WhatsNew Service Pack 90 for Artica 4.30.000000

FIX

  • add a Gold License still show the Community Edition wizard.
  • unable to import 3.x package from the 4.x
  • HacLuster in tranparent mode made all backends in maintenance mode.
  • adding a new RDP target server disable it by default.
  • RDP authenticator service doesn't start after rebooting the server.
  • editing policy setting create a new policy instead of saving new parameters.
  • unable to remove an RDP policy
  • checkbox designs did not turn off/on after second click.
  • unable to restart RDS Proxy service with the service status
  • upgrade new version of RDS Proxy did not restart services.
  • ID 108 (http://bugs.articatech.com/show_bug.cgi?id=108)
  • unable to delete a target in RDP proxy.
  • sometimes the System ID is not created that make Artica unable to get updates.
  • unlimited spinner displayed in IT charters main section.
  • ID 109: Some Active directory settings are not saved ( http://bugs.articatech.com/show_bug.cgi?id=109 )
  • Some source objects in proxy.pac made the service to crash.
  • Unable to store CDIR format using the REST API.
  • ERROR: column "remotecatz" does not exist LINE 1 when creating a category
  • Cannot upload Artica Patchs using the REST API.
  • Artica updates patch even if the local patch version is higuer than the release.
  • change network interface with the menu console did not change SSHD Interface configuration.
  • The interface did not show correctly Network interface settings when using DHCP.
  • Installation of DHCP service take long time.
  • IT Charter did not using the username when accepting the IT Chart.
  • Firewall service is not removed after removed all proxy transparent ports.
  • network settings are not saved until the first wizard is not executed.
  • Unable to enable correctly Network interfaces in the Intrusion detection system.
  • Remove possibility to select null value in encryption methods in the RDS Proxy settings.
  • Artica did not ask authentication when setup proxy in Active Directory kerberos method.
  • Qualys Security Advisory June 2020
  • Personal categories are not replicated in cluster configuration.
  • Many Error "Migrating Categories service [action=install]" displayed caused that the service is unable to be installed.
  • Remove HaCluster logs did not restart the rsyslog service
  • ACLs did not detects the Active Directory kerberos feature.
  • Firewall rules based on time use UTC instead local time.
  • Error on table firewall_itself on Firewall outgoing rules feature
  • Unknown database `artica_backup` on suricata_disablesid table
  • Some Proxy ACLs are not enabled when only kerberos method as been defined.
  • Certificates / Import CA #SQL.214 HY000 table sslcertificates has no column named Generated
  • /home/artica/webfiltering-backup directory is not cleaned periodically
  • Sometimes SQLITE databases are not created by the wizard. ( see more information here )
  • Unable to build routes ( progress stuck on the web interface )
  • Improve and fix Active Directory connection using NTLM menthod.
  • Unable to display SSL rules and status when using only MikroTiK feature.
  • multiple "Run Clamav Updates pattern missing" notification caused by wrong regex on pattern version.
  • Increase ICAP service monitoring ( see more information here )
  • Wrong notification "Patching hosts file localhost record not found" after patch 28 ( see more information here )
  • Uptime is not refreshed in System information section.
  • Unable to restart ITCharter service after rebooting.
  • Unable to install packages trough the Web console.
  • MikroTik feature was removed and unuseable.
  • Reduce the notification level to info on ssl_db directory maintenance.( see more information here )
  • redis-server disapears after enabled Artica Stats Communicator and make it crashes.
  • File descriptors performance parameters are not correctly saved ( need a restart proxy service )
  • Error Number 35 ( 0 ) - error:1408F10B:SSL routines:ssl3_get_record:wrong version number on Client HTTP engine.
  • CVE-2020-17506 (https://packetstormsecurity.com/files/cve/CVE-2020-17506)
  • Unable to start Statistics redis database when the database is corrupted.
  • Unable to access to Kerberos settings after disabling the NTLM authentication method
  • Unable to change username and password in the Local Admins section.
  • Warning, Unable to add user `squid` in `squid` /sbin/usermod -a say `usermod: cannot lock /etc/passwd; try again later
  • Error table nics doesn't exists after patch 54
  • Unable to display Web-filtering service status.
  • Unable to join the AD domain using NTLM on 2012R2 (need to add a timeout while starting the winbind daemon)
  • unable to load FireWall modules and nDPI modules caused by SP56 ( see more information here )
  • Sometimes Artica is unable to start it's framework caused by a non removed socket file after stopping it.
  • Unable to reload correctly Fail2ban service.
  • When defining unlimited sessions and unlimited timeout for hotspot user, the Hotspot refuse the session.
  • Warning: preg_match() expects at least 2 parameters, 1 given in anonymous feature checking on line 339
  • Memory leak while filling dhcpd_MacsList table.
  • DHCP server crash when changing the network interface of the default service.
  • Unable to start the DHCP service if a portal splash page has been defined.
  • improve watchdog for local ICAP service ( see more information here )
  • false alarm "The Load-balancing service is enabled but no backend has been defined on your load-balancing service..." on load-balacing service.
  • Undefined index TTL when editing a TXT record with PowerDNS enabled.
  • Unable to display/manage swap system.
  • Uncaught RedisException: OOM command not allowed when used memory > 'maxmemory' in Artica Stats Communicator
  • duckduckgo.com Safesearch is not correctly resolved.
  • Bungled proxy when enabling GoogleSafe Browsing feature.
  • Unable to create example rules in proxy bandwidth ALCs
  • PHP Notice: Undefined variable: FULL_URL in /usr/share/artica-postfix/external_acl_first.php on line 266
  • Service Privoxy service not running [action=start] after installing Artica for the first time.
  • RealTime Statistics database daemon not running [action=start] after installing Artica for the first time.
  • INSERT rdpproxy_sessions Exception in _query: global name 'slef' is not defined that make sessions unavailable in RDP proxy service.
  • unable to send Proxy events to a remote syslog server.
  • unable to start DNS Cache service caused by wrong resolution of strict.bing.com.
  • Unable to start Statistics Realtime database ( see more information here )
  • Cannot display events of Statistics Realtime database.
  • Some PDF reports cannot be generated caused by missing generated images with no data.
  • false notification about undeployed Statistics Realtime database feature.
  • Sometimes the console menu did not have the correct CHMOD
  • Sometimes the Artica Statistics Communicator did not have the correct chmod
  • Modify settings in remote Artica Statistics Communicator did not have effects.
  • Sometimes the proxy is turning in Mac to uuid emergency
  • Adding nomodeset=0 in System optimization in order to avoid issues on video drivers (see more information here )
  • Missing quote in URL simulation for X-Forwarded-For field.
  • Missing Daemon Boot STRAP on memcached service.
  • Daemon monitor try to restart APP_SQUID_CACHE_TAIL many times.
  • Duplicate items when playing with the RDS policies.
  • Unable to remove recorded videos from the RDS videos section.
  • Unable to start memcached with error Unmatched ( in regex;
  • WARNING: "mem-cache size is too small" when cache feature is disabled.
  • Freezes on the System Monitor Daemon.
  • Cannot run memcached daemon after upgrade the software.
  • Artica Statistics stuck when there is a quote in username.
  • Some memory keys are not removed from the Memory Statistics Database that increase the memory consumption.
  • DNS parameters are not correctly saved in proxy configuration.
  • Cleaning videos scan directories instead all files.
  • Unable to manage Auto-mount Center (SQL error)
  • Missing file fr-fr/error-details.txt
  • Corrupted PDF monthly report on Proxy statistics.
  • VMWare Edition is displayed but the Virtual machine is not a Vmware
  • symbol print_version version FRESHCLAM_PRIVATE not defined in file libfreshclam.so.2
  • Proxy watchdog section is not displayed.
  • Statistics are stopped since 84 service Pack.
  • Load-balancer is not defined as primary DNS in HaCluster even enforcing the feature.
  • Sometimes scheduled tasks are not executed

ADD

  • target status in the list of RDS target servers.
  • Possibility to record RDP sessions in video format (mp4).
  • Possibility to reboot the server each day ( http://bugs.articatech.com/show_bug.cgi?id=103 )
  • Possibility to manage VLAN interfaces.
  • Possibility to define RDP Proxy ACLs by Active Directory groups ( Users and Computers)
  • New button that flush the IT Chart cache instead of waiting 10mn.
  • Possibility to skin the RDP proxy TSE interface color and logo
  • New button to motivate the use of Artica Cloud service in Categories service and in Realtime requests.
  • more verifications to check if the Proxy is connected to the Active Directory in its configuration.
  • VPS compliance in the manuall install procedure.
  • More informations/details on generated/imported certificates on certicates center
  • New task that restart the syslog service every day at 04:50 when using HaCluster
  • Possbility to schedule a restart of C-ICAP service.
  • Possibility to send REST API command to install a debian package.
  • function that restart the Memcached service if Artica claim MEMCACHED_SERVER_TEMPORARILY_DISABLED
  • Hacluster is now able to use MAN-IN-THE-MIDDLE for SSL decryption with backends.
  • Watchdog on the Winbindd Daemon.
  • Possibility to enable the SMTP submission port (587)
  • Possibility to change the value of the DSCP/TOS network indetifier for HITs caches.
  • Possibility to add all categories in Proxy ACLs.
  • Wrong status in Web services when the defined certificate doesn't exists.
  • function that transform an IP/MASK notation to a IP/CDIR notation in ACLs.
  • Improve communications with the framework in order to save parameters.
  • Task to vacuum and reindex PostGreySQL database each day at 23H
  • status of system tasks if it was really added in system or not.
  • Possibility to list, create, delete, restore PostgreSQL backups.
  • Possbility to make the proxy in anonymous mode.
  • Out-Of-Office policy in proxy.pac service.
  • When updating service pack, Artica will restart automatically the artica-status daemon
  • Possibility to add more than one domain in a Let's Encrypt certificate.
  • Access to bugs.articatech.net is now in SSL mode.
  • Possibility to display Winbind Daemon events inside the Web console.
  • New ACL object "Is Authenticated" that test/force proxy to see more information here the user is authenticated.
  • Possibility to send proxy requests to a remote syslog server.
  • No case-sensitive behavior for Local admins login
  • kernel.modules_disabled = 1 parameters in order to prevent Drovorub Malware
  • Possibility to display kernel loaded modules.
  • possibility to see more information here Pack version on RESTApi
  • possibility to manage Active Directory groups Artica Web console privileges via RESTApi
  • Dashboard notifications table are now generated in background mode to speedup the dashboard generation.
  • New feature DNS Memory Cache database ( see more information here )
  • Request simulator ( see more information here )
  • Watchdog on transparent mikrotik proxy ports in order to avoid freezed ports.
  • SafeSearch for Yandex and Pixabay.
  • Possibility to filter between users and groups and the LDAP members list.
  • Debian version in system information.
  • Improve bulk categories tests feature.
  • Possibility to generate a new uuid with the unix console.
  • New function that detects the worgroup domain when establishing an NTLM connection.
  • Possibility to check the NTLM status on the API status page.
  • Possibility to fetch a global status page ( see more information here)
  • Possibility to reset the current license.
  • Possibility to update the Daemon monitor version.
  • Possibility to whitelist from HotSptot an IP address or a MAC address.
  • Possibility to display Proxy DNS cache.
  • Possibility to tune video quality and RDS Proxy.
  • Ensure backup/snapshot tasks are executed at the defined time.
  • Automatically davfs2 installation package.
  • proxy Metrics on the connected clients IP addresses
  • Events section for the scheduled backup snapshots
  • New REST api in order to get the list of connected nodes to the proxy ( see more information here )

DISABLE

  • Pinger proxy process if parent feature is not enabled (made listen port freeze on non-ipv6 servers)

USING

  • memcached in session is now disabled (caused unstable sessions)

REM

  • Watchdog on Yaffas and dbus Daemon.

CHANGE

  • SQL error are now removed from Artica events and use a dedicated section for this purpose in order to prevent SMTP spam notifications.
  • Default network 10.0.0.0/16 to 10.0.0.0/8

REDUCE

  • the cache for Web filtering via ACLs because it caused troubles in allow/deny.

IMPROVE

  • Active Directory emergency mode.

REMOVE

  • php7-mcrypt as mandatory package