Aggregated Changelog For Version 5.1 - 2019-08-09

Aggregated changelog: 20190801110042

Product Machine Version
mercury-50-wifi-scb1617a scb1617a 5.1.0

Core Authentication layer

CORE-1289 Improvement: Add status.authentication.connections
CORE-1356 Bug: Fix wrong imports in endian.authentication_frontend.web
CORE-1505 Task: Support additional parameters in endian.authentication.auth_client.authenticate
CORE-1565 Improvement: Report the authentication provider for successfully login
CORE-1631 Task: Create /var/efw/access/rsa as nobody nogroup
CORE-1731 Task: Filter the DataSource exposed over HTTPS according to the user permisisons
CORE-2152 Task: Introduce python-oauthlib and requests-oauthlib Python libraries
CORE-3133 Bug: Authentication fails is username is numeric and starts with 0

Core Backup

CORE-1491 Bug: Factory default does not restore ethernet settings
CORE-1500 Bug: Restoring a 3.0 backup on 3.2 will leave files with wrong permissions
CORE-1535 Bug: Cannot create archive only backups
CORE-1553 Bug: Ipacsum calls in /etc/crontab
CORE-1560 Bug: Network hosts imported from 3.0 to 3.2 cause a traceback
CORE-1919 Bug: ECDSA ssh keys are not included in settings backup
CORE-2025 Task: Add an option to backup-restore for restoring only non-system-specific settings
CORE-2271 Bug: Factory reset is not complete
CORE-2454 Bug: Full backup might fill up the volatile partition
CORE-2716 Improvement: Include /etc/ethconfig_include* into the backup
CORE-3154 New Feature: Implement pre and post hooks (run-parts) in

Core Base system

CORE-1309 Task: Enable OpenSSH by default
CORE-1319 Bug: ulogd and acpid are stopped before the first netwizard
CORE-1324 Bug: Monit fails with AssertException
CORE-1340 Task: Add default Vim configuration
CORE-1367 Bug: Replace deprecated Perl calls
CORE-1448 Task: Add default pythonrc
CORE-1456 Task: Allow wildcards hostname in Dnsmasq configuration
CORE-1467 Bug: Fix sshd reload call
CORE-1516 Bug: /etc/init.d/monit reload unmonitors all the services
CORE-1545 Task: Remove obsolete ipcopdeath, ipcoprebirth, and iowrap scripts
CORE-1568 New Feature: Integrate ModemManager
CORE-1581 Task: Display GREEN zone, uplinks, ports status on console
CORE-1584 Improvement: Update ciphers in ssh_config
CORE-1714 Task: Add reboot and shutdown functions in job base
CORE-1776 Task: Allow SSH client to pass locale environment variables
CORE-1796 Task: Optimize firewall restart criteria on boot
CORE-1799 Bug: No monit socket before first netwizard
CORE-1832 Improvement: Disable OpenSSH port 222
CORE-1890 Bug: Change how DataSource handle missing path
CORE-1926 Task: Add efw-shell config command for managing configuration revisions with git
CORE-1956 New Feature: Create bootstrap package
CORE-1960 Task: Package the latest version of jQuery
CORE-1987 Task: Allow configuring several SSH daemon options
CORE-2001 Task: Disable colors in shell commands while piping or redirecting output
CORE-2018 Task: Do not delete the wtmp file on reboot
CORE-2058 Task: Implement Endian Bus (Internal IPC bus)
CORE-2178 Task: Introduce Python bleach for UTM
CORE-2203 Improvement: Improve the datasource command allowing changing settings values
CORE-2206 Task: Make console menu configurable
CORE-2259 Improvement: Add CLI notification when a reboot is required
CORE-2996 Bug: Fix documentation url retrieving on version transition
CORE-964 Improvement: Inputrc improvements for history search and other useful keybindings

Core Dashboard

CORE-1525 Bug: Mountpoints are shown on "Hardware information" in dashboard page
CORE-1752 Improvement: Remove Status column from Dashboard Network Interfaces plugin
CORE-1813 Improvement: Show in dashboard if signatures download is disabled by an uplink configuration
CORE-2123 Improvement: Mechanism to notify users about a required reboot

Core EMI

CORE-1445 Bug: Restrictions ignored when EMI is stopped
CORE-1496 Bug: Non-ASCII subject of mails in quarantine are not displayed correctly
CORE-1542 Task: Use Jobsengine function for reboting
CORE-1600 Task: Remove genshi depends
CORE-1638 Bug: Missing error message in NetworkMultiIPS validator
CORE-1649 New Feature: Tag packets by setting TOS/DSCP bits
CORE-1669 Task: Add endian.platform.nvstorage module for ARM platform
CORE-1740 Task: Rewrite shutdown and gui settings in emi
CORE-1761 Bug: Disabling the first tab with guiprofile also removes menu item
CORE-1767 Bug: Allow web console to run with non root user
CORE-1829 Task: Add require.js and other JavaScript libraries
CORE-1837 Task: Create generic REST controller
CORE-1844 Bug: Proxy HTTP button incorrectly displayed on some products
CORE-1859 Bug: Impossibility to accept license agreement with emi no root
CORE-1866 Bug: Traceback on httpd job on start
CORE-1875 Task: Do not include server host in redirect
CORE-1972 Bug: Additional gui users cannot access to emi webpages
CORE-2011 Bug: Wrong ownership for emi cachestorage file
CORE-2030 Improvement: Add JSON payload support for EMI commands
CORE-2040 Task: Show hooks in datasource command output
CORE-2044 Task: Remove VueJS v1
CORE-2046 Task: Update JQuery DataTables
CORE-2070 Improvement: Start emi/acpid/ulog before the netwizard
CORE-2107 Task: Add a decorator for returning plain error messages
CORE-2117 Bug: Emi MongoStorage _load and _store_items methods ignores current_identity argument
CORE-2129 Bug: text.js is wrongly packaged as require-text.js
CORE-2132 Improvement: Register emi commands with a decorator
CORE-2138 Bug: CSV Storages writes append items into the CSV
CORE-2169 Bug: Wrong default tab for new users and when edit an existing one
CORE-2172 Bug: Cannot change user group membership when language is Italian
CORE-2187 Task: Add new stylesheets and icons (Bootstrap)
CORE-2197 Task: Encrypt PersistentDict with AES
CORE-2200 Bug: JSON EMI command parameter parsing is broken
CORE-2236 Task: NetworkAddress validator optionally calculate network addresses
CORE-2257 Bug: Fix missing dependencies on html5lib
CORE-2288 Task: Create a function for getting running services
CORE-2438 Bug: Migration script manual execution is broken
CORE-2472 Task: Restart Apache after certificate renew
CORE-2608 Improvement: Add an option to GUI setting for the Management GUI HTTPS certificate
CORE-2959 Bug: Cannot generate a certificate on the Management GUI
CORE-3148 Bug: Cannot change language at first boot

Core Event Notifications

CORE-1347 Bug: Raid events not detected
CORE-1410 Bug: Raid failing event not detected
CORE-1429 Improvement: Add SSL/TLS and STARTTLS support to email notifications
CORE-1725 Bug: Fix notifications functions update_patterndb
CORE-2050 Bug: openvpnclient events for tunnel opening and closing not triggered
CORE-3160 Bug: Openvpn login successful event doesn't match log pattern
CORE-3164 Bug: Openvpn logout event not matched with some special characters

Core Firewall

CORE-1623 Bug: VPN Firewall rules are not applied
CORE-1854 Bug: Conntrack connections table not cleaned after uplink failover
CORE-2088 Bug: Interzone rules not deleted
CORE-2092 Bug: Interzone rules are not created when hotspot interface is used
CORE-2221 Bug: Snort doesn't work when HTTP proxy is ON
CORE-2468 Bug: Incorrect broute rules added by default in bridged mode
CORE-3135 Bug: Typo in Incoming routed traffic source and destination description

Core Hardware support

CORE-2783 Improvement: Add kernel module rndis_host for LTE modem

Core Jobsengine

CORE-1438 Bug: Signature updates may leave files in inconsistent state
CORE-1498 Bug: Fix wrong imports in endian.restartscripts.getblackholedns
CORE-1603 Bug: Jobsengine unresponsive logging "Too many open files"
CORE-1654 New Feature: Disable signature updates for certain uplinks
CORE-1852 Bug: An invalid exit code in a Job action prevents successive Job execution
CORE-2033 Bug: Stop deleting Jobsengine socket on exit
CORE-2225 Task: Move generic files functions from endian.job.commons to endian.core.filetools

Core Kernel

CORE-2777 Improvement: Add possiblity to remove SIP netfilter kernel modules
CORE-2965 Bug: Paket loss when installed on xen hypervisor

Core Logging & Monitoring

CORE-1487 Bug: Ulogd does not start on netwizard
CORE-1511 Bug: Ipsec logs not rotated due to missing folder in /var/log/archives
CORE-1539 Bug: syslog-ng runs in multiple instances
CORE-1903 Bug: Wrong date in filename for archived logs
CORE-2078 Bug: Logrotate does not rotate log files bigger than 2GB on x86 platforms
CORE-2083 Bug: HTTP Proxy logs not rotated
CORE-2146 Bug: Event reporting graphs not working
CORE-2251 Bug: AttributeError: MultiLineSysLogHandler object has no attribute formatException
CORE-2286 Bug: efw-update crash due to logger module exception
CORE-2921 Bug: Sarg retention in monthly cron is not working

Core Menu

CORE-2980 Improvement: Wrong contextual help links for EasyVPN

Core Network configuration

CORE-1344 Bug: Wrong businfotab for 3.0.5 on Macro 1000 and 2500
CORE-1358 Bug: Modify "Welcome to Endian Firewall" string in Network Wizard
CORE-1577 Task: Before the netwizard, activate the DHCP client on WAN interface
CORE-1657 Task: Add an option for enabling DHCP server on GREEN from the netwizard
CORE-1701 Improvement: Change order of uplinks type
CORE-1738 Bug: Modem Manager not working properly if language is different than english
CORE-1841 Task: Support Modem Manager uplink in textual netwizard
CORE-1923 Bug: Network Wizard from CLI cannot add multiple IPs on red interface
CORE-1929 Bug: Network interfaces change order
CORE-2297 Task: Textual netwizard should ask for root/admin password
CORE-2329 Bug: Remove emergency_fill_br0 from network restartscript
CORE-2569 Bug: Support driverless 4G USB dongle
CORE-2765 Bug: Add support for driverless 4G usb modems to products
CORE-3146 Bug: Uplink check hosts option are reset after modifying network settings
CORE-3170 Bug: Cannot use CIDR /32 or /31 for additional IP addresses
CORE-3194 Bug: Network Wizard from CLI displays main interface when vlans are in use
CORE-3241 Bug: Cannot configure mobile broadband uplink at first wizard

Core Package management

CORE-1413 Bug: Rpm database rebuild procedure slow
CORE-2336 Bug: smart upgrade doesn't upgrade packages on some circumstances

Core Service Templates

CORE-1934 Improvement: Add custom configuration file for each OpenVPN client

Core Setup Wizard

CORE-1311 Improvement: Force the BLUE zone to be configured
CORE-1336 Task: Add batch option to netwizard
CORE-2499 Bug: Netwizard ignores change on system access rules

Core Time

CORE-1297 Improvement: Introduce UTC and GMT timezones
CORE-1749 Task: Update tzdata to 2016g

Core Traffic monitoring

CORE-1781 Bug: Redis is using the wrong configuration file on 3.10 and 5.0

Core Translations

CORE-1698 Task: Update 5.0 translations
CORE-1771 Task: Update 5.0 translations
CORE-2065 Bug: Upgrade python-simplejson to prevent conversion of i18n strings to JSON failure

Core Update procedure

CORE-2226 Bug: Autoupdate script not linked after netwizard

Core Uplinksdaemon

CORE-1694 Bug: Mobile Broadband uplinks cannot be configured anymore after has been removed once
CORE-1708 Improvement: Uplink GUI string changes

Core Web server

CORE-1523 Task: Improve ciphers used by Apache
CORE-1532 Bug: Apache job fail to start due to missing certificate
CORE-1589 Improvement: Improve encryption and key length for httpd service
CORE-1644 Improvement: Fix httpd default sysconfdir
CORE-1820 Task: Serve the source Javascript instead of the minified if the source is available
CORE-2219 Task: Add SSLStrictSNIVHostCheck off to httpd configuration

Hotspot API

HOTSPOT-853 Bug: Username/password are randomly changed in API user modify call

Hotspot Administration

HOTSPOT-442 Improvement: Limit the number of hotspot users based on subscriptions
HOTSPOT-446 Improvement: Enable Hotspot by default
HOTSPOT-451 Improvement: Default rates for the Hotspot
HOTSPOT-739 Improvement: Print account using selected language
HOTSPOT-741 Bug: Language settings show error for arabic language
HOTSPOT-750 Improvement: Correct and simplify the print behavior of the infoedit page
HOTSPOT-765 Improvement: Add the option Delete expired accounts on a daily basis
HOTSPOT-784 Bug: Reload of Hotspot emi GUI module fails
HOTSPOT-857 Improvement: Add all the user fields available to the SmartConnect FormField widget

Hotspot Authentication

CORE-2273 Bug: EMI traceback with hotspot external LDAP authentication
HOTSPOT-557 Bug: CoovaChilli cannot authenticate users because of radius queue full
HOTSPOT-760 Improvement: Custom UAM UI server url
HOTSPOT-814 Bug: Hotspot with Proxy "keep source IP address" option causes asymmetrical routing
HOTSPOT-825 Bug: EMI traceback with hotspot external LDAP authentication

Hotspot CoovaChilli

HOTSPOT-458 Bug: Hotspot activation does not "lock" DHCP settings for the blue zone

Hotspot Database

HOTSPOT-472 Improvement: Default rate for SmartConnect email registration
HOTSPOT-510 Bug: The hotspot traffic is growing after browsing with 5Gb limit
HOTSPOT-778 Bug: Social Login data not stored in hotspot account table
HOTSPOT-795 New Feature: Include NAS-Identifier into radacct table

Hotspot Login portal

HOTSPOT-575 Bug: Login fails if HTTPS proxy is enabled
HOTSPOT-580 Task: Use a strong Diffie-Hellman for Hotspot
HOTSPOT-583 Epic: Hotspot Social Enabler
HOTSPOT-743 Bug: Telephone country code unavailable in Smart connect via e-mail
HOTSPOT-755 Bug: Portal login page doesn't detect whether the user is already connected
HOTSPOT-768 Bug: Emi traceback while trying to register an already existent user
HOTSPOT-831 Task: Restart Hotspot after certificate renew

Hotspot RADIUS

HOTSPOT-483 Bug: Segmentation faults when radiusd is reloaded
HOTSPOT-630 Bug: Radius warning message "Child is hung for request"

Hotspot Social Login

HOTSPOT-652 Bug: Social login authentication fail due missing variable
HOTSPOT-654 Improvement: Extract more information from Social Login
HOTSPOT-757 Bug: Social login authentication return InvalidToken after hotspot purge
HOTSPOT-763 Bug: Fail-safe management of Social Login
HOTSPOT-775 Bug: Social Login is not working if Term of Service is enabled
HOTSPOT-781 Improvement: Improve Social Enabler mobile experience
HOTSPOT-789 New Feature: Twitter and Instagram Social Login
HOTSPOT-797 New Feature: Add information about the social provider used to create an account
HOTSPOT-868 Bug: Facebook API 2.8 EOL

Management Center Client

EMC-135 Bug: System access firewall rules are pushed but not applied
EMC-153 Task: Add a command for getting running services from gateways
EMC-169 Task: Add a command for getting maintenance expiration
EMC-17 Task: Create EMC client (Recognizer)
EMC-20 Task: Add python-potr recipe
EMC-36 Task: Add python-sleekxmpp recipe

Management Center GUI

EMC-184 Bug: Profile gold gateway is not selectable and page shows wrong colors and alignment

Management Center Server

EMC-166 Bug: Gateway repository are not included into the backup
EMC-219 Improvement: Add EMC running status in provisioning file

Management Center Service

EMC-140 Bug: IPS ignores configuration pushed from EMC
EMC-142 Bug: DHCP fix leases are ignored when configured by EMC
EMC-160 Bug: Safe Search ignores configuration pushed from EMC
EMC-162 Bug: Web Filter ignores configuration pushed from EMC
EMC-202 Bug: VPN portal ignores configuration pushed from EMC

OS Buildsystem Tools

EOS-1378 Bug: Smart does not always install the latest packages when building the image
EOS-1466 Bug: Fix uglifyjs options to remove build path from sourceMappingURL

OS Product Branding

EOS-1005 Bug: Forced dependency to db-bin because on some product was missing
EOS-1150 Task: Update Panda branding
EOS-1447 New Feature: Create Mercury 50mk2 images
EOS-555 Task: Disable automatic lock on edge appliances
EOS-759 Bug: Panda AV and IPS shows up in 4I and hotspot products Live Logs

OS Yocto

EOS-1020 Bug: Duplicate package after an update that restarts sshd
EOS-1023 Improvement: Fix syslog-ng random json support
EOS-1026 Bug: shadow: update to 4.2.1
EOS-1067 Bug: Single user mode for password recovery is not working in yocto
EOS-1074 Bug: commtouch-mailsecurity: volatiles dirs are not created at runtime installation
EOS-1077 Task: remove e1000e and e1000e_update blacklist
EOS-1084 Bug: usb_modeswitch segfault when pluggin 3G modem
EOS-1090 Bug: Smart update fails because of a race condition
EOS-1098 Task: vim: disable mouse default
EOS-1102 Task: Increment PR merged after wrong rebase
EOS-1105 Bug: Post installation trigger for cyrus-sasl-bin slows down or even block installation
EOS-1122 Task: Fix wrong acs-module recipe license
EOS-1130 Improvement: Prevent old RPM channels from being installed on Yocto-based systems
EOS-1135 Task: Migrate endian-client sources and recipe to git repository
EOS-1143 New Feature: Create mini-10 appliance on SCB6901
EOS-1217 Improvement: Apply efw-snort patches on sources
EOS-1324 New Feature: Prepare new layers for js packages
EOS-1361 New Feature: Create mini-25 and mini-25-wifi product based on SCB6901 machine with dual core and mmc
EOS-173 Bug: EMI i18n domain FormEncode not found with other language than English
EOS-212 Bug: Missing kernel.panic=X sysctl
EOS-228 Bug: PyCrypto: missing from image and upgrade to 2.6.1
EOS-232 Bug: iproute2 missing DEPENDS from linux-atm
EOS-244 Task: iproute2 raise release due to EOS-232
EOS-266 Bug: HA fails to establish on IFA3610
EOS-306 Epic: Fix perl native sysroot errors on some recipes
EOS-350 Task: Create better filename format for yocto images
EOS-356 Task: Bump release to 3.10.6
EOS-361 Bug: smartpm: nolinktos is False by default
EOS-371 Bug: Fix /var/cache permission
EOS-381 Bug: Fix sqlobject 2.2.0 ex_setup compile error
EOS-387 Epic: Porting of UTM for x86 machines
EOS-391 New Feature: Upgrade wireless packages
EOS-392 New Feature: x86: add ipset tools
EOS-393 Bug: udev use /var/run/udev as working dir that is not mounted when started
EOS-394 Bug: libuser: Upgrade to 0.6.2
EOS-395 Improvement: package oauth2client and dependencies
EOS-399 Bug: crda: fix wrong crda-dev dependency
EOS-421 Improvement: Missing acpid
EOS-432 Task: Make source retrieve mode switch more friendly
EOS-437 Bug: libacpi doesn't exists on arm. Remove dependency.
EOS-446 Bug: acpi: wrong dependencies and version
EOS-455 Bug: Deploy and re-tag sources with missing empty files
EOS-464 Bug: CLONE - Fix pkg dependencies on commtouch-mailsecurity
EOS-508 Bug: postfix doesn't compile for kernels 4.x
EOS-574 Bug: acpi: missing powerbutton scripts
EOS-622 Bug: kernel: misc fixes
EOS-632 New Feature: Implement multilib
EOS-633 New Feature: Implement multilib
EOS-665 Bug: Fix src-common tag and review recipes for master branch
EOS-692 Bug: xt_ndpi: align 1.6.1 to master
EOS-696 Bug: snmp : missing DEPENDS
EOS-706 Bug: Fix package signing verification at rootfs time
EOS-710 Task: Fix appliance file naming
EOS-714 Bug: lib32-perl-db-file: QA issue on .debug files
EOS-718 Bug: openldap: fix multiple staging
EOS-720 Bug: yocto compile issues
EOS-735 Bug: sum-events-db fails due to missing pysqlite2 library
EOS-753 Bug: acpid is stopped after wizard
EOS-756 Bug: apache2 is in /etc/ folder
EOS-772 Bug: acs-module: move to "all" architecture
EOS-773 Bug: p3scan: Doesn't start on 64 bit machines
EOS-788 New Feature: 64 bit: create community and sw enterprise appliances
EOS-795 Bug: openssl: upgrade to 1.0.1r
EOS-800 Bug: efw-dhcp broken
EOS-809 Bug: add executable permissions to wpad.dat
EOS-826 Task: Move recipes PV to 5.0.1
EOS-832 Bug: proxy-html.conf is now in /usr/share/apache2/extra
EOS-834 Bug: coova-chilli: Various fixes while brX intefrace is congested
EOS-841 Bug: Get rid of gnutls
EOS-846 Improvement: Install *-ptest packages as an additional group
EOS-848 Bug: Review file owner on packages
EOS-857 Bug: logrotate: packed conf file and config is not generated
EOS-873 Improvement: pavapi: upgrade to latest version
EOS-875 Bug: Panda antivirus doesn't start anymore
EOS-879 Task: Changelog extraction on yocto
EOS-884 Bug: efw-panda: syslog conf has nobody group
EOS-922 Bug: Introduce initrd in x86 kernels
EOS-927 Bug: usb_modeswitch doesn't create ttyUSB if usb modem is plugged before boot start
EOS-932 Bug: httplib can't be imported by the management center
EOS-944 Bug: Grub: missing conffile in /etc/default/grub
EOS-964 Bug: vim: remove backup file creation at all
EOS-968 Bug: pavapi: Upgrade to
EOS-971 Bug: url-rewrite: memory leak
EOS-997 Bug: OpenSSL is unable to verify certificates issued by default root CA

Switchboard Applications

SB-1576 Bug: Delete all items defined under an organization

Switchboard Database

SB-1354 Improvement: Move latest mongodb dump archive from /var/efw/ to /var/lib

Switchboard Device management

SB-1579 Bug: Regular users cannot connect to gateways due to a reference before assignment error

Switchboard GUI

SB-1300 Bug: Align icons, texts and elements in Portal and Management GUI
SB-1459 Bug: OTP buttons and other elemnts are disaligned in "Add User" tab
SB-1469 Improvement: Remove the organization from all the names and show it in a different column
SB-1621 Bug: Unable to create new models
SB-1662 Bug: Unable to delete or edit models
SB-1677 Bug: Adding user from connect app is prevented due error
SB-1806 Bug: Add images for all products in Plug and Connect procedure
SB-1827 Improvement: Sorting connection by status does not work
SB-1835 Bug: Notification are displayed below the motd
SB-1847 Task: In user permission widget disable Drag and Drop and avoid repositioning permissions at the end of the list
SB-1897 Bug: OTP buttons are disaligned in "Add User" tab
SB-981 New Feature: Administration GUI for Switchboard maps

Switchboard Maps

SB-1434 Improvement: If a search does not have results gateways you are pointed to a random location

Switchboard Provisioning

SB-1360 Bug: A gateway cannot download its devices configurations
SB-1610 Task: Move Switchboard pushed configuration to /var/run/sb
SB-1776 Bug: Console menu option to connect the system to the Switchboard cannot be aborted

Switchboard Statistics

SB-2032 Bug: commands.access.internal.vpnEventDisconnect cause high CPU usage

UTM Antispam: SpamAssassin

UTM-2144 Improvement: fix run_sa_update invocation
UTM-2154 Bug: Spam Training uses wrong command for connection test

UTM Antivirus: ClamAV

UTM-1863 Bug: Jobsengine deadlock prevents jobs from starting

UTM Artwork

ENTERPRISE-1770 Bug: Invalid graphic image for closing button displayed when browsing Firewall Diagrams

UTM Certificate Management

UTM-1321 Bug: Private keys from PKCS12 are not imported
UTM-1483 Task: Allow at (@) character in certificates common name
UTM-1491 Task: Allow wildcard certificates generation
UTM-1492 Task: Allow wildcards certificate pkcs12 upload
UTM-1496 Task: Certificated with a CA chains with more than one CA cannot be used in VPN server and VPN portal
UTM-1530 Bug: CA certificate symlink is not created
UTM-1552 Bug: Uploaded certificate issued by a trusted CA cannot be deleted
UTM-1654 Task: Add an option for choosing the certificates private key size
UTM-1792 Task: Add local CA certificates to CA bundle
UTM-1806 Improvement: In Certificates change Subject Alt Name textinput to a more usable widget
UTM-1808 Task: Include Subject Alternative Name in the host HTTPS certificates
UTM-1828 Bug: Factory reset produces a httpd certificate without SAN
UTM-2008 Improvement: Randomize the default certificate organization
UTM-2013 Task: Sign certificates with Let's Encrypt
UTM-2081 Bug: Wildcard hostname in certificate creation should be accepted

UTM Enterprise Antispam: Commtouch

ENTERPRISE-1066 Task: Disable Cyren when license has expired
ENTERPRISE-1085 Task: Disable Cyren when license has expired
ENTERPRISE-1150 Bug: Missing Cyren webfilter and antispam under HTTP and SMTP proxies section

UTM Enterprise Antivirus: Panda

ENTERPRISE-1047 Bug: efw-panda: missing monit reload for pavapidaemon in postinst
ENTERPRISE-1065 Task: Disable Panda Cloud AV when license has expired
ENTERPRISE-1074 Bug: indentation error on panda restartscript
ENTERPRISE-1080 Bug: Squid error with acs_module installed
ENTERPRISE-1083 Bug: invalid squid configuration with acs_module
ENTERPRISE-1152 Bug: Panda Antivirus engine does not appear in the Antivirus Engine section
ENTERPRISE-1166 Bug: icap throws a SEGV while scans infected archives
ENTERPRISE-1172 Bug: pavapi: wrong detection on some files
ENTERPRISE-1228 Bug: Both Panda Cloud Antivirus and ClamAV started at the same time
ENTERPRISE-1231 Improvement: Avoid pavapidaemon restart if not forced
ENTERPRISE-1404 Improvement: Pavapi: new libpavapi library
ENTERPRISE-1485 Bug: PandaAV signatures update stuck
ENTERPRISE-1796 Improvement: Pavapi various fixes
ENTERPRISE-1863 Bug: Missing pavapi rdepends on efw-panda

UTM Enterprise Appliance: Hardware

ENTERPRISE-1013 Task: Endian Hotspot 150 appliance
ENTERPRISE-1014 Task: Endian Hotspot 500 appliance
ENTERPRISE-1015 Task: Endian Hotspot 1500 appliance
ENTERPRISE-1016 Task: Endian Hotspot Virtual 150 appliance
ENTERPRISE-1017 Task: Endian Hotspot Virtual 500 appliance
ENTERPRISE-1018 Task: Endian Hotspot Virtual 1500 appliance
ENTERPRISE-1022 Task: Update Hotspot 150 businfotab
ENTERPRISE-1032 Task: Dependency to commtouch-webfilter for all Hotspot appliances
ENTERPRISE-1035 Task: Remove "Appliance" from Hotpost appliances name
ENTERPRISE-1067 Bug: Remove POP3 and IPS signatures summary from dashboard
ENTERPRISE-1094 Bug: Certificate section is viewable from Hotspot products
ENTERPRISE-1103 Bug: Product name not shown correctly on LCD
ENTERPRISE-1189 Task: Add default WAN port configuration
ENTERPRISE-1282 Bug: Missing businfotab files on Mini 10 WiFi and Mini 25 WiFi
ENTERPRISE-1479 Bug: Manage certificate page is available on hotspot products
ENTERPRISE-1695 Bug: Admin user can't download OpenVPN ca certificate on Hotspot appliances
ENTERPRISE-1761 Bug: Migration script not running in endian-appliance package

UTM Enterprise Appliance: Software

ENTERPRISE-1026 Task: Default menu for Hotspot appliances
ENTERPRISE-1360 Bug: Wrong product id for software and virtual

UTM Enterprise Appliance: Virtual

ENTERPRISE-1058 Task: Adjust service configuration parameters for Hotspot appliances
ENTERPRISE-1077 Task: Virtual images for Hotspot appliances
ENTERPRISE-1235 Bug: Appliance product name doesn't appear on the web interface

UTM Enterprise Application Firewall

ENTERPRISE-1040 Task: Remove references to IPS in firewall GUIs
ENTERPRISE-1519 Bug: Proxied traffic not working if AppFW firewall rules are configured
ENTERPRISE-1595 Epic: Introduce a new Application Firewall
ENTERPRISE-1830 Improvement: Limit life of nfq_ndpi_firewall worker processes

UTM Enterprise Authentication layer: Enterprise

ENTERPRISE-1142 Bug: RADIUS provider fails to load
ENTERPRISE-1146 Bug: Edit Authentication server mappings will remove apache as Authentication server
ENTERPRISE-1624 Improvement: Add support for AES encrypted password
ENTERPRISE-1646 Bug: VPN Authentication on LDAP fails with "operations error"

UTM Enterprise Documentation

ENTERPRISE-1755 Improvement: EasyVPN Title and Menu text Change

UTM Enterprise Endian Network

ENTERPRISE-1097 Bug: en-client logs fill up /var/log partition if timezone is brought back
ENTERPRISE-1160 Task: Allow the systems registration using the "registration key" instead of the EN password
ENTERPRISE-1164 Bug: Fix endian-client recipes
ENTERPRISE-1195 Task: Create tunnels.config instead of using the obsolete registerLookup
ENTERPRISE-1198 Task: Create smbconfig.config instead of using the obsolete registerLookup
ENTERPRISE-1293 Bug: Traceback after en-client after acs-module installation
ENTERPRISE-1304 Bug: Activation Codes longer than 20 char cannot be entered in GUI registration page
ENTERPRISE-1371 Bug: Initial registration page do not redirect correctly trought Switchboard portal
ENTERPRISE-1385 Task: Register a system on Endian Network with an given System ID
ENTERPRISE-1417 Bug: en-liveclient tracebacks
ENTERPRISE-1692 Task: Wrong count of system users information sent to EN
ENTERPRISE-1727 Bug: Delete-sysid not working during backup restore if reboot option is used
ENTERPRISE-1811 Bug: Endian Client not working when upstream proxy is set
UTM-2086 Bug: Wrong count of VPN users information sent to EN

UTM Enterprise Enterprise Updates

ENTERPRISE-1511 Bug: efw-update changes breaks updates from GUI
ENTERPRISE-1527 Bug: efw-update no longer working

UTM Enterprise License

ENTERPRISE-1009 Improvement: Ability to write a custom support message
ENTERPRISE-1063 Task: Update license
ENTERPRISE-1348 Task: Do not include server host in redirect

UTM Enterprise Monitoring, Reporting

ENTERPRISE-1274 Bug: Not found EMI error when clicking Web chart slice from Summary
ENTERPRISE-1300 Bug: Unable to open Event Reporting database imported from a 3.0 backup
ENTERPRISE-1547 Bug: Limit events.db size
ENTERPRISE-1823 Bug: Panda Antivirus service log points to wrong file

UTM Enterprise Network: Wireless

ENTERPRISE-1325 Bug: Invalid chown called in wireless job in restore_safe_settings
ENTERPRISE-1327 Bug: Additional wireless interfaces are not always added to the bridges
ENTERPRISE-1362 Bug: System access and transparent proxy rules not created for wifi appliances in bridged mode

UTM Enterprise Provisioning

ENTERPRISE-1332 Bug: Provisioning process prevent network wizard settings application
ENTERPRISE-1335 Task: Use as autoregistration host
ENTERPRISE-1350 Improvement: Autoregistration download from must accept only trusted certificates
ENTERPRISE-1356 Bug: Provisioning fails if unicode characters are used in the Company field
ENTERPRISE-1394 Task: Add options for excluding provisioning sections from import
ENTERPRISE-1421 Bug: Provisioning do not set domainname
ENTERPRISE-1456 Improvement: Check for configurations on for one day after network wizard
ENTERPRISE-1471 Improvement: Add console menu option to connect the system to the Switchboard
ENTERPRISE-1475 New Feature: Add a gui to connect the system to the Switchboard
ENTERPRISE-1491 Bug: Remove git configuration information from provisioning dump
ENTERPRISE-1594 New Feature: Support Local VPN configuration in provisioning

UTM Enterprise Quality of service: Tagging

ENTERPRISE-1266 Bug: QOS Tagging is not possible to change the rules order
ENTERPRISE-1310 Bug: QoS Tagging rules should tag and return to not match other tag rules

UTM Enterprise Service: High Availability

ENTERPRISE-1126 Bug: Uplink remains enabled on the slave unit when in stand-by
ENTERPRISE-1132 Bug: Coova-Chilli release IPs on HA slave in backup state
ENTERPRISE-1138 Bug: HA takeover when interzone firewall is modified
ENTERPRISE-1397 Bug: DHCP HA load-balancing settings block dhcp from releasing IP
ENTERPRISE-1572 Bug: Default GW is not set on slave at take over in No Uplink mode

UTM Enterprise Service: Mail Quarantine

ENTERPRISE-1049 Bug: Quarantine summary reports are quarantined with Cyren enabled
ENTERPRISE-1206 Improvement: Quarantine digest stops when email is not sent and smtp isn't running
ENTERPRISE-1271 Task: Remove debug logs
ENTERPRISE-1639 Bug: Error while trying to format column 'from_' value

UTM Enterprise User Interface

ENTERPRISE-1048 Bug: FTP Proxy menu is shown on Hotspot appliances
ENTERPRISE-1072 Task: Remove "Appliance" from CGI footer
ENTERPRISE-1477 Bug: Apache failing to redirect to the dashboard after succesful registration
ENTERPRISE-1497 Bug: Remove Plug and Connect customizations for non-Endian brandings
ENTERPRISE-1523 Bug: Remove Plug and Connect console customizations for non-Endian brandings
ENTERPRISE-1775 Bug: Hotspot service shown as stopped in System Status

UTM Enterprise VPN: Enterprise options

ENTERPRISE-1239 Bug: efw-eal-backend-enterprise migration failure because of KeyError: 'provider_name'
ENTERPRISE-1598 New Feature: EasyVPN for enterprise systems
ENTERPRISE-1734 Bug: Add an option to EasyVPN P&C procedure push server GREEN network to clients
ENTERPRISE-1765 Bug: Easyvpn virtualhost link is not removed when turned off
ENTERPRISE-1847 Bug: EasyVPN client connected with P&C always have GREEN zone pushed

UTM Enterprise VPN: L2TP

ENTERPRISE-1117 Bug: L2TP authentcation error if password has special chars
ENTERPRISE-1191 Bug: IPsec/L2TP works with transport mode only on strongSwan 5.3
ENTERPRISE-1320 Bug: L2TP job doesn't start due to wrong shouldstart check
ENTERPRISE-1323 Bug: IPsec job doesn't start due to wrong shouldstart check
ENTERPRISE-1465 Bug: L2TP job remains in waiting_depends status forever when L2TP is not enabled
ENTERPRISE-1550 Bug: L2TP VPN user status not updated in Status VPN Connections
ENTERPRISE-1841 Bug: Incorrect configuration for IPsec/L2TP certificate authentication tunnels

UTM Enterprise VPN: Portal

ENTERPRISE-1088 Bug: VPN Portal requires certificates type server
ENTERPRISE-1469 Bug: VPN Portal cannot connect to HTTPS servers with small DH
ENTERPRISE-1708 Improvement: VPN Portal add possibility to enable/disable Secure cookie through datasource

UTM Enterprise Webfilter: Commtouch

ENTERPRISE-1037 Task: Cyren webfilter and SafeSearch default profiles
ENTERPRISE-1376 Improvement: commtouch-webfilter: upgrade to 8.01.0000
ENTERPRISE-1434 Improvement: Downgrade commtouch-webfilter to 8.00.0049

UTM Enterprise Webfilter: HTTPS Transparent content filtering

UTM-1927 New Feature: Content filter for https pages


UTM-1549 Bug: Web filter profile containing space in the name are not applied to proxy ACL
UTM-1559 Bug: Webfilter configurations are not removed and prevent c-icap to start
UTM-1606 Bug: /var/run/c-icap volatile directory not always created
UTM-1866 Bug: c-icap cannot allocate memory for buffer
UTM-1868 Bug: icap/settings.panda lock prevents PavapiDaemon to start

UTM Monitoring, Reporting

UTM-1430 Bug: Mails statistics not shown in Event Reporting mail section
UTM-1850 Improvement: Support for hourly graphs
UTM-2031 Bug: Sarg is loading the wrong configuration
UTM-2101 Improvement: Review SARG retention settings
UTM-2105 Improvement: Update SARG
UTM-2108 Bug: Sarg doesn't load language file

UTM Proxy: DNS

UTM-1854 Bug: Dnsmasq is not restarted when a new host is added
UTM-2010 Bug: resolv.conf contains wrong information on initial installation
UTM-2160 Bug: DNS proxy can be enabled on not active zones


UTM-1343 Improvement: HTTP Proxy always in transparent mode for BLUE zone
UTM-1350 Task: Remove authentication from HTTP Proxy
UTM-1386 Bug: Proxy HTTP - icap error due to empty conf file
UTM-1422 Bug: Squid going IPv6 on IPv6 sites resulting in (101) Network is unreachable
UTM-1439 Task: Remove authentication from HTTP Proxy
UTM-1451 Bug: Error joining the HTTP Proxy to Active Directory
UTM-1463 Epic: proxy.pac improvements
UTM-1528 Bug: Proxy authentication is not working with AD
UTM-1565 Epic: Update squid to 3.5.25
UTM-1595 Bug: Squid "number of different IP's per user" setting prevent internet access
UTM-1609 Improvement: SARG report disabled by default
UTM-1652 Bug: wpad is offered via DHCP and HTTP even if proxy is inactive
UTM-1773 Bug: Add parameter winbind max clients to winbind.conf
UTM-1882 Bug: Squid terminates with an error if an entire domain and its subdomains are used in the same access policy
UTM-1897 Bug: Squid exhausting TCP network buffer due to CONNECT keep-alive type of connections
UTM-1908 Bug: setproxyinout produce an error when a restart is perform and the proxy is not installed
UTM-1986 Bug: WPAD in JSON format

UTM Proxy: POP3

UTM-1521 Bug: POP3 whitelisted/blacklisted addresses are not considered with Cyren


UTM-1317 Bug: BAD HEADER mails are quarantined AND passed
UTM-1337 Improvement: Basic interface to configure SMTP smarthost
UTM-1361 Task: Disable antivirus for SMTP proxy
UTM-1382 Bug: DSN option is not working correctly
UTM-1428 Bug: IMAP authentication section not required for Hotspot product
UTM-1433 Bug: Sender address is wrongly set if verify_recipients is set to on
UTM-1435 Task: Disable ipv6 on postfix
UTM-1515 Bug: Missing saslauthd on yocto
UTM-1531 Epic: Postfix access control rewrite
UTM-1668 Improvement: Notify recipients when a virus mail has been detected
UTM-1699 Bug: smtpscan Traceback at boot if shoudstart is False
UTM-1703 Bug: Missing liblogin SASL library
UTM-1965 Bug: amavisd-new doesn't restart after an unclean shutdown due to db corruption
UTM-1970 Bug: AMaViS temporary files are not removed after a day
UTM-2191 Improvement: Update Realtime Blacklist (RBL)

UTM Service: DHCP

UTM-1358 Bug: Missing default gateway, primary DNS and domain while enabling the DHCP Server
UTM-1364 Epic: DHCP Service reengineering
UTM-1368 Bug: Error displaying DHCP Server configuration
UTM-1372 Bug: DHCP enable checkbox disappears
UTM-1376 Bug: No possibility to use secondary subnet in DHCP server configuration
UTM-1389 Bug: DHCP failed to run
UTM-1536 Bug: Custom DHCP configuration not applied
UTM-1555 Bug: Wrong DHCP lease expire time
UTM-1573 Task: Before the netwizard, activate the DHCP server on the first interface
UTM-1637 Task: Disable DHCP server before the netwizard on software appliance
UTM-1680 Bug: Missing dhcrelay binary
UTM-1729 Bug: DHCP dynamic leases page show also expired leases
UTM-1748 Task: Upgrade Dnsmasq to 2.76
UTM-2066 Bug: Netwizard command changes dhcp green configuration and disable other zones dhcp

UTM Service: Intrusion Prevention

UTM-1440 Bug: Unable to disable Snort rules due to a TypeError
UTM-1445 Bug: Snort rules based on "preprocessor ssl" prevent snort to start
UTM-1788 Epic: Snort signatures management fixes
UTM-1938 Bug: QUEUEFW not cleaned after SNORT is disabled
UTM-1968 Bug: IPS not started on boot if no ALLOW with IPS rules are present
UTM-2028 Bug: IPS not started on boot if no uplink is active
UTM-2170 Bug: IPS alerts or Drops are not differentiated in the logs

UTM Service: Quality of Service

UTM-1799 Bug: Unable to make QoS rules for OpenVPN Server instances

UTM Service: SNMP

UTM-1339 Task: Include snmp custom template

UTM VPN: Client

UTM-1821 Task: Add function for getting the OpenVPN client status
UTM-1861 Bug: Openvpnclient gets not monitored after a force restart via jobcontrol
UTM-1885 Task: Send Endian Bus notification on client VPN connection/disconnection


UTM-1347 Bug: VPN page doesn't load on Hotspot appliance
UTM-1642 Improvement: Restrict IPsec proposal usage (strict mode)
UTM-1686 Bug: VPN connection status for IPSEC/L2TP Host-to-Net connection doesn't show Assigned IP and Remote IP
UTM-2156 Bug: Missing option in ipsec.secrets template file for green zone
UTM-2158 Improvement: Set default DPD action to CLEAR for XAUTH and L2TP
UTM-2173 Improvement: Add possibility to choose uplink IP on IPSEC Tunnel
UTM-2189 Bug: DPD Action always set to restart


UTM-1348 Bug: Openvpn client (gw2gw) calls unexistent /bin/ip
UTM-1352 Bug: Missing openssl profile file
UTM-1457 Improvement: Show the total number of connections in "show openvpn"
UTM-1472 Bug: Vpnclient not stopped when in HA slave
UTM-1632 Bug: VPN routing rules are not applied if the language is different from English
UTM-1645 Bug: OpenVPN authentication will fail if user passwords begin with "-"
UTM-1657 Task: Add encryption cipher and digest options to OpenVPN instances
UTM-1683 Epic: Add restart option in vpn postinst and trigger
UTM-1701 Bug: Radius authentication does not work on VPN
UTM-1731 Bug: Extra lines included in available TLS ciphers for OpenVPN
UTM-1745 Improvement: Customize OpenVPN dnsmasq vpn prefix
UTM-1750 Improvement: Allow different certificates for each OpenVPN server instance
UTM-1761 Task: Use Base64 for encoding OpenVPN passwords
UTM-1763 New Feature: Update OpenVPN to 2.4.1
UTM-1770 Bug: OpenVPN stopped after efw-vpn update because of authentication daemon restart
UTM-1780 Task: Restructure OpenVPN status parser
UTM-1796 Improvement: Restructure OpenVPN GUI for handle instance with different certificates
UTM-1804 Bug: openvpn-user fakeconnect raises an exception if username contains a slash
UTM-1811 Improvement: Ignore authentication layer exceptions during OpenVPN restart
UTM-1831 Task: Upgrade OpenVPN to version 2.4.3
UTM-1835 Bug: Re/introduce triggers in efw-vpn and efw-vpnclient for OpenVPN
UTM-1846 Bug: OpenVPN server does not start due to invalid template
UTM-1888 Bug: VPN Connections are not shown
UTM-1912 Improvement: Add option for load custom TLS ciphers
UTM-1918 Bug: Triggers are not executed by openvpn-user fakedisconnect command
UTM-1921 Bug: Server OpenVPN problem after Update
UTM-1931 Bug: KeyError reading OpenVPN status
UTM-1953 Bug: OpenVPN job does not start after reboot
UTM-2034 Improvement: Increase DH size for VPN
UTM-2092 Bug: Push block-outside-dns from OpenVPN Server
UTM-2166 Bug: Add verification on OpenVPN's IP pool range
UTM-2168 New Feature: OpenVPN bridged instance can't set virtual IP pool range on second subnet
UTM-2200 Bug: OpenVPN job crash due to purple_ip_begin parameter handled as mandatory
UTM-2203 Bug: Cannot change OpenVPN instance from TUN/TAP

UTM VPN: User & Group Management

UTM-1904 Improvement: Replace "Disabled for service" with "Enabled services" in user editor

Product Machine Version
4i-edge-112 ifa1610 5.1.0
4i-edge-313 ifa2610 5.1.0
4i-edge-515 ifa3610 5.1.0

4i Data Collector

INDUSTRIAL-42 Bug: Missing python-asn1crypto dependency on python-opcua
INDUSTRIAL-46 Bug: Hide collector tab in GUI
INDUSTRIAL-52 Improvement: upgrade mosquitto to 1.5.5

Core Base system

CORE-2239 Task: Introduce python-paho-mqtt
CORE-2858 Bug: python-paho-mqtt is not correctly built because setuptools are missing in the receipt

Product Machine Version
4i-edge-112 ifa1610 5.1.0
4i-edge-313 ifa2610 5.1.0
4i-edge-515 ifa3610 5.1.0
mercury-50-wifi-scb1617a scb1617a 5.1.0

4i Endian Firewall 4i

INDUSTRIAL-37 New Feature: Create efw-industrial package to collect data from PLC

Core Base system

CORE-2157 Task: Introduce Python requests library

OS Yocto

EOS-1592 Task: Package python-b2

Product Machine Version
macro-250 nsa3150 5.1.0
macro-500 nsa3150 5.1.0
macro-1000 nsa7120b 5.1.0
macro-2500 nsa7120b 5.1.0
macro-x1-nsa3110 nsa3110 5.1.0
macro-x2-nsa3110 nsa3110 5.1.0
mercury-100 nsa1150 5.1.0
mercury-nsa1110 nsa1110 5.1.0
software-enterprise-x64 softwarex86-64 5.1.0
virtual-x64 softwarex86-64 5.1.0

Switchboard Connect Web: RDP/VNC/SSH/TELNET

SB-2281 Bug: Empty FQDN for Portal breaks the access through Connect APP and browser

Switchboard Device management

SB-2266 Bug: Editing of a device generates performance issues on Connect App

Switchboard Portal

SB-2264 Bug: When a user changes or add its own email the field is not saved

Switchboard Settings

SB-2241 Bug: Hide autonomous password recovery if user does not setup mail settings
SB-2299 Bug: Mail settings gets disabled by new ENABLE_EMAIL_PASSWORD_RESET option

Product Machine Version
4i-edge-112 ifa1610 5.1.0
4i-edge-313 ifa2610 5.1.0
4i-edge-515 ifa3610 5.1.0
hotspot-150 scb6901 5.1.0
hotspot-500 nsa1150 5.1.0
hotspot-1500 nsa3150 5.1.0
hotspot-virtual-150 softwarex86-64 5.1.0
hotspot-virtual-500 softwarex86-64 5.1.0
hotspot-virtual-1500 softwarex86-64 5.1.0
macro-250 nsa3150 5.1.0
macro-500 nsa3150 5.1.0
macro-1000 nsa7120b 5.1.0
macro-2500 nsa7120b 5.1.0
macro-x1-nsa3110 nsa3110 5.1.0
macro-x2-nsa3110 nsa3110 5.1.0
mercury-50 dna1120 5.1.0
mercury-50-scb1617a scb1617a 5.1.0
mercury-50-wifi-scb1617a scb1617a 5.1.0
mercury-100 nsa1150 5.1.0
mercury-nsa1110 nsa1110 5.1.0
mini-10 scb6901mmc 5.1.0
mini-10-wifi scb6901mmc 5.1.0
mini-25 dna120 5.1.0
mini-25-scb6901mmc2 scb6901mmc2 5.1.0
mini-25-wifi dna120 5.1.0
mini-25-wifi-scb6901mmc2 scb6901mmc2 5.1.0
software-enterprise-10-x64 softwarex86-64 5.1.0
software-enterprise-x64 softwarex86-64 5.1.0
virtual-10-x64 softwarex86-64 5.1.0
virtual-x64 softwarex86-64 5.1.0

Core Base system

CORE-3318 Improvement: Add crypto module decryption for tcpdump

Core Network configuration

CORE-3305 Improvement: No GUI error given when a static route with default gateway/CIDR notation is added
CORE-3323 Bug: Missing column remark in host configuration

Core Translations

CORE-3355 Bug: Italian misleading translation of Snort GUI actions

Core Uplinksdaemon

CORE-3343 Bug: Static uplinks have a wrong broadcast and netaddress

Hotspot Authentication

HOTSPOT-872 New Feature: Introduce the possibility to set a limit for multiple simultaneous logins

UTM Enterprise Appliance: Hardware

ENTERPRISE-1913 Task: Create mercury-50-wifi-scb1617a appliance

UTM Proxy: DNS

UTM-2176 New Feature: Let Proxy DNS service to log antispyware blocked domains

Have more questions? Submit a request