-
Notifications
You must be signed in to change notification settings - Fork 4
/
ChangeLog
379 lines (304 loc) · 10.8 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
=======
1.8.2 RELEASE (2024/06)
Improvements and enhancements
- Introduced separate mitigation statistics for matched vs. dropped packets/bytes (JUNOS-specific use of firewall MIB for mitigation statistics)
=======
1.8.1 RELEASE (2023/11)
Improvements and enhancements
- Enhancement of the Dockerfiles for testing and reference-installation
- Docker Compose introduced ./docker-compose*.yml
- Fixed broken Menubar
- Updated arrangement of the buttons in the rules table view; fix sorting of entries in table default by name again; dont reset paging on reload
- Reenable possibility to set expire date when creating a rule via REST API
- Apply check sync also for out-of-sync-rules
- Bugfixes required for newer Django version
=======
1.8.0 RELEASE (2023/05)
Improvements and enhancements
- Upgraded to newer Django
requires adaption of flowspy/settings.py regarding staticfiles handling
(check 'git log -p flowspy/settings.py.dist')
- Fixed unwanted possibility to mix IPv4 and IPv6 address prefixes in rules
- Fixed broken check_sync for IPv6 rules
- Support for implicit icmp6 in IPv6 rules
- Fixed improper UTF-8 encoding of Shibboleth attribute values
- Rule id shown on rule detail pages
- Installation support for DEBIAN/UBUNTU, including Systemd support
- Cleanup of log file handling
- Update of documentation
- Enhancement of the Dockerfiles for testing and reference-installation
- DEBIAN as base Docker image is now default: ./Dockerfile
(being linked to ./Dockerfile.fod.debian)
- CENTOS7 keeps to be supported: ./Dockerfile.fod.centos.new
- New experimental setting variable RULE_NAME_PREFIX:
possibility to prefix every FlowSpec rule
injected via JUNOS_specific NETCONF on the router with a given String,
to distinguish such FlowSpec rules from
FlowSpec rules injected via NETCONF by other tools or means
=======
2022/08
Many improvements and enhancements
- IPv6 rule support added
- Improved IP range matching between rules and peer IP ranges
=======
1.7 RELEASE (in 2021)
Completed Reimplementation
- Update to Python 3 and Django 2
- Reimplementation of many parts necessary because of changed dependencies
- REST API improved
=======
1.65 (in 2020)
Basic Reimplementation
- Update to Python 3 and Django 2
=======
(in 2019)
Enhancements
- Docker test installation container
- NETCONF simulator container for testing
=======
1.5 RELEASE (in 2018)
Updates and Enhancements
- Added SNMP statistics and statistic graphs
- Easy specification of port ranges
- Improved date picker
- eduGAIN errors made depending on the configuration
- Many other enhancements
=======
1.2 RELEASE
Updates and enhancements. Check documentation for updating from previous versions
- Code Cleanup
- Branding
- Rest Api
- Easier Configuration
=======
1.1.1 RELEASE
Minor changes release
- Change license to GPLv3
- Minor documentation updates
===========
1.1.0 RELEASE
Updates and enhancements. Check documentation for updating from previous versions
- Minor UI enhancements
- Patch user model to include user peer in __unicode__
- Include celery task exceptions in proxy
- Cleanup js files
- Resolve a major issue where the platform would start on 2nd refresh
- Cleanup poller urls
- Enhancements to json routes export
- Include timeout handling in tasks
- Fix issue with ports not updating
- Add longerusername plugin to replace user monkey patching
- Handle a bug in South that causes the Peer table to become unusable after adding autoincrement
===========
1.0.3 RELEASE
Minor fixes. Check documentation for peers table handling
- Fix issue with altlogin redirection
- Switch peers primary key to AutoField
- Make peers tables management configurable
===========
1.0.2 RELEASE
Documentation enhancements
===========
1.0.1 RELEASE
Minor fixes
Fixes:
-Overview login theme
-Add missing urls
===========
1.0.0 RELEASE
Major UI redesign, Debian Wheezy version, Django 1.4
Improvements:
-New UI based on Bootstrap3 theme
-Minor fixes in long polling init
-Debian Wheezy - Django 1.4 ready
===========
0.9.9 RELEASE
Major documentation improvements. Minor app enhancements. Minor bug fixes
Improvements:
-Wrote documentation in rst format (http://flowspy.readthedocs.org/)
-Update initial data with fragment types
-Add current version in footer via context
-Add beanstalk client, as installation from package is fuzzy
-Comment the helptext line in patched user model (django 1.3 issues)
===========
0.9.8 RELEASE
Minor functionality improvements (check Requirements)
Requirements:
-south migration to include database changes if you are at
<=0.9.5
Improvements:
-Added more port validation checks
-Added more IP address validation checks
===========
0.9.7 RELEASE
Minor UI improvements (check Requirements)
Requirements:
-south migration to include database changes if you are at
<=0.9.5
UI Improvements:
-Added badges in rule status
===========
0.9.6 RELEASE
New Feature and minor UI improvements (check Requirements)
Requirements:
-south migration to include database changes
Features:
-Added fragment type as an option in rule match statements
UI Improvements:
-Changed wording;from 'Suspend' to 'Deactivate'
-Increased the size of Console and Add Rule buttons. Made Add Rule button
stand out with different color.
===========
0.9.5 RELEASE
Fixes
Fixes:
-Fixed issue with page logo
-Changed Shibboleth attributes from HTML to Shibboleth naming in error.html
-Minor change in the user activation procedure. Activation mail goes only to admins not TechCs
===========
0.9.4 RELEASE
Minor fixes
Fixes:
-Change the name of the released file (Makefile)
-Added copyright info plus updated the README file
-Added missing files in images
===========
0.9.3 RELEASE
Minor fix
Fixes:
-Fixed the population of "Any" in source field
===========
0.9.2 RELEASE
Major enhancement and a minor fixes
Enhancements:
-Added alternative view for helpdesk
Fixes:
-Fixed the static url for tinymce in settings
-Fixed an issue caused by multiple Shibboleth attributes
===========
0.9.1 RELEASE
Major UI enhancements
Enhancements:
-Added bootstrap UI framework
-Added TinyMCE in flatpages
-Brought back flatpages with JS magic for translation switching
-HomeOrganization is no longer required-user selects from dropdown
-Added Shibboleth mapping in settings
-Added an Any button in source address
===========
0.9 RELEASE
Major enhancements
Enhancements:
-Added internationalization support
-Added Greek translation
===========
0.8.7 RELEASE
Minor enhancements
Enhancements:
- Merged all mail txt files into one
- Added all routes in form cleaning (initially, EXPIRED, ADMININACTIVE and ERROR were excluded)
===========
0.8.6 RELEASE
Minor UI enhancements/Bug fix
Fixes:
- Fixed issue where rules in ERROR state would cause check_sync to check them
Enhancements:
- Added small dots to ongoing response field to indicate activity
===========
0.8.5 RELEASE
Feature enhancement release/Minor UI fixes/Cleanup
Fixes:
- Changed javascript order to prevent unformated content in datatables
- Un-needed files cleanup
- Error template is now based on base.html template
Enhancements:
- Administrator privileges apply on UI as well
- Enhanced application security
===========
0.8.4 RELEASE
Vulnerability prevention/bug fixes release
Fixes:
- Fixed a bug where the shib auth backend erased non-shibboleth users info
- Added an authsource variable to prevent authentication backend overlapping
- Added exception handling for non-Shibboleth users that do not belong to a peer
===========
0.8.3 RELEASE
Feature enhancement release
Fixes:
- User/username length monkey patching now works with admin forms as well
===========
0.8.2 RELEASE
Bug Fix release
Fixes:
- Fixed bug with csrf cookie not being set while logged in for the first time
===========
0.8.1 RELEASE
This is the latest alpha release operating on production network
Changes:
- Fixed bug with protected networks form cleaning
===========
v0.8.0 RELEASE
New features
Changes:
- DB migration to protocol addition
- Added protocol to match conditions plus check mechanism to form cleaning
===========
0.7.11 RELEASE
Bux fixes
Changes:
- Prevented a bug that would cause the rule application to throw exception
===========
0.7.10 RELEASE
Got rid of another cronjob
Changes:
- Turned expiration notification cron job into celery job
- Added a preliminary draft for a Makefile facilitating various jobs
===========
0.7.9.7 RELEASE
Some minor changes mainly to reinforce security
Changes:
- Added FQDN resolving in mail notification templates to denote the host that an action originated
===========
0.7.9.5 RELEASE
Oops! Something was missing from form validation
Changes:
- Added source address to required fields
===========
0.7.9.2 RELEASE
Major changes (maybe version tag does not indicate that)
Changes:
- Added a custom command to fetch networks for each peer. Got rid of cronjob
- Major change with db engine. Altered database storage engine to MYISAM to allow for software relations between tables and views
===========
0.7.9.1 RELEASE
Code cleanups
Changes:
- Replaced simplejson imports with json
===========
0.7.9 RELEASE
Bug fixes
Changes:
- Added a custom uknown_host_cb function to overcome ssh key errors
===========
0.7.7 RELEASE
Modules cleanup
Changes:
- Removed utils/beanstalkc as it is now a deb package
===========
0.7.1 RELEASE
Code improvements
Changes:
- Modified peer network range update mechanism
===========
0.7 RELEASE
Major release/changes
Features:
- Added registration to installed apps
- Removed user activation from shibboleth backend. Moved it to login view
===========
Application features up to now:
- Rule creation and application to device via netconf, nxpy
- Match statements include source, destination addrs, src, dst ports
- Then statements include discard and rate limit for plain users
- User authentication via Shibboleth
- Whois client determines user peer networks and user authority