0 Replies Latest reply on Apr 28, 2010 7:38 PM by rsteven2

    4.0.7 is released

      The 4.0.7 maintenance release is now available.

      I've included a summary of the changes below.






      14910 L2TP enhancement      
            Enhance the L2TP support to handle NAT-Traversal and
            Windows/Mac/iPhone users.

      14936 Reflexted XSS problem      

            Remove a cross site scripting vulnerability with the web

      14959 DPD can take down a live connection      

            Under some unusual conditions,  DPD (dead peer detection) would
            restart a functional IPsec tunnel.

      14981 ipsec failover problems      

            Fix various IPsec routing issues which were causing packets for
            individual hosts to be held once the tunnel was established.

      14992 ifmond default route race with firewall      

            A race condition between firewall and ipsec has been removed
            prevented unneeded tunnels restarts.

      14993 IPSec ipcomp can run units out of memory      
            IPsec tunnels running IP compression with high data loads on low
            resource devices will no longer run out of memory and hang or reboot.

      14994 Update ssh/openssl packages

            Update of openssh and openssl to address CVE-2009-3245,
            CVE-2008-1678, CVE-2009-1378, CVE-2009-1377, CVE-2009-1379.

      14999 Export restrictions refresh for affected units      

            Review of export restriction settings across all devices.

      15001 Update openssl to fix CVE-2010-0740.      

            New version of openssl that fixes CVE-2010-0740.

      15004 ifmond %defaultroute is broken with multiple default routes      

            IPsec tunnels using the default route will now select the right device
            for the tunnel,  utilising the preferred gateway if set.

      15005 nflogd failing to parse family      

            nflogd will now display the IPv4 field of a packet correctly on all

      13796 Trusted Source doesn't create an ACCEPT rule for Internet aliases

            Aliases on WAN/Internet inetrfaces now have suitable ACCEPT rules

      14862 netflash doesn't complain on full USB devices

            USB based devices now limited the space used by firmware updates
            and fail gracefully if there is insufficient space on the USB device.

      14955 Failover default test description

            Updated to something more meaningful

      14916 SG560D: We don't support Annex B, so remove it from the GUI

            SG560D: We don't support Annex B, so remove it from the GUI

      14962 kernel oops on held packets for ipsec tunnels

            Fixed a crash when packets were held on a tunnel that is down.
            The crash would happen when the tunnel came back up and retransmitted
            the held packet.