main/squid/ChangeLog

HEAD
	+ Fix configuration for external AD
	+ Do not listen on internal interfaces
4.0
	+ Remove ads on deprecated features
	+ Set version to 4.0
	+ Added dynamical group authorization
	+ Do not lowercase user names if kerberos is used
	+ Fix exception accesing the access rules model when samba not provisioned
	+ Fixed populateGroups() in AccessRules when upgrading from 3.4
	+ Fixed wrong old-style try-catch
3.5.1
	+ Remove categorized domains temporary files
3.5
	+ Fixed generated rules for blanket domain deny
	+ Adapted to samba4 instead of OpenLDAP
	+ Set version to 3.5
	+ Speed up external AD connection using persistence
	+ Allow dansguardian user to read categories lists files
3.4
	+ Give support to multiple addresses for a domain in Transparent
	  Proxy Exemptions
	+ Save modules configurations after initialSetup
	+ Added all subdomains in cache exemptions
	+ Deny cache explicitly from cache exemption domains
	+ Give support to optional ABORTED flag in denied requests when
	  the HTTP client aborts the request
	+ Adapt configuration for squid 3.3.8
	+ Use service instead of deprecated invoke-rc.d for init.d scripts
	+ Set version to 3.4
	+ Forced 644 permission on Dansguardian files to avoid zombie processes
	+ Remove canonical_dn call for compatibility with MS LDAP servers in
	  external AD mode
	+ Synchronise AD groups every 30 min if using external AD and any
	  filter profile includes an AD group
	+ Manage errors when AD failed on fulfill our requests in external
	  AD mode
	+ Give support to groups with more than 1500 members and more than
	  1000 groups in external AD mode
	+ Fixed regression in authenticationMode method
	+ Added validation of the domains added to the transparent proxy
	  exceptions
3.3
	+ Switch from Error to TryCatch for exception handling
	+ Delete migration code from old versions
	+ Update strings to new offering
	+ Make external AD auth available for offer 2013
	+ Added http_allow to internal squid stub so proxy event does not need
	  an explicit rule
	+ Added missing EBox::Exceptions uses
	+ Fix group based filter access rules in external AD mode, retrieving
	  members of nested groups
	+ Correctly escape DNs and search filters or external ACL helper script
	+ Explicitly specify to listen on all IPv4 interfaces
	+ Add new config key auth_ad_negative_acl_ttl to configure negative ACL
	  cache time in external AD mode
	+ Transparent proxy redirection for openvpn servers' clients
	+ Moved EBox::SquidFirewall to EBox::Squid::Firewall
	+ Avoid error in access rules model when using external AD and
	  module has not been configured
	+ Improve squid group membership helper script
	+ Fixed squid basic authentication to support multi-OU
	+ Set version to 3.3
3.2
	+ Set version to 3.2
3.1.7
	+ Include domains with final slash as filtered when required
	+ Ignore 407 requests when auth is required in log helper
3.1.6
	+ Override daemons when migrating from 3.0
	+ Disable load_url_list by default to reduce CPU and memory usage
3.1.5
	+ Use DATETIME type in date column for consolidation tables
	+ Summarised report has breadcrumbs now
3.1.4
	+ Fixed regression on Delay Pools table triggered by changes in updatedRowNotify
3.1.3
	+ Mark logs as changed when an access rule is added, updated or deleted
	+ Fix duplicated entries generated by the LogHelper
	+ Prerouting rules have no iaccept chain, use ACCEPT target
	+ Adapted to updatedRowNotify call with no changes in values
	+ Added menu icon
	+ Fix parse of the dansguardian log in the LogHelper
	+ Make LogHelper extract data from internal and external log files
	+ Adapt firewall rules to new accept chains
	+ Show correct group names in the Access Rules menu when using Users Group
	+ Handle domains that are actually IP addresses in the LogHelper
	+ Set transparent HTTP proxy firewall rules unless the module is
	  temporary stopped
	+ Added support for multiple Organizational Units
	+ Updated to use the new security group concept
	+ Adapted squid to new user module interface for external AD authorization
3.1.2
	+ Use external squid log file to retrieve HTTP proxy requests
	+ Added Auth and Cache Exceptions for non-transparent mode
	  which allow to bypass Squid + Dansguardian auth
	+ Added CUPS and ftp to SSL_ports
	+ Avoid warning in AccessRules validateTypedRow
3.1.1
	+ Squid time ACLs have independient ids, this fixes several issues
	  with combinations of time, dates and long acls
	+ Do not repeat Squid ACL declarations
	+ Changed HTTP keytab permission in order to avoid krb5_kt_add_entry errors
3.1
	+ Removed 3.0.X migration code
	+ Implemented _daemonsToDisable()
	+ Added Pre-Depends on mysql-server to avoid problems with upgrades
	+ Depend on zentyal-core 3.1
3.0.9
	+ Change the kerberos service from squid to http. Zarafa and Squid must
	  share the service principal.
	+ Disable DC reverse DNS lookup for msktutil commands
	+ Explicitly set the DC for msktutil command when updating the keytab
3.0.8
	+ Regenerate Kerberos keytab on LDAP reprovision
3.0.7
	+ Fixed bug which returned the list of users of a profile inside
	  another list
	+ Authenticate against external AD for Enterprise editions
3.0.6
	+ Avoid to request authorization again when 'deny unknown domain'
	  option is set in filter profile
	+ Access rules for the same source can have different time
	  periods if they dont overlap
3.0.5
	+ Reload dansguardian configuration in log rotation instead of
	  restarting the full module
	+ Overwrite squid3 logrotate file to take care of the squid-external daemon
3.0.4
	+ Fixed SNMP acl
	+ Removed redundant cache_log line from squid-external configuration
	+ Fixed bug which did not include users from __USERS__ group in
	  dansguardian filter group file
3.0.3
	+ Fixed error triggered when creating a delay pool without an object
	+ Make sure in categorized lists model that list archives are not
	  backed up
	+ Migrate old directories with blank names and their asociated
	  configuration values
	+ Better escape of whitespace in ACL names
	+ Replace blanks for categorized lists directories to workaround
	  squid bug.
	+ Fixed bug which allowed bad long names for ACL for 'all' object
	+ Set visible_hostname to host '(instance)FQDN'. The standard value
	  'localhost' causes access denied under certain circumstances
	+ Ignore access rules for empty objects
	+ Ignore access rules for empty groups
	+ Mark module as changed if addition/removal of users modify ACLs
3.0.2
	+ Fix escaping in categorised list uploading. This is a regression
	  from 3.0.1 release.
	+ Force all connections to pass through squid-external or deny access
	+ Allow access to the proxy for clients which are not in local networks
	+ Don't allow to set kerberos and transparent proxy at the same time
3.0.1
	+ Changed ownership of categorized list files to ebox to allow download
	+ Removed no-configured files when saving changes after restoring
	  a backup
	+ Added configuration key to load regexes url lists from
	  categorized lists or not
	+ Adapted domains files to squid object to be able to use
	  dstdomain ACLs with thems
	+ Added explicit error when a squid configuration file is invalid
	  when debug is enabled
	+ Limited object ACLs to ten addresses per line
	+ When creating user ACLs put only ten users per line to avoid
	  reaching maximun configuration file line length
	+ Use lowercase user names in configuration file, otherwise
	  authorization fails
	+ Use of reserved character in generated ACl names to avoid name clashes
	+ Protection for ACL from profiles with too long names
	+ Added validation of categorized list structure
	+ Changed paths for categorized lists files so they are all under
	  /var/lib/zentyal/files/squid
	+ Work arounded the removal of archive files until the framework
	  takes care again of them
	+ Fixed categories list removal of extracted files
	+ Moved a lot of the filter functionality to squid. In DG remains:
	  filter by text analysys, antivirus and block ip
	+ Adapted to improvement of EBox::Module::Service::isRunning method
	+ Moved most of the filter functionality to squid. In DG remains:
	  filter by text content analysys, antivirus and IP block
	+ Fix kerberos authentication when filter profile applied. As dansguardian
	  does not support kerberos auth, now there are two squid instances, one
	  on the front of dansguardian to perform the authentication and one in
	  the back to cache contents
	+ Added memory cache of seen list directories to DomainFilterCategories
	+ Categories from bigblacklist are now accepted
3.0
	+ Customized "Access Denied" page theme
	+ Added 'All users' option for Access Rules with group source
	+ Using again squid ACLs when DG is active
	+ Fixed issues in timed regeneration of DG files
	+ Do not allow mix of IP and basic authorization in DG
	+ Fixed directory to store archive files
	+ Reviewed registration strings
2.3.12
	+ Squid is restarted if groups in use change their members
	+ Adapted LdapUserImplementation to new users API
	+ Added kerberos real to auth acls on squid.conf to fix SSO
	+ Added -i option to squid_kerb_auth to ease debugging
	+ Archive list can now have spaces in the name
	+ ListArchive type now accept spaces in the file name
	+ Move report code to remoteservices
	+ Perform the domain processing in log helper, very valuable for
	  querying and reporting
	+ Fixed auth rules in squid.conf to not allow all authorized users
	+ Kerberos auth is optional and disabled by default
2.3.11
	+ Removed duplicated Domain Filter Settings model in tabs
	+ Better order and names in Filter Profile models
	+ Better order for menu items
2.3.10
	+ Added users as enabledepend
	+ Add rule to allow web browsing by default on initial setup
	+ Categorized lists now work
2.3.9
	+ Summarized report works again
	+ Added modeldepends to yaml schema
	+ Fixed cache-peer authorization parameters when using a global proxy.
	  Due to this change squid.conf is no longer readable by all
	+ Avoid multiple calls to store row in DelayPools::_setUndefinedValues()
2.3.8
	+ Fixed group-based authorization
	+ Fixed wrongly set time period acls in squid configuration in some cases
	+ Fixed 'any' rules in dansguardian configuration
2.3.7
	+ Unify FirewallHelper, removed no longer needed SquidOnlyFirewall
	+ Support for different filter profiles depending on the time period
	+ Update dansguardian conf templates to 2.10 version
	+ Use new clone and check all options in tables
	+ Added HTTPS proxy support if squid is compiled with SSL support
	+ New Transparent Exemptions model to skip proxying of some websites
	+ Rearranged components on filter profile configuration
	+ New Categorized Lists model to upload the lists archives
	+ Download sizes for Bandwidth Throttling now use MB instead of KB
	+ Users and Antivirus enable dependencies are now optional
	+ Default policy if no other allow or filter rules are present is deny
	+ There is no need of manually specify global authorize or filter policy
	+ New AccessRules model instead of objects and groups policy tables
	+ Simplified Bandwidth Throttling using a single table
	+ Removed useless HTTP proxy status widget
	+ Using EBox::Object::Members class to generate iptables rules
	+ Removed greylist feature that was confusing
2.3.6
	+ Added enabled control to domains files lists
	+ Remove duplicated models for default profile and custom filter profiles
	+ Remove "apply on all" and "use defaults" models
	+ Adapted to new Model management framework
	+ Use new _keys() which takes cache into account instead of _redis_call()
	+ Adapted TimePeriod type to the changes in the types framework
	+ Kerberized authentication
	+ Implement new EBox::NetworkObserver::regenGatewaysFailover()
2.3.5
	+ Create tables with MyISAM engine by default
2.3.4
	+ Use new tableBody.mas in TrafficDetails.pm
	+ Fixed regresion which broke the apply all button for MIME and extensions
2.3.3
	+ Packaging fixes for precise
2.3.2
	+ Updated Standard-Versions to 3.9.2
2.3.1
	+ Adapted messages in the UI for new editions
	+ Uniformize config boolean values (from true/false to yes/no)
	+ Now you can use the default profile in a custom profile for file
	  extensions
2.3
	+ Adapted to new MySQL logs backend
	+ Ignore localnets with undefined DHCP address when writing conf
	+ Adapted to squid3 new paths and daemon and squid.conf syntax
	+ Replaced autotools with zbuildtools
	+ Fixed regression on filter selection depending on the objects
	  policy. Now it works again
	+ Fixed regression which broke filter policies in objects when a
	  non-filter global policy was selected
	+ Fixed use of not-defined yet ACL when using parent peer
2.2.1
	+ Fixed deprecated syntax for some iptables rules
	+ Fixed parameter for unlimited value in delay pools
	+ Fixed order of refresh patterns
	+ Properly set of never_direct option when setting a parent peer
2.1.11
	+ Improved bandwidth throttling texts
	+ Set proper message type in General Settings model
2.1.10
	+ Remove dansguardian startup link to avoid start when disabled
2.1.9
	+ Fixed encoding in blocked page template
	+ Reviewed some subscription strings
2.1.8
	+ Differentiate ads from notes
	+ Removed /zentyal prefix from URLs
	+ Added configuration key to omit domain categorized files from backup
	+ Avoid duplicated restart during postinst
	+ Give support for setting a new adblocking redirector
	+ Give support for adding postmatch patterns in Ad-blocking
2.1.7
	+ HTTPS works both for banned domains and block blanket options
	+ Added guard against missing rows in antivirusNeeded method
	+ Order top domains by visits instead of traffic bytes in
	  reporting
2.1.6
	+ Include missing dansguardian.logrotate file
2.1.5
	+ No longer use custom upstart scripts and custom logrotate conf
2.1.4
	+ Humanize units in Delay Pools (from Bytes to KB)
	+ Use the new "Add new..." option in the object selectors
	+ Added global ad-blocking option
	+ Use quote column option for periodic and report log consolidation
	+ Guard against generating empty localeboxnet ACL
2.1.3
	+ Dansguardian is only started when a global filter policy is choosen
	+ Applied keyGenerator option to report queries
2.1.2
	+ Removed workarounds on component's parent/child relationship
	+ Adapted logrotate configuration to new PID file
2.1.1
	+ Added guard against empty fileList_path keys
	+ Added missing Microsoft updates server in squid.conf.mas
	+ Zentyal squid daemon uses a different pidfile now
	+ Fixed bug that could delete the default profile file list
	+ Avoid call to set_string with undefined value
	+ Added missing dependency on network module
2.1
	+ Use new standard enable-module script
	+ Improved order of tabs in filter profiles
	+ Custom filter profiles are also populated with default extensions
	  and MIME types
	+ Delete all migrations and use initial-setup
	+ Replace /etc/ebox/80squid.conf with /etc/zentyal/squid.conf
	+ Disable default arbitrary regexes in bannedregexpurllist.mas
2.0.3
	+ Bugfix: when having different filter profiles with domain lists,
	  the lists files are no longer deleted on the second restart
2.0.2
	+ Filter profiles names with spaces are forbidden to avoid errors
	+ Avoid problems with some languages on disk usage graph
2.0.1
	+ Added commercial message
	+ Set DNS servers in Squid configuration
1.5.13
	+ Rebranded access denied page
1.5.12
	+ Add SNMP server from Squid when required
1.5.11
	+ More global proxy configuration and domain configuration improvements
	+ Zentyal rebrand
	+ Running squid daemons are killed when starting ebox proxy if pidfile
	exists
1.5.10
	+ Fixed dansguardian/squid crash when logrotate was daily executed
1.5.9
	+ Fixed profile mime types migrations
1.5.8
	+ Added upstart script for squid to avoid first start problems
1.5.7
	+ Fixed problems with ACL names
1.5.6
	+ Fixed problem with whitespaces in users/groups/objects in squid
	configuration file
1.5.5
	+ Revert range_offset_limit option to default value because was causing
	  troubles with streaming sites.
1.5.4
	+ Added bridged mode support in firewall helper
1.5.3
	+ Bugfix: Delay pools ordering works on UI
1.5.2
	+ Bugfix: use default squid init script instead of old missing ebox.squid
1.5.1
	+ Maximum file descriptor option in now set in /etc/default/squid
	+ Bugfix: Log exception hits in dansguardian so whitelisted
	  domains are now logged properly
	+ Bugfix: Get virtual interfaces as well to set firewall rules
	+ Bugfix: Make some checks in delay pools to avoid
	  misconfiguration, do not write the disabled rules and set the
	  proper labels and more detailed explanation
	+ New bandwidth throttling support with delay pools
	+ Bugfix: trim URL string as DB stores it as a varchar(1024) (Log)
	+ Disabled ban URL regexes
	+ Added filter profile per object
	+ Bugfix, breadcrumbs triggered old problem with parent method in
	DomainFilterCategories model, so we enable again the old
	workaround to avoid this error
	+ Add new information about saved bandwidth to the reports
	+ Fixed bug in filter profile by object with network addresses
	+ Customized Dansguardian blocked page template
	+ Exclude localnetworks from bandwidth throttling
	+ Added flash MIME types to default MIME types
	+ Squid default cache_mem set to 128 MB
	+ New option to configure maximum_object_size which defaults to 300 MB
	+ Add refresh_pattern options for Microsoft Windows, Debian and Ubuntu
	updates
	+ Removed dead code in dumpConfig/restoreConfig methods
	+ In configuration report mode the module does not longe include
	  the domain lists archives
1.3.14
	+ Bugfix: in restartService we assure that all files are in place
	before restarting the daemons
	+ Changed labels in cache exemptions form 'domain' to 'domain name
	address' to make clearer the actual working of the feature
	+ Better help messages for time period parameters
	+ Added custom script to delay downtime while log rotation is done
	+ Only unzip domain categoris archives when they have changed,
	this speeds up the module startup
	+ You can establish the same policies for URLs than for full domains
1.3.13
	+ Switching antivirus from clamavscan to clamdscan
	+ Better MIME type check, removed false negatives with some subtypes
1.3.12
	+ Bug fix: Added migration to rename access table to squid_access.
	+ Add breadcrumbs
1.3.11
	+ Added report support
1.3.6
	+ Bug fix: Disable cache in Group Policy base to be able to fetch new groups in
	  "Group" select
	+ Bug fix: no more duplicated log for the same URL
	+ UI improvement: precondition in objects and user polices
1.3.5
	+ tableInfo returns an array of hash refs
	+ Bugfix: group policies are deleted when the group is deleted
	+ Bugfix: added notification when antivirus is enabled to assure
	that we have a correct configuration
1.1.30
	+ Added to Traffic details report _noAggregateFileds and fixed bug
	with defaultController
	+ Bugfix: HTTPS traffic tunneled correctly
1.1.20
	+ Disable PICs ratings by default
	+ logs are sesrchable by user
1.1.10
	+ Change default dansguardian conf to make it work with dansguardian 2.9.9.7
1.0
	+ new release
0.12.100
	+ New release
	+ Added user based authorization
	+ Added filter profiles
	+ Added group polices
	+ Added time period option to policies
	+ Added per-object group policies
	+ Added antivirus support
	+ Added dansguardian's custom logrotate file
	+ Added cache exceptions
	+ Added cache size
	+ Disabled exception and banned phrases to avoid uncontrolled
	content filter results
0.12.99
	+ Add support for reporting
	+ User support
	+ Exemption for cache option added
	+ Adapted to objects with overlapping addresses
0.12
	+ Use the new EBox::Model::Row api
	+ Add field help to models
	+ Fix titles within tabs
	+ Set deny as default policy
0.11.101
	+ New release
0.11.100
	+ Use the new syntax to enable transparent proxy
	+ Do not launch dansguardian with setsid. It was necessary with runit,
	  but not with upstart any more.
	+ do not remove rc scripts, stop on pre-start
0.11.99
	+ Set proper language to show denied access page by dansguardian
	using eBox locale (Currently manually maintained)
0.11.1
	+ Bugfix. MIME and extension filter allow attribute is NOT
	optional but they have a default value
O.11
	+ New release
0.10.99
	+ Use new model/view framework. UI uses Ajax
	+ Attempt to simplify content filter interface
0.10
	+ New release
0.9.100
	+ New release
0.9.99
	+ New release
0.9.3
	+ New release
0.9.2
	+ Add nasty workaround to try to stop and create swap directories for
	  squid
O.9.1
	+ New release
0.9
	+ Added Polish translation.00
	+ Added German Translation

0.8.99
	+ New release
0.8.1
	+ force creation of swap directories in postinst
0.8
	+ New release
0.7.99
	+ Add Mime Type Filter Support
	+ Add custom filter support for file extensions and Mime Type
	+ Merge portuguese translation thanks to JC Junior
	+ Add some explanatory notes
	+ Fix some small bugs
	+ Fix a bug which made dansguardian crash at start
	+ Dansguardian does not start when it shouldn't

0.7.1
	+ Add support to configure banned extension list in dansguardian
	+ GUI consitency
	+ Use of ebox-sudoers-friendly

0.7
	+ First public release
0.6
	+ move to client
	+ API documented using naturaldocs
	+ Update install
	+ Update debian scripts

0.5.2
	+ Fix some packaging issues

0.5.1
	+ Convert module to new menu system

0.5
	+ No changes

0.4
	+ debian package
	+ Added content filter based on dansguardian
	+ Rework to support dansguardian
	+ Added French translation
	+ Added Catalan translation

0.3
	+ Supports i18n
	+ Supports banned domains
	+ API name consistency
	+ Use Mason for templates
	+ added tips to GUI
	+ Fixed bugs to IE compliant
	+ Several bugfixes

0.2
	+ All modules are now based on gconf.
	+ Removed dependencies on xml-simple, xerces and xpath
	+ New MAC address field in Object members.
	+ Several bugfixes.

0.1
	+ Initial release