SKUDONET's TIMELINE
Discover SKUDONET's journey of innovation
Get to know the history and progress of SKUDONET in the load balancing industry since its foundation.
SKUDONET EE 10.0.5 (Enterprise Edition)
18/11/2024
New Features:
[gui] Updated to Angular v18, SKUDONET web GUI uses this framework version, it improves the performance and gives us better graphic features that help improve the UX and the security.
[gui] Added Dark mode config in Theme settings. We improve the user experience with the SKUDONET dark mode reducing the light emitted by device screens while maintaining the minimum colour contrast ratios required for readability.
[ipds] Added upload WAF file action. Now uploading files with WAF rules is allowed, it saves time to configure the SKUDONET Web Application firewall module.
Improvement:
[farms] Added logs in disruptive WAF actions. SKUDONET Load Balancing module shows now the Forbidden actions done by the WAF in the access logs view.
[ipds] Improved Whitelist policies logs. We have reduced the Kernel logs when a whitelist event is triggered, avoiding flooding the log file.
[system] Allows multiple scopes in SNMP configuration. More than one source IP is allowed to ask for the SNMP OIDs.
[ssl] added a check email for deleting Let’s Encrypt certificate actions. The let’s encrypt deletion process has been improved, the deletion action is not allowed in case the email is not configured. The deletion actions imply the revocation request against Let’s Encrypt.
Bugfix:
[system] Fixed not allowing enable notifications without a user email and password configured. Notifications only can be allowed if Email notification is configured, this improves the Notifications user experience.
[system] Fixed backend flapping notifications. Issue found in flapping, if an event is detected during the flapping window the system will avoid sending a notification alert.
[networking] Fixed edit Route table main. Now the main table can be edited and adapted to the routing needs.
[bugfix] fixed empty GPG file when setting APT without APT Repository access. Now SKUDONET APT GPG key is configured when an activation certificate is configured without internet connectivity.
SKUDONET EE 10.0.4 CVEs fixed
11/11/2024
SKUDONET vulnerabilities fixed:
CVE-2024-5535, CVE-2023-49083, CVE-2024-26130, CVE-2024-6232, CVE-2024-8096, CVE-2024-39929, CVE-2024-9143
SKUDONET 7.2.0 (Community Edition)
22/10/2024
New Features:
[ipds] Add IPDS WAF Module. Now SKUDONET Community Edition v7.2.0 is a Open Source WAF. Modsecurity v3 implementation.
[ipds] Added geolocation support for Open Source WAF module. Modsecurity Rules can be used with Geolocation support.
[ipds] Added Lua 5.2 support for Open Source WAF module. Modsecurity Rules can be used with Lua 5.2 extension.
[ipds] Added Highlighting language for SecLang and Lua. Any Modsecurity rule or any Lua script is highlighted to help in the development. SKUDONET v 7.2.0 includes the first version of a WAF with Seclang semantic analyzer and Lua Semantic analyzer as well.
Improvements:
[ssl] Avoid to delete Default System Certificate
[farms] Disabled SSLv2 and TLSv1 by default in HTTPS Farms
[api] Improved Backup action messages
[networking] Added a check for running DHCP daemons at starting DHCP. This feature allows Community Edition to run in cloud Environments like Azure or Amazon Web Service.
[system] Save farmguardian binary files in the backup
Bug Fixes:
[networking] Fixed unset of Bonding and NICs when DHCP is enabled
[system] Fixed update packages action requiring other repositories dependencies. Now SKUDONET update command doesn’t require different repositories than SKUDONET APT repos.
SKUDONET EE 10.0.4 (Enterprise Edition)
11/10/2024
New Features:
[rbac] The system administrator can now Enable/Disable SSH access for RBAC Local users
Improvement:
[ipds] Rsyslog old Date/Time Format in Notifications, IPDS Stats and System logs are supported. IPDS log parser now supports more date formats
[system] Now SKUDONET notification module is not enabled if there isn’t any notification method
Bugfix:
[network] The Bonding interfaces are unset properly if the action is requested
[system] The Backend notifications have been fixed and alerts are sent through email properly when a backend status changes UP/DOWN/MAINTENANCE
SKUDONET EE 10.0.3 CVEs fixed
01/09/2024
SKUDONET vulnerabilities fixed:
CVE-2024-4741, CVE-2024-2511, CVE-2024-4032, CVE-2024-0397, CVE-2024-8088
SKUDONET EE 10.0.3 (Enterprise Edition)
09/08/2024
New Features:
[farm] added a LogLevel for Profiling in HTTP/S farms. A new toggle is introduced in HTTP(S) profiles, if the toggle “profiling” is enabled then the logs will be extended saving timing information in milliseconds about all the actions taken by the proxy in /var/log/syslog.
[gui] added a user-friendly Log Viewer for the IPDS Filter Log. Improved the Logs view for the IPDS WAF module, now the system administrators can see further information about the attacker, the rule triggered and the reason for the action done by the WAF.
[gui] Added a user-friendly Log Viewer for HTTP/S Farm Access Filter Log. Improved the log view in SYSTEM > Logs for the farms’ traffic, the information about the HTTP(S) REQUEST/RESPONSE is more “readable” and understandable.
Improvement:
[farms] Disable SSLv2 and TLSv1 by default in HTTP/S Farms. Disabled in the web GUI deprecated SSL/TLS protocols.
[ssl] System Certificate can not be deleted. The default SSL certificate deployed by the SKUDONET Certificate Authority can’t be deleted.
[gui] added language highlighter to Rulesets, data and Lua files. A new textarea editor component has been added for WAF rules and Lua Language, this editor checks syntax and highlights the code for the easiest development of the code.
[gui] Show Rules modification in vscode diff style. Any preloaded rule modified and personalized by the system administrator is shown in diff mode, it lets the system administrator follow and check the changes and adaptations done to the rules.
Bugfix:
[ipds] fixed WAF Rule modifications when Rule compilation fails. Now WAF seclang rules can’t be saved if the SKUDONET seclang compiler detects a syntax error in the rule.
[ipds]Fixed WAF Rules assisted activation installing IPDS package. We improved the WAF rule assistant with more consistent behaviour.
read more about this release here
SKUDONET EE 10.0.2 (Enterprise Edition)
17/07/2024
New Features:
[system] Extended support for SKUDONET migration from Version 6.3 to Version 10. Some configuration files do reference to old proxy zproxy, we have extended the migration process to change any reference to this deprecated binary and also changed any reference to the old brand ZEVENET to the new brand SKUDONET.
SKUDONET EE 10.0.1 (Enterprise Edition)
10/07/2024
New Features:
[farm] added enable/disable forward SNI in HTTPS farm. The HTTP profile can add/delete SNI headers before sending the request to the backends.
[farm] added enable/disable extra proxy headers in HTTP/S farms. With this new directive further X-Forwarded-for Headers are included in Service Level. With this directive additional Request headers are included, X-forwarded-Host: The requested Host Header is included in the HTTP request. X-Forwarded-for-Proto: The protocol used in the request is added in this directive. X-Forwarded-Port: This Header indicates the port used to connect to the HTTP profile, it will match with the Farm Port. Those directives are useful for the backend servers and let the backend understand that a reverse proxy is in the middle of the communication. SKUDONET reserve proxy load balancer includes an X-forwarded-for header by default
[farm] added enable/disable WAF engine in HTTP/S farm services. A new directive has been included inside the service for HTTP farms. It enables or disables the possibility of using WAF, if this option is disabled and there are WAF rules loaded in the farm then WAF is bypassed. Enabled by default.
[system] Supported migration process from SKUDONET 6.3 to SKUDONET 10: We have included a native process where any imported backup from SKUDONET 6.3 is applied successfully. This process changes configuration files automatically and make the backup totally compatible with this new software version.
Improvement:
[gui] used clarity icons to ensure accessibility. Icons have been changed to let colourblind people understand better the status. We deprecate the usage of colour balls for the statuses.
[cluster] added pre/post maintenance hooks to cluster. The cluster includes two additional hooks when the node enters maintenance mode. This option is quite useful if we want to extend the task when the cluster node reaches this role.
Bugfix:
[farm] fixed show restart action managing headers in services. A restart action is shown as required at the moment some HTTP Header action is configured.
[ipds] fixed APT configuration in Activation Certificate action. This version improves the subscription configuration when a new activation certificate is uploaded on the web GUI.
[system] fixed reset sysctl values for optimization. Kernel parameters were deleted after any hotfix.
[system] fixed the following vulnerability issues:
CVE-2024-37371, CVE-2024-37370, CVE-2023-50387 and CVE-2023-50868
SKUDONET CVEs fixed
03/07/2024
SKUDONET vulnerabilities fixed:
CVE-2023-24329, CVE-2023-41105, CVE-2024-0450, CVE-2023-40217, CVE-2024-28835, CVE-2023-6237, CVE-2024-2004, CVE-2024-2398, CVE-2024-3651, CVE-2023-5678, CVE-2024-6387
SKUDONET EE 10.0.0 (Enterprise Edition)
28/06/2024
SKUDONET 10 is the new Operating System version, based on Debian 12.5 LTS that replaces SKUDONET 6, more than 5 years of great work in SKUDONET 6 gave us the experience to do better. This new release includes the following:
New features:
[system] new Operating System based on Debian 12.5 LTS (Long Term Support).
[system] all the functionalities developed until now in previous versions of Community and Enterprise.
[system] virtual Load Balancer SVA10000 created supporting the majority of the hypervisors in the market like Vmware, HyperV, Xen, KVM, Proxmox, Nutanix, Red Hat and Oracle virtualization Environments, OpenSstack.
[system] virtual disks support in different formats VDI, QCOW2, VHDX, VMDK.
[system] enhanced Networking devices to support 100 GB NIC cards, required to support PICOPC hardware.
[system] new repository v10 created for subscription plans.
[system] increased Virtual Disk for SVA1000 to 32Gb with LVM support, customers can modify the partitions as required, increasing Log partition disk in case Audit logs are enabled.
[system] updated Virtual tools package for the majority of the hypervisors in the market.
[system] now more than 5 years of extended support for the operating system.
[system] cleaned and deleted non-used code to make the internals easiest to maintain and ready for new Application Delivery Controller functionalities that we are cooking.
[system] new ISO Distro file SKUDONET Baremetal Appliance v10 (SBA10000)
[system] native UEFI support for SKUDONET Baremetal Appliance v10 (SBA10000)
[system] tunned kernel with latest patches 6.1.90-10skudonet
read more about this release here
SKUDONET 7.1.0 (Community Edition)
19/06/2024
New features:
[networking] added DHCP to NIC and VLAN. As a native cloud Load Balancer, IPs can be configured by DHCP
[farms] added support for FQDN as backend IP in HTTP farms. As a native cloud Load Balancer, the backend configuration can be pointed to a DNS instead of an IP
[farms] added a new directive TLSv1.3 for HTTPS farms
Improvements:
[farms] added more 100-Continue modes: Pass, Ignore, Silent Pass, and Not Allow
[system] added QEMU hypervisor in the dashboard
[farmguardian] added a UDP check using nc
[ssl] added CSR Key Get call
[system] move the migrating script to old version
[system] sort logs files and reverse content
[ssl] add retries when restarting farms in Let’s Encrypt renewal action
[gui] disable TLS versions logic has been improved
[farms] HTTP proxy uses SSLv3 libraries
[gui] the new brand SKUDONET is applied in the web GUI
Bugfixes:
[system] fixed nftables package dependency
[farms] fixed Farm graphs when farm name starts with “dev”
read more about this release here
SKUDONET EE 6.3.11 (Enterprise Edition)
06/06/2024
Improvement:
[gui] added DCHP status listing NIC, VLAN, and Bonding Interfaces. Now web GUI users can see which interface is configured in DHCP mode without accessing the configuration parameters
[system] configure APT after a Certificate Activation. APT configuration is done even if the SKUDONET Appliance is not able to connect to the internet
Bugfixes:
[ipds] fixed creating Blacklists when the configuration directory does not exist
[farm] fixed stop farms when updating. When SKUDONET Appliance is updated, the system doesn’t stop the farms unexpectedly
[system] disabled reset sysctl in Kernel optimization. Now kernel parameters are not reset on the updated process
SKUDONET EE 6.3.10 (Enterprise Edition)
17/05/2024
New Features:
[farm] added remove/add Headers in services. Additionally to the possibility of adding or removing HTTP request/response headers in the Global section, now the action also can be done in the service section, in that way each service can manage its headers without affecting to the other services
[cluster] added pre/post hooks to cluster role MASTER and BACKUP. We have created 4 different hooks for 4 different cluster events, hook pre-master, cluster event executed just before the node takes the master role, hook post-master, and cluster event executed just after the node takes the master role. cluster pre-backup and post-backup, in the same way, hooks executed just before and after the node takes the backup role. The users can connect here its scripts to extend the tasks executed in each action
Improvement:
[routing] edit only active table routes. Disabled the possibility of editing a routing table without any IP configured on it.
[ipds] IPDS schedule configuration is synched with the backup node. Once the download of the IPDS package is configured using the scheduler, the backup node receives the configuration as well automatically
Bugfixes:
[cluster] fixed initialization cluster creation. Solves some minor issues detected in the cluster creation process
[ipds] fixed stats with farm names including “-” character. Fixed the parser for the stats, it was broken if a hyphen is detected in the farm name
[system] fixed the following vulnerability issues:
CVE-2023-39804, CVE-2023-41913, CVE-2024-3651
SKUDONET EE 6.3.9 (Enterprise Edition)
16/04/2024
New Features:
[ipds] Added restore actions for Preloaded WAF Rulesets and Rules: Now OWASP rules can be edited and adapted by the customer, with this new version SKUDONET shows which rule has been modified by the user, view the differences with the original OWASP rule and revert changes if required
[system] System Logs can be filtered by Farms and IPDS: Now the SYSTEM > Logs view has been improved allowing filtering of the output information, in this new SKUDONET version the logs are shown like a tail
Improvement:
[ipds] updated the WAF Rule IDs: We have modified the SKUDONET ID waf description to be more understandable
[ssl] CSR Keys for SSL certificates can be downloaded: We have improved the LSLB > SSL view allowing the option of managing the CSR Certificate keys, download and use for the PEM SSL certificate generation
[gui] added a refresh option to IPDS daily Reports, now this view can be used like an informational panel
[gui] added corporate Font to the web GUI
Bugfixes:
[system] fixed message activating certificates: As soon as the system is activated the alert messages disappear.
[system] Fixed the following vulnerability issues:
CVE-2021-37600 and CVE-2024-28085
SKUDONET EE 6.3.8 (Enterprise Edition)
14/03/2024
New features:
[gui] added IPDS information in Dashboard: Users can see information in real-time about attacks blocked by rules inside the IPDS module
Improvement:
[farms] logging the Backend MAC on DSR Nat type L4xNAT farms. The logs for this kind of farm have been extended, adding the destination MAC of the server to which the client is connected
Bugfixes:
[ipds] fixed encode/decode URLs with special characters. Some URLs were not properly shown in the IPDS Reporting section inside the MONITORING > Reports view
SKUDONET EE 6.3.7 (Enterprise Edition)
01/03/2024
Improvement:
[farmguardian] added a new UDP check based on NC: Now further UDP services can be monitored natively like OpenVPN, SIP
[system] some improvements in code are done. The binary code loads faster and with less CPU usage, we have avoided many calls to the system
Bugfixes:
[routing] fixed apply custom routes on the main table starting the service. Custom routes now are applied properly
[farms] fixed Let’s Encrypt autorenewal restart process of a farm. Lestencryptz was stopping farms and not starting them again after a Letsencrypt Certificate renewal
[system] fixed the following vulnerability issues:
CVE-2024-0553
SKUDONET EE 6.3.6 (Enterprise Edition)
23/02/2024
New Features:
[ipds] added IPDS reports. A new reporting view is included where users can access real-time data or previous data of the intrusion prevention and detection module
SKUDONET EE 6.3.5 (Enterprise Edition)
08/02/2024
New Features:
[ipds] added IPDS stats
[farm] added FQDN Backend Address support for HTTP farms
Improvement:
[gui] added login logo to Theme settings
[gui] changed default colors with the new SKUDONET brand
Bugfixes:
[gui] fixed resize images in Theme settings Menu
[system] fixed the following vulnerability issues:
CVE-2023-7090, CVE-2023-28486 and CVE-2023-28487
SKUDONET EE 6.3.4 (Enterprise Edition)
05/01/2024
New Features:
[gui] added Theme customization
Improvement:
[ipds] improvement phase resolution on WAF OWASP Rulesets
SKUDONET 6.3.3 (Enterprise Edition)
22/12/2023
Improvements:
[ipds] added accuracy to IPDS Stats Graphs
Bugfixes:
[ipds] fixed RBL daemon logging
[gui] fixed showing Graphs issue
SKUDONET 6.3.2 (Enterprise Edition)
05/12/2023
New Features:
[farms] added new 100-Continue modes: Silent Pass, Not allow in HTTP Farms
[farms] added Disable TLS v1.3 option in HTTP Farms
[ipds] added IPDS Statistics Graphs
Improvements:
[ipds] improvement IPDS Stats Collector process
[ipds] added Audit option in WAF Rules
Bugfixes:
[ipds] fixed restore modified preloaded WAF Rules
[farms] fixed manage Expectation: 100-Continue Header
[system] fixed the following vulnerability issues:
CVE-2023-45803, CVE-2023-43803, CVE-2023-45145, CVE-2023-36054, CVE-2023-34969, CVE-2018-25091, CVE-2023-44487, CVE-2020-11080, CVE-2023-38546, CVE-2023-28321, CVE-2023-43804, CVE-2019-11236, CVE-2020-26137, CVE-2019-11324, CVE-2023-4693 and CVE-2023-4692
SKUDONET 6.3.1 (Enterprise Edition)
05/10/2023
Improvements:
[ipds] add a check source in Blacklists
[ssl] add retries in Let’s Encrypt restart farms actions
Bugfixes:
[ssl] fixed creating sequential directories in Let’s Encrypt renew action
[system] fixed the following vulnerability issues:
CVE-2023-43787,CVE-2023-43786,CVE-2023-43785,CVE-2023-32665,CVE-2023-32611,CVE-2023-29499,CVE-2023-40217,CVE-2021-23336,CVE-2023-24329,CVE-2022-48560,CVE-022-0391,CVE-2022-48566,CVE-2022-48565,CVE-2020-22218,CVE-2019-17498,CVE-2019-3115,CVE-2023-38408,CVE-2023-3817,CVE-2023-3446 and CVE-2023-2828
SKUDONET 7.0.1 (Community Edition)
25/09/2023
Improvements:
[iso] Debian Bookworm Official Repositories are added in the Installation
[ssl] Letsencrypt: avoid creating Let’s Encrypt sequential directories on renew action
SKUDONET 7.0.0 (Community Edition)
04/09/2023
New features:
[system] new Operating system based on Debian 12 Bookworm
[system] new Kernel 6.1 with support for new Network interface models
[system] UEFI support for the Operating System Installation
Improvements:
[gui] new brand from ZEVENET to SKUDONET
[farms] changed HTTP(S) binary from zproxy to pound, stable and robust
SKUDONET 6.3.0 (Enterprise Edition)
13/07/2023
New Features:
[system] rebranded to SKUDONET
Improvements:
[farms] avoid mixing different IP versions in L4xNAT Backends
Bugfixes:
[cluster] fixed contract flush action when enabling a node in maintenance
[farms] fixed deleting wrong backend sessions
[farms] fixed changing VIP IP version in L4xNAt farms
SKUDONET 6.2.25 (Enterprise Edition)
14/06/2023
Improvements:
[cluster] Improved ssyncd daemon logging
[farm] Allow set Alive parameter lower than ConnTO parameter when new generation proxy is disabled
[system] Improved logging when installing new SKUDONET packages
[system] Added ipv6 routing info in Supportsave
Bugfixes:
[cluster] Fixed sessions synchronization in HTTP farm with several services using persistence
[ssl] Fixed creating an existent Let’s Encrypt certificate
[routing] Fixed configure default IPv6 gateway
[farms] Fixed creating farms using IPv6 in VIP
[system] Fixed the following vulnerability issues:
CVE-2022-47015, CVE-2021-38185, CVE-2019-14866, CVE-2023-0466, CVE-2023-0465, CVE-2023-2650, CVE-2023-0464, CVE-2022-4141, CVE-2023-0054, CVE-2023-2610 and CVE-2023-1175
SKUDONET 5.13.4 (Community Edition)
09/06/2023
Improvements:
[lslb] Avoid duplicating backends with the same IP and port
[proxy] Improved Err directives in the configuration file
[proxy] Code optimization
[proxy] Disallow broadcast IPs for backends
Bugfixes:
[lslb] Fixed start HTTP Farm when the process is running but PID file does not exist
[lslb] Fixed error in the farm config file when adding persistence
[proxy] Fix memory leaks on service unification
[proxy] Fix PARM type persistence
[proxy] Fix possible segmentation fault in Sessions CTL calls
SKUDONET 6.2.24 (Enterprise Edition)
30/05/2023
Improvements:
[ipds] Improved the WAF Assistant management
Bugfixes:
[webgui] fixed Let’s Encrypt validate domains
[ipds] fixed Ruleset WAF status management
[cluster] fixed conntrack state initial synchronization
[system] fixed the following vulnerability issues:
CVE-2015-20107, CVE-2021-3177, CVE-2019-20907, CVE-2021-3737, CVE-2019-1010238, CVE-2020-8492, CVE-2022-45061 and CVE-2021-3733
SKUDONET 6.2.23 (Enterprise Edition)
15/05/2023
Improvements:
[guardian] added Priority feature to farmguardian checks
Bugfixes:
[proxy] fixed recovery process handling
SKUDONET 6.2.22 (Enterprise Edition)
09/05/2023
Improvements:
[system] added file descriptors in Supportsave
Bugfixes:
[cluster] fixed AWS cluster management account
[farm] fixed match proxy process running and PID file in system
[proxy] fixed X-Forwarded-For header management
[system] fixed the following vulnerability issues:
CVE-2023-26604, CVE-2023-28856, CVE-2023-29469 and CVE-2023-28484
SKUDONET 5.13.3 (Community Edition)
21/04/2023
Improvements:
[system] certificates are not included in Supportsave by default
[proxy] fixed some memory leaks
[proxy] added session synchronization CTL API call
[proxy] minor optimizations
[proxy] sessions table optimization
Bugfixes:
[api] fixed LSLB farm sessions output.
[proxy] fixed backend pending connections stats
[proxy] fixed SSL/TLS options
[proxy] minor fixes
SKUDONET 5.13.2 (Community Edition)
31/03/2023
Improvements:
[ssl] LetsencryptZ: restore the farm when a certificate renewal is finished by a timeout
[system] added file descriptors info in supportsave
Bugfixes:
[proxy] fixed chunked transfer encoding
[proxy] fixed websocket protocol
[api] fixed create copy from farm action
[api] fixed farm status calculation in backend actions
[api] fixed modify persistence TTL in HTTP farms
SKUDONET 6.2.21 (Enterprise Edition)
22/03/2023
Bugfixes:
[ssl] LetsencryptZ: restore the farm when a certificate renewal is finished by a timeout
[cluster] fixed error in sync action when deleting files is performed at the same time
[system] fixed the following vulnerability issue:
CVE-2023-25136, CVE-2012-1151, CVE-2020-8991, CVE-2010-1161, CVE-2019-17595, CVE-2019-17595, CVE-2014-0479, CVE-2022-45873, CVE-2022-36021, CVE-2019-20454, CVE-2022-1587 and CVE-2022-1586
SKUDONET 5.13.1 (Community Edition)
10/03/2023
Improvements:
[networking] improvement starting interfaces
[webgui] improvement applying farmguardian
[lslb] http: scheduling algorithm improvements
[lslb] http: improve pending connection count for backends
Bugfixes:
[system] fixed SupportSave command
[lslb] http: fixed redirect behavior
SKUDONET 5.13 (Community Edition)
24/02/2023
New features:
[lslb] http: new SKUDONET HTTP/S core zproxy. Improvement on event handlers
[lslb] l4: updated SKUDONET L4 core nftlb
Improvements:
[ssl] added timeout control in Let’s Encrypt integration
[networking] interfaces management improvements for better performance
[system] code optimization for performance improving
Bugfixes:
[lslb] l4: fixed unload NAT protocols module
SKUDONET 6.2.20 (Enterprise Edition)
24/02/2023
Improvements:
[ssl] improve timeout control in Let’s Encrypt integration
[ssl] added checks for Let’s Encrypt certificate actions
[webgui] added logging for Let’s Encrypt wildcard certificates
SKUDONET 6.2.19 (Enterprise Edition)
08/02/2023
Improvements:
[guardian] improvement getting the farm status
Bugfixes:
[proxy] fixed delete sessions in maintenance “cut” mode in HTTP/S farms
SKUDONET 6.2.18 (Enterprise Edition)
31/01/2023
Bugfixes:
[proxy] fixed macro VHOST in redirect
[farms] fixed HTTP farms mark management
[system] fixed HTTP backends stats
SKUDONET 6.2.17 (Enterprise Edition)
25/01/2023
New features:
[system] add a binary to enable/disable new generation proxy
Bugfixes:
[proxy] fixed decode URL on redirect
[routing] fixed disable floating action
SKUDONET 6.2.16 (Enterprise Edition)
13/01/2023
Improvements:
[rbac] allow user names starting with a number
Bugfixes:
[proxy] fixed HTTP farm stats management
[proxy] fixed location URL encoding in redirect responses
SKUDONET 6.2.15 (Enterprise Edition)
10/01/2023
Improvements:
[system] added SKUDONET service restart flag in package installation
Bugfixes:
[cluster] fixed azure cluster management account
SKUDONET 6.2.14 (Enterprise Edition)
05/01/2023
Improvements:
[networking] improve backend source address calculation
Bugfixes:
[api] fixed start farm action
[system] fixed the following vulnerability issue:
CVE-2022-47629
SKUDONET 6.2.13 (Enterprise Edition)
21/12/2022
Improvements:
[cluster] improve cluster management and logging
Bugfixes:
[api] fixed virtual interfaces list status “down” string
[farm] fixed HTTP redirection to an HTTPS protocol URL
[farm] fixed HTTP logging issue
[system] fixed the following vulnerability issue:
CVE-2022-42898
SKUDONET 6.2.12 (Enterprise Edition)
28/11/2022
Improvements:
[ssl] added a timeout for Let’s Encrypt automatic renew action
[ipds] do not run IPDS collector process by default
[networking] improve network actions process time
Bugfixes:
[farm] fixed HTTP response headers management
[ipds] fixed Blacklists migration script
[system] fixed the following vulnerabilities issues:
CVE-2022-43680, CVE-2022-29458, CVE-2022-40303, CVE-2022-40304, CVE-2022-23218, CVE-2022-44638, CVE-2022-0729, CVE-2021-3927, CVE-2021-3928, CVE-2021-3974, CVE-2021-3984, CVE-2021-4019, CVE-2021-4069, CVE-2021-4192, CVE-2022-0261, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361, CVE-2022-0368, CVE-2022-0408, CVE-2022-0413, CVE-2022-0417, CVE-2022-0443, CVE-2022-0554, CVE-2022-0685, CVE-2022-0943, CVE-2022-1154, CVE-2022-1616, CVE-2022-1720, CVE-2022-1898, CVE-2022-1968, CVE-2022-2304, CVE-2022-2946, CVE-2022-3099, CVE-2022-3134, CVE-2022-3234, CVE-2022-3324, CVE-2022-3705, CVE-2022-0213, CVE-2021-4193, CVE-2022-0319, CVE-2022-0714, CVE-2022-0572, CVE-2022-1851, CVE-2022-2285, CVE-2022-2598, CVE-2022-0392, CVE-2022-1619, CVE-2022-1621, CVE-2022-1785, CVE-2022-1942, CVE-2022-1897, CVE-2022-2000, CVE-2022-0629, CVE-2022-3256, CVE-2022-2129, CVE-2022-2129, CVE-2022-3235, CVE-2022-0318, CVE-2022-0696 and CVE-2022-3352
SKUDONET 6.2.11 (Enterprise Edition)
28/10/2022
New features:
[webgui] add a column to differentiate user-defined Blacklists from preloaded
Improvements:
[ssl] implemented SNI when creating CSR certificates
Bugfixes:
[farms] fixed unloading kernel NAT protocol modules
[farms] fixed L4xNAT maintenance management
[system] fixed the following vulnerabilities issues:
CVE-2021-33574, CVE-2020-27618, CVE-2022-23219, CVE-2021-35942, CVE-2020-6096, CVE-2021-3999, CVE-2021-3326, CVE-2016-10228, CVE-2021-27645, CVE-2019-19126, CVE-2019-25013, CVE-2020-10029, CVE-2020-1752 and CVE-2022-3515
SKUDONET 6.2.10 (Enterprise Edition)
13/10/2022
New features:
[webgui] add a “save all” button
Improvements:
[cluster] improvement switching roles action
Bugfixes:
[ssl] fixed Let’s Encrypts Wildcard renew action
[webgui] fixed Local IP filter in Cluster settings
[system] fixed the following vulnerabilities issues:
CVE-2022-27404, CVE-2022-25308, CVE-2022-27405, CVE-2022-27406, CVE-2022-25309, CVE-2022-25310, CVE-2022-37434, CVE-2021-20223, CVE-2020-35525, CV
E-2020-35527, CVE-2021-3800, CVE-2022-0530, CVE-2022-0529, CVE-2022-40674, CVE-2022-31081, CVE-2022-42012, CVE-2022-42011, CVE-2022-42010 and CVE-
2022-40617
SKUDONET 6.2.9 (Enterprise Edition)
29/08/2022
Improvements:
[ssl] add a stronger check to SSL certificates
[ipds] set WAF assistant enabled by default
[ipds] improvement of WAF assistant management
Bugfixes:
[ipds] fixed delete WAF rule conditions
[farms] fixed SRV and NAPTR type resources on GSLB farms
[system] fixed the following vulnerabilities issues:
CVE-2022-2469, CVE-2022-2509, CVE-2021-4209, CVE-2022-2625, CVE-2022-37452
SKUDONET 5.12.2 (Community Edition)
12/07/2022
New features:
[ssl] add autorenewal configuration for Let’s Encrypt certificates
Improvements:
[farms] L4xnat: Add module parameters configuration in global.conf for SIP protocol
[ssl] reload farms renewing Let’s Encrypt certificates
[networking] improve default GW managing
[farms] L4xnat: improve multiport handle
[webgui] add backend status in LSLB view
Bugfixes:
[ssl] fixed renewing staging Let’s Encrypt certificates
[farms] L4xnat: fixed copy farm action
[system] reload cron configuration after skudonet restart
[networking] fixed configure default GW application order in SKUDONET service
[config] fixed remove zapikey from global.conf disabling root zapi permission
SKUDONET 6.2.8 (Enterprise Edition)
12/07/2022
New features:
[ssl] add autorenewal configuration for Let’s Encrypt certificates
Improvements:
[ssl] reload farms renewing Let’s Encrypt certificates
[webgui] add backend status in LSLB view
Bugfixes:
[webgui] fixed activation certificate information
[ssl] fixed renewing staging Let’s Encrypt certificates
[system] fixed the following vulnerabilities issues:
CVE-2022-34903
SKUDONET 6.2.7 (Enterprise Edition)
30/06/2022
Improvements:
[ipds] reload blacklists without disabling them
[ipds] schedule blacklists without restarting them
[system] improve activation certificate notifications
[networking] improve default GW managing
[farms] L4xnat: improve multiport handle
Bugfixes:
[networking] fixed configure default GW application order in SKUDONET service.
[ipds] fixed mismatched blacklists order applied
[farms] L4xnat: fixed copy farm action
[zenbui] fixed interface configuration file not updated
[system] fixed the following vulnerabilities issues:
CVE-2022-1292,CVE-2022-29824,CVE-2022-1664 and CVE-2022-24903
SKUDONET 5.12.1 (Community Edition)
17/05/2022
Improvements:
[proxy] fixed rewrite location to avoid open redirect vulnerability
[farms] L4xnat: fixed mark masquerade
[farms] L4xnat: add recovery system in NFTLB daemon
[farms] L4xnat: translate the new L4xnat backend status “available” as “up”
Bugfixes:
[webgui] fixed tab title
[webgui] fixed checkupdate message
SKUDONET 6.2.6 (Enterprise Edition)
17/05/2022
Improvements:
[cluster] Session replication daemon uses system profile
[farms] L4xnat: add recovery system in nftlb daemon
[api] add get farm status call
[system] improve managing activation certificate
Bugfixes:
[cluster] fixed registration HTTP farms in session replication daemon when changing the persistence
[proxy] fixed rewrite location to avoid open redirect vulnerability
[farms] L4xnat: fixed mark masquerade
[system] fixed cron redirection commands
[system] fixed the following vulnerabilities issues:
CVE-2022-1271 and CVE-2022-1552.
SKUDONET 5.12 (Community Edition)
03/05/2022
New features:
[webgui] new web GUI with new Angular technology v12
[ssl] letsencrypt integration
[lslb] http: add and delete HTTP headers
[lslb] http: priority load balancing support
[lslb] http: rewrite URL directive (proxy pass)
[lslb] http: updated SKUDONET HTTP/S core zproxy
[lslb] l4: updated SKUDONET L4 core nftlb
[zcli] SKUDONET command line improvements
[api] 4.0.2 API version
SKUDONET 6.2.5 (Enterprise Edition)
19/04/2022
New features:
[proxy] add timeout managing socket control
Improvements:
[system] avoid cerbot command listing LetsEncrypt certificates
[system] add PPID column in supportsave ps info
[stats] disable session information when they are not needed
[cluster] improve performance in sessions replication
Bugfixes:
[farms] fixed backend IP changed when a DHCP modification is performed
[farms] fixed HTTP farm migration script
[farms] fixed l4xnat virtual port changed to multiport when setting protocol to SIP
[farms] l4xnat: fixed scheduler symhash with only one backend available
[webgui] fixed certificate expiration time message
SKUDONET 6.2.4 (Enterprise Edition)
30/03/2022
New features:
[system] allow Hostname as a rsyslog remote server
Improvements:
[farms] flush connections when a L4 farm is stopped/deleted
[farms] flush connections when a L4 backend is deleted
Bugfixes:
[farms] fixed L7 floating backend sourceaddress assignment
[networking] fixed routing rule validation
[networking] fixed no check route table before listing
[system] fixed the following vulnerabilities issues:
CVE-2021-4160, CVE-2022-0778, CVE-2021-25220, CVE-2019-17041, CVE-2019-17042, CVE-2021-3770, CVE-2021-3778, CVE-2022-24048, CVE-2022-24050, CVE-2022-24051, CVE-2022-24052, CVE-2021-43618, CVE-2021-46667, CVE-2021-3796, CVE-2021-35604, CVE-2021-46659, CVE-2021-46661, CVE-2021-46663, CVE-2021-46662, CVE-2021-46664, CVE-2021-46665, CVE-2019-15165, CVE-2019-20807, CVE-2018-25032
SKUDONET 6.2.3 (Enterprise Edition)
15/03/2022
Improvements:
[networking] do not delete routes for a nonconfigured interface
[farms] add validation and migration script for HTTP directive “Alive”
[system] add scope validation modifying SNMP scope value
[webgui] enable Cypress Studio for integration tests
[webgui] update Readme
Bugfixes:
[farms] fixed established connection for a L4xnat farm are not shown
[ipds] fixed ordering the blacklists
[farms] fixed URL Pattern not allow comments in HTTP Farms
[system] fixed start nftlb if PID file exists but daemon is not running
[webgui] fix network virtual create form
[webgui] fix blacklist edit form CSS
[webgui] fix memory leak in LSLB farm services list
SKUDONET 6.1.27 (Enterprise Edition)
15/03/2022
Improvements:
[networking] do not delete routes for a nonconfigured interface
[farms] add validation and migration script for HTTP directive “Alive”
[system] add scope validation modifying SNMP scope value.
[system] add SKUDONET 6.2 repository source
Bugfixes:
[farms] fixed established connection for a L4xnat farm are not shown
[ipds] fixed ordering the blacklists
[farms] fixed URL Pattern not allow comments in HTTP Farms
[system] fixed start nftlb if PID file exists but daemon is not running
[system] fixed issue migrating from iptables to nftlb in the backend status
SKUDONET 6.2.2 (Enterprise Edition)
04/03/2022
New features:
[webgui] add farm blacklists move action
Improvements:
[farms] enable pound as a proxy by default
[rbac] avoid SO limitation pattern creating a RBAC user
[api] add validations to GET stats API
[api] change IPDS API response messages
[api] add ipds message error when configure duplicate WAF rule ids
Bugfixes:
[system] fixed delete SKUDONET certificate in factory reset
[system] fixed issue migrating from iptables to nftlb in the backend status
[networking] fixed configure default gw in the main routing table when a NIC is modified
[networking] fixed an Interface that can be reconfigured with the same IP
[networking] ignore dhcp parameter in Interface API if is equals to the configured one
[farms] fixed glsb stats service validation
[farms] get farm PID from the PID file, not from the system
[api] fixed create and modify route validation
[api] fix GET /stats/farms//services//backends to get backends by service
[api] fix cookieinsertion validation
[api] do not allow to create any http cookie directive with any blank parameter
[system] fixed the following vulnerabilities issues:
CVE-2022-0543, CVE-2022-25235, CVE-2022-25236, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315, CVE-2022-24407
SKUDONET 6.1.26 (Enterprise Edition)
01/03/2022
Improvements:
[proxy] add migration script for old proxy configuration files
[proxy] add a monitor that relaunches the process if it detects a segfault signal
[farms] get farm PID from the PID file, not from the system
[api] add validations to GET stats API
[api] remove name field from GET /stats/system/network/interfaces
[rbac] avoid SO limitation pattern creating a local RBAC user
[guardian] add migration script for old farmguardian configuration files
Bugfixes:
[farms] fixed GSLB stats service validation
[farms] reset L4 farm backend priority, weight and max connection values if send null
[api] fixed the create and modify route validation
[api] fixed cookie insertion validation
[api] do not allow to create an HTTP cookie directive with any blank parameter
[api] fixed status parameter for GET /stats/system/network/interfaces
[networking] ignore DHCP parameter in interface API if it is equal to the configured one
[networking] fixed configure default gw in the main routing table when a NIC is modified
[networking] fixed an Interface that can be reconfigured with the same IP
[networking] fixed an Interface can be configured with the same IP as a Virtual Interface
[networking] fixed list tables from rt_tables when the name contains “-” character
[ipds] fixed not_match field from ipds rules API
[ipds] WAF: fixed get default_log rule field
[ipds] WAF: modify disable_rules field after deleting a rule
[ipds] WAF: update SecRuleRemoveById when a disabled rule is modified
[ipds] WAF: check the rule IDs when setting the disable rules param
[system] fixed notification sec rules
[system] notifications config dir is excluded from synchronization
[guardian] fixed farmguardian conf modification when modifying a farm name
SKUDONET 6.2.1 (Enterprise Edition)
14/02/2022
New features:
[webgui] add time range selector for time graphs
[webgui] show web GUI version in system information
Improvements:
[farms] optimizing L7 floating
[system] add host name to certificate and package alert messages
[farms] fixed reset L4 farm backend priority, weight and max connection values
[webgui] add tooltips in top navigation elements and breadcrumb links
[webgui] improved HTTPS security against web GUI with meta tag CSP (Content Security Policy)
Bugfixes:
[ipds] fixed check WAF rules ids when set the disable rules param
[ipds] fixed change WAF log sec rule for zproxy new WAF logs patterns
[ipds] fixed configuration of log rule field in WAF
[ipds] fixed issue updating some directives when a disabled rule is modified
[api] fixed minor issues adding require module
[api] fix description field for notification get API
[ipds] fixed WAF regex to avoid posting warnings and get rule name properly
[system] fixed executing permission missing in migration script
[guardian] fixed modification of farmguardian confguration when modifying a farm name
[system] fixed issue applying netplug template
[system] fixed SKUDONET certificate key changes if a backup is imported of other operating system
[system] fixed migration processes execution applying a backup
[system] fixed the following vulnerabilities issues:
CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-23852, CVE-2022-23990, CVE-2021-45960, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2021-46143
SKUDONET 6.2 (Enterprise Edition)
24/01/2022
New features:
[system] VPN module
[farms] let’s encrypt integration in the web GUI
[farms] HTTP headers mangling for HTTP(S) profiles
[farms] URL mangling for HTTP(S) profiles
[system] new messages for notifications
[system] configure remote syslog in UDP/TCP mode
Improvements:
[system] ZCLI update
[farms] SSL errors improvements for HTTP(S) farms
[farms] Personalized WAF ERROR code 403
[system] multi-listeners for HTTPS web GUI and SSH service
[system] web GUI SSL certificate modification
[routing] added a new field for comments in the routing module
[cluster] more interfaces can be monitored and members of the cluster service
[ipds] improve user experience configuration for WAF OWASP rulesets
[webgui] new GUI with latest Angular version with user experience improvements
SKUDONET 6.1.25 (Enterprise Edition)
03/12/2021
Improvements:
[system] add to checkupgrade the option to convert the load balancer in an early adopter version
Bugfixes:
[system] change zproxy logs pattern to fix a notification issue
[system] add execution permissions to the rebuild_delreg_files new script
[system] fix netcat usage in the checkupgrade script
[ipds] fix schedule param message from IPDS
[ipds] fix issue to keep WAF ruleset change after a package update
[networking] remove a warning
[networking] fix wrong bonding status on network statistics API call
[syslog] change the tag of a message from error to info
[farms] fix a bug restarting GSLB farms in ZAPI v3
[farms] fix error checking GSLB configuration file
[farms] add a validation for the farm redirect parameter
[farms] fix updated backend sourceaddress in edit backend action
SKUDONET 6.1.24 (Enterprise Edition)
04/11/2021
Bugfixes:
[routing] fix an error creating a /32 mask rule
[system] recreate notifications config files when they are empty
[cluster] fix error in ssyncd when it replies sessions to zproxy
[proxy] fix the TTL session when it is added via API
[system] fixed the following vulnerabilities issues:
CVE-2021-37750
SKUDONET 6.1.23 (Enterprise Edition)
27/08/2021
New features:
[farms] l4xnat: re-enable h232 protocol support
Improvements:
[config] clean config files when a NIC is removed from the system
[api] add root access permission check in API 3.2
[api] check AWS credentials and return code 400 in case of error, and new field status in GET /aws/credentials api
[config] separate nftlb debug config from global debug config
[webgui] check if the root user has access permission to the Web GUI before login
[networking] add a check for the rule action
[farms] l4xnat: speedup farm port ranges rules generation
Bugfixes:
[farms] l4xnat: fixed deleting persistence session for DSR
[config] fix misspelled global variable
[config] add missing semicolons in global.conf.template and add AZ logout in case of error setting AZ credentials
[system] fixed function input JSON decoding error in SKUDONET installation
[system] updated message after packages update
[zenbui] fixed remove previous interface configuration in Zenbui
[system] uninstall skudonet-ipds package at factory reset
[farms] l4xnat: fixed accept multiple ranges and ports as virtual port
[farms] l4xnat: fix elements flushing from a policy
[farms] l4xnat: add dynamic persistence rules and update timeout in DSR mode
[system] fixed the following vulnerabilities issues: CVE-2021-36222
SKUDONET 6.1.22 (Enterprise Edition)
05/07/2021
Bugfixes:
[farms] fixed the backend source address NATing for l4xNat when virtual interfaces are used
[farms] fixed the backend source address NATing for l4xNat when a virtual interface event is performed
[system] set the default rt_tables file in factory reset
SKUDONET 6.1.21 (Enterprise Edition)
25/06/2021
Improvements:
[farms] L4xnat: autodetect backend source-address via the routing table
Bugfixes:
[farms] L4xnat: fixed set route table source as backend address when the route is not applied in the system
[farms] L4xnat: set routing table source instead of floating VIP as backend address
[farms] fixed no update backends status when performing changes of IPDS in a farm
[ipds] fix WAF data files installation path fault
[system] fixed the following vulnerabilities issues:
CVE-2021-3541, CVE-2021-3580, CVE-2021-2154, CVE-2021-2166, CVE-2021-28153, CVE-2021-3537, CVE-2021-31871, CVE-2021-33560, CVE-2020-24977, CVE-2021-25217, CVE-2021-27218, CVE-2021-27219, CVE-2020-24659, CVE-2021-20305, CVE-2021-3516, CVE-2021-3518, CVE-2021-3517, CVE-2021-31873, CVE-2021-31872, CVE-2021-27928, CVE-2021-20232, CVE-2021-31870, CVE-2021-20231
SKUDONET 6.1.20 (Enterprise Edition)
18/05/2021
Improvements:
[ssl] add openssl configuration to backup/supportsave
Bugfixes:
[farms] L4xNAT: fixed enable logs when the nattype is changed
[farms] L4xNAT: fixed log type on DSR and Stateless DNAT L4xNAT Farms
[farms] HTTP profile was returning a non valid URL when WAF resolution is redirect
[farms] HTTP profile returning a non valid URL when WAF resolution is redirect
[system] fixed the following vulnerabilities issues:
CVE-2021-3449, CVE-2021-21309, CVE-2021-3393, CVE-2020-26116, CVE-2019-13952, CVE-2019-20367, CVE-2020-8231, CVE-2020-8169, CVE-2020-8285, CVE-2020-8286, CVE-2020-8177, CVE-2020-8284, CVE-2021-22876, CVE-2021-22890, CVE-2021-25214, CVE-2021-25216, CVE-2021-25215, CVE-2021-3520, CVE-2021-31535
SKUDONET 6.1.19 (Enterprise Edition)
10/05/2021
Bugfixes:
[farms] improve the validation for l4xnat port ranges
[farms] configure ALL protocol when all ports are set
[farms] fix an issue related to virtual port when an l4xnat farm is created
[cluster] stop routes in the backup node when a virtual interface is deleted
[cluster] update the slave routing tables when a new route is added in the master node
[networking] remove from the system all custom routes that depend on an interface when this interface is stopped
[stats] fix extra pending connection calculation getting backend status
[stats] remove the initial undefined backend status
[ipds] WAF configures the “SecRequestBodyLimit” instead of ‘SecRequestBodyNoFilesLimit’
[ipds] set the “variable” parameter of WAF as mandatory
[webgui] show the name of the file when in a WAF rule the operator ‘strPhrasesFromFile’ or ‘ipMatchFromFile’ is set
[webgui] fix some typos
[webgui] fix the “update” action in WAF module
[webgui] remove the protocols: amanda, irc, h323, netbios-ns and sane
[webgui] fix errors in service editing when the service has the string “session”
SKUDONET 6.1.18 (Enterprise Edition)
24/03/2021
Improvements:
[cluster] remove azure account after deleting azure cluster configuration
Bugfixes:
[farms] changed function from checkport to validatePort
[ssl] Letsencryptz forced to use HTTP challenge
[cluster] fixed IP announce in Master node, it is not performed when the backup node is started
[cluster] fixed restart farm on the backup node
[networking] fixed Nonexistent NIC Interface Configuration File is not removed
SKUDONET 6.1.17 (Enterprise Edition)
23/02/2021
Bugfixes:
[cluster] fixed ssyncd daemon listens on all interfaces
[system] fixed sending gratuitous ARP for down Virtual Interfaces
[system] fixed the following vulnerabilities issues:
CVE-2021-23841, CVE-2021-23840, CVE-2019-1551, CVE-2020-8625, CVE-2021-24032, CVE-2021-24031, CVE-2021-23841, CVE-2021-23840, CVE-2019-1551, CVE-2020-8625
SKUDONET 6.1.16 (Enterprise Edition)
12/02/2021
Bugfixes:
[webgui] added priority column for backends in HTTPS farms if proxy new generation is in use
[system] fixed some port check issues configuring farm and management services
SKUDONET 6.1.15 (Enterprise Edition)
11/02/2021
New features:
[cluster] added cluster support in Azure
Improvements:
[farms] remove deprecated l4xnat helpers from API
Bugfixes:
[farms] do not allow auto-updating certbot for letsencryptz
[farms] added checks for VIP, VPORT and protocols for usage in new farms creation
[farms] allow configuring DNS Servers even when no Server is configured yet
[system] fixed the following vulnerabilities issues:
CVE-2014-10402,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-3156,CVE-2018-6942,CVE-2019-1010238,CVE-2019-12900,CVE-2019-18218,CVE-2019-8457,CVE-2019-12735,CVE-2020-10531,CVE-2020-8616,CVE-2020-10543,CVE-2019-5018,CVE-2019-18397,CVE-2019-9513,CVE-2020-14363,CVE-2020-15861,CVE-2020-15862,CVE-2019-19959,CVE-2019-20218,CVE-2019-6477,CVE-2020-12723,CVE-2020-28196,CVE-2020-29361,CVE-2020-29363,CVE-2020-8617,CVE-2019-12749,CVE-2020-14393,CVE-2020-13630,CVE-2019-5094,CVE-2019-5188,CVE-2020-14344,CVE-2020-15999,CVE-2020-8622,CVE-2019-6471,CVE-2020-14422,CVE-2019-17595,CVE-2020-27350,CVE-2020-12049,CVE-2020-13434,CVE-2020-13435,CVE-2020-13632,CVE-2020-14392,CVE-2020-15358,CVE-2020-3810,CVE-2019-17594,CVE-2020-29362,CVE-2019-15795,CVE-2019-15796,CVE-2019-20919,CVE-2020-8624,CVE-2020-27351,CVE-2020-35512
SKUDONET 6.1.14 (Enterprise Edition)
11/12/2020
Improvements:
[lslb] add a directive to HTTP farms to control the maximum HTTP body analyzed by the proxy.
[api] validate that the name of the objects won’t be “0”
[api] validate the netmask when an interface is modified
[system] add cron information to supportsave
[stats] get farm established connections from binary instead of conntrack (for HTTP profile)
Bugfixes:
[proxy] avoid double port appending in location rewrite.
[proxy] update session-id from the response.
[proxy] do not pass the HTTP body to the WAF when the HEAD method is used.
[proxy] reload WAF rulesets if the proxy daemon fails.
[webgui] fixed message of translations module.
[farms] force farms status down in boot time if the process is not running when is set
[farms] modify the VIP of the farms when the interface is modified (VLAN and bonding).
[lslb] confirm proxy is killed when HTTP farm is stopped.
[system] reconfiguring APT if the certificate serial changed when checkupgrades is executed.
[system] modify the Ssyncd binary path.
[stats] some graphs are not created depending on the bonding name.
[networking] failed to get interface status when it is unset.
[networking] DHCP does not start/stop in bonding interfaces
[networking] applying IP routes and IP rules after creating table ID
[rbac] a user without permissions could watch the farm stats and graphs.
SKUDONET 6.1.13 (Enterprise Edition)
13/11/2020
Improvements:
[ipds] added the source IP in logs if WAF detects a threat
[farms] accepted none value in l4xnat for disabling persistence
[networking] it is not required to stop slaves from bonding before adding them to the interface
[webgui] homogenized buttons and forms in all the web GUI
[webgui] fixed some forms for routing configuration
Bugfixes:
[networking] fixed add new IPs and apply routes by netplug when the link is UP
[networking] fixed no check slaves when bringing UP a bonding
[cluster] cluster process is not checked if cluster service is not previously configured
[system] disabled useless SNMP errors in Syslog
[system] systems SKUDONET reload after executing migration scripts
[networking] fixed deleting old rules when a VLAN or bonding is deleted
[system] letsencrypt creates certificates in lower case
[ipds] WAF rules were not ordered properly
[farms] deleted old temporal files in /tmp/ for l4xnat serializer binary
[farms] modified the default value for directive 100-Continue.
[networking] fixed config status when bonding is created
[farms] error returned if the copy farm action fails
[farms] fixed copying a farm if WAF is configured
[networking] fixed error adding IPv6 routing rules
[networking] fixed writing routing rules if the web form field is unset
[networking] configure the NIC in status DOWN if it is added to a bonding
[ipds] fixed issue parsing WAF rules in web GUI view
[networking] Isolated NICs can be configured in the main table
[farms] priority column hidden in HTTP farms when proxy next generation is disabled
[farms] fixed some memory leaks in the l4xnat serializer
SKUDONET 6.1.12 (Enterprise Edition)
14/10/2020
Improvements:
[system] updated libmodsecurity library
[cluster] cluster interface and slave interfaces can’t be edited
[networking] skip bonding mac change if it is already configured on the system
[zcli] autocomplete improvements for some calls
[cluster] improved the node replication objects when the cluster node not in MASTER role is reachable again
[webgui] added translation messages
Bugfixes:
[networking] fixed updating virtual interface mask
[cluster] sync any change in virtual interface
[networking] avoided configuring bonding interface twice starting SKUDONET service
[routing] global route params are used wen route table is listed
[rbac] supported dot in the username field
[farms] farmguardian was not stopped if node entered in the maintenance
[cluster] priority 10 causes Master role on the wrong node
[cluster] disable maintenance on the cluster node could be performed with cluster interface DOWN
[cluster] fixed resync node when a node leaves maintenance mode
[cluster] conntrack sync was not called properly once node entered in MASTER status
[farms] switching proxy ng was not done properly
[farms] avoided running a farm if virtual IP is no UP
[cluster] fixed leaves maintenance mode when a link UP is received
[farms] fixed HTTP(S) header persistence session
[farms] fixed error reloading WAF rules in HTTP(S) profiles
SKUDONET 6.1.11 (Enterprise Edition)
03/09/2020
Improvements:
[ipds] added/delete IPs in the blacklist module in batching
[rbac] added more tests to the LDAP connector for bind DN, filter, and bind user
[certs] added a new unknown status if the certificate format is not detected
[webgui] allowed to search a Virtual IP using the field alias in the farm creation
[webgui] graphs for network traffic changes to Gbytes or Tbytes based on the total of bytes received
Bugfixes:
[cluster] netplug always starts cluster in backup mode discarding maintenance mode
[ssl] fixed issue managing SSL certificates with an unknown format
[ssl] added information if not valid SSL certificate format
[system] fixed issue showing the number of CPU cores if the value is higher than 10
[networking] fixed resetting MACs when a NIC is added/removed of a bonding interface
[system] fixed internet connection check for packages update.
[webgui] added support to DH 2048 in the web server
[farms] fixed error 500 listing GSLB backends
[ssl] removed the key file is a CSR is deleted
[farms] added Alias field when a backend is created
[farms] validate the backend ID before creating sessions
[farms] unset priority for farms if no proxy of the new generation is in use
[farms] fixed issue deleting DSLB farm if the interface used in VIP is down
[farms] update backend priority after backend status change
[webgui] fixed refresh alias if backend changes
[webgui] STS directive is enabled/disabled if HTTPS listener is enabled/disabled without refreshing the view
[webgui] fixed typos in messages for the translation module
SKUDONET 6.1.10 (Enterprise Edition)
30/07/2020
Bugfixes:
[farms] fixed maintenance mode for a backend with multiport
[webgui] improved translation messages
[webgui] change VLAN name to VLAN ID instead
[system] virtual IPs are configured properly if cluster switches in AWS
[cluster] deleted cluster status if the system is rebooted
[networking] fixed Routing tables configuration with DHCP in AWS
SKUDONET 6.1.9 (Enterprise Edition)
14/07/2020
Bugfixes:
[webgui] fixed issue creating modifying Alias for VLANs in bonding interfaces
SKUDONET 6.1.8 (Enterprise Edition)
07/07/2020
Improvements:
[system] kernel updates, fixed the following vulnerabilities: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479
Bugfixes:
[webgui] fixed activation certificate format
[webgui] fixed error disabling/enabling farmguardian
[webgui] factory reset button enabled
[webgui] delete an action if del button in keyboard is pressed for WAF
SKUDONET 6.1.7 (Enterprise Edition)
03/07/2020
Improvements:
[ipds] blacklisted IPs now are deleted based in the source instead of the dynamic ID
Bugfixes:
[farms] fixed deleting dynamic sessions pined to the deleted backend
[farms] fixed ethernet address discovery for IPV4 backend addresses
[webgui] fixed infinite spinner when a delete action is executed
[webgui] fixed updating and adding aliases for all the network interfaces
[system] fixed issue with the licenses in the subscription plans
SKUDONET 5.2.20 (Enterprise Edition)
02/07/2020
Improvements:
[farms] improved the l4 load-balanced algorithm for an equal connection sharing
SKUDONET 6.1.6 (Enterprise Edition)
12/06/2020
Improvements:
[webgui] added spinner to force changes in proxy of the new generation
[webgui] added messages to the translation module
[ipds] added description to WAF operators
Bugfixes:
[webgui] fixed table of backend GSLB with spinner and delete actions
[webgui] fixed backends ID in backends table of farms GSLB
[webgui] fixed creating an alias and create interface alias
[webgui] fixed WAF variables used in forms, data is loaded from API
[webgui] fixed error renaming blacklist
[webgui] changed the update method in routing rules
[webgui] fixed creating and updating routing rules
[webgui] fixed the refresh of stats
[webgui] fixed search of WAF variables
[webgui] fixed changing the schedule for a blacklist
[ssl] fixed issues in letsencrypt certificates management renovations
[ipds] fixed copying RBL lists
[lslb] fixed marks assignment for l4xnat backends
[routing] fixed issue modifying priorities of routing rules
[ipds] fixed deleting blacklist of HTTP profile
[zcli] fixed some issues in autocomplete for boolean values
SKUDONET 5.11.1 (Community Edition)
22/05/2020
Bugfixes:
[farms] improve performance saving and loading high number of elements
[farms] fix backend maintenance deletion
[farms] keep backend rules in maintenance mode
[farms] fix sigsegv when there is no backend
[farms] disable static sessions when backend is not available due to priority
[farms] avoid limit per client when configured connection limit per backend
[system] change the path for nft binary
SKUDONET 6.1.5 (Enterprise Edition)
18/05/2020
Improvements:
[webgui] improved translation messages
[webgui] added a button to view certificate content
[waf] better message description in each operator and variable
[lslb] warning message is shown if farmguardian is not configured
Bugfixes:
[lslb] fixed issues connecting to letsencrypt for requesting a new certificate
[system] fixed update packages in the backup node
[lslb] fixed cut mode maintenance behaviour
[lslb] fixed stopping farmguardian in the service name is a number
[lslb] forced to calculate source address for NAT in l4xnat profiles
[lslb] WAF rules were not configured properly if proxyNG was disabled
[lslb] fixed issue in maintenance with drain mode
[lslb] fixed crash when a session was established in a backend in l4xnat
[cluster] fixed issue with the rsa private keys recreating the cluster
SKUDONET 5.11 (Community Edition)
12/05/2020
New features:
[system] introduce full management command line interface, named zcli
[api] introduce zapi version 4.0.1 including the new features automation
[farms] introduce L4 DSR session persistence support
[farms] reload the runtime http farm configuration when a change is done in the webgui
[farms] button to copy farms
Improvements:
[system] add more information to supportsave about zproxy process
[farms] allow creating farms with the same networking settings
[farms] faster start of farmguardian
[system] add verbose messages in case supportsave has not been generated properly
[system] updated netcat package used for networking test purpose
[farms] if all ports are balanced then all protocols should be configured by default
[system] improve management of errors
Bugfixes:
[farms] HTTP profile was not stopped properly
[ssl] some SSL certificates were not moved to the certificate store
[system] do not start SNMP service if it is disabled
[stats] fix an error in HTTP backend stats
[farms] enable a minimum log level for HTTP farms
[system] fix an error dumping sessions information in supportsave
[ssl] load long certificate lists in less than 1 minute
[farms] solved routing rules for sd-wan (dslb)
[system] now SNMP is started after a reboot
[farms] solved connection issues with farmguardian and persistence
[farms] fixed persistence table management in l4xnat
[system] check the networking settings before applying the configuration to avoid error messages in logs
[webgui] optimize certificates table pagination load
[farms] fixed dashboard view for dslb farms
[webgui] allow using the colon in the password field
SKUDONET 6.1.4 (Enterprise Edition)
01/05/2020
Bugfixes:
[system] fix an error in the upgrading process that avoids upgrading the cluster backup node
[api] add the HTTP error code 410 to ZAPI version 3.1
SKUDONET 6.1.3 (Enterprise Edition)
30/04/2020
Improvements:
[networking] announce ARP packet when an interface is created (This only applies when ARP announcement is enabled)
[system] allow passwords until 512 characters
[webgui] add warnings message when a bad backend priority configuration could put the farm out of service
Bugfixes:
[networking] fix an error showing the MAC in virtual interfaces
[networking] fix an error announcing ARP when the cluster is not set
[proxy] the NG proxy is disabled by default
[stats] fix an error in the networking units graphs
[ssl] fix the SSL certificate format
[ipds] improve the system management for DoS rules
[lslb] remove backends sessions before delete or stop a backend
[lslb] fix an error in l4xNAT farms that use backend with a maximum of connections
[lslb] fix an error calculating weight in l4xNAT farms that use least connections algorithm
[lslb] fix an error setting the redirect in HTTP farms
[system] fix an error starting the notification daemon
[system] returns an error when the system fails disabling duplicated networks
[webgui] add some missing messages in the translation module
[webgui] fix an error putting the backend in maintenance mode
SKUDONET 5.2.19 (Enterprise Edition)
22/04/2020
Bugfixes:
[farms] added an internal locking system to l4xnat farms management
[farms] added protection to avoid marks corruption in l4xnat farms
SKUDONET 6.1.2 (Enterprise Edition)
14/04/2020
Improvements:
[farms] restart farm is not needed anymore when services are ordered
[webgui] some messages have been fixed for the language module
Bugfixes:
[farms] HTTP profile was not stopped properly
[ssl] some SSL certificates were not moved to the certificate store
[rbac] check users against LDAP if ZAPI key is used
[networking] allowed to enable/disable duplicated_net flag
[system] do not start SNMP service if it is disabled
[webgui] fixed documentation link for certificates view
SKUDONET 6.1.1 (Enterprise Edition)
03/04/2020
Improvements:
[system] add more information to supportsave about zproxy process
[cluster] protect backup from master updates when upgrading the system
Bugfixes:
[farms] fix the backend routing rules for l4xnat farms
[stats] fix an error in HTTP backend stats
[farms] enable a minimum log level for HTTP farms
[system] fix an error dumping sessions information in supportsave
[rbac] fix an error retrieving the list of expected parameters in adding RBAC user ZAPI request
SKUDONET 6.1 (Enterprise Edition)
31/03/2020
New features:
[networking] routing module to manage static routing rules
[webgui] multi Language module
[ipds] WAF rules editor from the web gui
[farms] button to copy farms
[rbac] LDAP connector to authenticate RBAC users
[system] introduce full management command line interface, named zcli
[farms] introduce high performance HTTP and HTTPS load balancing reverse proxy core, named zproxy
[api] introduce zapi version 4.0.1 including the new features automation
[farms] introduce priority algorithm for HTTP profile
[farms] introduce L4 DSR session persistence support
Improvements:
[ipds] blacklist update scheduler optimization
[system] add web gui section for advanced settings: ARP announcement, allow routing subnet duplication, session replication service management
[farms] allow creating farms with the same networking settings
Bugfixes:
[ipds] set the default action for all WAF phases
SKUDONET 6.0.18 (Enterprise Edition)
06/03/2020
Bugfixes:
[certs] load long certificate lists in less than 1 minute
[gui] optimize certificates table pagination load
[farms] solved routing rules for sd-wan (dslb)
[farms] fixed dashboard view for dslb farms
[system] fixed system checks that are running in Azure
SKUDONET 5.10.1-1 (Community Edition)
03/03/2020
New features:
[proxy] add/delete response headers
[proxy] add multi-listener support
[proxy] add support to listener config reload
[proxy] added WAF support (libmodsecurity3, disabled by default)
[proxy] added automatic memory trimmer
[proxy] add backend server priority setting
[proxy] add -R option to reload listener configuration from file
Improvement:
[proxy] add missing extended HTTP verbs
[proxy] add centralized regex manager
[proxy] add listener CTL management support
[proxy] schedule redirect response if backend connection fails
[proxy] do not load balance if only 1 backend is present
[proxy] add better information in logs
[proxy] set static maximum SSL handshake retries
[proxy] added case insensitive comparator to Headers map
Bugfixes:
[proxy] fixed incomplete response parse continuation
[proxy] fixed Location and Content-Location wrong protocol if RewriteLocation=2
[proxy] fixed crash parsing an HTTPS listener
[proxy] fix session cookie header value parser
[proxy] invalidate sessions if the backend is down
[proxy] fix cookie session-id comparation
[proxy] fix crash on process exit
[proxy] reply err503 on abrupt connection close by the backend
[proxy] fix malformed log data
SKUDONET 6.0.17 (Enterprise Edition)
11/02/2020
Improvements:
[cluster] faster cluster configuration process
[farms] faster start in farmguardian
[cluster] updated VRRP cluster service
Bugfixes:
[farms] fixed memory leaks in session replication service
[cluster] fixed cluster switching to MASTER in both nodes before to any configuration
[farms] farmguardian was started twice per farm
[system] now SNMP is started after a reboot
SKUDONET 6.0.16 (Enterprise Edition)
04/02/2020
Bugfixes:
[webgui] fix cluster web form
SKUDONET 6.0.15 (Enterprise Edition)
21/01/2020
New features:
[system] introduce support of AWS cluster support
Improvements:
[system] add verbose messages in case supportsave has not been generated properly
[system] updated netcat package used for networking test purpose
Bugfixes:
[lslb] fix error deleting SSL certificates in HTTPS farms
[rbac] add check if the user or group already exists in the system
[system] modify binary path for AWS support
[lslb] fix stateless DNAT source MAC translation
SKUDONET 6.0.14 (Enterprise Edition)
12/11/2019
Improvements:
[system] enable / disable Arp announcement for VIPs
[farm] new HTTP verbs group with OPTIONS enabled
Bugfixes:
[networking] disabled check internet connection before to configure APT repository
[cluster] check cluster status every 30 secs
[webgui] allow using the colon in the password field
SKUDONET 6.0.13 (Enterprise Edition)
24/10/2019
New features:
[webgui] allowed restart WAF ruleset to apply changes
[webgui] link to farm stats from status icon inside farm edition
[webgui] allow configuring response headers in HTTP farms
Improvements:
[webgui] configure minutes in the range of 30 for scheduling remote blacklist downloads
[webgui] changed some tables behavior, pagination persistence and pages listing to ALL
[ipds] added blacklists download queuing
[farms] added OPTIONS verbs to the default verbs in HTTP profiles
[cluster] register farms in ssyncd only if persistence is enabled
[farms] if all ports are balanced then all protocols should be configured by default
Bugfixes:
[webgui] solved typos to destroy a cluster
[webgui] fix changing the password from RBAC Users
[webgui] fix typo in virtual interface tag
[webgui] solved typo verbs in HTTP farms
[farms] solved connection issues with farmguardian and persistence
[cluster] solved memory leaks with ssyncd
[cluster] fix ssyncd farm registration issues
[farms] fixed persistence table management in l4xnat
[system] fixed issue updating packages with proxy configured
SKUDONET 5.2.18 (Enterprise Edition)
23/10/2019
Improvement:
[farms] add an option to allow the ‘options’ HTTP verb with the ‘extended HTTP requests’ set of verbs
Bugfixes:
[networking] set the default gateway in the boot although certificate is expired
[stats] fix an error showing the l4xnat stats in multiport farms
SKUDONET 5.10.1 (Community Edition)
11/10/2019
Improvement:
[webgui] restart notice message after HTTPS changed parameters
Bugfixes:
[farms] fix dh2048.pm path in HTTP template file
[farms] force protocol to ALL when all ports are selected in l4xnat farms
[farms] fix an error modifying https ciphers
[guardian] fix an error copying a farmguardian
[farms] fixed deleting backend ports
[webgui] the webgui actions are translated
[webgui] fix the behavior of javascript messages
[proxy] ssl connections management bugfixes and cleanups
[proxy] fixed redirect behaviour
[proxy] fixed pinning behaviour with SSL protocol
[proxy] fixed URL matcher
[proxy] assign new backend if a timeout is reached
[proxy] assign different backend if session information is not found
SKUDONET 6.0.12 (Enterprise Edition)
10/10/2019
Improvements:
[cluster] added mutex to cluster events change roles
[system] unlimited number of threads per PID
Bugfixes:
[farms] farmguardian stops suddenly after starting
SKUDONET 5.10 (Community Edition)
09/10/2019
New features:
[farms] add persistence between clients and backends using hashes depending on “ip”, “port”, “mac”, “source ip and source port” or “source ip and destination port”
[farms] add option to l4xnat to set the port
[farms] add nat type based on stateless dnat
[webgui] add module to translate the webgui to a different language
[webgui] show the session tables for l4xnat farms
[webgui] retrieve the parameter list accepted by the API for a call when it is called without parameters (POST and PUT methods)
Improvements:
[farms] remove and modify backends using the nft mark
[farms] apply deterministic order to farm listings (sorting alphabetically). Pull request from the github user brudo, by William Bruce Dodson
[farms] do not control Access-Control-Allow_Origin header when the request is using the zapi key
[farms] disable the HTTP parameter “ECDHCurve” by default
[farms] add check to avoid port collision with l4xnat farms
[farms] lock HTTP farm config file while a service it is being modified
[farms] create a dummyTable to start the nf_conntrack module
[farmguardian] add checks for “sip” and “redis”
[system] restart web server when SKUDONET is restarted
[system] set the binaries path in the global.conf file
[system] update system dependencies
[system] expand error message
[system] remove the zlb-stop and zlb-start files from the package and set them as templates
[system] postinst refactoring
[system] apply perltidy to code files
[system] move logic from API to the library
[system] remove completely iptables code and dependencies
[system] export global.conf to bash scripts
[system] set all log tags in lower case
[system] check the uploaded backups before that stores it
[system] change restart services for reloading them in cron tasks
[system] move profiling logs to debug level 5
[system] add more system information to supportsave
[api] log the JSON input parameters
[api] standardizer API calls for copying actions
[api] improve the validation of the parameters
[api] refactoring for farm module
[api] returns an error if a sent parameter was not expected for the call
[api] created a new call for getting system information
[cluster] move the local configuration to a local directory
[networking] add arp announce feature after any IP configuration
[networking] masquerade traffic towards the backend with the parent interface of the vip
Bugfixes:
[system] fix an error of looping when a backup is applied
[system] omitting commented routing tables in supportsave
[system] fix typo in output message and logs
[system] nftables is not printed in supportsave
[system] fix the regex for SNMP community and SNMP name parameters
[system] global.conf did not parse the variables with “update” tag
[farms] error returning the ciphers parameter in HTTP farms
[farms] error modifying the custom security ciphers parameter in HTTP farms
[farms] missing farmguardian parameter in the HTTP farm
[farms] solved a bug when parsing the file to add the backend in HTTP farm if the service has the same name as the farm
[farms] fix helpers protocols for l4xnat farms
[farms] force all protocol when setting all ports in l4xnat farms
[farms] fix loading helpers for natting
[farms] fix duplicated rules when the protocol is “all” in l4xnat.
[farms] solved corruption of pound file when enabling TLS/SSL in HTTPS and it was already enabled
[farms] fix the tag and mark generation per backend
[farms] do not allow the ‘prio’ algorithm parameter for l4xnat
[farms] avoid flushing the entire ruleset
[farms] l4xnat farm stats does not return any backend if the farm is down
[farms] returns the backend down if the status is config_error
[farms] fix an error in l4xnat stats with “snat”
[farms] assuring that nftlb is stopped when performing a stop
[farms] avoid the use of Expect in the curl request that can produce recv blocking
[farms] remove regexp for HTTP redirect in HTTP farms
[farmguardian] SKUDONET service script was not calling to farmguardian start
[certificates] error in the certificate parameter ‘issuer’
[networking] group the routing rules by type
[networking] reload routing rules when a farm or interface is modified
[networking] fix an error setting an interface that was in the down interface
[networking] allow creating VLAN without gateway
[networking] solved bug when deleting a VIP
[networking] solved error unsetting a nic that was not applied in the system
[networking] create the nic config file if it does not exist
[networking] improved ipv4 regexp
[networking] do not allow to modify the interface used for management services (HTTP and SSH)
[system] applying backup returns success on failure
[api] change error code 400 for 404 when the certificate is not found
[api] API returns an error when it receives an array or a hash in the JSON parameter and it is not expected
SKUDONET 6.0.11 (Enterprise Edition)
02/10/2019
Improvement:
[networking] fix routes for interface with same subnet
[webgui] keep the backends pagination after refresh
[checks] updated SKUDONET health checks
Bugfixes:
[farms] fix backend check when backend port is empty
[stats] fix regular expression to show real traffic statistics
[webgui] fix show the first backend in the table
[waf] conditions for a ruleset were not shown properly
[system] fix per backend connection limit kernel race
SKUDONET 6.0.10 (Enterprise Edition)
20/09/2019
Bugfixes:
[networking] prioritized networking route rules
[farms] fix shown l4xnat backends status in maintenance mode
SKUDONET 5.2.17 (Enterprise Edition)
16/09/2019
Bugfixes:
[farms] fix virtual-host regexp matching for HTTP/S farms
SKUDONET 6.0.9 (Enterprise Edition)
04/09/2019
Improvements:
[farms] support of output network interface per backend
Bugfixes:
[farms] fix modify and delete GSLB resources
[farms] fix l4xnat masquerading
[farms] support of stateless dnat for direct client connections
[gui] fix GSLB resources id management
SKUDONET 6.0.8 (Enterprise Edition)
28/08/2019
Bugfixes:
[networking] routing rules prioritized
[networking] fix supportsave storing l4xnat rules via web gui
[ipds] fix code error in IPDS first load
SKUDONET 6.0.7 (Enterprise Edition)
21/08/2019
Bugfixes:
[ipds] fix ipds directory structure creation during installation
[farms] force masquerade IP nat when interface is set up/down
[system] fix GPG APT key addition for offline updates
[gui] fix menu display issue due to icons hidden layers
SKUDONET 6.0.6 (Enterprise Edition)
19/08/2019
New features:
[gui] show network interface aliases in the dashboard
Improvements:
[api] detailed activation error messages
[networking] support of masquerading interfaces in the same subnet
Bugfixes:
[gui] fix remote blacklists update schedule
[gui] fix analytics call with undefined parameters
[gui] fix typo in field of HTTP verbs accepted
[ipds] improve the validation check for blacklist inputs
[ipds] fix ciphers output parameter in HTTP farm
SKUDONET 6.0.5 (Enterprise Edition)
09/08/2019
New features:
[system] added support for offline updates
[farms] support of source natting per backend in different subnets
Improvements:
[ipds] optimize loading of blacklists
[ipds] support of overlapped IP ranges in blacklists
[ipds] unload blacklists if they are not in use
[ipds] remove SSH Brute force rule
[api] ability to configure AES Cyphers even if the hardware doesn’t support it
Bugfixes:
[cluster] solved memory leak in session sync daemon
[cluster] improved the tcp close connection management for service sync daemon
[farms] fix backend priority in l4xnat
[networking] fixed MAC address with incorrect value in eth0
[networking] virtual interfaces with name 0 were not started/stopped properly
SKUDONET 5.2.16 (Enterprise Edition)
08/08/2019
Bugfixes:
[networking] virtual interfaces with name 0 were not started/stopped properly
[cluster] solved memory leak in session sync daemon
[cluster] improved the tcp close connection management for service sync daemon
SKUDONET 6.0.4 (Enterprise Edition)
01/08/2019
New features:
[system] migration from SKUDONET 5 to 6
Improvements:
[cluster] nodes reconnection improvement
[system] LTS Kernel upgrade
[farms] support of source address per backend
[ipds] improved IPDS logging
Bugfixes:
[ipds] solved issue deleting remote blacklists
[system] solved netplugd issue changing default gw by mistake
[networking] modified expression to identify a Virtual Interface in the boot process
[ipds] solved blacklist deletion
[ipds] IPDS was not started properly at boot time
[farms] solved issue in the l4xnat config files generation
[farms] check if a port collision exists with l4 farms
[farms] fix backend priority in l4xnat
[system] local http config is needed to renew certificates for let’s encrypt
[cluster] fix memory leak when persistence is not enabled in a farm
SKUDONET 5.9.3 (Community Edition)
12/07/2019
Bugfixes:
[farms] stop properly the l4xnat daemon when SKUDONET service is stopped or restarted. This error affects l4 farms running in a cluster
SKUDONET 6.0.3 (Enterprise Edition)
10/07/2019
New features:
[ssl] let’s encrypt support
Improvements:
[farms] add an option to disable TLS v1.3 in the HTTP farms config file
[system] add more information to supportsave
Bugfixes:
[farms] enable automatic ECDH curve selection if no ECDHCurve parameter is set
[farms] fix an error showing the value of the maximum connection for backend, in L4xnat farms
[farms] fix an error showing the farmguardian in HTTP farms
[farms] fix an error modifying the custom security ciphers in HTTP farms
SKUDONET 6.0.2 (Enterprise Edition)
27/06/2019
Improvements:
[networking] Bonding interfaces restore their default mac address when the MAC field is empty
[networking] Created a wrapper to store default bonding mac address
Bugfixes:
[farms] fix SNI forward to backend
[system] APT configuration is checked daily and re-configured if required
[api] Fixed error 500 listing HTTP backends in API v3
[farms] fix backend aliases list for HTTP services
[system] Avoid to loop CA crl downloads without an Internet connection
SKUDONET 6.0.1 (Enterprise Edition)
26/06/2019
New features:
[networking] support of custom script execution after configuring any route in a given interface
Improvements:
[api] return the SKUDONET version in the session response
[system] avoid connections and cluster annoying messages in the logs
[networking] bonding will restore its default MAC address when the MAC field is empty
[networking] default MAC is stored for future restoring
[cluster] increased detailed information in web GUI cluster section
Bugfixes:
[ipds] fix WAF parse failed when the parameter was between quotes
[networking] fix DHCP config overwriting errors after disabling/enabling the service
[networking] fix static IP configuration is not configured properly after disabling DHCP
[system] execute the web server stop/start action in the background
[networking] fix solved routes were not being added if the interface was configured in UP status
[networking] fix deleted routing table inputs when bondings are unset
[networking] fix bonding status lost when unsetting the interface
[rbac] fix RBAC module mutex
[system] make SNMP community string less strict
[api] fix error 500 listing HTTP backends in API v3
[farms] fix backend alias not listed in HTTP services
[system] avoid enqueueing curl commands for license checking
[farms] fix error configuring HTTP redirect code
[system] set a token to block i-notify while the IPDS package is being updated
[farms] added less strict param for gslb which allows using check_icmp
[gui] fix left side menu was not shown properly in some Chrome versions
SKUDONET 5.2.15 (Enterprise Edition)
12/06/2019
New features:
[networking] added support to run a script after routing config in a given interface
SKUDONET 6.0 (Enterprise Edition)
04/06/2019
New features:
[farms] direct server return DSR support for L4
[farms] stateless NAT support for L4
[farms] L4 core with round-robin algorithm
[farms] L4 core with IP and port hashing for both destination or source
[farms] L4 core with support of new protocols: SCTP, netbios, snmp, h323, pptp, irc, sane, amanda
[farms] L4 core with configurable persistence per source and destination IP, port or even MAC
[farms] websocket support for HTTP/S
[farms] support of OpenSSL 1.1 for HTTP/S (TLS 1.3)
[system] latest kernel 4.19 with Long Term Support (LTS)
[system] spectre and meltdown mitigations included by default
[system] integration with APT remote repositories by default
[ipds] web application firewall for HTTP/S
[webgui] new web GUI based on Angular 6
[networking] full support of DHCP
[networking] MAC address custom configuration
[rbac] dynamic menu configuration based on RBAC user permissions
[system] added factory reset
Improvements:
[farms] new L4 core system based on nftables
[ipds] optimized security rules based on nftables
[cluster] clustering based on nftables
[api] optimization and refactoring of the API calls
[networking] improve network link management
[guardian] more integrated advanced health checks
SKUDONET 5.2.14 (Enterprise Edition)
16/05/2019
Improvements:
[networking] force ARP announcement after any IP configuration
Bugfixes:
[networking] fix issue changing IP of one already configured alias
[farms] replace backend check port with the VIP port if this value is not defined
SKUDONET 5.9.2 (Community Edition)
10/04/2019
Improvements:
[system] remove dependencies with xtable-addons packages
SKUDONET 5.2.13 (Enterprise Edition)
01/04/2019
Improvements:
[guardian] add a farm guardian check for monitoring SIP services
[webgui] change of farm guardian configuration in GSLB farms
[system] added Kernel Support for Amazon Web Services
[system] ssh service is started even if the certificate is not OK.
[system] start SKUDONET Service as soon as a valid certificate is updated
Bugfixes:
[ipds] solved an issue downloading the scheduled remote lists
[guardian] farm guardian is not linked properly with GSLB farms
[webgui] responsive graphs in the dashboard for Mozilla
[certs] hyphens and dots are not allowed in the CSR section.
[ipds] update remote lists process was not downloading remote URLs.
[guardian] reserved strings are not modified in one match is already executed.
SKUDONET 5.2.12 (Enterprise Edition)
01/03/2019
New features:
[guardian] redis health check is supported natively
Bugfixes:
[farms] L4xnat stats were not generated properly for farms with the same backend configured twice
SKUDONET 5.2.11 (Enterprise Edition)
08/02/2019
New features:
[system] add support of SKUDONET subscriptions package
Bugfixes:
[system] solved issue restarting the web server
SKUDONET 5.2.10 (Enterprise Edition)
25/01/2019
Bugfixes:
[farms] duplicated rules for l4xnat when the configured protocol is ALL
[system] activation certificate was requested even if it was properly upgraded
SKUDONET 5.9.1 (Community Edition)
17/01/2019
Bugfixes:
[guardian] farmguardian did not start after restart SKUDONET service
[farms] fix master node switching restarting SKUDONET service
SKUDONET 5.9 (Community Edition)
15/01/2019
New features:
[networking] IPv6 support
[system] 64 bits support
[farms] new L4xNAT core based on nftables and nftlb
[farms] add L4xNAT direct server return support
[gui] new WebGUI with Angular6 based in ngx-admin template
[api] new SKUDONET API 4.0
Improvements:
[system] fix security issues Spectre and Meltdown
[system] kernel update (Debian Buster)
[system] improved support for hypervisors
[system] improved code refactoring
SKUDONET 5.2.9 (Enterprise Edition)
02/01/2019
Bugfix:
[farms] HTTP farms couldn’t be started because of new use of an HTTP proxy dependency
SKUDONET 5.2.8 (Enterprise Edition)
26/12/2018
Improvements:
[system] add proxy support for packaging updates through Internet
Bugfixes:
[farms] fix leastconns traffic to down backends
[farms] fix HTTP traffic forwarding when cookie insertion was enabled
[guardian] fix farm guardian doesn’t start up properly
[webgui] fix farm guardian processes were killed if the web GUI was stopped
[webgui] fix memory leaks in the web GUI server
[webgui] a different network interface can be configured if the cluster is enabled.
SKUDONET 5.2.7 (Enterprise Edition)
07/11/2018
Improvements:
[farms] add multiprotocol and multiport support for SIP
[ssl] not allowed to update the license certificate if it is not valid
[system] kernel update to solve several vulnerabilities (Spectre and Meltdown)
Bugfixes:
[farms] fix backend in maintenance used with the priority algorithm
[farms] solved issue changing TCP to UDP protocol
[farms] modify the virtual port value to * if multiprotocol is configured
[api] latest character was deleted for the hostname
[farms] fixed issues creating load balancing rules for protocol with helpers
SKUDONET 5.0.2 (Community Edition)
05/11/2018
Improvements:
[ssl] update the HIGH cipher string
Bugfixes:
[farms] error modifying the SSL HTTPS certificate
[ssl] error uploading a SSL certificate
[ssl] set the custom cipher string properly
SKUDONET 5.2.6 (Enterprise Edition)
20/09/2018
Bugfixes:
[farms] services in HTTP farm show redirect value even when it isn’t configured
[system] check internet connectivity and proxy usage
SKUDONET 5.2.5 (Enterprise Edition)
28/08/2018
Bugfixes:
[farms] fix l4 switching to ALL protocols
[farms] removed not needed ports for helpers in l4xnat
[farms] fix sip load balancing with NAT and ALL protocols
[farms] fix rules deleting backends in l4 farms
[farms] force to use TCP and UDP protocols for SIP
[farms] disable force to dnat in SIP configurations
[gui] disable port configuration for SIP protocol
[gui] disabled configure port if SIP or ALL protocols is enabled.
SKUDONET 5.2.4 (Enterprise Edition)
10/08/2018
New features:
[system] ability to configure a http/s proxy for outbound connections
[farms] multiport support for FTP, TFTP and SIP protocols
Bugfixes:
[farms] set STS Timeout by default after disabling the STS Header
[farms] fix FTP, TFTP and SIP loading protocols
[stats] fix FTP and TFTP stat connections
[ipds] limit blaklists name length
[ipds] fix blacklist cron scheduler getting remote lists
SKUDONET 5.2.3 (Enterprise Edition)
24/07/2018
Improvements:
[webgui] improved behavior of search boxes
[webgui] favicon with dark themes in browsers
[syslog] remove depuration messages
Bugfixes:
[networking] bring up NIC interface when it does not have link
[rbac] modify RBAC user without a new password
[rbac] modify RBAC user without group permissions
[cluster] drop incoming traffic on virtual interfaces with IPv6 in the backup node
[guardian] fix typos in farmguardian templates
[networking] fix bonding interfaces route tables
[farms] GSLB vip status shows critical in the backup node
[guardian] fix farmguardian migration script
[farms] fix error 500 creating GSLB farms
[farms] GSLB statistics does not work in the backup node
[cluster] cluster does not replicate new GSLB farms properly
[networking] fix startup interfaces configuration without an activation certificate
[farms] fix least connections port aware per backend
[system] fix error deleting the activation certificate
[networking] show interface aliases
SKUDONET 5.0.1 (Community Edition)
02/07/2018
Improvements:
[farms] Locking system for http configuration files
[networking] Add a check to verify the virtual IP when starting a farm
Bugfixes:
[stats] L4xNAT statistics does not show backends list
[stats] HTTP does not show the virtual interfaces stats
[farms] Fix L4xNAT farms and datalink renaming
[farms] Allow character ‘_’ for HTTP service names
[networking] Run virtual interfaces in the start process
[certificates] Fix the load of certificate field ‘Issuer’
[supportsave] Don’t use arptables to resolve IPs
[farms] Remove critical status in HTTP farms when a redirect configured
[farms] Allow setting the backend parameter ‘port’ as blank
[farms] Modifying a L4xNAT farm returns error sometimes
[services] Error parsing the file ‘resolve.conf’
[farms] Use a more restrictive regular expression to get farm file name
SKUDONET 5.2.2 (Enterprise Edition)
29/06/2018
Improvements:
[rbac] Added two new preconfigured roles to be used in this module: management to allow to stop / start backend, and monitoring to allow to read information about system and farms
Bugfixes:
[rbac] Fix aliases are shown in the backends table even when user doesn’t have permissions to view this information
[alias] Fix aliases can be modified without permissions
[certificates] Fix search and upload actions break the SSL certificates table if some certificate has a CN field empty
SKUDONET 5.2.1 (Enterprise Edition)
20/06/2018
New features:
[rbac] Roles templates added
Improvements:
[syslog] Log the error output when a command fails
[rbac] Allow more characters for RBAC: users, groups and roles
[rbac] Add RBAC information to supportsave
Bugfixes:
[guardian] Fix typo in farmguardian templates
[guardian] Migrate farmguardian of farms to new farmguardian check
[zenbui] Fix Zenbui symbolic link
[farms] The parameter “Log” in l4xnat farm returns blank sometimes
[rbac] Creating system user and system group needed for RBAC
[notifications] Notifications is enabled by default
[guardian] Run farmguardian in SKUDONET start process
SKUDONET 5.2 (Enterprise Edition)
12/06/2018
New features:
[farms] Option to enable traffic logs for LSLB, DSLB, GSLB and the connection tracking
[farms] Support of aliases for backends
[networking] Support for aliases per NIC, bonding, VLANs and virtual interfaces.
[system] Role-Based Access Control (RBAC) to define new users, groups and permissions to actions in the system
[api] API 3.2 to manage all the new features
[networking] IPv6 Support for NICs, VLANs, Virtual Interfaces, Bonding and routing
[farms] IPv6 Support for HTTP and L4xNAT farms
Improvements:
[guardian] Improve of usability with several built-in health checks
[farms] More descriptive error messages for HTTP/S farms
[farms] Configurable redirect code for HTTP/S farms
[farms] Backend servers disabled if redirect is used for HTTP/S farms
[farms] Configurable Strict Transport Security header by service in HTTP/S farms
[farms] Improve of session table stats for LSLB farms
[system] Improve of message logs to syslog
[networking] Validation of network configurations
[networking] Automated virtual services configuration when modifying the network configuration
[networking] Real time networking packets/throughput stats per second
SKUDONET 5.1.11 (Enterprise Edition)
24/05/2018
Bugfixes:
[cluster] When cluster switches to BACKUP, the system never come back to MASTER
SKUDONET 5.1.10 (Enterprise Edition)
16/05/2018
Bugfixes:
[farms] It is not possible to create http(s) services after moving some service
SKUDONET 5.1.9 (Enterprise Edition)
10/05/2018
Improvements:
[ipds] included more parameters to check before starting a IPDS
[ssl] better input validation in CSR for organization and locality fields
Bugfixes:
[networking] solved issue stopping and starting bonding interfaces
[networking] ensure that bonding interfaces have a defined IP address before starting
[stats] fix established connections when the farm is not in UP status
[api] fix activation certificate status response
[guardian] update farmguardian statuses after a cluster switch
[farms] fix VIP verification after starting a farm
SKUDONET 5.1.8 (Enterprise Edition)
03/05/2018
Improvements:
[webgui] load HTTP profile parameters faster
Bugfixes:
[farms] fix concurrent changes in HTTP(S) configuration files
SKUDONET 5.1.7 (Enterprise Edition)
23/04/2018
Improvements:
[webgui] changed datetime format to allow ordering in table views
[farms] http(s) farm is marked in status UP when only a redirect is configured
[system] better and faster information gathering for supportsaves
Bugfixes:
[farms] solved issue modifying datalink farm names
[networking] solved issue modifying floating IPs
[system] solved DNS section parsing configuration file content
[farms] solved issue re-ordering services in http farms
[ipds] blacklist rules were not properly configured in GSLB farms
[farms] solved issue creating a l4 farm, API responds a 400 code instead of 200
[ssl] solved issue parsing “Issuer” field in certificates
[farms] parameter 100continue is not properly modified in http(s) farms
SKUDONET 5.1.6 (Enterprise Edition)
08/03/2018
Bugfixes:
[networking] Run virtual interfaces in start process
SKUDONET 5.1.5 (Enterprise Edition)
01/03/2018
Bugfixes:
[farms] Error detected when l4xnat farm parameters are listed
SKUDONET 5.1.4 (Enterprise Edition)
21/02/2018
Improvements:
[gui] Faster loading of LSLB farms list
[gui] Faster loading of http[s] farms services
[system] Better logs description for http proxy
Bugfixes:
[networking] Configure network if the certificate is temporary or doesn’t exist
[system] Avoid to backup corrupt configuration files
SKUDONET 5.0 (Community Edition)
12/02/2018
New features:
[gui] A new web GUI frontend in Angular
[api] New API JSON+REST capabilities for processes automation
[networking] New networking section for a better management and configuration of interfaces
[farms] New LSLB module (Local Service Load Balancer) which manages both L4xNAT and HTTP/S profiles
[farms] Two different maintenance modes (cut and drain) for HTTP[S] and L4xNAT profiles
[farms] Improved HTTPS profile with new options to Enable / Disable SSL/TLS protocols
[farms] Max number of connections by backend server in L4xNAT profile
[farms] New DSLB module (Datalink Service Load Balancing) which manages uplinks and inbound LB
[farms] New farms status (UP, DOWN, Critical and Problem)
[farms] New backends Status (UP, DOWN, Maintenance and Undefined)
Improvements:
[system] Faster response based on REST API
[gui] Improved look and UX
[system] Enhanced logs management
[support] Support save options for better troubleshooting and support
[system] Linux Kernel based in a common Debian Stretch
[system] Easier upgrade by modules and transitions to Enterprise
[system] Improved the backup and recovery procedure
SKUDONET 5.1.3 (Enterprise Edition)
01/02/2018
Bugfixes:
[farms] Issue solved enabling / disabling HTTPS backends checkbox
[farms] Solved segmentation fault in HTTP farms with session replication daemon ssyncd and cookie insertion
[system] Checks if an IP exists in any interface
SKUDONET 5.1.2 (Enterprise Edition)
22/12/2017
Bugfixes:
[webgui] Not allowed to enter weight values higher than 9 for l4xnat profiles
[guardian] Some farmguardian health checks were not stopped properly
[cluster] Zeninotify was not started after a cluster switch
SKUDONET 5.1.1 (Enterprise Edition)
22/11/2017
Improvements:
[system] New backup procedure to save the configuration
[system] Set a default SSL certificate for web GUI and API to 2048bits
[api] Added HTTP Headers for API calls to avoid content cache in browsers
[farms] Configurable redirect HTTP codes
[farms] Speed optimization to load SSL SNI certificates list
[gui] Activation certificates expiration notifier
Bugfixes:
[cluster] Leave maintenance mode properly in 3000 and 4000 series
[ipds] Solved some bugs related to RBL rules assignment to farms
[gui] Allowed searches in CN column for Certificates Lists