Batfish 2022-04-06
Release notes 馃枛馃徎
This release brings security improvements for Java dependencies and container-level vulnerabilities. In addition, there are minor bug fixes and feature improvements.
We'd also like to welcome @drosarius, who has contributed new support for Arista VXLAN!
New features and noteworthy improvements
- Arista: support for new vlan to vni mapping syntax (#8197, contributed by @drosarius!)
- JunOS: Add definition for junos-smtps (#8161, thanks @jhammond-git!)
- PAN: Palo Alto firewall application definitions are now translated from real device database, so they do not need to be manually curated (#8178)
- SONiC: DNS servers are now extracted from resolv.conf (#8208)
- SONiC: SNMP communities and ACL linkages are now extracted from snmp.yml (#8214)
Other noteworthy enhancements include:
- Jackson: upgrade Java dependency for CVE-2020-36518 (#8201)
batfish/allinone
container updated for CVE-2022-0492 and for CVE-2022-1055 (batfish/batfish
unaffected)- FRR: Fix spurious warnings for BGP peer groups (#8157)
- IOS: AAA server group support more syntax and reference tracking (#8215)
- IOS-XR: fix spurious undefined references for interfaces (#8194)
- JunOS: fix quotes in
annotate
tool output (#8205) bf.q.searchRoutePolicies
: don't build string unnecessarily, fixing a possible crash (#8167, thanks @mxsasha!)
Updates and Deprecations
鈿狅笍 As we continue to work on Layer-1 topology, Batfish will be increasingly strict about enforcing correct input. For example, Layer-1 edges should only be between physical interfaces; future versions of Batfish will ignore (rather than honor) Layer-1 edges where one endpoint is, say, an FRRbond
interface or an Aristaport-channel
.鈿狅笍 We are also improving validation for layer-2 configurations (e.g., untagged frame delivery to subinterfaces), so mocked-up configs may experience changes as Batfish becomes more accurate.鈿狅笍 For developers, we now only support development with Bazel. See the updated instructions on the Batfish wiki
Installation
To upgrade your local Docker image, run docker pull batfish/allinone
then follow the standard instructions to get started.