Change History

1.2.7 : 10/15/2008
  - SSL: enhanced Openssl certificate error diagnostics
  - SSLVPN TnApplet (for Java 1.5 or higher) : when TnApplet fails to connect
    the gateway, it now pops up an error diaglog window to the user.
  - SSLVPN TnApplet (for Java 1.5 or higher) : TnApplet is now able to
    use SSL client certificates stored in browser's (IE's) certificate store.
  - Doc: Users Guide improved in SSL certificates and SSL client
    authentication.
    certvendor_en.txt (instructions for using a commercial server certificate),
    guide_en.txt, tunnel/sampleconfig_en.txt, tunnel/ssltunnel_en.txt
  - RADIUS: new option to proxy_authck_authsrv_radius and 
    proxy_auth_authsrv_radius.
    trc_lvl=1 to enable debug tracing of RADIUS authentication.  Output goes
    to event.log for now.

1.2.6 : 7/2/2008
  - License: trial period for Windows version is extended from 30 days to
    90 days.  Linux version also has extended trial period by 60 days.

1.2.5 : 6/13/2008
  - Monitoring: network xfer amount for front connections and pass rules.
  - Bug: Monitoring: fixed a socket leak when doing Wakeup-on-LAN.
  - Can be installed on Windows 2008.

1.2.4 : 1/19/2008
  - BUG: Cookie translation: using -ck_path could result in proxy crash.
  - TLS/SSL: added Server Name Indication.  added proxy_sslprof_XXX_svname.
    (This is implemented in a separate openssl 0.9.8-based binary)
  - Tested against Nikto 2.02/2.03. (no code change)
  - passwd.txt : limited support for unix-crypt(DES) passwords.  You can import
    unix-crypt passwords from Linux/Unixes.  Prefix crypt password with "$D$",
    i.e., "$D$xxx".
  - Tested against Nessus 3.06 (including dangerous plugins).
    A buffer overflow is fixed.
  - Size of buffer for relaying request body increased.  buffer size for
    known content-length req from 2K to 16K, for chunked req, 16K to 32K.

1.2.3 : 9/2/2007
  - raised max # of tunnel_pass_by, tunnel_dest_name, and proxy_sslvpn_url
    from 32 to 64.
  - raised max length of SPR destination name (tunnel_dest_name) from 15
    characters to 31 characters.
  - RADIUS: new option to proxy_authck_authsrv_radius and 
    proxy_auth_authsrv_radius.
    at_nas_id=XXX to send XXX to the RADIUS server as NAS-Identifier attribute.
  - MD5 hashed passwords in passwd.txt is now documented (used to be in
    Orenosv only).  cgipasswd.exe is also included.


1.2.2 : 1/8/2007
  - Content Rewrite & gzip : if automatic content rewrite (-rw_url) is on,
    automatically disable gzip compression on the backend.  You no longer
    need to specify "proxy_origin_gzip_disable" parameter globally.
  - Load-balancing: added "sorry_url" option to specify a sorry URL.
  - Load-balancing: icmp health-check is tuned (changed single 10-sec timeout
    to 2 times of 15-sec timeouts)

1.2.1 : 12/12/2006
  - BUG: proxy_authck_authsrv_file was not effective and "passwd.txt"
    was always assumed.
  - Monitor module: various improvements including:
    new param: proxy_nmap_by_maccaddr.
  - gencert: enhancd to generate certificates for (intermediate) CA.
  - BUG: -ck_dom option was not working (param name was wrong).

1.2.0 : 11/5/2006
  - added an experimental Load-Balancing to SPR.
  - Increased max # of listen ports from 8 to 16.
  - add new parameter "proxy_allow_unknown_method = {0|1}" to
    enable unkown methods to go thru.
  - "SSL_resume failed, rc=-1" issue
  - Windows Only: Added Windows shutdown capability in network monitor.
    It will be available when you register admin's username and password in
    Modify node menu.


1.1.1 : 5/13/2006
  - TnApplet for Java 1.5: TnApplet for Java 1.5 now has better browser
    proxy detection. (tnapplet-jdk15.jar, tnapplet_form_java15.html).
  - Certificate Management: Orenosp now supports server certificates
    signed by an intermediate CA.
    When using PKCS#12 cert file: no change in configuration is necessary.
    When using PEM cert file: see Users Guide.


1.1.0a : 5/3/2006
  - no binary change from 1.1.0.  documentation cleanup.
  - padmin/doc/sproxy_owa_X.txt: now direct all logging to log sub-directory.

1.1.0 : 4/21/2006
  - raised max length of URL (actually HTTP request line) from 1536 to 2047
  - proxy_unix_user_group : Mac OS X : BUG : make it compatible with Darwin
    (changed setreuid -> setuid)
  - form auth : now writes more diag messages to error.log when user 
    auth/authz fails.
  - form auth : BUG : in rare cases, form auth did not work.  this was due to
    a base64-encoded text in orenosp-authck-ticket cookie.  it's changed
    to being hex-encoded.
  - MacOS X : BUG : auto-start script (Orenosp) couldn't restart the service.
  - RADIUS auth is added to backend auth services.
    (proxy_authck_authsrv_radius, proxy_auth_authsrv_radius)
    Currently PAP and CHAP(not MS-CHAP) are supported as auth methods.

1.0.4 : 12/5/2005
  - BUG : if client sends post data in chunked-encoding and the client stops
    sending the data prematurely, the proxy can leak memory (chunk-reading
    context).
  - SSL Client Certificate : new parameter proxy_cert_pass_whole to indicate
    if you want to send client certificate to backend server as a header value.
    If you set the following parameter:
      proxy_cert_pass_whole = X-CERT_BASE64
    Then base64-encoded text of DER-format certificate is passed to a backend
    via X-CERT_BASE64 request header.

1.0.3 : 10/2/2005
  BUG : HTTPS reverse proxy : if a client disconnects while POSTing data,
    the proxy terminated abnormally in some conditions.
  Network monitor (in monitor module) : network interface to scan can be
    selected with "proxy_nmap_by_ifname" on all platforms.

1.0.0 : 8/28/2005
  initial release.  For changes since the last beta, see changes_beta.txt.

EOF