WhatsNew Service Pack 206 for Artica 4.30.000000

ADD

  • python-six,python-chardet,wkhtmltopdf as mandatory packages
  • Remove ElasticsSearch and Kibana in ISO files in order to reduce the size.
  • Active Directory SSL compatibilities for Artica and NTLM/Kerberos/RDS services.
  • Disable Allow Proxy compatibilities general option remove whitelisted default destination networks in transparent proxy ports too.
  • Statistics by users in Statistics Communicator feature.
  • Improve procedure for changing the OpenLDAP server suffix.
  • DoH Simulation using the new Artica DoH DNS Client.
  • DoH Support for DNS Cache Service - starting to DNS Cache Service 1.13.0 or above -
  • Possibility to enable SSL mode on the local LDAP service.
  • Possibility to backup LDAP database only.
  • Possibility to display OpenLDAP events.
  • Possibility to restore LDAP backup container in LDIF format.
  • Code cleaning
  • Possibility to download generated Proxy PDF statistics reports
  • Improve Disks detection and expand disk size procedure.
  • Possibility to display Active Directory members in the "members list"
  • Possibility to bulk import whitelisted sites from no-cache rule.
  • Enforce protection against CVE 2020-17506 ( see more information here )
  • Increase the time to generate realtime proxy requests table.
  • Possibility to turn network interfaces into hermetic mode.
  • Checking if AdBlock or other plugin is enabled on Browser.
  • Possibility to add routes in table main in network hermetic mode.
  • Possibility to limit Web console API KEY access from specified networks.
  • Possibility to Change the Time Zone using the unix console.
  • Increase the speed of widgets loading in the index page.
  • New REST API service for Active Directory ( see more information here )
  • Possibility to backup PostGreSQL backup containers to a remote FTP storage.
  • Possiblity to add items in a high level SSL Whitelist in order to allow FTP connection when using an SSL HTTP Port.
  • Possibility to import reverse proxy data from 3.x snapshots to 4.x
  • Possibility to configure locales settings with the system unix console.
  • Watchdog on FATAL: Squid is already running: Found fresh instance PID file error.
  • Release of Security Network Powered by Kaspersky.
  • Add possibility to create a statistics task that synchronize categories and virtual users and provide a PDF report.
  • Reduce the emergency level when detecting GSS failure
  • Possibility to import Certificates center data from 3.x.
  • CVE-2021-26708 warning to force upgrading the Kernel system.( see more information here )
  • Possibility to enable HTTP Strict Transport Security (HSTS) in reverse-proxy ssl settings
  • Possibility to compile a web service inside its parameters.
  • Possibility to deny access to a website
  • Possibility to personalize error pages sent by the reverse proxy service.
  • Possibility to manage snapshots with the REST API autonomous service
  • DWservice support for remote troubleshooting ( see more information here )
  • New REST API options on the REST API autonomous service
  • Web console Notification if server need to be rebooted.
  • TOP search is now linked to the Artica Tech Wiki.
  • Modify colors of acls periodic colors table
  • Web SSH console in SSH Service status
  • New search engine on reverse/Web services sites that accepting regex search pattern.
  • Improve Network interfaces section.
  • Possibility to display hostnames in proxy relatime monitor
  • Possibility to retreive SRN detected threads trought a dedicated section.
  • Remove DNSBL checking in ICAP service and switch it to SRN engine
  • Possibility to whitelist SRN detections.
  • Update SRN to v2.5
  • Update SRN to v2.6
  • Add possibility to manage permanent whitelists domains in SRN.
  • Possibility do disable Load-balancer http-keep-alive and add option to manage Load-balancer queue timeouts.
  • Update SRN to v2.8
  • Possibility to replace the content in reverse proxfied websites ( see more information here)
  • Possibility to enforce using specific proxy for objects in proxy.pac rules.( see more information here )
  • Adding a site-to-site IpSec vpn wizard
  • Update SRN to v2.9 with possibility to enable/disable 2 Kaspersky categories
  • Display the VMWare BIOS UUID in Artica System information. ( see more information here )
  • Possibility to rollback to a designed Artica Service Pack ( see more information here )
  • New watchdog that ensure that proxy default acls rules are correctly set.
  • New watchdog on reverse-proxy service to avoid service failed to start caused by ports conflicts
  • Allow to create Rewrite rules in reverse proxy configuration
  • SSL reverse Proxies are now TLSV1.3 by default
  • Possibility to freeze the cluster client replication process.
  • New procedure for reverse-proxy/web service statistics feature.
  • Google Safe Browsing in SRN feature.
  • Update SRN to 2.18
  • HTTP SSL support in Load-balancing service.
  • Memory cache support in Load-balancing service.
  • Possibility to add specific HTTP headers in reverse-proxy service.
  • Possibility rescan submit categorized website from a category in Proxy statistics.
  • Possibility to manage the DWService using the Unix console ( see more information here )
  • Possibility to report miscategorized web sites trough Artica or official Website.
  • Possibility to display compiled records inside a Proxy ACL object.
  • Possibility to remove top-right icon on Artica Auto-update and Python ElasticSearch.
  • Top icon warning when there is a new Nginx available update version
  • Posibility to manage the gzip compression method in the reverse proxy service.
  • Improve Load-balancer (code cleaning ).
  • Possibility to use base64 for pattern when playing with the REST API
  • Dump LDAP attributes of an Active Directory user.
  • Possibility to Whitelist or blacklist source IP addresses from the proxy realtime events.
  • Proxy realtime events actions to AdminTrack feature.
  • Virtualization Edition and Service Pack version information in Artica notifications.
  • Possibility to use the PROXY PROTOCOL in the load-balancer backends settings.
  • Cloudflare reputation in SRN
  • Notification for updating Firewall and nDPI kernel modules.
  • Notification for update core proxy software.
  • Images are now inline in error pages templates.
  • Possibility to make free disk space.( see more information here )
  • Possibility to bulk import Websites into categories using the Autnomous Web API ( see more information here )

FIX

  • Sometimes proxy statisics are freeze when the uuid is not found inside the records to send to PostGreSQL.
  • Fix unable to update token EnableUnboundBlackLists,
  • Fix unable to start freshclam daemon on restart
  • Fix local clamav status in c-icap center
  • Fix unable to enable/disable dns blacklist service
  • Sometimes the Active directory user is not correcly authenticated on the Reverse Proxy RDP service.
  • Unable to save PostgreSQL parameters
  • Illegal offset when trying to get the category description.
  • In some cases the process proxy-logs-monitor eat 100% CPU, this patch change methods to catch proxy events to definitively avoid this issue.
  • Sometimes the Daemon monitor restart the PHP-FPM everytime - missing /var/run/nginx-phpfpm.sock socket -
  • SaslAuthd Daemon is installed but SMTP MTA is not installed, This fix remove the service in this behavior.
  • Unable to generate Current Month Proxy PDF statistics report
  • Active Directory connections table report SUFFIX ERROR because Artica did not find the right naming contexts automatically.
  • Active Directory Search group plugin did not understand the SSL parameter in LDAP connection setting and made acls failed.
  • Syntax error, could not parse the RR's type in the DNS cache Service with localhost.
  • Memory leak when retreiving the number of CPUs installed on the system.
  • Force to enable ClamAV updater after installing ClamAV daemon take no sense, Clamav updater is enabled in the same way.
  • Loop while configuring Loop virtual disks.
  • Remove Google Safe Browsing feature as an outdated feature.
  • Remove automatic switch to DHCP if network is not found during Unix logon.
  • Cannot auto-login using API PEY provided by Artica.
  • Sometimes Changing the Time Zone did not have effect.
  • Remove auto-increment the number of plugins processes but turning the proxy to emergency mode.
  • Remove unsuported Kaspersky product Kaspersky For Proxy server.
  • Unable to save Network interface features. Change it to read-only form.
  • Unable to update IDS rules.
  • Destination domains inserts using regular expression method.
  • Proxy issue on no_suid
  • Disabling the Proxy Kerberos authentication automatically return back to a non-configured Proxy NTLM authentication method.
  • Unable to upload proxy hostpot vouchers list.
  • Uncaught Error: Call to undefined function network_menu() in /usr/share/artica-postfix/exec.menu.interface.php:52
  • Bad characters in /etc/environement that causing some init scripts to not start after a reboot.
  • When Artica starts clamav daemon it not wait the unix socket to a minimal of 30 seconds. The timeout value as been increased.
  • Limit the len of 50 ouput characters for a proxy ACL rule name.
  • Cleaning PostGreSQL backup containers failed if the default directory was modified to a specific path.
  • ipdeny feature try to create PostGreSQL tables even when the PostGreSQL service is not available when booting.
  • Not necessary to fix to urllibb3 to 1.23 if current liburllib3 is 1.24 or newest.
  • Remove the automatic turn into Web-filtering emergency when redirector processes are busy
  • Corrupted /etc/hosts information data
  • Unable to start DNS Cache when set a corrupted hostname.
  • OpenVPN startup issue.
  • System warning: /etc/environment has been deprecated for locale information; use /etc/default/locale for LC_ALL="C" instead
  • Uptime was not displayed when server uptime is lower than 1 hour.
  • /system-info URL return a 404 not found in Artica Web console.
  • Missing /usr/lib/x86_64-linux-gnu/liblua5.3.so.0 package to make the web service working.
  • Fatal error: Uncaught Error: Class 'unix' not found in class.squid.acls.inc
  • Proxy LDAP authenticator crashes if ipv6 is enabled.
  • SQL Minor Error when removing a website or a reverse-proxy website.
  • Wrong status when enable local or remote proxy LDAP authentication.
  • Uncaught TypeError: Return value of PID_REDIS() in DNS Cache.
  • DWagent running with an incompatible environment that make command-line control unavailable.
  • Issue on starting reverse/Web service when ElasticSearch is enabled.
  • Patching no existent directory return updating patch failed.
  • Artica Statistics truncated if proxy use parents proxies.
  • Old Proxy statistics are not removed for the defined retention time.
  • Allow websites on request list in webfilter did not force proxy to be reloaded
  • Unable to disable SMTP authentication in GUI ( see more information here )
  • Unable to create "smtp_rules" table.
  • Truncated information to suggest upgrading DNS Cache version on dashboard
  • Error message: "mysql_pdns/QUERY_SQL failed N.1054 Unknown column 'change_date' in 'field list'" when creating a record with PowerDNS enabled.
  • Regulary error send Patching hosts file xxxx record not found
  • redirect the full website is not applied on the reverse-proxy
  • Unable to get memory information on the Dashboard.
  • Unable to run HaCluster service after updating to an unstable SP
  • Failed to load the resty.core on the reverse-proxy.
  • Removing soa-minimum-ttl,soa-refresh-default depreciated token to allow PowerDNS 4.4.1+ compatibility
  • Incompatibility issues with mysqli_ping() function when using MySQL
  • Unable to resolve correctly local domains in PowerDNS caused by corrupted SOA serials ( see more information here )
  • Sometimes Artica PowerDNS plugin crashes caused by depreciated extractld python package
  • Creating a new local DNS domain did not reload PowerDNS recursor service to accept the new domain to resolve.
  • Artica displays Active Directory Emergency when using both Active Directory connection and HotSpot Feature.
  • SNMP service see more information here status after apply the Service Pack 183
  • The Daemon did not take care of the NetData installation when replicating configuration using the cluster.
  • Sometimes the proxy claim bad requests came from 127.0.0.1
  • unknown "http_x_forwarded_for" variable on the reverse-Proxy service.
  • The bandwidth test feature did not work as expected and results differ from the real speedtest.
  • Dumped array is displayed when show the Active Directory user's details
  • Failed to add events inside Fail2Ban caused by a missing field in database
  • Add warning for proxy restarting operation when remove the Proxy SSL cache directory.
  • Move Installing Debian xxx package notification to informational instead of warning
  • Artica Web console reconfigured notification to informational instead of warning
  • Long lines are not wrapped in advanced textareas.
  • HotSpot issue when enabling Kerberos authentication method
  • Checks the correct value in reverse proxy when define the Host header
  • Unable to install FTP service.
  • Missing glyphicons-halflings-regular.woff2 in the web console.
  • Call to undefined function haproxy_errors()
  • Lock /etc/squid3/ITCharter.conf, /etc/squid3/wccp.conf, sometimes some bad typos was added in these files that make the proxy unavailable.
  • Artica did not notify a new Reverse-Proxy/Web engine available new version.
  • Proxy crash with segmentation fault after Pack 204 update when enabling the Kerberos authentication method