The HotFix generates an error when manually updating the Artica version, it is normal.
It can be applied only for Artica 4.50.00000
New Hotfix erase modifications of old applied HotFixes.
These Hotfixes have been compiled and will be replaced by Service Pack1 for Artica v4.50 on February 16, 2025.
¶ Official Hotfix Manual update procedures
- 20241105-01 (released on 2024 Nov 5 )
- 20241029-17 (released on 2024 Oct 29 )
- 20241023-00 (released on 2024 Oct 23 )
- 20241020-21 ( released on 2024 Oct 20 )
- 20250214-02 ( released on 2025 Feb 14 )
¶ Issues resolved by The Hotfix
- 20250214-02: Add New HaCluster and Cluster V2 version
- 20250205-13: Add Possibility to disable the Error accessing the Internet via proxy notification
- 20250204-01: Add Prometheus Exporter for the reverse-proxy service
- 20250130-18: Add Possibility to disable USB devices
- 20250129-01: Add revived SMTP real-time logs feature for Artica SMTP on Debian 12
- 20250112-21: Add Possibility to extract events from reverse-proxy legal logs
- 20250109-15: Add InstantLDAPBackup feature for fixing a potentially corrupted OpenLDAP database
- 20250108-01: Add support of systemd-networkd for modern distributions
- 20241226-14: Fix Unable to configure Proxy Authentication method using a remote ldap server
- 20241224-00: Add Possibility to associates a in-memory database with DNS Cache service
- 20241222-14: Add Possibility to use Multiple Service Principal Names in Active Directory Kerberos Proxy authentication.
- 20241221-22: Add Possibility to enable the VMI Watchdog for monitoring system hangs
- 20241215-20: Add Possibility to detach DNS forwarders from the system for foreign domains in DNS Cache service
- 20241206-14: Add: Possibility to Instruct browsers to cache certain elements locally using the reverse-proxy service
- 20241206-01: Fix: Bad rules compilation in proxy Headers ACLs
- 20241205-13: Fix: The API REST did not detects the presence of the Web Application Firewall library for the Reverse-Proxy
- 20241204-18: Fix: Unable to set a server certificate from certificate center for the Web console
- 20241126-20: Fix: CIS compliance 1.5.2_bootloader_password
- 20241126-20: Fix: CIS compliance 1.1.21_sticky_bit_world_w
- 20241126-20: Fix: CIS compliance 1.6.4_restrict_core_dumps
- 20241126-18: Fix: Proxy.PAC service sometimes read rules in a random way
- 20241126-03: Fix: CIS compliance 5.6_restrict_su
- 20241126-03: Fix: CIS compliance 99.1.1.23_disable_usb_dev
- 20241126-03: Fix: CIS compliance 99.5.2.1_ssh_auth_pubk_on
- 20241126-03: Fix: CIS compliance 99.5.2.2_ssh_cry_rekey
- 20241126-03: Fix: CIS compliance 99.5.2.3_ssh_disable_feat
- 20241126-03: Fix: CIS compliance 1.1.1.7_restrict_fat
- 20241125-18: Fix: Default Artica Firewall rule overrides network card-specific rules
- 20241124-15: Fix: Threats from the Integrated Proxy antivirus are not displayed
- 20241123-00: Add: Possibility to set Transmit queue length parameter for a network interface
- 20241114-21: Fix : LDAP SSL issues on Debian 12
- 20241114-13: Fix: Action “Rebuild full configuration” on the Proxy service destroy the Active Directory keytab
- 20241114-13: Fix: Enter/exit into emergency mode did not restore the full proxy configuration
- 20241114-13: Add: Improve status of the Webfiltering Proxy connectors
- 20241114-13: Add: Web-filtering Rule status if it is in production or not in the rules main table
- 20241114-13: Add: Specific secure Firewall rules for local Proxy service
- 20241114-13: Add: Possibility to filter Web-filtering events by IP address and/or categories
- 20241110-21: Add: Possibility to use GeoIP Maxmind in firewall rules
- 20241110-16: Add: Possibility to replicate Maxmind GeoIP databases accross multiple Artica servers
- 20241109-13: Fix: Unable to start OpenVPN server on Debian 12 system
- 20241104-17: Add: Possibility to create mirror rules to target address in the Artica Firewall
- 20241031-14: Fix: Web error page always use the error page rule that have no filter.
- 20241031-00: Fix: Missing libpython3.7 python3-memcache to make the RDS Proxy AuthHook running on Debian 10
- 20241030-22: Add: More IDS rules when updating
- 20241030-22: Add: Automatic watchdog for the “GENSEC login failed: NT_STATUS_LOGON_FAILURE” error when using NTLM.
- 20241030-18: Fix: Unable to scan the legal log repository when the repository is a symbolic link
- 20241030-16: Fix: Installing Active Directory feature stuck at 50% on Debian 12
- 20241030-16: Fix unable to set Proxy Reply Access acls using Debian 12
- 20241030-16: Fix unable to make the Local DNS Cache running.
- 20241030-16: Fix Unable to see privileges list using Debian 12
- 20241030-00: Add possibility to send all traffic to a remote address
- 20241029-16: Add possibility to query domains under Newly registered domains database
- 20241025-01: Fix: Unable to install Proxy eCAP antivirus on Debian 12
- 20241021-19: Fix: Web console crash on license section
- 20241021-19: Fix: Unable to generate SSL certificate clients on Reverse-Proxy.
- 20241021-11: Fix: Web page console crash on Debian 12 when viewing HaCluster backends and Web-filtering time slots
- 20241020-21: Add: Fingerprinting Web Access feature for the Artica Web console
- 20241020-21: Add: Debian 12 support
- 20240724-19: Add: New feature Persistent network interfaces
- 20240702-17: Add: Fix for the CVE-2024-6387: OpenSSH regreSSHion RCE
- 20240609-10: Add: Possibility to move all log directories to an another location.
- 20240607-01: Add: DNSTAP support for LogSink
- 20240607-01: Fix: Corrupted formatted proxy events to LogSink.
- 20240607-01: Fix: LogSink did not open UDP port correctly
- 20240605-14: Add: EDNS support when using Artica DNS Cache service in backends and Front-ends
- 20240601-17: Add: MicroDHCP service status, leases and events
- 20240531-18: Fix: Some malformatted Policies Zones make the local DNS cache service unavailable.
- 20240531-17: Add: New bell notification when a new DNS Cache version is available.
- 20240531-17: Fix: PostgreSQL table modsecurity_linked_tags increase dramatically when using Web Application Firewall
- 20240531-17: Fix: Improve performance of the Local DNS Cache Service.
- 20240528-19: Fix: Cannot define correctly a subdirectory for backup snapshots
- 20240528-19: Fix: Unable to set a static HTML reverse Proxy website
- 20240528-19: Fix: Sometimes Proxy service lost max file descriptors value and return back to 4096
- 20240528-19: Fix: Unable to assign Active Directory privileges when there are quotes “'” in Active Directory group name
- 20240508-19: Add: Possibility to enable DoH service for the DNSBL/RBL service
- 20240508-19: Fix: Artica did not renew correctly the Active Directory Kerberos certificate
- 20240508-19: Add: Possibility to enable a Dedicated service for query DoH Cloudflare
- 20240427-13: Fix: Review the DNS Firewall GeoIP rule
- 20240426-17: Fix: Unable to upload ther kerberos Keytab in HaCluster server
- 20240426-17: Fix: Unable to restore a snapshot
- 20240426-10: Fix: License corrupted and deleted if license check is performed at startup.
- 20240426-01: Add: Possibility to populate Firewall rules from the DNS Firewall
- 20240329-10: Add: Possibility to enable/disable the Proxy Acls Active Directory groups recursive search
- 20240324-18: Add: Cache Exclusions rules for the reverse-proxy engine.
- 20240319-17: Fix CVE-2024-2054
- 20240317-12: Add: When creating server certificate, process take care if an IP address is added in domains.
- 20240317-12: Add: New Process for reconfiguring Proxy ports
- 20240317-12: Fix: Wrong permissions on the Postfix binaries
- 20240311-15: Add Possibility to manage VLAN interfaces via REST API
- 20240311-15: Add Possibility to reboot the system via REST API
- 20240309-01: Fix CVE-2024-2056
- 20240307-18: Add Possibility to create a dedicated Proxy instance section for debugging
- 20240306-20: Add New Feature: Artica Windows DNS Agent
- 20240223-03: Add Possibility to deny artica to build network configuration
- 20240222-20: Add new service for Reverse-Proxy “DoH Gateway”
- 20240222-18: Fix Unable to set the download/update rate in the Reverse-proxy service
- 20240222-18: Fix Unable to set the max connections by IP in the Reverse-proxy service
- 20240222-18: Add: Possibility to define an outgoing interface for the Reverse-proxy service
- 20240220-01: Add Possibility to setup specific DNS servers for the reverse-Proxy
- 20240220-01: Add More options for the Reverse-proxy backends keep Alive feature
- 20240220-01: Add Improve the Reverse-proxy backend load-balancing feature
- 20240220-01: Add Manage PowerDNS using REST API
- 20240213-00: Add Manage DNS Cache records using REST API
- 20240213-00: Add Improve DNS Cache records management
- 20240212-11: Add Restrict Artica login page by geolocation
- 20240211-16: Add SSH brute-force remediation
- 20240210-18: Add Possibilty to include Toulouse University blacklists
- 20240208-15: Add New statistics for the number of connected members to the Proxy service
- 20240208-15: Add New Artica Milter object ACLs Artica Deny reputation
- 20240201-16: Add REST API in order to Check if all Proxy Listen ports are available
- 20240131-13: Add New Artica Milter object ACLs URLs expression
- 20240131-13: Add New Artica Milter object ACLs Active Directory recipients
- 20240131-13: Add New Artica Milter object ACLs Active Directory sender
- 20240131-13: Add New Artica Milter object ACLs Attachments
- 20240130-02: Add automatic postrouting NAT when using VPN client
- 20240130-02: Fix unable to access to Unix console parameters trough the Artica Web Console parameters section.
- 20240130-02: Fix: Hostname is truncated after the installation wizard.
- 20240130-02: Fix: Unable to start PHP Web console when using VPN client
- 20240126-01:Add: Possibility to create multiple IPV6 addresses for a single network interface
- 20240124-15: Add: Possibility to tune Ciphers for the SMTP daemon in Artica SMTP Edition
- 20240123-13: Add: Possibility to enable the upgrade Artica with Hotfixes in developement mode
- 20240120-15: Add: AutoBackup feature for the Artica Reverse-Proxy edition
- 20240116-15: Add: ACLs method in the Artica Milter filter for Artica SMTP Edition
- 20240112-15: Add: API REST for DNS system settings
- 20240111-15: Add: Possibility to query the Proxy Parents status via API REST
- 20240111-13: Add: Possibility to query the proxy NTLM connection status via API REST
- 20240109-14: Add: Possibility to monitor Proxy File Descriptors status via API REST
- 20240108-22: Add: Possibility to disable Artica to manage OpenSSH service configuration
- 20240108-15: Add: Possibility to search proxy realtime events by time slot.
- 20240107-16: Add: Privileges by Web Sites on reverse-proxy
- 20240103-00: Add: WebDav Access on a reverse-proxy HTML Site rule
- 20231204-13: Fix: 502 Bad Gateway on the Artica Web console
- 20231122-15: Add: Option to change the "myorigin" on the Artica SMTP Appliance
- 20231122-15: Fix: postmaster address is not changed
- 20231122-15: Add: Possibility to enable/disable recursive LDAP search for the IT Charter with Active Directory filter
- 20231122-15: Add: Possibility to tune the PHP engine for the Web console
- 20231121-14: Add : Possibility to whitelist Web application Firewall rules according to targeted applications
- 20231120-00: Add : Stopping function take care about ghost processes in HaCluster
- 20231120-00: Add : Review the reverse-proxy rewrite rules
- 20231120-00: Add : Review the reverse-proxy default server in websites rules
- 20231120-00: Add : Possibility to create a reverse-proxy website default block rule
- 20231118-02: Add: Possibility to block uploaded files based on their file type on Artica for Reverse-Proxy
- 20231117-02: Add: Possibility to scan for viruses uploaded data with Artica for Reverse-proxy
- 20231114-23: Add: Default removal headers rules on the Artica for Reverse-Proxy.
- 20231114-13: Fix: Proxy HotSpot custom form is not displayed on the HotSpot Page
- 20231113-13: Add: Possibility to recover a corrupted certificates center database
- 20231113-13: Fix: missing privileges working necessaries directories on the Web application Firewall for building reports
- 20231113-13: Fix: Undefined function Tips_paragraph that turn looping some queries on the Web console
- 20231112-20: Add: Possibility to ban clients based on Client Certificate in Artica reverse-proxy
- 20231111-14: Add: Notification to restart reverse-proxy service when a new website is created
- 20231111-02: Add: Possibility to cache reversed websites directly in a in-memory cache
- 20231110-21: Add: Possibility to turn a reverse-proxy website into maintenance mode
- 20231109-15: Fix: Increase security levels reported by the ANSSI DAT-NT28 Average intermediate level 45
- 20231107-02: Add: Increase DNS cache performance according the version 1.18.0
- 20231107-02: Add: better search on CrowdSec current blocked IP list.
- 20231107-02: Fix: Artica did not kill correctly php-fpm ghost processes
- 20231106-02: Add: PageSpeed caches in monitor system cache on Artica reverse-Proxy service
- 20231106-00: Add: Possibility to monitor system cache on Artica reverse-Proxy service
- 20231105-12: Add: Possibility to disable totally the Web Application Firewall for a defined path in Artica Reverse-Proxy service
- 20231105-12: Add: Possibility to define mass Urls redirects in Artica Reverse-Proxy service
- 20231101-21: Add: Possibility to deny URLs in Artica Reverse-Proxy service
- 20231101-16: Add: Possibility to set Permissions Policy headers in Artica Reverse-Proxy service
- 20231031-16: Add: Possibility to filter access by countries in the Artica Reverse-Proxy service
- 20231031-16: Add: Possibility to enforce the SMTP Submission port in Artica SMTP gateway.
- 20231030-14: Fix: Missing lock for privileges for Proxy Monitor on the proxy acl categories object
- 20231030-14: Fix: Wrong descriptions in the system tasks table.
- 20231030-14: Fix: Reverse-proxy real-time logs are now splitted by web service name in order to avoid timeouts in the web interface
- 20231029-15: Fix: Missing lock privileges for Proxy Monitor
- 20231029-02: Add: Possibility to log Client Certificats CommonName inside real-time events
- 20231025-23: Fix: Unable to install and configure the DHCP Relay service
- 20231024-12: Add: Possibility to force direct mode for Office 365 sites in the Proxy.PAC service
- 20231024-00: Fix Self-Signed certificate generation did not create CA capability for Proxy service with SSL decryption feature.
- 20231024-00: Fix Computer TOP menu, stuck
- 20231019-17: Add: New v2 for generating Let's Encrypt Certificates
- 20231017-11: Fix: Error table constraint on creating a new port on the reverse-proxy
- 20231017-11: Add: Get Information of public IP addresses that connects to the reverse-proxy system.
- 20231017-11: Fix: Unable to save some OpenSSH parameters.
- 20231017-11: Fix: Issue when creating an ADFS reverse Proxy.
- 20231017-11: Fix: Unable to create a Certificate Request using Certificate center.
- 20231016-17: Add: Notice to install PostgreSQL on DHCP service section if it is not installed
- 20231016-01: Remove php yaml dependecy for failover service
- 20231016-01: Fix python dependecy for the RDS proxy service
- 20231016-01: Fix: SMTP routing per destination addresses using TLS.
- 20231016-01: Add: Possibility to check client certificate only for specified path in the reverse-proxy.
- 20231016-01: Add: Possibility to import a server certificate for Client-side certification verify
- 20231013-01: Add: When Artica Firewall is active, it takes care about interfaces and ports of the reverse-proxy and create necessaries allow rules
- 20231013-01: Add: Change the Web design on the Certificates Center.
- 20231013-01: Fix: Sometimes, after rebooting, the Web console lost new saved parameters
- 20231013-01: Add: Certificate validation before saving Artica Web console interface settings
- 20231011-02: Fix issues on the RDS proxy service authenticator
- 20231011-02: Fix issues on ITCharter feature when using FireFox
- 20231011-02: Fix typo that cause a fatal error on the Active Directory NTLM watchdog
- 20231011-02: Fix: Unknown parameter encountered: "client use kerberos" in the Proxy NTLM feature
- 20231011-02: Fix creation of /var/log/samba folder during the startup
- 20231011-02: Removed Squid 6.x from repository - too many unstable features.
- 20231011-02: Under Construction: Client Certificates, Web Application Firewall - do not update if you using this feature until a new hotfix release these features
- 20231010-15: Add: Graphs and charts each hour for reverse-proxy Web application firewall
- 20231010-15: Add: sub-certificates support in Artica SMTP feature
- 20231009-23: Fix: Multiple CPUs section and Filedescriptors section turn to red status.
- 20231009-23: Fix Artica is unable to run PHP-FPM for the Web Console that generates a 502 bad gateway on the Interface
- 20231009-15: Add SMTP(s) Protocol support in the Artica SMTP gateway for the TLS feature
- 20231009-15: Fix bug 412: Artica SMTP gateway is not compatible with sub-certificates generated in the Certificates Center
- 20231009-12: Add: Parsing Reverse-Proxy Web Application Firewall events and reports are now made in real-time
- 20231009-12: Add: Managing the php engine and the Web Console using Web API daemon that able to recover Web console is PHP engine is crashed.
- 20231009-12: Add: possibility to generate a Self-Signed certificate using Web-API
- 20231009-12: Improve Procedure to generate a Self-signed certificate
- 20231003-15: Add Enforce redirects option for ADFS support in reverse-proxy feature
- 20231003-15: Add metrics per web service in the Reverse-Proxy feature
- 20230912-18: Add ADFS support in reverse-proxy feature
- 20230529-13: Fix: Bungled proxy configuration when using Multiple Active Directory Groups object type and Active Directory is inactive.
- 20230529-13: Fix: Bungled proxy configuration on TCP/IP address typing error with 2 dots eg (192.168.1..0/24 instead of 192.168.1.0/24 )
- 20230529-13: Fix: Some databases are not correctly patched after an upgrade from 4.30x to 450x
- 20230529-13: Fix: Access ACLs group of rules status is always seen as "inactive"
- 20230529-13: Fix: System overloaded after FUSER_MGR(); alert ( improve the test ports function )
- 20230529-13: Fix: /var/log/charon.log is not cleaned by Artica.
- 20230529-13: Fix: Bug 387 - Too many events in proxy cache.log caused by the eCAP Clamav when surfing on HTTPS sites ( see http://bugs.articatech.com/show_bug.cgi?id=387 )
- 20230529-16: Fix: No such column rulevalue in DNS Firewall rule section.
- 20230603-09: Add new DNS Firewall rule “Active Directory Offloading”
- 20230603-09: Add: Possibility to change the domain to test inside the failover service
- 20230603-09: Fix: Unable to build Postfix configuration according to a fatal error ( a function postconf() not exist)
- 20230603-09: Fix: Load-balancing service and haCluster service stuck caused by a system open files limitation.
- 20230605-11: Fix: Too limited Open files for DNS Firewall.
- 20230605-11: Fix: Unable to correctly update Filtering daemon service. ( see http://bugs.articatech.com/show_bug.cgi?id=388 )
- 20230605-13: increase the the overload notification limit to number of CPU + 2 ( see http://bugs.articatech.com/show_bug.cgi?id=389 )
- 20230606-12: Fix the Update section page stuck when there is no versioning information ( see http://bugs.articatech.com/show_bug.cgi?id=390 )
- 20230606-22: Fix Filtering service in left menu was hidden.
- 20230607-12: Add better back-ends status in HaCluster backends status section.
- 20230609-14: Fix typo in Fail-Over configuration
- 20230609-14: Add option to disable curl test on Fail-Over method
- 20230609-14: Add option to enable recursive search on Hotspot
- 20230609-14: Add option to deny members authentication on Hotspot
- 20230609-14: Add integration with Active Directory Agent
- 20230609-14: Add support for recursive search
- 20230609-17: Add: If only the register by email method is defined, the HotSpot web page redirects automatically to the redirect page.
- 20230609-19: Fix unable to change the register button text in the HotSpot configuration
- 20230610-21: Fix Ticketing and possibility to release a denied blocked page with the Web error page service did not show the button when there is no filter in rule
- 20230611-01: Add a search engine in the HotSpot vouchers section and enhancements for a more robust code in the Vouchers section.
- 20230611-19: Add possibility to turn the Proxy-PAC web service service into SSL method.
- 20230612-14: Add possibility to set Denied Active Directory groups in the HotSpot system.
- 20230613-23: Fix reflect some rules equation in web error page service
- 20230614-11: Fix sometimes, the user information is not saved in Web error page ticket system
- 20230614-15: Add automatic watchdog incident when the proxy watchdog need to restart service.
- 20230615-01: Add some DNS setting in the cluster replication package
- 20230616-13: Fix unblock websites from ticket page did not send correctly information
- 20230616-13: Fix: Invalid ACL: acl UfdbgUnblock3 proxy_auth xxx when there is no authentication enabled on proxy service
- 20230623-00: Fix: Issues on accents on the HotSpot Skins features and ability to change the title of “Terms & Conditions”
- 20230624-01: Add: possibility to import global proxy blacklist from a text file and replace the full content
- 20230625-19: Change: Real-time connections as been totally modified in order to accept huge data.
- 20230625-19: Add: Possibility to add categories by family ( non-productive, dangerous.. ) in ACLs and Web-filtering
- 20230625-19: Add: Possibility to remove all added categories in ACLs and Web-filtering.
- 20230625-19: Add: Possibility to export Proxy blacklists into CSV mode.
- 20230627-02: Add: Possibility to route domain's prefix dynamically in the reverse-proxy section
- 20230627-13: Fix: Unable to save the “No Cache” option inside Transparent Proxy ports section.
- 20230627-13: Fix: Synchronize time with the NTP client uninstall the feature.
- 20230627-13: Add: Possibility to redirect connections to a defined URL in proxy acls.
- 20230627-13: Fix: Some encoding characters issues in HotSpot skin section
- 20230627-16: Fix: Access log for reverse proxy did not log correctly hostname when using dynamic domains routing feature.
- 20230627-18: Fix: Typo code on the IDS service main script.
- 20230630-02: Fix: Unable to create an LDAP user
- 20230630-02: Add: Possibility to update Artica using Unix console or by command-line
- 20230630-13: Add: Possibility to import all web-filtering categories inside a web-filtering rule or ACL.
- 20230702-1: Fix loop on reverse-proxy main sites table
- 20230702-1: Add : A limit of 50,000 records when compiling personal categories in the Web-filter daemon.
- 20230705-16: Fix accents are corrupted in the web-error page.
- 20230705-16: Limit 500,000 records in personal categories with the go-shield.
- 20230705-16: Add: new domain checker inside proxy service real-time monitor
¶ List of available Hot Fixes
Get the Hot Fixes here:
https://www.articatech.com/hotfixes.php?main=4.50.000000&sp=0
¶ Apply the HotFix
- On the left menu, click on “
Your System” > “Update” - Click on the button “Manual update” and upload the artica-4.50.000000.tgz downloaded file
- Click on the Artica tab
- You will find a “Current Hotfix" row with the applied version.
