The new Artica v4.40 offer 480 fixes and 461 new features.
See How to upgrade to v4.40 RC
- ERROR: Can`t create temporary directory /var/lib/clamav/tmp during the Clamav databases update.
- Compatibility issue for Active Directory DNS Cache with French Active Directory server.
- Incompatibility with DNS Cache service and nis system configuration.
- Could not handshake: An unexpected TLS packet was received for APT manager when using SSL with an Internet upstream Proxy.
- Direct acls objects to deny using proxy parents are not applied to the proxy configuration.
- Artica did not clean postgresql trace files.
- Memcached was handled by systemd and was not started using correct parameters.
- Unable to reset the Gold License.
- Sometimes Artica generates error Helper: Generic [ArtCategories] issue! [action=emergency!]
- Cannot display the Certificate signed Request content in the certificate center.
- MySQL error for default values when using PowerDNS during new domain creation.
- Increase performance and visibility on Security Reputation Network.
- Masquerade interface are not applied when not using any proxy or firewall service.
- Backup to NAS use the same parameters when using the cluster configuration.
- Bad property warnings found in proxy events
- statscom-error.log file was not cleaned and consume disk space.
- PDF proxy reports stucks at 5% of progress.
- Unable to upgrade system packages caused by clamav-freshclam and clamav-daemon
- HotSpot template was not builded that cause guest clients was not redirected to the splash screen.
- Artica is unable to stop and restart proxy service.
- statistics Inconsistencies related to the MAC address which can be masked by the routers.
- Artica did not checks Proxy ports after defines global parameters.
- Unable to connect to VPN PPTP service using Artica as gateway ( see more information here )
- Missing dependency of libbrotlicommon.so.1 for ICAP Scanner.
- Too few processes for MacToUid proxy rule.
- Import a certificat using a zip file did not import the certificat request and the private key.
- Bad understanding between importing a specific Artica certificate backup file and importing the real certificate: change the buttons method to avoid this behavior
- Upgrading the system did not upgrade the notification of softwares that must be upgraded.
- Security hole discovered by Rheinmetall Cyber Solutions GmbH company. Using the Web-filtering page service allows to read any file on the system
- Improve the progress task of install/uninstall in features section.
- Unable to start NtopNG because new version 4.x require full installation paths.
- nics_virtual table was not created.
- exec.syslog-engine.php still try to connect to MySQL server.
- Missing field AuthParentPort in proxy ports table
- SPAN Interface is not visible as real ok STATUS and displayed as a specific interface.
- TailScale Interface can be modified using the unix console.
- TailScale network starts before the main network that break the network configfuration.
- TailScale section is not protected by the VPN Manager privilege.
- Certificate Center did not import CSR and Private Key in some cases.
- Certificate Center did not parse CSR data (if provided ) in order to import correct certificate information.
- Certificate center did not import RSA PRIVATE KEYs
- Unable to Install DWAgent Service.
- Artica did not clean /var/log/conntrackd-stats.log
- Crash of SMTP events parser ( see more information here )
- Too many events timeout on read select() in syslog according to Artica Category cloud.
- Bungled in misstyped or missing outgoing interfaces in proxy acls.
- Enforce syslog log file checking - remove if size exceed 1GB
- Many logs : delay_pool 0 has no delay_access configured
- ACLS checker notice the ALL object as empty that is expected.
- Too much memory eating by exec.squidMins.php
- Artica did not display memcached version.
- Change Security Network feature to The Shields ( see more information here )
- Issue in SMTP TLS while creating the private key - special thanks to Peter Sikkes ( see more information here )
- Reload ICAP service will stop the service after few seconds, switch it to restart quickly.
- Call to undefined function posix_getuid() in class.unix.inc
- Unable to query correctly ICAP threats in the search engine.
- Unable to search entry inside Proxy DNS cache table
- Cache DNS Troubles when using the redis memory database. caused by records never removed, added a task that remove periodically the redis database
- Reload command make the C-ICAP stop, now Artica use a quick stop/start for reload task
- progress bar stuck when disabling SSL emergency
- Cannot access to the Gold License section.
- Web-filtering service consider as whitelist all sites if there an empy line in the whitelist database.
- Rebuild the authenticator for RDS Proxy
- A warning - outdated RDS proxy version - is displayed after upgrading to 9.x Proxy RDS Version.
- Internal Error 379 on reverse RDS proxy service when using Active Directory.
- Proxy bandwidth limiting was not correctly understood by administrators ( see more information here )
- The Shields block some webistes categorized as Apple, Microsoft, Web plugins and Science Computing
- Some website categories are not displayed in the realtime access events.
- Maximum fildescriptors parameter is not always understood by the proxy service.
- Artica did not check the Active Directory IP address parameter for an Active Directory connection
- Several bugs for RDS Proxy service with Active Directory settings caused by python3 migration
- Serveral customers forget to add networks in RDS Proxy rules. Add an explicit red text for this case
- Possible bugs on top-right notifications icon about new available versions.
- Upgrading RDS Proxy version did not compile again parameters that cause the authenticator not working.
- minor bugs on RDS Proxy service authenticator
- Cannot authenticate trough the RDS proxy login screen.
- Not all PostgreSQL events are sent to syslog
- Consolidate ACLs objects interface gameplay
- Unable to download Maxmind GeoIP databases ( see more information here )
- Webfilter client crash when proxy did not send its local port
- Web filter client crash evertytime after the SP975
- Sometimes the logfile tail service is not running
- Minor data table issue on failover service
- Sometimes the proxy did not authenticate kerberos users caused by an upgrade from 3.x
- Postpone crowdsec support
- Down the level of FATAL: Proxy is unable to connect to xxxx on port xxxx
- Issue on callback shutdown on Proxy Watchdog service.
- The Shields deny requests when Artica put websites into cache
- Some option in The Shields feature are not saved.
- Unable to send test SMTP in Web filtering rules.
- No backup watchdog for log viewer service.
- In some cases the proxy refuse any connection because the final rule is deny by default.
- Minor bug fixes in the failover feature.
- Wrong regex pattern in The Shields categorization cache
- multiple same rules in iptables when using Proxy in transparent mode
- Time synchronizing is not perform when using the Active Directory as NTP server ( see more information here )
- Sometimes it is unable to upgrade the system caused by clamav updating processing.
- Rebuild the external_acl_first plugin for better peformances ( beta 1)
- Display The Shields icon instead of text in the proxy realtime monitor.
- Wrong display in the Cache management section.
- Proxy issue on no_suid
- Artica uninstall NetData service after Installing the service
- Proxy Requests are denied for Office Network acl when using local LDAP authentication method
- Artica status Daemon crash after Service Pack 327
- Finishing NetDATA compliance
- Unable to update clamav updates with 0.104 new clamav version.
- Several bugs found by CybarWorks company ( see more information here )
- SQLite error database schema has changed
- The Shield was in debug mode by default that causing stressed CPU.
- New "Centralized" The Shield beta 2
- The Shields statistics are stopped since SP975
- Graph of number of DNS queries was not working
- The Shields icon set in red when there is no block by the Shields
- Bandwidth icon is not correctly displayed on the realtime access log
- The Use of basic Authentication on Local LDAP fature is not enabled on proxy side.
- Whitelisted sites from The Shields detected threads did not working
- Global Whitelisted sites are not correctly understood by The Shields when pattern start with a dot.
- An Artica with a Gold Licence cannot unlock The Shields server parameters form.
- Security hole on cyrus.events.php - special thanks to researcher357
- Loop on a widget in the Dashboard
- Log rotation issue when using HaCluster on access events ( see more information here )
- The Shields save whitelisted sites as threats
- The proxy ACL finally allow all did not working as expected
- issue on category service section that loading and stress the proxy.
- Increase The Shields performance
- Troubles and CGuard categories queries
- Whitelisting with Office365 macro make issues in the ACLs checker
- Active Directory Authentication whitelist did not working as expected ( see more information here )
- Local The Shields engine was not used that make unecessaries DNS queries.
- Generate a support tool stuck if some logs files exceed 1GB
- Uncaught ArithmeticError: Bit shift by negative number when calculating netbit of a network mask
- Wrong support tool for DHCP server
- Cannot add an inboud domain without relay address in SMTP service.
- SMTP healthcheck in failover service.
- Cannot enable TLS remote support on artica SMTP relay
- Authentication Whitelist did not accept correcly defined patterns.
- Artica turn to emergency if proxy claim of Cannot allocate memory, it is changed with a quick service restart
- Change filedescriptors values settings to a multiple of 64
- tweaks on The Shields performance.
- Authentication using local LDAP did not allow whitelisted websites
- Some Whitelisted websites are not totally applied.
- sometimes, the shields lost DNS configuration that make periodically categories search to unknown mode.
- Unable to understand the way to install The Shields as it is already installed
- SMTP notifications did not work as expected
- Unable to start The Shields service.
- Unable to start The Shields service.
- Unable to make The Shields binding an external network Interface
- Too much long time for installing Synology backup client.
- Administrative requests pass trough the parent proxy that causing broken TCP connections
- Extend partition did not correctly perform a resize2fs
- Some SQLite tables are not created because Artica did not detects missing tables.
- Sometimes The Shields did not parse queries.
- Tables creation in IDS service.
- Proxy ACLs are not builded since Service Pack 401
- Unable to modify ICAP antivirus template ( see more information here )
- Updating IDS servide for 4.19.0-18 Debian Kernel.
- The Shields categories compile crash when encounter standard PostreSQL error
- Artica try several times to install php7.0-sqlite3 on Debian 9.0
- Change trust password failed when using NTLM method with the proxy ( see more information here )
- Active Directory NTLM status watchdog is not performed periodically.
- Error in syntax or out of memory when tries add a new dns record in unbound
- Possibility to return back to proxy version 4 ( see more information here )
- local Port conflict between proxy watchdog and the winbindd process
- Artica did not restore the correct value for filedescriptors of the system.
- More tuning in order to avoid proxy filedescriptors issues.( see more information here )
- Unable to install dstat local package.
- Personal categories displays CGuard categories even the if Hide Officials Categories option is active
- Whitelists from The Shields did not working when using the Web-filtering engine.
- Remove the "Enabled" function in The Shields as The Shields is always enabled in all cases.
- The Shield did not allows whitelisting if it is not enabled as the enabled function did not exists
- Sometimes, the logger engine is not correctly initialized in The Shields Daemon
- many "NONE/000 0 NONE - -" events in HaCluster requests.
- IndexError: tuple index out of range in The Shields
- SQL error while creating DNS Firewall example rules.
- Fatal system Exception while compiling categories when there is no parameter in command line
- Unable to download Clamav Database because target directory is a file.
- Segmentation fault when stopping, restarting, starting proxy service.
- Artica Web interface console is restarted each 5 minutes when Web service as been installed and uninstalled.
- Artica did not check availability of python-redis for manual installation
- Artica did not check availability of lighttpd for manual installation
- Artica did not check availability of php-mysql for manual installation
- Artica did not check availability of php-sqlite3 for manual installation
- Infinite loop when booting the server if the final wizard did not perform properly the installation. ( during manual installation )
- Artica is unable to build network caused by missing MySQL php library that is not necessary
- Failover feature installation stuck at 5%
- Failed over feature installation
- Rebuild totally the Statistics daemon service and add more debug information ( see more information here )
- Automatically disable unecessary Mosquitto service.
- Uncaught TypeError: Return value of duplicated_tokens() when configuring the Web service.
- Error: Call to undefined function posix_getuid() on the framework when upgrading PHP engine.
- Urls too loog that expand the web page design on the proxy active connections monitor
- The Shields crashes when calculating users
- Increase net.core.somaxconn to 2048 as default To avoid Error 11 Resource Temporarly unavailable on The Shields
- Proxy stare all sites when enable SSL decrypt on proxy.
- The ACL categories load an external plugin that is no longer used with The Shields daemon.
- Memcached status screen design.
- DNS Firewall must connect to 127.0.0.1 to the Shields instead of Unix socket
- The Shields query tool must connect to 127.0.0.1 to the Shields instead of Unix socket
- The Watchdog must check 127.0.0.1 Shields socket instead of Unix socket
- The upgrade Artica procedure must restart theshields service and reload the proxy service
- The Shields Crash #1
- Old token block The Shields to not query the Artica cloud service.
- Add timeout on sQLite I/O operations
- The Shield crash #2.
- Rules inj proxy parents did not reflect expected order
- The Thields when using categories only new features.
- Remove the Shield class did not remove all items.
- Bungled caused by acl KeepSSL ssl::server_name
- Add possibility to save SSL certificates generated by the proxy in memory.
- DNS Firewall did not want to query The Shields for categorization.
- Disable a group in ACLs will disable the group on all acls.
- Unable to access to Artica Web console when using a strict parent proxy.
- The Shield issue when enabling "Only fro queries" and "Logs queries" in The Shields client
- The Shield issue when no MAC or no IP address is sent from the proxy service.
- SMTP service crash to non integer SSL switch defined.
- Artica is unable to perform Artica Statistics Migration.
- Fatal error when compiling categories.
- cicap_sandbox is not created before access to the status table.
- Issue on Artica Stats migration
- Some update errors when using the system update
- Minors bugs and reviewed DNSSEC methods in PowerDNS ( see more information here )
- Remove depreciated configuration token local-ipv6 that make the PowerDNS service unavailable on 4.5.2 version
- Unable to start new PowerDNS version 4.5x with the following error One of the backends does not support zone caching
- Strict-Transport-Security header is added twice in reverse-proxy configuration
- Sometimes the reverse-proxy claim that modsecurity_rules_file does not exists when enabling WAF engine
- notification to update The Shields client cannot be removed.
- crash on some URLs in The Shields
- The Shields did not block any detection from Artica Engine.
- Saving global options in reverse-proxy will remove rules generated in this section.
- Unable to enable HTTP/2 on the reverse Proxy.
- Searchs in DHCP events, leases, requests is not correcly understood, the search engine as been simplified.
- Unable to connect to the Active Directory using Kerberos in HaCluster mode - since Service Pack 500
- The Shields logs are not added to the support tool.
- The Shields Client is enabled in both method - Web filtering and ACL method
- Web-filtering crashes when parsing a default None rule.
- If WAF is not installed, the listed server did not display WAF sticker
- Crashes of proxy plugin categorization and The Shields client engine.
- TheShields client use the proxy to connect to TheShields server
- Web-filtering did not care about the login user
- Client continue to analyze the Web-filtering without username
- Web-filtering did not send the correct protocol to the proxy.
- Web-filtering is disconnected from the proxy service by the Service Pack 597.
- HaCluster incompatible with Cisco Webex meeting
- Artica did not perform the log rotation of the Load-balancer service.
- Unable to add a record on DNS Cache caused by the prio field.
- Modify settings in PostreSQL database did not restart the local service.
- Reverse-Proxy crashes on the Cluster client due to the bind network interface issue.
- Compiling websites take too long time when building all websites
- Reverse-Proxy WAF events are replicated when using reverse-proxy in cluster mode.
- Unable to search by ruleid or domains in WAF threats section.
- Enable to export the whole certificate database in Certficates Center.
- Recover the database when encounter "file is not a database" issue when importing a PFX certificate
- Remove serve-expired-client-timeout in DNS Cache service
- Crash on Web-filtering when receive connection error from Web-filtering error.
- some Internal HTTP requests are not whitelisted by the web-filtering engine.
- If there is no personal category to export, the cluster will replicate the whole PostgreSQL database.
- White-listing to authentication did not working on Proxy service caused to reversed ACls.
- Wrong checkbox in use Local Proxy on WebCopy
- Unable to define protocol in Filebeat configuration
- Missing SN.png,ERR_PROTOCOL_UNKNOWN, error-details.txt files when reloading proxy service.
- Whitelist issue with Web-filter service
- ressources/categorizeclass.so line 3478, in get_category_perso KeyError:
- K5start did not start in HaCluster method.
- Sometimes /etc/postfix/bad_recipients.db is not compiled in SMTP gateway
- Authentication issue when using plain text on a remote peer in the SMTP gateway ( see more information here )
- NameError: global name 'GET_INFO' is not defined when using categories cache on the proxy plugin.
- Whitelists are applied in the wrong format
- EOFError in ressources/categorizeclass.so when loading cache database
- Firewall rules are not flushed when modify proxy transparent ports
- The Shields did not deny detected threads.
- Process#012UnboundLocalError: local variable 'VIRTUAL_USER' referenced before assignment on The Shields Client
- Fix ThreddSrnObject instance have no attribute when using speed mode in The Shields
- catogoryclass.so crashes when privileges is not correctly set for the local cache.
- Artica did not resolv categories when host is not resolvable
- The Shields clients are not killed from memory
- The Shields Crashes when using "Speed Mode" in Connector.
- Unable to compile ACLs with Active Directory enabled since SP975
- False alarm on wrong configuration in Artica Statistics since SP975
- Unable to access to events system since SP975
- Unable to install Categories Cloud service.
- Artica watchdog is unable to uninstall The Shields Daemon.
- Fix: Security hole found by Jordan Miles
- DNS Load-balancer is not monitored by Artica.
- Artica did not understand OpenSSL version for Cipher configuration.
- Load-Balancer crashes caused by no items set in cache configuration.
- WCCP cannot be displayed in Community Edition
- HaCluster is not compatible with new version 2.2x branchs or above.
- Artica take care about the OpenSSL compiled with nginx for the Ciphers list on the reverse-proxy service.
- Sometimes the unicode.mapping is corrupted during complete reverse-proxy reconfiguration
- Warning during boot when enabling Bottleneck Bandwidth and RTT kernel feature.
- Web interface going crazy when displaying the SandBox connector section.
- False alarm on filedescriptors notifications.
- SQL Error on debian_packages table
- Missing jquery.peity.min.js from Service Pack 671
- bad addr or host: None (Name or service not known) on OpenSSH server caused by a wrong IP format
- Redirect HTTP connections to HTTPs connections did not take care about the listen interfaces defined in reverse-proxy.
- Unable to access to HotSpot sessions management with HotSpot Manager rights
- Bungled proxy configuration when using HotSpot service and Active Directory
- SMTP engine error when ssl is not configured.
- ACLs issues on the Universal Proxy service.
- Proxy acls checker will not longer claim of empty acls objects.
- Web-filtering connector - invalid literal for int() with base 10: none when using a none rule
- Web-filtering connector - NameError: global name WEBFILTER_RULE_NAME is not defined when using a none rule
- Filtering menu is displayed when only using SMTP service.
- Web-filtering connector: NameError: global name filename is not defined when writing threats
- Exception on the Web-filtering client if Web-filtering server return nothing.
- Artica Status Daemon crashes since SP975 ( see more information here )
- Preventing sometimes register a license cause loop in register processing.
- Unable to restore backuped PowerDNS data
- wrong characters added when insterting a new domain in PowerDNS.
- Duplicate domain in host when adding a new NS record in PowerDNS.
- Statistic collector of WAF events crashes and did not populate SQL tables.
- Unable to Activate Kerberos authentication when using the single Kerberos method
- Unable to start/restart OpenVPN service using the webconsole.
- DNS Firewall cannot start if there more than 2 DNS servers in default configuration.
- Wrong pattern in DNS Firewall listen address when using multiple network interfaces
- Wrong configuration on Artica Web console service since SP975
- Unable to save Proxy parents general parameters
- Do not use the proxy and Always use direct acls rules are not applied when using parent proxies.
- Some Web application Firewall whitelists make the reverse-proxy crashing.
- Too many files *.conn.err generated that loading the server
- Loop on SQL errors collector that perform a loop and turn to unstable server ( only if server encounter disk performances issues )
- e2label process take a loop and long time to process ( only if server encounter disk performances issues )
- Unable to change password of an LDAP member
- Privileges Allow Add Group or Allow Add user only can access to the web console.
- Unable to add rules in whitelist for Web Application firewall rule
- Disconnect memcache daemon stop/start script from systemd.
- Web Application firewall internal error did not deny accesses to web sites.
- Web Application firewall XML parsing error did not deny accesses to web sites.
- Unbound Array error in The Shields Client when using Web-filtering method.
- bound error on array on proxyport in The Shields Client.
- Wrong Status for StatsCom missing netcat-openbsd
- Error Run Clamav Updates pattern missing each 3 minutes.
- Fix icap error in logs Unknown syslog facility/priority
- parse_delay_pool_rates: Ignoring pool 0 not in 1 .. 2 in ACLs bandwidth
- Wrong URL compiled on the new Web-Filtering feature.
- Unable to display DNS events when DNS Cache service and the Proxy service are installed.
- Modify watchdog on DNS services in order to prevent false alarms and multiples DNS restarts.
- Default Firewall DNS redirectors are pointed with eDNS that has been refused by Public Google DNS.
- False alarms on the PostgreSQL watchdog monitor.
- Duplicate whitelisted unique id in Web Application Firewall
- Trust an item inside My Network did not restart Fail2ban for whitelisting
- Some Web Application Firewall rules in phase 1
- Proxy service did not use parents proxy when using load-balancing method.
- Overloaded system and low reloads when add more than 20 websites with Web Application Firewall.
- Whitelist apth from Web Application Firewall, break the reverse-proxy root.
- Too long time to compile sites in Web Application Firewall
- Proxy will not logging if there an acls that deny log with a disabled object.
- Artica did not take care about the bundle field act as Root CA for SSL Client verification
- Rebuild totally the client certificate procedure.
- Unable to start a transparent backend trough the HaCluster interface section.
- missing go-shield-server binary
- unbound-control[38287:0] fatal error: could not exec unbound: No such file or directory
- Unable to save weight in HaCluster
- Unable to migrate to Go Shields server.
- Logon page username field is limited to 20 characters
- Issues on Go shield server
- Language parameter is not restored with the new login design page.
- Sometimes the watchdog did not find the memcached PID number
- auto-generated proxy certificates are not parsed by Artica.
- ps_mem and percpu process consume load, change it to daemon.
- Artica enables The Shields reputation by default that is not required.
- Performances on Statistics Communicator. The daemon as been totally rebuilded. Redis server is no longer used.
- go-shield-server did not have chmod 755 after upgrading from 4.30 SP206
- FATAL: Bungled /etc/squid3/external_categorize.conf
- unable to replicate personal databases in cluster environment
- Unstable Google SafeSearch in DNS firewall
- Issue shields sends PASS, WITHILIST,.. to statistics
- Minor bugs fix in bounding
- Minor bugs fix in hotspot
- Sometimes the proxy access.log is freeze, a new watchdog is created.
- Unable to connect to the Active Directory with wizard and HaCluster.
- DNS Load-balancing for the Proxy service limit only 10 DNS queries per second.
- Daemon monior failed to start with Active Directory REST service in SSL mode
- DNS Load-balancing for Proxy was unstable caused by the eDNS.
- Unable to install/uninstall The Shields service.
- Unable to uninstall Web-Filtering feature using the widget.
- The Filtering service is not necessary in HaCluster environment
- Unable to move correctly destination proxies in Proxy.PAC rules.
- Missing informations in Admin Track events by syslog.
- Missing Admin Track notification in failed logon on the Web console
- Unable to restart Proxy-pac service.
- Proxy-pac service did not increment the connections counter
- False alarm on rsyslog software update notification caused by a wrong version calculation.
- HotSpot service is not correctly linked to the proxy after installation.
- Testing ldap connection failed on Active Directory class caused by ldap/ldaps format.
- Ticket 861, Web service did not start after SP975 (see more information here )
- Unable to create an encrypted Artica Snapshot.
- Unable to save Network restrictions in DNS Firewall.
- Cannot start DNS Load-balancing service for Proxy service
- 100% CPU of dstat process that sometimes parse large and old statistics files
- Zombies created by the go-exec daemon.
- Issue while getting OpenLDAP server version.
- Filedescriptors not correctly applied when using Proxy service v5x
- Remove the limitation of max 300 000 filedescriptors in proxy service.
- CVE-2022-37153 ( see more information here)
- Clamav Daemon cannot start because AppArmor block the unix socket creation.
- Proxy ICAP service cannot start because no available free inodes in /dev/shm
- Cannot display Web filtering error page with error code 500 after Service Pack 887
- Some AppArmor events as false alarms are displayed when executing ntpd
- Using regex pattern in Do not cache proxy ACLS in order to avoid conflicts
- Add Kerberos authentication and HotSpot network make the proxy service unavailable.
- New login page have a password limited to 16 characters.
- Realtime SMTP Monitor did not parse UTF-8 subjects.
- Realtime SMTP Monitor table did not take care of column width.
- Realtime SMTP Monitor installation did not install syslog configuration.
- Unable to click on "investigate" tab after SP975
- Restarting Proxy service did not apply file descriptors especially on Proxy v5.x
- Reconfiguring network using the Unix console did not rebuild OpenSSH server service.
- Realtime SMTP Monitor did not display full time.
- Removed PowerDNS menus since last services pack.
- Search engine in DNS records did not work as expected.
- Unable to send SMTP notification if no authentication is defined in settings
- Sometimes system upgrade failed with /etc/group.lock /etc/gshadow.lock /etc/passwd.lock
- Unable to displays Active Directory members and groups after update to latests service packs.
- Unable to start monit - Artica did not pay attention of the local ports conflicts
- Sometimes Artica did not detects disks and warn that disk are not linked to boot loader.
- ArticaStats did not understand events sent by a Proxy with multiple processors.
- Conflict with systemd some "start-stop-daemon process" using 100% CPU.
- Conflict with systemd sometimes snmpd is started and took 100% CPU.
- Test Categorization feature and Re-Categorize query the Shield Server
- Auth logs deamon memory crashes after debian updates, moving code to go deamon.
- Local DNS Cache service did not work when the IP of the server is a public IP address.
- Advanced drop-down lists are not disabled when form is disabled.
- auth-log service cannot start.
- Go-shield daemon cannot start when no active directory defined
- auth-log service and letsencrypt-plugin cannot start.
- Go-shield server creash when usign only LDAP server
- Go-Shield server did not allow Gold License.
- auth-log is a part of openSSH server, remove/install it automatically when needed.
- Sometimes cluster packages are not owned for the Web console service.
- Daemon monitor crashes when the 2 network interfaces have the watchdog enabled.
- Go-exec Daemon have some issues while executing auth-log daemon.
- List of objects section did not understand Group of Objects acl object.
- Remove existing /bin/go-* binaries and moved all the services to /usr/bin
- Minor bugs in kibana, elastisearch and filebeat
- Buttons of ACL disapears when using Group of rules in the Proxy ACL section.
- Artica did not take care about no port with SSL used and the defined certificate that causing issues en reverse-proxy.
- Latest Load-balancer version is not compatible with the Load-balancing for parent proxies ( see more information here )
- Unable to to select an automount connection ( see more information here )
- Reverse-proxy understand that only setting a certificate will make all ports using SSL.
- HotSpot did not parse HotSpot allowed networks.
- Cannot save Only executed by schedule option in Legal logs section
- Cannot save Legal logs options if a crypt password is not defined.
- Disable a reversed-website did not affect the main daemon.
- Unable to restart openSSH daemon using the Web-console
- Artica system events are not parsed and added into database. ( http://bugs.articatech.com/show_bug.cgi?id=333 )
- Unable to upload the kerberos ticket in haCluster.
- Reset parameters did not clean all settings in HaCluster.
- Restarting OPenSSH service using the web console report failed as the service is correctly restarted.
- Sometimes logs cleaning generated by the Syslog engine is not performed, adding a task to force this operation every day at 05:30
- Refresh Network rule page display a blank page.
- Code cleaning in network class
- kernel.hostname and kernel.domainname are not correctly converted when changing the system hostname
- Filtering service generates error 004 when using Proxy version 4.x instead proxy service 5.x
- 25 improved securities default parameters as been added.
- SSL rules are always stamped as inactive that is false.
- Incorrect proxy configuration on HotSpotNets acl where no HotSpot network has been defined
- Panic: interface conversion: interface {} is string, not int for the Proxy LDAP Group plugin
- Panic: interface conversion: interface {} is string, not int for the Filtering service
- Minor issues for ufdbguards engine for the Filtering service
- Remove /var/log/rsyslog.error.log that using too much disk space Filedecriptor > 4096
- The local DNS Cache service make the network failed to create the default gateway
- Artica cluster slave did not apply file descriptors correctly if it was defined by the master server.
- Typo in proxy acls that generates a bungled configuration on --------FTP string.
- unbable to configure DNS Firewall and DNS Cache service.
- Wrong information made by the Web console on the used DNS by the proxy service.
- double-check on the local DNS cache service about the use of 127.0.0.1 and double entries.
- Somtimes, formatted text area fields do not display the content until the user clicks inside the text box
- k5start did not running when using NTLM method - wrong monitored keytab
- Unable to configure settings on the NTLM watchdog.
- Reconfigure ICAP service options disable the use of Antivirus.
- DNS Firewall cannot start caused by old instances of DNS Cache server - kill old instances before start service.
- Sometimes, the right-top side-bar cannot be displayed.
- clamav.artica.center: Remote HTTP Service Unavailable: 405 Not Allowed ( see more information here )
- 530 5.7.0 Must issue a STARTTLS command first on a remote relay that enforce SMTP TLS in Artica SMTP
- Wrong and garbage records created when creating a new domain in PowerDNS edition.
- Creating a new DNS domain did not close the windows Popup.
- Creating a new DNS domain did not refresh the table.
- Remote path backend in Reverse-proxy did not take care about the root path
- Possibility to Add a Caching Active Directory records From an Active Directory Connection ( see more information here )
- Dedicated menu console for SSH service.( see more information here )
- Monitoring and compatibility of Microsoft Hyper-V virtualization.
- Security Reputation Network beta 1 (see more information here )
- Possibility to list all open ports on the Artica server ( see more information here )
- Possibility to display Proxy statistics daily disk usage ( see more information here )
- Dedicated section for the log files and statistics retentions ( see more information here )
- Possibility to import or export Proxy statistics database ( see more information here )
- Possibility to manually remove statistics data by retention. ( see more information here )
- Possibility to display events about log files cleaning and retention data cleaning.
- Possibility to exclude reverse PTR resolutions and queries to specific domains in DNS statistics.
- Possibility to install/uninstall userspace ARP daemon
- New wizard "Gateway mode" to allows installing Artica on limited hardware ( see more information here )
- Watchdog on cgroups php limitation.
- Possibility to created a simplified and quick DHCP service by Network interface ( see more information here )
- Possibility to bridge network interfaces using Proxy ARP method ( see more information here )
- Possibility to add multiple network addresses in SNMPv2 network limitation.
- New feature Dynamic routing as OSPF protocol support ( see more information here )
- move URLHaus and NoTrack feature to the SRN feature.
- Possibility to global exclude domains from the use of any parent proxies. ( see more information here )
- 2FA authentication for both SSH service and Artica Web console. ( see more information here )
- Double verification for clone detection.
- function that scan suspcious files for malwares scanning on the ArticaBox itself.
- Possibility to send Proxy realtime events to several syslog servers ( see more information here )
- Beta of TailScale VPN feature.
- Beta of Synology backup client.
- Support of Synology Active Backup for Business client ( see more information here )
- New Proxy ACLs Checker ( see more information here )
- Possibility to change the name of the certificate in the certificate center section.
- Possibility to modify the TCP Keepalive Timeout on proxy port ( see more information here )
- Possibility to link Artica Proxy to Kaspersky Web traffic Security ( see more information here )
- Possibility to switch to Proxy version 5.x or 4.x branch
- Display ACLs rule names in realtime proxy events ( see more information here )
- Notification of new memcached version on the dashboard.
- New memcached v1.6.10 available for both Debian 9 and Debian 10
- New Squid Cache v5.1 available for both Debian 9 and Debian 10
- Automatic install of new Debian package unrar and p7zip
- More statistics for The Shields graphs section.
- Possibility to perform fast stop,start,restart proxy service in proxy status section
- Release of Kasperksy SandBox integration ( see more information here )
- More description / Information on Host Forgery issue ( see more information here )
- The Shields can be switched to be an object of ACLS rule ( see more information here )
- Improve Proxy SSL initialize task
- Ensure compatibility with the new version 9.x of the RDS Proxy, older versions will be not compatible.
- Community Artica version on the RDS proxy service will limited to maximum simultaneous connections.
- Possibility to quickly connect to the RDP target ( see more information here )
- Possibility to turn the RDP service and the Authenticator in debug mode.
- Possibility to disable the RDS Proxy login screen ( see more information here )
- The Shields is upgraded to 10.0 version this new version stores more than 25 000 trackers sites in local cache.
- Possibility to see more information here that passed trough the bandwith limitation ( see https://wiki.articatech.com/proxy-service/monitoring/monitor-bandwidth-rules )
- Now RDS Proxy service is able to query directly Active Directory DNS in the case of the Artica server did not have the target Active Directory as primary DNS server
- Possibility to create a bandwidth rule without any limitation in proxy bandwidth limitation acls
- Top-right notification on new RDS Proxy service version.
- Possibility to perosonalize RDS proxy error messages.
- Status in RDS Proxy status page
- DNS Firewall feature alpha 1
- DNS Firewall Feature alpha 2
- Possibility to launch installation of mandatories modules in status
- Failover support.
- DNS Firewall Feature Beta 1
- DNS Monitoring tool for better help proxy performance DNS settings.
- Support of use-caps-for-id in DNS Cache service. ( Feature called Increased DNS Forgery Resistance )
- DNS Firewall feature RC1
- Possibility to download the "The Shields" events logfile
- Possibility to set a default page inside a reverse-proxy site ( see more information here )
- Rebuild the ITCharter internal engine for better performances
- ITCharter is now Cluster aware
- Handle k5start error getting credentials: Preauthentication failed in syslog
- ITCharter Active Directory Alpha1
- ITCharter with Active Directory Filter feature release candidate 1
- Whitelisted adservice.google.* in The Shields when allowing Google Advertising option.
- Specials checks on DNS Quality servers when using Artica Categories or The Shields features.
- Possibility to disable the Artica resolve operation when using Kerberos authentication ( see more information here )
- Turn Kerberos method into emergency mode if "Local hostname could not be determined. Please specify the service principal" is discovered
- New Reputation service engine "CGuard" inside The Shields and Categories service.
- New testing procedure for Kerberos Authentication method
- Increase performances of whitelisting and The Shields plugins
- Automatic updates of Artica proxy plugin especially for MacToUid
- Possibility to send syslog daemon events to remote syslog server.
- Merge The Shields with external_acl_first for better performances.
- Possibility to define Authentication methods preferences ( see more information here )
- Possibility to stress any proxy server in order to see more information here and evaluate the pre production ( see here )
- Performances settings for proxy external modules.
- New "Centralized" The Shield beta 1
- New "Centralized" The Shield Release candidate 1
- The Shields use it's own memory cache management for better performances.
- Support of proxy version 5.2
- Possibility to dynamically flush the shield cache.
- Possibility to find requests in the legals logs section. ( see more information here )
- Status of cached items in The Shields.
- Improve cache reset action in the Shields.
- New kerberos ticket renewal procedure that running at 04:45 each day
- Performances charts for the proxy memory usage ( see more information here )
- Monitoring function for the proxy filedescriptors value
- Possibility to generate a support-tool for the DHCP service ( see more information here )
- Possibility to export the generated DHCP configuration file that cause issue on DHCP service
- Central SMTP notifications beta 1
- Possibility to send all syslog events to a remote syslog server.
- Central SMTP notifications beta 2
- Central SMTP notification Release Candidate 1
- New watchdog on expired certificate issue.
- Possibility to set a VLAN Interface for the DHCP server listen address.
- Watchdog on proxy service memory usage ( see more information here )
- Possibility to create a real load-balancing with parents proxies. ( see more information here )
- Possibility to manually query the Shields server ( see more information here )
- Possibility to enable Proxy service to debug level 5
- More verifications when installing ClamAV SecuriteInfo databases.
- Disable Proxy update notification if the available major proxy version is different than the installed proxy version.
- Extract cron daemon events from syslog to /var/log/cron.log
- Artica is now able to categorize remote public IP addresses especially when running artica as transparent proxy.
- Performance statistics such as CPU use in percent, memory usage, Load, file descriptors and connections Tracking.
- Auto-installation of performances statistics.
- Local Virus detection of BV:Miner-GZ [Drp]
- Possibility to set a personal category act as a global whitelist ( see more information here )
- Number of proxy members and statistics of the proxy number of members.
- Watchdog on specials characters when inserting proxy requests and PostreSQL database
- Possibility to connect the HaCluster to the Active Directory using a wizard.
- If the Load-balancer renew kerberos certificate, the nodes will be updated automatically.
- Possibility to enable a DHCP service for a VLAN interface ( see more information here )
- DNS Firewall using the same proxy method to query The Shields server.
- DNS Firewall events by default.
- DNS Firewall write all events inside PostgreSQL database
- Possibility to query DNS Firewall events saved in PostreSQL database ( see more information here )
- Possibility to perform apply operation in DNS firewall rules section.
- Statistics of the DNS Firewall about the number of queries and the number of users.
- Possibility to filter google authentication by domain ( see more information here )
- Monitor proxy behavior with an external URL ( see more information here )
- Possibility to import a PKCS7 certificate ( see more information here )
- Memory cache for the Shields Client.
- Possibility to define the value of net.core.somaxconn in the Shields Client.
- Internal Cache in the Shields.
- The Shield Emergency mode remove completly The Shields in proxy service.
- Possibility to use only the Shield Client as categorization.
- Count the number of cached items.
- Status of Proxy Parent rules in order to see more information here there are really applied to the system.
- multi-process and multi-threads engines for The Shields Client and Daemon.
- More errors explains in proxy requests events ( added to SP206 in HotFix )
- Possibility to remove an header with the reverse-proxy ( see more information here )
- Possibility do duplicate headers rules in the reverse-proxy service ( see more information here )
- Possibility to upgrade TailScale Service using the system update package manager ( see more information here )
- Possibility to duplicate gzip compression rules in reverse-proxy.
- Possibility to install the WAF for the reverse-proxy in the features section.
- Possibility to quick add computers items in events, leases and requests tables.
- New section that allows creating rules to remove HTTP headers in the reverse-proxy service
- Possibility to set TheSields cache database removal task.
- Beta 1 merging The Shields and Web-filtering service.
- Possibility to disable the SSL cache.( see more information here )
- Possibility to not display proxy error pages using SSL decryption. ( see more information here )
- Possibility to remove the Kibana and ElasticSearch softwares from the disk ( see more information here )
- New "Expert mode" feature for PowerDNS system ( see more information here )
- The Shields with "Only categorization" use dirdectly cloud DNS servers
- K5Start daemon is detached from syslog for better troubleshooting.
- Possibility to use local officials categories and increase speed for categories ACLs. ( see more information here )
- Possibility to tune timeouts for HaCluster service ( see more information here )
- 10% of Portuguese translation.
- Possibility to disable WAF rules globally ( see more information here )
- TheShields Client us fully multi-threads
- Possibility to use the Artica Cloud categories Service - same Artica 4.30 SP206 method ( see more information here )
- WebCopy feature on Reverse-Proxy beta 1
- Possibility to whitelist rules from the Web Application Firewall
- 20% of the Portuguese translation.
- Possibility to schedule the WebCopy task for each website.
- Notification on the top-right that claim if the Web-Filtering is disconnected from the proxy service.
- Webfilter policies can bypass all the web-filtering policies including The Shields too.
- Possibility to use a remote PostgreSQL server
- Possibility to import Web-Filtering databases and settings from an old Artica 3.x snapshot container.
- WebCopy general section.
- Quick links in routing tables rules
- Possibility to view and send to kernel events to remote syslog.
- Possibility to synchronize Web Application Firewall default rules
- Possibility to delete Web Application Firewall threats by rule ID
- PostgreSQL database Maintenance operation ( vacccum and reindex ) is now only executed in non-production time.
- Watchdog to ensure that Web-filtering client is correcly enabled on proxy.
- Possibility to return back to the Official Artica version - without any service pack
- Whitelisted Web Application Firewall rules are no longer parsed for statistics.
- Possibility to purge Web application Firewall database with its own parameters - default 7 days.
- Possibility to compile Web application firewall rules inside the detected threads section.
- New Macro to whitelist Windows Updates sites.
- Possibility to use a remote Categories Cache server.
- Improve performance of the categorization plugin
- Possibility to balance network on different proxies on the proxy.pac service. ( see more information here )
- new tests functions to ensure that the Web API rest service is still alive
- watchdog function that ensure monit startup script is not corrupted.
- Possbility to reset the uuid inside the system information section and license section.
- Improve performance on Web-filtering connector
- Improve The Shields performance.
- The Shields take care of the availability of queried domain before query the Artica cloud service.
- function that eliminates bad patterns "*." used in personal categories.
- Compatibilities of the new php-fpm versions.
- Possibilities to add mandatrories tokens in Web-filtering error pages.
- Possibilities to send Webfiltering threats to a remote syslog server
- New daemon and increase performance when using filtering service as a central server.
- Increase threads performances on the Web-filtering client / ACL module
- Integrating ITCharter into the new The Shields engine.
- Automatic affect to "reaffected" category for not resolvable hosts and not categorized hosts
- The Shields modules are only loaded if needed in order to reduce memory usage
- Client-Side Certificate Authentication in reverse proxy ( see more information here )
- New widget for DNS Cache service in dashboard.
- DNS Firewall is now New The Shields architecture aware.
- All proxy error pages are now embeeded in the same page.
- Explanation when no data can generates graph in the DNS Firewall status.
- Version of the DNS Firewall.
- PowerDNS 4.6.0, DNS Load-balancer 1.7.0
- Possibility to send by remote syslog DNS Load-balancer events. ( see more information here )
- Possibility to setup cache in DNS Load-balancer ACLS ( see more information here )
- Possibility to enforce host resolution in the DNS Load-balancer service ( see more information here )
- Possibility to force using a specific backend accordind to clients network in HaCluster ( see more information here )
- Possibility to display DNS Load-balancer events in real-time. ( see more information here )
- WebSockets support in reverse-proxy edition. ( see more information here )
- HTTP Proxy DNS load-balancing mode beta 1
- HTTP Proxy DNS load-balancing release ( see more information here )
- Starting Dashboard for the DNS Load-balancer service.
- Help about inactive label in Proxy parent acl rule.
- Possibility to upgrade the DNS Load-balancer software ( see more information here )
- Possibility to display Load-balanced backends status ( see more information here )
- Spanish language translated to 20%.
- Watchdog when proxy claim connection timed out with clients.
- Tiny design Graphs on dashboard and for some services status
- EDNS support on the DNS load-balancing service.
- Detail error when WAF threats did not display any information.
- Watchdog on ERROR: Collapsed forwarding queue overflow for kid1 at 1024 items proxy cache service.
- Watchdog on error assertion failed: store_client.cc:214: "entry->hasDisk() && !entry->swapoutFailed() on proxy cache service
- Possibility to forge multiple IP addresses in DNS Load-balancer ( see more information here )
- Possibility to masquerade VLAN interfaces ( see more information here )
- Posibility to balance DNS-Over-HTTPs downstream servers on the DNS Load-balancing service. ( see more information here )
- Dedicated section for Proxy multiple CPUs configuration.
- Beta version of ACL categories for the DNS Load-balancing service.
- Possibility to add categories checking in DNS Load-balancer ACLs ( see more information here )
- Possibility to authenticate senders via Active Directory in Artica SMTP edition ( see more information here )
- Possibility to create an ACL based on Web-filtering service. ( see more information here )
- Possibility to create an ACL based on DNS Query type ( see more information here )
- Possibility to use The Shields in load-balancing acls ( see more information here )
- Possibility to check countries of Client IP address in load-balancing ( see more information here )
- More information in DNS Cache service events
- New tack that clean bad records in PowerDNS database
- O-Day patterns for blocking most malicious sites ( see more information here )
- Compatibility with OpenVPN in PFSense ( see more information here )
- PHP 7.4 upgrade support. ( see more information here )
- Dedicated section for Proxy filedescriptors parameter
- First Beta version of the "Go Shields Service"
- DDOS Protection on selected interfaces ( see more information here )
- Displays how many times the network cable was unplugged ( see more information here )
- Possibility to remove ClamAV from the system ( see more information here )
- New design interface for the logon page.
- Size Limitation on Web Application firewall events.
- Web application firewall reports storage can be defined by threat level.
- Improve design of error generated when attempting to a wrong record in PowerDNS system.
- Fake php compatibility between php 7.3 and php 7.4
- Possibility to display all Web Application Firewall whitelisted rules.
- Possibility to add a description on Artica snapshots
- Realtime monitor for the Web Application Firewall requests. ( see more information here )
- Possibility to display all Web Application Firewall whitelisted rules ( see more information here )
- Possibility to remove or rotate Web application Firewall real-time accesses log ( see more information here )
- Possibility to schedule an HaCluster service reload task ( defined to each 3h by default )
- Possibility to create whitelist Web Application Firewall rules based on User-Agent header ( see more information here )
- Possibility to download stored reports from the Web Application Firewall realtime threads.
- Possibility to disable or enable Web application firewall in one click from the Web sites list.
- Possibility to directly forge multiple records and multiple domains inside a rule without need to create objects ( see more information here )
- Possibility to bond network interfaces ( see more information here )
- Multipart request body failed strict validation in Web Application firewall is now disabled.
- Phase 1 and 2 in Web Application Firewall rules
- AdminTrack feature ( see more information here )
- New Watchdog that testing the connectivity with backends proxy from the HaCluster service.
- Possibility to turn the Proxy in Emergency Mode in Proxy service Status
- PostGreSQL logs in the support tool.
- Possibility to force restarting proxy service after log rotation.
- Possibility to export built configuration of a reversed web site ( see more information here )
- Possibility to backup reports and specify a WAF behavior for each website ( see more information here )
- Possibility to allow HTTP protocol methods in Web Application Firewall. ( see more information here )
- Possibility to compile Web Application Firewall rules from the Whitelist section.
- Possibility to enable/disable Web Application Firewall whitelist rule.
- Dedicated section for Client-Side Certificate in Reverse-Proxy
- Possibility to set a password for PFX Client-Side Certificate in Reverse-Proxy
- Possibility to download Client certificates in PEM and TEXT format in Reverse-Proxy
- Servers Certificates and Clients certificates in Reverse-Proxy follow iOS SSL Certificates rules
- Double-verification of reconfiguring proxy during reboot option.
- Possibility to change the Connections Tracking max value in HaCluster
- When installing HaCluster, some features are automatically uninstalled (Firewall, DHCP.. ) and removed from feature list
- Possibility to see more information here metrics from the remote proxies using SNMP with HaCluster.
- Improve load-balancing transparent service in HaCluster.
- HaCluster clients proxies now sends metrics to the HaCluster load-balancer
- HaCluster now send checks by parsing remote proxies HTTP status page.
- New design for proxy DNS settings
- Possibility to switch between new Extended Proxy Connector and Native Proxy Connector.
- More information about the Filtering Go service network availability
- Interface that pay attention that the local hostname can be resolved.
- Display in the notification that some proxy ports are unavailable.
- Possibility to quick add host to be resolved when using DNS Firewall.
- German language support for the Web interface
- possibility to display compiled rules in DNS Firewall.
- Possibility to set specific Web page error address for The Shields detections.
- Double-Quotes are not supported when set the Manager password: Add a watchdog on this behavior
- Possibility to deny replicating Artica web console parameters in cluster system.
- Possibility to generate a CSR certificate based on an already generated certificate.
- DNS Firewall and DNS Cache service are statistics appliance compliance.
- SafeSearch for brave.com search engine.
- Syslog support for new go modules
- hotspot / itchart support for squid (url_rewrite)
- Categorization / shields dns metrics
- Feature to log notcategorized websites
- Possibility to increase / decrease bigcache shards trounght gui
- Possibility to import / export network routing rules (see more information here )
- Possibility to reconfigure only one server in HaCluster Load-balancing.
- Possibility to display events of an HaCluster backend.
- Notification when an new HaCluster main software is available.
- Notification when an new Dameon monitor software is available.
- Notification when an new Dameon monitor software is available.
- Possibility to add specific DNS rules for the DNS Load-balancing for the Proxy service feature.
- possibility to add whitelisted domains for the limit senders domain feature ( see more information here )
- Possibility to tune the Max requests per seconds in DNS Firewall
- Artica take care of duplicated SPN when using the wizard in HaCluster.
- Possibility to display the Kerberos Ticket in HaClutser environment
- DNS Load-balancer for proxy service allow all internal interfaces to query the service.
- Metrics For the HaCluster Load-balancer.
- Warning if HaCluster is connected to Proxy v4.x, add a notification to upgrade to 5.x
- Ensure that /lib/squid3/go-shield-connector is correctly installed after upgrading.
- Proxy.pac service doesn't require an Entreprise License
- Possibility to enable/disable a destination proxy in proxy.pac rules.
- Possibility to restrict routing only to a set of domains in Artica SMTP ( see more information here )
- Spkunk compatibilities for Administrators accesses to the Artica Web Console. ( see more information here )
- Possibility to list privileges affected by Administrators using Active Directory
- Status for mandatories HotSpot required parameters
- New HotSpot verification in status section of the linked Artica Connector
- Go Shield Server performance improvements.
- Files Descriptors support for Go Shield Server
- Possibility to disable metrics in Go Shield Server
- Go Shield is now started by Go Exec instead PHP shell_exec.
- Possibility to change language from the top menu.
- Left menu of proxy connector is now always displayed.
- CRON and Proxy service fully compatible with go-exec daemon.
- Possibility to use Wan Proxy Compressor using only SOCKS ( see more information here )
- Function that detects Zombies processes.
- Go-fork to avoid zombies.
- multiple language translations
- Introducing LDAP Cluster.
- OpenLDAP replication MASTER - SLAVE Support ( see more information here )
- On some commands, Artica took hash of the configuration directory in order to avoid proxy service reloads for nothing.
- Possibility to disable realtime proxy access logs on Proxy backend in HaCluster configuration ( see more information here )
- New feature for haCluster: HaCluster Client ( see more information here )
- Improve ClamAV updates processes and events.
- Possibility to IPv4 and IPv6 traffic performance. ( see more information here )
- New function that tests the availability of the ClamAV repository before starting the update task.
- Possiblity to create Groups of objects in Proxy ACLs. ( see more information here )
- Rebuild and change Interface for better understanding of the Firewall For Web services ( see more information here )
- Possibility to not replicate Active Directory parameters in Cluster mode.
- Possibility to send SMTP events to a remote syslog system.
- Enforce session timeout ( see more information here )
- RBAC enforcement.
- New RBAC privilege "Database administrator" ( see more information here )
- Upgrade Jquery framework to 3.6.0
- Build an entire SMTP service for managing SMTP notifications and Proxy statistics PDF reports.
- OpenVPN 2.6 on repository
- New realtime monitor for Artica SMTP appliance ( see more information here )
- Possibility to export Artica-milter events to a log file.
- Possibility to export Artica Milter events in CSV format
- IDS engine improvements
- New note on Proxy v5x acl for the last checked rule.
- Default the system will use local installed DNS service.
- Possibility to create a Debian local Mirror ( see more information here )
- Possibility to link Debian local mirror service with the reverse-proxy ( see more information here )
- Remove some Microsoft sites in the default Proxy whitelisting and add an option to add it if needed.
- Possibility to start the proxy service Daemon by restoring last configuation snapshot before.
- Bulk API for the Shield Server - curl 127.0.0.1:3333/bulk-categories/domain1,domain2,domain3...
- Bulk importation on ACL object Destination domain ( see more information here )
- Possibility to generate a Let's Encrypt Certificate for Artica For Wordpress edition. ( see more information here )
- New tool for Proxy Network analysis ( see more information here )
- Possibility to encrypt Legal logs backup ( see more information here )
- Possibility to export/import proxy ACLs ( see more information here )
- Critical Notification if the go-shield server is started by the watchdog after a crash.
- Filesdescriptors support to elasticsearch
- Updated the filebeat pipeline to support squid users domain name, DOMAIN/USER
- Possibility to setup a DoH service on the DNS Firewall edition ( see more information here )
- New feature Filesystem monitoring service ( see more information here )
- Possibility to send proxy.pac script according the requested domain name ( see more information here )
- Information about the use of reverse-proxy and proxy-pac feature.
- Monitoring of /var/log/rsyslog.error.log file.
- Enable web pages optimization on-the-fly on the reverse Proxy ( see more information here )
- Possibility to enforce query the CGuard reputation service for websites categorization ( see more information here )
- Improve design and feature of the Load-balancing for parent proxies ( see more information here )
- Revive the Reverse Proxy For MS Exchange project (see more information here )
- Possibility to add CGuard categories in ACLs ( see more information here )
- Possibility to activate the Web Application Firewall inside the Web firewall section ( see more information here )
- Possibility to disable "hardcoded" categories ( see more information here )
- Memory monitor of max 2100 MB for the Go shield service.
- New dedicated service "Web Error page service" beta stage ( see more information here )
- New more fastest plugins for checking Active Directory groups
- New watchdog executed each 5 minutes to ensure that HaCluster logs file did not exceed the maximum value.
- Possibility to Restore a Wordpress duplicator backup container ( see more information here )
- Proxy LDAP Group Plugin: Now first read KerbAuthInfos to get AD infos and then ActiveDirectoryConnections for child domains
- Proxy LDAP Group Plugin: Added support for ACL with multiple AD groups.
- Proxy LDAP Group Plugin: Add support for ldap.escape filter
- XSS Protection on the Web Error page service
- Possibility to turn the global proxy configuration into read-only mode ( see more information here )
- Hacluster clients reports now the Artica Version.
- Possibility to adjust Kerberos encryption types on HaCluster ( see more information here )
- HaCluster clients sends Artica full version to HaCluster Load-balancer.
- Possibility to turn in Debug mode the Web Error page service.
- Possibility to use the web page service using ACLs ( see more information here )
- SSL decryption whitelists rules and SSL encryption rules are now displayed in the realtime monitor ( see more information here )
- By default, SSL stream to RFC local IPs will be not decrypted by the proxy.
- Complete modification and improvement of the Error Page Service ( see more information here )
- Possibility to whitelisting SSL decryption using the remote SSL certificate fingerprint ( see more information here )
- Improve the SSL Certificate fingerprint acl object ( see more information here )
- Improve FTP service web interface ( see more information here )
- Top-right notification to notify apply network configuration if network as changed.
- New feature Closing the session on Artica Web console by inactivity ( see more information here )
- New watchdog that ensures the local hostname is added inside the system hosts table.
- New Active Directory NTLM watchdog settings for Automatic emergency ( see more information here )
- Possibility to send NTLM watchdog events to remote syslog server ( see more information here )
- Active Directory Emergency is simplified, instead of rebuild the proxy configuration without Active Directory objetcs, it creates an "allow all" rule on the top of rules.
- Possibility to create a category service fo query personal categories remotely ( see more information here )
- Possibility to display and remove cached records in DNS Firewall service ( see more information here )
- Possibility to populate personal categories with external sources ( see more information here )
- Compliance between categories service and DNS Firewall
- Possibility to search inside events generated for personal categories, categories service and categories updates ( see more information here )
- Filtering service service was automatically updated.
- Added support for LDAPS for the Proxy LDAP Group plugin
- Close AD conns after bind complete for the Proxy LDAP Group plugin
- Timeouts for connection and ldap search - The timeout values can be defined in webconsole for the Proxy LDAP Group plugin
- Support for LDAPS for the Filtering service
- Close AD conns after bind complete for the Filtering service
- Timeouts for connection and ldap search (the timeout values can be defined in webconsole) for the Filtering service
- Integration with new categories service for the Filtering service
- ITChart support for child domains for the Filtering service
- New local DNS cache service to serve Artica local services ( see more information here )
- Wazhu manager support ( see more information here )
- New real-time requests monitor for reverse-proxy ( see more information here )
- Possibility to deny incoming connections using the Web firewall ( see more information here )
- Possibility to deny incoming connections in the Web Firewall using the real-time requests monitor ( see more information here )
- Red label on the reverse-proxy websites list if the local configuration is not saved on disk.
- Cybercrime IP feeds feature for Web firewall ( see more information here )
- WebSockets support using proxy version 5.x - need to reconfigure to make it in production mode.
- Possibility to use the local DNS cache service with the DNS Firewall or the DNS Cache ( see more information here )
- Display an error when the local configuration file si not builded using Artica For Wordpress Edition.
- double check on clustering the reverse-proxy service.
- Possibility to remove Backuped Service Packs.
- New statistics on Proxy DNS queries engine.
- New feature, possibility to reverse proxy in paths ( see more information here )
- New feature, possibility to create replace rules in paths ( see more information here )
- Possibility to modify the Web error page for the ICAP proxy antivirus ( see more information here )
- ICAP Policies that allow to create whitelists for ICAP protocol ( see more information here )
- watchdogs in order to restart local Proxy ICAP service only if needed.
- writing to /var/log/activedirectory.log all bind failed for troubleshooting
- More options on the SSH service in order to enforce SSH security ( see more information here )
- ICAP service Listen IP address is now defined by listen Interface instead of hardcoded IP address.
- Possibility to define Load-balancing health-check parameters for the DNS Firewall ( see more information here )
- ICAP HTTP Security service status widget on the dashboard when using only ICAP HTTP Security service on the appliance
- New tool to test ICAP detection by uploading a sample.( see more information here )
- Possibility to send by syslog Proxy Antivirus ICAP detections ( see more information here )
- New Web-filtering engine v1.0.60
- Add support fo NRDs category ( see more information here )
- Improve categoritations speed
- Go Shield File Watcher 1.0.2
- HotSpot rev 4 beta 1
- Support of new PowerDNS 4.7.2 version support
- New version of DNS Firewall version 1.7.3
- New notification bell when there is a new DNS Firewall version available.
- Support of record type ALIAS when using PowerDNS ( see more information here )
- Possibility to repair PowerDNS database ( see more information here )
- HotSpot rev 4 beta 2 ( see more information here )
- HotSpot rev 5 RC1.
- Proxy SSL cache directory to /etc/squid3 for more stability
- PDF Statistics reports are now sent via Central SMTP notifications
- Change the support creation tool to the new support system. ( see more information here )
- ITCharters are moved into The Shields service.
- Updating repositories for C-ICAP 5.0.9, Haproxy 2.4.4, Clamav 0.104.0
- Updating repositories for ntopng 5.1, monit 5.29, netdata 1.31
- Create a cloud ArticaTech dedicated ClamAV repository. ( see more information here )
- Debian apt-get error APT repository changes its Suite value from X to Y: This must be accepted explicitly before updates for this repository can be applied
- Proxy version 4.17 available on repository.
- New version of memcached 1.6.12 for Debian 10 in repository
- Available PowerDNS 4.5.2 in Cloud repository
- Notification when a new PowerDNS version is available in the Artica cloud repository
- Memcached 1.6.13 to updates repositories.
- Netdata 1.32.1 to updates repositories.
- ClamAV 0.104.2 to updates repositories.
- Proxy cache version 5.4 in repository
- Load-balancer version 2.5.2 in repository
- Haproxy v2.5.4 in Artica repository
- Update SSH reverse-proxy bastion to 2.0.2 to repository for Debian 10
- MemCached 1.6.14 to repository for Debian 10.
- Monit 5.31.0 to repository for Debian 10.
- NetData 1.33.1 to repository for Debian 10.
- DNS Cache service (unbound) version 1.15.0 in repositories for Debian 9 and Debian 10
- PowerDNS 4.6.1 in repositories for Debian 10
- Load-balancing service 2.5.5 in repositories for Debian 10
- PowerDNS service 4.6.2 in repositories for Debian 10
- Proxy Service 5.5 in repositories for Debian 10
- Memcached service 1.6.15 in repositories for Debian 10
- Netdata service 1.34.0 in repositories for Debian 10
- DNS Firewall version 1.7.1 in repositories for Debian 10
- Siege software to 4.1.3 version.
- Filtering Go service to 1.0.19
- Filtering Go service to 1.0.20
- Filtering Go service to 1.0.22
- Filtering Go service to 1.0.23
- Load-balancer engine v2.6.0 to public repository
- DNS Cache service 1.16.0 to public repository
- Filtering Go service to 1.0.27
- Advanced Monitoring service 1.35.0
- 1.21.4.1 reverse-proxy version on Debian 9
- Syslog Server version 8.2208.0 on repository for Debian 9 and Debian 10
- DNS Firewall version 1.7.2 on the repository server.
- Go shield server to 1.0.31
- ClamaAV 0.105.0, C-ICAP 0.5.10 in repositories.
- go-exec to 1.0.8
- ArticaStats to 1.2.4
- Failover service 2.2.7 version to repositories.
- IDS Engine to 6.0.6 version to repositories.
- MemCached daemon 1.6.17 to repositories.
- Upgrade Shield Server to v1.0.36
- Go-Exec to v1.0.9, this new version introduces compliance with systemd
- NTOPNG to v5.5.220909 to repositories
- go-shield server to 1.0.37
- exec.go.exec.php and exec.go.shields.server.php to handle new binary dir
- exec.nighly.php to force run exec.go.shields.server.php to correct recreate the service files after update
- exec.installv2.php to force recreate the elasticseatch and filebeat service files after update
- kibana and elasticsearch to 7.17.6
- filebeat to 8.4.1
- Proxy-cache version 5.7 on repository.
- Artica Web error page service to v1.1.10
- Feature that testing the kerberos connection - too many false alarms
- The use of DNSBL reputation service is removed, detection rate of The Shields is enough
- Categories Services section is now removed ( unecessary )
- filedescriptors issue frontend notification
- Installing DNS Cache or PowerDNS did not force the system to use local DNS service.
- Sandbox connector is removed due that Kaspersky SandBox is no longer supported by Kaspersky.
- HotSpot WIFI4EU feature - need an official uuid from a municipality to supports this feature -
- THe Category service is removed and replaced by The Shields, any Artica version can use Personal Categories using the Shields.
- Proxy store type and caches in aufs is definitively not supported in SMP configuration ( change to rock type )
- Caches directories for each CPU is no longer used.
- The Shield will listen 127.0.0.1 instead of unix socket in order to avoid issue Err 95 Operation not supported.
- The use of ACL categories no longer requires a valid license.
- The Shields service as been improved by using HTTP protocol and is now fully multithreads
- The Shields section in left menus as been modified for better understanding features options.
- Web-Filtering client is now depreciated and The Shields Client is used instead.
- If The Shields is not enabled as remote, id doesn't use the local service for query reputation.
- The Shields service is now only an option only used for centralize Filtering services.
- WebCopy feature did not longer use the local proxy if configured - it must be enabled in configuration
- Redirect to Web-filtering error pages can be fully defined using rules method.
- Deny cache feature is added even the Proxy Cache feature is not enabled in order to avoid caching in memory
- : Not blocking if Web Application firewall cannot handle max body response size.
- Switch the Web-filtering connector to original connector if only web-filtering is defined.
- redesign proxy ssl certificates section.
- redesign and increase proxy-pac daemon performance.
- HotSpot rebuild to Go engine.
- Rebuild totally the ICAP HTTP antivirus watchdog in order to get best performance.
- Proxy Outgoing addresses rules.
- Application Firewall rules beta mode
- Application Firewall rules beta 1
- the Proxy watchdog to Goland v1.4.34
- DNS Load-balancing service to DNS Firewall service.
- Firewall take care of search domains defined in DNS default settings.