Skip to content

Release 3.1.34

Latest
Latest
Compare
Choose a tag to compare
@subashd subashd released this 08 Jul 12:41
· 2 commits to master since this release
3.1.34
2971c75
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Version 3.1.34

What's new

Certificate key bundle support in NetScaler by using the NetScaler Ingress Controller

NetScaler Ingress Controller now supports certificate bundle (certkeybundle) functionality, which is supported on NetScaler starting from release 14.1 build 21.x. With this functionality, the issue with the certificate chain and the additional handling that is required when two certificates share an intermediate CA are resolved. For more information on certificate key bundle support in NetScaler, see Support for SSL certificate key bundle.

Enhanced WAF policy control with the exclude option

You can now use the exclude option to define which URLs, headers, and methods the WAF policy must ignore. If this option is not configured, the WAF inspects all URLs or the targets by default.

This enhancement improves the efficiency of managing WAF policies for microservices-based applications. You can create detailed lists of URLs to be excluded from WAF scanning, allowing for more precise policy enforcement. For example, you can configure the WAF to scan the URL /a while excluding /a/c from inspection. Also, this enhancement allows specifying headers and HTTP methods to be excluded, offering greater flexibility and control over WAF policy configuration.

For more information, see Configure web application firewall policies with the NetScaler Ingress Controller.

Fixed Issues

  • NetScaler ingress controller does not work as expected for ingresses if SSL profile settings are present in the ConfigMap.

  • The Policy-Based Routing (PBR) configurations performed by the NetScaler Ingress Controller (NSIC) on VPX might not work as expected in the following scenarios:

    • When the Kubernetes worker node, for which NSIC has configured the PBR route on VPX, is deleted.
    • When SNIPs of NetScaler VPX provided for the PBR route are not in the correct format in the NSIC ConfigMap.

  • During reconciliation, NetScaler ingress controller expects that the certificate binding is present in the content switching virtual server. But, NetScaler ingress controller does not check if the binding exists.

  • If there are multiple references to the same HTTPRoute within the ingress configuration, then the content-switching policy bindings are removed.

  • During reconciliation of configurations by NetScaler Ingress Controller, the rewrite responder policy bindings for HTTPRoute configuration might get deleted and then added back.

Assets 2
Loading