Release Notes for Release 25.2.20-PCE
These release notes describe the new features, enhancements, resolved issues, and known issues for this release.
Resolved Issues
Issue | Fix Description |
|---|---|
E-128877 | Enhanced Deny Rule Scope Accuracy Previously, deny rules and override deny rules failed to consider label groups or exclusions in the scope, leading to misapplied rules. These rules are now accurately applied based on specified label groups and exclusions, ensuring correct enforcement on targeted workloads. Deny rules with label group scope applying to the wrong workloads. |
E-128235 | Enhanced Policy Rules for NodePorts and LoadBalancers in CLAS Clusters This release focuses on optimizing policy rules tailored to oversee NodePorts and LoadBalancers in CLAS (Cluster-Level Application Set) clusters. The update guarantees the proper functioning of these rules, delivering precise and dependable control over networking setups linked to NodePorts and LoadBalancers within the CLAS ecosystem. |
E-128193 | Improved Handling of Rule Conflicts in ruleset_overlapping_rule_search Function A recent issue was identified where the parameter exclude_rules_not_resolving_to_ruleset_scope_actors=true was omitted when calling ruleset_overlapping_rule_search function. By including this parameter in the URL, the function will now accurately examine scopes, ensuring that conflicting rules are not returned in cases where two rules might have conflicted previously. |
E-128016 | Resolution of Rate Limiting Issue through Consolidation of Endpoint Calls This closed release note highlights the successful resolution of the rate-limiting problem by replacing multiple endpoint calls with a single new endpoint call. This enhancement effectively eradicates the occurrence of rate-limiting issues previously encountered. |
E-127812 | Restoration of Essential Service Rules Display Issue This resolved release note addresses a critical concern: essential service rules were not visible on the page. It confirms the successful fix for the issue. Users can anticipate the correction included in the forthcoming upgrade, ensuring that essential service rules are correctly displayed. |
E-127789 E-127354 | Mitigation of Empty Set Caching during Set_Server Reload This resolved release note pertains to the alignment issue between subnet caching and set_server reload, which could potentially lead to the caching of empty sets when workloads are empty during a reload process. The resolution now prevents the caching of empty sets in such scenarios, ensuring data consistency throughout the set_server reload procedure. |
E-127644 | Improved Management of Flows Decorated with Workloads and IP Lists This release addresses an issue where flows decorated with Workloads and IP Lists for the same IP address were erroneously merged as a single flow. Consequently, draft policies only reflected the merged flow. The resolution ensures that such flows are now maintained as separate entities. This enables accurate visualization and management of policies for each distinct type of decoration, enhancing overall system functionality. |
E-127354 | Optimizing Subnet Caching and Server Reload Interaction to Prevent Empty Set Caching Subnet caching overlapped with a set_server reload operation, which could lead to the caching of empty sets. This occurs because workloads could be empty during a reload, resulting in incomplete or erroneous data being cached. Optimizations were implemented to ensure that subnet caching and server reload processes are synchronized effectively. |
E-127344 | Policy Check Failure Due to Outdated Deny Rules in Results The Policy check failed when outdated (legacy) deny rules were identified and included in the results. |
E-127276 | Incorrect Rule Calculations in Draft View Query The fix ensures that rule calculations are triggered consistently when the query is run with Blocked and Potentially Blocked quick filters without requiring the user to toggle filters manually. This will correct the flow count discrepancies and improve the reliability of Draft View query results. However, the rule calculations were sent properly when the user manually toggled the quick filters (i.e., unchecks and rechecks them). This inconsistency leads to misleading flow counts and inaccurate data representation. When a user ran a query in Draft View with both Blocked and Potentially Blocked quick filters enabled, the query did not trigger rule calculations correctly for the returned flows. In Draft View, a query failed to trigger rule calculations accurately when both Blocked and Potentially Blocked quick filters were enabled. Manually toggling these filters corrected the issue. |
E-127181 | Performance Issue: Rule Search Delay with a Large Number of Rules The rule search functionality becomes impractical for users in organizations with numerous rules, leading to significant delays. |
E-127078 | Rule Counting Improvement for Deny and Override Deny Rules Prior to the fix, the counts for deny and override deny rules were excluded from the overall rule calculations, preventing rule limits from being enforced. Post-fix implementation, deny and override deny rules are now included in the aggregated count alongside allow rules. |
E-126227 | Corrected In-Conflict Reporting for Rules Opposing "All Services" Previously, upon defining a rule that should counter another rule, the conflict reporting function differed based on how the rule was defined. While setting the rule through port + protocol triggered the accurate in-conflict report with the 'All services' rule, defining the rule through a service failed to flag as in conflict, which was incorrect. With the recent fix, the system now correctly identifies conflicts with the 'All services' rule, regardless of whether a service or port + protocol is used in defining the rule. |
E-126207 | Resolution of Custom Time Range Query Issue A bug was addressed where filtering the Blocked Traffic list by a custom date range on a Workload's details page proved ineffective. The issue arose as the query was always initiated 24 hours before the current time, disregarding the specified start date from the date selector. |
E-126162 | Troubleshooting VEN Activation Failure with "Ephemeral" Parameter The VEN activation issue previously encountered with the "ephemeral" parameter was successfully resolved. Users can now activate VEN without any hindrance, as the fix implemented has ensured a smooth activation process. |
E-126122 | Successful Resolution of Service Account-Related Scheduled Jobs Failure The system now functions as intended after addressing the issue where scheduling jobs or reports using service accounts might fail. Users can expect a seamless experience when utilizing service accounts for scheduling tasks, ensuring reliable execution of jobs and reports without encountering previous failures. |
E-126121 | Improved performance by enhancing bulk operations Improved overall performance by enhancing bulk workload and event operations. |
E-126022 | Enhanced Policy Assignment for Multiple Virtual Services per Workload Multiple Virtual Services (VS) were assigned to a single Workload (WL), resulting in incomplete source_rule_ids within policies. This led to certain VS rules not registering any hits. The issue has now been fixed, ensuring that all VS IDs are correctly included in source_rule_ids for comprehensive policy enforcement across multiple Virtual Services assigned to a single Workload. |
E-125150 | Troubleshooting DB Lock ContainerCluster Removal - SCP41 Customer Auto-Owners Successful resolution of the issue concerning DB Lock ContainerCluster removal within the context of SCP41 Customer Auto-Owners troubleshooting. The fix ensures seamless database management and streamlined ContainerCluster removal for SCP41 Customer deployments. |
E-124916 | Backtrace Error and 500 Response in container_clusters/policies Successful resolution of an issue related to container_clusters/policies that previously caused a backtrace error, along with a 500 response. The fix eliminates these errors, ensuring improved stability and functionality within the container_clusters/policies endpoint. This leads to a smoother user experience without encountering backtrace issues or error responses. |
E-121656 | Container Service Backends View Load Failure in PCE The Container Service Backends view failed to load in the PCE for all non-Dev clusters. The problem stemmed from the service_backends API call timing out, specifically impacting this particular view and API response, while other container cluster APIs operated normally. The resolution ensures the successful loading of the Container Service Backends view, restoring functionality for the affected clusters within the PCE environment. |
E-121094 | Enhancement of Draft View Calculations for Large Queries Timing out during draft view calculations for large queries has been successfully addressed. Previously, the downloaded file was missing some of the draft policy decisions due to this timeout. The fix ensures proper processing of draft view calculations, eliminating timeouts and guaranteeing that all draft policy decisions are accurately included in the downloaded file, even for extensive queries. |
E-117295 | Rule Search Filter Enhancements for Multiple Ports The Rule Search filter now accurately applies OR logic when multiple ports are supplied, enhancing the functionality and precision of rule filtering. |
E-108511 | Resolution of PCE "Upgrading" Status Persistence Issue after VEN Upgrade Previously, the "Upgrading" status in the Policy Compute Engine (PCE) was not cleared upon upgrading the Virtual Enforcement Node (VEN). This issue has been resolved, ensuring that the status accurately reflects the completion of the VEN upgrade process. |