18.104.22.168A5E built on December 21, 2018 (Stable Release)
A lot of breaking changes in the development stack.
- Base platform moved to Ubuntu 18 LTS.
- Required Python version is now 3 instead of 2.
- Required Django version is now 2.1.2 instead of 1.11.
- Squid proxy is now version 4.4.
- FreeBSD 11, pfSense 2.4 and Raspbian 9 builds are available (status is still experimental)
22.214.171.1247 built on July 5, 2018
- YouTube Guard filtering daemon now runs as a separate process. This allows to filter traffic by both Google Safe Browsing and YouTube modules.
- UI of YouTube filtering rules is completely rewritten, it is now possible to selectively filter YouTube videos by policies (enable for students, disable for staff).
- Fixed error in policy filtering exclusions by remote domain IP address.
- Added initial support for Ubuntu 18 LTS and Squid 4.
- Added advanced field to manually add to NIC management file /etc/network/interfaces on Ubuntu 16 and Debian 9.
- Builds for FreeBSD(pfSense) are not produced any more, please use version 6.3 if you require running Web Safety on FreeBSD(pfSense). We are now trying to build a separate product for pfSense platform.
126.96.36.1996A built on May 30, 2018
- Added experimental YouTube guard module. The module allows administrator to limit the watched videos on YouTube by video category, channel ID and video ID. The module is implemented as Squid’s URL redirector hence it cannot work together with Google Safe Browsing URL redirector. The status of the module is experimental thus user feedback is needed to decide it this module is worth including into production build.
- Completely redesigned and reimplemented the Surfing Now module. It is now easier to see what sites are browsed most and what sites are blocked most currently.
- Added CTIRU list of prohibited URLs. Schools in the UK are required to block access to contents from the CTIRU list.
- Fixed error when squidclient was not able to get the runtime information from squid in cluster deployments utilizing PROXY protocol.
- Added Dynamic categorizers for Dating, Weapons, Alcohol, Games.
- Various smaller fixes and improvements.
6.2.0.FD48 built on April 13, 2018
- Added new dynamic site categorization module. This module works on both requests and response. When categorizing requests URL, Referer and Host headers are scanned. When categorizing responses - textual contents of pages are scanned. Currently there are dynamic categorizer for Nudity Pornography, Adult Themes Sexuality, Drugs and Gambling categories, but more and more categorizers will be added with each release. We target to finally have all available categories covered.
- Redesigned and reimplemented deep content inspection engine. The speed of content inspection is a little improved. Detection is now done faster. The amount of used RAM when performing adult language detection is greatly decreased (approx 10 times).
- Builds for Raspberry PI are not produced any more, please use version 6.1 if you require running Web Safety on Raspberry PI.
- Web Safety is now being published on Microsoft Azure Marketplace.
188.8.131.525 built on January 15, 2018
- Added URL rewriter for Google Safe Browsing (Update API v4). It is now possible to check each URL for malware and malicious links. You would need to register on Google Cloud Platform and obtain your own API key. More information is at https://developers.google.com/safe-browsing/v4/get-started.
- Redesigned exclusions in UI. There is only one list of exclusions now. It is possible to further specify what exclusions are needed for each list entry. Supported exclusions are “Skip HTTPS decryption (SSL Bump)”, “Bypass proxy authentication”, “Bypass web filter and antivirus scan”, “Do not cache HTML pages” and “Bypass Google Safe Browsing”.
- The only recommended platform for production deployment is now Ubuntu 16. We have decomissioned the CentOS 7 as recommended for production use. CentOS 7 support regains experimental status. Experimental means we are not using it in everyday “eat-your-own-dogfood” deployments, but it is being normally tested though and can be used in most non mission critical deployments, labs and experiments.
184.108.40.206A63 December 18, 2017
- Added ability to block comments and related videos on YouTube.
- (breaking change!) Admin UI updated from Django 1.8.17 to Django 1.11.7
- The backup/restore functionality was completely redesigned. It is now possible to directly import configuration backup from older version of the product.
- Added special community build of the product. This build is based on FOSS components and does not cost a cent to run. Squid proxy, Admin UI to manage it, Traffic Monitor and ClamAV eCAP antivirus are included.
- (breaking change!) Due to the community version added we had to change the license scheme, license keys from versions <= 5.2 are not applicable for version 6.0+ and need to be regenerated. Please contact email@example.com to regenerate your license key free of charge.
- Added support for haproxy’s PROXY protocol, now it is possible to know the user’s IP in cluster deployments. Policies can be applied by the IP address/range/subnet and not by only Active Directory.
- Kerberos REALM field is moved to UI/Squid/Auth/Kerberos. Now is possible to use NTLM or LDAP authentication without configuring any Kerberos setting at all.
220.127.116.11A October 18, 2017
- Added management sections for Squid cache (refresh patterns) and logging submodules to Admin UI.
- New version of definition files database.
- Added support for “brotli” transfer encoding, greatly improving filtering on YouTube and other Google services.
- Improved correctness of traffic monitoring reports built over the Squid access logs.
18.104.22.1683A August 9, 2017
- Added ability to bypass blocked page for designated policies. Bypass can also be done using tokens (passwords).
- Added missing intermediate certificate storage management. It is now easy to implement HTTPS filtering for incorrectly configured HTTPS sites.
- Web UI now generates only Peek-N-Splice HTTPS filtering directives for Squid. If you still have Squid 3.3.8 - DO NOT use this version. Peek-N-Splice requires at least Squid 3.5.23 (this version is used in our Virtual Appliance).
5.0.0.09DD May 30, 2017
- Breaking changes: installation folder is now /opt/websafety instead of /opt/qlproxy, ICAP web filtering daemon and traffic monitor runs as websafety user instead of qlproxy user.
- Added SSL Server Test tool that allows administrator to check for problems with HTTPS filter configuration in Squid.
22.214.171.124B2 February 16, 2017
- This version contains support for integration with Cisco ASA firewalls/routers using WCCP protocol and ability to automatically synchronize configuration among several filtering nodes.
- Django updated from 1.6.11 to 1.8.17 (breaking change).
- Added proxy authentication based on list of users (htpasswd) and pseudo proxy authentication by mapping IP addresses or MAC addresses of proxy clients to labels.
126.96.36.1995B December 10, 2016
- This version contains new categorization database with a couple of new categories added and a little reorganized existing categories. It is finally also possible to re-categorize domains according to your wishes.
- We have also added the ability to block all non categorized sites although this is not so much useful given the small number of entries in our categorization database. Hopefully when it grows with the help of fellow admins who enable re-categorization sync it will be much better.
- Our final goal is fully functional Squid Web UI and this version brings the foundation to reach it. Now all Squid configuration is ready to be managed from Web UI (we have added all template generators for all squid configuration sections) but it will last a while until we are able to add all sections into Web UI. Please share which Squid settings you’d like to see first.
188.8.131.52AAA November 10, 2016
- Reimplemented YouTube Strict and Moderate filtering to match changes announced by Google
- Added various reports based on Squid logs
- Added ability to send reports to administrators e-mail.
- Changes for the older versions of the product are removed for clarity.