cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

NSO 4.4 Release Note

509
Views
0
Helpful
0
Comments

NSO 4.4 is now downloadable, quotable, orderable, and ready for shipping.

Customers can download the new version from Download Software - Cisco Systems. The release is available from the Software Jive subspace if you are an NSO ATP partner.

Customers are recommended to upgrade to the latest NSO release at least annually, in order to take advantage of the latest features, and to remain on a supported version, as well as benefiting from the latest security updates.

The End-of-Life (EOL) policy is available at http://www.cisco.com/c/en/us/products/eos-eol-policy.html. Cisco NSO EOL notifications are at http://www.cisco.com/c/en/us/products/cloud-systems-management/network-services-orchestrator/eos-eol-notice-listing.html

This release includes the following changes:

NSO-4.4 [March 20, 2017]

========================

Removals:

   - ncs: Previously deprecated leaf device-modifications in service-data

     grouping has been removed. Action get-modifications should be used

     instead of it.

Non-backwards compatible enhancements:

   - ncs: In many cases it takes a long time to generate the changeset

     towards the device (especially for CLI devices) due to large

     configurations and/or quadratic dependency calculations. This means

     that in systems where there is a high demand on throughput we would

     like to calculate the changeset outside of the transaction lock. This

     gives us the benefit that the lock could be released almost as soon as

     the service code has been executed. It also gives us the benefit of

     being able to support 'from' (pre-commit running) and 'to' (running)

     transactions leveraged by the Network Element Drivers, no-overwrite

     feature and reverse diff calculation if the device fails in the queue.

     The key enabler to support these cases mentioned above is to allow

     different views of the database to live beyond the commit. This is

     implemented by keeping a snapshot database of the configuration tree

     for devices and store changesets towards this snapshot database on a

     per device basis. The snapshot database is updated when a device in the

     queue has been processed (typically when a queue item has been

     processed). This snapshot database is stored on disk for persistence

     (the S.cdb file in the cdb directory).

     In this scheme the snapshot database always represents the 'from'

     (pre-commit running) transaction. The changeset towards the device is

     the 'to' (running) transaction. When the device is processed the

     changeset is applied to its backend, the snapshot database. If the

     queue item or device has been removed from the queue the changeset

     still needs to be applied in the order it would have been executed so

     that the snapshot database still reflects how running looked at a

     certain point in time. Even when a commit with no changes bound for the

     commit queue is performed the snapshot database needs to be updated to

     be in sync with CDB.

     The snapshot database could be populated in two ways. This is

     controlled by the /ncs-config/cdb/snapshot/pre-populate setting in the

     ncs.conf file. This parameter controls if the snapshot datastore should

     be pre-populated during upgrade. Switching this on or off implies

     different trade-offs.

     If set to 'false', NCS is optimized for using normal transaction

     commits. The snapshot database is populated in a lazy manner (when a

     device is committed through the commit queue for the first time). The

     drawback is that this commit will suffer performance wise, which is

     especially true for devices with large configurations. Subsequent

     commits on the same devices will not have the same penalty.

     If 'true', NCS is optimized for systems using the commit queue

     extensively. This will lead to better performance when committing using

     the commit queue with no additional penalty for the first time commits.

     The drawbacks are that upgrade times will increase and an almost

     doubling of NCS memory consumption.

   - ncs: The no-overwrite now takes precedence over various kinds of

     check-sync flags (out-of-sync-commit-behaviour=accept,

     use-transaction-id=true, and commit no-out-of-sync-check). The

     no-overwrite could now also be enabled by default on a per device level

     with /devices/device/no-overwrite/enabled-by-default

     (Issue tracker: #24328)

   - ncs: NCS will now give an error on unknown attribute is encountered in

     a service or config template. This is done to prevent typos and logical

     mistakes e.g. when NETCONF 'operation' attribute is used instead of

     'tags' attribute.

     (Issue tracker: #24428)

   - ncs: NSO is now able to issue RPC requests to a group of devices.

     Added /devices/device-group/rpc

     (Issue tracker: #24725)

   - ncs: For devices the with want-reverse=true the reverse diff is now

     sent when the device fails in the commit queue.

   - ncs: The ncs-setup command is no longer included in a "system install",

     since it is not usable in such an installation.

     (Issue tracker: #26357)

   - ncs: The --etc-setup option has been removed from the ncs-setup command

     - this functionality is subsumed by the --system-install option to the

     installer.

   - JSON-RPC: The default for /ncs-config/webui/audit has been changed to

     "false".

     (Issue tracker: #21655)

   - Python API: Python 3 support has been improved. NCS now requires at

     least Python 3.4. In earlier releases only Python 3.3 was supported

     (even though the docs claimed otherwise).

     (Issue tracker: #24887)

   - Python API: Assigning binary leafs using maagic now requires the value

     to be in the same format as is  returned when reading the value.

   - Toolchain: The version of pyang that is included in the release no

     longer checks the tailf-specific statements.  Note that this does not

     affect the ncsc compiler.

   - Toolchain: By default, the YANG source module and submodules files are

     now included in the .fxs file by the compiler, when the module is

     exported to NETCONF or RESTCONF.  This means that it is no longer

     necessary to copy the YANG files to the loadPath in order to use

     <get-schema>.  If a YANG file is found both in the loadPath and in the

     .fxs file, the file in the loadPath is used by the system.

     The command line flag --no-yang-source can be used to not store the

     YANG source in the .fxs file. Also, ncsc --strip-yang-source can be

     used to remove the YANG source from an .fxs file.

Enhancements:

   - ncs: NCS now ensures that validation of service input parameters is

     done before the create code is called.

   - ncs: It is now possible to manually manipulate the list of device's

     capabilities during pre-provisioning (before the device is connected

     for the first time). This can be done with the help of new actions

     introduced with this feature:

       - /devices/device/copy-capabilities

       - /devices/device/find-capabilities

       - /devices/device/add-capability

       - /devices/device/capability/remove

     In addition to this it is now possible to configure capability

     profiles under /devices/profiles/capabilities-profile. For detailed

     description of these actions refer to tailf-ncs-devices.yang.

     (Issue tracker: #17466, #19525)

   - ncs: Configurable range of allowed group size, the SSH server responds

     to the client during a "diffie-hellman-group-exchange". The range will

     be the intersection of what the client requests, if there is none the

     key exchange will be aborted.

     (Issue tracker: #18489, #22149)

   - ncs: A new YANG extension, tailf:ned-default-handling ''mode'', has

     been added. If used it will override the NED's native default handling

     mode for that leaf.

     (Issue tracker: #25189)

   - ncs: The kickers are enhanced with a notification-kicker that makes it

     possible to trigger on received netconf notifications. For more on this

     see the development guide.

   - ncs: New Yang annotation: tailf:ned-ignore-compare-config that can be

     used to remove a changed leaf from compare-config.

     For the tailf:aes-cfb-128-encrypted-string and the

     tailf:des3-cbc-encrypted-string type, proper decryption/encryption will

     be made of the data exchanged with a Netconf device.

     (Issue tracker: #25826)

   - ncs: NSO can now make a show command to copy parts of the device

     configuration when doing no-overwrite for CLI and generic devices if

     the NED supports it.

   - ncs: It is now possible to execute commit dry-run outformat native

     without establishing connection to the actual device. NEDs need to

     implement this feature. It is implemented in NSO for NETCONF and SNMP

     devices, while CLI and generic NEDs will by default fall back to the

     previous behaviour which is to establish connection to the device.

     In order to be able to execute commit dry-run outformat native offline

     the implementation for NETCONF and SNMP devices requires the

     capabilities of the device to be known, i.e. /devices/device/capability

     list to contain relevant entries. This list is populated when

     connecting to the device for the first time, or it can be manually

     populated with add-capability or copy-capabilities actions. Other NEDs

     (CLI or generic) implementing this feature might not have this

     requirement, or have other requirements.

     (Issue tracker: #25280)

   - ncs: It is now possible to set the rollback "Label" and/or "Comment"

     via MAAPI. See Maapi.setLabel(), Maapi.setComment(),

     Maapi.candidateCommitInfo(), and Maapi.candidateConfirmedCommitInfo().

     (Issue tracker: #25510, #26378)

   - ncs: The information returned by Maapi.listRollback() now includes the

     "Label" and/or "Comment" for each rollback.

     (Issue tracker: #26378)

   - ncs: Previously out-of-band changes for a non-transactional device with

     a CLI or generic NED could be overwritten when a commit towards the

     device failed and the reverse diff-set was sent to the device. This has

     now been fixed.

   - ncs: It is now possible to specify a "guard" for an insert operation on

     ordered-by user list and leaf-list in service or API templates. A guard

     identifies a range of elements in ordered-by user list or leaf-list so

     that if all of the target elements to be inserted already exist in the

     same order within this range, then their current position is preserved.

     This is useful to avoid reordering a list or a leaf-list every time a

     service is re-deployed, while being able to impose constraints on

     elements' position in the list or leaf-list.

   - ncs: For services that also have a plan, there is a new container

     error-info in the plan container (see tailf-ncs-plan.yang). If a

     transaction (updating the service) fails then the plan data "failed"

     leaf is set and a reference to the service-log entry can be found in

     the error-info container.

   - ncs: The speed of the sync-from operation for CLI NEDs has been

     improved. Improvements are mainly for large configurations and has been

     measured to range from reducing the execution time by half to a fourth

     but the improvement varies greatly between different NEDs and

     configurations.

   - ncs: Memory usage and processing time when a large commit is done for a

     model with many 'when' expressions has been optimized.

     (Issue tracker: #27185, #27210)

   - CDB: Added CDB_GET_MODS_SUPPRESS_DEFAULTS flag for

     cdb_get_modifications(), see confd_lib_cdb(3) for details.

     (Issue tracker: #26542)

   - CLI: Do not print 'tailf:cli-show-obu-comments' comments if a list is

     currently being created.

     (Issue tracker: #24734)

   - CLI: Optimization to tailf:cli-diff-dependency. Making deletions faster

     by not evaluating unnecessary dependencies.

     (Issue tracker: #25131)

   - CLI: When the difference between newly loaded cfg file and the one

     existing on the device contains only comment, running 'show

     configuration' caused an internal error. The comment shall be treated

     as configuration difference in this case. This has now been fixed.

   - CLI: The southbound interfaces of the CLI are now started already in

     phase1. The northbound interfaces start in phase2 as before.

     (Issue tracker: #26023)

   - Cluster: Upgrade performance has been improved on service node in

     cluster.

     (Issue tracker: #25860)

   - Documentation: Clarified documentation on 'tailf:meta-data'.

     (Issue tracker: #26511)

   - JSON-RPC: The method 'set_value' didn't support native JSON types for

     the 'value' parameter. This is now supported.

     (Issue tracker: #26405)

   - NETCONF: It is now possible to invoke RPCs/actions on remote NETCONF

     devices with output parameters containing an anyxml node.

   - Python API: It was not possible to e.g. call an action from inside

     another action or service if they were both registered to the same

     ncs.dp.Daemon. This has been fixed.

   - Python API: It was possible to assign random attributes to a Maagic

     Node instance. This made it hard to spot code mistakes where attribute

     names were misspelled. Assigning an unknown attribute now results in a

     raised Exception.

   - RESTCONF: Updated RESTCONF documentation to reflect current

     implementation, based on RFC 8040. Also add sections briefly explaining

     capabilities, schema resource, and tailf extensions.

   - Smart Licensing: The NSO smart licensing integration now supports

     configuration of proxy servers.

   - Toolchain: ncsc now accepts deviation of unknown extension statements,

     and checks the grammar for validity of deviations of known extensions.

     (Issue tracker: #26728)

   - Web Server: The SSL server has been updated to use a stronger default

     prime number for Diffie-Hellman key exchange.

     (Issue tracker: #26779)

Non-backwards compatible corrections:

   - ncs: Previously you could get an internal error when configuring a

     timeout value with a very high number and then performing an action

     where this value is used, e.g. configuring the read-timeout value and

     then connecting to the device. This has now been fixed.

   - ncs: When a device supports transaction id we have the possibility to

     detect out of band changes. This is used in normal commits. Before this

     correction out of band changes were ignored when the commit queue was

     used. To get the old behavior set the out-of-sync-commit-behavior in

     the configuration:

     set devices device XXXX out-of-sync-commit-behaviour accept

   - Java API: NavuList.elem() method used to throw a runtime

     StringIndexOutOfBoundsException when the argument was empty string.

     This has been changed, so now it throws a NavuException instead.

     (Issue tracker: #26621)

   - Java API: Japi - CdbSubscription.getModification() methods only

     accepted one CdbGetModificationFlag as an argument instead of an

     EnumSet<CdbGetModificationFlag> to be able to set several flags in

     combination. This has been fixed and the old methods have been

     deprecated.

     Also the result of getModification() did not correctly represent

     deleted list entries which should be represented as a

     ConfXMLParamStartDel instance followed by a ConfXMLParamStop in the end

     of the listelement. This constitutes the backward incompatible change.

     (Issue tracker: #26542)

   - Python API: Creating or accessing a maagic list element with a single

     string key when the key value contained a space character wasn't

     possible without escaping the space. This has been fixed.

     (Issue tracker: #25282)

   - Toolchain: The treatment of backslash in double quoted strings in YANG

     modules has changed.  In YANG 1.1, it is illegal to have any character

     except 'n' 't' '"' or '\' immediately after the backslash.  In YANG 1

     this is a warning (see

     https://www.rfc-editor.org/errata_search.php?eid=4911)

     The ncsc compiler now detects this and gives a warning if such a

     string is found in a YANG version 1 module, and an error for a YANG

     version 1.1 module.

   - Web Server: Cipher suites using RC4 are no longer supported for the

     SSL/TLS server, since this algorithm is not considered secure.

Corrections:

   - ncs: A 'when'-expression could cause unsuccessful deletion of data

     during rollbacks. This has now been fixed.

   - ncs: A corrupt candidate (read-write mode) DB caused an internal error

     during startup. This has now been fixed.

     (Issue tracker: #24878)

   - ncs: Re-deploying a service using a NED having the default handling

     mode 'report-all' would in some cases cause the device to be out of

     sync. This has been fixed.

     (Issue tracker: #25189)

   - ncs: When using commit queues from JSON RPC and specifying sync the RPC

     would not wait until the transaction was done. This has been fixed.

     Also, if there were any errors when communicating with some devices

     they would not be reported, nor would they be displayed in the CLI when

     executing 'commit commit-queue sync'. This has been fixed. Also, the

     default behavior for commit queues was to perform an unlimited number

     of retries when a transient error occurred when communicating with a

     device. A new setting called

      devices global commit-queue connection-failure-reconnect-retries

     has been introduced to control this behavior. The default is

     'unlimited'. Also, any non-transient errors that occured when

     communicating with a device that initially could not be reached due to

     transient errors, would be silently ignored and the commit queue system

     would continue to try to reach the device. This has been fixed.

   - ncs: The rename command could fail if a set-hook was invoked creating

     node(s) that are currently being created by the rename command itself.

     This has now been fixed.

     (Issue tracker: #25519, #26634)

   - ncs: Previously NCS failed to re-deploy or un-deploy a service that had

     made changes to a leaf-list which through a schema upgrade was changed

     to a leaf of the same type. This has now been fixed.

     (Issue tracker: #26215, #26427)

   - ncs: When connecting a new HA slave and at the same time doing a

     controlled shutdown (e.g. ncs --stop) of the new to-be-slave, we could

     end up sending faulty synchronization data to the master node which

     could lead to a dead-lock in the master node. This has been fixed.

     (Issue tracker: #25908)

   - ncs: A 'choice' statement with a mandatory 'case' located beneath a

     'when' statement could cause an internal error. This has now been

     fixed.

     (Issue tracker: #26397)

   - ncs: Issuing certain commit queue actions would lead to an internal

     error in none or slave HA mode. This has now been fixed.

   - ncs: If NCS was started in a directory with frequently changing

     contents such as /tmp, it could eventually crash due to filling up its

     "atom table". This has been fixed.

     (Issue tracker: #26516)

   - ncs: If a data model had a symlink to a node that was augmented by

     another model, the augmented nodes would in some cases not appear under

     the symlink.  This bug has been fixed.

     (Issue tracker: #26689)

   - ncs: Removed spurious debug output from 'ncs_cmd'.

     (Issue tracker: #26724)

   - ncs: Previously error messaged when doing move operations on a Juniper

     devices was ignored. This has now been fixed.

     (Issue tracker: #26823)

   - ncs: NSO could sometimes fail during upgrade if there was inactive

     configuration to be upgraded. This has been fixed.

     (Issue tracker: #26794)

   - ncs: Calling the action "packages reload" via MAAPI (e.g. using the

     Python API) without providing input parameters resulted in an internal

     error. This has been fixed.

     (Issue tracker: #26697)

   - ncs: Fixed bug where setting

     /alarms/control/max-status-change-entries-per-alarm to 0 would generate

     a harmless error message.

   - ncs: When using dry-run for the device actions sync-to and sync-from

     the action ignored the dry-run input parameter if the outformat was not

     specified. This has now been corrected. The default cli format is used

     in this case.

   - ncs: An error was introduced in NSO 4.3 where RPC errors from Juniper

     devices was ignored. This has now been fixed.

     (Issue tracker: #27192, #27065, #26966)

   - ncs: Previously when doing an XPath query through a JSONRPC request and

     specifying a context node with an empty key an internal error would

     occur. This has now been fixed.

     (Issue tracker: #27063)

   - ncs: During a deep-check-sync operation NSO could complain about failed

     'when' expressions in an internal transaction used to evaluate the

     result. This has been fixed so the 'when' expression are not checked

     due to temporary nature of such transaction.

     (Issue tracker: #26973)

   - C-API: If tailf:meta-data was used on the first toplevel node in a YANG

     module, the loaded schema would have a pointer to invalid data for the

     meta-data. This has been fixed.

     (Issue tracker: #26839)

   - C-API: The confd_ha_connect() function could in some cases write a NUL

     character outside an array on the stack. This has been fixed.

     (Issue tracker: #26979)

   - CDB: Fix race condition for transactions involving *both* config true

     and false data.  Transactions involving only config true data were not

     affected.  The race condition could lead to CDB ending up in a hung

     state and a transaction commit never returning.  A lock for the

     operational part of CDB was partially and prematurely removed and other

     transactions waiting for the lock were never processed.

     Another side effect of the race condition was that some combinations

     of transactions, e.g., starting a new transaction in a subscriber might

     actually succeed (due to a lock being released prematurely), where it

     should not. This might affect existing code.

     To decrease the risk of deadlock for transactions involving

     operational (config false) data, the lock taking for the operational

     part of CDB has been moved to the commit, resulting in the lock being

     held for a shorter duration. Locks for the operational part of CDB have

     also been made (somewhat) more fine grained, so that a transaction

     writing only in one namespace will not lock the whole operational part

     CDB. Previously this might have been the case, depending on where in

     the tree data was written.

     The typical use-case where this fix can have an effect is with CDB

     subscribers. It is known that writing config true data to CDB (using

     Maapi) will deadlock if executed before the CDB_SUBSCRIBE_DONE call.

     There is now a risk for the same deadlock for config false data (using

     CDB or Maapi). To be safe all data written by a CDB subscriber should

     be done after the CDB_SUBSCRIBE_DONE call and in an separate thread.

     The recommendation is to use Kickers instead of CDB subscribers. Kicker

     are safe in respect of this deadlock scenario.

   - CDB: Fix bug when setting an operational choice using MAAPI. Changing

     the case value did not work as intended when using an ordinary

     transaction (allowing writes to both config true and false data).

     Using an operational (config false) only transaction was not affected.

   - CLI: When doing package upgrading, and then "commit dry-run outformat

     cli", an error was encountered in certain cases. This has been fixed.

     (Issue tracker: #17605, #20971, #24538, #25131, #26103, #25639)

   - CLI: Auto completion in the CLI could miss displaying a <cr> or other

     leafs when combining empty leafs with sequence commands. This has been

     fixed.

   - CLI: Add missing <cr> for '?' when displaying completion for leaf-list

     type.

     (Issue tracker: #22307)

   - CLI: Fixed internal error in the CLI, that appeared when

     'tailf:cli-flatten-container' was used and then

     'tailf:cli-drop-node-name' was used in a child leaf.

   - CLI: Description for the 'display' pipe 'service-meta-data' was

     incorrect. This has been fixed.

   - CLI: Combining lists with tailf:cli-sequence-commands and

     tailf:cli-compact-syntax the CLI could miss printing out some data

     nodes. This has been fixed.

     (Issue tracker: #25367)

   - CLI: The extension 'tailf:show-obu-comments' would sometimes not make

     NEDs change the order of lists. This has been fixed.

     (Issue tracker: #24289)

   - CLI: Japanese characters in error-message got corrupted. This has now

     been fixed.

     (Issue tracker: #26764)

   - CLI: Disallow empty string as a command when using abbreviated commands

     in the CLI.

     (Issue tracker: #26755)

   - CLI: The performance of the CLI caching that was introduced has

     degraded the overall performance of the CLI. This has been fixed.

   - CLI: When giving a *leaf* in a list the same name as the parent list,

     the CLI pipe target 'display xml' would not work properly. This has

     been fixed.

     (Issue tracker: #27056)

   - Cluster: NCS cluster service nodes left open NETCONF sessions when

     using dry-run. This has been fixed.

     (Issue tracker: #25400)

   - Cluster: If NSO was set up to run in cluster mode (i.e. when

     /cluster/remote-node list is not empty) and packages reload was

     initiated while NSO is running, then it would fail with "subagent

     error". This has been fixed.

   - Documentation: Corrected typo in kicker documentation.

     (Issue tracker: #26887)

   - Java API: Japi - Navu navigation over a choice with an empty case

     yielded a NullPointerException. This has been fixed.

     (Issue tracker: #26422)

   - Java API: Setting a leaf or leaf-list to a value containing unicode

     characters could fail with internal error. This has been fixed.

     (Issue tracker: #27066)

   - JSON-RPC: When a list had a key of type leafref the method

     'get_leafref_values' didn't always return the correct values. This has

     been fixed.

     (Issue tracker: #24557)

   - JSON-RPC: When calling "get_schema" with the option

     "evaluate_when_entries" set to true, the resulting

     "evaluated_when_entry" attribute was sometimes set to true when it

     shouldn't. This has been fixed.

     (Issue tracker: #25572)

   - JSON-RPC: When a list had a key of type leafref the method

     'get_leafref_values' didn't always return the correct values. This has

     been fixed.

     (Issue tracker: #26146, #26611)

   - JSON-RPC: Re-added possibility to receive "new_user" and "del_user"

     messages on the Comet channel when doing "subscribe_messages".

     (Issue tracker: #26668)

   - JSON-RPC: When calling an action through the 'run_action' method and

     the action was broken in such a way that it returned something other

     than was specified in the yang file, the session would be terminated

     and all subsequent calls on that session would fail (in the WebUI you

     would be logged out). This has been fixed.

   - NETCONF: If a NETCONF device only advertised YANG 1.1 modules to NCS,

     NCS would fail to connect to the device with the error:

     Device <dev> does not have a Network Element Driver registered

     This bug has been fixed.

   - NETCONF: A leaf of type empty augmented from another module into the

     'input' of an rpc caused a nortbound NETCONF session to terminate, and

     the same for an action was delivered to the callback as an empty

     container (i.e. with begin/end tags). These bugs have been fixed.

     (Issue tracker: #27057, #27068)

   - Python API: Iterating over a maagic container node didn't work and left

     the user with an error message that was hard to understand. This has

     been fixed by making all maagic nodes with children iterable.

     (Issue tracker: #26514)

   - Python API: A maagic Enum or Case could not be compared using the != or

     <> operators. This has been fixed.

     (Issue tracker: #26614)

   - Python API: When enabling IPC access check in ncs.conf packages written

     in Python didn't work. This has been fixed.

     (Issue tracker: #27279)

   - Python API: When a python service is changed or re-deployed the back

     pointer and reference counter was lost. This has now been corrected.

     To correct this for already instantiated python services do:

     request /path-to-python-service * re-deploy

     If the '*' is not accepted as input the service YANG file needs to be

     updated by importing the tailf-common module:

     import tailf-common {

     prefix tailf; }

     and add the tailf:cli-allow-range annotation to the key leaf node of

     the service.

   - REST API: If the candidate datastore is enabled and also the running

     datastore is writable (aka writable running), the candidate is a

     separate datastore which might be out-of-sync or empty. This would

     result in empty results or missing values from the unified datastore.

     To fix this, GET requests to the unified datastore now always query

     the running datastore even when candidate and writable running are

     enabled.

   - REST API: REST/RESTCONF may now return multiple error messages.

   - REST API: REST now returns more diversified error codes and messages at

     action failures.

     (Issue tracker: #26291)

   - REST API: If RESTCONF was enabled, but not the legacy REST API,

     accessing the resource /restconf/data/ietf-yang-library:modules-state

     would result in a 500 internal error.  This bug has been fixed.

   - REST API: After a package reload, the REST server would fail to

     correctly format some error responses.  This bug has been fixed.

   - RESTCONF: Fixed erroneous JSON output when depth query parameter was

     used together with containers.

   - RESTCONF: Reloading NCS configuration did not pick up RESTCONF

     configuration changes, this has now been fixed.

     (Issue tracker: #26371)

   - RESTCONF: If the candidate datastore is enabled and also the running

     datastore is writable (aka writable running), the candidate is a

     separate datastore which might be out-of-sync or empty. This would

     result in empty results or missing values from the unified datastore.

     To fix this, GET requests to the unified datastore now always query

     the running datastore even when candidate and writable running are

     enabled.

     (Issue tracker: #26681)

   - RESTCONF: The RESTCONF example had errors in the instructions, these

     are now fixed.

   - Toolchain: Strict ordering of elements in project-meta-data.xml is no

     longer required when using ncs-project.

     (Issue tracker: #26041)

   - Toolchain: The new YANG 1.1 functions "derived-from" and

     "derived-from-or-self" always returned false.  This bug has been fixed.

     (Issue tracker: #26264, #26927)

   - Toolchain: ncsc did not reject some invalid command-line arguments.

     This has been fixed.

   - Toolchain: A newline has been added after printing comments in pyang.

     (Issue tracker: #26484)

   - Web UI: Fixed various compatibility issues for IE9.

     (Issue tracker: #26573)

   - Web UI: Leafrefs pointing to leaf-lists were displayed as standard text

     input. This has now been fixed with a drop down.

     (Issue tracker: #25507)