WhatsNew Service Pack 1 for Artica 4.50.000000

ADD

  • New HaCluster and Cluster V2 version
  • Possibility to disable the Error accessing the Internet via proxy notification
  • Prometheus Exporter for the reverse-proxy service
  • Possibility to disable USB devices
  • revived SMTP real-time logs feature for Artica SMTP on Debian 12
  • Possibility to extract events from reverse-proxy legal logs
  • InstantLDAPBackup feature for fixing a potentially corrupted OpenLDAP database
  • support of systemd-networkd for modern distributions
  • Possibility to associates a in-memory database with DNS Cache service
  • Possibility to use Multiple Service Principal Names in Active Directory Kerberos Proxy authentication.
  • Possibility to enable the VMI Watchdog for monitoring system hangs
  • Possibility to detach DNS forwarders from the system for foreign domains in DNS Cache service
  • Possibility to Instruct browsers to cache certain elements locally using the reverse-proxy service
  • Possibility to set Transmit queue length parameter for a network interface
  • Improve status of the Webfiltering Proxy connectors
  • Web-filtering Rule status if it is in production or not in the rules main table
  • Specific secure Firewall rules for local Proxy service
  • Possibility to filter Web-filtering events by IP address and/or categories
  • Possibility to use GeoIP Maxmind in firewall rules
  • Possibility to replicate Maxmind GeoIP databases accross multiple Artica servers
  • Possibility to create mirror rules to target address in the Artica Firewall
  • More IDS rules when updating
  • Automatic watchdog for the “GENSEC login failed: NT_STATUS_LOGON_FAILURE” error when using NTLM.
  • possibility to send all traffic to a remote address
  • possibility to query domains under Newly registered domains database
  • Fingerprinting Web Access feature for the Artica Web console
  • Debian 12 support
  • New feature Persistent network interfaces
  • Fix: for the CVE-2024-6387: OpenSSH regreSSHion RCE
  • Possibility to move all log directories to an another location.
  • DNSTAP support for LogSink
  • EDNS support when using Artica DNS Cache service in backends and Front-ends
  • MicroDHCP service status, leases and events
  • New bell notification when a new DNS Cache version is available.
  • Possibility to enable DoH service for the DNSBL/RBL service
  • Possibility to enable a Dedicated service for query DoH Cloudflare
  • Possibility to populate Firewall rules from the DNS Firewall
  • Possibility to enable/disable the Proxy Acls Active Directory groups recursive search
  • Cache Exclusions rules for the reverse-proxy engine.
  • When creating server certificate, process take care if an IP address is added in domains.
  • New Process for reconfiguring Proxy ports
  • Possibility to manage VLAN interfaces via REST API
  • Possibility to reboot the system via REST API
  • Possibility to create a dedicated Proxy instance section for debugging
  • New Feature: Artica Windows DNS Agent
  • Possibility to deny artica to build network configuration
  • new service for Reverse-Proxy “DoH Gateway”
  • Possibility to define an outgoing interface for the Reverse-proxy service
  • Possibility to setup specific DNS servers for the reverse-Proxy
  • More options for the Reverse-proxy backends keep Alive feature
  • Improve the Reverse-proxy backend load-balancing feature
  • Manage PowerDNS using REST API
  • Manage DNS Cache records using REST API
  • Improve DNS Cache records management
  • Restrict Artica login page by geolocation
  • SSH brute-force remediation
  • Possibilty to include Toulouse University blacklists
  • New statistics for the number of connected members to the Proxy service
  • New Artica Milter object ACLs Artica Deny reputation
  • REST API in order to Check if all Proxy Listen ports are available
  • New Artica Milter object ACLs URLs expression
  • New Artica Milter object ACLs Active Directory recipients
  • New Artica Milter object ACLs Active Directory sender
  • New Artica Milter object ACLs Attachments
  • automatic postrouting NAT when using VPN client
  • Possibility to tune Ciphers for the SMTP daemon in Artica SMTP Edition
  • Possibility to enable the upgrade Artica with Hotfixes in developement mode
  • AutoBackup feature for the Artica Reverse-Proxy edition
  • ACLs method in the Artica Milter filter for Artica SMTP Edition
  • API REST for DNS system settings
  • Possibility to query the Proxy Parents status via API REST
  • Possibility to query the proxy NTLM connection status via API REST
  • Possibility to monitor Proxy File Descriptors status via API REST
  • Possibility to disable Artica to manage OpenSSH service configuration
  • Possibility to search proxy realtime events by time slot.
  • Privileges by Web Sites on reverse-proxy
  • WebDav Access on a reverse-proxy HTML Site rule
  • Option to change the "myorigin" on the Artica SMTP Appliance
  • Possibility to enable/disable recursive LDAP search for the IT Charter with Active Directory filter
  • Possibility to tune the PHP engine for the Web console
  • Possibility to whitelist Web application Firewall rules according to targeted applications
  • Stopping function take care about ghost processes in HaCluster
  • Review the reverse-proxy rewrite rules
  • Review the reverse-proxy default server in websites rules
  • Possibility to create a reverse-proxy website default block rule
  • Possibility to block uploaded files based on their file type on Artica for Reverse-Proxy
  • Possibility to scan for viruses uploaded data with Artica for Reverse-proxy
  • Default removal headers rules on the Artica for Reverse-Proxy.
  • Possibility to recover a corrupted certificates center database
  • Possibility to ban clients based on Client Certificate in Artica reverse-proxy
  • Notification to restart reverse-proxy service when a new website is created
  • Possibility to cache reversed websites directly in a in-memory cache
  • Possibility to turn a reverse-proxy website into maintenance mode
  • Increase DNS cache performance according the version 1.18.0
  • better search on CrowdSec current blocked IP list.
  • PageSpeed caches in monitor system cache on Artica reverse-Proxy service
  • Possibility to monitor system cache on Artica reverse-Proxy service
  • Possibility to disable totally the Web Application Firewall for a defined path in Artica Reverse-Proxy service
  • Possibility to define mass Urls redirects in Artica Reverse-Proxy service
  • Possibility to deny URLs in Artica Reverse-Proxy service
  • Possibility to set Permissions Policy headers in Artica Reverse-Proxy service
  • Possibility to filter access by countries in the Artica Reverse-Proxy service
  • Possibility to enforce the SMTP Submission port in Artica SMTP gateway.
  • Possibility to log Client Certificats CommonName inside real-time events
  • Possibility to force direct mode for Office 365 sites in the Proxy.PAC service
  • New v2 for generating Let's Encrypt Certificates
  • Get Information of public IP addresses that connects to the reverse-proxy system.
  • Notice to install PostgreSQL on DHCP service section if it is not installed
  • Possibility to check client certificate only for specified path in the reverse-proxy.
  • Possibility to import a server certificate for Client-side certification verify
  • When Artica Firewall is active, it takes care about interfaces and ports of the reverse-proxy and create necessaries allow rules
  • Change the Web design on the Certificates Center.
  • Certificate validation before saving Artica Web console interface settings
  • Graphs and charts each hour for reverse-proxy Web application firewall
  • sub-certificates support in Artica SMTP feature
  • SMTP(s) Protocol support in the Artica SMTP gateway for the TLS feature
  • Parsing Reverse-Proxy Web Application Firewall events and reports are now made in real-time
  • Managing the php engine and the Web Console using Web API daemon that able to recover Web console is PHP engine is crashed.
  • possibility to generate a Self-Signed certificate using Web-API
  • Enforce redirects option for ADFS support in reverse-proxy feature
  • metrics per web service in the Reverse-Proxy feature
  • ADFS support in reverse-proxy feature
  • new DNS Firewall rule “Active Directory Offloading”
  • Possibility to change the domain to test inside the failover service
  • better back-ends status in HaCluster backends status section.
  • option to disable curl test on Fail-Over method
  • option to enable recursive search on Hotspot
  • option to deny members authentication on Hotspot
  • integration with Active Directory Agent
  • support for recursive search
  • If only the register by email method is defined, the HotSpot web page redirects automatically to the redirect page.
  • a search engine in the HotSpot vouchers section and enhancements for a more robust code in the Vouchers section.
  • possibility to turn the Proxy-PAC web service service into SSL method.
  • possibility to set Denied Active Directory groups in the HotSpot system.
  • automatic watchdog incident when the proxy watchdog need to restart service.
  • some DNS setting in the cluster replication package
  • possibility to import global proxy blacklist from a text file and replace the full content
  • Possibility to add categories by family ( non-productive, dangerous.. ) in ACLs and Web-filtering
  • Possibility to remove all added categories in ACLs and Web-filtering.
  • Possibility to export Proxy blacklists into CSV mode.
  • Possibility to route domain's prefix dynamically in the reverse-proxy section
  • Possibility to redirect connections to a defined URL in proxy acls.
  • Possibility to update Artica using Unix console or by command-line
  • Possibility to import all web-filtering categories inside a web-filtering rule or ACL.
  • A limit of 50,000 records when compiling personal categories in the Web-filter daemon.
  • new domain checker inside proxy service real-time monitor

FIX

  • Unable to configure Proxy Authentication method using a remote ldap server
  • Bad rules compilation in proxy Headers ACLs
  • The API REST did not detects the presence of the Web Application Firewall library for the Reverse-Proxy
  • Unable to set a server certificate from certificate center for the Web console
  • CIS compliance 1.5.2_bootloader_password
  • CIS compliance 1.1.21_sticky_bit_world_w
  • CIS compliance 1.6.4_restrict_core_dumps
  • Proxy.PAC service sometimes read rules in a random way
  • CIS compliance 5.6_restrict_su
  • CIS compliance 99.1.1.23_disable_usb_dev
  • CIS compliance 99.5.2.1_ssh_auth_pubk_on
  • CIS compliance 99.5.2.2_ssh_cry_rekey
  • CIS compliance 99.5.2.3_ssh_disable_feat
  • CIS compliance 1.1.1.7_restrict_fat
  • Default Artica Firewall rule overrides network card-specific rules
  • Threats from the Integrated Proxy antivirus are not displayed
  • LDAP SSL issues on Debian 12
  • Action “Rebuild full configuration” on the Proxy service destroy the Active Directory keytab
  • Enter/exit into emergency mode did not restore the full proxy configuration
  • Unable to start OpenVPN server on Debian 12 system
  • Web error page always use the error page rule that have no filter.
  • Missing libpython3.7 python3-memcache to make the RDS Proxy AuthHook running on Debian 10
  • Unable to scan the legal log repository when the repository is a symbolic link
  • Installing Active Directory feature stuck at 50% on Debian 12
  • unable to set Proxy Reply Access acls using Debian 12
  • unable to make the Local DNS Cache running.
  • Unable to see more information here list using Debian 12
  • Unable to install Proxy eCAP antivirus on Debian 12
  • Web console crash on license section
  • Unable to generate SSL certificate clients on Reverse-Proxy.
  • Web page console crash on Debian 12 when viewing HaCluster backends and Web-filtering time slots
  • Corrupted formatted proxy events to LogSink.
  • LogSink did not open UDP port correctly
  • Some malformatted Policies Zones make the local DNS cache service unavailable.
  • PostgreSQL table modsecurity_linked_tags increase dramatically when using Web Application Firewall
  • Improve performance of the Local DNS Cache Service.
  • Cannot define correctly a subdirectory for backup snapshots
  • Unable to set a static HTML reverse Proxy website
  • Sometimes Proxy service lost max file descriptors value and return back to 4096
  • Unable to assign Active Directory privileges when there are quotes “'” in Active Directory group name
  • Artica did not renew correctly the Active Directory Kerberos certificate
  • Review the DNS Firewall GeoIP rule
  • Unable to upload ther kerberos Keytab in HaCluster server
  • Unable to restore a snapshot
  • License corrupted and deleted if license check is performed at startup.
  • CVE-2024-2054
  • Wrong permissions on the Postfix binaries
  • Unable to set the download/update rate in the Reverse-proxy service
  • Unable to set the max connections by IP in the Reverse-proxy service
  • unable to access to Unix console parameters trough the Artica Web Console parameters section.
  • Hostname is truncated after the installation wizard.
  • Unable to start PHP Web console when using VPN client
  • 502 Bad Gateway on the Artica Web console
  • postmaster address is not changed
  • Proxy HotSpot custom form is not displayed on the HotSpot Page
  • missing privileges working necessaries directories on the Web application Firewall for building reports
  • Undefined function Tips_paragraph that turn looping some queries on the Web console
  • Increase security levels reported by the ANSSI DAT-NT28 Average intermediate level 45
  • Artica did not kill correctly php-fpm ghost processes
  • Missing lock for privileges for Proxy Monitor on the proxy acl categories object
  • Wrong descriptions in the system tasks table.
  • Reverse-proxy real-time logs are now splitted by web service name in order to avoid timeouts in the web interface
  • Missing lock privileges for Proxy Monitor
  • Unable to install and configure the DHCP Relay service
  • Self-Signed certificate generation did not create CA capability for Proxy service with SSL decryption feature.
  • Computer TOP menu, stuck
  • Error table constraint on creating a new port on the reverse-proxy
  • Unable to save some OpenSSH parameters.
  • Issue when creating an ADFS reverse Proxy.
  • Unable to create a Certificate Request using Certificate center.
  • python dependecy for the RDS proxy service
  • SMTP routing per destination addresses using TLS.
  • Sometimes, after rebooting, the Web console lost new saved parameters
  • issues on the RDS proxy service authenticator
  • issues on ITCharter feature when using FireFox
  • typo that cause a fatal error on the Active Directory NTLM watchdog
  • Unknown parameter encountered: "client use kerberos" in the Proxy NTLM feature
  • creation of /var/log/samba folder during the startup
  • Multiple CPUs section and Filedescriptors section turn to red status.
  • Artica is unable to run PHP-FPM for the Web Console that generates a 502 bad gateway on the Interface
  • bug 412: Artica SMTP gateway is not compatible with sub-certificates generated in the Certificates Center
  • Bungled proxy configuration when using Multiple Active Directory Groups object type and Active Directory is inactive.
  • Bungled proxy configuration on TCP/IP address typing error with 2 dots eg (192.168.1..0/24 instead of 192.168.1.0/24 )
  • Some databases are not correctly patched after an upgrade from 4.30x to 450x
  • Access ACLs group of rules status is always seen as "inactive"
  • System overloaded after FUSER_MGR(); alert ( improve the test ports function )
  • /var/log/charon.log is not cleaned by Artica.
  • Bug 387 - Too many events in proxy cache.log caused by the eCAP Clamav when surfing on HTTPS sites ( see more information here )
  • No such column rulevalue in DNS Firewall rule section.
  • Unable to build Postfix configuration according to a fatal error ( a function postconf() not exist)
  • Load-balancing service and haCluster service stuck caused by a system open files limitation.
  • Too limited Open files for DNS Firewall.
  • Unable to correctly update Filtering daemon service. ( see more information here )
  • the Update section page stuck when there is no versioning information ( see more information here )
  • Filtering service in left menu was hidden.
  • typo in Fail-Over configuration
  • unable to change the register button text in the HotSpot configuration
  • Ticketing and possibility to release a denied blocked page with the Web error page service did not show the button when there is no filter in rule
  • reflect some rules equation in web error page service
  • sometimes, the user information is not saved in Web error page ticket system
  • unblock websites from ticket page did not send correctly information
  • Invalid ACL: acl UfdbgUnblock3 proxy_auth xxx when there is no authentication enabled on proxy service
  • Issues on accents on the HotSpot Skins features and ability to change the title of “Terms & Conditions”
  • Unable to save the “No Cache” option inside Transparent Proxy ports section.
  • Synchronize time with the NTP client uninstall the feature.
  • Some encoding characters issues in HotSpot skin section
  • Access log for reverse proxy did not log correctly hostname when using dynamic domains routing feature.
  • Typo code on the IDS service main script.
  • Unable to create an LDAP user
  • loop on reverse-proxy main sites table
  • accents are corrupted in the web-error page.

POSSIBILITY

  • to create multiple IPV6 addresses for a single network interface

REMOVE

  • php yaml dependecy for failover service

REMOVED

  • Squid 6.x from repository - too many unstable features.

UNDER

  • Construction:Client Certificates, Web Application Firewall - do not update if you using this feature until a new hotfix release these features

IMPROVE

  • Procedure to generate a Self-signed certificate

CHANGE

  • Real-time connections as been totally modified in order to accept huge data.

LIMIT

  • 500,000 records in personal categories with the go-shield.