Zorp GPL

The security middleware.

Release Notes 7.0.7

Fixes

Moderate

  • Earlier, kZorp daemon refreshed the Zone configuration in the kernel, even when it was not necessary. Now, it works properly and Zone configuration is refreshed if and only if the IP addresses have been changed related to a hostname. Consequently only Zone configurations containing hostname entries are affected.
  • The kernel module (kZorp) was not able to load if the ipvlan module had also been loaded earlier and generated an error message to the kernel log. Now, the problem area has been handled properly and any kernel module can be loaded which creates network namespaces, without endangering the functionality of the kZorp kernel module.
  • Earlier, certain types of internet browsers (e.g.: Google Chrome) displayed timeout-related error pages, generated by Zorp, right after the user had tried to visit a website. The reason for this type of operation is that some clients try to initiate a Transmission Control Protocol (TCP) connection to a predicted server, which is likely to be visited by the user in the near future. When the connection is timed out, Zorp sends an error page back, the browser caches it and displays it to the user when the site is actually visited. Now, Zorp sucessfully handles this behaviour of the browsers by closing the transport layer connection instead of sending an error page to the application layer.
  • The certificate verification mechanism was changed unintentionally. Prior to Zorp 7.0.3, when Zorp detected a missing CRL during the certificate verification process, it considered the option permit_missing_crl and if it was set to the value TRUE the certificate was considered trusted. With Zorp 7.0.4, 7.0.5 and 7.0.6 the certificate was considered untrusted independently of the value of permit_missing_crl option. Now the option permit_missing_crl is considered again and the verification process functions as it did prior to Zorp 7.0.3 and according to documentation.
Newer >>