In November 2022 Tufin has released TufinOS 3.100.
This version is available for download now in the Tufin Portal (authentication required). The download link offers an update package as well as a package for a clean install.

  • Hardening is improved with this version:
    • The user "root" is locked by default in new installations for TOS Aurora. An unlock is possible by setting a password after the installation is complete
    • A reset of the root password is possible now by pressing "e" during the system start. Details about resetting the root password can be found at Tufin Knowledge Center
    • Approved MAC algorithms are configured according to item 5.2.11 of CIS CentOS Linux 7 Benchmark
      If still TOS Classic is used, the ciphers need to be updated in /etc/ssh/sshd_config
  • RPMs are updated, now based on CentOS 7.9 (18.10.2022)
  • The kernel has been updated to version 3.10.0-1160.76.1.el7.x86_64
  • The RPM fio has been added for storage I/O performance check
  • For TOS Aurora, the Wireguard driver has been updated to version 1.0.20220627

Some updates included in this version affect TufinOS Classic only.

  • PHP has been updated to version 7.4.32-1.el7
  • PostgreSQL 11 has been updated to 11.17-1PGDG.rhel7

 

 

 

Tufin has published TufinOS 3.81. An upgrade to this version is recommended since it fixes a potential vulnerability (authentication required) in NSS during certificate verification.
When upgrading please consider the supported upgrade path as well as the minimum requirements regarding the TOS version.

 

 

 

 

TufinOS 2.x is based on CentOS 6.x. For this version support has reached its EOL (End of Life), so no more support for CentOS 6.10 and below is provided, not even security patches. Therefore Tufin has published TufinOS 3.x, based on CentOS 7 that will be supported until June 30th, 2024.

Besides this, if you want to upgrade to TOS 20-2 you need to upgrade TufinOS also.

So please prepare this upgrade carefully. Some information about it can be found on Tufin's web site, later on we will also provide some information.

 

 

 

In November 2021 Tufin has released TufinOS 3.71. This version is available for download now in the Tufin Portal (authentication required).
Upgrading to this version requires an installed TufinOS on the machine. A clean installation is currently possible for TufinOS 3.5x and 3.60 only. From here a direct upgrade to TufinOS 3.71 is possible.

The most important features and updates are:

  • Apache HTTPD has been updated to version 2.4.6
  • PHP has been upgraded from PHP 5.4 to PHP 7.4

Even if there are no new CVEs fixed as it has been done with TufinOS 3.70, this update is recommended.
After having installed the upgrade, a restart of the httpd is necessary. This can be done by the command

   systemctl restart httpd


Hints:

  • Upgrading to TufinOS 3.71 requires at least one of these versions of the Tufin Orchestration Suite (so it might be necessary to upgrade TOS also):
    • R21-1 HF3.2 and above
    • R21-2 HF1.5 and above
    • R21-3 RC1 and above

  • Please keep in mind, that with an upgrade of TufinOS, the configuration of Apache, as well as SSH, might be altered back to default values. So please check your individual configuration before and after the upgrade.

 

Please be aware that only TufinOS 3.50 to 3.71 are supported by Tufin now, i.e. older versions will also get no security-related updates.
If you still use TufinOS 2.x, the only supported version is TufinOS 2.23. In this case, an upgrade is strongly recommended since TufinOS 2.x is based on CentOS 6.x (which is supported no more).


Additional information about Security Fixes included in TufinOS is available. When hardening TufinOS please regard hints given by Tufin.

 

 

 

 

In February 2020 Tufin has released TufinOS 2.21. This version is available for download now in the Tufin Portal (authentication required). TufinOS 2.21 is available as upgrade package only (tufinos-update-2.21-1395.run.tgz). So if you need to set up a new system, installing TufinOS 2.18 from ISO or USB is necessary before upgrading to 2.21.

New features and updates of TufinOS 2.21 are (e.g.):

 

  • PostgreSQL 11 (11.6-1PGDG.rhel6) has been added
  • ncdu and tmux rpms from EPEL have been added
  • Updated RAID driver for ASR-8805 to version 1.2.1.58012 (GEN-3.5)
  • Updated Microsemi Adaptec ARCCONF Command Line Utility to version 3.03.23668 (GEN-3.5)
  • Updated PostgreSQL 9.4 to version 9.4.25-1PGDG.rhel6
  • Updated PHP to version 5.6.40-1.w6
  • Additionally 35 RPMs based on the latest version of CentOS 2.19 have been updated

 

Please be aware that only TufinOS 2.19 and 2.21 are supported by Tufin now, i.e. older versions will also get no security related updates.
Additional information about Security Fixes included in TufinOS 2.21 is available. When hardeing TufinOS please regard hints given by Tufin.

 

Important hint:
Be sure that your TOS version is compatible with the new release of PostgreSQL! You should check it in Tufin Knowledge Center before trying to upgrade.