Refer to the following sections for details on the change notices relating to the 7.2.60.0 release.

Upgrade BIND to version 9.16.25

The version of BIND used on the system has been updated from 9.16.24 to version 9.16.25. Refer to the BIND release notes for details about the new features and other notes on this release. The major updates in this release are memory consumption enhancements aimed at restoring performance losses seen in 9.16.24 and earlier 9.16 releases. For more information on this topic, refer to https://kb.isc.org/docs/bind-memory-consumption-explained.

Default for Local Certificate Validation Modified

In previous releases, the default setting of the Certificates & Security > Remote Access > Allow Client Certificate Login Without Locally Installed User Certificate option was enabled to support legacy local client certificate behavior. [Note that this option only appears in the User Interface (UI) if you have Admin Login Method (on the same page) set to one of the client certificate options.]

The legacy behavior is that users logging into the system using a local certificate can continue to use the locally-generated client certificate even after the expiration date of the certificate.

Starting with this release:

  • The default value of the above option is disabled for new deployments – which means that the legacy behavior is not supported by default.
  • On upgrade, the setting for this option on the previous release (if supported in that release) is preserved.

If you have units enabled for local certificate login, we strongly recommend that you disable this option as soon as possible to maintain the strictest security profile for local user logins.

Local certificates can be generated (and re-generated) for each of the defined Local Users on the System Configuration > System Administration > User Administration page.

The 'httpOnly' Flag Added to Persistence Cookies

Cookie-based persistence has been enhanced by adding the httpOnly flag to all cookies generated by the system. This cookie attribute instructs web browsers to not allow scripts to access the cookie and helps prevent session ID stealing through XSS attacks.

Virtual Service API

Modified the way Virtual Service (VS) persistence is reported when set to “none” to be consistent with other parameters. In previous releases, the value was omitted when set to “none”; now it is explicitly reported as “none”.

Single Sign On support for non-standard ports

In previous releases, it was required to make some manual modifications when attempting to enable Single Sign On on a Virtual Service that did not use either port 80 or port 443. Starting with this release, no manual modifications are needed – they are made automatically by the system when SSO is enabled on the Virtual Service.

UEFI Boot Support

Support for the Unified Extensible Firmware Interface (UEFI) has been added. All NG hardware models use this interface.