Release Notes
December 24, 2024
What's New:
Log Exporters: Enabling and configuring event streaming to external destinations (e.g., SIEMs) was previously available only through the API. This feature is now available through the web console as well.
Fixes:
Analytics: Resolved an issue where under certain conditions, the Events Log was not displaying the X-Forwarded-Port headers for requests.
Backend SaaS: Improved error handling in the backend services for several edge cases.
UI: Resolved several minor issues.
December 10, 2024
What's New:
CDN: The Purge CDN Cache command now supports Link11's Secure CDN.
Log Exporter: When streaming event data to an external destination (e.g. a SIEM solution), admins can now choose to export all events, or only events where requests were blocked by Reblaze. Admins can also choose to export events for all server groups (i.e., sites), or only specific server groups.
Fixes:
Dynamic Rules: Resolved an issue when editing Dynamic Rules that are configured to offload IP blocking to Link11's Layer 3 protection, and that are currently being triggered by one or more IPs. (When such a Rule was deactivated, the triggering IPs would be removed from quarantine, but would still be blocked until the original quarantine period had expired.)
Events Monitoring: Resolved an issue where requests that triggered a Monitor action were not being assigned correct tags for their status.
Security Alerts: Resolved an issue preventing Security Alerts from being created when they were based upon newly-created Dynamic Rules.
Security Policies: Previously, each Policy contained an unused field named "match". This has now been removed.
SSL: Resolved an issue where importing a PFX file with multiple domain names would result in an extra space being added to each name after the initial one.
SSL: Resolved an issue that could occur when renewing multiple certificates; if a certificate could not be renewed, the remaining renewals would not be attempted.
November 4, 2024
What's New:
CDN: Admins can now purge CDN caches from within Reblaze, without needing to contact support.
Dynamic Rules: When a Dynamic Rule is blocking a hostile IP, the blocking can be offloaded to Link11's Layer 3 protection. The hostile requests will be blocked before they reach Reblaze, which will increase performance.
Global Filters: These now include a list of iCloud IPs, so admins can, if desired, create distinct handling and security rulesets for requests from those IPs.
Log Exporter / Event Streaming: In previous versions, Reblaze could export log data and stream traffic events to external destinations such as SIEM solutions. This has now been enabled for v5 via the API. Setup details are here.
Proxy Templates: Admins can now define custom code for the nginx.conf file.
Fixes:
API: Resolved an issue where Security Policy path mapping entries were not being validated correctly (duplicate values were being allowed).
Backend Services: Resolved an issue where the interface for new backend creation included an incorrect default value for the Host field.
Events Log: Resolved an issue where selecting an entry to show additional details could display an empty panel.
September 22, 2024
What's New:
Dynamic Rules and Rate Limit Rules: OR or AND operators were added to the Include and Exclude tag lists, providing more precision and flexibility when specifying the scope of rule enforcement.
Fixes:
Security Alerts: Resolved an issue where alerts were not being sent.
UI: Resolved several minor issues.
September 12, 2024
What's New:
Security Alerts: A security alerting feature has been added (similar to a feature previously available in version 2). When Dynamic Rules are violated, email alerts can be sent to specified addresses.
SSL: Admins can now set SSL protocols and SSL ciphers on a server group level via the API. (Previously, these values were hardcoded in a backend file.)
Fixes:
Publishing Resolved an issue where multiple publish operations in a short time were not succeeding.
Server Groups: Resolved an issue where a domain could be assigned to more than one group.
SSO: Resolved an issue with Azure SSO (from this Microsoft error) where users could not login via PIN or Face ID using the Edge browser.
UI: Resolved some minor issues.
August 14, 2024
What's New:
API: The Swagger display has been updated to reflect API v4.2.
API: When a "publish configuration" command is sent before a previous publish operation has completed, a 503 error will be returned. API users should use a retry mechanism to ensure that publish commands are successful.
Global Filters: When creating an IP-based filter, users can now specify ipv6 addresses with subnet > 32
Traffic logs: Requests that are blocked because they caused processing errors are now shown in the logs.
UI: Reblaze logos in the documentation and web console now reflect Reblaze Technologies' new role as part of the Link11 Group.
Fixes:
Dashboard: Resolved an issue where a request with an invalid (null) status would prevent data from being displayed.
Dashboard: Resolved an issue where the Response Status Graph was not filtering results according to user selection of "By Origin" or "By Reblaze".
Events Log: Resolved an issue where a POST request with a malformed JSON payload was not being correctly reflected in the logs.
Events Log: The "Copy Request as Curl" command now includes the protocol in the curl string.
Proxy Templates: When an invalid CIDR is added to the list of Trusted Sources, an error message is now displayed in the UI.
Publishing: Resolved an issue where, when publishing a configuration change, a "validation failed" error could occur if a temporary file already existed.
SSL certificates: Resolved an issue where a failure to renew certificates with more than one domain could cause an internal error.
System performance: Resolved an issue where internal database queries could potentially hang. Now a timeout is enforced; if it is triggered, a 408 code is returned.
July 24, 2024
What's New:
Backend Services: it is now possible to
define multiple ports per host for HTTP and HTTPS
define multiple hosts when setting up Port Bridge mode
define multiple ports when setting up the other modes (Per Request, HTTP Always, and HTTPS Always)
Proxy Templates: A new configuration option enables sites to accept requests with client body sizes above 5 MB.
Traffic analytics: In the Dashboard and Events Log, the date/time query control now allows the specification of seconds; previously, only hours and minutes could be specified. Timestamps now default to zero seconds (i.e., the query parameter defaults to the beginning of the specified minute); when seconds are zero, they are not displayed in the timestamps.
Fixes:
API: Resolved an issue with the
/accounts/api-keys
route, which was not correctly accepting the API key.Backend Services: Resolved an issue where Port Bridge Mode was not working correctly for ALBs (application load balancers).
Content Filter Rules: Resolved an issue where a Rule could be configured with an invalid Match parameter.
Edge Functions: Resolved an issue where Edge Function identifiers submitted via the API were not being validated correctly, potentially resulting in 502 errors.
Events Log: Modified the units for Reblaze time (from ms to seconds), so that it is consistent with other metrics.
SSO Configuration: Resolved an issue where Azure SSO was not working correctly.
Known Issues
SSL Certificates: When upgrading from Reblaze v2.x to v5, existing SSL certificates will be retained. However, when they expire, they will not auto-renew. To enable auto-renewal for migrated certificates, contact support.
July 3, 2024
What's New:
Events Log: the events display has been revamped and is now easier to use. Selecting an event now displays a window with several sections: the most important data on the top, followed by one or more expandable sections with various categories of additional information.
Edge Functions: when a user defines custom Lua code, its syntax is now validated before being accepted.
Publishing: when a user submits configuration changes for the backend, the changes are now validated before being accepted.
SSL policies: default policies for load balancers are now
min tls 1.2 - modern
(for GCP) andELBSecurityPolicy-TLS13-1-2-2021-06
(for AWS). This change applies to new planets only.
Bug Fixes:
Analytics: in the Dashboard and Events Log, the preset time period selectors (e.g., "Last hour") were not being reset when the timeframe changed.
Backend services: when creating a new backend service, it was possible that an internal id would not be assigned correctly.
Content Filter Rules: when creating a new rule, it was possible that an internal id would not be assigned correctly.
Dynamic Rules: if a Rule's ID contained a hyphen, an internal error would occur, and the Rule would not be effectual.
Events Log: when a host name included a port, under certain conditions the port would be appended again.
Events Log: When a request included arguments, the "Copy as Curl" menu option was not composing curl commands correctly.
Events Log: When a request triggered a "Skip" action, under certain conditions it could be reported as a "Block reason".
Events Log: for data-heavy queries, there could be a significant delay between the query's completion and the UI's refresh.
Proxy Templates: when creating a new template, the header host was not being set correctly.
SSL Certificates: the Certificates page in the console would not load if its timeouts were exceeded.
SSL Certificates: all expiring certificates were being renewed. Now, unused certificates are not renewed.
SSL Certificates: under certain conditions, certificate replacements were being reported as having failed, even when they succeeded.
Swagger UI was not correctly accepting load balancer names in the Load Balancer DELETE/PUT API routes.
Tags: for short tags, it was difficult to click on the portion of the tag that opens the Tag Finder.
User accounts: an uncommon structure for email addresses was not being accepted.
UI cleanup: in a few places, long strings were not being displayed correctly. Some inconsistencies in capitalization, font colors, and spacing were corrected.
Known Limitations:
Events Log: when viewing events that occurred before this software version was deployed, incomplete "block reason" data will be shown for events blocked due to "general reasons" or "content filter rule" violations.
June 12, 2024
What's New:
Global Filters: Entries within a Global Filer's Rule can now be edited from within the table. (Previously, they had to be deleted and re-created.)
Bug Fixes:
Backend Services: under certain conditions, users could define multiple hosts in bridge mode.
Dashboard: retrieved data was not always being cleared between searches.
DNS Records: multiple values were concatenated in a single line. Now, they are displayed in separate rows.
Dynamic Rules: Target entry was not displayed correctly if it included an underscore.
Events Log: displayed keys and values could be vertically misaligned.
Events Log: large data files could overflow the text display.
Flow Control: arguments with long strings could overflow the input control.
Login screen: empty input fields were not displaying errors.
Tag Finder: could display incorrect tag usage.
Tag Finder: header row of tags table was too short.
Traffic data queries: certain inputs were not being validated for data types.
Traffic filtering: Headers with invalid (non-UTF) characters would throw runtime errors. Now, they are blocked with 400 response codes.
Web console: "User Guide" link was not pointing to the most recent version.
Web console: various minor issues with table column widths, redundant tooltips, and others.
May 21, 2024
What's New:
Traffic filtering: Headers larger than 64k are now supported.
Analytics: the date/time control for queries was accepting AM/PM time specifications. Now, for consistency with graphs and logs, it accepts 24-hour time specifications.
Content Filter Profiles: previously, the "Ignore Content Filter Tags" list accepted all types of tags, and there was different behavior when matches were found for CF tags versus non-CF tags. To improve consistency, this list now only accepts Content Filter Rule and libinjection tags.
Security entities: previously, selecting "New" would create an entity (e.g., a Global Filter) with default values that could be edited. This created friction if the selection of "New" was inadvertent, because the unwanted entity would then need to be deleted. Now, entities are not actually created until the user selects "Save".
Bug Fixes:
Dynamic Rules: when the Action of a Dynamic Rule was changed, any traffic sources currently in quarantine from the Rule did not have their action changed.
Edge Functions: the Edge Function Editor page was not displaying the function's Automatic Tag (
edge-function
).Edge Functions: when multiple Edge Functions were assigned to the same path, the Events Log was not reporting all of their tags.
Security Policies: when a Policy did not include any Rate Limit Rules or Edge Functions, the console failed to display a "No data found" message.
SSL Certificates: When certificates were generated from a server group with multiple domains on “Match Host/Authority Headers”, Let's Encrypt was only generating a certificate for the last domain on the list.
May 14, 2024
What's New:
Reblaze v5 is released; a thorough restructuring of Reblaze, from UI to architecture. Compared to previous versions, v5 provides a much more intuitive workflow, better analytics, numerous performance enhancements, more powerful traffic filtering, and much more.
Last updated