New Features
- Added support for network anomaly detection through Fingerbank
- New, fully integrated PacketFence PKI service
- New service for automatic clustering issue resolution
- New GUI for all filtering engines and switch templates
- New API and Vue.js based step-by-step configurator
- Added VMware Airwatch support
Enhancements
- Added suppport to run integration tests using Cumulus Linux and libvirt
- Added the ability to autoregister and assign a role to a device authorized in a provisioner
- Added the ability to control whether or not a provisioner should be enforcing (i.e. ensuring all devices matching it are authorized with it)
- Added the ability to sync the PID of devices authorized in a provisioner (only for Airwatch and JAMF)
- Add single sign-on support for Cisco ISE-PIC
- Support for MySQL as DHCP pool backend and provide active/active DHCP support
- Support Aruba switches using Aruba OS 16.10
- Added a new Meru controller module that supports RADIUS RFC3576 (RADIUS Disconnect)
- CLI login to Juniper switches
- Allow to configure VOIP RADIUS attributes in switch templates
- All configuration files have a copyright without year to avoid useless rpmnew or dpkg-dist files each yearly upgrade
- Improved Unifi deauthentication using HTTP
- Set TTL to 5 seconds when the host match with a captive portal detection host
- Enable tracking configuration service by default
- Better captive portal detection for Samsung devices
- Faster captive portal detection for Apple devices
- Routes are now managed by the keepalived service
- Parking security event can now be triggered without limitation
- Added a way to change the SQL table used by pfconfig
- Showing the configurator is now configurable (#5121)
- Node deletion in consistent between the the API and pf::node::node_delete (#5088)
- Allow VLAN number greater than 1023 for floating devices
- Improved captive-portal health checks in monit (#5185)
- Added RADIUS disconnect for wired port on Aruba AP (#5016)
- Switch templates can now use SNMP up/down to perform access reevaluation (#5197)
- HAProxy now serves the admin gui, httpd.admin disabled by default
- Reports are now tenant-aware
- Security events can be triggered when running node maintenance task (#4948)
- Added parameter to prevent external portal requests from updating the ip4log (#5336)
- Added new WMI examples
Bug Fixes
- Fixed logic to move MAC address to another port (Avaya)
- Fix serialization of the switch when calling ReAssignVlan/desAssociate
- Prevent double restart when setting the port admin status of an EX2300 Juniper switch
- Sponsor field is missing on sponsored users when using forced sponsor (#5171)
- Some DHCP info triggers use outdated Fingerbank data (#5106)
- Issue with the timezone in the admin not being honored on the system (#5205)
- Issue with chrome who don't show the portal on self signed certificate (#5233)
- Issue with RADIUS CLI access and ldap authentication source where the cache is enabled (#5018)
- Distribute pfsnmp trap jobs between queues based off switch id (#5004)
- Deleting a portal profile doesn't cleanup its templates (#793)
- pfacct doesn't report metrics to dashboard (#5267)