mirror of https://github.com/fail2ban/fail2ban
changelog entries
sebres
parent
ffa9705412
commit
c8b036456d
30
ChangeLog
30
ChangeLog
|
|
@ -13,6 +13,15 @@ TODO: implementing of options resp. other tasks from PR #1346
|
|||
|
||||
### Fixes
|
||||
* [Grave] memory leak's fixed (gh-1277, gh-1234)
|
||||
* [Grave] Misleading date patterns defined more precisely (using extended syntax
|
||||
`%Ex[mdHMS]` for exact two-digit match or e. g. `%ExY` as more precise year
|
||||
pattern, within same century of last year and the next 3 years)
|
||||
* [Grave] extends date detector template with distance (position of match in
|
||||
log-line), to prevent grave collision using (re)ordered template list (e.g.
|
||||
find-spot of wrong date-match inside foreign input, misleading date patterns
|
||||
by ambiguous formats, etc.)
|
||||
* Distance collision check always prefers template with shortest distance
|
||||
(left for right) if date pattern is not anchored
|
||||
* Tricky bug fix: last position of log file will be never retrieved (gh-795),
|
||||
because of CASCADE all log entries will be deleted from logs table together with jail,
|
||||
if used "INSERT OR REPLACE" statement
|
||||
|
|
@ -28,6 +37,11 @@ TODO: implementing of options resp. other tasks from PR #1346
|
|||
* Pyinotify-backend: stability fix for sporadically errors in multi-threaded
|
||||
environment (without lock)
|
||||
* Fixed sporadically error in testCymruInfoNxdomain, because of unsorted values
|
||||
* Fixed UTC/GMT named time zone, using `%Z` and `%z` patterns
|
||||
(special case with 0 zone offset, see gh-1575)
|
||||
* `filter.d/freeswitch.conf`
|
||||
- Optional prefixes (server, daemon, dual time) if systemd daemon logs used (gh-1548)
|
||||
- User part rewritten to accept IPv6 resp. domain after "@" (gh-1548)
|
||||
|
||||
### New Features
|
||||
* IPv6 support:
|
||||
|
|
@ -118,6 +132,22 @@ fail2ban-client set loglevel INFO
|
|||
- new replacement for `<ADDR>` in opposition to `<HOST>`, for separate
|
||||
usage of 2 address groups only (regardless of `usedns`), `ip4` and `ip6`
|
||||
together, without host (dns)
|
||||
* More precise date template handling (WARNING: theoretically possible incompatibilities):
|
||||
- datedetector rewritten more strict as earlier;
|
||||
- default templates can be specified exacter using prefix/suffix syntax (via `datepattern`);
|
||||
- more as one date pattern can be specified using option `datepattern` now
|
||||
(new-line separated);
|
||||
- some default options like `datepattern` can be specified directly in
|
||||
section `[Definition]`, that avoids contrary usage of unnecessarily `[Init]`
|
||||
section, because of performance (each extra section costs time);
|
||||
- option `datepattern` can be specified in jail also (e. g. jails without filters
|
||||
or custom log-format, new-line separated for multiple patterns);
|
||||
- if first unnamed group specified in pattern, only this will be cut out from
|
||||
search log-line (e. g.: `^date:[({DATE})]` will cut out only datetime match
|
||||
pattern, and leaves `date:[] ...` for searching in filter);
|
||||
- faster match and fewer searching of appropriate templates
|
||||
(DateDetector.matchTime calls rarer DateTemplate.matchDate now);
|
||||
- several standard filters extended with exact prefixed or anchored date templates;
|
||||
* fail2ban-testcases:
|
||||
- `assertLogged` extended with parameter wait (to wait up to specified timeout,
|
||||
before we throw assert exception) + test cases rewritten using that
|
||||
|
|
|
|||
Loading…
Reference in New Issue