Releases: CactuseSecurity/firewall-orchestrator
Releases · CactuseSecurity/firewall-orchestrator
v8.3.1 Fix missing group members in Check Point importer
v8.3 Consolidated maintenance release
- smaller bugfixes and improvements
- new report type rules per owner/app
v8.2 Modelling - New Request Interface Workflow
What's Changed
- iconify modelling
- first version of NSX import module
- add maintenance page during upgrade
- sample customizing py script with sample data, closes Installer customizable config (settings) #2275
- remove log locking from importer due to stalling importer stops
- credentials encryption, closes encrypt passwords and keys #1508
- breaking change for developer debugging: add the following local file when using -e testkeys=true: /etc/fworch/secrets/main_key with content "not4production..not4production.."
- add custom (user-defined) fields to import (cp only so far, other fw types missing, user-defined fields are not part of reports yet)
- interface request workflow
- encrypt emailPassword in config
- fix demo managements (change import from deactivated to activated - does not affect test managements)
- upgrade to dotnet 8.0
- adding all imported modelling users to uiuser
Full Changelog: v8.0...v8.2
v8.0 New Network Modelling Module
- Introducing new Network Modelling module
- allows your organisation to define the target state of all network connection on a per-application basis (or other distributed ownerships)
- Backend
- Introducing Scheduled import change notification including inline or attached change report (replacing simple import notification from import module)
- UI
- New look and feel: Moving to vanilla bootstrap css v5.3.2 (allowing for future up to date css usage)
- Installer (breaking change!)
- introducing venv for newer ansible versions and thereby removing annoying ansible version handling in installer (see https://github.com/CactuseSecurity/firewall-orchestrator/blob/main/documentation/installer/basic-installation.md for details)
- bugfixes for
- import log locking
- integration tests with credentials when installing without demo data
- pdf creation on debian testing plattform (trixie)
v7.3 Tenant-filtering for shared firewall gateways
- new features
- recertification: new rule ownership
- customizable UI texts
- starting target state module with introducing new role "modeller"
- adding tenant ip filtering
- adding tenant simulation (exluding statistical report and recertification) including scheduling
- maintenance / bug-fixing
- complete re-work: all ip addresses are now internally represented as ranges, including all networks
- UI:
- do not show super managers in RSB all tab
- Use production / development based on the build type instead of always using development.
- do not show detailed errors in production mode + use the custom error page in the production environment
- bug fix jwt expiry, jwt expiry timer now works as intended
- unifying IP addresses display method across all parts
- fix filtering for rules with negated source / destination or single negated ip ranges
- Database:
- removing unused materialized view for tenant ip filtering
- Installer
- fix upgrade become issue in middleware ldif files
- fix client/server db sort order mismatch (collate)
- fix postgresql_query module reference
- adding simulated changes to fwodemodata (fortigate)
- add check for successful publishing dotnet (mw, ui)
- Importer
- fortiOS: fix importer action field
- fortimanager: ignore missing negate fields
- Check Point: adding Inform action
- Check Point: adding new network object type 'external-gateway' (for interoperable-dervice)
- Check Point: adding network object type support for 'CpmiVsClusterNetobj' (for VSX virtual switches)
- API:
- upgrade hasura to 2.34.0
- restrictions
- since tenant filtering is not done in the API but in the UI, the API should not be exposed to the tenants
v7.0 Compliance Matrix et al.
- UI adding compliance matrix module
- UI Reporting - unused rules report including delete ticket integration
- importer new email notification on security relevant import changes
- importer CPR8x: basic support for importing inline layers
v6.4.3 hotfix global config subscription timeout
default settings not refreshed after 12h timeout
v6.4.2 Hotfix Log File Locking
Addressing the issue of log rotate stalling when UI log is not written to (mainly prod environments)
v6.4.1 FortiGate REST importer - adding Internet Service Support
- also upgrading to hasura 2.26.0
- fixes around network object group handling and ipv6 support
v6.4 New Import Module for FortiOS REST API
- new import module FortiOS REST importer
- hasura upgrade to 2.24.1
- json export for resolved changes
- hotfix cpr8x importer: handle empty section titles