browse
On Wednesday 16 Nov, 2022, Cisco Umbrella will release Virtual Appliance (VA) patch version 3.3.4 to the first, second, third and final wave of the production track.
On Monday, May 2, 2022, Cisco Umbrella will release Virtual Appliance (VA) patch version 3.3.3 to the first, second, third and final wave of the production track.
On Thursday, April 28, 2022, Cisco Umbrella will release Virtual Appliance (VA) patch version 3.3.3 to the stage track.
On Monday, April 18, 2022, Cisco Umbrella will release Virtual Appliance (VA) version 3.3.1 and patch version 3.3.2 to the final wave of the production track.
On Thursday, April 7, 2022, Cisco Umbrella will release Virtual Appliance (VA) version 3.3.1 and patch version 3.3.2 to the second and third wave of the production track.
On Wednesday, April 6, 2022, Cisco Umbrella will release Virtual Appliance (VA) patch version 3.3.2 to the stage and first wave of the production track.
On Thursday, March 31, 2022, Cisco Umbrella will release Virtual Appliance (VA) version 3.3.1 to the first wave of the production track.
On Thursday, March 24, 2022, Cisco Umbrella will release Virtual Appliance (VA) version 3.3.1 to the stage track.
Customer VAs may upgrade over a period of days as opposed to consecutively upgrading one after another. To receive this upgrade, ensure that your firewall is configured to enable access to disthost.umbrella.com.
As a reminder, two VAs must be deployed in order to upgrade automatically during the upgrade window.
In accordance with Cisco policy, a list of open source software modules used in the VA is attached to these release notes. It contains licenses and notices for open source software used in this product.
CHANGE SUMMARY (3.3.3 to 3.3.4)
Addresses issue in version 3.3.3 where syslog is not rotated resulting in disk full. This is a patch release and will not cause the VA to restart.
CHANGE SUMMARY (3.3.2 to 3.3.3)
Addresses issue in version 3.3.2 where console access to VAs running on VMware, Hyper V, KVM or Nutanix does not work. This is a patch release and will not cause the VA to restart.
CHANGE SUMMARY (3.3.1 to 3.3.2)
SSH keys are rotated upon upgrade. This will address the vulnerability described here. This is a patch release and will not cause the VA to restart.
KNOWN ISSUES IN VERSION 3.3.2:
Console based access for VAs running on VMware, Hyper-V, KVM and Nutanix may not work. For VAs running version 3.3.2, SSH based access is recommended. Console based access will be fixed in an upcoming patch release.
CHANGE SUMMARY (3.2.3 to 3.3.1)
Query against SNMP OIDs .1.3.6.1.4.1.8072.1.3.2.4.1.2.4.113.112.115.53 (QPS over previous 5 minutes) and .1.3.6.1.4.1.8072.1.3.2.4.1.2.5.113.112.115.49.53 (QPS over previous 15 minutes) now return only the QPS value and not the accompanying string description.
Support for deploying VA behind loadbalancers which have the capability to inject the endpoint source IP in ECS when forwarding the DNS request to the VA. This feature has specifically been qualified with the F5 BIGIP-LTM 16.1.1 version, where the F5 can inject the endpoint source IP in DNS requests that it sends to the VA. This allows the VA to gain visibility of the actual source IP (and not just the loadbalancer IP) so that it can be used for Umbrella policy and reporting.
Addresses issue where more than 2 local DNS servers could not be added with the conditional forwarding feature.
CHANGE SUMMARY (3.2.2 to 3.3.1)
Introduces new SNMP OIDs .1.3.6.1.4.1.8072.1.3.2.4.1.2.4.113.112.115.53 (QPS over previous 5 minutes) and .1.3.6.1.4.1.8072.1.3.2.4.1.2.5.113.112.115.49.53 (QPS over previous 15 minutes) to enable querying the current load on the VA in terms of queries processed.
Support for deploying VA behind loadbalancers which have the capability to inject the endpoint source IP in ECS when forwarding the DNS request to the VA. This feature has specifically been qualified with the F5 BIGIP-LTM 16.1.1 version, where the F5 can inject the endpoint source IP in DNS requests that it sends to the VA. This allows the VA to gain visibility of the actual source IP (and not just the loadbalancer IP) so that it can be used for Umbrella policy and reporting.
Addresses issue where more than 2 local DNS servers could not be added with the conditional forwarding feature.