Bug ID 553063: Epsec version rolls back to previous version on a reboot

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4

Fixed In:
13.0.0, 12.1.0, 11.6.1, 11.5.4 HF3

Opened: Oct 16, 2015
Severity: 3-Major
Related AskF5 Article:
K83452106

Symptoms

If administrator has installed multiple EPSEC packages, after a reboot the EPSEC version rolls back to the previously installed version.

Impact

OPSWAT version rolls back without prompting or logging. This might open up the end-point security issues that are supposed to be fixed by the latest installed OPSWAT package.

Conditions

The BIG-IP system needs to be rebooted for this issue to be seen, and multiple EPSEC packages must have been installed on the system before the reboot.

Workaround

The workaround is to upload a dummy file in Sandbox. 1. Go to Access Policy :: Hosted Content :: Manage Files. 2. Upload any dummy file, even a 0 byte file. Change the security level to 'session'. After this change, even if you reboot or shutdown-restart, the EPSEC version does not revert.

Fix Information

The most recently installed EPSEC version now remains configured, and does not roll back after reboot or shutdown-restart.

Behavior Change