Copyright

Copyright © 2019 Balasys IT Ltd.. All rights reserved. This document is protected by copyright and is distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this document may be reproduced in any form by any means without prior written authorization of Balasys.

This documentation and the product it describes are considered protected by copyright according to the applicable laws.

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)

Linux™ is a registered trademark of Linus Torvalds.

Windows™ 10 is registered trademarks of Microsoft Corporation.

The Balasys™ name and the Balasys™ logo are registered trademarks of Balasys IT Ltd.

The Proxedo™ name and the Proxedo™ logo are registered trademarks of Balasys IT Ltd.

AMD Ryzen™ and AMD EPYC™ are registered trademarks of Advanced Micro Devices, Inc.

Intel® Core™ and Intel® Xeon™ are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.

All other product names mentioned herein are the trademarks of their respective owners.

DISCLAIMER

Balasys is not responsible for any third-party websites mentioned in this document. Balasys does not endorse and is not responsible or liable for any content, advertising, products, or other material on or available from such sites or resources. Balasys will not be responsible or liable for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods, or services that are available on or through any such sites or resources.

2025-12-16 .Copyright

The following new features, bug fixes and improvements have been completed for Release 4.13.0 Proxedo API Security.

Known Issues

  • Failure after reloads under heavy traffic
    In rare cases under heavy load, core components might stop with an error when the configuration is applied. If this occurs, core components have to be restarted manually with systemctl restart proxedo-api-security.

Features

  • Exported configurations are now versioned
    The exported configurations, including backup archives and those made during upgrade, now contain the software version. The convert-config step of the upgrade will warn if the archive contains no version, and fail with an error if the archive contains an unexpected version.

Bug Fixes

  • Double reloads when applying configuration
    Applying configuration could sometimes trigger multiple unnecessary reloads, making the operation slower, especially on Kubernetes deployments. This has been corrected.

  • Missing log lines in monitoring-manager
    The log messages generated by snmpd-adaptor were missing from the logs of the monitoring-manager component. This has been corrected.

  • WebUI error when incomplete License File Brick is used
    The Changes page on the WebUI produced an error when an incomplete License File Brick was selected in the System > License section. This has been corrected.

  • Restore missing length checks in pas-mgmt-checkconfig
    The length of the server_name, certificate_path, key_path, and hsts_max_age fields in /opt/balasys/etc/mgmt/config.yml are now properly checked to be at least 1 character long by the pas-mgmt-checkconfig script.

Improvements

  • Ubuntu 24.04
    The operating system in most Docker images and the host system have been updated to Ubuntu 24.04 LTS. This change, along with minor optimizations lead to 10-20% performance improvement in most cases.

  • OpenID Connect authentication update
    The OpenID Connect authentication method has a partially new implementation that brings stability improvements.

  • Fields have been renamed on the Backend Service
    The Load Balancing Method, Backend Timeout, and Backend Retry In fields of the Backend Service have been renamed for clarity and grouped under Load Balancing.

  • License version is checked earlier
    The version of the selected license is now validated in an integrity check, before it is applied. The version is now also visible on the Status page.

  • More robust health checks
    The health checks of insight-director and monitoring-manager have been updated to handle special cases more robustly.

  • Timestamps in logs
    Some redundant timestamps have been removed from certain component logs. Also, the format of config-api and health check logs have been changed to be more concise.

  • Timeout visible when applying configuration
    The per service feedback when applying configuration changes on Kubernetes now shows timed out services as timed out, instead of just failed. This may help investigating issues in large deployments.