The Inverse team is pleased to announce the immediate availability of PacketFence v11.2. This is a major release with new features, enhancements and bug fixes. This release is considered ready for production use and upgrading from previous versions is strongly advised. What is PacketFence? PacketFence is a fully supported, trusted, Free and Open Source Network Access Control (NAC) solution. Boasting an impressive feature set, PacketFence can be used to effectively secure small to very large heterogeneous networks.
Among the features provided by PacketFence, there are: powerful BYOD (Bring Your Own Device) capabilities multiple enforcement methods including Role-Based Access Control (RBAC) and hotspot-style built-in network behaviour anomaly detection state-of-the art devices identification with Fingerbank compliance checks for endpoints present on your network integration with various vulnerability scanners, intrusion detection solutions, security agents and firewalls bandwidth accounting for all devices A complete overview of the solution is available from the official website: https://packetfence.org/about.html Changes Since Previous Release New Features Added MAB floating device support to Ruckus/Brocade switches (#6774) Support for roles in VPN access Allow to centralize the virtual IPs on the same server (#6853) Added support for Kandji MDM as a provisioner OpenWiFi switch module Allow to manage devices (unregister) when reaching max nodes (#6860) ISO installer based on Debian 11 (#6803) Enhancements Allow Meraki::MR_v2 module to be able to use a RADIUS Disconnect instead of only a RADIUS CoA Simplify local development of Venom tests (#6711) Integration tests on Fingerbank (#6725, #6786, #6798, #6816) Integration tests on captive portal (#6744) Integration tests for CLI login (#6783) Upgrade to Venom 1.0.0 (#6775) Upload logs of tests (#6784) Management of TLS minimum and maximum versions in GUI (#6773) Integration tests for Inline L2 and L3 (#6769) Drastically improved the performance of the Ruckus unbound DPSK implementation (#6817) Added an admin action to allow RADIUS Probe requests Allow access to the Status/Node Manager/Device Registration pages on SAML auth. Give each monitoring script a maximum of 10 seconds to run (#6828) Resign CA feature in PKI (#6770) Allow to download any certificates without private key using a button (#6778) Fixes date format of the PKI SQL tables (#6823) Use the Digest of the profile on SCEP request (#6823) Improve CLI login support on Ubiquiti Edge switches (#6727) Expose the open locationlog as a variable to switch templates. Improve the speed on the node online query. Message portal module can be used without the portal template. The ip6tables rules are now managed by PacketFence (#6836) Certificate signing requests created via the admin interface now include a Subject Alternative Name (SAN) The Subject Alternative Names of a certificate are now displayed in the admin interface SSL Certificates - RADIUS / HTTPs page Simple GUI Enhancements (wording clarification) (#6613) New mysql-probe service to monitor haproxy-db backends Allow to add environment overrides to Fingerbank collector via the config (#6854) Change the behavior of pf::condition::not_equal to always succeed when match value is undef Allow to renew certificate X days before the expiration date Send email X days before the expiration date to the user email/ profile email / administrator PKI CN provides certificate for the same CN but for different profiles (profile name added in Subject) Auto-revoke certificate if expired PKI actions are now logged to the admin API audit log Reduce list of accepted ciphers in haproxy-portal and haproxy-admin to reinforce security Improved the performance of the bandwidth accounting cleanup process (#6850) Purge binary logs task Integration tests for firewall SSO (HTTPS/RADIUS) (#6822) Add text warning on unreg date when past date is used (#6871) Add an option to sync a single ConfigStore storage in the bin/cluster/sync tool (#6904) Updated PayPal integration documentation Bug Fixes Reply to Windows devices configured through Intune even if they requested a non-existing URL (#6687) Add RADIUS audit log entry in correct tenant when switches are defined by MAC address (#6540) Fixed issue with edition of PKI template (#6713) Fixed issue on PKI template save (#6749) Fixed issue on PKI templates can be modified by a SCEP request (#6751) Fixed issue with PKI From value when sending certificate by email (#6370) Fixed documentation for Huawei (PR #6692) Fixed issue when pulling the wrong certificate only based on the cn (#5861) Fixed regression in the Unifi module for deauthentication of webauth clients when the APs are defined using an IP or CIDR in the configuration (#6686) Fixed revoke certificate on unregistration (#6826) Send certificates by email using alerting settings (#5917) Validate email format on TLS Enrollment form Fixed issue where portal could apply actions from different auth rules (#6896) Handle DBI library ping call dying in pfconfig MySQL backend (#6895) See https://github.com/inverse-inc/packetfence/compare/v11.1.0...v11.2.0 for the complete change log. See the Upgrade guide for notes about upgrading: https://packetfence.org/doc/PacketFence_Upgrade_Guide.html Getting PacketFence PacketFence is free software and is distributed under the GNU GPL. As such, you are free to download and try it by either getting the new release or by getting the sources: https://packetfence.org/download.html Documentation about the installation and configuration of PacketFence is also available: https://packetfence.org/support/index.html#/documentation How Can I Help? PacketFence is a collaborative effort in order to create the best Free and Open Source NAC solution. There are multiple ways you can contribute to the project: Documentation reviews, enhancements and translations Feature requests or by sharing your ideas Participate in the discussion on mailing lists (https://packetfence.org/support/index.html#/community) Patches for bugs or enhancements Provide new translations of remediation pages Getting Support For any questions, do not hesitate to contact us by writing to supp...@inverse.ca You can also fill our online form (https://inverse.ca/#contact) and a representative from Inverse will contact you. Inverse offers professional services to organizations willing to secure their wired and wireless networks with the PacketFence solution.
_______________________________________________ PacketFence-devel mailing list PacketFence-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-devel
