PacketFence v7.3 released

September 25, 2017

The Inverse team is pleased to announce the immediate availability of PacketFence v7.3. This is an important release with new features, enhancements and bug fixes. This release is considered ready for production use and upgrading from previous versions is strongly advised.

Here are the changes included in this release:

New Features

• Added a RADIUS only mode to PacketFence
• Add a cluster wide view of pfqueue statistics (#2195) (PR #2573)
• Added the possibility of importing switches from a CSV file (PR #2480)

Enhancements

• The GUI will now display the VLAN in the locationlog view
• The timezone is now a selectable item to prevent invalid input
• Updated ACE text editor to version 1.2.8
• Search forms for nodes and users can now be reset (PR #2555)
• Configuration files can now be saved in readonly mode except violation, switches, role (#2464) (PR #2566)
• Extended descriptions are now supported in the custom reports
• Mail can now be sent using SSL and StartTLS (PR #2446)
• Self-signed certificate errors for nessus 6 can now be ignored (PR #2568)
• Violations can now be triggered by nessus 6 scanner (PR #2568)
• The device registration page now supports connection profiles like any other portal
• The username sent in firewall SSO now supports a configurable format (PR #2499)
• PacketFence will now monitor TLS certificates expiration and alert if they are expired (PR #2444)
• LDAP source caching is now caching the rule match rather that the whole source match (PR #2560)
• The admin GUI startup time has been decreased (#2545)
• New and improved documentation for Debian clustering
• Show DHCP Option82 data in the node view (#2396)
• Custom reports columns representing a node or a user can now be configured to be clickable for details on the object in question (#PR 2508)
• New Fortigate 50E 802.1x support
• The computer authentication username can now be normalized when using EAP-TLS (PR #2414)
• Added a task count jitter to reduce the chance that pfqueue workers exit at the same time
• Experimental support for Content Security Policy (CSP) has been added, but is disabled by default (PR #2336)
• A violation can now redirect to a URL specified in a template (PR #2400)

Bug Fixes

• The syslog parser has moved from Compliance to Integration in the GUI (#2467)
• pfsso now logs in packetfence.log (#2553) (PR #2557)
• httpd.dispatcher now logs in httpd.dispatcher.log (PR #2557)
• Fixed incorrect inline sub type detection
• Fixed ipset update with the incorrect ip address
• Fixed missing confirm prompt when restarting all services via the admin interface (#2365) (PR #2571)
• Fixed violation definition sync when removing a violation from the config
• Fixed incorrect Connection-Type when using EAP-TTLS (#2582)
• Fixed VoIP logic to reduce the chance of duplicate locationlog entries (#2527)
• Fixed SNMP connection issues on Extricom controllers
• Fixes segfaults when logging in the multithread environments (#2603)
• reuseDot1x: Changed the way authentication sources are matched with realms regarding a security concern(#2536)
• Trust the wsrep_ready flag of MariaDB Galera cluster for read only detection as putting the DB in read-only can result in occasional de-synchronization between members. (#2593) (PR #2594)
• Run the configreload as the pf user when done through pfcmd (PR #2510)
• Run the 6.0+ upgrade scripts as the pf user to prevent permissions issues after running them (PR #2509)
• Fixed incorrect NULL realm use when authenticating to the admin GUI (#2529)
• Enforced use of the system time instead of browser time when using preset time values (#2559)
• Logging into the status page when reuse dot1x is enabled is no longer broken (#2542) (PR #2598)

See the complete list of changes and the UPGRADE.asciidoc file for notes about upgrading.