forked from e2guardian/e2guardian
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathChangeLog
executable file
·334 lines (266 loc) · 12.3 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
About "Bug" tags show "https://github.com/e2guardian/e2guardian/issues?q=is%3Aissue+is%3Aclosed"
version 5.5.4r
August 2023
Fix possible XSS in bypass url - issue #782
Correct INSTALL file - issue #781
Fix bug #780 - e2g crashes if invalid group name is provided via BearerBasic
auth plugin
Update Italian messages - pull request #778 from albanobattistella
Update Italian block templalte.html
version 5.5.3r
March to May 2023
Fix #773 - when blocking match is on an individual IP, match is
returned blank.
Add binary IP search to rooms feature
Merge pull request #772 from Arjow/v5.5
fixing error with uint32_t
Convert iprange and iprangemap lists to binary sort/search, remove
ip mask lists, convert IP subnet and CIDR to internal rangelist.
Fix #770 - only write blocked url to alert.log
Fix #768 - findInList() (and other search functions) may return
illegal address
Add rsync to docker image
Amend template config file to add missing set_storytrace and cover
issues raised in #761
Comment out debug lines and tidy Logger code
Based on pull request #763 by KDGundermann
Add missing E2LOGGER_warning macro
Tidy storyboardtrace logic in OptionContainer
Fix #761 - dockermode settings for access.log overwritten when
set_accesslog and loglocation missing from config file
Minor changes to e2guardian.cpp to clarify DEBUG_LOW usage
Fix #762 Inconsistent references to downloadmanagers
February 2023
Fixes
#759 Segmentation fault - Corrupted TEMPLATE returns
Possible Fix for #760
version 5.5.2
July 2022 to February 2023
Fixes
Amend Spanish translations
Fix bug #756 extension checking requires removal of cgi from url
Correct HOWTO_Logger.md
Re-add google translate site/url checking (translate.goog)
Merge pull request #748 from meyertime/v5.5buildfix
Fix build error AM_INIT_AUTOMAKE expanded multiple times
List definition option anonlog now only blanks URL
Fix bug #743 - logfileformat defaulting to 1 instead of 8 as documented
Comment out fancy and trickle download managers as these are not
supported in v5.5
Obsolete define terms removed from code and clean-up and autoupdate of
configure.ac
Partial work towards issue #731
Fix obscure bug with some lists - replace sort() with stable_sort()
and improve memory handling for lists
Fix bug #730 - large downloads in chunked format not completing
New features
UDP logging option added (based on code/idea by KDG)
Add SEMI-TRUSTED flag to logs
Add kiddle search terms extractor #739 refers
Add storyboarding, list definitions, message for TLD allowed
as suggested by Dalacor #733.
Note I have used allowedtldlist rather than exceptiontld. Exceptions
generally override everything but this list is used in blanketblock and
so will be overridden by exception site urls etc.
version 5.5.1
September 2021 to June 2022
Fixes
Update default values for connecttimeout & maxheaderslines
Fix #713 - raise upper limit to 2500 for maxheaderlines
Remove bionic (18.04) add jammy (22.04)
Fix bug #727 also added list test function self_check()
Fix bug in set_accesslog
Fix bug #720 - upper case search terms not blocked
Correct spelling in message 160
Fix bug #716 - proxyip being ignored
Major changes to socket and tunnel code to fix bug -
#714 - extra high CPU usage under high load
Fix bug #712 - message wrong when upstream connection fails
New features
Add regexpreplacelist to available lists for refererin state (SB)
Mime type stop feature - to prevent scanning of non-relevant mime types.
Category lists - category can be checked against category list
- new list type categorylist added
- new storyboard state categoryin
Response log option - when set logs all responses in separate log
Alert log - can be used by external process to email alerts/reports etc
- new storyboard flag alert
- when set log in alertlog as well as accesslog
- new storyboard action setalert
- storyboard modified so that categories that match alertcategorylist
are logged in atert.log.
December 2020 to August 2021
Fixes
- fix #686 icap default filtergroup is not set.
- fix #679 ICAP protocol error
- fix #678 -N reloads instead of stops with -q
- fix #646 - data maplist of more than 16 lines crash e2g
- fix #649 - set got_orig_ip in get_origianl_ip_port (by Raifeg)
- Fix #660 - revert to use of iostream for log files - fixes delay due to buffer issue in logger
- Fix #670 - request log not being written
- Fix #672 - Cert error not giving status page
- Fix #677 - exceptionfile test in wrong place
- Fix #683 - ports ignored in authplugin conf files
- Fix #684 - crash when only one entry in a maplist
- Fix #685 - uppercase domain in username never matches
- Fix #687 - slowness on browsing some sites - issue with new duplex tunnelling
New features
Add extracheckports option to allow loop checking when cache if front.
Add new semi exception lists and flag - allows reverse logic for selected sites
i.e. Trust a site - but block some urls within site.
Note: semiexceptionsitelist and blockurllist must be of the same type to work
so if site is in localsemiexceptionsitelist then block of url will only work if in localblockurllist
or if in semiexceptionsitelist the block of url will only work if in blockurllist
Add timestamp to debug logs, but not to syslog entries
Refactoring
OptionContainer variables reorganised (by KDGundermann)
version 5.5.0
October to November 2020
Bug-fixes to new IO
Secure TLS proxy added
March to September 2020
New features
Log rotation
New Logger/Debug integrated from coding by KDGundermann
IO (normal and MITM ssl) rewritten
- timeouts now honored when in MITM mode
Removal of support for pre v1.1 OpenSSL versions
Much code tidying
version 5.4.2
April to August 2020
Fixes
- Fix #619 When using x-forwarded-IP behind proxy MITM requests show wrong IP
- Fix #616 IP auth issue in ICAP mode
- Fix #609 .Include not working in e2guardian.conf
- Fix #607 Merge pull request #608 from KDGundermann
wrong file path for example
- Remove example .Includes for phraselists that are no longer in distribution
- Fix #602 - log timestamp records time log written
- Fix #520 - by-pass cookie generation and check does not match
New features
Add 'hook' calls and placeholder functions to common.story
Add pf-basic auth plugin - use when squid in front of e2g #620
Reorganize lists and example config files (#618)
Feature .Define LISTDIR <> and __LISTDIR__ insertion added #610
version 5.4.1
August 2019 to April 2020
Fixes
- Fix #469 - remove punctuation from within phraselists when read in
- Fix #493 - refererexception not working
- Fix #549 - wrong url in CGI block and bypass
- Fix #555 - improved embeded url detection
- Fix #565 - segfault when no write permission on generated certs directory
- Fix #585 - Bypass not working with mitm https
- Fix #590 - Storyboard parsing failing with trailing comments
- Fix #595 - MITM - block page not delivered when connection to site fails
New features
- Add Server Name to Block Page #560
- Auth list files moved into storyboard system - fixes #458
- Improve auth plugin logic - add per-plugin default group options
- On single list reading failure do not abort but check rest of config
- Tidy up request log output
- New usedashforblank option for logs
- Extended logs added (type 7 & 8) and -EXTFLAGS- added to block page params
- Add searchterms field to log types 7,8 - new logclientnameandip config flag
- Make consistant punctuation removal in NaughtyFilter
- Time based list and storyboard functions added - #529
- SB: Add timed blanket block
- SB: Add support for log-only function (logcategory flag)
- SB: Response HTTP header modification added & listenportin state added
- SB: Add #568 feature - give warning when defined list is not used
- New useoriginalip option - solves issues with some apps who use non-stqndard SNI.
- nomitm lists added for sites which refuse to be mitm.
- nolog lists added and actioned via new SB entry point - for clearer logs
- searchexception list added to override searchregexplist - so search complete
calls are not treated as a user search and give misleading denies on logs
Config changes
- Remove safelabel from bannedphraselist - does not appears to have been adopted on web
- Revised Phraselists added - #264 refers
- Phraselist tree now has language as top level
- Switch dstats on by default in config
- Update httpworkers comments re 32-bit systems
- All auth config files have changed - check sample configs
- Revised/new flags in e2guardian.conf
Definitions/Variables
- DG replaced by E2 in all directive and configure variables
e.g. DGDEBUG is now E2DEBUG etc.
version 5.3.4
January 2020
- Increase example maxcontentcachesize to make filtering youtube work
- Fix #565 segfault when no write permission on generated certs directory
- Fix #493 referexception not working
- Fix #549 - Url in CGI and bypass wrong in MITM
- Bug fix sigwait code for OpenBSD
- Amend example bannedregexpulrlist
- Fix #554 Override Search Terms not overriding weighted search term check
- Add request log option for diagnostics - see notes/LogRequests
and more ...
Version 5.3.3
July 2019
- Memory not released when startSslServer returns error #542
June 2019
- IE10/11 on Win7 reports 408/9 error on some sites #538
May 2019
- Fix segfault when corrupt SNI presented
April 2019
- Fix bug #532 - reverse IP lookup give random chars in log and segfaults
- Update comments in list files - as per issue #530
- Add support for reading openssl config files - new optional
e2guardian.conf params useopensslconf and opensslconffile
- Fix bug #527 - memory leaking when complied with openssl v1.1
- Loop detect code added - enhancement #523 -
Note that to activate loop detect 'checkip' lines need to be added to
e2guardian.conf, one for each ip the e2guardian system is listening on,
including loopback and any VIP used.
March 2019
- Fix #512
- Fix segfault bug #509
Version 5.3.2
March 2019
- SSLMITM source code clean-up - no logic or call changes
- Fix bug #514 - useragentin
- Fix ICAP error (with SSL denied) introduced in 5.3.1
Version 5.3.1
January 2019
- Fix bug with Firefox and SSL denied web sites (connection still opened, massive performance issue)
- Update ICAP client (tested with drweb AV)
- Add stealth mode (reporting without block) to StoryBoard mode
- Add new secure bypass mode (experimental)
- Better handling for non-tls and non-sni calls on transparent https
- Fix bug #490 modified URL not shown in log
- Fix bug #489 - exception file ext/mime type not working correctly
- Fix bug #486 - bypass cookie not being set in proxy mode
December 2018
- Fix for #485 related to #481 wrong upstream site called in direct mode
- Fix bug #481 auth exception being denied
- Fix bug #480 Ignore http 100 when no expect: 100-continue
- Fix bug #478 check searchterms always being called
- Fix bug #476 - only check when potential url is longer than 3 chars and contains'.'
- Fix bug #464 proxy auth issues
- Fix bug #475 Client Hostname blank in template
- Fix bug #473 ICAP mode: Wrong group in respmod
- Fix bug #465 Incorrect wildcard certificate validation
and more ...
Version 5.2.2
September 2018
- Reenable content regexp option
- Allow the ip authplugin to use the X-Client-IP header when using ICAP
- Fix bug #432 Block html page gets shown twice
- Fix bug #436 compilation bug with avast and kavscan
- Fix some lags with debugmanager
- Allow the ip authplugin to use the X-Client-IP header when using ICAP
- Update default template page (denied access)
and more ...
August 2018
- Add new per cent option of weighted phrase lists
- Global code review (remove gcc warnings)
July 2018
- Fix ICAP client - tested with f-secure and Kav4proxy -
- Fix bug #417 urlredirectregexplist doesn't work
- Fix bug #418 NTLM auth is not working
- Fix bug #410 segfault if "neterrtemplate=" doesn't exist in config
- Fix bug #414 compiler error caused by extra brace
Summary of changes in this release (v5.2) can be found in e2guardian.release
and notes/NEWIN_v5
Changes to E2guardian 4.x.x can be found in ChangeLog4.x
Changes to E2guardian 3.x.x can be found in ChangeLog3.x