NETLAB+ Version 22 is a major upgrade that is built on a new Linux distribution. The focus of this upgrade is security hardening to meet the latest industry standards and benchmarks. Version 22 has been validated by a third-party penetration testing firm.

Current NETLAB+ users of version 21.X.X and earlier: Please see the NETLAB+ Data Transfer Utility Guide for details on the required procedure to upgrade your NETLAB+ system to version 22.X.X.

Current Production Release Software Version for NETLAB+: 22.0.10
This applies to all users who have updated their systems to version 22+. NDG recommends all customers run the current production release, with the exception of schools participating in the evaluation of a beta release.

### 22.0.10 * Status: **Production** * Released: **2022-07-14** * Changes Since: **22.0.8** #### Bug Fixes * Applied package and security updates. #D706 * Fix continuous restarts of td-agent-bit if log export server is not reachable. #D686 * Postgresql must be started before td-agent-bit. #D684 * Lets Encrypt not properly configured by Data Transfer Utility. #D693 * Lets Encrypt cannot renew without contact email. #D711 * Firewall setup is not excluding inactive API keys. #D696 * Python SDK fails with ECC keys (workaround). #D697 * Webserver stops logging after log rotation. #D702 * Fix errors in td-agent-bit cgi.lua script. #D673 * Log rotation required for td-agent-bit log. #D700 * Fix permission for ve-logperm-check. #D685 * Suppress successive logging of vsphere connection failures. #D678. --- ### 22.0.8 * Status: **Alpha** * Released: **2022-06-23** #### New Features * Data Transfer Utility - feature allows new 22.0.X virtual machine to accept a one-time data transfer from a 21.4.X system. #D632 * Added an option under the Webserver Security interface, to enable and disable CSRF Protection. #D667 #### Bug Fixes * Increased the duration that NETLAB+ will wait for Cisco serial interface modules to boot from 3 to 5 minutes. #2111, #D348 * Lab and pod designer not working, undefined subroutine message. Added a missing use declaration for Netlab::SysTable to #D677 * Made a few minor language corrections to the HSTS webserver security interface. #666 * Set Retry_Limit on td-agent-bit output plugins. #689 --- ### 22.0.7 * Status: **Alpha** * Released: **2022-03-23** #### New Features * Align system configuration to meet CIS security benchmarks for Debian 10. * Improve software update process for faster security updates. * Support TLS 1.3 and update ciphers to meet government requirements. * Overhauled logging system and log search capabilities. * Ability to export system logs to external fluentd server (structured data) or syslog server (unstructured data). * Ability to view logs in real-time. * Implementation of auditd, instrusion detection (AIDE), and antivirus (ClamAV) per CIS guidelines. * Ability to enable Strict Transport Security (HSTS). * Local account usernames are now case insensitive. * Administrator defined password policies for local accounts. * Support IPv6 on public interface as required for government compliance. * Disks are automatically sized to recommended values on OVA install. * Serve all resources locally (do not rely on CDN for fonts, etc.) * Updated Installation and Administrator guides. #### Work In Progress * Data transfer from version 21 to version 22 system. * Multifactor Authentication for local accounts using TOTP (authenticators) and FIDO2 (hardware keys). * Customizable time syncronization sources (NTP). #### Upgrading from Version 21 NETLAB+ Version 22 is built on a new Linux distro and therefore requires a new OVA deployment. * Version 22.0.7 is released only for testing of **new deployments** by designated beta testers. * Version 22.0.7 **will not be capable of data migration** of data from NETLAB+ systems running 21.X versions. * Data migration from NETLAB+ version 21.X systems will be available in version 22.1.0. This version will provide a one-time option to choose between a New Deployment or Data Migration from a 21.X system. #### Caveats * The NETLAB+ virtual machine is not FIPS 140-2 compliant as this requires testing against specific hardware. Version 22.0.7 is based on [OpenSSL 1.1.1]( * NETLAB+ does not natively encrypt data at rest. However, the entire virtual machine can be encrypted. Please consult the VMware vSphere documentation. ---

Release Notes for Earlier NETLAB+ Versions

Please refer to Release Notes and Known Issues - NETLAB+ version 21.x.x and earlier.