Netsweeper is pleased to announce the Netsweeper 7.2.11 GA release. This releases fixes some stability issues with the policy service, directory service, and a few WebAdmin interface issues in the 7.2.10 GA release. All Customers are strongly encouraged to upgrade to the 7.2.11 GA release to stay current with Netsweeper functionality, security enhancements, and bug fixes.
The Netsweeper 7.2 release is the last release available on both EL6 and EL8. Moving forward, Netsweeper will only be making new features available on the EL8 platform. Customers are expected to transition from EL6 to EL8 using the Netsweeper 7.2 product. Netsweeper will continue to provide security fixes to the EL6 builds but will not provide new features to the EL6 based release.
Summary of 7.2 New Features
- Improved security of the Netsweeper installed product for the EL8 installation added
- Locked down and added improved security features for the EL8 based Netsweeper installation
OS Level Complex Passwords
- Admins now forced to change their OS Level password on EL 8 installs
- Password now must expire in 90 days and the admin cannot change it again within 7 days
- A new password cannot be the same as the previous 5 passwords
- Active-Active WebAdmin systems support pointed to a single clustered database
- SAML SSO configuration for Active-Active WebAdmin added to the database
- WebAdmin now has a default certificate and key for SAML login
- Directory Sync can now be run on multiple Active-Active WebAdmin servers at the same time
- Per domain Directory Sync Interval or Timing and logging level added
- Directory Sync fields for Status, Sync Server, Sync Time, and Last Sync Date added to accommodate Multi Server Directory Sync
- WebAdmin Backup allows selection of WebAdmin servers based on the WebAdmin URL in Security Labels
- Refactored to use the hostname of the server and not the IP
- Reporter will not run Reports on a database that has not yet been upgraded
- Directory Sync does not run unless the database version matches the version required by the DirSync service
- A new 'Secure SSL Connection TO Config Database' checkbox is used to enable the SSL connection from the WebAdmin to the database, so transmitted data is encrypted.
- WebAdmin Status window (EL 8) shows the version, current time, and CA Certificate information
- All upgrades are now done over HTTPS to the https://repo.netsweeper.com repository
- Database only upgraded when user logs in to the WebAdmin or forced with webadminctl dbupgrade
- WebAdmin now displays error when WebAdmin version does not match database version
- First Name, Last Name, and Email have been added for the Client functionality (WebDB, Policy Service, WAgent, DirSync, Import/Export) as well as Logging and Reporting
- WebAdmin Settings now loads from external applications to support loading settings, passwords, and other settings from external secure systems
- Users can override WebAdmin Settings in settings_override.php allowing for external systems to do queries to load settings
- Added new report instance export format CSV (UTF16), that supports Unicode characters
- Supports 'File' URLs that do not contain a hostname making it possible to use URLs like file:///app.exe
- 'Module Name' added to the Request Part List processing so when Client Filter sends the 'Module Name' it will be possible to Allow or Deny
- 'No Action' added to List 'Restrict Actions' that allows a user to add a URL that is basically 'Not found'
- 'Client Module Name' added to 'Trace Request' allowing users to debug Module Name processing steps
- Security Labels updated to work with Active-Active WebAdmin
- 'Security Labels' interface added to associate a host server with the database
- Can associate multiple servers with a single WebAdmin database (Previously WebAdmin could only be active on a single host or system at a time)
- Support for Active-Active WebAdmin hosts serving content from the same database
- Active-Active Directory Sync enabled to apply WebAdmin URL and server validation settings
- New WebAdmin Settings for Active-Active Directory Sync: 'WebAdmin Dirsync URL' and 'WebAdmin Dirsync Server Validation Disabled'
- Validates the accessibility of WebAdmin APIs before running synchronization
- Azure Active Directory can now synchronize with Microsoft Graph SDK and Microsoft Authentication Library. DirSync type based on the Microsoft Graph SDK with MSAL4J for Azure Directory.
- DirSync now supports TLS/SSL connectivity to the database
- Can browse for or drop an image and insert it into Deny Page
- Deny Pages now generated on all WebAdmin servers by the Up2Date service
- WebAdmin configuration files now generated by the Up2Date service on each WebAdmin
- Up2Date Files page removed as the new Up2Date service no longer copies specific files or directories but generates files for all WebAdmin servers
- Logs the module that are running, possibly the time taken to run the module for logging purposes
- Logs modules that are running to show progress
- Translations now published with Up2Date
- Work has been done in the 7.2 release along with the Netsweeper Client Filter 9.0.0
- 'Client ConfigEdit' and 'Client Exception Lists' added to 'Client Filter Settings' in the WebAdmin
- Exception List header rewrite support for Chrome Client Filter to allow YouTube restricted or moderate mode to be enforced via Exception List
- Policy Service protocol support for https, httpsi, ssl, ssli added to the Client Filter allowing secure communication between the client and server
- WebAdmin can push an Exception List for the Client Filter along with Config Edit branding settings
- 'Platform' attribute added to WebAdmin Brand Settings for different Windows and MacOS releases
- Client Filter Brand can 'optionally' specify a Brand in the Client Filter Configuration
- Thinclient protocol version 002 implemented that allows for 'Module Name' to be passed for policy processing in the Client Filter 9.0.0 and above
- New Client Filter Brand permissions added for SysOps to perform Client Filter Settings Brand Management
- Uninstall Key Generator option moved to 'Client Filter Settings' allowing per Brand key generation
- 'Mode' option has been added to the Uninstall Key Generator to Profile Manager and Roaming User Service mode as both can get an uninstall key generated
- Client Filter Settings order of precedence has been fixed in nsd.conf, default brand in WebAdmin, specific brand, and finally the specific brand with platform defined
- nMonitor Config settings added to the WebAdmin Client Filter Settings
- The Policy Service now parses either http:// or https:// Client Filter events.
- Parsing and support for the policy service URL has been added.
- All Protocols have been updated to use SSL/TLS in the Policy Service
- Logging can now extract the organization part from the Client name or Group name
- New Routes Advertising Service templates added for EL8 OpenBGP, instead of QUAGGA
- Radius integration is split into two services for EL8: Radius for service provided by FreeRadius, and NSRadius for Netsweeper Radius Log Parser
Change Log 7.2.11
|The CNS connection structure could be accessed after it was freed.
|The URL was not added to the URL Que for Categorization when the original destination IP was not provided.
|Azure Directory Sync was not be able to parse emojis in names.
|NSProxy did not close the ICAP connection when the response is an error code.
|The ICAP server didn't reset the input after a error and tried to parse the rest of input as a new request.
|NSProxy got an ICAP error message 'ICAP: unexpected response code '501 Not implemented'' due to incomplete Policy Service ICAP buffer parsing. We now support incremental reading of ICAP requests properly.
|Client Filter protocol processing in the policy server could cause request corruption with big requests wrapped into the http or https request.
|The 188.8.131.521 nsproxy is getting the rare ICAP retry message, could be a nsproxy or policy service issue
|Azure Directory Sync did not add Groups for large directories.
|Policy Service Header Add/Replace removes all other Request Headers in 7.2.1 to 7.2.10. This issue has been resolved.
|Directory Sync did not remove bad characters from the First Name and Last Name fields.
|The Directory Sync service, by default, will only use 5 threads to sync from 5 directory services at a time. This can be configured to more depending on Directory Sync server specifications and memory.
|A 404 error displayed when a SysOp attempted to assume the identity of another SysOp Account in a different organization.
|NSProxy intermittently displayed an error: 'Error can't connect to the policy server.' causing deadlocks and aborts.
|The Fields menu in the Custom Report page showed already selected fields as a string of numbers instead of labels.
|WebAdmin Export did not use the filename in the export dialog.
|Some WebAdmin pages that should have shown the SQL server errors showed empty strings because the error was reset in error logging.
|Group-based Quick Reports did not show in the Group-based Quick Report window.
|When a List was deleted from the List window, it was not removed from the Client Filter Brand Settings.
|Webadmin Notification permission was required for a SysOp account to view the Webadmin Log. This caused the WebAdmin Log permission to not permit WebAdmin Log access.
|It was possible to see the same List twice in a selectized drop-down when you are a SysOp user.
|List Manager Selectize would limit the number of results in the drop-down, but the Lists in the input area may not be in the first X results, and they will remain a 'number' not the List name.
|SysOps could not view or remove Exception Lists from the Client Filter Settings page. Exception lists now only require view permissions.
|The View Managed Sysop Lists and View All Organization Lists permissions would interfere with each other.
|The 184.108.40.2063 could cause Directory Sync to stop when the First Name and Last Name where not set.
|WebAdmin and DirSync did not process Last Name and First Name invalid characters in the same way.
|Exporting a report as HTML would get denied when a remote reporter was used in the prior 7.2 releases. You can now export HTML reports
|The Report Export filename did not have the appropriate name based on the Report name and Instance date.
|Azure Directory Sync Search Base was searching in Groups that were not part of its search base.
|Client Filter Settings would allow Brands with a space in the name.