Known Issues: ~~~~~~~~~~~~~ Opengear are aware of the following product specific issues with this release: - The number of nodes connected to a secondary Lighthouse will be listed as unknown if the connection between the two Lighthouses is broken. - If a remote authentication server is configured, but it is down, there may be a delay or a failure in authenticating local users via the web UI. - When applying configuration templates, ensure the set of nodes you are pushing to is a small number (<50), large pushes can take a long time to complete. - Due to improvements in the network validation routines, please check the correctness of network settings before upgrading. Specifically if a device is being assigned the same address both statically and via DHCP, this will now cause validation failures which may result in an upgrade rollback. Fixes and Features by Version: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 19.Q3.0 (August, 2019) - Add support for multiple secondary Lighthouse instances - Added numerous improvements to multi instance upgrades - Added numerous improvements to multi instance node enrollments - Add support for deploying Lighthouse on AWS - Add support for backing up and restoring Lighthouse configuration - Add support for backing up managed node configuration (requires Console Server v4.6+) - Add support for remote authentication using LDAPS - Add node-id in the node list display in Lighthouse UI - Add support for SSH links to nodes via node-id - Add support for displaying third party nodes in node-info on CLI - Improved Licence expiry banner display - Improved node status dashboard widget links to more useful filtered list of nodes - Improved SNMP traps sent for node connection/disconnection - Defects fixed since 19.Q2.2 - Fixed an issue where Lighthouse was reporting negative time in "Last Changed" field - Fixed an issue with memory management of ogconfig-srv - Improved processes around node connection while adding dependant secondary Lighthouse instances - Fixed Lighthouse not listening correctly on alternative enrollment port 19.Q2.2 (June, 2019) - Defects fixed since 19.Q2.1: - Fix issue with many (> ~500) 3rd party console servers where some would not start up correctly - Fix potential upgrade issue from versions pre-5.3.0 under certain circumstances 19.Q2.1 (June, 2019) - Defects fixed since 19.Q2.0: - Fix issue with multiple overlapping config retrieval operations occasionally crashing - Improve speed of configuration for large numbers of 3rd party nodes 19.Q2.0 (May, 2019) New features in this release: - Add support for Azure deployment - Add ability to upgrade multi-instance Lighthouse deployments using a provided script - Add license expiry warnings. Expired licenses will put Lighthouse into a read only operational mode - Licenses are now uploaded as a file - Lighthouse now supports retrieval and reporting on cellular health status for enrolled nodes - Updated base operating system, new versions of many opensource packages - Fixed potential vulnerability in web terminal - Add ability to filter nodes by connection status - Add script to set static IP (for support assistance) - Defects fixed since 5.3.0 - Scalability improvements for third party enrollment - Fix issues where sudoing as root may not grant the expected permissions - Fix issue where it was not possible to search by internal VPN address - Fix issue where secondary lighthouses could lose their network configuration upon enrollment 5.3.0 (February, 2019) New features in this release: - Add support for adding a secondary Lighthouse for the purpose of redundancy and failover - Add support for changing the IP range to use for the internal Lighthouse VPN - Add support for applying authentication templates to OM22xx devices - Add support for applying user and group templates to OM22xx devices - Third party node authentication settings can now be modified using the REST API - Improved network validation - Updated base operating system, new versions of many opensource packages - Defects fixed since 5.2.2u1 - Fix display error in ogconfig-cli where references displayed the wrong target path - Fix authorization error for users with short usernames 5.2.2u1 (December, 2018) Defects fixed since 5.2.2: - Improved performance for script template push to OpenGear console server - Improved reliability of authentication 5.2.2 (September, 2018) New features in this release: - Upgrade OpenSSH to 7.7p1 - Add OM22xx Operations Manager enrollment support and basic management - Add support for running NetOps Automation Modules - Add Secure Provisioning module for NetOps Automation - Add expect to the Lighthouse CLI for custom scripting - Add MOTD banner post-login that displays IP address information - New deployments include a secondary drive for NetOps Modules. Upgrades of existing deployments will need to manually add this disk. - Update the Web UI to use Ember 2.16 - Add support for running Docker containers on Lighthouse - Defects fixed since 5.2.1u1: -- Improve handling of node's cellular addresses (requires console servers to be version 4.4 or above) -- Fix an rare incorrect authentication failure in the REST API -- Fix incorrect error when on script template PUT REST API endpoint -- Fix spurious log messages when connecting via SSH as an Admin user -- Fix incorrect error when invalid address entered into Authentication template UI -- Fix /system REST API endpoints being visible by Node Admin users -- Fix incorrect error when invalid arguments passed to node-copy cli -- Fix syslogd not restarting if the process exits -- Fix references in ogconfig-cli displaying with off-by-one indices - Selected CVEs fixed since 5.2.1u1: -- CVE-2017-17080 -- CVE-2017-16830 -- CVE-2017-16831 -- CVE-2017-16832 -- CVE-2017-17123 -- CVE-2017-16828 -- CVE-2017-17125 -- CVE-2017-17122 -- CVE-2017-17124 -- CVE-2017-17121 -- CVE-2017-16829 -- CVE-2017-16827 -- CVE-2017-16826 -- CVE-2018-5390 -- CVE-2018-5391 -- CVE-2018-6323 5.2.1u1 (July, 2018) Defects fixed since 5.2.1: - Fixed snmpwalk not listing all nodes. - Fixed upgrade to 5.2.1 failing when LDAP auth is configured. 5.2.1 (June, 2018) The following endpoint namespaces have been modified in v3 of the REST API, so v1, v1.1, and v2 have been deprecated and will no longer be updated. As the endpoint's functionality has changed, there may be changes required to user programs utilising the REST API. Refer to the REST API documentation for v3 for example request/response bodies. Deprecated endpoints since 5.2.0u1: /v2/auth /v2/templates In general, prefer the latest version of the REST API (v3) in your own programs as this ensures the latest functionality is available. New features in this release: - Add SNMP MIBs for Lighthouse 5. - Add support for SNMP TRAP/INFORM messages on node connection status changes. - Improve password handling in ogconfig server. - Add support for Google Compute Engine deployment. - Extend functionality for User and Group templates. - Allow node users to have rights limited to specific ports on nodes. - Add support for Console Gateway SSH links to use specified external address. - Add support for exporting syslog to remote server. - Add support for LDAP ignore_referrals. - Default LHVPN timeout reduced to 60 seconds, and added config option to allow custom value. - Changed sidebar ordering for sub-elements. - Add support for configuring number of nodes/ports per page. - Web UI pop-ups can now be closed by hitting escape and submitted by pressing enter. - Defects fixed since 5.2.0u1: -- Fixed warning bar not showing when licence limit is exceeded. -- Fixed third party nodes causing a config sync error. -- Fixed UI allowing duplicate external endpoints. -- Fixed deleted template appearing on UI. -- Fixed DOM error on Remote Authentication page. -- Fixed success message not showing on bundles page. -- Fixed race condition with script templates. -- Fixed error when disabling enrolment only REST API port. -- Fixed Cisco 2900 failing if MOTD set. -- Fixed error on REST API Port endpoint. -- Fixed memory leaks in REST API. -- Fixed pmshell crashing if columns set to 1. -- Fixed third party node config sync error. -- Fixed rare segfault when deleting users. -- Fixed core daemons from having multiple instances. -- Made delete icon in web-ui consistent. -- Fixed error when editing Authentication templates. 5.2.0u1 (April, 2018) Defects fixed since 5.2.0: - Fix issue with session IDs 5.2.0 (March, 2018) The following endpoint namespaces have been modified in v2 of the REST API, so v1, and v1.1 have been deprecated and will no longer be updated. As the endpoint's functionality has changed, there may be changes required to user programs utilising the REST API. Refer to the REST API documentation for v1.1 for example request/response bodies. Deprecated endpoints since 5.1.1u1: /v1.1/auth /v1.1/search /v1.1/nodes/smartgroups /v1.1/ports /v1.1/support_report /v1.1/services/console_gateway In general, prefer the latest version of the REST API (v2) in your own programs as this ensures the latest functionality is available. New features in this release: - Large performance improvements across the board, allowing for larger numbers of nodes to be used on a single Lighthouse instance - Updated base operating system, new versions of many opensource packages - Add support for Hyper-V deployment - Add support for configuring an enrollment-only HTTPS REST API endpoint - Add managed device filters to UI and REST API - Add search support in ogconfig-cli - Make Console Gateway SSH links use the configured External Network Address - Add a syslog entry when a new local user is created - Add support for mounting additional filesystems for bulk file storage - Add link to download the user manual - License body is now hidden from UI - Add human readable format for uptime in support report - Add SNMP service and reporting - Add log rotation to /var/log/wtmp - Defects fixed since 5.1.1u1: -- Manually installed SSH keys are no longer breaking shell access -- Fix multiple issues caused by nodes with duplicate names -- Disable TCP timestamps -- Use SHA512 instead SHA1 in certificate generation -- Deleting a CSR now removes it from the SQL database -- Fix a failure with Avocent 3rd-party enrollments when using non-default serial port settings -- Fix issues with AAA logins and add more error reporting -- Fix crash in ogadduser when referencing a non-existent group -- Fix Administration/System button not responding in IE11 -- Fix uncommon error message in syslog when unenrolling 3rd party nodes -- Fix upgrade issues that could occur from 5.1 to 5.1.1u1 -- Fix lhadmin users not being able to run node-command -- Fix last successful config push losing status -- Fix lack of copy/paste in the Web Terminal 5.1.1u1 (December, 2017) This is a patch release for a critical issue that prevented nodes being enrolled or coming back online after a system reboot in some circumstances. 5.1.1 (December, 2017) The following endpoint namespaces have been modified in v1.1 of the REST API, so v1 has been deprecated and will no longer be updated. As the endpoint's functionality has changed, there may be changes required to user programs utilising the REST API. Refer to the REST API documentation for v1.1 for example request/response bodies. Deprecated endpoints: /v1/nodes /v1/system /v1/auth /v1/bundles /v1/users /v1/groups /v1/templates In general, prefer the latest version of the REST API (v1.1) in your own programs as this ensures the latest functionality is available. New features in this release: - (Breaking change) AAA groups are now case-sensitive when mapping to local group authorization. This will only effect AAA groups that use capital letters. - Change node names to be automatically synchronized to console server's hostname (needs CS firmware 4.1.1) - Add support for pushing templated bash scripts to nodes (needs CS firmware 4.1.1) - Add support for configuring a CLI session expiry - Add Smart Group support to node-command and associated tools - Improve performance of our REST API - Improve usability of our Console Port Access page - Add more examples to our REST API documentation - Add ability for AAA-users to be defined locally without password - Allow local user group names to contain more special characters - Add netgrp user group that will contain all AAA users, allows for default permissions for AAA users - Default netgrp permissions to Lighthouse Admin - Add support for templates to be associated with bundles for automatic configuration application on enrollment - Add information about current user to top bar in UI - Add vmxnet3 driver for better VMWare virtualization support - Add reporting about configuration template push status to node details - Change default Lighthouse VPN MTU to be 1400 - Add ability to change the MTU for the Lighthouse VPN - Add REST API endpoint to expose current firmware and API versions - Add better node status reporting in the UI - Update our HTTPS ciphers and protocols to comply with Mozilla Server Side TLS Recommended guidelines - Add command line support for scheduling cron jobs - Defects fixed since 5.1.0: -- Fix assorted authorization issues -- Fix issues caused when date is set to the past -- Fix failing configuration synchronizations causing enrollment to fail -- Fix inconsistencies in node terminology in the UI -- Fix crashes in ogconfig-cli -- Fix excess incorrect failure messages in syslog during successful enrollment -- Fix syslog error messages during unenrollment of 3rd party console servers -- Fix rare issue where the preflight check would list no nodes -- Fix browser window title incorrectly persisting after leaving console gateway page -- Fix ability to disable the root user -- Fix incorrect pmshell error message when no nodes selected -- Fix system details popover incorrectly sticking on screen -- Fix TACACS authentication hang when duplicate remote groups were discovered -- Fix ability for console servers with _ in hostnames to be enrolled -- Fix TTY parsing for Cisco 2900 3rd party console servers -- Fix incorrect usage information for node-upgrade -- Fix issue where long-lived LH5 instances would stop responding to REST API requests -- Fix TACACS Login authentication -- Fix Web Terminal copy and paste issues -- Fix rare configuration retrieval failing on node descriptions -- Fix configuration template pushes that raise errors never being marked as complete -- Fix remote AAA Lighthouse Admin users being unable to delete templates -- Fix Web UI Proxy when LH5 is being an external DNAT rule -- Fix user UID conflicts after switching from remote to local authentication schemes -- Fix memory leaks in configuration backend -- Fix memory leaks in our REST API -- Fix the disable multiple button not working on the Users page -- Fix left side bar inconsistencies -- Fix missing error messages when trying to add 3rd party nodes with more than 400 serial ports -- Fix enrollment breaking when secure HTTPS ciphers are configured on the console server -- Fix enrollment failures if remote node has portshare password set -- Remove autorefresh on Preflight and Template push pages 5.1.0 (August, 2017): This introduces many new features on Lighthouse 5.0.0 and resolves bugs raised from the beta. - (Breaking change) The Lighthouse OpenVPN connection now runs on UDP. This means Lighthouse 5.1.0 is only compatible with Opengear Console Servers version 4.1.0+. - Add functionality for pushing configuration templates to groups of Opengear devices. Currently supported are Group and AAA templates. - Add node-upgrade command line utility. - Add system upgrade to the web UI. Users are able to upload a new system image or provide a URL where the file is hosted. - Add license restrictions to the Lighthouse. Without a license, the Lighthouse is in evaluation mode with a limit of 5 enrolled nodes. Users can purchase licenses that increase that limit and give access to enrol third party devices. - Add automated migration for configuration when upgrading to new Lighthouse versions. - Add support for specifying multiple endpoints to access a Lighthouse device (from an Opengear Console Server) and custom ports on the Lighthouse that will listen for incoming requests. - Add device support for non-Opengear devices (known as third party devices) with native configuration support for: -- Avocent ACS 6000 & 8000 -- Avocent Classic -- Cisco ISR2921 - Add Console Gateway page with responsive searches over devices' serial ports - Improved pmshell command line utility. - Improved the config cli for manipulating Lighthouse configuration (ogconfig-cli). - Improved the speed and stability of the configuration server and REST API. - Improved the Web UI for usability. - Improved configuration validation and feedback to client. - Improved RAML documentation for the REST API. - Defects fixed from 5.0.0b0 release: -- Users are redirected correctly after logging in. -- Fixed some stty issues around remote CLI sessions. -- Improved feedback when user attempts to access commands without suitable permissions. -- Free text search with multiple terms -- SSH custom delimeter parsing -- Disabling an interface could cause other interfaces to go down -- Group names can now contain a dash -- Console Gateway conventions are now adhered to for specifying username and port labels -- Improved shutdown & restart times -- Fixed enrollment of Console Servers with ports in Serial Bridging and Terminal Server mode -- Hostname and system time will now change in syslog when the system is updated -- A user's home directory will now be deleted when the user is deleted -- REST requests proxied via the Lighthouse to the Console Server will now be forwarded correctly by the Lighthouse -- Fixed an enrolment failing to complete if a node was approved too early in the registration stage. A node can now be approved at any point without breaking the enrollment. 5.0.0 (April, 2017): This is a ground up rewrite of Lighthouse. New features include: - Add modern HTML5 Web UI - Add streamlined user and groups mechanisms - Add secure OpenVPN connections to remote nodes - Add REST API for external integration and control of LH5 - Add HTML5 local web terminal - Add HTML5 Console Gateway terminals - Add 'Smart Groups', a way to group managed nodes through saved searches over their configuration and associated searchable tags - Add support for searchable tags to be added to managed nodes - Add a quick search bar at the top of every UI page that lists managed nodes - Add initial and on-going synchronization of node serial port configuration, avoiding the need to 'Retrieve Managed Devices' - Add streamlined enrollment methods via DHCP ZTP, USB, or Web UI - Add consistently validated configuration backend - Add tab-completable config cli