Aggregated changelog: 20220329041419
| Product | Machine | Version |
|---|---|---|
| hotspot-150 | scb6901 | 5.2.15 |
| hotspot-500 | nsa1150 | 5.2.15 |
| hotspot-1500 | nsa3150 | 5.2.15 |
| hotspot-virtual-150 | softwarex86-64 | 5.2.15 |
| hotspot-virtual-500 | softwarex86-64 | 5.2.15 |
| hotspot-virtual-1500 | softwarex86-64 | 5.2.15 |
| macro-250 | nsa3150 | 5.2.15 |
| macro-250-scb1721 | scb1721 | 5.2.15 |
| macro-500 | nsa3150 | 5.2.15 |
| macro-500-scb1721 | scb1721 | 5.2.15 |
| macro-1000 | nsa7120b | 5.2.15 |
| macro-2500 | nsa7120b | 5.2.15 |
| macro-plus-scb1910 | scb1910 | 5.2.15 |
| macro-scb1721 | scb1721 | 5.2.15 |
| macro-x1-nsa3110 | nsa3110 | 5.2.15 |
| macro-x2-nsa3110 | nsa3110 | 5.2.15 |
| mercury-50 | dna1120 | 5.2.15 |
| mercury-50-scb1617a | scb1617a | 5.2.15 |
| mercury-50-wifi-scb1617a | scb1617a | 5.2.15 |
| mercury-100 | nsa1150 | 5.2.15 |
| mercury-fws2365 | fws2365 | 5.2.15 |
| mercury-nsa1110 | nsa1110 | 5.2.15 |
| mini-25 | dna120 | 5.2.15 |
| mini-25-scb6901mmc2 | scb6901mmc2 | 5.2.15 |
| mini-25-wifi | dna120 | 5.2.15 |
| mini-25-wifi-scb6901mmc2 | scb6901mmc2 | 5.2.15 |
| mini-fws2276 | fws2276 | 5.2.15 |
| software-enterprise-uefi-x64 | softwarex86-64 | 5.2.15 |
| software-enterprise-x64 | softwarex86-64 | 5.2.15 |
| virtual-uefi-x64 | softwarex86-64 | 5.2.15 |
| virtual-x64 | softwarex86-64 | 5.2.15 |
Hotspot Social Login
HOTSPOT-946 Bug: Facebook API 3.2 is not supported anymore
| Product | Machine | Version |
|---|---|---|
| hotspot-150 | scb6901 | 5.2.15 |
| hotspot-500 | nsa1150 | 5.2.15 |
| hotspot-1500 | nsa3150 | 5.2.15 |
| hotspot-virtual-150 | softwarex86-64 | 5.2.15 |
| hotspot-virtual-500 | softwarex86-64 | 5.2.15 |
| hotspot-virtual-1500 | softwarex86-64 | 5.2.15 |
| macro-250 | nsa3150 | 5.2.15 |
| macro-250-scb1721 | scb1721 | 5.2.15 |
| macro-500 | nsa3150 | 5.2.15 |
| macro-500-scb1721 | scb1721 | 5.2.15 |
| macro-1000 | nsa7120b | 5.2.15 |
| macro-2500 | nsa7120b | 5.2.15 |
| macro-plus-scb1910 | scb1910 | 5.2.15 |
| macro-scb1721 | scb1721 | 5.2.15 |
| macro-x1-nsa3110 | nsa3110 | 5.2.15 |
| macro-x2-nsa3110 | nsa3110 | 5.2.15 |
| mercury-50 | dna1120 | 5.2.15 |
| mercury-50-scb1617a | scb1617a | 5.2.15 |
| mercury-50-wifi-scb1617a | scb1617a | 5.2.15 |
| mercury-100 | nsa1150 | 5.2.15 |
| mercury-fws2365 | fws2365 | 5.2.15 |
| mercury-nsa1110 | nsa1110 | 5.2.15 |
| mini-10 | scb6901mmc | 5.2.15 |
| mini-10-wifi | scb6901mmc | 5.2.15 |
| mini-25 | dna120 | 5.2.15 |
| mini-25-scb6901mmc2 | scb6901mmc2 | 5.2.15 |
| mini-25-wifi | dna120 | 5.2.15 |
| mini-25-wifi-scb6901mmc2 | scb6901mmc2 | 5.2.15 |
| mini-fws2276 | fws2276 | 5.2.15 |
| software-enterprise-10-x64 | softwarex86-64 | 5.2.15 |
| software-enterprise-uefi-x64 | softwarex86-64 | 5.2.15 |
| software-enterprise-x64 | softwarex86-64 | 5.2.15 |
| virtual-10-x64 | softwarex86-64 | 5.2.15 |
| virtual-uefi-x64 | softwarex86-64 | 5.2.15 |
| virtual-x64 | softwarex86-64 | 5.2.15 |
UTM Antispam: SpamAssassin
UTM-2844 Bug: sa-wrapper command is missing
| Product | Machine | Version |
|---|---|---|
| 4i-edge-112 | ifa1610 | 5.2.15 |
| 4i-edge-313 | ifa2610 | 5.2.15 |
| 4i-edge-515 | ifa3610 | 5.2.15 |
| hotspot-150 | scb6901 | 5.2.15 |
| hotspot-500 | nsa1150 | 5.2.15 |
| hotspot-1500 | nsa3150 | 5.2.15 |
| hotspot-virtual-150 | softwarex86-64 | 5.2.15 |
| hotspot-virtual-500 | softwarex86-64 | 5.2.15 |
| hotspot-virtual-1500 | softwarex86-64 | 5.2.15 |
| macro-250 | nsa3150 | 5.2.15 |
| macro-250-scb1721 | scb1721 | 5.2.15 |
| macro-500 | nsa3150 | 5.2.15 |
| macro-500-scb1721 | scb1721 | 5.2.15 |
| macro-1000 | nsa7120b | 5.2.15 |
| macro-2500 | nsa7120b | 5.2.15 |
| macro-plus-scb1910 | scb1910 | 5.2.15 |
| macro-scb1721 | scb1721 | 5.2.15 |
| macro-x1-nsa3110 | nsa3110 | 5.2.15 |
| macro-x2-nsa3110 | nsa3110 | 5.2.15 |
| mercury-50 | dna1120 | 5.2.15 |
| mercury-50-scb1617a | scb1617a | 5.2.15 |
| mercury-50-wifi-scb1617a | scb1617a | 5.2.15 |
| mercury-100 | nsa1150 | 5.2.15 |
| mercury-fws2365 | fws2365 | 5.2.15 |
| mercury-nsa1110 | nsa1110 | 5.2.15 |
| mini-10 | scb6901mmc | 5.2.15 |
| mini-10-wifi | scb6901mmc | 5.2.15 |
| mini-25 | dna120 | 5.2.15 |
| mini-25-scb6901mmc2 | scb6901mmc2 | 5.2.15 |
| mini-25-wifi | dna120 | 5.2.15 |
| mini-25-wifi-scb6901mmc2 | scb6901mmc2 | 5.2.15 |
| mini-fws2276 | fws2276 | 5.2.15 |
| software-enterprise-10-x64 | softwarex86-64 | 5.2.15 |
| software-enterprise-uefi-x64 | softwarex86-64 | 5.2.15 |
| software-enterprise-x64 | softwarex86-64 | 5.2.15 |
| virtual-10-x64 | softwarex86-64 | 5.2.15 |
| virtual-uefi-x64 | softwarex86-64 | 5.2.15 |
| virtual-x64 | softwarex86-64 | 5.2.15 |
Management Center Service
EMC-309 Bug: DNS routing is not pushed from EMC
OS Yocto
EOS-2178 New Feature: Create Mini (2022 Edition) product
Security Base System
SEC-102 Task: CVE 2022-0778
| Product | Machine | Version |
|---|---|---|
| mini-fws2276 | fws2276 | 5.2.15 |
4i Endian Firewall 4i
INDUSTRIAL-37 New Feature: Create efw-industrial package to collect data from PLC
Analytics Collector
ANALYTICS-61 Improvement: 4i-edge: Add collector module
Caterpillar Branding Branding: Appliance
CAT-16 Bug: Add configuration in appliance packages
CAT-69 New Feature: Create upgrade and recovery key with new provisioning
Core Authentication layer
CORE-1289 Improvement: Add status.authentication.connections
CORE-1356 Bug: Fix wrong imports in endian.authentication_frontend.web
CORE-1505 Task: Support additional parameters in endian.authentication.auth_client.authenticate
CORE-1565 Improvement: Report the authentication provider for successfully login
CORE-1631 Task: Create /var/efw/access/rsa as nobody nogroup
CORE-1731 Task: Filter the DataSource exposed over HTTPS according to the user permisisons
CORE-2152 Task: Introduce python-oauthlib and requests-oauthlib Python libraries
CORE-3133 Bug: Authentication fails is username is numeric and starts with 0
CORE-3287 Improvement: Add user IP address to authentication daemon logs
CORE-4459 Bug: Group cannot be deleted because of a typo
CORE-4472 Bug: Authentication daemon does not start after latest upgrade
Core Backup
CORE-1491 Bug: Factory default does not restore ethernet settings
CORE-1500 Bug: Restoring a 3.0 backup on 3.2 will leave files with wrong permissions
CORE-1535 Bug: Cannot create archive only backups
CORE-1553 Bug: Ipacsum calls in /etc/crontab
CORE-1560 Bug: Network hosts imported from 3.0 to 3.2 cause a traceback
CORE-1919 Bug: ECDSA ssh keys are not included in settings backup
CORE-2025 Task: Add an option to backup-restore for restoring only non-system-specific settings
CORE-2271 Bug: Factory reset is not complete
CORE-2454 Bug: Full backup might fill up the volatile partition
CORE-2716 Improvement: Include /etc/ethconfig_include* into the backup
CORE-3154 New Feature: Implement pre and post hooks (run-parts) in autobackup.sh
CORE-3300 Bug: Large backups cannot be downloaded on 32bit appliances
CORE-4071 Bug: Cannot create backup if the remark field contains only integers
Core Base system
CORE-1309 Task: Enable OpenSSH by default
CORE-1319 Bug: ulogd and acpid are stopped before the first netwizard
CORE-1324 Bug: Monit fails with AssertException
CORE-1340 Task: Add default Vim configuration
CORE-1367 Bug: Replace deprecated Perl calls
CORE-1397 Bug: Evaluate OpenSSL CVE-2016-0800 and others
CORE-1448 Task: Add default pythonrc
CORE-1456 Task: Allow wildcards hostname in Dnsmasq configuration
CORE-1508 Improvement: Ability to set a custom Diffie-Hellman group for Apache
CORE-1516 Bug: /etc/init.d/monit reload unmonitors all the services
CORE-1545 Task: Remove obsolete ipcopdeath, ipcoprebirth, and iowrap scripts
CORE-1568 New Feature: Integrate ModemManager
CORE-1581 Task: Display GREEN zone, uplinks, ports status on console
CORE-1584 Improvement: Update ciphers in ssh_config
CORE-1714 Task: Add reboot and shutdown functions in job base
CORE-1729 Bug: Sysctl is not applied because modules.py is missing in efw-restartscript
CORE-1776 Task: Allow SSH client to pass locale environment variables
CORE-1791 Bug: HTTP system access rules are not always created at boot time
CORE-1796 Task: Optimize firewall restart criteria on boot
CORE-1799 Bug: No monit socket before first netwizard
CORE-1832 Improvement: Disable OpenSSH port 222
CORE-1926 Task: Add efw-shell config command for managing configuration revisions with git
CORE-1956 New Feature: Create bootstrap package
CORE-1960 Task: Package the latest version of jQuery
CORE-1987 Task: Allow configuring several SSH daemon options
CORE-2001 Task: Disable colors in shell commands while piping or redirecting output
CORE-2018 Task: Do not delete the wtmp file on reboot
CORE-2058 Task: Implement Endian Bus (Internal IPC bus)
CORE-2157 Task: Introduce Python requests library
CORE-2178 Task: Introduce Python bleach for UTM
CORE-2203 Improvement: Improve the datasource command allowing changing settings values
CORE-2206 Task: Make console menu configurable
CORE-2259 Improvement: Add CLI notification when a reboot is required
CORE-2326 Improvement: Add support for Intel X553 Gigabit Ethernet Adapter
CORE-2378 Bug: CVE-2018-5996 and CVE-2017-17969 p7zip memory corruptions and DDOS
CORE-2687 Bug: Disable weak ciphers on OpenSSH
CORE-2692 Bug: Update git to fix CVE-2018-11235
CORE-2759 Bug: Disable weak MACs on OpenSSH
CORE-2996 Bug: Fix documentation url retrieving on version transition
CORE-3318 Improvement: Add crypto module decryption for tcpdump
CORE-3320 Improvement: Upgrade to OpenSSH 7.1p2
CORE-3833 Bug: Missing SSH 7.1 dependency and ssh-dss support
CORE-3960 Bug: Conntrack not cleaned when uplink disconnect multiple times
CORE-4344 Bug: Body of HA notification mails are sent as attachments
CORE-4371 Improvement: Enable tcp window scaling to improve connectivity and bandwidth
CORE-4485 Bug: show status command shows wrong version
CORE-4495 Improvement: Upgrade dnsmasq to 2.79
CORE-4497 Improvement: Fix python modules permissions
CORE-4500 Improvement: Reintroduce sulogin as single boot login
CORE-4512 Bug: evaluate POINTYFEATHER tar vulnerability (CVE-2016-6321)
CORE-4688 Bug: python-certifi should read system CA bundle
CORE-4694 Bug: toscawidgets calls a useless time consuming logging function
CORE-964 Improvement: Inputrc improvements for history search and other useful keybindings
Core Dashboard
CORE-1525 Bug: Mountpoints are shown on "Hardware information" in dashboard page
CORE-1752 Improvement: Remove Status column from Dashboard Network Interfaces plugin
CORE-1813 Improvement: Show in dashboard if signatures download is disabled by an uplink configuration
CORE-2123 Improvement: Mechanism to notify users about a required reboot
Core EMI
CORE-1445 Bug: Restrictions ignored when EMI is stopped
CORE-1496 Bug: Non-ASCII subject of mails in quarantine are not displayed correctly
CORE-1542 Task: Use Jobsengine function for reboting
CORE-1600 Task: Remove genshi depends
CORE-1649 New Feature: Tag packets by setting TOS/DSCP bits
CORE-1669 Task: Add endian.platform.nvstorage module for ARM platform
CORE-1740 Task: Rewrite shutdown and gui settings in emi
CORE-1761 Bug: Disabling the first tab with guiprofile also removes menu item
CORE-1767 Bug: Allow web console to run with non root user
CORE-1829 Task: Add require.js and other JavaScript libraries
CORE-1837 Task: Create generic REST controller
CORE-1844 Bug: Proxy HTTP button incorrectly displayed on some products
CORE-1859 Bug: Impossibility to accept license agreement with emi no root
CORE-1866 Bug: Traceback on httpd job on start
CORE-1972 Bug: Additional gui users cannot access to emi webpages
CORE-2011 Bug: Wrong ownership for emi cachestorage file
CORE-2030 Improvement: Add JSON payload support for EMI commands
CORE-2040 Task: Show hooks in datasource command output
CORE-2044 Task: Remove VueJS v1
CORE-2046 Task: Update JQuery DataTables
CORE-2070 Improvement: Start emi/acpid/ulog before the netwizard
CORE-2110 Improvement: GUI to manage web users
CORE-2129 Bug: text.js is wrongly packaged as require-text.js
CORE-2132 Improvement: Register emi commands with a decorator
CORE-2138 Bug: CSV Storages writes append items into the CSV
CORE-2169 Bug: Wrong default tab for new users and when edit an existing one
CORE-2172 Bug: Cannot change user group membership when language is Italian
CORE-2187 Task: Add new stylesheets and icons (Bootstrap)
CORE-2197 Task: Encrypt PersistentDict with AES
CORE-2200 Bug: JSON EMI command parameter parsing is broken
CORE-2236 Task: NetworkAddress validator optionally calculate network addresses
CORE-2257 Bug: Fix missing dependencies on html5lib
CORE-2288 Task: Create a function for getting running services
CORE-2438 Bug: Migration script manual execution is broken
CORE-2472 Task: Restart Apache after certificate renew
CORE-2608 Improvement: Add an option to GUI setting for the Management GUI HTTPS certificate
CORE-2959 Bug: Cannot generate a certificate on the Management GUI
CORE-3148 Bug: Cannot change language at first boot
CORE-4441 Bug: Escape output values in EMI templates to avoid XSS
CORE-4685 Bug: emi performs a lock on each call to load_users when checking access permissions
CORE-4702 Improvement: emi thread dies without informations
Core Event Notifications
CORE-1347 Bug: Raid events not detected
CORE-1410 Bug: Raid failing event not detected
CORE-1429 Improvement: Add SSL/TLS and STARTTLS support to email notifications
CORE-1725 Bug: Fix notifications functions update_patterndb
CORE-2050 Bug: openvpnclient events for tunnel opening and closing not triggered
CORE-3160 Bug: Openvpn login successful event doesn't match log pattern
CORE-3164 Bug: Openvpn logout event not matched with some special characters
Core Firewall
CORE-1623 Bug: VPN Firewall rules are not applied
CORE-1746 Bug: OpenVPN destinations are reachable from RED zone
CORE-1854 Bug: Conntrack connections table not cleaned after uplink failover
CORE-2088 Bug: Interzone rules not deleted
CORE-2092 Bug: Interzone rules are not created when hotspot interface is used
CORE-2221 Bug: Snort doesn't work when HTTP proxy is ON
CORE-2468 Bug: Incorrect broute rules added by default in bridged mode
CORE-3135 Bug: Typo in Incoming routed traffic source and destination description
CORE-3941 Bug: Established connections on backup link stop working after main uplink comes back online
CORE-4335 Bug: setoutgoingfw taking too long to restart, we need to optimize iptables rules using ipset
CORE-4339 Bug: New PROXYOUTGOINGFW drop traffic on http proxy port
CORE-4379 Bug: ipsets not created at boot and after update
CORE-4434 Bug: Adding ANY ANY rule breaks Port Forwarding firewall
CORE-4438 Bug: Empty lines in source break Outgoing Firewall (input sanitization)
CORE-4578 Bug: setpolicyrouting will not mark a connection with destination route via uplink
CORE-4700 Improvement: vpnfwdst chain is populated also if not used
CORE-4761 Bug: Policy routing does not work as expected after update
Core Hardware support
CORE-2783 Improvement: Add kernel module rndis_host for LTE modem
CORE-4237 Improvement: Add kernel module RTL8152/RTL8153
Core Jobsengine
CORE-1438 Bug: Signature updates may leave files in inconsistent state
CORE-1498 Bug: Fix wrong imports in endian.restartscripts.getblackholedns
CORE-1654 New Feature: Disable signature updates for certain uplinks
CORE-1852 Bug: An invalid exit code in a Job action prevents successive Job execution
CORE-2033 Bug: Stop deleting Jobsengine socket on exit
CORE-2225 Task: Move generic files functions from endian.job.commons to endian.core.filetools
Core Kernel
CORE-2331 Improvement: Upgrade to kernel 4.4
CORE-2777 Improvement: Add possiblity to remove SIP netfilter kernel modules
CORE-2911 New Feature: Backport E20/E25 Quectel model driver to kernel 3.14 (4i)
CORE-2965 Bug: Paket loss when installed on xen hypervisor
CORE-4249 Improvement: Add NVMe support to kernel
CORE-4266 Bug: Fix igxbe compilation issue
CORE-4587 Improvement: Upgrade e1000/i40e kernel module to fix issue in driver
Core Logging & Monitoring
CORE-1487 Bug: Ulogd does not start on netwizard
CORE-1511 Bug: Ipsec logs not rotated due to missing folder in /var/log/archives
CORE-1539 Bug: syslog-ng runs in multiple instances
CORE-1903 Bug: Wrong date in filename for archived logs
CORE-2078 Bug: Logrotate does not rotate log files bigger than 2GB on x86 platforms
CORE-2083 Bug: HTTP Proxy logs not rotated
CORE-2146 Bug: Event reporting graphs not working
CORE-2251 Bug: AttributeError: MultiLineSysLogHandler object has no attribute formatException
CORE-2286 Bug: efw-update crash due to logger module exception
CORE-2921 Bug: Sarg retention in monthly cron is not working
CORE-4544 Bug: fail2ban logging both into messages and fail2ban.log
CORE-4548 Bug: SARG is not generating reports because LC_ALL is missing
Core Menu
CORE-2980 Improvement: Wrong contextual help links for EasyVPN
Core Network configuration
CORE-1344 Bug: Wrong businfotab for 3.0.5 on Macro 1000 and 2500
CORE-1358 Bug: Modify "Welcome to Endian Firewall" string in Network Wizard
CORE-1577 Task: Before the netwizard, activate the DHCP client on WAN interface
CORE-1657 Task: Add an option for enabling DHCP server on GREEN from the netwizard
CORE-1701 Improvement: Change order of uplinks type
CORE-1738 Bug: Modem Manager not working properly if language is different than english
CORE-1841 Task: Support Modem Manager uplink in textual netwizard
CORE-1923 Bug: Network Wizard from CLI cannot add multiple IPs on red interface
CORE-1929 Bug: Network interfaces change order
CORE-2297 Task: Textual netwizard should ask for root/admin password
CORE-2329 Bug: Remove emergency_fill_br0 from network restartscript
CORE-2569 Bug: Support driverless 4G USB dongle
CORE-2765 Bug: Add support for driverless 4G usb modems to products
CORE-3146 Bug: Uplink check hosts option are reset after modifying network settings
CORE-3170 Bug: Cannot use CIDR /32 or /31 for additional IP addresses
CORE-3194 Bug: Network Wizard from CLI displays main interface when vlans are in use
CORE-3241 Bug: Cannot configure mobile broadband uplink at first wizard
CORE-3305 Improvement: No GUI error given when a static route with default gateway/CIDR notation is added
CORE-3323 Bug: Missing column remark in host configuration
Core Package management
CORE-1413 Bug: Rpm database rebuild procedure slow
CORE-2336 Bug: smart upgrade doesn't upgrade packages on some circumstances
Core Service Templates
CORE-1934 Improvement: Add custom configuration file for each OpenVPN client
Core Setup Wizard
CORE-1311 Improvement: Force the BLUE zone to be configured
CORE-1336 Task: Add batch option to netwizard
CORE-2499 Bug: Netwizard ignores change on system access rules
Core Time
CORE-1297 Improvement: Introduce UTC and GMT timezones
CORE-1749 Task: Update tzdata to 2016g
Core Traffic monitoring
CORE-1781 Bug: Redis is using the wrong configuration file on 3.10 and 5.0
Core Translations
CORE-1698 Task: Update 5.0 translations
CORE-1771 Task: Update 5.0 translations
CORE-2065 Bug: Upgrade python-simplejson to prevent conversion of i18n strings to JSON failure
CORE-3355 Bug: Italian misleading translation of Snort GUI actions
Core Update procedure
CORE-2226 Bug: Autoupdate script not linked after netwizard
Core Uplinksdaemon
CORE-1694 Bug: Mobile Broadband uplinks cannot be configured anymore after has been removed once
CORE-1708 Improvement: Uplink GUI string changes
CORE-3343 Bug: Static uplinks has a wrong broadcast and netaddress
CORE-3815 Bug: Uplink failover when main uplink is PPPoE is too slow
CORE-3847 Bug: IP address and subnet assigned to physical interface with PPPoE uplink is currently used by Cloudflare
CORE-3999 Bug: Uplinks daemon doesn't set IP from DHCP with long lease time
CORE-4091 Bug: Uplinksdaemon doesn't have to start onboot if HA is enabled
CORE-4093 Bug: Uplinksdaemon have to send GARP on static uplinks
Core Web server
CORE-1523 Task: Improve ciphers used by Apache
CORE-1532 Bug: Apache job fail to start due to missing certificate
CORE-1589 Improvement: Improve encryption and key length for httpd service
CORE-1820 Task: Serve the source Javascript instead of the minified if the source is available
CORE-2219 Task: Add SSLStrictSNIVHostCheck off to httpd configuration
CORE-2682 Bug: 3DES ciphers used on apache are vulnerable to SWEET32
CORE-3735 Bug: Apache children crash in mod_xml2enc due to cgi page not handling post content
CORE-4411 Bug: httpd wont start if pid file is empty
Firewall Community Community packages
COMMUNITY-157 Bug: urlfilter job can't decompress the downloaded file
COMMUNITY-223 Bug: Event notifications edit not working on Community
Firewall Community Registration
COMMUNITY-221 New Feature: Force community registration
COMMUNITY-313 Improvement: Trivial error on registration form
COMMUNITY-355 Bug: Appliance asks for re-registration every time a network configuration is performed
Hotspot API
HOTSPOT-853 Bug: Username/password are randomly changed in API user modify call
Hotspot Administration
HOTSPOT-442 Improvement: Limit the number of hotspot users based on subscriptions
HOTSPOT-446 Improvement: Enable Hotspot by default
HOTSPOT-451 Improvement: Default rates for the Hotspot
HOTSPOT-750 Improvement: Correct and simplify the print behavior of the infoedit page
HOTSPOT-784 Bug: Reload of Hotspot emi GUI module fails
HOTSPOT-857 Improvement: Add all the user fields available to the SmartConnect FormField widget
Hotspot Authentication
CORE-2273 Bug: EMI traceback with hotspot external LDAP authentication
HOTSPOT-557 Bug: CoovaChilli cannot authenticate users because of radius queue full
HOTSPOT-760 Improvement: Custom UAM UI server url
HOTSPOT-814 Bug: Hotspot with Proxy "keep source IP address" option causes asymmetrical routing
HOTSPOT-825 Bug: EMI traceback with hotspot external LDAP authentication
HOTSPOT-872 New Feature: Introduce the possibility to set a limit for multiple simultaneous logins
Hotspot CoovaChilli
HOTSPOT-458 Bug: Hotspot activation does not "lock" DHCP settings for the blue zone
HOTSPOT-840 Improvement: CoovaChilli vulnerable to SWEET32
Hotspot Database
HOTSPOT-472 Improvement: Default rate for SmartConnect email registration
HOTSPOT-510 Bug: The hotspot traffic is growing after browsing with 5Gb limit
HOTSPOT-778 Bug: Social Login data not stored in hotspot account table
HOTSPOT-795 New Feature: Include NAS-Identifier into radacct table
HOTSPOT-904 Bug: "Error storing rate" while creating a traffic-based ticket greater that 2147MB
Hotspot Login portal
HOTSPOT-575 Bug: Login fails if HTTPS proxy is enabled
HOTSPOT-580 Task: Use a strong Diffie-Hellman for Hotspot
HOTSPOT-583 Epic: Hotspot Social Enabler
HOTSPOT-755 Bug: Portal login page doesn't detect whether the user is already connected
HOTSPOT-768 Bug: Emi traceback while trying to register an already existent user
HOTSPOT-831 Task: Restart Hotspot after certificate renew
HOTSPOT-895 Task: Renewal of the hotspot.endian.com certificate
HOTSPOT-942 Bug: Renewal of the hotspot.endian.com certificate
Hotspot RADIUS
HOTSPOT-483 Bug: Segmentation faults when radiusd is reloaded
HOTSPOT-630 Bug: Radius warning message "Child is hung for request"
HOTSPOT-802 Bug: Upgrade FreeRADIUS to fix security vulnerabilities
HOTSPOT-903 Bug: Used traffic over 4GB blocks auth due to variable overflow
Hotspot Social Login
HOTSPOT-652 Bug: Social login authentication fail due missing variable
HOTSPOT-654 Improvement: Extract more information from Social Login
HOTSPOT-775 Bug: Social Login is not working if Term of Service is enabled
HOTSPOT-781 Improvement: Improve Social Enabler mobile experience
HOTSPOT-789 New Feature: Twitter and Instagram Social Login
HOTSPOT-797 New Feature: Add information about the social provider used to create an account
HOTSPOT-868 Bug: Facebook API 2.8 EOL
HOTSPOT-926 Improvement: Update Google and Instagram social logins
Management Center Client
EMC-135 Bug: System access firewall rules are pushed but not applied
EMC-153 Task: Add a command for getting running services from gateways
EMC-169 Task: Add a command for getting maintenance expiration
EMC-17 Task: Create EMC client (Recognizer)
EMC-20 Task: Add python-potr recipe
EMC-296 Bug: recognizer is not restarted unless forced
EMC-36 Task: Add python-sleekxmpp recipe
Management Center GUI
EMC-184 Bug: Profile gold gateway is not selectable and page shows wrong colors and alignment
EMC-274 Bug: Wrong version displayed in gold gateway configuration
Management Center Server
EMC-166 Bug: Gateway repository are not included into the backup
EMC-219 Improvement: Add EMC running status in provisioning file
EMC-232 Bug: Hide CherryPy name and version
EMC-235 New Feature: EMC configuration is not synchronized to the slave
EMC-237 Bug: HTTP Proxy Access Policy rules are pushed but not applied
Management Center Service
EMC-140 Bug: IPS ignores configuration pushed from EMC
EMC-142 Bug: DHCP fix leases are ignored when configured by EMC
EMC-160 Bug: Safe Search ignores configuration pushed from EMC
EMC-162 Bug: Web Filter ignores configuration pushed from EMC
EMC-202 Bug: VPN portal ignores configuration pushed from EMC
EMC-303 Improvement: Squid should also attempt to pick up custom options from EMC
OS BSP
EOS-1956 Improvement: Add Amazon ENA kernel module
OS Buildsystem Tools
EOS-1378 Bug: Smart does not always install the latest packages when building the image
EOS-1466 Bug: Fix uglifyjs options to remove build path from sourceMappingURL
EOS-2050 New Feature: Add capability to produce UEFI images for 5.x
OS Installer
EOS-2124 Improvement: Add UEFI support for the EOS installer
OS Product Branding
EOS-1005 Bug: Forced dependency to db-bin because on some product was missing
EOS-1150 Task: Update Panda branding
EOS-1447 New Feature: Create Mercury 50mk2 images
EOS-555 Task: Disable automatic lock on edge appliances
EOS-759 Bug: Panda AV and IPS shows up in 4I and hotspot products Live Logs
OS Yocto
EOS-1020 Bug: Duplicate package after an update that restarts sshd
EOS-1023 Improvement: Fix syslog-ng random json support
EOS-1026 Bug: shadow: update to 4.2.1
EOS-1067 Bug: Single user mode for password recovery is not working in yocto
EOS-1074 Bug: commtouch-mailsecurity: volatiles dirs are not created at runtime installation
EOS-1077 Task: remove e1000e and e1000e_update blacklist
EOS-1084 Bug: usb_modeswitch segfault when pluggin 3G modem
EOS-1090 Bug: Smart update fails because of a race condition
EOS-1098 Task: vim: disable mouse default
EOS-1102 Task: Increment PR merged after wrong rebase
EOS-1105 Bug: Post installation trigger for cyrus-sasl-bin slows down or even block installation
EOS-1122 Task: Fix wrong acs-module recipe license
EOS-1130 Improvement: Prevent old RPM channels from being installed on Yocto-based systems
EOS-1135 Task: Migrate endian-client sources and recipe to git repository
EOS-1143 New Feature: Create mini-10 appliance on SCB6901
EOS-1186 Bug: OpenSSL: security patches (1.0.1u)
EOS-1217 Improvement: Apply efw-snort patches on sources
EOS-1324 New Feature: Prepare new layers for js packages
EOS-1361 New Feature: Create mini-25 and mini-25-wifi product based on SCB6901 machine with dual core and mmc
EOS-1592 Task: Package python-b2
EOS-173 Bug: EMI i18n domain FormEncode not found with other language than English
EOS-1895 Bug: All VPN traffic blocked during authentication
EOS-1996 Bug: /etc/profile: Make sbin(s) dirs available to all users
EOS-2051 Task: Create Mercury 2021 model
EOS-212 Bug: Missing kernel.panic=X sysctl
EOS-2167 Improvement: Fix warning on polkit recipe
EOS-228 Bug: PyCrypto: missing from image and upgrade to 2.6.1
EOS-232 Bug: iproute2 missing DEPENDS from linux-atm
EOS-244 Task: iproute2 raise release due to EOS-232
EOS-266 Bug: HA fails to establish on IFA3610
EOS-306 Epic: Fix perl native sysroot errors on some recipes
EOS-350 Task: Create better filename format for yocto images
EOS-356 Task: Bump release to 3.10.6
EOS-361 Bug: smartpm: nolinktos is False by default
EOS-371 Bug: Fix /var/cache permission
EOS-381 Bug: Fix sqlobject 2.2.0 ex_setup compile error
EOS-392 New Feature: x86: add ipset tools
EOS-393 Bug: udev use /var/run/udev as working dir that is not mounted when started
EOS-394 Bug: libuser: Upgrade to 0.6.2
EOS-395 Improvement: package oauth2client and dependencies
EOS-421 Improvement: Missing acpid
EOS-432 Task: Make source retrieve mode switch more friendly
EOS-437 Bug: libacpi doesn't exists on arm. Remove dependency.
EOS-446 Bug: acpi: wrong dependencies and version
EOS-455 Bug: Deploy and re-tag sources with missing empty files
EOS-464 Bug: CLONE - Fix pkg dependencies on commtouch-mailsecurity
EOS-508 Bug: postfix doesn't compile for kernels 4.x
EOS-574 Bug: acpi: missing powerbutton scripts
EOS-632 New Feature: Implement multilib
EOS-633 New Feature: Implement multilib
EOS-665 Bug: Fix src-common tag and review recipes for master branch
EOS-692 Bug: xt_ndpi: align 1.6.1 to master
EOS-696 Bug: snmp : missing DEPENDS
EOS-706 Bug: Fix package signing verification at rootfs time
EOS-710 Task: Fix appliance file naming
EOS-714 Bug: lib32-perl-db-file: QA issue on .debug files
EOS-718 Bug: openldap: fix multiple staging
EOS-720 Bug: yocto compile issues
EOS-735 Bug: sum-events-db fails due to missing pysqlite2 library
EOS-753 Bug: acpid is stopped after wizard
EOS-756 Bug: apache2 is in /etc/ folder
EOS-772 Bug: acs-module: move to "all" architecture
EOS-773 Bug: p3scan: Doesn't start on 64 bit machines
EOS-788 New Feature: 64 bit: create community and sw enterprise appliances
EOS-795 Bug: openssl: upgrade to 1.0.1r
EOS-800 Bug: efw-dhcp broken
EOS-809 Bug: add executable permissions to wpad.dat
EOS-826 Task: Move recipes PV to 5.0.1
EOS-832 Bug: proxy-html.conf is now in /usr/share/apache2/extra
EOS-834 Bug: coova-chilli: Various fixes while brX intefrace is congested
EOS-841 Bug: Get rid of gnutls
EOS-846 Improvement: Install *-ptest packages as an additional group
EOS-848 Bug: Review file owner on packages
EOS-857 Bug: logrotate: packed conf file and config is not generated
EOS-873 Improvement: pavapi: upgrade to latest version
EOS-875 Bug: Panda antivirus doesn't start anymore
EOS-879 Task: Changelog extraction on yocto
EOS-881 Bug: glibc - getaddrinfo stack-based buffer overflow CVE-2015-7547
EOS-884 Bug: efw-panda: syslog conf has nobody group
EOS-922 Bug: Introduce initrd in x86 kernels
EOS-927 Bug: usb_modeswitch doesn't create ttyUSB if usb modem is plugged before boot start
EOS-932 Bug: httplib can't be imported by the management center
EOS-964 Bug: vim: remove backup file creation at all
EOS-968 Bug: pavapi: Upgrade to 04.06.04.0046
EOS-971 Bug: url-rewrite: memory leak
EOS-997 Bug: OpenSSL is unable to verify certificates issued by default root CA
Orange branding Branding: Appliance
ORANGE-38 New Feature: No dual use product definition
Security Base System
SEC-13 Bug: After a transition to master and back to slave mongo database is lost on both master and slave
SEC-20 Bug: CVE-2020-8597 (Point-to-Point Protocol Daemon) bof
SEC-24 New Feature: Account lockout policy in Authentication Daemon
SEC-28 Bug: EMI locks up when parallel requests are made
SEC-42 Bug: TLSv1 is allowed for all apache virtualhosts
SEC-47 Task: Upgrade sudo to 1.9.5p2
SEC-53 Bug: CVE-2016-2177 vulnerability fix for openssl
SEC-74 New Feature: create efw-fail2ban package
SEC-77 Improvement: Add slowloris mitigation
SEC-85 Bug: CVE-2021-25217 A buffer overrun in lease file parsing code in DHCP / dhclient
SEC-93 Bug: CVE-2021-40438 Apache mod_proxy vulnerability
SEC-97 Bug: CVE-2021-4034 pkexec: local privilege escalation
Switchboard Applications
SB-1576 Bug: Delete all items defined under an organization
Switchboard Dashboard
SB-2548 Bug: Add support to umlauts charset into search fields
Switchboard Database
SB-1354 Improvement: Move latest mongodb dump archive from /var/efw/ to /var/lib
SB-3339 Bug: Improve queries related to User or Gateway editing
Switchboard Device management
SB-2448 Improvement: Add 4i-edge-x to easyvpn and switchboard
SB-3421 Bug: Virtual IP collision for new endpoints
Switchboard GUI
SB-1300 Bug: Align icons, texts and elements in Portal and Management GUI
SB-1459 Bug: OTP buttons and other elemnts are disaligned in "Add User" tab
SB-1469 Improvement: Remove the organization from all the names and show it in a different column
SB-1621 Bug: Unable to create new models
SB-1662 Bug: Unable to delete or edit models
SB-1677 Bug: Adding user from connect app is prevented due error
SB-1806 Bug: Add images for all products in Plug and Connect procedure
SB-1827 Improvement: Sorting connection by status does not work
SB-1835 Bug: Notification are displayed below the motd
SB-1847 Task: In user permission widget disable Drag and Drop and avoid repositioning permissions at the end of the list
SB-1897 Bug: OTP buttons are disaligned in "Add User" tab
SB-1910 Bug: Gateway logs contains data from other gateway of different organizations
SB-2432 Task: Add Edge X Plug & Connect images
SB-2935 Improvement: Dashboard performance improvements
SB-3130 Bug: Debounce of search filters not working correctly
SB-981 New Feature: Administration GUI for Switchboard maps
Switchboard Portal
SB-2965 Improvement: prevent search engine indexing and listing (for 62443 certification)
Switchboard Provisioning
SB-1360 Bug: A gateway cannot download its devices configurations
SB-1610 Task: Move Switchboard pushed configuration to /var/run/sb
SB-1776 Bug: Console menu option to connect the system to the Switchboard cannot be aborted
Switchboard Statistics
SB-2032 Bug: commands.access.internal.vpnEventDisconnect cause high CPU usage
Switchboard VPN Backend
SB-2910 Bug: More than 64 endpoints will create a client-nat overflow
UTM Antispam: SpamAssassin
UTM-2144 Improvement: fix run_sa_update invocation
UTM-2154 Bug: Spam Training uses wrong command for connection test
UTM-2261 Improvement: Add support for SSL and custom IMAP server port in Spam training
UTM-2278 Bug: If port is not specified spamtraining imap will not connect
UTM-2356 Bug: IMAP training fails if mail is incomplete
UTM-2412 Bug: Missing files in spamassassin and commtouch-mailsecurity
UTM Antivirus: ClamAV
UTM-1776 Task: Update ClamAV to fix some CVE
UTM-1863 Bug: Jobsengine deadlock prevents jobs from starting
UTM-2817 Bug: Upgrade ClamAV to 0.103.5 LTS
UTM Artwork
ENTERPRISE-1770 Bug: Invalid graphic image for closing button displayed when browsing Firewall Diagrams
UTM Certificate Management
UTM-1321 Bug: Private keys from PKCS12 are not imported
UTM-1483 Task: Allow at (@) character in certificates common name
UTM-1491 Task: Allow wildcard certificates generation
UTM-1492 Task: Allow wildcards certificate pkcs12 upload
UTM-1496 Task: Certificated with a CA chains with more than one CA cannot be used in VPN server and VPN portal
UTM-1530 Bug: CA certificate symlink is not created
UTM-1552 Bug: Uploaded certificate issued by a trusted CA cannot be deleted
UTM-1654 Task: Add an option for choosing the certificates private key size
UTM-1792 Task: Add local CA certificates to CA bundle
UTM-1806 Improvement: In Certificates change Subject Alt Name textinput to a more usable widget
UTM-1808 Task: Include Subject Alternative Name in the host HTTPS certificates
UTM-2008 Improvement: Randomize the default certificate organization
UTM-2013 Task: Sign certificates with Let's Encrypt
UTM-2047 New Feature: Add GUI for creating non-wildcard Let's Encrypt certificates
UTM-2081 Bug: Wildcard hostname in certificate creation should be accepted
UTM-2293 Improvement: Can't import CA generated from Active Directory Certificate Services
UTM-2323 Bug: Certificate is only verified against a single CRL
UTM-2437 Bug: When a backup is imported the certificate cache files need to be deleted
UTM-2453 Bug: Subject Alt Name field rejects FQDNs having numbers after the host part
UTM-2804 Task: updates ca-certificates package to 20211016
UTM Configuration
UTM-2476 Improvement: package xtables-addons
UTM Enterprise Antispam: Commtouch
ENTERPRISE-1066 Task: Disable Cyren when license has expired
ENTERPRISE-1085 Task: Disable Cyren when license has expired
ENTERPRISE-1150 Bug: Missing Cyren webfilter and antispam under HTTP and SMTP proxies section
UTM Enterprise Antivirus
ENTERPRISE-1503 Task: Evaluate antivirus engines
ENTERPRISE-2286 Task: Integrate bitdefender
ENTERPRISE-2321 New Feature: Fix dependency loop for antivirus packages
ENTERPRISE-2327 Improvement: Antivirus log page show logs not related to virus events
ENTERPRISE-2450 Bug: icap sends logs not related to viruses to remote syslog
UTM Enterprise Antivirus: Bitdefender
ENTERPRISE-2314 Epic: Bitdefender status info and log management
ENTERPRISE-2347 Bug: Bitdefender last signature update is not displayed correctly
ENTERPRISE-2396 Bug: bitdefender not detecting virus locally but detects it on virustotal
ENTERPRISE-2398 Bug: bitdefender not detecting virus locally but detects it on virustotal
UTM Enterprise Antivirus: Panda
ENTERPRISE-1047 Bug: efw-panda: missing monit reload for pavapidaemon in postinst
ENTERPRISE-1065 Task: Disable Panda Cloud AV when license has expired
ENTERPRISE-1074 Bug: indentation error on panda restartscript
ENTERPRISE-1080 Bug: Squid error with acs_module installed
ENTERPRISE-1083 Bug: invalid squid configuration with acs_module
ENTERPRISE-1152 Bug: Panda Antivirus engine does not appear in the Antivirus Engine section
ENTERPRISE-1166 Bug: icap throws a SEGV while scans infected archives
ENTERPRISE-1172 Bug: pavapi: wrong detection on some files
ENTERPRISE-1228 Bug: Both Panda Cloud Antivirus and ClamAV started at the same time
ENTERPRISE-1231 Improvement: Avoid pavapidaemon restart if not forced
ENTERPRISE-1404 Improvement: Pavapi: new libpavapi library
ENTERPRISE-1485 Bug: PandaAV signatures update stuck
ENTERPRISE-1796 Improvement: Pavapi various fixes
ENTERPRISE-1863 Bug: Missing pavapi rdepends on efw-panda
ENTERPRISE-2038 Bug: pandacheck cron runs with all proxy disabled
ENTERPRISE-2046 Bug: Weird characters written by panda scan
ENTERPRISE-2282 Bug: Panda configuration file for icap is empty due to setting seen by restartscript
UTM Enterprise Appliance: Hardware
ENTERPRISE-1013 Task: Endian Hotspot 150 appliance
ENTERPRISE-1014 Task: Endian Hotspot 500 appliance
ENTERPRISE-1015 Task: Endian Hotspot 1500 appliance
ENTERPRISE-1016 Task: Endian Hotspot Virtual 150 appliance
ENTERPRISE-1017 Task: Endian Hotspot Virtual 500 appliance
ENTERPRISE-1018 Task: Endian Hotspot Virtual 1500 appliance
ENTERPRISE-1022 Task: Update Hotspot 150 businfotab
ENTERPRISE-1032 Task: Dependency to commtouch-webfilter for all Hotspot appliances
ENTERPRISE-1035 Task: Remove "Appliance" from Hotpost appliances name
ENTERPRISE-1067 Bug: Remove POP3 and IPS signatures summary from dashboard
ENTERPRISE-1094 Bug: Certificate section is viewable from Hotspot products
ENTERPRISE-1103 Bug: Product name not shown correctly on LCD
ENTERPRISE-1189 Task: Add default WAN port configuration
ENTERPRISE-1253 Task: Rename Mini 25 Wireless to Mini 25 Wi-Fi
ENTERPRISE-1259 Task: Create Mini 10 Wi-Fi product
ENTERPRISE-1282 Bug: Missing businfotab files on Mini 10 WiFi and Mini 25 WiFi
ENTERPRISE-1479 Bug: Manage certificate page is available on hotspot products
ENTERPRISE-1695 Bug: Admin user can't download OpenVPN ca certificate on Hotspot appliances
ENTERPRISE-1749 Task: EasyVPN should not available for hotspot products
ENTERPRISE-1761 Bug: Migration script not running in endian-appliance package
ENTERPRISE-1913 Task: Create mercury-50-wifi-scb1617a appliance
ENTERPRISE-2112 Improvement: Create new macro 250/500 appliance recipes
ENTERPRISE-2382 Task: Create macro plus 2020 model product
ENTERPRISE-2495 New Feature: Create Macro 2021 Edition
UTM Enterprise Appliance: Software
ENTERPRISE-1026 Task: Default menu for Hotspot appliances
ENTERPRISE-1360 Bug: Wrong product id for software and virtual
UTM Enterprise Appliance: Virtual
ENTERPRISE-1058 Task: Adjust service configuration parameters for Hotspot appliances
ENTERPRISE-1077 Task: Virtual images for Hotspot appliances
ENTERPRISE-1235 Bug: Appliance product name doesn't appear on the web interface
ENTERPRISE-1366 Bug: Virtual appliances are not blocked anymore when maintenance expires
UTM Enterprise Application Firewall
ENTERPRISE-1040 Task: Remove references to IPS in firewall GUIs
ENTERPRISE-1519 Bug: Proxied traffic not working if AppFW firewall rules are configured
ENTERPRISE-1595 Epic: Introduce a new Application Firewall
ENTERPRISE-1682 Bug: ndpi daemon still running even if there are not rules enabled
ENTERPRISE-1830 Improvement: Limit life of nfq_ndpi_firewall worker processes
UTM Enterprise Authentication layer: Enterprise
ENTERPRISE-1142 Bug: RADIUS provider fails to load
ENTERPRISE-1146 Bug: Edit Authentication server mappings will remove apache as Authentication server
ENTERPRISE-1624 Improvement: Add support for AES encrypted password
ENTERPRISE-1646 Bug: VPN Authentication on LDAP fails with "operations error"
ENTERPRISE-2072 New Feature: Support for secure LDAP (ldaps)
UTM Enterprise Documentation
ENTERPRISE-1755 Improvement: EasyVPN Title and Menu text Change
UTM Enterprise Endian Network
ENTERPRISE-1097 Bug: en-client logs fill up /var/log partition if timezone is brought back
ENTERPRISE-1160 Task: Allow the systems registration using the "registration key" instead of the EN password
ENTERPRISE-1164 Bug: Fix endian-client recipes
ENTERPRISE-1195 Task: Create tunnels.config instead of using the obsolete registerLookup
ENTERPRISE-1198 Task: Create smbconfig.config instead of using the obsolete registerLookup
ENTERPRISE-1293 Bug: Traceback after en-client after acs-module installation
ENTERPRISE-1304 Bug: Activation Codes longer than 20 char cannot be entered in GUI registration page
ENTERPRISE-1371 Bug: Initial registration page do not redirect correctly trought Switchboard portal
ENTERPRISE-1385 Task: Register a system on Endian Network with an given System ID
ENTERPRISE-1417 Bug: en-liveclient tracebacks
ENTERPRISE-1692 Task: Wrong count of system users information sent to EN
ENTERPRISE-1727 Bug: Delete-sysid not working during backup restore if reboot option is used
ENTERPRISE-1811 Bug: Endian Client not working when upstream proxy is set
UTM-2086 Bug: Wrong count of VPN users information sent to EN
UTM Enterprise Enterprise Updates
ENTERPRISE-1511 Bug: efw-update changes breaks updates from GUI
ENTERPRISE-1527 Bug: efw-update no longer working
ENTERPRISE-1726 Task: Enterprise 5.1 release
UTM Enterprise License
ENTERPRISE-1009 Improvement: Ability to write a custom support message
ENTERPRISE-1063 Task: Update license
ENTERPRISE-1348 Task: Do not include server host in redirect
ENTERPRISE-1947 Improvement: Update address inside license agreement
UTM Enterprise Monitoring, Reporting
ENTERPRISE-1181 Bug: Traffic Monitoring search box vulnerable to XSS due to no input sanitization
ENTERPRISE-1274 Bug: Not found EMI error when clicking Web chart slice from Summary
ENTERPRISE-1300 Bug: Unable to open Event Reporting database imported from a 3.0 backup
ENTERPRISE-1547 Bug: Limit events.db size
ENTERPRISE-1823 Bug: Panda Antivirus service log points to wrong file
ENTERPRISE-2035 Bug: Livelogs shows a blank page in case of parsing of an uncodified characther
ENTERPRISE-2166 Bug: Snort logs do not show in graphical logs
UTM Enterprise Network: Wireless
ENTERPRISE-1362 Bug: System access and transparent proxy rules not created for wifi appliances in bridged mode
ENTERPRISE-2252 Bug: Enable DFS for wireless on Mercury 50 wifi
ENTERPRISE-2483 New Feature: Add QCA988X firmware
UTM Enterprise Provisioning
ENTERPRISE-1332 Bug: Provisioning process prevent network wizard settings application
ENTERPRISE-1335 Task: Use registry.endian.com as autoregistration host
ENTERPRISE-1350 Improvement: Autoregistration download from https://registry.endian.com must accept only trusted certificates
ENTERPRISE-1356 Bug: Provisioning fails if unicode characters are used in the Company field
ENTERPRISE-1394 Task: Add options for excluding provisioning sections from import
ENTERPRISE-1421 Bug: Provisioning do not set domainname
ENTERPRISE-1456 Improvement: Check for configurations on registry.endian.com for one day after network wizard
ENTERPRISE-1471 Improvement: Add console menu option to connect the system to the Switchboard
ENTERPRISE-1475 New Feature: Add a gui to connect the system to the Switchboard
ENTERPRISE-1491 Bug: Remove git configuration information from provisioning dump
ENTERPRISE-1594 New Feature: Support Local VPN configuration in provisioning
ENTERPRISE-2485 Task: Allow provisioning of multiple IP addresses for GREEN, ORANGE, BLUE zones
UTM Enterprise Quality of service: Tagging
ENTERPRISE-1266 Bug: QOS Tagging is not possible to change the rules order
ENTERPRISE-1310 Bug: QoS Tagging rules should tag and return to not match other tag rules
UTM Enterprise Service: High Availability
ENTERPRISE-1126 Bug: Uplink remains enabled on the slave unit when in stand-by
ENTERPRISE-1132 Bug: Coova-Chilli release IPs on HA slave in backup state
ENTERPRISE-1138 Bug: HA takeover when interzone firewall is modified
ENTERPRISE-1397 Bug: DHCP HA load-balancing settings block dhcp from releasing IP
ENTERPRISE-1572 Bug: Default GW is not set on slave at take over in No Uplink mode
ENTERPRISE-2156 Bug: IPsec daemon is running on slave
ENTERPRISE-2157 Bug: mcp is not switched off on slave, causes syslog fill
ENTERPRISE-2246 Bug: Subject of HA notification mails is not added correctly
UTM Enterprise Service: Mail Quarantine
ENTERPRISE-1049 Bug: Quarantine summary reports are quarantined with Cyren enabled
ENTERPRISE-1206 Improvement: Quarantine digest stops when email is not sent and smtp isn't running
ENTERPRISE-1271 Task: Remove debug logs
ENTERPRISE-1445 Bug: XSS in Mail Quarantine
ENTERPRISE-1639 Bug: Error while trying to format column 'from_' value
UTM Enterprise User Interface
ENTERPRISE-1048 Bug: FTP Proxy menu is shown on Hotspot appliances
ENTERPRISE-1072 Task: Remove "Appliance" from CGI footer
ENTERPRISE-1477 Bug: Apache failing to redirect to the dashboard after succesful registration
ENTERPRISE-1497 Bug: Remove Plug and Connect customizations for non-Endian brandings
ENTERPRISE-1523 Bug: Remove Plug and Connect console customizations for non-Endian brandings
ENTERPRISE-1775 Bug: Hotspot service shown as stopped in System Status
ENTERPRISE-1877 Bug: Wrong link for contextual help
ENTERPRISE-2064 Improvement: Update wizard and plug & connect images
ENTERPRISE-2355 Improvement: "Log all accepted connections" tickbox should warn about risk of filling log partition
UTM Enterprise VPN: Enterprise options
ENTERPRISE-1215 Bug: OpenVPN client connection is allowed with empty password
ENTERPRISE-1239 Bug: efw-eal-backend-enterprise migration failure because of KeyError: 'provider_name'
ENTERPRISE-1598 New Feature: EasyVPN for enterprise systems
ENTERPRISE-1734 Bug: Add an option to EasyVPN P&C procedure push server GREEN network to clients
ENTERPRISE-1765 Bug: Easyvpn virtualhost link is not removed when turned off
ENTERPRISE-1847 Bug: EasyVPN client connected with P&C always have GREEN zone pushed
ENTERPRISE-2128 Bug: Openvpn server doesn't have to starts onboot if HA is enabled
UTM Enterprise VPN: L2TP
ENTERPRISE-1117 Bug: L2TP authentcation error if password has special chars
ENTERPRISE-1191 Bug: IPsec/L2TP works with transport mode only on strongSwan 5.3
ENTERPRISE-1320 Bug: L2TP job doesn't start due to wrong shouldstart check
ENTERPRISE-1323 Bug: IPsec job doesn't start due to wrong shouldstart check
ENTERPRISE-1465 Bug: L2TP job remains in waiting_depends status forever when L2TP is not enabled
ENTERPRISE-1550 Bug: L2TP VPN user status not updated in Status VPN Connections
ENTERPRISE-1841 Bug: Incorrect configuration for IPsec/L2TP certificate authentication tunnels
UTM Enterprise VPN: Portal
ENTERPRISE-1088 Bug: VPN Portal requires certificates type server
ENTERPRISE-1148 Improvement: Use apache custom Diffie-Hellman group for Reverse Proxy
ENTERPRISE-1469 Bug: VPN Portal cannot connect to HTTPS servers with small DH
ENTERPRISE-1686 Bug: VPN Portal should set Secure cookie flag OID: 1.3.6.1.4.1.25623.1.0.902661
ENTERPRISE-1708 Improvement: VPN Portal add possibility to enable/disable Secure cookie through datasource
UTM Enterprise Webfilter: Commtouch
ENTERPRISE-1037 Task: Cyren webfilter and SafeSearch default profiles
ENTERPRISE-1376 Improvement: commtouch-webfilter: upgrade to 8.01.0000
ENTERPRISE-1434 Improvement: Downgrade commtouch-webfilter to 8.00.0049
UTM Enterprise Webfilter: HTTPS Transparent content filtering
ENTERPRISE-1538 Task: Remove popup to warn users to enable dnsproxy when https urfiltering mode is in use
UTM-1927 New Feature: Content filter for https pages
UTM ICAP
UTM-1549 Bug: Web filter profile containing space in the name are not applied to proxy ACL
UTM-1559 Bug: Webfilter configurations are not removed and prevent c-icap to start
UTM-1606 Bug: /var/run/c-icap volatile directory not always created
UTM-1866 Bug: c-icap cannot allocate memory for buffer
UTM-1868 Bug: icap/settings.panda lock prevents PavapiDaemon to start
UTM-2517 Bug: icap does not start when clamav is used
UTM Monitoring, Reporting
UTM-1430 Bug: Mails statistics not shown in Event Reporting mail section
UTM-1850 Improvement: Support for hourly graphs
UTM-2031 Bug: Sarg is loading the wrong configuration
UTM-2101 Improvement: Review SARG retention settings
UTM-2105 Improvement: Update SARG
UTM-2108 Bug: Sarg doesn't load language file
UTM-2471 Improvement: Remove dansguardian configs from sarg
UTM Proxy: DNS
UTM-1854 Bug: Dnsmasq is not restarted when a new host is added
UTM-2010 Bug: resolv.conf contains wrong information on initial installation
UTM-2160 Bug: DNS proxy can be enabled on not active zones
UTM-2176 New Feature: Let Proxy DNS service to log antispyware blocked domains
UTM-2366 Bug: Onedrive.live.com is blocked by DNS Proxy
UTM-2395 Bug: blackhole_httpd_access and blackhole_error_log are not rotated and should be removed
UTM Proxy: HTTP
UTM-1343 Improvement: HTTP Proxy always in transparent mode for BLUE zone
UTM-1350 Task: Remove authentication from HTTP Proxy
UTM-1386 Bug: Proxy HTTP - icap error due to empty conf file
UTM-1422 Bug: Squid going IPv6 on IPv6 sites resulting in (101) Network is unreachable
UTM-1439 Task: Remove authentication from HTTP Proxy
UTM-1451 Bug: Error joining the HTTP Proxy to Active Directory
UTM-1463 Epic: proxy.pac improvements
UTM-1528 Bug: Proxy authentication is not working with AD
UTM-1565 Epic: Update squid to 3.5.25
UTM-1595 Bug: Squid "number of different IP's per user" setting prevent internet access
UTM-1609 Improvement: SARG report disabled by default
UTM-1652 Bug: wpad is offered via DHCP and HTTP even if proxy is inactive
UTM-1773 Bug: Add parameter winbind max clients to winbind.conf
UTM-1882 Bug: Squid terminates with an error if an entire domain and its subdomains are used in the same access policy
UTM-1897 Bug: Squid exhausting TCP network buffer due to CONNECT keep-alive type of connections
UTM-1908 Bug: setproxyinout produce an error when a restart is perform and the proxy is not installed
UTM-1986 Bug: WPAD in JSON format
UTM-2208 Improvement: Suppress Squid version string info in HTTP headers and HTML error pages
UTM-2398 Improvement: Proxy exclude logging for specific domains
UTM-2455 Bug: Squid MAXTCPLISTENPORTS/MAXTCPLISTENPORTS is too low for some systems
UTM Proxy: HTTPS
UTM-2162 Bug: HTTPS Proxy high memory usage
UTM Proxy: POP3
UTM-1521 Bug: POP3 whitelisted/blacklisted addresses are not considered with Cyren
UTM Proxy: SMTP
UTM-1317 Bug: BAD HEADER mails are quarantined AND passed
UTM-1337 Improvement: Basic interface to configure SMTP smarthost
UTM-1361 Task: Disable antivirus for SMTP proxy
UTM-1382 Bug: DSN option is not working correctly
UTM-1397 Bug: SSLv3 POODLE for SMTP Proxy
UTM-1428 Bug: IMAP authentication section not required for Hotspot product
UTM-1433 Bug: Sender address is wrongly set if verify_recipients is set to on
UTM-1435 Task: Disable ipv6 on postfix
UTM-1515 Bug: Missing saslauthd on yocto
UTM-1531 Epic: Postfix access control rewrite
UTM-1668 Improvement: Notify recipients when a virus mail has been detected
UTM-1699 Bug: smtpscan Traceback at boot if shoudstart is False
UTM-1703 Bug: Missing liblogin SASL library
UTM-1965 Bug: amavisd-new doesn't restart after an unclean shutdown due to db corruption
UTM-1970 Bug: AMaViS temporary files are not removed after a day
UTM-2191 Improvement: Update Realtime Blacklist (RBL)
UTM-2318 Improvement: Add office macros extensions to SMTP proxy's list of blockable extensions
UTM Service: DHCP
UTM-1358 Bug: Missing default gateway, primary DNS and domain while enabling the DHCP Server
UTM-1364 Epic: DHCP Service reengineering
UTM-1368 Bug: Error displaying DHCP Server configuration
UTM-1372 Bug: DHCP enable checkbox disappears
UTM-1376 Bug: No possibility to use secondary subnet in DHCP server configuration
UTM-1389 Bug: DHCP failed to run
UTM-1536 Bug: Custom DHCP configuration not applied
UTM-1555 Bug: Wrong DHCP lease expire time
UTM-1573 Task: Before the netwizard, activate the DHCP server on the first interface
UTM-1637 Task: Disable DHCP server before the netwizard on software appliance
UTM-1680 Bug: Missing dhcrelay binary
UTM-1729 Bug: DHCP dynamic leases page show also expired leases
UTM-1748 Task: Upgrade Dnsmasq to 2.76
UTM-2066 Bug: Netwizard command changes dhcp green configuration and disable other zones dhcp
UTM Service: Dynamic DNS
UTM-2459 Bug: Regfish dyndns is not working
UTM Service: Intrusion Prevention
UTM-1440 Bug: Unable to disable Snort rules due to a TypeError
UTM-1445 Bug: Snort rules based on "preprocessor ssl" prevent snort to start
UTM-1788 Epic: Snort signatures management fixes
UTM-1858 Bug: Snort signatures are not updated
UTM-1938 Bug: QUEUEFW not cleaned after SNORT is disabled
UTM-1968 Bug: IPS not started on boot if no ALLOW with IPS rules are present
UTM-2028 Bug: IPS not started on boot if no uplink is active
UTM-2170 Bug: IPS alerts or Drops are not differentiated in the logs
UTM-2457 Improvement: package Fail2ban
UTM-2474 New Feature: Add Intrusion Detection mode for snort
UTM Service: Quality of Service
UTM-1799 Bug: Unable to make QoS rules for OpenVPN Server instances
UTM Service: SNMP
UTM-1339 Task: Include snmp custom template
UTM VPN: Client
UTM-1821 Task: Add function for getting the OpenVPN client status
UTM-1861 Bug: Openvpnclient gets not monitored after a force restart via jobcontrol
UTM-1885 Task: Send Endian Bus notification on client VPN connection/disconnection
UTM-2533 Bug: openvpnclients do not restart after updates are installed
UTM VPN: IPsec
UTM-1347 Bug: VPN page doesn't load on Hotspot appliance
UTM-1642 Improvement: Restrict IPsec proposal usage (strict mode)
UTM-1686 Bug: VPN connection status for IPSEC/L2TP Host-to-Net connection doesn't show Assigned IP and Remote IP
UTM-2156 Bug: Missing option in ipsec.secrets template file for green zone
UTM-2158 Improvement: Set default DPD action to CLEAR for XAUTH and L2TP
UTM-2173 Improvement: Add possibility to choose uplink IP on IPSEC Tunnel
UTM-2189 Bug: DPD Action always set to restart
UTM-2267 Bug: Data not removed from ipsec.secrets when ipsec tunnel is disabled
UTM VPN: OpenVPN
UTM-1348 Bug: Openvpn client (gw2gw) calls unexistent /bin/ip
UTM-1352 Bug: Missing openssl profile file
UTM-1457 Improvement: Show the total number of connections in "show openvpn"
UTM-1472 Bug: Vpnclient not stopped when in HA slave
UTM-1632 Bug: VPN routing rules are not applied if the language is different from English
UTM-1683 Epic: Add restart option in vpn postinst and trigger
UTM-1701 Bug: Radius authentication does not work on VPN
UTM-1750 Improvement: Allow different certificates for each OpenVPN server instance
UTM-1763 New Feature: Update OpenVPN to 2.4.1
UTM-1770 Bug: OpenVPN stopped after efw-vpn update because of authentication daemon restart
UTM-1780 Task: Restructure OpenVPN status parser
UTM-1796 Improvement: Restructure OpenVPN GUI for handle instance with different certificates
UTM-1804 Bug: openvpn-user fakeconnect raises an exception if username contains a slash
UTM-1811 Improvement: Ignore authentication layer exceptions during OpenVPN restart
UTM-1831 Task: Upgrade OpenVPN to version 2.4.3
UTM-1835 Bug: Re/introduce triggers in efw-vpn and efw-vpnclient for OpenVPN
UTM-1846 Bug: OpenVPN server does not start due to invalid template
UTM-1888 Bug: VPN Connections are not shown
UTM-1912 Improvement: Add option for load custom TLS ciphers
UTM-1918 Bug: Triggers are not executed by openvpn-user fakedisconnect command
UTM-1921 Bug: Server OpenVPN problem after Update
UTM-1931 Bug: KeyError reading OpenVPN status
UTM-1953 Bug: OpenVPN job does not start after reboot
UTM-2034 Improvement: Increase DH size for VPN
UTM-2092 Bug: Push block-outside-dns from OpenVPN Server
UTM-2166 Bug: Add verification on OpenVPN's IP pool range
UTM-2168 New Feature: OpenVPN bridged instance can't set virtual IP pool range on second subnet
UTM-2200 Bug: OpenVPN job crash due to purple_ip_begin parameter handled as mandatory
UTM-2203 Bug: Cannot change OpenVPN instance from TUN/TAP
UTM-2246 Bug: Purple ip range is validated also in routed instances
UTM-2249 Bug: Purple subnet for default Openvpn server contains gateway IP
UTM-2263 Bug: Cannot disable channel encryption to OpenVPN instances
UTM-2383 Improvement: Openvpn loadbalancing persistent dict must be moved in run
UTM-2419 Improvement: user should be passed to USER_TEMPLATE
UTM-2514 Bug: openvpnjob.client_disconnect removes net2net routing rules on OpenVPN server
UTM-2535 Task: Implement explicit-exit-notify
UTM-2812 Bug: Duplicated ip rule on VPN client reconnection
UTM-2822 Bug: Potential deadlock on VPN disconnect
UTM VPN: User & Group Management
UTM-1904 Improvement: Replace "Disabled for service" with "Enabled services" in user editor
UTM-2428 Bug: VPN firewall display is wrong when username starts with ALL
Comments