Changelog (last 12 months)

 

For the latest changelog and updates please login to the admin interface on your Igaware server.

New in Version 13.6.8 [Feb 10 2022]
=====================================

* New Features and Improvements *
- Updated Curl to the newest version and compiled against OpenSSL 1.1
- Added kinit -R to Cron job for ADS member server to renew kerberos ticket.
- Replies to emails that you send will not be Spam checked.
- Updated the 32-bit libtool to newest version.
- Updated Clamav AV to latest version.
- Modified Spam Settings page and added a delivery option to Junk E-mail folder.
- Created an email queue runner for the email server SMART host.
- Various improvements and fixes for the Web Config' interface.

* Fixes *
- Prevent the Outgoing email signature being added multiple times.
- The System Information function no longer caches the machine hardware name.
- Changed krb5.conf lifetime values.
- Fixed the ADS member joining script - wasn't setting the kinit password correctly.
- Removed "(Login) disabled" from Fail2ban uwimap-auth.conf.
- Calmed down scoring or ZEN and PYZOR spam rules.
- BAYES_50 changed from 2.0 to 1.0
- BAYES_99 changed from 3.5 to 2.0

New in Version 13.6.7-2 [Jan 12 2022]
=====================================

* New Features and Improvements *
- Updated PHP to the newest version.
- Created new TLS certificate for email server.
- Updated the IMAP and POP3 servers to TLSv1.3. STARTTLS now honours global settings in c-client.cf
- Optimised USB disk backup for small files. Decrease backup time. ( inplace)
- Updated the legacy Web filtering software.
- Modified E2guardian Web filter to hide the transparent port from the LAN.
- Improved the intrusion provention Fail2ban system for email authentication.
- Updated the Nmap vulnerability scanner
- Updated IMAP and POP3 server to honour the TLS protocol selection for STARTTLS
- Rationalised the TLS protocol selection for IMAP/ POP/ sendmail and web server. ( interface)
- Update ntfs-3g USB disk sub-system.
- Transparent HTTPS proxying with squid/ squidGuard now works using ssl bump.
- Many changes to the Web Config interface.
- Updated Memtest boot option to the latest image

* Fixes *
- Fixed the Unifi start/stop script.
- Removed duplicate defines.inc script.
- Modified Squid to allow "SECURITY ALERT: Host header forgery detected"

New in Version 13.6.6-1 [Dec 10 2021]
===================================

* New Features and Improvements *
- [For 13.6.6-1] Security - Updated the IPSec VPN Server software.
- [For 13.6.6-1] Security - Updated the SSL VPN Server software.
- Security - Updated the Apache Web Server.
- Security - OpenSSL TLS libraries updated to the newest version.
- Security - Removed insecure Ciphers from the Email and HTTP servers.
- DHCP - added proxy PSC for individual devices (do_wpad)
- Major changes to firewall for new do_transparent and do_wpad directives.
- Modified Proxy.pac (Wpad) expression for the new code.
- Added an OpenVPN jail to fail2ban. Checks for authentication issues and TLS errors.

* Fixes *
- [For 13.6.6-1] A number of bugs squashed that were crawling around the Web Config' interface code.
- Removed mailertable from Sendmail queue-runner if DKIM is enabled. So DKIM signature is added for hosts in the
mailertable.

New in Version 13.6.5 [Oct 31 2021]
===================================

* New Features and Improvements *
- Updated the CA SSL certificates. LetsEncrypt root expired.
- Removed the redundant expression lists for localpass/ deny in squidGuard.
- Ensure milter-greylist AUTH check is performed first.
- Updated Sendmail, wget, links, lynx to latest versions and to use OpenSSL 1.1
- Updated Sendmail version to allow TLS fallback.
- Modified the CA certificate file for outgoing Sendmail.
- Added an option to allow encryption of Fileserver network traffic.
- Added Redis server for use as a memcached server for Nextcloud
- Added a fixed email blocking list.
- Updated the c-client library and IMAP server ( they are linked to ssl-1.1 now )
- Updated download_nextcloud.php for new CA SSL certs
- Many changes for the E2guardian Web filter.
- Modified Internet Speedtest to use new CA SSL certs
- Updated NTLM Auth children for web cache/ e2 authentication.
- DHCP server - added captive-option code 114 for new RFC Captive Portal method.
- SSL VPN. Added an option to override LAN push routes.
- Tidied up the Web config' interface.
- Reorganised the software updates for new 64-bit binaries and libraries.

* Fixes *
- Added delete switch to remote Backup for Kopano attachments.
- Typo in Ping Scan LAN.
- Fixed the Traffic column on Ipsec VPN page.
- E2guardian. Fixed urlredirectregexplist.
- Fixed file owner and group for doforward and dotprocmailrc files.
- Many fixes for the E2guardian Web filter.

New in Version 13.6.4-3 [Sep 20 2021]
=====================================

* New Features and Improvements *
- Configuration interface. Improved the way that Select boxes and drop-down lists work.
- Updated the SSH and Web Server software to the latest release.
- Added 'Lookup Country Code' to the configuration interface. The originating country is shown for an IP address or
domain name.
- Anti-Spam Greylisting server updated.
- Added an option to disable auto-update of the Unifi controller software. This defaults to yes for existing Unifi
installations.
- Improvements to the Web Configuration interface.
- Security update for the Squid Web cache.
- Updated php-fpm to use 64-bit version if 64-bit PHP is enabled
- Updated Z-Push ( Active-sync) to the lastest version
- Added e2guardian filter to the system health checks.
- Updated the look of HTML select boxes.
- Updated squidGuard - legacy web filter.
- Updated PCRE 32/64 bit libraries.
- Added a 'Web Terminal' menu option. This gives authorised users access to the operating system command prompt.
- Kopano Active-Sync. Added an option to override the Sync Timeframe limit for large stores.
- Updated the BIND DNS server to the latest version.
- Updated Spamassassin to the latest version
- Disabled TLS1.1 for mail server - SSL_OP_NO_TLS_v1_1

* Fixes *
- [For 13.6.0-7] Squashed a BUG in the WAN configuration code.
- Fixed the PHP-FPM server start-up.
- SMTP AUTH would advertise that it accepts authentication even when it didn't. Fixed.
- The Email 'block email by originating country' feature reported some local IP addreses as originating from TH country
code. Fixed.
- Fixed a problem backing-up LAN machines - typo.
- Updated the Iscsi kernel modules.
- Fixed the File server Shadow Copy feature when shares are stored on the md10 filesystem
- Fixed - passwords can now contain any special character. Previously the ';' character wasn't allowed.
- Removed 'flush' and added 'fetchall' keyword for fetchmail if 'no keep' is specified.
- 'Scan LAN' now works for other networks.
- Dirvish ( Windows Shadow Copy) fixed for md10 filesystems.
- Virtual Machines - WAN interface can be disabled.
- Userlist bug fix for the legacy web filter.
- HTTP server is now restarted properly when the LetsEncrypt certificate is updated.
- An API change resulted in the Internet Speed Test failing. Fixed.
- Windows Services Web Service Discovery. Added the OpenVpn interface, allowing SSL VPN clients to see the Igaware box
in File Explorer.
- Several small bug fixes.
- Fixed spam.assassin.prefs.conf.php - sysid not defined.
- for transparent proxy - don't push dst local LAN through proxy

New in Version 13.6.1-1 [Mar 26 2021]
=====================================

* New Features and Improvements *
- Updated OpenVPN ( SSL VPN) to version 2.5.
- Added the Linux Kernel GeoIP module for kernel version 4.4.26-64
- Updated Kopano Webapp to the latest version.

* Fixes *
- Fixed a bug in the WireGuard VPN start/stop scripts.
- Squashed a bug in the DPR IP routing tables.
- Fail2ban modified to work with Python3.
- Fixed a bug with the new firewall Geo IP blocking code.

New in Version 13.6.0-7 [Mar 20 2021]
=======================================

* New Features and Improvements *
- [For 13.6.0-7] Modified several values for z-push ( active-sync) and inceased the keep-alive timeout in Apache.
- [For 13.6.0-7] Updated speedtest-cli to Python3
- [For 13.6.0-5] Security - Updated openssh to version 8.5
- [For 13.6.0-5] Re-compiled 32-bit Kopano for python version 3.9
- [For 13.6.0-5] Improved the Proxy.PAC (WPAD) and DHCP - PROXY_PAC can be pushed via DHCP for static route
connections.
- [For 13.6.0-4] Enabled BBR TCP Bottleneck Bandwidth and RRT
- [For 13.6.0-4] Enabled fallback=1 for grub bootloader.
- [For 13.6.0-4] Removed moderizer javascript.
- [For 13.6.0-4] Kopano now uses Python 3.9
- Updated Z-Push ( Active-sync) to the lastest version
- Added WireGuard VPN.
- Updated Linux Kernel to new version.
- Updated various applications to 64-bit: Apache web server, Kopano, PHP, Python3.
- Updated DNS server software.
- Installed Python 3.9 64-bit
- Changed IPSec server to use the LibReSwan code base. Removed dependance on KLIPS kernel module. Now uses NETKEY.
- Added IP masquerading for OpenVPN. Access appears to come from the LAN IP - same for Ipsec routes.
- Updated to GeoIP2.
- Added big_writes for ntfs-3g backup.
- Updated openssh ( also uses openssl 1.1.1 now).
- Updated the wsdd network discovery daemon
- Added ssl-chipher-list & protocols to imap/pop c-client
- Kopano-Gateway ( IMAP) changed to fork process model.
- Limited Kopano search results to 10,000
- Added session_ip_check to kopano server config.

* Fixes *
- [For 13.6.0-7] Fixed the iotop command. Python dependencies.
- [For 13.6.0-7] Fixed a problem with mounting of an encrypted USB backup disk.
- [For 13.6.0-7] Fixed a bug in Samba Python's samba-tool.
- [For 13.6.0-7] Fixed the memory usage reporting - removed Slab multiple addition.
- [For 13.6.0-6] Removed Kopano Python version 2.7
- [For 13.6.0-5] Fixed the Fileserver "Shadow Copy" to initialize any missing trees.
- [For 13.6.0-5] Fixed the dirvish (Shadow Copy) scripts to ignore disabled shares.
- [For 13.6.0-5] Fixed LAN DMZ mode. The firewall rules now let existing connections pass.
- [For 13.6.0-4] Fixed a problem with the Fileserver share addition page.
- [For 13.6.0-4] IPSec VPN connection page. Show state for NETKEY connections.
- Fixed routing for OpenVPN - can now route over IPSec networks.
- Fix - added SSL certs to ftpd /etc/ftpd.conf
- Removed a bogus test entry from /etc/group
- Many small fixes to the config interface.