Summary

Security Package (Spack) versions 2325 through 2340 shipped a set of predefined URL categories that were not intended to be present in those releases. These predefined URL categories are scheduled for official introduction in a future 23.1.X-based VOS release.

If your Versa Director configuration or any device template references one of these predefined URL categories, the configuration commit may fail when the Spack is upgraded to a newer Spack release that no longer contains these categories.

Affected Spack Versions

Spack 2325 to 2340 (predefined URL categories present unintentionally).

Affected Predefined URL Categories

The following predefined URL categories were present in Spack 2325-2340:

  • abused_tld
  • bitcoin_related
  • blackhole
  • brute_forcer
  • command_and_control
  • compromised
  • ddos_attacker
  • ddos_target
  • drive_by_source
  • drop
  • exe_source
  • ip_check
  • p2p_cnc
  • proxy
  • remote_access_service
  • scanner
  • self_signed_ssl
  • tor_node
  • vpn

Impact

If a Director configuration or device template references one of the above predefined URL categories (for example, in a URL Filtering profile or security policy), upgrading the Spack to a newer release that does not contain these categories can cause the configuration commit to fail, because the referenced predefined category no longer exists in the new Spack.

Cause

These predefined URL categories were unintentionally included in Spack 2325-2340. They are planned for official availability in a future 23.1.X-based VOS release. Spack releases after 2340 removed these categories, so any configuration that bound to them while on 2325-2340 now references a non-existent category, breaking the commit.

Workaround / Resolution

  1. Before upgrading the Spack, audit your Director configuration and all device templates for references to any of the predefined URL categories listed above.
  2. Remove or replace any such references in URL Filtering profiles, security policies, and templates.
  3. Commit the cleaned-up configuration, then proceed with the Spack upgrade.
  4. Once a 23.1.X-based VOS release officially introduces these categories, they can be used normally on a matching Spack.

Notes

This is expected behavior of the Spack content change and not a defect in the upgrade process itself. The key precaution is to avoid binding configuration to these predefined URL categories while running Spack 2325-2340.