Updated Date: 06/27/2010
This release note documents the version 5.3.1 maintenance release of the WebAccelerator system. We recommend this maintenance release only for those customers who want the fixes and enhancements listed in Fixes and enhancements in this release. This maintenance release is cumulative, and includes all fixes and enhancements released since version 5.2. You can apply the software upgrade to 5.2 and later. For information about installing the software, please refer to Initial configuration and license activation.
Note: F5 now offers both feature releases and maintenance releases. For more information on our release policies, please see Description of the F5 Networks software version number formats.
In addition to these release notes, the following user documentation is relevant to this release.
You can find the product documentation and the solutions database on the AskF5 Technical Support web site.
The supported browser for the Administrator Tool is:
Microsoft® Internet Explorer®, version 6.0
This release supports the following platforms:
If you are unsure which platform you have, look at the sticker on the back of the chassis to find the platform number.
To activate the software, you need a valid license certificate. To obtain a license certificate, the WebAccelerator system provides a registration key and a dossier to the F5 Networks licensing server when you perform the following steps:
The first procedure you must complete is to connect the WebAccelerator system platform to a computer that is running terminal emulation software.
After you connect to a terminal emulator, you must complete the initial configuration of the WebAccelerator system and the verify the configuration.
To activate the system license, you need a valid license certificate. To obtain a license certificate, you must provide the WebAccelerator system's registration key and a dossier to the F5 Networks licensing server, using one of the following methods:
To obtain a license certificate for a remote WebAccelerator system in an optional clustered configuration, you must provide the remote WebAccelerator system's registration key and a dossier to the F5 Networks licensing server, using one of the following methods:
This release includes the following fixes and enhancements.
Reconnecting to the comm_srv process after lost connectivity (CR68983)
Previously, when connectivity was disrupted between WebAccelerator systems in a clustered configuration, remote WebAccelerator systems could not reconnect to the comm_srv process on the central WebAccelerator system when the connectivity issue was fixed. We have resolved this issue and remote WebAccelerator systems can now properly reconnect to the comm_srv process once connectivity is reestablished with the central WebAccelerator system.
Performing automatic license activation from a WebAccelerator system with no Internet access (CR70227)
Previously, if a user attempted to perform automatic license activation from a WebAccelerator system that had no Internet access, the WebAccelerator system would enter an infinite error loop and the Management Console would become disabled. We have resolved this issue and now if a user attempts to perform automatic license activation from a WebAccelerator system with no Internet access, the WebAccelerator system will return an error, but the Management Console will remain accessible.
Synchronizing an upgrade between primary and secondary WebAccelerator systems (CR73036)
In previous releases, when you upgraded a WebAccelerator system that was in an optional primary/secondary configuration, the installer script did not properly synchronize the upgrade to the secondary WebAccelerator system’s Management Console. We have resolved this issue and the Management Consoles now properly synchronizes after an upgrade.
MIME types and file extensions for Flash content (CR73144)
This software release includes MIME types and file extensions required for Flash documents. These new objects are located in the globalfragment.xml file.
Accessing the Administrator Tool on the WebAccelerator 400 platform (CR73242)
Previously, performance of the Administrator Tool on the WebAccelerator 400 platform was impaired. We have resolved these performance issues in this software release.
Using the Express Loader feature in a clustered configuration (CR73647)
Previously, the Express Loader feature did not work properly on remote WebAccelerator systems deployed in an optional clustered configuration. We have resolved this issue and the Express Loader feature now operates correctly on both remote and the central WebAccelerator systems.
Unnecessary DNS lookups (CR73690)
Previously, the WebAccelerator system performed unnecessary DNS lookups for host names that were already configured in the /etc/host file. We have resolved this issue and the WebAccelerator system no longer performs unnecessary DNS lookups.
Daylight Saving Time handling for US and Canada (CR73948)
The Energy Policy Act of 2005, which was passed by the US Congress in August 2005, changed both the start and end dates for Daylight Saving Time in the United States, effective March 2007. Canada is also adopting this change. We have addressed the resulting changes in this software release. To find out more about this issue, see Solution 6551: F5 Networks software compliance with the Energy Policy Act of 2005
Serial console script (CR74285)
In previous releases the serial console script, appl_console, did not run correctly and instead of displaying the WebAccelerator system’s Management Console menu, it presented the user with a log in prompt. We have corrected this issue and the appl_console script now runs correctly and properly displays the WebAccelerator system’s Management Console menu.
Idle server connections (CR76075)
In previous releases, the WebAccelerator system kept connections open to the origin web servers longer than necessary, which resulted in idle server connections that could cause potential network latency. In this software release, the WebAccelerator system’s pvac service reduces idle server connections.
Sending Accept-Encoding gzip headers (CR77972)
When enabled in the pvsystem.conf file, the WebAccelerator can send Accept-Encoding headers with the value of gzip to the origin web server to optimize bandwidth requirements in certain network configurations by compressing content. For information about how to enable this feature, see To enable the Accept-Encoding gzip feature in the Optional Configuration Change section.
CVE-2007-1856 Vixie cron vulnerability causes denial of service (CR80063)
This software release contains a fix that resolves a vulnerability issue associated with Vixie cron that can cause a denial of service. The Common Vulnerabilities and Exposures (CVE) project assigned ID CVE-2007-1856 to this vulnerability. For more information, see CVE-2007-1856.
CVE-2006-1174 Local permissions vulnerability with the shadow-utils useradd function (CR81597)
This software release contains a fix that resolves a permissions vulnerability issue related to the useradd function of the shadow-utils. The Common Vulnerabilities and Exposures (CVE) project assigned ID CVE-2006-1174 to this vulnerability. For more information, see CVE-2006-1174.
Database synchronization to the standby WebAccelerator system’s Management Console (CR82446)
In previous versions, the database synchronization to the standby WebAccelerator system’s Management Console appeared to fail, due to an issue in the logging script. We have corrected the logging script and resolved this issue.
Daylight Saving Time handling for New Zealand (CR85165)
In April 2007, the New Zealand Department of Internal Affairs announced that effective September 2007, Daylight Savings Time will be extended by three weeks. We have addressed the resulting changes in this software release.
CVE-2007-3999 and CVE-2007-4000 Kerberos 5 administration daemon vulnerabilities (CR85166)
This software release contains a fix that resolves vulnerability issues with the Kerberos 5 administration daemon, kadmind. The Common Vulnerabilities and Exposures (CVE) project assigned ID CVE-2007-3999 and CVE-2007-4000 to these vulnerabilities. For more information, see CVE-2007-3999 and CVE-2007-4000.
CVE-2007-3108 Open SSL RSA private key vulnerability (CR85168)
This software release contains a fix that resolves a vulnerability issue with the Montgomery multiplication process associated with RSA private keys. The Common Vulnerabilities and Exposures (CVE) project assigned ID CVE-2007-3108 to this vulnerability. For more information, see CVE-2007-3108.
CVE-2007-3798 TCP dump integer overflow in print_bgp.c dissector vulnerability (CR85202)
This software release contains a fix that resolves a vulnerability issue with the TCP dump integer overflow in the print_bgp.c dissector. The Common Vulnerabilities and Exposures (CVE) project assigned ID CVE-2007-3798 to this vulnerability. For more information, see CVE-2007-3798.
The current release includes the fixes and enhancements that were distributed in prior maintenance releases, as listed below. (Prior releases are listed with the most recent first.)
The 5.2 maintenance release included the following fixes and enhancements.
This WebAccelerator system includes the following pre-defined policies:
Web Accelerator 4500 Platform
WebAccelerator system includes support for the 4500 platform. This platform includes two 139GB RAID hard drives and redundant power supplies to ensure continuous operation in the event of power supply failure. Additionally, this platform is compliant with the Restriction of Hazardous Substances (RoHS) regulations and meets RoHS guidelines regarding lead-free electronic equipment.
PDF version 1.4 documents (CR65046)
The WebAccelerator system now properly handles PDF version 1.4 documents.
X-PvInfo response header value (CR65047)
The value for the X-PvInfo response header's S code, which under certain conditions was incorrectly displaying a value of 0, now displays the proper value.
After you install the WebAccelerator software, or any time you modify the pvsystem.conf file, you must stop and restart the WebAccelerator system, by typing the following commands:
service pivia stop
service pivia start
This software release introduces a feature that forces the WebAccelerator system to always request from the origin web server, content that is compressed using the gzip utility, if it is available. The procedure you use to enable this feature depends on if you have upgraded from WebAccelerator system version 5.2 to version 5.3.1, or if you performed a fresh install of version 5.3.1.
If you upgraded from WebAccelerator system version 5.2 to version 5.3.1, complete the following procedure to enable the Accept-Encoding gzip feature.
Using SSH, log in to the WebAccelerator system using the root username and password.
forceOWSGzippedRequests globaly sets the HTTP request header that is send to the OWS.
If a request is sent to another WebAccelerator only GZIP is sent in the header otherwise
we use this setting. true|false
If you performed a fresh installation of WebAccelerator system version 5.3.1, complete the following procedure to enable the Accept-Encoding gzip feature.
Using SSH, log in to the WebAccelerator system using the root username and password.
The following items are known issues in the current release. Maintenance release known issues are cumulative, and include all known issues for a release.
Loading pre-defined policies during initial WebAccelerator software installation (CR68441)
When performing the initial installation of the WebAccelerator software, a pre-defined policy may fail to load. If this occurs, the WebAccelerator system reports the failure in the installation log, and the policy does not display in the pre-defined policy list. To view the installation log, type the more /tmp/pvinstall.log command. If the installation log reports missing policies, see Installing pre-defined policies manually in the Workaround for known issue section.
pvac stack trace reports error (CR68783)
When the pvac process shuts down for any reason (for instance, if you use the /etc/init.d/pivia stop command to shut it down manually, or if you reboot the WebAccelerator system), and then you view the version information using the /etc/init.d/pivia versionx, the pvac stack trace reports the following error message: Caught terminating signal, probably due to invalid application state. This error is benign.
Network configuration script (CR68985)
The network configuration script does not validate network configuration settings, and the Management Console does not report any existing network misconfigurations. To avoid issues, verify your network settings carefully before saving the configuration and rebooting the WebAccelerator system. If you discover an error in your network configuration during your review, rerun the network configuration script and correct the issue before rebooting.
Providing the dossier for licensing (CR70231)
When you are using the Management Console to manually license the WebAccelerator system, the dossier does not display properly. To work around this issue, license the WebAccelerator system using the procedure described in Solution 6697: Installing a license from the command line on AskF5.
The following section describes the workaround for the corresponding known issue listed in the previous section.
If the installation log reports missing pre-defined policies after you perform the initial installation of the WebAccelerator software, perform the following steps to install the missing policies manually.
To manually install missing pre-defined policies
/etc/init.d/pivia import_config -f /opt/pivia/dac/policies/predefined/FAILED_POLICY.xml -c /opt/pivia/dac/conf/pvsystem.conf -a administrator -p PASSWORD -r -u -y
Where:PASSWORD is the administrator password you assigned when you installed the WebAccelerator software.