Releases: CactuseSecurity/firewall-orchestrator
Releases · CactuseSecurity/firewall-orchestrator
v8.6 Modelling Request Features and Fixes
v8.6 - 11.12.2024 MAIN
Features
-
Modelling
- Create Application Zones
- Add monitoring for external requests for admins
- Add re-initialization for external requests
- consolidation modelling external requests
- adding optional access requst on behalf of UI user
- adding live update of external task/ticket status
- app server name handling rework (NONAME --> _)
- owner groups can now also be external LDAP groups
-
Reporting
- refining connection report (adding Common service, app role, network area details)
Fixes
- refining connection report (adding Common service, app role, network area details)
-
Importer
- adding missing colors in Check Point importer
- new VOIP service object and Internet object
-
UI
- SECURITY: updating System.Text.Encodings.Web v4.5.0 --> v8.0.0
v8.5.1 bufix PDF generation etc.
- reporting - fixing PDF generation on various platforms - closes #2385
- ubuntu 24.04
- ubuntu 20.04 (focal)
- debian 11
- debian 13 (trixie)
- modelling - fixing AR editing: strict prevention of all area mixing
v8.5 request modelling via external ticketing tool change
Network Modelling feature update
- modelling can be requested as firewall change via external ticketing tool
- includes all approle handling
- simple form of rule change request (always request all connections as rules)
- api hasura upgrade to 2.44.0
Fixes - various small UI fixes
- importer (CP: handle None objects)
v8.4.1 Network Modelling feature update
- Network Modelling Features
- import of app server IP addresses via CSV upload
- import of multiple sources for area IP data
- new option email notification: fall-back to main owner if group is empty
Fixes
- corrections in displaying UI messages
- converting owner network ip data to standard format "range"
- importer
- check point - fix import of all VSX instances
- fortinet - add hit counts and install on information
v8.4 stability release
- various small bug fixes
- installer (redundant code deleting test user)
- importer (switching from full details to standard, re-adding VSX gateway support, voip domain handling in cp parser)
- reporting (app-rule report containing multiple objects)
- middleware (config subscriptions)
- reporting (temporarily highlight linked to object in rsb)
- modelling (sync connections - not always part of overview table after creation)
- RBA (role picking when user has multiple roles)
- UI various: adding missing pager control
- UI various: spinner clean-up
- features/upgrades
- Added login page welcome message and settings
- Added last hit information in app-rule report
- API - upgrading to 2.43.0
- various security upgrades dotnet (restsharp, jwt, ...)
v8.3.1 Fix missing group members in Check Point importer
Merge pull request #2512 from tpurschke/fix/cp-import-groups-missing hotfix/missing group members in cp importer
v8.3 Consolidated maintenance release
- smaller bugfixes and improvements
- new report type rules per owner/app
v8.2 Modelling - New Request Interface Workflow
What's Changed
- iconify modelling
- first version of NSX import module
- add maintenance page during upgrade
- sample customizing py script with sample data, closes Installer customizable config (settings) #2275
- remove log locking from importer due to stalling importer stops
- credentials encryption, closes encrypt passwords and keys #1508
- breaking change for developer debugging: add the following local file when using -e testkeys=true: /etc/fworch/secrets/main_key with content "not4production..not4production.."
- add custom (user-defined) fields to import (cp only so far, other fw types missing, user-defined fields are not part of reports yet)
- interface request workflow
- encrypt emailPassword in config
- fix demo managements (change import from deactivated to activated - does not affect test managements)
- upgrade to dotnet 8.0
- adding all imported modelling users to uiuser
Full Changelog: v8.0...v8.2
v8.0 New Network Modelling Module
- Introducing new Network Modelling module
- allows your organisation to define the target state of all network connection on a per-application basis (or other distributed ownerships)
- Backend
- Introducing Scheduled import change notification including inline or attached change report (replacing simple import notification from import module)
- UI
- New look and feel: Moving to vanilla bootstrap css v5.3.2 (allowing for future up to date css usage)
- Installer (breaking change!)
- introducing venv for newer ansible versions and thereby removing annoying ansible version handling in installer (see https://github.com/CactuseSecurity/firewall-orchestrator/blob/main/documentation/installer/basic-installation.md for details)
- bugfixes for
- import log locking
- integration tests with credentials when installing without demo data
- pdf creation on debian testing plattform (trixie)
v7.3 Tenant-filtering for shared firewall gateways
- new features
- recertification: new rule ownership
- customizable UI texts
- starting target state module with introducing new role "modeller"
- adding tenant ip filtering
- adding tenant simulation (exluding statistical report and recertification) including scheduling
- maintenance / bug-fixing
- complete re-work: all ip addresses are now internally represented as ranges, including all networks
- UI:
- do not show super managers in RSB all tab
- Use production / development based on the build type instead of always using development.
- do not show detailed errors in production mode + use the custom error page in the production environment
- bug fix jwt expiry, jwt expiry timer now works as intended
- unifying IP addresses display method across all parts
- fix filtering for rules with negated source / destination or single negated ip ranges
- Database:
- removing unused materialized view for tenant ip filtering
- Installer
- fix upgrade become issue in middleware ldif files
- fix client/server db sort order mismatch (collate)
- fix postgresql_query module reference
- adding simulated changes to fwodemodata (fortigate)
- add check for successful publishing dotnet (mw, ui)
- Importer
- fortiOS: fix importer action field
- fortimanager: ignore missing negate fields
- Check Point: adding Inform action
- Check Point: adding new network object type 'external-gateway' (for interoperable-dervice)
- Check Point: adding network object type support for 'CpmiVsClusterNetobj' (for VSX virtual switches)
- API:
- upgrade hasura to 2.34.0
- restrictions
- since tenant filtering is not done in the API but in the UI, the API should not be exposed to the tenants