Fixes For Multiple Vulnerabilities

Fixes for the following security vulnerabilities are included in this release.

Fixes for CVE-2024-56131 / CVE-2024-56132 / CVE-2024-56133 / CVE-2024-56135

Remote malicious actors who gain access to the management interface of the LoadMaster and successfully authenticate could issue a carefully crafted HTTP request that allows arbitrary system commands to be executed. This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands being executed.

Fix for CVE-2024-56134

Remote malicious actors who gain access to the management interface of the LoadMaster and successfully authenticate could issue a carefully crafted HTTP request that allows the content of any file on the system to be downloaded. This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands being executed.

Fix Previously Delivered in an Add-On Package

A fix for the following security vulnerability (previously delivered in an add-on package) is included in this release. If you have previously installed an add-on package to address this vulnerability, you can now safely remove the add-on package with the name matching the CVE number below: