Copyright

Copyright © 2019 Balasys IT Ltd.. All rights reserved. This document is protected by copyright and is distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this document may be reproduced in any form by any means without prior written authorization of Balasys.

This documentation and the product it describes are considered protected by copyright according to the applicable laws.

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)

Linux™ is a registered trademark of Linus Torvalds.

Windows™ 10 is registered trademarks of Microsoft Corporation.

The Balasys™ name and the Balasys™ logo are registered trademarks of Balasys IT Ltd.

The Proxedo™ name and the Proxedo™ logo are registered trademarks of Balasys IT Ltd.

AMD Ryzen™ and AMD EPYC™ are registered trademarks of Advanced Micro Devices, Inc.

Intel® Core™ and Intel® Xeon™ are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.

All other product names mentioned herein are the trademarks of their respective owners.

DISCLAIMER

Balasys is not responsible for any third-party websites mentioned in this document. Balasys does not endorse and is not responsible or liable for any content, advertising, products, or other material on or available from such sites or resources. Balasys will not be responsible or liable for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods, or services that are available on or through any such sites or resources.

2023-12-07 .Copyright

The following new features, bug fixes and improvements have been completed for Release 4.8.0 Proxedo API Security.

Features

  • Swagger Editor
    PAS now supports inline editing of Swagger, OpenAPI 3.0, and OpenAPI 3.1 File bricks.

  • New File brick types and validations for TLS-related files
    TLS configuration has been made easier with new File brick types for files used in TLS components. The new types are Diffie-Hellman Parameters, TLS Key, Client Certificate, and Server Certificate, and all come with relevant validations to ensure configuration correctness. The Generic File brick type has been obsoleted and removed.

  • PAS now exposes the configuration version through SNMP
    The version of the currently running configuration is now accessible via SNMP. The version starts from zero, and incremented by one every time the configuration is applied.

Bug Fixes

  • Error during configuring Elastic Insight Target
    If an Elastic Insight Target was not fully configured before saving or validating, then an error was produced. This has been corrected.

  • Server Port is not editable on Backend
    A previously defined Port value in the Backend component’s Servers list failed with a validation error when it was edited. This has been corrected.

  • Some fields of Syslog and Elastic TLS are missing from the table view
    The values of the Certificate File and Key File fields of Syslog TLS and Elastic TLS have been missing from the table view. This has been corrected.

  • Certain Matcher configurations break the table view
    The table view of Matchers could fail to display if Matchers were configured with Status Class or Range comparators. This has been corrected.

  • Miscellaneous fixes

    • Several UI labels have been changed to be correctly capitalized.

    • pas-checkconfig scripts now explicitly report success or failure.

    • If the core component has been started before a license file was supplied, then services failed with a misleading error message and a directory appeared in place of the license file. This has been corrected.

    • The Storage component’s health checks timed out in high-performance scenarios, which led to possible state toggling on the Status page. This has been corrected.

    • Validating Swagger schema files with no type defined for endpoint request parameters resulted in a server error. This has been corrected.

    • The File brick’s content could not be replaced after the File brick was saved empty. This has been corrected.

    • The UI did not support configuring XSD Enforcers for the request direction of API calls. This has been corrected.

Improvements

  • The default ports for Syslog Insight Targets have changed
    In Syslog Insight Targets, the default port numbers for remote connections were 541 if the protocol was TCP and 601 if it was UDP. This has been changed to be in line with the recommendations in the related RFCs: 601 for TCP, 514 for UDP, and 6514 for TLS over TCP.

  • Flow Director performance has been improved
    Flow Director now uses much less CPU while processing calls, this can lead to better response times and more requests processed.

  • Sorted tables
    Table views of components are now alphabetically sorted by default.

  • Reorganized fields
    Several component fields have been reorganized on the UI to be more straightforward.

  • Enhanced container security in Kubernetes
    Required container capabilities in Kubernetes have been reduced to a minimal set.

  • Improved validation in Backend components
    The hostname elements in the Servers list of Backend components are now validated more thoroughly.