This release includes updated Windows core and bare metal agents. The 10.5.5 core agent is recommended for all Windows assets and is required for Windows fixes in this release.
IMPORTANT!
Windows image-level backups – After upgrading from a pre-10.4.9 agent, the next backup is automatically promoted to a full.
Fixes
The table below lists fixes included in this release. Unless stated otherwise, you can apply each fix by simply upgrading your appliance.
Component
Fix
Adding assets
Resolved a resource blocking issue that could cause an appliance to hang when attempting to add an asset.
Recovery
On-box recovery – Resolved an issue with the creation of a bridge network with certain hardware configurations.
Windows image-level recovery – Resolved an issue if the first partition was an extended partition. This fix requires the 10.5.5 Windows agent.
Security vulnerabilities
Note: These security vulnerabilities were identified through independent audits performed by these companies: Dutch Institute for Vulnerability Disclosure (DIVD) and Critical Start.
Addressed these appliance security vulnerabilities:
Unauthenticated SQL injection
PostgresSQL trigger command injection
Unauthenticated remote code execution
Privilege escalation using arbitrary code and user apache
Privilege escalation using unauthorized commands and session API
Samba service could permit anonymous connections with read/write access