Changelog EFW Community 3.0.5-beta1
===================================
Webfilter: integrated
---------------------
[UTM-962] - EFW 3.0 Webfiltering - Blanket Blacklist
[UTM-911] - Automatically download URL filter lists after upgrade
[UTM-893] - Web URL filter - "Activate Antivirus Scan" blocks the
navigation
[UTM-876] - Wrong permissions on migrated content filter profiles file
[UTM-860] - Proxy authentication keep asking credentials
[UTM-814] - Content filter profiles removed after upgrade
[UTM-810] - Optimize memory usage by using 'file' instead of 'hash' for
urlfilter lookup tables
[UTM-698] - Unable to download the content filter signatures
Antivirus: ClamAV
-----------------
[UTM-1091] - Exclude selected signatures from ClamAV
[UTM-1060] - ClamAV: new version and bugfixes
[UTM-1049] - ClamAV cron is started when ClamAV is stopped
[UTM-909] - ClamAV throws traceback due to AVENGINE DS empty settings
file
[UTM-894] - Syntax error in clamavsignatureupdate
[UTM-806] - When clamd is not running when c-icap is starting and needs
clamd, c-icap does not have a virus engine and let all pass.
[UTM-803] - ClamAV safebrowsing is still enabled also if disabled
[UTM-767] - ClamAV engine is outdated
Bootloader
----------
[CORE-587] - Align baud rate for all appliances
EMI
---
[CORE-1058] - Add command 'status.emi.commands' returning all the emi
commands
[CORE-1053] - Issues in the script upload and validation procedure
[CORE-1046] - After a validation error some checkbox values are inverted
[CORE-1044] - HolisticLock does not delete the lock files
[CORE-1043] - Kendo Grid multi and all item actions support
[CORE-1040] - Traceback from emi core while loading schema
[CORE-1038] - Make PersistenDict locking working with both threads and
processes
[CORE-1037] - Create a lock for both threads a processes
[CORE-1032] - Add a validator for host, port and protocol
[CORE-1020] - Add a validator for bindable IP address
[CORE-973] - Add is_installed function for check if a module is
installed
[CORE-947] - jeditable encoding & turns into & when editing
[CORE-946] - Add a validator for network objects
[CORE-932] - UnicodeDecodeError traceback when browsing Events if
language is other than English
[CORE-907] - Discording legend in VPN > Certificates
[CORE-877] - Kendo grid autorefresh does not works for pages > 1
[CORE-866] - Event notifications => Events page not displayed with
Russian language
[CORE-861] - Remove excessive mongostorage log
[CORE-857] - JavaScript support broken in Internet Explorer 9
[CORE-843] - Update notifications gui
[CORE-831] - Change pages margins
[CORE-830] - Multiselect widget width is not correct for resizable pages
[CORE-819] - Icons and legend we are using are in conflict
[CORE-818] - Kendo Grid filters cannot be removed
[CORE-815] - Better connected/disconnected icons for connections page
[CORE-814] - Grids don't scale according with the window size
[CORE-813] - Select fields in editable tables are too wide
[CORE-811] - Wrong and missed fields are not clearly highlighted
[CORE-805] - Kendo style upgrade
[CORE-801] - Add tab-based container widget to EMI
[CORE-800] - Add global multicolumn search bar to Kendo grids
[CORE-794] - "Disconnect" Action in VPN connections page has no effect
on client
[CORE-793] - An invalid jqGrid() method is called for Kendo grids
actions
[CORE-788] - HTTP 404 on AD Join and HTTPS proxy tabs
[CORE-783] - Add support for server side filtered nested grid
[CORE-773] - Error modifying entities with invalid index
[CORE-768] - Auto-refresh functionality for KendoUI grid
[CORE-766] - Handle custom actions in legend
[CORE-755] - Add MongoDB storage
[CORE-733] - Installing stealth uplink after removal of packages won't
register menu for EMI
[CORE-731] - Add ad a module endian.core.set_diff for comparing sets and
lists
[CORE-721] - Grid rows can't be disabled or deleted
[CORE-696] - Browser is stucking at apply setting
[CORE-684] - You can't edit web filter profiles due to an emi error
[CORE-651] - In System Status some sub categories disappear when
navigating to VPN connections
[CORE-643] - Wrong icon in VPN
[CORE-630] - Dashboard doesn't display status of Network and Service
[CORE-627] - Status menu changes depending on the selected item
[CORE-614] - EMI Package source is wrong
[CORE-457] - Create Kendo Web Grid widget for EMI
Proxy: HTTPS
------------
[UTM-1154] - Web proxy improvements
[UTM-1138] - Update HTTP Proxy User-Agent list
[UTM-1123] - Update CA bundle
[UTM-1105] - Insufficient HTTPS browser certificate lifespan
[UTM-1059] - Unable to use an upstream proxy for HTTPS traffic in
transparent mode
[UTM-1041] - Squid stops authenticating because uses IPv6 helper
[UTM-1038] - Upstream HTTP Proxy doesn't forward HTTPS traffic
[UTM-1020] - gmail.com cannot be accessed with https proxy enabled
[UTM-951] - Allow subdomains in HTTPS whitelist
[UTM-943] - Ability just to do transparent URL Filtering opposed to
Decrypt and Scan at the HTTPS Proxy
[UTM-746] - HTTPS input text field to allow to bypass from certain
destinations
[UTM-629] - HTTPS Proxy breaks Windows Updates as well as other services
Base system
-----------
[CORE-1066] - OpenSSL security fixes
[CORE-1054] - Implement a class ReadOnlyPersistentDict (read only
version of PersistentDict)
[CORE-1049] - Allow Zone Status Widget to be used for multiple
configuration options
[CORE-1048] - OpenSSL remote exploit CVE-2015-0291
[CORE-1039] - OpenSSL CVE-2014-3572 Security Bypass Vulnerability
[CORE-1002] - CVE-2015-0235 - glibc gethostbyname buffer overflow -
GHOST
[CORE-1001] - Vulnerabilities in rpm package manager: CVE-2014-8118,
CVE-2013-6435
[CORE-996] - httpd fails to start due to semaphore leak
[CORE-981] - Apache xml2enc module "error Charset ISO-8859-1 not
supported."
[CORE-975] - Introduce lshw
[CORE-945] - setrouting removes the IPSec table 5
[CORE-908] - SSLv3 POODLE and mitigation
[CORE-905] - Apache AH02550 failed to flush CGI output to client
[CORE-901] - Endian appliances are vulnerable to poodle bleed bug
(CVE-2014-3566)
[CORE-871] - After Shellshock Bash Patches
[CORE-868] - Shell shock: CVE-2014-7169
[CORE-867] - Shell shock: CVE-2014-6271
[CORE-856] - In country selection rename "Taiwan, Province of China"
into "Taiwan, Republic of China"
[CORE-761] - The /sbin/service script fails to call restart scripts
[CORE-689] - Missing gconv modules
[CORE-688] - Italian translations
[CORE-622] - During boot iptables rule is not applied
[CORE-592] - ClamAV restart action raises traceback
[CORE-587] - Align baud rate for all appliance
[CORE-551] - Implement a class PersistentDict (persistent dictionary
stored on with pickle)
[CORE-525] - serial ttyUSB devices for USB 3G Modem keys are not created
[CORE-498] - Backup/Restore should allow inclusion/exclusion of hardware
data as /etc/businfotab
[CORE-420] - Monit must always exec start/stop/restart in sync
Monitoring, Reporting
---------------------
[UTM-1048] - Translate also OpenVPN log to other languages
[UTM-1034] - Add the possibility to send the iptstate output to a remote
server
[UTM-1001] - Notifications are not sent
[UTM-919] - Endian log files are all empty!
[UTM-841] - No firewall logs displayed in archive or real-time viewer
[UTM-658] - System status graphs are lost after every reboot
[UTM-650] - Traffic Monitoring documentation
Package management
------------------
[CORE-879] - Migration scripts fails - 481 Error calling function:
'ConfigDict' object has no attribute 'append'
[CORE-640] - Call to JobsEngine's run_parts function fails
Quality of service
------------------
[CORE-624] - QoS is wrongly configured on PPPoE uplinks
[CORE-610] - Error on trying to modify existing QoS rule
[CORE-609] - Marked traffic is not properly redirected to specified QoS
class
[CORE-12] - Deleting all QoS rules does not disable QoS entirely
Translations
------------
[CORE-1062] - Update russian templates
[CORE-751] - 3.0 translation update
[CORE-675] - Update Russian translations
[CORE-669] - Update Japanese translations
[CORE-658] - Update Portuguese translations
Service: Intrusion Prevention
-----------------------------
[UTM-1149] - Analysis of Snort performances
[UTM-949] - Policy action image not displayed in grid legend in
/manage/ips/
[UTM-864] - Snort fails to start after upgrade to 3.0
[UTM-757] - IPS Performance
[UTM-735] - Snort establishes wrong pid filename
Certificate Management
----------------------
[UTM-969] - OpenVPN revoked server certificate still being assigned
[UTM-968] - OpenVPN stuck on default certificate
[UTM-696] - Openvpn certificate .pem not migrated after upgrade from 2.5
to 3.0
Network configuration
---------------------
[CORE-1050] - Command line netwizard does not include Bridged mode
option
[CORE-1047] - Command line netwizard does not apply changes
[CORE-1023] - Uplink is not correctly configured in Bridge mode
[CORE-993] - Creating a secondary uplink for HSDPA modem disables it by
default
[CORE-903] - Netwizard shows "Invalid argument" listing nics
[CORE-796] - Bridged mode misleading error "Gateway must be within
network"
[CORE-777] - When configuring bridged mode in the network wizard, step 4
asks for the RED zone which does not exist
[CORE-759] - Rename stealth to bridge and gateway no uplink in the info
and error messages
[CORE-757] - Switching from Bridged Stealth mode to Routed won't clear
physdev-is-bridged
[CORE-732] - Stealth uplink can't be enabled without a previously
configure uplink
[CORE-729] - Implement stealth uplink script
[CORE-726] - Implement stealth uplink type in uplinks editor
[CORE-725] - Implement netwizard dialogue for stealth uplink type
[CORE-724] - Implement 'STEALTH' uplink type
[CORE-718] - HSDPA uplink not working
[CORE-631] - Default gateway is lost after adding an uplink on the same
interface the main one is using
Service: Quality of Service
---------------------------
[UTM-856] - QoS bandwith priority is not working as expected
[UTM-855] - Qos add automatically TOS value even if is not choosen
[UTM-617] - QoS configuration on a PPPoE or PPTP uplink is applied to
wrong physical interface
[UTM-306] - "Some Error" is shown when adding QoS Rule with Type any
[UTM-300] - QoS device changes to VPN IPSEC after editing
Authentication layer
--------------------
[CORE-918] - HTTPS Cert Expired Date Extend
[CORE-825] - Error messages at boot about an "unexpected keyword"
[CORE-809] - Traceback on fetch_users()
[CORE-549] - Prepare the Endian Authentication Layer for 3.0
Configuration
-------------
[UTM-807] - Enable switch button does not work on IE
Proxy: HTTP
-----------
[UTM-1156] - Proxy allows access to services on localhost
[UTM-1154] - Web proxy improvements
[UTM-1138] - Updates HTTP Proxy User-Agent list
[UTM-1128] - Google Chrome should be in the useragents list
[UTM-1126] - GUI for TProxy settings
[UTM-1125] - Preserve source IP on non-transparent mode
[UTM-1124] - Preserve mark bits to make policy routing work
[UTM-1041] - Squid stops authenticating because uses IPv6 helper
[UTM-1033] - Transparent HTTP proxy does forward HTTPS connections to an
upstream proxy
[UTM-1032] - Proxy Graphs is shown if proxy module is not installed
[UTM-986] - Use hash lookup for urlfilter tables
[UTM-966] - Squid's "number of different IP's per user" option doesn't
work
[UTM-965] - Trying to download URLFilter lists raises ValueError
[UTM-962] - EFW 3.0 Webfiltering - Blanket Blacklist
[UTM-956] - Default virus only HTTP Proxy Access policy does not exist.
[UTM-930] - Dansguardian profile blacklist not migrated to Cyren
[UTM-923] - Squid try the DNS resolution with ipv6 firstly
[UTM-911] - Automatically download URL filter lists after upgrade
[UTM-910] - Add Outgoing Firewall which matches for Transparent HTTP
Proxy traffic
[UTM-895] - Squid complains of unknown adaptation service or group name
[UTM-893] - Web URL filter - "Activate Antivirus Scan" blocks the
navigation
[UTM-891] - Dansguardian custom blacklist and whitelist malformed after
migration to webfilter
[UTM-887] - Special characters on webfilter/access policy prevent squid
to start after upgrade
[UTM-884] - c-icap complains of not having enough threads per child
[UTM-876] - Wrong permissions on migrated content filter profiles file
[UTM-865] - After migrating Webfilter, Access Policy rule will trigger a
KeyError Exception
[UTM-860] - Proxy authentication keep asking credentials
[UTM-821] - Replace Uncategorized with Others in the URLfilter
categories
[UTM-814] - Content filter profiles removed after upgrade
[UTM-792] - Webfilter template is not properly shown when user is denied
access
[UTM-773] - Dansguardian uninstall leaves a pending logrotate
configuration file
[UTM-763] - LDAP-Authentication
[UTM-631] - Implement jobgroups to squid and icap jobs
[UTM-562] - Winbindd can't hadle more than 200 connections
[UTM-555] - Squid %postun trigger does not restart squid
[UTM-127] - DansGuardian Profile Name Migration
ICAP
----
[UTM-1111] - Improve release of semaphores for c-icap
[UTM-1076] - c-icap-client blocks on 0 bytes files
[UTM-962] - EFW 3.0 Webfiltering - Blanket Blacklist
[UTM-905] - srv_url_check_commtouch missing
[UTM-904] - Webfilter Update Frequency
[UTM-903] - no "virus found" warning when using Panda
[UTM-899] - Configurable setting for c-icap StartServers
[UTM-893] - Web URL filter - "Activate Antivirus Scan" blocks the
navigation
[UTM-840] - c-icap can't find IT error template
[UTM-837] - c-icap templates are not properly generated
[UTM-810] - Optimize memory usage by using 'file' instead of 'hash' for
urlfilter lookup tables
[UTM-806] - When clamd is not running when c-icap is starting and needs
clamd, c-icap does not have a virus engine and let all pass.
[UTM-780] - c-icap daemon fails to start after migration when parsing
configuration file
Antispam: SpamAssassin
----------------------
[UTM-845] - IMAP training returns invalid option when remove is ticked
Dashboard
---------
[CORE-996] - httpd fails to start due to semaphore leak
[CORE-870] - Update /usr/local/bin/check-kernel.sh to keep the flag
until reboot regardless of Kernel
[CORE-745] - Traffic Monitoring always present "The configuration has
been changed...."
[CORE-733] - Installing stealth uplink after removal of packages won't
register menu for EMI
[CORE-643] - Wrong icon in VPN
[CORE-630] - Dashboard doesn't display status of Network and Service
[CORE-614] - EMI Package source is wrong
Time
----
[CORE-977] - NTP vulnerabilities ICSA-14-353-01
[CORE-520] - ntpd does not sync time in some conditions
Proxy: SMTP
-----------
[UTM-1108] - Cleanup invalid entry in smtpscan settings file
[UTM-730] - Block file extensions list doesn't include archives
System status
-------------
[CORE-825] - Error messages at boot about an "unexpected keyword"
[CORE-747] - Wrap NIC information in network status
[CORE-587] - Align baud rate for all appliance
Backup
------
[CORE-987] - USB Backup fails if there are only numbers in the name
[CORE-812] - Incoherent time usage in backup filenames
[CORE-770] - Backup restoring from initial wizard fails
[CORE-707] - Backup not sent via mail
[CORE-690] - Changes not applied after restoring a backup
Kernel
------
[CORE-1067] - Upgrade for megaraid_sas driver is required
[CORE-870] - Update /usr/local/bin/check-kernel.sh to keep the flag
until reboot regardless of Kernel
[CORE-799] - installation fails on LSI 9260-4i
[CORE-657] - Kernel panic with python tainted
[CORE-629] - Update Intel network drivers
[CORE-556] - Fix SHA-256 kernel support
VPN
---
[UTM-1152] - Add a method for getting remote port from OpenVPN Status
[UTM-1147] - Missing INPUTFW rules for OpenVPN services
[UTM-1137] - Job method openvpnjob.client_connect in some situation does
not create correct configuration
[UTM-1131] - Invalid chars in client-[dis]connect-immediate.d scripts
[UTM-1121] - If the options delayed_triggers is enabled, OpenVPN (and
the switchboard) does not work as espected
[UTM-1120] - Routes to remote VPN networks are not created with
delayed_triggers
[UTM-1119] - openvpnutils traceback while getting status the with
delayed_triggers
[UTM-1118] - OpenVPN job traceback with delayed_triggers
[UTM-1113] - Disabling OpenVPN instance won't remove INPUTFW ACCEPT rule
[UTM-1110] - Unable to connect to OpenVPN instance with more than one
processor
[UTM-1109] - Revert changes introduced with UTM-1019
[UTM-1094] - Periodically synchronize the OpenVPN sessions file with the
actual daemons status
[UTM-1090] - Add a method for getting the parsed status information from
OpenVPN servers
[UTM-1080] - Create a script for dumping the OpenVPN user config
[UTM-1073] - OpenVPN server unmonitored when openvpn package is updated
[UTM-1070] - OpenVPN incomplete version number
[UTM-1063] - OpenVPN Denial of Service (CVE-2014-8104)
[UTM-1056] - OpenVPN init.d script errors on status for an instance
[UTM-1054] - "Override OpenVPN options" not working correctly, "direct
all client traffic through the VPN server" not working
[UTM-1053] - OpenVPN immediatly closing connection
[UTM-1050] - OpenVPN fails to start since 443 is already used by httpd
[UTM-1044] - OpenVPN fails to start having bogus key parameters in
server config file
[UTM-1026] - Add on option for setting the OpenVPN log verbosity
[UTM-1019] - Unable to establish multiple net-to-net connection with
IPSec
[UTM-1018] - Cannot create 2 OpenVPN instances with same port but
different protocol
[UTM-1003] - Multicore DNAT rule fails functionality when client tries
to connect
[UTM-989] - Disabling OpenVPN instance won't erase iptables rule
[UTM-987] - In the IPsec gui, '3DES' is translated as 'SHA1' in Italian
[UTM-970] - It is impossible to select existing certificates without the
private key for IPsec tunnels
[UTM-969] - OpenVPN revoked server certificate still being assigned
[UTM-968] - OpenVPN stuck on default certificate
[UTM-959] - 'Bind only to' option is ignored enabling multiple cores or
binding on 53/udp
[UTM-955] - Icon not found in VPN connections grid and legend
[UTM-952] - setdnat job is not run when OpenVPN is switched down
[UTM-948] - GW2GW Network Bridged not adding networking to routing
[UTM-947] - StrongSWAN security update due to CVE-2014-2338
[UTM-946] - Unable to create OpenVPN servers on the same TCP and UDP
ports
[UTM-944] - Missing icon in IPsec connections grid legend
[UTM-940] - Permit to use auto=route instead of auto=add for IPsec
Net2Net tunnels
[UTM-937] - IPsec IKE integrity migration not working for sha
[UTM-934] - Allow OpenVPN to bind to port 53/UDP
[UTM-913] - IPsec connections not showing anymore after "Action could
not be performed" warning
[UTM-906] - OpenVPN init script does not identify the interface name in
some cases
[UTM-885] - VPN Firewall won't filter the traffic
[UTM-877] - OpenVPN server fails to start because of default settings is
missing
[UTM-875] - IPsec migration to 3.0 is not seamless
[UTM-869] - Error selecting Openvpn certificate
[UTM-867] - OpenVPN server tap interface not taken into account when
having Gateway-to-Gateway configurations
[UTM-862] - After upgrade to 3.0 the SSL certificates are incorrectly
chosen
[UTM-859] - Optimize concurrent OpenVPN clients connection speed
[UTM-858] - OpenVPN migration missing options
[UTM-857] - OpenVPN gw2gw logs are empty
[UTM-852] - Concurrent connections are limited to 1024 by ARP cache size
[UTM-848] - OpenVPN fails to start when HA is enabled as Master
[UTM-847] - Traceback when first starting OpenVPN on a Virtual system
[UTM-846] - Wrong IPsec status is reported in the System Status page
[UTM-834] - Net-to-Net IPsec connection between two Endian 3.0
appliances doesn't establish routing
[UTM-833] - Refresh IPsec GUI page after starting for the first time the
service
[UTM-828] - Routing between clients on different cores
[UTM-819] - When an OpenVPN connection is disconnected from the gui, all
the connections for the same user are disconnected
[UTM-817] - Decrease OpenVPN connection time
[UTM-801] - IPsec ESP Group Type not migrated to 3.0
[UTM-799] - IPSec deprecated keyword in strongSwan or weakSwan
[UTM-797] - IPSec Target could not be a DNS name
[UTM-796] - Automatic OpenVPN certificate is shown only after a refresh
[UTM-770] - After upgrade IPsec restartscript fails while trying to
fetch CIDR for local subnet
[UTM-754] - Enabling OpenVPN server doesn't generate default
certificates on ARM
[UTM-741] - Disabling a Net-to-Net IPsec connection will leave it in a
Connected or Connecting state
[UTM-739] - Connections page for VPN users: backend
[UTM-708] - Windows 7 cannot connect to IPsec with IKEv2 machine
certificate authentication because of a missing Extended Key
Usage parameter
[UTM-697] - IPsec 3.0 migration missing
[UTM-696] - Openvpn certificate .pem not migrated after upgrade from 2.5
to 3.0
[UTM-695] - Certificate field in VPN Users not clear
[UTM-688] - Gateway to gateway connection is not initialized
[UTM-645] - IPsec GUI documentation rewrite
[UTM-641] - OpenVPN server documentation rewrite
[UTM-594] - OpenVPN client (GW2GW) GUI
[UTM-592] - OpenVPN client (GW2GW) backend
[UTM-583] - OpenVPN rewrite in EMI with multiple processes and support
for external authentication backends
[UTM-297] - OpenVPN client crash prevents reconnection
Firewall
--------
[CORE-1013] - Wrong iptables rules in inter-zone if source and
destination are physical interfaces
[CORE-994] - NEWNOTSYN drops lo traffic blocking Hotspot authentication
[CORE-978] - Squid should be able to run in fully transparent mode
[CORE-878] - Should be possible to disable SIP ALG ( nf_nat_sip ) from
GUI
[CORE-846] - Interzone - ORANGE to GREEN allowed even if OpenVPN server
is disabled
[CORE-838] - Reinstalling firewall package will move config files to
.orig suffix
[CORE-787] - DNAT - rule like e.g "80:443" not work anymore
[CORE-769] - New BADTCP_LOGDROP rule drops invalid traffic
[CORE-763] - Stealth's SNAT exclusions results break iptables rules for
source nat
[CORE-741] - Outgoing firewall needs a default drop policy rule
[CORE-739] - SNAT must exclude stealth uplink in "ANY Uplink" explosions
[CORE-727] - Implement that outgoing firewall handles stealth uplink
interface as an uplink and create rules for it
[CORE-712] - VPN firewall is bypassed for specific ports if a DNAT rule
exists for them
[CORE-656] - Introduce TPROXY functionalities to support Policy Routing
rules for proxied traffic
[CORE-622] - During boot iptables rule is not applied
Logging & Monitoring
--------------------
[CORE-972] - Syslog complains configuration file is too old thus runs in
compatibility mode
[CORE-955] - Monit reload ends up having all elements unmonitored
[CORE-938] - Introduce improvements in the logs rotation
[CORE-931] - Logrotate fails if destination directory is missing
[CORE-925] - Live Logs back in time
[CORE-881] - Apache is not reachable, httpd dead but pid file exists
[CORE-875] - Samba log is not rotated
[CORE-874] - Obsolete rrdfix script triggered by cron cyclic (every 5
minutes)
[CORE-842] - Replace current logsurfer configuration
[CORE-795] - Configure monit to monitor OpenVPN Client and restart in
case the process dies
[CORE-745] - Traffic Monitoring always present "The configuration has
been changed...."
[CORE-742] - Patch for procps on ARM to get rid of "Unknown HZ value!"
[CORE-715] - Timestamp
[CORE-709] - Logs are not rotated
[CORE-701] - Logrotate fails after upgrading to 3.0
[CORE-700] - Logrotate fails if IPsec was never enabled
[CORE-667] - Hide configuration of trusted timestamping
[CORE-652] - System Status is not reflecting the true state of the
services it reports
[CORE-602] - PID files removed when daemons are restarted
[CORE-491] - efw-update log is not rotated
Jobsengine
----------
[CORE-1061] - JobsEngine status duplicated
[CORE-1030] - restart job stuck / hanging - contiuously being delayed
execution
[CORE-1027] - jobsengine restart deadlock state with defunct child and
no socket file
[CORE-1005] - Continue on parsing error in /var/run/jobsengine.status
[CORE-920] - File descriptors are left open on jobs execution
[CORE-916] - Jobsengine lock is removed
[CORE-782] - Create the settings file path (if not exists) before
executing require_enabled_service
[CORE-771] - Improve jobsengine module reload
[CORE-710] - Allow jobs to access to its current status
[CORE-640] - Call to JobsEngine's run_parts function fails
Artwork
-------
[COMMUNITY-30] - Images for SMTP mail statistics graphs are not found
Community packages
------------------
[COMMUNITY-98] - Unable to deactive uplinks on Dashboard screen
[COMMUNITY-96] - EFW 3.0 Webfiltering - Blanket Blacklist
[COMMUNITY-87] - Dependency loop between endian-release-community and
efw-community
Event Notifications
-------------------
[CORE-1051] - Event notifications improvements
[CORE-1045] - Sort in events notification kendo grid is broken
[CORE-1042] - checkboxes in Events grid are not clickable
[CORE-1041] - Filters are not working for Events grids
[CORE-1035] - Notifications logrotate configuration template is not
applied
[CORE-1028] - Notifications mail tagged as 'Bad Header' warnings by
amavis
[CORE-986] - After migration Notifications daemon keeps spawning
[CORE-985] - Provide SysV init script for Notifications daemon
[CORE-984] - Have Notifications daemon monitored
[CORE-983] - Restart notifications after migration and load its plugins
[CORE-974] - Missing configuration migration script for Event
Notification
[CORE-948] - Mail subject does not contain ID anymore
[CORE-932] - UnicodeDecodeError traceback when browsing Events if
language is other than English
[CORE-927] - Event notifications->Events page causes traceback
[CORE-898] - Grid colapses if an error is to be shown up
[CORE-895] - Change label to "Use SMTP Proxy service" for Event
Notifications
[CORE-894] - After using SMTP Proxy settings mails still sent from there
even if switching back to default
[CORE-890] - Uploading the same custom script twice for Event
Notifications will raise EMI traceback
[CORE-889] - Assigning a script will prompt BASH syntax error script for
Events
[CORE-886] - In events notification grid checkboxes aren't editable to
change the event status
[CORE-885] - Remain on the same page after editing an element
[CORE-883] - Settings for Event Notifications aren't updated if set to
use SMTP Proxy ones
[CORE-882] - Update settings against SMTP Proxy each time the service is
reloaded
[CORE-880] - No e-mail notifications sent when triggered using Gmail as
Smarthost
[CORE-866] - Event notifications => Events page not displayed with
Russian language
[CORE-845] - Re-engineer current mailfile executable
[CORE-841] - Create a mail plugin for custom notification daemon
[CORE-840] - Custom notification daemon plugin-based
[CORE-839] - Remove logsurfer and create a new notification daemon
[CORE-833] - Permit Smarthost mail delivery for Events Notifications
[CORE-746] - Custom Event to notify
[CORE-603] - In event notification the icons legend is missing
Installer
---------
[CORE-1067] - Upgrade for megaraid_sas driver is required
[CORE-1065] - Adjust disk space calculation for small products (mini-25)
[CORE-799] - installation fails on LSI 9260-4i
Community Updates
-----------------
[COMMUNITY-85] - Unable to ADD second Uplink
[COMMUNITY-77] - setting red interface as a gateway i have the ping to
IP addresses
[COMMUNITY-75] - The Device name of Quality of service is changed after
modifying
[COMMUNITY-72] - Content filter does not appear to work
[COMMUNITY-71] - No access to webserver or ssh from green to orange
network (DMZ)
[COMMUNITY-70] - Can not enable or disable IPSEC connection by GUI
ceckbox
[COMMUNITY-66] - Upgraded to 3.0 from 2.5.2
[COMMUNITY-59] - Upgrading to development bleeding edge
[COMMUNITY-56] - Ipsec net-to-net errpr after save
[COMMUNITY-54] - unable to connect to remote ipsec/psk network
[COMMUNITY-39] - Squid package upgrade fails on upgrade to 3.0
Service: DHCP
-------------
[UTM-993] - Push DEFAULT_GATEWAY when in Stealth for DHCP
[UTM-916] - Clients are not registered in local DNS
[UTM-863] - DHCP daemon is not started after upgrade to 3.0 when Hotspot
is enabled
Source: README, updated 2015-04-08
- wong chee tat :)