Community Changelog For Version 3.3.15 - 2022-3-30


Released as Updates to Current 3.3.14 Community Users:

#### Security Base System

Task: CVE 2022-0778

#### UTM Antispam: SpamAssassin

Bug: sa-wrapper command is missing


Additional (Previous) Packages Released as ISO to 3.3.15:

#### Core Firewall
Bug: Policy routing does not work as expected after update

#### UTM Antivirus: ClamAV
UTM-2817 Bug: Upgrade ClamAV to 0.103.5 LTS

#### Core Base system
CORE-4688 Bug: python-certifi should read system CA bundle
CORE-4694 Bug: toscawidgets calls a useless time consuming logging function

#### Core EMI
CORE-4685 Bug: emi performs a lock on each call to load_users when checking access permissions
CORE-4702 Improvement: emi thread dies without informations

#### Core Firewall
CORE-4578 Bug: setpolicyrouting will not mark a connection with destination route via uplink
CORE-4700 Improvement: vpnfwdst chain is populated also if not used

#### OS Yocto
EOS-2167 Improvement: Fix warning on polkit recipe

#### Security Base System
SEC-97 Bug: CVE-2021-4034 pkexec: local privilege escalation

#### UTM Certificate Management
UTM-2804 Task: updates ca-certificates package to 20211016

#### UTM VPN: OpenVPN
UTM-2535 Task: Implement explicit-exit-notify
UTM-2812 Bug: Duplicated ip rule on VPN client reconnection
UTM-2822 Bug: Potential deadlock on VPN disconnect

#### Security Base System
SEC-93 Bug: CVE-2021-40438 Apache mod_proxy vulnerability

#### Core Base system
CORE-2326; Improvement: Add support for Intel X553 Gigabit Ethernet Adapter

#### Core Kernel
CORE-4266; Bug: Fix igxbe compilation issue
CORE-4587; Improvement: Upgrade e1000/i40e kernel module to fix issue in driver

#### Core EMI
CORE-2544 Task: Add ES6-style Promises polyfill library
CORE-2875 Task: Fix js-es6-promise recipe

#### OS Yocto
EOS-387 Epic: Porting of UTM for x86 machines
EOS-622 Bug: kernel: misc fixes
EOS-944 Bug: Grub: missing conffile in /etc/default/grub

#### Core Authentication layer
CORE-1289 Improvement: Add status.authentication.connections
CORE-1356 Bug: Fix wrong imports in endian.authentication_frontend.web
CORE-1505 Task: Support additional parameters in endian.authentication.auth_client.authenticate
CORE-1565 Improvement: Report the authentication provider for successfully login
CORE-1631 Task: Create /var/efw/access/rsa as nobody nogroup
CORE-1731 Task: Filter the DataSource exposed over HTTPS according to the user permisisons
CORE-2152 Task: Introduce python-oauthlib and requests-oauthlib Python libraries
CORE-3133 Bug: Authentication fails is username is numeric and starts with 0
CORE-3287 Improvement: Add user IP address to authentication daemon logs
CORE-4459 Bug: Group cannot be deleted because of a typo
CORE-4472 Bug: Authentication daemon does not start after latest upgrade

#### Core Backup
CORE-1491 Bug: Factory default does not restore ethernet settings
CORE-1500 Bug: Restoring a 3.0 backup on 3.2 will leave files with wrong permissions
CORE-1535 Bug: Cannot create archive only backups
CORE-1553 Bug: Ipacsum calls in /etc/crontab
CORE-1560 Bug: Network hosts imported from 3.0 to 3.2 cause a traceback
CORE-1919 Bug: ECDSA ssh keys are not included in settings backup
CORE-2025 Task: Add an option to backup-restore for restoring only non-system-specific settings
CORE-2271 Bug: Factory reset is not complete
CORE-2454 Bug: Full backup might fill up the volatile partition
CORE-2716 Improvement: Include /etc/ethconfig_include* into the backup
CORE-3154 New Feature: Implement pre and post hooks (run-parts) in
CORE-3300 Bug: Large backups cannot be downloaded on 32bit appliances
CORE-4071 Bug: Cannot create backup if the remark field contains only integers

#### Core Base system
CORE-1309 Task: Enable OpenSSH by default
CORE-1319 Bug: ulogd and acpid are stopped before the first netwizard
CORE-1324 Bug: Monit fails with AssertException
CORE-1340 Task: Add default Vim configuration
CORE-1367 Bug: Replace deprecated Perl calls
CORE-1448 Task: Add default pythonrc
CORE-1456 Task: Allow wildcards hostname in Dnsmasq configuration
CORE-1516 Bug: /etc/init.d/monit reload unmonitors all the services
CORE-1545 Task: Remove obsolete ipcopdeath, ipcoprebirth, and iowrap scripts
CORE-1568 New Feature: Integrate ModemManager
CORE-1581 Task: Display GREEN zone, uplinks, ports status on console
CORE-1584 Improvement: Update ciphers in ssh_config
CORE-1714 Task: Add reboot and shutdown functions in job base
CORE-1776 Task: Allow SSH client to pass locale environment variables
CORE-1796 Task: Optimize firewall restart criteria on boot
CORE-1799 Bug: No monit socket before first netwizard
CORE-1832 Improvement: Disable OpenSSH port 222
CORE-1926 Task: Add efw-shell config command for managing configuration revisions with git
CORE-1956 New Feature: Create bootstrap package
CORE-1960 Task: Package the latest version of jQuery
CORE-1987 Task: Allow configuring several SSH daemon options
CORE-2001 Task: Disable colors in shell commands while piping or redirecting output
CORE-2018 Task: Do not delete the wtmp file on reboot
CORE-2058 Task: Implement Endian Bus (Internal IPC bus)
CORE-2157 Task: Introduce Python requests library
CORE-2178 Task: Introduce Python bleach for UTM
CORE-2203 Improvement: Improve the datasource command allowing changing settings values
CORE-2206 Task: Make console menu configurable
CORE-2259 Improvement: Add CLI notification when a reboot is required
CORE-2996 Bug: Fix documentation url retrieving on version transition
CORE-3318 Improvement: Add crypto module decryption for tcpdump
CORE-3320 Improvement: Upgrade to OpenSSH 7.1p2
CORE-3833 Bug: Missing SSH 7.1 dependency and ssh-dss support
CORE-3960 Bug: Conntrack not cleaned when uplink disconnect multiple times
CORE-4344 Bug: Body of HA notification mails are sent as attachments
CORE-4371 Improvement: Enable tcp window scaling to improve connectivity and bandwidth
CORE-4485 Bug: show status command shows wrong version
CORE-4495 Improvement: Upgrade dnsmasq to 2.79
CORE-4497 Improvement: Fix python modules permissions
CORE-4500 Improvement: Reintroduce sulogin as single boot login
CORE-964 Improvement: Inputrc improvements for history search and other useful keybindings

#### Core Dashboard
CORE-1525 Bug: Mountpoints are shown on "Hardware information" in dashboard page
CORE-1752 Improvement: Remove Status column from Dashboard Network Interfaces plugin
CORE-1813 Improvement: Show in dashboard if signatures download is disabled by an uplink configuration
CORE-2123 Improvement: Mechanism to notify users about a required reboot

#### Core EMI
CORE-1445 Bug: Restrictions ignored when EMI is stopped
CORE-1496 Bug: Non-ASCII subject of mails in quarantine are not displayed correctly
CORE-1542 Task: Use Jobsengine function for reboting
CORE-1600 Task: Remove genshi depends
CORE-1649 New Feature: Tag packets by setting TOS/DSCP bits
CORE-1669 Task: Add endian.platform.nvstorage module for ARM platform
CORE-1740 Task: Rewrite shutdown and gui settings in emi
CORE-1761 Bug: Disabling the first tab with guiprofile also removes menu item
CORE-1767 Bug: Allow web console to run with non root user
CORE-1829 Task: Add require.js and other JavaScript libraries
CORE-1837 Task: Create generic REST controller
CORE-1844 Bug: Proxy HTTP button incorrectly displayed on some products
CORE-1859 Bug: Impossibility to accept license agreement with emi no root
CORE-1866 Bug: Traceback on httpd job on start
CORE-1972 Bug: Additional gui users cannot access to emi webpages
CORE-2011 Bug: Wrong ownership for emi cachestorage file
CORE-2030 Improvement: Add JSON payload support for EMI commands
CORE-2040 Task: Show hooks in datasource command output
CORE-2044 Task: Remove VueJS v1
CORE-2046 Task: Update JQuery DataTables
CORE-2070 Improvement: Start emi/acpid/ulog before the netwizard
CORE-2107 Task: Add a decorator for returning plain error messages
CORE-2117 Bug: Emi MongoStorage _load and _store_items methods ignores current_identity argument
CORE-2129 Bug: text.js is wrongly packaged as require-text.js
CORE-2132 Improvement: Register emi commands with a decorator
CORE-2138 Bug: CSV Storages writes append items into the CSV
CORE-2169 Bug: Wrong default tab for new users and when edit an existing one
CORE-2172 Bug: Cannot change user group membership when language is Italian
CORE-2187 Task: Add new stylesheets and icons (Bootstrap)
CORE-2197 Task: Encrypt PersistentDict with AES
CORE-2200 Bug: JSON EMI command parameter parsing is broken
CORE-2236 Task: NetworkAddress validator optionally calculate network addresses
CORE-2257 Bug: Fix missing dependencies on html5lib
CORE-2288 Task: Create a function for getting running services
CORE-2438 Bug: Migration script manual execution is broken
CORE-2472 Task: Restart Apache after certificate renew
CORE-2608 Improvement: Add an option to GUI setting for the Management GUI HTTPS certificate
CORE-2959 Bug: Cannot generate a certificate on the Management GUI
CORE-3148 Bug: Cannot change language at first boot

#### Core Event Notifications
CORE-1347 Bug: Raid events not detected
CORE-1410 Bug: Raid failing event not detected
CORE-1429 Improvement: Add SSL/TLS and STARTTLS support to email notifications
CORE-1725 Bug: Fix notifications functions update_patterndb
CORE-2050 Bug: openvpnclient events for tunnel opening and closing not triggered
CORE-3160 Bug: Openvpn login successful event doesn't match log pattern
CORE-3164 Bug: Openvpn logout event not matched with some special characters

#### Core Firewall
CORE-1623 Bug: VPN Firewall rules are not applied
CORE-1854 Bug: Conntrack connections table not cleaned after uplink failover
CORE-2088 Bug: Interzone rules not deleted
CORE-2092 Bug: Interzone rules are not created when hotspot interface is used
CORE-2221 Bug: Snort doesn't work when HTTP proxy is ON
CORE-2468 Bug: Incorrect broute rules added by default in bridged mode
CORE-3135 Bug: Typo in Incoming routed traffic source and destination description
CORE-3941 Bug: Established connections on backup link stop working after main uplink comes back online
CORE-4335 Bug: setoutgoingfw taking too long to restart, we need to optimize iptables rules using ipset
CORE-4339 Bug: New PROXYOUTGOINGFW drop traffic on http proxy port
CORE-4379 Bug: ipsets not created at boot and after update
CORE-4434 Bug: Adding ANY ANY rule breaks Port Forwarding firewall
CORE-4438 Bug: Empty lines in source break Outgoing Firewall (input sanitization)

#### Core Hardware support
CORE-2783 Improvement: Add kernel module rndis_host for LTE modem
CORE-4237 Improvement: Add kernel module RTL8152/RTL8153

#### Core Jobsengine
CORE-1438 Bug: Signature updates may leave files in inconsistent state
CORE-1498 Bug: Fix wrong imports in endian.restartscripts.getblackholedns
CORE-1654 New Feature: Disable signature updates for certain uplinks
CORE-1852 Bug: An invalid exit code in a Job action prevents successive Job execution
CORE-2033 Bug: Stop deleting Jobsengine socket on exit
CORE-2225 Task: Move generic files functions from endian.job.commons to endian.core.filetools

#### Core Kernel
CORE-2777 Improvement: Add possiblity to remove SIP netfilter kernel modules
CORE-2911 New Feature: Backport E20/E25 Quectel model driver to kernel 3.14 (4i)
CORE-2965 Bug: Paket loss when installed on xen hypervisor
CORE-4249 Improvement: Add NVMe support to kernel

#### Core Logging & Monitoring
CORE-1487 Bug: Ulogd does not start on netwizard
CORE-1511 Bug: Ipsec logs not rotated due to missing folder in /var/log/archives
CORE-1539 Bug: syslog-ng runs in multiple instances
CORE-1903 Bug: Wrong date in filename for archived logs
CORE-2078 Bug: Logrotate does not rotate log files bigger than 2GB on x86 platforms
CORE-2083 Bug: HTTP Proxy logs not rotated
CORE-2146 Bug: Event reporting graphs not working
CORE-2251 Bug: AttributeError: MultiLineSysLogHandler object has no attribute formatException
CORE-2286 Bug: efw-update crash due to logger module exception
CORE-2921 Bug: Sarg retention in monthly cron is not working
CORE-4544 Bug: fail2ban logging both into messages and fail2ban.log
CORE-4548 Bug: SARG is not generating reports because LC_ALL is missing

#### Core Network configuration
CORE-1358 Bug: Modify "Welcome to Endian Firewall" string in Network Wizard
CORE-1577 Task: Before the netwizard, activate the DHCP client on WAN interface
CORE-1657 Task: Add an option for enabling DHCP server on GREEN from the netwizard
CORE-1701 Improvement: Change order of uplinks type
CORE-1738 Bug: Modem Manager not working properly if language is different than english
CORE-1841 Task: Support Modem Manager uplink in textual netwizard
CORE-1923 Bug: Network Wizard from CLI cannot add multiple IPs on red interface
CORE-1929 Bug: Network interfaces change order
CORE-2297 Task: Textual netwizard should ask for root/admin password
CORE-2329 Bug: Remove emergency_fill_br0 from network restartscript
CORE-2569 Bug: Support driverless 4G USB dongle
CORE-2765 Bug: Add support for driverless 4G usb modems to products
CORE-3146 Bug: Uplink check hosts option are reset after modifying network settings
CORE-3170 Bug: Cannot use CIDR /32 or /31 for additional IP addresses
CORE-3194 Bug: Network Wizard from CLI displays main interface when vlans are in use
CORE-3241 Bug: Cannot configure mobile broadband uplink at first wizard
CORE-3305 Improvement: No GUI error given when a static route with default gateway/CIDR notation is added
CORE-3323 Bug: Missing column remark in host configuration

#### Core Package management
CORE-1413 Bug: Rpm database rebuild procedure slow
CORE-2336 Bug: smart upgrade doesn't upgrade packages on some circumstances

#### Core Service Templates
CORE-1934 Improvement: Add custom configuration file for each OpenVPN client

#### Core Setup Wizard
CORE-1311 Improvement: Force the BLUE zone to be configured
CORE-1336 Task: Add batch option to netwizard
CORE-2499 Bug: Netwizard ignores change on system access rules

#### Core Time
CORE-1297 Improvement: Introduce UTC and GMT timezones
CORE-1749 Task: Update tzdata to 2016g

#### Core Traffic monitoring
CORE-1781 Bug: Redis is using the wrong configuration file on 3.10 and 5.0

#### Core Translations
CORE-1698 Task: Update 5.0 translations
CORE-1771 Task: Update 5.0 translations
CORE-2065 Bug: Upgrade python-simplejson to prevent conversion of i18n strings to JSON failure
CORE-3355 Bug: Italian misleading translation of Snort GUI actions

#### Core Update procedure
CORE-2226 Bug: Autoupdate script not linked after netwizard

#### Core Uplinksdaemon
CORE-1694 Bug: Mobile Broadband uplinks cannot be configured anymore after has been removed once
CORE-1708 Improvement: Uplink GUI string changes
CORE-3343 Bug: Static uplinks has a wrong broadcast and netaddress
CORE-3815 Bug: Uplink failover when main uplink is PPPoE is too slow
CORE-3847 Bug: IP address and subnet assigned to physical interface with PPPoE uplink is currently used by Cloudflare
CORE-3999 Bug: Uplinks daemon doesn't set IP from DHCP with long lease time
CORE-4091 Bug: Uplinksdaemon doesn't have to start onboot if HA is enabled
CORE-4093 Bug: Uplinksdaemon have to send GARP on static uplinks

#### Core Web server
CORE-1523 Task: Improve ciphers used by Apache
CORE-1532 Bug: Apache job fail to start due to missing certificate
CORE-1589 Improvement: Improve encryption and key length for httpd service
CORE-1820 Task: Serve the source Javascript instead of the minified if the source is available
CORE-2219 Task: Add SSLStrictSNIVHostCheck off to httpd configuration
CORE-4411 Bug: httpd wont start if pid file is empty

#### OS BSP
EOS-1956 Improvement: Add Amazon ENA kernel module

#### OS Buildsystem Tools
EOS-1378 Bug: Smart does not always install the latest packages when building the image
EOS-1466 Bug: Fix uglifyjs options to remove build path from sourceMappingURL

#### OS Yocto
EOS-1020 Bug: Duplicate package after an update that restarts sshd
EOS-1023 Improvement: Fix syslog-ng random json support
EOS-1026 Bug: shadow: update to 4.2.1
EOS-1067 Bug: Single user mode for password recovery is not working in yocto
EOS-1074 Bug: commtouch-mailsecurity: volatiles dirs are not created at runtime installation
EOS-1077 Task: remove e1000e and e1000e_update blacklist
EOS-1084 Bug: usb_modeswitch segfault when pluggin 3G modem
EOS-1090 Bug: Smart update fails because of a race condition
EOS-1098 Task: vim: disable mouse default
EOS-1102 Task: Increment PR merged after wrong rebase
EOS-1105 Bug: Post installation trigger for cyrus-sasl-bin slows down or even block installation
EOS-1130 Improvement: Prevent old RPM channels from being installed on Yocto-based systems
EOS-1135 Task: Migrate endian-client sources and recipe to git repository
EOS-1217 Improvement: Apply efw-snort patches on sources
EOS-1324 New Feature: Prepare new layers for js packages
EOS-1592 Task: Package python-b2
EOS-173 Bug: EMI i18n domain FormEncode not found with other language than English
EOS-1895 Bug: All VPN traffic blocked during authentication
EOS-1957 Task: Update ca-certificates package to 20200601
EOS-1996 Bug: /etc/profile: Make sbin(s) dirs available to all users
EOS-212 Bug: Missing kernel.panic=X sysctl
EOS-228 Bug: PyCrypto: missing from image and upgrade to 2.6.1
EOS-232 Bug: iproute2 missing DEPENDS from linux-atm
EOS-244 Task: iproute2 raise release due to EOS-232
EOS-266 Bug: HA fails to establish on IFA3610
EOS-306 Epic: Fix perl native sysroot errors on some recipes
EOS-350 Task: Create better filename format for yocto images
EOS-356 Task: Bump release to 3.10.6
EOS-361 Bug: smartpm: nolinktos is False by default
EOS-371 Bug: Fix /var/cache permission
EOS-381 Bug: Fix sqlobject 2.2.0 ex_setup compile error
EOS-392 New Feature: x86: add ipset tools
EOS-393 Bug: udev use /var/run/udev as working dir that is not mounted when started
EOS-394 Bug: libuser: Upgrade to 0.6.2
EOS-395 Improvement: package oauth2client and dependencies
EOS-421 Improvement: Missing acpid
EOS-432 Task: Make source retrieve mode switch more friendly
EOS-437 Bug: libacpi doesn't exists on arm. Remove dependency.
EOS-446 Bug: acpi: wrong dependencies and version
EOS-455 Bug: Deploy and re-tag sources with missing empty files
EOS-464 Bug: CLONE - Fix pkg dependencies on commtouch-mailsecurity
EOS-508 Bug: postfix doesn't compile for kernels 4.x
EOS-574 Bug: acpi: missing powerbutton scripts
EOS-632 New Feature: Implement multilib
EOS-633 New Feature: Implement multilib
EOS-665 Bug: Fix src-common tag and review recipes for master branch
EOS-692 Bug: xt_ndpi: align 1.6.1 to master
EOS-696 Bug: snmp : missing DEPENDS
EOS-706 Bug: Fix package signing verification at rootfs time
EOS-710 Task: Fix appliance file naming
EOS-714 Bug: lib32-perl-db-file: QA issue on .debug files
EOS-718 Bug: openldap: fix multiple staging
EOS-720 Bug: yocto compile issues
EOS-735 Bug: sum-events-db fails due to missing pysqlite2 library
EOS-753 Bug: acpid is stopped after wizard
EOS-756 Bug: apache2 is in /etc/ folder
EOS-773 Bug: p3scan: Doesn't start on 64 bit machines
EOS-788 New Feature: 64 bit: create community and sw enterprise appliances
EOS-795 Bug: openssl: upgrade to 1.0.1r
EOS-800 Bug: efw-dhcp broken
EOS-809 Bug: add executable permissions to wpad.dat
EOS-826 Task: Move recipes PV to 5.0.1
EOS-832 Bug: proxy-html.conf is now in /usr/share/apache2/extra
EOS-841 Bug: Get rid of gnutls
EOS-846 Improvement: Install *-ptest packages as an additional group
EOS-848 Bug: Review file owner on packages
EOS-857 Bug: logrotate: packed conf file and config is not generated
EOS-879 Task: Changelog extraction on yocto
EOS-922 Bug: Introduce initrd in x86 kernels
EOS-927 Bug: usb_modeswitch doesn't create ttyUSB if usb modem is plugged before boot start
EOS-932 Bug: httplib can't be imported by the management center
EOS-964 Bug: vim: remove backup file creation at all
EOS-971 Bug: url-rewrite: memory leak
EOS-997 Bug: OpenSSL is unable to verify certificates issued by default root CA

#### UTM Antispam: SpamAssassin
UTM-2144 Improvement: fix run_sa_update invocation
UTM-2154 Bug: Spam Training uses wrong command for connection test
UTM-2261 Improvement: Add support for SSL and custom IMAP server port in Spam training
UTM-2278 Bug: If port is not specified spamtraining imap will not connect
UTM-2356 Bug: IMAP training fails if mail is incomplete
UTM-2412 Bug: Missing files in spamassassin and commtouch-mailsecurity

#### UTM Antivirus: ClamAV
UTM-1863 Bug: Jobsengine deadlock prevents jobs from starting

#### UTM Artwork
ENTERPRISE-1770 Bug: Invalid graphic image for closing button displayed when browsing Firewall Diagrams

#### UTM Certificate Management
UTM-1321 Bug: Private keys from PKCS12 are not imported
UTM-1483 Task: Allow at (@) character in certificates common name
UTM-1491 Task: Allow wildcard certificates generation
UTM-1492 Task: Allow wildcards certificate pkcs12 upload
UTM-1496 Task: Certificated with a CA chains with more than one CA cannot be used in VPN server and VPN portal
UTM-1530 Bug: CA certificate symlink is not created
UTM-1552 Bug: Uploaded certificate issued by a trusted CA cannot be deleted
UTM-1654 Task: Add an option for choosing the certificates private key size
UTM-1792 Task: Add local CA certificates to CA bundle
UTM-1806 Improvement: In Certificates change Subject Alt Name textinput to a more usable widget
UTM-1808 Task: Include Subject Alternative Name in the host HTTPS certificates
UTM-2008 Improvement: Randomize the default certificate organization
UTM-2013 Task: Sign certificates with Let's Encrypt
UTM-2081 Bug: Wildcard hostname in certificate creation should be accepted
UTM-2293 Improvement: Can't import CA generated from Active Directory Certificate Services
UTM-2323 Bug: Certificate is only verified against a single CRL
UTM-2437 Bug: When a backup is imported the certificate cache files need to be deleted
UTM-2453 Bug: Subject Alt Name field rejects FQDNs having numbers after the host part

#### UTM Configuration
UTM-2476 Improvement: package xtables-addons

UTM-1549 Bug: Web filter profile containing space in the name are not applied to proxy ACL
UTM-1559 Bug: Webfilter configurations are not removed and prevent c-icap to start
UTM-1606 Bug: /var/run/c-icap volatile directory not always created
UTM-1866 Bug: c-icap cannot allocate memory for buffer
UTM-2517 Bug: icap does not start when clamav is used

#### UTM Monitoring, Reporting
UTM-1430 Bug: Mails statistics not shown in Event Reporting mail section
UTM-1850 Improvement: Support for hourly graphs
UTM-2031 Bug: Sarg is loading the wrong configuration
UTM-2101 Improvement: Review SARG retention settings
UTM-2105 Improvement: Update SARG
UTM-2108 Bug: Sarg doesn't load language file
UTM-2471 Improvement: Remove dansguardian configs from sarg

#### UTM Proxy: DNS
UTM-1854 Bug: Dnsmasq is not restarted when a new host is added
UTM-2010 Bug: resolv.conf contains wrong information on initial installation
UTM-2160 Bug: DNS proxy can be enabled on not active zones
UTM-2176 New Feature: Let Proxy DNS service to log antispyware blocked domains
UTM-2366 Bug: is blocked by DNS Proxy
UTM-2395 Bug: blackhole_httpd_access and blackhole_error_log are not rotated and should be removed

#### UTM Proxy: HTTP
UTM-1343 Improvement: HTTP Proxy always in transparent mode for BLUE zone
UTM-1350 Task: Remove authentication from HTTP Proxy
UTM-1386 Bug: Proxy HTTP - icap error due to empty conf file
UTM-1422 Bug: Squid going IPv6 on IPv6 sites resulting in (101) Network is unreachable
UTM-1439 Task: Remove authentication from HTTP Proxy
UTM-1451 Bug: Error joining the HTTP Proxy to Active Directory
UTM-1463 Epic: proxy.pac improvements
UTM-1528 Bug: Proxy authentication is not working with AD
UTM-1565 Epic: Update squid to 3.5.25
UTM-1595 Bug: Squid "number of different IP's per user" setting prevent internet access
UTM-1609 Improvement: SARG report disabled by default
UTM-1652 Bug: wpad is offered via DHCP and HTTP even if proxy is inactive
UTM-1773 Bug: Add parameter winbind max clients to winbind.conf
UTM-1882 Bug: Squid terminates with an error if an entire domain and its subdomains are used in the same access policy
UTM-1897 Bug: Squid exhausting TCP network buffer due to CONNECT keep-alive type of connections
UTM-1908 Bug: setproxyinout produce an error when a restart is perform and the proxy is not installed
UTM-1986 Bug: WPAD in JSON format
UTM-2398 Improvement: Proxy exclude logging for specific domains
UTM-2455 Bug: Squid MAXTCPLISTENPORTS/MAXTCPLISTENPORTS is too low for some systems

#### UTM Proxy: SMTP
UTM-1317 Bug: BAD HEADER mails are quarantined AND passed
UTM-1337 Improvement: Basic interface to configure SMTP smarthost
UTM-1361 Task: Disable antivirus for SMTP proxy
UTM-1382 Bug: DSN option is not working correctly
UTM-1428 Bug: IMAP authentication section not required for Hotspot product
UTM-1433 Bug: Sender address is wrongly set if verify_recipients is set to on
UTM-1435 Task: Disable ipv6 on postfix
UTM-1515 Bug: Missing saslauthd on yocto
UTM-1531 Epic: Postfix access control rewrite
UTM-1668 Improvement: Notify recipients when a virus mail has been detected
UTM-1699 Bug: smtpscan Traceback at boot if shoudstart is False
UTM-1703 Bug: Missing liblogin SASL library
UTM-1965 Bug: amavisd-new doesn't restart after an unclean shutdown due to db corruption
UTM-1970 Bug: AMaViS temporary files are not removed after a day
UTM-2191 Improvement: Update Realtime Blacklist (RBL)
UTM-2318 Improvement: Add office macros extensions to SMTP proxy's list of blockable extensions

#### UTM Service: DHCP
UTM-1358 Bug: Missing default gateway, primary DNS and domain while enabling the DHCP Server
UTM-1364 Epic: DHCP Service reengineering
UTM-1368 Bug: Error displaying DHCP Server configuration
UTM-1372 Bug: DHCP enable checkbox disappears
UTM-1376 Bug: No possibility to use secondary subnet in DHCP server configuration
UTM-1389 Bug: DHCP failed to run
UTM-1536 Bug: Custom DHCP configuration not applied
UTM-1555 Bug: Wrong DHCP lease expire time
UTM-1573 Task: Before the netwizard, activate the DHCP server on the first interface
UTM-1637 Task: Disable DHCP server before the netwizard on software appliance
UTM-1680 Bug: Missing dhcrelay binary
UTM-1729 Bug: DHCP dynamic leases page show also expired leases
UTM-1748 Task: Upgrade Dnsmasq to 2.76
UTM-2066 Bug: Netwizard command changes dhcp green configuration and disable other zones dhcp

#### UTM Service: Dynamic DNS
UTM-2459 Bug: Regfish dyndns is not working

#### UTM Service: Intrusion Prevention
UTM-1440 Bug: Unable to disable Snort rules due to a TypeError
UTM-1445 Bug: Snort rules based on "preprocessor ssl" prevent snort to start
UTM-1788 Epic: Snort signatures management fixes
UTM-1938 Bug: QUEUEFW not cleaned after SNORT is disabled
UTM-1968 Bug: IPS not started on boot if no ALLOW with IPS rules are present
UTM-2028 Bug: IPS not started on boot if no uplink is active
UTM-2170 Bug: IPS alerts or Drops are not differentiated in the logs
UTM-2457 Improvement: package Fail2ban
UTM-2474 New Feature: Add Intrusion Detection mode for snort

#### UTM Service: Quality of Service
UTM-1799 Bug: Unable to make QoS rules for OpenVPN Server instances

#### UTM Service: SNMP
UTM-1339 Task: Include snmp custom template

#### UTM VPN: Client
UTM-1821 Task: Add function for getting the OpenVPN client status
UTM-1861 Bug: Openvpnclient gets not monitored after a force restart via jobcontrol
UTM-1885 Task: Send Endian Bus notification on client VPN connection/disconnection
UTM-2533 Bug: openvpnclients do not restart after updates are installed

#### UTM VPN: IPsec
UTM-1347 Bug: VPN page doesn't load on Hotspot appliance
UTM-1642 Improvement: Restrict IPsec proposal usage (strict mode)
UTM-1686 Bug: VPN connection status for IPSEC/L2TP Host-to-Net connection doesn't show Assigned IP and Remote IP
UTM-2156 Bug: Missing option in ipsec.secrets template file for green zone
UTM-2158 Improvement: Set default DPD action to CLEAR for XAUTH and L2TP
UTM-2173 Improvement: Add possibility to choose uplink IP on IPSEC Tunnel
UTM-2189 Bug: DPD Action always set to restart
UTM-2267 Bug: Data not removed from ipsec.secrets when ipsec tunnel is disabled

#### UTM VPN: OpenVPN
UTM-1348 Bug: Openvpn client (gw2gw) calls unexistent /bin/ip
UTM-1352 Bug: Missing openssl profile file
UTM-1457 Improvement: Show the total number of connections in "show openvpn"
UTM-1472 Bug: Vpnclient not stopped when in HA slave
UTM-1632 Bug: VPN routing rules are not applied if the language is different from English
UTM-1683 Epic: Add restart option in vpn postinst and trigger
UTM-1745 Improvement: Customize OpenVPN dnsmasq vpn prefix
UTM-1761 Task: Use Base64 for encoding OpenVPN passwords
UTM-1763 New Feature: Update OpenVPN to 2.4.1
UTM-1770 Bug: OpenVPN stopped after efw-vpn update because of authentication daemon restart
UTM-1780 Task: Restructure OpenVPN status parser
UTM-1804 Bug: openvpn-user fakeconnect raises an exception if username contains a slash
UTM-1811 Improvement: Ignore authentication layer exceptions during OpenVPN restart
UTM-1831 Task: Upgrade OpenVPN to version 2.4.3
UTM-1835 Bug: Re/introduce triggers in efw-vpn and efw-vpnclient for OpenVPN
UTM-1846 Bug: OpenVPN server does not start due to invalid template
UTM-1888 Bug: VPN Connections are not shown
UTM-1912 Improvement: Add option for load custom TLS ciphers
UTM-1918 Bug: Triggers are not executed by openvpn-user fakedisconnect command
UTM-1921 Bug: Server OpenVPN problem after Update
UTM-1931 Bug: KeyError reading OpenVPN status
UTM-1953 Bug: OpenVPN job does not start after reboot
UTM-2034 Improvement: Increase DH size for VPN
UTM-2092 Bug: Push block-outside-dns from OpenVPN Server
UTM-2166 Bug: Add verification on OpenVPN's IP pool range
UTM-2168 New Feature: OpenVPN bridged instance can't set virtual IP pool range on second subnet
UTM-2200 Bug: OpenVPN job crash due to purple_ip_begin parameter handled as mandatory
UTM-2203 Bug: Cannot change OpenVPN instance from TUN/TAP
UTM-2246 Bug: Purple ip range is validated also in routed instances
UTM-2249 Bug: Purple subnet for default Openvpn server contains gateway IP
UTM-2263 Bug: Cannot disable channel encryption to OpenVPN instances
UTM-2383 Improvement: Openvpn loadbalancing persistent dict must be moved in run
UTM-2419 Improvement: user should be passed to USER_TEMPLATE
UTM-2514 Bug: openvpnjob.client_disconnect removes net2net routing rules on OpenVPN server

#### UTM VPN: User & Group Management
UTM-1904 Improvement: Replace "Disabled for service" with "Enabled services" in user editor
UTM-2428 Bug: VPN firewall display is wrong when username starts with ALL

#### OS Installer
EOS-2124 Improvement: Add UEFI support for the EOS installer

#### UTM VPN: Client
UTM-2533 Bug: openvpnclients do not restart after updates are installed

#### Core Logging & Monitoring
CORE-4544 Bug: fail2ban logging both into messages and fail2ban.log

#### Core Logging & Monitoring
CORE-4548 Bug: SARG is not generating reports because LC_ALL is missing

UTM-2517 Bug: icap does not start when clamav is used

#### OS Yocto
EOS-1895 Bug: All VPN traffic blocked during authentication

#### UTM VPN: OpenVPN
UTM-2514 Bug: openvpnjob.client_disconnect removes net2net routing rules on OpenVPN server

#### UTM Monitoring, Reporting
UTM-2471 Improvement: Remove dansguardian configs from sarg

#### UTM Proxy: SMTP
UTM-2318 Improvement: Add office macros extensions to SMTP proxy's list of blockable extensions

#### Core Base system
CORE-4371 Improvement: Enable tcp window scaling to improve connectivity and bandwidth
CORE-4485 Bug: show status command shows wrong version
CORE-4495 Improvement: Upgrade dnsmasq to 2.79
CORE-4497 Improvement: Fix python modules permissions
CORE-4500 Improvement: Reintroduce sulogin as single boot login

#### UTM Service: Intrusion Prevention
UTM-2457 Improvement: package Fail2ban
UTM-2474 New Feature: Add Intrusion Detection mode for snort

#### UTM Proxy: HTTP
UTM-2455 Bug: Squid MAXTCPLISTENPORTS/MAXTCPLISTENPORTS is too low for some systems

#### UTM Configuration
UTM-2476 Improvement: package xtables-addons

#### UTM Service: Dynamic DNS
UTM-2459 Bug: Regfish dyndns is not working

Have more questions? Submit a request