Skip to content

Batfish 2022-04-06
Compare
Choose a tag to compare
@dhalperi dhalperi released this 07 Apr 00:32
v2022.04.06
b63b309
This commit was created on GitHub.com and signed with GitHub鈥檚 verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Release notes 馃枛馃徎

This release brings security improvements for Java dependencies and container-level vulnerabilities. In addition, there are minor bug fixes and feature improvements.

We'd also like to welcome @drosarius, who has contributed new support for Arista VXLAN!

New features and noteworthy improvements

  • Arista: support for new vlan to vni mapping syntax (#8197, contributed by @drosarius!)
  • JunOS: Add definition for junos-smtps (#8161, thanks @jhammond-git!)
  • PAN: Palo Alto firewall application definitions are now translated from real device database, so they do not need to be manually curated (#8178)
  • SONiC: DNS servers are now extracted from resolv.conf (#8208)
  • SONiC: SNMP communities and ACL linkages are now extracted from snmp.yml (#8214)

Other noteworthy enhancements include:

  • Jackson: upgrade Java dependency for CVE-2020-36518 (#8201)
  • batfish/allinone container updated for CVE-2022-0492 and for CVE-2022-1055 (batfish/batfish unaffected)
  • FRR: Fix spurious warnings for BGP peer groups (#8157)
  • IOS: AAA server group support more syntax and reference tracking (#8215)
  • IOS-XR: fix spurious undefined references for interfaces (#8194)
  • JunOS: fix quotes in annotate tool output (#8205)
  • bf.q.searchRoutePolicies: don't build string unnecessarily, fixing a possible crash (#8167, thanks @mxsasha!)

Updates and Deprecations

  • 鈿狅笍 As we continue to work on Layer-1 topology, Batfish will be increasingly strict about enforcing correct input. For example, Layer-1 edges should only be between physical interfaces; future versions of Batfish will ignore (rather than honor) Layer-1 edges where one endpoint is, say, an FRR bond interface or an Arista port-channel.
  • 鈿狅笍 We are also improving validation for layer-2 configurations (e.g., untagged frame delivery to subinterfaces), so mocked-up configs may experience changes as Batfish becomes more accurate.
  • 鈿狅笍 For developers, we now only support development with Bazel. See the updated instructions on the Batfish wiki

Installation

To upgrade your local Docker image, run docker pull batfish/allinone then follow the standard instructions to get started.

Contributors

mxsasha, drosarius, and jhammond-git
Assets 2