The HotFix generates an error when manually updating the Artica version, it is normal.
It can be applied only for Artica 4.30.00000 Service Pack 206.
New Hotfix erase modifications of old applied HotFixes.
¶ Service Pack 208
On November 2022 24 a new official Service Pack 208 was released.
The Service Pack 208 stores all fixes added in this section.
Did not use this fix if your Artica server is already updated with the Service Pack 208
¶ Issues resolved by The Hotfix (20221024)
- Active Directory » Authentication » White lists did not work as expected
- Unable To Import CA
- Time synchronization with Active Directory did not working properly
- Missing ClamAV Pattern Database on 4.30 SP206
- Monitor proxy behavior with an external URL
- Import PKCS#7 or P7b or P7c or P7r certificate
- Add Kerberos certificate renewal procedure in order to avoid outdated Kerberos ticket.
- Add logging Kerberos ticket watchdog (K5start) to syslog
- Automatically disable unecessary Mosquitto service.
- Uncaught TypeError: Return value of duplicated_tokens() when configuring the Web service.
- Error: Call to undefined function posix_getuid() on the framework when upgrading PHP engine.
- Unable to upgrade system components maintenance
- Fixed Display of proxy parent status rules to see if the rules are really applied to the system or not.
- Fixing the WCCP function is only available when using the Enterprise edition, which should not be the case.
- Fixing the ClamAV status page stuck to warn that no patterns as been updated.
- Adding specific whitelists in order to force the proxy to not forward to proxy parents when requests going to the proxy itself.
- Added extended errors in the proxy requests monitor to understand failed requests
- Add possibility to upgrade proxy version to 5.x and to downgrade proxy version to 4.x
- Add possibility to remove ElasticSearch and Kibana from the disk
- Add possibility to tune HaCluster Timeouts parameters
- Add possibility to store DNS logs queries in legal logs storage
- Add Possibility to use a remote PostgreSQL server
- Add Possibility to import Web-Filtering databases and settings from an old Artica 3.x snapshot container.
- Fix: Modify settings in PostreSQL database did not restart the local service.
- Portuguese translation language to 20%
- Fix: Cluster slave with reverse proxy crashes due to wrong listen Interface from the master.
- Add: speedup “all sites” reverse-proxy compilation processing
- Add: New procedure to restart the proxy service in ports configuration.
- Fix: Unable to change protocol in filebeat client.
- Change: Global Whitelists as been changed to default regex instead of fixed domain.
- Change: Disable authentication on port as been moved to sticker in listen port list.
- Remove: bing and duckduckgo from the internal fixed categories list.
- Fix: Double ports in HotSpot SMTP register message URL
- Add: Include the Web API Service management.
- Add: more watchdog functions to ensure the Web API Service runs correctly
- Fix: Firewall rules are not flushed when modify proxy transparent ports
- Add: watchdog function that ensure Monitor Dameon startup script is not corrupted.
- Add: 4.40 file descriptors method to 4.30 SP206
- Fix: Whitelisting computers from HotSpot is not applied on Proxy service
- Add: status of Artica Statistics communicator integration.
- Fix: some typos on whitelists can crash the Web-Filtering plugin client and make the proxy service restart
- Add: Possibility to disable the MacToUid Proxy plugin.
- Fix: Security hole CVE-2021-40681 found by Jordan Miles
- Increase performance of the Web-filtering connector.
- Proxy error pages are using now embeeded objects instead of external urls objects.
- Add possibility to add source scopes in HaCluster balancer
- Fix Monitor daemon crashes if using Active Directory REST API service in SSL mode
- Add compilation configuration error notification on HaCluster service
- Fix HaCluster or Load-balancer service is incompatible with latest engine v2.2x or above.
- Add: Possibility to disable the Artica proxy plugin
- Fix: Unable to access to HotSpot sessions management with HotSpot Manager rights
- Fix: Bungled proxy configuration when using HotSpot service and Active Directory
- Fix: Increase number of Artica categorization plugins process number.
- Fix: Ensure the number of file descriptors when starting the service.
- Fix: Loop and high process when parsing Web-filtering events.
- Fix: Too many reloads caused by non-existent ssl_db directory
- Add: Possibility to upgrade to PHP 7.4x
- Fix: The HotSpot feature did not wait correctly the defined time before deleting the unconfirmed account.
- Add: Possibility to totally remove ClamAV software
- Fix: Sometimes Artica restarts OpenLDAP each 10mn that cause proxy service to be reloaded each 10Mn
- Add: Automatic fake compatibility between PHP 7.3 and 7.4
- Fix: Unable to save Proxy parents general parameters
- Fix: Do not use the proxy and Always use direct acls rules are not applied when using parent proxies.
- Add: Possibility to schedule an HaCluster service reload task ( defined to each 3h by default )
- Fix: Privileges Allow Add Group or Allow Add user only can access to the web console.
- Fix: Unable to change password of an LDAP member
- Improve: Manager credentials changes.
- Fix: MemCached has been handled by systemd daemon.
- Fix: HaCluster client send events to local syslog that stressing the local syslog server.
- Fix: False alarms on the PostgreSQL watchdog monitor.
- Add: AdminTrack Support
- Add: New Watchdog that testing the connectivity with backends proxy from the HaCluster service.
- Add: Remove The Shields service and SMTP service after returning back from unstable Service Pack to Official supported version.
- Add: Possibility to restart proxy service after a log rotation process.
- Fix: Multiple events “Migrating category service…” if the Categories Service is enabled.
- Fix: Unable to Activate the Hotspot + Active Directory caused by a missing proxy object.
- Fix: Proxy service did not log if there an ACL in log center that using a disabled proxy object
- Fix: Unable to open HotSpot Vouchers page when importing a large Voucher tickets.
- Fix: CVE-2021-41739
- Add: Possiblity to use Client Certificate in order to authenticate Members on the Artica Web Console.
- Add: Possibility to change the Connections Tracking max value in HaCluster
- Add: When installing HaCluster, some features are automatically uninstalled (Firewall, DHCP.. ) and removed from feature list
- Fix: Unable to start a transparent backend trough the HaCluster interface section.
- Add: Possibility to see some metrics from the remote proxies with HaCluster.
- Add: Improve load-balancing transparent service in HaCluster.
- Update: Siege software to 4.1.3 version.
- Add: New metrics on Hacluster
- Fix: HaCluster cannot get status of backends and make backend as unavailable.
- Fix: Artica-status daemon crashes every 3 minutes.
- Fix: Makes Postfix log association service more resilient
- Add: Possibility to personalize the ICAP antivirus Virus Found template
- Fix: Sometimes the proxy access.log is freeze, a new watchdog is created.
- Fix: Unable to connect to the Active Directory with wizard and HaCluster.
- Fix: dstat use 100% CPU because it try to parse large and old files
- Fix: Clamav Daemon cannot start because AppArmor block the unix socket creation.
- Fix: Proxy ICAP service cannot start because no available free inodes in /dev/shm
- Fix CVE-2022-37153
- Fix: Change send events to Syslog still remain targeted 514 port.
- Add: Hotfix version in REST Api (both internal Artica or dedicated resat api service).
- Fix: Issue when configuring remote syslog events with proxy service.
- Fix: Proxy plugins crashes since latest HotFix 20220906
- Fix: Possible XSS injection on the Web-Filtering error page.
- Add: Compliance with HaCluster For adjusting Kerberos encryption types
- Add: Send Artica version information to HaCluster 4.30 version SP 943 or 4.40
- Fix: Unable to remove Artica Categories Cloud service if the Local categories service is installed.
- Fix: STARTTLS Issue on Artica SMTP
¶ Download the HotFix
Download the HotFix here:
http://articatech.net/download/wiki/4.30/ntpdate/artica-4.30.000000.tgz
¶ Apply the HotFix
- On the left menu, click on “Your System” / “Update”
- Click on the button “Manual update” and upload the artica-4.30.000000.tgz downloaded file
The content of the file will be installed but an error will be generated with the “Same version” error. This is normal
SP829: Fix: Sometimes the proxy access.log is freeze, a new watchdog is created.
SP829: fix: Unable to connect to the Active Directory with wizard and HaCluster.
- Click again on the Update link, you should see the HotFix version in the title of the section
