Resolved Issues in Release 25.3-PCE
These release notes describe this release's new features, enhancements, resolved issues, and known issues.
Resolved Issues
Issue | Fix Description |
|---|---|
E-128999 | Incorrect Timestamps from VEN Leading to Database Inconsistencies The incorrect timestamps reported by the VEN were causing the PCE to generate inaccurate tables within the database. This discrepancy has resulted in system issues. This was resolved to ensure the accuracy and reliability of the database operations. |
E-128877 | Enhanced Deny Rule Scope Accuracy Previously, deny rules and override deny rules failed to consider label groups or exclusions in the scope, leading to misapplied rules. These rules are now accurately applied based on specified label groups and exclusions, ensuring correct enforcement on targeted workloads. |
E-128872 | Enhanced Policy Selection with Autocomplete Feature Users could not select a policy if it were not initially part of the list of 500 policies. To resolve this limitation, autocomplete functionality has been added, enabling dynamic fetching of policies from the full list. This enhancement empowers users to conveniently search and select any valid policy beyond the initial set of 500 options, thereby improving the overall user experience and flexibility within the system. |
E-128375 | Rule Coverage Issue for Traffic in Draft Mode with Kubernetes Workloads Rule Coverage for Traffic in Draft mode was malfunctioning, specifically for Kubernetes Workloads. This was causing inconsistencies in rule application. This issue has been successfully resolved, ensuring that Rule Coverage now operates correctly for Traffic in Draft mode within Kubernetes Workloads. |
E-128235 | Policy Rules for NodePorts and LoadBalancers in CLAS Clusters This update addresses an issue with policy rules specifically designed for managing Node Ports and Load Balancers within CLAS (Cluster-Level Application Set) clusters. The fix ensures that these rules now function as intended, providing accurate and consistent governance over networking configurations associated with Node Ports and Load Balancers within the CLAS environment. |
E-128193 | Improved Conflict Resolution in ruleset_overlapping_rule_search API This update addresses an issue where the parameter exclude_rules_not_resolving_to_ruleset_scope_actors=true was missing in the URL when calling ruleset_overlapping_rule_search. By adding this parameter, scopes will be thoroughly checked to ensure no conflicting rules are displayed. This enhancement leads to a more accurate identification of conflicts, providing a more straightforward overview of rules without duplicates in the specified scenarios. |
E-128016 | Optimization for Performance and Rate Limiting Avoidance through Consolidated Endpoint Call Addressed the rate-limiting problem by substituting multiple endpoint calls with a single, consolidated one. Thanks to the optimization, users can now operate without concerns about rate limiting, resulting in enhanced performance and smoother API functionality. |
E-127789 E-127354 | Improved Subnet Caching Behavior to Prevent Empty Sets During Server Reload Fixed an issue where subnet caching occurring concurrently with a set_server reload could lead to empty sets being cached. Addressing this scenario ensures that sets related to workloads are not cached as empty during server reload, thereby preventing inaccurate caching results. |
E-127763 | Reversal of Hostname Case Sensitivity in 25.21.0 Update A change occurred in version 25.21.0, causing the hostname to become case-sensitive, deviating from prior releases. The behavior has been reverted to its original state of being case-insensitive, aligning with users' familiarity with previous versions. This adjustment ensures consistency across releases and minimizes potential disruptions for users accustomed to the former configuration. |
E-127740 | Log message missing from the agent log The log message |
E-127644 | Enhanced Flow Separation for Different IP Address Decorations in Draft Policies Previously, when some flows were adorned with a Workload while others were associated with an IP List for the same IP address, they were erroneously merged as one flow in the draft policy. This caused the draft policy to display only for the combined flow. The solution maintains these flows as distinct entities, ensuring accurate representation and visibility within the policy structure. |
E-127435 | Enhanced Policy Commit Stability via Batching Strategy for Arguments in Lua Script Previously, policy commits encountered a Redis Lua script error due to attempting to unpack an excessive number of arguments. The Lua script has implemented a fix introduced through a pull request mentioned in the comments. This resolves the issue by batching arguments efficiently rather than unpacking them all at once, ensuring smoother processing of policy commits without encountering script errors. |
E-127354 | Optimizing Subnet Caching and Server Reload Interaction to Prevent Empty Set Caching Subnet caching overlapped with a set_server reload operation, which could lead to the caching of empty sets. This occurs because workloads could be empty during a reload, resulting in incomplete or erroneous data being cached. Optimizations were implemented to ensure that subnet caching and server reload processes are synchronized effectively. |
E-127344 | Policy Check Failure Caused by Outdated Deny Rules Fixed policy check failures that occurred due to the presence of outdated (legacy) deny rules included in the results. This update ensures that outdated deny rules no longer cause policy check failures, improving the accuracy and reliability of policy validation processes. |
E-127276 | Query in Draft View not triggering rule calculations correctly When a user ran a query in Draft View with both Blocked and Potentially Blocked quick filters enabled, the query did not trigger rule calculations correctly for the returned flows. However, the rule calculations were sent properly when the user manually toggled the quick filters (i.e., unchecks and rechecks them). This inconsistency leads to misleading flow counts and inaccurate data representation. The fix ensures that rule calculations are triggered consistently when the query is run with Blocked and Potentially Blocked quick filters without requiring the user to toggle filters manually. This will correct the flow count discrepancies and improve the reliability of Draft View query results. |
E-126207 | Custom Time Range Query A bug was addressed where filtering the Blocked Traffic list by a custom date range on a Workload's details page proved ineffective. The issue arose as the query was always initiated 24 hours before the current time, disregarding the specified start date from the date selector. |
E-126162 | Troubleshooting VEN Activation Failure with "Ephemeral" Parameter The VEN activation issue previously encountered with the "ephemeral" parameter was successfully resolved. Users can now activate VEN without any hindrance, as the fix implemented has ensured a smooth activation process. |
E-126121 | Configurable Runtime Thresholds and Logging Added for Event Bus Bulk Operations The runtime thresholds were configured for total_event_bus_bulk_threshold and workload_in_out_event_bus_bulk_threshold, enhancing flexibility in managing event bus bulk operations. Logging features have been incorporated to assist users in fine-tuning these thresholds effectively. The update gives users increased control over event bus operations while facilitating optimization through detailed logging mechanisms. |
E-126022 | Improved Policy Consistency for Workload Assignments to Virtual Services Resolved an issue where, when multiple Virtual Services (VS) were assigned to a single Workload (WL), some policies contained only one VS ID in the source_rule_ids instead of all assigned VS IDs. This inconsistency resulted in certain Virtual Service rules not recording any hits. The issue has been rectified, ensuring all associated Virtual Service IDs are correctly reflected within policies for accurate rule evaluation and traceability of hits. |
E-125150 | Boosted PCE Performance with Optimized C-VEN and Kubelink API Queries Resolved issue by optimizing C-VEN and Kubelink API queries, enhancing PCE (Policy Computing Engine) performance. The optimization efforts have significantly improved PCE efficiency, benefiting large clusters by streamlining operations and boosting overall system performance. |
E-124916 | Resolved lock contention to reduce a 500 error Resolved an issue where some containers could not fetch and apply the policy, which caused a 500 error in logs. |
E-124289 | container_clusters Policies Breaking Perspective Cache The endpoint container_clusters/<uuid>/policies caused disruptions to the non-blocking policy perspective cache, affecting its ability to maintain accurate and current policy perspectives. This issue is resolved to ensure the seamless operation of policies within container clusters. |
E-124261 | Convergence in Container Clusters Due to convergence issues in specific Container Clusters, clusters are falling out of synchronization, impacting operations. VENs experienced difficulties obtaining the VPC IPs allocated by their policies. This issue is resolved. |
E-124060 | Formatting Issues Due to Incorrect Service Addition in the Query Field The incorrect procedure of adding a defined service to the service query field resulted in improper formatting issues, particularly affecting the UI (User Interface). This incongruity results in complications with how data is displayed or processed, causing confusion and hindering the user experience. Resolution of this issue is crucial to ensure accurate data representation and smooth functionality of the service query field within the system. |
E-121656 | Container Service Backends View Loading Failure in PCE Resolved the customer-reported issue where the Container Service Backends view failed to load in the PCE for all non-Dev clusters. The problem was traced to the service_backends API call stalling and timing out specifically for this view. This affected only the specified API response and view without affecting the functionality of other container cluster-related APIs. |
E-121094 | Improved Draft View Calculation Reliability for Large Queries Addressed an issue where draft view calculations were timing out for large queries, leading to missing draft policy decisions in the downloaded file. The resolution ensures that draft view calculations are more robust, even for extensive queries, guaranteeing that all draft policy decisions are accurately included in downloaded files. |
E-120909 | Updates in API Authentication Code Path Exposes Gap in User Session Verification An update in the API authentication process has introduced a different code path, inadvertently affecting user session verification in the system. While aiming to bolster security measures, this change resulted in user session checks being omitted for this particular case, potentially impacting user access and system security. The recent update addresses this issue, ensuring robust authentication practices and consistent user session verification across all scenarios |
E-117295 | Enhanced Rule Search Filter Logic for Multiple Ports Resolved an issue where the Rule Search filter incorrectly applied the AND logic instead of the expected OR logic when multiple ports were supplied. The filter correctly interprets multiple ports as an OR condition, ensuring accurate and efficient rule search results based on the specified port inputs. |
E-108511 | PCE "Upgrading" Status not Cleared This issue addresses the persistent problem of the PCE (Policy Computing Engine ) status remaining stuck in an "Upgrading" state even after successful upgrades of VENs. Despite completing VEN upgrades, the PCE fails to clear the "Upgrading" status, causing confusion and potential delays in system operations. |