Maiden-21 (24th July 2024)
- If you have a large scale environment and need to optimise BYOD authentication via RADIUS, you can use the new setting on the Services > Authentication > BYOD page. If you already have this checkbox selected after updating, don’t unselect it.
- We've fixed the issue where a "BitDefender anti-malware signatures have not yet been downloaded" message showed incorrectly.
- When you click the Update signatures button and the latest anti virus signatures are already applied, we no longer show an incorrect "Update Failed" message.
Maiden-20 (24th June 2024)
- For organisations where Instant Safeguarding alerts are managed in Cloud and there is no Decrypt and Inspect HTTPS policy, Instant Safeguarding alerts are now sent and show in the Cloud Safeguarding Report.
- We’ve fixed an issue with syncing between On-Premise and Cloud which in rare circumstances caused some configurations to be corrupted.
- Users on Maiden logged in via RADIUS were being logged out after 10 minutes, but now stay logged in until they log out themselves.
Maiden-19
The update includes the following improvements:
- Update to increase the efficiency of the reporting engine on systems with large amounts of log files.
The update fixes the following bugs:
- Update to resolve an issue where all groups were shown on the user portal and not just the global and tenant specific ones.
- Further fixes to resolve issues with auth during the overnight restart process.
- Update to stop an issue loading the dashboard on systems with the swapfile disabled.
- Update to resolve an issue with syncing IDex data on parent / child systems.
- Update to resolve an issue where an alert could be raised for missing files that are not required and may not be present on the system.
Maiden-18
The update includes the following improvements:
- Update to reduce how often IDex files are updated.
- Update to make the new version of auth more stable.
- Update to remove the update error notification after one week if not acknowledged on the on prem UI.
- Update to allow multiple system generated automatic snapshots to be retained for 90 days.
- Update to remove old update conversion files from the system.
- Update to randomise the time the logs are uploaded for cloud reporting to spread the load on the cloud platform.
- Update to how the internal data files for IDex are written.
The update fixes the following bugs:
- Update to resolve an issue with Guardian during web searches.
- Update to stop auth and access issues on child nodes when the new cloud config is added to the on prem device.
- Update so we don't give the users a banner advising to send ad data if logins fail to be migrated when updating from disdb or cockroach.
- Update to resolve a certificate issue preventing web browsing when Sophos is installed.
- Update to prevent a timing issue which can cause auth to fail to start.
- Update to prevent any potential data corruption if auth fails to start correctly multiple times.
- Update to prevent auth failing to start if its config file has been removed.
- Update to correct file naming issues to stop auth incorrectly reporting data loss.
- Update to DHCP logout for IDex.
- Update to resolve an issue where clicking Clear directory only cleared the data on the node this action was run on. It now clears the directory data for all cluster nodes.
- Update to resolve an issue with auth when agent login data is replaced.
- Update to prevent system monitoring processes restarting auth during the shutdown process.
- Update to a spurious error message on child nodes when rebooted after recently joining a parent child setup.
- Update to show group information when logged in via IDex.
Maiden-17
The update includes the following improvements:
- Update to auth log file control.
- Update to give a notification on the on premise UI if the data migration has errors when upgrading from Leeds to Maiden 17.
- Update to error notification when updating from Maiden 12-16 up to Maiden 17.
- Update to how QR codes are generated for two factor authentication.
- Further improvements to upgrade scripts.
The update fixes the following bugs:
- Update to fix an issue where user logging in via OpenVPN cannot use group based rules.
- Update to generate the public key for partnernet access if the file is corrupt.
- Update to VPN to support new hardware and TLS v1.3 when new VPN clients are used.
Maiden-16
The update introduces the following new features:
- Update to ingest the cloud config for a new appliance device when there is cloud config, but the appliance has no config.
The update includes the following improvements:
- Update to use tokens when retrieving files from the cloud.
- Update to add alerting if the root password has not being changed from the installation default.
- Update to the anti virus product used by the on prem device.
The update fixes the following bugs:
- Update to ensure the cloud portal is unlocked when shutting down or restarting the appliance.
- Update to names reported in log files.
- Update to fix internal server error being shown for SSL login page.
- Update to resolve an issue with the IDex sync file which can cause auth to fail to start.
- Update to ensure cloud directory sync only is maintained when the system is rebuilt.
Maiden-15
The update fixes the following bugs:
- Update to fix an issue when multiple AD servers send sync data to a single IDex directory.
Maiden-14
The update fixes the following bugs:
- Update to fix a group mapping issue when running IDex version older than v2.
Maiden-13
The Maiden-13 update fixes a number of bugs:
- Resolve error on page loading message in the log file.
- Resolve an issue where there are unknown users and groups being shown during system updates.
- Resolving an issue where content modifications removes results due to an incorrect restricted mode.
Maiden-12
The Maiden-12 update introduces an updated auth database system for IDex and fixes two bugs in line with Leeds-71:
- Fixing a problem with cloud safeguarding daemon restarting incorrectly.
- Fix for Apache signal handling within SSL login.
Be aware that this update requires all nodes in a cluster to be upgraded to guarantee correct functionality for IDex directories.
Maiden-11
The Maiden-11 update brings updates from Leeds-70:
- Update move all existing core files to the log partition and create any new ones in the log partition.
- Update to stop the page load issues with a full disk or corrupt journal file.
- Update move all existing core files to the log partition and create any new ones in the log partition.
- Update to use new ntp servers.
- Preparation to allow directory mappings to be managed fully in the cloud.
- Update the backup process to add more logging information in the system logfile for failures.
- Reduce the size of scheduled reports to a maximum of 30,000 rows for reports which are emailed out. Provide a message in the email to the user if this size is exceeded.
- Preparation to allow directory mappings to be managed fully in the cloud.
- Update to stop page load issues if a tenant is deleted when there is a category group in HTTPS inspection policies for that tenant.
- Update to allow the on prem device to send logs to Google for reporting instead of Azure.
- Update to resolve a memory leak in the safeguarding program.
- Update to resolve an issue with the weekly restart cron job for the cloud manager process.
- Update to resolve an issue timeslots moving time by a minute when cloud updates a different timeslot.
- Update to resolve a potential issue when syncing IDex directories to the cloud.
- Preparation to allow directory mappings to be managed fully in the cloud.
- Update to remove leftover references for Google and Azure directories when the directory is deleted.
- Update to correctly populate the config files when adding directories.
- Update to resolve an issue where auth fails during the overnight sync.
- Update to cloud directory sync to ensure all group information is included correctly.
- Update to ensure cloud group mappings are correctly written to the running config for Guardian.
- Update to create a config file needed for the Azure SSL login page.
- Update to directory sync handling of deleted directories with group mappings still present.
- Update to fix a policy issue for multi tenant builds where the block and allows policies were not being correctly applied.
- Update to allow multiple tenants to be selected for an IDex directory.
- Update to resolve an issue where child policies were not correctly updated when ingesting the config from the cloud.
Maiden-10
The Maiden-10 update brings updates from Leeds-69:
- Improvements to performance when using large numbers of auth directories.
- Updating UI style to improve consistency.
- Internal update to update configuration for future update stability.
- Updating UI to use new Smoothwall by Qoria logo.
- Improvements to config writing performance for large scale deployments.
- Improving debugging output to assist diagnosing issues with AzureAD directory integrations.
- Improvements to SSL login to increase the number of concurrent connections.
- Improving bad data handling for safeguarding alerts.
- Added extra telemetry for monitoring status of safeguarding process.
- Improvements to handling and applying cloud configurations.
- Improvements to SSL login to increase the number of concurrent connections.
- Improvements to performance when using large numbers of auth directories.
- Update to cloud management service to better handle configuration changes.
- Improve debugging output in the event of errors with safeguarding alerts.
- Detecting and fixing incorrect identifiers in cloud config synchronisation.
- Correct error reporting for cloud manager in clustered environments.
- Remove requirement of a restart after enabling cloud safeguarding alerts.
- Bug fix to resolve log error message on page loads.
- Bug fix to resolve and issue where users are not shown in policies after the policy is ingested from the cloud portal.
- Further updates to system stability when ingesting policies from the cloud portal.
- Additional fix to resolve auth restarting when directories are synced.
- Fix to non ASCII character handling in custom categories.
Maiden-9
The Maiden-9 update brings updates from Leeds-68:
- Updates to allow for future release of cloud content modification integration.
- Improving telemetry around cloud service integration.
- Add Azure login page to the Authentication menu.
- Allow cloud safeguarding alerts for unauthenticated users.
- Update the cloud sync processes to remove errors due to invalid group names.
- Update the config to stop the layer 7 Psiphon rule over blocking.
- Updates to stop the cloud sync process causing duplicate policies.
- Resolves an issue where it is possible to pass empty groups the the cloud during sync.
- Update to resolve an issue of unknown Who in policies created in the cloud where the group is used before a sync has occurred.
- Fixes an issues where customers on Maiden 8 cannot export certificates from the VPN ? Certificates menu.
- Fixes an issue where the cloud manager can crash if the update file has no data.
- Update to fix an issue with warning emails for VPN certificate being sent for valid certificates.
- Update to resolve an issue of unknown Who in policies created in the cloud where the group is used before a sync has occurred.
- Update to resolve issues with potential duplicate timeslots and policies.
Maiden-8
The Maiden-8 update fixes a CVE and brings updates from Leeds-66.
Fixed in Maiden:
- Updating libreswan to patch CVE-2022-23094
From Leeds:
- Updating Geoblocking IP database.
- Change to new install defaults, allow remote support access.
- Change to new install defaults, changing IDex purge configuration
- Change to new install defaults, enabling HTTPS for transparent proxy.
- Allow configuration of Squid memory cache setting.
- Performance improvement to cloud directory data uploads.
- Fixed formatting issue with exported reports
- Fixing a broken link in the Category Test Tool Bug
- Fix file system check for child nodes on some hardware configurations
- Add retries around config writing in clusters if system load prevents initial application
- Fix display bug with log pagination in the UI
- Allowing 2FA logins on Guardian Bypass login function.
- Improve handling of failed connections to cloud filter bypass to avoid buffer limit
- Implementing new update mechanism to allow more frequent geolocation updates.
- Fix bug in cloud log uploading that could cause a process to hang
- Update to licence key packaging to support future updates
- Fix issue with UTF-8 characters in cloud log uploading.
- Re-configuring request limits for cloud filter bypass to avoid disruption by malformed requests
- Fix to UTF-8 character handling in safeguarding alerts.
- Added IDex directory synchronisation with cloud.
- Change to boot order set on new installs
- Initialising directory structure required for cloud services on fresh install
- Improve monitoring metrics of guardian errors
- Add config writing retries to monitoring metrics
- Performance improvement for processing some reports
- Improvement to config writing queues to improve performance for large configuration sets.
- Improvements for error handling around cloud reporting integration.
- Improvements to log processing for cloud reporting integration.
- Reducing verbosity of logging for cloud reporting.
- Improvements to SMS safeguarding alerts to improve specific provider compatibility.
- Updated Navl.
- Updated Google API usage for SSL login page.
- Fix to search term reporting.
- Upgrading openssl.
- Updating SSL certificates.
- Upgrading tooling to match newer openssl version.
Maiden-7
The Maiden-7 update fixes a number of bugs and brings updates from Leeds-64.
Fixed in Maiden:
- Upgrade Navl to prevent segfault bug on boot.
- Resolve issue with users auth and group mappings via a child node.
- Fix to IKE settings to correct issue with some configurations.
The Leeds update fixes a number of bugs:
- Allow safeguarding alerts to be sent via cloud for cloud filter customers.
- Upgrading gzip to patch CVE-2022-1271.
- Update ConfigWriter so that it ignores uncontactable AD servers.
- Update licencing check cron timings to improve performance.
- Adding ConsistencyLevel eventual header for AzureAD synchronisation to expand range of supported filters
- Leeds 61 introduced an edge case which could lead to an intermittent guardian segfault
- Update to Azure AD server group info collection. Nested groups now contain all child group members.
- Update to ensure there are no duplicate group mappings.
- Update to guardian to prevent segfault issue with some configurations.
- Renew bitdefender license.
- Improve directories config generation when an AD server is unavailable.
- Update to group collection for LDAP, eDirectory and AD (legacy method).
- Update resync to a newer version.
- Update SNMP to also block port 199 when added to firewall rules.
- Update to fix potential group mapping issue which can occur if there are multiple AD servers with the same name.
- Update to keys used for package updates.
Maiden-6
The Maiden-6 update fixes a number of bugs:
- Upgrading gzip to patch CVE-2022-1271.
- Update licencing check cron timings to improve performance.
- Adding ConsistencyLevel eventual header for AzureAD synchronisation to expand range of supported filters
- Update to guardian to prevent segfault issue with some configurations.
Maiden-5
The Maiden-5 update fixes a number of bugs and brings updates from Leeds-59, 60 and 61.
Fixed in Maiden:
- Correct issue with Guardian correctly identifying tenant for user
From Leeds-59:
- Datastore settings page improve loading with lots of data
- Correct policy tester showing a block condition on a URL with path
- Safeguarding results if user also browses as just IP
- Cloud backups success telemetry
- Cloud backups disabled telemetry
- Throughput telemetry
- Collect advanced user option configuration telemetry
- Send firewall logs to Police Cyber Alarm
- /tmp space telemetry
- Change the way guardian/squid errors are reported
- Guardian Functionality Test handle 403 HTTP code
- Hardware identification telemetry
- Correct group mapping application
From Leeds-60:
- Update to VPN tunnel connection history to allow for different process owners
- Unify syslog-ng configurations
- Make Squid file descriptor limit configurable
- Reorder request inspection chain to inspect body earlier if required
- Add tenant to web filter log viewer
- Improve telemetry on crashes
- Add bash-completion
- Update console boot splash and add IP address information
- Improve DataStore error clarity on being unable to query
- Correction to date ranges in Reports Scheduler
- Improve Datastore telemetry
- Add improved segfault telemetry
- Send group list with cloud directory ingest
- Improve Guardian tenanted category search terms matching when global category already matched
- Improvements to telemetry service
- Correction to disk status checking telemetry
- Fix for Data::Compare comparing JSON::XS::Boolean values
- Upgrade ethtool to allow extra diagnostics for SFP modules
- Fix UI issue with deleted groups
From Leeds-61:
- Prevent overriding of default terrorism policy
- Improve performance and reduce unnecessary logging from Guardian for looking up tenant locations & time slots
- Correct issue with category search for tenant categories
- Guardian handling of error in blocklist improved
- Allow category search tool to run if proxy filtering is off
- Fix logging error with certificate check socket being closed twice
- Remove autorun and correct links in iso
- Instant Alert on admin login success.
- Update ios certificate install instructions
- Add extra-utf8 handling for bad utf-8 characters when running a report.
- Add root OU to groups list that cloud directory sends
- Add information on Maiden upgrade to the updates page
Maiden-4
The Maiden-4 update removes disdb and introduces authd5 for Idex authentication.
Maiden-3
The Maiden-3 update brings two new features from Leeds-58:
- Directory Services 2.5 integration
- User and group filters for Azure AD binds
Maiden-2
The Maiden-2 update fixes a number of bugs including porting bugs fixed in Leeds-57:
- Change domain trends report links
- Update supported browser information
- Reduce DNS reload ferquency in clusters
- Error when a tenant DNS server is unavailable
- DNSMasq vulnerable to CVE-2017-14491
- Default report templates performance improvement
- Improve groupmap debug information
- Safeguarding Results matching correction
- Cloud::State remove taint check warning
- Add logout option to improve cloud user locking
- Add temperature data to telemetry
- Improve RAM usage calculations
- Reduce unnecessary log verbosity
- Fix problem displaying safeguarding in portal
- Fix issue with Individual user report on portal for tenanted data
- Fix for missing video ids in youtube video id migration
- Improve Datastore Ipad client log processing
- Instant safeguarding notifications tied to groups email trigger fix
- Cloud backup too many concurrent connections error
- Environment path error in backup restoration
- Change AzureAD and Google cron times
- Move location of and clean up old cloud reporting logs
- Fix handling of Smoothwall group config
- Support fingerprint field for cloud directory uploads
- Increase guardian file descriptor limit
- Increase number of communication channels between guardian and squid
- Increase number of files Datastore can monitor for large tenanted deployments
- Force a full cloud directory sync on update
- Fix error switching Guardian status
- Correct warning box heading colour
- Fixes for VPN GUI
- Port kernel spin lock patch from Leeds
Maiden-1
The Maiden-1 update fixes a number of bugs:
- Cloud Backup Retrieval Script warning handling on first run.
- Make table striping more consistent in the UI.
- Fix log directory issue for Radius BYOD.
- Add additional HTTP security headers to the UI
- Update repository pinning rules to support new upstream version
- Improvements in performance for safeguarding summary report
- Add new partitioned cloud log uploader
- Cloud Directory cache clearing
- Improvements to telemetry
- State of 'Allow HTTPS traffic with no SNI...' option not visible in policy table, only in wizard
- Allow Content Modifications on larger pages
- Blockpage performance improvements
- Add cloud backup monitoring to telemetry.
- Add new Lets Encrypt certificate
- Tenant ingestion from cloud
Be aware that as a Multi-Tenant user, if you have a cloud filter licence this will remove your capacity to edit tenants on-premise. Please contact your Customer Success Manager for more information