Replify Accelerator 6.3.0-31115 Release Notes ============================================= This document details the content of the Replify Accelerator release 6.3.0. This release contains several features and improvements along with bug fixes. The previous GA release of Replify Accelerator was version 6.2.1. Release Highlights ==================== - AES Encrypted Cache - TLS Certificate Usability Improvements Upgrade Instructions ==================== The following versions of the Virtual Appliance (VA) and Enterprise Manager (REM) can be upgraded directly to 6.3.0: = 6.2.1 = 6.2.0 = 6.1.0 = 6.0.0 = 5.6.0 = 5.5.0 To upgrade your system, the REM should be updated first (if you have a REM), followed by the Virtual Appliance and then clients. To upgrade the REM or VA please run the following command at the console: replify-ctl upgrade You will be prompted for an activation code after running the above command. Please contact support@replify.com for this code. Windows clients can be updated by navigating to 'Tools > Options > Updates' in the Replify client user interface. To avail of updates, the client must be connected to an upgraded REM or VA. Detailed installation instructions can be found in the Replify Installation & Configuration Guide. The Accelerator Client can also be downloaded from the web interface of VAs and REMs. Disk Space ========== When deploying from VMWare, the default disk configuration will be a 16GB disk with 'Thin Provisioning'. We would recommend 'Thick Provisioning' which will be faster when running but slower to deploy. If resources are particularly constrained on the server, you may use 'Thin Provisioning' to ensure the disk space is only consumed when required. For many production environments, 16GB may not be sufficient to hold all cache data. Please see the Installation Guide for details on how to add extra disk space. MAC addresses with Hyper-V ========================== Once the image is deployed on the Hyper-V server the MAC address allocation will be set to 'dynamic' by default. When the machine boots Hyper-V will generate a MAC address for the connected virtual network interface. Replify recommends changing this to use a static MAC address instead. Download Links ============== Downloads are available for VMware ESX 6.5 and above and Microsoft Hyper-V 2016 and above. Other deployments, such as Citrix Xen, Amazon EC2 and Microsoft Azure may be available on request from Replify Support. Please refer to the Replify Installation and Configuration Guide for deployment instructions. VMWare ESX ---------- REM OVF: https://s3.replify.com/v6.x/v6.3.0/Replify-Manager-6.3.0-31115/Replify-Manager-6.3.0-31115.ovf REM VMDK: https://s3.replify.com/v6.x/v6.3.0/Replify-Manager-6.3.0-31115/Replify-Manager-6.3.0-31115-disk1.vmdk VA OVF: https://s3.replify.com/v6.x/v6.3.0/Replify-Appliance-6.3.0-31115/Replify-Appliance-6.3.0-31115.ovf VA VMDK: https://s3.replify.com/v6.x/v6.3.0/Replify-Appliance-6.3.0-31115/Replify-Appliance-6.3.0-31115-disk1.vmdk Hyper-V ------- REM: https://s3.replify.com/v6.x/v6.3.0/Replify-Manager-6.3.0-31115-hyperv.zip VA: https://s3.replify.com/v6.x/v6.3.0/Replify-Appliance-6.3.0-31115-hyperv.zip QEMU ---- REM: https://s3.replify.com/v6.x/v6.3.0/Replify-Manager-6.3.0-31115.qcow2 VA: https://s3.replify.com/v6.x/v6.3.0/Replify-Appliance-6.3.0-31115.qcow2 Docker ------ VA: https://hub.docker.com/r/replifyltd/accelerator/ REM: https://hub.docker.com/r/replifyltd/manager/ SHA256SUMS ------ SHA256 hashes for each file listed above have been generated for this release, they can be downloaded from this link: SHA256SUMS: https://s3.replify.com/v6.x/v6.3.0/SHA256SUMS New Features and Improvements ============================= [ACC-5929] Added a Get and Set Cache Configuration Value API call [ACC-5928] Use 4096 bit keys when generating our CA certificate [ACC-5926] Add option to specify certificates that are considered valid for secure peering [ACC-5925] VMWare images no longer require an nvram file [ACC-5920] generate-new-ca-certificate and generate-new-server-certificate functionality is now available on REM [ACC-5910] Updated documentation to explain about TCP keep-alives in Azure. [ACC-5901] Dynamic Certificates are now stored in RAM instead of disk [ACC-5896] TLS Client Side Alerts Now Include IP of Client [ACC-5885] Updated documentation to include more detail on MacOS [ACC-5884] Removed Replify Email Address from Subject Field in Replify Certificates [ACC-5883] Allow User to Reissue VA Server Certificate with Specific Subject Alternative Names [ACC-5881] Allow User to Regenerate CA Certificate with Specific Attributes [ACC-5880] Certificate GUIs now Show SubjectAltNames rather than Common Names [ACC-5879] Hourly Stats Message in Logs is Clearer [ACC-5877] Subject Fields in CA and Server Certificate have been Reversed [ACC-5876] Replify CA Certificate now has a Unique Subject [ACC-5867] Updated OTP version (to 23.3) [ACC-5866] Added Debian Bullseye support [ACC-5865] Used latest version of ZStandard [ACC-5845] HTTP MIME Filter Cache Configuration Now Identifies Full Payload Correctly [ACC-5805] Avoid cache resizes if possible when block store is full [ACC-5797] Clearing the cache now clears the block store [ACC-5767] Added support for adding certificate bundles [ACC-5766] Improvements to CA certificate functionality in API [ACC-5757] Self-signed certs are now not generated if the CA is expired [ACC-5471] Expanded CA Root store on our VAs Fixes ===== [ACC-5956] Activity checks no longer calculated incorrectly in softwoc_handler [ACC-5941] Now accepts wider variety of common names when generating certificates [ACC-5923] REM bash autocomplete corrected to only show REM commands [ACC-5917] Fixed Shutdown Error from Writer Service [ACC-5907, 5904] Various Android managment ping fixes [ACC-5906] StartTLS traffic no longer blocked when SSL optimization is off [ACC-5895] Failed to Find Certificate On Disk No Longer Hangs Client Application [ACC-5890] Android no longer kills accelerator service if left alone too long [ACC-5854] Android client now reconnects automatically after disconnecting from VA [ACC-5844] The block size setting on the HTTP Settings page is now respected [ACC-5826] Dynamic certificates are are re-used rather than duplicated [ACC-5825] TPC Keepalives can now be configured for data connections [ACC-5822, ACC-5821, ACC-5759] Fixes for some TLS websites failing to load [ACC-5810] Failing to initialize a cache no longer causes the resource_checker to fail to start and prevent the GUI from working [ACC-5782] RAM Defragmentation under load no longer causes a crash [ACC-5769] SSL settings of application servers that are subnets within other subnets are now respected [ACC-5752] REM: Error occurs when tagging an inactive client fixed [ACC-5750] Refresh issues with health graph on Microsoft Edge corrected [ACC-5620] Repeated data connection failures now bring down mgmt connection when wan connection pooling is enabled [ACC-5243] Corrupt cache_settings.dets file shouldn't cause system to fail to start Removed functionality ====================== [ACC-5882] Remove DNE from Windows Installer [ACC-5784] Remove requirement for epmd (Replify now binds to fewer ports) Errata or Known Issues ====================== [ACC-3718] Intel based processors on Android devices not supported [ACC-3825] Un-rooted Android devices can only accelerate HTTP(s) traffic [ACC-4137, ACC-4170] applications that use SSL pinning (e.g. Skype for Business, Dropbox, some applications depending on Apple certificates etc) will have their connections blocked if configured in the VA to use SSL optimization, unless the pinned certificate is also uploaded to the VA. [ACC-4255] AVG anti-virus software incorrectly detects a threat during Replify client uninstallation [ACC-4427] Android client requires a reboot before upgrade or client re-install [ACC-4648] Mac client service stops when it connects to a VA that is using a non-standard block size [ACC-4719] STARTTLS and HTTP CONNECT content is not cached in client to local VA scenarios [ACC-4896] Active FTP may fail for some clients when using a client connected to a peered VA setup [ACC-5083] SMB Connections are not optimized by the Mac client [ACC-5962] Mac Client Download Link on REM Login Page Is Incorrect