Common Gateway Security Fixes

Enhanced Security for Mozilla Firefox

The OpsRamp Gateway is updated with Mozilla Firefox version 152 to address multiple security vulnerabilities. This update resolves critical and high‑severity issues in browser components, including memory safety, sandbox escape, and access control issues. These fixes improve security and prevent unauthorized code execution.

Enhanced Security for Google Chrome

The OpsRamp Gateway is updated with Google Chrome version 150.0.7871.24 and recent updates from the 149 release series. These updates resolve multiple security vulnerabilities in browser components, including memory corruption and sandbox escape issues. These fixes improve browser security and stability.

Classic Gateway Security Fixes

Enhanced Security for Squid Proxy

The Squid web proxy is updated to version 5.9-0ubuntu0.22.04.7 to address critical security issues. This update resolves an improper input validation issue in the legacy FTP gateway and a heap-based buffer overflow issue in cache digest processing. These fixes improve proxy security and protect against data exposure, unauthorized memory access, and service disruptions.

Enhanced Security for Nginx Web Servers

Nginx packages are updated as part of the 21.2.2 gateway patch to address critical security issues. This update resolves multiple buffer overflow and overread issues in core Nginx modules, including rewrite, JavaScript, and charset components. These fixes improve the security and stability of web server components.

Classic Gateway Bug Fixes

Resolved Issue with ruser Password Change in Classic Gateway Admin UI

We have resolved an issue that prevented you from changing the ruser password in the Classic Gateway 21.1.0 admin UI.

Previously, the UI incorrectly rejected valid passwords with a complexity error even when they met all requirements, due to missing support for certain special characters such as # in the validation logic.

This fix updates the password validation to consistently accept supported special characters across the UI and backend, allowing you to change the ruser password successfully without errors.

Reliable Virus Definition Alerts

Fixed an issue where Virus Definitions out of date alerts were not generated on some Classic Gateways, even when virus definitions were stale.

With this update, you can rely on timely generation of virus definition alerts, improving security monitoring and compliance across your gateway environment.

Classic Apps Bug Fixes

Configuration Backup Support for Cisco Catalyst C1300-48FP-4X NCB Model Device

The OpsRamp Gateway now reliably backs up configurations for the Cisco Catalyst C1300-48FP-4X NCB model device. The gateway automatically identifies these models and executes the appropriate commands, ensuring complete backup coverage.

VMware vSAN Latency Metrics Values Correction

Corrected the values of multiple vSAN latency metrics by displaying them in milliseconds instead of microseconds to ensure accurate representation and consistency across monitoring data for the following metrics:

  • vmware_vsan_cluster_disk_group_latencyAvgRead
  • vmware_vsan_cluster_disk_group_latencyAvgWrite
  • vmware_vsan_cluster_client_latencyAvgRead
  • vmware_vsan_cluster_client_latencyAvgWrite
  • vmware_vsan_host_backend_latencyAvgWrite
  • vmware_vsan_host_backend_latencyAvgRead
  • vmware_vsan_host_client_latencyAvgRead
  • vmware_vsan_host_client_latencyAvgWrite
  • vmware_vsan_virtual_machine_latencyRead
  • vmware_vsan_virtual_machine_latencyWrite
  • vmware_vsan_host_cache_disk_latencyDevRead
  • vmware_vsan_host_cache_disk_latencyDevDAvg
  • vmware_vsan_host_cache_disk_latencyDevGAvg
  • vmware_vsan_host_cache_disk_latencyDevWrite
  • vmware_vsan_host_capacity_disk_latencyWrite
  • vmware_vsan_host_capacity_disk_latencyRead
  • vmware_vsan_host_capacity_disk_latencyDevDAvg
  • vmware_vsan_host_capacity_disk_latencyDevGAvg
  • vmware_vsan_host_capacity_disk_latencyDevRead
  • vmware_vsan_host_capacity_disk_latencyDevWrite

Configurable Sampling for VMware Monitoring

Previously, the system collected a single sample from vCenter while querying monitoring data. In certain environments, end devices intermittently returned non-usable values (0 or negative values), leading to inaccurate monitoring metrics when only a single sample was considered.

Now a new configuration option has been introduced in the UI that allows users to define the number of samples collected during data queries. When multiple samples are collected, the system can consider alternative valid samples if the initial sample contains a non-usable value (0 or negative).

This enhancement enables users to customize sampling behavior, ensuring more reliable monitoring in environments where devices may intermittently return invalid values.

Improved VMware Cluster Metric Accuracy

You can now view accurate CPU and memory utilization metrics for VMware clusters, even when one or more ESXi hosts are in a “not responding” state. Previously, cluster-level metrics could incorrectly display 0% utilization in such scenarios.

This enhancement ensures that valid data from available hosts is considered, providing you with consistent and reliable visibility into cluster resource consumption and improving monitoring and alerting accuracy.

Synthetics Bug Fixes

Fixed UDP Monitoring

Fixed an issue where UDP monitoring incorrectly reported the status as DOWN when no response was received from the server within the configured timeout. Now, if you have configured Response Should Contain or Response Should Not Contain, and no response is received within the configured timeout, the monitor correctly reports the status as DOWN. If you have not configured Response Should Contain or Response Should Not Contain, and no response is received within the configured timeout, the monitor considers the status as UP.

Enhanced File Path Support

Fixed an issue with special characters in the download and upload file paths. Your download and upload file paths now fully support special characters and spaces.

Fixed Resource Monitoring for Deletion and Unassignment

Fixed an issue where, if a resource was deleted or unassigned, and the last resource in the collector’s global queue had the same monitor type and frequency, the last resource became unmonitored. The last resource is now monitored correctly.