Discover RELIANOID’s Journey of Innovation and Advancement in Load Balancing Technology
New features:
[lslb] new high performance proxy
[lslb] new proxy supports http/2
[lslb] new proxy supports hot restart (apply changes without disruption of connections)
Improvements:
[cluster] conntrackd service improvement
(and more!)
Release Candidate 1 available for Early Adopters from 22nd of October
New features:
[system] Secure Boot support
Improvements:
[system] Based on Debian Bookworm 12.8
[gui] Several web gui improvements
[system] seamless upgrade to Enterprise v8 improvements
[system] fix system profile files
Bugfixes:
[guardian] fix farm guardian file format
[api] fix content type in API response
[lslb] fix set of https farm ciphers
[system] several vulnerabilities fixed for libc, openssl, python and more
Check all the details in the Official Release Notes.
Improvements:
[cluster] conntrackd remove obsolete parameters
Bugfixes:
[system] fix migration scripts with LVM partitions
[system] fix noid-bui NIC configuration
Improvements:
[system] Based on Debian Bookworm 12.7
[system] improve sequential migration scripts
Bugfixes:
[system] fix backup files
[system] rebranding in message
[rbac] fix rebranding in list of permissions
[system] fix online ISO install may fail
[cluster] fix possible issue on cluster setup
[system] fix factory reset issue
[system] clean up files
[system] vulnerabilities solved: CVE-2022-1292, CVE-2022-2068, CVE-2022-2274, CVE-2022-0778, CVE-2022-3358, CVE-2022-3602, CVE-2022-3786, CVE-2022-3996, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0401, CVE-2023-0464, CVE-2023-5363, CVE-2023-0286, CVE-2023-2650, CVE-2023-6129, CVE-2022-4304, CVE-2023-1255, CVE-2024-0727, CVE-2022-2097, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2022-4203, CVE-2023-6237, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-6119, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492
Improvements:
[system] improve seamless major upgrade process to Relianoid v8
[system] revisit migration scripts
[system] revisit backup restoration process
[system] adding official relianoid GPG key
Bugfixes:
[stats] fix show real memory usage
[system] fix internet check during checkupgrades
[system] fix overwriting webgui ssl certificate
New features:
[system] UEFI support
Improvements:
[gui] several web GUI improvements
[system] seamless upgrade from CEv7 to EEv8
[core] advanced best QA practices applied
[core] improve memory usage downloading large files
[package] improvements on the installation process
[core] improve configuration files parsing
[core] broad relianoid rebranding
Bugfixes:
[system] fix fdpoll bad file descriptor warning
[core] broad warnings fixed
Refer to the official Release Notes for all the details.
Improvements:
[gui] Several web GUI improvements
[gui] Angular libraries and components update
[gui] Translation improvements
[api] refactoring API to avoid source code duplication
[system] switch services to systemd
[core] advanced best QA practices applied
[core] improve memory usage downloading large backups
[core] direct supportsave download without disk storage
[package] improve postinst and preinst procedures
[core] improve configuration files parsing
[gslb] improve GSLB stats listed in the web GUI including new parameters
[core] improve inotify calls
[core] broad relianoid rebranding
Bugfixes:
[stats] fix show real memory usage
[rbac] fix rback roles listing
[system] fix fdpoll bad file descriptor warning
[core] broad warnings fixed
Check out the Release Notes for all the details.
Improvements:
[system] Update to Debian 12.6
[gui] Angular libraries and components update
[gui] Translation improvements
[api] refactoring API to avoid source code duplication
[system] switch services to systemd
[core] advanced best QA practices applied
[system] seamless upgrade from CEv7 to EEv8
[system] improve memory usage downloading large backups
Bugfixes:
[stats] network stats not shown in the dashboard
[stats] fix show real memory usage
Check all the Release Notes for more information.
New features:
[system] new OS based on Debian Bookworm and kernel 6.1
[system] OpenSSLv3, Python3, Perl 5.36 and Curl 7 support
[system] ISO size optimization for a lightweight deployment
[farms] reverse proxy support for auto DH ciphers generation
[system] seamless update from EEv6 and CEv7
[letsencrypt] automated backup-recovery certificates feature
[lslb] add priority to backends
[lslb] introduce least response scheduler for http farms
[ipds] introduce Multi Factor Authentication module with support for Radius, AD, LDAP and Google Captchav2
Improvements:
[api] refactoring API to avoid source code duplication
[system] switch services to systemd
[ipds] update OWASP CRS
[core] advanced best QA practices applied
[system] new activation certificates system
[gslb] seamless reload of configuration
Check all the details on the Release Notes.
Early Adopters Program now open for registrations, join us!
Improvements:
[letsencrypt] automated backup-recovery for autorenewed certificates
[system] add _checkupgrades_ support for major upgrades
Bugfixes:
[letsencrypt] fix certificates corruption during cluster synchronization
[lslb] fix http services ordering
[system] fix cherokee stops after logrotate
[system] fix undefined function in Certificate Activation
[system] security advisories fixed: CVE-2024-1086, CVE-2024-28182, CVE-2024-2961, DLA-3788-1, DLA-3806-1, CVE-2023-50387, CVE-2023-50868, CVE-2024-34397, CVE-2024-3651, CVE-2022-48624, CVE-2024-32487, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602, CVE-2024-5742
Access the Release Notes for all the details.
Improvements:
[ipds] speedup ipds installation package
[system] improvements on update system process
[system] improvements recognizing repository signature
Bugfixes:
[system] add base-files as dependency
[system] fix repository key update when uploading a new activation certificate
[system] fix python dependencies
[system] cleanup repository GPG keys
[system] fix missing configuration for ssh
[ssl] fix letsencrypt undefined subroutine
[system] security advisories fixed: CVE-2023-27534, CVE-2024-0985, CVE-2023-3354, CVE-2024-0553, CVE-2023-2861, CVE-2023-5088, CVE-2023-39804, CVE-2023-6597, CVE-2024-0450, CVE-2023-52425, CVE-2021-37600, CVE-2024-28085
If you want to know more details, please check the Release Notes.
Bugfixes:
[lslb] HTTP parser with session doesnt show backends list
[lslb] Unable to modify backend with priority 2
New features:
[lslb] add priority to backends
[lslb] introduce least response scheduler for http farms
Improvements:
[system] Based on Debian 12.5
[core] improve syntax of developer documentation
[lslb] improve http farms parser to make it more robust
[core] apply good practices to pass critic level 4
[gui] Improved translation messages
[core] Reduce default log messages of metrics collector
[core] Cleanup unused and deprecated code
[system] avoid ssh config overwriting
Bugfixes:
[cluster] fix cluster replication
[lslb] fix adding Control directive in HTTP farms during migration of config files
[gui] fix https backends, virtual host and pattern enabling option
[system] Fix grub issue in ISO installation
Here are the Release Notes with all the extended information.
Improvements:
[system] Enhanced SNMP support
[system] Snmp traps support for notifications
[system] Product specific RELIANOID MIB file
[system] SSH service hardening
[system] web gui service hardening
[ipds] update RBL lists
Bugfixes:
[api] Fixed wrong data types on backends
[core] Fixed some general core review warnings
[system] Fixed factory reset default certificates deletion
[system] Avoid replication of local web gui https certificates
[system] security advisories fixed: CVE-2021-39537, CVE-2023-43804, CVE-2023-29491, CVE-2019-11324, CVE-2023-34058, CVE-2023-34059, CVE-2020-26137, CVE-2018-25091, CVE-2019-11236, CVE-2023-45803, CVE-2023-41913, CVE-2023-5868, CVE-2023-5869, CVE-2023-5870, CVE-2023-5981, DLA-3639-1, DLA-3667-1, CVE-2023-51385, CVE-2021-41617, CVE-2023-46218, CVE-2023-48795, CVE-2023-28322, CVE-2024-22195, CVE-2023-22084, CVE-2023-7090, CVE-2023-3341, CVE-2023-28486, CVE-2023-28487
Check the Release Notes to complete the information.
Improvements:
[system] Based on Debian 12.4
[system] Enhanced SNMP support
[system] optimize for lighter ISO dependencies
[core] Improved static code analysis
[core] Fixed Perl documentation syntax
[api] API 4.0.3 and API documentation
[api] Deprecated and removed API 3.1
Bugfixes:
[api] Fixed wrong data types on backends
[core] Fixed some general core review warnings
Do you want to know more? Check our Release Notes.
New features:
[system] Full rebranding to RELIANOID
[system] Kernel 6.1 based on Debian Bookworm 12.2
[system] OpenSSLv3 support
[system] Seamless upgrade from Community to Enterprise Edition
[system] Seamless upgrade from Community v5 to v7
[system] Python3 and perl 5.36
[system] Curl 7 support
[system] ISO size optimization for a lightweight deployment
[cluster] community stateless cluster included by default
[farms] reverse proxy support for auto DH ciphers generation
Check the Release Notes with extended info.
Improvements:
[system] automate grub-pc update
Bugfixes:
[core] fix invalid cross-device link when copying files
[system] fix error apt config not properly done
[system] security advisories fixed: CVE-2022-48565, CVE-2020-24165, CVE-2023-39417, CVE-2023-43804, CVE-2023-43787, CVE-2023-4752, CVE-2023-4781, CVE-2019-11324, CVE-2020-11080, CVE-2022-48560, CVE-2023-29499, CVE-2023-44487, CVE-2020-19189, CVE-2020-26137, CVE-2022-48564, CVE-2023-3180, CVE-2023-36054, CVE-2018-25091, CVE-2019-11236, CVE-2023-0330, CVE-2022-48566, CVE-2023-28321, CVE-2020-21047, CVE-2023-32611, CVE-2023-32665, CVE-2023-43785, CVE-2023-43786, CVE-2023-40217, CVE-2023-34969
Bugfixes:
[gui] fix button panels for creation of objects
New features:
[system] seamless upgrade from Community Edition to Enterprise
Improvements:
[system] automatize grub-pc configuration update
Bugfixes:
[farms] fix debian buster apt sources
More details on the Release Notes.
Improvements:
[system] RELIANOID rebranding
[system] SNMP filter excess of logging
[system] faster connection to the updates repository
[system] include virtualization drivers by default
[ipds] include ipds package by default
[ipds] use secure HTTPS service for remote security lists
Bugfixes:
[farms] fix race condition during bulk farms action
[system] security advisories fixed: CVE-2020-13253, CVE-2020-14394, CVE-2020-15469, CVE-2020-15859, CVE-2020-17380, CVE-2020-25084, CVE-2020-25085, CVE-2020-25624, CVE-2020-25625, CVE-2020-25723, CVE-2020-27617, CVE-2020-27821, CVE-2020-28916, CVE-2020-29129, CVE-2020-29130, CVE-2020-29443, CVE-2020-35504, CVE-2020-35505, CVE-2021-20181, CVE-2021-20196, CVE-2021-20203, CVE-2021-20221, CVE-2021-20257, CVE-2021-3392, CVE-2021-3409, CVE-2021-3416, CVE-2021-3507, CVE-2021-3527, CVE-2021-3582, CVE-2021-3592, CVE-2021-3593, CVE-2021-3594, CVE-2021-3595, CVE-2021-3607, CVE-2021-3608, CVE-2021-3682, CVE-2021-3713, CVE-2021-3748, CVE-2021-3930, CVE-2021-4206, CVE-2021-4207, CVE-2022-0216, CVE-2022-1050, CVE-2022-26354, CVE-2022-35414, CVE-2021-23239, CVE-2023-22809, CVE-2023-32681, CVE-2023-38408, CVE-2023-3446, CVE-2023-3817, CVE-2019-13115, CVE-2019-17498, CVE-2020-22218
More info: Release Notes.
Improvements:
[system] RELIANOID rebranding
[proxy] use stable reverse proxy
Bugfixes:
[farms] fix race condition during bulk farms action
[farms] fix delete api http farm for old proxy
[system] security advisories fixed
Improvements:
[cluster] Improved ssyncd daemon logging
[farm] Allow set Alive parameter lower than ConnTO parameter when new generation proxy is disabled
[system] Improved logging when installing new Relianoid packages
[system] Added ipv6 routing info in Supportsave
Bugfixes:
[cluster] Fixed sessions synchronization in HTTP farm with several services using persistence
[ssl] Fixed creating an existent Let’s Encrypt certificate
[routing] Fixed configure default IPv6 gateway
[farms] Fixed creating farms using IPv6 in VIP
[system] Fixed the following vulnerability issues:
CVE-2022-47015, CVE-2021-38185, CVE-2019-14866, CVE-2023-0466, CVE-2023-0465, CVE-2023-2650, CVE-2023-0464, CVE-2022-4141, CVE-2023-0054, CVE-2023-2610 and CVE-2023-1175
Improvements:
[lslb] Avoid duplicating backends with the same IP and port
[proxy] Improved Err directives in the configuration file
[proxy] Code optimization
[proxy] Disallow broadcast IPs for backends
Bugfixes:
[lslb] Fixed start HTTP Farm when the process is running but PID file does not exist
[lslb] Fixed error in the farm config file when adding persistence
[proxy] Fix memory leaks on service unification
[proxy] Fix PARM type persistence
[proxy] Fix possible segmentation fault in Sessions CTL calls
Improvements:
[ipds] Improved the WAF Assistant management
Bugfixes:
[webgui] fixed Let’s Encrypt validate domains
[ipds] fixed Ruleset WAF status management
[cluster] fixed conntrack state initial synchronization
[system] fixed the following vulnerability issues:
CVE-2015-20107, CVE-2021-3177, CVE-2019-20907, CVE-2021-3737, CVE-2019-1010238, CVE-2020-8492, CVE-2022-45061 and CVE-2021-3733
Improvements:
[guardian] added Priority feature to farmguardian checks
Bugfixes:
[proxy] fixed recovery process handling
Improvements:
[system] added file descriptors in Supportsave
Bugfixes:
[cluster] fixed AWS cluster management account
[farm] fixed match proxy process running and PID file in system
[proxy] fixed X-Forwarded-For header management
[system] fixed the following vulnerability issues:
CVE-2023-26604, CVE-2023-28856, CVE-2023-29469 and CVE-2023-28484
Improvements:
[system] certificates are not included in Supportsave by default
[proxy] fixed some memory leaks
[proxy] added session synchronization CTL API call
[proxy] minor optimizations
[proxy] sessions table optimization
Bugfixes:
[api] fixed LSLB farm sessions output.
[proxy] fixed backend pending connections stats
[proxy] fixed SSL/TLS options
[proxy] minor fixes
Improvements:
[ssl] LetsencryptZ: restore the farm when a certificate renewal is finished by a timeout
[system] added file descriptors info in supportsave
Bugfixes:
[proxy] fixed chunked transfer encoding
[proxy] fixed websocket protocol
[api] fixed create copy from farm action
[api] fixed farm status calculation in backend actions
[api] fixed modify persistence TTL in HTTP farms
Bugfixes:
[ssl] LetsencryptZ: restore the farm when a certificate renewal is finished by a timeout
[cluster] fixed error in sync action when deleting files is performed at the same time
[system] fixed the following vulnerability issue:
CVE-2023-25136, CVE-2012-1151, CVE-2020-8991, CVE-2010-1161, CVE-2019-17595, CVE-2019-17595, CVE-2014-0479, CVE-2022-45873, CVE-2022-36021, CVE-2019-20454, CVE-2022-1587 and CVE-2022-1586
Improvements:
[networking] improvement starting interfaces
[webgui] improvement applying farmguardian
[lslb] http: scheduling algorithm improvements
[lslb] http: improve pending connection count for backends
Bugfixes:
[system] fixed SupportSave command
[lslb] http: fixed redirect behavior
New features:
[lslb] http: new Relianoid HTTP/S core zproxy. Improvement on event handlers
[lslb] l4: updated Relianoid L4 core nftlb
Improvements:
[ssl] added timeout control in Let’s Encrypt integration
[networking] interfaces management improvements for better performance
[system] code optimization for performance improving
Bugfixes:
[lslb] l4: fixed unload NAT protocols module
Improvements:
[ssl] improve timeout control in Let’s Encrypt integration
[ssl] added checks for Let’s Encrypt certificate actions
[webgui] added logging for Let’s Encrypt wildcard certificates
Improvements:
[guardian] improvement getting the farm status
Bugfixes:
[proxy] fixed delete sessions in maintenance “cut” mode in HTTP/S farms
Bugfixes:
[proxy] fixed macro VHOST in redirect
[farms] fixed HTTP farms mark management
[system] fixed HTTP backends stats
New features:
[system] add a binary to enable/disable new generation proxy
Bugfixes:
[proxy] fixed decode URL on redirect
[routing] fixed disable floating action
Improvements:
[rbac] allow user names starting with a number
Bugfixes:
[proxy] fixed HTTP farm stats management
[proxy] fixed location URL encoding in redirect responses
Improvements:
[system] added Relianoid service restart flag in package installation
Bugfixes:
[cluster] fixed azure cluster management account
Improvements:
[networking] improve backend source address calculation
Bugfixes:
[api] fixed start farm action
[system] fixed the following vulnerability issue:
CVE-2022-47629
Improvements:
[cluster] improve cluster management and logging
Bugfixes:
[api] fixed virtual interfaces list status “down” string
[farm] fixed HTTP redirection to an HTTPS protocol URL
[farm] fixed HTTP logging issue
[system] fixed the following vulnerability issue:
CVE-2022-42898
Improvements:
[ssl] added a timeout for Let’s Encrypt automatic renew action
[ipds] do not run IPDS collector process by default
[networking] improve network actions process time
Bugfixes:
[farm] fixed HTTP response headers management
[ipds] fixed Blacklists migration script
[system] fixed the following vulnerabilities issues:
CVE-2022-43680, CVE-2022-29458, CVE-2022-40303, CVE-2022-40304, CVE-2022-23218, CVE-2022-44638, CVE-2022-0729, CVE-2021-3927, CVE-2021-3928, CVE-2021-3974, CVE-2021-3984, CVE-2021-4019, CVE-2021-4069, CVE-2021-4192, CVE-2022-0261, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361, CVE-2022-0368, CVE-2022-0408, CVE-2022-0413, CVE-2022-0417, CVE-2022-0443, CVE-2022-0554, CVE-2022-0685, CVE-2022-0943, CVE-2022-1154, CVE-2022-1616, CVE-2022-1720, CVE-2022-1898, CVE-2022-1968, CVE-2022-2304, CVE-2022-2946, CVE-2022-3099, CVE-2022-3134, CVE-2022-3234, CVE-2022-3324, CVE-2022-3705, CVE-2022-0213, CVE-2021-4193, CVE-2022-0319, CVE-2022-0714, CVE-2022-0572, CVE-2022-1851, CVE-2022-2285, CVE-2022-2598, CVE-2022-0392, CVE-2022-1619, CVE-2022-1621, CVE-2022-1785, CVE-2022-1942, CVE-2022-1897, CVE-2022-2000, CVE-2022-0629, CVE-2022-3256, CVE-2022-2129, CVE-2022-2129, CVE-2022-3235, CVE-2022-0318, CVE-2022-0696 and CVE-2022-3352
New features:
[webgui] add a column to differentiate user-defined Blacklists from preloaded
Improvements:
[ssl] implemented SNI when creating CSR certificates
Bugfixes:
[farms] fixed unloading kernel NAT protocol modules
[farms] fixed L4xNAT maintenance management
[system] fixed the following vulnerabilities issues:
CVE-2021-33574, CVE-2020-27618, CVE-2022-23219, CVE-2021-35942, CVE-2020-6096, CVE-2021-3999, CVE-2021-3326, CVE-2016-10228, CVE-2021-27645, CVE-2019-19126, CVE-2019-25013, CVE-2020-10029, CVE-2020-1752 and CVE-2022-3515
New features:
[webgui] add a “save all” button
Improvements:
[cluster] improvement switching roles action
Bugfixes:
[ssl] fixed Let’s Encrypts Wildcard renew action
[webgui] fixed Local IP filter in Cluster settings
[system] fixed the following vulnerabilities issues:
CVE-2022-27404, CVE-2022-25308, CVE-2022-27405, CVE-2022-27406, CVE-2022-25309, CVE-2022-25310, CVE-2022-37434, CVE-2021-20223, CVE-2020-35525, CV
E-2020-35527, CVE-2021-3800, CVE-2022-0530, CVE-2022-0529, CVE-2022-40674, CVE-2022-31081, CVE-2022-42012, CVE-2022-42011, CVE-2022-42010 and CVE-
2022-40617
Improvements:
[ssl] add a stronger check to SSL certificates
[ipds] set WAF assistant enabled by default
[ipds] improvement of WAF assistant management
Bugfixes:
[ipds] fixed delete WAF rule conditions
[farms] fixed SRV and NAPTR type resources on GSLB farms
[system] fixed the following vulnerabilities issues:
CVE-2022-2469, CVE-2022-2509, CVE-2021-4209, CVE-2022-2625, CVE-2022-37452
New features:
[ssl] add autorenewal configuration for Let’s Encrypt certificates
Improvements:
[farms] L4xnat: Add module parameters configuration in global.conf for SIP protocol
[ssl] reload farms renewing Let’s Encrypt certificates
[networking] improve default GW managing
[farms] L4xnat: improve multiport handle
[webgui] add backend status in LSLB view
Bugfixes:
[ssl] fixed renewing staging Let’s Encrypt certificates
[farms] L4xnat: fixed copy farm action
[system] reload cron configuration after zevenet restart
[networking] fixed configure default GW application order in Relianoid service
[config] fixed remove zapikey from global.conf disabling root zapi permission
New features:
[ssl] add autorenewal configuration for Let’s Encrypt certificates
Improvements:
[ssl] reload farms renewing Let’s Encrypt certificates
[webgui] add backend status in LSLB view
Bugfixes:
[webgui] fixed activation certificate information
[ssl] fixed renewing staging Let’s Encrypt certificates
[system] fixed the following vulnerabilities issues:
CVE-2022-34903
Improvements:
[ipds] reload blacklists without disabling them
[ipds] schedule blacklists without restarting them
[system] improve activation certificate notifications
[networking] improve default GW managing
[farms] L4xnat: improve multiport handle
Bugfixes:
[networking] fixed configure default GW application order in Relianoid service.
[ipds] fixed mismatched blacklists order applied
[farms] L4xnat: fixed copy farm action
[zenbui] fixed interface configuration file not updated
[system] fixed the following vulnerabilities issues:
CVE-2022-1292,CVE-2022-29824,CVE-2022-1664 and CVE-2022-24903
Improvements:
[proxy] fixed rewrite location to avoid open redirect vulnerability
[farms] L4xnat: fixed mark masquerade
[farms] L4xnat: add recovery system in NFTLB daemon
[farms] L4xnat: translate the new L4xnat backend status “available” as “up”
Bugfixes:
[webgui] fixed tab title
[webgui] fixed checkupdate message
Improvements:
[cluster] Session replication daemon uses system profile
[farms] L4xnat: add recovery system in nftlb daemon
[api] add get farm status call
[system] improve managing activation certificate
Bugfixes:
[cluster] fixed registration HTTP farms in session replication daemon when changing the persistence
[proxy] fixed rewrite location to avoid open redirect vulnerability
[farms] L4xnat: fixed mark masquerade
[system] fixed cron redirection commands
[system] fixed the following vulnerabilities issues:
CVE-2022-1271 and CVE-2022-1552.
New features:
[webgui] new web GUI with new Angular technology v12
[ssl] letsencrypt integration
[lslb] http: add and delete HTTP headers
[lslb] http: priority load balancing support
[lslb] http: rewrite URL directive (proxy pass)
[lslb] http: updated Relianoid HTTP/S core zproxy
[lslb] l4: updated Relianoid L4 core nftlb
[zcli] Relianoid command line improvements
[api] 4.0.2 API version
New features:
[proxy] add timeout managing socket control
Improvements:
[system] avoid cerbot command listing LetsEncrypt certificates
[system] add PPID column in supportsave ps info
[stats] disable session information when they are not needed
[cluster] improve performance in sessions replication
Bugfixes:
[farms] fixed backend IP changed when a DHCP modification is performed
[farms] fixed HTTP farm migration script
[farms] fixed l4xnat virtual port changed to multiport when setting protocol to SIP
[farms] l4xnat: fixed scheduler symhash with only one backend available
[webgui] fixed certificate expiration time message
New features:
[system] allow Hostname as a rsyslog remote server
Improvements:
[farms] flush connections when a L4 farm is stopped/deleted
[farms] flush connections when a L4 backend is deleted
Bugfixes:
[farms] fixed L7 floating backend sourceaddress assignment
[networking] fixed routing rule validation
[networking] fixed no check route table before listing
[system] fixed the following vulnerabilities issues:
CVE-2021-4160, CVE-2022-0778, CVE-2021-25220, CVE-2019-17041, CVE-2019-17042, CVE-2021-3770, CVE-2021-3778, CVE-2022-24048, CVE-2022-24050, CVE-2022-24051, CVE-2022-24052, CVE-2021-43618, CVE-2021-46667, CVE-2021-3796, CVE-2021-35604, CVE-2021-46659, CVE-2021-46661, CVE-2021-46663, CVE-2021-46662, CVE-2021-46664, CVE-2021-46665, CVE-2019-15165, CVE-2019-20807, CVE-2018-25032
Improvements:
[networking] do not delete routes for a nonconfigured interface
[farms] add validation and migration script for HTTP directive “Alive”
[system] add scope validation modifying SNMP scope value.
[system] add Relianoid 6.2 repository source
Bugfixes:
[farms] fixed established connection for a L4xnat farm are not shown
[ipds] fixed ordering the blacklists
[farms] fixed URL Pattern not allow comments in HTTP Farms
[system] fixed start nftlb if PID file exists but daemon is not running
[system] fixed issue migrating from iptables to nftlb in the backend status
Improvements:
[networking] do not delete routes for a nonconfigured interface
[farms] add validation and migration script for HTTP directive “Alive”
[system] add scope validation modifying SNMP scope value
[webgui] enable Cypress Studio for integration tests
[webgui] update Readme
Bugfixes:
[farms] fixed established connection for a L4xnat farm are not shown
[ipds] fixed ordering the blacklists
[farms] fixed URL Pattern not allow comments in HTTP Farms
[system] fixed start nftlb if PID file exists but daemon is not running
[webgui] fix network virtual create form
[webgui] fix blacklist edit form CSS
[webgui] fix memory leak in LSLB farm services list
New features:
[webgui] add farm blacklists move action
Improvements:
[farms] enable pound as a proxy by default
[rbac] avoid SO limitation pattern creating a RBAC user
[api] add validations to GET stats API
[api] change IPDS API response messages
[api] add ipds message error when configure duplicate WAF rule ids
Bugfixes:
[system] fixed delete zevenet certificate in factory reset
[system] fixed issue migrating from iptables to nftlb in the backend status
[networking] fixed configure default gw in the main routing table when a NIC is modified
[networking] fixed an Interface that can be reconfigured with the same IP
[networking] ignore dhcp parameter in Interface API if is equals to the configured one
[farms] fixed glsb stats service validation
[farms] get farm PID from the PID file, not from the system
[api] fixed create and modify route validation
[api] fix GET /stats/farms/
[api] fix cookieinsertion validation
[api] do not allow to create any http cookie directive with any blank parameter
[system] fixed the following vulnerabilities issues:
CVE-2022-0543, CVE-2022-25235, CVE-2022-25236, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315, CVE-2022-24407
Improvements:
[proxy] add migration script for old proxy configuration files
[proxy] add a monitor that relaunches the process if it detects a segfault signal
[farms] get farm PID from the PID file, not from the system
[api] add validations to GET stats API
[api] remove name field from GET /stats/system/network/interfaces
[rbac] avoid SO limitation pattern creating a local RBAC user
[guardian] add migration script for old farmguardian configuration files
Bugfixes:
[farms] fixed GSLB stats service validation
[farms] reset L4 farm backend priority, weight and max connection values if send null
[api] fixed the create and modify route validation
[api] fixed cookie insertion validation
[api] do not allow to create an HTTP cookie directive with any blank parameter
[api] fixed status parameter for GET /stats/system/network/interfaces
[networking] ignore DHCP parameter in interface API if it is equal to the configured one
[networking] fixed configure default gw in the main routing table when a NIC is modified
[networking] fixed an Interface that can be reconfigured with the same IP
[networking] fixed an Interface can be configured with the same IP as a Virtual Interface
[networking] fixed list tables from rt_tables when the name contains “-” character
[ipds] fixed not_match field from ipds rules API
[ipds] WAF: fixed get default_log rule field
[ipds] WAF: modify disable_rules field after deleting a rule
[ipds] WAF: update SecRuleRemoveById when a disabled rule is modified
[ipds] WAF: check the rule IDs when setting the disable rules param
[system] fixed notification sec rules
[system] notifications config dir is excluded from synchronization
[guardian] fixed farmguardian conf modification when modifying a farm name
New features:
[webgui] add time range selector for time graphs
[webgui] show web GUI version in system information
Improvements:
[farms] optimizing L7 floating
[system] add host name to certificate and package alert messages
[farms] fixed reset L4 farm backend priority, weight and max connection values
[webgui] add tooltips in top navigation elements and breadcrumb links
[webgui] improved HTTPS security against web GUI with meta tag CSP (Content Security Policy)
Bugfixes:
[ipds] fixed check WAF rules ids when set the disable rules param
[ipds] fixed change WAF log sec rule for zproxy new WAF logs patterns
[ipds] fixed configuration of log rule field in WAF
[ipds] fixed issue updating some directives when a disabled rule is modified
[api] fixed minor issues adding require module
[api] fix description field for notification get API
[ipds] fixed WAF regex to avoid posting warnings and get rule name properly
[system] fixed executing permission missing in migration script
[guardian] fixed modification of farmguardian confguration when modifying a farm name
[system] fixed issue applying netplug template
[system] fixed zevenet certificate key changes if a backup is imported of other operating system
[system] fixed migration processes execution applying a backup
[system] fixed the following vulnerabilities issues:
CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-23852, CVE-2022-23990, CVE-2021-45960, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2021-46143
New features:
[system] VPN module
[farms] let’s encrypt integration in the web GUI
[farms] HTTP headers mangling for HTTP(S) profiles
[farms] URL mangling for HTTP(S) profiles
[system] new messages for notifications
[system] configure remote syslog in UDP/TCP mode
Improvements:
[system] ZCLI update
[farms] SSL errors improvements for HTTP(S) farms
[farms] Personalized WAF ERROR code 403
[system] multi-listeners for HTTPS web GUI and SSH service
[system] web GUI SSL certificate modification
[routing] added a new field for comments in the routing module
[cluster] more interfaces can be monitored and members of the cluster service
[ipds] improve user experience configuration for WAF OWASP rulesets
[webgui] new GUI with latest Angular version with user experience improvements
Improvements:
[system] add to checkupgrade the option to convert the load balancer in an early adopter version
Bugfixes:
[system] change zproxy logs pattern to fix a notification issue
[system] add execution permissions to the rebuild_delreg_files new script
[system] fix netcat usage in the checkupgrade script
[ipds] fix schedule param message from IPDS
[ipds] fix issue to keep WAF ruleset change after a package update
[networking] remove a warning
[networking] fix wrong bonding status on network statistics API call
[syslog] change the tag of a message from error to info
[farms] fix a bug restarting GSLB farms in ZAPI v3
[farms] fix error checking GSLB configuration file
[farms] add a validation for the farm redirect parameter
[farms] fix updated backend sourceaddress in edit backend action
Bugfixes:
[routing] fix an error creating a /32 mask rule
[system] recreate notifications config files when they are empty
[cluster] fix error in ssyncd when it replies sessions to zproxy
[proxy] fix the TTL session when it is added via API
[system] fixed the following vulnerabilities issues:
CVE-2021-37750
New features:
[farms] l4xnat: re-enable h232 protocol support
Improvements:
[config] clean config files when a NIC is removed from the system
[api] add root access permission check in API 3.2
[api] check AWS credentials and return code 400 in case of error, and new field status in GET /aws/credentials api
[config] separate nftlb debug config from global debug config
[webgui] check if the root user has access permission to the Web GUI before login
[networking] add a check for the rule action
[farms] l4xnat: speedup farm port ranges rules generation
Bugfixes:
[farms] l4xnat: fixed deleting persistence session for DSR
[config] fix misspelled global variable
[config] add missing semicolons in global.conf.template and add AZ logout in case of error setting AZ credentials
[system] fixed function input JSON decoding error in zevenet installation
[system] updated message after packages update
[zenbui] fixed remove previous interface configuration in Zenbui
[system] uninstall zevenet-ipds package at factory reset
[farms] l4xnat: fixed accept multiple ranges and ports as virtual port
[farms] l4xnat: fix elements flushing from a policy
[farms] l4xnat: add dynamic persistence rules and update timeout in DSR mode
[system] fixed the following vulnerabilities issues: CVE-2021-36222
Bugfixes:
[farms] fixed the backend source address NATing for l4xNat when virtual interfaces are used
[farms] fixed the backend source address NATing for l4xNat when a virtual interface event is performed
[system] set the default rt_tables file in factory reset
Improvements:
[farms] L4xnat: autodetect backend source-address via the routing table
Bugfixes:
[farms] L4xnat: fixed set route table source as backend address when the route is not applied in the system
[farms] L4xnat: set routing table source instead of floating VIP as backend address
[farms] fixed no update backends status when performing changes of IPDS in a farm
[ipds] fix WAF data files installation path fault
[system] fixed the following vulnerabilities issues:
CVE-2021-3541, CVE-2021-3580, CVE-2021-2154, CVE-2021-2166, CVE-2021-28153, CVE-2021-3537, CVE-2021-31871, CVE-2021-33560, CVE-2020-24977, CVE-2021-25217, CVE-2021-27218, CVE-2021-27219, CVE-2020-24659, CVE-2021-20305, CVE-2021-3516, CVE-2021-3518, CVE-2021-3517, CVE-2021-31873, CVE-2021-31872, CVE-2021-27928, CVE-2021-20232, CVE-2021-31870, CVE-2021-20231
Improvements:
[ssl] add openssl configuration to backup/supportsave
Bugfixes:
[farms] L4xNAT: fixed enable logs when the nattype is changed
[farms] L4xNAT: fixed log type on DSR and Stateless DNAT L4xNAT Farms
[farms] HTTP profile was returning a non valid URL when WAF resolution is redirect
[farms] HTTP profile returning a non valid URL when WAF resolution is redirect
[system] fixed the following vulnerabilities issues:
CVE-2021-3449, CVE-2021-21309, CVE-2021-3393, CVE-2020-26116, CVE-2019-13952, CVE-2019-20367, CVE-2020-8231, CVE-2020-8169, CVE-2020-8285, CVE-2020-8286, CVE-2020-8177, CVE-2020-8284, CVE-2021-22876, CVE-2021-22890, CVE-2021-25214, CVE-2021-25216, CVE-2021-25215, CVE-2021-3520, CVE-2021-31535
Bugfixes:
[farms] improve the validation for l4xnat port ranges
[farms] configure ALL protocol when all ports are set
[farms] fix an issue related to virtual port when an l4xnat farm is created
[cluster] stop routes in the backup node when a virtual interface is deleted
[cluster] update the slave routing tables when a new route is added in the master node
[networking] remove from the system all custom routes that depend on an interface when this interface is stopped
[stats] fix extra pending connection calculation getting backend status
[stats] remove the initial undefined backend status
[ipds] WAF configures the “SecRequestBodyLimit” instead of ‘SecRequestBodyNoFilesLimit’
[ipds] set the “variable” parameter of WAF as mandatory
[webgui] show the name of the file when in a WAF rule the operator ‘strPhrasesFromFile’ or ‘ipMatchFromFile’ is set
[webgui] fix some typos
[webgui] fix the “update” action in WAF module
[webgui] remove the protocols: amanda, irc, h323, netbios-ns and sane
[webgui] fix errors in service editing when the service has the string “session”
Improvements:
[cluster] remove azure account after deleting azure cluster configuration
Bugfixes:
[farms] changed function from checkport to validatePort
[ssl] Letsencryptz forced to use HTTP challenge
[cluster] fixed IP announce in Master node, it is not performed when the backup node is started
[cluster] fixed restart farm on the backup node
[networking] fixed Nonexistent NIC Interface Configuration File is not removed
Bugfixes:
[cluster] fixed ssyncd daemon listens on all interfaces
[system] fixed sending gratuitous ARP for down Virtual Interfaces
[system] fixed the following vulnerabilities issues:
CVE-2021-23841, CVE-2021-23840, CVE-2019-1551, CVE-2020-8625, CVE-2021-24032, CVE-2021-24031, CVE-2021-23841, CVE-2021-23840, CVE-2019-1551, CVE-2020-8625
Bugfixes:
[webgui] added priority column for backends in HTTPS farms if proxy new generation is in use
[system] fixed some port check issues configuring farm and management services
New features:
[cluster] added cluster support in Azure
Improvements:
[farms] remove deprecated l4xnat helpers from API
Bugfixes:
[farms] do not allow auto-updating certbot for letsencryptz
[farms] added checks for VIP, VPORT and protocols for usage in new farms creation
[farms] allow configuring DNS Servers even when no Server is configured yet
[system] fixed the following vulnerabilities issues:
CVE-2014-10402,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-3156,CVE-2018-6942,CVE-2019-1010238,CVE-2019-12900,CVE-2019-18218,CVE-2019-8457,CVE-2019-12735,CVE-2020-10531,CVE-2020-8616,CVE-2020-10543,CVE-2019-5018,CVE-2019-18397,CVE-2019-9513,CVE-2020-14363,CVE-2020-15861,CVE-2020-15862,CVE-2019-19959,CVE-2019-20218,CVE-2019-6477,CVE-2020-12723,CVE-2020-28196,CVE-2020-29361,CVE-2020-29363,CVE-2020-8617,CVE-2019-12749,CVE-2020-14393,CVE-2020-13630,CVE-2019-5094,CVE-2019-5188,CVE-2020-14344,CVE-2020-15999,CVE-2020-8622,CVE-2019-6471,CVE-2020-14422,CVE-2019-17595,CVE-2020-27350,CVE-2020-12049,CVE-2020-13434,CVE-2020-13435,CVE-2020-13632,CVE-2020-14392,CVE-2020-15358,CVE-2020-3810,CVE-2019-17594,CVE-2020-29362,CVE-2019-15795,CVE-2019-15796,CVE-2019-20919,CVE-2020-8624,CVE-2020-27351,CVE-2020-35512
Improvements:
[lslb] add a directive to HTTP farms to control the maximum HTTP body analyzed by the proxy.
[api] validate that the name of the objects won’t be “0”
[api] validate the netmask when an interface is modified
[system] add cron information to supportsave
[stats] get farm established connections from binary instead of conntrack (for HTTP profile)
Bugfixes:
[proxy] avoid double port appending in location rewrite.
[proxy] update session-id from the response.
[proxy] do not pass the HTTP body to the WAF when the HEAD method is used.
[proxy] reload WAF rulesets if the proxy daemon fails.
[webgui] fixed message of translations module.
[farms] force farms status down in boot time if the process is not running when is set
[farms] modify the VIP of the farms when the interface is modified (VLAN and bonding).
[lslb] confirm proxy is killed when HTTP farm is stopped.
[system] reconfiguring APT if the certificate serial changed when checkupgrades is executed.
[system] modify the Ssyncd binary path.
[stats] some graphs are not created depending on the bonding name.
[networking] failed to get interface status when it is unset.
[networking] DHCP does not start/stop in bonding interfaces
[networking] applying IP routes and IP rules after creating table ID
[rbac] a user without permissions could watch the farm stats and graphs.
Improvements:
[ipds] added the source IP in logs if WAF detects a threat
[farms] accepted none value in l4xnat for disabling persistence
[networking] it is not required to stop slaves from bonding before adding them to the interface
[webgui] homogenized buttons and forms in all the web GUI
[webgui] fixed some forms for routing configuration
Bugfixes:
[networking] fixed add new IPs and apply routes by netplug when the link is UP
[networking] fixed no check slaves when bringing UP a bonding
[cluster] cluster process is not checked if cluster service is not previously configured
[system] disabled useless SNMP errors in Syslog
[system] systems zevenet reload after executing migration scripts
[networking] fixed deleting old rules when a VLAN or bonding is deleted
[system] letsencrypt creates certificates in lower case
[ipds] WAF rules were not ordered properly
[farms] deleted old temporal files in /tmp/ for l4xnat serializer binary
[farms] modified the default value for directive 100-Continue.
[networking] fixed config status when bonding is created
[farms] error returned if the copy farm action fails
[farms] fixed copying a farm if WAF is configured
[networking] fixed error adding IPv6 routing rules
[networking] fixed writing routing rules if the web form field is unset
[networking] configure the NIC in status DOWN if it is added to a bonding
[ipds] fixed issue parsing WAF rules in web GUI view
[networking] Isolated NICs can be configured in the main table
[farms] priority column hidden in HTTP farms when proxy next generation is disabled
[farms] fixed some memory leaks in the l4xnat serializer
Improvements:
[system] updated libmodsecurity library
[cluster] cluster interface and slave interfaces can’t be edited
[networking] skip bonding mac change if it is already configured on the system
[zcli] autocomplete improvements for some calls
[cluster] improved the node replication objects when the cluster node not in MASTER role is reachable again
[webgui] added translation messages
Bugfixes:
[networking] fixed updating virtual interface mask
[cluster] sync any change in virtual interface
[networking] avoided configuring bonding interface twice starting zevenet service
[routing] global route params are used wen route table is listed
[rbac] supported dot in the username field
[farms] farmguardian was not stopped if node entered in the maintenance
[cluster] priority 10 causes Master role on the wrong node
[cluster] disable maintenance on the cluster node could be performed with cluster interface DOWN
[cluster] fixed resync node when a node leaves maintenance mode
[cluster] conntrack sync was not called properly once node entered in MASTER status
[farms] switching proxy ng was not done properly
[farms] avoided running a farm if virtual IP is no UP
[cluster] fixed leaves maintenance mode when a link UP is received
[farms] fixed HTTP(S) header persistence session
[farms] fixed error reloading WAF rules in HTTP(S) profiles
Improvements:
[ipds] added/delete IPs in the blacklist module in batching
[rbac] added more tests to the LDAP connector for bind DN, filter, and bind user
[certs] added a new unknown status if the certificate format is not detected
[webgui] allowed to search a Virtual IP using the field alias in the farm creation
[webgui] graphs for network traffic changes to Gbytes or Tbytes based on the total of bytes received
Bugfixes:
[cluster] netplug always starts cluster in backup mode discarding maintenance mode
[ssl] fixed issue managing SSL certificates with an unknown format
[ssl] added information if not valid SSL certificate format
[system] fixed issue showing the number of CPU cores if the value is higher than 10
[networking] fixed resetting MACs when a NIC is added/removed of a bonding interface
[system] fixed internet connection check for packages update.
[webgui] added support to DH 2048 in the web server
[farms] fixed error 500 listing GSLB backends
[ssl] removed the key file is a CSR is deleted
[farms] added Alias field when a backend is created
[farms] validate the backend ID before creating sessions
[farms] unset priority for farms if no proxy of the new generation is in use
[farms] fixed issue deleting DSLB farm if the interface used in VIP is down
[farms] update backend priority after backend status change
[webgui] fixed refresh alias if backend changes
[webgui] STS directive is enabled/disabled if HTTPS listener is enabled/disabled without refreshing the view
[webgui] fixed typos in messages for the translation module
Bugfixes:
[farms] fixed maintenance mode for a backend with multiport
[webgui] improved translation messages
[webgui] change VLAN name to VLAN ID instead
[system] virtual IPs are configured properly if cluster switches in AWS
[cluster] deleted cluster status if the system is rebooted
[networking] fixed Routing tables configuration with DHCP in AWS
Bugfixes:
[webgui] fixed issue creating modifying Alias for VLANs in bonding interfaces
Improvements:
[system] kernel updates, fixed the following vulnerabilities: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479
Bugfixes:
[webgui] fixed activation certificate format
[webgui] fixed error disabling/enabling farmguardian
[webgui] factory reset button enabled
[webgui] delete an action if del button in keyboard is pressed for WAF
Improvements:
[ipds] blacklisted IPs now are deleted based in the source instead of the dynamic ID
Bugfixes:
[farms] fixed deleting dynamic sessions pined to the deleted backend
[farms] fixed ethernet address discovery for IPV4 backend addresses
[webgui] fixed infinite spinner when a delete action is executed
[webgui] fixed updating and adding aliases for all the network interfaces
[system] fixed issue with the licenses in the subscription plans
Improvements:
[farms] improved the l4 load-balanced algorithm for an equal connection sharing
Improvements:
[webgui] added spinner to force changes in proxy of the new generation
[webgui] added messages to the translation module
[ipds] added description to WAF operators
Bugfixes:
[webgui] fixed table of backend GSLB with spinner and delete actions
[webgui] fixed backends ID in backends table of farms GSLB
[webgui] fixed creating an alias and create interface alias
[webgui] fixed WAF variables used in forms, data is loaded from API
[webgui] fixed error renaming blacklist
[webgui] changed the update method in routing rules
[webgui] fixed creating and updating routing rules
[webgui] fixed the refresh of stats
[webgui] fixed search of WAF variables
[webgui] fixed changing the schedule for a blacklist
[ssl] fixed issues in letsencrypt certificates management renovations
[ipds] fixed copying RBL lists
[lslb] fixed marks assignment for l4xnat backends
[routing] fixed issue modifying priorities of routing rules
[ipds] fixed deleting blacklist of HTTP profile
[zcli] fixed some issues in autocomplete for boolean values
Bugfixes:
[farms] improve performance saving and loading high number of elements
[farms] fix backend maintenance deletion
[farms] keep backend rules in maintenance mode
[farms] fix sigsegv when there is no backend
[farms] disable static sessions when backend is not available due to priority
[farms] avoid limit per client when configured connection limit per backend
[system] change the path for nft binary
Improvements:
[webgui] improved translation messages
[webgui] added a button to view certificate content
[waf] better message description in each operator and variable
[lslb] warning message is shown if farmguardian is not configured
Bugfixes:
[lslb] fixed issues connecting to letsencrypt for requesting a new certificate
[system] fixed update packages in the backup node
[lslb] fixed cut mode maintenance behaviour
[lslb] fixed stopping farmguardian in the service name is a number
[lslb] forced to calculate source address for NAT in l4xnat profiles
[lslb] WAF rules were not configured properly if proxyNG was disabled
[lslb] fixed issue in maintenance with drain mode
[lslb] fixed crash when a session was established in a backend in l4xnat
[cluster] fixed issue with the rsa private keys recreating the cluster
New features:
[system] introduce full management command line interface, named zcli
[api] introduce zapi version 4.0.1 including the new features automation
[farms] introduce L4 DSR session persistence support
[farms] reload the runtime http farm configuration when a change is done in the webgui
[farms] button to copy farms
Improvements:
[system] add more information to supportsave about zproxy process
[farms] allow creating farms with the same networking settings
[farms] faster start of farmguardian
[system] add verbose messages in case supportsave has not been generated properly
[system] updated netcat package used for networking test purpose
[farms] if all ports are balanced then all protocols should be configured by default
[system] improve management of errors
Bugfixes:
[farms] HTTP profile was not stopped properly
[ssl] some SSL certificates were not moved to the certificate store
[system] do not start SNMP service if it is disabled
[stats] fix an error in HTTP backend stats
[farms] enable a minimum log level for HTTP farms
[system] fix an error dumping sessions information in supportsave
[ssl] load long certificate lists in less than 1 minute
[farms] solved routing rules for sd-wan (dslb)
[system] now SNMP is started after a reboot
[farms] solved connection issues with farmguardian and persistence
[farms] fixed persistence table management in l4xnat
[system] check the networking settings before applying the configuration to avoid error messages in logs
[webgui] optimize certificates table pagination load
[farms] fixed dashboard view for dslb farms
[webgui] allow using the colon in the password field
Bugfixes:
[system] fix an error in the upgrading process that avoids upgrading the cluster backup node
[api] add the HTTP error code 410 to ZAPI version 3.1
Improvements:
[networking] announce ARP packet when an interface is created (This only applies when ARP announcement is enabled)
[system] allow passwords until 512 characters
[webgui] add warnings message when a bad backend priority configuration could put the farm out of service
Bugfixes:
[networking] fix an error showing the MAC in virtual interfaces
[networking] fix an error announcing ARP when the cluster is not set
[proxy] the NG proxy is disabled by default
[stats] fix an error in the networking units graphs
[ssl] fix the SSL certificate format
[ipds] improve the system management for DoS rules
[lslb] remove backends sessions before delete or stop a backend
[lslb] fix an error in l4xNAT farms that use backend with a maximum of connections
[lslb] fix an error calculating weight in l4xNAT farms that use least connections algorithm
[lslb] fix an error setting the redirect in HTTP farms
[system] fix an error starting the notification daemon
[system] returns an error when the system fails disabling duplicated networks
[webgui] add some missing messages in the translation module
[webgui] fix an error putting the backend in maintenance mode
Bugfixes:
[farms] added an internal locking system to l4xnat farms management
[farms] added protection to avoid marks corruption in l4xnat farms
Improvements:
[farms] restart farm is not needed anymore when services are ordered
[webgui] some messages have been fixed for the language module
Bugfixes:
[farms] HTTP profile was not stopped properly
[ssl] some SSL certificates were not moved to the certificate store
[rbac] check users against LDAP if ZAPI key is used
[networking] allowed to enable/disable duplicated_net flag
[system] do not start SNMP service if it is disabled
[webgui] fixed documentation link for certificates view
Improvements:
[system] add more information to supportsave about zproxy process
[cluster] protect backup from master updates when upgrading the system
Bugfixes:
[farms] fix the backend routing rules for l4xnat farms
[stats] fix an error in HTTP backend stats
[farms] enable a minimum log level for HTTP farms
[system] fix an error dumping sessions information in supportsave
[rbac] fix an error retrieving the list of expected parameters in adding RBAC user ZAPI request
New features:
[networking] routing module to manage static routing rules
[webgui] multi Language module
[ipds] WAF rules editor from the web gui
[farms] button to copy farms
[rbac] LDAP connector to authenticate RBAC users
[system] introduce full management command line interface, named zcli
[farms] introduce high performance HTTP and HTTPS load balancing reverse proxy core, named zproxy
[api] introduce zapi version 4.0.1 including the new features automation
[farms] introduce priority algorithm for HTTP profile
[farms] introduce L4 DSR session persistence support
Improvements:
[ipds] blacklist update scheduler optimization
[system] add web gui section for advanced settings: ARP announcement, allow routing subnet duplication, session replication service management
[farms] allow creating farms with the same networking settings
Bugfixes:
[ipds] set the default action for all WAF phases
Bugfixes:
[certs] load long certificate lists in less than 1 minute
[gui] optimize certificates table pagination load
[farms] solved routing rules for sd-wan (dslb)
[farms] fixed dashboard view for dslb farms
[system] fixed system checks that are running in Azure
New features:
[proxy] add/delete response headers
[proxy] add multi-listener support
[proxy] add support to listener config reload
[proxy] added WAF support (libmodsecurity3, disabled by default)
[proxy] added automatic memory trimmer
[proxy] add backend server priority setting
[proxy] add -R option to reload listener configuration from file
Improvement:
[proxy] add missing extended HTTP verbs
[proxy] add centralized regex manager
[proxy] add listener CTL management support
[proxy] schedule redirect response if backend connection fails
[proxy] do not load balance if only 1 backend is present
[proxy] add better information in logs
[proxy] set static maximum SSL handshake retries
[proxy] added case insensitive comparator to Headers map
Bugfixes:
[proxy] fixed incomplete response parse continuation
[proxy] fixed Location and Content-Location wrong protocol if RewriteLocation=2
[proxy] fixed crash parsing an HTTPS listener
[proxy] fix session cookie header value parser
[proxy] invalidate sessions if the backend is down
[proxy] fix cookie session-id comparation
[proxy] fix crash on process exit
[proxy] reply err503 on abrupt connection close by the backend
[proxy] fix malformed log data
Improvements:
[cluster] faster cluster configuration process
[farms] faster start in farmguardian
[cluster] updated VRRP cluster service
Bugfixes:
[farms] fixed memory leaks in session replication service
[cluster] fixed cluster switching to MASTER in both nodes before to any configuration
[farms] farmguardian was started twice per farm
[system] now SNMP is started after a reboot
Bugfixes:
[webgui] fix cluster web form
New features:
[system] introduce support of AWS cluster support
Improvements:
[system] add verbose messages in case supportsave has not been generated properly
[system] updated netcat package used for networking test purpose
Bugfixes:
[lslb] fix error deleting SSL certificates in HTTPS farms
[rbac] add check if the user or group already exists in the system
[system] modify binary path for AWS support
[lslb] fix stateless DNAT source MAC translation
Improvements:
[system] enable / disable Arp announcement for VIPs
[farm] new HTTP verbs group with OPTIONS enabled
Bugfixes:
[networking] disabled check internet connection before to configure APT repository
[cluster] check cluster status every 30 secs
[webgui] allow using the colon in the password field
New features:
[webgui] allowed restart WAF ruleset to apply changes
[webgui] link to farm stats from status icon inside farm edition
[webgui] allow configuring response headers in HTTP farms
Improvements:
[webgui] configure minutes in the range of 30 for scheduling remote blacklist downloads
[webgui] changed some tables behavior, pagination persistence and pages listing to ALL
[ipds] added blacklists download queuing
[farms] added OPTIONS verbs to the default verbs in HTTP profiles
[cluster] register farms in ssyncd only if persistence is enabled
[farms] if all ports are balanced then all protocols should be configured by default
Bugfixes:
[webgui] solved typos to destroy a cluster
[webgui] fix changing the password from RBAC Users
[webgui] fix typo in virtual interface tag
[webgui] solved typo verbs in HTTP farms
[farms] solved connection issues with farmguardian and persistence
[cluster] solved memory leaks with ssyncd
[cluster] fix ssyncd farm registration issues
[farms] fixed persistence table management in l4xnat
[system] fixed issue updating packages with proxy configured
Improvement:
[farms] add an option to allow the ‘options’ HTTP verb with the ‘extended HTTP requests’ set of verbs
Bugfixes:
[networking] set the default gateway in the boot although certificate is expired
[stats] fix an error showing the l4xnat stats in multiport farms
Improvement:
[webgui] restart notice message after HTTPS changed parameters
Bugfixes:
[farms] fix dh2048.pm path in HTTP template file
[farms] force protocol to ALL when all ports are selected in l4xnat farms
[farms] fix an error modifying https ciphers
[guardian] fix an error copying a farmguardian
[farms] fixed deleting backend ports
[webgui] the webgui actions are translated
[webgui] fix the behavior of javascript messages
[proxy] ssl connections management bugfixes and cleanups
[proxy] fixed redirect behaviour
[proxy] fixed pinning behaviour with SSL protocol
[proxy] fixed URL matcher
[proxy] assign new backend if a timeout is reached
[proxy] assign different backend if session information is not found
Improvements:
[cluster] added mutex to cluster events change roles
[system] unlimited number of threads per PID
Bugfixes:
[farms] farmguardian stops suddenly after starting
New features:
[farms] add persistence between clients and backends using hashes depending on “ip”, “port”, “mac”, “source ip and source port” or “source ip and destination port”
[farms] add option to l4xnat to set the port
[farms] add nat type based on stateless dnat
[webgui] add module to translate the webgui to a different language
[webgui] show the session tables for l4xnat farms
[webgui] retrieve the parameter list accepted by the API for a call when it is called without parameters (POST and PUT methods)
Improvements:
[farms] remove and modify backends using the nft mark
[farms] apply deterministic order to farm listings (sorting alphabetically). Pull request from the github user brudo, by William Bruce Dodson
[farms] do not control Access-Control-Allow_Origin header when the request is using the zapi key
[farms] disable the HTTP parameter “ECDHCurve” by default
[farms] add check to avoid port collision with l4xnat farms
[farms] lock HTTP farm config file while a service it is being modified
[farms] create a dummyTable to start the nf_conntrack module
[farmguardian] add checks for “sip” and “redis”
[system] restart web server when Relianoid is restarted
[system] set the binaries path in the global.conf file
[system] update system dependencies
[system] expand error message
[system] remove the zlb-stop and zlb-start files from the package and set them as templates
[system] postinst refactoring
[system] apply perltidy to code files
[system] move logic from API to the library
[system] remove completely iptables code and dependencies
[system] export global.conf to bash scripts
[system] set all log tags in lower case
[system] check the uploaded backups before that stores it
[system] change restart services for reloading them in cron tasks
[system] move profiling logs to debug level 5
[system] add more system information to supportsave
[api] log the JSON input parameters
[api] standardizer API calls for copying actions
[api] improve the validation of the parameters
[api] refactoring for farm module
[api] returns an error if a sent parameter was not expected for the call
[api] created a new call for getting system information
[cluster] move the local configuration to a local directory
[networking] add arp announce feature after any IP configuration
[networking] masquerade traffic towards the backend with the parent interface of the vip
Bugfixes:
[system] fix an error of looping when a backup is applied
[system] omitting commented routing tables in supportsave
[system] fix typo in output message and logs
[system] nftables is not printed in supportsave
[system] fix the regex for SNMP community and SNMP name parameters
[system] global.conf did not parse the variables with “update” tag
[farms] error returning the ciphers parameter in HTTP farms
[farms] error modifying the custom security ciphers parameter in HTTP farms
[farms] missing farmguardian parameter in the HTTP farm
[farms] solved a bug when parsing the file to add the backend in HTTP farm if the service has the same name as the farm
[farms] fix helpers protocols for l4xnat farms
[farms] force all protocol when setting all ports in l4xnat farms
[farms] fix loading helpers for natting
[farms] fix duplicated rules when the protocol is “all” in l4xnat.
[farms] solved corruption of pound file when enabling TLS/SSL in HTTPS and it was already enabled
[farms] fix the tag and mark generation per backend
[farms] do not allow the ‘prio’ algorithm parameter for l4xnat
[farms] avoid flushing the entire ruleset
[farms] l4xnat farm stats does not return any backend if the farm is down
[farms] returns the backend down if the status is config_error
[farms] fix an error in l4xnat stats with “snat”
[farms] assuring that nftlb is stopped when performing a stop
[farms] avoid the use of Expect in the curl request that can produce recv blocking
[farms] remove regexp for HTTP redirect in HTTP farms
[farmguardian] Relianoid service script was not calling to farmguardian start
[certificates] error in the certificate parameter ‘issuer’
[networking] group the routing rules by type
[networking] reload routing rules when a farm or interface is modified
[networking] fix an error setting an interface that was in the down interface
[networking] allow creating VLAN without gateway
[networking] solved bug when deleting a VIP
[networking] solved error unsetting a nic that was not applied in the system
[networking] create the nic config file if it does not exist
[networking] improved ipv4 regexp
[networking] do not allow to modify the interface used for management services (HTTP and SSH)
[system] applying backup returns success on failure
[api] change error code 400 for 404 when the certificate is not found
[api] API returns an error when it receives an array or a hash in the JSON parameter and it is not expected
Improvement:
[networking] fix routes for interface with same subnet
[webgui] keep the backends pagination after refresh
[checks] updated Relianoid health checks
Bugfixes:
[farms] fix backend check when backend port is empty
[stats] fix regular expression to show real traffic statistics
[webgui] fix show the first backend in the table
[waf] conditions for a ruleset were not shown properly
[system] fix per backend connection limit kernel race
Bugfixes:
[networking] prioritized networking route rules
[farms] fix shown l4xnat backends status in maintenance mode
Bugfixes:
[farms] fix virtual-host regexp matching for HTTP/S farms
Improvements:
[farms] support of output network interface per backend
Bugfixes:
[farms] fix modify and delete GSLB resources
[farms] fix l4xnat masquerading
[farms] support of stateless dnat for direct client connections
[gui] fix GSLB resources id management
Bugfixes:
[networking] routing rules prioritized
[networking] fix supportsave storing l4xnat rules via web gui
[ipds] fix code error in IPDS first load
Bugfixes:
[ipds] fix ipds directory structure creation during installation
[farms] force masquerade IP nat when interface is set up/down
[system] fix GPG APT key addition for offline updates
[gui] fix menu display issue due to icons hidden layers
New features:
[gui] show network interface aliases in the dashboard
Improvements:
[api] detailed activation error messages
[networking] support of masquerading interfaces in the same subnet
Bugfixes:
[gui] fix remote blacklists update schedule
[gui] fix analytics call with undefined parameters
[gui] fix typo in field of HTTP verbs accepted
[ipds] improve the validation check for blacklist inputs
[ipds] fix ciphers output parameter in HTTP farm
New features:
[system] added support for offline updates
[farms] support of source natting per backend in different subnets
Improvements:
[ipds] optimize loading of blacklists
[ipds] support of overlapped IP ranges in blacklists
[ipds] unload blacklists if they are not in use
[ipds] remove SSH Brute force rule
[api] ability to configure AES Cyphers even if the hardware doesn’t support it
Bugfixes:
[cluster] solved memory leak in session sync daemon
[cluster] improved the tcp close connection management for service sync daemon
[farms] fix backend priority in l4xnat
[networking] fixed MAC address with incorrect value in eth0
[networking] virtual interfaces with name 0 were not started/stopped properly
Bugfixes:
[networking] virtual interfaces with name 0 were not started/stopped properly
[cluster] solved memory leak in session sync daemon
[cluster] improved the tcp close connection management for service sync daemon
New features:
[system] migration from Relianoid 5 to 6
Improvements:
[cluster] nodes reconnection improvement
[system] LTS Kernel upgrade
[farms] support of source address per backend
[ipds] improved IPDS logging
Bugfixes:
[ipds] solved issue deleting remote blacklists
[system] solved netplugd issue changing default gw by mistake
[networking] modified expression to identify a Virtual Interface in the boot process
[ipds] solved blacklist deletion
[ipds] IPDS was not started properly at boot time
[farms] solved issue in the l4xnat config files generation
[farms] check if a port collision exists with l4 farms
[farms] fix backend priority in l4xnat
[system] local http config is needed to renew certificates for let’s encrypt
[cluster] fix memory leak when persistence is not enabled in a farm
Bugfixes:
[farms] stop properly the l4xnat daemon when Relianoid service is stopped or restarted. This error affects l4 farms running in a cluster
New features:
[ssl] let’s encrypt support
Improvements:
[farms] add an option to disable TLS v1.3 in the HTTP farms config file
[system] add more information to supportsave
Bugfixes:
[farms] enable automatic ECDH curve selection if no ECDHCurve parameter is set
[farms] fix an error showing the value of the maximum connection for backend, in L4xnat farms
[farms] fix an error showing the farmguardian in HTTP farms
[farms] fix an error modifying the custom security ciphers in HTTP farms
Improvements:
[networking] Bonding interfaces restore their default mac address when the MAC field is empty
[networking] Created a wrapper to store default bonding mac address
Bugfixes:
[farms] fix SNI forward to backend
[system] APT configuration is checked daily and re-configured if required
[api] Fixed error 500 listing HTTP backends in API v3
[farms] fix backend aliases list for HTTP services
[system] Avoid to loop CA crl downloads without an Internet connection
New features:
[networking] support of custom script execution after configuring any route in a given interface
Improvements:
[api] return the Relianoid version in the session response
[system] avoid connections and cluster annoying messages in the logs
[networking] bonding will restore its default MAC address when the MAC field is empty
[networking] default MAC is stored for future restoring
[cluster] increased detailed information in web GUI cluster section
Bugfixes:
[ipds] fix WAF parse failed when the parameter was between quotes
[networking] fix DHCP config overwriting errors after disabling/enabling the service
[networking] fix static IP configuration is not configured properly after disabling DHCP
[system] execute the web server stop/start action in the background
[networking] fix solved routes were not being added if the interface was configured in UP status
[networking] fix deleted routing table inputs when bondings are unset
[networking] fix bonding status lost when unsetting the interface
[rbac] fix RBAC module mutex
[system] make SNMP community string less strict
[api] fix error 500 listing HTTP backends in API v3
[farms] fix backend alias not listed in HTTP services
[system] avoid enqueueing curl commands for license checking
[farms] fix error configuring HTTP redirect code
[system] set a token to block i-notify while the IPDS package is being updated
[farms] added less strict param for gslb which allows using check_icmp
[gui] fix left side menu was not shown properly in some Chrome versions
New features:
[networking] added support to run a script after routing config in a given interface
New features:
[farms] direct server return DSR support for L4
[farms] stateless NAT support for L4
[farms] L4 core with round-robin algorithm
[farms] L4 core with IP and port hashing for both destination or source
[farms] L4 core with support of new protocols: SCTP, netbios, snmp, h323, pptp, irc, sane, amanda
[farms] L4 core with configurable persistence per source and destination IP, port or even MAC
[farms] websocket support for HTTP/S
[farms] support of OpenSSL 1.1 for HTTP/S (TLS 1.3)
[system] latest kernel 4.19 with Long Term Support (LTS)
[system] spectre and meltdown mitigations included by default
[system] integration with APT remote repositories by default
[ipds] web application firewall for HTTP/S
[webgui] new web GUI based on Angular 6
[networking] full support of DHCP
[networking] MAC address custom configuration
[rbac] dynamic menu configuration based on RBAC user permissions
[system] added factory reset
Improvements:
[farms] new L4 core system based on nftables
[ipds] optimized security rules based on nftables
[cluster] clustering based on nftables
[api] optimization and refactoring of the API calls
[networking] improve network link management
[guardian] more integrated advanced health checks
Improvements:
[networking] force ARP announcement after any IP configuration
Bugfixes:
[networking] fix issue changing IP of one already configured alias
[farms] replace backend check port with the VIP port if this value is not defined
Improvements:
[system] remove dependencies with xtable-addons packages
Improvements:
[guardian] add a farm guardian check for monitoring SIP services
[webgui] change of farm guardian configuration in GSLB farms
[system] added Kernel Support for Amazon Web Services
[system] ssh service is started even if the certificate is not OK.
[system] start Relianoid Service as soon as a valid certificate is updated
Bugfixes:
[ipds] solved an issue downloading the scheduled remote lists
[guardian] farm guardian is not linked properly with GSLB farms
[webgui] responsive graphs in the dashboard for Mozilla
[certs] hyphens and dots are not allowed in the CSR section.
[ipds] update remote lists process was not downloading remote URLs.
[guardian] reserved strings are not modified in one match is already executed.
New features:
[guardian] redis health check is supported natively
Bugfixes:
[farms] L4xnat stats were not generated properly for farms with the same backend configured twice
New features:
[system] add support of Relianoid subscriptions package
Bugfixes:
[system] solved issue restarting the web server
Bugfixes:
[farms] duplicated rules for l4xnat when the configured protocol is ALL
[system] activation certificate was requested even if it was properly upgraded
Bugfixes:
[guardian] farmguardian did not start after restart Relianoid service
[farms] fix master node switching restarting Relianoid service
New features:
[networking] IPv6 support
[system] 64 bits support
[farms] new L4xNAT core based on nftables and nftlb
[farms] add L4xNAT direct server return support
[gui] new WebGUI with Angular6 based in ngx-admin template
[api] new Relianoid API 4.0
Improvements:
[system] fix security issues Spectre and Meltdown
[system] kernel update (Debian Buster)
[system] improved support for hypervisors
[system] improved code refactoring
Bugfix:
[farms] HTTP farms couldn’t be started because of new use of an HTTP proxy dependency
Improvements:
[system] add proxy support for packaging updates through Internet
Bugfixes:
[farms] fix leastconns traffic to down backends
[farms] fix HTTP traffic forwarding when cookie insertion was enabled
[guardian] fix farm guardian doesn’t start up properly
[webgui] fix farm guardian processes were killed if the web GUI was stopped
[webgui] fix memory leaks in the web GUI server
[webgui] a different network interface can be configured if the cluster is enabled.
Improvements:
[farms] add multiprotocol and multiport support for SIP
[ssl] not allowed to update the license certificate if it is not valid
[system] kernel update to solve several vulnerabilities (Spectre and Meltdown)
Bugfixes:
[farms] fix backend in maintenance used with the priority algorithm
[farms] solved issue changing TCP to UDP protocol
[farms] modify the virtual port value to * if multiprotocol is configured
[api] latest character was deleted for the hostname
[farms] fixed issues creating load balancing rules for protocol with helpers
Improvements:
[ssl] update the HIGH cipher string
Bugfixes:
[farms] error modifying the SSL HTTPS certificate
[ssl] error uploading a SSL certificate
[ssl] set the custom cipher string properly
Bugfixes:
[farms] services in HTTP farm show redirect value even when it isn’t configured
[system] check internet connectivity and proxy usage
Bugfixes:
[farms] fix l4 switching to ALL protocols
[farms] removed not needed ports for helpers in l4xnat
[farms] fix sip load balancing with NAT and ALL protocols
[farms] fix rules deleting backends in l4 farms
[farms] force to use TCP and UDP protocols for SIP
[farms] disable force to dnat in SIP configurations
[gui] disable port configuration for SIP protocol
[gui] disabled configure port if SIP or ALL protocols is enabled.
New features:
[system] ability to configure a http/s proxy for outbound connections
[farms] multiport support for FTP, TFTP and SIP protocols
Bugfixes:
[farms] set STS Timeout by default after disabling the STS Header
[farms] fix FTP, TFTP and SIP loading protocols
[stats] fix FTP and TFTP stat connections
[ipds] limit blaklists name length
[ipds] fix blacklist cron scheduler getting remote lists
Improvements:
[webgui] improved behavior of search boxes
[webgui] favicon with dark themes in browsers
[syslog] remove depuration messages
Bugfixes:
[networking] bring up NIC interface when it does not have link
[rbac] modify RBAC user without a new password
[rbac] modify RBAC user without group permissions
[cluster] drop incoming traffic on virtual interfaces with IPv6 in the backup node
[guardian] fix typos in farmguardian templates
[networking] fix bonding interfaces route tables
[farms] GSLB vip status shows critical in the backup node
[guardian] fix farmguardian migration script
[farms] fix error 500 creating GSLB farms
[farms] GSLB statistics does not work in the backup node
[cluster] cluster does not replicate new GSLB farms properly
[networking] fix startup interfaces configuration without an activation certificate
[farms] fix least connections port aware per backend
[system] fix error deleting the activation certificate
[networking] show interface aliases
Improvements:
[farms] Locking system for http configuration files
[networking] Add a check to verify the virtual IP when starting a farm
Bugfixes:
[stats] L4xNAT statistics does not show backends list
[stats] HTTP does not show the virtual interfaces stats
[farms] Fix L4xNAT farms and datalink renaming
[farms] Allow character ‘_’ for HTTP service names
[networking] Run virtual interfaces in the start process
[certificates] Fix the load of certificate field ‘Issuer’
[supportsave] Don’t use arptables to resolve IPs
[farms] Remove critical status in HTTP farms when a redirect configured
[farms] Allow setting the backend parameter ‘port’ as blank
[farms] Modifying a L4xNAT farm returns error sometimes
[services] Error parsing the file ‘resolve.conf’
[farms] Use a more restrictive regular expression to get farm file name
Improvements:
[rbac] Added two new preconfigured roles to be used in this module: management to allow to stop / start backend, and monitoring to allow to read information about system and farms
Bugfixes:
[rbac] Fix aliases are shown in the backends table even when user doesn’t have permissions to view this information
[alias] Fix aliases can be modified without permissions
[certificates] Fix search and upload actions break the SSL certificates table if some certificate has a CN field empty
New features:
[rbac] Roles templates added
Improvements:
[syslog] Log the error output when a command fails
[rbac] Allow more characters for RBAC: users, groups and roles
[rbac] Add RBAC information to supportsave
Bugfixes:
[guardian] Fix typo in farmguardian templates
[guardian] Migrate farmguardian of farms to new farmguardian check
[zenbui] Fix Zenbui symbolic link
[farms] The parameter “Log” in l4xnat farm returns blank sometimes
[rbac] Creating system user and system group needed for RBAC
[notifications] Notifications is enabled by default
[guardian] Run farmguardian in Relianoid start process
New features:
[farms] Option to enable traffic logs for LSLB, DSLB, GSLB and the connection tracking
[farms] Support of aliases for backends
[networking] Support for aliases per NIC, bonding, VLANs and virtual interfaces.
[system] Role-Based Access Control (RBAC) to define new users, groups and permissions to actions in the system
[api] API 3.2 to manage all the new features
[networking] IPv6 Support for NICs, VLANs, Virtual Interfaces, Bonding and routing
[farms] IPv6 Support for HTTP and L4xNAT farms
Improvements:
[guardian] Improve of usability with several built-in health checks
[farms] More descriptive error messages for HTTP/S farms
[farms] Configurable redirect code for HTTP/S farms
[farms] Backend servers disabled if redirect is used for HTTP/S farms
[farms] Configurable Strict Transport Security header by service in HTTP/S farms
[farms] Improve of session table stats for LSLB farms
[system] Improve of message logs to syslog
[networking] Validation of network configurations
[networking] Automated virtual services configuration when modifying the network configuration
[networking] Real time networking packets/throughput stats per second
Bugfixes:
[cluster] When cluster switches to BACKUP, the system never come back to MASTER
Bugfixes:
[farms] It is not possible to create http(s) services after moving some service
Improvements:
[ipds] included more parameters to check before starting a IPDS
[ssl] better input validation in CSR for organization and locality fields
Bugfixes:
[networking] solved issue stopping and starting bonding interfaces
[networking] ensure that bonding interfaces have a defined IP address before starting
[stats] fix established connections when the farm is not in UP status
[api] fix activation certificate status response
[guardian] update farmguardian statuses after a cluster switch
[farms] fix VIP verification after starting a farm
Improvements:
[webgui] load HTTP profile parameters faster
Bugfixes:
[farms] fix concurrent changes in HTTP(S) configuration files
Improvements:
[webgui] changed datetime format to allow ordering in table views
[farms] http(s) farm is marked in status UP when only a redirect is configured
[system] better and faster information gathering for supportsaves
Bugfixes:
[farms] solved issue modifying datalink farm names
[networking] solved issue modifying floating IPs
[system] solved DNS section parsing configuration file content
[farms] solved issue re-ordering services in http farms
[ipds] blacklist rules were not properly configured in GSLB farms
[farms] solved issue creating a l4 farm, API responds a 400 code instead of 200
[ssl] solved issue parsing “Issuer” field in certificates
[farms] parameter 100continue is not properly modified in http(s) farms
Bugfixes:
[networking] Run virtual interfaces in start process
Bugfixes:
[farms] Error detected when l4xnat farm parameters are listed
Improvements:
[gui] Faster loading of LSLB farms list
[gui] Faster loading of http[s] farms services
[system] Better logs description for http proxy
Bugfixes:
[networking] Configure network if the certificate is temporary or doesn’t exist
[system] Avoid to backup corrupt configuration files
New features:
[gui] A new web GUI frontend in Angular
[api] New API JSON+REST capabilities for processes automation
[networking] New networking section for a better management and configuration of interfaces
[farms] New LSLB module (Local Service Load Balancer) which manages both L4xNAT and HTTP/S profiles
[farms] Two different maintenance modes (cut and drain) for HTTP[S] and L4xNAT profiles
[farms] Improved HTTPS profile with new options to Enable / Disable SSL/TLS protocols
[farms] Max number of connections by backend server in L4xNAT profile
[farms] New DSLB module (Datalink Service Load Balancing) which manages uplinks and inbound LB
[farms] New farms status (UP, DOWN, Critical and Problem)
[farms] New backends Status (UP, DOWN, Maintenance and Undefined)
Improvements:
[system] Faster response based on REST API
[gui] Improved look and UX
[system] Enhanced logs management
[support] Support save options for better troubleshooting and support
[system] Linux Kernel based in a common Debian Stretch
[system] Easier upgrade by modules and transitions to Enterprise
[system] Improved the backup and recovery procedure
Bugfixes:
[farms] Issue solved enabling / disabling HTTPS backends checkbox
[farms] Solved segmentation fault in HTTP farms with session replication daemon ssyncd and cookie insertion
[system] Checks if an IP exists in any interface
Bugfixes:
[webgui] Not allowed to enter weight values higher than 9 for l4xnat profiles
[guardian] Some farmguardian health checks were not stopped properly
[cluster] Zeninotify was not started after a cluster switch
Improvements:
[system] New backup procedure to save the configuration
[system] Set a default SSL certificate for web GUI and API to 2048bits
[api] Added HTTP Headers for API calls to avoid content cache in browsers
[farms] Configurable redirect HTTP codes
[farms] Speed optimization to load SSL SNI certificates list
[gui] Activation certificates expiration notifier
Bugfixes:
[cluster] Leave maintenance mode properly in 3000 and 4000 series
[ipds] Solved some bugs related to RBL rules assignment to farms
[gui] Allowed searches in CN column for Certificates Lists
New features:
[farms] SSL hardware offloading support for HTTPS farms
[farms] new status for VIPs and backends in farm profiles
[farms] new maintenance status (drained and cut)
[cluster] real time sessions table replication for all layers
[ipds] new system rules for threats protection
[ipds] new rule RBL (real time black-hole list)
[system] logs line reader through web GUI
Improvements:
[farms] option to enable or disable different SSL protocols
[farms] reload datalink farms
[farms] better log description in HTTP profiles
[api] API v3.1 better performance and resource usage
[gui] improved the rules assignment to farms and web views
[notifications] encrypt email password to enhance security
[system] ssh and web services automatic reload
[gui] enable web GUI compression
[networking] show virtual interface name in Floating IPs section
[ipds] enable or disable security rules for a farm
Bugfixes:
[cluster] Maintenance mode not working in the backup node
[farms] Improved regular expression patterns for http stats when the service include certain private words
[farms] l4xnat profile is not configuring lb rules properly for the first l4xnat farm
Improvements:
[lslb] Farmguardian was not disabled in Backup node
Bugfixes:
[networking] VLAN was not started after to configure if NIC was not configured
[lslb] Allowed to add many ssl certificates without breaking the config file
[ipds] Some Dos rules were not applied to http farms
[lslb] Added support to concurrency in netfilter rules for rules modification
[networking] Route rules are not applied until Link is detected in UP mode
[networking] Fixed null response detecting a parent interface of a virtual interface
[lslb] Apply connmark rules before farm rules when farm starts
Bugfixes:
[ipds] IPDS rule was unset for the farms if the rule was renamed
[gui] Changed the error message when the activation certificate is wrong
[gslb] Not allowed two services with the same ID anymore
[ipds] Disabled blacklists rule from system when Relianoid process stops
[lslb] Change to least conns in l4xnat profile returned an error
[cluster] Zeninotify is not stopped when cluster node is in maintenance
[cluster] ARP responses were not disabled when cluster is in maintenance
[gslb] Sync a GSLB config directory to BACKUP node in creation time
[ipds] Not allow to create IPDS rules with the reserved name ‘rule’
[farms] Set and unset wildcard certificates in HTTPS farms
[ipds] SSH brute force rule were loaded twice in system at Relianoid first start
[lslb] Allowed DNAT mode for SIP protocol in l4xnat profiles
[net] Default GW was deleted for table main if GW for local table was deleted
Improvements:
[system] Stats Block has been deleted from conntrackd configuration file
[system] make selectable the kind of ARP announcement packets
[ipds] Fit the maximum number of sources for a blacklist
[cluster] Added a cluster exception to IPDS module in order to avoid to block cluster IPs
Bugfixes:
[users] Password change failed if some special characters are used in the password string
[farms] Solved compilation errors with SIP configuration in L4xNAT farms
[farms] Deleted connection tracking for UDP protocol if backend is configured in maintenance mode
Improvements:
[gui] New section “About” > “Relianoid LB Version” in menu
[iso] New Relianoid CE ISO 4.0.4 generated in sourceforge
[apt] New Relianoid CE package 4.0.4 generated in repository
Bugfixes:
[farms] solved issue in GSLB farms, allowed RData values in MX inputs
[farms]Updated farmguardian port checks in gslb farm when default tcp port health check is changed
[certificates] Fixed parse issue for certificate information
Bugfixes:
[farms] Reset connexion tracking for udp in L4xNAT farms
Bugfixes:
[farms] Allow modifying values for cookie insertion once this option is enabled
[cluster] Conntrackd 1.4 or higher integrated with systemd
[sys] Added expect package as dependency
[sys] Configuration directory is replicated recursively
New features:
[farms] Added max conns limit per backend server in l4xnat profiles
Bugfixes:
[farms] migration process from tcp to l4xnat profiles bugfix
[farms] flush udp flows from conntrack table bugfix
[guardian] farmguardian should not be executed if the farm is down
[ipds] ssh brute force protection port is shown in the web gui
[guardian] farmguardian file status for http profiles bugfix
[snmp] snmp doesn’t start automatically after a reboot
[ipds] delete standard error and output error in the startup blacklist process
Improvements:
[system] Applied some tuned kernel parameters from systemctl
[farms] Traffic between VIP and backends is forwarded locally instead of sending to gateway
[guardian] Improved farmguardian output messages.
Improvements:
[system] Increased information captured in supportsave
[system] Do not log more bonding warning messages
Bugfixes:
[gui] Fix minor bugs related with stats view
[gui] List all used ssl certificates in a running HTTPS farms
[gui] List all available interfaces when edit / create a farm
[farms] Modified logs related to farmguardian when an error is detected
[farms] Least connections algorithm doesn’t detect configured backends
[system] SSH never starts if ssh service is configured in a given IP instead of all IPs
[farms] Kernel modules for sip, ftp or tftp were not loaded properly
[farms] Services Not renamed properly when service name includes farm name string
[farms] Reset UDP packets tracking when any config change is done
[stats] Disabled pending connections information for UDP protocol
[stats] Bugfix in HTTP farms established connections for backends
[farms] Fixed disabling l4xnat IP persistence
Improvements:
[support] Include system and cluster details for better analysis in supportsave
[gui] Add test notification button for email notification method
[gui] Add update button when editing remote blacklist
[gui] Change update buttons to updating… when clicked
Bugfixes:
[ipds] Load blacklist when applied to a farm only if the farm is running
[farms] Allow to create several resources with same name in GSLB farms
[cluster] Fix cluster in 3000 series appliances
[gui] Do not require password in email notification method
[gui] Do not allow setting a port in L4xNAT farms when balancing all protocols
[gui] Notify after updating when the port or IP address has been changed
[gui] Fix URL when the GUI HTTP port is changed
[gui] Fix error message on some request failures
[gui] Some GUI style fixes
Improvements:
[gui] Messages when there is login error
[gui] Info button in dashboard
[gui] Change icon and tooltip for unset farm in ipds rules
[system] Remove deprecated configuration script
Bug fixes:
[farms] Fix L4xNAT pending and established stats
[system] Add to supportsave arp filtering, node status and L4xNAT persistence
[system] Fix configuration of management interface in zenbui
[networking] Use routing rules per subnet instead of per ip
[gui] Refresh button in stats
[gui] Responsive in stats tables
[gui] Update cluster status after a logout or expired session
[gui] Close selection form when kept open and the view is changed
[gui] System stats responsive
[gui] HTTP Redirect regular expression
[gui] Allow to apply DoS rules (IPDS) to any kind of farm profile
Bug fixes:
[ipds] Remove blacklist from memory when no running farm is using it
[api] Fix ciphers information inHTTPS farms
[cluster] Handle password safely configuring the cluster in case there are symbols
[ipds] Fix remote blacklists setup on cluster backup node
[networking] Allow hypens in network interface names
[gui] Fix HTTP Redirect regular expression
[gui] Fix space for period unit field in remote blacklists
[gui] Fix selecting all backups
[gui] Fix HTTP Redirect regular expression
[installer] Include dependencies when upgrading from Zen 4.2
New features:
[api] New API v3 version, entire system can be managed by API Rest+JSON.
[gui] New Web GUI in Angular2 100% responsive.
[security] New security module v1 called Internet prevention and detection service or IPDS with blacklists and DDoS prevention.
Improvements:
[gui] Local service load balancing module or LSLB now manages http, https and l4xnat profiles.
[gui] Global service load balancing module or GSLB now manages gslb profiles.
[gui] Datalink service load balancing module or DSLB now manages datalink profiles.
[doc] Updated documentation for Relianoid v5.
[system] Floating IPs, VIPs can be assigned to interfaces.
[cluster] Stateful cluster for l4xnat profiles.
Improvements:
[gui] Certificates were not properly managed in SNI list for https farms
[gui] Password is not a mandatory field in Sender notifications by email
[gui] Solved minor bug in Help module
Bug fixes:
[farms] Certificates were not properly managed in SNI list for https farms
[gui] Re-branded from zen to Relianoid
[sys] Renamed system packages from zen to Relianoid
Bug fixes:
[farms] Solved issue showing Established Conns in HTTP farms in API v2 and v2.1.
[net] Bonding interfaces don’t start after a reboot.
Bug fixes:
[farms] Not allowed to modify any value if farm is up.
Improvements:
[farms] Reduce UDP conntrack timeout and increase UDP memory.
Bug fixes:
[net] Route tables were not loaded at boot time.
[gui] Disable the possibility of farm renaming in WebGUI when they are up and running.
Improvements:
[notifications] Notification module sends mails without authentication in smtp server.
Bug fixes:
[notifications] Notification module configuration is preserved during update.
[farms] Solved bug with L4xnat Persistence session.
[cluster] Some network interfaces weren’t stopping in cluster switching.
[farmguardian] Solved advanced health checks compatibility between zen 3100 and zen 4100.
[net] Solved issue with link interface status (UNKNOWN) for driver vmxnet3 (Vmware).
[notifications] Modified some regular expressions in the Notifications module and l4xnat profile.
[cluster] Forced network advertisement once startlocal concludes.
Improvements:
[notifications] Notification module sends mails without authentication in smtp server.
Bug fixes:
[cluster] Solved issue listing all virtual interfaces in zen advertisement event.
New features:
[sys] SNMPD is supported.
[sys] Bonding. Supported 7 different types, LACP included.
[farms] New DNS records can be created, AAAA, MX, TXT, SRV, PTR, NAPTR.
[farms] FarmGuardian configuration for GSLB profiles.
[sys] Notifications: System alerts through email when a backend server goes DOWN / UP
[sys] Notifications: System alerts through email when cluster service switches.
Improvements:
[farms] HTTP and HTTPS Statistics, Stats are generated in base of the Service that manages the request in place of the Virtual IP.
[farms] HTTP and HTTPS services order can be changed, useful for users that use Zen HTTP profiles as reverse proxy.
[sys] All services integrate logs with syslog.
[farms] Added more checks for FarmGuardian: native checks for oracle, mysql, dns, postgresql, ftp, radius and more.
Bug fixes:
[sys] Minor bugfix in input form parameters and regular expressions.
[farmguardian] FarmGuardian icon is shown in conns stats when farmguardian disables backend for HTTP and HTTPS profiles.
Bug fixes:
[farms] Disabled flood messages when session is created / updated in HTTP farms.
[cluster] Stop virtual interfaces configured in the same interface that cluster runs.
Bug fixes:
[farms] Fix HTTP profile during migration to 402.
[farms] HTTP binary profile compilation for GLIBC 2.13 instead of 2.14.
Bug fixes:
[cluster]Issue sending gratuitous arp packets just after a cluster switching.
Bug fixes:
[cluster] Fix random cluster flapping.
New features:
[sys] Plugins system.
[sys] Help plugin.
Improvements:
[sys] HTTP profile memory efficient dynamic thread model.
Bug fixes:
[sys] Several graph fixes and improvements.
[api] ZAPI v2 GSLB backend removal.
[sys] Fix management interface in zenbui.
Bug fixes:
[sys] Fix interfaces configuration with same ip.
[sys] Fix cgi handling for web and zapi interfaces.
Bug fixes:
[farms] Fix L4xNAT connmark rules.
[farms] Start farm at the end of L4xNAT farm creation process.
[farms] Improved multiport definition detection.
Bug fixes:
[sys] Error control when a new Virtual Network Interface or Vlan is created.
[sys] Error control when we set up or down a Virtual Network Interface or Vlan.
[farms] Enable session status table for HTTP Conn Stats.
[farms] Configure Disable SSLv3 in https farms.
[cluster] Cluster configuration when a backup failover is reboot.
New features:
[sys] New Kernel Updated to 3.16 (Debian Jessie Base)
[sys] Debian packages consolidation
[farms] Allow to edit farms with stopped status
Improvements:
[farms] TCP profile deleted, L4xNAT should be used instead
[farms] GSLB Profile deleted
[sys] L7 profile for HTTP[S] core updated with distro package
[sys] Openssl Library updated with distro package
[sys] Cluster service updated with distro package
[sys] Web GUI service updated with distro package
[sys] Added and updated libexec scripts
[sys] Include disks information through snmp
Bug fixes:
[farms] Minor bugs fixing related to HTTP farms services
[farmguardian] Fix persistence sessions losing L4xNAT after deactivating a backend
[farms] Fixed online weight calculation L4xNAT farms
[net] Minor bugs fixed in section Conns Stats
[gui] Fix special characters issue with root/admin password
Improvements:
[farmguardian] FarmGuardian’s memory resource usage is reduced.
Bug fixes:
[cluster] Cluster global checks for zen latency and zen inotify.
[farms] Migration script for HTTP and HTTPS profiles (Disable SSLv3, Backend Cookie, dyn scale and others directives).
[sys] Allowed reserved characters “$” for root password in webgui.
[api] ZAPI input control error for virtual network interfaces and reject to configure a duplicated IP.
Bug fixes:
[farms] IP persistence in L4xNAT regression bug.
Improvements:
[sys] Include package list and system statistics for better analysis.
Bug fixes:
[farms] Fix L4 backend marks.
Bug fixes:
[farms] Set save parameters for L4xNAT profile with persistence in ZLB 3000 series.
Improvements:
[farmguardian] Compact logs in Farmguardian.
Bug fixes:
[farms] Improved maximum number of threads.
[farmguardian] Farmguardian memory leak.
[farmguardian] Farmguardian start in farms L4xNAT.
[farmguardian] Farmguardian failure with HTTP farms.
New features:
[farms] Maintenance mode for L4xNAT backends.
[farms] Deprecated TCP / UDP profile.
[gui] Enable modify farms in stopped mode.
[api] New ZAPI version v2.
[api] Monitoring farms through API.
Improvements:
[gui] Farms global parameters reorganization.
[gui] Configuration forms usage improvement.
[net] Improved the global stats calculation.
[gui] Reduced navigation urls in webgui.
[farms] Modify l4xnat’s farm parameters on the fly.
[farms] L4 farms performance improvement.
[gui] Improved responsive web inteface.
Bug fixes:
[all] Source code refactoring.
[all] Minor bug fixing.
Improvements:
[farms] HTTP/S farms core update
[gui] New web GUI with responsive support
[system] Improved graphic first menu setup
[gui] Improved CGI execution access protection
Bug fixes:
[gui] web GUI interface reset after upgrade
[farmguardian] L4xNAT farmguardian bugfix changing backend states
[farms] L4xNAT scheduler bugfixes
New features:
[gui] RESTful API
[system] New web GUI server
[gui] System users management integrated in the web GUI and Zen API
Improvements:
[networking] UDP and TCP timeout stream optimization
Bug fixes:
[farms] Solved issue with connection stats
[farms] Not allowed to rename a farm with an empty value
[farms] Preserve .htpasswd after upgrading
[farms] GSLB several bugfixes
[farms] Disable SSLv3 for Poodle in HTTPS farms
[farms] Load conntrack modules after upgrade
New Features:
[farms] New Least Response HTTP algorithm
[farms] New SNI multiple certificates handler for HTTPS farms
[farms] SAN certificates added support. Disable exit error when CN is not present.
[farms] New xHTTP PATCH verb support for HTTP farms
[farms] L4 SIP improvements, FTP and TFTP support. Least Connections algorithm.
Improvements:
[farms] Enable DNAT option for SIP protocols
[cluster] Clustering gratuitous ping support
[farms] Pound patches until 1 Nov 2014
[net] Static routes improvement
[farms] Several SIP farms support in different ports
[farms] Updated GSLB farm
Bugfixes:
[farms] SIP connections are not being shown in the web GUI
[farms] SSLv3 vulnerability POODLE patch
[farms] CRIME attack vulnerability patch
[farms] Validate service name within HTTP farms without no valid characters
[gui] Networking extension functions ending file bug
[gui] Problem syncing the root password through the web GUI
[farms] Rename RRD files to the new farm name
[farms] Delete old farms graphs
[sys] Dependency order for SSH and zenloadbalancer services
[cluster] Startup cluster service bugfix
New Features:
[farms] L4 SIP load balancing support
[farms] Simple GSLB load balancing support
[ssl] Granted CA SSL Certificates automatic generation
[gui] Dynamic news platform support
Improvements:
[gui] HTTP farm client request timeout with unit “seconds”
[gui] Refreshing timeout for farms status view
[cluster] Improved RSA synchronization
[gui] Advise message regarding no cluster configuration found
[gui] return back button to All Farms in farm edition panel
Bugfixes:
[farms] Datalink farm wrong info in farms table
[farms] FG backend status file mutex implementation
[gui] date-time wrong formatted fix
[farms] Modification of Priority and Timeout parameters could cause a inconsistency in the HTTP/S farms configuration file
[farms] Farmguardian error in TCP farms, the backends are not remaining down while FG is checking them.
Improvements:
[cluster] Cluster service avoid hardcoded vhid and deadratio parameters
[installation] Postinstallation script global.conf checking
Bug fixes:
[farmguardian] Farmguardian startup bug fixes
[farmguardian] Fix FarmGuardian execution for L4 farms
[farms] Datalink infinite loop getDevData() showing farm info
[farms] Manage HTTP/S farms connection bug due to wrong lb core child pid
[farms] L4 persistency multiprotocol command fix
[farms] Set priority value for L4 by default
[farmguardian] Farmguardian startup status fixed
[farms] Farms name hyphens filtering fixed
[farmguardian] FarmGuardian up status for the backends before stopping the FG service
[farms] L4 netstat connections
[farms] HTTP/S farm redirect fix when a redirect name is used
[logs] Regression: delete debug messages
[farms] Backend states on HTTP/HTTPS farms become inconsistent when the service doesn’t exist in the configuration file (the farm restart has not been performed). Service ID will be null
[farms] New backends are not included in the backend status file
[farms] Setting L4 TTL field is not applied by default. An automatic restart is needed
[farms] DateTime errors in the log files. The DateTime has been changed to system ‘date’ command
[farms] Force drain sessions automatically when a backend is detected as down
[farms] L4 farms connections accounting are not showing properly in the status panel
[config] Delete generated global.conf, it could be rewritten an already configured load balancer by the default one
[installation] Include interactive mode post-installation and error solved
[installation] Delete config files at installation time
[gui] Shell error solved getting ZLB version
[farmguardian] Farmguardian defunct processes and tcp/udp farm malfunction
[farms] TCP and UDP with pen LB, the backend never comes alive from FGdown. These kind of farms doesn’t need to detect the state change for a backend, as they need to refresh always the blacklisted timeout
New Features:
[farms] HTTPS Backends. The load balancer can manage https connections to backends, ssl offload can be disabled.
[farms] HTTP timeouts. Added new timeout fields for managing time in response and request headers
[farms] L4 agnostic protocol. It can be balanced any kind of protocol, not only UDP or TCP.
[farms] Added priority algorithm for L4 load balancing.
[cluster] Added a new timeout field for managing the response time for switching the service.
[gui] Added a logout button in the web gui.
[system] Run own scripts. Added the possibility for making own scripts that are executed in events: start / stop service, i.e. firewall configuration, sending mails, etc.
[L4 masquerade] the farm connects to backends from the IP in the same subnet that backend.
Improvements:
[farms] HTTP and HTTPS in a farm. Now the HTTPS configuration is a property of HTTP farms, not a different farm.
[farms] TNAT and UNAT in a farm. Now TCP or UDP protocols can be managed in the same L4 farm.
[gui] For saving resources, RRD graphs are created on the fly, not in a cron task.
Bugfixes:
[gui] Solved bug for syncing web gui user password and root system user password
[farms] L4 CONNECTIONS. Solved issue for showing connections status in L4 farms
[Farmguardian] Solved bug for managing backend checks and backends status.
[farms] Improvement in some HTTP regular expression for VIrtual Host and Redirect fields.
Improvements:
[farmguardian] Advanced checking system optimization switching backend states
[cluster] Time synchronization improvement
New features:
[farmguardian] Layer 4 advanced checking support
[system] Security improvement
Bugfixes:
[system] Vulnerabilities fix
[webgui] css iexplorer 9 compliance
[farms] adding l4 backends without weight value
New Features:
[farms] Layer 4 Includes: several listening ports for a farm, DNAT and NAT load balancing methods
[farmguardian] Advanced Farmguardian support for HTTP and HTTPS
[farms] Virtual host support for HTTP and HTTPS farms
Improvements:
[farms] HTTP/HTTPS farms core balancing upgrade
Bugfixes:
[farms] Fix regression max number of available connections for TCP farms
[farms] Check invalid characters for a farm name
[system] Do not reset the GUI password when updating the package
[farms] Bad formatted error message when inserting bad weight value for http and https farms
Improvements:
[networking] Disable TCP recycle
[system] Improvement sysctl options at boot time
Bugfixes:
[farms] Custom ciphers form for https farm
[farms] HTTP and HTTPS maintenance mode lose configuration
[cluster] Cluster failover by itself
[cluster] Cluster failover master node returns to backup on equals mode
[system] Configure the default apt sources for v2
[gui] Max length in virtual interface field
[gui] Only allow numeric characters in vlan field
[gui] Change position for Test RSA button
[farms] Max Connections for real servers could produce a farm to close connections
Improvements:
[farms] Setting algorithm for uplink load balancing: weight and priority.
[gui] Sort monitoring graphs.
[gui] Check http(s) farms configuration before stop
[gui] Expand farm name in the top of the Manage Farms panel
[cluster] Maintenance mode for cluster nodes
[cluster] Disable _modify cluster type_ in the backup node
[cluster] Include VHID param in cluster configuration
[gui] Increase farm’s name field size
Bugfixes:
[networking] Deleting VLAN interfaces
[networking] Problem configuring VLAN interface over a down physical interface
[gui] No connections appears for status backends when the farm is started over a virtual interface
[cluster] Failover button always failback to the primary node – Change ‘Force failover’ to ‘Test failover’ text button
[farms] Disable rewrite location for HTTP farms
[gui] Fix HTTP/S farm configuration CSS
[gui] SSL certificates uploading from Windows systems shows the full file path
[gui] Treatment of special characters under the farmguardian field
[gui] Shows the default global gateway under the interfaces table when an interface hasn’t a route table
[gui] CPU rrd graph always show the same values
[gui] Incorrect CPU and MEM farms data in Global View
Improvements:
[gui] Don’t show overflowed age clients in the farm status panel
[gui] Improve SSL certificates panel
[cluster] Improve cluster startup
[cluster] Improve SSH connection between nodes
[farms] Keepalive configuration for inactive TCP connections through firewalls
New features:
[farms] Ciphers configuration for PCI (Payment Card Industry) compliance
[farms] Maintenance button for backends
[gui] Farm connections monitoring graphs
[farms] Uplinks load balancing
[gui] Change GUI port
Networking:
Gratuitous ARP for cluster speedup
TCP Kernel tuning to improve throughput
Farms:
Farm renaming
Improve load balancer algorithm for TCP farms
Profiles support
UDP support
Advanced HTTP/HTTPS support
SSL wrapper
Certificates management for https profiles
Cluster:
Manual force failover
Crossover support
GUI:
Improving RRD files and graphs for monitoring
State icons on farms and backends
Improving status backends section
Minimize button for views on farm status section
Improving Global View
New certificates manager section for https profiles
Improve CSS look web panel
Bugfixes:
When ifup is executed, try to create the interface first
MAC duplication fixed and interface group sort is applied
Fix network interface unlink state
Check UP interface in state
Modified zenloadbalancer script for add more open files permission
Modified zenrrd script to save one year of date
Modified zenrrd task to run every 5 minutes
Regular expression function ifexist
Regular expression function getDefaultGW
Modified zenloadbalancer init script to add fs.file-max
Rewrite $if for down interfaces
New features:
An icon is included when no link is detected in network interfaces
Confirm dialog boxes while deleting configuration
Fix creation of network rules for every interface
Delete rrd graphs for unavaliable network interfaces
Fix Global Information section of Global view
Improvement of CSS frontend
Implemented suggestion: Add delete network interface icon for physical NICs
Improved configuration process and panel of Cluster section
Implemented suggestion: GUI ip and Cluster ip doesn’t have to be the same
Fix the RSA configuration between cluster nodes
Fix replication service between cluster nodes
Addition of ‘Force sync configuration’ button on the master cluster node
Automatic insertion of apt network repositories
The ZenLB ISO is able to be burned into a USB memory device like a CD
Fix other BUGs detected on lab testing
Fix farmguardian and double quotes on strings for check
Bugs solved about Delete Real servers on a farm
Added apt repository for updates
Added APT configuration file on GUI
Added DNS configuration file on GUI
Bugs solved on GUI about HTML standard on form buttons
Added session timeout for connection clients on GUI
Added license section on GUI
Added sync pass with admin user GUI and root user
Bugs solved on GUI entering illegal values on farm configuration
Max connections updated from 507 to 32760 on a farm
Bugs solved about actions buttons on interface section
A new look for frontend GUI
SSL connection on frontend GUI
Advanced view with progress bar on farms
Cluster Service ACTIVE/PASIVE mode
Automatic replication of Cluster service and Zen service configuration
Advanced networking configuration
Vlan support
Multiples route tables for real and vlan interfaces
ntp sync
Backup configuration. Export/Import
A lot of modifications, bug fixed, improvements and proposals by members of the mailing list
A frontend GUI form manage Zen Load Balancer Appliance
Create a lof of TCP Load Balance
Add virtual interface to Real interface
Zen monitoring appliance over RRD graphics
Modify a lot of farms parameters without stop load balance services
Advanced status view of backend servers and farm