Skip to content

Latest commit

 

History

History
339 lines (273 loc) · 13.2 KB

NEWS.asciidoc

File metadata and controls

339 lines (273 loc) · 13.2 KB

PacketFence NEWS

Project homepage: https://www.packetfence.org/

Please report bugs to: http://www.packetfence.org/bugs/

Interested in contributing to the project? http://www.packetfence.org/support/community.html

This is a list of noteworthy changes across releases. For more details and developer visible changes see the ChangeLog file. For a list of compatibility related changes see the UPGRADE.asciidoc file.

Version 4.1.0 released on 2013-12-11

New Features
  • Portal profiles can be filtered by switches

  • Proxy interception

  • New pfcmd command fixpermissions

  • Added a "Null" authenication source

  • Displayed columns of nodes are now customizable

  • Create a single node or import multiple nodes from a CSV file from the Web admin

  • LDAP authentication sources can now filter by group membership using a second LDAP query

  • Extended definition of access durations

  • FreeRADIUS does not need to be restarted after adding a switch

  • New customizable ACLs for Web admin interface

Enhancements
  • Improved error messages in RADIUS modules

  • Simple search for nodes now includes IP address

  • Search by MAC address for nodes and users now accepts any MAC format

  • Improved starting delay when using inline mode

  • Added memcached as a managed service

  • Added CoA support for Xirrus access point

  • Improved validation of VLAN management

  • Updated FontAwesome to version 3.2.1

  • Each portal profile can now have a different redirection URL

  • Initial destination URL is now respected with Firefox

  • An Htpasswd source can now define sponsors

  • Improved display of pie charts (limit of legend labels and highlight of table rows)

  • Creation of users is now performed from the users page (was on the configuration page)

  • Validate file path when saving an Htpasswd authentication source

  • Improved validation of a sponsor’s email address

  • Allow actions depending on authentication source type

  • Modified logrotate so it uses copytruncate instead of restarting the services.

  • Now comes with a corosync compatible barnyard2 init script in addons.

  • Unreg the node when you come from a secure connection to an open connection

  • Allow a self-registered node by SMS to go back to the registration page

  • Sponsor email authentication source can refuse email addresses of the local domain (as the email source)

  • Updated German (de) translation

Bug Fixes
  • RADIUS configuration files are no longer replaced when updating packages

  • Fixed match of Htpasswd authentication source (#1714)

  • Fixed creation of users without a role (#1721)

  • Fixed expiration date of registration to the end of the day (#1722)

  • Fixed caching issue when editing authentication sources (#1729)

  • Allow rules with dashes (#1730)

  • Fixed vconfig setting the wrong name_type

  • Fixed help text in Web admin (#1724)

  • Removed references to unavailable snort rules (#1715)

  • Fixed LDAP regexp condition not considering all attribute values (#1737)

  • Fixed sort by phone number and nodes count when performing an advanced search on users (#1738)

  • Fixed users searches not being saved in the proper namespace

  • Fixed handling of form submit when saving a user search

  • Fixed self-registration of multiple unverified devices

  • Fixed duplicate entries in advanced search of nodes

  • Fixed advanced search by node category

  • Fixed reordering of conf sections and groups (#1749)

  • Fixed pid of SMS-registered devices (was "admin" in certain circumstances)

  • Fixed saving of allow local domain option when disabled in an email authentication source

  • The allow local domain option of the email source will now only affect the user who registers by email

  • Fixed ifoctetshistoryuser command to use the correct query when just a user is given

  • Fixed network-detection for IE 8

  • Fixed SQL query of SSID report in Web admin

Version 4.0.6-2 released on 2013-09-13

Bug Fixes
  • Fixed dependancy in debian/ubuntu package (#1705)

  • Fixed 802.1X error in RADIUS authorize (#1709)

  • Fixed pfcmd not stopping services (#1710)

  • Fixed caching issue on Web admin interface (#1711)

Version 4.0.6 released on 2013-09-05

New Features
Enhancements
  • Improved display of filters and sources (DynamicTable) in portal profile editor

  • Ensure the VLAN naming scheme is set on start up

  • When no authentication source is associated to the default portal profile, all available sources are used

  • Phone number is now editable from the user editor

  • Updated fingerprints of gaming devices (Xbox)

  • Moved pfmon to a single process daemon and added the ability to restart itself upon error

  • Added new test tool bin/pftest

  • Improved SQL query in pf::node when matching a valid MAC

  • Allow change of owner in node editor (with auto-completion)

  • iptables management by packetfence is now optional

  • Allow advanced search of users and nodes by notes (#1701)

  • Added better error/warning messages when adding a violation with pfcmd

  • Output the violation id for pfcmd violation add command when the json option is supplied

Bug Fixes
  • Fixed XML encoding of RADIUS attributes in SOAP request

  • Fixed retrieval of user role for gaming devices

  • Fixed SQL query of connection types report in Web admin

  • Fixed issue with anonymous LDAP bind failing with searches

  • Fixed email subject when self-registering by email

  • Fixed empty variables of preregistration email template

  • Fixed detection of guest-only authentication sources when no source is associated to the portal

  • Fixed stylesheet for Firefox and IE when printing user access credentials

  • Fixed display of IP address in advanced search of nodes

  • Fixed advanced search of nodes by violation

  • Fixed advanced search of users by sponsor

  • Fixed various caching issues

  • Fixed various logged warnings

  • Fixed various authentication issues (#1693, #1695)

Version 4.0.5-2 released on 2013-08-12

Bug Fixes
  • Fixed authentication with multiple sources

  • Fixed oauth2

  • Authentication source is now respected when using WISPr

Version 4.0.5 released on 2013-08-09

New Features
  • Passthrough with Apache’s mod_proxy module

Enhancements
  • Improved validation of sponsor’s email

  • Self-registration by sponsor now works without having to define an email authentication source

  • Fetching VLAN for dot1x connections is now limited to internal authentication sources

  • Splitted internal and external classes in dropdown menu of authentication types

  • Show error message when trying to delete a source used by the portal profiles

  • Documentation of the vip parameter for management interface

Bug Fixes
  • Authentication is now limited to internal sources

  • DynamicTable widget now allows to drag’n’drop under last row

  • Connections on port 443 are now accepted for self-registration (#1679)

  • Use virtual ip when available for SNAT

  • Remote conformity scan engines (Nessus/OpenVAS) can now scan devices in unregistrated state on inline networks

  • Returned per-switch role (if configured) for "Role mapping by switch role" rather than sending the user role

Version 4.0.4 released on 2013-08-05

New Features
  • Portal profiles can now have multiple filters

Enhancements
  • Added new regexp operator for strings in authentication rules

  • Automatic landing on the sign-in page if no internal/oauth authentication source is used by the portal profile

  • Self-registration is now enabled when a profile has at least one external authentication source

  • Authentication sources of portal profiles are now displayed in a sortable table

  • Sort actions of a violation in reverse order to set the role before auto registration

  • Added hostapd configuration in the Network Devices Configuration Guide

  • Version number is now sent when submiting dhcp and useragents fingerprints

Bug Fixes
  • External authentication sources of portal profiles are not respected

  • A portal profile can have multiple external authentication sources of the same type

  • Port 443 on the management interface is not open when gaming registration is enable

  • Crash of FreeRADIUS with SOAP::Lite prior to version 1.0

  • Wrong permissions on the logs files causes an error with the log action of violations

  • Error with violations with tainted chain in pfmailer and action_log subroutines

  • Triggering a violation with a trap action doesn’t reevaluate access

  • authentication.conf and profiles.conf are overwritten when updating PacketFence

  • First element of button groups is not properly displayed

  • Sponsors are not extracted from LDAP sources

Version 4.0.3 released on 2013-07-22

New Features
  • Support for hostapd access points

Enhancements
  • New buttons to clone a switch, a floating device, and a violation

  • New version number in the top navigation bar

Bug Fixes
  • Form toggle fields don’t support all variations

  • Counters and graphs for today are empty

  • Maintenance interval is not respected in pfmon

  • Optgroup labels in select menus are hidden when build multiple times

  • Callbacks are performed on every ReadConfig

  • Guest modes don’t show up on captive portal

  • Authentication source is not respected when matching actions in register.cgi

Version 4.0.2 released on 2013-07-12

Enhancements
  • Replaced bind with pfdns - PacketFence’s own DNS server

  • Rewrote Oauth2 support (based on ipset sessions)

  • New counters bellow line graphs of reports

  • Support for anonymous bind in LDAP authentication sources

  • Added support for date and time conditions in authentication sources

  • Added "is not" condition on connection type

  • Extend simple search of nodes to match MAC, owner and computer name

  • Added search and display of the a user’s telephone number

  • Can now have multiple external authentication sources

  • Increased speed of loading configuration from the cache

  • Each portal profile can now use a list of authentication sources

  • A switch definition can now be easily cloned

  • Switches are now ordered by IP address

  • LDAP SSL and STARTTLS now works as expected.

Bug Fixes
  • Re-evaluate network access when changing a node status

  • Re-evaluate network access when closing a violation

  • Missing unit when interval is zero

  • Switch with empty inlineTrigger rises an exception

  • Web admin sets triggerInline while libs expect inlineTrigger

  • Condition on user email doesn’t work for email sources

  • Sponsors can’t be validated

  • Node search by person name is broken (#1652)

  • Can’t enable VoIP from switch configuration form (#1663)

  • Maximum number of nodes per user is not respected by role

  • Routed networks are not properly sorted (#1666)

  • Can’t edit notes of a node (#1667)

  • pfdetect_remote and pfarp_remote fix

Version 4.0.1 released on 2013-05-17

New Features
  • Support for all CDP-compatible VoIP phones on Cisco switches

Enhancements
  • Line graphs now automatically switch to a month-based view when the period covers more than 90 days

  • Debian 7.0 (Wheezy) packages

Bug Fixes
  • Default values override defined values in violations.conf

  • Wrong version of pf::vlan::custom

  • Groups in configuration files are not ordered under their respective section

  • mysqld is not enabled at startup

  • memcached is not enabled at startup

  • Access duration action doesn’t honor default values in web admin

  • Types in networks.conf are missing the "vlan-" prefix

  • Default pid in node table and config module must be "admin", not "1"

  • No warning when stopping httpd.admin

  • Match not performed by type in mobile-confirmation.cgi

  • Authentication rule condition on connection type doesn’t work

  • Authentication rule condition on SSID doesn’t work

  • Access level is lost when editing a user

  • Catchall rules won’t work in a htpasswd source

  • Minor visual improvements to the web admin interface

  • Statics routes not added on PacketFence restart

Version 4.0.0 released on 2013-05-08

New Features
  • Brand new Perl-based Web administrative interface using the Catalyst framework

  • New violation actions to set the node’s role and deregister it

  • Support for scanning dot1x connections for auto-registration by EAP-Type

  • Support for auto registering dot1x node based of the EAP-Type

  • New searchable MAC Addresses module to query all existing OUI prefixes

  • New advanced search capabilities for nodes and users

  • New memory object caching subsystem for configuration files

  • Ubuntu packages (12.04)

Enhancements
  • Authentication sources can now be managed directly from the GUI

  • Roles (previously called categories) are now computed dynamically using authentication sources

  • Portal profiles and portal pages are now managed from the GUI

  • Fingerprints and User Agents modules are now searchable

Bug Fixes
  • Modified the SQL upgrade script from 3.5.0 to 3.6.1 (#1624)

Translations
  • Translated all remediation pages to French

  • Updated Brazilian Portuguese (pt_BR) translation

  • Updated Spanish (es) translation