CacheGuard OS Change Logs

Version 5.6.1 (17 June 2010)

• The installation program has been enhanced to allow booting and installing the OS from a USB memory stick.
• The Linux kernel has been upgraded to the version 2.6.34 and all required drivers has been integrated to support latest hardware.
• Some minor bugs has been fixed in the Web administration GUI.
• The default serial speed has been changed to 115200.
• Some optimization has been made to reduce The CDROM image size.

Version 5.6.0 (18 March 2010)

• An AntiMalware (Virus, Trojan, Worm) has been added to the appliance.

Version 5.5.5 (28 February 2010)

• The Web administration GUI has been enhanced to allow direct accesses to menu boards from the main bar menu.

Version 5.5.4 (16 February 2010)

• The tuner module has been enhanced to manage parallel Web requests more adequately.
• The guarding module has been enhanced to allow or deny the usage of direct IP addresses instead of domain names.
• The Web Audit module has been fixed to print messages properly.
• An anti-malware has been added to the appliance in beta test mode.
• The backup retention policy for logs has been changed so the system backups logs for a period of 30 days.
• A new feature has been added to the system so unwanted Web accesses and rejected requests to protected Web servers are all logged in separated files.

Version 5.5.3 (15 December 2009)

• The Web administration GUI has been fixed to refresh properly logs when an explicit refresh is invoked.
• A new option has been added to the administration interface to clear the persistent Web cache.

Version 5.5.2 (30 November 2009)

• The Web administration GUI has been fixed to display properly the top main menu in ie8.

Version 5.5.1 (16 November 2009)

• The guarding feature has been reinforced so that Web surfers are no longer allowed to use directly IP address instead of domain names to bypass URL filters.
• In the Web Administration GUI, clear passwords has been removed from displayed reports.
• The Web Administration GUI has been enhanced to support IE8.

Version 5.5.0 (13 October 2009)

• The command "user" has been removed and replaced by the argument "user" added to the command "admin".
• A new command called "cache" has been added to the system. This command allows to manage some cache parameters.
• The command "forceloadurl" has been removed and replaced by the argument "loadurl" added to the new command "cache".
• The argument "denyurl" has been added to the command filter. This argument allows to set a URL to redirect to when an HTTP request is blocked.
• The filter and compress modules has been improved to support accessing to Web sites that use NTLM / SSPI authentication (even if NTLM/SSPI is not compliant with HTTP).
• The URL blacklist auto updating module has been enhanced to download properly all remaining files since the last update process.
• The file transfer module has been improved to manage errors during file transfer.
• The Web Administration GUI has been modernized and improved.
• The User's Guide has been enhanced.
• USB keyboards are now supported.
• Some internal minor bugs have been fixed.

Version 5.4.2 (15 March 2009)

• An option to manage SSL CA chain has been added to the "rweb" command.

Version 5.4.1 (22 February 2009)

• The syntax of the command "guard" has been changed and new guard management features has been added to the appliance. An option allows you to update an existing blacklist category from a diff file. A second option allows you to automatically update a blacklist category since the last update/create date until today. There is also possible to program automatic blacklist category updates. Also The blacklist category save option has been removed.

Version 5.4.0 (2 January 2009)

• An LDAP authentication mode has been added to the appliance.
• The bug that prevented connection to internal NTP servers has been fixed.

Version 5.3.7 (25 Nov 2008)

• Now the multi CPU mode is activated during the installation if there is more than one installed CPU.
• A Huge Memory management mode (RAM > 4GB) is now available on the standard CDROM and could be chosen during the installation.

Version 5.3.6 (20 Nov 2008)

• The crash management module has been enhanced.
• The bug in the Health Checking module that inadvertently restart services has been fixed.
• Now the "rweb" mode is turned off by default.
• An option to cancel the running "apply" operation has been added.
• The patching module has been completely reviewed.
• The Web Auditing GUI has been enhanced.
• Generic content filtering rules have been updated.
• The reverse web auditing GUI displays properly all warning messages.
• The reverse web mode works properly even if there is only one declared HTTP Web site name.
• The reverse web mode works properly even if there is no DNS declared.

Version 5.3.5 (16 Sept 2008)

• Some internal minor bugs have been fixed.
• The CacheGuard License has been upgraded to the version 1.2. Now You can edit and modify the proprietary part of CacheGuard for your exclusive personal use. You still may not, except as permitted by applicable law, loan or create derivative works from the proprietary part of CacheGuard (See the new license).

Version 5.3.4 (28 Aug 2008)

• A CSS (Cascading Style Sheets) was added to the Web Administration GUI.
• SSL v2 is no more supported when the appliance acts as reverse Web proxy (only SSL v3 and TLS v1.0 are supported now).

Version 5.3.3 (29 May 2008)

• In the Web Administration GUI, the "logout" screen displays properly all images.

Version 5.3.2 (8 May 2008)

• The connection to the Web Auditing GUI works properly when the Guarding mode is deactivated (concerns only appliances installed for less than 20 users).

Version 5.3.1 (20 March 2008)

• The HTTP Transparent and HTTP Compress combination mode problem that produces some inconsistent HTTP requests has been fixed.
• Synflood rules are less aggressive so overloaded Web browsing works properly without faulty rejects.
• Textual output has been formatted to comply vt100 terminals.
• The power-off button on SPC appliances works now and shuts down the system properly.
• The LCD displaying on SPC appliances works properly.
• The "conf diff" command has been optimised.
• A "Show Configuration" option has been added to the Web Administration GUI.

Version 5.3.0 (14 March 2008)

• The furtive error while adding a list item in the Web GUI has been corrected.
• Connections to next peers work properly.
• Object sharing between cache peers has been optimized.
• All source codes are rebuild using gcc v4.1.2.
• All basic packages are upgraded.
• The command "halt" may power off the system even if the administrator is remotely logged in.
• The support of old Pentium Pro CPU has been added to the Linux kernel.

Version 5.2.8 (23 December 2007)

• The memory usage has been optimized.

Version 5.2.7 (1 December 2007)

• The number of parallel connections from peers is not restricted. Peers are considered as trusted parties that do not generate flooding traffic.
• The free trial version for more than 10 users has been limited to 15 days. When the trial period is about to end, the "apply" command no longer applies a new configuration unless a valid license key is installed.

Version 5.2.6 (24 November 2007)

• In Anonymous mode, the "WWW-Authenticate" header is no more hidden.

Version 5.2.5 (5 November 2007)

• A Synflood guarding has been added for traffics labeled "other".
• The number of parallel connections per client IP address has been restricted, which allows this release to stop flooding.
• Bug fix: The log rotation process has been fixed to save logs with the correct date and time.
• Bug fix: The IP address configuration has been fixed when the HA mode is deactivated.
• This is the first stable version.

Version 5.2.4b (1 November 2007)

• The Synflood guarding module has been enhanced for Web traffics.
• The Linux kernel has been upgraded to 2.6.23.1.

Version 5.2.3b (26 October 2007)

• Multiple reversed HTTP Web sites may be associated to the same public IP address.
• The brute force attack guarding module has been enhanced for Web traffics.

Version 5.2.2b (21 October 2007)

• The administration audit module is activated even if the "filter" and "rweb" modes are not activated.
• In the command "rweb", when adding a reversed Web site name, a mandatory IP address must be given for a HTTP Web site as well as for a HTTPS Web site.
• The QoS policy for a reversed Web site has been changed to be based on its public IP address.
• Some minor bugs have been fixed in the QoS module.

Version 5.2.1b (12 October 2007)

• The Web GUI program has been optimized.
• Bug fix: The configuration loading works properly even if the file to load does not exist.
• The reverse Web auditing documentation has been enhanced.
• Passwords having a length of 9 or greater are supported.
• FTP and TFTP protocols are supported by the Firewall.
• In High Availability mode all services all activated properly after configuration changes.

Version 5.2.0b (5 October 2007)

• X-Forwarded-Host, X-Forwarded-Server are removed from HTTP headers requests - X-Forwarded-For is also removed if no Nest Peer is declared of when the anonymous mode is activated.
• Port numbers for Next Peers can range from 0 to 65535 - See the command peer.
• An audit mode is integrated with the content filtering module. Auditing allows to inspect HTTP request contents and facilitate the filtering rule design process (See the commands "admin", "filter" and "port").
• A "Logout" link has been added to the Web Administration GUI.
• Deleting an administrator user works properly.

Version 5.1.2b (1 October 2007)

• The Via header is removed from all requests even if the anonymous mode is not activated.
• In the command "port", the keyword "webadmin" was renamed to "wadmin".
• In the command "password", the keyword "webadmin" was renamed to "wadmin".
• In the commands "rweb" and "transaction", the keyword "print" was renamed to "show".
• Bug fix: The ftp passive mode can now be activated properly.
• The administration access topology can now be configured with the command "admin".

Version 5.1.1b (22 September 2007)

• Bug fix: The Web site deleting with the command "rweb" works properly and all related custom filters are removed.
• Bug fix: Custom filter rules are properly applied to the running configuration and appropriate services restart.

Version 5.1.0b (20 September 2007)

• TRACK and TRACE methods are denied for the embedded Web server and all hosted Web servers even if the filtering mode is not activated.
• Content filtering is only applicable to reverse Web sites and does not affect the forwarding proxy.
• Custom content filtering based on regular expressions is operational.
• The syntax of the command "guard" has been changed.
• The command "conf" is optimized to run faster.

Version 5.0.0b (9 September 2007)

• The content filtering mode (filter mode) for reversed Web sites is operational. When the "filter" and "rweb" mode are activated, requests on protected Web sites are filtered for generic attacks (xss, sql injection...), protocol violations and other anomalies.
• The content filtering is hardened for the Web GUI.
• The configuration is properly saved for backend servers associated to a Web site.
• Guard categories are created even if the "guard" mode is deactivated.
• Guards black an white lists are loaded properly (the given file name must not include ".domains", nor ".expressions" nor ".urls" nor the ".gz" extensions).
• Setting VRRP in the Web GUI works correctly (a wrong content filtering rules was previously set by error).

Version 4.1.6b (2 September 2007)

• By default Route Tracing (traceroute) is allowed from the internal zone to the external zone.
• Bug fix: The Web GUI for the firewall configuration (Menu items "Security/External Firewall" and "Security/Internal Firewall") was fixed to work properly for long content.
• The content filtering for the Web GUI is more permissive for punctuation characters.
• Some other minor bugs were corrected.

Version 4.1.5b (28 August 2007)

• The licensing is also based on the number of Web Sites to reverse.
• The "Hard Factory Reset" procedure resets properly the "admin", "superadmin" and the root passwords.
• Images in the User's Guide available from the Web GUI are shown properly.

Version 4.1.4b (22 August 2007)

• The network installation and its documentation are improved (Mainly: the TFTP IP Address is guessed and if the installation fails, the installation environment is properly reset to give the possibility to launch the installation again).

Version 4.1.3b (17 August 2007)

• Bug fix: The port forwarding integrity is properly checked during the "apply" operation (Cannot NAT the destination IP to the appliance itself).
• Bug fix: When adding firewall rules using Web GUI, an empty entry does not add an "any to any" rule. To specify an "any to any" rule the keyword "any" must be specified for the Source IP, the Destination IP or the Ports field.
• Bug fix: The QoS/Incoming Flows menu item works properly in the Web GUI (Bug due to contenting filtering in the Web GUI).
• Bug fix: Web Site adding works properly in the Web GUI (Bug due to contenting filtering in the Web GUI).

Version 4.1.2b (13 August 2007)

• Bug fix: Network traffics other than Proxy traffics (HTTP, HTTPS and FTP) are shaped properly without abnormal slowdown.

Version 4.1.1b (10 July 2007)

• The Appliance could be installed properly using a PXE network device. The TFTP server IP address is configurable during installation.

Version 4.1.0b (9 July 2007)

• The Web GUI security has been improved.
• Bug fix: Native IP addresses could be setup properly in the Web GUI.
• The "rweb" VLAN is configurable using the Web GUI.
• The reverse mode is configurable using the Web GUI.
• The keyword "confcert" was renamed to "genssl" (related commands: "rweb" and "admin").
• When an HTTPS reverse Web site is deleted, the associated host list is erased only if no other external IP address is associated with this HTTPS Web site.

Version 4.0.0b (24 June 2007)

• A reverse mode is at last available in this version. This mode allows you to implement the appliance as a reverse proxy in front of Web servers to secure, accelerate and shape Web traffics. (see the commands "mode" and "rweb").
• SSH key loading works properly.
• SATA storage controller are supported again in this version (support was accidentally removed from the previous version).
• The keyword "gencert" is renamed "confcert" in the command admin.

Version 3.5.0b (04 June 2007)

• The QoS bandwidth shaping works properly for all types of traffics.
• The syntax of the command "qos" has changed.
• The QoS management can be deactivated using the command "mode".
• The "fw" command has been renamed to "firewall".
• This is an intermediate version before a main one supporting the reverse mode.
• The reverse mode is called "rweb" and some related commands are already integrated to the present version (but the "rweb" mode is not yet operational):
• The reverse mode could be activated using the command: "mode rweb on".
• The forward mode could be deactivated using the command: "mode web off".
• A new vlan called "rweb" is available for Web servers.
• A Filtering mode is integrated to inspect inside Web requests (see the command "mode filter").
• Allowed Web servers could be restricted to those declared with the command "access rweb...".

Version 3.4.0b (02 May 2007)

• The certificate generation procedure for the Web administration interface supports white spaces in entries.
• The alter image mode is no more supported - The core proxy module has changed.
• Time & Date can be setup properly by using the Web Administration GUI.
• The log rotation procedure deletes properly logs older than 10 days (or with a serial number greater than 10).

Version 3.3.2b (12 April 2007)

• The documentation of the command "mode" is corrected (gateway is renamed router).
• The Web administration Interface is enhanced for the General Feature and Network related modes.
• The Web administration Interface can show the last apply report even if the configuration is locked.

Version 3.3.1b (10 April 2007)

• In the command "mode", "gateway" is renamed "router".
• The integrated DHCP server may be activated via the CLI or Web GUI.
• The integrated DHCP server supports a failover mode.
• Network PCMCIA cards are detected.

Version 3.3.0b (28 Mar 2007)

• System and access logs are rotated together even if the access log is empty.
• A VRRP IP address could be associated to the external network interface (Useful for incoming connections via the external network interface, crossing the embedded firewall and destined to internal networks).
• The access to the embedded DNS is allowed.
• In HA mode, the vrrp multicast is allowed for all IP in the local network (and not only for declared HA peers).
• In HA mode, if the health checker cannot restart properly all vital service, a fail over is forced. The forced fail over is logged in the daemon.log log file.
• When defining administrator access with the command "access", an optional netmask could be specified.
• Bug fix: The configuration difference is correctly displayed in the Web GUI.
• The Web GUI is available via the embedded Proxy only when the VLAN mode is deactivated.

Version 3.2.7b (21 Mar 2007)

• Now, the Health Checker is correctly launched and checks all activated services.
• The Web administration GUI is available via the embedded Proxy.
• Minor enhancements and optimization.

Version 3.2.6b (14 Mar 2007)

• Bug fix: Now, the tftp command is found during the installation phase.

Version 3.2.5b (10 Mar 2007)

• When loading/saving guard categories, the category type may optionally specified.
• Security was fixed so that, in VLAN mode, the embedded Firewall allows or denies only traffic to or from the "web" VLAN.
• The syntax of the commands "access" and "fw" has been changed. Now the access type "other" in the command "access" is replaced by the command "fw" followed by the keyword "intern". In the command "fw" the source IP address and optionally the network mask is specified.
• Other minor bug corrections.

Version 3.2.4b (21 February 2007)

• An optional port number may be defined when adding a Next Peer.
• Support has been added for the SCSI Message Fusion Driver (required for VMware certified version: LSI Logic).

Version 3.2.3b (13 February 2007)

• Support for TFTP to exchange Files with the appliance. To do that, the syntax of the following commands is changed: access, vlan, conf, system, log, guard.
• The completion for the command "dns" supports the keyword "localhost".
• To respect the command syntax homogeneity, the keyword "snmp" is renamed to "mgt" for the following commands: access, vlan. The "mgt" keyword specifies "snmp" and other possible management protocols later (The snmp agent is still not integrated in this version).
• The configuration cannot be applied if the internal and external IP addresses belong to overlapped networks (The text of the error number 203 is also modified).
• The "ip" command checks if the given IP address is a valid host IP address (The network and broadcast IP address cannot be given now).
• Bug fix: Swapping between the VLAN mode and Native Mode (mode vlan on/off) restart adequate services to bind to appropriate network interfaces.
• Bug fix: The system patching (Menu item "File/System Patches") works correctly in the Web GUI now (the "Do Operation" produce the awaited result).
• Other minor bug corrections.

Version 3.2.2b (02 February 2007)

• A shortcut "Apply" button was added to the Web GUI's main menu.
• The keyboard selection during installation was enhanced.
• The "access" command documentation was enhanced.
• The README.txt file in the VMware virtual machine version package was enhanced.

Version 3.2.1b (23 Jan 2007)

• The command "apply" can be applied after a "factoryreset" without adding a DNS server.
• Soekris device installation notes have been enhanced.
• The Web GUI is now compliant with IE7 and FireFox 2.0.

Version 3.2.0b (17 Jan 2007)

• Initial Public Announcement