Last Modified: Apr 10, 2019
See more info
Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4
13.0.0, 12.1.0, 11.6.1, 11.5.4 HF3
Opened: Oct 16, 2015
Related AskF5 Article: K83452106
If administrator has installed multiple EPSEC packages, after a reboot the EPSEC version rolls back to the previously installed version.
OPSWAT version rolls back without prompting or logging. This might open up the end-point security issues that are supposed to be fixed by the latest installed OPSWAT package.
The BIG-IP system needs to be rebooted for this issue to be seen, and multiple EPSEC packages must have been installed on the system before the reboot.
The workaround is to upload a dummy file in Sandbox. 1. Go to Access Policy :: Hosted Content :: Manage Files. 2. Upload any dummy file, even a 0 byte file. Change the security level to 'session'. After this change, even if you reboot or shutdown-restart, the EPSEC version does not revert.
The most recently installed EPSEC version now remains configured, and does not roll back after reboot or shutdown-restart.