forked from inverse-inc/packetfence
-
Notifications
You must be signed in to change notification settings - Fork 1
/
NEWS.old
2705 lines (2477 loc) · 129 KB
/
NEWS.old
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
PacketFence NEWS
Project homepage: https://www.packetfence.org/
Please report bugs to: http://www.packetfence.org/bugs/
Interested in contributing to the project? Check the following link:
http://www.packetfence.org/support/community.html
This is a list of noteworthy changes across releases.
For more details and developer visible changes see the ChangeLog file.
For a list of compatibility related changes see the UPGRADE file.
--------------------------------------------------------------------------------
Version <releaseVersion> released on <releaseDate>
Bug Fixes
* Modified the SQL upgrade script from 3.5.0 to 3.6.1 (#1624)
--------------------------------------------------------------------------------
Version 3.6.1 released on 2013-01-10
New Features
* Adding routing support for the inline mode
* Adding support to choose multiples SNAT interfaces for inline mode
* Adding gaming devices registration through special portal page
New Hardware
* Support Belair Networks AP
Translations
* Update Dutch translation
* Update French translation
Enchancements
* Minimal RADIUS logging in the GUI (#1342)
* Accounting Time Modifier is now mandatory (#1538)
* Changing the location of ssl-certificates.conf file (#1550)
* Modifying the way pfdhcplistener handles tagged trafic
* Code cleanups (#1380, #1484)
* Important simplification of the Captive Portal code to make it harder to introduce problems
* Adding default OCSP/CRL Proxies (#1329)
* Better WISPR support
* New parameter to control captive portal interception: secure_redirect
* Support for Perl 5.12+ (no longer relies on perl-suid, #1438)
* Minimal performance improvements to bin/pfcmd startup
* Less dependencies on hard to find packages
* simplify configuration: some default values provided for networks.conf
Bug Fixes
* SMS confirmation page is now giving error on invalid PIN (#1579)
* Signup link availability issues (#1591)
* Avoid using regdate to determine if node should be unreg (#1317)
* Guest self-activation issues (#1602, #1606, #1607, #1608)
* Portal profiles regression with VLAN filter (#1595)
* Apple XML provisioning profile displays payload rather than the profile itself (#1616)
Bug Fixes
* Portal Profile fix (#1595)
--------------------------------------------------------------------------------
Version 3.6.0 released on 2012-10-25
New Hardware
* New module for Cisco Catalyst 3750G to fix offset issues
* Support for Cisco Catalyst 2960G in 802.1X / MAC-Authentication
Documentation
* Clarify routed VLAN requirements (Patch from Brian Candler)
* Adding a quick install guide for Cisco Catalyst 2960
New Features
* Integrating with Wireless IDS for Aruba, Motorola, and Ruckus controllers.
* Adding OAuth2 as a valid authentication on the captive-portal (Google/Facebook/GitHub)
* Radius Inline feature
* LLDP support for Cisco switches
* Better WISPR support (Integrating with Accuris Networks' AccuROAM WISPr Client)
Enhancements
* Code cleanups (#1380,#1484,#1485)
* Important simplification of the Captive Portal code to make it harder to introduce problems
* Adding default OCSP/CRL Proxies (#1329)
* New parameter to control captive portal interception: secure_redirect
* Support for Perl 5.12+ (no longer relies on perl-suid, #1438)
* Minor refactoring in the RADIUS perl modules
* Removed 127.0.0.1 switch from the config and added in the code
* Inline Mode now using ipset instead of just iptables
* Selection of a preferred deauthentication method for a switch
* Handling the MySQL startup in the web configurator (#1574)
* Disabling radutmp from the packetfence RADIUS virtual server (#1576)
* Changing port of the configuration from 3000 to 1444 (#1506)
* Debian packages improvements
* Cometic fixes to RADIUS configs (radiusd.conf and packetfence-tunnel)
* Improved the relevance of exit status in pfcmd_vlan (#1493)
* New report for the Top 25 Sponsors
* Make sure DHCP listenes on configured interfaces for routed reg/isol VLANs
Bug Fixes
* Epic fight with MAC OSX DNS caching while using Inline Mode (#1535)
* Translation of captive portal error messages
* Side effect fixes of captive portal rework (#1366)
* No more domain in our gettext po resources files (#1433)
* Obtaining a node mark fixed for Debian/CentOS 6 (#1424)
* Better POD for Nortel ERS5500 switches (#1450)
* Allow dash in Role mappings (#1442)
* Enforce inline network if you define an inline interface in pf.conf (#1584)
* Adding radius.log into the logrotate script (#1526)
* Tweaking some accounting queries for performance (#1534)
* Regression in pfdhcplistener process management (introduced in 3.5.1, #1545)
* Guest management page doesn't load on Internet Explorer 7 (#1404)
* Debian: issues with translations (#1465)
* Debian: SSH and Telnet based deauthentication (#1511)
* Translations: SoH admin page now properly show UTF-8 characters (partial #1531)
* Typo in Admin Guide (#1383, Thanks to Alberto Chavez)
* Additional fixes to pfdhcplistener process management
--------------------------------------------------------------------------------
Version 3.5.1 released on 2012-09-05
Enhancements
* Configuration item to notify of guest sponsorships by email: guests_self_registration.sponsorship_cc
* Developers guide was migrated from Docbook into the asciidoc format
* Important database performance improvement in VoIP and fingerprint checks
* Improved pfdhcplistener process surveillance (#1490)
Bug Fixes
* FreeRADIUS watchdog updated for 3.5.0 changes (#1514)
* debian packages improvements regarding FreeRADIUS configuration
* cosmetic fix in `pfcmd service ... status` regarding pfdhcplistener (#1515)
* Guests are not able to confirm registration in some cases - take 2 (#1302)
* Sponsored guests regressions (#1505)
* Keep the PID on node_deregister (#1501)
* Handle the release_date on violation modify (#1474)
* Billing screen does not appear when billing feature is enabled (#1525)
* Web extension point regression (#1507)
* Command parsing issue with `pfcmd person` (#1523)
* pfdhcplistener process name identifies listened to interface (#1478)
* Guest management login and authentication regressions (#1518)
* FreeRADIUS documentation aligned with current practices
* More characters are allowed in password types on CLI and WebAdmin (#848)
* illegal characters in webservices user / pass not properly escaped (#1516)
Translations
* Updated Spanish (es) translation (Thanks to Dominique Couot)
* Updated French (fr) translation (Thanks to Dominique Couot)
--------------------------------------------------------------------------------
Version 3.5.0 released on 2012-08-01
New Hardware
* Adding support for Cisco Catalyst 3560G
* Netgear GS110 series support (SNMP Link up/down)
* Cisco Aironet in Wireless Directory Services (WDS) mode
New Features
* Remediation module for SourceFire 3D (addons/sourcefire)
* Adding portal profile feature that allow to present a custom captive portal depending
on the SSID you connect to. Refer to Administration Guide for further details
* Adding a new action to close another violation
* Adding a new web based configurator that helps the installation and configuration process
of a new PacketFence installation
* Adding support for Suricata IDS (#1141)
Enhancements
* Improved handling of an empty conf/pf.conf configuration file
* Improved error reporting for dynamic uplink detection on Cisco
* interface gateways are no longer required in configuration (#1447)
* general.caching parameter removed from configuration
* major refactoring, cleanup and dependencies removal
* node.expire now works for VLAN/Inline mode (#1481)
* Closing expired violations using the release_date (#1476)
* Excluding the local switch when building the NAS SQL table (#1491)
* FreeRADIUS configuration is now fully managed (pf/raddb)
* Use of Nessus XMLRPC to launch the remote scan
* Possibility to select a policy in nessus by the node category
* Refactoring of the accounting violations
* Refactoring of the captive portal templates generation
* trapping.registration now enabled by default
Bug Fixes
* Wrong information sent by mail for sponsored registration (#1445)
* DHCP listener watch issue fix (#1490)
* No more confusions with trapping-range (#959)
--------------------------------------------------------------------------------
Version 3.4.1 released on 2012-06-18
Bug Fixes
* Regression in interface, network, floating-device and violation management Admin and CLI (#1468)
* Load-balancer support: Apache Access List are now updated to allow them to reach the portal
* Debian: missing dependency preventing Apache (captive portal, webadmin) to start
Translations
* Updated Brazilian Portuguese (pt_BR) translation (Thanks to Diego de Souza Lopes)
--------------------------------------------------------------------------------
Version 3.4.0 released on 2012-06-13
Security
* Fixed a reflected cross-site scripting (XSS) vulnerability in Web Admin guest management (#1454)
New Hardware
* H3C S5120 series supports MAC-Authentication and 802.1X with or without VoIP
* Added Role support for all Cisco Wireless (WLC) models
* Brocade 6400 series supports MAC-Authentication and 802.1X with or without VoIP
* Brocade RF Switches support (Wireless controller)
New Features
* debian packages (#1066, #1067, #1463)
* Support for up to 100 custom VLANs (Defaults to 5 see relevant FAQ entry to enable more)
* Node bulk importation now allow you to define default values for pid, category and voip in pf.conf
* New graphics showing bandwidth consumed by os class and the top 25 bandwidth consumers
Enhancements
* minor refactoring and cleanup
* debian support: arp binary location now configurable ([services].arp_binary)
* log the switch IP when a trap is skipped due to a dynamic uplink fetch not working
* performance improvements by reducing the number of forked process (mostly beneficial to pfdhcplistener)
* captive portal supports being behind an HTTP-based load balancer (see captive_portal.loadbalancers_ip config)
Bug Fixes
* Fix guest management Inline
* RADIUS-based Disconnects not working for Aruba, AeroHIVE. Introduced in 3.3.2. (#1437)
* interface configuration errors in the Web Admin (or on the CLI when editing the vip field)
* debian support: radiusd is started even if disabled
* 'uninitialized value' warnings in checkup phase (pfcmd checkup)
* got rid of the unused (unuseful) logs/pfdhcplistener_<int> log files. See logs/packetfence.log instead.
* pfdhcplistener doesn't hang anymore
* pid (username) of the form 'domain\\user' are now allowed (#1253)
* guest account import didn't work on files with Windows line terminators (\r\n)
* configurator.pl fixes in non-english environment (#1418)
* process management fixes (#1464)
Translations
* Updated Spanish (es) translation (Thanks to Juan Camilo Valencia)
* Updated Dutch (nl) translation (Tnanks to zappo)
--------------------------------------------------------------------------------
Version 3.3.2 released on 2012-04-23
New Hardware
* HP Procurve 5300 series now identified as supported (thanks to the community!)
Bug Fixes
* critical fix for deauthentication affecting AeroHIVE, Aruba, Cisco Wireless, Motorola and Ruckus. Introduced in 3.3.0 (#1426)
* Web Admin no longer showing errors in popup dialogs. Introduced in 3.0.3 (#1420)
* violation trigger parser now more tolerant of trailing spaces
* 'add user' renamed 'add admin' for consistency (#1381, Thanks to Joao Moreira)
* apache tests under pfcmd checkup fails if modules generates warnings (#1283, Thanks to Philipp Snizek)
* another shot at 'named not started if using inline enforcement only'
* trap_limit feature fixes: local traps ignored and continue processing if no action (#1405)
* false positive error reporting on the Web Admin on specific User-Agents (#1408)
* saner axis in dashboard graphics
--------------------------------------------------------------------------------
Version 3.3.1 released on 2012-04-16
Bug Fixes
* named not started if using inline enforcement only
--------------------------------------------------------------------------------
Version 3.3.0 released on 2012-04-13
New Hardware
* AlliedTelesis AT8000GS Switches using 802.1x/Mac Authentication without VoIP
* Added 802.1x/Mac Authentication support for HP 2500/2600 switches (no VoIP)
* Cisco WLC/WiSM product line now supports RADIUS Disconnect (RFC3576) to perform de-authentication
New Features
* Introduction of Role-based Access Control. Supported on AeroHIVE, Aruba, Meru and Motorola (considered experimental).
* Wireless deauthentication in Master / Local configuration supported for Aruba controllers (or other Disconnect-Message implementations)
* New guest self-registration mode: Sponsored. Guests accesses are approved through a 'sponsor'.
* New guest self-registration option: Pre-registered guests. They can register in advance through the portal. Email and sponsor modes supported right now.
Enhancements
* New database-driven custom VLAN assignment strategy example
* Slightly more helpful installer.pl
* Added a virtual IP (vip) parameter for interfaces in configuration which overrides auto-detection (#1396)
* More logging
* Simplified inline mode with DNS rewrite (DNAT). Fixes several issues and annoyances. (#1374, #1387)
* New parameter available to control what information is mandatory to be provided by a guest signing-up (guests_self_registration.mandatory_fields)
* New parameter available to control default field to use as pid for guests (guests_self_registration.guest_pid)
* Node categories were moved from node into configuration on the Web Admin
* New per-category configuration to control maximum number of devices allowed per user (max_nodes_per_pid) (#1306)
* Daemon startup time logged. Allows for easier troubleshooting of slow-to-restart setups.
* if VoIP is configured to be enabled and the network hardware doesn't support it, PacketFence will log a warning
* Firewall and Captive Portal more restrictive by default if you are not using guest access
* Performance improvement for the RADIUS accouting (#1414)
* New hook to make it easier to rewrite RADIUS Access-Accept packets
Bug Fixes
* Proxy Bypass issues in environment with Virtual IP (#1385)
* Cisco 2950 802.1X Reauthenticate without VoIP issue (#1388)
* RADIUS identity privacy fix (#1390)
* Cisco MAB EAP was not properly working (#1391)
* CoA RADIUS secret is lower cased (#1392)
* Username length on the Web Admin is no longer limited to 15 characters
* Potential (not-validated) cross-site scripting (XSS) in captive portal
* Mandatory MAC lookup in the self-registered guests pages
* Cancel button problems on SMS confirmation page (#1393)
* Documented the fact that you need to configure credentials in packetfence-soh.pm for Statement of Health (SoH) support
* Fixed port-security + VoIP support for the HP wired product line
* Minor Administration Guide updates
* Fixed CSS for mobiles devices
* This is the last release to destroy your dhcpd lease file on upgrades
Translations
* Updated Brazilian Portuguese (pt_BR) translation (Thanks to Diego de Souza Lopes)
--------------------------------------------------------------------------------
Version 3.2.0 released on 2012-02-22
Security
* Reflected Cross-site scripting (XSS) in Web Admin printing system (#1362)
New Hardware Support
* Ruckus Wireless Controllers
New Features
* OpenVAS Vulnerability Assesment integration for client-side policy compliance
* Bandwidth violations based on RADIUS accounting information
* Billing engine integration for allowing the use of a payment gateway to gain network access.
Enhancements
* Migrated our documentation from a binary-only ODT to a flexible asciidoc format
* Code and tests refactoring
* Minor documentation update for Aruba Controllers
* Performance: avoiding some redundant operations on startup
* A DHCP listener will run by default on the management interface
* pfcmd_vlan is now able to run arbitrary methods on network devices
* Debug statement with the resolved SSID now available to troubleshoot SSID problems live
* Added getSwitchLocation to pfcmd_vlan which fetches SNMP sysLocation on switch (#1250, Thanks to Maikel!)
* Introduced more aggressive exception-based configuration error handling
* Introduced new trigger types (nessus and openvas) and removed the scan type
* Added the capability to use dots in trigger id
* Added a new config flag: registration.guests_self_registration to control if self-registered guests are enabled (#1361)
* Made it easier to override preregistered guest usernames (default is email)
* Added a new config flag: vlan.trap_limit to enable/disable the trap limit feature
* RADIUS captive portal authentication can now target several RADIUS servers for fault tolerance
* Added a multi-threaded EAP test script in t/stress-test/
* Performance: node_view query optimized for 100x+ gain in environments where MySQL is taking a lot of CPU
* Performance: faster command line response time (15%+ with bin/pfcmd)
* Our FreeRADIUS module packetfence.pm now logs in radius' log instead of syslog (related to #1377)
* Performance: ~2x FreeRADIUS performance by avoiding superfluous queries
* Added 'Acceptable Usage Policy' to the guest access code print layout
Bug Fixes
* Buttons in graphs.php of type ifoctetshistoryswitch, ifoctetshistoryuser, ifoctetshistorymac (#1110)
* Web Admin usability fixes (#1071)
* Small typo error in node.pm log message (#1357)
* Interpolation issue in pf::web::custom's code which is disabled by default (#1358)
* Allow more than one SNMPv3 EngineID per user (#1354)
* OS and violation classes properly displayed in printer-friendly tables in the Web Admin
* Disabled config ownership tests because of too many false positives (#1345)
* Passthrough doesn't work with domains without an ending slash (#1368)
* Returning exit status 0 on command line tools when asked to show help
* pfcmd's general help is now sent to standard ouput instead of standard error
* Globally disabled privilege detection in hardware requiring Telnet / SSH. All except Trapeze. (#1370)
* Thread crash with floating network devices with VoIP through SSH transport (#1369)
* MAC-Auth / 802.1X translation fixes for the Cisco Catalyst 3550
* No more obscure error message if no management interface is defined in pf.conf
* pfcmd exit status now more consistent regarding config
* No more "Can't call method "tag" on an undefined value" on broken pf.conf configuration (#1352)
* More reliable SSID extraction in Called-Station-Id (#1379)
* Fixed FreeRADIUS crashes in heavily loaded environments (#1377)
Translations
* Updated Brazilian Portuguese (pt_BR) translation (Thanks to Diego de Souza Lopes)
* Updated Brazilian Portuguese (pt_BR) Admin guide translation (Thanks to Diego de Souza Lopes)
--------------------------------------------------------------------------------
Version 3.1.0 released on 2011-12-23
New Hardware Support
* Stacked Cisco 3750 in MAC-Auth or 802.1X
* AeroHIVE, Aruba and Motorola support RADIUS Disconnect (RFC3576) to perform de-authentication
New Features
* Statement of Health (SoH) support for reliable client-side policy compliance through 802.1X
* MAC violation triggers allowing to isolate a single device (#1320)
* Detection of rogue DHCP Servers even behind relays (#1151)
* RFC3576 (RADIUS Change of Authorization / Disconnect) support added
* Preview support for wired port-bounce on Cisco through CoA (RFC3576). Disabled by default.
* Wireless profile provisioning for iPhone, iPods, and iPads devices
* SNMP traps rate-limiting mechanism
* New graphs in the web admin UI -- replaced jpgraph (PHP) by gRaphael (JavaScript)
Enhancements
* Using HTTP Return Code 501 "Not Implemented" for more effective client blocking
* Cleanup in the Cisco 3560's code and documentation
* Startup performance improvements
* Added support for session-keyfile introduced in BIND 9.7 (#1257)
* Several improvements in the dhcp_dumper.pl addon
* Global option to disable rogue DHCP server detection
* Performance improvements to pfdhcplistener
* More startup validation on SNMPv3 Trap configuration
* CentOS 6.2 support
* Several new HTTP User-Agents detected
* Several new DHCP fingerprints (from our spinoff www.fingerbank.org)
* Better support of WISPr (captive portal detection)
* Configuration flag to disable the captive portal's network detection feature
* Added support for months in normalize_time (#1291)
* New fields in guest management (notes, etc.)
Bug Fixes
* Slashes (/) not allowed in person id (#1322)
* Inline: isolation not properly enforced by firewall if registration is disabled (#1330)
* Several small fixes in pfdhcplistener
* Inline: NAT out behavior of PacketFence was changed for the best
* Keep IP to MAC associations across restarts (#1343)
* Interface enforcement is now configurable through Web UI / CLI (#1335)
* Violation charts now show proper values
* Captive portal error "0" when no password is provided
* Local SNMP Trap handler now configured by default
* Years are now 365 days!
* Interim fixes: #1349
Translations
* New Hebrew (he_IL) translation (Thanks to Ereli)
* Updated Brazilian Portuguese (pt_BR) translation (Thanks to Diego de Souza Lopes and Mauricio Lopes)
--------------------------------------------------------------------------------
Version 3.0.3 released on 2011-11-21
New Hardware Support
* Cisco Catalyst 6500 series switches in port-security
* HP Procurve 5400 now supporting mac auth and 802.1x (with VoIP)
Enhancements
* Performance improvements under stressed workloads
* Translatable remediation templates (if a translated version exists, it'll override the default)
* Guest management interface can be translated
* More documentation for service watch
* Eliminated some unnecessary warnings
* Better help in the web admin UI
* Added a new addon: import-node-csv.pl - bulk node import tool
* Added a new addon: network-save-configs.pl - saves configs (write mem) for the whole network (only Cisco for now)
Bug Fixes
* 802.1X broken on Cisco Catalyst 3750 (#1286)
* Pop-up windows are too small (#1078)
* Red Hat Enterprise Linux 6 installation instructions
* Encoding on the remediation pages and on the release pages (scan, access enabled)
* SNMPv3 issues affecting all the Cisco wired product line (#1284)
* Allow incoming DHCP on management interface to track users IPs in production VLANs (as opposed to DNS added in 3.0.2)
* Node add silently fails on the Web Admin if a node already exists
* Error reporting in Web Admin breaks layout (#1290)
* Captive portal presentation glitch on the scan in progress page
* Email activation regression (#1328)
* alerting.fromaddr visible from Web Admin (#1333)
* Inline mode regression if you don't do VLAN enforcement at the same time (#1325)
* Avoiding missing session variables in SMS activation
* Minor syntax issues in the po files
* DHCP analysis on RedHat Enterprise Linux 6 (#1336)
* Disabling email guests would prevent SMS guest registration
Translations
* Minor update to French (fr) translation
* Updated Spanish (es) translation (Thanks to Juan Camilo Valencia)
--------------------------------------------------------------------------------
Version 3.0.2 released on 2011-10-24
SECURITY
* Cross-site scripting (XSS) in Captive Portal and Web Admin login. CVE-2011-4067 (Reported by Matthew Daley, #1292 and #1296)
* LDAP Authentication bypass in Web Admin login. CVE-2011-4068 (Reported by Matthew Daley, #1293)
* LDAP Injection in Web Admin login. CVE-2011-4069 (Reported by Matthew Daley, #1293)
* Shared session state between Captive Portal and Web Admin. CVE-2011-4070 (Reported by Matthew Daley, #1294)
* Command injection in guest handling in the Captive Portal and Web Admin. CVE-2011-4071 (Reported by Matthew Daley, #1295)
New Hardware Support
* Trapeze Wireless Controllers
Enhancements
* Wireless deauthentication in bridge mode for DLink DWS, HP MSM and Motorola controllers
* Authentication modules now hold authentication error strings and can set node attributes on authentication
* Several new configuration parameters to control guest signup, categorization and access durations
* Improved validation when creating/importing multiple guest accounts.
* Captive portal's email confirmation page is now reachable from the management interface by default
* Configuration files ownership validation on start-up and in `pfcmd checkup`
* Inline firewall changes: prevent registered users from reaching the captive portal
* Several new DHCP fingerprints (from our spinoff www.fingerbank.org)
* Minor usability improvements
* Reduced some false warnings in the logs on node de-registration (#1315)
Bug Fixes
* Permission denied when changing firewall rules (#1273)
* Firewall doesn't allow broadcast packets on internal interfaces (#1316)
* Pre-registered guest unregdate not set (#1301)
* Allow incoming DNS on management interface to track users IPs in production VLANs
* Guest access by SMS confirmation now properly record user's firstname and lastname (#1308)
* Signup page now retain Phone provider value if there was a mistake in the form (#1309)
* Cisco access point (AP) configuration mistake in documentation
* Dashboard not printing the SQL stats when MySQL is not local (#1289)
* Doubled allow subnets in captive-portal-common (#1242)
* Unreliable encoding behavior messes up with translations (#1287)
* Nodes are not unregistered on unregdate unless an expire mode is activated (#1298)
* Add trigger or cascade to delete node_useragent when deleting a node (#1285)
* Removed an error when validating multiple guest pre-registration
* No admin username output when printing guest access codes
* Guest access code are now sorted when using batch creation
* Path problem in Proxy Bypass addon
* Reduced documentation.conf startup annoyance when using custom authentication modules
* Pinned Net-Appliance-Session version requirement in RPM Spec (#1312)
* Some reports graphics were not properly dispalyed (#1234)
* People was not able to confirm registration on some cases (#1302)
Translations
* Updated French (fr) translation
--------------------------------------------------------------------------------
Version 3.0.1 released on 2011-09-23
Enhancements
* Process IDs are now logged in the logs for pfcmd and pfcmd_vlan
* We now strip all non-digits in telephone numbers during SMS activation
* Improved validation of violation triggers
Bug Fixes
* MySQL pf user not having execute privileges (#1282)
* Error when doing nodeaccounting view all (#1280)
* Error when using installer.pl on CentOS 6 (#1274)
* Cannot confirm the PIN when using SMS self-registration (#1277)
--------------------------------------------------------------------------------
Version 3.0.0 released on 2011-09-21
Compatibility notice
* BACKUP YOUR /usr/local/pf/ BEFORE UPGRADING. Several path changed with this
release and an rpm upgrade will REMOVE your templates and remediation pages.
See UPGRADE for more information.
* We removed the central concept of mode (arp, dhcp or vlan). Now PacketFence
can operate in multiple modes simultaneously. This new concept is called
enforcement and is specified per interface in pf.conf.
* Removed support for Apache prior to version 2.2.0 (#828)
* Removed support for jpgraph 1.x, 2.x which bumps our depedencies to PHP 5.1
New Hardware Support
* Avaya/Nortel switches now support the floating network device feature
* Avaya Wireless Controller support
* Dlink DWL Access-Point support
* LG-Ericsson iPecs 4500 support for port-security and MAC Authentication/802.1X
* Netgear FGS Series support for port-security
New features
* Major update to the captive portal look and feel! More modern and
professional. Cleaner XHTML/CSS makes customization a lot easier than before.
Also, all user-visible URLs are now clean and short (no more cgi-bin/...
clutter). (#980, #982, #1114)
* Flexible guest handling (covering temporary passwords, self-registration,
pre-registration, extension API, etc.)
* Introduced in-line support: firewall based access control with captive
portal. Use this complementary technique when you cannot use VLAN
enforcement. (#1227)
* Ability to view log files from the Web Administration interface (#1080)
* PacketFence now takes care of the local firewall configuration on the server
* Captive portal authentication modules are versioned, validated on startup and
have customizable names
* New default_auth parameter will be the default authentication module selected
if you have multiple authentication back-end enabled in auth
* Simplification of the captive portal translation (#822, #1114)
* RADIUS Accounting for tracking node bandwidth usage
* RedHat Enterprise Linux 6 / CentOS 6 support (#1244)
* Snort 2.9.x support
Enhancements
* Captive portal usability improvements for both users and administrators
* pfcmd and web administration performance improvements by avoiding duplicate
loading of some configuration files
* Configuration simplification (#1051, #1182)
* FreeRADIUS package now does the certificate boostrapping process (#1226)
* Named isolation and registration zones now automatically generated on startup
based on networks.conf's DNS entry (#1105)
* Simplified Apache configuration
* Improved installer.pl and configurator.pl
* Included the jpgraph PHP library. Simplifies installation from source.
* More start-up validation in `pfcmd checkup` (#1031, #1191, #1252)
* Improved error-handling, reduced number of Perl warnings, added tests (#1266)
* Improved Filesystem Hierarchy Standard (FHS) compliance (#762)
* Improves PHP 5.3.x support, relates to distro portability too (#1211, #1244
#1251: Thanks to Philipp Snizek)
* Migrated bin/flip.pl into a bin/pfcmd_vlan subcommand
* Added ldap port option to Web Admin LDAP (AD) authentication
* New controllerIp network device parameter will make it simpler to support
wireless hardware working in bridged mode
* New DHCP fingerprints for Mac OS X Lion, Fedora 14, Polycom, Aastra,
LifeSize, Nortel, Polycom and Snom Conferencing and VoIP, Ubuntu 11.04,
Belkin Wireless Router, HP ProCurve switches, Androids, Zebra, Kyocera, HP
and Xerox printers, NEC Projectors, Polycom Video Conferencing and Paradox
Card Access module
* Developer documentation to add Floating Network Devices support to switches
* Minor usability improvements
Bug fixes
* Fixed issues with several switches if node MAC address falls into an Hex to
ASCII printable range (#1098)
* Renaming Nortel ERS modules (#1238)
* Fixed Avaya/Nortel switches problems on ERS2500 / ERS4500 (at least)
* Fixed OS violations regression introduced in 2.2.0
* Fixed nessus scans don't work with bin/pfcmd as a setuid/setgid (#1087)
* Fixed custom VLAN assignments relying on connection_type failing on "unknown" nodes (#1231)
* Fixed problematic default grace period for System scan violation
* Fixed configurator.pl does not show interfaces without IP address (#1221)
* Fixed issue to detect the shell prompt MeruOS 4.1 or greater (#1232)
* Fixed issues with wireless hardware not sending a NAS-Port parameter (#1229)
* Fixed Apache configuration problems on non RHEL / CentOS platforms
* Fixed other cases of warnings from our FreeRADIUS module
* jpgraph version bump to 3.0.7. Fixes RHEL 6 issues. (#1244)
* Fixed silent failure when deleting a person with associated nodes (#1265)
* Fixed encoding issues in the captive portal (#1115)
* Fixed redirect loop on the captive portal if VLAN reassignment failed (#1260)
* Fixes issues with accentuated characters and single quotes in some captive
portal strings
* Fixed accidental stop/restart of services because administrative where done
in GET instead of POST (#1119)
* Fixed help not visible in the Web Admin when using Internet Explorer (#1256)
* Fixed missing exportation icon in the Web Admin when using Internet Explorer (#1255)
* Cisco C3560 now heritates the Cisco C2960 code
* Fixed distro portability problems (#1185, #1187, #1248)
* Fixed snort pidpath (#1258)
* Additional fixes to nessus scans
* Interim fixes (#1239, #1240, #1263, #1268, #1269)
* Missing "named" in the pfcmd help
Translations
* Updated Spanish (es) translation (Thanks to Juan Camilo Valencia)
--------------------------------------------------------------------------------
Version 2.2.1 released on 2011-06-16
New Hardware Support
* AeroHIVE AP Access Points
* Dlink DES 3550 switch (Thanks to Olivier Roch Vilato)
* Dlink DGS 3200 switch
* HP ProCurve 5400 Series
* ExtremeNetworks Summit now supports MAC Authentication and 802.1X
New Features
* Basic WISPR support improves iPod/iPhone/iPad usability (#815)
Enhancements
* Performance improvement for RADIUS based requests in environments with large
conf/switches.conf files
* Increased responsiveness of VLAN assignments by reducing the available node
information (got rid of unused fields)
* Nortel module now warns in the logs about a common stacking Nortel problem
* New DHCP fingerprint for Cisco/Linksys, Aruba, 3Com switch, HTC Android,
Polycom, Konica Minolta MFP's and HP Printers
* Warning avoidance
* New FreeRADIUS and pfdhcplistener watchdog scripts in addons/watchdog/
* Admin Guide: cleanup of the MySQL optimization, more logging in Samba config
* New binding allowing to offer different captive portal for mobile devices
* Admin Guide's FAQ and Troubleshooting sections has been migrated to the
PacketFence website
Bug fixes
* Important fixes on Cisco 2960 related to Port-Security and VoIP handling in
IOS 12.2(46)SE or greater
* Re-introduced MAC Authentication and 802.1X support in Cisco 3560, 3750
* Fixed expire deadline automatic un-registration (#865)
* Updated Admin Guide to reflect proper method calls for custom VLAN assignment
(Actually on the PacketFence's online FAQ now)
* Fixed Nortel switches problems on some models / firmwares
* Fixed installer errors (#1217)
* Increased PHP memory to PHP's default: 128M. Mitigates #962.
* Fixed race condition when trying to categorize auto-registered nodes based
on DHCP fingerprint (#1216)
Translations
* Updated French (fr) translation (Thanks to Vincent Blut)
--------------------------------------------------------------------------------
Version 2.2.0 released on 2011-05-03
New Hardware Support
- Motorola RF Switches (Wireless Controllers)
- 3Com Switches 4200G, E4800G and E5500G now supports MAC Authentication and
802.1X
- Dlink DGS 3100 Switches
New features
- Captive Portal network access detection is more accurate and way faster
(javascript-based)
- Easier integration and configuration of FreeRADIUS 2.x using our new
packetfence-freeradius2 RPM
- Apache configuration is automatically adjusted on startup based on system
resources to avoid performance degradation on heavy workloads (#1204)
- New reports: Nodes per SSID (#1126) and Connection-Type (#1125)
- User-Agent violation support completely re-written. It is now easier than
ever to block devices or old browsers from your network. (#769, #1192)
- Administrators can now modify and preview remediation pages from the Web Admin
- VoIP autodetection in Wired 802.1X and Wired MAC Authentication can now use
CDP / LLDP if available (#1175)
- Kerberos Authentication on the Captive Portal (Thanks to Brad Lhotsky from
NIH)
Enhancements
- Moved several configuration files from conf/templates/ into conf/ (#1166)
- SSL certificate configuration for httpd is now in a separate file that is not
overwritten by packages making it easier to maintain (#1207)
- 3Com Super Stack 4500 now uses SNMP for MAC authorization (port-security)
- OS Class ID are now visible when viewing DHCP Fingerprints (#1181)
- Log levels can be changed without a restart (#748)
- Process ID information in the logs for some daemons
- Captive Portal minor usability improvements
- Reorganized default violation classes to be more coherent and self-documented
- More violation classes validation on startup (#992)
- Improved database configuration error reporting
- DHCP fingerprints sharing now allows submitter to send computer name, user-
agent and a contact email to help us identify the devices better (#983)
- Meru module now supports firmware version identification
- Improvements in the logrotate script (#1198)
- MAC address format xxxx-xxxx-xxxx supported in our FreeRADIUS' module
- Improvement to the samba configuration provided in the administration guide
to fix uid mapping issues (#1205)
- Removed unused configuration parameters (#767)
- Refactoring of the code base (#1058)
- New DHCP fingerprint for Cisco SPA series IP Phone, Mikrotik, Freebox,
AeroHive Hive AP, Ubuntu Server, Suse Linux Desktop 11, Synology NAS, Polycom
Conference IP Phone and Generic Intel PXE
Documentation
- FAQ entry: Active directory integration in registration network
- Updated Developer documentation regarding how to support new wireless hardware
- Wired 802.1X and MAC Authentication corrections in Network Devices Guide
- Minor corrections to the Administration Guide (#743)
Bug Fixes
- Fixed an important problem with VoIP in Wired 802.1X and Wired MAC
Authenication modes (#1202)
- Fixed important Nortel support regressions (introduced in 2.1.0: #1183, #1195)
- Fixed an issue with the Meru module: If the controller sent SNMP traps to
PacketFence a thread would crash. Hopefully this configuration is not
required and is rarely done. Regression prevention tests have been added.
- Fixed an issue with pfcmd-initiated VLAN re-evaluation if you assign VLANs
based on a client's connection-type (which is not the default)
- Fixed DHCP fingerprint sharing upload form
- Violation grace no longer ignores time modifiers like minutes (#1154)
- Fixed OS id not visible when dhcp-fingerprint view is filtered (#1180)
- Fixed rare case of Web Admin user account corruption causing homepage to
become status/dashboard instead of status/dashboard.php (#1196)
- Warning avoidance in Extreme Network modules
- installer and configurator scripts no longer output passwords on the terminal
(#1021)
- Fixed warnings and improved error reporting in our FreeRADIUS module (#1176)
- Fixed broken person lookups if username is an email address (#1206)
- Fixed Web Admin which referred to an inexistent Meru MC3000 module (it was
renamed Meru::MC in 2.0.1)
- Fixed overly aggressive Web Administration password validation (#1209)
Translations
- New German (de) translation (Thanks to Tino Matysiak of Meetyoo Conferencing)
--------------------------------------------------------------------------------
Version 2.1.0 released on 2011-03-03
New Hardware Support
- Added Avaya as rebranded Nortel's
- Support for Nortel's ERS5500 with firmware 6.x
- 802.1X support with or without VoIP for Cisco 2950
New Features
- New configuration validation interface in Web Admin and with "pfcmd checkup"
- javascript-based network access detection (experimental)
- JSON bindings for node information (experimental)
Enhancements
- Improvements to our Nortel support
- Developer documentation update
- Friendlier startup error messages
- More configuration validation on startup and in 'pfcmd checkup' (#1025,
#1193)
- Improved support for Desktop Linux clients (#1188)
- New DHCP fingerprints for Cisco, UniData and Nortel IP Phones, Cisco Small
Business switch, Netgear router, Generic Linux, Gentoo, Meego, LaCie NAS,
Xyratex NAS, iPod/iPad, Samsung, LG, Sony Ericsson and Sharp smartphones,
Samsung, HTC and Pantech Android phones, APC and Tripplite UPS, some Generic
Thin Clients, HP, Xerox and Brother printers, Mac OS X and finally last but
not least a what-is-believed to be a Palm OS fingerprint!
- Improved test suite
- Miscellaneous code cleanup (#1165)
- Generated configuration files are now in var/... (#1014)
- pid files are now in var/run/
- Module versioning to improve handling of API changes in extension points
- Improvements to Captive Portal library utilities
Bug fixes
- Fixed an issue where warnings were not sent in Wired MAC Authentication if a
device was isolated behind a VoIP phone
- Removed misleading warnings on startup (#767)
- fixed SNMPv3 sample configuration (Thanks to Nate Renbarger)
- Allows apache2 as a valid httpd daemon name (#1185, Thanks to Jesper)
- Violation with action autoreg is only triggered if node is not registered
(#1026)
- Fixed errors when editing a node with an unknown connection type (#1177)
- No more warnings in node lookup (#1173)
- Warning avoidance in pf::vlan's doWeActOnThisTrap (#832)
- pfcmd_vlan regressions (#1190)
- Worked around an upstream packaging problem with SOAP::Lite (#1194)
- Fixed a configurator issue that could cause broken configuration files (#776)
Translations
- New Brazilian Portuguese (pt_BR) translation (Thanks to Brivaldo Junior of
Federal University of Mato Grosso do Sul)
--------------------------------------------------------------------------------
Version 2.0.1 released on 2011-01-26
New Hardware Support
- Xirrus WiFi Arrays support (feature sponsored by the University of Mary
Hardin-Baylor)
- Broaden Meru Controllers support
- Extricom EXSW Wireless Switches (Controllers) support
Enhancements
- Minor improvement to command-line and Web Admin help
- Improvements to SSID lookups
- Cisco WiSM and WLC SSID now recorded (#994)
Bug fixes
- Fixed pfcmd initiated VLAN re-evaluation (#1160)
- pfdhcplistener is better at updating node IP information (#1149)
- Fixed dot11Deauthentication traps issues with pfsetvlan (#1157)
- Add missing variable in snort.conf template (#1138)
- Fixed authorized MAC method in Cisco Catalyst 2960 (#987)
- Improved error handling in pfdhcplistener (#1150)
- Fixed problems with configurator.pl generating erroneous configuration (#1148)
- installer.pl now warns on empty MySQL root password (#1146)
- Fixed node view database queries that were reporting wrong values under
unknown circumstances (#1162)
- Removed some unnecessary warnings (#1065)
--------------------------------------------------------------------------------
Version 2.0.0 released on 2010-12-14
New Hardware Support
- SMC TigerStack 6128 L2 support in Port Security (feature sponsored by Seattle
Pacific University)
- HP ProCurve MSM710 Mobility Controller
- Meru Networks MC3000 Wireless Controller
- Juniper EX Series in MAC RADIUS (Juniper's MAC Authentication)
New Features
- Simplification of the Wireless, Wired 802.1X and Wired MAC Authentication
configuration. Because of a new FreeRADIUS module and a Web Service interface,
everything is now using standard PacketFence proccesses and configuration
files.
- VoIP devices authorization over RADIUS (#1008)
- Proxy interception. PacketFence can now operate in an environment where there
is a client-side proxy configured. Check proxy-bypass in addons/ for details.
(#1035)
- Passthroughs support! You can now configure PacketFence to let your users
reach specific websites even if they are in registration or isolation. (#772)
(feature sponsored by Shippensburg University)
- New pf::web::custom extension point to customize the captive portal's code
without the usual maintenance burden on upgrades (#1045)
- Bulk importation of nodes through CLI or Admin Web interface
- New parameter in switches.conf to ease FreeRADIUS integration
- Optional automatic configuration of FreeRADIUS' clients using switches.conf
(see addons/freeradius-integration/README for details)
- New 'pending' status for node. Allows for a wide range of captive portal
workflows where an administrator approves network access (by email, SMS...)
Enhancements
- New information available in Node Lookup (Connection Type, SSID, 802.1X
User-Name, ...)
- FreeRADIUS module improvements (#1034) and major revamping
- Easier installation process using yum groupinstall (#1089)
- Faster Web Services layer running under mod_perl
- Refactoring of the pf::vlan method names for more meaningful ones
- Removed unnecessary database connections and duplicated code
- 802.1X improvements (#995, #1002)
- General codebase improvements, refactoring (#914, #977, #1001, #973)
- Usability improvements (#1006, #820, #1075)
- Migrated to the new Emerging Threats rules for snort and added rules for
botnets, malware, shellcode, trojan and worm by default (#1102)
- New DHCP fingerprints (HP ProCurve Wireless, Ricoh MFP, Cisco/Linksys,
Netgear, D-Link, Trendnet, Belkin Home Wireless Routers, Sony Ericsson
Android, Aruba Access Point, Avaya IP Phone, Gentoo Linux and Fedora Linux 13)
- pfcmd_vlan's logging is now consistent with the rest of the system (#874)
- configurator.pl now handles DNS and DHCP basic configuration (#1112)
Documentation
- Merged Installation and Administration guides into a more coherent document
- New documentation about DHCP and DNS services. Now easier to manage! (#1113)
- New documentation about running in a routed environment
- Improved documentation about Snort, Oinkmaster, and log rotation in Admin
Guide
- Improved documentation on violations (external remediation pages and
redirect_url) in the Administration Guide
Bug fixes
- Captive Portal remediation pages can be hosted externally again! (#1024)
- Fixes to the SMC TigerStack 8824M and 8848M modules (see UPGRADE)
- No error reporting when trying to change configuration files with bad rights
(#1088)
- Violation priorities are now enforced according to documentation (1 = highest)
- Wrong URL in the provided oinkmaster.conf (#1101)
- MAC addresses of format xxxx.xxxx.xxxx properly recognized in pf::util
Special thanks to University of Oregon who, from early on, were running the
bleeding edge and provided invaluable feedback and contributions!
--------------------------------------------------------------------------------
Version 1.9.1 released on 2010-09-22
New Hardware Support
- Extreme XOS Port Security (MAC address lockdown) and Voice over IP support
(feature sponsored by Extreme Networks)
- Nortel ERS 2500 Series Port security and Voice over IP support
New Features
- Basic Access Control in the Web Administration interface (#965, Thanks to
eSubnet Enterprises for their initial contribution)
- New parameters in switches.conf to manage Web Services enabled switches
Enhancements
- Captive portal performance improvements. Up to 23x on some workloads (#879)
- More than 35 new DHCP fingerprints (Thanks to Eric Kollmann and Sam Winottai!)
- Improved Nessus failed scan error reporting (partial fix for #1032)
- Better error reporting on Cisco ISR 1800
- Added some documentation for Cisco (2960, 3550) and Aruba in the SNMP modules
- Documented performance optimization regarding blocking non-browser requests in
the captive portal (#1072)
- Avoiding unnecessary load where a lot of non-trap violation are used (#857)
- Updated (for clarification purpose) documentation for Cisco stacked and
4500 Series switches. (#1037)
- Error handling and error messages improvements (#1052)
- Updated documentation for FreeRadius 1.x and added some for 2.x. (#1036)
Bug fixes
- Node categories related fixes (#1063, #1056)
- Deleting a node no longer breaks paging in Web Admin (#1055)
- Max number of node per user is enforced more consistently (#1057)
- RPM packaging fixes (#1047)
- Misc fixes (#1068)
--------------------------------------------------------------------------------
Version 1.9.0 released on 2010-07-15
New
- Official Linux 64 bit support
New Hardware Support
- Cisco Wireless Services Module (WiSM)
- Cisco Integrated Services Routers (ISR) 1800 Series
- Cisco Catalyst 3750 Series
- Cisco Catalyst 4500 Series
- Foundry FastIron 4802 Port security and Voice over IP support (feature
sponsored by an entity who preferred to remain anonymous)
- HP Procurve 3400cl (tested by roelof)
- SMC SMC8824M and SMC8848M in Port Security (feature sponsored by Seattle
Pacific University developed with the help of SMC)
New Features
- Node category support, you can assign different VLANs or whitelist violations
based on a node's category (#968)
- Added support for Floating Network Devices (See Admin Guide for details)
Enhancements
- Improved error reporting in the web administration panel and cli (#847, #898,
#899, #964, #993)
- More information available in Node Lookup (IP, DHCP lease)
- Improved database layer (more robust and logs errors)
- pfsetvlan is more resistant to configuration mistakes and reports them (#766)
- Net-SNMP 5.4 support (#940 Thanks to Maikel)
- Freeradius 2.x support (#1007)
- @ character now allowed in person id (pid). This is very common in Active
Directory environment.
- New admin authentication mechanism added (disabled by default)
- New debugging features (disabled by default)
- New DHCP fingerprints
- Optional backup script in addons/ now archives old records
- New helper synchronization scripts in addons/high-availability
- Little improvements (#866, #886, #911, #916, #952, #975)
Documentation improvements
- Install guide more accurate
- Added directions to configure PacketFence in a routed environment to the
admin guide
- Updated the High-Availability section with details about DRBD and HeartBeat v1
- More MySQL tips (#951)
- Fixed Procurve 2600 switch configuration (Thanks to Andrew Niemantsverdriet!)
Bug fixes
- Performance fixes (#908, #910)
- Captive portal stability fixes (#892, #961)
- Mitigated Net::Telnet problems with perl threads (#903, #907)
- Proper violation description shown in violation edit (#922)
- Fixed RPM spec to create package packetfence-remote-snort-sensor again (#888)
- Fixed PacketFence RPM upgrade bug if your version is lower than 1.8.5 (#931)
- Fixed rare port-security problems with stacked switches or switches with
large ifIndex (#921)
- Fixed problems with DHCP Fingerprint submission
- Fixed call to non-existing script lookup_node.pl in pfdhcplistener (#858)
- Correct VLAN information shown in Node Lookup (#893)
- Minor corrections to the Admin Web UI
- Clarified some error messages
- Misc. stability and general fixes (#833, #885, #868, #869, #896, #923, #927,