This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM update 9.411-3 released

Up2Date 9.411003 package description:

Remarks:
System will be rebooted
Configuration will be upgraded

News:
Maintenance Release

Bugfixes:
Fix [NUTM-6804]: [AWS] Update breaks HVM standalone installations
Fix [NUTM-6747]: [Email] SAVI scanner coredumps permanently in MailProxy after update to 9.410
Fix [NUTM-6802]: [Web] New coredumps from httpproxy after update to v9.410

RPM packages contained:
rubygem-sophos-iaas-1.0.0-0.251808053.g8ec3939.i686.rpm
ep-cssd-9.40-28.g1a032c7.rb1.i686.rpm
ep-ha-aws-9.40-376.g8ec3939.noarch.rpm
ep-cloud-ec2-9.40-47.g1d126b2.i686.rpm
ep-httpproxy-9.40-393.g39ad256.rb5.i686.rpm
ep-release-9.411-3.noarch.rpm



This thread was automatically locked due to age.
Parents
  • complete Changelog:

     


    Up2Date 9.411003 package description:

    Remarks:
    System will be rebooted
    Configuration will be upgraded
    Connected REDs will perform firmware upgrade
    Connected Wifi APs will perform firmware upgrade

    News:
    Maintenance Release

    Bugfixes:
    Fix [NUTM-534]: [AWS] Template update notification
    Fix [NUTM-6178]: [AWS] pg_xlog directory filling up on AWS deployments
    Fix [NUTM-6186]: [AWS] Make all UTM logs available in AWS CloudWatch
    Fix [NUTM-6224]: [AWS] awslogs daemon init script: restart broken
    Fix [NUTM-6296]: [AWS] REST API doesn't work in cluster mode
    Fix [NUTM-6402]: [AWS] [RESTD] Session is not closed after token is deleted
    Fix [NUTM-6804]: [AWS] Update breaks HVM standalone installations
    Fix [NUTM-5846]: [Access & Identity] IPsec Remote Access use the IP address instead of the username in the log
    Fix [NUTM-6174]: [Access & Identity] [RED] mobile_network config part not pushed to prov
    Fix [NUTM-6218]: [Access & Identity] HTML5 VPN: Comma not working on Portuguese (Brazil) keyboard
    Fix [NUTM-6374]: [Access & Identity] REDs with static WAN config are offline after update to v9.409
    Fix [NUTM-6375]: [Access & Identity] Cisco VPN with iOS doesn't work after update to 9.409
    Fix [NUTM-6647]: [Access & Identity] [IPsec] Pluto dies in UTM 9.4 MR-7 (9.4xx) HA with Remote Access PSK w/o Xauth
    Fix [NUTM-3152]: [Basesystem] libxml2 security update (CVE-2013-2877)
    Fix [NUTM-5158]: [Basesystem] glibc security update
    Fix [NUTM-5726]: [Basesystem] Follow up NUTM-5403 - Sometimes slave stuck in syncing indefinitely after failover
    Fix [NUTM-5800]: [Basesystem] curl security update
    Fix [NUTM-6127]: [Confd] Expired license loaded after reboot even if the valid license was imported already
    Fix [NUTM-6396]: [Confd] Character ">" or "<" for password will change to "&lt;"
    Fix [NUTM-5447]: [Documentation] Japanese description has the wrong vocabulary of black list at "Sender Blacklist" in user portal
    Fix [NUTM-3515]: [Email] [SPX] Using 'ß' and ',' as windows-1252 in form breaks utf-8 conversion
    Fix [NUTM-4932]: [Email] Password protected file passes SMTP proxy
    Fix [NUTM-6196]: [Email] E-Mail with Sandstorm supported and unsupported files will be moved into quarantine
    Fix [NUTM-6256]: [Email] SPX inserts Backslashes into nicename of receipient address
    Fix [NUTM-6747]: [Email] SAVI scanner coredumps permanently in MailProxy after update to 9.410
    Fix [NUTM-5656]: [Endpoint, Web] Sandstorm feature does not work if SEC managed endpoints with Full Web Control are used
    Fix [NUTM-5756]: [Network] Remove empty log lines coming from the firewall subsystem
    Fix [NUTM-6202]: [SUM] After update to v9.358 the "guid" was recreated
    Fix [NUTM-5717]: [Sandboxd] Respect "file OK" error responses from get/score for SB Proxy API 1.2
    Fix [NUTM-6165]: [WAF] Additional cookie from WAF is added without HttpOnly detail
    Fix [NUTM-6356]: [WebAdmin] AD User Test fails after first creation of an authentication server
    Fix [NUTM-4118]: [Web] Still coredumps from httpproxy since installation of rpms from NUTM-3119
    Fix [NUTM-5399]: [Web] httpproxy[xxxx]: segfault at 4 ip 00000000080c2113 sp 00000000ea8aee90 error 6 in httpproxy
    Fix [NUTM-5561]: [Web] URL category name "Potiental Unwanted Programs" spelling mistake
    Fix [NUTM-5663]: [Web] HTTP proxy restarted with core dumps in 9.407
    Fix [NUTM-5834]: [Web] 'Force caching for Sophos Endpoint updates' doesn't seem to force caching
    Fix [NUTM-5956]: [Web] UTM breaks auto-update on SAV for Mac
    Fix [NUTM-6310]: [Web] Corrected ownership and permission of sandboxd db files
    Fix [NUTM-6802]: [Web] New coredumps from httpproxy after update to v9.410
    Fix [NUTM-5366]: [WiFi] Wireless Protection Manager doesn't have sufficient rights to edit time definitions
    Fix [NUTM-5567]: [WiFi] APs remain inactive after being accepted on UTM
    Fix [NUTM-6125]: [WiFi] Customized login page displays invalid characters

    ---

    Sophos UTM 9.3 Certified Engineer

  • Update of a active-passive SW-Cluster 9.408-4 -> 9.411003:

    It ended up in a split brain cluster,  master on 9.411, slave on 9.408. After manually updating slave to 9.411  HA is still not working and I have to downgrade to 9.408-4

     

    Any other beta-testers with cluster-update experiences?

  • Worked fine here, 9.409 to 9.411, HA Active/Passive Cluster.  I think what you ran across was one of the bugs that is now fixed (the fix wouldn't have helped you avoid the situation -- it's for future HA upgrades I believe:

     

    Fix [NUTM-5726]: [Basesystem] Follow up NUTM-5403 - Sometimes slave stuck in syncing indefinitely after failover

     


    I've seen this at a customer site.  Fix was to kill the slave that was stuck, manually re-add it to the HA.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • Hi Bruce

    Thank you for your information. I will do a factory reset to the slave and then try to reconstruct the cluster with 9.411

    Regards, Peter

  • Hi all,

    I had scheduled an update for our UTMs for 9.30 pm today (via SUM). We can't do that earlier because many of our employees work remote via Citrix for one of our customers.
    After reading the comments about 9.411-3 I've cancelled the update.

     

    What about Sophos? What do you say? We need a functionally fix for 9.410 ASAP. Sorry, but I don't want to play "beta-tester" for the bugs in 9.410...

     

    Greets,

    Manu

    Viele Grüße / Best Regards,
    Manu

    - CISO -
    - Sophos SCA & Partner-

  • Pebo, I've had this happen at random in the past, but rarely.  In addition to re-imaging the Slave and Up2Dating it to the correct level, I disabled HA and then started it anew.  It worked both times that I remember.  Did you do that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Pebo, I've had this happen at random in the past, but rarely.  In addition to re-imaging the Slave and Up2Dating it to the correct level, I disabled HA and then started it anew.  It worked both times that I remember.  Did you do that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children