v12.2.0
The Inverse team is pleased to announce the immediate availability of PacketFence 12.2 - a minor release bringing interesting improvements!
ContentKeeper firewall SSO support
We are excited to announce that PacketFence is able to send SSO requests to ContentKeeper and update it in order to apply policies to end devices for internet access.
Added support for Unifi OS controllers (#7368)
We are also proud to annouce that PacketFence now supports Unifi OS controllers by adjusting the port and adding a prefix path.
Added support for downloadable ACLs on Cisco and Dell switches
PacketFence is now able to send Downloadable ACLs to Cisco and Dell switches. When the ACLs exceed the size of the RADIUS reply, PacketFence can trigger the downloadable ACLs and send a chuck of ACLs through multiples access-challenges.
Here's the complete list of changes included in this release:
New Features
- Content Keeper firewall SSO support
- Added support for Unifi OS controllers (#7368)
- Added support for downloadable ACLs on Cisco and Dell switches
Enhancements
- Allow ProxySQL to be configured to connect to a single external database
- Allow image files to be uploaded in a connection profile
- Added System Service and systemd buttons in Admin UI
- Online/offline doesn't rely on recording the bandwidth accounting data anymore
- Pending security events added to network threats visualization
- Allow to expose the fingerbank_info variable to all HTML portal templates (#7460)
- VLAN filters actions can now be done synchronously (#7351)
- Support for wired connections on Ruckus SmartZone
- Improve support of WebAuth on Aruba AP (#7470)
- Allow configurability of using the connector during firewall SSO
- New api call /api/v1/config/role/{role_id}/bulk_reevaluate_access
- Add warnings/errors when updating ACLs for roles and switches
- Azure SAML integration documentation
- Change log levels of Perl services using environment variable (#7487)
- Containerization
pfacct
service - Add not_before to PKI certificates (#7454)
- Support for out acls if the switch support it (#7560)
- Improvements and support for dACL in supported material (#7561)
Bug Fixes
- Force the destination IP for UDP packets going through the pfconnector (#7323)
- Clear the active dynamic reverses that exist when a pfconnector reconnects
- OpenID Authentication Source -Duplicated Username (#7399)
- Unable to upgrade to Debian 11.6 with PF 11.X and 12.X (#7438)
- Trust server certificates when provisioning Apple devices for EAP-TLS (#7428)
- Use WPA2 in place of WPA when provisioning Apple devices (#7428)
- Creating/modifying/deleting a syslog forwarder should prompt to restart rsyslog in the admin (#6532)
- Fixed UTF-8 encoding in email body (#7422)
- Escape quotes in LDAP passwords (AD source: too complex passwords prevent RADIUS to start #3976)
- Use the proper file extensions when uploading SAML config files. (ZEN 12.1 - XML File Renamed on upload. #7439)
- Return immediately after an async job is complete (Rework pfqueue results polling #7175)
- Fixed issue with Aruba DACL, only the first ACL was shown in the port
- ZEN 12.1 installations will generate a new RADIUS key after a reboot (#7568)
- Disable DNS lookup in sudo to prevent API timeouts and interfaces not detected (#7403)
- RADIUS source+pfconnector is not working in admin context (#7550)