New Features
- Static routes management via admin gui
- Aruba CX support
- Aruba 2930M Web Authentication and Dynamic ACL support (#6158)
- Meraki DPSK support
- Ruckus DPSK support
- Support for Ruckus SmartZone MAC authentication in non-proxy modes (#6201)
- Bluesocket support (#5878)
- Support for SCEP in
pfpki
(#6213)
Enhancements
- Improved the failover mechanisms when an Active Directory or LDAP server is detected as dead
- Expiration of the local accounts created on the portal can now be set on the source level
- pfacct and radiusd-acct can now both be enabled together (radiusd-acct proxies to pfacct)
- Added CoA support to Aerohive module
- Added role based enforcement (Filter-Id) support to Extreme module
- Use Called-Station-SSID attribute as the SSID when possible
- Added CLI login support to Huawei switch template
- Added detectionBypass in DNS resolver (#6028)
- Improve support of Android Agent for EAP-TLS and EAP-PEAP
- Improve CLI login support on HP and Aruba switches
- Use the "Authorization" header when performing API calls to Github in the OAuth context
- Replace xsltproc/fop by asciidoctor-pdf (#5968)
- FortiGate Role Based Enforcement (#5645)
- Add support for roles (RBAC) for Ruckus WLAN controllers (#2530)
- Upgrade to go version 1.15 (#6044)
- Build ready-to-use Vagrant images for integration tests and send them to Vagrant cloud (#6099)
- Documentation to configure Security Onion 2.3.10
- Added integration tests for 802.1X wireless and wireless MAC authentication (#6114)
- Restrict create, update, and delete operations to the default and global tenant users (#6075)
- Remove pftest MySQL tuner (#6130)
- Allow Netflow address to be configured (#6139)
- Deprecated fencing whitelist
- Description field for L2 and routed networks (#5829)
- Updated Stripe integration to use Stripe Elements (API v3) (#6121)
- Added Cisco WLC 9800 configuration documentation
- Inheritance on parent role on Role and Web Auth
- Enhance CLI login on SG300 switches
- Enable/disable the natting traffic for inline networks
- Remove unused table userlog (#6170)
- Clarifications on Ruckus Role-by-Role capabilities (#6201)
- DNS/IP attributes in pfpki certificates (#6213)
- Additional template attributes in certificate profile (#6213)
- Remove unused table inline_accounting (#6171)
- Make pfdhcplistener tenant aware (#6204)
- Upgrade to MariaDB 10.2.37 (#6149)
Bug Fixes
- Switch defined by MAC address are not processed by pfacct in cluster mode (#5969)
- Restart switchport return TRUE if MAC address is not found in locationlog for bouncePortCoA (#6013)
- Switch template: CLI authorize attributes ignored (#6009)
- ubiquiti_ap_mac_to_ip task doesn't update expires_at column in chi_cache table (#6004)
- A switch can't override switch group values using default switch group values (#5998)
- web admin: timer_expire and ocsp_timeout are not displayed correctly (#5961)
- web admin: Realm can't be selected as a filter on a connection profile (#5959)
- API: remove a source doesn't remove rules from authentication.conf (#5958)
- web admin: high-availability setting is not display correctly when editing an interface (#5963)
- SSIDs are not hidden by default when creating a provisioner (#5952)
- with_aup is correctly displayed on GUI (#5954)
- web admin: sender is wrong when you use Preview feature (#6023)
- sponsor guest registration: unexpected strings in email subject (#3669)
- Use the proper attribute name for Mikrotik in returnRadiusAccessAccept (#6051)
- Audit log: profile has an empty value when doing Ethernet/Wireless-NoEAP (#5977)
- pfacct stores 00:00:00:00:00:00 MAC in DB when Calling-Station-ID is XXXX-XXXX-XXXX (#6109)
- Update the location log when the Called-Station-Id changes (#6045)
- Only enable NetFlow in iptables if NetFlow is enabled (#6080)
- Firewall SSO: take username from accounting data if available in place of database (#6148)