How can we help?

Netsweeper 7.2.1 EA

Follow

Netsweeper 7.2.1 EA is now available for early adopters. We have been very active working on our Active-Active WebAdmin project, changing the architecture of our system to allow multiple active WebAdmin systems to work together to provide greater performance, scaling, and improved redundancy. The 7.2.1 EA release gives customers the ability to test out our progress and see where we are going in the 7.2.1 release. It is important to remember that if you are upgrading, the WebAdmin, Reporter, and Deny Page servers must remain the same version. Netsweeper is not recommending any production systems be upgraded to the 7.2.1 EA release, but customers are encouraged to start looking at the changes we are making. The 7.2.2 release will be the first release customers will be able to setup an Active-Active WebAdmin and start using in a production environment as some key elements are missing from the 7.2.1 EA build.

If you have any questions or concerns about planning an upgrade to this release, please contact  Netsweeper Technical Support support@netsweeper.com.

This release is available on both EL6 and on EL8. The 7.2 release will continue to port the product to EL8. Over the course of the 7.2 release cycle, we will be finalizing the EL8 release. Moving forward to Netsweeper 8.x releases, we will no longer be releasing new features for the EL6 builds. Netsweeper will continue to provide security fixes to the EL6 builds but will not provide new features to the EL6 based release. Customers are expected to plan a migration to EL8 between now and 2023 if they desire the new features we are introducing.

Netsweeper 7.2.1 New Features

Routes Advertising Service

  • New Routes Advertising Service templates added for EL8 OpenBGP, instead of QUAGGA

Radius

  • Radius integration is split into two services for EL8: Radius for service provided by FreeRadius, and NSRadius for Netsweeper Radius Log Parser

SSL/TLS

  • A new 'Secure SSL Connection TO Config Database' checkbox is used to enable the SSL connection from the WebAdmin to the database, so transmitted data is encrypted.
  • All Protocols have been updated to use SSL/TLS in the Policy Service.

Active-Active WebAdmin

  • SAML SSO configuration for Active-Active WebAdmin added to the database
  • WebAdmin now has a default certificate and key for SAML login

Deny Pages

  • You can browse for or drop an image to insert it into the Deny Page
  • Deny Pages now generated on all WebAdmin servers by the Up2Date service

Up2Date

  • WebAdmin configuration files are now generated by the Up2Date service on each WebAdmin

Client Filter

  • Exception List header rewrite support for Chrome Client Filter to allow YouTube restricted or moderate mode to be enforced via Exception List
  • Policy Service protocol support for https, httpsi, ssl, ssli added to the Client Filter allowing secure communication between the client and server.

Policy Service

  • The Policy Service will now parse either http:// or https:// liger events
  • Parsing and support for the policy service URL has been added

Upgrades

  • All upgrades are now done over HTTPS to the https://repo.netsweeper.com repository

Downloads

To download the latest release, please use the following links:

EL 6 -> http://repo.netsweeper.com/netsweeper-el6-x86_64-7.2.1-1.iso (md5) (sha256)

EL 8 -> http://repo.netsweeper.com/netsweeper-el8-x86_64-7.2.1-1.iso (md5) (sha256)

Change Log 7.2.1

Ticket

Description

23491

BUG: Generating a Certificate Authority for NSProxy would fail without an error message.

23530

FEATURE: PHP Session data is now stored in the database.

23540

BUG: The /sbin/ifup-local, which is linked to nsupdateissue, did not run on CentOS8 and the issue did not get the IP addresses of the machine.

23644

BUG: The letsencrypt SSL certificate process did not make the httpd reload of the SSL certificates after a successful update was completed.

23699

FEATURE: OpenBGP instead of QUAGGA is used for EL8 for the Routes Advertising Service. New RAS templates: 'Open BGP' and 'Open BGP Online' Templates have been added.

23706

FEATURE: Configuration for freeradius has been added in the EL8 release. Netsweeper Radius integration has been split into two services: Radius for service provided by FreeRadius, and NSRadius for Netsweeper Radius Log Parser to manage WebAdmin Radius Accounts, Groups, and Users.

23718

UPDATE: The kickstart file has been reviewed and updated.

23808

SECURITY: Base operating system RPM packages have been sourced from Oracle Linux 8 and Oracle Linux 6 providing long term support for security and package updates faster than the CentOS variant of RHEL provided.

24388

FEATURE: Duplicate keyword entry logs have been changed from 'Error' to 'Debug'.

24393

BUG: Gzipped CSV files for Reports did not work correctly on Chrome. Browser detection has been added for major browsers.

24408

BUG: Loggertest would fail when sending a log entry to a remote logger with a great amount of screenshot data.

24439

BUG: Profile Manager Timezone Settings did not allow the user to select time settings to manage the profiles.

24443

BUG: There was an invalid keylength for the Let's Encrypt SSL certificate in EL8.  The keylength input has been removed. It is 4096 all the time.

24470

BUG: There was a failure to validate the signature for SAML authentication.

24471

BUG: SAML authentication would fail due to the Chrome SameSite cookie policy.

24476

BUG: A warning was added for an invalid option format in nsupgrade.

24479

BUG: The default timezone was 'UTC' and not the timezone set during install.

24488

FEATURE: All Protocols have been updated to use SSL/TLS in the Policy Service.

24498

BUG: Deleting a Report Instance did not create a WebAdmin Log.

24499

BUG: Importing List entries displayed the wrong 'Edited at' time stamp.

24509

BUG: NSProxy could abort when serving a Deny Page for a corrupt SSL request.

24511

BUG: The List Search Filter did not work correctly.

24512

BUG: Continuous Reports data output everything as zero.

24520

BUG: The Quick Report 'Denied Request Log Report' would never finish loading.

24524

BUG: There were Policy Service stability issues in the 7.1.7 release.

24527

BUG: For EL 8, the nginx config did not have the proper timeout setting.

24531

SECURITY: All rpm files are now signed and enforced signed checking on upgrade for both the EL6 and EL8 releases.

24532

FEATURE: Web Upgrade no longer mangles the /etc/yum.repos.d and leaves the management to ns_repos, ns_webupgrade 7.1.8.

24535

SECURITY: Netsweeper Security updates of upstream packages from Enterprise Linux 6 for 7.2.1 have been added.

24539

BUG: PHP warnings have been fixed for EL8.

24540

BUG: NSRoutes would stop loading a cache line over 8192 bytes causing subnet corruption for IPv6 to /32 and additional problems

24541

FEATURE: The PF_RING and Bridge kernel have been updated to the new kernel-2.6.32-754.35.1.el6.x86_64.

24551

FEATURE: The EL8 kernel has been upgraded to kernel-4.18.0-305.7.1 including upgrades to pf_ring and the bridge drivers.

24552

BUG: There was a database error with adding a new host.

24558

BUG: There was an upgrade failure after clustering.

24565

BUG: Web Upgrade in 7.1.8 did not cleanup the repo after it was changed. This has been fixed in Web Upgrade 7.2.1.

24575

FEATURE: SAML SSO configuration for Active-Active WebAdmin has been added to the database.

24577

FEATURE: Deny Pages are now generated on all WebAdmin servers by the Up2Date service.

24578

FEATURE: WebAdmin configuration files are now generated by the Up2Date service on each WebAdmin.

24588

FEATURE: Exception List header rewrite support has been added to the Chrome Client Filter. This allows for the YouTube restricted or moderate mode to be enforced via the Exception List.

24590

BUG: Improvements for URL Lists have been added for the MacOS Client Filter.

24598

BUG: In the Client Filter, the 'Request a Review of the Denied URL' link did not send an email.

24608

FEATURE: The EL8 network stack did not load the rule-INT and route-INT which Netsweeper makes great use of. We have added a new script /etc/NetworkManager/dispatcher.d/40-sysrouterule which will load and process these networking rules and routes for all interfaces.

24615

BUG: Deny Pages on the Policies page could not be deleted.

24616

BUG: Both httpd and nginx could be enabled on the install of Netsweeper 7 on EL8. This has been fixed. Netsweeper 7.2.1, by default, uses nginx due to problems with Apache and chunked encoded http POST data causing WAgent calls to fail.

24617

BUG: URL Lists did not support hashing on some platforms.  Default hashing has been defined to make sure all platforms support URL List hashing functionality.

24618

FEATURE: New parsing and support for the policy service URL has been added.  This allows us to prefix the policy service with http:// https:// ssl:// ssli:// httpsi:// and other schemes to define the type of connection to create for the policy service.   Policy service support for https or SSL will be included in the 7.2 GA release.

24627

BUG: The Logs LIVE page would display an error in the WebAdmin interface when out of memory in the merge verification screens.

24630

BUG: There was an inability to delete Request Servers in EL8.

24638

BUG: An error was causing display problems for 'Request Logs'.

24640

FEATURE: All upgrades are now done over HTTPS to the https://repo.netsweeper.com repository.

24662

BUG: The RDNS could crash at shutdown.

24677

FEATURE: All Report Types can now be filtered by 'Status' and Scheduled Reports can be filtered by 'Interval' using Advanced Filters.

24681

BUG: Having a different directory for the Reporter temporary files that are mounted on a different file system would cause the Reporter to stop. Having the temporary file storage on a different file system is still unsupported, however, it will not cause the Reporter to stop.

24696

BUG: The Policy Server would not add a Header to HTTP for the Client Filter causing connections to close for every policy request. A connection keepalive has been added.

24700

FEATURE: Policy Service protocol support for https, httpsi, ssl, ssli has been added to the Client Filter. This allows for secure communication between the client and server.

24703

BUG: During the build process of ns_backup RPM file, the /tmp directory was used and not the RPM_BUILD_ROOT.

24706

FEATURE: There is now the ability to extend Up2Date to call php modules to generate client-side configuration based on webdb calls.

24707

BUG: A broken libwebdb call could leave a cache.generating file which would delay the future webdb calls by 10 seconds while we attempt to wait for it to be entirely generated. A tmp file check has been added. If the temp.geneating file does not change sizes in 1 second, assume total failure.

24710

UPDATE: Squid and Enterprise Filter have been removed from EL8.

24713

BUG: The nginx service did not allow letsencrypt to access the WebAdmin server.

24714

FEATURE: Deny Page images are no longer uploaded using a file manager and are instead generated by the Up2Date service on each WebAdmin. New functionality allows you to browse for or drop an image and then insert it into the Deny Page.

24717

BUG: Starting the nsd or nsproxy service on EL8 would cause nginx to start which is not a hard requirement for these services when configured with a remote WebAdmin.

24718

BUG: There was a rendering display issue in the data feed for Live Logs, leading to an error.

24720

FEATURE: The modules.yaml in EL8 would always break the modularity, causing installations errors.  We now generate our own modules.yaml for injection into the dnf repository.

24728

BUG: Logging out of SAML auth logging in Chrome could cause an error page to appear.

24738

FEATURE: MariaDB Galera Clustering has been enabled.

24745

FEATURE: Default ports are set for httpsi/https/http if no default port is specified for endpoint schemes.

24753

SECURITY: systemd had rpcbind open by default and it is not required.

24768

FEATURE: Improvements have been made to libwebdb for support of the Up2Date service and serializing the WebAdmin configuration and deny pages to multiple servers.

24771

FEATURE: The Policy Service will now parse either http:// or https:// liger events in the 7.2.0 release.

24772

FEATURE: The WebAdmin now supports SSL/TLS connectivity for the database for secure DB connectivity. There is a new 'Secure SSL Connection TO Config Database' checkbox added to the 'Database Configuration' section of WebAdmin Settings.  It is used to enable the SSL connection from the WebAdmin to the database, so the transmitted data is encrypted.

24774

SECURITY: The Policy Service is now configured for perfect forward secrecy.

24776

FEATURE: The gssproxy.service has been disabled on install for EL8.

24779

BUG: nsupgrade now shows the help by default.

24802

FEATURE: The WebAdmin Login Disabled setting has been removed since it is not saved into the settings local or nsup2d.

24805

BUG: The WebAdmin Logs to Request Log functionality did not always log the correct date/time.

24808

BUG: NSProxy would crash if Deny Page Type was changed to a 400, 404, 500 and other deny page types. This rare problem has been resolved.

24809

SECURITY: Improved WebAdmin security has been added as the web server no longer needs to write files and the configuration is replicated via the Up2Date service. Configuration files no longer adjusted by web service user.

24811

BUG: Google CECPQ2 post-quantum key-agreement enabled, which sends the Client Key in the Client Hello, caused problem parsing the Server Name Indicator for Capture Modules and Enterprise Filter installs.

 
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request