Release Notes
2.12.0.0.xx Major Release (Target date Q2 2025 - EOL: TBD)
What’s New in this Release
NFO Security Update
This security update includes the following:
- Upgrade OpenSSL and crypto libraries to version 3.x
Customer Request/Ticket numbers: NFC-11919
Added support for Open Telemetry (OTel) output
Customer Request/Ticket numbers: NFC-11811
Added support for Model Driven Telemetry (MDT) input
Customer Request/Ticket numbers: NFC-11922
Splunk HEC output: add channel identifier
Customer Request/Ticket numbers: NFC-11915
Added support for Cisco SD-WAN IPFIX fields (including options)
Customer Request/Ticket numbers: NFC-11169
Implement Pseudonomization within NFO and re-identification within Splunk
Request to support General Data Protection Regulation (GDPR) compliance and adherence to data privacy laws in the United States.
Customer Request/Ticket numbers: NFC-11TBD
Implement NFO IPFIX Output
Customer Request/Ticket numbers: NFC-11TBD
2.11.1.0.70 Maintenence Release (February 10, 2025 - EOL: February 10, 2027)
What’s New in this Release
NFO Security Update
This security update includes the following:
- Apache Tomcat 9.0.98
- JRE 11.0.25
- Implemented Cross-Site Request Forgery (CSRF) protection
Customer Request/Ticket numbers: NFC-10410
Improved performance for Linux 9
Customer Request/Ticket numbers: NFC-11837
Added support of IPv6 exp_ip sampling
Customer Request/Ticket numbers: NFC-11264
Improved performance for AWS S3 output
Customer Request/Ticket numbers: NFC-11337
Implement Preview output feature
Customer Request/Ticket numbers: NFC-11840, NFC-11805
Added support for post-NAT IP addresses in Network Conversations Module
Customer Request/Ticket numbers: NFC-11863
Changed default in Network Conversations Module
Changed default to report bi-directional conversations
Customer Request/Ticket numbers: NFC-11830
Improve Auto-discovery feature
- Added connections based on next_hop
- Added connections IEEE 802.1D devices
- Allow to enable/disable auto-disovery
Customer Request/Ticket numbers: NFC-11871, NFC-11838, NFC-11855
Implement exclusion list for port consolidation
In the list of known server destination port numbers, allow marking which server application ports should be processed with client ports reported.
Customer Request/Ticket numbers: NFC-11285
Added Azure VNet flow logs support
Customer Request/Ticket numbers: NFC-11648
Improve NFO license manager
Allow to exclude peer nodes from production usage count
Customer Request/Ticket numbers: NFC-11696
Improve SNMP service and Auto-discovery
Customer Request/Ticket numbers: NFC-11786
Improve NFO Status page and troubleshooting
Customer Request/Ticket numbers: NFC-11809, NFC-11810, NFC-11828, NFC-11833, NFC-11882,
Improve NFO upgrade procedure
Restore server.cfg file after upgrade
Customer Request/Ticket numbers: NFC-11786
What’s Been Fixed in this Release
TFS registration error occurs intermittently in NFO server for sFlow data
Customer Request/Ticket numbers: NFC-11308
The server drops TFS due to duplicate template registration within 10-second interval
Customer Request/Ticket numbers: NFC-11820
Modified NFO server.cfg file incorrectly synchronized with config DB
Customer Request/Ticket numbers: NFC-11850
Missing VNet exporter names for Microsoft Azure Flow Logs input
Customer Request/Ticket numbers: NFC-11867
2.11.0.0.95 Major Release (September 30, 2024 - EOL: September 30, 2026)
What’s New in this Release
Implemented automatic device discovery using SNMP polling, streamlining network monitoring setup
Customer Request/Ticket numbers: NFC-11588
Implemented NFO output filtering based on Module id (nfc_id)
Customer Request/Ticket numbers: NFC-11703
Okta SSO
Customer Request/Ticket numbers: NFC-11700
Implement EDFN agent for OpenCTI
Customer Request/Ticket numbers: NFC-10641
Implement EDFN agent for Cisco ACI Bridge Domain enrichment
Customer Request/Ticket numbers: NFC-10434
Added support for username reported by Palo Alto Networks, Cisco AVC, and IPFIX element 371
Customer Request/Ticket numbers: NFC-11707
Added Support for nexthop, allowing for detailed visualization of network traffic routing paths
Customer Request/Ticket numbers: NFC-11630
Added Support for NetScaler IPFIX elements: AppName, RTT, and TCP retransmits
Customer Request/Ticket numbers: NFC-11167
Improved Kafka output configuration
Customer Request/Ticket numbers: NFC-11213
Implemented "Catch all" in Repeater filters
Customer Request/Ticket numbers: NFC-11391
Performance improvement
Customer Request/Ticket numbers: NFC-11668
What’s Been Fixed in this Release
vCenter agent generates records with duplicate MAC addresses and zero IP addresses
Customer Request/Ticket numbers: NFC-11780
AWS S3 output: Some Syslog generated files missing the header row
Customer Request/Ticket numbers: NFC-11725
2.10.2.0.88 Maintenance Release (April 24, 2024 - EOL: April 24, 2026)
What’s New in this Release
NFO Security Update
This security update includes the following:
- Apache Tomcat 9.0.88
- JRE 11.0.23
Added Support for Oracle Cloud Infrastructure (OCI)
Customer Request/Ticket numbers: NFC-11422, NFC-11449
Added support for IPv6 in Security Threat Lists in Network Conversations Module
Customer Request/Ticket numbers: NFC-11296
Implemented Azure Logs Ingestion API (as Data Collector API will be deprecated)
Customer Request/Ticket numbers: NFC-11448
Added support for Original Flow Data and NetFlow Recorder to AWS S3 output
Customer Request/Ticket numbers: NFC-11197
Improved EDFN Agento to support AWS/Azure/GCP/OCI public IP ranges
Customer Request/Ticket numbers: NFC-11461
Added support for IPv6 in SNMP Polling and Traps
Customer Request/Ticket numbers: NFC-11481
Added support of SNMP Polling Configuration via YAML Packages
Customer Request/Ticket numbers: NFC-11554
Added ifHighSpeed OID to SNMP Polling
Customer Request/Ticket numbers: NFC-11486
Added new SNMP OIDs to interface_mon Set
Customer Request/Ticket numbers: NFC-11491
Performance Improvements
Customer Request/Ticket numbers: NFC-11318, NFC-11543
Various Usability Improvments
Customer Request/Ticket numbers: NFC-11469, NFC-11478, NFC-11480, NFC-11544, NFC-11575, NFC-11611
2.10.1.3.2 Hotfix Release (February 9, 2024)
What’s New in this Release
NFO Security Update
This security update addresses the following vulnerabilities:
- Apache Tomcat 9.0.85 (CVE-2023-46589, CVE-2023-42795, CVE-2023-44487)
- JRE 11.0.22 (the latest version)
Downloads:
2.10.1.0.23 Maintenance Release (September 30, 2023 - EOL: September 30, 2025)
What’s New in this Release
NFO Security Update
This security update addresses the following vulnerabilities:
- Apache Tomcat 9.0.80 (CVE-2023-41080, CVE-2023-34981)
Improved SNMP Polling Statistics
Add SNMP polling requests queue length and the number of unresponsive devices to Status page.
Add unresponsive devices to NFO internal logs (nfo_audit.log).
Customer Request/Ticket numbers: NFC-11362, NFC-10408
Improved Error Logging for AWS S3 Output
Customer Request/Ticket numbers: NFC-11401
Improved Format for Original NetFlow Data Output
Customer Request/Ticket numbers: NFC-11412
Improved Formatting of Output Syslog and JSON Messages
Add an option to include nfo_hostname as key-value pair to Syslog output.
Customer Request/Ticket numbers: NFC-11374
2.10.0.1.6 Security Update Security update (July 24, 2023)
What’s New in this Release
NFO Security Update
This security update addresses the following vulnerabilities:
- OpenJDK (CVE-2023-22049, CVE-2023-22036, CVE-2023-22006)
EDFN
- AsyncHttpClient 2.12.3 (was dependent on old Netty version 3.x, CVE-2021-21290, CVE-2020-11612)
- Okta SDK 8.2.5 (no vulnerabilities, but it depends on SnakeYAML)
- SnakeYAML 2.0 (CVE-2022-41854, CVE-2022-1471)
NFO
- OpenSearch client 2.8.0 (no vulnerabilities, but it depends on SnakeYAML)
- Azure Identity 1.9.2 (no vulnerabilities, but it depends on Json-smart)
- Json-smart 2.4.10 (CVE-2023-1370)
Downloads:
2.10.0.0.140 Major Release (June 30, 2023 - EOL: June 30, 2025)
What’s New in this Release
NFO Security Update
Updated Java, Tomcat, and other libraries to the latest available security release.
Customer Request/Ticket numbers: NFC-10xxx
Implemented Support for Full IPv6 Network
Implemented support for NetFlow exporters with IPv6 addresses. Now NFO can be deployed in networks with 100% IPv6.
Customer Request/Ticket numbers: NFC-9998, NFC-9999, NFC-11278
Implemented Integration with Okta for User Identity Enrichment
Customer Request/Ticket numbers: NFC-11007
Added NFO Output to Microsoft Azure Log Analytics Workspace
Implemented new NFO Output Type - Azure Log Analytics Workspace (Azure Monitor, Sentinel)
Customer Request/Ticket numbers: NFC-11110
Added NFO Output to Microsoft Azure Blob Storage
Implemented new NFO Output Type - Azure Blob Storage
Customer Request/Ticket numbers: NFC-11151
AWS OpenSearch Output Upgrade
Upgrade OpenSearch library from 1.3 to 2.4
Customer Request/Ticket numbers: NFC-11181
Implemented NFO License Master
Customer Request/Ticket numbers: NFC-11139, NFC-11240
Implemented NFO Additional NFO Troubleshooting Features
Added NFv9/IPFIX templates logging
Customer Request/Ticket numbers: NFC-11183
Improved NFO Output Performance to AWS S3 Buckets
Customer Request/Ticket numbers: NFC-11191
Improved Microsoft AD Integration
Allow multiple user groups configuration
Customer Request/Ticket numbers: NFC-11292
Improved Integration with AlienVault (AT&T Cybersecurity)
Implement an option to use Pulses with malicious domains
Customer Request/Ticket numbers: NFC-11304
Improved Security in NFO Clouds Input/Output Configuration
Customer Request/Ticket numbers: NFC-11192, NFC-11201, NFC-11204, NFC-11205
Improved NFO Status Page Reporting
Customer Request/Ticket numbers: NFC-11234
Improved Output Dictionary
Added support for NFO Output dictionary in various Modules. Fixed JSON output reporting numeric fields as numbers
Customer Request/Ticket numbers: NFC-11142
What’s Been Fixed in this Release
[Module 1006x] Report client port when it is disabled
Customer Request/Ticket numbers: NFC-11132, NFC-11176
Known Issues
[Module 20062] S3 output failed with "no access" error code
Linux RHEL is not affected. For other Linux OSs, you can fix the issue using the following workaround:
Make a symbolic link /etc/pki/tls/certs/ca-bundle.crt to the certificates bundle (For example, on Ubuntu 20.04.5 LTS to the /etc/ssl/certs/ca-certificates.crt)
sudo ln -s /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt
2.9.1.3.7 Security update (April 24, 2023)
What’s New in this Release
NFO Security Update
This security update fixes the following vulnerabilities:
-
Apache Commons Text 1.10.0 or a later version (CVE-2022-42889)
-
Apache Commons FileUpload (CVE-2023-24998)
-
Kafka client updated to 3.4.0 (CVE-2022-34917)
-
OpenSearch client updated to 2.6.0 (CVE-2023-23612)
-
HSQLDB (CVE-2022-41853)
-
FasterXML jackson-databind (CVE-2022-42003, CVE-2022-42004)
-
OpenJDK (CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968)
Downloads:
2.9.1.2.3 Hotfix Release (November 14, 2022)
What’s New in this Release
NFO Security Update
NetFlow Optimizer Is Not Impacted by OpenSSL 3.0 Vulnerabilities (CVE-2022-3602 and CVE-2022-3786).
NetFlow Logic is aware of these vulnerabilities and has completed verification that these issues do not affect our products or services. No customer action is required.
Bug fix in Network Conversations Module
When parameter "Enable (1) or disable (0) generating end of conversation events" is set to 0, inactive sessions are not removed by timeout, and in-memory DB can eat memory.
Customer Request/Ticket numbers: NFC-11127
Implement additional status values in Network Conversations Module
Add Forwarding Status reported by Cisco routers:
- action=U for forwardingStatus 00 (unknown)
- action=F for forwardingStatus 01 (forwarded)
- action=D for forwardingStatus 10 (dropped)
- action=C for forwardingStatus 11 (consumed)
Customer Request/Ticket numbers: NFC-11122
Performance improvements
Customer Request/Ticket numbers: NFC-11156
Downloads:
2.9.1.0.79 Maintenance Release (August 9, 2022 - EOL: August 9, 2024)
What’s New in this Release
NFO Security Update
Updated Java, Tomcat, and other libraries to the latest available security release.
JRE: zulu11.58.15-ca-jre11.0.16
tomcat: 9.0.65
spring: 5.3.22
spring-security: 5.7.2
log4j: 2.18.0
Customer Request/Ticket numbers: NFC-11071
Added NFO Output to AWS S3 Buckets
Implemented new NFO Output Type - AWS S3
Customer Request/Ticket numbers: NFC-10354
Added NFO Output to Kafka
Implemented new NFO Output Type - Kafka
Customer Request/Ticket numbers: NFC-10461
Added NFO Output to OpenSearch
Implemented new NFO Output Type - OpenSearch (e.g. Amazon OpenSearch Service)
Customer Request/Ticket numbers: NFC-10468
Added NFO Output to disk
Implemented new NFO Output Type - Disk
Customer Request/Ticket numbers: NFC-10486
Implemented Integration with AT&T Cybersecurity
Impleemented integration with Alienvault OTX Pulses. For more information on Alienvault OTX, visit https://cybersecurity.att.com/documentation/usm-appliance/otx/about-otx.htm
Customer Request/Ticket numbers: NFC-11032
Improved Output Dictionary
Added support for NFO Output dictionary in various Modules
Customer Request/Ticket numbers: NFC-10396
Improved Support for Multiple EDFNs Instalation
Added ability to enable / disabled EDFN agents in NFO GUI
Customer Request/Ticket numbers: NFC-11076
Added New Features in Network Conversation Module
- Added an option not to report state=E events to further reduce output volume
- Improved security functionality by always reporting communications with malicious hosts, even if they don't make it to Top N
- Added integration with MaxMind to enrich data with Autonomous System Number
- Improved integration with Microsoft AD for user identity enrichment
Customer Request/Ticket numbers: NFC-10487, NFC-10494, NFC-10996, NFC-11072
Deprecate 'Known Threat Feeds hosts' in Security Module
Deprecate integration with 'Known Threat Feeds hosts' (Module 10053) as it is no longer supported by 3rd party vendor
Customer Request/Ticket numbers: NFC-10997
Downloads:
2.9.0.1.2 Security Update (April 15, 2022)
What’s New in this Release
NFO Security Update
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. See https://nvd.nist.gov/vuln/detail/CVE-2022-22965 for details.
Downloads:
Customer Request/Ticket numbers: NFC-10476
2.9.0.0.189 Major Release (March 25, 2022 - EOL: March 25, 2024)
What’s New in this Release
NFO Security Update
Updated Java and Tomcat to the latest available security release.
Customer Request/Ticket numbers: NFC-10453
Added New Features in Network Conversation Module
- Added support for additional Azure and Google Cloud fields
- Added User Identity (integrations with Microsoft AD, Azure AD, Login/Logout via syslog)
- Added Application enrichment
- Added Reputation enrichment
- Added option not to report denied flows
- Added integration with VMware vCenter
- Add TOS and AS fields
- Implemented Application collector
- Added GeoIP enrichment
- Added SNMP enrichment
- Added support for Cisco ACI (Bridge domains, Tenants)
- Improved output to AWS S3 destination
- Performance and usability improvments
Customer Request/Ticket numbers: NFC-10126, NFC-10127, NFC-10128, NFC-10194, NFC-10195, NFC-10197, NFC-10222, NFC-10224, NFC-10233, NFC-10236, NFC-10253, NFC-10254, NFC-10267, NFC-10350, etc.
Added NFO Output using Splunk HEC
Added ability to configure NFO output using Splunk HEC
Customer Request/Ticket numbers: NFC-10250
Added NFO Output to Splunk Observability Cloud
Added ability to configure NFO output to Splunk Observability Cloud (aka SignalFX)
Customer Request/Ticket numbers: NFC-10299
Implemented Output Dictionary
Added ability to override field names in syslog key=value or JSON data elements
Customer Request/Ticket numbers: NFC-10322
Implemented New sFlow formats
Implemented new sFlow formats per https://sflow.org/developers/structures.php
Customer Request/Ticket numbers: NFC-10351
Improved SNMP Polling
Implemented better handling of devices not replying to SNMP polling
Customer Request/Ticket numbers: NFC-10170, NFC-10321
Support Cisco ACI
Implemented support for Cisco ACI fields
Customer Request/Ticket numbers: NFC-10406
Various Usability Improvments
Various cosmetic changes and usability improvments
Customer Request/Ticket numbers: NFC-10218, NFC-10320, NFC-10389