K 1 Version importiert |
Andreb (Diskussion | Beiträge) Keine Bearbeitungszusammenfassung |
||
| Zeile 100: | Zeile 100: | ||
* Anzeigefehler bei der Konfiguration des Smarthosts im Mailrelay wurden behoben | * Anzeigefehler bei der Konfiguration des Smarthosts im Mailrelay wurden behoben | ||
* Bei Verwendung eines Radius-Servers zur Authentifizierung von VPN Verbindungen, konnte es bei OTP Abfragen zu langen Wartezeiten kommen | * Bei Verwendung eines Radius-Servers zur Authentifizierung von VPN Verbindungen, konnte es bei OTP Abfragen zu langen Wartezeiten kommen | ||
| 3= }} | | 3= | ||
;Maintenance | |||
* Update of the kernel to version 6.6 | |||
* Update of the HTTP Proxy (Squid) ([https://www.cve.org/CVERecord?id=CVE-2025-62168 CVE-2025-62168] / [https://euvd.enisa.europa.eu/enisa/EUVD-2025-34894 EUVD-2025-34894]) | |||
* Fix for a security vulnerability in the IPSec service ([https://www.cve.org/CVERecord?id=CVE-2025-62291 CVE-2025-62291]) | |||
* Updates to the appliance images for expansion slots with 2 ports | |||
;New Features: | |||
* Similarity Detection (Experimental Feature <span class="fas fa-flask fc__white" style="Background-color: #468847; padding: 2px 5px;" title="experimentell"></span>) | |||
** To minimize phishing attacks and fraud attempts in the Web Filter and Mail Filter, suspicious domains that show a strong similarity to known trusted domains can be marked and/or blocked. Trusted domains can be added individually in the new [[UTM/APP/Ähnlichkeitserkennung | application menu for similarity detection]]. | |||
** A domain can be tested against the Similarity Detection [[UTM/NET/Netzwerkwerkzeuge#Ähnlichkeitserkennung | via the Network Tools and via the CLI]] | |||
** A dialog shown at login explains the new feature and points to the corresponding menu entry | |||
;Features | |||
:USC Zero Touch | |||
* [[USC/Zero-Touch-Profil#Zero-Touch-Profil_bearbeiten |Before Zero Touch enrollment of a UTM via the USC, an automatic update to the current UTM version is now performed]] if a configuration has been uploaded | |||
* The UTM console and the USC display the individual steps of the enrollment process in detail | |||
:Clientless VPN | |||
* When configuring a connection, [[UTM/VPN/ClientlessVPN#Clientless_Host_hinzufügen |user groups can now be selected directly and displayed in the table]] | |||
* If a connection is opened using the “Advanced Fullscreen” button, ESC can be used on the connected device | |||
* The overview table of connections has been extended with several additional information fields | |||
:SSL VPN | |||
* The previous VPN Client (version 2.0.45) has been replaced by [[UTM/UI/SSL-VPN#SSL-VPN_Client_Installer |version 1.0 of the new VPN Client Installer]] (for client version 3.3.3) | |||
<li class="list--element__alert list--element__warning">Please note that when rolling back to an earlier UTM version, it may take up to a week until the installer is replaced again by the old client. During this time, it will not be possible to download the client via the UTM. Please use the download option in the Reseller Portal instead.</li> | |||
:Mailrelay | |||
* [[UTM/APP/Mailrelay#Allgemein | Outgoing IP addresses can now be specified separately for IPv4 and IPv6]] | |||
* In the Mail Relay, a new switch [[UTM/APP/Mailrelay#Sonstige | Resolve unknown numeric domains]] has been added to prevent rejection by the mail relay | |||
:Administration Interface | |||
* [[UTM/Widgets | The statistics widgets on the dashboard]] now offer more and improved interaction and analysis options | |||
* In the [[UTM/APP/Reverse_Proxy#Servergruppen_und_Sites | Reverse Proxy]] and the Network Topology, nested tables can now be sorted independently | |||
* Different [[UTM/APP/HTTP_Proxy | HTTP Proxy configurations can now be created for different internal networks]] | |||
* The [[UTM/NET/Netzwerkwerkzeuge | modal Network Tools dialog]] has been improved (tooltip, accessibility via the search function, inclusion in the UTM tour, saving of the window position) | |||
* In the Network Configuration, [[UTM/NET/DHCP_Server-v4#Erweiterte_Einstellungen | all standardized DHCP options can now be configured when setting up a DHCP pool]] | |||
* By double-clicking the [[UTM/Drag_and_Drop | drag-and-drop icon]] of a table entry, the desired target position can be entered directly | |||
* A confirmation dialog now always appears when opening external links | |||
* [[UTM/CONFIG/Konfigurationsverwaltung#Mehrere_Konfigurationen_herunterladen | The download process for multiple local configurations]] has been revised and made more intuitive | |||
* In the [[UTM/APP/Reverse_Proxy#Servergruppen_und_Sites | Reverse Proxy, server groups and sites are now displayed in a single combined table]] | |||
* To better distinguish between multiple open UTM interfaces, the browser title now includes information about the hostname and version while logged in (full version in the Admin UI, major version in the User UI). If the user is not logged in, only the major version is shown and no hostname | |||
;Additional Features | |||
* When assigning a PIN for access to the Unified Security Console, only the relevant patterns are now displayed for PINs classified as weak | |||
* The process for creating a support user has been optimized and aligned with similar workflows | |||
* When creating [[UTM/EXTRAS/Paket-Mitschnitte |packet captures]], a tooltip now points out the functionality of the slider for name resolution | |||
* In the Packet Filter, a warning triangle indicates a potential source of error when a node with a hostname is used in a port forwarding rule | |||
* The Mail Filter has been extended with new rule options to control how encrypted and unencrypted archives in incoming emails are handled | |||
* The button for importing an additional configuration in the Cloud Backup is now grayed out once the maximum number of 20 configurations is reached | |||
* Notifications from devices with eMMC storage are now also sent via the Alerting Center | |||
* Deprecated key lengths (1024-bit and below) and ciphers (SHA1) are temporarily accepted again. This allows the HTTP Proxy and SSL VPN to continue to be used | |||
* The unloading of helpers for services used in the rule set has been removed, as helpers should only be managed through the service settings | |||
;Bugfixes | |||
* Inconsistencies in the behavior of the button for enabling and disabling the implied rule in the WireGuard dialog have been corrected | |||
* When importing a WireGuard configuration, the MTU is now read correctly | |||
* The table search function now also finds entries in collapsed groups | |||
* In the Reverse Proxy, issues with drag & drop and deleting entries have been fixed | |||
* Tab completion in the CLI now correctly shows all available commands and options again during multi-line input | |||
* The warning message for static DHCP leases at login has been adjusted | |||
* When a hostname was used instead of an IP address, logs were sometimes not sent to the Syslog server after a reboot | |||
* The description field of Packet Filter rules is now correctly included when downloading the configuration file as a PDF | |||
* Transparent rules in the HTTP Proxy/POP3 Proxy always require the selection of a destination network object | |||
* The log of the DynDNS function for a network interface is now evaluated correctly | |||
* The legend of the email statistics in the User UI is now easier to read in dark mode | |||
* Before reboot and rollback/dry run, the user is now properly logged out again | |||
* A bond interface can now also be configured as the outgoing IP address in the HTTP Proxy | |||
* Issues when configuring bond interfaces across different slots have been resolved | |||
* Support users with root privileges again have full SSH permissions | |||
* In the Network Topology, the assignment of dynamic DHCP leases to pools is now displayed correctly again | |||
* Performance in user configuration has been significantly improved | |||
* A bug in automatic QoS that caused configured bandwidth limits not to be applied in version 14.1.0 Beta has been fixed | |||
* All license-related events are once again forwarded to the Alerting Center | |||
* In Beta version 14.1.0, the service establishing the connection to the Securepoint Cloud malfunctioned after long runtimes due to an issue with file descriptors not being closed | |||
* When creating a Web Filter rule of type URL, wildcards and protocols are now accepted again | |||
* Display issues in the configuration of the Smarthost in the Mail Relay have been fixed | |||
* When using a RADIUS server to authenticate VPN connections, OTP prompts could lead to long waiting times | |||
}} | |||
{{var | 1=Build 14.0.9.2--desc | {{var | 1=Build 14.0.9.2--desc | ||
| 2= | | 2= | ||
UTM/Changelog.lang: Unterschied zwischen den Versionen
Aus Securepoint Wiki