support for NTP authentication provides options for external NTP server authentication. See ",(0,r.jsx)(n.a,{href:"/docs/config_ntp_auth",children:"NTP Authentication"})," for more information."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-41509 STEP Route Computation enhancements:"})," STEP uses additional service policy information when computing the best path scenario. See ",(0,r.jsx)(n.a,{href:"/docs/config_STEP#route-computation",children:"STEP Route Computation"})," for more information."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-41557 Software Lifecycle Management:"})," The download, upgrade, and software lifecycle process is more easily managed from a single location in the GUI. See ",(0,r.jsx)(n.a,{href:"/docs/upgrade_router#upgrade-using-the-conductors-gui",children:"Software Lifecycle"})," for additional information."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-42483 STEP Page in the GUI:"})," ",(0,r.jsx)(n.a,{href:"/docs/howto_STEP_GUI",children:"The STEP page in the GUI"})," provides graphical representations of STEP data."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-42887 Real-time alerts for Audit failure events:"})," A service has been added a service that warns all logged in users if auditd fails to start and audit logging capability is impacted. See ",(0,r.jsx)(n.a,{href:"/docs/config_audit_event#basic-configuration",children:"Audit Events"})," for more information."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-42888 Logout mechanism for administrator-initiated communication sessions:"})," A PCLI command and audit log are available to verify session closure."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-43039 File permissions, ownership/membership of system files and commands remain static:"})," Unauthorized or unintended changes are not introduced during the operation of the SSR Software."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-43040 Non-certificate trusted host is not allowed SSH logon to the system:"})," The SSH daemon performs strict mode checking and does not allow a non-trusted host SSH to logon to the system."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-43041 Datagram Congestion Control Protocol (DCCP) kernel module is disabled unless required:"})," The DCCP module is prevented from loading unless it is specifically required."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-43047 Local initialization files do not execute world-writable programs:"})," The directories are not world-writable."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-43049 The audit system notifies the user when there is an error sending audit records to a remote system:"})," Remote logging for audit logs and appropriate messaging has been added. See ",(0,r.jsx)(n.a,{href:"/docs/config_audit_event#basic-configuration",children:"Audit Events"})," for more information."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-43050 Strict mode checking of home directory configuration files:"})," The SSH daemon performs strict mode checking home directory configuration files."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-43051 Remote X connections are disabled except to fulfill documented and validated requirements:"})," X server is disabled as part of the mode checking of home directory configuration files."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-43496 BFD for Routing Protocols:"})," BFD support for BGP and OSPF protocols has been added. See ",(0,r.jsx)(n.a,{href:"/docs/config_bfd",children:"Optimizing Routing Protocols: BFD"})," for more information."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"resolved-issues-15",children:"Resolved Issues"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-36758 Redistributed service route distance not configurable:"})," Support has been added for the configuration of admin distance for kernel routes generated by services with service routes and for BGP over SVR services."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-38408 DHCP server on wrong vlan sends offer in response to discover message:"})," Hosted DHCP servers that do not have an explicit vlan configured are now explicitly treated as vlan 0, and handle any DHCP packets that are untagged/vlan 0, in order to prevent those packets from being multicasted to multiple DHCP servers."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-40904 Power save mode not working:"})," This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-41992 Warning for Rate-Limit with Flow-Limit values at 0:"})," A warning has been added to advise users that this will cause dropped packets."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-43239 LTE APN on Modem not set up correctly:"})," The APN is now always written to the the modem using the default index of 1."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44142 Automated Provisioner Race condition:"})," Resolved a rare crash where applications would attempt to get information about already-closed sockets when responding to API requests."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44435 Save Tech Support should include Service Paths:"})," ",(0,r.jsx)(n.code,{children:"save tech-support-info"})," includes ",(0,r.jsx)(n.code,{children:"show service-path"})," and ",(0,r.jsx)(n.code,{children:"show rib"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44722 Time series HMAC failures after rebooting node in HA router:"})," Device interfaces are flushed upon becoming active to avoid handling of packets which have been delayed due to inactivity."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44726 Invalid return code returned by T1 firmware creating a memory leak:"})," Resolved a buffer leak in the wanpipe driver."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44823 Conductor upgrade failure - extra space in integer is invalid:"})," Extra spaces on integer types are now trimmed off to avoid this issue."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:'I95-44854 Extra "Application" column in Top Sessions panel:'})," The extra column has been removed."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44913 kmod-i40e metapackage causing upgrade issues:"})," The metapackage has been removed and upgrade issues have been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44985 Update salt-minion minimum version to resolve CVEs:"})," This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-44991 SSR not passing Aruba data on GRE Tunnels:"})," Resolved an issue where GRE packets with reserved bit in the header are incorrectly dropped as invalid."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45063 SSR azure instances unstable on large machine types:"})," Resolved an unpgrade issue causing instability in Azure instances using Mellanox5."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45113 snmp override of the IfTable:"})," An issue with SNMP reporting has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45123 CVE Issue:"})," The latest Security vulnerabilities have been identified and addressed."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45124 RBAC Config Endpoints Leaking Information:"})," Resolved an issue where some configuration endpoints would allow users with incorrect permissions make requests."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45146 GUI error message for users authenticated by LDAP to Active Directory Server:"})," This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45162 Improve download/upgrade error message if a router name does not exist:"})," In situations where a router does not exist, the download and upgrade message now indicates that the router does not exist."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45211 New users run into permissions errors:"})," Access Control Lists are now preserved on file rotations."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45220 Conductor local forwarding parameters not dynamic:"})," Resolved an issue when transitioning a conductor from standalone to HA the managed routers were not automatically connecting to the newly added conductor node."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45268 Third-party-drivers rpm install hung:"})," Resolved an issue where the installation hangs when running a post-install scriptlet. The script is not necessary at that stage and has been disabled."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45348 Update salt master and minion to 3002.8:"})," This update resolves several CVE and requires that the conductor must be running this release containing these fixes ",(0,r.jsx)(n.strong,{children:"before"})," upgrading a router.\n",(0,r.jsx)(n.strong,{children:"Important"})," Please see the Caveat below for additional important information about HA upgrades."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45374 Router Dropping SIP traffic:"})," A warning is displayed if users configure a service-class to rate-limit but don't set max-flow-burst/max-flow-rate values (default is set to 0)."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45541 LDAP users are unable to login to the PCLI due to permission errors:"})," This issue has been resolved."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45559 Corrupted resolv.conf after ODM imaging:"})," Resolved an issue on SSR systems running dns-proxy services with external interfaces configured using PEERDNS=yes, where a race condition may occur that results in corrupt nameservers being added to the /etc/resolv.conf file."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45583 HA Connection lost during commit:"})," Resolved an issue where session was missing necessary path data information relating to the peer path."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45618 MAC address issue in Azure environment:"})," Non-ethernet MAC addresses are now handled correctly during MLX device discovery."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45641 Stuck BGPoSVR Sessions after Failover:"})," Made changes to provide updates to less specific FIB entries when routes are updated to resolve this issue."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45643 User created users missing after upgrade:"})," Resolved an issue where the XML values true/false are also handled as 1/0."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45696 Memory leak in pam challenge library:"})," Resolved a memory leak in the PAM challenge library."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45779 LDAP user login blocked during HA upgrade:"})," Resolved an issue where the LDAP user login was blocked until the upgrade was complete on both HA conductors."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45761 SSH ClientAliveInterval change:"})," The SSH ",(0,r.jsx)(n.code,{children:"ClientAliveInterval"})," has been reset to 900."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45783 User home directories different across the topology during upgrade:"})," Resolved an issue with incorrect LDAP user roles during upgrade."]}),"\n"]}),"\n",(0,r.jsx)(n.hr,{}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:'I95-45816 "TCP State Stream Parse Error" filling up the flpp.log:'})," This log issue has been addressed."]}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"caveats-2",children:"Caveats"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:[(0,r.jsx)(n.strong,{children:"I95-45348: Update salt master and minion to 3002.8:"})," When upgrading an HA pair to version 5.6.0, please be aware of the following: While updating the conductors in an HA pair, the upgraded conductor node asset state will remain DISCONNECTED if the active ",(0,r.jsx)(n.code,{children:"automatedProvisioner"})," is not running a corrected version. When performing an HA conductor upgrade the node running the oldest software assumes leadership. However, the older version will not be able to talk to the new software on the upgraded conductor."]}),"\n"]}),"\n",(0,r.jsxs)(n.p,{children:["The active ",(0,r.jsx)(n.code,{children:"automatedProvisioner"})," can be determined by running the command ",(0,r.jsx)(n.code,{children:"show system processes"}),". Once the upgrade begins on the old node, the newly upgraded conductor takes over."]}),"\n",(0,r.jsx)(n.h4,{id:"corrected-versions",children:"Corrected Versions"}),"\n",(0,r.jsxs)(n.table,{children:[(0,r.jsx)(n.thead,{children:(0,r.jsxs)(n.tr,{children:[(0,r.jsx)(n.th,{children:"Router Software Version"}),(0,r.jsx)(n.th,{children:"Minimum Required Conductor Version"})]})}),(0,r.jsx)(n.tbody,{children:(0,r.jsxs)(n.tr,{children:[(0,r.jsx)(n.td,{children:"5.6.0"}),(0,r.jsx)(n.td,{children:"5.6.0 or later"})]})})]})]})}function h(e={}){const{wrapper:n}={...(0,i.R)(),...e.components};return n?(0,r.jsx)(n,{...e,children:(0,r.jsx)(c,{...e})}):c(e)}},28453:(e,n,s)=>{s.d(n,{R:()=>t,x:()=>a});var r=s(96540);const i={},o=r.createContext(i);function t(e){const n=r.useContext(o);return r.useMemo((function(){return"function"==typeof e?e(n):{...n,...e}}),[n,e])}function a(e){let n;return n=e.disableParentContext?"function"==typeof e.components?e.components(i):e.components||i:t(e.components),r.createElement(o.Provider,{value:n},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/runtime~main.7dbcb504.js b/assets/js/runtime~main.d12e5e52.js similarity index 99% rename from assets/js/runtime~main.7dbcb504.js rename to assets/js/runtime~main.d12e5e52.js index dc816f0aaa..cd37ccb07c 100644 --- a/assets/js/runtime~main.7dbcb504.js +++ b/assets/js/runtime~main.d12e5e52.js @@ -1 +1 @@ -(()=>{"use strict";var e,a,c,d,b,f={},t={};function r(e){var a=t[e];if(void 0!==a)return a.exports;var c=t[e]={id:e,loaded:!1,exports:{}};return f[e].call(c.exports,c,c.exports,r),c.loaded=!0,c.exports}r.m=f,r.c=t,e=[],r.O=(a,c,d,b)=>{if(!c){var f=1/0;for(i=0;i=b)&&Object.keys(r.O).every((e=>r.O[e](c[o])))?c.splice(o--,1):(t=!1,b0&&e[i-1][2]>b;i--)e[i]=e[i-1];e[i]=[c,d,b]},r.n=e=>{var a=e&&e.__esModule?()=>e.default:()=>e;return r.d(a,{a:a}),a},c=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,r.t=function(e,d){if(1&d&&(e=this(e)),8&d)return e;if("object"==typeof e&&e){if(4&d&&e.__esModule)return e;if(16&d&&"function"==typeof e.then)return e}var b=Object.create(null);r.r(b);var f={};a=a||[null,c({}),c([]),c(c)];for(var t=2&d&&e;"object"==typeof t&&!~a.indexOf(t);t=c(t))Object.getOwnPropertyNames(t).forEach((a=>f[a]=()=>e[a]));return f.default=()=>e,r.d(b,f),b},r.d=(e,a)=>{for(var c in a)r.o(a,c)&&!r.o(e,c)&&Object.defineProperty(e,c,{enumerable:!0,get:a[c]})},r.f={},r.e=e=>Promise.all(Object.keys(r.f).reduce(((a,c)=>(r.f[c](e,a),a)),[])),r.u=e=>"assets/js/"+({20:"db6dcd11",39:"527b551c",47:"f63e6c74",54:"b1978b04",78:"7ac9f663",91:"2607b1b2",129:"0bab7475",167:"a6bb4056",250:"1f1616ac",254:"d4d14826",289:"004d29da",343:"faf1f1be",354:"fa10e3f3",364:"e211bde1",367:"93be6e71",411:"c5279929",536:"2fa440c1",555:"54353486",569:"dfa394ad",602:"62394bcb",612:"4df5dc25",644:"86f31d58",655:"b4eae7ec",658:"1bb8506c",694:"8da94946",704:"086df995",766:"0d536465",799:"5fac8c42",818:"ed74b193",888:"3941dd91",892:"9205559b",961:"55114b35",990:"65695e94",992:"17cbe010",1026:"818e063f",1078:"7e6aac9a",1128:"4c42c872",1137:"00a68dd3",1153:"1c091541",1156:"6eb03461",1171:"60e9abaf",1203:"edb447db",1236:"5af760a9",1297:"72861149",1310:"8173bda7",1325:"dd367bbd",1343:"fc6ce1ea",1370:"cdf5a5ef",1371:"ee7e8d64",1404:"1f431a7f",1448:"e561cafd",1468:"1192f2f6",1469:"64978787",1471:"eb901005",1498:"992d12bf",1558:"843982b1",1605:"b4bd2b0b",1610:"ca456dc7",1622:"af49515d",1678:"a7434565",1679:"ab09dada",1681:"b1274c58",1735:"ccb21e0d",1737:"4216b717",1744:"30cefcb9",1755:"ff2b50c2",1788:"ba3cdc5f",1790:"1e666a79",1832:"de01d3dd",1870:"8a83f72d",1878:"0dc34735",1887:"96ead54b",1907:"05c36e2b",1958:"970eef1f",2004:"59671568",2074:"2d71f3d6",2076:"5ae586d9",2111:"b4d24f95",2141:"ba3718bb",2170:"dccf3ab3",2187:"64560f30",2189:"616e37ec",2196:"3decd099",2221:"55815b6b",2249:"3490ddc1",2264:"5aa897a9",2269:"2a9d7520",2404:"7c144864",2429:"926c5bcb",2459:"36e763bd",2550:"b6e893a1",2606:"86fe1fd1",2615:"46698544",2634:"c4f5d8e4",2635:"5582d5b3",2636:"a9a655f0",2640:"9c22df41",2711:"9e4087bc",2734:"478f4ac4",2745:"78d92bdf",2761:"91709424",2778:"c72aeafd",2801:"f4b635ce",2861:"9865a3ae",2864:"ef7082ef",2867:"0963058a",2870:"4e61e0e3",2897:"d227a8c3",2903:"427a70b9",2909:"081b0421",2941:"3558ab71",2955:"3cca6ccf",2985:"1edac7ad",2987:"7969531d",3005:"a6b5c6c6",3052:"31354b23",3078:"ea1382de",3084:"5224cb1d",3100:"b6e3f72d",3103:"ec48aa20",3107:"914a4137",3120:"74ecf466",3158:"97e28c7f",3181:"61859c13",3187:"e34a462a",3195:"a528af12",3202:"715a6ac9",3208:"88e8f7d9",3218:"16118acf",3224:"2079ce5f",3249:"ccc49370",3335:"48158550",3357:"8d193b98",3358:"e8183211",3364:"c5412282",3365:"471ccc03",3411:"a69666e7",3451:"f45a5c22",3503:"4735c680",3526:"671608d5",3532:"59ae29ec",3561:"65f51a88",3596:"2cd030d7",3604:"a99bd435",3680:"f1e929de",3681:"0e0828f7",3755:"15d9d91e",3774:"4d4af71b",3784:"adebacd5",3867:"b92f2ffe",3925:"ab9d194b",3965:"12973385",3998:"f91bd91a",4019:"999eefda",4030:"6d8c58e0",4031:"35c020be",4034:"bd6161a8",4040:"ea10fb5e",4057:"3a18a969",4082:"1a258abc",4160:"99d3adc8",4201:"e4ea85d2",4243:"c545ce38",4275:"50aea046",4341:"34c2e656",4347:"c243f67e",4365:"504258c1",4399:"e5498f89",4402:"4433aa4a",4455:"03cc388d",4501:"7eb68200",4611:"9e626a34",4648:"f7f081c4",4657:"165d6ddb",4701:"c981d5a5",4711:"8dcb5479",4744:"a6c6e198",4813:"6875c492",4943:"b5d5832c",4946:"babf756d",4947:"79ba8483",4969:"1d409f39",5075:"f78817c8",5162:"6c3a45f3",5175:"1c7c7999",5181:"23315faa",5198:"22e0479f",5229:"ca8e00cf",5248:"f600d6b7",5252:"157d0f51",5312:"b2595e07",5346:"78993498",5358:"7c44e394",5381:"f75c78c7",5409:"751933b8",5453:"5bd80e3c",5462:"6df6cef9",5469:"97984012",5474:"b01dec8d",5503:"908e7fd1",5528:"ec32fd95",5542:"e7f5cf85",5545:"d9f2e9de",5548:"247783bb",5569:"886da407",5611:"12358849",5647:"a8de73b6",5676:"9df5ba08",5695:"cd3a1b71",5700:"f3e4e9ba",5750:"c94c6a81",5806:"31fb6667",5842:"8f8a8486",5855:"caae6a74",5857:"66d1a6d6",5917:"16bb0c08",5972:"fad34d8c",5997:"95213309",6002:"067f2491",6066:"b3c6666a",6070:"0992c981",6075:"b7ea8a15",6085:"ef15f058",6164:"9227984d",6171:"d6ac5f87",6180:"24dbbfb5",6183:"95767f4f",6212:"e9447916",6224:"813c1e3c",6283:"7b5f5324",6288:"b72abd29",6339:"237f94c4",6342:"d10df0a9",6353:"0ebeaf92",6447:"75044d13",6505:"18a680dd",6516:"da8a5efc",6575:"18f2e2f8",6581:"d9127814",6589:"62cebd80",6661:"5832e93a",6721:"900a4776",6744:"7ca7b227",6792:"9e3994f8",6802:"1f81fecc",6835:"2b0c565e",6851:"13bce32c",6863:"123589a3",6935:"9ca5c793",6942:"db0e5665",6986:"cd45153b",7005:"c3e6aa36",7011:"585ae136",7056:"bcb93440",7098:"a7bd4aaa",7115:"712a2f3f",7122:"7035f7a2",7145:"f81a22e1",7152:"9ea1a2aa",7154:"e42d5ae1",7160:"7fa6ed4f",7189:"b379c27a",7198:"fb06d519",7266:"a2a4c143",7286:"536d7d7c",7342:"caafc210",7361:"3e30922d",7391:"618df328",7392:"37f96fb0",7453:"91e0204a",7470:"024d2706",7472:"814f3328",7578:"01694cfb",7599:"4cfec2fe",7643:"a6aa9e1f",7650:"4ca1d71d",7716:"038c53d3",7738:"4c0db3b1",7764:"024adeab",7771:"255640f0",7789:"79e69da7",7912:"5250c73b",7982:"0be46c6c",8007:"db955a95",8086:"7c955499",8108:"f6895f07",8117:"068fb888",8120:"20c6af36",8127:"6e45904a",8130:"066adc50",8183:"c96912e9",8209:"01a85c17",8221:"94672f35",8238:"79d59ab0",8262:"eec387e9",8401:"17896441",8426:"3aa60141",8435:"3c48957e",8465:"55700ae3",8511:"9460990c",8534:"bb107151",8550:"f8de5346",8552:"fcacda66",8572:"7abea780",8581:"935f2afb",8585:"0c4bd717",8604:"8435a5af",8620:"82a75a29",8621:"d0606bd0",8640:"c42e881b",8760:"2b21a708",8771:"0c9e687f",8776:"963555e3",8780:"de9df2e6",8791:"67ac5e10",8868:"c97842fb",8889:"ab8ea87d",8897:"62a43286",8960:"49064f55",8968:"f94bd8bd",8974:"66b27df6",9008:"8208b10f",9048:"a94703ab",9074:"15c187d8",9090:"99a0b27e",9091:"ef42a3c2",9174:"09c4fc3a",9233:"0d226310",9240:"a9f22230",9293:"bb676ca9",9303:"dc698a41",9331:"836cb097",9334:"b55382bf",9370:"8703a4a5",9381:"3010c7f0",9418:"937cb005",9427:"baa6ba52",9445:"5ba3ee34",9480:"fb8e5513",9521:"5dde18f1",9561:"5405175c",9564:"3ee0686d",9596:"c9e1f498",9600:"54d8552d",9639:"74361193",9647:"5e95c892",9673:"5a656ac9",9677:"e7fbe30b",9686:"00b6c21a",9702:"78d53149",9729:"c5ae1959",9773:"328f9ef3",9787:"3ad39273",9809:"d88b10c2",9888:"38ba65fd",9894:"8e519f58",9941:"26681f38",9953:"43b47194",9989:"72814a2c"}[e]||e)+"."+{20:"ee6e3277",39:"edccef61",47:"ed98e678",54:"f1d142f2",78:"95d24604",91:"ce556914",129:"52cc8c59",141:"de9f3b3c",167:"b3c2e79d",250:"b53f7311",254:"760ee5b3",289:"15fdde39",343:"83004357",354:"1e652f19",364:"6c7ce1d1",367:"da101439",397:"da1e9260",411:"0facf8b4",536:"bccca094",555:"7b5f40b5",569:"929a7782",602:"bfb8637a",604:"b40e813b",612:"88e7c2ab",619:"799695af",644:"470faf7f",655:"8ba62196",658:"425aff26",694:"30c9bdff",704:"dd83f17c",766:"d572e4f9",799:"fa1c2662",818:"9df7c5da",888:"7860acf2",892:"169f0eec",961:"0b5a96f9",971:"ccc70bb4",990:"e3424678",992:"eca515b1",1026:"25d70434",1078:"74f08c36",1128:"126dc819",1137:"894d3d28",1153:"2a9adbbf",1156:"f4689d34",1169:"8324bf40",1171:"3f303732",1176:"55cbfd7d",1203:"56005e04",1236:"501f9e9f",1297:"6308a0dc",1310:"61f4014e",1325:"949e39f5",1329:"9a1e19df",1343:"7a5227ce",1370:"532b540f",1371:"f4c8ab7a",1404:"a7a683f8",1448:"212ee3ea",1468:"56707819",1469:"b94550cc",1471:"7a9eaa02",1498:"796586be",1558:"0426fb6b",1605:"e0e38ade",1610:"def5bd4f",1622:"162a2ce3",1678:"f29848b0",1679:"da3c0c9b",1681:"25c03f50",1689:"01b68ebb",1735:"0b37f145",1737:"089199b0",1744:"5af1ddc9",1755:"0c4e8cf2",1788:"f58067db",1790:"58359029",1832:"13dbde17",1870:"1cf63081",1878:"205f5cb0",1887:"0c7640e6",1907:"5f6010e2",1958:"0e7a117d",1987:"58094b24",2004:"5ab7dfca",2074:"f6ba95b0",2076:"88fdf70e",2111:"89b39f86",2130:"fbeff7d3",2141:"7665af74",2144:"0ac08618",2170:"3f2243bb",2187:"381c2680",2189:"6d7cd317",2196:"3a5e1a3c",2221:"8ef583c0",2237:"6e38e341",2249:"87a1a8da",2264:"f5c10e84",2269:"62eb0cb5",2315:"5e7aadf5",2404:"f4c09f5c",2429:"8f5cc82d",2459:"bff3d9ce",2550:"95d6a589",2606:"088caf3b",2615:"ef37fa4e",2634:"15f9fa4d",2635:"e45cef78",2636:"b0baef54",2640:"9af4a835",2704:"aa88eb42",2711:"d8e6582c",2734:"68c3c420",2745:"230a490e",2761:"4245ee9a",2778:"bcaa460e",2801:"2b4df4b6",2861:"be8f5083",2864:"b4a4b641",2867:"cdd3d7b3",2870:"69454e27",2875:"a78023fe",2897:"a40e93e1",2903:"217b96ea",2909:"0c614a3d",2941:"46b89a30",2955:"6f4c1413",2985:"7edd4608",2987:"dcdb8502",3005:"7c746816",3052:"aca92bf2",3078:"1e5e4855",3084:"e00c67cd",3100:"5f3b7bc5",3103:"4927edae",3107:"7ef6e604",3120:"b160cc0a",3158:"62f61681",3181:"2de50031",3187:"c40d7c7a",3195:"7ff60148",3202:"287c0707",3208:"954e975e",3218:"67044b0b",3224:"591f2942",3249:"cdec1bb8",3292:"9c205805",3335:"072f27e5",3357:"ee07dc6e",3358:"86051b99",3364:"dd55abd1",3365:"9cc4168d",3411:"67adb508",3417:"30a5d238",3451:"4afc1be4",3503:"00aaa1e4",3526:"839ec97b",3532:"1efc8f6b",3561:"935b45dc",3596:"640a6644",3604:"d6b87f89",3680:"723e12ad",3681:"c85576d6",3687:"889e2061",3755:"dfa0680c",3774:"0ca8d18b",3784:"35ebfb54",3867:"4e6f9a21",3874:"e3ea4c48",3925:"d84a04bc",3965:"f93eefe2",3998:"99794c8f",4019:"9d23f4b2",4030:"b5dce83d",4031:"91edb431",4034:"e4dcec59",4040:"9854ed0e",4057:"08254a91",4073:"cfc185ed",4082:"49f75832",4104:"50c402cf",4160:"db5f6bb3",4201:"f70b9a42",4243:"02364238",4275:"5e59d37c",4341:"368b46e3",4347:"d2684a8b",4365:"234d99a3",4399:"31d2934c",4402:"7baf265b",4455:"726beea7",4501:"995f8940",4529:"848059b7",4564:"2c323e22",4611:"653917d6",4648:"405319ff",4657:"79d2f0af",4701:"a53e68ce",4711:"d6d3b1bc",4744:"632ef287",4813:"979357b1",4943:"6614677a",4946:"09a0bfe8",4947:"5e9bc40f",4969:"0966ef95",5075:"63b1c69f",5162:"8279ca61",5163:"f769838e",5175:"d5562c31",5181:"3886c2f8",5198:"7135fb74",5229:"c7acce26",5248:"3387b5b6",5252:"144549a3",5312:"5a53e64c",5346:"4c51818b",5358:"f2abced7",5381:"d9fe8f5c",5409:"40c585eb",5453:"78d68f88",5462:"9e8552a5",5469:"d1b0d110",5474:"ee623316",5503:"7db88df0",5528:"365fab5a",5542:"a47e685b",5545:"fba50a95",5548:"29da01b5",5569:"c6cdcece",5611:"cebcf20e",5628:"698f28f6",5633:"ee82e417",5647:"a1ca7cb2",5676:"a667eb21",5695:"dcdf473b",5700:"24674927",5750:"39d3fa1c",5806:"10d88818",5842:"7a943caa",5855:"1c6555e2",5857:"13678590",5860:"ad193164",5917:"164a0d47",5972:"938e7cc3",5997:"fea9289c",6002:"c1296b0e",6066:"c6a6af53",6070:"2c1357e5",6075:"54a6a5f7",6085:"129e6097",6164:"ae39b2ea",6171:"8d81b7d7",6180:"629ee403",6183:"009f6a25",6212:"89676a98",6224:"2f88251c",6283:"15794d7e",6288:"6903a96b",6339:"835d19d6",6342:"9db8b9b3",6353:"2789bea1",6447:"7146d95a",6505:"0298dd68",6516:"a80c0ab5",6575:"210591c3",6581:"44aafe56",6589:"4c2a5469",6625:"3e4749c4",6661:"5ca4d74a",6721:"8fc0be88",6744:"f7633957",6770:"91492e1a",6792:"7512ba02",6802:"2e4b4773",6835:"726c45fa",6851:"ce7b0e8c",6863:"dc6f18e8",6935:"5e9a4e33",6942:"0b343025",6986:"fcb375b0",7005:"50184e78",7011:"08f1ee6c",7056:"9c2e004d",7098:"cf58e7e6",7115:"ceca446f",7122:"a3ea5875",7145:"5454b73a",7152:"613c2788",7154:"56b651b5",7160:"4fa4fe66",7189:"79be2fc2",7198:"f18eb52e",7266:"bee1ac23",7286:"0422940c",7342:"bf659467",7361:"dc3f8554",7391:"fa13bb37",7392:"8ad68e03",7453:"d99603e8",7470:"788ea942",7472:"b58469ab",7578:"d8caf054",7599:"cd8bb636",7643:"30c8eec2",7650:"bdb187bc",7716:"9663811d",7738:"ec809e1b",7764:"884ba2b8",7771:"6f1abec2",7789:"b31aafec",7899:"f0caff57",7912:"95a8aa78",7982:"d19114d7",8007:"ec80508c",8086:"94ad2158",8108:"6fd5a018",8117:"b5d1984c",8120:"ea5d0ce1",8127:"11a82e86",8130:"3c6d8853",8146:"212d90a0",8183:"34400e86",8209:"bec8d475",8221:"73aa68b1",8238:"f050c583",8262:"a4a79eba",8401:"cebf9e05",8426:"77ae5306",8435:"ab8158d5",8465:"2aba6655",8511:"87bdbfbc",8534:"5fd4b707",8544:"db009549",8550:"8c3f5baa",8552:"7c994d87",8572:"a9106d17",8581:"2c2c1610",8585:"042af2a5",8604:"51f28635",8620:"8a4e9b92",8621:"4078c048",8640:"b2eb3506",8760:"45874e30",8771:"b3436ab5",8776:"349b44d1",8780:"f7c616e6",8791:"5f8a9e90",8846:"3602f905",8868:"e1fca583",8889:"d5d05a8c",8897:"7580286d",8913:"39afc07a",8960:"3e2958a1",8968:"e82b86ad",8974:"a610dd39",8989:"08dc9fc8",8995:"3d0f054e",9008:"3148c225",9048:"40ca5e00",9074:"b1a117f8",9090:"d0022930",9091:"a0212418",9174:"55a2d27d",9233:"4bf9b6de",9240:"fdc2a754",9293:"a4d9a76b",9303:"fe70d0cf",9312:"034c457f",9331:"f7a7fe8b",9334:"5d19fec5",9370:"aa82b287",9381:"04582a70",9418:"6701e706",9427:"039f78b3",9445:"8831dc68",9480:"b8d19366",9521:"f81bc6ae",9561:"20450306",9564:"27f89463",9596:"51d34e5b",9600:"34208508",9639:"5723e96e",9647:"05d87c7f",9673:"0b2fcf4c",9677:"0ae1ab19",9686:"8d7067bd",9702:"5eacdb1d",9729:"6bc8a95c",9773:"2f09134f",9787:"da5e1fc9",9809:"a4b0eade",9888:"9e231c95",9894:"fa584b3b",9941:"f1723c5e",9953:"5b7b3398",9989:"2e0693cb"}[e]+".js",r.miniCssF=e=>{},r.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),r.o=(e,a)=>Object.prototype.hasOwnProperty.call(e,a),d={},b="128t-docs:",r.l=(e,a,c,f)=>{if(d[e])d[e].push(a);else{var t,o;if(void 0!==c)for(var n=document.getElementsByTagName("script"),i=0;i{t.onerror=t.onload=null,clearTimeout(s);var b=d[e];if(delete d[e],t.parentNode&&t.parentNode.removeChild(t),b&&b.forEach((e=>e(c))),a)return a(c)},s=setTimeout(l.bind(null,void 0,{type:"timeout",target:t}),12e4);t.onerror=l.bind(null,t.onerror),t.onload=l.bind(null,t.onload),o&&document.head.appendChild(t)}},r.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.p="/",r.gca=function(e){return e={12358849:"5611",12973385:"3965",17896441:"8401",46698544:"2615",48158550:"3335",54353486:"555",59671568:"2004",64978787:"1469",72861149:"1297",74361193:"9639",78993498:"5346",91709424:"2761",95213309:"5997",97984012:"5469",db6dcd11:"20","527b551c":"39",f63e6c74:"47",b1978b04:"54","7ac9f663":"78","2607b1b2":"91","0bab7475":"129",a6bb4056:"167","1f1616ac":"250",d4d14826:"254","004d29da":"289",faf1f1be:"343",fa10e3f3:"354",e211bde1:"364","93be6e71":"367",c5279929:"411","2fa440c1":"536",dfa394ad:"569","62394bcb":"602","4df5dc25":"612","86f31d58":"644",b4eae7ec:"655","1bb8506c":"658","8da94946":"694","086df995":"704","0d536465":"766","5fac8c42":"799",ed74b193:"818","3941dd91":"888","9205559b":"892","55114b35":"961","65695e94":"990","17cbe010":"992","818e063f":"1026","7e6aac9a":"1078","4c42c872":"1128","00a68dd3":"1137","1c091541":"1153","6eb03461":"1156","60e9abaf":"1171",edb447db:"1203","5af760a9":"1236","8173bda7":"1310",dd367bbd:"1325",fc6ce1ea:"1343",cdf5a5ef:"1370",ee7e8d64:"1371","1f431a7f":"1404",e561cafd:"1448","1192f2f6":"1468",eb901005:"1471","992d12bf":"1498","843982b1":"1558",b4bd2b0b:"1605",ca456dc7:"1610",af49515d:"1622",a7434565:"1678",ab09dada:"1679",b1274c58:"1681",ccb21e0d:"1735","4216b717":"1737","30cefcb9":"1744",ff2b50c2:"1755",ba3cdc5f:"1788","1e666a79":"1790",de01d3dd:"1832","8a83f72d":"1870","0dc34735":"1878","96ead54b":"1887","05c36e2b":"1907","970eef1f":"1958","2d71f3d6":"2074","5ae586d9":"2076",b4d24f95:"2111",ba3718bb:"2141",dccf3ab3:"2170","64560f30":"2187","616e37ec":"2189","3decd099":"2196","55815b6b":"2221","3490ddc1":"2249","5aa897a9":"2264","2a9d7520":"2269","7c144864":"2404","926c5bcb":"2429","36e763bd":"2459",b6e893a1:"2550","86fe1fd1":"2606",c4f5d8e4:"2634","5582d5b3":"2635",a9a655f0:"2636","9c22df41":"2640","9e4087bc":"2711","478f4ac4":"2734","78d92bdf":"2745",c72aeafd:"2778",f4b635ce:"2801","9865a3ae":"2861",ef7082ef:"2864","0963058a":"2867","4e61e0e3":"2870",d227a8c3:"2897","427a70b9":"2903","081b0421":"2909","3558ab71":"2941","3cca6ccf":"2955","1edac7ad":"2985","7969531d":"2987",a6b5c6c6:"3005","31354b23":"3052",ea1382de:"3078","5224cb1d":"3084",b6e3f72d:"3100",ec48aa20:"3103","914a4137":"3107","74ecf466":"3120","97e28c7f":"3158","61859c13":"3181",e34a462a:"3187",a528af12:"3195","715a6ac9":"3202","88e8f7d9":"3208","16118acf":"3218","2079ce5f":"3224",ccc49370:"3249","8d193b98":"3357",e8183211:"3358",c5412282:"3364","471ccc03":"3365",a69666e7:"3411",f45a5c22:"3451","4735c680":"3503","671608d5":"3526","59ae29ec":"3532","65f51a88":"3561","2cd030d7":"3596",a99bd435:"3604",f1e929de:"3680","0e0828f7":"3681","15d9d91e":"3755","4d4af71b":"3774",adebacd5:"3784",b92f2ffe:"3867",ab9d194b:"3925",f91bd91a:"3998","999eefda":"4019","6d8c58e0":"4030","35c020be":"4031",bd6161a8:"4034",ea10fb5e:"4040","3a18a969":"4057","1a258abc":"4082","99d3adc8":"4160",e4ea85d2:"4201",c545ce38:"4243","50aea046":"4275","34c2e656":"4341",c243f67e:"4347","504258c1":"4365",e5498f89:"4399","4433aa4a":"4402","03cc388d":"4455","7eb68200":"4501","9e626a34":"4611",f7f081c4:"4648","165d6ddb":"4657",c981d5a5:"4701","8dcb5479":"4711",a6c6e198:"4744","6875c492":"4813",b5d5832c:"4943",babf756d:"4946","79ba8483":"4947","1d409f39":"4969",f78817c8:"5075","6c3a45f3":"5162","1c7c7999":"5175","23315faa":"5181","22e0479f":"5198",ca8e00cf:"5229",f600d6b7:"5248","157d0f51":"5252",b2595e07:"5312","7c44e394":"5358",f75c78c7:"5381","751933b8":"5409","5bd80e3c":"5453","6df6cef9":"5462",b01dec8d:"5474","908e7fd1":"5503",ec32fd95:"5528",e7f5cf85:"5542",d9f2e9de:"5545","247783bb":"5548","886da407":"5569",a8de73b6:"5647","9df5ba08":"5676",cd3a1b71:"5695",f3e4e9ba:"5700",c94c6a81:"5750","31fb6667":"5806","8f8a8486":"5842",caae6a74:"5855","66d1a6d6":"5857","16bb0c08":"5917",fad34d8c:"5972","067f2491":"6002",b3c6666a:"6066","0992c981":"6070",b7ea8a15:"6075",ef15f058:"6085","9227984d":"6164",d6ac5f87:"6171","24dbbfb5":"6180","95767f4f":"6183",e9447916:"6212","813c1e3c":"6224","7b5f5324":"6283",b72abd29:"6288","237f94c4":"6339",d10df0a9:"6342","0ebeaf92":"6353","75044d13":"6447","18a680dd":"6505",da8a5efc:"6516","18f2e2f8":"6575",d9127814:"6581","62cebd80":"6589","5832e93a":"6661","900a4776":"6721","7ca7b227":"6744","9e3994f8":"6792","1f81fecc":"6802","2b0c565e":"6835","13bce32c":"6851","123589a3":"6863","9ca5c793":"6935",db0e5665:"6942",cd45153b:"6986",c3e6aa36:"7005","585ae136":"7011",bcb93440:"7056",a7bd4aaa:"7098","712a2f3f":"7115","7035f7a2":"7122",f81a22e1:"7145","9ea1a2aa":"7152",e42d5ae1:"7154","7fa6ed4f":"7160",b379c27a:"7189",fb06d519:"7198",a2a4c143:"7266","536d7d7c":"7286",caafc210:"7342","3e30922d":"7361","618df328":"7391","37f96fb0":"7392","91e0204a":"7453","024d2706":"7470","814f3328":"7472","01694cfb":"7578","4cfec2fe":"7599",a6aa9e1f:"7643","4ca1d71d":"7650","038c53d3":"7716","4c0db3b1":"7738","024adeab":"7764","255640f0":"7771","79e69da7":"7789","5250c73b":"7912","0be46c6c":"7982",db955a95:"8007","7c955499":"8086",f6895f07:"8108","068fb888":"8117","20c6af36":"8120","6e45904a":"8127","066adc50":"8130",c96912e9:"8183","01a85c17":"8209","94672f35":"8221","79d59ab0":"8238",eec387e9:"8262","3aa60141":"8426","3c48957e":"8435","55700ae3":"8465","9460990c":"8511",bb107151:"8534",f8de5346:"8550",fcacda66:"8552","7abea780":"8572","935f2afb":"8581","0c4bd717":"8585","8435a5af":"8604","82a75a29":"8620",d0606bd0:"8621",c42e881b:"8640","2b21a708":"8760","0c9e687f":"8771","963555e3":"8776",de9df2e6:"8780","67ac5e10":"8791",c97842fb:"8868",ab8ea87d:"8889","62a43286":"8897","49064f55":"8960",f94bd8bd:"8968","66b27df6":"8974","8208b10f":"9008",a94703ab:"9048","15c187d8":"9074","99a0b27e":"9090",ef42a3c2:"9091","09c4fc3a":"9174","0d226310":"9233",a9f22230:"9240",bb676ca9:"9293",dc698a41:"9303","836cb097":"9331",b55382bf:"9334","8703a4a5":"9370","3010c7f0":"9381","937cb005":"9418",baa6ba52:"9427","5ba3ee34":"9445",fb8e5513:"9480","5dde18f1":"9521","5405175c":"9561","3ee0686d":"9564",c9e1f498:"9596","54d8552d":"9600","5e95c892":"9647","5a656ac9":"9673",e7fbe30b:"9677","00b6c21a":"9686","78d53149":"9702",c5ae1959:"9729","328f9ef3":"9773","3ad39273":"9787",d88b10c2:"9809","38ba65fd":"9888","8e519f58":"9894","26681f38":"9941","43b47194":"9953","72814a2c":"9989"}[e]||e,r.p+r.u(e)},(()=>{var e={5354:0,1869:0};r.f.j=(a,c)=>{var d=r.o(e,a)?e[a]:void 0;if(0!==d)if(d)c.push(d[2]);else if(/^(1869|5354)$/.test(a))e[a]=0;else{var b=new Promise(((c,b)=>d=e[a]=[c,b]));c.push(d[2]=b);var f=r.p+r.u(a),t=new Error;r.l(f,(c=>{if(r.o(e,a)&&(0!==(d=e[a])&&(e[a]=void 0),d)){var b=c&&("load"===c.type?"missing":c.type),f=c&&c.target&&c.target.src;t.message="Loading chunk "+a+" failed.\n("+b+": "+f+")",t.name="ChunkLoadError",t.type=b,t.request=f,d[1](t)}}),"chunk-"+a,a)}},r.O.j=a=>0===e[a];var a=(a,c)=>{var d,b,f=c[0],t=c[1],o=c[2],n=0;if(f.some((a=>0!==e[a]))){for(d in t)r.o(t,d)&&(r.m[d]=t[d]);if(o)var i=o(r)}for(a&&a(c);n{"use strict";var e,a,c,d,b,f={},t={};function r(e){var a=t[e];if(void 0!==a)return a.exports;var c=t[e]={id:e,loaded:!1,exports:{}};return f[e].call(c.exports,c,c.exports,r),c.loaded=!0,c.exports}r.m=f,r.c=t,e=[],r.O=(a,c,d,b)=>{if(!c){var f=1/0;for(i=0;i=b)&&Object.keys(r.O).every((e=>r.O[e](c[o])))?c.splice(o--,1):(t=!1,b0&&e[i-1][2]>b;i--)e[i]=e[i-1];e[i]=[c,d,b]},r.n=e=>{var a=e&&e.__esModule?()=>e.default:()=>e;return r.d(a,{a:a}),a},c=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,r.t=function(e,d){if(1&d&&(e=this(e)),8&d)return e;if("object"==typeof e&&e){if(4&d&&e.__esModule)return e;if(16&d&&"function"==typeof e.then)return e}var b=Object.create(null);r.r(b);var f={};a=a||[null,c({}),c([]),c(c)];for(var t=2&d&&e;"object"==typeof t&&!~a.indexOf(t);t=c(t))Object.getOwnPropertyNames(t).forEach((a=>f[a]=()=>e[a]));return f.default=()=>e,r.d(b,f),b},r.d=(e,a)=>{for(var c in a)r.o(a,c)&&!r.o(e,c)&&Object.defineProperty(e,c,{enumerable:!0,get:a[c]})},r.f={},r.e=e=>Promise.all(Object.keys(r.f).reduce(((a,c)=>(r.f[c](e,a),a)),[])),r.u=e=>"assets/js/"+({20:"db6dcd11",39:"527b551c",47:"f63e6c74",54:"b1978b04",78:"7ac9f663",91:"2607b1b2",129:"0bab7475",167:"a6bb4056",250:"1f1616ac",254:"d4d14826",289:"004d29da",343:"faf1f1be",354:"fa10e3f3",364:"e211bde1",367:"93be6e71",411:"c5279929",536:"2fa440c1",555:"54353486",569:"dfa394ad",602:"62394bcb",612:"4df5dc25",644:"86f31d58",655:"b4eae7ec",658:"1bb8506c",694:"8da94946",704:"086df995",766:"0d536465",799:"5fac8c42",818:"ed74b193",888:"3941dd91",892:"9205559b",961:"55114b35",990:"65695e94",992:"17cbe010",1026:"818e063f",1078:"7e6aac9a",1128:"4c42c872",1137:"00a68dd3",1153:"1c091541",1156:"6eb03461",1171:"60e9abaf",1203:"edb447db",1236:"5af760a9",1297:"72861149",1310:"8173bda7",1325:"dd367bbd",1343:"fc6ce1ea",1370:"cdf5a5ef",1371:"ee7e8d64",1404:"1f431a7f",1448:"e561cafd",1468:"1192f2f6",1469:"64978787",1471:"eb901005",1498:"992d12bf",1558:"843982b1",1605:"b4bd2b0b",1610:"ca456dc7",1622:"af49515d",1678:"a7434565",1679:"ab09dada",1681:"b1274c58",1735:"ccb21e0d",1737:"4216b717",1744:"30cefcb9",1755:"ff2b50c2",1788:"ba3cdc5f",1790:"1e666a79",1832:"de01d3dd",1870:"8a83f72d",1878:"0dc34735",1887:"96ead54b",1907:"05c36e2b",1958:"970eef1f",2004:"59671568",2074:"2d71f3d6",2076:"5ae586d9",2111:"b4d24f95",2141:"ba3718bb",2170:"dccf3ab3",2187:"64560f30",2189:"616e37ec",2196:"3decd099",2221:"55815b6b",2249:"3490ddc1",2264:"5aa897a9",2269:"2a9d7520",2404:"7c144864",2429:"926c5bcb",2459:"36e763bd",2550:"b6e893a1",2606:"86fe1fd1",2615:"46698544",2634:"c4f5d8e4",2635:"5582d5b3",2636:"a9a655f0",2640:"9c22df41",2711:"9e4087bc",2734:"478f4ac4",2745:"78d92bdf",2761:"91709424",2778:"c72aeafd",2801:"f4b635ce",2861:"9865a3ae",2864:"ef7082ef",2867:"0963058a",2870:"4e61e0e3",2897:"d227a8c3",2903:"427a70b9",2909:"081b0421",2941:"3558ab71",2955:"3cca6ccf",2985:"1edac7ad",2987:"7969531d",3005:"a6b5c6c6",3052:"31354b23",3078:"ea1382de",3084:"5224cb1d",3100:"b6e3f72d",3103:"ec48aa20",3107:"914a4137",3120:"74ecf466",3158:"97e28c7f",3181:"61859c13",3187:"e34a462a",3195:"a528af12",3202:"715a6ac9",3208:"88e8f7d9",3218:"16118acf",3224:"2079ce5f",3249:"ccc49370",3335:"48158550",3357:"8d193b98",3358:"e8183211",3364:"c5412282",3365:"471ccc03",3411:"a69666e7",3451:"f45a5c22",3503:"4735c680",3526:"671608d5",3532:"59ae29ec",3561:"65f51a88",3596:"2cd030d7",3604:"a99bd435",3680:"f1e929de",3681:"0e0828f7",3755:"15d9d91e",3774:"4d4af71b",3784:"adebacd5",3867:"b92f2ffe",3925:"ab9d194b",3965:"12973385",3998:"f91bd91a",4019:"999eefda",4030:"6d8c58e0",4031:"35c020be",4034:"bd6161a8",4040:"ea10fb5e",4057:"3a18a969",4082:"1a258abc",4160:"99d3adc8",4201:"e4ea85d2",4243:"c545ce38",4275:"50aea046",4341:"34c2e656",4347:"c243f67e",4365:"504258c1",4399:"e5498f89",4402:"4433aa4a",4455:"03cc388d",4501:"7eb68200",4611:"9e626a34",4648:"f7f081c4",4657:"165d6ddb",4701:"c981d5a5",4711:"8dcb5479",4744:"a6c6e198",4813:"6875c492",4943:"b5d5832c",4946:"babf756d",4947:"79ba8483",4969:"1d409f39",5075:"f78817c8",5162:"6c3a45f3",5175:"1c7c7999",5181:"23315faa",5198:"22e0479f",5229:"ca8e00cf",5248:"f600d6b7",5252:"157d0f51",5312:"b2595e07",5346:"78993498",5358:"7c44e394",5381:"f75c78c7",5409:"751933b8",5453:"5bd80e3c",5462:"6df6cef9",5469:"97984012",5474:"b01dec8d",5503:"908e7fd1",5528:"ec32fd95",5542:"e7f5cf85",5545:"d9f2e9de",5548:"247783bb",5569:"886da407",5611:"12358849",5647:"a8de73b6",5676:"9df5ba08",5695:"cd3a1b71",5700:"f3e4e9ba",5750:"c94c6a81",5806:"31fb6667",5842:"8f8a8486",5855:"caae6a74",5857:"66d1a6d6",5917:"16bb0c08",5972:"fad34d8c",5997:"95213309",6002:"067f2491",6066:"b3c6666a",6070:"0992c981",6075:"b7ea8a15",6085:"ef15f058",6164:"9227984d",6171:"d6ac5f87",6180:"24dbbfb5",6183:"95767f4f",6212:"e9447916",6224:"813c1e3c",6283:"7b5f5324",6288:"b72abd29",6339:"237f94c4",6342:"d10df0a9",6353:"0ebeaf92",6447:"75044d13",6505:"18a680dd",6516:"da8a5efc",6575:"18f2e2f8",6581:"d9127814",6589:"62cebd80",6661:"5832e93a",6721:"900a4776",6744:"7ca7b227",6792:"9e3994f8",6802:"1f81fecc",6835:"2b0c565e",6851:"13bce32c",6863:"123589a3",6935:"9ca5c793",6942:"db0e5665",6986:"cd45153b",7005:"c3e6aa36",7011:"585ae136",7056:"bcb93440",7098:"a7bd4aaa",7115:"712a2f3f",7122:"7035f7a2",7145:"f81a22e1",7152:"9ea1a2aa",7154:"e42d5ae1",7160:"7fa6ed4f",7189:"b379c27a",7198:"fb06d519",7266:"a2a4c143",7286:"536d7d7c",7342:"caafc210",7361:"3e30922d",7391:"618df328",7392:"37f96fb0",7453:"91e0204a",7470:"024d2706",7472:"814f3328",7578:"01694cfb",7599:"4cfec2fe",7643:"a6aa9e1f",7650:"4ca1d71d",7716:"038c53d3",7738:"4c0db3b1",7764:"024adeab",7771:"255640f0",7789:"79e69da7",7912:"5250c73b",7982:"0be46c6c",8007:"db955a95",8086:"7c955499",8108:"f6895f07",8117:"068fb888",8120:"20c6af36",8127:"6e45904a",8130:"066adc50",8183:"c96912e9",8209:"01a85c17",8221:"94672f35",8238:"79d59ab0",8262:"eec387e9",8401:"17896441",8426:"3aa60141",8435:"3c48957e",8465:"55700ae3",8511:"9460990c",8534:"bb107151",8550:"f8de5346",8552:"fcacda66",8572:"7abea780",8581:"935f2afb",8585:"0c4bd717",8604:"8435a5af",8620:"82a75a29",8621:"d0606bd0",8640:"c42e881b",8760:"2b21a708",8771:"0c9e687f",8776:"963555e3",8780:"de9df2e6",8791:"67ac5e10",8868:"c97842fb",8889:"ab8ea87d",8897:"62a43286",8960:"49064f55",8968:"f94bd8bd",8974:"66b27df6",9008:"8208b10f",9048:"a94703ab",9074:"15c187d8",9090:"99a0b27e",9091:"ef42a3c2",9174:"09c4fc3a",9233:"0d226310",9240:"a9f22230",9293:"bb676ca9",9303:"dc698a41",9331:"836cb097",9334:"b55382bf",9370:"8703a4a5",9381:"3010c7f0",9418:"937cb005",9427:"baa6ba52",9445:"5ba3ee34",9480:"fb8e5513",9521:"5dde18f1",9561:"5405175c",9564:"3ee0686d",9596:"c9e1f498",9600:"54d8552d",9639:"74361193",9647:"5e95c892",9673:"5a656ac9",9677:"e7fbe30b",9686:"00b6c21a",9702:"78d53149",9729:"c5ae1959",9773:"328f9ef3",9787:"3ad39273",9809:"d88b10c2",9888:"38ba65fd",9894:"8e519f58",9941:"26681f38",9953:"43b47194",9989:"72814a2c"}[e]||e)+"."+{20:"ee6e3277",39:"edccef61",47:"ed98e678",54:"f1d142f2",78:"95d24604",91:"ce556914",129:"52cc8c59",141:"de9f3b3c",167:"b3c2e79d",250:"b53f7311",254:"760ee5b3",289:"15fdde39",343:"83004357",354:"1e652f19",364:"6c7ce1d1",367:"da101439",397:"da1e9260",411:"0facf8b4",536:"bccca094",555:"7b5f40b5",569:"929a7782",602:"bfb8637a",604:"b40e813b",612:"88e7c2ab",619:"799695af",644:"470faf7f",655:"8ba62196",658:"425aff26",694:"30c9bdff",704:"dd83f17c",766:"d572e4f9",799:"fa1c2662",818:"9df7c5da",888:"7860acf2",892:"169f0eec",961:"0b5a96f9",971:"ccc70bb4",990:"e3424678",992:"eca515b1",1026:"25d70434",1078:"74f08c36",1128:"126dc819",1137:"894d3d28",1153:"2a9adbbf",1156:"f4689d34",1169:"8324bf40",1171:"3f303732",1176:"55cbfd7d",1203:"56005e04",1236:"501f9e9f",1297:"6308a0dc",1310:"61f4014e",1325:"949e39f5",1329:"9a1e19df",1343:"7a5227ce",1370:"532b540f",1371:"f4c8ab7a",1404:"a7a683f8",1448:"212ee3ea",1468:"56707819",1469:"b94550cc",1471:"7a9eaa02",1498:"796586be",1558:"0426fb6b",1605:"e0e38ade",1610:"def5bd4f",1622:"162a2ce3",1678:"f29848b0",1679:"da3c0c9b",1681:"25c03f50",1689:"01b68ebb",1735:"0b37f145",1737:"089199b0",1744:"5af1ddc9",1755:"0c4e8cf2",1788:"f58067db",1790:"58359029",1832:"13dbde17",1870:"1cf63081",1878:"205f5cb0",1887:"0c7640e6",1907:"5f6010e2",1958:"0e7a117d",1987:"58094b24",2004:"5ab7dfca",2074:"f6ba95b0",2076:"88fdf70e",2111:"89b39f86",2130:"fbeff7d3",2141:"7665af74",2144:"0ac08618",2170:"3f2243bb",2187:"381c2680",2189:"6d7cd317",2196:"3a5e1a3c",2221:"8ef583c0",2237:"6e38e341",2249:"87a1a8da",2264:"f5c10e84",2269:"62eb0cb5",2315:"5e7aadf5",2404:"f4c09f5c",2429:"8f5cc82d",2459:"bff3d9ce",2550:"95d6a589",2606:"088caf3b",2615:"ef37fa4e",2634:"15f9fa4d",2635:"e45cef78",2636:"b0baef54",2640:"9af4a835",2704:"aa88eb42",2711:"d8e6582c",2734:"68c3c420",2745:"230a490e",2761:"4245ee9a",2778:"bcaa460e",2801:"2b4df4b6",2861:"be8f5083",2864:"b4a4b641",2867:"cdd3d7b3",2870:"69454e27",2875:"a78023fe",2897:"a40e93e1",2903:"217b96ea",2909:"0c614a3d",2941:"46b89a30",2955:"6f4c1413",2985:"7edd4608",2987:"dcdb8502",3005:"7c746816",3052:"aca92bf2",3078:"1e5e4855",3084:"e00c67cd",3100:"5f3b7bc5",3103:"4927edae",3107:"7ef6e604",3120:"b160cc0a",3158:"62f61681",3181:"2de50031",3187:"c40d7c7a",3195:"7ff60148",3202:"287c0707",3208:"954e975e",3218:"67044b0b",3224:"591f2942",3249:"cdec1bb8",3292:"9c205805",3335:"072f27e5",3357:"ee07dc6e",3358:"86051b99",3364:"dd55abd1",3365:"9cc4168d",3411:"67adb508",3417:"30a5d238",3451:"4afc1be4",3503:"00aaa1e4",3526:"839ec97b",3532:"1efc8f6b",3561:"935b45dc",3596:"640a6644",3604:"d6b87f89",3680:"723e12ad",3681:"c85576d6",3687:"889e2061",3755:"dfa0680c",3774:"0ca8d18b",3784:"35ebfb54",3867:"4e6f9a21",3874:"e3ea4c48",3925:"d84a04bc",3965:"673551c2",3998:"99794c8f",4019:"9d23f4b2",4030:"b5dce83d",4031:"91edb431",4034:"e4dcec59",4040:"9854ed0e",4057:"08254a91",4073:"cfc185ed",4082:"49f75832",4104:"50c402cf",4160:"db5f6bb3",4201:"f70b9a42",4243:"02364238",4275:"5e59d37c",4341:"368b46e3",4347:"d2684a8b",4365:"234d99a3",4399:"31d2934c",4402:"7baf265b",4455:"726beea7",4501:"995f8940",4529:"848059b7",4564:"2c323e22",4611:"653917d6",4648:"405319ff",4657:"79d2f0af",4701:"a53e68ce",4711:"d6d3b1bc",4744:"632ef287",4813:"979357b1",4943:"6614677a",4946:"09a0bfe8",4947:"5e9bc40f",4969:"0966ef95",5075:"63b1c69f",5162:"8279ca61",5163:"f769838e",5175:"d5562c31",5181:"3886c2f8",5198:"7135fb74",5229:"c7acce26",5248:"3387b5b6",5252:"144549a3",5312:"5a53e64c",5346:"4c51818b",5358:"f2abced7",5381:"d9fe8f5c",5409:"40c585eb",5453:"78d68f88",5462:"9e8552a5",5469:"d1b0d110",5474:"ee623316",5503:"7db88df0",5528:"365fab5a",5542:"a47e685b",5545:"fba50a95",5548:"29da01b5",5569:"c6cdcece",5611:"cebcf20e",5628:"698f28f6",5633:"ee82e417",5647:"a1ca7cb2",5676:"a667eb21",5695:"dcdf473b",5700:"24674927",5750:"39d3fa1c",5806:"10d88818",5842:"7a943caa",5855:"1c6555e2",5857:"13678590",5860:"ad193164",5917:"164a0d47",5972:"938e7cc3",5997:"fea9289c",6002:"c1296b0e",6066:"c6a6af53",6070:"2c1357e5",6075:"54a6a5f7",6085:"129e6097",6164:"ae39b2ea",6171:"8d81b7d7",6180:"629ee403",6183:"009f6a25",6212:"89676a98",6224:"2f88251c",6283:"15794d7e",6288:"6903a96b",6339:"835d19d6",6342:"9db8b9b3",6353:"2789bea1",6447:"7146d95a",6505:"0298dd68",6516:"a80c0ab5",6575:"210591c3",6581:"44aafe56",6589:"4c2a5469",6625:"3e4749c4",6661:"5ca4d74a",6721:"8fc0be88",6744:"f7633957",6770:"91492e1a",6792:"7512ba02",6802:"2e4b4773",6835:"726c45fa",6851:"ce7b0e8c",6863:"dc6f18e8",6935:"5e9a4e33",6942:"0b343025",6986:"fcb375b0",7005:"50184e78",7011:"08f1ee6c",7056:"9c2e004d",7098:"cf58e7e6",7115:"ceca446f",7122:"a3ea5875",7145:"5454b73a",7152:"613c2788",7154:"56b651b5",7160:"4fa4fe66",7189:"79be2fc2",7198:"f18eb52e",7266:"bee1ac23",7286:"0422940c",7342:"bf659467",7361:"dc3f8554",7391:"fa13bb37",7392:"8ad68e03",7453:"d99603e8",7470:"788ea942",7472:"b58469ab",7578:"d8caf054",7599:"cd8bb636",7643:"30c8eec2",7650:"bdb187bc",7716:"9663811d",7738:"ec809e1b",7764:"884ba2b8",7771:"6f1abec2",7789:"b31aafec",7899:"f0caff57",7912:"95a8aa78",7982:"d19114d7",8007:"ec80508c",8086:"94ad2158",8108:"6fd5a018",8117:"b5d1984c",8120:"ea5d0ce1",8127:"11a82e86",8130:"3c6d8853",8146:"212d90a0",8183:"34400e86",8209:"bec8d475",8221:"73aa68b1",8238:"f050c583",8262:"a4a79eba",8401:"cebf9e05",8426:"77ae5306",8435:"ab8158d5",8465:"2aba6655",8511:"87bdbfbc",8534:"5fd4b707",8544:"db009549",8550:"8c3f5baa",8552:"7c994d87",8572:"a9106d17",8581:"2c2c1610",8585:"042af2a5",8604:"51f28635",8620:"8a4e9b92",8621:"4078c048",8640:"b2eb3506",8760:"45874e30",8771:"b3436ab5",8776:"349b44d1",8780:"f7c616e6",8791:"5f8a9e90",8846:"3602f905",8868:"e1fca583",8889:"d5d05a8c",8897:"7580286d",8913:"39afc07a",8960:"3e2958a1",8968:"e82b86ad",8974:"a610dd39",8989:"08dc9fc8",8995:"3d0f054e",9008:"3148c225",9048:"40ca5e00",9074:"b1a117f8",9090:"d0022930",9091:"a0212418",9174:"55a2d27d",9233:"4bf9b6de",9240:"fdc2a754",9293:"a4d9a76b",9303:"fe70d0cf",9312:"034c457f",9331:"f7a7fe8b",9334:"5d19fec5",9370:"aa82b287",9381:"04582a70",9418:"6701e706",9427:"039f78b3",9445:"8831dc68",9480:"b8d19366",9521:"f81bc6ae",9561:"20450306",9564:"27f89463",9596:"51d34e5b",9600:"34208508",9639:"5723e96e",9647:"05d87c7f",9673:"0b2fcf4c",9677:"0ae1ab19",9686:"8d7067bd",9702:"5eacdb1d",9729:"6bc8a95c",9773:"2f09134f",9787:"da5e1fc9",9809:"a4b0eade",9888:"9e231c95",9894:"fa584b3b",9941:"0e721675",9953:"5b7b3398",9989:"2e0693cb"}[e]+".js",r.miniCssF=e=>{},r.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),r.o=(e,a)=>Object.prototype.hasOwnProperty.call(e,a),d={},b="128t-docs:",r.l=(e,a,c,f)=>{if(d[e])d[e].push(a);else{var t,o;if(void 0!==c)for(var n=document.getElementsByTagName("script"),i=0;i{t.onerror=t.onload=null,clearTimeout(s);var b=d[e];if(delete d[e],t.parentNode&&t.parentNode.removeChild(t),b&&b.forEach((e=>e(c))),a)return a(c)},s=setTimeout(l.bind(null,void 0,{type:"timeout",target:t}),12e4);t.onerror=l.bind(null,t.onerror),t.onload=l.bind(null,t.onload),o&&document.head.appendChild(t)}},r.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.p="/",r.gca=function(e){return e={12358849:"5611",12973385:"3965",17896441:"8401",46698544:"2615",48158550:"3335",54353486:"555",59671568:"2004",64978787:"1469",72861149:"1297",74361193:"9639",78993498:"5346",91709424:"2761",95213309:"5997",97984012:"5469",db6dcd11:"20","527b551c":"39",f63e6c74:"47",b1978b04:"54","7ac9f663":"78","2607b1b2":"91","0bab7475":"129",a6bb4056:"167","1f1616ac":"250",d4d14826:"254","004d29da":"289",faf1f1be:"343",fa10e3f3:"354",e211bde1:"364","93be6e71":"367",c5279929:"411","2fa440c1":"536",dfa394ad:"569","62394bcb":"602","4df5dc25":"612","86f31d58":"644",b4eae7ec:"655","1bb8506c":"658","8da94946":"694","086df995":"704","0d536465":"766","5fac8c42":"799",ed74b193:"818","3941dd91":"888","9205559b":"892","55114b35":"961","65695e94":"990","17cbe010":"992","818e063f":"1026","7e6aac9a":"1078","4c42c872":"1128","00a68dd3":"1137","1c091541":"1153","6eb03461":"1156","60e9abaf":"1171",edb447db:"1203","5af760a9":"1236","8173bda7":"1310",dd367bbd:"1325",fc6ce1ea:"1343",cdf5a5ef:"1370",ee7e8d64:"1371","1f431a7f":"1404",e561cafd:"1448","1192f2f6":"1468",eb901005:"1471","992d12bf":"1498","843982b1":"1558",b4bd2b0b:"1605",ca456dc7:"1610",af49515d:"1622",a7434565:"1678",ab09dada:"1679",b1274c58:"1681",ccb21e0d:"1735","4216b717":"1737","30cefcb9":"1744",ff2b50c2:"1755",ba3cdc5f:"1788","1e666a79":"1790",de01d3dd:"1832","8a83f72d":"1870","0dc34735":"1878","96ead54b":"1887","05c36e2b":"1907","970eef1f":"1958","2d71f3d6":"2074","5ae586d9":"2076",b4d24f95:"2111",ba3718bb:"2141",dccf3ab3:"2170","64560f30":"2187","616e37ec":"2189","3decd099":"2196","55815b6b":"2221","3490ddc1":"2249","5aa897a9":"2264","2a9d7520":"2269","7c144864":"2404","926c5bcb":"2429","36e763bd":"2459",b6e893a1:"2550","86fe1fd1":"2606",c4f5d8e4:"2634","5582d5b3":"2635",a9a655f0:"2636","9c22df41":"2640","9e4087bc":"2711","478f4ac4":"2734","78d92bdf":"2745",c72aeafd:"2778",f4b635ce:"2801","9865a3ae":"2861",ef7082ef:"2864","0963058a":"2867","4e61e0e3":"2870",d227a8c3:"2897","427a70b9":"2903","081b0421":"2909","3558ab71":"2941","3cca6ccf":"2955","1edac7ad":"2985","7969531d":"2987",a6b5c6c6:"3005","31354b23":"3052",ea1382de:"3078","5224cb1d":"3084",b6e3f72d:"3100",ec48aa20:"3103","914a4137":"3107","74ecf466":"3120","97e28c7f":"3158","61859c13":"3181",e34a462a:"3187",a528af12:"3195","715a6ac9":"3202","88e8f7d9":"3208","16118acf":"3218","2079ce5f":"3224",ccc49370:"3249","8d193b98":"3357",e8183211:"3358",c5412282:"3364","471ccc03":"3365",a69666e7:"3411",f45a5c22:"3451","4735c680":"3503","671608d5":"3526","59ae29ec":"3532","65f51a88":"3561","2cd030d7":"3596",a99bd435:"3604",f1e929de:"3680","0e0828f7":"3681","15d9d91e":"3755","4d4af71b":"3774",adebacd5:"3784",b92f2ffe:"3867",ab9d194b:"3925",f91bd91a:"3998","999eefda":"4019","6d8c58e0":"4030","35c020be":"4031",bd6161a8:"4034",ea10fb5e:"4040","3a18a969":"4057","1a258abc":"4082","99d3adc8":"4160",e4ea85d2:"4201",c545ce38:"4243","50aea046":"4275","34c2e656":"4341",c243f67e:"4347","504258c1":"4365",e5498f89:"4399","4433aa4a":"4402","03cc388d":"4455","7eb68200":"4501","9e626a34":"4611",f7f081c4:"4648","165d6ddb":"4657",c981d5a5:"4701","8dcb5479":"4711",a6c6e198:"4744","6875c492":"4813",b5d5832c:"4943",babf756d:"4946","79ba8483":"4947","1d409f39":"4969",f78817c8:"5075","6c3a45f3":"5162","1c7c7999":"5175","23315faa":"5181","22e0479f":"5198",ca8e00cf:"5229",f600d6b7:"5248","157d0f51":"5252",b2595e07:"5312","7c44e394":"5358",f75c78c7:"5381","751933b8":"5409","5bd80e3c":"5453","6df6cef9":"5462",b01dec8d:"5474","908e7fd1":"5503",ec32fd95:"5528",e7f5cf85:"5542",d9f2e9de:"5545","247783bb":"5548","886da407":"5569",a8de73b6:"5647","9df5ba08":"5676",cd3a1b71:"5695",f3e4e9ba:"5700",c94c6a81:"5750","31fb6667":"5806","8f8a8486":"5842",caae6a74:"5855","66d1a6d6":"5857","16bb0c08":"5917",fad34d8c:"5972","067f2491":"6002",b3c6666a:"6066","0992c981":"6070",b7ea8a15:"6075",ef15f058:"6085","9227984d":"6164",d6ac5f87:"6171","24dbbfb5":"6180","95767f4f":"6183",e9447916:"6212","813c1e3c":"6224","7b5f5324":"6283",b72abd29:"6288","237f94c4":"6339",d10df0a9:"6342","0ebeaf92":"6353","75044d13":"6447","18a680dd":"6505",da8a5efc:"6516","18f2e2f8":"6575",d9127814:"6581","62cebd80":"6589","5832e93a":"6661","900a4776":"6721","7ca7b227":"6744","9e3994f8":"6792","1f81fecc":"6802","2b0c565e":"6835","13bce32c":"6851","123589a3":"6863","9ca5c793":"6935",db0e5665:"6942",cd45153b:"6986",c3e6aa36:"7005","585ae136":"7011",bcb93440:"7056",a7bd4aaa:"7098","712a2f3f":"7115","7035f7a2":"7122",f81a22e1:"7145","9ea1a2aa":"7152",e42d5ae1:"7154","7fa6ed4f":"7160",b379c27a:"7189",fb06d519:"7198",a2a4c143:"7266","536d7d7c":"7286",caafc210:"7342","3e30922d":"7361","618df328":"7391","37f96fb0":"7392","91e0204a":"7453","024d2706":"7470","814f3328":"7472","01694cfb":"7578","4cfec2fe":"7599",a6aa9e1f:"7643","4ca1d71d":"7650","038c53d3":"7716","4c0db3b1":"7738","024adeab":"7764","255640f0":"7771","79e69da7":"7789","5250c73b":"7912","0be46c6c":"7982",db955a95:"8007","7c955499":"8086",f6895f07:"8108","068fb888":"8117","20c6af36":"8120","6e45904a":"8127","066adc50":"8130",c96912e9:"8183","01a85c17":"8209","94672f35":"8221","79d59ab0":"8238",eec387e9:"8262","3aa60141":"8426","3c48957e":"8435","55700ae3":"8465","9460990c":"8511",bb107151:"8534",f8de5346:"8550",fcacda66:"8552","7abea780":"8572","935f2afb":"8581","0c4bd717":"8585","8435a5af":"8604","82a75a29":"8620",d0606bd0:"8621",c42e881b:"8640","2b21a708":"8760","0c9e687f":"8771","963555e3":"8776",de9df2e6:"8780","67ac5e10":"8791",c97842fb:"8868",ab8ea87d:"8889","62a43286":"8897","49064f55":"8960",f94bd8bd:"8968","66b27df6":"8974","8208b10f":"9008",a94703ab:"9048","15c187d8":"9074","99a0b27e":"9090",ef42a3c2:"9091","09c4fc3a":"9174","0d226310":"9233",a9f22230:"9240",bb676ca9:"9293",dc698a41:"9303","836cb097":"9331",b55382bf:"9334","8703a4a5":"9370","3010c7f0":"9381","937cb005":"9418",baa6ba52:"9427","5ba3ee34":"9445",fb8e5513:"9480","5dde18f1":"9521","5405175c":"9561","3ee0686d":"9564",c9e1f498:"9596","54d8552d":"9600","5e95c892":"9647","5a656ac9":"9673",e7fbe30b:"9677","00b6c21a":"9686","78d53149":"9702",c5ae1959:"9729","328f9ef3":"9773","3ad39273":"9787",d88b10c2:"9809","38ba65fd":"9888","8e519f58":"9894","26681f38":"9941","43b47194":"9953","72814a2c":"9989"}[e]||e,r.p+r.u(e)},(()=>{var e={5354:0,1869:0};r.f.j=(a,c)=>{var d=r.o(e,a)?e[a]:void 0;if(0!==d)if(d)c.push(d[2]);else if(/^(1869|5354)$/.test(a))e[a]=0;else{var b=new Promise(((c,b)=>d=e[a]=[c,b]));c.push(d[2]=b);var f=r.p+r.u(a),t=new Error;r.l(f,(c=>{if(r.o(e,a)&&(0!==(d=e[a])&&(e[a]=void 0),d)){var b=c&&("load"===c.type?"missing":c.type),f=c&&c.target&&c.target.src;t.message="Loading chunk "+a+" failed.\n("+b+": "+f+")",t.name="ChunkLoadError",t.type=b,t.request=f,d[1](t)}}),"chunk-"+a,a)}},r.O.j=a=>0===e[a];var a=(a,c)=>{var d,b,f=c[0],t=c[1],o=c[2],n=0;if(f.some((a=>0!==e[a]))){for(d in t)r.o(t,d)&&(r.m[d]=t[d]);if(o)var i=o(r)}for(a&&a(c);nContributing | SSN Docs - + diff --git a/docs/about_128t/index.html b/docs/about_128t/index.html index a1c3bd7b36..206668bbf5 100644 --- a/docs/about_128t/index.html +++ b/docs/about_128t/index.html @@ -6,7 +6,7 @@ Session Smart Networking Platform | SSN Docs - + diff --git a/docs/about_certified_platforms/index.html b/docs/about_certified_platforms/index.html index d9ab6e6dc4..3f6fbb0df7 100644 --- a/docs/about_certified_platforms/index.html +++ b/docs/about_certified_platforms/index.html @@ -6,7 +6,7 @@ Certified Portfolio | SSN Docs - + diff --git a/docs/about_releases/index.html b/docs/about_releases/index.html index 860509a642..2315bcb9bf 100644 --- a/docs/about_releases/index.html +++ b/docs/about_releases/index.html @@ -6,7 +6,7 @@ List of Releases | SSN Docs - + @@ -16,11 +16,11 @@
info

Issues resolved in a release are merged into subsequent releases chronologically AND lexicographically.

For example, issues resolved in 4.3.12, which was released on 3/12/2021, are resolved in 4.5.6, which was released on 3/26/2021 and also resolved in 5.1.0, which was released on 3/15/2021, and so on.

However, issues resolved in 4.3.12, which was released on 3/12/2021 are not addressed in 4.5.5 because 4.5.5 was released on 2/10/2021. Even though 4.5.5 is lexicographically higher than 4.3.12, it is chronologically older than 4.3.12.

TermDefinition
EoSEEnd of Software Engineering support. Patches will no longer be produced after this date.
EoSEnd of Support. Release is EoL and TAC is unable to support unless software is upgraded.
MajorIntroduction of signficant features or backwards incompatibility.
MinorNew feature content.
PatchBug fixes only.
-buildFinal build version released.
R1Release Candidate 1. Introduction of new features. First version of every release stream (major.minor).
R2Release Candidate 2. Introduction of new features. Second version of every release stream (major.minor).
stsStandard Term Support. 9 months until EoSE from sts date.
ltsLong Term Support. 24 months until EoSE from lts date.

General Availability

-
VersionInitial GA VersionFirst Release Shipping DateLatest GA VersionEnd of Software Engineering supportEnd of Support
Release 6.36.3.0September 30, 20246.3.0June 30, 2025March 30, 2026
Release 6.26.2.0November 16, 20236.2.7September 6, 2026March 6, 2027
Release 6.16.1.0April 14, 20236.1.11July 14, 2025January 14, 2026
Release 5.65.6.7March 16, 20235.6.15June 16, 2024December 16, 2024
+
VersionInitial GA VersionFirst Release Shipping DateLatest GA VersionEnd of Software Engineering supportEnd of Support
Release 6.36.3.0September 30, 20246.3.0June 30, 2025March 30, 2026
Release 6.26.2.0November 16, 20236.2.7September 6, 2026March 6, 2027
Release 6.16.1.0April 14, 20236.1.11July 14, 2025January 14, 2026
Release 5.65.6.7March 16, 20235.6.16June 16, 2024December 16, 2024

Out of Support

VersionFRS DateEnd of Software Engineering supportEnd of Support
Release 6.0July 18, 2022November 30, 2023November 30, 2023
Release 5.5August 11, 2022November 19, 2023May 19, 2024
Release 5.4February 18, 2022December 18, 2022June 18, 2023
Release 5.3August 6, 2021February 6, 2022August 6, 2022
Release 5.2May 10, 2021November 10, 2021May 10, 2022
Release 5.1May 17, 2021August 24, 2022February 24, 2023
Release 5.0December 18, 2020June 18, 2021December 18, 2021
Release 4.5July 23, 2020April 15, 2021October 15, 2021
Release 4.4May 19, 2020April 19, 2021September 19, 2021
Release 4.3February 8, 2020December 24, 2020September 26, 2021
Release 4.2November 21, 2019October 8, 2020April 8, 2021
Release 4.1February 7, 2019July 8, 2020January 8, 2021
Release 4.0December 18, 2018September 18, 2019March 18, 2020
Release 3.2March 15, 2018December 15, 2018June 15, 2019

Please refer to the Software Support Policy page to understand the lifecycle of SSR releases.

All Releases - Limited, General Availability and Out of Support

-
VersionRelease Date
6.1.11October 17, 2024
6.2.7October 3, 2024
6.3.0September 30, 2024
6.2.6September 6, 2024
6.1.10August 22, 2024
5.6.15June 27, 2024
6.1.9June 27, 2024
6.2.5June 6, 2024
5.6.14May 14, 2024
6.1.8May 3, 2024
6.2.4March 29, 2024
5.5.12February 22, 2024
6.1.7February 17, 2024
5.6.13January 30, 2024
6.1.6January 2, 2024
6.2.3December 15, 2023
6.2.0November 16, 2023
5.6.12October 20, 2023
5.6.11October 2, 2023
6.1.5September 22, 2023
5.6.10August 29, 2023
5.5.11August 21, 2023
5.5.10July 31, 2023
5.6.9July 19, 2023
6.1.4July 14, 2023
5.5.9June 2, 2023
5.6.8May 25, 2023
6.1.3May 22, 2023
6.1.2May 12, 2023
6.0.10May 12, 2023
6.1.1April 28, 2023
6.1.0April 14, 2023
6.0.9April 3, 2023
5.6.7March 16, 2023
6.0.8March 7, 2023
5.5.8February 1, 2023
5.6.6January 18, 2023
5.4.11December 30, 2022
5.6.5December 28, 2022
6.0.7December 5, 2022
5.4.10November 23, 2022
5.6.4November 18, 2022
5.5.7November 15, 2022
5.6.3November 7, 2022
5.4.9November 9, 2022
5.5.6October 21, 2022
6.0.5October 14, 2022
5.4.8October 11, 2022
5.6.2October 4, 2022
5.5.5September 23, 2022
5.5.4September 19, 2022
6.0.4September 12, 2022
6.0.2August 16, 2022
6.0.1August 15, 2022
5.5.3August 19, 2022
5.4.7August 4, 2022
5.6.1August 1, 2022
6.0.0July 18, 2022
5.2.4July 7, 2022
5.5.2June 30, 2022
5.4.6June 28, 2022
5.5.1June 1, 2022
5.6.0May 20, 2022
5.2.3May 20, 2022
5.4.5May 11, 2022
5.1.9March 16, 2022
5.5.0March 7, 2022
5.4.4February 18, 2022
5.4.3January 27, 2022
5.1.8January 18, 2022
5.4.2December 22, 2021
5.1.7December 9, 2021
5.4.1November 23, 2021
5.4.0November 18, 2021
5.1.6October 27, 2021
4.5.11September 7, 2021
5.2.2August 24, 2021
5.1.5August 13, 2021
5.3.0August 6, 2021
5.2.1July 20, 2021
5.1.4July 7, 2021
4.5.10June 8, 2021
4.5.9May 20, 2021
5.1.3May 17, 2021
5.2.0May 10, 2021
5.1.2April 30, 2021
4.5.8April 28, 2021
5.1.1April 12, 2021
5.0.1April 12, 2021
4.5.7April 12, 2021
4.5.6March 26, 2021
5.1.0March 15, 2021
4.3.12March 12, 2021
4.5.5February 10, 2021
5.0.0December 18, 2020
4.5.4December 16, 2020
4.5.3November 25, 2020
4.2.9November 20, 2020
4.3.11November 13, 2020
4.3.10October 20, 2020
4.5.2October 13, 2020
4.5.1September 16, 2020
4.4.2September 3, 2020
4.3.9August 12, 2020
4.5.0July 23, 2020
4.4.1July 10, 2020
4.3.8June 26, 2020
4.3.7June 9, 2020
4.2.8June 5, 2020
4.3.6May 28, 2020
4.1.10May 28, 2020
4.3.5May 22, 2020
4.4.0May 19, 2020
4.3.4May 1, 2020
4.2.7May 1, 2020
4.1.9May 1, 2020
4.3.3April 12, 2020
4.3.2April 10, 2020
4.2.6April 8, 2020
4.2.5March 26, 2020
4.3.1March 6, 2020
4.1.8Februray 28, 2020
4.2.4February 14, 2020
4.3.0February 8, 2020
4.2.3January 27, 2020
4.1.7January 8, 2020
4.2.2December 20, 2019
4.2.1December 13, 2019
4.1.6December 6, 2019
4.2.0November 21, 2019
4.1.5July 24, 2019
4.1.4June 9, 2019
4.1.3April 26, 2019
4.1.2April 16, 2019
4.1.1March 5, 2019
4.1.0February 7, 2019
4.0.1January 22, 2019
4.0.0December 18, 2018
3.2.8November 12, 2018
Copyright © 2024 Juniper Networks, Inc.
+
VersionRelease Date
5.6.16November 25, 2024
6.1.11October 17, 2024
6.2.7October 3, 2024
6.3.0September 30, 2024
6.2.6September 6, 2024
6.1.10August 22, 2024
5.6.15June 27, 2024
6.1.9June 27, 2024
6.2.5June 6, 2024
5.6.14May 14, 2024
6.1.8May 3, 2024
6.2.4March 29, 2024
5.5.12February 22, 2024
6.1.7February 17, 2024
5.6.13January 30, 2024
6.1.6January 2, 2024
6.2.3December 15, 2023
6.2.0November 16, 2023
5.6.12October 20, 2023
5.6.11October 2, 2023
6.1.5September 22, 2023
5.6.10August 29, 2023
5.5.11August 21, 2023
5.5.10July 31, 2023
5.6.9July 19, 2023
6.1.4July 14, 2023
5.5.9June 2, 2023
5.6.8May 25, 2023
6.1.3May 22, 2023
6.1.2May 12, 2023
6.0.10May 12, 2023
6.1.1April 28, 2023
6.1.0April 14, 2023
6.0.9April 3, 2023
5.6.7March 16, 2023
6.0.8March 7, 2023
5.5.8February 1, 2023
5.6.6January 18, 2023
5.4.11December 30, 2022
5.6.5December 28, 2022
6.0.7December 5, 2022
5.4.10November 23, 2022
5.6.4November 18, 2022
5.5.7November 15, 2022
5.6.3November 7, 2022
5.4.9November 9, 2022
5.5.6October 21, 2022
6.0.5October 14, 2022
5.4.8October 11, 2022
5.6.2October 4, 2022
5.5.5September 23, 2022
5.5.4September 19, 2022
6.0.4September 12, 2022
6.0.2August 16, 2022
6.0.1August 15, 2022
5.5.3August 19, 2022
5.4.7August 4, 2022
5.6.1August 1, 2022
6.0.0July 18, 2022
5.2.4July 7, 2022
5.5.2June 30, 2022
5.4.6June 28, 2022
5.5.1June 1, 2022
5.6.0May 20, 2022
5.2.3May 20, 2022
5.4.5May 11, 2022
5.1.9March 16, 2022
5.5.0March 7, 2022
5.4.4February 18, 2022
5.4.3January 27, 2022
5.1.8January 18, 2022
5.4.2December 22, 2021
5.1.7December 9, 2021
5.4.1November 23, 2021
5.4.0November 18, 2021
5.1.6October 27, 2021
4.5.11September 7, 2021
5.2.2August 24, 2021
5.1.5August 13, 2021
5.3.0August 6, 2021
5.2.1July 20, 2021
5.1.4July 7, 2021
4.5.10June 8, 2021
4.5.9May 20, 2021
5.1.3May 17, 2021
5.2.0May 10, 2021
5.1.2April 30, 2021
4.5.8April 28, 2021
5.1.1April 12, 2021
5.0.1April 12, 2021
4.5.7April 12, 2021
4.5.6March 26, 2021
5.1.0March 15, 2021
4.3.12March 12, 2021
4.5.5February 10, 2021
5.0.0December 18, 2020
4.5.4December 16, 2020
4.5.3November 25, 2020
4.2.9November 20, 2020
4.3.11November 13, 2020
4.3.10October 20, 2020
4.5.2October 13, 2020
4.5.1September 16, 2020
4.4.2September 3, 2020
4.3.9August 12, 2020
4.5.0July 23, 2020
4.4.1July 10, 2020
4.3.8June 26, 2020
4.3.7June 9, 2020
4.2.8June 5, 2020
4.3.6May 28, 2020
4.1.10May 28, 2020
4.3.5May 22, 2020
4.4.0May 19, 2020
4.3.4May 1, 2020
4.2.7May 1, 2020
4.1.9May 1, 2020
4.3.3April 12, 2020
4.3.2April 10, 2020
4.2.6April 8, 2020
4.2.5March 26, 2020
4.3.1March 6, 2020
4.1.8Februray 28, 2020
4.2.4February 14, 2020
4.3.0February 8, 2020
4.2.3January 27, 2020
4.1.7January 8, 2020
4.2.2December 20, 2019
4.2.1December 13, 2019
4.1.6December 6, 2019
4.2.0November 21, 2019
4.1.5July 24, 2019
4.1.4June 9, 2019
4.1.3April 26, 2019
4.1.2April 16, 2019
4.1.1March 5, 2019
4.1.0February 7, 2019
4.0.1January 22, 2019
4.0.0December 18, 2018
3.2.8November 12, 2018
Copyright © 2024 Juniper Networks, Inc.
\ No newline at end of file diff --git a/docs/about_security_policy/index.html b/docs/about_security_policy/index.html index d9c6ab8e1c..31b6b9fcad 100644 --- a/docs/about_security_policy/index.html +++ b/docs/about_security_policy/index.html @@ -6,7 +6,7 @@ Security Vulnerability Policy | SSN Docs - + diff --git a/docs/about_support_policy/index.html b/docs/about_support_policy/index.html index 4c74238b5e..84aa8bcaf8 100644 --- a/docs/about_support_policy/index.html +++ b/docs/about_support_policy/index.html @@ -6,7 +6,7 @@ Product Software Lifecycle Support Policy | SSN Docs - + diff --git a/docs/about_supported_drivers/index.html b/docs/about_supported_drivers/index.html index f341c96367..81cb9ada68 100644 --- a/docs/about_supported_drivers/index.html +++ b/docs/about_supported_drivers/index.html @@ -6,7 +6,7 @@ Supported NICs and Drivers | SSN Docs - + diff --git a/docs/about_supported_platforms/index.html b/docs/about_supported_platforms/index.html index 0b1f5a3722..a4f9f2bd78 100644 --- a/docs/about_supported_platforms/index.html +++ b/docs/about_supported_platforms/index.html @@ -6,7 +6,7 @@ Platform Support Policy | SSN Docs - + diff --git a/docs/about_svr_savings/index.html b/docs/about_svr_savings/index.html index bc144d6027..dd4bb08a58 100644 --- a/docs/about_svr_savings/index.html +++ b/docs/about_svr_savings/index.html @@ -6,7 +6,7 @@ Secure Vector Routing Savings Proof Points | SSN Docs - + diff --git a/docs/another_file/index.html b/docs/another_file/index.html index 9b7cbfd647..9bf12bd847 100644 --- a/docs/another_file/index.html +++ b/docs/another_file/index.html @@ -6,7 +6,7 @@ another_file | SSN Docs - + diff --git a/docs/bcp_att_avpn_configuration/index.html b/docs/bcp_att_avpn_configuration/index.html index d352344ae6..a321c9b663 100644 --- a/docs/bcp_att_avpn_configuration/index.html +++ b/docs/bcp_att_avpn_configuration/index.html @@ -6,7 +6,7 @@ AT&T AVPN Configuration | SSN Docs - + diff --git a/docs/bcp_conductor_deployment/index.html b/docs/bcp_conductor_deployment/index.html index 4bd1d09341..3af6cc4938 100644 --- a/docs/bcp_conductor_deployment/index.html +++ b/docs/bcp_conductor_deployment/index.html @@ -6,7 +6,7 @@ Conductor Deployment Patterns | SSN Docs - + diff --git a/docs/bcp_dhcp_relay_overview/index.html b/docs/bcp_dhcp_relay_overview/index.html index b864245f31..7b82edb5bd 100644 --- a/docs/bcp_dhcp_relay_overview/index.html +++ b/docs/bcp_dhcp_relay_overview/index.html @@ -6,7 +6,7 @@ DHCP Relay Best Practices | SSN Docs - + diff --git a/docs/bcp_fib_design/index.html b/docs/bcp_fib_design/index.html index 27ac8df680..8e12320440 100644 --- a/docs/bcp_fib_design/index.html +++ b/docs/bcp_fib_design/index.html @@ -6,7 +6,7 @@ FIB Best Practices | SSN Docs - + diff --git a/docs/bcp_lte_peering/index.html b/docs/bcp_lte_peering/index.html index 91d39730af..25ef004a7b 100644 --- a/docs/bcp_lte_peering/index.html +++ b/docs/bcp_lte_peering/index.html @@ -6,7 +6,7 @@ LTE Peering | SSN Docs - + diff --git a/docs/bcp_monitoring_headends/index.html b/docs/bcp_monitoring_headends/index.html index a29b0716cd..547a39f40b 100644 --- a/docs/bcp_monitoring_headends/index.html +++ b/docs/bcp_monitoring_headends/index.html @@ -6,7 +6,7 @@ Monitoring Head End Routers | SSN Docs - + diff --git a/docs/bcp_per-adjacency_traffic_engineering/index.html b/docs/bcp_per-adjacency_traffic_engineering/index.html index 35fed64622..5980860a68 100644 --- a/docs/bcp_per-adjacency_traffic_engineering/index.html +++ b/docs/bcp_per-adjacency_traffic_engineering/index.html @@ -6,7 +6,7 @@ Adjacency Traffic Engineering | SSN Docs - + diff --git a/docs/bcp_qos_msft_expressroute/index.html b/docs/bcp_qos_msft_expressroute/index.html index 29a4bfc8d0..5218e28b4c 100644 --- a/docs/bcp_qos_msft_expressroute/index.html +++ b/docs/bcp_qos_msft_expressroute/index.html @@ -6,7 +6,7 @@ ExpressRoute QoS Configuration | SSN Docs - + diff --git a/docs/bcp_salt_pillars/index.html b/docs/bcp_salt_pillars/index.html index 0b4da11b35..6bf62e5edb 100644 --- a/docs/bcp_salt_pillars/index.html +++ b/docs/bcp_salt_pillars/index.html @@ -6,7 +6,7 @@ Using Saltstack at Scale With SSR | SSN Docs - + diff --git a/docs/bcp_sdwan_design_guide/index.html b/docs/bcp_sdwan_design_guide/index.html index 79075a0a1e..f58e8dc8b6 100644 --- a/docs/bcp_sdwan_design_guide/index.html +++ b/docs/bcp_sdwan_design_guide/index.html @@ -6,7 +6,7 @@ SD-WAN Design Guide | SSN Docs - + diff --git a/docs/bcp_service-policy_defaults/index.html b/docs/bcp_service-policy_defaults/index.html index d8ee68e317..3acf3cd1f4 100644 --- a/docs/bcp_service-policy_defaults/index.html +++ b/docs/bcp_service-policy_defaults/index.html @@ -6,7 +6,7 @@ Service Policy Baseline Configurations | SSN Docs - + diff --git a/docs/bcp_service_and_service_policy_design/index.html b/docs/bcp_service_and_service_policy_design/index.html index c10be504d9..f269cc14fa 100644 --- a/docs/bcp_service_and_service_policy_design/index.html +++ b/docs/bcp_service_and_service_policy_design/index.html @@ -6,7 +6,7 @@ Service and Service Policy Design | SSN Docs - + diff --git a/docs/bcp_tenants/index.html b/docs/bcp_tenants/index.html index 4b13ed2b5b..e313e28f43 100644 --- a/docs/bcp_tenants/index.html +++ b/docs/bcp_tenants/index.html @@ -6,7 +6,7 @@ Tenancy Design | SSN Docs - + diff --git a/docs/bcp_using_128T_as_ntp_server/index.html b/docs/bcp_using_128T_as_ntp_server/index.html index 4901cbcbc3..ffcca3d181 100644 --- a/docs/bcp_using_128T_as_ntp_server/index.html +++ b/docs/bcp_using_128T_as_ntp_server/index.html @@ -6,7 +6,7 @@ Using SSR as an NTP Server | SSN Docs - + diff --git a/docs/cc_fips_access_mgmt/index.html b/docs/cc_fips_access_mgmt/index.html index f317688a61..633eec4e9a 100644 --- a/docs/cc_fips_access_mgmt/index.html +++ b/docs/cc_fips_access_mgmt/index.html @@ -6,7 +6,7 @@ Access Management | SSN Docs - + diff --git a/docs/cc_fips_appendix/index.html b/docs/cc_fips_appendix/index.html index faea06cf17..a3c9f62288 100644 --- a/docs/cc_fips_appendix/index.html +++ b/docs/cc_fips_appendix/index.html @@ -6,7 +6,7 @@ Appendix | SSN Docs - + diff --git a/docs/cc_fips_banners/index.html b/docs/cc_fips_banners/index.html index 63455cee5b..35bae2963a 100644 --- a/docs/cc_fips_banners/index.html +++ b/docs/cc_fips_banners/index.html @@ -6,7 +6,7 @@ Configuring Banners | SSN Docs - + diff --git a/docs/cc_fips_compliance_guidelines/index.html b/docs/cc_fips_compliance_guidelines/index.html index ebb1d9e51a..3283e76595 100644 --- a/docs/cc_fips_compliance_guidelines/index.html +++ b/docs/cc_fips_compliance_guidelines/index.html @@ -6,7 +6,7 @@ Common Criteria Compliance Guidelines | SSN Docs - + diff --git a/docs/cc_fips_conductor_install/index.html b/docs/cc_fips_conductor_install/index.html index 3539965668..d267753693 100644 --- a/docs/cc_fips_conductor_install/index.html +++ b/docs/cc_fips_conductor_install/index.html @@ -6,7 +6,7 @@ Conductor Installation | SSN Docs - + diff --git a/docs/cc_fips_config_audit_event/index.html b/docs/cc_fips_config_audit_event/index.html index 07fd682191..1d3b8c9f56 100644 --- a/docs/cc_fips_config_audit_event/index.html +++ b/docs/cc_fips_config_audit_event/index.html @@ -6,7 +6,7 @@ Configuring Audit Events and Logging | SSN Docs - + diff --git a/docs/cc_fips_config_ntp_auth/index.html b/docs/cc_fips_config_ntp_auth/index.html index 1e8c021202..5117420f8e 100644 --- a/docs/cc_fips_config_ntp_auth/index.html +++ b/docs/cc_fips_config_ntp_auth/index.html @@ -6,7 +6,7 @@ Configure NTP Client Authentication | SSN Docs - + diff --git a/docs/cc_fips_config_password_policies/index.html b/docs/cc_fips_config_password_policies/index.html index fe242b81aa..d6364b1656 100644 --- a/docs/cc_fips_config_password_policies/index.html +++ b/docs/cc_fips_config_password_policies/index.html @@ -6,7 +6,7 @@ Username and Password Policies | SSN Docs - + diff --git a/docs/cc_fips_downloading_iso/index.html b/docs/cc_fips_downloading_iso/index.html index b920bd3660..e110348171 100644 --- a/docs/cc_fips_downloading_iso/index.html +++ b/docs/cc_fips_downloading_iso/index.html @@ -6,7 +6,7 @@ Downloading ISOs | SSN Docs - + diff --git a/docs/cc_fips_install_quickstart_otpiso/index.html b/docs/cc_fips_install_quickstart_otpiso/index.html index b24d84c67f..6ebccdda3d 100644 --- a/docs/cc_fips_install_quickstart_otpiso/index.html +++ b/docs/cc_fips_install_quickstart_otpiso/index.html @@ -6,7 +6,7 @@ QuickStart From the OTP ISO | SSN Docs - + diff --git a/docs/cc_fips_intro/index.html b/docs/cc_fips_intro/index.html index 2c09fb4c57..c518c6505f 100644 --- a/docs/cc_fips_intro/index.html +++ b/docs/cc_fips_intro/index.html @@ -6,7 +6,7 @@ Introduction - SSR Common Criteria Installation and Configuration | SSN Docs - + diff --git a/docs/cc_fips_intro_installation/index.html b/docs/cc_fips_intro_installation/index.html index fcffb4f9be..1c4a21b5be 100644 --- a/docs/cc_fips_intro_installation/index.html +++ b/docs/cc_fips_intro_installation/index.html @@ -6,7 +6,7 @@ SSR Secure Installation | SSN Docs - + diff --git a/docs/cc_fips_otp_router_install/index.html b/docs/cc_fips_otp_router_install/index.html index ff31272348..77b5b1e9a3 100644 --- a/docs/cc_fips_otp_router_install/index.html +++ b/docs/cc_fips_otp_router_install/index.html @@ -6,7 +6,7 @@ OTP Router Install Process | SSN Docs - + diff --git a/docs/cc_fips_router_install/index.html b/docs/cc_fips_router_install/index.html index c58927f630..2aadaafc95 100644 --- a/docs/cc_fips_router_install/index.html +++ b/docs/cc_fips_router_install/index.html @@ -6,7 +6,7 @@ Router Interactive Installation | SSN Docs - + diff --git a/docs/cc_fips_sec_firewall_filtering/index.html b/docs/cc_fips_sec_firewall_filtering/index.html index 981ebb1566..f1ccaea805 100644 --- a/docs/cc_fips_sec_firewall_filtering/index.html +++ b/docs/cc_fips_sec_firewall_filtering/index.html @@ -6,7 +6,7 @@ Customizable Firewall Rules and Filters | SSN Docs - + diff --git a/docs/cc_fips_secure_deliver/index.html b/docs/cc_fips_secure_deliver/index.html index 59daf02391..b153e4a00b 100644 --- a/docs/cc_fips_secure_deliver/index.html +++ b/docs/cc_fips_secure_deliver/index.html @@ -6,7 +6,7 @@ Identifying Secure Product Delivery | SSN Docs - + diff --git a/docs/cc_fips_software_upgrades/index.html b/docs/cc_fips_software_upgrades/index.html index 9cd9719d59..60de4d77b5 100644 --- a/docs/cc_fips_software_upgrades/index.html +++ b/docs/cc_fips_software_upgrades/index.html @@ -6,7 +6,7 @@ Upgrades and Uninstallation | SSN Docs - + diff --git a/docs/cc_fips_ssr_security_scope/index.html b/docs/cc_fips_ssr_security_scope/index.html index d4b7ead023..f67417a1c5 100644 --- a/docs/cc_fips_ssr_security_scope/index.html +++ b/docs/cc_fips_ssr_security_scope/index.html @@ -6,7 +6,7 @@ SSR Security Scope | SSN Docs - + diff --git a/docs/cc_fips_titlepage/index.html b/docs/cc_fips_titlepage/index.html index 5f07520a6c..28631e3331 100644 --- a/docs/cc_fips_titlepage/index.html +++ b/docs/cc_fips_titlepage/index.html @@ -6,7 +6,7 @@ SSR Common Criteria Installation and User Guide | SSN Docs - + diff --git a/docs/cli_reference/index.html b/docs/cli_reference/index.html index 0bd5bbb8be..036e7095b9 100644 --- a/docs/cli_reference/index.html +++ b/docs/cli_reference/index.html @@ -6,7 +6,7 @@ Command Line Reference | SSN Docs - + diff --git a/docs/cli_stats_reference/index.html b/docs/cli_stats_reference/index.html index 4d74920a39..a121d656fe 100644 --- a/docs/cli_stats_reference/index.html +++ b/docs/cli_stats_reference/index.html @@ -6,7 +6,7 @@ Show Stats Reference | SSN Docs - + diff --git a/docs/concepts_EthOverSVR/index.html b/docs/concepts_EthOverSVR/index.html index dd7abe71cd..850bd87004 100644 --- a/docs/concepts_EthOverSVR/index.html +++ b/docs/concepts_EthOverSVR/index.html @@ -6,7 +6,7 @@ Ethernet Over Secure Vector Routing | SSN Docs - + diff --git a/docs/concepts_STEP/index.html b/docs/concepts_STEP/index.html index fefa47f2bf..946540363d 100644 --- a/docs/concepts_STEP/index.html +++ b/docs/concepts_STEP/index.html @@ -6,7 +6,7 @@ Service and Topology Exchange Protocol (STEP) | SSN Docs - + diff --git a/docs/concepts_appid/index.html b/docs/concepts_appid/index.html index d4ad7e2ada..374c015080 100644 --- a/docs/concepts_appid/index.html +++ b/docs/concepts_appid/index.html @@ -6,7 +6,7 @@ Application Identification | SSN Docs - + diff --git a/docs/concepts_application_discovery/index.html b/docs/concepts_application_discovery/index.html index a6b974813a..e85b268ad8 100644 --- a/docs/concepts_application_discovery/index.html +++ b/docs/concepts_application_discovery/index.html @@ -6,7 +6,7 @@ Application Discovery | SSN Docs - + diff --git a/docs/concepts_fib/index.html b/docs/concepts_fib/index.html index a7ab39889f..b9e13a9c78 100644 --- a/docs/concepts_fib/index.html +++ b/docs/concepts_fib/index.html @@ -6,7 +6,7 @@ Forwarding Information Base (FIB) - Concepts | SSN Docs - + diff --git a/docs/concepts_fib_construction/index.html b/docs/concepts_fib_construction/index.html index 9c68ee65f5..783b225bd4 100644 --- a/docs/concepts_fib_construction/index.html +++ b/docs/concepts_fib_construction/index.html @@ -6,7 +6,7 @@ How the FIB is Constructed | SSN Docs - + diff --git a/docs/concepts_fib_design/index.html b/docs/concepts_fib_design/index.html index 712cbda366..0883061b3c 100644 --- a/docs/concepts_fib_design/index.html +++ b/docs/concepts_fib_design/index.html @@ -6,7 +6,7 @@ FIB Design Considerations | SSN Docs - + diff --git a/docs/concepts_glossary/index.html b/docs/concepts_glossary/index.html index 2e6a88d4d2..50f9f42b83 100644 --- a/docs/concepts_glossary/index.html +++ b/docs/concepts_glossary/index.html @@ -6,7 +6,7 @@ Glossary | SSN Docs - + diff --git a/docs/concepts_ha_theoryofoperation/index.html b/docs/concepts_ha_theoryofoperation/index.html index 5f4364974e..bfa99141b1 100644 --- a/docs/concepts_ha_theoryofoperation/index.html +++ b/docs/concepts_ha_theoryofoperation/index.html @@ -6,7 +6,7 @@ High Availability - Theory of Operation | SSN Docs - + diff --git a/docs/concepts_interface_types/index.html b/docs/concepts_interface_types/index.html index 841dbb6ed4..cbf1cca5ee 100644 --- a/docs/concepts_interface_types/index.html +++ b/docs/concepts_interface_types/index.html @@ -6,7 +6,7 @@ Interface Types | SSN Docs - + diff --git a/docs/concepts_kni/index.html b/docs/concepts_kni/index.html index 2f06972040..be001d161e 100644 --- a/docs/concepts_kni/index.html +++ b/docs/concepts_kni/index.html @@ -6,7 +6,7 @@ Kernel Network Interfaces | SSN Docs - + diff --git a/docs/concepts_learning_VRF_routes/index.html b/docs/concepts_learning_VRF_routes/index.html index c8cd08d26f..e2e1b1cc09 100644 --- a/docs/concepts_learning_VRF_routes/index.html +++ b/docs/concepts_learning_VRF_routes/index.html @@ -6,7 +6,7 @@ Learning VRF Routes | SSN Docs - + diff --git a/docs/concepts_linux_host_networking/index.html b/docs/concepts_linux_host_networking/index.html index 40a90255ed..5e4d856f68 100644 --- a/docs/concepts_linux_host_networking/index.html +++ b/docs/concepts_linux_host_networking/index.html @@ -6,7 +6,7 @@ Linux Host Networking Through SSR | SSN Docs - + diff --git a/docs/concepts_machine_communication/index.html b/docs/concepts_machine_communication/index.html index ad6a3a6ae0..169af84b79 100644 --- a/docs/concepts_machine_communication/index.html +++ b/docs/concepts_machine_communication/index.html @@ -6,7 +6,7 @@ Intra- and Inter-System Communication | SSN Docs - + diff --git a/docs/concepts_metadata/index.html b/docs/concepts_metadata/index.html index f625fff6fb..70edba0dcb 100644 --- a/docs/concepts_metadata/index.html +++ b/docs/concepts_metadata/index.html @@ -6,7 +6,7 @@ SSR Metadata | SSN Docs - + diff --git a/docs/concepts_metrics/index.html b/docs/concepts_metrics/index.html index c0b9426ecb..d7bf487361 100644 --- a/docs/concepts_metrics/index.html +++ b/docs/concepts_metrics/index.html @@ -6,7 +6,7 @@ Metrics | SSN Docs - + diff --git a/docs/concepts_monitoring/index.html b/docs/concepts_monitoring/index.html index df8893c0ec..9437890ecc 100644 --- a/docs/concepts_monitoring/index.html +++ b/docs/concepts_monitoring/index.html @@ -6,7 +6,7 @@ Monitoring Agent | SSN Docs - + diff --git a/docs/concepts_network_planes/index.html b/docs/concepts_network_planes/index.html index bc4c14c61e..c71d6ec31e 100644 --- a/docs/concepts_network_planes/index.html +++ b/docs/concepts_network_planes/index.html @@ -6,7 +6,7 @@ Forwarding Plane Separation | SSN Docs - + diff --git a/docs/concepts_pcli/index.html b/docs/concepts_pcli/index.html index dd45197e25..69a047fc34 100644 --- a/docs/concepts_pcli/index.html +++ b/docs/concepts_pcli/index.html @@ -6,7 +6,7 @@ Programmable Command Line Interface (PCLI) | SSN Docs - + diff --git a/docs/concepts_session_timer/index.html b/docs/concepts_session_timer/index.html index 75af5c1b7a..c939f97169 100644 --- a/docs/concepts_session_timer/index.html +++ b/docs/concepts_session_timer/index.html @@ -6,7 +6,7 @@ Session Timers | SSN Docs - + diff --git a/docs/concepts_ssr_idp/index.html b/docs/concepts_ssr_idp/index.html index 8b3fc4a65e..3ff215ba4d 100644 --- a/docs/concepts_ssr_idp/index.html +++ b/docs/concepts_ssr_idp/index.html @@ -6,7 +6,7 @@ Intrusion Detection and Prevention | SSN Docs - + diff --git a/docs/concepts_traf_eng/index.html b/docs/concepts_traf_eng/index.html index 6d441d2dd2..4305d56671 100644 --- a/docs/concepts_traf_eng/index.html +++ b/docs/concepts_traf_eng/index.html @@ -6,7 +6,7 @@ Traffic Engineering Overview | SSN Docs - + diff --git a/docs/concepts_waypoint_ports/index.html b/docs/concepts_waypoint_ports/index.html index 4641ea3aca..bf9b583b81 100644 --- a/docs/concepts_waypoint_ports/index.html +++ b/docs/concepts_waypoint_ports/index.html @@ -6,7 +6,7 @@ Waypoints and Waypoint Ports | SSN Docs - + diff --git a/docs/conductor_upgrade/index.html b/docs/conductor_upgrade/index.html index adcda6d8f1..cd34cfed1f 100644 --- a/docs/conductor_upgrade/index.html +++ b/docs/conductor_upgrade/index.html @@ -6,7 +6,7 @@ Upgrade the SSR Conductor | SSN Docs - + diff --git a/docs/config_EthoSVR/index.html b/docs/config_EthoSVR/index.html index 4c144bad97..308e449d5c 100644 --- a/docs/config_EthoSVR/index.html +++ b/docs/config_EthoSVR/index.html @@ -6,7 +6,7 @@ Configuring Ethernet Over Secure Vector Routing | SSN Docs - + diff --git a/docs/config_EthoSVR_activestandby/index.html b/docs/config_EthoSVR_activestandby/index.html index a4cd0228de..56238ebcc9 100644 --- a/docs/config_EthoSVR_activestandby/index.html +++ b/docs/config_EthoSVR_activestandby/index.html @@ -6,7 +6,7 @@ Configuring Ethernet Over SVR for Active/Standby | SSN Docs - + diff --git a/docs/config_RBAC/index.html b/docs/config_RBAC/index.html index 20019d113b..ae95281a07 100644 --- a/docs/config_RBAC/index.html +++ b/docs/config_RBAC/index.html @@ -6,7 +6,7 @@ Configuring Role-Based Access Control | SSN Docs - + diff --git a/docs/config_STEP/index.html b/docs/config_STEP/index.html index 9cff8bbfcd..c3c6516eb5 100644 --- a/docs/config_STEP/index.html +++ b/docs/config_STEP/index.html @@ -6,7 +6,7 @@ Configuring Service and Topology Exchange Protocol (STEP) | SSN Docs - + diff --git a/docs/config_access_mgmt/index.html b/docs/config_access_mgmt/index.html index e265e98b07..fcfc5cce15 100644 --- a/docs/config_access_mgmt/index.html +++ b/docs/config_access_mgmt/index.html @@ -6,7 +6,7 @@ Access Management on the SSR | SSN Docs - + diff --git a/docs/config_adding_interfaces_to_ha_team/index.html b/docs/config_adding_interfaces_to_ha_team/index.html index ea3f098bef..3c73a0cd72 100644 --- a/docs/config_adding_interfaces_to_ha_team/index.html +++ b/docs/config_adding_interfaces_to_ha_team/index.html @@ -6,7 +6,7 @@ Adding Interfaces to an HA Team Interface | SSN Docs - + diff --git a/docs/config_alarm_suppression/index.html b/docs/config_alarm_suppression/index.html index 3896d216e6..d6de1679aa 100644 --- a/docs/config_alarm_suppression/index.html +++ b/docs/config_alarm_suppression/index.html @@ -6,7 +6,7 @@ Alarm Suppression | SSN Docs - + diff --git a/docs/config_app_ident/index.html b/docs/config_app_ident/index.html index c6b9e8a272..e506bdac31 100644 --- a/docs/config_app_ident/index.html +++ b/docs/config_app_ident/index.html @@ -6,7 +6,7 @@ Application Learning Mode | SSN Docs - + diff --git a/docs/config_application_steering/index.html b/docs/config_application_steering/index.html index d2b1f86be6..029e73449c 100644 --- a/docs/config_application_steering/index.html +++ b/docs/config_application_steering/index.html @@ -6,7 +6,7 @@ Application Steering | SSN Docs - + diff --git a/docs/config_asset_connection_resiliency/index.html b/docs/config_asset_connection_resiliency/index.html index d627ddd410..cd87c11907 100644 --- a/docs/config_asset_connection_resiliency/index.html +++ b/docs/config_asset_connection_resiliency/index.html @@ -6,7 +6,7 @@ Asset Connection Resiliency | SSN Docs - + diff --git a/docs/config_audit_event/index.html b/docs/config_audit_event/index.html index d0e14a355c..7fb066f1dc 100644 --- a/docs/config_audit_event/index.html +++ b/docs/config_audit_event/index.html @@ -6,7 +6,7 @@ Configuring Audit Events | SSN Docs - + diff --git a/docs/config_basics/index.html b/docs/config_basics/index.html index 77097cf216..90bf764530 100644 --- a/docs/config_basics/index.html +++ b/docs/config_basics/index.html @@ -6,7 +6,7 @@ Configuration Management on the SSR | SSN Docs - + diff --git a/docs/config_bfd/index.html b/docs/config_bfd/index.html index 7b34206530..126902db94 100644 --- a/docs/config_bfd/index.html +++ b/docs/config_bfd/index.html @@ -6,7 +6,7 @@ Bidirectional Forwarding Detection (BFD) | SSN Docs - + diff --git a/docs/config_bfd_tunnel/index.html b/docs/config_bfd_tunnel/index.html index 55e5aed0a6..b8451d11e0 100644 --- a/docs/config_bfd_tunnel/index.html +++ b/docs/config_bfd_tunnel/index.html @@ -6,7 +6,7 @@ SVR Transport Reuse | SSN Docs - + diff --git a/docs/config_bgp/index.html b/docs/config_bgp/index.html index d33c540176..b40a91e11b 100644 --- a/docs/config_bgp/index.html +++ b/docs/config_bgp/index.html @@ -6,7 +6,7 @@ Border Gateway Protocol (BGP) | SSN Docs - + diff --git a/docs/config_command_guide/index.html b/docs/config_command_guide/index.html index 4aea764d24..fdf9a28098 100644 --- a/docs/config_command_guide/index.html +++ b/docs/config_command_guide/index.html @@ -6,7 +6,7 @@ Configuration Command Reference Guide | SSN Docs - + diff --git a/docs/config_dev_intf_traf_eng/index.html b/docs/config_dev_intf_traf_eng/index.html index 2466ffdbfb..189b0c2e62 100644 --- a/docs/config_dev_intf_traf_eng/index.html +++ b/docs/config_dev_intf_traf_eng/index.html @@ -6,7 +6,7 @@ Device Interface Traffic Engineering | SSN Docs - + diff --git a/docs/config_dhcp/index.html b/docs/config_dhcp/index.html index d3db3111b4..f7fac13701 100644 --- a/docs/config_dhcp/index.html +++ b/docs/config_dhcp/index.html @@ -6,7 +6,7 @@ Dynamic Host Configuration Protocol (DHCP) | SSN Docs - + diff --git a/docs/config_dnat/index.html b/docs/config_dnat/index.html index da1541467c..1c9aa22cef 100644 --- a/docs/config_dnat/index.html +++ b/docs/config_dnat/index.html @@ -6,7 +6,7 @@ Dynamic Ingress Source NAT | SSN Docs - + diff --git a/docs/config_dns_proxy/index.html b/docs/config_dns_proxy/index.html index 81ba570290..bdbd0e12f3 100644 --- a/docs/config_dns_proxy/index.html +++ b/docs/config_dns_proxy/index.html @@ -6,7 +6,7 @@ DNS Proxy | SSN Docs - + diff --git a/docs/config_domain-based_web_filter/index.html b/docs/config_domain-based_web_filter/index.html index b55241ea42..ee204bf061 100644 --- a/docs/config_domain-based_web_filter/index.html +++ b/docs/config_domain-based_web_filter/index.html @@ -6,7 +6,7 @@ Web Filtering | SSN Docs - + diff --git a/docs/config_dscp_preservation/index.html b/docs/config_dscp_preservation/index.html index b8e2178fa3..8ae3ed14df 100644 --- a/docs/config_dscp_preservation/index.html +++ b/docs/config_dscp_preservation/index.html @@ -6,7 +6,7 @@ DSCP Preservation | SSN Docs - + diff --git a/docs/config_dscp_steering/index.html b/docs/config_dscp_steering/index.html index ce011128b5..019d3e0066 100644 --- a/docs/config_dscp_steering/index.html +++ b/docs/config_dscp_steering/index.html @@ -6,7 +6,7 @@ Configuring DSCP Steering | SSN Docs - + diff --git a/docs/config_dual_router_ha/index.html b/docs/config_dual_router_ha/index.html index b5cba9199e..5625581b83 100644 --- a/docs/config_dual_router_ha/index.html +++ b/docs/config_dual_router_ha/index.html @@ -6,7 +6,7 @@ Configuring Dual Router High Availability using iBGP | SSN Docs - + diff --git a/docs/config_firewall_ports/index.html b/docs/config_firewall_ports/index.html index cc955f2437..938d473923 100644 --- a/docs/config_firewall_ports/index.html +++ b/docs/config_firewall_ports/index.html @@ -6,7 +6,7 @@ Enable Ports on the Firewall | SSN Docs - + diff --git a/docs/config_flow_perf_mon/index.html b/docs/config_flow_perf_mon/index.html index 1d1853ae60..74a0470141 100644 --- a/docs/config_flow_perf_mon/index.html +++ b/docs/config_flow_perf_mon/index.html @@ -6,7 +6,7 @@ Inline Flow Performance Monitoring | SSN Docs - + diff --git a/docs/config_forward_error_correction/index.html b/docs/config_forward_error_correction/index.html index b0c7605c29..c9fb63be55 100644 --- a/docs/config_forward_error_correction/index.html +++ b/docs/config_forward_error_correction/index.html @@ -6,7 +6,7 @@ Configuring Forward Error Correction | SSN Docs - + diff --git a/docs/config_gre_tunnel/index.html b/docs/config_gre_tunnel/index.html index 49c39ea666..bfda75ffd0 100644 --- a/docs/config_gre_tunnel/index.html +++ b/docs/config_gre_tunnel/index.html @@ -6,7 +6,7 @@ Native GRE Tunnels | SSN Docs - + diff --git a/docs/config_ha/index.html b/docs/config_ha/index.html index 88084b349f..2d52efac62 100644 --- a/docs/config_ha/index.html +++ b/docs/config_ha/index.html @@ -6,7 +6,7 @@ Configuring Dual Node High Availability | SSN Docs - + diff --git a/docs/config_ha_vrrp/index.html b/docs/config_ha_vrrp/index.html index 07a4c30805..969945ed7e 100644 --- a/docs/config_ha_vrrp/index.html +++ b/docs/config_ha_vrrp/index.html @@ -6,7 +6,7 @@ Configuring Dual Router High Availability and VRRP | SSN Docs - + diff --git a/docs/config_idp/index.html b/docs/config_idp/index.html index 36cf7d10f8..8881138380 100644 --- a/docs/config_idp/index.html +++ b/docs/config_idp/index.html @@ -6,7 +6,7 @@ Configure Intrusion Detection and Prevention | SSN Docs - + diff --git a/docs/config_in-memory_metrics/index.html b/docs/config_in-memory_metrics/index.html index e7d79a2364..44f55cb0f7 100644 --- a/docs/config_in-memory_metrics/index.html +++ b/docs/config_in-memory_metrics/index.html @@ -6,7 +6,7 @@ Configuring In-Memory Metrics | SSN Docs - + diff --git a/docs/config_lacp/index.html b/docs/config_lacp/index.html index a506c7ace5..2027eda909 100644 --- a/docs/config_lacp/index.html +++ b/docs/config_lacp/index.html @@ -6,7 +6,7 @@ Link Aggregation and LACP | SSN Docs - + diff --git a/docs/config_ldap/index.html b/docs/config_ldap/index.html index 57fdfcd3e4..4a35a50ebe 100644 --- a/docs/config_ldap/index.html +++ b/docs/config_ldap/index.html @@ -6,7 +6,7 @@ LDAP | SSN Docs - + diff --git a/docs/config_management_over_forwarding/index.html b/docs/config_management_over_forwarding/index.html index b7f65085dd..b22487ac5b 100644 --- a/docs/config_management_over_forwarding/index.html +++ b/docs/config_management_over_forwarding/index.html @@ -6,7 +6,7 @@ Management Traffic over Forwarding Interfaces | SSN Docs - + diff --git a/docs/config_multicast/index.html b/docs/config_multicast/index.html index e6bd33c45f..5dd950024b 100644 --- a/docs/config_multicast/index.html +++ b/docs/config_multicast/index.html @@ -6,7 +6,7 @@ Multicast | SSN Docs - + diff --git a/docs/config_nat_pools/index.html b/docs/config_nat_pools/index.html index efb0dd8274..fa19221cf8 100644 --- a/docs/config_nat_pools/index.html +++ b/docs/config_nat_pools/index.html @@ -6,7 +6,7 @@ NAT Pools | SSN Docs - + diff --git a/docs/config_non_forwarding_ha_interfaces/index.html b/docs/config_non_forwarding_ha_interfaces/index.html index f8210a53aa..c9f75bef54 100644 --- a/docs/config_non_forwarding_ha_interfaces/index.html +++ b/docs/config_non_forwarding_ha_interfaces/index.html @@ -6,7 +6,7 @@ Non-Forwarding HA Interfaces | SSN Docs - + diff --git a/docs/config_ntp_auth/index.html b/docs/config_ntp_auth/index.html index 9f09af4ff1..77e1a4b9a2 100644 --- a/docs/config_ntp_auth/index.html +++ b/docs/config_ntp_auth/index.html @@ -6,7 +6,7 @@ NTP Authentication | SSN Docs - + diff --git a/docs/config_ospf/index.html b/docs/config_ospf/index.html index 163728154d..e1d7041a21 100644 --- a/docs/config_ospf/index.html +++ b/docs/config_ospf/index.html @@ -6,7 +6,7 @@ Open Shortest Path First (OSPF) | SSN Docs - + diff --git a/docs/config_password_policies/index.html b/docs/config_password_policies/index.html index e2e93036f8..c648bc1acf 100644 --- a/docs/config_password_policies/index.html +++ b/docs/config_password_policies/index.html @@ -6,7 +6,7 @@ Username and Password Policies | SSN Docs - + diff --git a/docs/config_radius/index.html b/docs/config_radius/index.html index fa062eb70f..ebf2595a32 100644 --- a/docs/config_radius/index.html +++ b/docs/config_radius/index.html @@ -6,7 +6,7 @@ Authentication Methods | SSN Docs - + diff --git a/docs/config_radsec/index.html b/docs/config_radsec/index.html index 1cafc3f8b9..86d1f1cf55 100644 --- a/docs/config_radsec/index.html +++ b/docs/config_radsec/index.html @@ -6,7 +6,7 @@ Configuring RADUIS over TLS | SSN Docs - + diff --git a/docs/config_rate_limiting/index.html b/docs/config_rate_limiting/index.html index 1429d6f546..4b005a2c23 100644 --- a/docs/config_rate_limiting/index.html +++ b/docs/config_rate_limiting/index.html @@ -6,7 +6,7 @@ Rate Limiting | SSN Docs - + diff --git a/docs/config_reference_guide/index.html b/docs/config_reference_guide/index.html index d09942e41f..a748285abf 100644 --- a/docs/config_reference_guide/index.html +++ b/docs/config_reference_guide/index.html @@ -6,7 +6,7 @@ Configuration Element Reference | SSN Docs - + diff --git a/docs/config_service_health/index.html b/docs/config_service_health/index.html index 071fbb6229..386bcdabb1 100644 --- a/docs/config_service_health/index.html +++ b/docs/config_service_health/index.html @@ -6,7 +6,7 @@ Service Health Learning and Fault Avoidance | SSN Docs - + diff --git a/docs/config_session_optimization/index.html b/docs/config_session_optimization/index.html index a4c128020c..9f021384c6 100644 --- a/docs/config_session_optimization/index.html +++ b/docs/config_session_optimization/index.html @@ -6,7 +6,7 @@ TCP Session Optimization | SSN Docs - + diff --git a/docs/config_session_recovery/index.html b/docs/config_session_recovery/index.html index 3483259f3b..bf2be4b3c3 100644 --- a/docs/config_session_recovery/index.html +++ b/docs/config_session_recovery/index.html @@ -6,7 +6,7 @@ Session Recovery Detection | SSN Docs - + diff --git a/docs/config_snmp/index.html b/docs/config_snmp/index.html index 5f63e7d314..1c27d1ce37 100644 --- a/docs/config_snmp/index.html +++ b/docs/config_snmp/index.html @@ -6,7 +6,7 @@ Simple Network Management Protocol (SNMP) - Overview | SSN Docs - + diff --git a/docs/config_snmp_metrics/index.html b/docs/config_snmp_metrics/index.html index ecbed23e02..89b28fa461 100644 --- a/docs/config_snmp_metrics/index.html +++ b/docs/config_snmp_metrics/index.html @@ -6,7 +6,7 @@ SNMP - User defined metrics | SSN Docs - + diff --git a/docs/config_source-dest_nat/index.html b/docs/config_source-dest_nat/index.html index bce3fa7314..987e520b65 100644 --- a/docs/config_source-dest_nat/index.html +++ b/docs/config_source-dest_nat/index.html @@ -6,7 +6,7 @@ Source and Destination NAT | SSN Docs - + diff --git a/docs/config_static_hostname_mapping/index.html b/docs/config_static_hostname_mapping/index.html index 9b1854d7aa..e81bcf4563 100644 --- a/docs/config_static_hostname_mapping/index.html +++ b/docs/config_static_hostname_mapping/index.html @@ -6,7 +6,7 @@ Static Hostname Mappings | SSN Docs - + diff --git a/docs/config_static_nat/index.html b/docs/config_static_nat/index.html index 0f2fc8a64b..bb2668cf71 100644 --- a/docs/config_static_nat/index.html +++ b/docs/config_static_nat/index.html @@ -6,7 +6,7 @@ Static Bi-directional NAT | SSN Docs - + diff --git a/docs/config_step_ha/index.html b/docs/config_step_ha/index.html index a1fb1d7c37..250757f67e 100644 --- a/docs/config_step_ha/index.html +++ b/docs/config_step_ha/index.html @@ -6,7 +6,7 @@ STEP High Availability | SSN Docs - + diff --git a/docs/config_syslog_tls/index.html b/docs/config_syslog_tls/index.html index d1faa5f56b..2141230557 100644 --- a/docs/config_syslog_tls/index.html +++ b/docs/config_syslog_tls/index.html @@ -6,7 +6,7 @@ Configuring Syslog Over TLS | SSN Docs - + diff --git a/docs/config_te_net_intf/index.html b/docs/config_te_net_intf/index.html index 96176fc0ad..6cf1213eb2 100644 --- a/docs/config_te_net_intf/index.html +++ b/docs/config_te_net_intf/index.html @@ -6,7 +6,7 @@ Network Interface Traffic Engineering | SSN Docs - + diff --git a/docs/config_templates/index.html b/docs/config_templates/index.html index be8a13f630..72bfb7deac 100644 --- a/docs/config_templates/index.html +++ b/docs/config_templates/index.html @@ -6,7 +6,7 @@ Configuration Templates | SSN Docs - + diff --git a/docs/config_tenants/index.html b/docs/config_tenants/index.html index 03f83e8aaa..1ded55250f 100644 --- a/docs/config_tenants/index.html +++ b/docs/config_tenants/index.html @@ -6,7 +6,7 @@ Tenants | SSN Docs - + diff --git a/docs/config_transition_standalone_to_ha/index.html b/docs/config_transition_standalone_to_ha/index.html index 26dee5a198..55f285cf59 100644 --- a/docs/config_transition_standalone_to_ha/index.html +++ b/docs/config_transition_standalone_to_ha/index.html @@ -6,7 +6,7 @@ Transitioning a Conductor from Standalone to HA | SSN Docs - + diff --git a/docs/config_transport_encryption/index.html b/docs/config_transport_encryption/index.html index b10311dabb..11e933a3aa 100644 --- a/docs/config_transport_encryption/index.html +++ b/docs/config_transport_encryption/index.html @@ -6,7 +6,7 @@ Transport Based Encryption | SSN Docs - + diff --git a/docs/config_vrf_learning/index.html b/docs/config_vrf_learning/index.html index 62b7d541b9..340123084b 100644 --- a/docs/config_vrf_learning/index.html +++ b/docs/config_vrf_learning/index.html @@ -6,7 +6,7 @@ VRF Support | SSN Docs - + diff --git a/docs/config_vrf_route_leaking/index.html b/docs/config_vrf_route_leaking/index.html index ffbbe874d8..83de24bd10 100644 --- a/docs/config_vrf_route_leaking/index.html +++ b/docs/config_vrf_route_leaking/index.html @@ -6,7 +6,7 @@ VRF Route Leaking | SSN Docs - + diff --git a/docs/config_wan_assurance/index.html b/docs/config_wan_assurance/index.html index e5a0b41bb7..bb7ccdca47 100644 --- a/docs/config_wan_assurance/index.html +++ b/docs/config_wan_assurance/index.html @@ -6,7 +6,7 @@ ZTP Onboarding to a Conductor | SSN Docs - + diff --git a/docs/config_webserver_certs/index.html b/docs/config_webserver_certs/index.html index 472583f17b..1c22260321 100644 --- a/docs/config_webserver_certs/index.html +++ b/docs/config_webserver_certs/index.html @@ -6,7 +6,7 @@ Signing and Importing Webserver Certificates | SSN Docs - + diff --git a/docs/events_alarms/index.html b/docs/events_alarms/index.html index 0c7b958b56..a6f0155ae2 100644 --- a/docs/events_alarms/index.html +++ b/docs/events_alarms/index.html @@ -6,7 +6,7 @@ Alarms | SSN Docs - + diff --git a/docs/events_events/index.html b/docs/events_events/index.html index a9b5ad9823..8ea8ffae6d 100644 --- a/docs/events_events/index.html +++ b/docs/events_events/index.html @@ -6,7 +6,7 @@ Events | SSN Docs - + diff --git a/docs/events_overview/index.html b/docs/events_overview/index.html index d1fb5ab17a..4aa01bdeed 100644 --- a/docs/events_overview/index.html +++ b/docs/events_overview/index.html @@ -6,7 +6,7 @@ Alarms and Events | SSN Docs - + diff --git a/docs/ha_conductor_install/index.html b/docs/ha_conductor_install/index.html index 8692ccce6f..92b26838d0 100644 --- a/docs/ha_conductor_install/index.html +++ b/docs/ha_conductor_install/index.html @@ -6,7 +6,7 @@ High Availability Conductor Installation | SSN Docs - + diff --git a/docs/hdwr_ssr_device_port_layout/index.html b/docs/hdwr_ssr_device_port_layout/index.html index a07b698b77..4fc4525783 100644 --- a/docs/hdwr_ssr_device_port_layout/index.html +++ b/docs/hdwr_ssr_device_port_layout/index.html @@ -6,7 +6,7 @@ SSR Device Default Port Layout | SSN Docs - + diff --git a/docs/hdwr_whitebox_port_layout/index.html b/docs/hdwr_whitebox_port_layout/index.html index 9e00224be1..f0577d3fe5 100644 --- a/docs/hdwr_whitebox_port_layout/index.html +++ b/docs/hdwr_whitebox_port_layout/index.html @@ -6,7 +6,7 @@ Whitebox Device Default Port Layout | SSN Docs - + diff --git a/docs/how_to_local_config_override/index.html b/docs/how_to_local_config_override/index.html index f910602a36..8391e05da0 100644 --- a/docs/how_to_local_config_override/index.html +++ b/docs/how_to_local_config_override/index.html @@ -6,7 +6,7 @@ Local Configuration Override | SSN Docs - + diff --git a/docs/how_to_use_app_summary/index.html b/docs/how_to_use_app_summary/index.html index 723ae743a0..74bb5c9c50 100644 --- a/docs/how_to_use_app_summary/index.html +++ b/docs/how_to_use_app_summary/index.html @@ -6,7 +6,7 @@ Using Application Summary | SSN Docs - + diff --git a/docs/howto_STEP_GUI/index.html b/docs/howto_STEP_GUI/index.html index b50806188c..f3357a1c3c 100644 --- a/docs/howto_STEP_GUI/index.html +++ b/docs/howto_STEP_GUI/index.html @@ -6,7 +6,7 @@ Using the STEP GUI | SSN Docs - + diff --git a/docs/howto_conductor_migration/index.html b/docs/howto_conductor_migration/index.html index c60855ce15..ab1e6158e7 100644 --- a/docs/howto_conductor_migration/index.html +++ b/docs/howto_conductor_migration/index.html @@ -6,7 +6,7 @@ Conductor Backup and Migration | SSN Docs - + diff --git a/docs/howto_config_PPPoE/index.html b/docs/howto_config_PPPoE/index.html index 727ec7d9dc..4b53f999be 100644 --- a/docs/howto_config_PPPoE/index.html +++ b/docs/howto_config_PPPoE/index.html @@ -6,7 +6,7 @@ Configuring PPPoE | SSN Docs - + diff --git a/docs/howto_config_snmp/index.html b/docs/howto_config_snmp/index.html index 6b40d55060..3bc045a952 100644 --- a/docs/howto_config_snmp/index.html +++ b/docs/howto_config_snmp/index.html @@ -6,7 +6,7 @@ SNMP - Configuration | SSN Docs - + diff --git a/docs/howto_extend_gui_nav/index.html b/docs/howto_extend_gui_nav/index.html index 07c3becf5e..23e6935e4d 100644 --- a/docs/howto_extend_gui_nav/index.html +++ b/docs/howto_extend_gui_nav/index.html @@ -6,7 +6,7 @@ Extending the GUI Navigation Bar | SSN Docs - + diff --git a/docs/howto_lte/index.html b/docs/howto_lte/index.html index 5126779cba..de00a01336 100644 --- a/docs/howto_lte/index.html +++ b/docs/howto_lte/index.html @@ -6,7 +6,7 @@ LTE and Dual LTE Configuration | SSN Docs - + diff --git a/docs/howto_maintenance_mode/index.html b/docs/howto_maintenance_mode/index.html index 3ca2109778..2f26be0079 100644 --- a/docs/howto_maintenance_mode/index.html +++ b/docs/howto_maintenance_mode/index.html @@ -6,7 +6,7 @@ Maintenance Mode | SSN Docs - + diff --git a/docs/howto_ms365/index.html b/docs/howto_ms365/index.html index 117d9a23fe..43d7cbe3e9 100644 --- a/docs/howto_ms365/index.html +++ b/docs/howto_ms365/index.html @@ -6,7 +6,7 @@ Microsoft 365 | SSN Docs - + diff --git a/docs/howto_pppoe_vlan/index.html b/docs/howto_pppoe_vlan/index.html index f4a3442bd5..ad4517f640 100644 --- a/docs/howto_pppoe_vlan/index.html +++ b/docs/howto_pppoe_vlan/index.html @@ -6,7 +6,7 @@ VLAN Support on a PPPoE Interface | SSN Docs - + diff --git a/docs/howto_reset_user_password/index.html b/docs/howto_reset_user_password/index.html index 7c725ba661..f29cd959ce 100644 --- a/docs/howto_reset_user_password/index.html +++ b/docs/howto_reset_user_password/index.html @@ -6,7 +6,7 @@ Password Change and Account Recovery | SSN Docs - + diff --git a/docs/howto_router_migration/index.html b/docs/howto_router_migration/index.html index 3278c5e664..dd611c12e0 100644 --- a/docs/howto_router_migration/index.html +++ b/docs/howto_router_migration/index.html @@ -6,7 +6,7 @@ Router Migration | SSN Docs - + diff --git a/docs/howto_trusted_ca_certificate/index.html b/docs/howto_trusted_ca_certificate/index.html index 4d4eaa0ec7..d2fe737cba 100644 --- a/docs/howto_trusted_ca_certificate/index.html +++ b/docs/howto_trusted_ca_certificate/index.html @@ -6,7 +6,7 @@ Adding a Trusted Certificate | SSN Docs - + diff --git a/docs/howto_tune_bfd/index.html b/docs/howto_tune_bfd/index.html index 0bb2c8e7b6..3073097e9a 100644 --- a/docs/howto_tune_bfd/index.html +++ b/docs/howto_tune_bfd/index.html @@ -6,7 +6,7 @@ Tuning BFD Settings | SSN Docs - + diff --git a/docs/howto_update_bios/index.html b/docs/howto_update_bios/index.html index 5262714f30..31dc0ea383 100644 --- a/docs/howto_update_bios/index.html +++ b/docs/howto_update_bios/index.html @@ -6,7 +6,7 @@ SSR1300 and SSR1400 BIOS Upgrade for the Intel X722 | SSN Docs - + diff --git a/docs/initialize_u-iso_adv_workflow/index.html b/docs/initialize_u-iso_adv_workflow/index.html index a33898386d..a431b2a21c 100644 --- a/docs/initialize_u-iso_adv_workflow/index.html +++ b/docs/initialize_u-iso_adv_workflow/index.html @@ -6,7 +6,7 @@ Initialize Your Device - Advanced Workflows | SSN Docs - + diff --git a/docs/initialize_u-iso_device/index.html b/docs/initialize_u-iso_device/index.html index f154b44103..e43daba35e 100644 --- a/docs/initialize_u-iso_device/index.html +++ b/docs/initialize_u-iso_device/index.html @@ -6,7 +6,7 @@ Initialize Your Device - Web Workflow | SSN Docs - + diff --git a/docs/initializer_cli_reference/index.html b/docs/initializer_cli_reference/index.html index 736cfaabdd..1167ea8397 100644 --- a/docs/initializer_cli_reference/index.html +++ b/docs/initializer_cli_reference/index.html @@ -6,7 +6,7 @@ Initializer Command Line Reference | SSN Docs - + diff --git a/docs/initializer_preferences/index.html b/docs/initializer_preferences/index.html index 1b5a4844c1..6d7ea1eff3 100644 --- a/docs/initializer_preferences/index.html +++ b/docs/initializer_preferences/index.html @@ -6,7 +6,7 @@ Initializer Preferences File Reference | SSN Docs - + diff --git a/docs/install_conductor_overview/index.html b/docs/install_conductor_overview/index.html index 9f31af2e9b..d19504be1c 100644 --- a/docs/install_conductor_overview/index.html +++ b/docs/install_conductor_overview/index.html @@ -6,7 +6,7 @@ Conductor Overview | SSN Docs - + diff --git a/docs/install_qcow2_deployment/index.html b/docs/install_qcow2_deployment/index.html index 4a7914d29f..73f3985de6 100644 --- a/docs/install_qcow2_deployment/index.html +++ b/docs/install_qcow2_deployment/index.html @@ -6,7 +6,7 @@ Deployment Using QCOW2 | SSN Docs - + diff --git a/docs/install_univ_iso/index.html b/docs/install_univ_iso/index.html index c727cfd80e..54c51bbb99 100644 --- a/docs/install_univ_iso/index.html +++ b/docs/install_univ_iso/index.html @@ -6,7 +6,7 @@ SSR Installation | SSN Docs - + diff --git a/docs/install_vmware_config/index.html b/docs/install_vmware_config/index.html index 7dcedc24d3..56a50be945 100644 --- a/docs/install_vmware_config/index.html +++ b/docs/install_vmware_config/index.html @@ -6,7 +6,7 @@ Installing in VMWare | SSN Docs - + diff --git a/docs/installer_cli_reference/index.html b/docs/installer_cli_reference/index.html index c889d094b2..c3e3ef8201 100644 --- a/docs/installer_cli_reference/index.html +++ b/docs/installer_cli_reference/index.html @@ -6,7 +6,7 @@ Installer Command Line Reference | SSN Docs - + diff --git a/docs/installer_preferences/index.html b/docs/installer_preferences/index.html index c464372a84..844d7147fc 100644 --- a/docs/installer_preferences/index.html +++ b/docs/installer_preferences/index.html @@ -6,7 +6,7 @@ Installer Preferences File Reference | SSN Docs - + diff --git a/docs/intro_basic_conductor_config/index.html b/docs/intro_basic_conductor_config/index.html index 7adda3e223..62b4415ae2 100644 --- a/docs/intro_basic_conductor_config/index.html +++ b/docs/intro_basic_conductor_config/index.html @@ -6,7 +6,7 @@ Configure the Conductor | SSN Docs - + diff --git a/docs/intro_basic_router_config/index.html b/docs/intro_basic_router_config/index.html index e463b2538f..97bc4d837f 100644 --- a/docs/intro_basic_router_config/index.html +++ b/docs/intro_basic_router_config/index.html @@ -6,7 +6,7 @@ Basic Router Configuration | SSN Docs - + diff --git a/docs/intro_creating_bootable_usb/index.html b/docs/intro_creating_bootable_usb/index.html index 50705e20b7..1d671b6b9d 100644 --- a/docs/intro_creating_bootable_usb/index.html +++ b/docs/intro_creating_bootable_usb/index.html @@ -6,7 +6,7 @@ Creating a Bootable USB | SSN Docs - + diff --git a/docs/intro_downloading_iso/index.html b/docs/intro_downloading_iso/index.html index b8d95bb337..48a786f26c 100644 --- a/docs/intro_downloading_iso/index.html +++ b/docs/intro_downloading_iso/index.html @@ -6,7 +6,7 @@ Downloading ISOs | SSN Docs - + diff --git a/docs/intro_getting_started/index.html b/docs/intro_getting_started/index.html index 8087822fa1..d7f01ad118 100644 --- a/docs/intro_getting_started/index.html +++ b/docs/intro_getting_started/index.html @@ -6,7 +6,7 @@ Getting Started with the SSR Networking Platform | SSN Docs - + diff --git a/docs/intro_initialize_HA_conductor/index.html b/docs/intro_initialize_HA_conductor/index.html index 8be0c98c52..031a6adb30 100644 --- a/docs/intro_initialize_HA_conductor/index.html +++ b/docs/intro_initialize_HA_conductor/index.html @@ -6,7 +6,7 @@ Conductor High Availability for Cloud Deployments | SSN Docs - + diff --git a/docs/intro_install_quickstart_otpiso/index.html b/docs/intro_install_quickstart_otpiso/index.html index 966e035289..71df8c4ef9 100644 --- a/docs/intro_install_quickstart_otpiso/index.html +++ b/docs/intro_install_quickstart_otpiso/index.html @@ -6,7 +6,7 @@ QuickStart From the OTP ISO | SSN Docs - + diff --git a/docs/intro_installation/index.html b/docs/intro_installation/index.html index fb52fb9a6f..809ae13d05 100644 --- a/docs/intro_installation/index.html +++ b/docs/intro_installation/index.html @@ -6,7 +6,7 @@ SSR Software Installation Guide | SSN Docs - + diff --git a/docs/intro_installation_aws/index.html b/docs/intro_installation_aws/index.html index 7129dba9ec..4695c69974 100644 --- a/docs/intro_installation_aws/index.html +++ b/docs/intro_installation_aws/index.html @@ -6,7 +6,7 @@ Installing from the AWS Marketplace | SSN Docs - + diff --git a/docs/intro_installation_azure/index.html b/docs/intro_installation_azure/index.html index 86a869505a..33a4f6a7b2 100644 --- a/docs/intro_installation_azure/index.html +++ b/docs/intro_installation_azure/index.html @@ -6,7 +6,7 @@ Installing a PAYG Conductor-managed Router in Azure | SSN Docs - + diff --git a/docs/intro_installation_azure_mist/index.html b/docs/intro_installation_azure_mist/index.html index 0531c33b22..edd7114897 100644 --- a/docs/intro_installation_azure_mist/index.html +++ b/docs/intro_installation_azure_mist/index.html @@ -6,7 +6,7 @@ Installing a PAYG Mist-managed Router in Azure | SSN Docs - + diff --git a/docs/intro_installation_bootable_media/index.html b/docs/intro_installation_bootable_media/index.html index e46d74f964..4abc054522 100644 --- a/docs/intro_installation_bootable_media/index.html +++ b/docs/intro_installation_bootable_media/index.html @@ -6,7 +6,7 @@ Router Interactive Installation | SSN Docs - + diff --git a/docs/intro_installation_byol_azure_conductor/index.html b/docs/intro_installation_byol_azure_conductor/index.html index e11562f458..b68b1699b9 100644 --- a/docs/intro_installation_byol_azure_conductor/index.html +++ b/docs/intro_installation_byol_azure_conductor/index.html @@ -6,7 +6,7 @@ Installing a BYOL Conductor-managed Router in Azure | SSN Docs - + diff --git a/docs/intro_installation_byol_azure_mist/index.html b/docs/intro_installation_byol_azure_mist/index.html index 0622a6e136..1410fc2a81 100644 --- a/docs/intro_installation_byol_azure_mist/index.html +++ b/docs/intro_installation_byol_azure_mist/index.html @@ -6,7 +6,7 @@ Installing a BYOL Mist-managed Router in Azure | SSN Docs - + diff --git a/docs/intro_installation_image/index.html b/docs/intro_installation_image/index.html index 50b4cf1181..f52f8e885a 100644 --- a/docs/intro_installation_image/index.html +++ b/docs/intro_installation_image/index.html @@ -6,7 +6,7 @@ Image-Based Installation | SSN Docs - + diff --git a/docs/intro_installation_installer/index.html b/docs/intro_installation_installer/index.html index 00e4a0030b..9f7239e614 100644 --- a/docs/intro_installation_installer/index.html +++ b/docs/intro_installation_installer/index.html @@ -6,7 +6,7 @@ Manually Installing the SSR | SSN Docs - + diff --git a/docs/intro_installation_legacy/index.html b/docs/intro_installation_legacy/index.html index ee59da3b3c..06802c9928 100644 --- a/docs/intro_installation_legacy/index.html +++ b/docs/intro_installation_legacy/index.html @@ -6,7 +6,7 @@ SSR Legacy Software Installation Overview | SSN Docs - + diff --git a/docs/intro_installation_quickstart_aws/index.html b/docs/intro_installation_quickstart_aws/index.html index e2faf78398..52fc877ccf 100644 --- a/docs/intro_installation_quickstart_aws/index.html +++ b/docs/intro_installation_quickstart_aws/index.html @@ -6,7 +6,7 @@ Installing a PAYG Conductor-managed Router in AWS | SSN Docs - + diff --git a/docs/intro_installation_quickstart_byol_conductor_aws/index.html b/docs/intro_installation_quickstart_byol_conductor_aws/index.html index 6903c736c3..593b4c8b30 100644 --- a/docs/intro_installation_quickstart_byol_conductor_aws/index.html +++ b/docs/intro_installation_quickstart_byol_conductor_aws/index.html @@ -6,7 +6,7 @@ Installing a BYOL Conductor-managed Router in AWS | SSN Docs - + diff --git a/docs/intro_installation_quickstart_byol_mist_aws/index.html b/docs/intro_installation_quickstart_byol_mist_aws/index.html index fd3ab2161d..19a48be172 100644 --- a/docs/intro_installation_quickstart_byol_mist_aws/index.html +++ b/docs/intro_installation_quickstart_byol_mist_aws/index.html @@ -6,7 +6,7 @@ Installing a BYOL Mist-managed Router in AWS | SSN Docs - + diff --git a/docs/intro_installation_quickstart_mist_aws/index.html b/docs/intro_installation_quickstart_mist_aws/index.html index 2e0ef2ab42..9da2d1b0b6 100644 --- a/docs/intro_installation_quickstart_mist_aws/index.html +++ b/docs/intro_installation_quickstart_mist_aws/index.html @@ -6,7 +6,7 @@ Installing a PAYG Mist-managed Router in AWS | SSN Docs - + diff --git a/docs/intro_installation_univ-iso/index.html b/docs/intro_installation_univ-iso/index.html index e779a3aa89..2fee2e134c 100644 --- a/docs/intro_installation_univ-iso/index.html +++ b/docs/intro_installation_univ-iso/index.html @@ -6,7 +6,7 @@ SSR Image-based ISO Installation Overview | SSN Docs - + diff --git a/docs/intro_otp_iso_install/index.html b/docs/intro_otp_iso_install/index.html index f5584a63c1..7fbf017365 100644 --- a/docs/intro_otp_iso_install/index.html +++ b/docs/intro_otp_iso_install/index.html @@ -6,7 +6,7 @@ Router Installation Using OTP | SSN Docs - + diff --git a/docs/intro_rest_graphql_apis/index.html b/docs/intro_rest_graphql_apis/index.html index 545bf4264f..e91b36e093 100644 --- a/docs/intro_rest_graphql_apis/index.html +++ b/docs/intro_rest_graphql_apis/index.html @@ -6,7 +6,7 @@ Introduction to REST and GraphQL APIs | SSN Docs - + diff --git a/docs/intro_rollback/index.html b/docs/intro_rollback/index.html index 741cfd909b..571ca50a77 100644 --- a/docs/intro_rollback/index.html +++ b/docs/intro_rollback/index.html @@ -6,7 +6,7 @@ Rolling Back Software | SSN Docs - + diff --git a/docs/intro_system_reqs/index.html b/docs/intro_system_reqs/index.html index b516e8abc9..275499796b 100644 --- a/docs/intro_system_reqs/index.html +++ b/docs/intro_system_reqs/index.html @@ -6,7 +6,7 @@ System Requirements | SSN Docs - + diff --git a/docs/intro_upgrade_considerations/index.html b/docs/intro_upgrade_considerations/index.html index cc51b7eca6..9a2be05814 100644 --- a/docs/intro_upgrade_considerations/index.html +++ b/docs/intro_upgrade_considerations/index.html @@ -6,7 +6,7 @@ Upgrade Considerations | SSN Docs - + diff --git a/docs/intro_upgrading/index.html b/docs/intro_upgrading/index.html index 94c1cdeb1a..c9e8241f73 100644 --- a/docs/intro_upgrading/index.html +++ b/docs/intro_upgrading/index.html @@ -6,7 +6,7 @@ Upgrade Overview | SSN Docs - + diff --git a/docs/intro_wa_quickstart_3_templates/index.html b/docs/intro_wa_quickstart_3_templates/index.html index 36a7c52a01..62a6ced546 100644 --- a/docs/intro_wa_quickstart_3_templates/index.html +++ b/docs/intro_wa_quickstart_3_templates/index.html @@ -6,7 +6,7 @@ WAN Edge Templates | SSN Docs - + diff --git a/docs/intro_wa_quickstart_4_siteassign/index.html b/docs/intro_wa_quickstart_4_siteassign/index.html index e3239b0661..05cb0736a0 100644 --- a/docs/intro_wa_quickstart_4_siteassign/index.html +++ b/docs/intro_wa_quickstart_4_siteassign/index.html @@ -6,7 +6,7 @@ Add Device to Site | SSN Docs - + diff --git a/docs/legacy_OTP_install/index.html b/docs/legacy_OTP_install/index.html index 170c3c37ba..0cc9bedfe3 100644 --- a/docs/legacy_OTP_install/index.html +++ b/docs/legacy_OTP_install/index.html @@ -6,7 +6,7 @@ Installing Using the Pre-5.0 Interactive ISO | SSN Docs - + diff --git a/docs/merged_markdown_example/index.html b/docs/merged_markdown_example/index.html index 98b455aef0..aa18978ef2 100644 --- a/docs/merged_markdown_example/index.html +++ b/docs/merged_markdown_example/index.html @@ -6,7 +6,7 @@ Example File | SSN Docs - + diff --git a/docs/onboard_ssr_device_otp/index.html b/docs/onboard_ssr_device_otp/index.html index 73afd1e887..8291148284 100644 --- a/docs/onboard_ssr_device_otp/index.html +++ b/docs/onboard_ssr_device_otp/index.html @@ -6,7 +6,7 @@ Onboard an SSR Device using OTP | SSN Docs - + diff --git a/docs/onboard_ssr_to_conductor/index.html b/docs/onboard_ssr_to_conductor/index.html index 8de9e59406..1c45f667c9 100644 --- a/docs/onboard_ssr_to_conductor/index.html +++ b/docs/onboard_ssr_to_conductor/index.html @@ -6,7 +6,7 @@ Onboard an SSR Device to a Conductor | SSN Docs - + diff --git a/docs/plugin_bgp_community_services/index.html b/docs/plugin_bgp_community_services/index.html index 5a4d7ccbaa..e64e6dfe4a 100644 --- a/docs/plugin_bgp_community_services/index.html +++ b/docs/plugin_bgp_community_services/index.html @@ -6,7 +6,7 @@ BGP Community Services Plugin | SSN Docs - + diff --git a/docs/plugin_cloud_ha/index.html b/docs/plugin_cloud_ha/index.html index f3118e1850..c9ba7c768a 100644 --- a/docs/plugin_cloud_ha/index.html +++ b/docs/plugin_cloud_ha/index.html @@ -6,7 +6,7 @@ Cloud High Availability Plugin | SSN Docs - + diff --git a/docs/plugin_dns_app_id/index.html b/docs/plugin_dns_app_id/index.html index 5f7481e99a..e71442b414 100644 --- a/docs/plugin_dns_app_id/index.html +++ b/docs/plugin_dns_app_id/index.html @@ -6,7 +6,7 @@ DNS App Id Plugin | SSN Docs - + diff --git a/docs/plugin_dns_cache/index.html b/docs/plugin_dns_cache/index.html index 281513294c..8dc40c34e5 100644 --- a/docs/plugin_dns_cache/index.html +++ b/docs/plugin_dns_cache/index.html @@ -6,7 +6,7 @@ DNS Cache Plugin | SSN Docs - + diff --git a/docs/plugin_gre/index.html b/docs/plugin_gre/index.html index 445faf9f03..928178f3ef 100644 --- a/docs/plugin_gre/index.html +++ b/docs/plugin_gre/index.html @@ -6,7 +6,7 @@ GRE Plugin | SSN Docs - + diff --git a/docs/plugin_ha_sync_redundancy/index.html b/docs/plugin_ha_sync_redundancy/index.html index 8ee035680e..cbc6deb050 100644 --- a/docs/plugin_ha_sync_redundancy/index.html +++ b/docs/plugin_ha_sync_redundancy/index.html @@ -6,7 +6,7 @@ HA Sync Redundancy Plugin | SSN Docs - + diff --git a/docs/plugin_http_probe/index.html b/docs/plugin_http_probe/index.html index ccbd2acee3..64e036ae1f 100644 --- a/docs/plugin_http_probe/index.html +++ b/docs/plugin_http_probe/index.html @@ -6,7 +6,7 @@ HTTP Probe Reachability Detection Plugin | SSN Docs - + diff --git a/docs/plugin_icmp_reachability_detection/index.html b/docs/plugin_icmp_reachability_detection/index.html index 46a8f24fb6..d92b90e014 100644 --- a/docs/plugin_icmp_reachability_detection/index.html +++ b/docs/plugin_icmp_reachability_detection/index.html @@ -6,7 +6,7 @@ ICMP Reachability Detection Plugin | SSN Docs - + diff --git a/docs/plugin_intro/index.html b/docs/plugin_intro/index.html index fe34a026e2..a4cb771f02 100644 --- a/docs/plugin_intro/index.html +++ b/docs/plugin_intro/index.html @@ -6,7 +6,7 @@ Introduction to Plugins | SSN Docs - + diff --git a/docs/plugin_ipsec_client/index.html b/docs/plugin_ipsec_client/index.html index 1715c6cc03..701baac712 100644 --- a/docs/plugin_ipsec_client/index.html +++ b/docs/plugin_ipsec_client/index.html @@ -6,7 +6,7 @@ IPsec Client plugin | SSN Docs - + diff --git a/docs/plugin_kni_namespace_scripts/index.html b/docs/plugin_kni_namespace_scripts/index.html index febb7a88e7..6cd3ebdf07 100644 --- a/docs/plugin_kni_namespace_scripts/index.html +++ b/docs/plugin_kni_namespace_scripts/index.html @@ -6,7 +6,7 @@ Kernel Network Namespace Scripts | SSN Docs - + diff --git a/docs/plugin_loopback_static_routes/index.html b/docs/plugin_loopback_static_routes/index.html index 375d916dd6..1e45e2ad59 100644 --- a/docs/plugin_loopback_static_routes/index.html +++ b/docs/plugin_loopback_static_routes/index.html @@ -6,7 +6,7 @@ Loopback Static Routes Plugin | SSN Docs - + diff --git a/docs/plugin_m800_watchdog/index.html b/docs/plugin_m800_watchdog/index.html index 45c943f265..7efa3dbd69 100644 --- a/docs/plugin_m800_watchdog/index.html +++ b/docs/plugin_m800_watchdog/index.html @@ -6,7 +6,7 @@ M800 Watchdog | SSN Docs - + diff --git a/docs/plugin_monitoring_agent/index.html b/docs/plugin_monitoring_agent/index.html index 0fa3f8a972..8d29a3570e 100644 --- a/docs/plugin_monitoring_agent/index.html +++ b/docs/plugin_monitoring_agent/index.html @@ -6,7 +6,7 @@ Monitoring Agent Plugin | SSN Docs - + diff --git a/docs/plugin_mosh/index.html b/docs/plugin_mosh/index.html index 06b764d19b..84d354ba6f 100644 --- a/docs/plugin_mosh/index.html +++ b/docs/plugin_mosh/index.html @@ -6,7 +6,7 @@ Mosh Plugin | SSN Docs - + diff --git a/docs/plugin_set_hostname/index.html b/docs/plugin_set_hostname/index.html index 2b60770189..e06bf09f01 100644 --- a/docs/plugin_set_hostname/index.html +++ b/docs/plugin_set_hostname/index.html @@ -6,7 +6,7 @@ Set Hostname | SSN Docs - + diff --git a/docs/plugin_sip_alg/index.html b/docs/plugin_sip_alg/index.html index 317615c5e4..3749d180cd 100644 --- a/docs/plugin_sip_alg/index.html +++ b/docs/plugin_sip_alg/index.html @@ -6,7 +6,7 @@ SIP ALG Plugin | SSN Docs - + diff --git a/docs/plugin_wireguard/index.html b/docs/plugin_wireguard/index.html index 3ee9e50eb6..99419f181d 100644 --- a/docs/plugin_wireguard/index.html +++ b/docs/plugin_wireguard/index.html @@ -6,7 +6,7 @@ Wireguard Plugin | SSN Docs - + diff --git a/docs/release_notes_128t_4.0/index.html b/docs/release_notes_128t_4.0/index.html index 8616b708b0..19b64d19ef 100644 --- a/docs/release_notes_128t_4.0/index.html +++ b/docs/release_notes_128t_4.0/index.html @@ -6,7 +6,7 @@ 128T 4.0 Release Notes | SSN Docs - + diff --git a/docs/release_notes_128t_4.1/index.html b/docs/release_notes_128t_4.1/index.html index ab7dae4e1c..5d05b500c9 100644 --- a/docs/release_notes_128t_4.1/index.html +++ b/docs/release_notes_128t_4.1/index.html @@ -6,7 +6,7 @@ 128T 4.1 Release Notes | SSN Docs - + diff --git a/docs/release_notes_128t_4.2/index.html b/docs/release_notes_128t_4.2/index.html index 1903e42233..ff01b54bc5 100644 --- a/docs/release_notes_128t_4.2/index.html +++ b/docs/release_notes_128t_4.2/index.html @@ -6,7 +6,7 @@ 128T 4.2 Release Notes | SSN Docs - + diff --git a/docs/release_notes_128t_4.3/index.html b/docs/release_notes_128t_4.3/index.html index d0885a9c2c..3e89f624f8 100644 --- a/docs/release_notes_128t_4.3/index.html +++ b/docs/release_notes_128t_4.3/index.html @@ -6,7 +6,7 @@ 128T 4.3 Release Notes | SSN Docs - + diff --git a/docs/release_notes_128t_4.4/index.html b/docs/release_notes_128t_4.4/index.html index ad6a75a790..bd585e4caa 100644 --- a/docs/release_notes_128t_4.4/index.html +++ b/docs/release_notes_128t_4.4/index.html @@ -6,7 +6,7 @@ 128T 4.4 Release Notes | SSN Docs - + diff --git a/docs/release_notes_128t_4.5/index.html b/docs/release_notes_128t_4.5/index.html index 5ad3c00b7d..de745cc032 100644 --- a/docs/release_notes_128t_4.5/index.html +++ b/docs/release_notes_128t_4.5/index.html @@ -6,7 +6,7 @@ 128T 4.5 Release Notes | SSN Docs - + diff --git a/docs/release_notes_128t_5.0/index.html b/docs/release_notes_128t_5.0/index.html index 26a673628b..32acd17232 100644 --- a/docs/release_notes_128t_5.0/index.html +++ b/docs/release_notes_128t_5.0/index.html @@ -6,7 +6,7 @@ 128T 5.0 Release Notes | SSN Docs - + diff --git a/docs/release_notes_128t_5.1/index.html b/docs/release_notes_128t_5.1/index.html index dfb89f30bc..ce854cca8c 100644 --- a/docs/release_notes_128t_5.1/index.html +++ b/docs/release_notes_128t_5.1/index.html @@ -6,7 +6,7 @@ SSR 5.1 Release Notes | SSN Docs - + diff --git a/docs/release_notes_128t_5.2/index.html b/docs/release_notes_128t_5.2/index.html index dfab4a0da4..41b37e8828 100644 --- a/docs/release_notes_128t_5.2/index.html +++ b/docs/release_notes_128t_5.2/index.html @@ -6,7 +6,7 @@ SSR 5.2 Release Notes | SSN Docs - + diff --git a/docs/release_notes_128t_5.3/index.html b/docs/release_notes_128t_5.3/index.html index cc7696eabd..bb66c69e0c 100644 --- a/docs/release_notes_128t_5.3/index.html +++ b/docs/release_notes_128t_5.3/index.html @@ -6,7 +6,7 @@ SSR 5.3 Release Notes | SSN Docs - + diff --git a/docs/release_notes_128t_5.4/index.html b/docs/release_notes_128t_5.4/index.html index 8064339106..cd3e7e2681 100644 --- a/docs/release_notes_128t_5.4/index.html +++ b/docs/release_notes_128t_5.4/index.html @@ -6,7 +6,7 @@ SSR 5.4 Release Notes | SSN Docs - + diff --git a/docs/release_notes_128t_5.5/index.html b/docs/release_notes_128t_5.5/index.html index 235affb0c5..ee39a1bc0d 100644 --- a/docs/release_notes_128t_5.5/index.html +++ b/docs/release_notes_128t_5.5/index.html @@ -6,7 +6,7 @@ SSR 5.5 Release Notes | SSN Docs - + diff --git a/docs/release_notes_128t_5.6/index.html b/docs/release_notes_128t_5.6/index.html index 88158fbab2..d793ec7846 100644 --- a/docs/release_notes_128t_5.6/index.html +++ b/docs/release_notes_128t_5.6/index.html @@ -6,7 +6,7 @@ SSR 5.6 Release Notes | SSN Docs - + @@ -28,15 +28,150 @@

Upgra
  • Plugin Upgrades: If you are running with plugins, updates are required for some plugins before upgrading the conductor to SSR version 5.4.0 or higher. Please review the Plugin Configuration Generation Changes for additional information.
+

Release 5.6.16-16

+

Release Date: November 25, 2024

+

Resolved Issues

+
    +
  • The following CVE's have been identified and addressed in this release: +CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094, CVE-2019-13631, CVE-2019-15505, CVE-2019-25162, CVE-2020-25656, CVE-2020-36777, CVE-2021-3753, CVE-2021-4204, CVE-2021-46934, CVE-2021-47013, CVE-2021-47055, CVE-2021-47118, CVE-2021-47153, CVE-2021-47171, CVE-2021-47185, CVE-2022-0500, CVE-2022-23222, CVE-2022-3565, CVE-2022-45934, CVE-2022-48627, CVE-2022-48669, CVE-2023-1513, CVE-2023-24023, CVE-2023-25775, CVE-2023-28464, CVE-2023-31083, CVE-2023-3567, CVE-2023-37453, CVE-2023-38409, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-39198, CVE-2023-4133, CVE-2023-4244, CVE-2023-42754, CVE-2023-42755, CVE-2023-45863, CVE-2023-51779, CVE-2023-51780, CVE-2023-52340, CVE-2023-52434, CVE-2023-52439, CVE-2023-52445, CVE-2023-52448, CVE-2023-52477, CVE-2023-52489, CVE-2023-52513, CVE-2023-52520, CVE-2023-52528, CVE-2023-52565, CVE-2023-52574, CVE-2023-52578, CVE-2023-52580, CVE-2023-52581, CVE-2023-52594, CVE-2023-52595, CVE-2023-52598, CVE-2023-52606, CVE-2023-52607, CVE-2023-52610, CVE-2023-52620, CVE-2023-6121, CVE-2023-6176, CVE-2023-6240, CVE-2023-6622, CVE-2023-6915, CVE-2023-6932, CVE-2024-0340, CVE-2024-0841, CVE-2024-23307, CVE-2024-25742, CVE-2024-25743, CVE-2024-25744, CVE-2024-26593, CVE-2024-26602, CVE-2024-26603, CVE-2024-26609, CVE-2024-26610, CVE-2024-26615, CVE-2024-26642, CVE-2024-26643, CVE-2024-26659, CVE-2024-26664, CVE-2024-26671, CVE-2024-26693, CVE-2024-26694, CVE-2024-26743, CVE-2024-26744, CVE-2024-26779, CVE-2024-26872, CVE-2024-26892, CVE-2024-26897, CVE-2024-26901, CVE-2024-26919, CVE-2024-26933, CVE-2024-26934, CVE-2024-26964, CVE-2024-26973, CVE-2024-26993, CVE-2024-27014, CVE-2024-27048, CVE-2024-27052, CVE-2024-27056, CVE-2024-27059, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602, CVE-2024-32487, CVE-2023-4408, CVE-2023-50387, CVE-2023-50868, CVE-2023-4408, CVE-2023-50387, CVE-2023-50868, CVE-2024-3596.
    • +
+
+
    +
  • I95-47195, I95-47196, I95-49015, I95-49599, I95-56682 Forwarding plane crash, causing stranded network namespaces when LTE/PPPoE network-interface name is changed: Implemented reinit script to reiniatilize namespace, KNI and target-interface after a configuration change in the network-interface.
    • +
+
+
    +
  • I95-49018 Peers are not coming up for PPPoE interface on a standalone setup: Reintroduced network reinit script to reinitialize namespace, KNI, and target-interface after a config change in the network-interface, or under abnormal conditions such as the target-interface being moved out from the namespace.
    • +
+
+ +
+
    +
  • I95-49712 Configuration validation error uniformative: Resolved an issue that when configuring an SSR, invalid configuration parameters were returning errors that were not specific enough to allow the user to locate the invalid configuration. Now when invalid configuration elements are identified during validation, the messages include relevant information for the invalid element, such as an IP address, node name, router name, interface names, etc.
    • +
+
+
    +
  • I95-56203 The First Article Inspection (FAI) scan archive is empty: Resolved an issue with logrotate clearing all the FAI scan archives. This was due to each archive having a unique name using a timestamp. A different service is now used to rotate the FAI scan files.
    • +
+
+
    +
  • I95-56236 Routers unable to onboard after upgrading the Conductor: Resolved an issue where the automated provisioner and the Quickstart processes overlapped, preventing the device state from being reviewed for errors, which stopped the onboarding process.
    • +
+
+
    +
  • I95-56326 / I95-57000 Potential crash while collecting TSI: Added protection against unmapped memory access to resolve an issue where, if a TSI is collected at just the wrong time, it can cause a highway crash.
    • +
+
+
    +
  • I95-56455 Zero-byte files when updating conductor hardware using an OTP image: A check has been added to verify that api.key and router-api.key are non-zero length and valid. If not, the keys are regenerated.
    • +
+
+
    +
  • I95-56527 Failure to validate and commit config; system incorrectly expected escape sequence: Resolved an issue where capture-filter expected an escape sequence for input when it was not necessary.
    • +
+
+
    +
  • I95-56575 Reduce polling rate of disk monitoring and add optimization: The disk monitoring agent polling frequently is inefficient. Reduced the frequency that disk usage is checked, and streamlined the process.
    • +
+
+
    +
  • I95-56612 fib-service-match any-match missing some FIB entries: Resolved an issue when a service-address was more specific than the last route update, a search for other less specific services was not performed. Now when the service address update is more specific, additional searches will continue.
    • +
+
+
    +
  • I95-56715 Address validation in migrate feature in conductor UI is not working correctly: Resolved an isssue between the client and the server during the use of the GUI migrate operation, where the conductor address was not read correctly, and returning an irrelevant error message.
    • +
+
+
    +
  • I95-56726 No Timeout Queue message logged in cases where a config commit fails, or a conductor fails to load a config on startup: Resolved an issue with ThreadPoolWithExternalPoller that resulted in a stack trace in the logs which starts with message No TimeoutQueue:.
    • +
+
+
    +
  • I95-56727 Domain names that begin with numbers are not allowed to be configured: Warnings are no longer generated for domain-name elements of service configurations which have labels beginning with a number, for example 123.abc.com.
    • +
+
+
    +
  • I95-56822 Router stuck in a continuous upgrade/failure state: DNS name servers changes on the conductor are not honored. In cases where the DNS configuration changed post boot, the conductor software proxy would not reload the config. In this scenario the proxied router software requests would use an out of date DNS configuration for the proxied requests, resulting in failure.
    • +
+
+
    +
  • I95-56827 NTP Auth key only permits keys of 20 or 40 characters: Loosened restrictions on NTP server key length to allow plaintext keys.
    • +
+
+
    +
  • I95-56843 Error logs filled with irrelevant KNI network script info: The log output has been reduced to provide related information.
    • +
+
+
    +
  • I95-56847 lte / pppoe default-route check incorrectly reporting warnings: Resolved an issue where warnings were incorrectly shown on the conductor for interfaces without default-route or management-vector configured.
    • +
+
+
    +
  • I95-56850 Overlap warning on router not present on conductor: Resolved a case where a service on a router is configured with applies-to, and the same service is configured on the conductor (overlap) but does not have applies-to configured, the validation process will generate a warning on the router but not the conductor.
    • +
+
+
    +
  • I95-56879 PPPoE stopped working: Resolved an issue where the system configuration for the PPPoE interface was missing LCP_FAILURE and LCP_INTERVAL fileds. These fields are now set correctly.
    • +
+
+
    +
  • I95-56973 Child services do not inherit the service-path configurations from the parent service: Resolved an issue where child service routes for peers were not inheriting vectors and the enable-failover field.
    • +
+
+
    +
  • I95-57017 Application ID failed to block some domains: Resolved an issue where DPI failed to identify the domain-name from SNI if the client-hello is split up into multiple TCP packet segments.
    • +
+
+
    +
  • I95-57082 Unable to delete a capture-filter that contains a forward slash (/): This issue has been resolved.
    • +
+
+
    +
  • I95-57110 Crash seen during add and delete peers while sending traffic: A race condition has been fixed that could cause a crash in the packet-processing highway process if a peer-path is removed from configuration.
    • +
+
+
    +
  • I95-57114 Unable to upgrade AWS Conductor: Resolved an issue where an incorrect package version was installed, triggering a downgrade and preventing the upgrade.
    • +
+
+
    +
  • I95-57205 Race condition on startup with DHCP configured on LTE or PPPoE interface, causing system to crash: This issue has been resolved.
    • +
+
+
    +
  • I95-57538 WayPoint exception - failing to allocate waypoint ports on mesh peer re-establishment: Resolved an issue where a configuration change may cause existing waypoint ports to become invalidated, creating an exhaustion scenario.
    • +
+
+
    +
  • I95-57578 Candidate configuration values not showing in GUI: Resolved an issue that caused configuration drop-downs in the GUI for tenants and services to only display values from the running configuration, not the candidate configuration.
    • +
+
+
    +
  • I95-57593 No option to require password change on first login: Added a Require Password Change On First Login checkbox to the Create User dialog. Previously this feature was only available in the create-user command.
    • +
+
+
    +
  • I95-58201 Increase AMD performance: Throughput performance on AMD processors has been improved through the tuning of some kernel parameters.
    • +
+
+
    +
  • I95-58528 SSR OS renaming: The SSR OS has been renamed/rebranded from "CentOS7" to "SSR OS" to more accurately reflect its customized Linux distribution. All internal naming has been updated.
    • +
+
+
    +
  • I95-58682 Adjust the inactivity timer range to allow for Azure policy limits: Updated the inactivity-timer range to allow for values as low as 30 seconds. Resoved an issue that would have used an incorrect default setting of 3600 instead of 900 seconds in certain scenarios.
    • +

Release 5.6.15-1

Release Date: June 27, 2024

-

Resolved Issues

+

Resolved Issues

  • The following CVE's have been identified and addressed in this release: CVE-2024-2973

Release 5.6.14-7

Release Date: May 14, 2024

-

Resolved Issues

+

Resolved Issues

  • The following CVE's have been identified and addressed in this release: CVE-2020-22218, CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952, CVE-2023-40217, CVE-2023-20569, CVE-2022-43552, CVE-2023-48795, CVE-2023-2176, CVE-2023-40283, CVE-2023-4623, CVE-2024-22019, CVE-2023-46724,CVE-2023-46728, CVE-2023-49285, CVE-2023-49286, CVE-2023-50269, CVE-2024-25617.
@@ -170,7 +305,7 @@

Resolved I

Release 5.6.13-7

Release Date: January 30, 2024

-

Resolved Issues

+

Resolved Issues

  • The following CVE's have been identified and addressed in this release: CVE-2022-41974, CVE-2023-32360, CVE-2023-22045, CVE-2023-22049, CVE-2022-41741, CVE-2022-41742, CVE-2020-12321, CVE-2023-2650, CVE-2023-3446, CVE-2023-3817, CVE-2023-3341, CVE-2023-22081, CVE-2022-0934, CVE-2023-46847, CVE-2021-43975, CVE-2022-28388, CVE-2022-3594, CVE-2022-3640, CVE-2022-38457, CVE-2022-40133, CVE-2022-40982, CVE-2022-42895, CVE-2022-45869, CVE-2022-45887, CVE-2022-4744, CVE-2023-0458, CVE-2023-0590, CVE-2023-0597, CVE-2023-1073, CVE-2023-1074, CVE-2023-1075, CVE-2023-1079, CVE-2023-1118, CVE-2023-1206, CVE-2023-1252, CVE-2023-1382, CVE-2023-1855, CVE-2023-1989, CVE-2023-1998, CVE-2023-23455, CVE-2023-2513, CVE-2023-26545, CVE-2023-28328, CVE-2023-28772, CVE-2023-30456, CVE-2023-31084, CVE-2023-3141, CVE-2023-31436, CVE-2023-3161, CVE-2023-3212, CVE-2023-3268, CVE-2023-33203, CVE-2023-33951, CVE-2023-33952, CVE-2023-35823, CVE-2023-35824, CVE-2023-35825, CVE-2023-3609, CVE-2023-3611, CVE-2023-3772, CVE-2023-4128, CVE-2023-4132, CVE-2023-4155, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208, CVE-2023-4732, CVE-2022-45884, CVE-2022-45886, CVE-2022-45919, CVE-2023-1192, CVE-2023-2163, CVE-2023-3812, CVE-2023-5178, CVE-2023-38406, CVE-2023-38407, CVE-2023-47234, CVE-2023-47235.
@@ -329,7 +464,7 @@

Resolved I

Release 5.6.12-1

Release Date: October 20, 2023

-

Resolved Issues

+

Resolved Issues

  • I95-53833 Timeout prevents startup: Resolved a regression introduced in 5.6.11 in the SSR reboot startup logic. If any of the processes took longer than 30 seconds to complete, the startup sequence was abandoned and rendered the platform inoperable. This issue has been resolved.
@@ -347,7 +482,7 @@

Resolved Issues

+

Resolved Issues

  • The following CVE's have been identified and addressed in this release: CVE-2021-26341, CVE-2021-33655, CVE-2021-33656, CVE-2022-1462, CVE-2022-1679, CVE-2022-1789, CVE-2022-2196, CVE-2022-2663, CVE-2022-3028, CVE-2022-3239, CVE-2022-3522, CVE-2022-3524, CVE-2022-3564, CVE-2022-3566, CVE-2022-3567, CVE-2022-3619 ,CVE-2022-3623, CVE-2022-3625, CVE-2022-3628, CVE-2022-3707, CVE-2022-4129, CVE-2022-20141, CVE-2022-25265, CVE-2022-30594, CVE-2022-39188, CVE-2022-39189, CVE-2022-41218, CVE-2022-41674, CVE-2022-42703, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722, CVE-2022-43750, CVE-2022-47929, CVE-2023-0394, CVE-2023-0461, CVE-2023-1195, CVE-2023-1582, CVE-2023-23454, CVE-2023-32233, CVE-2023-28466, CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968, CVE-2023-24329, CVE-2023-32067, CVE-2023-24329, CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968, CVE-2023-2828, CVE-2023-38408, CVE-2023-20569, CVE-2023-20593, CVE-2023-38802.
@@ -458,7 +593,7 @@

OSPF SPF Timers. -

Resolved Issues

+

Resolved Issues

  • The following CVE have been identified and addressed in this release: I95-51758, I95-52495, I95-52496, I95-52497, I95-52509, I95-52625.
@@ -521,7 +656,7 @@

Resolved Issues

+

Resolved Issues

  • I95-47960 Incorrect progress message for show dns resolutions: The progress message for this command now correctly displays Retrieving dns resolutions....
@@ -664,7 +799,7 @@

Resolved Issues

+

Resolved Issues

  • The following CVE have been identified and addressed in this release: I95-48448, I95-49456, I95-50358, I95-50359, I95-50506, I95-50508, I95-50535, I95-50790.
@@ -861,7 +996,7 @@

Resolved Issues

+

Resolved Issues

important
  • I95-49594 Highway Crash: In a system where any of the following are configured:
      @@ -994,7 +1129,7 @@

      important

      Upgrading to this release version will cause coredump.conf to be re-written with 4G limits for coredumps even if coredump.conf had been updated manually for a higher value!

-

Resolved Issues

+

Resolved Issues

  • I95-46336 Peer connection not established after AWS upgrade: Resolved an issue where an AWS C5 instance size can fail to initialize when more than one accelerated network interface is configured.
@@ -1033,7 +1168,7 @@

CaveatsConfigure the SSR and Network Interfaces section of the Router Installation Using OTP guide.

Release 5.6.5-5

Release Date: December 28, 2022

-

Resolved Issues

+

Resolved Issues

  • The following CVE have been addressed and resolved: I95-48644, I95-48648, I95-48650, I95-48653, I95-49039.
@@ -1167,7 +1302,7 @@

Resolved Issues

+

Resolved Issues

  • I95-48076 SSR Failover on GRE tunnels not working: The base interface giid is now used to identify the state of a GRE tunnel next-hop.
@@ -1209,7 +1344,7 @@

Release 5.6.3-
  • 5.6.3

    • If an HA Conductor queries a disconnected router from the Conductor GUI Router page or from the Conductor PCLI, the conductor may encounter periods of poor performance until the requests time out. The issue has been resolved in the next patch release with I95-48685.

    For immediate resolution on the impacted releases, contact Juniper Technical Support, or your SE.

    Release Date: November 7, 2022

    -

    Resolved Issues

    +

    Resolved Issues

    • I95-32789 Peer metrics unavailable after Conflux synchronization: Resolved an issue with HA routers where the metrics application stops streaming metrics to the peer node after loading configuration.
    @@ -1339,7 +1474,7 @@

    Resolved Issues

    +

    Resolved Issues

    • The following CVE have been addressed and resolved: I95-45056, I95-45059, I95-45060, I95-45123, I95-45165, I95-47482, I95-47483, I95-47484, I95-47485, I95-47805, I95-48048, I95-48049.
    @@ -1529,7 +1664,7 @@

    Resolved Issues

    +

    Resolved Issues

    • The following CVE have been addressed and resolved: I95-45054, I9-45056, I95-45059, I95-45060, I95-45165, I95-46020, I95-46359.
    @@ -1779,7 +1914,7 @@

    New Features
  • I95-43496 BFD for Routing Protocols: BFD support for BGP and OSPF protocols has been added. See Optimizing Routing Protocols: BFD for more information.
    • -

    Resolved Issues

    +

    Resolved Issues

    • I95-36758 Redistributed service route distance not configurable: Support has been added for the configuration of admin distance for kernel routes generated by services with service routes and for BGP over SVR services.
    @@ -1930,6 +2065,6 @@

    CaveatsCorrected Versions

    -
    Router Software VersionMinimum Required Conductor Version
    5.6.05.6.0 or later
    Copyright © 2024 Juniper Networks, Inc.
    +
    Router Software VersionMinimum Required Conductor Version
    5.6.05.6.0 or later
    Copyright © 2024 Juniper Networks, Inc.
    \ No newline at end of file diff --git a/docs/release_notes_128t_6.0/index.html b/docs/release_notes_128t_6.0/index.html index b818271139..ecad677c33 100644 --- a/docs/release_notes_128t_6.0/index.html +++ b/docs/release_notes_128t_6.0/index.html @@ -6,7 +6,7 @@ SSR 6.0 Release Notes | SSN Docs - + diff --git a/docs/release_notes_128t_6.1/index.html b/docs/release_notes_128t_6.1/index.html index da2409f6de..69f7612acf 100644 --- a/docs/release_notes_128t_6.1/index.html +++ b/docs/release_notes_128t_6.1/index.html @@ -6,7 +6,7 @@ SSR 6.1 Release Notes | SSN Docs - + diff --git a/docs/release_notes_128t_6.2/index.html b/docs/release_notes_128t_6.2/index.html index 3827c66743..0360097082 100644 --- a/docs/release_notes_128t_6.2/index.html +++ b/docs/release_notes_128t_6.2/index.html @@ -6,7 +6,7 @@ SSR 6.2 Release Notes | SSN Docs - + diff --git a/docs/release_notes_128t_6.3/index.html b/docs/release_notes_128t_6.3/index.html index 03bd208ddc..cc4c2db438 100644 --- a/docs/release_notes_128t_6.3/index.html +++ b/docs/release_notes_128t_6.3/index.html @@ -6,7 +6,7 @@ SSR 6.3 Release Notes | SSN Docs - + diff --git a/docs/release_notes_128t_installer_2.1/index.html b/docs/release_notes_128t_installer_2.1/index.html index 79b8b954a8..094e3437f4 100644 --- a/docs/release_notes_128t_installer_2.1/index.html +++ b/docs/release_notes_128t_installer_2.1/index.html @@ -6,7 +6,7 @@ Installer 2.1 Release Notes | SSN Docs - + diff --git a/docs/release_notes_128t_installer_2.2/index.html b/docs/release_notes_128t_installer_2.2/index.html index fadb94e01f..6034f61063 100644 --- a/docs/release_notes_128t_installer_2.2/index.html +++ b/docs/release_notes_128t_installer_2.2/index.html @@ -6,7 +6,7 @@ 128T Installer 2.2 Release Notes | SSN Docs - + diff --git a/docs/release_notes_128t_installer_2.3/index.html b/docs/release_notes_128t_installer_2.3/index.html index 0a121be97c..b9b0f90ebf 100644 --- a/docs/release_notes_128t_installer_2.3/index.html +++ b/docs/release_notes_128t_installer_2.3/index.html @@ -6,7 +6,7 @@ Installer 2.3 Release Notes | SSN Docs - + diff --git a/docs/release_notes_128t_installer_2.4/index.html b/docs/release_notes_128t_installer_2.4/index.html index 3d7184e531..7acb56e18c 100644 --- a/docs/release_notes_128t_installer_2.4/index.html +++ b/docs/release_notes_128t_installer_2.4/index.html @@ -6,7 +6,7 @@ Installer 2.4 Release Notes | SSN Docs - + diff --git a/docs/release_notes_128t_installer_2.5/index.html b/docs/release_notes_128t_installer_2.5/index.html index 70a1583c3b..aac5fed650 100644 --- a/docs/release_notes_128t_installer_2.5/index.html +++ b/docs/release_notes_128t_installer_2.5/index.html @@ -6,7 +6,7 @@ Installer 2.5 Release Notes | SSN Docs - + diff --git a/docs/release_notes_128t_installer_2.6/index.html b/docs/release_notes_128t_installer_2.6/index.html index a5d6a1eb25..8c08ca5ace 100644 --- a/docs/release_notes_128t_installer_2.6/index.html +++ b/docs/release_notes_128t_installer_2.6/index.html @@ -6,7 +6,7 @@ Installer 2.6 Release Notes | SSN Docs - + diff --git a/docs/release_notes_128t_installer_2.7/index.html b/docs/release_notes_128t_installer_2.7/index.html index 48e30ec508..e13c9c2efa 100644 --- a/docs/release_notes_128t_installer_2.7/index.html +++ b/docs/release_notes_128t_installer_2.7/index.html @@ -6,7 +6,7 @@ 128T Installer 2.7 Release Notes | SSN Docs - + diff --git a/docs/release_notes_128t_installer_3.0/index.html b/docs/release_notes_128t_installer_3.0/index.html index 2241f0908e..9522f32104 100644 --- a/docs/release_notes_128t_installer_3.0/index.html +++ b/docs/release_notes_128t_installer_3.0/index.html @@ -6,7 +6,7 @@ 128T Installer 3.0 Release Notes | SSN Docs - + diff --git a/docs/release_notes_128t_installer_3.1/index.html b/docs/release_notes_128t_installer_3.1/index.html index 0bc26216d2..d91b0bf68d 100644 --- a/docs/release_notes_128t_installer_3.1/index.html +++ b/docs/release_notes_128t_installer_3.1/index.html @@ -6,7 +6,7 @@ SSR Installer 3.1 Release Notes | SSN Docs - + diff --git a/docs/release_notes_128t_installer_3.2/index.html b/docs/release_notes_128t_installer_3.2/index.html index 22b4f0db00..e68c47fdf0 100644 --- a/docs/release_notes_128t_installer_3.2/index.html +++ b/docs/release_notes_128t_installer_3.2/index.html @@ -6,7 +6,7 @@ SSR Installer 3.2 Release Notes | SSN Docs - + diff --git a/docs/release_notes_byol/index.html b/docs/release_notes_byol/index.html index af1829e4b1..bf06ccac7f 100644 --- a/docs/release_notes_byol/index.html +++ b/docs/release_notes_byol/index.html @@ -6,7 +6,7 @@ Bring Your Own License (BYOL) | SSN Docs - + diff --git a/docs/release_notes_byol_2.0/index.html b/docs/release_notes_byol_2.0/index.html index eea31d67d1..18cacb281f 100644 --- a/docs/release_notes_byol_2.0/index.html +++ b/docs/release_notes_byol_2.0/index.html @@ -6,7 +6,7 @@ Bring Your Own License (BYOL) | SSN Docs - + diff --git a/docs/release_notes_wan_assurance_plugin_3.10/index.html b/docs/release_notes_wan_assurance_plugin_3.10/index.html index a40e1d44a9..bc1347ab2b 100644 --- a/docs/release_notes_wan_assurance_plugin_3.10/index.html +++ b/docs/release_notes_wan_assurance_plugin_3.10/index.html @@ -6,7 +6,7 @@ WAN Assurance Plugin 3.10 Release Notes | SSN Docs - + diff --git a/docs/release_notes_wan_assurance_plugin_3.3/index.html b/docs/release_notes_wan_assurance_plugin_3.3/index.html index 666efafe75..74cb4f8269 100644 --- a/docs/release_notes_wan_assurance_plugin_3.3/index.html +++ b/docs/release_notes_wan_assurance_plugin_3.3/index.html @@ -6,7 +6,7 @@ WAN Assurance Plugin 3.3 Release Notes | SSN Docs - + diff --git a/docs/release_notes_wan_assurance_plugin_3.4/index.html b/docs/release_notes_wan_assurance_plugin_3.4/index.html index 62c88b373a..2c35c5153b 100644 --- a/docs/release_notes_wan_assurance_plugin_3.4/index.html +++ b/docs/release_notes_wan_assurance_plugin_3.4/index.html @@ -6,7 +6,7 @@ WAN Assurance Plugin 3.4 Release Notes | SSN Docs - + diff --git a/docs/release_notes_wan_assurance_plugin_3.5/index.html b/docs/release_notes_wan_assurance_plugin_3.5/index.html index 86dbffe0ea..2d8fb13230 100644 --- a/docs/release_notes_wan_assurance_plugin_3.5/index.html +++ b/docs/release_notes_wan_assurance_plugin_3.5/index.html @@ -6,7 +6,7 @@ WAN Assurance Plugin 3.5 Release Notes | SSN Docs - + diff --git a/docs/release_notes_wan_assurance_plugin_3.6/index.html b/docs/release_notes_wan_assurance_plugin_3.6/index.html index 70d9c2ae3e..1c8b21599f 100644 --- a/docs/release_notes_wan_assurance_plugin_3.6/index.html +++ b/docs/release_notes_wan_assurance_plugin_3.6/index.html @@ -6,7 +6,7 @@ WAN Assurance Plugin 3.6 Release Notes | SSN Docs - + diff --git a/docs/release_notes_wan_assurance_plugin_3.7/index.html b/docs/release_notes_wan_assurance_plugin_3.7/index.html index 1f1e1d1b9b..7690c2b8d1 100644 --- a/docs/release_notes_wan_assurance_plugin_3.7/index.html +++ b/docs/release_notes_wan_assurance_plugin_3.7/index.html @@ -6,7 +6,7 @@ WAN Assurance Plugin 3.7 Release Notes | SSN Docs - + diff --git a/docs/release_notes_wan_assurance_plugin_3.8/index.html b/docs/release_notes_wan_assurance_plugin_3.8/index.html index 2976ce6c77..b283d81fef 100644 --- a/docs/release_notes_wan_assurance_plugin_3.8/index.html +++ b/docs/release_notes_wan_assurance_plugin_3.8/index.html @@ -6,7 +6,7 @@ WAN Assurance Plugin 3.8 Release Notes | SSN Docs - + diff --git a/docs/release_notes_wan_assurance_plugin_3.9/index.html b/docs/release_notes_wan_assurance_plugin_3.9/index.html index 9ba3b4a20e..730fc8c36b 100644 --- a/docs/release_notes_wan_assurance_plugin_3.9/index.html +++ b/docs/release_notes_wan_assurance_plugin_3.9/index.html @@ -6,7 +6,7 @@ WAN Assurance Plugin 3.9 Release Notes | SSN Docs - + diff --git a/docs/sec_adaptive_encrypt/index.html b/docs/sec_adaptive_encrypt/index.html index 265cbeabf3..cb80382aa7 100644 --- a/docs/sec_adaptive_encrypt/index.html +++ b/docs/sec_adaptive_encrypt/index.html @@ -6,7 +6,7 @@ Adaptive Encryption | SSN Docs - + diff --git a/docs/sec_firewall_filtering/index.html b/docs/sec_firewall_filtering/index.html index 6dcfb88160..5cbedd0f7a 100644 --- a/docs/sec_firewall_filtering/index.html +++ b/docs/sec_firewall_filtering/index.html @@ -6,7 +6,7 @@ Customizable Firewall Rules and Filters | SSN Docs - + diff --git a/docs/sec_hardening_guidelines/index.html b/docs/sec_hardening_guidelines/index.html index 7bc67d6f19..97eccd036d 100644 --- a/docs/sec_hardening_guidelines/index.html +++ b/docs/sec_hardening_guidelines/index.html @@ -6,7 +6,7 @@ Security Hardening Guidelines | SSN Docs - + diff --git a/docs/sec_security_policy/index.html b/docs/sec_security_policy/index.html index 43687394fd..920395d9a7 100644 --- a/docs/sec_security_policy/index.html +++ b/docs/sec_security_policy/index.html @@ -6,7 +6,7 @@ Security Policies | SSN Docs - + diff --git a/docs/single_conductor_config/index.html b/docs/single_conductor_config/index.html index 524508077f..ed3bc34319 100644 --- a/docs/single_conductor_config/index.html +++ b/docs/single_conductor_config/index.html @@ -6,7 +6,7 @@ Import Configurations to the Conductor | SSN Docs - + diff --git a/docs/single_conductor_install/index.html b/docs/single_conductor_install/index.html index da20950ae0..d678c54f3a 100644 --- a/docs/single_conductor_install/index.html +++ b/docs/single_conductor_install/index.html @@ -6,7 +6,7 @@ Single Conductor Interactive Installation | SSN Docs - + diff --git a/docs/supported_cloud_platforms/index.html b/docs/supported_cloud_platforms/index.html index 2f097c9f04..0d37aa7834 100644 --- a/docs/supported_cloud_platforms/index.html +++ b/docs/supported_cloud_platforms/index.html @@ -6,7 +6,7 @@ Cloud Platform Support | SSN Docs - + diff --git a/docs/ts_ap_duplicate_assets/index.html b/docs/ts_ap_duplicate_assets/index.html index f7a2a7c3f5..cea92f04c0 100644 --- a/docs/ts_ap_duplicate_assets/index.html +++ b/docs/ts_ap_duplicate_assets/index.html @@ -6,7 +6,7 @@ Automated Provisioner: Duplicate Asset ID Error | SSN Docs - + diff --git a/docs/ts_ap_salt_minion/index.html b/docs/ts_ap_salt_minion/index.html index 70f49472c5..058f8eafb1 100644 --- a/docs/ts_ap_salt_minion/index.html +++ b/docs/ts_ap_salt_minion/index.html @@ -6,7 +6,7 @@ Automated Provisioner: Salt Minion | SSN Docs - + diff --git a/docs/ts_applications/index.html b/docs/ts_applications/index.html index b829f8709a..21a5fd2dd8 100644 --- a/docs/ts_applications/index.html +++ b/docs/ts_applications/index.html @@ -6,7 +6,7 @@ Application Troubleshooting | SSN Docs - + diff --git a/docs/ts_connecting_to_routers/index.html b/docs/ts_connecting_to_routers/index.html index e739bb8d97..3350f54bfb 100644 --- a/docs/ts_connecting_to_routers/index.html +++ b/docs/ts_connecting_to_routers/index.html @@ -6,7 +6,7 @@ Connecting to Routers from a Conductor | SSN Docs - + diff --git a/docs/ts_cpu_spikes/index.html b/docs/ts_cpu_spikes/index.html index 4d387be92f..2a56ab35da 100644 --- a/docs/ts_cpu_spikes/index.html +++ b/docs/ts_cpu_spikes/index.html @@ -6,7 +6,7 @@ CPU Spikes | SSN Docs - + diff --git a/docs/ts_fib/index.html b/docs/ts_fib/index.html index 1befc66e1e..20cc1df1fc 100644 --- a/docs/ts_fib/index.html +++ b/docs/ts_fib/index.html @@ -6,7 +6,7 @@ FIB Troubleshooting | SSN Docs - + diff --git a/docs/ts_forwarding_resource_pools/index.html b/docs/ts_forwarding_resource_pools/index.html index 2fe77d5feb..c1a4dca0a9 100644 --- a/docs/ts_forwarding_resource_pools/index.html +++ b/docs/ts_forwarding_resource_pools/index.html @@ -6,7 +6,7 @@ Forwarding Plane Resource Pools | SSN Docs - + diff --git a/docs/ts_idp/index.html b/docs/ts_idp/index.html index 482f107059..fbd70af7f2 100644 --- a/docs/ts_idp/index.html +++ b/docs/ts_idp/index.html @@ -6,7 +6,7 @@ Troubleshooting IDP | SSN Docs - + diff --git a/docs/ts_logs/index.html b/docs/ts_logs/index.html index dafe23d25c..1b49d8ebc5 100644 --- a/docs/ts_logs/index.html +++ b/docs/ts_logs/index.html @@ -6,7 +6,7 @@ Understanding Logs on the SSR | SSN Docs - + diff --git a/docs/ts_mac_uniqueness/index.html b/docs/ts_mac_uniqueness/index.html index 6943f68362..12c5fdad01 100644 --- a/docs/ts_mac_uniqueness/index.html +++ b/docs/ts_mac_uniqueness/index.html @@ -6,7 +6,7 @@ MAC Address Uniqueness | SSN Docs - + diff --git a/docs/ts_nat_troubleshooting/index.html b/docs/ts_nat_troubleshooting/index.html index d20f94fd77..0736441642 100644 --- a/docs/ts_nat_troubleshooting/index.html +++ b/docs/ts_nat_troubleshooting/index.html @@ -6,7 +6,7 @@ NAT Troubleshooting | SSN Docs - + diff --git a/docs/ts_packet_capture/index.html b/docs/ts_packet_capture/index.html index 3684d004fb..85e61f9249 100644 --- a/docs/ts_packet_capture/index.html +++ b/docs/ts_packet_capture/index.html @@ -6,7 +6,7 @@ Packet Capture | SSN Docs - + diff --git a/docs/ts_serial_console_tsing/index.html b/docs/ts_serial_console_tsing/index.html index 4a6f0747e4..7b3a46297a 100644 --- a/docs/ts_serial_console_tsing/index.html +++ b/docs/ts_serial_console_tsing/index.html @@ -6,7 +6,7 @@ Serial Console Troubleshooting | SSN Docs - + diff --git a/docs/ts_session_processing/index.html b/docs/ts_session_processing/index.html index 3805388b1f..39953998cb 100644 --- a/docs/ts_session_processing/index.html +++ b/docs/ts_session_processing/index.html @@ -6,7 +6,7 @@ Troubleshooting Session Processing | SSN Docs - + diff --git a/docs/ts_step/index.html b/docs/ts_step/index.html index 53c9266907..fa1feba871 100644 --- a/docs/ts_step/index.html +++ b/docs/ts_step/index.html @@ -6,7 +6,7 @@ Troubleshooting STEP | SSN Docs - + diff --git a/docs/ts_t1_troubleshooting/index.html b/docs/ts_t1_troubleshooting/index.html index 0a674cda5c..d6ace86de7 100644 --- a/docs/ts_t1_troubleshooting/index.html +++ b/docs/ts_t1_troubleshooting/index.html @@ -6,7 +6,7 @@ T1 Troubleshooting | SSN Docs - + diff --git a/docs/ts_traceroute/index.html b/docs/ts_traceroute/index.html index 5902c7d5af..6a4d082d7e 100644 --- a/docs/ts_traceroute/index.html +++ b/docs/ts_traceroute/index.html @@ -6,7 +6,7 @@ Traceroute | SSN Docs - + diff --git a/docs/ts_troubleshooting_vrf/index.html b/docs/ts_troubleshooting_vrf/index.html index f60217da87..f549c3cc33 100644 --- a/docs/ts_troubleshooting_vrf/index.html +++ b/docs/ts_troubleshooting_vrf/index.html @@ -6,7 +6,7 @@ Troubleshooting VRF | SSN Docs - + diff --git a/docs/upgrade_ibu_conductor/index.html b/docs/upgrade_ibu_conductor/index.html index 91a9136c29..ed92a39a24 100644 --- a/docs/upgrade_ibu_conductor/index.html +++ b/docs/upgrade_ibu_conductor/index.html @@ -6,7 +6,7 @@ Upgrading the Conductor | SSN Docs - + diff --git a/docs/upgrade_legacy/index.html b/docs/upgrade_legacy/index.html index 4058c3d040..05096f00fb 100644 --- a/docs/upgrade_legacy/index.html +++ b/docs/upgrade_legacy/index.html @@ -6,7 +6,7 @@ Legacy Upgrades | SSN Docs - + diff --git a/docs/upgrade_restricted_access/index.html b/docs/upgrade_restricted_access/index.html index ddb6217349..9baef5b385 100644 --- a/docs/upgrade_restricted_access/index.html +++ b/docs/upgrade_restricted_access/index.html @@ -6,7 +6,7 @@ Upgrades with Restricted Internet Access | SSN Docs - + diff --git a/docs/upgrade_router/index.html b/docs/upgrade_router/index.html index 7c60f2f3e4..d8ad39c3e5 100644 --- a/docs/upgrade_router/index.html +++ b/docs/upgrade_router/index.html @@ -6,7 +6,7 @@ Upgrading a Router | SSN Docs - + diff --git a/docs/wan_assurance_ssr1200_quickstart/index.html b/docs/wan_assurance_ssr1200_quickstart/index.html index 36133cc478..f3f5bfbb88 100644 --- a/docs/wan_assurance_ssr1200_quickstart/index.html +++ b/docs/wan_assurance_ssr1200_quickstart/index.html @@ -6,7 +6,7 @@ SSR1200 Device Onboarding | SSN Docs - + diff --git a/docs/wan_assurance_ssr120_quickstart/index.html b/docs/wan_assurance_ssr120_quickstart/index.html index 1b60102bfa..30d3733e06 100644 --- a/docs/wan_assurance_ssr120_quickstart/index.html +++ b/docs/wan_assurance_ssr120_quickstart/index.html @@ -6,7 +6,7 @@ SSR120 Device Onboarding | SSN Docs - + diff --git a/docs/wan_assurance_ssr1300_quickstart/index.html b/docs/wan_assurance_ssr1300_quickstart/index.html index 0168669302..a07ef0fb09 100644 --- a/docs/wan_assurance_ssr1300_quickstart/index.html +++ b/docs/wan_assurance_ssr1300_quickstart/index.html @@ -6,7 +6,7 @@ SSR1300 Device Onboarding | SSN Docs - + diff --git a/docs/wan_assurance_ssr130_quickstart/index.html b/docs/wan_assurance_ssr130_quickstart/index.html index 02de51efa4..7b3d7e016a 100644 --- a/docs/wan_assurance_ssr130_quickstart/index.html +++ b/docs/wan_assurance_ssr130_quickstart/index.html @@ -6,7 +6,7 @@ SSR130 Device Onboarding | SSN Docs - + diff --git a/docs/wan_assurance_ssr1400_quickstart/index.html b/docs/wan_assurance_ssr1400_quickstart/index.html index bd53ac3daf..dd7d00d3ce 100644 --- a/docs/wan_assurance_ssr1400_quickstart/index.html +++ b/docs/wan_assurance_ssr1400_quickstart/index.html @@ -6,7 +6,7 @@ SSR1400 Device Onboarding | SSN Docs - + diff --git a/docs/wan_assurance_ssr1500_quickstart/index.html b/docs/wan_assurance_ssr1500_quickstart/index.html index 322fa4016c..64e4175d8d 100644 --- a/docs/wan_assurance_ssr1500_quickstart/index.html +++ b/docs/wan_assurance_ssr1500_quickstart/index.html @@ -6,7 +6,7 @@ SSR1500 Device Onboarding | SSN Docs - + diff --git a/docs/wan_onboarding_ssrdevice/index.html b/docs/wan_onboarding_ssrdevice/index.html index b78d6ac9d4..bd1e0de30e 100644 --- a/docs/wan_onboarding_ssrdevice/index.html +++ b/docs/wan_onboarding_ssrdevice/index.html @@ -6,7 +6,7 @@ Adopting a Conductor-Managed SSR | SSN Docs - + diff --git a/docs/wan_onboarding_whitebox/index.html b/docs/wan_onboarding_whitebox/index.html index e4aaef2b4e..8e35e54ae7 100644 --- a/docs/wan_onboarding_whitebox/index.html +++ b/docs/wan_onboarding_whitebox/index.html @@ -6,7 +6,7 @@ Whitebox Onboarding | SSN Docs - + diff --git a/docs/wan_overview/index.html b/docs/wan_overview/index.html index 77b26e9fca..cded64d1a3 100644 --- a/docs/wan_overview/index.html +++ b/docs/wan_overview/index.html @@ -6,7 +6,7 @@ WAN Assurance Overview | SSN Docs - + diff --git a/docs/wan_staging/index.html b/docs/wan_staging/index.html index ef72dc5d3f..e43e5dc7d8 100644 --- a/docs/wan_staging/index.html +++ b/docs/wan_staging/index.html @@ -6,7 +6,7 @@ Whitebox Staging | SSN Docs - + diff --git a/docs/wan_telemetry_enable/index.html b/docs/wan_telemetry_enable/index.html index 8ea5ea1fad..a0bd29d5c1 100644 --- a/docs/wan_telemetry_enable/index.html +++ b/docs/wan_telemetry_enable/index.html @@ -6,7 +6,7 @@ Create a Site | SSN Docs - + diff --git a/docs/wan_telemetry_features/index.html b/docs/wan_telemetry_features/index.html index 39d3f3a907..c06a4a07e2 100644 --- a/docs/wan_telemetry_features/index.html +++ b/docs/wan_telemetry_features/index.html @@ -6,7 +6,7 @@ WAN Assurance Features | SSN Docs - + diff --git a/docs/wan_telemetry_site_assign/index.html b/docs/wan_telemetry_site_assign/index.html index fb70fafffe..2e37071166 100644 --- a/docs/wan_telemetry_site_assign/index.html +++ b/docs/wan_telemetry_site_assign/index.html @@ -6,7 +6,7 @@ Site Assignment | SSN Docs - + diff --git a/docs/wan_telemetry_troubleshooting/index.html b/docs/wan_telemetry_troubleshooting/index.html index 0ae79ac86d..094c9777d5 100644 --- a/docs/wan_telemetry_troubleshooting/index.html +++ b/docs/wan_telemetry_troubleshooting/index.html @@ -6,7 +6,7 @@ Troubleshooting | SSN Docs - + diff --git a/index.html b/index.html index dd335f331a..d797de81a7 100644 --- a/index.html +++ b/index.html @@ -6,7 +6,7 @@ SSN Docs | SSN Docs - + diff --git a/kb/2024/04/24/I95-55904/index.html b/kb/2024/04/24/I95-55904/index.html index 575c8d6123..c0e520d602 100644 --- a/kb/2024/04/24/I95-55904/index.html +++ b/kb/2024/04/24/I95-55904/index.html @@ -6,7 +6,7 @@ Upgrade from 5.6 to 6.1 may result in missing FIB entries | SSN Docs - + diff --git a/kb/2024/04/25/I95-54541/index.html b/kb/2024/04/25/I95-54541/index.html index cea79eda12..2dbb777fff 100644 --- a/kb/2024/04/25/I95-54541/index.html +++ b/kb/2024/04/25/I95-54541/index.html @@ -6,7 +6,7 @@ Unable to bind accelerated networking interfaces in Azure when using vmbus-id | SSN Docs - + diff --git a/kb/2024/04/25/I95-56233/index.html b/kb/2024/04/25/I95-56233/index.html index f78e1c934a..45c1c22691 100644 --- a/kb/2024/04/25/I95-56233/index.html +++ b/kb/2024/04/25/I95-56233/index.html @@ -6,7 +6,7 @@ Packet forwarding stops in AWS after several hours | SSN Docs - + diff --git a/kb/2024/04/25/I95-56437/index.html b/kb/2024/04/25/I95-56437/index.html index d14c5dbd91..6bdf311503 100644 --- a/kb/2024/04/25/I95-56437/index.html +++ b/kb/2024/04/25/I95-56437/index.html @@ -6,7 +6,7 @@ Application Identification incompatible with DSCP Steering | SSN Docs - + diff --git a/kb/2024/04/25/I95-57085/index.html b/kb/2024/04/25/I95-57085/index.html index db7f4bd794..3d39dca39c 100644 --- a/kb/2024/04/25/I95-57085/index.html +++ b/kb/2024/04/25/I95-57085/index.html @@ -6,7 +6,7 @@ Upgrade from 6.1 to 6.2 changes PCI mapping in AWS | SSN Docs - + diff --git a/kb/2024/05/29/I95-56484/index.html b/kb/2024/05/29/I95-56484/index.html index 7e3e01fc26..7212505e0e 100644 --- a/kb/2024/05/29/I95-56484/index.html +++ b/kb/2024/05/29/I95-56484/index.html @@ -6,7 +6,7 @@ High Memory usage for application-director | SSN Docs - + diff --git a/kb/2024/06/25/I95-54838/index.html b/kb/2024/06/25/I95-54838/index.html index aa18194ecc..cca35612cb 100644 --- a/kb/2024/06/25/I95-54838/index.html +++ b/kb/2024/06/25/I95-54838/index.html @@ -6,7 +6,7 @@ Memory Allocation Exception in Device Disabled Error output | SSN Docs - + diff --git a/kb/2024/08/05/PLUGIN-2550/index.html b/kb/2024/08/05/PLUGIN-2550/index.html index bf23932a6f..ebd7ade6b6 100644 --- a/kb/2024/08/05/PLUGIN-2550/index.html +++ b/kb/2024/08/05/PLUGIN-2550/index.html @@ -6,7 +6,7 @@ Highway stuck on startup when IPsec is enabled | SSN Docs - + diff --git a/kb/2024/08/30/I95-56628/index.html b/kb/2024/08/30/I95-56628/index.html index ffd54e034c..7af156fcf5 100644 --- a/kb/2024/08/30/I95-56628/index.html +++ b/kb/2024/08/30/I95-56628/index.html @@ -6,7 +6,7 @@ Unable to upgrade second HA Conductor to 6.3.0 | SSN Docs - + diff --git a/kb/2024/11/06/PLUGIN-2776/index.html b/kb/2024/11/06/PLUGIN-2776/index.html index a1f17ae1c1..b9a82bf964 100644 --- a/kb/2024/11/06/PLUGIN-2776/index.html +++ b/kb/2024/11/06/PLUGIN-2776/index.html @@ -6,7 +6,7 @@ Change in behavior for Salt states for 5.6.16+, 6.1.12+, 6.2.8+, 6.3.x-r2+ | SSN Docs - + diff --git a/kb/archive/index.html b/kb/archive/index.html index a30fd3b9db..31059a83ea 100644 --- a/kb/archive/index.html +++ b/kb/archive/index.html @@ -6,7 +6,7 @@ Archive | SSN Docs - + diff --git a/kb/index.html b/kb/index.html index efa9614066..598e7a0894 100644 --- a/kb/index.html +++ b/kb/index.html @@ -6,7 +6,7 @@ Session Smart Router Knowledge Base Articles | SSN Docs - + diff --git a/kb/tags/5-6-13/index.html b/kb/tags/5-6-13/index.html index 53e0e95400..38cb311040 100644 --- a/kb/tags/5-6-13/index.html +++ b/kb/tags/5-6-13/index.html @@ -6,7 +6,7 @@ One post tagged with "5.6.13" | SSN Docs - + diff --git a/kb/tags/5-6/index.html b/kb/tags/5-6/index.html index b80e93be20..315864f8de 100644 --- a/kb/tags/5-6/index.html +++ b/kb/tags/5-6/index.html @@ -6,7 +6,7 @@ One post tagged with "5.6" | SSN Docs - + diff --git a/kb/tags/6-1-5/index.html b/kb/tags/6-1-5/index.html index cfb775d33d..255fd20bde 100644 --- a/kb/tags/6-1-5/index.html +++ b/kb/tags/6-1-5/index.html @@ -6,7 +6,7 @@ One post tagged with "6.1.5" | SSN Docs - + diff --git a/kb/tags/6-1-7/index.html b/kb/tags/6-1-7/index.html index 0ba1f3c4d2..e77c95a7c0 100644 --- a/kb/tags/6-1-7/index.html +++ b/kb/tags/6-1-7/index.html @@ -6,7 +6,7 @@ 2 posts tagged with "6.1.7" | SSN Docs - + diff --git a/kb/tags/6-1/index.html b/kb/tags/6-1/index.html index 92145aa7a9..25645fa96e 100644 --- a/kb/tags/6-1/index.html +++ b/kb/tags/6-1/index.html @@ -6,7 +6,7 @@ 3 posts tagged with "6.1" | SSN Docs - + diff --git a/kb/tags/6-2-3-r-2/index.html b/kb/tags/6-2-3-r-2/index.html index e6c0ae294f..3f48cd9e7c 100644 --- a/kb/tags/6-2-3-r-2/index.html +++ b/kb/tags/6-2-3-r-2/index.html @@ -6,7 +6,7 @@ 2 posts tagged with "6.2.3-r2" | SSN Docs - + diff --git a/kb/tags/6-2-3/index.html b/kb/tags/6-2-3/index.html index be9df3db80..8436c4bc10 100644 --- a/kb/tags/6-2-3/index.html +++ b/kb/tags/6-2-3/index.html @@ -6,7 +6,7 @@ One post tagged with "6.2.3" | SSN Docs - + diff --git a/kb/tags/6-2-4/index.html b/kb/tags/6-2-4/index.html index 305917a4d6..69e1bc98d6 100644 --- a/kb/tags/6-2-4/index.html +++ b/kb/tags/6-2-4/index.html @@ -6,7 +6,7 @@ One post tagged with "6.2.4" | SSN Docs - + diff --git a/kb/tags/6-2/index.html b/kb/tags/6-2/index.html index 128497bca4..8a9ea7b823 100644 --- a/kb/tags/6-2/index.html +++ b/kb/tags/6-2/index.html @@ -6,7 +6,7 @@ 2 posts tagged with "6.2" | SSN Docs - + diff --git a/kb/tags/6-3/index.html b/kb/tags/6-3/index.html index ee94c53e97..4a58b5b3da 100644 --- a/kb/tags/6-3/index.html +++ b/kb/tags/6-3/index.html @@ -6,7 +6,7 @@ One post tagged with "6.3" | SSN Docs - + diff --git a/kb/tags/index.html b/kb/tags/index.html index bd3660420f..040a406b99 100644 --- a/kb/tags/index.html +++ b/kb/tags/index.html @@ -6,7 +6,7 @@ Tags | SSN Docs - + diff --git a/kb/tags/ipsec-client-3-6-1/index.html b/kb/tags/ipsec-client-3-6-1/index.html index d44980c92f..41a6c56a5e 100644 --- a/kb/tags/ipsec-client-3-6-1/index.html +++ b/kb/tags/ipsec-client-3-6-1/index.html @@ -6,7 +6,7 @@ One post tagged with "ipsec-client-3.6.1" | SSN Docs - + diff --git a/kb/tags/saltstack-sip-alg/index.html b/kb/tags/saltstack-sip-alg/index.html index 9f4df766c1..0a2b5bcf41 100644 --- a/kb/tags/saltstack-sip-alg/index.html +++ b/kb/tags/saltstack-sip-alg/index.html @@ -6,7 +6,7 @@ One post tagged with "saltstack, sip-alg" | SSN Docs - +