Cisco Crosswork Network Controller 6.0.3 Release Notes provide critical upgrade information that addresses:
-
bugs fixed in each component after the patch upgrade is complete
-
API changes
-
patch installation workflow and detailed steps.
The Cisco Crosswork Network Controller patches fix key customer found issues and security vulnerabilities.
For additional questions, contact Cisco Customer Experience.
Bug fixes
A detailed list of Cisco Crosswork Network Controller 6.0.3 bugs fixed in each patch are listed below by component version.
Use the Cisco Bug Search Tool to see additional details for selected component bug IDs. The Bugs section in this Release Notes provides information on how to use the tool.
To install fixes for the bugs listed in a component, use the corresponding component patch files (.tar.gz) available on the Cisco Crosswork Network Controller Software Download page and follow the Patch installation workflow step-by-step details.
Bug ID |
Bug description |
---|---|
CSCwk03574 |
While deploying the cluster with ThinProvisioned set to false, the first VM node is deployed with ThinProvisioned |
CSCwm41049 |
Vulnerability org.postgresql:postgresql CVE-2024-1597 reported by Trivy scan |
CSCwk90405 |
MOP process development for leaf certificate renewal in Crosswork Network Controller 6.0.3 |
CSCwj71635 |
Show tech should include all of the certificate validity details |
CSCwj81045 |
Upon migration from CNC 5.0 to CNC 6.0, the error nats server certificate will expire in approximately 5 months |
CSCwk02283 |
Secret collecting certificate information from orchestrator in-memory did not get updated |
CSCwi43048 |
Vulnerable components consul semver |
CSCwi87019 |
Vulnerabilities found in shiro 1.12.0 CVE-2023-46749 |
CSCwk13889 |
Crosswork Network Controller scale error occurs during RESTCONF API cisco-crosswork-segment-routing-policy:sr-policies |
CSCwk38351 |
In Crosswork Network Controller UI, health degraded events are randomly generated for pods |
CSCwj73015 |
In Crosswork Network Controller 6.0.2, after creating an L2VPN using XE devices, all interface ID displays show as invalid |
CSCwk23213 |
In Crosswork Network Controller 6.0 and corresponding CFPs, user is unable to provision a policy with an explicit path where IOS XR version is 7.11.x |
CSCwm38244 |
Crosswork Network Controller stored cross-site scripting (XSS) vulnerability |
CSCwk22991 |
SSH enabled passwords are incorrectly overwritten with password mask |
CSCwj64983 |
Device Lifecycle Management (DLM) allows duplicate device key, causing conflicts with devices |
CSCwj77147 |
Network Device: Incorrect product type and product family for eyrie device |
CSCwj31770 |
The collection job status query needs to be optimized to reduce DB calls |
CSCwj56469 |
Create SYSLOG_COLLECTION jobs are failing |
CSCwk61052 |
Switch device group user setting does not work as expected |
CSCwj76021 |
Workaround to support Health Insights (HI) KPIs for Huawei devices |
Bug ID |
Bug description |
---|---|
CSCwj83189 |
Element Management Functions (EMF) inventory for devices is empty |
CSCwk65491 |
Vulnerabilities observed in 6.0.3 |
CSCwk66939 |
Vulnerabilities observed in CVE-2024-34750 tomcat-embed-core |
CSCwj69215 |
Vulnerable components observed in cxf tomcat |
Bug ID |
Bug description |
---|---|
CSCwj56751 |
Local Congestion Mitigation (LCM) reports results with negative interface utilization |
CSCwk62953 |
Circuit Style Managed (CSM) Policy re-opt operation may fail intermittently with no proper explanation |
CSCwk71120 |
SRv6 policy Interior Gateway Protocol (IGP) paths not decorated in Crosswork Network Controller UI for a topology with consecutive ABR nodes |
CSCwk82277 |
Interior Gateway Protocol (IGP) path may not show up for a chosen SR Policy in Crosswork Network Controller Optimization Engine UI |
CSCwm05152 |
Crosswork Network Controller 6.0.2 RESTCONF GET API to retrieve Crosswork Network Controller Optimization Engine plan file, could intermittently produce an empty plan file |
CSCwk40013 |
Service visualization is not working for the multi key (more than 2 keys) custom model due to service key parsing |
CSCwk13889 |
Crosswork Network Controller scale error appears during RESTCONF API cisco-crosswork-segment-routing-policy:sr-policies |
Bug ID |
Bug description |
---|---|
CSCwk90304 |
YANG model 'When' condition fails to trigger page reload |
CSCwk82235 |
The vertical scroll option is missing on the service creation page |
CSCwk57394 |
Python overlay parser is failing for a service with multiple keys |
CSCwm32607 |
Service visualization is failing due to "/" in interface ports |
Bug ID |
Bug description |
---|---|
CSCwk46487 |
Crosswork Network Controller Optimization Engine's optical performance monitoring (OPM) play to get Link State Packet (LSP) path verification |
CSCwk76230 |
Vulnerabilities found in NCA 4.4.4, 5.0.3,6.0.x - requests 2.22.0, 2.26.0, urllib3 1.25.8, 1.26.10 |
CSCwk77630 |
Vulnerabilities found in jinja 3.0.2 CVE-2024-34064 in 5.0.3 |
CSCwk77844 |
Vulnerabilities found in libyaml 0.2.5 CVE-2024-35329 and others in 6.0 |
Bug ID |
Bug description |
---|---|
CSCwk52283 |
In Crosswork Network Controller 6.0, after a customer created a KPI profile for optical devices, the FEC data is not displayed in the Grafana dashboard |
Bug ID |
Bug description |
---|---|
CSCwj78310 |
In Crosswork Network Controller 6.0.2, the bridge domain state subservice is stuck in init state and shows error: Unable to get feed for Bridge Domain State |
Bug ID |
Bug description |
---|---|
CSCwj49744 |
Vulnerabilities found in spring-framework 6.0.17 CVE-2024-22259 |
CSCwj42800 |
Vulnerabilities found in tomcat 10.1.16 CVE-2024-24549 and others |
CSCwj71377 |
Vulnerabilities found in zookeeper and guava |
CSCwj91073 |
Vulnerabilities observed in coreutils 9.4 CVE-2024-0684 |
CSCwj80191 |
Vulnerabilities observed in netty 4.1.107.Final CVE-2024-29025 |
Bug ID |
Bug description |
---|---|
CSCwk74526 |
Crosswork Network Controller, in both CLI and UI, continues to show different output information for identical pods |
Bug ID |
Bug description |
---|---|
CSCwk23213 |
In Crosswork Network Controller 6.0 and corresponding CFPs, user is unable to provision a policy with an explicit path where IOS XR version is 7.11.x |
Breaking changes
Breaking changes are updates that are not backward compatible with the previous version. They can cause existing software integrations, or upgrades, to fail or behave unexpectedly. Software relying on the old version must be updated to function correctly with the new version.
In Crosswork Network Controller 6.0.3, the Get all DGs API will not include the CertChain attribute in the dg/query API response. This change is part of bug ID CSCwm96979.
-
Base URL:
/crosswork/dg-manager
-
Path:
/v1/dg/query (deprecated) /v2/dg/query
Patch installation workflow
This section provides the high-level workflow for installing the Crosswork Network Controller 6.0.3 patch.
You can upgrade to Crosswork Network Controller version 6.0.3 from either version 6.0.0 or version 6.0.2. Differences between these upgrades are mentioned in this table.
Step |
Action |
||
---|---|---|---|
1. Compare the versions of your current Crosswork applications with the new patch versions to determine which applications need an upgrade. Download only the upgrades for the versions you need. |
See Download Cisco Crosswork Network Controller 6.0.3 component patch files for more information. |
||
2. Ensure that your environment meets all the installation prerequisites. |
Refer to the guidelines in Patch installation prerequisites. |
||
3. Install Cisco NSO version 6.1.9 on your machine.
|
Refer to the NSO 6.1.x documentation for installation instructions. |
||
4. Extract and validate the Crosswork Network Controller 6.0.3 patch files. |
Refer to the guidelines in Extract and validate 6.0.3 patch files. |
||
5. Copy and execute the Crosswork Infrastructure MOP script. |
Refer to the guidelines in Copy and execute the Crosswork Infrastructure MOP. |
||
6. Add and install the 6.0.3 patch files in the Crosswork Network Controller UI. |
Refer to the guidelines in Add and install 6.0.3 patch files. |
||
(Optional) 7. Add and install the Geo Redundancy patch.
|
Refer to the guidelines in Install Geo Redundancy 6.0.3 patch. |
||
8. Install the Cisco NSO Function Packs. |
Refer to the guidelines in Install the Cisco NSO Function Packs. |
||
9. Verify and update the Crosswork Data Gateway container image.
|
Refer to the guidelines in Verify and update the Crosswork Data Gateway container image. |
![]() Caution |
The upgrade process is disruptive and should be performed during a maintenance window. The time required for the applications to restart is typically less than 30 minutes per application. If you encounter any error while installing the patch, contact the Cisco Customer Experience team before attempting to move forward with the next step. |
Download Cisco Crosswork Network Controller 6.0.3 component patch files
This section provides the overview and installation sequence of all the component patch files released in the Crosswork Network Controller 6.0.3 release. Please note that some patch files may be optional for your specific needs.
Please review the list and download all the required patch files from the Cisco Software Download page to a local machine.
-
(Mandatory) Crosswork Infrastructure MOP file: signed-cw-na-infra-6.0.3-MOP-241004.tar.gz
-
(Mandatory) Crosswork Infrastructure patch: signed-cw-na-infra-patch-6.0.3-30-release-241104.tar.gz
-
(Mandatory) Crosswork Optimization Engine: signed-cw-na-coe-patch-6.0.3-13-release-241009.tar.gz
-
(Mandatory) Crosswork Active Topology: signed-cw-na-cat-patch-6.0.3-7-release-241026.tar.gz
-
(Mandatory) Element Management Functions: signed-cw-na-element-management-functions-patch-6.0.3-205-releaseems603-241018.tar.gz
-
Crosswork Service Health: signed-cw-na-aa-patch-6.0.3-9-release-241023.tar.gz
-
Crosswork Change Automation: signed-cw-na-ca-patch-6.0.3-6-release-241025.tar.gz
-
Crosswork Health Insights: signed-cw-na-hi-patch-6.0.3-8-release-241023.tar.gz
-
Crosswork Zero Touch Provisioning: signed-cw-na-ztp-patch-6.0.3-4-releaseztp600-240930.tar.gz
-
Geo Redundancy patch: signed-cw-na-geo-patch-6.0.3-3-release-240925.tar.gz
Patch installation prerequisites
This section describes the installation prerequisites needed to install the Crosswork Network Controller 6.0.3 patch.
-
If the target system does not already have Crosswork Network Controller version 6.0.0 or 6.0.2 installed, please proceed to install version 6.0.0 using the updated Docker installer bundle (signed-cw-na-installer-6.0.3-12-release-241004.tar.gz) from Cisco Software Download. For more information, see the instructions in Cisco Crosswork Network Controller 6.0 Installation Guide.
-
Ensure that you have your Cisco Crosswork Administrator user credentials.
-
Ensure that you have the Management IP address used for your Crosswork VM deployment.
-
Ensure that a component's 6.0.x version is installed on the target system before applying the patch upgrade.
-
Ensure that your local machine, where the patch files are downloaded, is accessible via
scp
by the Crosswork Network Controller. -
In a geo redundant setup, ensure that all relevant files, such as the Crosswork cluster, application CAPPs, and data gateways, are installed on both the active and standby clusters. Perform an on-demand synchronization operation before starting the patch installation process.
-
Take a backup of both your data and the NSO data. Additionally, ensure that the server being patched has sufficient space to unarchive and copy the MOP scripts. Please make sure to clean up at least 5GB of space in the /home/cw-admin/ directory and 1GB of space in the /tmp/ directory to prevent any space constraints during script execution.
![]() Caution |
The upgrade process is disruptive and should be performed during a maintenance window. The time required for the applications to restart is typically less than 30 minutes per application. If you encounter any error while installing the patch, contact the Cisco Customer Experience team before attempting to move forward with the next step. |
Extract and validate 6.0.3 patch files
This section explains how to extract and validate the downloaded 6.0.3 patch files. Repeat these steps for each 6.0.3 patch file you plan to install.
![]() Attention |
It is crucial that you extract the .tar.gz file from the signed file. You must add and install this specific file through the Crosswork Network Controller UI. |
Procedure
Step 1 |
After downloading the patch file, navigate to the folder where the tar file was downloaded. As an example, consider the Crosswork Infrastructure signed patch image (signed-cw-na-infra-patch-6.0.3-30-release-241104.tar.gz) for this procedure. cd <folder where the tar file was downloaded> |
||
Step 2 |
Extract the file using this command. tar -xzvf <signed image file> The file unpacks into the patch and the necessary tools to validate its contents. Example:
Output:
|
||
Step 3 |
Validate the extracted patch file using this command.
Example:
Output:
|
Copy and execute the Crosswork Infrastructure MOP
This section explains how to copy and execute the Crosswork Infrastructure 6.0.3 MOP file.
Before you begin
Ensure you have extracted and validated the Crosswork Infrastructure MOP, cw-na-infra-6.0.3-MOP-241004.tar.gz, using the instructions in Extract and validate 6.0.3 patch files.
Procedure
Step 1 |
Copy the extracted MOP file using the VIP address to the /home/cw-admin/ folder on one of the Crosswork hybrid nodes.
Example:
|
||
Step 2 |
SSH into the Crosswork hybrid node where you copied the files, and change to root using |
||
Step 3 |
Extract the MOP file: Example:
Output:
|
||
Step 4 |
Update the permissions. chmod 755 update_orch.sh |
||
Step 5 |
Run the script file. ./update_orch.sh When you run the script you will be asked for the password for the cw-admin user account.
Wait 10 to 15 minutes for the update to complete and verify that system is healthy. |
Add and install 6.0.3 patch files
This section explains how to add and install the 6.0.3 patch files in the Crosswork Network Controller UI.
![]() Important |
A patch upgrade is only supported if the component's 6.0.x version is already installed on the target system. |
Before you begin
Ensure you have extracted and validated the required 6.0.3 patch files using the instructions in Extract and validate 6.0.3 patch files.
Procedure
Step 1 |
Click on Application Management tab. The Crosswork Platform Infrastructure and any applications that are added are displayed here as tiles. , and select the |
||
Step 2 |
Click on the Add File (.tar.gz) option to add the patch file that you extracted. As an example, consider the Crosswork Infrastructure patch file, cw-na-infra-patch-6.0.3-30-release-241104.tar.gz for this procedure.
The Add File (tar.gz) via Secure Copy popup window is displayed. |
||
Step 3 |
Enter the relevant information and click Add. |
||
Step 4 |
Once the patch file is added, you can observe the existing application tile displaying an upgrade prompt. Click the upgrade prompt to install the patch file. In the Upgrade pop-up screen, select the new version that you want to upgrade to, and click Upgrade. Click on Job History to see the progress of the upgrade operation. |
||
Step 5 |
After the installation is complete, go to and confirm all of the applications are reporting a Healthy status.
|
||
Step 6 |
Repeat steps 1 to 5 to add and install the remaining Crosswork application patch files that you need. |
Install Geo Redundancy 6.0.3 patch
This section explains how to add and install the Geo Redundancy 6.0.3 patch files in the Crosswork Network Controller UI. The Geo Redundancy patch must be installed on both the active and standby clusters.
![]() Important |
The installation of this patch is only required if geo redundancy is in use. If you are not using geo redundancy, there is no need to install this patch. |
Before you begin
Ensure you have extracted and validated the Geo Redundancy 6.0.3 patch, signed-cw-na-geo-patch-6.0.3-3-release-240925.tar.gz, using the instructions in Extract and validate 6.0.3 patch files.
Procedure
Step 1 |
On the active cluster, click on Application Management tab. , and select the |
||
Step 2 |
Click on the Add File (.tar.gz) option to add the patch file. The Add File (tar.gz) via Secure Copy popup window is displayed.
|
||
Step 3 |
Enter the relevant information and click Add. |
||
Step 4 |
Once the patch file is added, you can observe the existing application tile displaying an upgrade prompt. Click the upgrade prompt to install the patch file. In the Upgrade pop-up screen, select the new version that you want to upgrade to, and click Upgrade. Click on Job History to see the progress of the upgrade operation. |
||
Step 5 |
After the installation is complete, go to and confirm all of the applications are reporting a Healthy status. |
||
Step 6 |
Log in to the standby cluster and repeat steps 1 to 5. |
Install the Cisco NSO Function Packs
As the final step of the patch installation workflow, you must install or upgrade the Cisco NSO Function Packs to ensure compatibility with the Crosswork Network Controller 6.0.3 patches.
![]() Caution |
If Cisco NSO Function Packs were already installed on Crosswork Network Controller version 6.0, they must be upgraded manually. |
Procedure
Step 1 |
Fresh Installation: If Cisco NSO Function Packs are not already installed on Crosswork Network Controller version 6.0, please download the 6.0.3 versions of the Function Packs from Cisco Software Download, and install them from the Crosswork Network Controller UI. For more information, refer to Install Cisco NSO Function Pack Bundles from Crosswork UI. |
Step 2 |
Existing Installation: If Cisco NSO Function Packs were already installed on Crosswork Network Controller version 6.0, they must be upgraded manually.
|
Verify and update the Crosswork Data Gateway container image
When Crosswork Data Gateway is deployed with two NICs, it remains in an 'Error' or 'Degraded' operational state after applying the Crosswork Infrastructure patches. This occurs if the Data Gateway container image versions are not updated. To ensure the successful application of the patch, verify and update the container image versions.
Procedure
Step 1 |
Verify the Crosswork Data Gateway container image versions: Verify the image version of the Crosswork Data Gateway containers to ensure that the patch has been applied successfully. To do this, follow the instructions for checking image tags using the interactive menu. For more information, see View Crosswork Data Gateway Vitals. If the image versions displayed are still the old version, it indicates that the patch was not applied correctly. |
Step 2 |
Resolve the image version issue: If the image versions are old, the next step is to add the gateway IP to the Crosswork Data Gateway’s data interface. For more information, see Configure Interface Address. |
Step 3 |
Recheck the image versions: After adding the gateway IP, return to Step 1 to verify the image versions again. The image tags should now reflect the updated version, and the Crosswork Data Gateway should transition to the operational 'UP' state. |
Bugs
You can use the Cisco Bug Search Tool to see additional details for selected bug IDs listed in the Cisco Crosswork Network Controller 6.0.3 component tables.
-
Go to the Cisco Bug Search Tool.
-
Enter your registered Cisco.com username and password, and click Log In.
The Bug Search page opens.
Note
-
From the Product list, select Cloud and Systems Management > Routing and Switching Management > Cisco Crosswork Network Automation.
-
Enter 6.0.3 in the Release field.
-
(Optional) You can enter additional criteria (such as bug ID, problem description, a feature, or a product name) in the Search For field.
-
Click Search. When the search results are displayed, use the filter tools to narrow the results. You can filter the bugs by status, severity, and so on.
![]() Note |
To export the results to a spreadsheet, click Export Results to Excel. |