Skip to main content

On-Premise Appliance Release Notes - Maiden

Updated

Maiden-33

Release date: 28 October 2025

  • Minor improvements to the Updates & Releases page and update process, including removing the block on moving between Maiden versions if you previously used SWURL.

  • Updated our Anti-malware engine to fix an issue that caused Smoothwall to stop scanning for malware.
    Note: The Anti-malware engine may show a red status on the Dashboard while it uses the previous signatures for up to 24 hours.

Maiden-32

Release date: 16 September 2025

  • JSON files no longer generate Safeguarding Alerts.

  • Administrators with one or more of these roles and no others are exempt from the 15-character password requirement: Guardian temporary bypass, Guardian room block controls, Guardian unblock controls.

  • Fixed an issue introduced in Maiden-28 where location-based policies weren’t synced from Cloud Filter to On-Premise Appliance.

Maiden-31

Release date: 5 August 2025

For reinstalling the ISO:

  • Increased root and Admin UI password complexity when using the autoclean option.
  • The UEFI autoclean option now runs correctly without requiring the interactive installation steps.

Other updates:

  • Removed the Global Proxy System Alert, due to the deprecation of NTLM.
  • IP addresses that fail to sign in to SSH or the Admin UI 5 times in a 10-minute period can’t sign in for the next hour. View failed attempts for Admin UI in the new Admin IP ban section or SSH in the SSH section in Report > Logs > System.
  • Fixed a Network Interface ordering issue for Appliances using both igb and i40e drivers.
  • Readded the incorrect username or password message when signing into the Admin UI via HTTP.

Maiden-30

Release date: 2 July 2025

  • Improved internal error logging to help detect and resolve issues with Cloud log uploads.

  • Updated the Built-in Certificate Authority certificates to maintain access to trusted websites.

  • Introduced validation and a minimum length of 15 characters for stronger SSH and Admin UI password security.

  • TLS 1.0 and 1.1 protocols are no longer supported.

  • Fixed an issue in Central management setups where Firewall rules using service objects on the parent node caused errors during reinstall.

Maiden-29

Release date: 15 May 2025

  • The Admin UI sign-in page shows a prompt to change from using HTTP to HTTPS.
  • Added HSTS to browser connections for the Admin UI to prevent HTTP Downgrade Attacks.
  • Added recommendations to not use the 3DES Cryptographic algorithm option or the MD5 or SHA1 Hash algorithm options for IPsec Subnets.
  • We show Release Notes for Maiden when selecting Details on the Updates & Releases page.
  • Instant Safeguarding Alert emails sent from Cloud Filter show the time for the user’s device instead of in UTC.
  • The Refresh time for the Secret Knock must be at least 80 and you can only enter numbers.

Maiden-28

Release date: 1 April 2025

Fixed issues in Hybrid setups that could cause configuration mismatches or incomplete syncs to Cloud.

Maiden-27

Release date: 11 March 2025

Directories

  • User Display Names are synced to the Events and Cloud Scan Media pages in Monitor for Directories added in the On-Premise Appliance.
  • Improved the error message that shows in the Realtime System report when there is a duplicate Active Directory user.
  • Any issues with Directory syncs to the Cloud for users and groups are corrected in subsequent syncs.
  • Reduced duplicate data for systems with multiple tenants linked to a single IDex Directory to improve memory usage.

Authentication

  • Fixed an issue where users logging in via RADIUS were incorrectly mapped to the Unauthenticated IPs group.
  • Fixed an issue where subsequent logins did not replace the last login when an IP address could use multiple authentication types.
  • Renamed an Authentication Settings field to remove mention of IDex Client.

Other improvements

  • Fixed an issue where the Dynamic certificates in a HA failover pair were out of sync. Now when you set a new Certificate Authority as the default, the failover node will also get the new Dynamic certificates.
  • Because we removed the Cache options section in Web Proxy > Settings, we’ve switched off the default settings in the background.
  • Updated the wording on the MFA page.

Maiden-26

Release date: 11 February 2025

  • If you have a Hybrid setup, you can now manage Content Modification Policies using Cloud Filter! Switching over is easy - just toggle at least one Content Modification to On with both the Groups and Locations fields configured.
  • We’ve re-added the FTP, H.323, IRC and SIP Network application helpers to the Network > Settings > Advanced page.
  • We’ve also re-added the Routing Information Protocol (RIP) feature. To use RIP again, install the Routing module, then turn it on from Network > Routing > RIP.
  • The correct header length for pages over 512Kb is now returned, to prevent potential issues with Content Modification.

Maiden-25

Release date: 8 January 2025

Updated network card drivers to support new hardware and prevent network dropouts.

Maiden-24

Release date: 10 December 2024

  • To prevent authentication issues on large clusters, when an Archive Profile is replicated to child nodes and has Auth settings selected, child nodes won’t sync with Google or Azure. Authentication data is instead replicated to the child node from the parent node.
  • When using a HA failover pair, a failover event meant users would need to log in again and you would need to run a sync for IDex authentication to work. Now logins and IDex authentication data is replicated to the failover node.
  • We’ve fixed an issue where some Safeguarding Alerts were not sent or included in the Safeguarding Report in Cloud Reports. This only applied when users were browsing via Transparent proxy, and your organisation manages Instant Safeguarding Alerts from Cloud Filter and doesn’t have Decrypt and Inspect HTTPS policies in place.
  • We’ve fixed an issue for multi-tenant organisations using IDex directory. Now users are logged in and filtered according to the policies for the tenant they are assigned to, rather than the policies for the tenant with the Domain Controller.

Maiden-23

Release date: 20 November 2024

We’ve updated the Smoothwall DNS server version, so DNS responses can be stripped of the ECH records to ensure BYO users with ECH are filtered.

Maiden-22

Release date: 15 October 2024

  • Updated the instructions on the HTTPS Inspection Root Certificate Download page.

  • Fixed an issue where some customers had to run sendaddatanow from the Active Directory server after booting the appliance.

  • Removed the Allow users to log in using Connect for Chromebooks option from Services > Authentication > Google because we no longer support this option.

  • Added more checks to keep the authentication service running when the system boots, preventing login issues.

Maiden-21

Release date: 24 July 2024

  • If you have a large scale environment and need to optimise BYOD authentication via RADIUS, you can use the new setting on the Services > Authentication > BYOD page. If you already have this checkbox selected after updating, don’t unselect it.
  • We've fixed the issue where a "BitDefender anti-malware signatures have not yet been downloaded" message showed incorrectly.
  • When you click the Update signatures button and the latest anti virus signatures are already applied, we no longer show an incorrect "Update Failed" message.

Maiden-20

Release date: 24 June 2024

  • For organisations where Instant Safeguarding alerts are managed in Cloud and there is no Decrypt and Inspect HTTPS policy, Instant Safeguarding alerts are now sent and show in the Cloud Safeguarding Report.
  • We’ve fixed an issue with syncing between On-Premise and Cloud which in rare circumstances caused some configurations to be corrupted.
  • Users on Maiden logged in via RADIUS were being logged out after 10 minutes, but now stay logged in until they log out themselves.

Maiden-19

The update includes the following improvements:

  • Update to increase the efficiency of the reporting engine on systems with large amounts of log files.

The update fixes the following bugs:

  • Update to resolve an issue where all groups were shown on the user portal and not just the global and tenant specific ones.
  • Further fixes to resolve issues with auth during the overnight restart process.
  • Update to stop an issue loading the dashboard on systems with the swapfile disabled.
  • Update to resolve an issue with syncing IDex data on parent / child systems.
  • Update to resolve an issue where an alert could be raised for missing files that are not required and may not be present on the system.

Maiden-18

The update includes the following improvements:

  • Update to reduce how often IDex files are updated.
  • Update to make the new version of auth more stable.
  • Update to remove the update error notification after one week if not acknowledged on the on prem UI.
  • Update to allow multiple system generated automatic snapshots to be retained for 90 days.
  • Update to remove old update conversion files from the system.
  • Update to randomise the time the logs are uploaded for cloud reporting to spread the load on the cloud platform.
  • Update to how the internal data files for IDex are written.

The update fixes the following bugs:

  • Update to resolve an issue with Guardian during web searches.
  • Update to stop auth and access issues on child nodes when the new cloud config is added to the on prem device.
  • Update so we don't give the users a banner advising to send ad data if logins fail to be migrated when updating from disdb or cockroach.
  • Update to resolve a certificate issue preventing web browsing when Sophos is installed.
  • Update to prevent a timing issue which can cause auth to fail to start.
  • Update to prevent any potential data corruption if auth fails to start correctly multiple times.
  • Update to prevent auth failing to start if its config file has been removed.
  • Update to correct file naming issues to stop auth incorrectly reporting data loss.
  • Update to DHCP logout for IDex.
  • Update to resolve an issue where clicking Clear directory only cleared the data on the node this action was run on. It now clears the directory data for all cluster nodes.
  • Update to resolve an issue with auth when agent login data is replaced.
  • Update to prevent system monitoring processes restarting auth during the shutdown process.
  • Update to a spurious error message on child nodes when rebooted after recently joining a parent child setup.
  • Update to show group information when logged in via IDex.

Maiden-17

The update includes the following improvements:

  • Update to auth log file control.
  • Update to give a notification on the on premise UI if the data migration has errors when upgrading from Leeds to Maiden 17.
  • Update to error notification when updating from Maiden 12-16 up to Maiden 17.
  • Update to how QR codes are generated for MFA.
  • Further improvements to upgrade scripts.

The update fixes the following bugs:

  • Update to fix an issue where user logging in via OpenVPN cannot use group based rules.
  • Update to generate the public key for partnernet access if the file is corrupt.
  • Update to VPN to support new hardware and TLS v1.3 when new VPN clients are used.

Maiden-16

The update introduces the following new features:

  • Update to ingest the cloud config for a new appliance device when there is cloud config, but the appliance has no config.

The update includes the following improvements:

  • Update to use tokens when retrieving files from the cloud.
  • Update to the anti virus product used by the on prem device.

The update fixes the following bugs:

  • Update to ensure the cloud portal is unlocked when shutting down or restarting the appliance.
  • Update to names reported in log files.
  • Update to fix internal server error being shown for SSL login page.
  • Update to resolve an issue with the IDex sync file which can cause auth to fail to start.
  • Update to ensure cloud directory sync only is maintained when the system is rebuilt.

Maiden-15

The update fixes the following bugs:

  • Update to fix an issue when multiple AD servers send sync data to a single IDex directory.

Maiden-14

The update fixes the following bugs:

  • Update to fix a group mapping issue when running IDex version older than v2.

Maiden-13

The Maiden-13 update fixes a number of bugs:

  • Resolve error on page loading message in the log file.
  • Resolve an issue where there are unknown users and groups being shown during system updates.
  • Resolving an issue where content modifications removes results due to an incorrect restricted mode.

Maiden-12

The Maiden-12 update introduces an updated auth database system for IDex and fixes two bugs in line with Leeds-71:

  • Fixing a problem with cloud safeguarding daemon restarting incorrectly.
  • Fix for Apache signal handling within SSL login.

Be aware that this update requires all nodes in a cluster to be upgraded to guarantee correct functionality for IDex directories.

Maiden-11

The Maiden-11 update brings updates from Leeds-70:

  • Update move all existing core files to the log partition and create any new ones in the log partition.
  • Update to stop the page load issues with a full disk or corrupt journal file.
  • Update move all existing core files to the log partition and create any new ones in the log partition.
  • Update to use new ntp servers.
  • Preparation to allow directory mappings to be managed fully in the cloud.
  • Update the backup process to add more logging information in the system logfile for failures.
  • Reduce the size of scheduled reports to a maximum of 30,000 rows for reports which are emailed out. Provide a message in the email to the user if this size is exceeded.
  • Preparation to allow directory mappings to be managed fully in the cloud.
  • Update to stop page load issues if a tenant is deleted when there is a category group in HTTPS inspection policies for that tenant.
  • Update to allow the on prem device to send logs to Google for reporting instead of Azure.
  • Update to resolve a memory leak in the safeguarding program.
  • Update to resolve an issue with the weekly restart cron job for the cloud manager process.
  • Update to resolve an issue timeslots moving time by a minute when cloud updates a different timeslot.
  • Update to resolve a potential issue when syncing IDex directories to the cloud.
  • Preparation to allow directory mappings to be managed fully in the cloud.
  • Update to remove leftover references for Google and Azure directories when the directory is deleted.
  • Update to correctly populate the config files when adding directories.
  • Update to resolve an issue where auth fails during the overnight sync.
  • Update to cloud directory sync to ensure all group information is included correctly.
  • Update to ensure cloud group mappings are correctly written to the running config for Guardian.
  • Update to create a config file needed for the Azure SSL login page.
  • Update to directory sync handling of deleted directories with group mappings still present.
  • Update to fix a policy issue for multi tenant builds where the block and allows policies were not being correctly applied.
  • Update to allow multiple tenants to be selected for an IDex directory.
  • Update to resolve an issue where child policies were not correctly updated when ingesting the config from the cloud.

Maiden-10

The Maiden-10 update brings updates from Leeds-69:

  • Improvements to performance when using large numbers of auth directories.
  • Updating UI style to improve consistency.
  • Internal update to update configuration for future update stability.
  • Updating UI to use new Smoothwall by Qoria logo.
  • Improvements to config writing performance for large scale deployments.
  • Improving debugging output to assist diagnosing issues with AzureAD directory integrations.
  • Improvements to SSL login to increase the number of concurrent connections.
  • Improving bad data handling for safeguarding alerts.
  • Added extra telemetry for monitoring status of safeguarding process.
  • Improvements to handling and applying cloud configurations.
  • Improvements to SSL login to increase the number of concurrent connections.
  • Improvements to performance when using large numbers of auth directories.
  • Update to cloud management service to better handle configuration changes.
  • Improve debugging output in the event of errors with safeguarding alerts.
  • Detecting and fixing incorrect identifiers in cloud config synchronisation.
  • Correct error reporting for cloud manager in clustered environments.
  • Remove requirement of a restart after enabling cloud safeguarding alerts.
  • Bug fix to resolve log error message on page loads.
  • Bug fix to resolve and issue where users are not shown in policies after the policy is ingested from the cloud portal.
  • Further updates to system stability when ingesting policies from the cloud portal.
  • Additional fix to resolve auth restarting when directories are synced.
  • Fix to non ASCII character handling in custom categories.

Maiden-9

The Maiden-9 update brings updates from Leeds-68:

  • Updates to allow for future release of cloud content modification integration.
  • Improving telemetry around cloud service integration.
  • Add Azure login page to the Authentication menu.
  • Allow cloud safeguarding alerts for unauthenticated users.
  • Update the cloud sync processes to remove errors due to invalid group names.
  • Update the config to stop the layer 7 Psiphon rule over blocking.
  • Updates to stop the cloud sync process causing duplicate policies.
  • Resolves an issue where it is possible to pass empty groups the the cloud during sync.
  • Update to resolve an issue of unknown Who in policies created in the cloud where the group is used before a sync has occurred.
  • Fixes an issues where customers on Maiden 8 cannot export certificates from the VPN ? Certificates menu.
  • Fixes an issue where the cloud manager can crash if the update file has no data.
  • Update to fix an issue with warning emails for VPN certificate being sent for valid certificates.
  • Update to resolve an issue of unknown Who in policies created in the cloud where the group is used before a sync has occurred.
  • Update to resolve issues with potential duplicate timeslots and policies.

Maiden-8

The Maiden-8 update fixes a CVE and brings updates from Leeds-66.

Fixed in Maiden:

  • Updating libreswan to patch CVE-2022-23094

From Leeds:

  • Updating Geoblocking IP database.
  • Change to new install defaults, allow remote support access.
  • Change to new install defaults, changing IDex purge configuration
  • Change to new install defaults, enabling HTTPS for transparent proxy.
  • Allow configuration of Squid memory cache setting.
  • Performance improvement to cloud directory data uploads.
  • Fixed formatting issue with exported reports
  • Fixing a broken link in the Category Test Tool Bug
  • Fix file system check for child nodes on some hardware configurations
  • Add retries around config writing in clusters if system load prevents initial application
  • Fix display bug with log pagination in the UI
  • Allowing MFA logins on Guardian Bypass login function.
  • Improve handling of failed connections to cloud filter bypass to avoid buffer limit
  • Implementing new update mechanism to allow more frequent geolocation updates.
  • Fix bug in cloud log uploading that could cause a process to hang
  • Update to licence key packaging to support future updates
  • Fix issue with UTF-8 characters in cloud log uploading.
  • Re-configuring request limits for cloud filter bypass to avoid disruption by malformed requests
  • Fix to UTF-8 character handling in safeguarding alerts.
  • Added IDex directory synchronisation with cloud.
  • Change to boot order set on new installs
  • Initialising directory structure required for cloud services on fresh install
  • Improve monitoring metrics of guardian errors
  • Add config writing retries to monitoring metrics
  • Performance improvement for processing some reports
  • Improvement to config writing queues to improve performance for large configuration sets.
  • Improvements for error handling around cloud reporting integration.
  • Improvements to log processing for cloud reporting integration.
  • Reducing verbosity of logging for cloud reporting.
  • Improvements to SMS safeguarding alerts to improve specific provider compatibility.
  • Updated Navl.
  • Updated Google API usage for SSL login page.
  • Fix to search term reporting.
  • Upgrading openssl.
  • Updating SSL certificates.
  • Upgrading tooling to match newer openssl version.

Maiden-7

The Maiden-7 update fixes a number of bugs and brings updates from Leeds-64.

Fixed in Maiden:

  • Upgrade Navl to prevent segfault bug on boot.
  • Resolve issue with users auth and group mappings via a child node.
  • Fix to IKE settings to correct issue with some configurations.

The Leeds update fixes a number of bugs:

  • Allow safeguarding alerts to be sent via cloud for cloud filter customers.
  • Upgrading gzip to patch CVE-2022-1271.
  • Update ConfigWriter so that it ignores uncontactable AD servers.
  • Update licencing check cron timings to improve performance.
  • Adding ConsistencyLevel eventual header for AzureAD synchronisation to expand range of supported filters
  • Leeds 61 introduced an edge case which could lead to an intermittent guardian segfault
  • Update to Azure AD server group info collection. Nested groups now contain all child group members.
  • Update to ensure there are no duplicate group mappings.
  • Update to guardian to prevent segfault issue with some configurations.
  • Renew bitdefender license.
  • Improve directories config generation when an AD server is unavailable.
  • Update to group collection for LDAP, eDirectory and AD (legacy method).
  • Update resync to a newer version.
  • Update SNMP to also block port 199 when added to firewall rules.
  • Update to fix potential group mapping issue which can occur if there are multiple AD servers with the same name.
  • Update to keys used for package updates.

Maiden-6

The Maiden-6 update fixes a number of bugs:

  • Upgrading gzip to patch CVE-2022-1271.
  • Update licencing check cron timings to improve performance.
  • Adding ConsistencyLevel eventual header for AzureAD synchronisation to expand range of supported filters
  • Update to guardian to prevent segfault issue with some configurations.

Maiden-5

The Maiden-5 update fixes a number of bugs and brings updates from Leeds-59, 60 and 61.

Fixed in Maiden:

  • Correct issue with Guardian correctly identifying tenant for user

From Leeds-59:

  • Datastore settings page improve loading with lots of data
  • Correct policy tester showing a block condition on a URL with path
  • Safeguarding results if user also browses as just IP
  • Cloud backups success telemetry
  • Cloud backups disabled telemetry
  • Throughput telemetry
  • Collect advanced user option configuration telemetry
  • Send firewall logs to Police Cyber Alarm
  • /tmp space telemetry
  • Change the way guardian/squid errors are reported
  • Guardian Functionality Test handle 403 HTTP code
  • Hardware identification telemetry
  • Correct group mapping application

From Leeds-60:

  • Update to VPN tunnel connection history to allow for different process owners
  • Unify syslog-ng configurations
  • Make Squid file descriptor limit configurable
  • Reorder request inspection chain to inspect body earlier if required
  • Add tenant to web filter log viewer
  • Improve telemetry on crashes
  • Add bash-completion
  • Update console boot splash and add IP address information
  • Improve DataStore error clarity on being unable to query
  • Correction to date ranges in Reports Scheduler
  • Improve Datastore telemetry
  • Add improved segfault telemetry
  • Send group list with cloud directory ingest
  • Improve Guardian tenanted category search terms matching when global category already matched
  • Improvements to telemetry service
  • Correction to disk status checking telemetry
  • Fix for Data::Compare comparing JSON::XS::Boolean values
  • Upgrade ethtool to allow extra diagnostics for SFP modules
  • Fix UI issue with deleted groups

From Leeds-61:

  • Prevent overriding of default terrorism policy
  • Improve performance and reduce unnecessary logging from Guardian for looking up tenant locations & time slots
  • Correct issue with category search for tenant categories
  • Guardian handling of error in blocklist improved
  • Allow category search tool to run if proxy filtering is off
  • Fix logging error with certificate check socket being closed twice
  • Remove autorun and correct links in iso
  • Instant Alert on admin login success.
  • Update ios certificate install instructions
  • Add extra-utf8 handling for bad utf-8 characters when running a report.
  • Add root OU to groups list that cloud directory sends
  • Add information on Maiden upgrade to the updates page

Maiden-4

The Maiden-4 update removes disdb and introduces authd5 for Idex authentication.

Maiden-3

The Maiden-3 update brings two new features from Leeds-58:

  • Directory Services 2.5 integration
  • User and group filters for Azure AD binds

Maiden-2

The Maiden-2 update fixes a number of bugs including porting bugs fixed in Leeds-57:

  • Change domain trends report links
  • Update supported browser information
  • Reduce DNS reload ferquency in clusters
  • Error when a tenant DNS server is unavailable
  • DNSMasq vulnerable to CVE-2017-14491
  • Default report templates performance improvement
  • Improve groupmap debug information
  • Safeguarding Results matching correction
  • Cloud::State remove taint check warning
  • Add logout option to improve cloud user locking
  • Add temperature data to telemetry
  • Improve RAM usage calculations
  • Reduce unnecessary log verbosity
  • Fix problem displaying safeguarding in portal
  • Fix issue with Individual user report on portal for tenanted data
  • Fix for missing video ids in youtube video id migration
  • Improve Datastore Ipad client log processing
  • Instant safeguarding notifications tied to groups email trigger fix
  • Cloud backup too many concurrent connections error
  • Environment path error in backup restoration
  • Change AzureAD and Google cron times
  • Move location of and clean up old cloud reporting logs
  • Fix handling of Smoothwall group config
  • Support fingerprint field for cloud directory uploads
  • Increase guardian file descriptor limit
  • Increase number of communication channels between guardian and squid
  • Increase number of files Datastore can monitor for large tenanted deployments
  • Force a full cloud directory sync on update
  • Fix error switching Guardian status
  • Correct warning box heading colour
  • Fixes for VPN GUI
  • Port kernel spin lock patch from Leeds

Maiden-1

The Maiden-1 update fixes a number of bugs:

  • Cloud Backup Retrieval Script warning handling on first run.
  • Make table striping more consistent in the UI.
  • Fix log directory issue for Radius BYOD.
  • Add additional HTTP security headers to the UI
  • Update repository pinning rules to support new upstream version
  • Improvements in performance for safeguarding summary report
  • Add new partitioned cloud log uploader
  • Cloud Directory cache clearing
  • Improvements to telemetry
  • State of 'Allow HTTPS traffic with no SNI...' option not visible in policy table, only in wizard
  • Allow Content Modifications on larger pages
  • Blockpage performance improvements
  • Add cloud backup monitoring to telemetry.
  • Add new Lets Encrypt certificate
  • Tenant ingestion from cloud