NETLAB+ Version 22 is a major upgrade that is built on a new Linux distribution.
The focus of this upgrade is security hardening to meet the latest industry standards
and benchmarks. Version 22 has been validated by a third-party penetration testing firm.
Current NETLAB+ users of version 21.X.X and earlier:
Please see the NETLAB+ Data Transfer Utility Guide
for details on the required procedure to upgrade your NETLAB+ system to version 22.X.X.
Current Production Release Software Version for NETLAB+: 22.0.10
This applies to all users who have updated their systems to version 22+. NDG recommends all customers run the current production release, with the exception
of schools participating in the evaluation of a beta release.
### 22.0.10
* Status: **Production**
* Released: **2022-07-14**
* Changes Since: **22.0.8**
#### Bug Fixes
* Applied package and security updates. #D706
* Fix continuous restarts of td-agent-bit if log export server is not reachable. #D686
* Postgresql must be started before td-agent-bit. #D684
* Lets Encrypt not properly configured by Data Transfer Utility. #D693
* Lets Encrypt cannot renew without contact email. #D711
* Firewall setup is not excluding inactive API keys. #D696
* Python SDK fails with ECC keys (workaround). #D697
* Webserver stops logging after log rotation. #D702
* Fix errors in td-agent-bit cgi.lua script. #D673
* Log rotation required for td-agent-bit log. #D700
* Fix permission for ve-logperm-check. #D685
* Suppress successive logging of vsphere connection failures. #D678.
---
### 22.0.8
* Status: **Alpha**
* Released: **2022-06-23**
#### New Features
* Data Transfer Utility - feature allows new 22.0.X virtual machine to accept a one-time data transfer from a 21.4.X system. #D632
* Added an option under the Webserver Security interface, to enable and disable CSRF Protection. #D667
#### Bug Fixes
* Increased the duration that NETLAB+ will wait for Cisco serial interface modules to boot from 3 to 5 minutes. #2111, #D348
* Lab and pod designer not working, undefined subroutine message. Added a missing use declaration for Netlab::SysTable to Module.pm. #D677
* Made a few minor language corrections to the HSTS webserver security interface. #666
* Set Retry_Limit on td-agent-bit output plugins. #689
---
### 22.0.7
* Status: **Alpha**
* Released: **2022-03-23**
#### New Features
* Align system configuration to meet CIS security benchmarks for Debian 10.
* Improve software update process for faster security updates.
* Support TLS 1.3 and update ciphers to meet government requirements.
* Overhauled logging system and log search capabilities.
* Ability to export system logs to external fluentd server (structured data) or syslog server (unstructured data).
* Ability to view logs in real-time.
* Implementation of auditd, instrusion detection (AIDE), and antivirus (ClamAV) per CIS guidelines.
* Ability to enable Strict Transport Security (HSTS).
* Local account usernames are now case insensitive.
* Administrator defined password policies for local accounts.
* Support IPv6 on public interface as required for government compliance.
* Disks are automatically sized to recommended values on OVA install.
* Serve all resources locally (do not rely on CDN for fonts, etc.)
* Updated Installation and Administrator guides.
#### Work In Progress
* Data transfer from version 21 to version 22 system.
* Multifactor Authentication for local accounts using TOTP (authenticators) and FIDO2 (hardware keys).
* Customizable time syncronization sources (NTP).
#### Upgrading from Version 21
NETLAB+ Version 22 is built on a new Linux distro and therefore requires a new OVA deployment.
* Version 22.0.7 is released only for testing of **new deployments** by designated beta testers.
* Version 22.0.7 **will not be capable of data migration** of data from NETLAB+ systems running 21.X versions.
* Data migration from NETLAB+ version 21.X systems will be available in version 22.1.0. This version will provide a one-time option to choose between a New Deployment or Data Migration from a 21.X system.
#### Caveats
* The NETLAB+ virtual machine is not FIPS 140-2 compliant as this requires testing against specific hardware. Version 22.0.7 is based on [OpenSSL 1.1.1](https://en.wikipedia.org/wiki/OpenSSL).
* NETLAB+ does not natively encrypt data at rest. However, the entire virtual machine can be encrypted. Please consult the VMware vSphere documentation.
---
Release Notes for Earlier NETLAB+ Versions
Please refer to Release Notes and Known Issues - NETLAB+ version 21.x.x and earlier.