TIMELINE

New features:
[lslb] eproxy: introduce TCP listener support
[lslb] eproxy: introduce TCP SSL Offload support
[lslb] eproxy: introduce SNI support
[lslb] eproxy: introduce HTTP/S and HTTP2 multi-service support
[system] syn flood mitigation by default
[system] new connections performance increase by 6x
[system] make use of noid-updater instead of checkupgrades

Improvements:
[system] change prompt colors
[ipds] mfa: improve input parameters handling
[api] core api functions improvements
[system] groups handling improvement
[system] dummy nft table handling improvement
[net] bonding handling improvements
[backup] use restore backup instead of apply
[lslb] eproxy: backend timeout handling improvement
[system] several configuration migration improvements
[backup] restore backup process improvement
[system] relianoid systemd service improvement
[system] hardware bsp support
[system] logrotate configuration handling improvement
[system] disable disk storage for journal
[system] nftlb service improvement
[gui] sort interfaces list by name
[gui] sort graph list by name
[ssl] upload protection of SSL certificates with passphrase
[notifications] update email sender
[package] add relianoid-archive-keyring as dependency
[system] delete duplicated globalconf variables
[system] remove globalconf indirection variables
[net] stop attempting to delete missing bonding interface
[system] try to kill http proxy nicely
[api] refactor API settings logic
[system] improve log messages of relianoid service
[cluster] avoid sending ARP after configure IP if the node is in maintenance
[ipds] disable waf assistant by default
[system] some post installation improvements

Bugfixes:
[backup] fix import of zevenet backups
[ipds] mfa: fix AD distinguishedName attribute location
[ipds] mfa: fix username input variable in the login form
[system] fix some uninitialized values
[ipds] fix waf rules duplication
[system] vulnerabilities solved: CVE-2024-12084, CVE-2024-52533, CVE-2024-6345, CVE-2023-43804, CVE-2024-12085, CVE-2024-7409, CVE-2024-7592, CVE-2025-26465, CVE-2024-12087, CVE-2024-12088, CVE-2024-11168, CVE-2024-12086, CVE-2024-12747, CVE-2024-6923, CVE-2023-27043, CVE-2024-12133, CVE-2024-12243, CVE-2024-9287, CVE-2024-37891, CVE-2023-45803

Access the Official Release Notes for more information.

New features:
[lslb] add priority to backends
[lslb] introduce least response scheduler for http farms

Improvements:
[system] based on Debian 12.5
[core] improve syntax of developer documentation
[lslb] improve http farms parser to make it more robust
[core] apply good practices to pass critic level 4
[gui] improved translation messages
[core] reduce default log messages of metrics collector
[core] cleanup unused and deprecated code
[system] avoid ssh config overwriting

Bugfixes:
[cluster] fix cluster replication
[lslb] fix adding Control directive in HTTP farms during migration of config files
[gui] fix https backends, virtual host and pattern enabling option
[system] fix grub issue in ISO installation

Here are the Release Notes with all the extended information.

Improvements:
[ssl] LetsencryptZ: restore the farm when a certificate renewal is finished by a timeout
[system] added file descriptors info in supportsave

Bugfixes:
[proxy] fixed chunked transfer encoding
[proxy] fixed websocket protocol
[api] fixed create copy from farm action
[api] fixed farm status calculation in backend actions
[api] fixed modify persistence TTL in HTTP farms

Bugfixes:
[ssl] LetsencryptZ: restore the farm when a certificate renewal is finished by a timeout
[cluster] fixed error in sync action when deleting files is performed at the same time
[system] fixed the following vulnerability issue:
CVE-2023-25136, CVE-2012-1151, CVE-2020-8991, CVE-2010-1161, CVE-2019-17595, CVE-2019-17595, CVE-2014-0479, CVE-2022-45873, CVE-2022-36021, CVE-2019-20454, CVE-2022-1587 and CVE-2022-1586

Improvements:
[networking] improvement starting interfaces
[webgui] improvement applying farmguardian
[lslb] http: scheduling algorithm improvements
[lslb] http: improve pending connection count for backends

Bugfixes:
[system] fixed SupportSave command
[lslb] http: fixed redirect behavior

New features:
[system] allow Hostname as a rsyslog remote server

Improvements:
[farms] flush connections when a L4 farm is stopped/deleted
[farms] flush connections when a L4 backend is deleted

Bugfixes:
[farms] fixed L7 floating backend sourceaddress assignment
[networking] fixed routing rule validation
[networking] fixed no check route table before listing
[system] fixed the following vulnerabilities issues:
CVE-2021-4160, CVE-2022-0778, CVE-2021-25220, CVE-2019-17041, CVE-2019-17042, CVE-2021-3770, CVE-2021-3778, CVE-2022-24048, CVE-2022-24050, CVE-2022-24051, CVE-2022-24052, CVE-2021-43618, CVE-2021-46667, CVE-2021-3796, CVE-2021-35604, CVE-2021-46659, CVE-2021-46661, CVE-2021-46663, CVE-2021-46662, CVE-2021-46664, CVE-2021-46665, CVE-2019-15165, CVE-2019-20807, CVE-2018-25032

Improvements:
[networking] do not delete routes for a nonconfigured interface
[farms] add validation and migration script for HTTP directive “Alive”
[system] add scope validation modifying SNMP scope value.
[system] add Relianoid 6.2 repository source

Bugfixes:
[farms] fixed established connection for a L4xnat farm are not shown
[ipds] fixed ordering the blacklists
[farms] fixed URL Pattern not allow comments in HTTP Farms
[system] fixed start nftlb if PID file exists but daemon is not running
[system] fixed issue migrating from iptables to nftlb in the backend status

Improvements:
[networking] do not delete routes for a nonconfigured interface
[farms] add validation and migration script for HTTP directive “Alive”
[system] add scope validation modifying SNMP scope value
[webgui] enable Cypress Studio for integration tests
[webgui] update Readme

Bugfixes:
[farms] fixed established connection for a L4xnat farm are not shown
[ipds] fixed ordering the blacklists
[farms] fixed URL Pattern not allow comments in HTTP Farms
[system] fixed start nftlb if PID file exists but daemon is not running
[webgui] fix network virtual create form
[webgui] fix blacklist edit form CSS
[webgui] fix memory leak in LSLB farm services list

New features:
[webgui] add farm blacklists move action

Improvements:
[farms] enable pound as a proxy by default
[rbac] avoid SO limitation pattern creating a RBAC user
[api] add validations to GET stats API
[api] change IPDS API response messages
[api] add ipds message error when configure duplicate WAF rule ids

Bugfixes:
[system] fixed delete zevenet certificate in factory reset
[system] fixed issue migrating from iptables to nftlb in the backend status
[networking] fixed configure default gw in the main routing table when a NIC is modified
[networking] fixed an Interface that can be reconfigured with the same IP
[networking] ignore dhcp parameter in Interface API if is equals to the configured one
[farms] fixed glsb stats service validation
[farms] get farm PID from the PID file, not from the system
[api] fixed create and modify route validation
[api] fix GET /stats/farms//services//backends to get backends by service
[api] fix cookieinsertion validation
[api] do not allow to create any http cookie directive with any blank parameter
[system] fixed the following vulnerabilities issues:
CVE-2022-0543, CVE-2022-25235, CVE-2022-25236, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315, CVE-2022-24407

Improvements:
[proxy] add migration script for old proxy configuration files
[proxy] add a monitor that relaunches the process if it detects a segfault signal
[farms] get farm PID from the PID file, not from the system
[api] add validations to GET stats API
[api] remove name field from GET /stats/system/network/interfaces
[rbac] avoid SO limitation pattern creating a local RBAC user
[guardian] add migration script for old farmguardian configuration files

Bugfixes:
[farms] fixed GSLB stats service validation
[farms] reset L4 farm backend priority, weight and max connection values if send null
[api] fixed the create and modify route validation
[api] fixed cookie insertion validation
[api] do not allow to create an HTTP cookie directive with any blank parameter
[api] fixed status parameter for GET /stats/system/network/interfaces
[networking] ignore DHCP parameter in interface API if it is equal to the configured one
[networking] fixed configure default gw in the main routing table when a NIC is modified
[networking] fixed an Interface that can be reconfigured with the same IP
[networking] fixed an Interface can be configured with the same IP as a Virtual Interface
[networking] fixed list tables from rt_tables when the name contains “-” character
[ipds] fixed not_match field from ipds rules API
[ipds] WAF: fixed get default_log rule field
[ipds] WAF: modify disable_rules field after deleting a rule
[ipds] WAF: update SecRuleRemoveById when a disabled rule is modified
[ipds] WAF: check the rule IDs when setting the disable rules param
[system] fixed notification sec rules
[system] notifications config dir is excluded from synchronization
[guardian] fixed farmguardian conf modification when modifying a farm name

Improvements:
[cluster] remove azure account after deleting azure cluster configuration

Bugfixes:
[farms] changed function from checkport to validatePort
[ssl] Letsencryptz forced to use HTTP challenge
[cluster] fixed IP announce in Master node, it is not performed when the backup node is started
[cluster] fixed restart farm on the backup node
[networking] fixed Nonexistent NIC Interface Configuration File is not removed

New features:
[networking] routing module to manage static routing rules
[webgui] multi Language module
[ipds] WAF rules editor from the web gui
[farms] button to copy farms
[rbac] LDAP connector to authenticate RBAC users
[system] introduce full management command line interface, named zcli
[farms] introduce high performance HTTP and HTTPS load balancing reverse proxy core, named zproxy
[api] introduce zapi version 4.0.1 including the new features automation
[farms] introduce priority algorithm for HTTP profile
[farms] introduce L4 DSR session persistence support

Improvements:
[ipds] blacklist update scheduler optimization
[system] add web gui section for advanced settings: ARP announcement, allow routing subnet duplication, session replication service management
[farms] allow creating farms with the same networking settings

Bugfixes:
[ipds] set the default action for all WAF phases

Bugfixes:
[certs] load long certificate lists in less than 1 minute
[gui] optimize certificates table pagination load
[farms] solved routing rules for sd-wan (dslb)
[farms] fixed dashboard view for dslb farms
[system] fixed system checks that are running in Azure

New features:
[proxy] add/delete response headers
[proxy] add multi-listener support
[proxy] add support to listener config reload
[proxy] added WAF support (libmodsecurity3, disabled by default)
[proxy] added automatic memory trimmer
[proxy] add backend server priority setting
[proxy] add -R option to reload listener configuration from file

Improvement:
[proxy] add missing extended HTTP verbs
[proxy] add centralized regex manager
[proxy] add listener CTL management support
[proxy] schedule redirect response if backend connection fails
[proxy] do not load balance if only 1 backend is present
[proxy] add better information in logs
[proxy] set static maximum SSL handshake retries
[proxy] added case insensitive comparator to Headers map

Bugfixes:
[proxy] fixed incomplete response parse continuation
[proxy] fixed Location and Content-Location wrong protocol if RewriteLocation=2
[proxy] fixed crash parsing an HTTPS listener
[proxy] fix session cookie header value parser
[proxy] invalidate sessions if the backend is down
[proxy] fix cookie session-id comparation
[proxy] fix crash on process exit
[proxy] reply err503 on abrupt connection close by the backend
[proxy] fix malformed log data

New features:
[guardian] redis health check is supported natively

Bugfixes:
[farms] L4xnat stats were not generated properly for farms with the same backend configured twice

Bugfixes:
[networking] Run virtual interfaces in start process

Bugfixes:
[farms] Error detected when l4xnat farm parameters are listed

Improvements:
[gui] Messages when there is login error
[gui] Info button in dashboard
[gui] Change icon and tooltip for unset farm in ipds rules
[system] Remove deprecated configuration script

Bug fixes:
[farms] Fix L4xNAT pending and established stats
[system] Add to supportsave arp filtering, node status and L4xNAT persistence
[system] Fix configuration of management interface in zenbui
[networking] Use routing rules per subnet instead of per ip
[gui] Refresh button in stats
[gui] Responsive in stats tables
[gui] Update cluster status after a logout or expired session
[gui] Close selection form when kept open and the view is changed
[gui] System stats responsive
[gui] HTTP Redirect regular expression
[gui] Allow to apply DoS rules (IPDS) to any kind of farm profile

New features:
[api] New API v3 version, entire system can be managed by API Rest+JSON.
[gui] New Web GUI in Angular2 100% responsive.
[security] New security module v1 called Internet prevention and detection service or IPDS with blacklists and DDoS prevention.

Improvements:
[gui] Local service load balancing module or LSLB now manages http, https and l4xnat profiles.
[gui] Global service load balancing module or GSLB now manages gslb profiles.
[gui] Datalink service load balancing module or DSLB now manages datalink profiles.
[doc] Updated documentation for Relianoid v5.
[system] Floating IPs, VIPs can be assigned to interfaces.
[cluster] Stateful cluster for l4xnat profiles.

New features:
[sys] New Kernel Updated to 3.16 (Debian Jessie Base)
[sys] Debian packages consolidation
[farms] Allow to edit farms with stopped status

Improvements:
[farms] TCP profile deleted, L4xNAT should be used instead
[farms] GSLB Profile deleted
[sys] L7 profile for HTTP[S] core updated with distro package
[sys] Openssl Library updated with distro package
[sys] Cluster service updated with distro package
[sys] Web GUI service updated with distro package
[sys] Added and updated libexec scripts
[sys] Include disks information through snmp

Bug fixes:
[farms] Minor bugs fixing related to HTTP farms services
[farmguardian] Fix persistence sessions losing L4xNAT after deactivating a backend
[farms] Fixed online weight calculation L4xNAT farms
[net] Minor bugs fixed in section Conns Stats
[gui] Fix special characters issue with root/admin password

Improvements:
[farmguardian] FarmGuardian’s memory resource usage is reduced.

Bug fixes:
[cluster] Cluster global checks for zen latency and zen inotify.
[farms] Migration script for HTTP and HTTPS profiles (Disable SSLv3, Backend Cookie, dyn scale and others directives).
[sys] Allowed reserved characters “$” for root password in webgui.
[api] ZAPI input control error for virtual network interfaces and reject to configure a duplicated IP.

Bug fixes:
[farms] IP persistence in L4xNAT regression bug.

Improvements:
[networking] UDP and TCP timeout stream optimization

Bug fixes:
[farms] Solved issue with connection stats
[farms] Not allowed to rename a farm with an empty value
[farms] Preserve .htpasswd after upgrading
[farms] GSLB several bugfixes
[farms] Disable SSLv3 for Poodle in HTTPS farms
[farms] Load conntrack modules after upgrade

A new look for frontend GUI
SSL connection on frontend GUI
Advanced view with progress bar on farms
Cluster Service ACTIVE/PASIVE mode
Automatic replication of Cluster service and Zen service configuration
Advanced networking configuration
Vlan support
Multiples route tables for real and vlan interfaces
ntp sync
Backup configuration. Export/Import
A lot of modifications, bug fixed, improvements and proposals by members of the mailing list