The current LoadMaster Operating System (LMOS) General Availability (GA) release contains the following major new features, not present in the Long Term Support Feature (LTSF) and earlier releases. See the Release Notes for the indicated versions for more information.

7.2.63.1

Security Updates

Many additional bug fixes. Refer to the Release Notes at the link LoadMaster GA Release Notes for the details.

7.2.62.2

  • Security updates
  • Bug fixes

7.2.62.0

  • ModSecurity WAF engine update
  • Bug fixes

7.2.61.1

Security Updates

Fix For CVE-2025-1758

Remote malicious actors can issue a carefully crafted HTTP request to cause a stack-based buffer overflow and potentially execute arbitrary system commands. This vulnerability has been closed by improving buffer management to prevent the execution of malicious code from the stack.

7.2.61.0

Change Notices

  • Version 7.2.60.0 or later required for upgrade
  • Legacy Web Application Firewall (WAF) engine removed
  • GEO: Increased the maximum length of the Source of Authority (SOA) Name Server field

New Features

GEO: Allow CNAME records pointing to domains outside of the FQDN domain

Security Updates

Fix previously delivered in an add-on package:

7.2.60.1

New Features

Ephemeral Port Range Selection

Security Updates

  • Fix for CVE-2024-6658
  • Fix for CVE-2024-7591

7.2.60

New Features

  • ACME Wildcard Certificates and DNS Challenge
  • Per-VS Parameters for Resource Based Adaptive Scheduling (UofB)
  • GEO Process Watchdog

Change Notices

  • Upgrade BIND to version 9.16.25
  • Default for Local Certificate Validation Modified
  • The 'httpOnly' Flag Added to Persistence Cookies
  • Virtual Service API Persistence Reporting Change
  • Single Sign On support for non-standard ports
  • UEFI Boot Support

Security Updates

Removed Weak Ciphers from Best Practices Cipher Set

7.2.59.4

Security Updates

  • Fix for CVE-2024-3543
  • Fix for CVE-2024-3544

7.2.59.3

New Features

UEFI Boot Support

Security Updates

  • Fix for CVE-2024-2448
  • Fix for CVE-2024-2449

7.2.59.2

Security Updates

Fix for CVE-2024-1212

7.2.59.1

Issues Resolved

  • Fix for GEO becoming unresponsive when the Selection Criteria is set to Weighted Round Robin.
  • Fix for GEO segfault when DNS PTR record using configured domain is received.

7.2.59

  • Response Code Modification
  • GEO HTTP HEAD Site Health Checks
  • API Updates for WhatsUp Gold Integration
  • GEO System Information / Debug Page
  • WAF Logging: Splunk HEC Integration

Change Notices

ACME Support for Multiple Service Providers

Security Updates

WAF: ModSecurity Engine Security Update

7.2.58

New Features

  • ACME Support for DigiCert SSL Certificate Management
  • Virtual Service Sorting
  • Virtual Service Filtering
  • Duplicating a Sub Virtual Service (SubVS)
  • Chef Template and Deployment Guide
  • DataDirect Template and Deployment Guide
  • License Mobility

Change Notices

  • GEO: Ignore ECS for Public/Private Decisions
  • WAF PCRE Limit Enhancements
  • Official Support for VMware 7.0 Update 3d

Security Updates

  • Weak Ciphers Removed from FIPS Cipher Set
  • FIPS Mode Cipher Sets Modified to Remove Less Secure Ciphers
  • Local User Certificate Login Behavior Switch

7.2.57

  • GEO: BIND Upgrade and EDNS Client Subnet (ECS) Support
  • GEO: Manage FQDN UI Sorting and Filtering
  • GEO: Increase Limit on IPs per FQDN to 256
  • WAF: UI Updates

Change Notices

  • Kubernetes Ingress Controller (KIC): Support for Kubernetes 1.22
  • WAF: Increased Request Body Size Limit
  • WAF: Order of Rule Processing

Security Updates

WAF: Engine Update for CVE-2021-42717

7.2.56

New Features

TLS 1.3 Cipher Suite Selection

Change Notices

  • SNMPv3 Authentication Updates
  • SSO Domain Configuration Field Character Limit Increased
  • Downgrading on AWS
  • UI Usability Updates

Security Updates

CLI Security Fix (Privilege Escalation)

7.2.55

New Features

  • Support for Newer AWS Machine Types
  • WAF: Clearing the False Positive Analysis Counters and Events
  • WAF: Configurable OWASP POST Body Size
  • WAF: Remote Logging TLS Version
  • GEO: Capacity, Performance, and UI Enhancements

Change Notices

  • SSL Renegotiation Disabled By Default
  • Ciphers Use for Re-encryption
  • Network Telemetry VLAN Enhancement
  • Increased Size Limitation for SSO Custom Form Images
  • RPS Limiting UI Removed for Non-Offloaded HTTPS Port 443 VSs
  • Update OpenSSL to Version 1.1.1k
  • Strict Transport Security Header Settings
  • Single Sign On: SameSite and Secure Options
  • Console Support for WUI Cipher Reset
  • Certificate Chain of Trust for UI Authentication
  • Console Security Update
  • WUI Template Security Update