What's new in DansGuardian 2.12.0.3
Oct 2, 2012
- Fixed memory leaks reported by analysis from coverity
- Improved persistent connection for a better RFC compliant implementation, but not yet fully HTTP 1.1
- Minor improvement for debug output
- Applied patch #11 (Maxuploadsize per filtergroup) by fredbmail35
New in DansGuardian 2.12.0.0 Alpha (Aug 24, 2011)
- Search term filtering
- POST data scanning
- ClamAV scanner removed (direct library usage, not ClamD)
- "KavAV" scanner removed (direct library usage, not KavD)
- Fix crash on logging very long URLs
- Per-group PICS settings
- Option to use a specific blocked response for Flash (".swf" URLs; "application/x-shockwave-flash" MIME type)
- HTTPHeader bug fixes re. persistent connection detection, crash in some (unknown) circumstances when trying to tunnel POST data
- Added per-room-blocking.
- Fixed a very old problem with gentle restarts where DG would fail to release the RAM for the first set of config loaded. This was very noticeable on systems with many groups.
- Added the ability to have DG listen on more than one port and to use a different authentication plugin on each port. However, some combinations are just not physically possible - for example basic auth (proxy auth) won't mix with other authentication methods.
- Added transparent NTLM authentication, however to be useful needs an authentication daemon and daemon-aware, NTLM-enabled web server. (read source code for how to use it)
- Added experimental SSL MITM. (read source code for how to use it)
- Added experimental SSL certificate checking. (read source code for how to use it)
- Added patch by Massimiliano Hofer to add Avast! support.
- Tidied up licensing notices and removed some email addresses.
- Support individual log items up to 32KB in length, which may require multiple calls to getLine to read in.
New in DansGuardian 2.10.1.1 (Jun 5, 2009)
- Add "originalip" option to dansguardian.conf, for determining the original destination IP in transparent proxy set-ups, and ensuring that the destination domain of the request resolves to that IP.
- This can help to address a particular transparent proxy security vulnerability (US-CERT VU#435052), but because of certain limitations - only implemented on Linux/Netfilter; potential breakage of websites using round-robin DNS - the code is not enabled by default.
- Enable by passing "--enable-orig-ip" to the configure script.
- Fix a crash which could occur when dealing with simultaneous incoming connections in configurations using more than one listening socket.
- Fix a crash when checking time limits on item lists.
- Fix potential usage of uninitialised memory during phrase filtering.
New in DansGuardian 2.10.0.3 (Jan 21, 2009)
- uClibc++ compilation patch from Natanael Copa.
- Fix crash on exit when running out of memory during phrase tree preparation, from Victor Stinner.
- Clean up destructors for various objects, removing code duplication with reset() methods.
- Compilation fixes from Jeffrey A. Young.
- Better handling of whitespace (tab characters) in configuration files.
- Fix HTTPS access for unauthenticated users when using basic or NTLM authentication plugins.
- Reload list files on soft restart if cached (".processed") files have been updated directly, from Harry Mason.
- Chop carriage return off useragent strings when "loguseragent" is enabled.
- Don't force contents of dansguardianf*.conf files to lower-case on loading, so as not to destroy the case of group names.
- Make temporary bypass cookies valid for subdomains of the original bypassed domain, including stripping "www.".
New in DansGuardian 2.10.0.2 (Dec 1, 2008)
- Fix persistent connection detection to resolve issues with HTTP 1.1 browsers (Firefox), NTLM authentication and HTTPS websites.
- Change supported syntax for blocking HTTPS site access by IP to match that documented in the default bannedsitelist (use "*ips", as documented, NOT "**ips").
New in DansGuardian 2.10.0.1 (Dec 1, 2008)
- Improve malformed URL detection (dc2008.de no longer incorrectly classed as malformed).
- Improve persistent connection detection, correcting some situations in which DG would return a blank page to browsers.
- Updated "proxies" weighted phrase list.
- Updated Chinese Big-5 messages file from Vicente Chua.
New in DansGuardian 2.10 (Oct 11, 2008)
- Built-in content scanner plugin system which includes AV scanning.
- NTLM and persistent connection support.
- Header analysis and manipulation so you can manipulate cookies.
- Large file (2GB+) download & scanning support.
- Autotools build system.
- URL regular expression replacement so you can force safe search in Google.
- Deep URL scanning to spot URLs in URLs to for example block images in Google images.
- Advanced advert blocking.
- Many performance improvements.
- Updates to handle all current web technology trends.
- Blanket SSL blocking so you can block SSL anonymous proxies and allow access to legitimate SSL sites such as banking by whitelisting.
New in DansGuardian 2.9.9.8 (Sep 12, 2008)
- Assume that content with no Content-Type header is HTML, so that it
- doesn't bypass the phrase filter.
- Fix some incorrect usage of integer types in ListManager and
- ListContainer which can lead to crashes in some rare cases.
- Escape certain characters in URLs when displaying the HTML template to
- prevent XSS.
- Don't add responses other than "200 OK" to the clean URL cache.
New in DansGuardian 2.9.9.5 (Jun 11, 2008)
- IP range & subnet support in banned & exception IP lists.
- Honour "--with-sysconfsubdir" setting when installing config. files.
- Code clean-ups: remove some unused function arguments, and eliminate compiler warnings from checks enabled by default in recent versions of GCC.
- New contributed Polish pornography and "good" weighted phrases.
New in DansGuardian 2.9.9.4 Beta (May 6, 2008)
- Replaced quicksort with std::sort when loading in site & URL lists -
- should behave better with pre-sorted input.
- Switch back to original compressed data before sending content to
- clients, if the decompressed data is found to be zero length (i.e. just
- compression headers).
- Change file blocking logic; exceptionextensionlist and
- exceptionmimetypelist are now always loaded, and can override the banned
- lists (much more similar to URL/domain blocking).
- ClamAV plugin updated to work with 0.93-style unpacking limits (only;
- no support for 0.92.1 or earlier).
New in DansGuardian 2.9.9.3 Beta (Feb 29, 2008)
- Large file (2GB ) download & scanning support
- Updated German block page template from Peter Vollmar
- Small fix to phrase matching to allow it to match the full 0-255 range
- for each byte, improving foreign language filtering
- Fix for incorrect interpretation of URLs containing colons in list
- files (long standing but rare bug; could cause memory corruption and match failures)
- More documentation added to the installation (not new content, but docs that were previously only in the source tarball now get installed)