Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

5.6.16 release notes #745

Open
wants to merge 9 commits into
base: master
Choose a base branch
from
Open

5.6.16 release notes #745

wants to merge 9 commits into from

Conversation

Chr1st0ph3rTurn3r
Copy link
Contributor

No description provided.

MichaelBaj
MichaelBaj requested changes Jul 25, 2024
View reviewed changes
docs/release_notes_128t_5.6.md Outdated
- **The following CVE's have been identified and addressed in this release:**
CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094, CVE-2019-13631, CVE-2019-15505, CVE-2019-25162, CVE-2020-25656, CVE-2020-36777, CVE-2021-3753, CVE-2021-4204, CVE-2021-46934, CVE-2021-47013, CVE-2021-47055, CVE-2021-47118, CVE-2021-47153, CVE-2021-47171, CVE-2021-47185, CVE-2022-0500, CVE-2022-23222, CVE-2022-3565, CVE-2022-45934, CVE-2022-48627, CVE-2022-48669, CVE-2023-1513, CVE-2023-24023, CVE-2023-25775, CVE-2023-28464, CVE-2023-31083, CVE-2023-3567, CVE-2023-37453, CVE-2023-38409, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-39198, CVE-2023-4133, CVE-2023-4244, CVE-2023-42754, CVE-2023-42755, CVE-2023-45863, CVE-2023-51779, CVE-2023-51780, CVE-2023-52340, CVE-2023-52434, CVE-2023-52439, CVE-2023-52445, CVE-2023-52448, CVE-2023-52477, CVE-2023-52489, CVE-2023-52513, CVE-2023-52520, CVE-2023-52528, CVE-2023-52565, CVE-2023-52574, CVE-2023-52578, CVE-2023-52580, CVE-2023-52581, CVE-2023-52594, CVE-2023-52595, CVE-2023-52598, CVE-2023-52606, CVE-2023-52607, CVE-2023-52610, CVE-2023-52620, CVE-2023-6121, CVE-2023-6176, CVE-2023-6240, CVE-2023-6622, CVE-2023-6915, CVE-2023-6932, CVE-2024-0340, CVE-2024-0841, CVE-2024-23307, CVE-2024-25742, CVE-2024-25743, CVE-2024-25744, CVE-2024-26593, CVE-2024-26602, CVE-2024-26603, CVE-2024-26609, CVE-2024-26610, CVE-2024-26615, CVE-2024-26642, CVE-2024-26643, CVE-2024-26659, CVE-2024-26664, CVE-2024-26671, CVE-2024-26693, CVE-2024-26694, CVE-2024-26743, CVE-2024-26744, CVE-2024-26779, CVE-2024-26872, CVE-2024-26892, CVE-2024-26897, CVE-2024-26901, CVE-2024-26919, CVE-2024-26933, CVE-2024-26934, CVE-2024-26964, CVE-2024-26973, CVE-2024-26993, CVE-2024-27014, CVE-2024-27048, CVE-2024-27052, CVE-2024-27056, CVE-2024-27059, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602, CVE-2024-32487, CVE-2023-4408, CVE-2023-50387, CVE-2023-50868, CVE-2023-4408, CVE-2023-50387, CVE-2023-50868
------
- **I95-47195 Address multiple PPPoE issues:** Reintroduced the PPPoE network `reinit` script to resolve a highway crash caused by the PPPoE/LTE target `ifcfg` being a `nullptr`.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This needs to be more customer facing.
This crash is introduced when the network interface for a LTE device handles a configuration change, like a name change.

docs/release_notes_128t_5.6.md Outdated
------
- **I95-47195 Address multiple PPPoE issues:** Reintroduced the PPPoE network `reinit` script to resolve a highway crash caused by the PPPoE/LTE target `ifcfg` being a `nullptr`.
------
- **I95-47196 PPPoE device shown as operationally down when it is up:** Reintroduced network `reinit` script to reinitialize namespace, KNI, and target-interface after a config change in the `network-interface`, or under abnormal conditions such as the `target-interface` being moved out from the namespace.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I95-47196 can be merged with the one above (I95-47195).

  • I95-47195, I95-47196, I95-49015 Forwarding plane crash, causing stranded network namespaces when LTE/PPPoE network-interface name is changed: Implemented reinit script to reiniatilize namespace, KNI and target-interface after a configuration change in the network-interface.

docs/release_notes_128t_5.6.md Outdated
------
- **I95-47196 PPPoE device shown as operationally down when it is up:** Reintroduced network `reinit` script to reinitialize namespace, KNI, and target-interface after a config change in the `network-interface`, or under abnormal conditions such as the `target-interface` being moved out from the namespace.
------
- **I95-49015 PPPoE interface is not resolved after reboot of node even though auto negotiation is enabled:** Reintroduced network `reinit` script to reinitialize namespace, KNI, and target-interface after a config change in the `network-interface`, or under abnormal conditions such as the `target-interface` being moved out from the namespace.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Merge with the top 3 issues.

docs/release_notes_128t_5.6.md Outdated
------
- **I95-49218 Filter OSPF routes using RIB Policy routes:** Use the `configure authority router routing rib-policy` command from either the routing default-instance (`configure authority router routing`) or inside `configure authority router routing vrf` to provide addtional filtering for OSPF routes. For more information see [`configure authority router routing rib-policy`](config_command_guide.md#configure-authority-router-routing-rib-policy) and [`configure authority router routing vrf rib-policy`](config_caommand_guide.md#configure-authority-router-routing-vrf-rib-policy).
------
- **I95-49599 PPPd and PPPoE-connect prematurely killed by `reinit`:** This has been resolved by skipping network `reinit` when namespace, KNI, and target-interface remain unchanged. This avoids pppd being killed prematurely before PADO timeout (used to determine server not responding).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Merge with the top 3 (now 4) issues. No need to add these details as they are internal.

docs/release_notes_128t_5.6.md Outdated
------
- **I95-56203 The First Article Inspection (FAI) scan archive is empty:** Resolved an issue with `logrotate` clearing all the FAI scan archives. This was due to each archive having a unique name using a timestamp. A different service is now used to rotate the FAI scan files.
------
- **I95-56236 Routers not able to be onboarded after upgrading a Conductor:** Resolved an issue where the automated provisioner and the Quickstart processes overlapped, preventing the results files from being reviewed for errors, which stopped the onboarding process.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • I95-56236 Routers unable to onboard after upgrading the Conductor: Resolved an issue where the automated provisioner and the Quickstart processes overlapped, preventing the device state from being reviewed for errors, which stopped the onboarding process.

docs/release_notes_128t_5.6.md Outdated
------
- **I95-56726 `No Timeout Queue` message logged in cases where a config commit fails, or a conductor fails to load a config on startup:** Resolved an issue with `ThreadPoolWithExternalPoller` that resulted in a stack trace in the logs which starts with message `No TimeoutQueue:`.
------
- **I95-56727 Allow domain names that begin with numerically:** Warnings are no longer generated for domain-name elements of service configurations which have labels beginning with a number, for example `123.abc.com`.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • I95-56727 Domain names that begin with numbers are not allowed to be configured: Warnings are no longer generated for domain-name elements of service configurations which have labels beginning with a number, for example 123.abc.com.

docs/release_notes_128t_5.6.md Outdated
------
- **I95-56727 Allow domain names that begin with numerically:** Warnings are no longer generated for domain-name elements of service configurations which have labels beginning with a number, for example `123.abc.com`.
------
- **I95-56822 Router stuck in a continuous upgrade/failure state:** Resolved an issue when DNS name servers were changed on the conductor, in certain cases the conductor software proxy would not correctly load these changes. In this scenario the proxied router software requests would use an out of date DNS configuration for the proxied requests.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • I95-56822 Router stuck in a continuous upgrade/failure state: DNS name servers changes on the conductor are not honored. In cases where the DNS configuration changed post boot, the conductor software proxy would not reload the config. In this scenario the proxied router software requests would use an out of date DNS configuration for the proxied requests, resulting in failure.

docs/release_notes_128t_5.6.md Outdated
------
- **I95-56850 Overlap warning on router not present on conductor:** Resolved a case where a service on a router is configured with `applies-to`, and the same service is configured on the conductor (overlap) but does not have `applies-to` configured, the validation process will generate a warning on the router but not the conductor.
------
- **I95-57000 Hub crash while generating TSI log:** Resolved an issue where unmapped memory access during packet buffer location walk caused a hub crash. Protections against unmapped memory access have been added.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This appears identical to I95-56326 listed above. Please merge the two.

docs/release_notes_128t_5.6.md Outdated
------
- **I95-57017 Application ID failed to block some domains:** Resolved an issue where DPI failed to identify the domain-name from SNI if the `client-hello` is split up into multiple TCP packet segments.
------
- **I95-57082 Unable to delete a capture-filter using an escape character (/):** This issue has been resolved.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • I95-57082 Unable to delete a capture-filter that contains a forward slash (/): This issue has been resolved.

docs/release_notes_128t_5.6.md Outdated
------
- **I95-57114 Unable to upgrade AWS Conductor:** Resolved an issue where an incorrect package version was installed, triggering a downgrade and preventing the upgrade.
------
- **I95-57205 Repeated core dumps:** Resolved a race condition where a thread tries to call a function before the object is fully made. In this case the object was for DHCP, LTE, and PPPoE interfaces.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • I95-57205 Race condition on startup with DHCP configured on LTE or PPPoE interface, causing system to crash: This issue has been resolved.

@MichaelBaj MichaelBaj self-requested a review August 7, 2024 22:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MichaelBaj MichaelBaj MichaelBaj approved these changes

@Bhautik Bhautik Awaiting requested review from Bhautik

@jeffmart-jnpr jeffmart-jnpr Awaiting requested review from jeffmart-jnpr

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Chr1st0ph3rTurn3r @MichaelBaj