Release Notes CSG 7.0.4

Collax Security Gateway
16.03.2017

Installation Notes

Update Instructions

To install this update please follow the following steps:

Procedure

  1. It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
  2. In the administration interface go to System → System Operation → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
  3. Click Get Packages to download the update packages.
  4. Click Install. This installs the update. The end of this process is indicated by the message Done!.
  5. A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.

New in this Version

Security: Linux Kernel 4.4.50

Collax Server 7 is based on the long time support (LTS) Kernel 4.4. It provides better hardware support und more security fixes und is supported until Februar 2018.

Security: Important security relevant System Components

This update will also install/update the following important system components:

  • kernel 4.4.50
  • bind 9.9.9.6
  • squid 3.5.24
  • vim 8.0.329

GUI: Clean-up wizard history

In the dialog “Clean-up” in the menu Status->Toolbox->Clean-up it is possible to remove the wizard history.

Issues Fixed in this Version

The graphical status of network links can be shown in bytes per second. Due to an error the view was labeled with bits instead of bytes. This is going to be fixed within this release.

E-Mail: NiX-Spam for Spam Filter

The service ixhash.junkemailfilter.com suspended its service and has been removed from the configuration within this update.

E-Mail: SMTPUTF8 extension disabled

The SMTPUTF8 extension allows UTF-8 encoding in email header fields and has been added with the current Postfix version. Since SMPTUTF8 is not yet widely supported, some emails couldn’t be delivered to its recipient. Thus the extension has been disbaled from the configuration within this update.

Authentication: Kerberos 5 authentication

By default, Kerberos 5 password-checking tries to verify the mapping between kerberos principal and local user account by reading a ‘.k5login’ file. Since that file usually does not exist, it produced an authentication error. The behaviour has been improved within this release through ignoring the ‘.k5login’ file.

Authentication: Restarting ldap service

When restarting the authentification service ldap it could lead under certain circumstances to an error in some services. The services needed to be restarted too. The behaviour has been improved so that the services work without any intervention.