2024 Release Notes

September 3, 2024

What's New:

• Security Alerts: A security alerting feature has been added (similar to a feature previously available in version 2). When Dynamic Rules are violated, email alerts can be sent to specified addresses.

• SSL: Admins can now set SSL protocols and SSL ciphers on a server group level via the API. (Previously, these values were hardcoded in a backend file.)

• V2 upgrades: When upgrading a planet from v2 to v5, users can now import Dynamic Rules from the v2 configuration.

Fixes:

• SSO: Resolved an issue with Azure SSO (from this Microsoft error) where users could not login via PIN or Face ID using the Edge browser.

August 14, 2024

What's New:

• API: The Swagger display has been updated to reflect API v4.2.

• API: When a "publish configuration" command is sent before a previous publish operation has completed, a 503 error will be returned. API users should use a retry mechanism to ensure that publish commands are successful.

• Global Filters: When creating an IP-based filter, users can now specify ipv6 addresses with subnet > 32

• Traffic logs: Requests that are blocked because they caused processing errors are now shown in the logs.

• UI: Reblaze logos in the documentation and web console now reflect Reblaze Technologies' new role as part of the Link11 Group.

• V2 upgrades: When upgrading a planet from v2 to v5, users can now import the following from the v2 configuration:

  • Backend Services

  • Edge Functions

  • Global Filters

  • Proxy Templates

  • Rate Limit Rules

  • Server Groups

  • SSL Certificates

  • Global Filter Tag Rules

  • Trusted Sources

Fixes:

• Dashboard: Resolved an issue where a request with an invalid (null) status would prevent data from being displayed.

• Dashboard: Resolved an issue where the Response Status Graph was not filtering results according to user selection of "By Origin" or "By Reblaze".

• Events Log: Resolved an issue where a POST request with a malformed JSON payload was not being correctly reflected in the logs.

• Events Log: The "Copy Request as Curl" command now includes the protocol in the curl string.

• Proxy Templates: When an invalid CIDR is added to the list of Trusted Sources, an error message is now displayed in the UI.

• Publishing: Resolved an issue where, when publishing a configuration change, a "validation failed" error could occur if a temporary file already existed.

• SSL certificates: Resolved an issue where a failure to renew certificates with more than one domain could cause an internal error.

• System performance: Resolved an issue where internal database queries could potentially hang. Now a timeout is enforced; if it is triggered, a 408 code is returned.

July 24, 2024

What's New:

• Backend Services: it is now possible to

  • define multiple ports per host for HTTP and HTTPS

  • define multiple hosts when setting up Port Bridge mode

  • define multiple ports when setting up the other modes (Per Request, HTTP Always, and HTTPS Always)

• Proxy Templates: A new configuration option enables sites to accept requests with client body sizes above 5 MB.

• Traffic analytics: In the Dashboard and Events Log, the date/time query control now allows the specification of seconds; previously, only hours and minutes could be specified. Timestamps now default to zero seconds (i.e., the query parameter defaults to the beginning of the specified minute); when seconds are zero, they are not displayed in the timestamps.

Fixes:

• API: Resolved an issue with the/accounts/api-keysroute, which was not correctly accepting the API key.

• Backend Services: Resolved an issue where Port Bridge Mode was not working correctly for ALBs (application load balancers).

• Content Filter Rules: Resolved an issue where a Rule could be configured with an invalid Match parameter.

• Edge Functions: Resolved an issue where Edge Function identifiers submitted via the API were not being validated correctly, potentially resulting in 502 errors.

• Events Log: Modified the units for Reblaze time (from ms to seconds), so that it is consistent with other metrics.

• SSO Configuration: Resolved an issue where Azure SSO was not working correctly.

Known Issues

• SSL Certificates: When upgrading from Reblaze v2.x to v5, existing SSL certificates will be retained. However, when they expire, they will not auto-renew. To enable auto-renewal for migrated certificates, contact support.

July 3, 2024

What's New:

• Events Log: the events display has been revamped and is now easier to use. Selecting an event now displays a window with several sections: the most important data on the top, followed by one or more expandable sections with various categories of additional information.

• Edge Functions: when a user defines custom Lua code, its syntax is now validated before being accepted.

• Publishing: when a user submits configuration changes for the backend, the changes are now validated before being accepted.

• SSL policies: default policies for load balancers are now min tls 1.2 - modern (for GCP) and ELBSecurityPolicy-TLS13-1-2-2021-06 (for AWS). This change applies to new planets only.

Bug Fixes:

• Analytics: in the Dashboard and Events Log, the preset time period selectors (e.g., "Last hour") were not being reset when the timeframe changed.

• Backend services: when creating a new backend service, it was possible that an internal id would not be assigned correctly.

• Content Filter Rules: when creating a new rule, it was possible that an internal id would not be assigned correctly.

• Dynamic Rules: if a Rule's ID contained a hyphen, an internal error would occur, and the Rule would not be effectual.

• Events Log: when a host name included a port, under certain conditions the port would be appended again.

• Events Log: When a request included arguments, the "Copy as Curl" menu option was not composing curl commands correctly.

• Events Log: When a request triggered a "Skip" action, under certain conditions it could be reported as a "Block reason".

• Events Log: for data-heavy queries, there could be a significant delay between the query's completion and the UI's refresh.

• Proxy Templates: when creating a new template, the header host was not being set correctly.

• SSL Certificates: the Certificates page in the console would not load if its timeouts were exceeded.

• SSL Certificates: all expiring certificates were being renewed. Now, unused certificates are not renewed.

• SSL Certificates: under certain conditions, certificate replacements were being reported as having failed, even when they succeeded.

• Swagger UI was not correctly accepting load balancer names in the Load Balancer DELETE/PUT API routes.

• Tags: for short tags, it was difficult to click on the portion of the tag that opens the Tag Finder.

• User accounts: an uncommon structure for email addresses was not being accepted.

• UI cleanup: in a few places, long strings were not being displayed correctly. Some inconsistencies in capitalization, font colors, and spacing were corrected.

Known Limitations:

• Events Log: when viewing events that occurred before this software version was deployed, incomplete "block reason" data will be shown for events blocked due to "general reasons" or "content filter rule" violations.

June 12, 2024

What's New:

• Global Filters: Entries within a Global Filer's Rule can now be edited from within the table. (Previously, they had to be deleted and re-created.)

Bug Fixes:

• Backend Services: under certain conditions, users could define multiple hosts in bridge mode.

• Dashboard: retrieved data was not always being cleared between searches.

• DNS Records: multiple values were concatenated in a single line. Now, they are displayed in separate rows.

• Dynamic Rules: Target entry was not displayed correctly if it included an underscore.

• Events Log: displayed keys and values could be vertically misaligned.

• Events Log: large data files could overflow the text display.

• Flow Control: arguments with long strings could overflow the input control.

• Login screen: empty input fields were not displaying errors.

• Tag Finder: could display incorrect tag usage.

• Tag Finder: header row of tags table was too short.

• Traffic data queries: certain inputs were not being validated for data types.

• Traffic filtering: Headers with invalid (non-UTF) characters would throw runtime errors. Now, they are blocked with 400 response codes.

• Web console: "User Guide" link was not pointing to the most recent version.

• Web console: various minor issues with table column widths, redundant tooltips, and others.

May 21, 2024

What's New:

• Traffic filtering: Headers larger than 64k are now supported.

• Analytics: the date/time control for queries was accepting AM/PM time specifications. Now, for consistency with graphs and logs, it accepts 24-hour time specifications.

• Content Filter Profiles: previously, the "Ignore Content Filter Tags" list accepted all types of tags, and there was different behavior when matches were found for CF tags versus non-CF tags. To improve consistency, this list now only accepts Content Filter Rule and libinjection tags.

• Security entities: previously, selecting "New" would create an entity (e.g., a Global Filter) with default values that could be edited. This created friction if the selection of "New" was inadvertent, because the unwanted entity would then need to be deleted. Now, entities are not actually created until the user selects "Save".

Bug Fixes:

• Dynamic Rules: when the Action of a Dynamic Rule was changed, any traffic sources currently in quarantine from the Rule did not have their action changed.

• Edge Functions: the Edge Function Editor page was not displaying the function's Automatic Tag (edge-function).

• Edge Functions: when multiple Edge Functions were assigned to the same path, the Events Log was not reporting all of their tags.

• Security Policies: when a Policy did not include any Rate Limit Rules or Edge Functions, the console failed to display a "No data found" message.

• SSL Certificates: When certificates were generated from a server group with multiple domains on “Match Host/Authority Headers”, Let's Encrypt was only generating a certificate for the last domain on the list.

May 14, 2024

What's New:

• Reblaze v5 is released; a thorough restructuring of Reblaze, from UI to architecture. Compared to previous versions, v5 provides a much more intuitive workflow, better analytics, numerous performance enhancements, more powerful traffic filtering, and much more.