Illumio Core What's New and Release Notes 21.5

User RBAC permissions not properly enforced for /system_health API endpoint (E-82750)

Local PCE users with no role assigned have been able to use the API to obtain potentially sensitive information.

This issue is resolved. A user who has no role assigned and is sending requests via API now receives the forbidden access error 403.

Events API firewall_settings returns wrong values (E-81959)

The Events API was exposing only creation and not the deletion information for policy scope sub-properties on firewall_settings resource changes. This issue is resolved.

Events API returning insufficient information (E-81867)

The Events API did not expose changes to the service process name or process path for Windows-based service updates. This issue is resolved.

500 error returned when sending an email address as the query parameter (E-81798)

The 500 error was returned when users sent their email address to the Events API, while the error was not returned when they send their user ID.

This issue is resolved. Users must use only their user ID for a query and not the email address.

Events API returns improper information (E-81615)

The Events API did not correctly provide all resource changes in the resource changes section of the event for ruleset changes. This issue is resolved.

Virtual Services events incorrectly reported (E-81609)

The Events API did not expose address pool changes or label deletion information when performing virtual service updates. This issue is resolved.

21.2 async API calls response time doubled (E-80282)

This issue is resolved so that the Exit Strategy is now memory-usage based, rather than job-count based, which also helps customers with large databases.