| Line 1... |
Line 1... |
| 1 |
# $Id: CHANGELOG 1044 2013-03-10 21:02:42Z richard $
|
1 |
# $Id: CHANGELOG 1047 2013-03-17 16:50:39Z richard $
|
| 2 |
|
2 |
|
| 3 |
************ CHANGELOG ***********
|
3 |
************ CHANGELOG ***********
|
| 4 |
---------------------- 2.7 -----------------
|
4 |
---------------------- 2.7 -----------------
|
| 5 |
BUGs - some corrections in the connection popup
|
5 |
BUGs - some corrections in the connection popup
|
| 6 |
NEWS
|
6 |
NEWS
|
| 7 |
- Installation with Mageia2
|
7 |
- Installation with Mageia2
|
| 8 |
- The URL filter works with the new google safesearch regex ('safe=strict' instead of 'safe=vss')
|
8 |
- The URL filter works with the new google safesearch regex ('safe=strict' instead of 'safe=vss')
|
| 9 |
- The WhiteList architecture is enabled
|
9 |
- The WhiteList architecture is enabled
|
| 10 |
- All the documentation has been translated in english
|
10 |
- All the documentation has been translated in english
|
| 11 |
- The security certificate is now signed in sha256
|
11 |
- The security certificate is now signed in sha256
|
| 12 |
Core improuvments
|
12 |
Core improvements
|
| 13 |
- HAVP doesn't scan youtube flows (too heavy load / no risk)
|
13 |
- HAVP doesn't scan youtube flows (too heavy load / no risk)
|
| 14 |
|
14 |
|
| 15 |
---------------------- 2.6.1 -----------------
|
15 |
---------------------- 2.6.1 -----------------
|
| 16 |
Bugs
|
16 |
Bugs
|
| 17 |
- The embedded documentation is in right version
|
17 |
- The embedded documentation is in right version
|
| Line 29... |
Line 29... |
| 29 |
Bugs
|
29 |
Bugs
|
| 30 |
- "username" in "userinfo" table is varchar(64) like in others tables of ALCASAR database.
|
30 |
- "username" in "userinfo" table is varchar(64) like in others tables of ALCASAR database.
|
| 31 |
- "activity.php" : don't print "private_ip_address". Update with new "chilli_query" output
|
31 |
- "activity.php" : don't print "private_ip_address". Update with new "chilli_query" output
|
| 32 |
- re-activation of COA between radius and coova (radius disconnect the users directly).
|
32 |
- re-activation of COA between radius and coova (radius disconnect the users directly).
|
| 33 |
- the "url-redirect" attribute now works fine (coovachilli V.1.2.9-1)
|
33 |
- the "url-redirect" attribute now works fine (coovachilli V.1.2.9-1)
|
| 34 |
Core improuvments
|
34 |
Core improvements
|
| 35 |
- all "alcasar.info" becomes "alcasar.net" in code
|
35 |
- all "alcasar.info" becomes "alcasar.net" in code
|
| 36 |
- change the order of http chain (DG --> squid --> HAVP --> Internet) more réactivity and less charge of CPU
|
36 |
- change the order of http chain (DG --> squid --> HAVP --> Internet) more réactivity and less charge of CPU
|
| 37 |
- Dansguardian deny domains when requested via proxy http
|
37 |
- Dansguardian deny domains when requested via proxy http
|
| 38 |
- The database is checked (and repair) every week
|
38 |
- The database is checked (and repair) every week
|
| 39 |
Improve security
|
39 |
security improvements
|
| 40 |
- The blacklist is now verified before activating (ANSSI need)
|
40 |
- The blacklist is now verified before activating (ANSSI need)
|
| 41 |
- The school/parental control can now filter search engines (google, bing, yahoo, matacrowler, etc.) and Youtube
|
41 |
- The school/parental control can now filter search engines (google, bing, yahoo, matacrowler, etc.) and Youtube
|
| 42 |
News
|
42 |
News
|
| 43 |
- When IP addresses in the consultation network are dynamicly allocated, static ip can be reserved in the Alcasar Control Center
|
43 |
- When IP addresses in the consultation network are dynamicly allocated, static ip can be reserved in the Alcasar Control Center
|
| 44 |
- The script "alcasar-https.sh {-on|-off}" enable or disable encryption of authentication flows
|
44 |
- The script "alcasar-https.sh {-on|-off}" enable or disable encryption of authentication flows
|
| Line 64... |
Line 64... |
| 64 |
- allow connexion to an LDAP server on WAN side
|
64 |
- allow connexion to an LDAP server on WAN side
|
| 65 |
- control that watchdog can't execute if already running
|
65 |
- control that watchdog can't execute if already running
|
| 66 |
- allow FTP in output
|
66 |
- allow FTP in output
|
| 67 |
- eth1 is no more configured. Tun0 works better (only one arp cache)
|
67 |
- eth1 is no more configured. Tun0 works better (only one arp cache)
|
| 68 |
- modoarchive is deleted (too many bugs and too hard to debug)
|
68 |
- modoarchive is deleted (too many bugs and too hard to debug)
|
| 69 |
Improve Core
|
69 |
Core improvements
|
| 70 |
- new alcasar-iptables.sh script (more logically strutured)
|
70 |
- new alcasar-iptables.sh script (more logically strutured)
|
| 71 |
- update phpsysinfo page ("Internet access flag" nom show the right status)
|
71 |
- update phpsysinfo page ("Internet access flag" nom show the right status)
|
| 72 |
- Authenticate user on Mysql when LDAP server is down
|
72 |
- Authenticate user on Mysql when LDAP server is down
|
| 73 |
- import users via text file with or without password
|
73 |
- import users via text file with or without password
|
| 74 |
- last version of coova-chilli
|
74 |
- last version of coova-chilli
|
| 75 |
Improve security
|
75 |
security improvements
|
| 76 |
- The 8080 (TCP) and 53 (UDP) ports are now hidden on Lan side
|
76 |
- The 8080 (TCP) and 53 (UDP) ports are now hidden on Lan side
|
| 77 |
- ANSSI code review (sql escape string in PHP)
|
77 |
- ANSSI code review (sql escape string in PHP)
|
| 78 |
- remove the apache unused modules
|
78 |
- remove the apache unused modules
|
| 79 |
- the blacklist is no more update automaticly
|
79 |
- the blacklist is no more update automaticly
|
| 80 |
- postfix banner is more secure
|
80 |
- postfix banner is more secure
|
| 81 |
- anonymisation of squid (+ remove of 'x_forwarded' rule)
|
81 |
- anonymisation of squid (+ remove of 'x_forwarded' rule)
|
| 82 |
Improve installation
|
82 |
installation improvements
|
| 83 |
- control eth0 config on startup (no dhcp)
|
83 |
- control eth0 config on startup (no dhcp)
|
| 84 |
- don't download the last BL version
|
84 |
- don't download the last BL version
|
| 85 |
- remove unused RPM before update the system
|
85 |
- remove unused RPM before update the system
|
| 86 |
- Improve when update is performed via SSH
|
86 |
- Improve when update is performed via SSH
|
| 87 |
News
|
87 |
News
|
| Line 102... |
Line 102... |
| 102 |
|
102 |
|
| 103 |
---------------------- 2.3 --------------------
|
103 |
---------------------- 2.3 --------------------
|
| 104 |
Bugs
|
104 |
Bugs
|
| 105 |
- group properties are now written on the voucher
|
105 |
- group properties are now written on the voucher
|
| 106 |
- hold the state of network filter when update
|
106 |
- hold the state of network filter when update
|
| 107 |
Core improuvments
|
107 |
Core improvements
|
| 108 |
- simplify official certificate import process
|
108 |
- simplify official certificate import process
|
| 109 |
- update with the last version of Coova (1.2.8)
|
109 |
- update with the last version of Coova (1.2.8)
|
| 110 |
Improve security
|
110 |
security improvements
|
| 111 |
- end of implementation of ANSSI rules for netfilter
|
111 |
- end of implementation of ANSSI rules for netfilter
|
| 112 |
News
|
112 |
News
|
| 113 |
- allow exception of IP addresses (or network addresses) in the authentication process
|
113 |
- allow exception of IP addresses (or network addresses) in the authentication process
|
| 114 |
- ACC : group member is added in user list
|
114 |
- ACC : group member is added in user list
|
| 115 |
|
115 |
|
| 116 |
---------------------- 2.2 --------------------
|
116 |
---------------------- 2.2 --------------------
|
| 117 |
Bugs
|
117 |
Bugs
|
| 118 |
- A bug with "sudo" is bypassed
|
118 |
- A bug with "sudo" is bypassed
|
| 119 |
- improve the script which display and close users open sessions
|
119 |
- improve the script which display and close users open sessions
|
| 120 |
- some minor bugs
|
120 |
- some minor bugs
|
| 121 |
Core improuvments
|
121 |
Core improvements
|
| 122 |
- add a central conf file (/usr/local/etc/alcasar.conf)
|
122 |
- add a central conf file (/usr/local/etc/alcasar.conf)
|
| 123 |
- IP parameters can be change in central conf file. Apply with the script "alcasar-conf.sh -apply"
|
123 |
- IP parameters can be change in central conf file. Apply with the script "alcasar-conf.sh -apply"
|
| 124 |
- 'alcasar-nf.sh' and 'alcasar-bl.sh' scripts now use the global parameters file (alcasar.conf)
|
124 |
- 'alcasar-nf.sh' and 'alcasar-bl.sh' scripts now use the global parameters file (alcasar.conf)
|
| 125 |
- improve the script which managed the trusted sites and urls
|
125 |
- improve the script which managed the trusted sites and urls
|
| 126 |
Improve security
|
126 |
security improvements
|
| 127 |
- close all accounting session when the system goes down or up
|
127 |
- close all accounting session when the system goes down or up
|
| 128 |
Improve install process
|
128 |
installation process improvements
|
| 129 |
- allow change of alcasar IP private address during install stage
|
129 |
- allow change of alcasar IP private address during install stage
|
| 130 |
- no more question, when upgrating
|
130 |
- no more question, when upgrating
|
| 131 |
News
|
131 |
News
|
| 132 |
- blacklist category "ip" is added for url that contains only an ip address (no FQDN)
|
132 |
- blacklist category "ip" is added for url that contains only an ip address (no FQDN)
|
| 133 |
- allow LDAP/AD connections both on WAN and LAN
|
133 |
- allow LDAP/AD connections both on WAN and LAN
|