diff --git a/docs/about_releases.md b/docs/about_releases.md index c6bb9fb757..b73db9e27f 100644 --- a/docs/about_releases.md +++ b/docs/about_releases.md @@ -54,7 +54,7 @@ However, issues resolved in `4.3.12`, which was released on 3/12/2021 are not ad | Version | Initial GA Version | First Release Shipping Date | Latest GA Version | Support Lifetime | End of Engineering support | End of Support | | -- | -- | -- | -- | -- | -- | -- | -| Release 7.1 | [7.1.0](release_notes_128t_7.1.md#release-710-50r1) | December 4, 2025 | [7.1.4](release_notes_128t_7.1.md#release-714-3r2) | STS | March 10, 2027 | September 10, 2027 | +| Release 7.1 | [7.1.0](release_notes_128t_7.1.md#release-710-50r1) | December 4, 2025 | [7.1.5](release_notes_128t_7.1.md#release-715-7r2) | STS | March 10, 2027 | September 10, 2027 | | Release 7.0 | [7.0.1](release_notes_128t_7.0.md#release-701-1r1) | October 14, 2025 | [7.0.1](release_notes_128t_7.0.md#release-701-1r1) | LTS | August 24, 2028 | February 24, 2029 | | Release 6.3 | [6.3.0](release_notes_128t_6.3.md#release-630-107r1) | September 30, 2024 | [6.3.7-6-sts](release_notes_128t_6.3.md#release-637-6-sts) | STS | May 6, 2026 | November 6, 2026 | | Release 6.2 | [6.2.0](release_notes_128t_6.2.md#release-620-39r1) | November 16, 2023 | [6.2.10-lts](release_notes_128t_6.2.md#release-6210-10-lts) | LTS | September 6, 2026 | March 6, 2027 | diff --git a/docs/concepts_ssr_chassis_manager.md b/docs/concepts_ssr_chassis_manager.md index 158ecd1cd4..a91e341d8b 100644 --- a/docs/concepts_ssr_chassis_manager.md +++ b/docs/concepts_ssr_chassis_manager.md @@ -89,7 +89,7 @@ The following commands are only available on the SSR400 and SSR440 platforms. Wh | [`show chassis led`](cli_reference.md#show-chassis-led) | Show the status of the chassis LEDs | | [`show chassis led phy`](cli_reference.md#show-chassis-led-phy) | Show the status of the port LEDs | | [`show chassis led system`](cli_reference.md#show-chassis-led-system) | Show the status of the System LED | -| [`show chassis power`](cli_reference.md#show-chassis-power) | Show chassis power | +| [`show chassis power`](cli_reference.md#show-chassis-power) | The `show chassis power` command displays power supply status for both single and dual power supply SSR4xx devices. | | [`show chassis temperature`](cli_reference.md#show-chassis-temperature) | Show chassis temperature sensor readings | | [`show chassis temperature-thresholds`](cli_reference.md#show-chassis-temperature-thresholds) | Show chassis temperature thresholds | diff --git a/docs/config_command_guide.md b/docs/config_command_guide.md index f455ec0b21..3683942c2c 100755 --- a/docs/config_command_guide.md +++ b/docs/config_command_guide.md @@ -13647,7 +13647,7 @@ A value from a set of predefined names. Options: -- auto: Inject keep-alive packets in order to keep the pinhole open on external NAT device for sessions that match a session type with keep-alive enabled. +- auto: Inject keep-alive packets in order to keep the pinhole open on external NAT device for sessions that match a session type with keep-alives enabled. - disabled: Do not send keep-alive packets to keep pinhole open on an external NAT device. ## `configure authority router node device-interface network-interface adjacency nat-keep-alive tcp-inactivity-timeout` @@ -17594,7 +17594,7 @@ A value from a set of predefined names. Options: -- auto: Inject keep-alive packets in order to keep the pinhole open on external NAT device for sessions that match a session type with keep-alive enabled. +- auto: Inject keep-alive packets in order to keep the pinhole open on external NAT device for sessions that match a session type with keep-alives enabled. - disabled: Do not send keep-alive packets to keep pinhole open on an external NAT device. ## `configure authority router node device-interface network-interface neighborhood nat-keep-alive tcp-inactivity-timeout` @@ -40452,7 +40452,7 @@ The shortest historical retention bucket | `delete` | Delete configuration data | | [`duration`](#configure-authority-router-system-metrics-retention-short-duration) | How long the short retention should retain metrics | | [`enabled`](#configure-authority-router-system-metrics-retention-short-enabled) | Whether short and subsequent retentions should be disabled | -| [`interval`](#configure-authority-router-system-metrics-retention-short-interval) | How frequently metrics should be inserted into the short retention. This is equivalent to the deprecated 'sample-period' element. | +| [`interval`](#configure-authority-router-system-metrics-retention-short-interval) | How frequently metrics should be inserted into the short retention. This is equivallent to the deprecated 'sample-period' element. | | `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit | | `show` | Show configuration data for 'short' | @@ -40510,7 +40510,7 @@ Options: true or false ## `configure authority router system metrics retention short interval` -How frequently metrics should be inserted into the short retention. This is equivalent to the deprecated 'sample-period' element. +How frequently metrics should be inserted into the short retention. This is equivallent to the deprecated 'sample-period' element. #### Usage @@ -45362,7 +45362,7 @@ Options: - metric-condition: A metric condition - origin-condition: An origin condition - peer-condition: A peer condition -- probability-condition: A probability condition +- probability-condition: A probablity condition - tag-condition: A tag condition ## `configure authority routing policy statement name` @@ -48317,6 +48317,7 @@ configure authority service-policy | [`packet-resiliency`](#configure-authority-service-policy-packet-resiliency) | Types of packet resiliency govern how the SSR provides resilience for packets in the event of network loss. | | [`path-quality-filter`](#configure-authority-service-policy-path-quality-filter) | Enable/disable filtering out paths that exceed maximum quality limits. | | [`peer-path-resiliency`](#configure-authority-service-policy-peer-path-resiliency) | Whether or not session resiliency failover occurs among multiple peers. | +| [`prefer-established-session`](#configure-authority-service-policy-prefer-established-session) | On a reverse flow collision with an incomplete session, prefer the established session. | | [`qp-preference`](#configure-authority-service-policy-qp-preference) | Preference for ordering interfaces by QP values. | | [`required-qp`](#configure-authority-service-policy-required-qp) | Minimum quality points required on network interface. | | [`reverse-gateway-change-detection`](#configure-authority-service-policy-reverse-gateway-change-detection) | Trigger a session-modify when the packet source-mac does not match the reverse next-hop ARP resolution for sessions that are not from inter-router or inter-node. | @@ -48864,6 +48865,32 @@ A true or false value. Options: true or false +## `configure authority service-policy prefer-established-session` + +On a reverse flow collision with an incomplete session, prefer the established session. + +#### Usage + +``` +configure authority service-policy prefer-established-session [] +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| boolean | The value to set for this field | + +#### Description + +Default: true + +##### boolean + +A true or false value. + +Options: true or false + ## `configure authority service-policy qp-preference` Preference for ordering interfaces by QP values. @@ -49596,7 +49623,7 @@ configure authority session-type | [`description`](#configure-authority-session-type-description) | A description of the session type. | | [`initial-timeout`](#configure-authority-session-type-initial-timeout) | The inactivity timeout for sessions that are not yet established. | | [`name`](#configure-authority-session-type-name) | The name of the session type. | -| [`nat-keep-alive`](#configure-authority-session-type-nat-keep-alive) | Enable/disable generation of NAT keep-alive for sessions of this type if the functionality is enabled in the neighborhood | +| [`nat-keep-alive`](#configure-authority-session-type-nat-keep-alive) | Enable/disable generation of NAT keep-alives for sessions of this type if the functionality is enabled in the neighborhood | | `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit | | [`resource-group`](#configure-authority-session-type-resource-group) | Associate this session type with a top-level resource-group. | | [`service-class`](#configure-authority-session-type-service-class) | The service class this type belongs to. | @@ -49679,7 +49706,7 @@ Length: 0-63 ## `configure authority session-type nat-keep-alive` -Enable/disable generation of NAT keep-alive for sessions of this type if the functionality is enabled in the neighborhood +Enable/disable generation of NAT keep-alives for sessions of this type if the functionality is enabled in the neighborhood #### Usage @@ -50674,7 +50701,7 @@ configure authority tenant member | name | description | | ---- | ----------- | -| neighborhood | Neighborhood where tenant members are located. | +| neighborhood | Neigborhood where tenant members are located. | ##### Subcommands @@ -50682,7 +50709,7 @@ configure authority tenant member | ------- | ----------- | | [`address`](#configure-authority-tenant-member-address) | The source address(es) within the neighborhood that define the tenant members. | | `delete` | Delete configuration data | -| [`neighborhood`](#configure-authority-tenant-member-neighborhood) | Neighborhood where tenant members are located. | +| [`neighborhood`](#configure-authority-tenant-member-neighborhood) | Neigborhood where tenant members are located. | | `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit | | `show` | Show configuration data for 'member' | @@ -50751,7 +50778,7 @@ characters and leading zeros are not allowed. ## `configure authority tenant member neighborhood` -Neighborhood where tenant members are located. +Neigborhood where tenant members are located. #### Usage diff --git a/docs/release_notes_128t_7.1.md b/docs/release_notes_128t_7.1.md index 2d909f9464..87ca0b3afc 100644 --- a/docs/release_notes_128t_7.1.md +++ b/docs/release_notes_128t_7.1.md @@ -71,6 +71,40 @@ An issue has been identified that may be observed in conductor deployments runni An issue has been identified when onboarding SSR routers installed with older versions of software (such as 5.4.4) to Conductors running 6.3.x, when running in offline-mode. In some cases, certain software packages are not available to be installed during onboarding. To work around this issue, import the **package-based** (the "128T" prefixed) ISO for the current conductor version onto the conductor. This provides the necessary software packages to complete the onboarding process. This issue will be resolved in a future release. +## Release 7.1.5-7r2 + +**Release Date:** April 23, 2026 + +### New Features + +- **I95-63393 SSR400/SSR440 power supply status visibility:** Added CLI support to display the status of power supplies on dual-AC SSR400/SSR440 platforms. The `show chassis power` command displays power supply status for both single and dual power supply devices. This improves operational visibility into power redundancy and health on SSR400/SSR440 systems. +------ +- **I95-64568 TPM details in platform information:** The `show platform security` command has been added to display TPM information such as TPM family (version number), revision, firmware version, and manufacturer. This allows users to verify TPM availability and configuration for security and compliance workflows. +------ +- **I95-64623 Plugin packaging improvements:** Updated plugin packaging to include `128T-plugin-support-files`. This ensures that plugin dependencies are available on systems that rely on the extra packages bundle. + +### Resolved Issues + +- **The following CVEs have been identified and resolved in this release:** CVE-2021-47670, CVE-2022-49985, CVE-2022-50087, CVE-2022-50228, CVE-2023-53125, CVE-2023-53305, CVE-2024-56644, CVE-2025-21727, CVE-2025-21759, CVE-2025-22026, CVE-2025-22058, CVE-2025-22097, CVE-2025-37797, CVE-2025-37914, CVE-2025-38085, CVE-2025-38159, CVE-2025-38200, CVE-2025-38211, CVE-2025-38250, CVE-2025-38332, CVE-2025-38350, CVE-2025-38352, CVE-2025-38380, CVE-2025-38392, CVE-2025-38449, CVE-2025-38461, CVE-2025-38464, CVE-2025-38477, CVE-2025-38498, CVE-2025-38527, CVE-2025-38556, CVE-2025-38718, CVE-2025-39730, CVE-2022-50367, CVE-2022-50386, CVE-2022-50543, CVE-2023-53178, CVE-2023-53226, CVE-2023-53257, CVE-2023-53297, CVE-2023-53386, CVE-2023-53401, CVE-2023-53513, CVE-2023-53539, CVE-2025-38724, CVE-2025-39697, CVE-2025-39718, CVE-2025-39817, CVE-2025-39825, CVE-2025-39841, CVE-2025-39849, CVE-2025-39864, CVE-2025-39883, CVE-2025-39898, CVE-2025-39955, CVE-2025-39971, CVE-2025-40300, CVE-2025-9230, CVE-2025-13601, CVE-2025-9086, CVE-2025-66418, CVE-2025-66471, CVE-2026-21441, CVE-2025-12084, CVE-2025-14104, CVE-2025-6176, CVE-2022-25883, CVE-2025-11021, CVE-2025-4945, CVE-2026-0719, CVE-2026-1761. +------ +- **I95-62421 DHCP relay failures causing clients to miss IP assignment:** Resolved an issue where DHCP session information is lost on the hub, causing the session reverse flow to collide with the forward flow of the session initiated originally from the spoke. This includes a new (configurable) default behavior for collision resolution. For detailed information, see [`configure authority service-policy prefer-established-session {true | false}`](config_command_guide.md#configure-authority-service-policy-prefer-established-session). +------ +- **I95-62710 Unnecessary web server processing for `router all` in the PCLI:** Addressed a problem where the web server performed unnecessary work when PCLI commands referenced `router all`. This optimization reduces overhead and improves responsiveness. +------ +- **I95-63174 IDP `Critical` profile not applied:** Resolved an issue where setting the IDP policy/profile to `Critical` was not properly applied on IDP. With this fix, profile changes to `Critical` now take effect as expected. +------ +- **I95-63355 Node-level security controls for serial console and USB:** Restored support for configuring node-level security features that disable serial console output and USB boot/mass storage (for example, settings such as `serial-console-enabled` and `usb-mass-storage-enabled`). This allows users to reapply hardened platform settings where supported. +------ +- **I95-63839 SNMP walk failures on Conductors onboarding to NMS:** Resolved an issue where SNMP walks on Conductors could fail with a `genError`, preventing successful onboarding into some network management systems. System MIB walks on Conductors now complete successfully; IF-MIB is no longer exposed on Conductors where it is not supported. +------ +- **I95-64152 Conductor connectivity blocked by stale SSH control sockets:** Resolved a condition where, after a router reboot (particularly following an unclean shutdown), the router could remain **Disconnected** in the Conductor due to stale SSH control sockets. The SSH coordination logic now cleans up stale control sockets automatically, restoring Conductor–router connectivity. +------ +- **I95-64187 Improved handling of TPM Dictionary Attack (DA) lockout:** Improved detection and handling when the TPM is in Dictionary Attack (DA) lockout mode. The integrity handler now detects this condition earlier and fails in a more predictable manner, simplifying troubleshooting of TPM-related integrity issues. +------ +- **I95-64595 Excessive audit log severity:** Adjusted the log severity for the audit log event collector to better match expected operational conditions and reduce unnecessary log noise. +------ +- **I95-64687 Recursive cleanup of Salt cache directory** Resolved an issue where cleanup of `/var/cache/salt/` was not performed recursively, which could leave behind cached data. The cleanup process now removes this directory recursively to ensure a more complete reset. + ## Release 7.1.4-3r2 **Release Date:** March 17, 2026