7.2.14 GA Release Notes (November 29, 2023)

The Delete button would still display even after deleting entries.

There was a 'PHP Notice' warning message when viewing the 'Profiles' window.

When NSProxy could not verify a certificate chain with intermediate certificates it would load the same AIA certificate in a loop.

API list_entry_edit was not updating or modifying the URL/Keyword entries as expected.

The 'Deny All Until' option would fail to override the Group's Policy Settings when selecting the 'Permanently' option in a Group's General > Settings page.

Sorting by 'Status' in the Accounts window as a SysOp user and then exporting the Filtered Entries would cause a SQL error on export.

SysOps were able to remove the 'Organization Name' when editing a Client, despite it being a required field.

Create Report would apply the Email Address from the Delivery Options section as a Report Filter in the 7.2 release, causing the report to contain no data.

Increased verbosity of Directory Sync logging to include an entry for denoting what Group each Client was added to.

SysOps without the 'Manage Group Name Organization' permission were able to rename Groups when using the Simple Group Manager.

We would incorrectly append both the '@' symbol as well as the Organization name into a Group's name, when viewed by a SysOp without the 'Manage Policy Organization' permission.

Disabling the 'Allow Reporter to email Report data' WebAdmin Setting would disable the 'Do not email the Report' Delivery Option for Empty Reports.

SysOps with the 'Specify Deny or Portal Pages' permission as well as either the 'Edit Authentication Redirect Settings' or the 'Lists' permissions were able to view Authentication Portal or Group Deny Pages outside of their Managed Groups.

Enabled multiple parents of membership for Directory Groups to sync all Clients that are direct or indirect members of the prefixed top Groups.

Google Directory Sync now allows for multi-domain synchronization where one Account manages multiple Google Admin domains.

Profile Manager was unable to edit or delete the Local Allow/Deny List Entries.

Adding a 'Proceed to List' Entry with a NULL argument would crash the Policy Service.

List Manager Log maintenance routines can cause MySQL deadlocks in versions 7.2.13 and 8.1.8.

Audited the WebAdmin to avoid DELETE statements with nested SELECT, when using IN operator.

Improved the Account Group Restrictions SQL, allowing for improved performance.

Updated the settings_override.php example to reflect the proper method to encrypt the password, along with the proper usage of APC cache, in order to override passwords that have already been set.

Clients added to the WebAdmin in the format of -@context or -@anything will not replace the Client Username provided by the request. This allows clients of any type to be created to create default groups.

The Directory Sync Service no longer does SQL DELETE statements with nested SELECT statements to avoid MySQL/MariaDB issues when using IN operator.

Having multiple List owners would only allow the first SysOp List owner the ability to edit/modify/delete, other SysOps would get read only when you had the 'View Organization Sysop Lists' or 'View Managed Sysop Lists, permissions.

NSRoutes would try to resolve all hostnames during the load process, slow DNS and bad DNS queries could cause the download to timeout and corrupt the download, causing the configuration to fail to load.

When importing Reports as a SysOp, the owner of the Report must be the SysOp or one of their managed accounts. If the Report owner is neither, ownership will now be applied to the importing SysOp upon completion.

Policy Description and Policy Advanced Settings was not disabled for SysOps with no advanced policy permissions.

Profile Manager: The description did not save properly when adding an entry to Local Lists.

The Netsweeper Protocol Detection Engine would not parse the Server Name Information if the session extension occurred before the server name information extension.

Invalid reporter IP address in the report definition would cause the Reporter to segfault.

Improved the verbosity of Policy Local and Shared List loading messages in the nsd_message.log to describe the specific parts of the Lists we are creating and loading.

We now allow the Policy Service WebDB download 'Real Time Callback' function to be enabled or disabled as a Policy Service configuration option.

Improved the performance of the 'policylistentries' and 'nsroutes' WebDB modules significantly.

WebAdmin socket code no longer does a non-blocking connect, allowing for 'all server connections' to be created and then checked.

File Extension List rules were not working for filenames with multiple instances of '.' in the filename.

When a SysOp would modify a Policy's Category Action to 'Allow' the system would change the Action back to 'Block.'

Resolved a rare case where the Policy server could fail to resolve the address of the upstream CNS server, causing the Policy server to be unable to connect to CNS.

The nsroutes service for el6 used the "nc" command, which could overload BGPD.