7.1.3 EA Release

Netsweeper 7.1.3 EA is now available. This is the third release in the Netsweeper 7.1 release cycle.

This release is based on CentOS6 but we are working hard to port the entire product to CentOS 8. Over the course of the 7.1 release cycle we will be making CentOS 8 porting advancements and will be making a 7.1.X build available for both CentOS 6 and CentOS 8. The features and bug fixes we add will be available in both builds once we make them public.

Customers can access our community site for more information.

Features in 7.1.3 EA include:

Account Management

  • There is now a way to click back to the original account after you have used the ‘Assume Identity’ identity function

Routes Advertising Service

  • New tab lets you specify the list of IP addresses that are Exceptions for Advertised Routes
  • Writes log records when it adds or deletes a route

Deny Pages

  • The ‘WebAdmin Unavailable Deny Page DPID’ and the ‘WebAdmin Secure Deny Page DPID’ options in ‘WebAdmin Settings’ now allow you to select the DPID from a dropdown list

Certificate Management

  • In ‘WebAdmin SSL Certificate’, ‘Let’s Encrypt Certificate’ is now the default option in the ‘Generate’ tab and the ‘Domain Name’ field is prepopulated with the SERVER_NAME

NSProxy

  • New settings configure multiple icap_servers to chain REQMOD together and copy ICAP response headers from one ICAP service to another
  • The ICAP header of X-Category can now be either a comma segmented list of category names or category numbers. These categories can be parsed and used for policy processing and logging purposes
  • Auth redirect and auth portal use two cookies for secure sites and “protect_netsweeper_cookie” now detects and removes both cookies if present when the feature is enabled

Change Log 7.1.3:

TicketDescription
23001FEATURE: When using the ‘Assume Identity’ feature, there is now a way to click back to the original account.
23239FEATURE: The Routes Advertising Service now allows you to specify the list of IP addresses that are Exceptions for Advertised Routes. The Routes Advertising page has a new ‘Advertised Routes Exceptions’ tab that can be combined from multiple Lists. The ‘Exception List’ tab has been renamed to ‘List Entry Exceptions’.
23253UPDATE: Now, by default, the NSRoutes service rotates log files with USR1 and reloads the configuration with USR2 or HUP.
23288FEATURE: NSRoutes now can write log records when it adds or deletes a route.
23316BUG: The NSProxy output connection stats in transparent mode were not accurate.
23323BUG: The Auth Portal cookie injection process could be halted by new Chrome security settings on HTTPS based sites. This could reject the cookie unless the Chrome feature for SameSite is disabled in Chrome flags. The auth portal redirect process now supports the new Chrome SameSite security feature and segments the cookie between https and http websites.
23351BUG: The identity security for the ‘Assume Identity’ option has been improved by using a new session ID.
23362FEATURE: The ‘WebAdmin Unavailable Deny Page DPID’ and the ‘WebAdmin Secure Deny Page DPID’ options in ‘WebAdmin Settings’ now allow you to select the DPID from a dropdown list.
23363FEATURE: In the ‘WebAdmin SSL Certificate’ window, the ‘Let’s Encrypt Certificate’ is now the default option in the ‘Generate’ tab and the ‘Domain Name’ field is prepopulated with the SERVER_NAME.
23368BUG: The new per group auth portal page did not, by default, have the proper form data to pass the group, url, and userip.
23377BUG: Permission checking for the Account Template APIs has been fixed.
23391FEATURE: NSProxy can now configure multiple icap_servers to chain REQMOD together and copy ICAP response headers from one ICAP service to another. New settings: icap_next_channel and icap_copy have been added.
23393FEATURE: The ICAP header of X-Category can now be either a comma segmented list of category names or category numbers. These categories can be parsed and used for policy processing and logging purposes.
23409FEATURE: The new auth redirect and auth portal use two cookies netsweeper=, and netsweepers= for secure sites. NSProxy “protect_netsweeper_cookie” has been updated to detect and remove both cookies if present when the feature is enabled.
23410BUG: The default WebAdmin Auth Portal has been updated to support the Chrome SameSite cookie feature.
23434BUG: All ICAP requests sent an extra \0 terminate byte which is one byte larger than our null-body.
23449BUG: The New URL refresh on default Deny Page breaks as “$encodedcat” is not supported.
23452BUG: The NSRoutes service did not properly remove both IPv4 and IPv6 entries when lists where changes or DNS resolution changed.