This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Network Management & Authentication
- ExtremeCloud IQ
- Re: XIQ OnPrem / IQVA New Release
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
XIQ OnPrem / IQVA New Release
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-01-2022 04:17 AM
Hi,
can anyone from Extreme tell me, when you plan to release a new feature version of XIQ OnPrem?
This is getting ridiculous, no big feature update for one and half year, we still have to use 21.1.x, so January 2021 version according to your scheme.
Solved! Go to Solution.
2 ACCEPTED SOLUTIONS
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
10-21-2022 06:13 AM
Hello,
Allow me to simplify. As the bulletin says, "In certain configurations, an attacker could execute arbitrary commands with the privileges of the script." In IQVA, yes, c_rehash is present. However, IQVA does not use it in any process, the configurations required for exploit are non-existent, and access to the OS in any capacity to expose it is not exposed. Several other CVE's are being tackled in the January release, specifically CVE-2021-4034. And no, the January release is not a joke, and is currently tracking as follows:
- Dev Start: (after 22r7 in cloud). on or about 11/15
- Dev Complete: 12/15 (4w development time)
- QA Test: 3w beginning in early January
- GA Available: end of January
Bill Lundgren, Distinguished Engineer
Portfolio Architect - Architecture, Security and Compliance
Extreme Networks
Portfolio Architect - Architecture, Security and Compliance
Extreme Networks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
02-23-2023 07:02 AM
@daniel1 I just spoke to the team that's doing it and you should see it in the next week or so. QA testing is complete, the final build approved, and release notes should be finalized today (2/23). Then we just have to work to get it posed.
Bill Lundgren, Distinguished Engineer
Portfolio Architect - Architecture, Security and Compliance
Extreme Networks
Portfolio Architect - Architecture, Security and Compliance
Extreme Networks
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
10-21-2022 06:13 AM
Hello,
Allow me to simplify. As the bulletin says, "In certain configurations, an attacker could execute arbitrary commands with the privileges of the script." In IQVA, yes, c_rehash is present. However, IQVA does not use it in any process, the configurations required for exploit are non-existent, and access to the OS in any capacity to expose it is not exposed. Several other CVE's are being tackled in the January release, specifically CVE-2021-4034. And no, the January release is not a joke, and is currently tracking as follows:
- Dev Start: (after 22r7 in cloud). on or about 11/15
- Dev Complete: 12/15 (4w development time)
- QA Test: 3w beginning in early January
- GA Available: end of January
Bill Lundgren, Distinguished Engineer
Portfolio Architect - Architecture, Security and Compliance
Extreme Networks
Portfolio Architect - Architecture, Security and Compliance
Extreme Networks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
02-23-2023 05:42 AM
@BillL It's end of February already, do you have an update for the release date?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
02-23-2023 07:02 AM
@daniel1 I just spoke to the team that's doing it and you should see it in the next week or so. QA testing is complete, the final build approved, and release notes should be finalized today (2/23). Then we just have to work to get it posed.
Bill Lundgren, Distinguished Engineer
Portfolio Architect - Architecture, Security and Compliance
Extreme Networks
Portfolio Architect - Architecture, Security and Compliance
Extreme Networks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
10-24-2022 04:48 AM - edited 10-24-2022 04:58 AM
Well this information would have been great to see in the KB-article and not here, as it creates (at least for me) a lot of confusion, especially in terms of a new IQVA release.
But I don't get why you can't simply patch the OpenSSL version with the new release? As per your support policy the major support for IQVA runs until December 2023.
But thanks for the clarification.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-18-2023 10:25 AM
@daniel1 wow am i glad that we went to the cloud right off the bat! looks like a total frigging nightmare... then its going to be End Of life pretty soon.... again so grateful, because we have two ZoneDirectors from Ruckus and i LOVED it.. I didnt have to push configs (that reboot the AP for full config) to AP's one by one to get an ACL to work., i could block MAC's to my hearts content, and block content, and a ton more.. heart breaking to lose it... it was easy and awesome (not like cloud or on-prem of this XIA).. it was great, but it outlived its purpose and we had to go with something newer...i could have gotten screwed if id pushed for an on-prem solution instead of cloud based reading the issues you are having and the total lack of updates and patches. sorry mate. Jason
