Release Notes Version 6.6.0.009
Read Before Updating
Before installing any firmware version, back up your configuration and read all release notes that apply to versions more recent than the one currently running on your system.
Before upgrading a virtual machine, Barracuda Networks recommends taking a snapshot of that virtual machine.
Do not manually reboot your system at any time during an update unless otherwise instructed by Barracuda Networks Technical Support. Depending on your current firmware version and other system factors, updating can take up to 10 minutes. If the process takes longer, contact Barracuda Networks Technical Support for further assistance.
Firmware Version 6.6
Enhancements
OpenSSL is upgraded to version 3.0 for enhanced security. [BNADC-15601]
Added support for SameSite cookie attributes under Cookie Security. [BNADC-14885]
The GSLB service now supports the round-robin method to handle requests within the same zone. [BNADC-15474]
IO operations are minimized to improve the Hardware life. [BNADC-14985]
Added support for new SNMP OIDs for Link status, Link utilization, Link errors, Memory Usage, CPU Utilization, CPU Fan Speed, and System Fan Speed. [BNADC-15679]
Fixes
Firmware Version 6.6.0.009
The tcpdump start and stop commands are functioning correctly now in all scenarios. [BNADC-16438]
The FTPS functionality issue affecting manual backups after the upgrade to version 6.6.0.006 has been resolved. [BNADC-16406]
In rare cases, the GSLB service incorrectly transitioned to a down state during server enable or disable operations. This issue has now been resolved. [BNADC-16395]
After upgrading to version 6.6.0.006, the health check fails for HTTPS services configured with the Simple HTTPS Testing Method if the response status code is 401. This has been resolved. [BNADC-16411]
Vulnerability Fix: A critical buffer overflow in CMS AuthEnvelopedData parsing, exploitable via malformed AEAD initialization vectors to cause remote code execution or denial of service, has been fixed in version 6.6. CVE-2025-15467 [BNADC-16478]
Firmware Version 6.6.0.006
The TCP proxy service created with the port range specified in descending order is now handled correctly. [BNADC-15899]
Issue with the server certificate not being updated in the CA bundle after deletion has now been fixed. [BNADC-15886]
Server username under FTP access logs can now be configured with special characters. [BNADC-15680]
In a rare scenario, the data path was interrupted and resulted in logging IPS logs. This has been addressed. [BNADC-15553]
Disabling the Instant SSL service now properly deactivates both its redirect service and the HTTPS service. [BNADC-15324]
The Custom Virtual Interface created on a bonded interface is now handled correctly. [BNADC-15108]
Custom role users can now log in to the ADC web interface after the firmware upgrade. [BNADC-15058]
Attack graphs now show the time according to the configured timezone settings. [BNADC-10084]
nghttp2 versions before 1.61.0 allowed excessive CPU usage due to the unbounded reading of CONTINUATION frames, which is mitigated in v1.61.0 by limiting their number per stream. [BNADC-15859]
Vulnerability Fix: HTTP/2 Rapid Reset Attack vulnerabilities mentioned in CVE-2023-44487 have been addressed. [BNADC-15674] [BNADC-15647]
From firmware version 6., Hardware SSL acceleration will be disabled. SSL functionality will continue to work with the software path. [BNADC-15918]
TLS 1.0 and TLS 1.1 are not supported in the firmware version 6.6. [BNADC-15776]
After upgrading to firmware version 6.6, services using weak ciphers will be disabled. To prevent any service interruptions, administrators are advised to proactively disable weak ciphers before the firmware upgrade. [BNADC-15926]