In addition to fixes for several issues, this release includes the following new features and functionality.
Integrity 9.6 support, including newly-supported DNS records
This version of BlueCat Gateway supports the newly-released Integrity v9.6. In particular, BlueCat Gateway supports the HTTPS, SVCB, and URI resource records, support for which was added to Integrity in v9.6.
HTTPS/SVCB records enable CNAME-like functionality at the zone apex, allowing users to easily delegate authority for a full domain to an alternate domain (AliasMode). HTTPS/SVCB records also support ServiceMode, where service parameters can be configured to provide clients with necessary information for service connection, including supported protocols, IP address hints, and port numbers. URI records map hostnames to URIs, providing a simple and extensible means for identifying a resource.
BlueCat is aware of issues flagged by scans from Quay and other security vendors that appear to indicate possible vulnerabilities in packages used by Gateway and other BlueCat software). BlueCat investigates all issues revealed by these scans.
RedHat bases their ratings on the vulnerabilities described in the National Vulnerability Database (NVD), whose entries take into account all optional functionality in each open source package. However, the Debian packages used in Gateway often exclude experimental and optional components, and are compiled with a bias towards more secure settings. Within the context of Debian and Gateway, this means that many NVD ratings are false positives: the indicated vulnerabilities are never exposed, or are altogether excluded from the product.
Where vulnerabilities do exist, BlueCat regularly releases hotfixes and updates to resolve them. If you have security concerns about BlueCat software, we encourage you to visit the BlueCat Customer Care portal, or contact your BlueCat Care representative.