-
0.9.1a0115ee4 · ·
What aught to be a bugfix release delayed into a featured release 0.9.1 ver. 0.9.1 (2014/10/29) - better, faster, stronger ---------- - Refactoring (IMPORTANT -- Please review your setup and configuration): * iptables-common.conf replaced iptables-blocktype.conf (iptables-blocktype.local should still be read) and now also provides defaults for the chain, port, protocol and name tags - Fixes: * start of file2ban aborted (on slow hosts, systemd considers the server has been timed out and kills him), see gh-824 * UTF-8 fixes in pure-ftp thanks to Johannes Weberhofer. Closes gh-806. * systemd backend error on bad utf-8 in python3 * badips.py action error when logging HTTP error raised with badips request * fail2ban-regex failed to work in python3 due to space/tab mix * recidive regex samples incorrect log level * journalmatch for recidive incorrect PRIORITY * loglevel couldn't be changed in fail2ban.conf * Handle case when no sqlite library is available for persistent database * Only reban once per IP from database on fail2ban restart * Nginx filter to support missing server_name. Closes gh-676 * fail2ban-regex assertion error caused by miscount missed lines with multiline regex * Fix actions failing to execute for Python 3.4.0. Workaround for http://bugs.python.org/issue21207 * Database now returns persistent bans on restart (bantime < 0) * Recursive action tags now fully processed. Fixes issue with bsd-ipfw action * Fixed TypeError with "ipfailures" and "ipjailfailures" action tags. Thanks Serg G. Brester * Correct times for non-timezone date times formats during DST * Pass a copy of, not original, aInfo into actions to avoid side-effects * Per-distribution paths to the exim's main log * Ignored IPs are no longer banned when being restored from persistent database * Manually unbanned IPs are now removed from persistent database, such they wont be banned again when Fail2Ban is restarted * Pass "bantime" parameter to the actions in default jail's action definition(s) * filters.d/sieve.conf - fixed typo in _daemon. Thanks Jisoo Park * cyrus-imap -- also catch also failed logins via secured (imaps/pop3s). Regression was introduced while strengthening failregex in 0.8.11 (bd175f) Debian bug #755173 * postfix-sasl - added journalmatch. Thanks Luc Maisonobe * postfix* - match with a new daemon string (postfix/submission/smtpd). Closes gh-804 . Thanks Paul Traina * apache - added filter for AH01630 client denied by server configuration. - New features: - New filters: - monit Thanks Jason H Martin - directadmin Thanks niorg - apache-shellshock Thanks Eugene Hopkinson (SlowRiot) - New actions: - symbiosis-blacklist-allports for Bytemark symbiosis firewall - fail2ban-client can fetch the running server version - Added Cloudflare API action - Enhancements * Start performance of fail2ban-client (and tests) increased, start time and cpu usage rapidly reduced. Introduced a shared storage logic, to bypass reading lots of config files (see gh-824). Thanks to Joost Molenaar for good catch (reported gh-820). * Fail2ban-regex - add print-all-matched option. Closes gh-652 * Suppress fail2ban-client warnings for non-critical config options * Match non "Bye Bye" disconnect messages for sshd locked account regex * courier-smtp filter: - match lines with user names - match lines containing "535 Authentication failed" attempts * Add <chain> tag to iptables-ipsets * Realign fail2ban log output with white space to improve readability. Does not affect SYSLOG output * Log unhandled exceptions * cyrus-imap: catch "user not found" attempts * Add support for Portsentry -
debian-0.9.X296a8403 · ·
-
-
-
-
-
-
-
-
-
0.9.0a22c1199cc · ·
Tagging 0.9 branch a2 to ease people's testing of it and again have a reasonable 'git describe' within 0.9