Changelog - Gateway

2.0.64 - 27th February 2024

  • [FIX] Bitdefender anti-malware engine crash

2.0.52 - 29th August 2023

  • [NEW] Upgrade to squid 6.0 core
  • [NEW] Upgrade Bitdefender scanning engine
  • [NEW] Improved certificate handling and latest certificate store
  • [FIX] Memory leak fixes
  • [FIX] TLS 1.3 confusing error message

2.0.33 - 26th August 2022

  • [FIX] Kerberos Strong Cipher option UI corrected.

Known Issues

  • Kerberos authentication on HA standby gateways may fail overnight.

RC2.0.30 - 18th August 2022

This is a release candidate available for customer testing. Please feedback any issues not noted here via support.

  • [NEW] Gateway OS Ubuntu 20.04 LTS
  • [FIX] Issue with DNS server not saving on initial setup

v1.2.45 - 16th June 2021

  • [NEW] Upgraded Bitdefender scanning engine
  • [NEW] Upgraded Unpacking engine
  • [NEW] Nested archive scanning
  • [NEW] Configuration option for alt-names certificate matching
  • [FIX] Verbose log file output
  • [FIX] Issue downloading specific iso files from Microsoft

v1.2.30 - 11th September 2020

  • [NEW] Early access to squid5 based proxy which supports web sockets
  • [NEW] Upgraded Bitdefender scanning engine
  • [NEW] Improved ICAP availability detection and fail over
  • [NEW] Agent Name can be customised to identify gateway traffic more easily in Analytics
  • [FIX] Using the early access squid5 for alt-names bypass issue
  • [FIX] Plain text/html files detected as application/octet-stream MIME type
  • [FIX] Updated local SSL certificate store to the latest available
  • [FIX] Custom squid override files are now preserved during upgrades (please backup custom override scrips prior to installing this version)
  • [FIX] File Type detection was failing for certain MSI files
  • [FIX] generate a gateway UI certificate compatible with Mac OS X 10.15+ requirements
  • [FIX] Bitdefender log file now outputs to syslog
  • [FIX] Captive Portal works for non-domain devices if AD Login Agent is also enabled

v1.1.53 - 30th September 2019

  • [FIX] MAC address sometimes not logged correctly after interception

v1.1.52 - 26th September 2019

  • [NEW] Gateway reports status information to USS dashboard
  • [FIX] Bug relating to a large number of session files building up due to incorrect housekeeping

v1.1.49 - 13th June 2019

  • [NEW] Extended file content scanning with magic number detection for all MIME types
  • [NEW] Malware, IA and MIME Type filter logs are now incorporated into the Web Activity reports within the USS dashboard, rather than standalone

v1.1.43 - 21st March 2019

  • [NEW] Support for response scanning and MIME Type blocking

v1.1.31 - 28th November 2018

  • [FIX] Bypass patterns do not always take effect until after a sysmond restart

v1.1.30 - 14th November 2018

  • [FIX] Bypass hostnames had the first letter truncated

v1.1.29 - 8th November 2018 (Ubuntu 16.04 based gateway)

  • [NEW] Improved local user interface (UI)
  • [NEW] Bandwidth, Requests and DNS timing charts with pan-zoom
  • [NEW] Image Analysis module for image scanning
  • [NEW] Improved performance when using content scanning modules
  • [NEW] Support for the new Bypass Authentication by MAC Address bypass type
Release notes below this notice are for the Ubuntu 14.04 based version of the gateway: please upgrade your gateway

v1.0.58 - 16th November 2018

  • [NEW] Improved local user interface (UI)
  • [NEW] Bypass List is displayed in the local UI
  • [FIX] Redesigned the handling of overlapping domains which can cause the proxy to stop unexpectedly
  • [FIX] Large downloads through Dropbox are truncated
  • [FIX] Chunked zipped downloads through Box fail
  • [FIX] Extended the timeout for configuration profile downloads
  • [FIX] Bypass hostnames had the first letter truncated

v1.0.43 - 29th March 2018

  • [FIX] Under certain conditions the gateway could run out of file descriptors due to connections being left open.

v1.0.42 - 1st February 2018

  • [FIX] Correctly captures usernames with spaces when using basic kerberos authentication (explicit proxy)

v1.0.41 - 25th January 2018

  • [NEW] Captive Portal traffic can now be tagged separately

v1.0.39 - 13th December 2017

  • [NEW] Support for AD Login Service user identification
  • [FIX] When logging in to the Captive Portal with a username containing spaces, a filter rule based on Active Directory attributes does not match
  • [FIX] WCCPv2 configuration allows blank password to be used

v1.0.36 - 13th October 2017

  • [FIX] Performance enhancements for SSL interception

v1.0.34 - 12th September 2017

  • [FIX] Special characters in Active Directory usernames cause filter rules not to match

v1.0.32 - 2nd August 2017

  • [FIX] Some RADIUS servers send the MAC address in the accounting packet without separators causing Captive Portal sessions not to match

v1.0.31 - 17th July 2017

  • [FIX] Updated database of root CA certificates
  • [FIX] Issue enabling Captive/Guest Portal
  • [FIX] UI related log files are purged after 30 days to reduce disk space usage

v1.0.30 - 15th June 2017

  • [NEW] Advanced option - Reduce noise from background Web requests
  • [NEW] Advanced option - Reuse the same key when using Diffie-Hellman key exchanges
  • [NEW] Captive/Guest portal now redirects to the original web site visited by the user (if available) unless an explicit Redirect rule is set
  • [FIX] Changing Network Config after installation now applies the changes to the gateway
  • [FIX] Added version number to the Overview page

v1.0.28 - 11th May 2017

  • [FIX] ICAP 206 Partial Response bug

v1.0.26 - 15th February 2017

  • [NEW] The certificate file is available to download as a .crt extension rather than just .der (for compatibility with some Android devices)
  • [FIX] Removal of upgrade notice after login

v1.0.25 - 3rd February 2017

  • [FIX] Improved the registration process
  • [FIX] Removed the Unauthorized warning dialog if session expires
  • [FIX] Correctly encoding for usernames containing whitespace
  • [FIX] Updated SSL ciphers for better interception of mobile devices

v1.0.24 - 24th January 2017

  • [NEW] Additional override file for squid - see advanced section

v1.0.23 - 9th January 2017

  • [FIX] Bypassed sites correctly override filtering with the anti-malware module active

v1.0.22 - 21st December 2016

  • [FIX] Ignore local loopback address for Captive Portal connections

v1.0.21 - 7th December 2016

  • [FIX] Updated ICAP server selection method
  • [FIX] Updated support for inspecting compressed files for malware

v1.0.16-2 - 14th October 2016

  • [FIX] Removed expired CA certificates that prevented certificate verification on some web sites
  • [FIX] SSL based bypass rules now work correctly via the Captive Portal
  • [FIX] Log rotation of the proxy and cache log files

v1.0.16 - 7th October 2016

  • [NEW] Support for Anti-malware scanning
  • [FIX] Improved SSL Certificate verification

v1.0.12 - 4th August 2016

  • [NEW] Added a Reset SSL option to the System menu for clearing SSL cache and regenerating CA certificate

v1.0.11 - 20th July 2016

  • [FIX] Improvements to SSL interception; support for new ciphers and Authority Key Identifier
  • [FIX] Improvements to sockets left in CLOSE_WAIT state

v1.0.10 - 12th July 2016

  • [NEW] Added EULA acceptance page
  • [FIX] MAC address lookup on Captive Portal connections

v1.0.9 - 2nd June 2016

  • [FIX] Changes to the Configuration Profile format. If you have problems logging in to the gateway, please update to this version.

v1.0.7 - 13th May 2016

  • [FIX] Fixes bypass by destination Domain and SSL patterns

v1.0.6 - 6th May 2016

  • [NEW] Support for authentication bypass based on source CIDR
  • [FIX] Workaround for squid leaking client side sockets, leaving them in CLOSE_WAIT state

v1.0.4 - 19th April 2016

  • [NEW] Updated proxy server
  • [FIX] Overlapping Bypass entries could cause the proxy to fail to start
  • [FIX] 6 session limit removed for anonymous users of the Captive/Guest portals

v1.0.3 - 6th April 2016

  • [NEW] Added WCCPv2 support

v1.0.2 - 31st March 2016

  • [NEW] Added fall back to basic authentication of kerberos is not supported (e.g. non-domain computer)

How did we do?