BIG-IP 10.2.1 Build 496.0 HF2 がリリースされています。新機能の追加は無く、安定性の向上を目的としたリリースのようです。以下はリリースノートから抜粋した Hotfix の内容です。
Hot Fix Release Information¶
| ID Number | Description |
|---|---|
| 222455 | TMM will now queue more than one packet for a given destination when there is a pending neighbor ARP request. The default depth is 4 packets, and can be configured by adding the bigdb variable 'tmm.nbr.pbqlen' |
| 226423 | The Access Policy Manager's active sessions graph no longer erroneously reports a maximum value for times when active sessions exist and a failover event occurs. |
| 339951 | The Access Policy Manager now includes body in HTTP 404 Not Found error codes returned as a result of clients trying to access URIs that they are not authorized for. The message in the body for these errors is configurable and is part of the 'logout' group. This error page is cacheable by the Local Traffic Manager's RAMcache, but not by client browsers. |
| 340096 | The Access Policy Manager now supports clients connecting with Mozilla Firefox 4.0. |
| 344362 | The default values for 'Packet Loss Ignore Burst' and 'Packet Loss Ignore Rate' were reversed. This has been corrected. |
| 344874 | The Access Policy Manager, when running in minimal rewrite mode, no longer erroneously prepends the protocol schema (e.g., "http://", "https://") to the Host header value. |
| 345266 | TMM no longer reverts the datagram_lb setting when configured in a UDP profile along with a message-based load balancing configuration. |
| 345850 | The Access Policy Manager no longer fails to rewrite Location header values when running in minimal rewrite mode. |
| 346501 | Clients can now connect with 4096-bit key/certificate pairs to virtual servers that utilize cryptographic acceleration hardware and require client certificate authentication. |
| 347479 | The Access Policy Manager no longer fails to return a response when a client queries the status of an expired session. A 404 Not Found HTTP response is now sent back instead. |
| 348422 | ASM was enhanced to better detect SQLi attacks. |
| 348640 | The Access Policy Manager now correctly detects the client operating system when Firefox 4.0 browsers are used. |
| 348742 | The Access Policy Manager now allows clients identifying themselves with an Internet Explorer 9 User-Agent header value. |
| 348778 | ASM's detection of cross-site scripting (XSS) attacks has been improved. |
| 348876 | Support for Trend Micro's Worry-Free Business Security had been added to OPSWAT. |
| 349373 | A defect has been addressed which could cause TMM to core and restart under some conditions when an iRule command causes the TCL interpreter to suspend and resume. The failure condition could be accompanied by a variety of log messages in /var/log/tmm, including the following: Assertion "valid tclconn for cf" failed. |
| 349410 | ASM now supports byte order mark (BOM) in the middle of XML stream. This can be used to avoid blocking or triggering an XML violation when uploaded Microsoft documents are included in the XML payload, such as with Outlook Web App (OWA).here is a new internal parameter "allowBOMInXMLValue", not displayed in the Configuration utility, which enables you to turn on BOM support in the middle of XML stream. To do this, you must change the default value of "allowBOMInXMLValue" from 0 (off) to 1 (on). |
| 350434 | A defect has been addressed which could cause certain commands to not complete when executed in CLIENT_CLOSED. These commands include, but are not limited to, "table" and "persist". |
| 350652 | A defect has been addressed which could cause TMM to core and restart in certain connection teardown conditions when using ramcache. |
| 350824 | We changed the order of the month and date remote logging format from "yyyy-dd-mm" to "yyyy-mm-dd". |
| 351390 | The help information for the "Highly Managed" template had been removed as the template is no longer used. |
| 351455 | The Web Accelerator module no longer erroneously removes "Accept-Ranges" headers with the value of "none" from origin web server responses. |
| 351579 | Moving a virtual server from one server definition to another in the wideip.conf configuration file will no longer cause stale monitor configurations to remain in operation. |
| 351757 | The Access Policy Manager's client power management feature now functions correctly for clients connecting from Microsoft Windows 7 and Vista systems. |
| 352275 | The pvac process no longer leaks memory when Web Accelerator policies are reloaded and document invalidations exist. |
| 352555 | PVAC no longer cores when showing a blocking page with both ASM and WA enabled in httpclass |
| 352761 | BIND has been updated to 9.6.3 to address an issue where DNSSEC validation could fail when a new Delegation Signer record is inserted into a trusted DNSSEC validation tree. |
| 353134 | You can set the minimum TPS threshold before the system treats an IP address as suspicious or considers an IP address to be an attacker IP address. You can also set the minimum TPS threshold before the system treats a URL as suspicious or to be under attack. To configure these settings, there are two new internal parameters (not available from the Configuration utility): "dos_min_detection_ip_threshold" - The default value is 1 transaction per second. "dos_min_detection_object_threshold" - The default value is 1 transaction per second. |
| 353755 | After the Policy Builder automatically detects the web application language, the system now detects the "Attack signature stating" violation. |
| 353830 | PVAC now correctly handles a HEAD request for a PDF. |
| 354338 | You can configure whether the system continues to try writing to the remote logger if the remote logging server is unreachable. This is done by changing the configuration of the new internal parameter "guarantee_remote_logging" (not available from the Configuration utility). The default value is 1, meaning that the system continues to try writing to the remote logger if the remote logging server is unreachable. Note that this behavior may cause response latency. To stop the system from trying to write to the remote logger, change the value of "guarantee_remote_logging" to 0. |
| 354597 | The tmm process no longer cores and restarts when an empty input string is passed to any of the URI:: iRule commands. |
| 354630 | When running an Oracle Access Manager configuration, the Access Policy Manager no longer fails to forward HTTP cookies from the back-end webserver to the client. |
| 354651 | A specific issue that occurred in SOAP XML message multi-referencing was fixed. |
| 354748 | The Access Policy Manager no longer fails to rewrite some URLs in server responses when the back-end webserver has the same hostname as the virtual server. |
| 354784 | The Requests List on the Requests screen is now scrollable in FireFox version 4. |
| 354807 | Web scraping bots detection now generates DNS lookups only for requests containing user agent header of known bots. |