Page 1 of 1

Unimus 2.3.0 & Unimus Core 2.3.0 release

Posted: Wed Feb 15, 2023 7:24 pm
by Tomas
Unimus version 2.3.0 is being released today! 2.3.0 brings new major and minor features, together with a sizable serving of fixes for various bugs and issues. Performance and security improvements are also present.

We have published a Release Overview on our blog if you would like a shorter overview of what is new in this release.

Release highlights:
- LDAP authentication support
- MS SQL database support
- "Offline Mode" (support for air-gapped networks)
- Config Search Export and Send functions
- Bug fixes, security and performance improvements
- Support for 28 new device types

Links at https://unimus.net/download.html have been updated with the newest version.
We have also released a hotfix for a few annoying issues that early adopters reported. This hotfix was released as 2.3.1.

Full Changelog:
= Version 2.3.0 =
Features:
Added device UUIDs in APIv2 (all "/devices" endpoints)
The "Default" Zone will now be marked as "Default" when renamed
Added support for recognizing Observium devices IDs in Observium NMS Sync
Improved built-in backup filters for Siklu devices
Incremental performance improvements across many parts of the system
Added support for acknowledging login prompts in keyboard-interactive mode during SSH login
Added retrieval of backup from Fiberhome devices in configure mode if not available in enable mode
Improved device CLI mode switching and mode detection during discovery
Added support for prompt format changing when switching contexts on Cisco ASA (multi-context)
Added support for Configure Mode on Sonicwall NSA
Added handling which improves backup formatting on Cambium cnMatrix switches (removes double lining)

Added "Offline Mode" (support for air-gapped networks):
- Unimus can be now switched to full offline mode, which removes the necessity to contact our Licensing Server
- Offline Mode licenses are only available to users with an Unlimited License subscription
- please contact us to request an Offline Mode license

Added support for LDAP authentication:
- LDAP can now be used as an external authentication provider
- full support for configuring custom user search DN and specifying username LDAP attributes
- tested on both OpenLDAP as well as Microsoft Active Directory
- full documentation: https://wiki.unimus.net/display/UNPUB/LDAP+Auth

Added support for MS SQL:
- we have added support for Microsoft SQL Server as an officially supported DB engine
- the Deploy Wizard will allow you to select MSSQL during deployment
- to migrate to MSSQL, you will need to setup a new Unimus deploy, data migration is currently not supported

Added Config Search Export and Send functionality:
- you can now export (download) or directly send Config Search results
- support for exporting in both HTML and YAML format
- configurable export formatting (header, search criteria, etc.) or just results

Added options to specify which SSH cryptography options Unimus supports:
- in some environments, it may be desired to disable support for weaker SSH crypto
- full documentation: https://wiki.unimus.net/display/UNPUB/S ... yptography

Added support for:
- Accedian AMO series
- ADVA LX series console servers
- Arris C4 series chassis
- BDCOM OLTs
- Additional Brocade NOS device models
- CheckPoint Gaia devices
- CheckPoint Security Gateway
- CheckPoint Security Management Server
- CheckPoint SMB Gateway
- CheckPoint VSX
- Additional Ciena SAOS device models
- Dasan OLTs
- Entrasys switches (A4 / B2 series)
- Extreme Wing APs in cluster mode / virtual controller mode
- Extreme WLC
- Fortinet FortiAuthenticator
- Metaswitch Perimeta SBCs
- NetApp switches
- Nokia OLTs (FX-8)
- MRV LX series console servers
- Opengear Infrastructure Manager devices
- Opengear Resilience Gateway (ACM)
- Pulse Secure Virtual Traffic Manager
- Ribbon (ECI) Apollo
- Securepoint UTM
- SNR (NAG) Switches
- YunKe switches
- Zyxel GS19xx series switches
- Zyxel ATP

Fixes:
Fixed backup retention would not work on specific MySQL Server versions
Fixed Inverted Config Search would not work on specific PostgreSQL versions
Fixed diff visualization would incorrectly show new empty lines when large delete sections were followed by a new addition
Fixed first failed job on a newly added device would not set its Last Job Status to failed
Fixed disabled retention jobs would still show up in "Schedules > Show scheduled jobs" window
Fixed API v2 get backups by device id and latest backups by device id not working
Fixed API (of the local instance) denying all requests when connection to Licensing Server was down
Fixed API v3 Push Jobs search not working on PostgreSQL
Fixed possible deletion attempt on an already deleted object comment which would result in errors
Fixed Per-Tag Connector config updates not being propagated between concurrent users (live updates were missing)
Fixed "Schedules" table updates not being propagated between concurrent users (live updates were missing)
Fixed "Config Search > Show all lines" does not work if Context lines is set to a negative value
Fixed moving devices between Zones would not trigger needed rediscovery in specific cases
Fixed moving devices between Zones would trigger unneeded rediscovery in specific cases
Fixed incorrect "Currently running Scans" count if a Network Scan preset was deleted while it was running
Fixed "Devices > Last Job Status" could be incorrect if running a job with all Connectors disabled
Fixed multiple minor UI / UX issues and UI element state and alignment issues
Fixed SSH connections failing to PanOS devices when login acknowledgement prompts were enabled
Fixed backup not working on specific Fiberhome devices
Fixed backup and Config Push could fail on some Positron GAM devices
Fixed backup not working on Cisco FXOS devices in cluster mode
Fixed Cisco SX devices could contain backup command echo as part of the backup
Fixed Exablaze Fusion devices could contain backup command echo as part of the backup
Fixed discovery failing on specific Aruba ArubaOS / HP(E) ProCurve devices
Fixed discovery failing on specific Brocade NOS devices
Fixed discovery failing on specific Ciena SAOS devices
Fixed discovery failing on DCN devices with newer firmwares (after rebranding to YunKe)
Fixed discovery failing on netElastic vBNG
Fixed discovery failing on Dell OS10 switches if they output a Bell before the prompt
Fixed discovery failing on Extreme VX devices (VX9000)
Fixed discovery failing on Opengear devices when using the "root" user
Fixed discovery failing on newer versions of OPNsense
Fixed discovery failing on Fiberstore S5850 (and related devices) with newer firmwares
Fixed discovery failing on specific Nokia / Vecima OLT devices
Fixed discovery failing on multi-context Cisco ASA with different prompt in different contexts
Fixed discovery could fail on devices which use pagination in very specific cases
Fixed discovery not falling back to Telnet after IO errors occurred on the SSH connection

Fixed SSH connections failing to servers which did not support higher MAC segment size:
- affected devices usually had very old firmwares with weak SSH MAC support
- example of affected devices: Dell PowerConnect 55xx, some versions of Cisco SF/SG switches, etc.

Security fixes:
Updated MySQL Connector due to multiple published vulnerabilities in older versions
Fixed currently opened "Devices > Tags" window still working if user lost access to the device
Fixed currently opened "Devices > Comments" window still working if user lost access to the device
Users which did not have full access to a Config Push preset could still delete the preset in its context menu

= Version 2.3.1 =
Fixes:
Fixed Radius AAA not working (Radius "Enabled" state was ignored)
Fixed unable to delete a Zone which had devices with historic jobs still present
Finally, there are a few minor known issues to be aware of:
Known issues:
ISSUE: "Re-discover affected devices when Ports or Connectors change" Advanced Settings option does not work
WORKAROUND: none
STATUS: issue scheduled for fixing

ISSUE: Some screens in Unimus show time in server's time zone, others in client's (browser's) time zone
WORKAROUND: none, issue only relevant if client has different time zone than server
STATUS: we are debating on how to fix this - will likely create a setting to select which TZ should be used
Let us know if you have any feedback / questions on this release, or if you run into any issues!