Page 1 of 1

Unimus 2.2.3 & Unimus Core 2.2.3 release

Posted: Wed Jun 15, 2022 3:44 pm
by Tomas
Unimus & Core version 2.2.3 are being released today! This is a minor feature release with heavy focus on security and bug fixing. This release fixes a single major security issue discovered in a recent Unimus penetration test.

The pentest report will be posted publicly on https://blog.unimus.net tomorrow per our full transparency policy.

Release highlights:
- new SSH client library (vastly improved crypto algo and SSH key format support)
- performance improvements and resource usage optimizations
- focus on security and stability
- support for 9 new device types

We highly recommend all customers update to this release, https://unimus.net/download has been updated with this version.

Full Changelog:
= Version 2.2.3 =
Features:
Added support for syncing device manage state from Zabbix ("status" field)
Added a new tooltip which will display all text for text field contents which are shortened when containing very long text
Unmanaged devices will now appear in Italics in "Config Push > Targets"
Added line breaking on whitespace in Diff view (better UX with long diff lines)
Improved search behavior (search triggering will now be less aggressive and not stop you during typing)
Improved long text label behavior with text fields in "Network Scan", "Config Push" and "NMS Sync"
Performance optimization for "Retention > Keep only last x backup(s)" - the retention cleanup is now much faster
Improved Config Search regex fallback for regex unsupported by the DB engine on PostgreSQL
Improved the input behavior for the "Subnets" input box in "Network Scan"
Credentials and CLI Mode Change Passwords are now searchable by "Used by" counts
Improved explanation text in Config Push output groups when devices failed to switch to Enable / Configure mode
Improved remote Core connection management and remote Core connection state detection
Improved pagination handling for Dell PowerConnects
Added support for devices with "User ID:" prompt during login
Added support for config sections on ArubaOS-CX
Improved support for specific HP ProCurve / ArubaOS devices (for example Aruba 2540)
Improved support for specific Allied Telesis devices

Performance improvements:
- added additional new thread pools to multiple parts of the system
- improved thread management, threads are now reused where possible instead of spawning new threads
- this improves performance, decreases total lifetime threads spawned by Unimus
- also solves issues in environments where the OS thread and/or PID limits are low

New SSH client library:
- added support for many newer crypto algorithms
- added support for non-64bit aligned DH groups
- https://wiki.unimus.net/display/UNPUB/S ... yptography
- added support for more SSH key types
- added support for more SSH key formats
- https://wiki.unimus.net/display/UNPUB/S ... nd+formats

Added support for:
- 6Wind Virtual Service Router (VSR)
- Accedian Metronids NID
- Array Networks Load Balancers (ArrayOS)
- Aruba Mobility Access Switch
- Cisco CatOS
- Lenovo FlexSwitch
- netElastic vBNG
- Opengear Console Servers
- Transition Networks NID

Fixes:
Fixed Config Search with some specific regex modifiers not working on PostgreSQL
Fixed outbound http(s) proxy authentication would not be used when configured
Fixed initial part of text could be cut off in the Diff view in specific cases
Fixed deleting a device while Discovery was running would print errors into the log
Fixed "Admin" user with Device Access restrictions not able to access the System screen
Fixed regex validator not being applied to the regex in "Backup Filters > Change Condition"
Fixed adding additional entries into the "Network Scan > Subnets" field would reorder entries randomly
Fixed "Add to Unimus" button in "Network Scan" not disabling itself after device was added
Fixed "Network Scan" screen would hang when extremely large data was pasted into the Search box
Fixed long addresses in "Credentials > Show usage" prevented showing other columns
Fixed "Credentials > Show all passwords" would reorder the entries in the table
Fixed missing spinner in resources
Fixed jobs failing with "Timed out" error when very large job requests were submitted to Core
Fixed some Cisco SMB switches could not be discovered (reported as Unsupported Device)
Fixed Configure Mode could not have been discovered on devices during Discovery in rare cases
Fixed during SSH negotiation only LF would be sent in ID string, some devices would complain about this
Fixed Config Push results could fail to send to server from Core in rare cases
Fixed Config Push could require escaping "$" even when it was not being used for a variable declaration
Fixed a trailing prompt could be present in a MikroTik RouterOS backup
Fixed a trailing prompt could be present in Config Push output for a MikroTik RouterOS device
Fixed Config Push output grouping could not work for MikroTiks in multiple cases
Fixed discovery failing on Arista switches when specific prompt was used
Fixed discovery failing on specific HP ProCurve / ArubaOS devices (for example Aruba 2540)
Fixed discovery failing on specific Allied Telesis devices
Fixed wrong model discovered on specific Allied Telesis devices

Security fixes:
Fixed multiple possible XSS injections around the GUI (injecting XSS required authenticating to the application first)
Fixed wrong IP address reported for user at login (only login was affected, all other screens reported IPs for user correctly)
Fixed currently opened "Device Tags > Tag devices" and "Device Tags > Un-tag devices" window still working if user lost access to the device
There is a single migration warning with this release:
Migration warnings:
On Telcosys T-Marc devices, CLI mode classification was changed. What was previously "Enable mode" has now
become "Configure mode". If you have Config Push presets with "Require 'enable' mode" set, you need to also
check "Require 'configure' mode" to ensure the same behavior as before 2.2.3.
If you missed our Release Overview for 2.2.0, you can read it on our blog, or you can watch the Release Overview video below:



Finally, there are a few minor known issues to be aware of:
Known issues:
ISSUE: "Re-discover affected devices when Ports or Connectors change" Advanced Settings option does not work
WORKAROUND: none
STATUS: issue scheduled for fixing

ISSUE: "Stop" in Config Push does not work
WORKAROUND: none
STATUS: issue scheduled for fixing

ISSUE: Some screens in Unimus show time in server's time zone, others in client's (browser's) time zone
WORKAROUND: none, issue only relevant if client has different time zone than server
STATUS: we are debating on how to fix this - will likely create a setting to select which TZ should be used
Let us know if you have any feedback / questions on this release, or if you run into any issues!