WhatsNew Service Pack 975 for Artica 4.30.000000

FIX

  • ERROR: Can`t create temporary directory /var/lib/clamav/tmp during the Clamav databases update.
  • Compatibility issue for Active Directory DNS Cache with French Active Directory server.
  • Incompatibility with DNS Cache service and nis system configuration.
  • Could not handshake: An unexpected TLS packet was received for APT manager when using SSL with an Internet upstream Proxy.
  • Direct acls objects to deny using proxy parents are not applied to the proxy configuration.
  • Artica did not clean postgresql trace files.
  • Memcached was handled by systemd and was not started using correct parameters.
  • Unable to reset the Gold License.
  • Sometimes Artica generates error Helper: Generic [ArtCategories] issue! [action=emergency!]
  • Cannot display the Certificate signed Request content in the certificate center.
  • MySQL error for default values when using PowerDNS during new domain creation.
  • Increase performance and visibility on Security Reputation Network.
  • Masquerade interface are not applied when not using any proxy or firewall service.
  • Backup to NAS use the same parameters when using the cluster configuration.
  • Bad property warnings found in proxy events
  • statscom-error.log file was not cleaned and consume disk space.
  • PDF proxy reports stucks at 5% of progress.
  • Unable to upgrade system packages caused by clamav-freshclam and clamav-daemon
  • HotSpot template was not builded that cause guest clients was not redirected to the splash screen.
  • Artica is unable to stop and restart proxy service.
  • statistics Inconsistencies related to the MAC address which can be masked by the routers.
  • Artica did not checks Proxy ports after defines global parameters.
  • Unable to connect to VPN PPTP service using Artica as gateway ( see more information here )
  • Missing dependency of libbrotlicommon.so.1 for ICAP Scanner.
  • Too few processes for MacToUid proxy rule.
  • Import a certificat using a zip file did not import the certificat request and the private key.
  • Bad understanding between importing a specific Artica certificate backup file and importing the real certificate: change the buttons method to avoid this behavior
  • Upgrading the system did not upgrade the notification of softwares that must be upgraded.
  • Security hole discovered by Rheinmetall Cyber Solutions GmbH company. Using the Web-filtering page service allows to read any file on the system
  • Improve the progress task of install/uninstall in features section.
  • Unable to start NtopNG because new version 4.x require full installation paths.
  • nics_virtual table was not created.
  • exec.syslog-engine.php still try to connect to MySQL server.
  • Missing field AuthParentPort in proxy ports table
  • SPAN Interface is not visible as real ok STATUS and displayed as a specific interface.
  • TailScale Interface can be modified using the unix console.
  • TailScale network starts before the main network that break the network configfuration.
  • TailScale section is not protected by the VPN Manager privilege.
  • Certificate Center did not import CSR and Private Key in some cases.
  • Certificate Center did not parse CSR data (if provided ) in order to import correct certificate information.
  • Certificate center did not import RSA PRIVATE KEYs
  • Unable to Install DWAgent Service.
  • Artica did not clean /var/log/conntrackd-stats.log
  • Crash of SMTP events parser ( see more information here )
  • Too many events timeout on read select() in syslog according to Artica Category cloud.
  • Bungled in misstyped or missing outgoing interfaces in proxy acls.
  • Enforce syslog log file checking - remove if size exceed 1GB
  • Many logs : delay_pool 0 has no delay_access configured
  • ACLS checker notice the ALL object as empty that is expected.
  • Too much memory eating by exec.squidMins.php
  • Artica did not display memcached version.
  • Change Security Network feature to The Shields ( see more information here )
  • Issue in SMTP TLS while creating the private key - special thanks to Peter Sikkes ( see more information here )
  • Reload ICAP service will stop the service after few seconds, switch it to restart quickly.
  • Call to undefined function posix_getuid() in class.unix.inc
  • Unable to query correctly ICAP threats in the search engine.
  • Unable to search entry inside Proxy DNS cache table
  • Cache DNS Troubles when using the redis memory database. caused by records never removed, added a task that remove periodically the redis database
  • Reload command make the C-ICAP stop, now Artica use a quick stop/start for reload task
  • progress bar stuck when disabling SSL emergency
  • Cannot access to the Gold License section.
  • Web-filtering service consider as whitelist all sites if there an empy line in the whitelist database.
  • Rebuild the authenticator for RDS Proxy
  • A warning - outdated RDS proxy version - is displayed after upgrading to 9.x Proxy RDS Version.
  • Internal Error 379 on reverse RDS proxy service when using Active Directory.
  • Proxy bandwidth limiting was not correctly understood by administrators ( see more information here )
  • The Shields block some webistes categorized as Apple, Microsoft, Web plugins and Science Computing
  • Some website categories are not displayed in the realtime access events.
  • Maximum fildescriptors parameter is not always understood by the proxy service.
  • Artica did not check the Active Directory IP address parameter for an Active Directory connection
  • Several bugs for RDS Proxy service with Active Directory settings caused by python3 migration
  • Serveral customers forget to add networks in RDS Proxy rules. Add an explicit red text for this case
  • Possible bugs on top-right notifications icon about new available versions.
  • Upgrading RDS Proxy version did not compile again parameters that cause the authenticator not working.
  • minor bugs on RDS Proxy service authenticator
  • Cannot authenticate trough the RDS proxy login screen.
  • Not all PostgreSQL events are sent to syslog
  • Consolidate ACLs objects interface gameplay
  • Unable to download Maxmind GeoIP databases ( see more information here )
  • Webfilter client crash when proxy did not send its local port
  • Web filter client crash evertytime after the SP975
  • Sometimes the logfile tail service is not running
  • Minor data table issue on failover service
  • Sometimes the proxy did not authenticate kerberos users caused by an upgrade from 3.x
  • Postpone crowdsec support
  • Down the level of FATAL: Proxy is unable to connect to xxxx on port xxxx
  • Issue on callback shutdown on Proxy Watchdog service.
  • The Shields deny requests when Artica put websites into cache
  • Some option in The Shields feature are not saved.
  • Unable to send test SMTP in Web filtering rules.
  • No backup watchdog for log viewer service.
  • In some cases the proxy refuse any connection because the final rule is deny by default.
  • Minor bug fixes in the failover feature.
  • Wrong regex pattern in The Shields categorization cache
  • multiple same rules in iptables when using Proxy in transparent mode
  • Time synchronizing is not perform when using the Active Directory as NTP server ( see more information here )
  • Sometimes it is unable to upgrade the system caused by clamav updating processing.
  • Rebuild the external_acl_first plugin for better peformances ( beta 1)
  • Display The Shields icon instead of text in the proxy realtime monitor.
  • Wrong display in the Cache management section.
  • Proxy issue on no_suid
  • Artica uninstall NetData service after Installing the service
  • Proxy Requests are denied for Office Network acl when using local LDAP authentication method
  • Artica status Daemon crash after Service Pack 327
  • Finishing NetDATA compliance
  • Unable to update clamav updates with 0.104 new clamav version.
  • Several bugs found by CybarWorks company ( see more information here )
  • SQLite error database schema has changed
  • The Shield was in debug mode by default that causing stressed CPU.
  • New "Centralized" The Shield beta 2
  • The Shields statistics are stopped since SP975
  • Graph of number of DNS queries was not working
  • The Shields icon set in red when there is no block by the Shields
  • Bandwidth icon is not correctly displayed on the realtime access log
  • The Use of basic Authentication on Local LDAP fature is not enabled on proxy side.
  • Whitelisted sites from The Shields detected threads did not working
  • Global Whitelisted sites are not correctly understood by The Shields when pattern start with a dot.
  • An Artica with a Gold Licence cannot unlock The Shields server parameters form.
  • Security hole on cyrus.events.php - special thanks to researcher357
  • Loop on a widget in the Dashboard
  • Log rotation issue when using HaCluster on access events ( see more information here )
  • The Shields save whitelisted sites as threats
  • The proxy ACL finally allow all did not working as expected
  • issue on category service section that loading and stress the proxy.
  • Increase The Shields performance
  • Troubles and CGuard categories queries
  • Whitelisting with Office365 macro make issues in the ACLs checker
  • Active Directory Authentication whitelist did not working as expected ( see more information here )
  • Local The Shields engine was not used that make unecessaries DNS queries.
  • Generate a support tool stuck if some logs files exceed 1GB
  • Uncaught ArithmeticError: Bit shift by negative number when calculating netbit of a network mask
  • Wrong support tool for DHCP server
  • Cannot add an inboud domain without relay address in SMTP service.
  • SMTP healthcheck in failover service.
  • Cannot enable TLS remote support on artica SMTP relay
  • Authentication Whitelist did not accept correcly defined patterns.
  • Artica turn to emergency if proxy claim of Cannot allocate memory, it is changed with a quick service restart
  • Change filedescriptors values settings to a multiple of 64
  • tweaks on The Shields performance.
  • Authentication using local LDAP did not allow whitelisted websites
  • Some Whitelisted websites are not totally applied.
  • sometimes, the shields lost DNS configuration that make periodically categories search to unknown mode.
  • Unable to understand the way to install The Shields as it is already installed
  • SMTP notifications did not work as expected
  • Unable to start The Shields service.
  • Unable to start The Shields service.
  • Unable to make The Shields binding an external network Interface
  • Too much long time for installing Synology backup client.
  • Administrative requests pass trough the parent proxy that causing broken TCP connections
  • Extend partition did not correctly perform a resize2fs
  • Some SQLite tables are not created because Artica did not detects missing tables.
  • Sometimes The Shields did not parse queries.
  • Tables creation in IDS service.
  • Proxy ACLs are not builded since Service Pack 401
  • Unable to modify ICAP antivirus template ( see more information here )
  • Updating IDS servide for 4.19.0-18 Debian Kernel.
  • The Shields categories compile crash when encounter standard PostreSQL error
  • Artica try several times to install php7.0-sqlite3 on Debian 9.0
  • Change trust password failed when using NTLM method with the proxy ( see more information here )
  • Active Directory NTLM status watchdog is not performed periodically.
  • Error in syntax or out of memory when tries add a new dns record in unbound
  • Possibility to return back to proxy version 4 ( see more information here )
  • local Port conflict between proxy watchdog and the winbindd process
  • Artica did not restore the correct value for filedescriptors of the system.
  • More tuning in order to avoid proxy filedescriptors issues.( see more information here )
  • Unable to install dstat local package.
  • Personal categories displays CGuard categories even the if Hide Officials Categories option is active
  • Whitelists from The Shields did not working when using the Web-filtering engine.
  • Remove the "Enabled" function in The Shields as The Shields is always enabled in all cases.
  • The Shield did not allows whitelisting if it is not enabled as the enabled function did not exists
  • Sometimes, the logger engine is not correctly initialized in The Shields Daemon
  • many "NONE/000 0 NONE - -" events in HaCluster requests.
  • IndexError: tuple index out of range in The Shields
  • SQL error while creating DNS Firewall example rules.
  • Fatal system Exception while compiling categories when there is no parameter in command line
  • Unable to download Clamav Database because target directory is a file.
  • Segmentation fault when stopping, restarting, starting proxy service.
  • Artica Web interface console is restarted each 5 minutes when Web service as been installed and uninstalled.
  • Artica did not check availability of python-redis for manual installation
  • Artica did not check availability of lighttpd for manual installation
  • Artica did not check availability of php-mysql for manual installation
  • Artica did not check availability of php-sqlite3 for manual installation
  • Infinite loop when booting the server if the final wizard did not perform properly the installation. ( during manual installation )
  • Artica is unable to build network caused by missing MySQL php library that is not necessary
  • Failover feature installation stuck at 5%
  • Failed over feature installation
  • Rebuild totally the Statistics daemon service and add more debug information ( see more information here )
  • Automatically disable unecessary Mosquitto service.
  • Uncaught TypeError: Return value of duplicated_tokens() when configuring the Web service.
  • Error: Call to undefined function posix_getuid() on the framework when upgrading PHP engine.
  • Urls too loog that expand the web page design on the proxy active connections monitor
  • The Shields crashes when calculating users
  • Increase net.core.somaxconn to 2048 as default To avoid Error 11 Resource Temporarly unavailable on The Shields
  • Proxy stare all sites when enable SSL decrypt on proxy.
  • The ACL categories load an external plugin that is no longer used with The Shields daemon.
  • Memcached status screen design.
  • DNS Firewall must connect to 127.0.0.1 to the Shields instead of Unix socket
  • The Shields query tool must connect to 127.0.0.1 to the Shields instead of Unix socket
  • The Watchdog must check 127.0.0.1 Shields socket instead of Unix socket
  • The upgrade Artica procedure must restart theshields service and reload the proxy service
  • The Shields Crash #1
  • Old token block The Shields to not query the Artica cloud service.
  • Add timeout on sQLite I/O operations
  • The Shield crash #2.
  • Rules inj proxy parents did not reflect expected order
  • The Thields when using categories only new features.
  • Remove the Shield class did not remove all items.
  • Bungled caused by acl KeepSSL ssl::server_name
  • Add possibility to save SSL certificates generated by the proxy in memory.
  • DNS Firewall did not want to query The Shields for categorization.
  • Disable a group in ACLs will disable the group on all acls.
  • Unable to access to Artica Web console when using a strict parent proxy.
  • The Shield issue when enabling "Only fro queries" and "Logs queries" in The Shields client
  • The Shield issue when no MAC or no IP address is sent from the proxy service.
  • SMTP service crash to non integer SSL switch defined.
  • Artica is unable to perform Artica Statistics Migration.
  • Fatal error when compiling categories.
  • cicap_sandbox is not created before access to the status table.
  • Issue on Artica Stats migration
  • Some update errors when using the system update
  • Minors bugs and reviewed DNSSEC methods in PowerDNS ( see more information here )
  • Remove depreciated configuration token local-ipv6 that make the PowerDNS service unavailable on 4.5.2 version
  • Unable to start new PowerDNS version 4.5x with the following error One of the backends does not support zone caching
  • Strict-Transport-Security header is added twice in reverse-proxy configuration
  • Sometimes the reverse-proxy claim that modsecurity_rules_file does not exists when enabling WAF engine
  • notification to update The Shields client cannot be removed.
  • crash on some URLs in The Shields
  • The Shields did not block any detection from Artica Engine.
  • Saving global options in reverse-proxy will remove rules generated in this section.
  • Unable to enable HTTP/2 on the reverse Proxy.
  • Searchs in DHCP events, leases, requests is not correcly understood, the search engine as been simplified.
  • Unable to connect to the Active Directory using Kerberos in HaCluster mode - since Service Pack 500
  • The Shields logs are not added to the support tool.
  • The Shields Client is enabled in both method - Web filtering and ACL method
  • Web-filtering crashes when parsing a default None rule.
  • If WAF is not installed, the listed server did not display WAF sticker
  • Crashes of proxy plugin categorization and The Shields client engine.
  • TheShields client use the proxy to connect to TheShields server
  • Web-filtering did not care about the login user
  • Client continue to analyze the Web-filtering without username
  • Web-filtering did not send the correct protocol to the proxy.
  • Web-filtering is disconnected from the proxy service by the Service Pack 597.
  • HaCluster incompatible with Cisco Webex meeting
  • Artica did not perform the log rotation of the Load-balancer service.
  • Unable to add a record on DNS Cache caused by the prio field.
  • Modify settings in PostreSQL database did not restart the local service.
  • Reverse-Proxy crashes on the Cluster client due to the bind network interface issue.
  • Compiling websites take too long time when building all websites
  • Reverse-Proxy WAF events are replicated when using reverse-proxy in cluster mode.
  • Unable to search by ruleid or domains in WAF threats section.
  • Enable to export the whole certificate database in Certficates Center.
  • Recover the database when encounter "file is not a database" issue when importing a PFX certificate
  • Remove serve-expired-client-timeout in DNS Cache service
  • Crash on Web-filtering when receive connection error from Web-filtering error.
  • some Internal HTTP requests are not whitelisted by the web-filtering engine.
  • If there is no personal category to export, the cluster will replicate the whole PostgreSQL database.
  • White-listing to authentication did not working on Proxy service caused to reversed ACls.
  • Wrong checkbox in use Local Proxy on WebCopy
  • Unable to define protocol in Filebeat configuration
  • Missing SN.png,ERR_PROTOCOL_UNKNOWN, error-details.txt files when reloading proxy service.
  • Whitelist issue with Web-filter service
  • ressources/categorizeclass.so line 3478, in get_category_perso KeyError:
  • K5start did not start in HaCluster method.
  • Sometimes /etc/postfix/bad_recipients.db is not compiled in SMTP gateway
  • Authentication issue when using plain text on a remote peer in the SMTP gateway ( see more information here )
  • NameError: global name 'GET_INFO' is not defined when using categories cache on the proxy plugin.
  • Whitelists are applied in the wrong format
  • EOFError in ressources/categorizeclass.so when loading cache database
  • Firewall rules are not flushed when modify proxy transparent ports
  • The Shields did not deny detected threads.
  • Process#012UnboundLocalError: local variable 'VIRTUAL_USER' referenced before assignment on The Shields Client
  • Fix ThreddSrnObject instance have no attribute when using speed mode in The Shields
  • catogoryclass.so crashes when privileges is not correctly set for the local cache.
  • Artica did not resolv categories when host is not resolvable
  • The Shields clients are not killed from memory
  • The Shields Crashes when using "Speed Mode" in Connector.
  • Unable to compile ACLs with Active Directory enabled since SP975
  • False alarm on wrong configuration in Artica Statistics since SP975
  • Unable to access to events system since SP975
  • Unable to install Categories Cloud service.
  • Artica watchdog is unable to uninstall The Shields Daemon.
  • Fix: Security hole found by Jordan Miles
  • DNS Load-balancer is not monitored by Artica.
  • Artica did not understand OpenSSL version for Cipher configuration.
  • Load-Balancer crashes caused by no items set in cache configuration.
  • WCCP cannot be displayed in Community Edition
  • HaCluster is not compatible with new version 2.2x branchs or above.
  • Artica take care about the OpenSSL compiled with nginx for the Ciphers list on the reverse-proxy service.
  • Sometimes the unicode.mapping is corrupted during complete reverse-proxy reconfiguration
  • Warning during boot when enabling Bottleneck Bandwidth and RTT kernel feature.
  • Web interface going crazy when displaying the SandBox connector section.
  • False alarm on filedescriptors notifications.
  • SQL Error on debian_packages table
  • Missing jquery.peity.min.js from Service Pack 671
  • bad addr or host: None (Name or service not known) on OpenSSH server caused by a wrong IP format
  • Redirect HTTP connections to HTTPs connections did not take care about the listen interfaces defined in reverse-proxy.
  • Unable to access to HotSpot sessions management with HotSpot Manager rights
  • Bungled proxy configuration when using HotSpot service and Active Directory
  • SMTP engine error when ssl is not configured.
  • ACLs issues on the Universal Proxy service.
  • Proxy acls checker will not longer claim of empty acls objects.
  • Web-filtering connector - invalid literal for int() with base 10: none when using a none rule
  • Web-filtering connector - NameError: global name WEBFILTER_RULE_NAME is not defined when using a none rule
  • Filtering menu is displayed when only using SMTP service.
  • Web-filtering connector: NameError: global name filename is not defined when writing threats
  • Exception on the Web-filtering client if Web-filtering server return nothing.
  • Artica Status Daemon crashes since SP975 ( see more information here )
  • Preventing sometimes register a license cause loop in register processing.
  • Unable to restore backuped PowerDNS data
  • wrong characters added when insterting a new domain in PowerDNS.
  • Duplicate domain in host when adding a new NS record in PowerDNS.
  • Statistic collector of WAF events crashes and did not populate SQL tables.
  • Unable to Activate Kerberos authentication when using the single Kerberos method
  • Unable to start/restart OpenVPN service using the webconsole.
  • DNS Firewall cannot start if there more than 2 DNS servers in default configuration.
  • Wrong pattern in DNS Firewall listen address when using multiple network interfaces
  • Wrong configuration on Artica Web console service since SP975
  • Unable to save Proxy parents general parameters
  • Do not use the proxy and Always use direct acls rules are not applied when using parent proxies.
  • Some Web application Firewall whitelists make the reverse-proxy crashing.
  • Too many files *.conn.err generated that loading the server
  • Loop on SQL errors collector that perform a loop and turn to unstable server ( only if server encounter disk performances issues )
  • e2label process take a loop and long time to process ( only if server encounter disk performances issues )
  • Unable to change password of an LDAP member
  • Privileges Allow Add Group or Allow Add user only can access to the web console.
  • Unable to add rules in whitelist for Web Application firewall rule
  • Disconnect memcache daemon stop/start script from systemd.
  • Web Application firewall internal error did not deny accesses to web sites.
  • Web Application firewall XML parsing error did not deny accesses to web sites.
  • Unbound Array error in The Shields Client when using Web-filtering method.
  • bound error on array on proxyport in The Shields Client.
  • Wrong Status for StatsCom missing netcat-openbsd
  • Error Run Clamav Updates pattern missing each 3 minutes.
  • Fix icap error in logs Unknown syslog facility/priority
  • parse_delay_pool_rates: Ignoring pool 0 not in 1 .. 2 in ACLs bandwidth
  • Wrong URL compiled on the new Web-Filtering feature.
  • Unable to display DNS events when DNS Cache service and the Proxy service are installed.
  • Modify watchdog on DNS services in order to prevent false alarms and multiples DNS restarts.
  • Default Firewall DNS redirectors are pointed with eDNS that has been refused by Public Google DNS.
  • False alarms on the PostgreSQL watchdog monitor.
  • Duplicate whitelisted unique id in Web Application Firewall
  • Trust an item inside My Network did not restart Fail2ban for whitelisting
  • Some Web Application Firewall rules in phase 1
  • Proxy service did not use parents proxy when using load-balancing method.
  • Overloaded system and low reloads when add more than 20 websites with Web Application Firewall.
  • Whitelist apth from Web Application Firewall, break the reverse-proxy root.
  • Too long time to compile sites in Web Application Firewall
  • Proxy will not logging if there an acls that deny log with a disabled object.
  • Artica did not take care about the bundle field act as Root CA for SSL Client verification
  • Rebuild totally the client certificate procedure.
  • Unable to start a transparent backend trough the HaCluster interface section.
  • missing go-shield-server binary
  • unbound-control[38287:0] fatal error: could not exec unbound: No such file or directory
  • Unable to save weight in HaCluster
  • Unable to migrate to Go Shields server.
  • Logon page username field is limited to 20 characters
  • Issues on Go shield server
  • Language parameter is not restored with the new login design page.
  • Sometimes the watchdog did not find the memcached PID number
  • auto-generated proxy certificates are not parsed by Artica.
  • ps_mem and percpu process consume load, change it to daemon.
  • Artica enables The Shields reputation by default that is not required.
  • Performances on Statistics Communicator. The daemon as been totally rebuilded. Redis server is no longer used.
  • go-shield-server did not have chmod 755 after upgrading from 4.30 SP206
  • FATAL: Bungled /etc/squid3/external_categorize.conf
  • unable to replicate personal databases in cluster environment
  • Unstable Google SafeSearch in DNS firewall
  • Issue shields sends PASS, WITHILIST,.. to statistics
  • Minor bugs fix in bounding
  • Minor bugs fix in hotspot
  • Sometimes the proxy access.log is freeze, a new watchdog is created.
  • Unable to connect to the Active Directory with wizard and HaCluster.
  • DNS Load-balancing for the Proxy service limit only 10 DNS queries per second.
  • Daemon monior failed to start with Active Directory REST service in SSL mode
  • DNS Load-balancing for Proxy was unstable caused by the eDNS.
  • Unable to install/uninstall The Shields service.
  • Unable to uninstall Web-Filtering feature using the widget.
  • The Filtering service is not necessary in HaCluster environment
  • Unable to move correctly destination proxies in Proxy.PAC rules.
  • Missing informations in Admin Track events by syslog.
  • Missing Admin Track notification in failed logon on the Web console
  • Unable to restart Proxy-pac service.
  • Proxy-pac service did not increment the connections counter
  • False alarm on rsyslog software update notification caused by a wrong version calculation.
  • HotSpot service is not correctly linked to the proxy after installation.
  • Testing ldap connection failed on Active Directory class caused by ldap/ldaps format.
  • Ticket 861, Web service did not start after SP975 (see more information here )
  • Unable to create an encrypted Artica Snapshot.
  • Unable to save Network restrictions in DNS Firewall.
  • Cannot start DNS Load-balancing service for Proxy service
  • 100% CPU of dstat process that sometimes parse large and old statistics files
  • Zombies created by the go-exec daemon.
  • Issue while getting OpenLDAP server version.
  • Filedescriptors not correctly applied when using Proxy service v5x
  • Remove the limitation of max 300 000 filedescriptors in proxy service.
  • CVE-2022-37153 ( see more information here)
  • Clamav Daemon cannot start because AppArmor block the unix socket creation.
  • Proxy ICAP service cannot start because no available free inodes in /dev/shm
  • Cannot display Web filtering error page with error code 500 after Service Pack 887
  • Some AppArmor events as false alarms are displayed when executing ntpd
  • Using regex pattern in Do not cache proxy ACLS in order to avoid conflicts
  • Add Kerberos authentication and HotSpot network make the proxy service unavailable.
  • New login page have a password limited to 16 characters.
  • Realtime SMTP Monitor did not parse UTF-8 subjects.
  • Realtime SMTP Monitor table did not take care of column width.
  • Realtime SMTP Monitor installation did not install syslog configuration.
  • Unable to click on "investigate" tab after SP975
  • Restarting Proxy service did not apply file descriptors especially on Proxy v5.x
  • Reconfiguring network using the Unix console did not rebuild OpenSSH server service.
  • Realtime SMTP Monitor did not display full time.
  • Removed PowerDNS menus since last services pack.
  • Search engine in DNS records did not work as expected.
  • Unable to send SMTP notification if no authentication is defined in settings
  • Sometimes system upgrade failed with /etc/group.lock /etc/gshadow.lock /etc/passwd.lock
  • Unable to displays Active Directory members and groups after update to latests service packs.
  • Unable to start monit - Artica did not pay attention of the local ports conflicts
  • Sometimes Artica did not detects disks and warn that disk are not linked to boot loader.
  • ArticaStats did not understand events sent by a Proxy with multiple processors.
  • Conflict with systemd some "start-stop-daemon process" using 100% CPU.
  • Conflict with systemd sometimes snmpd is started and took 100% CPU.
  • Test Categorization feature and Re-Categorize query the Shield Server
  • Auth logs deamon memory crashes after debian updates, moving code to go deamon.
  • Local DNS Cache service did not work when the IP of the server is a public IP address.
  • Advanced drop-down lists are not disabled when form is disabled.
  • auth-log service cannot start.
  • Go-shield daemon cannot start when no active directory defined
  • auth-log service and letsencrypt-plugin cannot start.
  • Go-shield server creash when usign only LDAP server
  • Go-Shield server did not allow Gold License.
  • auth-log is a part of openSSH server, remove/install it automatically when needed.
  • Sometimes cluster packages are not owned for the Web console service.
  • Daemon monitor crashes when the 2 network interfaces have the watchdog enabled.
  • Go-exec Daemon have some issues while executing auth-log daemon.
  • List of objects section did not understand Group of Objects acl object.
  • Remove existing /bin/go-* binaries and moved all the services to /usr/bin
  • Minor bugs in kibana, elastisearch and filebeat
  • Buttons of ACL disapears when using Group of rules in the Proxy ACL section.
  • Artica did not take care about no port with SSL used and the defined certificate that causing issues en reverse-proxy.
  • Latest Load-balancer version is not compatible with the Load-balancing for parent proxies ( see more information here )
  • Unable to to select an automount connection ( see more information here )
  • Reverse-proxy understand that only setting a certificate will make all ports using SSL.
  • HotSpot did not parse HotSpot allowed networks.
  • Cannot save Only executed by schedule option in Legal logs section
  • Cannot save Legal logs options if a crypt password is not defined.
  • Disable a reversed-website did not affect the main daemon.
  • Unable to restart openSSH daemon using the Web-console
  • Artica system events are not parsed and added into database. ( https://bugs.articatech.com/show_bug.cgi?id=333 )
  • Unable to upload the kerberos ticket in haCluster.
  • Reset parameters did not clean all settings in HaCluster.
  • Restarting OPenSSH service using the web console report failed as the service is correctly restarted.
  • Sometimes logs cleaning generated by the Syslog engine is not performed, adding a task to force this operation every day at 05:30
  • Refresh Network rule page display a blank page.
  • Code cleaning in network class
  • kernel.hostname and kernel.domainname are not correctly converted when changing the system hostname
  • Filtering service generates error 004 when using Proxy version 4.x instead proxy service 5.x
  • 25 improved securities default parameters as been added.
  • SSL rules are always stamped as inactive that is false.
  • Incorrect proxy configuration on HotSpotNets acl where no HotSpot network has been defined
  • Panic: interface conversion: interface {} is string, not int for the Proxy LDAP Group plugin
  • Panic: interface conversion: interface {} is string, not int for the Filtering service
  • Minor issues for ufdbguards engine for the Filtering service
  • Remove /var/log/rsyslog.error.log that using too much disk space Filedecriptor > 4096
  • The local DNS Cache service make the network failed to create the default gateway
  • Artica cluster slave did not apply file descriptors correctly if it was defined by the master server.
  • Typo in proxy acls that generates a bungled configuration on --------FTP string.
  • unbable to configure DNS Firewall and DNS Cache service.
  • Wrong information made by the Web console on the used DNS by the proxy service.
  • double-check on the local DNS cache service about the use of 127.0.0.1 and double entries.
  • Somtimes, formatted text area fields do not display the content until the user clicks inside the text box
  • k5start did not running when using NTLM method - wrong monitored keytab
  • Unable to configure settings on the NTLM watchdog.
  • Reconfigure ICAP service options disable the use of Antivirus.
  • DNS Firewall cannot start caused by old instances of DNS Cache server - kill old instances before start service.
  • Sometimes, the right-top side-bar cannot be displayed.
  • clamav.artica.center: Remote HTTP Service Unavailable: 405 Not Allowed ( see more information here )
  • 530 5.7.0 Must issue a STARTTLS command first on a remote relay that enforce SMTP TLS in Artica SMTP
  • Wrong and garbage records created when creating a new domain in PowerDNS edition.
  • Creating a new DNS domain did not close the windows Popup.
  • Creating a new DNS domain did not refresh the table.
  • Remote path backend in Reverse-proxy did not take care about the root path

ADD

  • Possibility to Add a Caching Active Directory records From an Active Directory Connection ( see more information here )
  • Dedicated menu console for SSH service.( see more information here )
  • Monitoring and compatibility of Microsoft Hyper-V virtualization.
  • Security Reputation Network beta 1 (see more information here )
  • Possibility to list all open ports on the Artica server ( see more information here )
  • Possibility to display Proxy statistics daily disk usage ( see more information here )
  • Dedicated section for the log files and statistics retentions ( see more information here )
  • Possibility to import or export Proxy statistics database ( see more information here )
  • Possibility to manually remove statistics data by retention. ( see more information here )
  • Possibility to display events about log files cleaning and retention data cleaning.
  • Possibility to exclude reverse PTR resolutions and queries to specific domains in DNS statistics.
  • Possibility to install/uninstall userspace ARP daemon
  • New wizard "Gateway mode" to allows installing Artica on limited hardware ( see more information here )
  • Watchdog on cgroups php limitation.
  • Possibility to created a simplified and quick DHCP service by Network interface ( see more information here )
  • Possibility to bridge network interfaces using Proxy ARP method ( see more information here )
  • Possibility to add multiple network addresses in SNMPv2 network limitation.
  • New feature Dynamic routing as OSPF protocol support ( see more information here )
  • move URLHaus and NoTrack feature to the SRN feature.
  • Possibility to global exclude domains from the use of any parent proxies. ( see more information here )
  • 2FA authentication for both SSH service and Artica Web console. ( see more information here )
  • Double verification for clone detection.
  • function that scan suspcious files for malwares scanning on the ArticaBox itself.
  • Possibility to send Proxy realtime events to several syslog servers ( see more information here )
  • Beta of TailScale VPN feature.
  • Beta of Synology backup client.
  • Support of Synology Active Backup for Business client ( see more information here )
  • New Proxy ACLs Checker ( see more information here )
  • Possibility to change the name of the certificate in the certificate center section.
  • Possibility to modify the TCP Keepalive Timeout on proxy port ( see more information here )
  • Possibility to link Artica Proxy to Kaspersky Web traffic Security ( see more information here )
  • Possibility to switch to Proxy version 5.x or 4.x branch
  • Display ACLs rule names in realtime proxy events ( see more information here )
  • Notification of new memcached version on the dashboard.
  • New memcached v1.6.10 available for both Debian 9 and Debian 10
  • New Squid Cache v5.1 available for both Debian 9 and Debian 10
  • Automatic install of new Debian package unrar and p7zip
  • More statistics for The Shields graphs section.
  • Possibility to perform fast stop,start,restart proxy service in proxy status section
  • Release of Kasperksy SandBox integration ( see more information here )
  • More description / Information on Host Forgery issue ( see more information here )
  • The Shields can be switched to be an object of ACLS rule ( see more information here )
  • Improve Proxy SSL initialize task
  • Ensure compatibility with the new version 9.x of the RDS Proxy, older versions will be not compatible.
  • Community Artica version on the RDS proxy service will limited to maximum simultaneous connections.
  • Possibility to quickly connect to the RDP target ( see more information here )
  • Possibility to turn the RDP service and the Authenticator in debug mode.
  • Possibility to disable the RDS Proxy login screen ( see more information here )
  • The Shields is upgraded to 10.0 version this new version stores more than 25 000 trackers sites in local cache.
  • Possibility to see more information here that passed trough the bandwith limitation ( see https://wiki.articatech.com/proxy-service/monitoring/monitor-bandwidth-rules )
  • Now RDS Proxy service is able to query directly Active Directory DNS in the case of the Artica server did not have the target Active Directory as primary DNS server
  • Possibility to create a bandwidth rule without any limitation in proxy bandwidth limitation acls
  • Top-right notification on new RDS Proxy service version.
  • Possibility to perosonalize RDS proxy error messages.
  • Status in RDS Proxy status page
  • DNS Firewall feature alpha 1
  • DNS Firewall Feature alpha 2
  • Possibility to launch installation of mandatories modules in status
  • Failover support.
  • DNS Firewall Feature Beta 1
  • DNS Monitoring tool for better help proxy performance DNS settings.
  • Support of use-caps-for-id in DNS Cache service. ( Feature called Increased DNS Forgery Resistance )
  • DNS Firewall feature RC1
  • Possibility to download the "The Shields" events logfile
  • Possibility to set a default page inside a reverse-proxy site ( see more information here )
  • Rebuild the ITCharter internal engine for better performances
  • ITCharter is now Cluster aware
  • Handle k5start error getting credentials: Preauthentication failed in syslog
  • ITCharter Active Directory Alpha1
  • ITCharter with Active Directory Filter feature release candidate 1
  • Whitelisted adservice.google.* in The Shields when allowing Google Advertising option.
  • Specials checks on DNS Quality servers when using Artica Categories or The Shields features.
  • Possibility to disable the Artica resolve operation when using Kerberos authentication ( see more information here )
  • Turn Kerberos method into emergency mode if "Local hostname could not be determined. Please specify the service principal" is discovered
  • New Reputation service engine "CGuard" inside The Shields and Categories service.
  • New testing procedure for Kerberos Authentication method
  • Increase performances of whitelisting and The Shields plugins
  • Automatic updates of Artica proxy plugin especially for MacToUid
  • Possibility to send syslog daemon events to remote syslog server.
  • Merge The Shields with external_acl_first for better performances.
  • Possibility to define Authentication methods preferences ( see more information here )
  • Possibility to stress any proxy server in order to see more information here and evaluate the pre production ( see https://wiki.articatech.com/en/proxy-service/tuning/stress-your-proxy-server )
  • Performances settings for proxy external modules.
  • New "Centralized" The Shield beta 1
  • New "Centralized" The Shield Release candidate 1
  • The Shields use it's own memory cache management for better performances.
  • Support of proxy version 5.2
  • Possibility to dynamically flush the shield cache.
  • Possibility to find requests in the legals logs section. ( see more information here )
  • Status of cached items in The Shields.
  • Improve cache reset action in the Shields.
  • New kerberos ticket renewal procedure that running at 04:45 each day
  • Performances charts for the proxy memory usage ( see more information here )
  • Monitoring function for the proxy filedescriptors value
  • Possibility to generate a support-tool for the DHCP service ( see more information here )
  • Possibility to export the generated DHCP configuration file that cause issue on DHCP service
  • Central SMTP notifications beta 1
  • Possibility to send all syslog events to a remote syslog server.
  • Central SMTP notifications beta 2
  • Central SMTP notification Release Candidate 1
  • New watchdog on expired certificate issue.
  • Possibility to set a VLAN Interface for the DHCP server listen address.
  • Watchdog on proxy service memory usage ( see more information here )
  • Possibility to create a real load-balancing with parents proxies. ( see more information here )
  • Possibility to manually query the Shields server ( see more information here )
  • Possibility to enable Proxy service to debug level 5
  • More verifications when installing ClamAV SecuriteInfo databases.
  • Disable Proxy update notification if the available major proxy version is different than the installed proxy version.
  • Extract cron daemon events from syslog to /var/log/cron.log
  • Artica is now able to categorize remote public IP addresses especially when running artica as transparent proxy.
  • Performance statistics such as CPU use in percent, memory usage, Load, file descriptors and connections Tracking.
  • Auto-installation of performances statistics.
  • Local Virus detection of BV:Miner-GZ [Drp]
  • Possibility to set a personal category act as a global whitelist ( see more information here )
  • Number of proxy members and statistics of the proxy number of members.
  • Watchdog on specials characters when inserting proxy requests and PostreSQL database
  • Possibility to connect the HaCluster to the Active Directory using a wizard.
  • If the Load-balancer renew kerberos certificate, the nodes will be updated automatically.
  • Possibility to enable a DHCP service for a VLAN interface ( see more information here )
  • DNS Firewall using the same proxy method to query The Shields server.
  • DNS Firewall events by default.
  • DNS Firewall write all events inside PostgreSQL database
  • Possibility to query DNS Firewall events saved in PostreSQL database ( see more information here )
  • Possibility to perform apply operation in DNS firewall rules section.
  • Statistics of the DNS Firewall about the number of queries and the number of users.
  • Possibility to filter google authentication by domain ( see more information here )
  • Monitor proxy behavior with an external URL ( see more information here )
  • Possibility to import a PKCS7 certificate ( see more information here )
  • Memory cache for the Shields Client.
  • Possibility to define the value of net.core.somaxconn in the Shields Client.
  • Internal Cache in the Shields.
  • The Shield Emergency mode remove completly The Shields in proxy service.
  • Possibility to use only the Shield Client as categorization.
  • Count the number of cached items.
  • Status of Proxy Parent rules in order to see more information here there are really applied to the system.
  • multi-process and multi-threads engines for The Shields Client and Daemon.
  • More errors explains in proxy requests events ( added to SP206 in HotFix )
  • Possibility to remove an header with the reverse-proxy ( see more information here )
  • Possibility do duplicate headers rules in the reverse-proxy service ( see more information here )
  • Possibility to upgrade TailScale Service using the system update package manager ( see more information here )
  • Possibility to duplicate gzip compression rules in reverse-proxy.
  • Possibility to install the WAF for the reverse-proxy in the features section.
  • Possibility to quick add computers items in events, leases and requests tables.
  • New section that allows creating rules to remove HTTP headers in the reverse-proxy service
  • Possibility to set TheSields cache database removal task.
  • Beta 1 merging The Shields and Web-filtering service.
  • Possibility to disable the SSL cache.( see more information here )
  • Possibility to not display proxy error pages using SSL decryption. ( see more information here )
  • Possibility to remove the Kibana and ElasticSearch softwares from the disk ( see more information here )
  • New "Expert mode" feature for PowerDNS system ( see more information here )
  • The Shields with "Only categorization" use dirdectly cloud DNS servers
  • K5Start daemon is detached from syslog for better troubleshooting.
  • Possibility to use local officials categories and increase speed for categories ACLs. ( see more information here )
  • Possibility to tune timeouts for HaCluster service ( see more information here )
  • 10% of Portuguese translation.
  • Possibility to disable WAF rules globally ( see more information here )
  • TheShields Client us fully multi-threads
  • Possibility to use the Artica Cloud categories Service - same Artica 4.30 SP206 method ( see more information here )
  • WebCopy feature on Reverse-Proxy beta 1
  • Possibility to whitelist rules from the Web Application Firewall
  • 20% of the Portuguese translation.
  • Possibility to schedule the WebCopy task for each website.
  • Notification on the top-right that claim if the Web-Filtering is disconnected from the proxy service.
  • Webfilter policies can bypass all the web-filtering policies including The Shields too.
  • Possibility to use a remote PostgreSQL server
  • Possibility to import Web-Filtering databases and settings from an old Artica 3.x snapshot container.
  • WebCopy general section.
  • Quick links in routing tables rules
  • Possibility to view and send to kernel events to remote syslog.
  • Possibility to synchronize Web Application Firewall default rules
  • Possibility to delete Web Application Firewall threats by rule ID
  • PostgreSQL database Maintenance operation ( vacccum and reindex ) is now only executed in non-production time.
  • Watchdog to ensure that Web-filtering client is correcly enabled on proxy.
  • Possibility to return back to the Official Artica version - without any service pack
  • Whitelisted Web Application Firewall rules are no longer parsed for statistics.
  • Possibility to purge Web application Firewall database with its own parameters - default 7 days.
  • Possibility to compile Web application firewall rules inside the detected threads section.
  • New Macro to whitelist Windows Updates sites.
  • Possibility to use a remote Categories Cache server.
  • Improve performance of the categorization plugin
  • Possibility to balance network on different proxies on the proxy.pac service. ( see more information here )
  • new tests functions to ensure that the Web API rest service is still alive
  • watchdog function that ensure monit startup script is not corrupted.
  • Possbility to reset the uuid inside the system information section and license section.
  • Improve performance on Web-filtering connector
  • Improve The Shields performance.
  • The Shields take care of the availability of queried domain before query the Artica cloud service.
  • function that eliminates bad patterns "*." used in personal categories.
  • Compatibilities of the new php-fpm versions.
  • Possibilities to add mandatrories tokens in Web-filtering error pages.
  • Possibilities to send Webfiltering threats to a remote syslog server
  • New daemon and increase performance when using filtering service as a central server.
  • Increase threads performances on the Web-filtering client / ACL module
  • Integrating ITCharter into the new The Shields engine.
  • Automatic affect to "reaffected" category for not resolvable hosts and not categorized hosts
  • The Shields modules are only loaded if needed in order to reduce memory usage
  • Client-Side Certificate Authentication in reverse proxy ( see more information here )
  • New widget for DNS Cache service in dashboard.
  • DNS Firewall is now New The Shields architecture aware.
  • All proxy error pages are now embeeded in the same page.
  • Explanation when no data can generates graph in the DNS Firewall status.
  • Version of the DNS Firewall.
  • PowerDNS 4.6.0, DNS Load-balancer 1.7.0
  • Possibility to send by remote syslog DNS Load-balancer events. ( see more information here )
  • Possibility to setup cache in DNS Load-balancer ACLS ( see more information here )
  • Possibility to enforce host resolution in the DNS Load-balancer service ( see more information here )
  • Possibility to force using a specific backend accordind to clients network in HaCluster ( see more information here )
  • Possibility to display DNS Load-balancer events in real-time. ( see more information here )
  • WebSockets support in reverse-proxy edition. ( see more information here )
  • HTTP Proxy DNS load-balancing mode beta 1
  • HTTP Proxy DNS load-balancing release ( see more information here )
  • Starting Dashboard for the DNS Load-balancer service.
  • Help about inactive label in Proxy parent acl rule.
  • Possibility to upgrade the DNS Load-balancer software ( see more information here )
  • Possibility to display Load-balanced backends status ( see more information here )
  • Spanish language translated to 20%.
  • Watchdog when proxy claim connection timed out with clients.
  • Tiny design Graphs on dashboard and for some services status
  • EDNS support on the DNS load-balancing service.
  • Detail error when WAF threats did not display any information.
  • Watchdog on ERROR: Collapsed forwarding queue overflow for kid1 at 1024 items proxy cache service.
  • Watchdog on error assertion failed: store_client.cc:214: "entry->hasDisk() && !entry->swapoutFailed() on proxy cache service
  • Possibility to forge multiple IP addresses in DNS Load-balancer ( see more information here )
  • Possibility to masquerade VLAN interfaces ( see more information here )
  • Posibility to balance DNS-Over-HTTPs downstream servers on the DNS Load-balancing service. ( see more information here )
  • Dedicated section for Proxy multiple CPUs configuration.
  • Beta version of ACL categories for the DNS Load-balancing service.
  • Possibility to add categories checking in DNS Load-balancer ACLs ( see more information here )
  • Possibility to authenticate senders via Active Directory in Artica SMTP edition ( see more information here )
  • Possibility to create an ACL based on Web-filtering service. ( see more information here )
  • Possibility to create an ACL based on DNS Query type ( see more information here )
  • Possibility to use The Shields in load-balancing acls ( see more information here )
  • Possibility to check countries of Client IP address in load-balancing ( see more information here )
  • More information in DNS Cache service events
  • New tack that clean bad records in PowerDNS database
  • O-Day patterns for blocking most malicious sites ( see more information here )
  • Compatibility with OpenVPN in PFSense ( see more information here )
  • PHP 7.4 upgrade support. ( see more information here )
  • Dedicated section for Proxy filedescriptors parameter
  • First Beta version of the "Go Shields Service"
  • DDOS Protection on selected interfaces ( see more information here )
  • Displays how many times the network cable was unplugged ( see more information here )
  • Possibility to remove ClamAV from the system ( see more information here )
  • New design interface for the logon page.
  • Size Limitation on Web Application firewall events.
  • Web application firewall reports storage can be defined by threat level.
  • Improve design of error generated when attempting to a wrong record in PowerDNS system.
  • Fake php compatibility between php 7.3 and php 7.4
  • Possibility to display all Web Application Firewall whitelisted rules.
  • Possibility to add a description on Artica snapshots
  • Realtime monitor for the Web Application Firewall requests. ( see more information here )
  • Possibility to display all Web Application Firewall whitelisted rules ( see more information here )
  • Possibility to remove or rotate Web application Firewall real-time accesses log ( see more information here )
  • Possibility to schedule an HaCluster service reload task ( defined to each 3h by default )
  • Possibility to create whitelist Web Application Firewall rules based on User-Agent header ( see more information here )
  • Possibility to download stored reports from the Web Application Firewall realtime threads.
  • Possibility to disable or enable Web application firewall in one click from the Web sites list.
  • Possibility to directly forge multiple records and multiple domains inside a rule without need to create objects ( see more information here )
  • Possibility to bond network interfaces ( see more information here )
  • Multipart request body failed strict validation in Web Application firewall is now disabled.
  • Phase 1 and 2 in Web Application Firewall rules
  • AdminTrack feature ( see more information here )
  • New Watchdog that testing the connectivity with backends proxy from the HaCluster service.
  • Possibility to turn the Proxy in Emergency Mode in Proxy service Status
  • PostGreSQL logs in the support tool.
  • Possibility to force restarting proxy service after log rotation.
  • Possibility to export built configuration of a reversed web site ( see more information here )
  • Possibility to backup reports and specify a WAF behavior for each website ( see more information here )
  • Possibility to allow HTTP protocol methods in Web Application Firewall. ( see more information here )
  • Possibility to compile Web Application Firewall rules from the Whitelist section.
  • Possibility to enable/disable Web Application Firewall whitelist rule.
  • Dedicated section for Client-Side Certificate in Reverse-Proxy
  • Possibility to set a password for PFX Client-Side Certificate in Reverse-Proxy
  • Possibility to download Client certificates in PEM and TEXT format in Reverse-Proxy
  • Servers Certificates and Clients certificates in Reverse-Proxy follow iOS SSL Certificates rules
  • Double-verification of reconfiguring proxy during reboot option.
  • Possibility to change the Connections Tracking max value in HaCluster
  • When installing HaCluster, some features are automatically uninstalled (Firewall, DHCP.. ) and removed from feature list
  • Possibility to see more information here metrics from the remote proxies using SNMP with HaCluster.
  • Improve load-balancing transparent service in HaCluster.
  • HaCluster clients proxies now sends metrics to the HaCluster load-balancer
  • HaCluster now send checks by parsing remote proxies HTTP status page.
  • New design for proxy DNS settings
  • Possibility to switch between new Extended Proxy Connector and Native Proxy Connector.
  • More information about the Filtering Go service network availability
  • Interface that pay attention that the local hostname can be resolved.
  • Display in the notification that some proxy ports are unavailable.
  • Possibility to quick add host to be resolved when using DNS Firewall.
  • German language support for the Web interface
  • possibility to display compiled rules in DNS Firewall.
  • Possibility to set specific Web page error address for The Shields detections.
  • Double-Quotes are not supported when set the Manager password: Add a watchdog on this behavior
  • Possibility to deny replicating Artica web console parameters in cluster system.
  • Possibility to generate a CSR certificate based on an already generated certificate.
  • DNS Firewall and DNS Cache service are statistics appliance compliance.
  • SafeSearch for brave.com search engine.
  • Syslog support for new go modules
  • hotspot / itchart support for squid (url_rewrite)
  • Categorization / shields dns metrics
  • Feature to log notcategorized websites
  • Possibility to increase / decrease bigcache shards trounght gui
  • Possibility to import / export network routing rules (see more information here )
  • Possibility to reconfigure only one server in HaCluster Load-balancing.
  • Possibility to display events of an HaCluster backend.
  • Notification when an new HaCluster main software is available.
  • Notification when an new Dameon monitor software is available.
  • Notification when an new Dameon monitor software is available.
  • Possibility to add specific DNS rules for the DNS Load-balancing for the Proxy service feature.
  • possibility to add whitelisted domains for the limit senders domain feature ( see more information here )
  • Possibility to tune the Max requests per seconds in DNS Firewall
  • Artica take care of duplicated SPN when using the wizard in HaCluster.
  • Possibility to display the Kerberos Ticket in HaClutser environment
  • DNS Load-balancer for proxy service allow all internal interfaces to query the service.
  • Metrics For the HaCluster Load-balancer.
  • Warning if HaCluster is connected to Proxy v4.x, add a notification to upgrade to 5.x
  • Ensure that /lib/squid3/go-shield-connector is correctly installed after upgrading.
  • Proxy.pac service doesn't require an Entreprise License
  • Possibility to enable/disable a destination proxy in proxy.pac rules.
  • Possibility to restrict routing only to a set of domains in Artica SMTP ( see more information here )
  • Spkunk compatibilities for Administrators accesses to the Artica Web Console. ( see more information here )
  • Possibility to list privileges affected by Administrators using Active Directory
  • Status for mandatories HotSpot required parameters
  • New HotSpot verification in status section of the linked Artica Connector
  • Go Shield Server performance improvements.
  • Files Descriptors support for Go Shield Server
  • Possibility to disable metrics in Go Shield Server
  • Go Shield is now started by Go Exec instead PHP shell_exec.
  • Possibility to change language from the top menu.
  • Left menu of proxy connector is now always displayed.
  • CRON and Proxy service fully compatible with go-exec daemon.
  • Possibility to use Wan Proxy Compressor using only SOCKS ( see more information here )
  • Function that detects Zombies processes.
  • Go-fork to avoid zombies.
  • multiple language translations
  • Introducing LDAP Cluster.
  • OpenLDAP replication MASTER - SLAVE Support ( see more information here )
  • On some commands, Artica took hash of the configuration directory in order to avoid proxy service reloads for nothing.
  • Possibility to disable realtime proxy access logs on Proxy backend in HaCluster configuration ( see more information here )
  • New feature for haCluster: HaCluster Client ( see more information here )
  • Improve ClamAV updates processes and events.
  • Possibility to IPv4 and IPv6 traffic performance. ( see more information here )
  • New function that tests the availability of the ClamAV repository before starting the update task.
  • Possiblity to create Groups of objects in Proxy ACLs. ( see more information here )
  • Rebuild and change Interface for better understanding of the Firewall For Web services ( see more information here )
  • Possibility to not replicate Active Directory parameters in Cluster mode.
  • Possibility to send SMTP events to a remote syslog system.
  • Enforce session timeout ( see more information here )
  • RBAC enforcement.
  • New RBAC privilege "Database administrator" ( see more information here )
  • Upgrade Jquery framework to 3.6.0
  • Build an entire SMTP service for managing SMTP notifications and Proxy statistics PDF reports.
  • OpenVPN 2.6 on repository
  • New realtime monitor for Artica SMTP appliance ( see more information here )
  • Possibility to export Artica-milter events to a log file.
  • Possibility to export Artica Milter events in CSV format
  • IDS engine improvements
  • New note on Proxy v5x acl for the last checked rule.
  • Default the system will use local installed DNS service.
  • Possibility to create a Debian local Mirror ( see more information here )
  • Possibility to link Debian local mirror service with the reverse-proxy ( see more information here )
  • Remove some Microsoft sites in the default Proxy whitelisting and add an option to add it if needed.
  • Possibility to start the proxy service Daemon by restoring last configuation snapshot before.
  • Bulk API for the Shield Server - curl 127.0.0.1:3333/bulk-categories/domain1,domain2,domain3...
  • Bulk importation on ACL object Destination domain ( see more information here )
  • Possibility to generate a Let's Encrypt Certificate for Artica For Wordpress edition. ( see more information here )
  • New tool for Proxy Network analysis ( see more information here )
  • Possibility to encrypt Legal logs backup ( see more information here )
  • Possibility to export/import proxy ACLs ( see more information here )
  • Critical Notification if the go-shield server is started by the watchdog after a crash.
  • Filesdescriptors support to elasticsearch
  • Updated the filebeat pipeline to support squid users domain name, DOMAIN/USER
  • Possibility to setup a DoH service on the DNS Firewall edition ( see more information here )
  • New feature Filesystem monitoring service ( see more information here )
  • Possibility to send proxy.pac script according the requested domain name ( see more information here )
  • Information about the use of reverse-proxy and proxy-pac feature.
  • Monitoring of /var/log/rsyslog.error.log file.
  • Enable web pages optimization on-the-fly on the reverse Proxy ( see more information here )
  • Possibility to enforce query the CGuard reputation service for websites categorization ( see more information here )
  • Improve design and feature of the Load-balancing for parent proxies ( see more information here )
  • Revive the Reverse Proxy For MS Exchange project (see more information here )
  • Possibility to add CGuard categories in ACLs ( see more information here )
  • Possibility to activate the Web Application Firewall inside the Web firewall section ( see more information here )
  • Possibility to disable "hardcoded" categories ( see more information here )
  • Memory monitor of max 2100 MB for the Go shield service.
  • New dedicated service "Web Error page service" beta stage ( see more information here )
  • New more fastest plugins for checking Active Directory groups
  • New watchdog executed each 5 minutes to ensure that HaCluster logs file did not exceed the maximum value.
  • Possibility to Restore a Wordpress duplicator backup container ( see more information here )
  • Proxy LDAP Group Plugin: Now first read KerbAuthInfos to get AD infos and then ActiveDirectoryConnections for child domains
  • Proxy LDAP Group Plugin: Added support for ACL with multiple AD groups.
  • Proxy LDAP Group Plugin: Add support for ldap.escape filter
  • XSS Protection on the Web Error page service
  • Possibility to turn the global proxy configuration into read-only mode ( see more information here )
  • Hacluster clients reports now the Artica Version.
  • Possibility to adjust Kerberos encryption types on HaCluster ( see more information here )
  • HaCluster clients sends Artica full version to HaCluster Load-balancer.
  • Possibility to turn in Debug mode the Web Error page service.
  • Possibility to use the web page service using ACLs ( see more information here )
  • SSL decryption whitelists rules and SSL encryption rules are now displayed in the realtime monitor ( see more information here )
  • By default, SSL stream to RFC local IPs will be not decrypted by the proxy.
  • Complete modification and improvement of the Error Page Service ( see more information here )
  • Possibility to whitelisting SSL decryption using the remote SSL certificate fingerprint ( see more information here )
  • Improve the SSL Certificate fingerprint acl object ( see more information here )
  • Improve FTP service web interface ( see more information here )
  • Top-right notification to notify apply network configuration if network as changed.
  • New feature Closing the session on Artica Web console by inactivity ( see more information here )
  • New watchdog that ensures the local hostname is added inside the system hosts table.
  • New Active Directory NTLM watchdog settings for Automatic emergency ( see more information here )
  • Possibility to send NTLM watchdog events to remote syslog server ( see more information here )
  • Active Directory Emergency is simplified, instead of rebuild the proxy configuration without Active Directory objetcs, it creates an "allow all" rule on the top of rules.
  • Possibility to create a category service fo query personal categories remotely ( see more information here )
  • Possibility to display and remove cached records in DNS Firewall service ( see more information here )
  • Possibility to populate personal categories with external sources ( see more information here )
  • Compliance between categories service and DNS Firewall
  • Possibility to search inside events generated for personal categories, categories service and categories updates ( see more information here )
  • Filtering service service was automatically updated.
  • Added support for LDAPS for the Proxy LDAP Group plugin
  • Close AD conns after bind complete for the Proxy LDAP Group plugin
  • Timeouts for connection and ldap search - The timeout values can be defined in webconsole for the Proxy LDAP Group plugin
  • Support for LDAPS for the Filtering service
  • Close AD conns after bind complete for the Filtering service
  • Timeouts for connection and ldap search (the timeout values can be defined in webconsole) for the Filtering service
  • Integration with new categories service for the Filtering service
  • ITChart support for child domains for the Filtering service
  • New local DNS cache service to serve Artica local services ( see more information here )
  • Wazhu manager support ( see more information here )
  • New real-time requests monitor for reverse-proxy ( see more information here )
  • Possibility to deny incoming connections using the Web firewall ( see more information here )
  • Possibility to deny incoming connections in the Web Firewall using the real-time requests monitor ( see more information here )
  • Red label on the reverse-proxy websites list if the local configuration is not saved on disk.
  • Cybercrime IP feeds feature for Web firewall ( see more information here )
  • WebSockets support using proxy version 5.x - need to reconfigure to make it in production mode.
  • Possibility to use the local DNS cache service with the DNS Firewall or the DNS Cache ( see more information here )
  • Display an error when the local configuration file si not builded using Artica For Wordpress Edition.
  • double check on clustering the reverse-proxy service.
  • Possibility to remove Backuped Service Packs.
  • New statistics on Proxy DNS queries engine.
  • New feature, possibility to reverse proxy in paths ( see more information here )
  • New feature, possibility to create replace rules in paths ( see more information here )
  • Possibility to modify the Web error page for the ICAP proxy antivirus ( see more information here )
  • ICAP Policies that allow to create whitelists for ICAP protocol ( see more information here )
  • watchdogs in order to restart local Proxy ICAP service only if needed.
  • writing to /var/log/activedirectory.log all bind failed for troubleshooting
  • More options on the SSH service in order to enforce SSH security ( see more information here )
  • ICAP service Listen IP address is now defined by listen Interface instead of hardcoded IP address.
  • Possibility to define Load-balancing health-check parameters for the DNS Firewall ( see more information here )
  • ICAP HTTP Security service status widget on the dashboard when using only ICAP HTTP Security service on the appliance
  • New tool to test ICAP detection by uploading a sample.( see more information here )
  • Possibility to send by syslog Proxy Antivirus ICAP detections ( see more information here )
  • New Web-filtering engine v1.0.60
  • Add support fo NRDs category ( see more information here )
  • Improve categoritations speed
  • Go Shield File Watcher 1.0.2
  • HotSpot rev 4 beta 1
  • Support of new PowerDNS 4.7.2 version support
  • New version of DNS Firewall version 1.7.3
  • New notification bell when there is a new DNS Firewall version available.
  • Support of record type ALIAS when using PowerDNS ( see more information here )
  • Possibility to repair PowerDNS database ( see more information here )
  • HotSpot rev 4 beta 2 ( see more information here )
  • HotSpot rev 5 RC1.

MOVE

  • Proxy SSL cache directory to /etc/squid3 for more stability
  • PDF Statistics reports are now sent via Central SMTP notifications
  • Change the support creation tool to the new support system. ( see more information here )
  • ITCharters are moved into The Shields service.

UPDATE

  • Updating repositories for C-ICAP 5.0.9, Haproxy 2.4.4, Clamav 0.104.0
  • Updating repositories for ntopng 5.1, monit 5.29, netdata 1.31
  • Create a cloud ArticaTech dedicated ClamAV repository. ( see more information here )
  • Debian apt-get error APT repository changes its Suite value from X to Y: This must be accepted explicitly before updates for this repository can be applied
  • Proxy version 4.17 available on repository.
  • New version of memcached 1.6.12 for Debian 10 in repository
  • Available PowerDNS 4.5.2 in Cloud repository
  • Notification when a new PowerDNS version is available in the Artica cloud repository
  • Memcached 1.6.13 to updates repositories.
  • Netdata 1.32.1 to updates repositories.
  • ClamAV 0.104.2 to updates repositories.
  • Proxy cache version 5.4 in repository
  • Load-balancer version 2.5.2 in repository
  • Haproxy v2.5.4 in Artica repository
  • Update SSH reverse-proxy bastion to 2.0.2 to repository for Debian 10
  • MemCached 1.6.14 to repository for Debian 10.
  • Monit 5.31.0 to repository for Debian 10.
  • NetData 1.33.1 to repository for Debian 10.
  • DNS Cache service (unbound) version 1.15.0 in repositories for Debian 9 and Debian 10
  • PowerDNS 4.6.1 in repositories for Debian 10
  • Load-balancing service 2.5.5 in repositories for Debian 10
  • PowerDNS service 4.6.2 in repositories for Debian 10
  • Proxy Service 5.5 in repositories for Debian 10
  • Memcached service 1.6.15 in repositories for Debian 10
  • Netdata service 1.34.0 in repositories for Debian 10
  • DNS Firewall version 1.7.1 in repositories for Debian 10
  • Siege software to 4.1.3 version.
  • Filtering Go service to 1.0.19
  • Filtering Go service to 1.0.20
  • Filtering Go service to 1.0.22
  • Filtering Go service to 1.0.23
  • Load-balancer engine v2.6.0 to public repository
  • DNS Cache service 1.16.0 to public repository
  • Filtering Go service to 1.0.27
  • Advanced Monitoring service 1.35.0
  • 1.21.4.1 reverse-proxy version on Debian 9
  • Syslog Server version 8.2208.0 on repository for Debian 9 and Debian 10
  • DNS Firewall version 1.7.2 on the repository server.
  • Go shield server to 1.0.31
  • ClamaAV 0.105.0, C-ICAP 0.5.10 in repositories.
  • go-exec to 1.0.8
  • ArticaStats to 1.2.4
  • Failover service 2.2.7 version to repositories.
  • IDS Engine to 6.0.6 version to repositories.
  • MemCached daemon 1.6.17 to repositories.
  • Upgrade Shield Server to v1.0.36
  • Go-Exec to v1.0.9, this new version introduces compliance with systemd
  • NTOPNG to v5.5.220909 to repositories
  • go-shield server to 1.0.37
  • exec.go.exec.php and exec.go.shields.server.php to handle new binary dir
  • exec.nighly.php to force run exec.go.shields.server.php to correct recreate the service files after update
  • exec.installv2.php to force recreate the elasticseatch and filebeat service files after update
  • kibana and elasticsearch to 7.17.6
  • filebeat to 8.4.1
  • Proxy-cache version 5.7 on repository.
  • Artica Web error page service to v1.1.10

REMOVE

  • Feature that testing the kerberos connection - too many false alarms
  • The use of DNSBL reputation service is removed, detection rate of The Shields is enough
  • Categories Services section is now removed ( unecessary )
  • filedescriptors issue frontend notification
  • Installing DNS Cache or PowerDNS did not force the system to use local DNS service.
  • Sandbox connector is removed due that Kaspersky SandBox is no longer supported by Kaspersky.
  • HotSpot WIFI4EU feature - need an official uuid from a municipality to supports this feature -

CHANGE

  • THe Category service is removed and replaced by The Shields, any Artica version can use Personal Categories using the Shields.
  • Proxy store type and caches in aufs is definitively not supported in SMP configuration ( change to rock type )
  • Caches directories for each CPU is no longer used.
  • The Shield will listen 127.0.0.1 instead of unix socket in order to avoid issue Err 95 Operation not supported.
  • The use of ACL categories no longer requires a valid license.
  • The Shields service as been improved by using HTTP protocol and is now fully multithreads
  • The Shields section in left menus as been modified for better understanding features options.
  • Web-Filtering client is now depreciated and The Shields Client is used instead.
  • If The Shields is not enabled as remote, id doesn't use the local service for query reputation.
  • The Shields service is now only an option only used for centralize Filtering services.
  • WebCopy feature did not longer use the local proxy if configured - it must be enabled in configuration
  • Redirect to Web-filtering error pages can be fully defined using rules method.
  • Deny cache feature is added even the Proxy Cache feature is not enabled in order to avoid caching in memory
  • : Not blocking if Web Application firewall cannot handle max body response size.
  • Switch the Web-filtering connector to original connector if only web-filtering is defined.
  • redesign proxy ssl certificates section.
  • redesign and increase proxy-pac daemon performance.
  • HotSpot rebuild to Go engine.
  • Rebuild totally the ICAP HTTP antivirus watchdog in order to get best performance.

IMPROVE

  • Proxy Outgoing addresses rules.

WEB

  • Application Firewall rules beta mode
  • Application Firewall rules beta 1

REBUILD

  • the Proxy watchdog to Goland v1.4.34

RENAME

  • DNS Load-balancing service to DNS Firewall service.

DNS

  • Firewall take care of search domains defined in DNS default settings.