Release Notes 7.0.7
blog and release notes
|
Nov 3, 2020
Fixes
Moderate
- Earlier, kZorp daemon refreshed the Zone configuration in the kernel, even
when it was not necessary. Now, it works properly and Zone configuration is
refreshed if and only if the IP addresses have been changed related to a
hostname.
Consequently only Zone configurations containing hostname entries are
affected.
- The kernel module (kZorp) was not able to load if the
ipvlan
module had also
been loaded earlier and generated an error message to the kernel log. Now, the
problem area has been handled properly and any kernel module can be
loaded which creates network namespaces, without endangering the functionality
of the kZorp kernel module.
- Earlier, certain types of internet browsers (e.g.: Google Chrome) displayed
timeout-related error pages, generated by Zorp, right after the user had tried
to visit a website. The reason for this type of operation is that some clients
try to initiate a Transmission Control Protocol (TCP) connection to a
predicted server, which is likely to be visited by the user in the near
future. When the connection is timed out, Zorp sends an error page back,
the browser caches it and displays it to the user when the site is actually
visited. Now, Zorp sucessfully handles this behaviour of the browsers by
closing the transport layer connection instead of sending an error page to
the application layer.
- The certificate verification mechanism was changed unintentionally. Prior
to Zorp 7.0.3, when Zorp detected a missing CRL during the certificate
verification process, it considered the option
permit_missing_crl
and if
it was set to the value TRUE
the certificate was considered trusted.
With Zorp 7.0.4, 7.0.5 and 7.0.6 the certificate was considered
untrusted independently of the value of permit_missing_crl
option.
Now the option permit_missing_crl
is considered again and the verification
process functions as it did prior to Zorp 7.0.3 and according to
documentation.