9.1.1 EA Release and Downloads (February 3rd, 2025)

Renamed the nMonitor 'P3 Profanity' Category to 'P3 Hate Speech'.

When the Request Log Database is enabled, the Report Dashboard can be instantly queried for specific Dates, Date Ranges, Username, Categories, Hostname, and IP Address.

The MariaDB server was not configured for large number of connections and large number of open files.

Deleting a Quick Report (Daily,Weekly,Monthly) did not refresh the page to make the deleted report disappear.

Added the ability to share read-only versions of owned Reports with any Accounts the Report owner manages.

Creating an invalid IP address restriction did not give any error message.

Fixed high level Polaris security issues in view_report.js.

Bandwidth statistics for NSProxy were not counting denied URLs in system deny lists.

Added the Interceptor IP to the Trace URL Request to make it easier to test Request Contexts from the WebAdmin.

Added the ability to have NSProxy send RST packets for 'non-decrypted' deny decisions, so the browser does not retry the HTTPS request.

Updated SQL queries that performed an IN on another SELECT to use JOIN instead.

When an Account is removed from a Group and we update the static filters to remove the Group from the owners reports, we now remove reports that return no data.

Adding or removing Groups from an Account in the Accounts > Groups window did not properly update Report static filters.

Certain WebDB cache files, such as NSRoutes and NSUp2D, were being incorrectly stored by default in var/lib/nsd/config; we now store them in their own respective cache files.

NSRoutes warning messages for hosts that can't be resolved was causing a high rotation frequency of logs, resulting in critical log entries being difficult to find.

Added Access Token support for nswcli, WebAdmin API Test, and API Unit Test Suite.

Assume Identity did not properly load the Session Store settings, causing issues with Account's session information.

Reordering a column and then hiding the same column would break the hiding functionality.

Session Store settings were not saving as expected in the 8.2.1 release.

The Policy Server dropdown menu in the Policy Logs > Archive tabs were not listing available Policy Servers.

The 'Modify Policy Default Status' and the 'Modify Policy Description' permissions were not being correctly disabled for SysOps with no advanced Policy permissions.

Profile Manager users were unable to load the advanced filter in a Group's Local List tab due to a permissions issue.

Profile Manager users were unable to add a description when adding an entries to Local Lists.

Policy Server 8.2.2 and above will load the organization name from the Group by default, but also allow for it to be overridden with the existing Policy Server settings.

Created a new Accounts > Organization window.

Ensured the Group Manager will link all '@org' appended Groups to the proper organization when they are created or renamed, on an upgrade.

Additional fields have been added to the Account Manager window for Home Phone, Office Phone, Mobile Phone, and Address.

Added Access Token support for Directory Sync to remove the requirement of webAdmin on localhost and API authorized by host.

Improved the log file rotation message in the Policy Service to indicate the start and end dates of the log file that was rotated out.

Customers transmitting old log files from "months" or "weeks" in the past could rotate out current logs depending on log file transmit ordering.

Added a new logger feature to 'soft_delete' a log file; removing the log file from the possible 'logs to write to' in Policy Service memory, without removing the file from disk.

Vastly improved log file loading times by scanning the log directory once, instead of scanning on a 'per tag' basis.

The List Tools 'Add To List' tool on the Home Dashboard wasn't applying the added List entries.

Created a new 'catmapping.php' tool to 'print to screen' the Category Mappings published by Netsweeper.

Exporting Client Filter brands for SysOps would export all the brands into file, the export now only includes the brands managed by the SysOp Account.

Resolved an issue with autocomplete tags in the WebAdmin Preferences window that could cause errors with the Chrome browser.

nMonitor did not log the platform name, only the brand and version information.

Resolved an issue that would cause Javascript errors when attempting to load a Report Filter when there was no available Report of the selected type.

The Netsweeper Protocol Detection Engine would not parse the Server Name Information if the session extension occurred before the server name information extension.

Resolved an issue where chart and graph Reports with large names for columns, rows, and legends would display poorly.

Improved the verbosity of Policy Local and Shared List loading messages in the nsd_message.log to describe the specific parts of the Lists we are creating and loading.

We now allow the Policy Service WebDB download 'Real Time Callback' function to be enabled or disabled as a Policy Service configuration option.

Added new WebAdmin Settings for WebDB Compression, WebDB Flushing, and WebDB Unbuffered Result.

Improved the performance of the 'policylistentries' and 'nsroutes' WebDB modules significantly.

Reports with long URLs in Pie Chart presentations were not rendering correctly in PDF format.

Assigning either of the 'Owner Inherit Groups' and 'Manage All Groups' permissions through a permissions template would result in the permissions not being applied.

Continuous reports did not update when run on servers if nothing else was changed.

WebAdmin socket code no longer does a non-blocking connect, allowing for 'all server connections' to be created and then checked.

Client Filter Brands would errantly allow spaces after the Brand Name.

Improved the Backup Settings for WebAdmin Database backups.

File Extension List rules were not working for filenames with multiple instances of '.' in the filename.

Deleting Client Filter Brand settings would cause database errors.

Theme Editor favicons were not applying correctly for custom themes in version 8.1.8.

Resolved issues with table filters caused by adding an Organization field.

All [apiname]_count queries would load the entire data structure into memory causing possible memory limit exceptions to be hit with large datasets.

Refactored the WebDB modules to use the OrgID value instead of the LIKE %@orgname value.

Group Quick reports were not displaying after switching tabs in the Groups window and then switching back to the Quick Reports tab.

The WebDB Request Context loading from 3.1 to 8.2.1 based on the username of the user did not lookup the authenticated user.

We were no longer getting servers errors displayed in the Request Logs since the 8.2.1 release. Request logs will now display server errors but allow the servers that are online to send logs, making the request logs work with offline systems.

When updating Request Log filters, we now cancel pending requests, to ensure we don't cause issues due to offline servers.

Resolved a rare case where the Policy server could fail to resolve the address of the upstream CNS server, causing the Policy server to be unable to connect to CNS.

When two templates were assigned to one Account, where both templates assigned the same Group; and then the Group was removed from one of the templates, it was also deleting the Group entry for that Account.

The Policy Service rDNS implementation would not call resolution callback for "unrecoverable" errors, which is needed for proper CNS functionality.

Disk queue node didn't save full records in the buffer file.

The plus/minus buttons in the Order column does not change the priority/order.

The nsroutes service for el6 used the "nc" command, which could overload BGPD.

Added WebAdmin Log messages for changes made to the Route Advertisement Services settings.

WebDB services now support access tokens.

Client key in ClientHello can cause a fragmented ClientHello, which can cause the SNI name parsing to fail. Which can lead to the Policy Service to failing open, resulting in unfiltered requests.

Fixed Webadmin API tests and related WebAdmin bugs.

NSProxy would not trigger decrypt:// events with the new protocol engine disabled.

The nsproxyctl daemon would read the debug core setting from the nsd.conf, not the nsproxy.conf.

The 'Anyone can view this report' ownership option has been replaced with the 'Share with' option.

SysOp Accounts were able to create reports for all users with report APIs.

The RAS service did not properly clean up IP Address entries from deployments with multiple DNS servers.

Added the ability to run Search Keywords on the HTTP Referrer in order to enable keyword blocking with YouTube.

If the List Suggestion tool was disabled attempting to add new List Entry would show duplicate error messages.

RAS Service could create false 'address change' events for hosts that have both IPv4 and IPv6 addresses.

The RAS Service used the fixed size array when merging old and new IP addresses. This could be insufficient for polling multiple DNS servers.

We now trigger a log-only event when we detect 'decrypt://denied' but we do not get a corresponding HTTP request and the client connection is closed, (which indicates our CA certificate is not installed).

SysOps without Group General and Group Advanced permissions that allow for modifying a Group's information were still able to do so, due to the Group Lock feature added in the 8.1 release.

We now use the 'Webadmin Network Timeout' value for the Web Proxy, OAuth, SAML, Directory Sync, APIS, and all connections from the WebAdmin to remote Servers.

Fixed Polaris Report issues for the RAS service.

Added the new Netsweeper 8.2 GA category 'No Certificate' for NSProxy.

Exporting the Translation Catalog would include the WebAdmin HTML at the end of the file.

Administration > Translations > Extract Catalog would display a blank screen when exporting.

When the Reporter generates a report with no data, we now remove the empty report output file.

The Policy Service must set a Client Filter cookie to indicate which protocol is used, allowing the nMonitor API to parse and use the appropriate username.

The nMonitor API can no longer use the 'request information' without performing a Policy Service lookup to validate the case and other information.

Added an 'ignore case' option when creating or editing Reports, for all relevant Report Filter types.

Live Request Logs could cause session overwrite issues when a slow server or down server was being probed.

Added an adjustable timeout for Directory Sync API and DB calls.

The 'Auto Global' option for Quick Report Templates did not create the selected Quick Reports for newly created User Accounts.

Added a new 'Enforce Google Image Licensing' Category that will mangle the Google image search in addition to Safe Search.

libnmonitor has new code that fixes issues in libsearch for extracting matched words.

Added the ability to export the 'currently displayed' logs from the Request Logs window.

Added new log fields for 'Workstation Name', 'Client Filter Version', and 'Platform' to the Request Log Filters for the Policy Service, WebAdmin, and the nstail service.

Added Request Context for Organization Name to the output of Trace URL Requests.

We now clear any prior errors from Request Logs window when the 'Search' button is selected.

Request Logs window would show a Session ID error once opened.

Creating numerous custom Deny Pages that each contain a large amount of data could cause the Deny Page framework to run out of memory.

The Request Logs would reload all screenshot images when a new 'row' was added, as the screenshots are index by row.

Modifying a URL entry Request Part to an identical existing entry would cause the Popup-box to freeze, preventing the logged-in user from pressing any buttons or resolving the error.

Sysops without List Permissions are able to modify the list settings because of the changes to assume identity which include loading their last page and breadcrumbs.

Deny Pages created and linked by SysOps were not being displayed in Tools > Deny Page > Content.

If you had the Category view set to both 'WebAdmin' and 'Reporter,' and you attempted to deselect one, your changes would not save.

Added Open BGP templates for IPv6 and documented the templates.

The WebAdmin API Test Tool did not work with HTTPS hosts in the 'Service' field for Direct requests.

WebAdmin Log message for "Allowed request from IPADDRESS with valid server guid 'XXX'" has been removed.

Added Import and Export functions for WebAdmin Log Notifications.

The user_groups table and user_restrictions table could become out of sync.

Added WebAdmin Agent logging for adding, modifications, and removal of Agent configurations.

If you disable the Protocol Detection Engine some traffic will not go into passthru mode properly and no Unknown Event will be triggered.

The nMonitor API did not respond with the 'OK:' response when we properly processed the event, returning an empty page instead.

The loggertest utility would crash if it was unable to connect to the specified remote host when a DNS name was used.

The /etc/raddb/radius.conf file was getting '# Netsweeper modification of freeradius 3.0.20' appended every upgrade and we were reverting all clients.conf secrets to 'netsweeper' on upgrade.

NSUP2Date did not set the hostname for the service to send to the WebAdmin for improved validation.

Created a new 'Search Term' Request Part which will run the 'Search Keywords' functionality on only the query argument parsed by the reporter, not the whole URL.

Added the ability to clone a List in the Netsweeper WebAdmin, along with a API to clone a List.

Directory Sync will now only add the missing Accounts to the Groups and not replace all Accounts in the Groups during the Sync process.

Improved the WebAdmin GUID remote server and configuration identification process.

libwebdb was not validating Account type correctly, potentially allowing Accounts to download information it did not have permission to access.

WebDB required undefined session variables.

Report templates with custom Category filters added category numbers to the Report name errantly.

Parsing the X-Forwarded-For header for Client Filter processing could cause the Policy Service to restart.

When updating the static filter for reports, we did not check for the 'Manage all Groups' permission.

Added new token support for the API Test tool in the Webadmin.

Improved the ability to process CNS requests without adding any latency.

SQL was giving an error when attempting to delete Deny Page content.

Resolved an issue where users could not deselect the 'Default Request Log Server' option in the Administration > Services window.

Using the Accounts > Groups window to assign a Group to an Account would behave differently than the Groups > Accounts window assign an Account to a Group.

We now close the session after updating the filters in all tables, so long queries and slow WebAdmin systems cannot cause filter update issues.

The Database would give an error when trying to filter Accounts by Organization.

Create Report would allow users to create a Report with a Report name that was too long, potentially causing a Database error.

Profile Manager: When the user changes the categories for a profile, it won't set the category template, just changes the categories.

The Filter Bypass List did not process all Request Parts, only the 'Request URL' Request Part.

We now import the 'Next Run Time' status when importing schedule Reports, including any 'temporarily stopped' statuses.

Expanded the 'Domain User Group' message to be able to include the First Name, Last Name, and Email Address of a Client.

Updated our advanced filter 'selectize' functionality to improve handling of multiple selections, including a 'none' value.

The Policy Service can now process and log the 'Origin Header' from NSProxy.

Added the optional 'Words Found' and 'Queries Found' fields to the Event Data.

Refactored the way we handle Clients so that they are now always placed into an Organization.

Added the Origin Header to the Request Parts for List Processing.

The Client Filter Exceptions List now encodes spaces to %20 in the entry, as the file we export to is space encoded.

Function iplist_ipv6_iprange_to_subnets could cause stack underflow when adding q.

Deny Pages that were unlinked from an Auth Portal page would still show associated Portal pages in the Deny Pages > Content tab.

Options to configure Deny Pages were not visible during editing when the 'Portal Page' checkbox was disabled.

The weekly Report date-dropdown list was inconsistent between the Report dropdown and the Report instance views.

Running a Complete Sync could remove all of the configured Directory Sync options.

Running the 'nsdctl chown nsd_*' command could take a very long time to complete if the file sizes within the /usr/local/netsweeper/logs directory grew too large.

Creating an Account named 'admin' would cause some Account Option fields to be hidden.

Sysops do not have permission to access the specific group after being modified.

Client Filter 'global uninstall password' Policy Service loading code has been improved.

WebAdmin Log > Notifications did not validate the RegExp prior to adding a rule.

CNS servers resolving to IPv6 addresses can cause 7.2, 8.1 and 8.2 releases to abort. Customers should upgrade to 7.2.15, 8.1.10, and 8.2.3 to avoid future stability issues.

Resolved an issue where database errors would occur when SysOps would add Clients to a Group.

An errant 'Session value changed after end for value' message would show up in the WebAdmin Log after modifying a Session Value.

Added a 'Sec-Fetch-Dest' header Logger field that can be used in List rules as a 'Request Part'. It can also output to Request Logs, Reports, and be used with utilities such as nstail and loggertest.

Added an 'Accept' header Logger field that can be used in List rules as a 'Request Part'. It can also output to Request Logs, Reports, and be used with utilities such as nstail and loggertest.

On Login or when using the Assume Identity feature, if the users last breadcrumb was restored and they no longer had access to the page, they would get an error page that did not have a 'Continue' or 'Home' button, or any other way to proceed.

Added a series of onGuard Permissions to the available Account Permissions.

Authorization by host did not work for many report APIs.

With large exported routes, the 'service bgpd reload' command would signal BGPD to reload in the background but not wait, which could cause NSRoutes to write a new bgpd.conf file, and corrupt the config loading.

Removed checking of Client name duplicate mode in DirSync.

Directory Sync will now call the Webadmin API function when creating new clients.

Report Owner selectize will now only show Accounts that can manage at least one Group.

Dirsync will now assign the Organization of the Group to Clients when creating new Clients or moving Clients to any other Group.

Migration of the Directory Sync Passwords from 7.2.5 to 7.2.6 could break when upgrading from pre 7.2.45 to 8.1 and later builds.

SOAP did not work for some Report APIs because they overwrite the '$type' variable.

The logmod5 module can now directly integrate and send logs to a Clickhouse database with BULK insert considerations.

Determined the optimal database Schema to use with the Clickhouse MySQL interface.

Updated the API Token authentication method to support the 'Bearer Token' standard.

The crontabs for the PHP Poller now checks WebAdmin status to ensure the WebAdmin service is enabled.

Attempting to Export a User Account would result in a permissions error.

User accounts without the ‘Single User Interface’ would not auto-create Quick Reports for Groups.

The Profile Manager could 'take over' an existing Profile if it already existed, although an error 'Profile already exists' would display. The Profile Manager will no longer allow a User to take over a profile.

SysOps with the 'Manage All Groups' permission would fail to list all Groups by WebAdmin API since the 6.1.5 release, when the permission was initially added for SysOp users.

Cloning a Category Mapping in the Category Manager would errantly update the 'Modified Time' of the source revision.

The Syslog module did not properly log various fields, including firstname, lastname, email, dstport, srcport.

Updated all description and comment fields to use text area inputs and text types in the database.

Added a 'Modify Account Description' permission which functions similarly to the 'Modify Group Description' permission.

Added new APIs and a WebAdmin feature to 'select active Organization' with the Organization Hierarchy.

The 'account_perms_load' api did not ignore disabled permissions for onGuard.

The List Service now supports API Tokens.

When configuring a Server in a Directory Sync Searchbase, the 'Disable SSL Certificate Validation' checkbox will now only display if the 'Enable SSL Connection' is selected.

Fixed Polaris Report issues for the Policy Server.

When running in 'Allow' mode, Local Network Detection would cause the 'logGroupName' cookies to be wrong.

The onGuard permission for retention had a typo.

All Lists now adhere to Organization ownership.

Android was spelt 'Andriod' in the WebAdmin > Agent > 'Client OS' field. This has been corrected.

Utilizing the 'Custom Message' Report Delivery field now supports attachments, allowing both the custom messages and a copy of the Report to be delivered.

Added the Organization Object to the Workstation Agent.

Added the ability to export the Policy Logs, Directory Logs, Up2d Logs or any 'Log File Viewer' widget logs.

Webadmin and NSProxy cert generator fields could errantly have white spaces.

The Organization field has now been added to Client Filter settings.

We now allow Organizations to have a Tree, each node can have a single parent.

'Custom Message' Report Delivery field's content from the original report is not retained in the cloned report.

Directory Sync could run out of Stack Space, causing the thread to stop.

While logged in to the WebAdmin in Profile Manager mode, the Save button would not work when attempting to enable Quick Reports.

Using the Search bar in the Shared Lists table as a SysOp would result in the table appearing empty.

Updated permission checks to allow Accounts to see Groups within their Organization based on the org id and the 'Manage All Organization Groups' Sysop Permission.

The Netsweeper 7.2.5 installation default database would create the Reporter with 'definition' as a text field with no default, we have updated the description and definition to text with a default value of ''.

Directory Sync will no longer sync 'circular' group memberships and will now check for parent-group conflicts before syncing a group.

When the PDE engine in the Capture Modules was enabled, we would send the the HTTP deny page for both HTTP and HTTPS denied requests.

The old nsef-linux/lib SNI parsing would only look at the first data packet in a stream.

Resolved an issue where we could fail to export the Selected Accounts with an email format.

The NSProxy failure to bind logs did not print the port or listen statement we were trying to load, making debugging 'listen startup errors' difficult.

Using the Search functionality in the Policies > Lists >Local window would causes a SQL Error.

Added the ability for the reporter to load data from the ClickHouse database.

Resolved an issue in the 8.2.4 release where the 'allow rus' local network detection setting would cause the Client to run in RUS mode, but without disabling RUS profile logging for nMonitor/OnGuard events.

The DUG (domainusergroup) message when processed on port :3432 would not call the getlogNames function.

The Policy Service will now generate missing log fields when they are generated from User-Agent, ModuleName, AppType, AppName, Platform, Device Brand, and Device Type.

Added new APIs for managing Account IP ranges, account_iprange_list, account_iprange_query, account_iprange_delete and account_iprange_add have been added.

The Client Filter Profile Manager redirect protocol would find 'clientlogin' in any URL starting with the "liger_webadmin_url' which would errantly cause the 'SignUp' redirection to be blocked.

The new Client disconnect event could cause NSProxy to abort in 7.2.15, 8.1.10, 8.2.3, and 8.2.4. This also impacted the Client Filter 12.10, 12.20, 12.30 releases.

Directory Sync domains now distinguish between 'Last sync date' and 'Last Complete Sync'.

Added WebAdmin Settings for new Request Log database, IP, username, password.

Improved WebAdmin APIs for Account Templates. Operations now all start with account_template but the old legacy calls to account_perms_template still exist.

The nMonitor Category mapping API call may not exist on old Policy Server versions. This caused an issue for deployments running an updated WebAdmin and older-version Policy Servers.

Clickhouse database requests now have supported and documented database schema upgrade processing, using same framework used with webadminctl dbupgrade and WebAdmin database version notifications.

The Request Logs actions will now only display actions the logged-in Account user has permission to perform.

Both the loggertest and the nslog utilities now recognize long 'logger field' names as options or JSON property names.

Improvements to Request Log Live Aggregation of summary data for Reports, Report Templates, and Quick Reports handling.

Request Log Database always has the 'Log File Tag' logged into the database, along with the Organization.

SOAP requests in our nswcli and testrunner tools did not maintain session credentials.

We no longer require an email username/password in order to use Email Server Encryption.

Resolved a display issue with Emailed and downloaded Report Table formatting and fonts.

Resolved a rare issue where Drill Down Reporting would not work when a secondary level had a 'Category' grouping, resulting in the errant level displaying no data.

Added the Clickhouse database to the Services window.

The logout API did not delete SOAP sessions.

We would errantly create a new session with every SOAP API request.

Created a new Directory Sync method that will sync directly to a single Group and only sync the Group's 'direct members'.

Added an onGuard Admin permission that grants the user administrative rights, allowing them to control settings and view system information.

Moved the Organization select so that it is accessible at the top righthand corner of any WebAdmin page.

OpenBGP Online templates did not properly delete networks in the 8.2.2 to 8.2.4 releases.

Drill Down Reporting will not work when either 'One Row' or 'One Row (Vertical)' is selected as the Table View at any level.

The nslog provides wrong category values for the Clickhouse input format.

The Directory Sync window is now organized into several tabs, providing an improved interface.

Added Directory Sync APIs for the new 'Specific Group' sync type.

Created a 'Word Cloud' output type for the Reporter.

Trace URL Request will no longer force the log username to the username set, increasing the consistency with all Policy Service requests.

Fixed Polaris Report issues for the Policy Server and Library.

Fixed Polaris report issues for the Reporter.

Policy Service 'request_read_timeout' could be triggered by TCP Window Scaling under high load, causing potential logging connections to be reset.

Delete report instance doesn't work if the report is running.

Exporting Report data would include a keyword list column called 70.

Account Importing would fail to properly handle empty string time formats as well as non-existing templates.

Real-time monitoring graphs were not displaying Historical Data.

Upgraded to amCharts5 and amMaps5 for WebAdmin based Reports.

Fixed a memory leak in the latest Logger update with generated fields.

Removed WebAdmin Directory Sync option for integration with deprecated Novell eDirectory.

SOAP API for dirsync_query was missing a parameter which would cause a PHP error.

The nscatmerge tool did not 'error out' when input files did not exist. This critical error will now return an error code.

The webapitest tool would fail on SOAP because the values were encoded in the tests rather than the runner.

Exporting Client Filter settings would not export the unique 'per-platform Brands' properly.

Removed the Chart Director so that Emailed Reports no longer contain Chart data, but HTML viewed links will still render the AmChart when selected in the Email.

Realtime Monitoring Graphs 'Counter32 MIBS' could sometimes reset to 0 causing graphs to show the current value of metric instead of the expected, incrementation change.

The 'Policies' menu icon was duplicated in WebAdmin hierarchal menu. We have updated the 'Policies' , 'Tools' and "Administration' icons in the menu, in order to ensure they all have unique icons.

SysOps with the 'Modify Group Policy Local List' permission, but without the 'Lists' permission were unable create and manage the Local List for their respective Group Policies.

Updated permission checks to allow Accounts to see lists in their Organization based on the Org ID and the 'View Organization Sysop Lists' Sysop Permission.

The Reporter line chart did not make Date/Time labels for 'short' time intervals.

When viewing Deny Page content, the esc_view variable was not set before it was used.

When you delete an Organization, all objects associated with the Organization will be removed as well.

NSProxy Bandwdith events could cause recursive function calls when a socket was in error.

Reports could be errantly created with no owner if the owner was set to an empty string in the report_edit API.

Resolved and issue where the 'systemctl nsreporterctl status' command would display unwanted error messages.

The Request Log rotation code in 7.2.15, 8.1.10 and 8.2.5 could abort when no log entries were available to flush.

The start.app Client Filter Event would use the cookie's Brand instead of the Brand in the request.

Found and resolved a Memory leak that could occur when running a Remote Admin command to query URL List information.

The Account Manager will limit the view to the Active Organization Accounts as well as Accounts of which the active Account is the 'Owner'. The 9.1 release will still display all Accounts with the 'Manage All Accounts' permission.

Ensured Account owners can not modify the Organization Account belongs to.

Added a series of 'Organization Manager' permissions in order for Accounts to be able to modify and manage their Organization.

The Account Permission 'Manage Account Organization' has been depricated in the 9.1 release. Customers upgrading to the 9.1 release with this permission will automatically receive the 'Create Organization' and 'Manage Organization' permissions.

The Account Manager 'Organization' field will not be visible in the GUI, and will be forced to the active ORG. The API will still allow the Organization to be specified.

The 'Manage All Accounts' permission did not allow a SysOp to assume the identity of another SysOp Account.

Any Event that causes a Brand change was not triggering a 'getconfig' hash change to tell the Client Filter to reload the configuration if the new Brand had a different configuration.

The workstation name was not present in nMonitor Events.

The @organization portion of a Client name was being used to determine the Organization of the Client, we now use the correctly configured Organization.

Admin Accounts without permission to the WebAdmin Settings window would still see the option in the menu, although selecting it would cause an error page. We have now removed visibility to the menu item for Accounts that don't have the permission.

The 'Date Modified' field in the Reports window was not consistent with other WebAdmin windows that contained this field. The field is now standardized throughout the WebAdmin.

Added support for a 'drilldown_filter' parameter in our 'view_dashboard.php'.

implemented read_report adaptor for Clickhouse.

The '@suffix' portion of a Group name was being used to determine the Organization that the Group belonged to.

Deny Pages are now only be able to be linked to Groups, Lists, Policies, and Portals within the same Organization.

Added the ability to Import and Export an entire Organization.

We have added the columns 'Created By', 'Modified By', 'Created At', and 'Modified At' for both Deny Page rules and Deny Page content.

Enabled a new 'orgid' field for the logging infrastructure as a default when upgrading to the 8.2.6 release.

The old NSEF-Linux REGEXP SNI parser would not parse the hostname in a second packet if the packet was perfectly segmented on a TLS extension header.

Resolved a Database error that could occur when viewing the Deny Pages Content tab with an Account that didn't have the 'Deny Pages' permission but did have the 'Manage All Groups' permission.

The 'Request Logs' charts could present inaccurate data.

'Map Chart' Reports now have the ability to present their data in the table format.

Sysop users could see duplicate List entries when using the List Search function.

We now package the 'nseftest' tool for testing Packet Capturess through the Enterprise Filter in the given release part of the Policy Service package, and we have added Linux Cooked pcap file support to Capture Modules and nseftest.

Added the new Report Chart type for 'Donut' Report output.

Added a new Report output that allows for two drill-down levels in single chart output.

Pie Chart Report '3D Presentation' and Chart 'Trend Line' options removed, 'Maximum Records' and 'Others Sum' moved to first presentation section. Also, the 'Others Sum' option no longer displays for Maps, Word Cloud, Line Chart, or Scatter Chart.

The nMonitor API for parsing the platform from Brand name would only parse '/androidbrowser' exact and not '/androidbrowser/android'.

Append Organization would use the Account's Organization, instead of the active Organization.

Reporter chart output for Categories now allows for two drill down levels within a single chart output.

Added a new 'Card' style Reporter presentation for single row Reports.

Setting the Policy Service 'max_disk_usage_size' to a value of '-1' or '0' would errantly set it to the default value of 1 GB.

Added supporting as well as library functions for Clickhouse Reports.

We now use Composer to package third-party tools in the WebAdmin.

Configuring the 'Request Logging' database in WebAdmin settings will now cause all WebAdmin Reporter interactions to use Clickhouse analytics system, instead of the standard NSReporter.

Updated the way that the PHP getopt script is called so that arguments will always come after flags and options.

Implemented a SQL builder utility to support the formation of dynamic SQL statements for Clickhouse Reports.

The Report Definition for the Report view has been improved to add more flexibility.

Updated all scripted calls to 'read_report' and 'view_report_data.php' to ensure that the ordering of arguments in calls is compatible with the 'getopt' PHP.

Added the necessary WebAdmin functions to support making connections to the Clickhouse database.

The Deny page portal flag was always set in the group/portal selectize.

The loggertest utility will now reconnect to the server when it receives a connection error. Added 'reconnect-retry' and 'reconnect-delay' settings that coincide with this.

Netsweeper has modified the category definitions in revision 28 for the 8.2.6 release. We have added new 'Generative AI' and 'Cryptocurrency' categories; and we have updated certain Category Definitions and Examples.

Added Report definition configuration options to control whether a Report uses Clickhouse or our existing Report database.

The Clickhouse Report viewer is no longer dependant upon the existence of Report instances from our traditional Report database.

Resolved an issue where a non-existing Account Permissions Template could be assigned to an Account through an API call.

Deleting a WebAdmin Account did not clean up the assignment of Templates.

Both the Tile and Table views now have their own 'Show Column' settings, allowing Account users to customize both views independently of each other.

We have added an 'Override existing data' option that can be selected during the Import Client process.

'Account Create' APIs now return permission errors when the Organization is invalid.

The Reporter API did support all types of Report Presentations.

The Client Filter Settings windows now check for the 'Client Filter Settings' permission.

The 'Move IP' and 'Dynamic Client API' now have an adjustable delay, in order to avoid configuration reloading issues.

Organization on upgrade would allow an empty Organization field.

The root Organization as well as the default for the 'admin' users is "-" which is the organization for all logs prior to enforced organization field in logs in the 8.2.6 release.

Activating the Global Webadmin Setting 'Enable Authentication Redirect URL Validation' would break all Authentication Portals from working.

The Authentication Portal 'Remember Me' expiration time would always be expired since the 6.4.3 to 8.2.5 release.

Ensured that all objects within an Organization are visible in the 'Modify Organization' window.

Added the ability to resize and reorder the Tile view objects in the WebAdmin interface.

Agent Configuration used the '@organization' field to identify the Organization for upgrades. This has now been modified to use the 'Append to Username' field to place the Agent into the proper Organization.

We now check to ensure that Directory Sync places all created Groups, Clients, and objects into the organization that the Directory Sync was created in.

Client FIlter Local Network Detection could cause corrupt protocol responses in the 8.2.4 to 8.2.5 releases. This could cause the getconfig event to fail to be processed and the Client Filter to fail open.

Reporter HTML Report output and emailed HTML links now use the new Charting engine and support all Chart output types.

The Client Filter Brand's 'Request Context IP Address' field will only support an IP address, not a subnet. We now parse out any CIDR denotations when we save this field.

The 'Expiry' field was not populating in the List > Entries window when adding multiple entries via the bulk 'New Entry' function.

Added a new 'NSW-Organization' API Request Header 'nsworganization: orgname' in order to allows users to change the active Organization for the specific API Call.

Added the ability for the Reporter to do 'Top Search Terms Unique Users' or 'Top Domains Unique Users' Reports.

We now hide the Legend for smaller Chart Reports by default, to prevent the text from being written over top of the chart.

Client IP validation would compare the assigned organization with the '@org' field, potentially allowing multiple identical Clients.

Added the ability to lock Session store objects and have interface functionality removed from subordinate Accounts.

Resolved a rare issue where a replaced URL could be errantly allowed when using the Client Filter in either Profile Manager or RUS mode.

Super Tables lazy loading will now 'lazy load' the initial table lookup, not just lazy load the charts.

The Request Logs > Archive had a hardcoded timeout value of 5000, or 5 seconds, and did not use the DEFUALT_WEBADMIN_TIMEOUT.

Upgrading to the 8.2 release would delete all IP Restrictions from the user_restriction table, as we would filter for only orphaned Groups.

Resolved a Database error that could affect SysOp users for 'auth_redirect.enabled' when viewing the Groups.

Reporter Date Range for Dashboard Date/Time filter to support date ranges.

Added the ability to remove the Title from the Report output using an adjustable Report setting.

We will now automatically rotate 'X axis' labels if they overlap.

Added new WebAdmin themes in My Account > Preferences > Settings.

Updated the 'ajaxtable' look and feel for the new WebAdmin 2025 theme.

Added a Report Preview when creating a Report with the Clickhouse database.

The report_defintion_presentation_add API call would always add the presentation to the latest grouping, regardless of what 'groupby' field was specified.

The reporter/config.php file did not include authuser.php as the first object, causing translations to be loaded as the Global default, instead of the Account's unique language.

The Report 'view' scripts were not translating fields and Category names.

Added DNS query argument qtype=[1|28|65] to the Protocol Engine for events like 'dns://example.com/?qtype=1', similar to our PDNS-Recursor integration.

Session store would view the 'Scheduled Reports', 'reports_scheduled', and 'reports_demand' Reports as Reports, but the export would only show schedule.

WebAdmin Notifications did not validate the filter on Import as a valid regular expression.

Resolved minor display bugs the Home screen's Service Status table.

Moved font-awesome out of the WebAdmin theme and into a common location.

The Groups tab within the 'Edit Account' window now differentiates whether the Account has permission to a Group because it was directly assigned, or due to the 'Manage all Groups' or 'Manage all Organization Groups' permissions.

Any issue with 'poweredby.netsweeper.com' accessibility was affecting Report Charts loading.

Resolved a Javascript error in non-ajax data tables.

Adding a filter to the Category Lookup did not apply the selected filter to the table.

When viewing a Group, the default/landing tab is the Group's new Quick Reports Dashboard.

Created separate Report Admin Templates for both Global Dashboard Reports and Group Dashboard Reports, allowing them to be applied independent of each other.

We have segmented Dashboard and Quick Reports into their own respective tabs in the Report Admin window.

The account_iprange_query did not return valid JSON output.

Netsweeper Services did not properly set the 'NOFILE' limit in systemd, nsdctl, and nsreporterctl.

The NSReporter sets a hardcoded 'NOFILE' limit in code, we now have this set in the Service.

After applying the 'Restrict Actions' setting for only Deny Entries, the 'Search Keywords' Category could no longer be assigned.

Added a new 'Dashboard Reports' Account Permission, allowing users to provide and remove access to the Report Dashboard.

The Request Logging server information will now read from the environment by default, and will only be overridden by the nsd.conf.

WebAdmin translations were not being applied to the calendar widget.

Added 'Created By', 'Modified By', 'Created Date', and 'Modified Date' columns to the Category Templates, Group Templates, and Policy Templates windows.

Resolved an issue where the Account owner could potentially be changed without any security validation, with a backend API.

Expanded the nsMySQL command line tool to support the 'requests' database.

When you restrict List Entry types, we will now allow only Request Parts that can use those types.

Freshnsd will now load List update settings via nsup2d instead of calling a WebDB call directly to the localhost.

Breadcrumbs in various languages would remain present after selecting the 'Home' breadcrumb.

Our Calendar interface now includes both 'Range' and 'Single' options, with sample selections provided.

Added a new horizontal bar chart that will adhere to the selected sort order, and display values within the chart.

libnmonitor and Client Filter matched words will no longer be offset when a " character is detected.

Added Export and Import options to the Session Store, so the current options are saved and can be locked.

Incorrect encoding could result in UTF-8 based Search Term Reports becoming corrupted.

Resolved a JavaScript error that would occur when creating a Group.

The text format logger did not escape spaces in any logged field.

The 'email_cc' and 'email_bcc' fields did not always have '' as the default value, causing database errors after upgrading. This issue could occur in Reporter Database versions 39 to 48, Netsweeper versions 7.2.5 to 8.2.6.

Added a new 'Maximum Request Log Database Start Date Depth', and 'Dashboard Date Range Limits' to WebAdmin Settings. Renamed ‘Maximum Report Start Date Depth' to 'Maximum Reporter Start Date Depth'.

The Request Logs would incorrectly display the 'Policy Server ID' field as 'Logger'.

The Monitoring Graphs did not limit the servers to SNMP compliant servers.

Added 'Run on Servers' and the 'Backend' fields to the Demand, Scheduled, and Continuous Reports types.

Configured our Reporter service to work with both Clickhouse and our traditional Request Log database. Ensured both will properly interface with /remotereporter/ correctly and generate Reports as expected.

The Scheduled Reports window now has the 'Next Run Time' column exposed.

Added new columns for 'Start Time' and 'End Time' into the Demand Reports window.

Report view scripts did not map the last Category number to its name for nMonitor records.

Report charts were not visible when the Reports were shared with other SysOps if the 'Require Authorization to view Report data' WebAdmin Setting was enabled.

nMonitor Events did not clear the new line from Category Mapping, causing Report output Category name translation issues.

The List Autocomplete feature did not limit the List selection to only available Lists for SysOp users with viewable Lists used in Client Filter Settings.

The Lists window could display an incorrect count of Lists for SysOps.

Ran Polaris Synopsys against the 9.1.1 release.

Resolved a JavaScript error that occurred when creating a Deny Page.

Creating a Report with Category based summary groups would cause 'Error 10303: (group) Unable to add summary record to group list' and the Report would fail to render.

We now show a warning message for Users to confirm their intention to delete the existing data when they select the 'Delete all existing data?' option while importing.

It was possible to corrupt a text log entry with a value of '\n' (new line separator) in the data.

The Policies tab within the List window had the wrong permission check.

List Settings fields will no longer display if the user does not have the requisite permission.

The WebAdmin would throw a javascript error when clicking on the Policy Logs.

Renamed the Reporter field 'Policy Group' to 'Group Name' and removed the word 'Address' from the Client IP, Destination IP, and Interceptor IP fields.

Changing the Reporter backend to Request Log Database will now automatically cleanup the Report instance database.

'Request Log Database Only' Reports will no longer enter a 'waiting' status, as these Reports are 'On Demand'.

We now allow nsupgrade to skip upgrading broken packages, allowing for upgrades to occur on modified systems.

Added the Dashboard window for Request Database Reports to the Profile Manager WebAdmin view.

Refined the look and feel of the WebAdmin 2025 theme for the Profile Manager view.

The WebAdmin would throw a JavaScript error when selecting the Up2Date Logs.

We now support rerunning a Monthly Scheduled Report with a 'For Last 1 Month' option.

Selecting the 'Delete all existing data?' option while importing did not delete all Groups or Shared List Entries.

Added WebAdmin 2025 theme support for the Profile Manager.

Resolved a Database error that could occur when deleting Deny Pages with a Sysop Account that have the 'Deny Pages' permission but did not have the 'Manage All Groups' permission.

Added a Horizontal Bar Chart to the Report tables for the HTML View type.

Improved 'progress_data' processing as well as prioritizing of Report processing 'wait times' in order to facilitate large numbers of Reports per page. This affects all Report types.

The ns_reporter-debuginfo package did not include the debug symbols for debugging the Reporter, and the ns_policyserver package included them in non-standard way.

Ensured both the Reporter and the Request Log Database will interpret 'Interval' and 'Start Date' values for Scheduled Reports in the same way.

Added a 'Do Not Change' option to the Rerun field for Scheduled Reports.

Viewing logs from remote servers would result in an internal server error.

Upgrading the 'ns_routes.ns_webadmin' package would output an unnecessary comment from a 'grep' statement.

Webadmin Monitoring Graphs could display an unneeded error message on the Home window.

We now prevent the default configuration from using the /var/log/radius/radwtmp file, as it is not used or required by Netsweeper.

Standardized the Reporter chart output when they contain error messages.

Resolved a database error that could occur when a Sysop tried to add a Policy to a Shared List.

Netsweeper EL8 RPM specs did not properly mark all configuration files as config files. Some config files where listed twice in the spec, with the 'noreplace before' attributes; potentially causing the config file to be replaced when upgrading.

The Organization was not being appended to policy names when set via the group_add API.

The nsup2d service will now only log messages and errors by default and can be configured with /etc/php.nsup2d.ini for more error_reporting if required. We also added improved default module messaging into the nsup2d_message.log.

The NSEF Library now supports TCP Segment Offloading captures from Clients where the IP->length is not yet set, as it is offloaded to the network card.

We now issue a Javascript error if a remote NSProxy server cannot be reached.

The Request Log Archive would connect to servers that had not been marked as active.

Added a new 'WebAdmin 2025 Lite' WebAdmin Theme.

Deny Page Images were not being saved to the database and serialized to the Deny Page server via nsup2d. This impacted all releases between 7.2.7 to 8.2.5, and could result in a large amount of Deny Page content.

The Report Template 'Start Time' did not show if only one interval was enabled, and set as the default.

Running the command 'webadminctl stop' when there was no disk space left would cause the webadmin/config/disabled.php file to be removed.

Client Filter Settings Exceptions could show List IDs of Lists that the SysOp did not have permission to view.

Accounts that did not have the correct Permissions to manage SysOp Accounts could see the Accounts when adding List Permissions.

Dashboard Fields have been serialized to the session store.

Resolved an issue where the Reporter would not treat empty Reports as '0' values. This could cause issues when running 'trend' type Reports.

Added 'Dashboard Filter Fields' to enable the dashboard to use its own customizable set of fields, instead of the 'Reporter Filter Fields'.

Removed Group selection from Group Dashboards, to ensure they do not display in the Group Dashboard filters.

Drill down Reports with 'Multi Group chart' top-layers now allow for Pie charts within the underlying layers.

New Advanced Filters could not be saved in versions 8.2.1 to 8.2.7.

NSUp2D will now write the exact value for timespan settings from the WebAdmin config table.

Editing existing report summary group fields, updates the presentation Data field on summary group edit pop up.

The Request Logs for SysOp Accounts did not check for Account managed Groups.

The installer volume names for the '/home' directory and the '/usr/local' directory were both 'home'. This caused the home partition to resize and fill the disk, instead of the expected '/usr/local'.

Transitioned the 9.1.1 release to the 'ns_configure_net-snmp' package and added the SNMP disk percentage usage information back to the '/etc/snmp/snmpd.conf' directory.

The Custom Report editor doesn't validate Report Name, Email, Subject length that potentially causing a Database error.

Resolved an issue where exporting Accounts and Client Filter Brands would result in a database error.

Resolved an issue where users could assign a List as a Client Filter Exception List without having permission to the specific List, as long as they had permission to manage the Brand.

When Exporting a Client Filter Brand in JSON format, we now include any Exception Lists, as well as their entries.

We now support exporting 'Trend Report' information in all formats.

By default, the Request Log Database will hold two months of log data in the 9.1.1 database schema.

Applying a 'Client IP' Filter in our Reports Dashboard would always result in empty Charts.

Selecting a template with a long name in the Reports Dashboard would trigger a database error.

A Report's 'Start Date' no longer depends on the selected 'Week Start' day for weekly Scheduled Reports.

URL List loading from 6.3.1 to 8.2.7 would treat a URL with no segments as a memory error, causing the Policy Service to abort List loading.

Upgraded dnsdist to 1.9.8 in the Netsweeper 9.1.1 release

New pfring 8.8.0 used in the netsweeper 9.1.1 release, with kernel 4.18.0-553.36.1.

New netsweeper bridge module 9.1.1 release with kernel 4.18.0-553.36.1

Netsweeper 9.1.1 has been upgraded to Enterprise Linux 8.10 from 8.7.

The nsreporter did not adjust the 'Week Start' parameter correctly for weeks that did not start on Sunday.

Upgraded pdns-recursor to version 4.9.9 in the Netsweeper 9.1.1 release.