Additional HIN specific changes.

 

Version 12.0.16 (Released 2022-01-11)

(neu in 12.0.16)

 

•Update HIN MGW root certificates

•Fix handling of long MIME lines (RFC 2821)

•Fix handling of forbidden headers from decrypted S/MIME mails

•Update ClamAV to 0.103.2

•CSM module improvements

•fix rare case of currupted mail structure after S/MIME decryption

•Update OpenSSL to 1.1.1l

•Update OpenLDAP to 2.4.59

•Prepare for the update to version 12.1

 

Version 12.0.10 (Released 2021-03-29)

(neu in 12.0.10)

 

NOTE: Upgrade is only possible for appliances with a log partition size of at least 2 GB and must otherwise be cloned to a new appliance using the "clone device" feature found under "Administration".

 

Administration:

 

•Make sure the system time is in sync when using hardware sensors

•Show more relevant information in blocked mails log

•Test mail console menu option

•nslookup for all record types in console menu

•Allow HIN domain-encrypted subjects to appear in mail log

•Show lock for HIN encrypted mails

 

Processing:

 

•Log reject code and message for internally rejected mails

•Properly tag non-managed domain encryption in log

•Prevent display of invalid entries in mail log overview

•Correctly recover mail service on unrelated watchdog error

 

System:

 

•Update to OpenBSD 6.8 / LibreSSL 3.2

•OpenSSL 1.1.1h

•Fix sporadic syntax error in system view

•generate internal CA list after a transfer of a CA from a cluster member

•add warning message for Hyper-V appliances with a legacy network controller

•Fix memory leak in system libraries

 

Version 11.1.10 (Released 2020-09-24)

(neu in 11.1.10)

 

Major changes:

 

•Substantial S/MIME performance improvements

•Office 365 relay

 

Administration:

 

•Do not restrict password field input length in admin GUI

•Added port probe feature to support console menu

•Added web services restart feature to support console menu

•Added support for Office365 tenant ID and automatic relay

•Prevent firmware update download being stuck on download aborts

•Warn about managed domain fingerprint mismatch in edit page

•Prevent deletion of managed domain when fingerprint certificate is active

•Show statistics about top level domains provided by managed domain encryption

•Fix possible GUI not available issue on mail processing reload

•Validate maximum message size value

•Warn on version mismatch in cluster

 

Logging:

 

•Improve read speed of log archive files

•Fix property display mismatch in mail log overview

 

Processing:

 

•Support legacy mail address format in header From

•Fix rule engine fatal error on malformed mail address

•Fix per-certificate revocation check

•ClamAV 0.101.5

•Support console can now force a reinstall of an already installed version

•Improve validation of Office 365 forwarding server hostnames

•Improve mail index write on appliances with many log archives

•Rewrote log index generation to use multiple CPUs

•Separate fetchmail from local injection queue

•Prevent deadlocks in background task handler

•Do not sign to be modified LFT content

 

System:

 

•Update to OpenBSD 6.5 / LibreSSL 2.9

•Hardening of NTP configuration

•Validate sender addresses before processing starts

•archive() usage now correctly appears in mail log

•Fix issue in periodic domain certificate update

•Fix saving miscellaneous options in mail processing

•Avoid incorrect HIN domain certificate fingerprint mismatches

•Fix restore of pre version 11 backups

•Fix issue with Azure agent service

•Improved Azure integration

•Only get host name and domain name from Azure DHCP if not set manually

 

Version 10.1.8.2 (Released 2019-11-19)

(neu in 10.1.8.2)

 

•Bugfix for mail routing

 

Version 10.1.8.1 (Released 2019-07-10)

(neu in 10.1.8.1)

 

•Bug fix for syslog

 

Version 10.1.7 (Released 2019-05-08)

(neu in 10.0.7)

 

System:

 

•Updates for ClamAV 0.100.2

•Improved background task cleanup in scheduler

•Fix customer backup decryption during import

•Tweak RAM usage according to available system resources

•Backend task scheduler reworked

•You can reach the support console via user "support" and password "support". The menu will allow you to open a support connection even when the GUI is unavailable.

•QEMU and Xen host integration

 

Administration:

 

•Check SSL import for matching private key and automatically handle it as the primary certificate

•Allow to import a renewed certificate without private key as long as the previous one matches

•Delete all domain keys after confirmation of deletion of a managed domain

•Several new and updated notes as well as clarified option names

•Allow to restore a backup without overwriting system-specific settings

•QEMU host integration (no settings necessary)

•Xen host integration (no settings necessary)

•Visual tweaks

•Fix display error in Internet Explorer in log detail view

 

Logging:

 

•Administrative mails generated by the appliance are now visible in the logs

•Added CC and Date header to message metadata logging option

•Regenerate mail log index after updates

 

Version 10.0.6 (Released 2018-08-20)

(neu in 10.0.6)

 

Before proceeding with this update, make sure to back up your device.

 

•change appliance from 32 bit to 64 bit

•HIN Secured will be checked with a new regular expression

•possibility to generate and check custom keywords under mail prossessing

•older key will be migrited to 4096 bit keys

•Preempt mode to temporarily stop mail flow through appliance

•Allow to specify credentials for each smarthost

•Show current user and device name in footer when logged in

•Redirect users to first viable page after login

•Redirect to home section when performing a firmware update and show reboot status afterwards

•Do not redirect to logout page after logging back in after logging out there

•Add summary to individual mail log detail view

•Performance improvements in mail log view

•Create backup file on startup to allow immediate SCP backup

•Properly encode certificate or key file names on export

•Optimized visual spacing used between GUI elements

•Automatically add CA certificate to internally created SSL certificates on export

•Show correct SSL certificate details if import contained multiple certificates

•Fix encoding issues in user-generated notifications

•Improve spoof check to test for match in relay domain

•Authentication header checks must also pass relay network check to succeed

•Reserve mail log green, orange and red status for remote server status

•Tweak LDAP multi-master synchronization configuration

•Display used product version in each mail log

•Fix queued mail log always being one entry short

•Properly enable the Microsoft Azure integration service when selected

•Speed up creation of multiple domains under mail system

•Prevent logging large amounts of data per line

•Added confirmation dialog to full mail log delete

•Allowed deletion of mail log index

•Meltdown mitigation

•ClamAV 0.100

•Allow initial DHCP assignment and add agent for Azure deployments

•Bring back usage of leading dot in mail domain

•Fix an error in device cloning that could prevent database replication

•Correctly preset disabled proxy and OSCP selection in system settings

•Raised overall memory limit for mail processing

•Show HIN Global activation in managed domains

•Look and feel of the UI has been improved for all of its elements and the menu

•Allow to specify subject alternative names for SSL certificates

•The system info on the "Home" page will now show current memory usage and load averages

•The "Home" page will periodically refresh and show firmware update progress

•Firmware update progress is now fully accurate in terms of percent downloaded

•Security hardening of the admin login process and authorization tokens

 

Version 8.9 (Released 2017-11-16)

(neu in 8.9)

 

•Show GLOBAL activation state in mail system overview

•suppress GINA error message from watchdog

 

Version 8.8 (Released 2017-11-01)

(neu in 8.8)

 

Security:

 

•fake [HIN Secured] markers will now be removed even if they use slightly different characters

 

•"HIN" shall not be part of a confidential keyword, as such keywords are stripped for security reasons.
When such a keyword is stripped, this results in a mail not being sent encrypted to external recipients (HIN GLOBAL Mail).
Examples of keywords that shall not be used:  (HIN), [HIN MAIL] or (launcHINg)

 

Admin GUI:

 

•added a checkbox to always encrypt answers to global mails. will work later if changes to global mail apply

•an appliance with multiple domains on it will also mark mails with "HIN secured" from one domain to another

•ability to add domains wit IDNA format

•emails with calendar events can now be forwarded from microsoft exchange (mails will be marked as [Not secured by HIN])

•added possibility to add custom header for office 365

•emails can be removed from the queue

•added new user group .log user. that can only view logs

•header from is now visible in the detail logs

•multiple bug fixes and performance improvements

 

Version 7.4.6 (Released 2016-05-24)

(neu in 7.4.6)

 

Security:

 

Fixes the following OpenSSL / LibreSSL issues:

•Memory corruption in the ASN.1 encoder (CVE-2016-2108)

•Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)

•EVP_EncodeUpdate overflow (CVE-2016-2105)

•EVP_EncryptUpdate overflow (CVE-2016-2106)

•ASN.1 BIO excessive memory allocation (CVE-2016-2109)

 

Admin GUI:

 

•Allow to change a user's ID

•Allow to filter mail log entries by colour

•Changed date formats in admin GUI to consistently use ISO 8601

•Show log entry number on details page

•Allow to specify multiple syslog servers for forwarding

•Allow multiple NTP server entries

•Allow to exclude specific ClamAV patterns

•Added a backup user to download backups via SCP

•Allow to specify threshold for load balancer (default threshold is 4 connections)

 

System:

 

•Significant performance enhancements (for all platforms)

•IPV6 support

•Added device ID to backup filename

•Automatically copy initial console network setup to GUI system settings

•Allow leading numbers in domain names

•Increase stability of SNMP daemon

•Added possibility to choose syslog protocol

 

Version 7.2.4 (Released 2015-07-03)

(neu in 7.4.2)

 

NOTE:

Security update for logjam vulnerability

 

Base System:

 

•Update base system

•Performance enhancements for Microsoft Hyper-V appliances

•Update ClamAV engine

•Update apache to version 2.4.12

•Allow to specify HELO name

•Small bugfixes, mainly

oFix log file download (remove trailing HTML code)

oFix log search for IP addresses

oFix load balancer activation when using chrome browser

•Switch from OpenSSL to LibreSSL

•Monitor snmpd in watchdog

•Possibility to activate attachment control (reject mails with executable content)

 

Version 7.0.4.1 (Released 2014-11-26)

(neu in 7.0.4.1)

 

NOTE:

The new version needs more RAM in the virtual version. If RAM is too low, a warning is shown in the web interface.

 

Base System:

 

•Update base system

•Completely remove sslv3, even from opportunistic postfix TLS (Poodle-Bleed)

•Possibility to forward logs to a syslog server

•Enabling of teaming / bond interface

•Load balancer for SMTP connections

•Option to delete old log archives automatically

 

HIN Mail GLOBAL:

 

•Configurable keywords to trigger GLOBAL-Mails

•Option to ignore the Microsoft Outlook confidential flag for GLOBAL-Mails