github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

DOC: keeping Changelog release-phrases uniform, simplified intro, unified

pull/420/head
Yaroslav Halchenko 2013-11-06 14:04:30 -05:00
parent f26fba9c19
commit 28ee7ba123
1 changed files with 19 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
ChangeLog
View File

@ -7,36 +7,33 @@
Fail2Ban (version 0.8.11.pre1) 2013/10/30 Fail2Ban (version 0.8.11.pre1) 2013/10/30
================================================================================ ================================================================================
ver. 0.8.11 (2013/11/XXX) - loves-unittests and tight, DoS free, filter regexes ver. 0.8.11 (2013/11/XXX) - loves-unittests-and-tight-DoS-free-filter-regexes
----------- -----------
In light of CVE-2013-2178 that triggered our last release we have put a In light of CVE-2013-2178 that triggered our last release we have put
significant effort into tightening all of the regexs of our filters to avoid a significant effort into tightening all of the regexs of our filters
another similar vulnerability. All filters have been updated and some to to avoid another similar vulnerability. All filters have been updated
include more failure regexs supporting previously unbanned failures and and some to catch more login/authentication failures and to support
support for newer application versions too. There are test cases for most log for newer application versions. There are test cases for most log
cases of failures now. cases of failures now.
As usual if you have other examples that demonstrate that a filter is As usual, if you have other examples that demonstrate that a filter is
insufficient please give us an example log line on the github issue tracker insufficient, or if we have inadvertently introduced a regression,
http://github.com/fail2ban/fail2ban/issues and NOT on a random blog in some please provide us with example log lines on the github issue tracker
obscure corner of the Internet. http://github.com/fail2ban/fail2ban/issues and NOT on a random blog in
some obscure corner of the Internet.
During the tightening of the regexs to avoid DoS vulnerabilities there is the
possibility that we have inadvertently, despite our best intentions,
incorrectly allowed a failure to continue. We will fix this as quickly as
humanly possible.
- IMPORTANT incompatible changes: - IMPORTANT incompatible changes:
Filter name changes: Filter name changes:
* 'lighttpd-fastcgi' filter has been renamed to 'suhosin' * 'lighttpd-fastcgi' filter has been renamed to 'suhosin'
* 'sasl' has been renamed to 'postfix-sasl' * 'sasl' has been renamed to 'postfix-sasl'
These will require changing in jail.{conf,local} if using these filters. * 'exim' spam catching failregexes was split out into 'exim-spam'
Exim filter has been split into an spam and a relay/auth filter. These changes will require changing jail.{conf,local} if any of
those filters were used.
- Fixes: - Fixes:
Daniel Black & Marcel Dopita Daniel Black & Marcel Dopita
* filter.d/apache-auth -- fixed and apache auth samples provide. closes #286 * filter.d/apache-auth -- fixed and apache auth samples provide. Closes gh-286
Yaroslav Halchenko Yaroslav Halchenko
* filter.d/common.conf -- make colon after [daemon] optional. Closes gh-267 * filter.d/common.conf -- make colon after [daemon] optional. Closes gh-267
* filter.d/apache-common.conf -- support apache 2.4 more detailed error * filter.d/apache-common.conf -- support apache 2.4 more detailed error
@ -62,8 +59,8 @@ humanly possible.
* filter.d/asterisk -- more regexes * filter.d/asterisk -- more regexes
Daniel Black Daniel Black
* action.d/hostsdeny -- NOTE: new dependancy 'ed'. Switched to use 'ed' across * action.d/hostsdeny -- NOTE: new dependancy 'ed'. Switched to use 'ed' across
all platforms to ensure permissions are the same before and after a ban - all platforms to ensure permissions are the same before and after a ban.
closes gh-266. hostsdeny supports daemon_list now too. Closes gh-266. hostsdeny supports daemon_list now too.
* action.d/bsd-ipfw - action option unsed. Change blocktype to port unreach * action.d/bsd-ipfw - action option unsed. Change blocktype to port unreach
instead of deny for consistancy. instead of deny for consistancy.
* filter.d/dovecot - added to support different dovecot failure * filter.d/dovecot - added to support different dovecot failure
@ -89,7 +86,7 @@ humanly possible.
https://bugzilla.redhat.com/show_bug.cgi?id=998020 https://bugzilla.redhat.com/show_bug.cgi?id=998020
John Doe (ache) John Doe (ache)
* action.d/bsd-ipfw.conf - invert actionstop logic to make exist status 0. * action.d/bsd-ipfw.conf - invert actionstop logic to make exist status 0.
closes gh-343. Closes gh-343.
JP Espinosa (Reviewed by O.Poplawski) JP Espinosa (Reviewed by O.Poplawski)
* files/redhat-initd - rewritten to use stock init.d functions thus * files/redhat-initd - rewritten to use stock init.d functions thus
avoiding problems with getpid. Also $network and iptables moved avoiding problems with getpid. Also $network and iptables moved
@ -163,7 +160,7 @@ humanly possible.
* filter.d/{courier{login,smtp},proftpd,sieve,wuftpd,xinetd} - General * filter.d/{courier{login,smtp},proftpd,sieve,wuftpd,xinetd} - General
regex impovements regex impovements
Zurd Zurd
* filter.d/postfix - add filter for VRFY failures. closes gh-322. * filter.d/postfix - add filter for VRFY failures. Closes gh-322.
Orion Poplawski Orion Poplawski
* fail2ban.d/ and jail.d/ directories are added to etc/fail2ban to facilitate * fail2ban.d/ and jail.d/ directories are added to etc/fail2ban to facilitate
their use their use