LinkBack URL
About LinkBacks
Hi guys,
I am very sorry for the recent upgrade event, so let me explain what happened. First, a response from our product team:
All of that is accurate, but let me add some clarification from the engineering perspective.Our NG Firewall 15.1.0 release caused an issue that affected a small number of appliances if the appliance was rebooted. The only resolution for these appliances was a full re-installation of the software. We have resolved this issue and provided the fix in a new 15.1.1 version.
This issue was important enough that we felt we needed to provide an update outside of our usual process. To expedite the delivery of this fix and avoid further cases of this boot failure, we initiated an update to all systems that we identified as having the issue. The update is minor and should not have resulted in any outage or loss of connectivity. We apologize to any of our customers who experienced issues during this upgrade.
The recent 15.1.0 date release should have been 15.1.1 release. That was the error in our deployment...
15.1.0 date release included an upstream update to GRUB due to a CVE published in July. However, Untangle modifies settings associated with GRUB, which were not changed, and were not included as part of the update. As a result, folks who upgraded from 15.1.0 (previously released) to 15.1.0 (recently released) got the GRUB update and NOT the setting update.
The result is that the box would be bricked on reboot and requiring a reinstall. We identified the issue fairly quickly and stopped the automatic updates and prepared 15.1.1 release which was nothing but a version change. However, the version change would also push untangle settings that would properly configure GRUB (even though the settings themselves have not changed).
However, now we were in a critical situation. Although neither upgrade required a reboot, if folks on the latest 15.1.0 would reboot or lose power, they would be in trouble. To make matters more complex, this only affected a portion of the 15.1.0 customers - if you updated to 15.1.0 from 15.0, there is no issue. If you installed 15.1.0 fresh, there is no issue, etc.
After much internal discussion, we decided that we should force the update. This was not an easy decision… However, sending notifications (a lot of it to customer who are not affected), receiving increased support volume as a result, and leaving people at risk of a broken NGFW due to power failure or reboot was a higher risk than forcing the update.
Again, I am very sorry for the inconvenience. I assure you we took steps to prevent this kind of failure from happening in the future.
Originally Posted by sky-knight
