Build 47.25 includes the following fixes:
-----------------------------------------
1) SSL (Issue ID 20863)
Based on the recent advisory from OpenSSL on SSL V2 Rollback Attack, necessary fixes have been made.
2) SSL (Issue ID 20852)
SSL Optional Client Authentication failed for the TLSv1 protocol. This issue has been resolved.
3) SSL (Issue ID 20803)
SSLv2 Client Authentication failed when the client certificate message was an exact multiple of the cipher block size. This issue has been resolved.
4) System (Issue ID 20849)
A core dump occurred when the "sh ns.conf" command was executed. This issue has been resolved.
5) System (Issue ID 20919)
A core dump occurred when the "show ns.conf -f hierarchical" command was executed. This issue has been resolved.
6) Web Logging (Issue ID 20649)
The Web Logging client on Solaris stopped logging when the size of the log file exceeded 2 GB. This issue has been resolved.
Build 47.24 includes the following fixes:
-----------------------------------------
1) Compression (Issue ID 20466)
When a policy used an expression that was ANDed/ORed to itself, the system went into a loop.
Eg: -
add policy expression ms_excel_files "REQ.HTTP.URL == /*.xls"
add cmp policy cmp1 -rule "ms_excel_files||ms_excel_files" -resaction compress
OR
add policy expression ms_excel_files "REQ.HTTP.URL == /*.xls"
add cmp policy cmp1 -rule "ms_excel_files&&ms_excel_files" -resaction compress
This issue has been resolved.
2) Compression (Issue ID 20164)
When the in-built compression policies (ns_cmp_msapp, ns_cmp_mscss, and ns_nocmp_mozilla_47) were disabled, compression stopped working even though the default compression policy (ns_cmp_content_type) was enabled. This issue has been resolved.
3) Compression (Issue ID 20163)
Memory corruption occurred when the 4 default compression policies were disabled and another custom compression policy was bound globally to the vserver. This issue has been resolved.
4) Compression (Issue ID 20626)
An internal memory overwrite problem occurred while de-chunking 'chunked' response in Compression. This issue has been resolved.
5) DNS (Issue ID 20139)
Non-A records were not forwarded to services in the DNS proxy configuration when an A record was configured on the system. This issue has been resolved.
6) High Availability (Issue ID 18070)
Earlier, command propagation between nodes in an HA pair could not be selectively disabled. A new option, -haprop ENABLED|DISABLED, has been added to the set node command. The usage of this option is as follows: set node -haprop ENABLED|DISABLED".
7) Load Balancing (Issue ID 20198)
Uneven load balancing was observed when the Use Source IP mode was enabled on services and some of the IP addresses were blocked at the backend. This issue has been resolved
8) Load Balancing (Issue ID 20719)
The state of the first service in the list of services bound to a vserver is not being considered during load balancing. This is resulting in diverting traffic to a down service. The fix has been added to consider the state of the first service also before sending traffic to it.
9) Networking (Issue ID 20699)
Earlier, USNIP was not enabled by default and at least one MIP was required for the system to come up. This requirement has been removed. In addition, if MIPs do not exist, the system uses the SNIP.
10) SSL VPN (Issue ID 20777)
The SSL VPN client security string can be used to check for McAfee Antivirus version 10.
11) SSL VPN (Issue ID 20338)
If the IP address, which was used to define an access control list (ACL), was configured incorrectly, the system became unstable. This issue has been resolved.
12) SSL VPN (Issue ID 20609)
When a http server is configured as a tcp service, accessing the configured service via an LB vserver and SSLVPN vserver simultaneously will crash the system. This issue has been fixed.
13) SSL VPN (Issue ID 20628 )
When a header-related filter action was removed, the SSL VPN functionality was adversely affected. For example, a few new TCP connections were not established. This issue has been resolved.
14) Web Logging (Issue ID 20744)
The Web Logging client, on Windows, stopped working when the host name exceeded 199 bytes. This issue has been resolved.
15) Web Logging (Issue ID 20649 )
The Web Logging client on Linux stopped logging when the size of the log file exceeded 2 GB. This issue has been resolved.
16) Web Logging (Issue ID 20668 )
The Web Logging client, on Windows, crashed when the host name was very long. This issue has been resolved.
17) Content Switching (Issue ID 20326 )
The problem of si_Cur_Client counter going negative for an LB vserver on CSW scenario has been fixed.
Build 47.19 includes the following fixes:
-----------------------------------------
1) Base (Issue ID 20052)
For high values of the "Congestion Window", packets transmitted by the NetScaler system were lost. This issue has been resolved.
2) Base (Issue ID 19763)
Packets with fragmented TCP headers were bypassed by ACLs. This issue has been resolved.
3) Base (Issue ID 19980)
When TCP SYN packets with fake data offsets were received, memory was allocated for such malicious packets. Although the packets were subsequently discarded, the memory that was allocated to the packets was not freed up. This issue has been resolved.
4) Compression (Issue ID 19706)
HTTP Chunked responses were generated with HTTP/1.0 when the server sent mixed HTTP/1.1 and HTTP/1.0 responses. This issue has been resolved.
5) Installation and Packaging (Issue ID 19749)
The error "No Valid NetScaler Version Detected" was displayed when the installation script installns was executed while downgrading from release 6.1 to 6.0. This issue has been resolved.
6) Integrated Caching (Issue ID 20087)
When Age header is present in the response from the server and relative expiry is set on the contentgroup, the Age header is also taken into account. This issue has been resolved.
7) Load Balancing (Issue ID 17869)
Under low-load conditions, the first service (the first service that has the least load) in a list of configured services would invariably be selected as all the services would virtually have the same load. This issue has been resolved.
8) NetScaler Configuration Utility (Issue ID 20034)
In the "System > Global Settings > GUI Settings" pane, clicking anywhere on the right side of the "Show non-licensed nodes" check box toggled it. This issue has been resolved.
9) NetScaler Configuration Utility (Issue ID 16745)
In the "Static Database" tab under the "GSLB>Location" node, when a new entry was added, it was displayed in a new row thus giving an impression that more than one custom database file was present. This issue has been resolved.
10) SSL VPN (Issue ID 18908)
If on a particular connection at one point of time, we were incapable of doing SSO and at a later point of time we are capable of doing SSO, then the SSO module should identify this condition and handle it properly.
11) SSL VPN (Issue ID 19930)
For invalid WINS response, Netscaler data structure was not freed which resulted into resource leak. This issue has been fixed.
Build 47.18 includes the following fixes:
-----------------------------------------
1) Base (Issue ID 19115)
If the First packet of a TCP connection that is SYN itself arrives as two fragments to NetScaler, (In this case it was two fragments of TCP header size 16 bytes and 4 bytes respectively), NetScaler is not properly assembling the packet, and an incorrect packet (due to reassembly error) is sent to the upper layers, so a TCP RESET used to come from the upper layers. This has been fixed.
2) Base (Issue ID 19522)
For each metric exchange connection opened, one Netscaler data structure (NSB) was not freed which resulted into resource leak. This issue has been resolved.
3) GSLB (Issue ID 19422)
When packets arrived as fragments, the NetScaler system tried to free a data structure (NSB) that had already been freed. This issue has been resolved.
4) GUI (Issue ID 19152)
A field named Scope has been added to the Add CRL and Modify CRL dialog boxes. This value specifies the scope of the search operation to be carried out on the LDAP server. This enhancement is aimed at improving the LDAP CRL refresh functionality.
5) Integrated Caching (Issue ID 19820)
By default, presence of the Vary header (with anything other than Accept-encoding) in the response makes it uncacheable. But with a request/response cache policy this behavior can be overridden.
6) Load Balancing (Issue ID 16794)
In the inline mode, the NetScaler system processed packets received on services that were DOWN. This issue has been resolved.
7) Load Balancing (Issue ID 19709)
URL based rule persistency is broken if more than one request is received on the same connection. This issue has been resolved.
8) Load Balancing (Issue ID 18740)
The stat lb vserver <vservername> command listed services that were not bound to the vserver. This issue has been resolved.
9) Load Balancing (Issue ID 19348)
Pipelined DNS requests were not supported. Support for the Sessionless Load Balancing feature has been added to resolve the issue.
10) Load Balancing (Issue ID 19440)
This fix introduces a nsapimgr configuration option, which can be used to prevent probing the server while Netscaler performs RNAT operation.
By default, Netscaler will probe the server while performing the RNAT operation and proxy the TCP connections.
When this option is set to zero , Netscaler doesn't probe the server and doesn't proxy the TCP connection (except FTP), instead it performs simple NAT and forwards the packets.
nsapimgr -ys rnat_tcpproxy=0
11) Logging (Issue ID 19583)
When the Weblog client was terminated by pressing the Ctrl+C (SIGINT) keys, it used to exit gracefully but did not flush the last transactions that were in its buffer (nswl log buffer). This issue has been resolved.
12) Networking (Issue ID 18700)
In a Link Aggregation setup, when the Primary and Secondary nodes were rebooted in quick succession, the node coming up second would occasionally takes over as the Primary node. This issue has been resolved.
13) Networking (Issue ID 18767)
In a High Availability configuration, Link Aggregation commands were being propagated to the peer node. This issue has been resolved.
14) Networking (Issue ID 19724)
For certain values of vserver IPs the vserver IP address could not be used as a NAT IP. This issue has been solved.
15) Networking (Issue ID 19823)
In a High Availability setup, both the nodes claimed to be the Primary node and displayed the state of the peer node as "Unknown". This issue has been resolved.
16) Networking (Issue ID 19520)
Route advertisements were not being buffered which could have resulted in routes being lost. This issue has been resolved.
17)Networking (Issue ID 19822)
A crash was observed in Free BSD when sessions originated from BSD, which were using a cloned route entry added via the -advertise option to FBSD, were deleted. This issue has been resolved.
18) SSL FIPS (Issue ID 19033)
When the "set fips" command was executed on a live NetScaler system, the HSM went into an erroneous mode. After the reconfiguration, the Web page represented by an SSL vserver was not displayed. Instead, a "Page cannot be displayed" error message was displayed. This issue has been resolved.
19) SSL FIPS (Issue ID 19599)
The output of the "show ssl fips" command contained a spelling error where "Total" was incorrectly spelt as "Toal". This issue has been resolved.
20) SSL (Issue ID 18363)
While downloading large files (~100 MB) the SSL transaction stalls/fails if the DES/3DES (high secure) cipher suite is used. However, the SSL transaction succeeds when the DEFAULT (RC4 being negotiated) group of ciphers is used. This issue has been resolved.
21) SSL (Issue ID 19407)
When the refresh functionality is first disabled and then enabled on a CRL that has been configured with the LDAP method, the refresh status is successful. However, when the parameters of the CRL are displayed using the "show CRL" command, the IP address and port values of the server are displayed as zero. This issue has been resolved.
Build 47.17 includes the following fixes:
-----------------------------------------
1) Base (Issue ID 18509)
An option has been added that allows the user to set the NetScaler system to send an ACK for every packet received instead of the standard procedure of sending an ACK for every alternate packet.
2) Base (Issue ID 15742)
Under some conditions, the traffic rate pattern did not exactly match the rates mentioned in the surge protection table. This issue has been resolved.
3) Base (Issue ID 17499)
The SSL VPN Wizard created a DNS vserver without a method name. This issue has been resolved.
4) Cache (Issue ID 19218)
A crash was observed when nscachemgr was executed when Integrated Cache was disabled. This issue has been resolved.
5) Cache (Issue ID 18825)
Executing the "set cache parameter -memLimit 0" command and then rebooting resets memLimit to the default value. This issue has been resolved.
6) Compression (Issue ID 19392)
The number of expressions that could be created was limited to 1024. This resulted in a limit on the number of policies. This limit, on the number of expressions, has been removed.
7) Compression (Issue ID 15145)
The counters Bytes In and Bytes Out that are displayed in output of the "show cmp policy <policyname>" and "show tunnel trafficpolicy <policyname>" commands could not display values greater than 1GB. If the policy processed more than 1 GB of data, the values of the counters turned negative. As a result, the values of other counters such as Bandwidth saving and Ratio turned negative. This issue has been resolved.
8) Content Switching (Issue ID 19278)
When a URL-based content switching policy, with only "/" in the URL, was bound to a content switching vserver, it could not be unbound from the vserver. Consequently, the policy could not be removed either. This issue has been resolved.
9) DNS (Issue ID 18394)
The NetScaler system responds with a NXDOMAIN for a query of type AAAA, even when an A record exists for the domain name in the query. This issue has been resolved.
10) GUI (Issue ID 18996)
In the Create Map Policy dialog box, when the user entered data and clicked the Create button, both the Create and Close buttons were disabled and the user was unable to close the dialog box. This issue has been resolved.
11) Hardware (Issue ID 19082)
For NetScaler models 9950 and FIPS builds prior to 47.17, the interfaces were incorrectly labelled on the front panel. This issue has been resolved.
12) Hardware (Issue ID 19082)
For NetScaler models 9950 and FIPS builds prior to 47.17, the interfaces were incorrectly labelled on the front panel. This issue has been resolved.
13) Load Balancing (Issue ID 16636)
With Load Balancing (Cookie Persistence) and Integrated Caching enabled, cookies inserted in the responses were stored in the cache. These cookies were then served out to all cache hits resulting in the failure of cookie-based persistence. This issue has been resolved.
14) SSL (Issue ID 19001)
A new argument, "-scope", has been added to the "add ssl crl" and "set ssl crl" commands. The possible values of the argument are "one" (default) and "base".
The purpose of this argument is to enable the user to specify the extent of the search operation on the LDAP server during a CRL refresh.
15) SSL (Issue ID 19096)
When a cipher ORD operation was performed on a non exiting cipher/group, all the existing ciphers in the vserver list were cleared. This issue has been resolved.
16) SSL VPN Java Client (Issue ID 18927)
SSLVPN Java Client did not automatically update the proxy settings of the Safari browser on MacOSX 10.3.9 and MacOSX10.4 versions. As a result, remote users were unable to access resources on a private network via the SSL VPN. This issue has been resolved.
17) SSL VPN (Issue ID 17093)
When the SSL VPN was configured with an inbound SSL proxy, it could not handle https requests. This issue has been resolved.
18) SSL FIPS (Issue ID 19452)
Binding a non existing cipher or cipher group to an SSL vserver on a NetScaler FIPS system enabled all the FIPS/non-FIPS (not certified by NIST) ciphers on the system. This issue has been resolved.
19) SSL VPN (Issue ID 18826)
The NetScaler SSL VPN Agent was not activated when an ISA forward proxy was configured on the browser that was used to access the VPN. This issue has been resolved.
Build 47.15 includes the following fixes:
----------------------------------------
1) System (Issue ID 18446)
Under some cases keepalive probes from the server can tie up memory (pcbs) on NetScaler, even after the client is gone.
2) System (Issue ID 18509)
Enhancement to provide an option to immediately ACK every packet.
3) System (Issue ID 18153)
The TCP port 21 showed up during security scans. This issue has been resolved.
4) System (Issue ID 17870)
Internal service-to-vserver connection with RNAT/USIP uses the correct IP only on the first request but not on subsequent requests. This issue has been resolved.
5) CLI (Issue ID 17114)
The show server or service commands have been enhanced to display all entities bound to the particular server or service.
6) Compression (Issue ID 18873)
NetScaler sometimes generates a compressed response for a client request without 'Accept-Encoding' header. This issue has been resolved.
7) GUI (Issue ID 17826)
Content Switching virtual servers configured on port 80 could not be accessed with JRE version 1.5.x on the NetScaler GUI. This issue has been resolved.
8) GUI (Issue ID 18674)
When a user created a VLAN with invalid parameters, the error message, "No Such Command," was displayed. This issue has been resolved.
9) GUI (Issue ID 18675)
The SERVICE-MAXCLIENTS alarm was not displayed in the NetScaler Configuration Utility. This issue has been resolved.
10) GUI (Issue ID 18711)
When the user tried to modify/delete an interface using the Modify Channel dialog box, an empty error window was displayed and no action was taken. This issue has been resolved.
11) GUI (Issue ID 18713)
The Add VLAN dialog box displayed a list of all interfaces including the ones that had already been bound to a Link Aggregation channel. This issue has been resolved.
12) High Availability (Issue ID 18537)
Some parts of the routing configuration were being lost the peer node in an HA pair was unavailable. This issue has been resolved.
13) High Availability (Issue ID 18358)
The secondary node state was sometimes incorrectly shown as UNKNOWN/DOWN even when the secondary was up. This issue has been resolved.
14) High Availability (Issue ID 17574)
Must reboot secondary NetScaler in order to recover from 'sync failure' state. This issue has been resolved.
15) High Availability (Issue ID 18383)
The show node command did not display the HA status of the 0/1 interface. This issue has been resolved.
16) Integrated Cache (Issue ID 18359)
Error responses like 401 were being cached and displayed to all clients because policies were not evaluated every time. This issue has been resolved.
17) Integrated Cache (Issue ID 18685)
Certain POST requests were being corrupted by NetScaler before being forwarded to the server thus making them invalid. This issue has been resolved.
18) Load Balancing (Issue ID 17357)
The NetScaler system log will be updated if the limit on the maximum number of clients has been reached. There is also an SNMP trap provided for the same.
19) Load Balancing (Issue ID 18648)
When an HTTP monitor was created with the transparent option, the values of other parameters were set to "0" or null. This issue has been resolved.
20) Load Balancing (Issue ID 17537)
The persistence timeout value was working for a maximum of 12 minutes for rule persistence. This issue has been resolved now.
21) Load Balancing (Issue ID 18667)
During synchronization, the synchronization state does not change and was constantly displayed as "in progress". This issue has been resolved.
22) Network (Issue ID 18520)
When multiple DHCPRA services were bound to a NetScaler VIP, DHCP requests were sent only to the first DHCP service that was bound. This issue has been resolved.
23) Network (Issue ID 17649)
There may be interoperability issues due to imprecision in the RPCs governing gratuitous ARP requirements. This issue has been resolved now.
24) Network (Issue ID 16944)
For UDP packets, incremental checksum is not handling incoming zero checksum. This issue has been resolved.
25) Network (Issue ID 18211)
A rare crash was observed when RNAT and LLB were simultaneously configured on the NetScaler system. This issue has been resolved.
26) Network (Issue ID 17871)
The performance of the NetScaler system, especially SSL VPN, was reduced when a DENY ACL with the loopback IP address(127.0.0.1) as the destination IP address was created and applied. This issue has been resolved.
27) Network (Issue ID 17629)
Certain DENY ACLs disabled local authentication on the NetScaler system. This issue has been resolved.
28) Network (Issue ID 18751)
ARP sourceip is wrong a /32 host route is configured for a directly connected SNIP server. This issue has been resolved.
29) SNMP (Issue ID 15744)
The NetScaler system variables sysName, sysLocation, and sysContact, configured using the set snmp mib command, were propagated to the secondary during failover. Being system-specific configurations, these values are unique to each system and must not be propagated to the secondary. This issue has been resolved.
30) SNMP (Issue ID 17958)
Increase in the NetScaler system memory usage was seen when SNMP traps were added with mixed versions. This issue has been resolved.
31) SNMP (Issue ID 16995)
Some SNMP traps were not being sent for HA events like a failover. This issue has been resolved.
32) SNMP (Issue ID 18687)
The NetScaler system crashed while retrieving the OID serviceEntry.svcGslbSiteName for a GSLB service that did not have a GSLB site. This issue has been resolved.
33) SSL (Issue ID 18513)
The limit on the size of CRLs has been raised to 8 MB.
34) SSL (Issue ID 17294)
A rare crash was observed when the unbind certkey command was executed. This issue has been resolved.
35) SSL (Issue ID 18851)
CRL refresh failed when the base domain name contained white spaces. This issue has been resolved.
36) SSL VPN (Issue ID 17248)
The NetScaler system crashed under some circumstances when an attempt to delete a VPN virtual server was made. This issue has been resolved.
37) SSL VPN (Issue ID 17868)
The NetScaler SSL VPN client does not update the browser proxy automatically on Mac OS X version 10.4. The user needs to update the proxy manually. This issue has been resolved.
38) SSL VPN (Issue ID 18722)
A client certificate, bound to the client browser, was flagged as valid (certificate is accepted) even though the corresponding CA certificate was not bound to the SSL vserver. This issue has been resolved.
39) Web Logging (Issue ID 18313)
The NetScaler Web logging client was not able to log redirect URL requests. This issue has been resolved.
By default this feature is disabled.
To log messages like redirect url, service unavailable, etc:
1. Enable Weblogging (enable feature wl)
2. To enable the logging of HTTP error messages:
/netscaler/nsapimgr -ys log_httperr_messages=1
3. To disable the logging of HTTP error messages:
/netscaler/nsapimgr -ys log_httperr_messages=0
40) Web Logging (Issue ID 18074)
A tool for logging NetScaler system messages on the Mac OS X has been provided with the 6.0 release.
Build 47.11 includes the following fixes:
----------------------------------------
1) API (Issue ID 17571)
Some errors in processing XML-API requests resulted in a loss of connection. This caused subsequent requests to encounter the errors 'Not logged in' or 'connection time out'. This issue has been resolved.
2) Base (Issue ID 17225)
When a NAT IP was deleted the RNAT entry would get deleted. However, the NetScaler system would continue to perform NAT on traffic using the Mapped IP address as the NAT IP. This issue has been resolved.
3) Base (Issue ID 17197)
When the USIP mode was enabled, the NetScaler system did not support more than 64,000 concurrent connections for the HTTP protocol. This issue has been resolved.
4) Base (Issue ID 18093)
Security Alert FreeBSD-SA-05:04.ifconf has been identified as relevant to our system and we have applied the appropriate patch.
5) Base (Issue ID 17647)
Security Alert FreeBSD-SA-05:01.telnet has been identified as relevant to our system and we have applied the appropriate patch.
6) Integrated Caching (Issue ID 18102)
Certain POST requests caused the NetScaler system to crash. This issue has been resolved.
7) NetScaler Configuration Utility (Issue ID 17689)
While adding a certificate via the NetScaler Configuration Utility, if the key file name was not specified, the key file name shown in the previous row was displayed. This issue has been resolved.
8) NSCLI (Issue ID 16924)
A problem, which caused the nscli process to take up 90 to 100 percent of CPU time, has been resolved.
9) SSL VPN (Issue ID 18101)
If the SSL VPN session was terminated by some means other than by explicitly clicking the Logout button on the NetScaler Secure Remote Access window, the sessions on the NetScaler system would not be terminated. Several such actions would lead to the number of sessions reaching the maximum concurrent user limit as per the license obtained. Once the limit was reached, other login attempts were denied. This issue has been resolved.
10) SSL, TCP Buffering (Issue ID 17356)
If the cihperURL string, configured for the SSL cipher redirect feature, was exactly 32, 64, or 128 bytes long, the NetScaler system used to hang or crash. This issue has been resolved.
11) Base (Issue ID 17478)
NS data packet Buffers(NSB) are lost while aborting a server connection on receiving a bad incomplete HTTP response header. This issue has been resolved.
12) Compression (Issue ID 17660)
The NetScaler system did not compress all compressible content. This issue has been resolved.
13) Global Server Load Balancing (Issue ID 17609)
Queries to cached/ADNS DNS MX record were not returned properly due to the improper creation of MX response records. This issue has been resolved.
14) Integrated Caching (Issue ID 17659)
With the Integrated Cache feature enabled, an HTTP POST request large enough to
span multiple packets and body size greater than 64 kilobytes would cause a crash. This issue has been resolved.
15) Integrated Caching (Issue ID 17549)
The Netscaler system did not insert the appropriate Expires headers when forwarding responses from the back end servers to the clients. This issue has been resolved.
16) Integrated Caching (Issue ID 17686)
Client cleanup was delayed due to the incorrect value of the Content-Length header. This issue has been resolved.
17) Integrated Caching (Issue ID 17600)
The following issues pertaining to cachable POST requests used to cause the NetScaler system to crash:
i) POST requests with zero length
ii) POST requests with headers spanning multiple packets and huge body sizes
These issues have been resolved.
18) Integrated Caching (Issue ID 16971)
With piped requests, the HTTP module used to enter an incorrect state. This issue has been resolved.
19) SSL Offloading (Issue ID 17475)
Back end encryption used to fail when Export ciphers were used with IIS servers. This issue has been resolved.
Build 47.11 includes the following enhancements:
-----------------------------------------------
1) Base (Issue ID 17197) - USIP Enhancement
When the USIP mode was enabled, the NetScaler system did not support more than 64,000 concurrent connections for the HTTP protocol. This issue has been resolved.
For details, refer to the Use Source IP Mode section (13.4.2.2) of the ICG.
2) Integrated Caching (Issue ID 17852) - Enhanced Show Cache Object Command
The show cache object command has been enhanced to display eight additional attributes of a cached object. The additional attributes are displayed as follows.
# Content is gzip compressed
# Content is deflate compressed
# HTTP version in response
# Weak etag present in response
# Negative marker cell
# Auto poll every time
# Netscaler Etag inserted in response
# Full response present in cache
For details, refer to the Command Reference Guide.
3) SSL Offloading (Issue ID 16881) - SSL Port Rewrite
The SSL Redirect feature has been enhanced to redirect clients based on the port on which the request was received.
For details, refer to the SSL Port Rewrite section (7.15.11) of the ICG.
Build 47.8 includes the following fixes:
----------------------------------------
1) SSL VPN (Issue ID 17252)
Auto force cleanup did not clear the browser history during a SSL VPN session. This issue has been resolved.
2) Load Balancing (Issue ID 17256)
The memory pool could not support more than 250K Load Balancing session entries. This issue has been resolved.
3) SSL VPN (Issue ID 16737)
The SSL VPN client's "File Transfer" utility did not support access to shared resources which had a few special characters. This issue has been resolved.
4) Base (Issue ID 17196)
A NetScaler resource leak was noticed when an idle SSL connection timed out during the SSL handshake phase. This issue has been resolved.
5) Cache (Issue ID 17431)
For a content group, the currently used memory issue has been resolved.
6) Cache (Issue ID 17450)
Caching would not work when the NetScaler system inserted a HTTP header in the response. This issue has been resolved.
7) CLI (Issue ID 17246)
The XML Soap server used to hang after executing the reboot or the login (with null password) command from a SOAP client. This issue has been resolved.
8) XML API (Issue ID 17401)
The XML API used to bypass system policies created with the Roles Based Administration feature. As a result, a user with a read-only account could perform all configuration tasks. This issue has been resolved.
9) Load Balancing (Issue ID 17443)
The Spillover vserver feature did not work for Load Balancing vservers that were bound to Content Switching vservers. This issue has been resolved.
10) Cache (Issue ID 17491)
The client used to hang when it issued a request before the last response had arrived. This issue has been resolved.
11) AAA (Issue ID 17322)
The secondary unit in a high availability pair could not be accessed via RADIUS authentication. This issue has been resolved.
12) Layer 3 (Issue ID 17480)
When the OSPF DR failed and the route to a destination was configured through the BDR, the backup route (via BDR) took 30 minutes to come up. This issue has been resolved.
13) SSL VPN (Issue ID 17172)
The WINS lookup failed through the SSL VPN when the namelookup priority was set to DNS and the host name contained an "underscore". This issue has been resolved.
Build 47.8 includes the following enhancements:
-----------------------------------------------
1) Base (Issue ID 17588)
A URL of the form: (.*?)/(.*?)/(0|1),name1,value1,name2,value2,…,nameN,valueN,(0|00).(.*?) can be transformed to the form: prefix.suffix?name1=value1&name2=value2 and so on.
The prefix can have any number of slashes.
2) SNMP, SSL (Issue ID 17376)
The user can now track the current SSL session through the sslCurSessions OID.
Build 47.7 includes the following fixes:
----------------------------------------
1) Cache (Issue ID 16878)
The NetScaler system used to crash when operated for extended periods at a low cache memory limit of 5 MB. This issue has been resolved.
2) Cache (Issue ID 16819)
A single cache policy can now be used to invalidate multiple groups.
3) Cache (Issue ID 16865)
Parameterized invalidation used to cause object duplication. This issue has been resolved.
4) SSL VPN (Issue ID 16935)
When a user with restricted access on a Windows XP computer tried to access NetScaler's SSL VPN, the 1007 error was displayed. This issue has been resolved.
5) LB (Issue ID 16902)
A monitor with the destination IP address set to the loopback IP address (127.0.0.1) used to fail. This issue has been resolved.
6) API (Issue ID 16797)
Generation of Java classes from the NSConfig.wsdl file used to fail. This issue has been resolved.
7) Base (Issue ID 16957)
When using the SSL bridge feature, the NetScaler system crashed when the client sent a server hello instead of the expected client hello. This issue has been resolved.
8) SSL VPN (Issue ID 16941)
When multiple authentication types were set on a proxy, the NetScaler SSL VPN plug-in would not connect properly. This issue has been resolved.
9) SNMP (Issue ID 14509)
The user can now enable or disable an administrator configured service (as configured by the add service command) via SNMP.
10) SSL VPN (Issue ID 16493)
Invalid POST HTTP requests with a negative Content-Length field used to cause the SSL VPN daemon (nsvpnd) to crash. This issue has been resolved.
11) SSL VPN (Issue ID 16961)
The 'set vpn param' homepage option had a bug manifesting when a longer homepage URL was configured and later changing it to a smaller URL would result in a corrupted homepage string due to a string copy error. This issue has been resolved.
12) Base (Issue ID 16750)
The NetScaler system used to crash when an RNAT session used to be created for 'otherip' traffic. This issue has been resolved.
13) GUI (Issue ID 16908)
Prior to this build, erasing the Home Page link from SSL VPN Global Settings field did not unset the homepage. This issue has been resolved.
14) Base (Issue ID 16597)
Zombie cleanup used to prevent the servers from coming UP. This issue has been resolved now.
15) CMP (Issue ID 17001)
TCP compression did not work when compression was done on Quantum. This issue has been resolved.
16) CPE, GUI, and NSCLI (Issue ID 16916)
When booted up with the fiber interface connected, the NetScaler system used to come up smoothly, but hang soon after. In addition, the NetScaler system would not support console access and PING support. When booted up without the fiber interface connected, the NetScaler system would come up smoothly. However, it would hang soon after the fiber interface was connected. As in the previous case, the NetScaler system would not support console access and PING support. This issue has been resolved.
17) Cache (Issue ID 17070)
The stat cache command used to display incorrect Parametrized Hit Count values. Parameteric hits used to be shown to be going up even when there were no parameterized groups. This issue has been resolved.
18) Installation & Packaging (Issue ID 15984)
The installns script use to support the -y option. This option causes the system to reboot after the installation process. This issued has been resolved.
19) Logging (Issue ID 16950)
Prior to this build, the Solaris platform did not accept an NSWL password that had more than 8 characters. This issue has been resolved.
20) Failover (Issue ID 17088)
The cache control directives PRIVATE and MAX-AGE could not be set simultaneously using the -cacheControl option of the set cache contentgroup command. This issue has been resolved.
21) SSL VPN (Issue ID 16952)
The NetScaler system crashed when an authorization group was removed while it was a configured "authorizationGroup" as part of a 'vpn sessionaction' or in 'vpn parameter'. This issue has been resolved.
22) GUI (Issue ID 17010)
Removing a VIP used to cause an exception to be thrown. This issue has been resolved.
23) RBA (Issue ID 17111)
When the 'add service' or 'add gslb service'command is issued by a user other than nsroot. The 'add (gslb) service' command will terminate with "ERROR: Permission denied"; further commands in that same login session will see either the same message or no output at all, and the commands will not take effect.This issue has been resolved.
24) SSL VPN (Issue ID 17136)
The SSL-TCP connection that was dedicated to tunnel UDP packets used to close after 30 minutes of inactivity instead of session timeout time. This issue has been resolved.
25) SSL VPN Java (Issue ID 16463)
The SSL VPN plug-in for Mac did not reflect the status of the SSL VPN session when the session ceased to exist. This issue has been resolved.
26) Base (Issue ID 13434)
The NetScaler system crashed while processing an RPC connection HTTP request. This issue has been resolved.
27) SSL VPN (Issue ID 16737)
The SSL VPN client's "File Transfer" utility did not support access to shared resources which had a few special characters. This issue has been resolved.
28) SSL VPN (Issue ID 17240)
The client-side security or end-point check functionality, run by the Windows SSL VPN plug-in, can now detect a client machine that runs specific Windows XP Service Packs.
29) SSL VPN (Issue ID 17244)
After configuring two authentication policies with different length names, binding the long name first created a string copy error where the second policy name was concatenated with characters from the first longer name. This led to AAA authentication failure. This issue has been resolved.
Build 47.7 includes the following enhancements:
-----------------------------------------------
1) SSL VPN (Issue ID 16284)
Transfer login feature to overcome single session restriction when using Intranet IP.
2) SSL VPN (Issue ID 10432)
Server Initiated Connections(TCP only, with Plugin-to-Plugin) support for SSL VPN
3) SSL VPN (Issue ID 17050)
The NetScaler system has been enhanced to check for the presence of specific registry values on the client machine.
Build 47.3 includes the following fixes:
----------------------------------------
1) SSL VPN (Issue ID 15224)
When you try to connect to a NetScaler SSL VPN using a Macintosh client, you are not prompted with the system administrator password dialog box and the connection to the SSLVPN may fail. This is usually caused by missing NetScaler Macintosh components on the client Macintosh - which normally get downloaded from the NetScaler This issue has been resolved.
2) SSL VPN (Issue ID 15719)
The NetScaler SSL VPN previously did not support McAfee Virus Scan Enterprise antivirus in its ActiveX client. Support for the same has been added.
3) SSL VPN (Issue ID 15805)
Multiple lines of UDP data was not being sent across the NetScaler SSL VPN correctly. This issue has been resolved.
4) SSL VPN (Issue ID 15982)
Under certain conditions, error code 1008 would be displayed while during the NetScaler SSL VPN login. This issue has been resolved.
5) Failover (Issue ID 16487)
During an upgrade of a HA pair, the secondary would not take over while the primary was being restarted. This issue has been resolved.
6) Dashboard (Issue ID 16563)
Under conditions of heavy traffic on the NetScaler, the plot points in the HTTP Get Requests graph on the GUI NetScaler Statistical Utility (Dashboard) were not being displayed. This issue has been resolved.
7) Layer3 (Issue ID 16571)
While removing a route which has advertising enabled, the NetScaler used to crash. This issue has been resolved.
8) NSCLI (Issue ID 16631)
XML API samples are not working because of mismatch in server response and response defined in WSDL. This issue has been resolved.
9) Drivers (Issue ID 16643)
When the command 'bind vlan 888 LA/2' was added to a configuration, the system was incorrectly tagging incoming traffic. This issue has been resolved.
10) SSL VPN (Issue ID 16695)
Data corruption was seen when the Cipher suite HIGH was bound to the SSL VPN VIP on the NetScaler for services accessed through the SSL VPN. This issue has been resolved.
11) Layer3 (Issue ID 16769)
The connection from a RNAT server to a backend server, via a VIP, used to be added to the connection reuse pool. Due to this fact external clients can reuse these connections to connect to the backend servers via the same VIP. Reuse of such (RNAT specific) connections can be disabled by issuing an nsapimgr command. (/etc/nsapimgr -B “w ns_http_noreuse 1”).
12) Layer3 (Issue ID 16850)
Dynamic routing on the NetScaler VLAN was not working properly due to issues in DHCP. This issue has been resolved.
13) LB (Issue ID 16885)
Uneven distribution of load on the backend servers seen when 'least connections' is used as the LB method. This issue has been resolved.
14) GUI (Issue ID 8903)
There was inconsistency seen across the GUI help files with regard to naming conventions and links. A new help system is now present in 6.0.
15) Other (Issue ID 12594)
The size of the Apache log file has now been limited.
