- Offizieller Beitrag
Here’s a short list of changes compared to the latest 3.2.2 released iso:
•Updated squid to 3.5.25
•Updated dnsmasq to 2.76
•Updated openvpn to 2.4.3
•Security improvements to certificates management and openvpn
•Extended support for hardware raid
•Extended support for network interfaces
•Security fixes
•Added hourly graphs (thanks to dwstudeman from community)
Code
Changelog EFW Community 3.2.4
=============================
* Bug CORE-1396 Jobsengine unresponsive logging "Too many open files"
* Bug CORE-1521 Network interfaces change order
* Bug CORE-1637 Missing error message in NetworkMultiIPS validator
* Bug CORE-1706 Fix notifications functions update_patterndb
* Bug CORE-1713 Missing old smartarray and perc driver
* Bug CORE-1735 Change how DataSource handle missing path
* Bug CORE-1763 Fix default endian daemons config path
* Bug CORE-1779 Redis is using the wrong configuration file on 3.10 and 5.0
* Bug CORE-1834 Proxy HTTP button incorrectly displayed on some products
* Bug CORE-1850 An invalid exit code in a Job action prevents successive Job execution
* Bug CORE-1865 Traceback on httpd job on start
* Bug CORE-1880 Wrong date in filename for archived logs
* Bug CORE-1909 Create MongoDB indexes
* Bug CORE-1917 ECDSA ssh keys are not included in settings backup
* Bug CORE-1922 Network Wizard from CLI cannot add multiple IPs on red interface
* Bug CORE-1951 Missing firmware for BCM5709
* Bug CORE-1970 Additional gui users cannot access to emi webpages
* Bug CORE-2010 Wrong ownership for emi cachestorage file
* Bug CORE-2020 Hard disks using the aacraid module are not detected by the installer
* Bug CORE-2021 Migration script engine missing attribute "warn"
* Bug CORE-2032 Stop deleting Jobsengine socket on exit
* Bug CORE-2052 Usb modem is detected as eth0 interface
* Bug CORE-2064 Upgrade python-simplejson to prevent conversion of i18n strings to JSON failure
* Bug CORE-2075 HTTP Proxy logs not rotated
* Bug CORE-2076 Logrotate does not rotate log files bigger than 2GB on x86 platforms
* Bug CORE-449 Conntrack connections table not cleaned after uplink failover
* Bug EOS-1185 Smart does not always install the latest packages when building the image
* Bug EOS-1259 Installer: udev reassembles old raid during install
* Bug EOS-1281 installer: Fix raid and clock problems
* Bug EOS-1290 base: stray comma in product_definitions.json
* Bug EOS-1301 yocto: add an external option to skip do_rootfs task
* Bug EOS-840 Get rid of gnutls
* Bug UTM-1174 After changing HTTP Proxy's port then the old socket on the old port still listens
* Bug UTM-1282 VPN connection status for IPSEC/L2TP Host-to-Net connection doesn't show Assigned IP and Remote IP
* Bug UTM-1409 Patch Squid DoS vulnerabilities
* Bug UTM-1544 Squid generates deprecated sha1 signed certificates for sslbump
* Bug UTM-1635 Modification to Snort rules are not applied
* Bug UTM-1648 wpad is offered via DHCP and HTTP even if proxy is inactive
* Bug UTM-1659 New OpenVPN binary does not trigger servers and tunnels restart
* Bug UTM-1667 Wrong pid file move in postinstall script of efw-vpn
* Bug UTM-1677 Missing dhcrelay binary
* Bug UTM-1691 Changing OpenVPN server device type modifies the owner of some cache files
* Bug UTM-1696 Missing liblogin SASL library
* Bug UTM-1697 Radius authentication does not work on VPN
* Bug UTM-1698 smtpscan Traceback at boot if shoudstart is False
* Bug UTM-1724 Extra lines included in available TLS ciphers for OpenVPN
* Bug UTM-1726 Squid won't start if disk cache size is 10GB
* Bug UTM-1769 OpenVPN stopped after efw-vpn update because of authentication daemon restart
* Bug UTM-1772 Add parameter winbind max clients to winbind.conf
* Bug UTM-1803 openvpn-user fakeconnect raises an exception if username contains a slash
* Bug UTM-1826 Factory reset produces a httpd certificate without SAN
* Bug UTM-1834 Re/introduce triggers in efw-vpn and efw-vpnclient for OpenVPN
* Bug UTM-1837 Openvpnclient gets not monitored after a force restart via jobcontrol
* Bug UTM-1841 Jobsengine deadlock prevents jobs from starting
* Bug UTM-1843 Snort signatures are not updated
* Bug UTM-1844 OpenVPN server does not start due to invalid template
* Bug UTM-1852 c-icap cannot allocate memory for buffer
* Bug UTM-549 DHCP dynamic leases page show also expired leases
* Epic CORE-2054 Extend kernel 4.1 compatibility
* Epic UTM-1564 Update squid to 3.5.25
* Epic UTM-1682 Add restart option in vpn postinst and trigger
* Epic UTM-1787 Snort signatures management fixes
* Improvement COMMUNITY-62 Update favicon with endian community logo
* Improvement CORE-1549 New notifications based on Toastr
* Improvement CORE-1675 Show in dashboard if signatures download is disabled by an uplink configuration
* Improvement CORE-1822 Disable OpenSSH port 222
* Improvement CORE-1879 Add custom configuration file for each OpenVPN client
* Improvement CORE-2029 Add JSON payload support for EMI commands
* Improvement CORE-2069 Start emi/acpid/ulog before the netwizard
* Improvement EOS-1216 Apply efw-snort patches on sources
* Improvement EOS-910 kernel: upgrade to 4.1.35
* Improvement UTM-1230 Ignore authentication layer exceptions during OpenVPN restart
* Improvement UTM-1665 Notify recipients when a virus mail has been detected
* Improvement UTM-1743 Customize OpenVPN dnsmasq vpn prefix
* Improvement UTM-1744 Allow different certificates for each OpenVPN server instance
* Improvement UTM-1790 Restructure OpenVPN GUI for handle instance with different certificates
* Improvement UTM-1849 Support for hourly graphs
* Improvement UTM-545 Create whitelist for RBL bypass
* New Feature CORE-1955 Create bootstrap package
* New Feature EOS-1309 Prepare new layers for js packages
* New Feature UTM-1507 Upgrade OpenVPN to 2.3.12
* New Feature UTM-1759 Update OpenVPN to 2.4.1
* Task COMMUNITY-302 Increase version to 3.2.4
* Task CORE-1394 Add core:Language entity
* Task CORE-1402 Rewrite shutdown and gui settings in emi
* Task CORE-1541 Use Jobsengine function for reboting
* Task CORE-1544 Remove obsolete ipcopdeath, ipcoprebirth, and iowrap scripts
* Task CORE-1687 Add bleach and html5lib libs
* Task CORE-1710 Generate Swagger definition for emi commands
* Task CORE-1795 Optimize firewall restart criteria on boot
* Task CORE-1807 Create generic REST controller
* Task CORE-1819 Serve the source Javascript instead of the minified if the source is available
* Task CORE-1828 Add require.js and other JavaScript libraries
* Task CORE-1840 Support Modem Manager uplink in textual netwizard
* Task CORE-1874 Do not include server host in redirect
* Task CORE-1887 Do not include server host in redirects generated by EMI
* Task CORE-1925 Add efw-shell config command for managing configuration revisions with git
* Task CORE-1931 Add JavaScript libraries dependencies to EMI
* Task CORE-1940 Migration scripts cleanup
* Task CORE-1958 Package the latest version of jQuery
* Task CORE-1986 Allow configuring several SSH daemon options
* Task CORE-1991 If X-Disable-Error-Template header is on, returns plain error message
* Task CORE-2000 Disable colors in shell commands while piping or redirecting output
* Task CORE-2013 Restructure EMI ACL
* Task CORE-2017 Do not delete the wtmp file on reboot
* Task CORE-2024 Add an option to backup-restore for restoring only non-system-specific settings
* Task CORE-2039 Show hooks in datasource command output
* Task CORE-2045 Update JQuery DataTables
* Task CORE-2057 Implement Endian Bus (Internal IPC bus)
* Task CORE-2106 Add a decorator for returning plain error messages
* Task UTM-1651 Add an option for choosing the certificates private key size
* Task UTM-1656 Add encryption cipher and digest options to OpenVPN instances
* Task UTM-1747 Upgrade Dnsmasq to 2.76
* Task UTM-1760 Use Base64 for encoding OpenVPN passwords
* Task UTM-1779 Restructure OpenVPN status parser
* Task UTM-1791 Add local CA certificates to CA bundle
* Task UTM-1801 Include Subject Alternative Name in the host HTTPS certificates
* Task UTM-1820 Add function for getting the OpenVPN client status
* Task UTM-1830 Upgrade OpenVPN to version 2.4.3
Source: README, updated 2017-09-20