Subversion Repositories ALCASAR

Rev

Rev 1044 | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 1044 Rev 1047
Line 1... Line 1...
1
# $Id: CHANGELOG 1044 2013-03-10 21:02:42Z richard $
1
# $Id: CHANGELOG 1047 2013-03-17 16:50:39Z richard $
2
 
2
 
3
************  CHANGELOG *********** 
3
************  CHANGELOG *********** 
4
----------------------   2.7  -----------------
4
----------------------   2.7  -----------------
5
BUGs	- some corrections in the connection popup
5
BUGs	- some corrections in the connection popup
6
NEWS
6
NEWS
7
	- Installation with Mageia2
7
	- Installation with Mageia2
8
	- The URL filter works with the new google safesearch regex ('safe=strict' instead of 'safe=vss')
8
	- The URL filter works with the new google safesearch regex ('safe=strict' instead of 'safe=vss')
9
	- The WhiteList architecture is enabled
9
	- The WhiteList architecture is enabled
10
	- All the documentation has been translated in english
10
	- All the documentation has been translated in english
11
	- The security certificate is now signed in sha256
11
	- The security certificate is now signed in sha256
12
Core improuvments
12
Core improvements
13
	- HAVP doesn't scan youtube flows (too heavy load / no risk)
13
	- HAVP doesn't scan youtube flows (too heavy load / no risk)
14
 
14
 
15
----------------------   2.6.1  -----------------
15
----------------------   2.6.1  -----------------
16
Bugs
16
Bugs
17
	- The embedded documentation is in right version
17
	- The embedded documentation is in right version
Line 29... Line 29...
29
Bugs
29
Bugs
30
	- "username" in "userinfo" table is varchar(64) like in others tables of ALCASAR database.
30
	- "username" in "userinfo" table is varchar(64) like in others tables of ALCASAR database.
31
	- "activity.php" : don't print "private_ip_address". Update with new "chilli_query" output
31
	- "activity.php" : don't print "private_ip_address". Update with new "chilli_query" output
32
	- re-activation of COA between radius and coova (radius disconnect the users directly).
32
	- re-activation of COA between radius and coova (radius disconnect the users directly).
33
	- the "url-redirect" attribute now works fine (coovachilli V.1.2.9-1)
33
	- the "url-redirect" attribute now works fine (coovachilli V.1.2.9-1)
34
Core improuvments
34
Core improvements
35
	- all "alcasar.info" becomes "alcasar.net" in code
35
	- all "alcasar.info" becomes "alcasar.net" in code
36
	- change the order of http chain (DG --> squid --> HAVP --> Internet) more réactivity and less charge of CPU
36
	- change the order of http chain (DG --> squid --> HAVP --> Internet) more réactivity and less charge of CPU
37
	- Dansguardian deny domains when requested via proxy http
37
	- Dansguardian deny domains when requested via proxy http
38
	- The database is checked (and repair) every week
38
	- The database is checked (and repair) every week
39
Improve security
39
security improvements
40
	- The blacklist is now verified before activating (ANSSI need)
40
	- The blacklist is now verified before activating (ANSSI need)
41
	- The school/parental control can now filter search engines (google, bing, yahoo, matacrowler, etc.) and Youtube 
41
	- The school/parental control can now filter search engines (google, bing, yahoo, matacrowler, etc.) and Youtube 
42
News
42
News
43
	- When IP addresses in the consultation network are dynamicly allocated, static ip can be reserved in the Alcasar Control Center
43
	- When IP addresses in the consultation network are dynamicly allocated, static ip can be reserved in the Alcasar Control Center
44
	- The script "alcasar-https.sh {-on|-off}" enable or disable encryption of authentication flows
44
	- The script "alcasar-https.sh {-on|-off}" enable or disable encryption of authentication flows
Line 64... Line 64...
64
	- allow connexion to an LDAP server on WAN side
64
	- allow connexion to an LDAP server on WAN side
65
	- control that watchdog can't execute if already running
65
	- control that watchdog can't execute if already running
66
	- allow FTP in output
66
	- allow FTP in output
67
	- eth1 is no more configured. Tun0 works better (only one arp cache)
67
	- eth1 is no more configured. Tun0 works better (only one arp cache)
68
	- modoarchive is deleted (too many bugs and too hard to debug)
68
	- modoarchive is deleted (too many bugs and too hard to debug)
69
Improve Core
69
Core improvements
70
	- new alcasar-iptables.sh script (more logically strutured)
70
	- new alcasar-iptables.sh script (more logically strutured)
71
	- update phpsysinfo page ("Internet access flag" nom show the right status)
71
	- update phpsysinfo page ("Internet access flag" nom show the right status)
72
	- Authenticate user on Mysql when LDAP server is down
72
	- Authenticate user on Mysql when LDAP server is down
73
	- import users via text file with or without password
73
	- import users via text file with or without password
74
	- last version of coova-chilli
74
	- last version of coova-chilli
75
Improve security
75
security improvements
76
	- The 8080 (TCP) and 53 (UDP) ports are now hidden on Lan side
76
	- The 8080 (TCP) and 53 (UDP) ports are now hidden on Lan side
77
	- ANSSI code review (sql escape string in PHP)
77
	- ANSSI code review (sql escape string in PHP)
78
	- remove the apache unused modules
78
	- remove the apache unused modules
79
	- the blacklist is no more update automaticly
79
	- the blacklist is no more update automaticly
80
	- postfix banner is more secure
80
	- postfix banner is more secure
81
	- anonymisation of squid (+ remove of 'x_forwarded' rule)
81
	- anonymisation of squid (+ remove of 'x_forwarded' rule)
82
Improve installation
82
installation improvements
83
	- control eth0 config on startup (no dhcp)
83
	- control eth0 config on startup (no dhcp)
84
	- don't download the last BL version
84
	- don't download the last BL version
85
	- remove unused RPM before update the system
85
	- remove unused RPM before update the system
86
	- Improve when update is performed via SSH
86
	- Improve when update is performed via SSH
87
News
87
News
Line 102... Line 102...
102
 
102
 
103
----------------------   2.3   --------------------
103
----------------------   2.3   --------------------
104
Bugs
104
Bugs
105
	- group properties are now written on the voucher
105
	- group properties are now written on the voucher
106
	- hold the state of network filter when update
106
	- hold the state of network filter when update
107
Core improuvments
107
Core improvements
108
	- simplify official certificate import process
108
	- simplify official certificate import process
109
	- update with the last version of Coova (1.2.8)
109
	- update with the last version of Coova (1.2.8)
110
Improve security
110
security improvements
111
	- end of implementation of ANSSI rules for netfilter
111
	- end of implementation of ANSSI rules for netfilter
112
News
112
News
113
	- allow exception of IP addresses (or network addresses) in the authentication process
113
	- allow exception of IP addresses (or network addresses) in the authentication process
114
	- ACC : group member is added in user list
114
	- ACC : group member is added in user list
115
 
115
 
116
----------------------   2.2   --------------------
116
----------------------   2.2   --------------------
117
Bugs
117
Bugs
118
	- A bug with "sudo" is bypassed 
118
	- A bug with "sudo" is bypassed 
119
	- improve the script which display and close users open sessions
119
	- improve the script which display and close users open sessions
120
	- some minor bugs
120
	- some minor bugs
121
Core improuvments
121
Core improvements
122
	- add a central conf file (/usr/local/etc/alcasar.conf)
122
	- add a central conf file (/usr/local/etc/alcasar.conf)
123
	- IP parameters can be change in central conf file. Apply with the script "alcasar-conf.sh -apply"
123
	- IP parameters can be change in central conf file. Apply with the script "alcasar-conf.sh -apply"
124
	- 'alcasar-nf.sh' and 'alcasar-bl.sh' scripts now use the global parameters file (alcasar.conf)
124
	- 'alcasar-nf.sh' and 'alcasar-bl.sh' scripts now use the global parameters file (alcasar.conf)
125
	- improve the script which managed the trusted sites and urls
125
	- improve the script which managed the trusted sites and urls
126
Improve security
126
security improvements
127
	- close all accounting session when the system goes down or up
127
	- close all accounting session when the system goes down or up
128
Improve install process
128
installation process improvements
129
	- allow change of alcasar IP private address during install stage
129
	- allow change of alcasar IP private address during install stage
130
	- no more question, when upgrating
130
	- no more question, when upgrating
131
News
131
News
132
	- blacklist category "ip" is added for url that contains only an ip address (no FQDN)
132
	- blacklist category "ip" is added for url that contains only an ip address (no FQDN)
133
	- allow LDAP/AD connections both on WAN and LAN
133
	- allow LDAP/AD connections both on WAN and LAN