Original Publication Date: 12/19/2018
This release note documents the Edge Client version 220.127.116.11 release.
For a comprehensive list of documentation that is relevant to this release, refer to the following pages:
With this release for macOS, the configured application is launched only the first time when VPN is started. When the VPN is reconnected with the same session, the configured application connects automatically.
There were no features or enhancements in 18.104.22.168.
|681956-1||If you disconnect from the VPN while there is no connectivity on a statically-configured network adapter, and then if the network connectivity is restored to that adapter after the disconnection, the default route is not restored. With this release, the Edge Client restores the default route on the disconnected interface.|
|743021-1||Previously on macOS, the Edge Client did not handle return code ENOBUFS, and this resulted in DTLS connection interruption in heavy load conditions. macOS returns error code ENOBUFS when the output queue for a network interface is full. This issue is fixed now, and the DTLS connection is no longer interrupted.|
|743276-1||Previously, the Edge Client installer with Always Connected mode gave errors while installing the Stonewall service on Windows 7. This issue is fixed, and now the Edge Client and accompanying components are installed successfully.|
These fix CVE-2018-15332 (https://support.f5.com/csp/article/K12130880). The svpn component of the F5 BIG-IP APM client prior to version 22.214.171.124 for Linux and macOS ran as a privileged process and could allow an unprivileged user to get ownership of files owned by root on the local client host.
|747739-1||Previously, after auto-upgrade, checks could not be performed on macOS as the Policy Server could not verify the signature on Edge Client installation. Now, with auto-upgrade, the old custom.css file is removed, and this issue is fixed.|
|748632-2||Previously, when there were two or more endpoint checks that require OPSWAT libraries, the endpoint checks failed on macOS Mojave. Now, this issue is resolved as the OPSWAT libraries are loaded/unloaded once for each policyserver execution.|
|750649-1||Previously, with the Windows Logon Integration, the network logon using dial-up connection failed with Connecting - Error 1471: Unable to finish the requested operation because the specified process is not a GUI process error message and VPN could not be established. This issue has been resolved.|
|714628-2||Previously, the split tunneling scope was too small to allow a large number of entries. The split tunneling scope size has been increased.|
|737443-1, 737443-2, 739090-1,739094-1||
These fix CVE-2018-5546 (https://support.f5.com/csp/article/K54431371). The svpn and policyserver components of the F5 BIG-IP APM client prior to version 126.96.36.199 for Linux and macOS ran as a privileged process and could allow an unprivileged user to get ownership of files owned by root on the local client host.
|738704-1,737362-1||These fix CVE-2018-5547 (https://support.f5.com/csp/article/K10015187). The logon integration feature of APM window client prior to version 188.8.131.52 used a system account to establish network access. This feature displayed a certificate user interface dialog box which contained the link to the certificate policy. By clicking on the link, unprivileged users could open additional dialog boxes and get access to the local machine windows explorer which could be used to get administrator privilege.|
The following are known issues in this release.
|681023||F5 endpoint inspection and F5 VPN applications are not upgraded automatically on OpenSuse 42.3 and Suse Enterprise Desktop 12 SP2. As a workaround, with the F5 EPI or F5 VPN downloads linux_f5epi.tgz or linux_f5vpn.tgz in the platform's download folder.
|681281||On Fedora 26, after disconnecting from the VPN, the default route is not restored. As a workaround, disable and re-enable the network adapter.|
|683819||When Edge Client is installed using the CLI or msiexec, the following config parameters are not installed.
|700770||With the Always Connected mode, when hosts and IP addresses are added to the exclusion list in the registry manually after the client is installed, they are deleted after the client is uninstalled. As a workaround, after the client is reinstalled, add the exclusions again.|
|703874||If the VPN is connected and disconnected repeatedly, a user may fail to log on. Edge Client retries to logon automatically and succeeds eventually.|
|708922||If the proxy configuration is deployed using DHCP option 252, then on establishing the VPN the client-side proxy configuration is ignored. As a workaround, configure client-side proxy information in IE configuration.|
|714043||NPAPI inspection host plugin on macOS does not work with the latest Endpoint Security (EPSEC) image because the policy server is bundled with individual applications and is not a part of the OESIS package. There is no workaround at this time.|
|Phone - North America:||1-888-882-7535 or (206) 272-6500|
|Phone - Outside North America, Universal Toll-Free:||+800 11 ASK 4 F5 or (800 11275 435)|
|Additional phone numbers:||See Product Support Regional Contact Information for your area.|
For additional information, please visit http://www.f5.com.
You can find additional support resources and technical documentation through a variety of sources.
Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.
AskF5 is your storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.
The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.
To subscribe, click F5 Publication Subscription Center, enter your email address, select the publications you want, and click the Submit button. You will receive a confirmation email. You can unsubscribe at any time by clicking the Unsubscribe link at the bottom of the email, or on the F5 Publication Subscription Center screen.