Sun 14th January 2001 - version 0.5.0 - alpha
First release missing licensing info and seriously alpha.
Wed 16th January 2001 - version 0.5.2 - alpha
Lots of redundant code removed. Comments added. Lots of debug removed. All the options work now.
Mon 22nd January 2001 - version 0.5.3 - alpha
SysV Script included. Makefile for easier installation and compilation included.
Thu 25th January 2001 - version 0.6.0 - beta
DataBuffer class totally rewritten for more speed and better programming style. POST bug fixed. Generally tidied code and optimised.
Fri 26th January 2001 - version 0.6.1 - beta
Incomplete page bug fixed. More comments added. Code tidied slightly.
Sun 28th January 2001 - version 0.6.2 - beta
New POST bug fixed. Makefile bug corrected.
Wed 31st January 2001 - version 0.6.3 - beta
HTTP/1.1 persistent connection capable browsers bug fixed. I.e. Netscape and IE now work properly. Slightly more code comments added.
Sun 4th February 2001 - version 0.7.0 - beta 2
Added 2 new features; denied mime-type and extension list filtering. So now you can stop kiddies downloading porn movies and hacking software. Fixed bug with url encoded reporting. Banned phrase list config file name change.
Fri 9th February 2001 - version 0.7.1 - beta 2
All of the warnings caused by lack of casting etc in the source code are now removed so it should compile on more pedantic compilers.
Sat 10th February 2001 - version 0.7.2 - beta 2
Once started it becomes the user squid rather than root for increased security. Also a couple of mis-features which prevented successful compilation on SuSE 6.4 have been fixed.
Sun 11th February 2001 - version 0.7.3 - beta 2
The denied url perl script page is now automatically in the exceptions so that people who don't have 'no proxy on' set to the server with the script don't have DG go in an endless loop. Bug that caused sites in the exceptions list to cause DG to crash fixed. This bug was introduced around 0.7.0. The format of the bannedphraselist file is now improved. All the config files can have comments now. DG can now cope with the list config files having extra space or CR characters. These are stripped.
Sun 18th February 2001 - version 0.8.0 - beta 3
Logging added. It logs in the following format:
Date Time reserved SourceIP RequestedURL DenialMessage(if any)
It does not log who. The user would only get logged in squids log file. The log files are rotated via a crontab script so the rotation frequency is totally customisable. Now DansGuardian runs as the group squid as well as the user squid for further security. We now have a logo. PICs in config file renamed to correct name PICS. Bug with file upload forms fixed.
Mon 19th March 2001 - version 0.8.1 - beta 3
The logging now logs what type of request it was for a page; GET, PUT, POST, HEAD, etc. Debugging code that logged normal and expected exceptions to syslog is now removed. Speed improvements and tidier socket closing and correct usage of signals. Improved bannedphraselist file is included. Full documentation. New FAQ.
Sun 25th March 2001 - version 0.8.2 - beta 3
Fixes several web forms bugs caused usually by Netscape 'features'. This version requires a later version of nb++ with extra functionality added by yours truly.
Wed 28th March 2001 - version 0.8.3 - beta 3
Added an option to configure the Access Denied page reporting. You can now have 3 types; simple 'Access Denied' - brief reporting which does not show the banned phrase - and the normal full report. The second option is useful for schools with youngsters.
Sun 8th April 2001 - version 0.8.4 - beta 3
Made DansGuardian compatible with the latest nb++. This later version includes an extra feature needed by DansGuardian as well as DoS, and general bug fixes not included in the 0.5.0 on their site.
Sat 14th April 2001 - version 0.8.5 - beta 3
Obsolete option in conf file removed. 'accessdeniedaddress' now in the correct part of the conf file. Fixed bug that caused odd blank log entries. Fixed bug which caused an occasional site or page to bypass the filter. The max url length (header line length) has been increased to 8192 from 1024. Headers are now checked for non-standard behaviour from browsers and servers and modified on the fly. Hopefully fixed the 'Netscape malformed url' bug. Hopefully fixed a new 302 Redirect bug. Has been tested with nb++ 0.5.3. And finally added a more intelligent page scanning (phrase checking) option which removes multiple blank spaces and HTML code so that it is more likely a banned phrase is found. PS, this version is also quicker.
Sun 22nd April 2001 - version 0.8.6 - beta 3
Added SSL Tunnelling support so now DansGuardian can handle HTTPS. It does not filter HTTPS - it just tunnels it through. Socket closing code improved.
Sat 28th April 2001 - version 0.8.7 - beta 3
Added phrase combination filtering and improved cgi script.
Sat 12th May 2001 - version 0.9.0 - pre-stable
Quitting bug work-around implemented. Better setuid error handling (i.e. non-existent user does not cause segfault). Vastly improved Makefile which removes all hard coded configuration options from the C++ source code. Support for chkconfig added. Now runs as nobody, rather than squid for better cross-distribution compatibility. And a new ip exceptions feature which allows certain client ips to bypass the filter. Total feature freeze. Total configuration file format freeze. Widescale beta testing started. The only changes that will be made will be bug fixes.
Sun 20th May 2001 - version 0.9.1 - pre-stable
Slight mistake in Makefile corrected. The PICS checking code is now less pedantic about the label being exactly right. This allows sites that badly construct their PICS labelling such as playboy to be blocked.
Tue 5th June 2001 - version 1.0.0 - stable
Vastly improved checking for errors in config files so it no-longer freezes when one is missing, for example.
Sun 10th June 2001 - version 1.1.0 - beta
Improved SSL handling. String library dependency removed which makes it much easier to install. Improved logging. And a number of other minor improvements.
Sun 8th July 2001 - version 1.1.2 - pre-stable
Fixes a problem with compressed HTML content. Checks connection to proxy server and reports failure at startup. Some other minor changes.
Fri 13th July 2001 - version 1.1.3 - pre-stable
Fixes a problem with file extension blocking. Config file commenting support improved.
Fri 20th July 2001 - version 1.1.4 - pre-stable
Fixes a major bug in 1.1.3 with content filtering not working.
Mon 23rd July 2001 - version 1.1.5 - pre-stable
Fixes a minor mis-feature with conf file reading.
Fri 5th October 2001 - version 2.0.0 - pre8 - beta
A whole new version with lots of improvements.
Sat 13th October 2001 - version 2.0.0 - pre9 - pre-stable
dansguardian -v gives proper message now. LICENSE file included now. Missing steath-mode option in conf file reinstated. Fixed mistake is logrotation script. Added banned phrase exception feature.
Sun 4th November 2001 - version 2.1.0-4 - pre-stable
Fixed bug in 2.0.0 which caused it to stop responding after a while. Fixed lots of other bugs including mimetype filtering and exceptionsitelist. Runs on Solaris 8. Now has url/domain filtering just like squidGuard, but much faster. Nicer perl script. Slightly improved speed. Improved stop/start scripts.
Wed 7th November 2001 - version 2.1.1 - pre-stable
Fixed numerous small bugs causing problems matching the requested URL with the blocked or unblocked domain and URL list files. Added a '--prefix' option to the configure script. Man page on Solaris is now fixed.
Sat 10th November 2001 - version 2.1.2 - stable
Fixed small bug that switched off filtering or caused problems if some of the list files had no entries.
Sun 18th November 2001 - version 2.2.0 - beta
Added ident support for logging the username. Fixed small issue with man page for Solaris as it does not support gzipped man pages. Added regular expression URL support. Fixed small bug that switched off filtering or caused problems if some of the list files had no entries. Replaced search algorthm with one based on Quick Search. This gives an 87% speed increase in phrase matching. Made regular expression code comply with the reportinglevel. Added option so that DansGuardian can limit the listening to on one IP only. Fixed bug causing url and site matching problems when a port was specified in the URL. Added blanket blocking feature to bannedsitelist so it can now block all sites except those in the exceptionsitelist. Made username comparison case insensitive for people used to Windblows machines. Fixed an issue with --prefix and the configure script. Improved handling of odd entries in stock squidGuard lists. Fixed bug in URL extraction code to do with port numbers. Fixed bug which caused it to not block some domains in the bannedsitelist under certain conditions.
Wed 21st November 2001 - version 2.2.1 - pre-stable
Content-Encoding: deflate - finally works. Fixed bug in file extension checking which caused .com domains to be blocked. Added Blanket IP Block feature which allows IP based URLs to be blocked. Added forward dns lookup feature where it looks up the hostname for an IP based URL and checks for it in the bannedsitelist and bannedurllist. This closes a big security loop hole that allowed users to simply type the IP of a banned site instead to bypass the URL filtering. The forward dns lookup checks all the aliases for that IP as well. Improved the URL filtering so that all variants of web addresses don't need to be listed, eg www.domain.com and domain.com. Now just the highest level domain (domain.com) is needed.
Thu 27th December 2001 - version 2.2.2 - stable
Fixed small bug in xBSD start/stop script that failed to remove a temporary Unix Domain Socket file upon shutting it down. This problem caused errors such as 'Error connecting to ipc'. Fixed small bug for when the accessdeniedaddress setting contains a port number; it could cause an endless loop. Mainly affects SNF. (This version was only actually released Sun 6th January 2002).
Sat 12th January 2002 - version 2.2.3 - stable
Fixed an important bug that caused it to report the wrong name of the banned phrase found. This bug was introduced in version 2.2.2.
Mon 21st January 2002 - version 2.2.4 - stable
Fixed an issue with case sensitivity with file extensions and URL filtering.
Sun 10th February 2002 - version 2.2.5 - stable
Fixed an issue which caused DG to stop responding under very heavy load. Fixed a security issue that allowed file extension filtering to be bypassed.
Wed 13th February 2002 - version 2.2.5-1 - stable
Replaced included bannedphraselist file with the correct one. Improved included bannedextensionlist.
Sun 24th February 2002 - version 2.2.6 - stable
Improved handling under very heavy load. Added the username to the information passed to the perl reporting script.
Sun 10th March 2002 - version 2.2.7 - stable
Fixed 3 long standing memory leaks in the string handling code. Fixed a problem with URL matching not comparing the final character and so causing overblocking. Improved gcc 3 compatability (i.e. fixed some non-standard coding). Increased use of more appropriate C++ libraries rather than C libraries. Fixed a problem with overblocking banned file extensions and certain URLs. Most notably with hotmail attachments and also with pages that redirect.
Fri 15th March 2002 - version 2.2.7-1 - stable
Recompiled statically linked binaries with updated zlib. The fixes a double free bug in zlib which DansGuardian uses which makes it theoretically possible for a web site to cause denial of service or even run arbitrary code. This only affects those that do not compile from source but users are advised to update their zlib and recompile if needed.
Thu 28th March 2002 - version 2.2.8 - stable
Fixed a bug in the zlib code which caused certain pages in certain browsers to be half missing. Added a compile option to disable PICS filtering. The default included PICS settings are less strict and so more useable.
Mon 8th April 2002 - version 2.2.9 - stable
Implemented a work around to deal with broken browsers that pass invalid URLs which cause the URL filtering to not work. Slightly improved error checking on the accessdeniedaddress setting.
Tue 9th April 2002 - version 2.2.9-1 - stable
Fixed a bug introduced in 2.2.9 which makes DansGuardian think that https is a malformed URL.
Mon 22nd April 2002 - version 2.2.10 - stable
Fixed a bug where an unused socket FD was left hanging. Fixed a bug where Netscape 6.2 users would be blocked with an 'Malformed URL' error. Fixed a bug with overblocking and file extensions. Fixed a bug where stdin was getting closed too early.
Wed 30th January 2002 - version 2.3.0 - alpha - not public
Total rewrite of the phrase searching code. Now it uses an advanced Deterministic Finite Automata Graph Algorithm. This means the searching on large phrase lists is faster by several times. On small lists it makes no difference, but lists over 300 no longer slow it down as much as it used to. The rewrite was also to allow support of weighted phrases. This part represents 90% of the time spent over the past 12 weeks.
Almost all console errors are now logged in SysLog for easier problem solving.
The exception matching now logs (configurable) exception hits which makes it easier to find out why a certain page is not blocking.
Exception phrases are now seperated into a different file for ease of maintaining and no longer need the '!'.
A new weighted phrase system has been added where phrases can be assigned a good or bad value. If the totals for the page are over a configurable limit then it will block. This allows for much finer control of filtering and will reduce over or under blocking.
Banned, weighted and exception phrases can all use combinations. Previously it was just banned phrases that had this feature.
There is now a banned user list and banned ip list.
Better Debian and RedHat 7.2 support has been added to the configure and Makefiles.
The log format now includes the size of the requested page or file.
Blanket blocking now logs the IP the user was trying to get to.
Overall the code is faster, but has more features.
Thu 14th February 2002 - version 2.3.1-1 - alpha
Fixed an issue which caused DG to stop responding under very heavy load. Fixed a security issue that allowed file extension filtering to be bypassed. Improved included bannedextensionlist. Added 8-bit support back in so Big5, Unicode and top-bit set characters can again be searched for.
Sun 17th February 2002 - version 2.3.2 - alpha
Improved String class speed. Added basic url filtering for https. Improved included weightedphraselist.
Fri 1st March 2002 - version 2.3.3 - late-alpha
Added -HUP and 'dansguardian -r' support. Better handling of tabs in list files. Optional CSV format log file format. Better banned file extension list. Improved handling under very heavy load. Added the username to the information passed to the perl reporting script. Reworked some of the code for more speed. Better phrase lists. Weighted phrase matching can now optionally log and report the phrases found. PICS filtering can be switched off globally.
Sun 10th March 2002 - version 2.4.0 - beta
Fixed 3 long standing memory leaks in the string handling code. Fixed a problem with URL matching not comparing the final character and so causing overblocking. Improved gcc 3 compatability (i.e. fixed some non-standard coding). Increased use of more appropriate C++ libraries rather than C libraries. Fixed a problem with overblocking banned file extensions and certain URLs. Most notably with hotmail attachments and also with pages that redirect. Also added exception URL support.
Fri 15th March 2002 - version 2.4.1 - beta
Fixed GCC3 compilation problem (hopefully) due to incorrect use of namespace. Fixed complilation problem on Solaris, OpenBSD and FreeBSD. Reduced non-C++ library usage in String class. Fixed an issue where banned IPs and users were unable to view the message saying they were banned because their web access was blocked. Fixed a bug were it reported the wrong phrases when a banned phrase combination was found. Recompiled statically linked binaries with updated zlib. The fixes a double free bug in zlib which DansGuardian uses which makes it theoretically possible for a web site to cause denial of service or even run arbitrary code. This only affects those that do not compile from source but users are advised to update their zlib and recompile if needed.
Thu 28th March 2002 - version 2.4.2 - beta
The default included PICS settings are less strict and so more useable. A bug in the zlib deflation code causing partial display of some pages has been fixed. A problem with the 'dansguardian -r' feature on FreeBSD and OpenBSD has been fixed. Added a HTML template feature where DansGuardian displays a HTML file for the access denied page which makes installation easier as no perl script or web server are needed. It also makes modifying the page much simpler. And finally the addition does not use URL encoding to pass the
information to the page so no more long nasty URLs.
Sun 26th May 2002 - version 2.4.3-2 - beta
Fixed a bug where an unused socket FD was left hanging. Fixed a bug where Netscape 6.2 users would be blocked with an 'Malformed URL' error. Fixed a bug with overblocking and file extensions. Added an installprefix option to configure so that the project can be installed to a different location, but still be coded to work without the prefix. E.g. for package contruction such as .deb. Implemented a work around to deal with broken browsers that pass invalid URLs which caused the URL filtering to not work. Slightly improved error checking on the accessdeniedaddress setting. Fixed a bug where stdin was getting closed too early. Fixed a bug with certain pages generating a reporting URL too long for the perl script to handle which caused no page at all to display. Fixed a bug which caused "THIS IS NOT HAPPENING!" messages. Fixed bug where all combination weighted phrases were given a value of zero instead of their correct value which meant they had no effect at all! How did that go undetected for so long??? Fixed bug where the combination weighted phrases were not logged as part of the weighting calculation. Added a feature where negative weighted phrases are logged with a prefix of a minus sign. Included the latest weighted phrase lists from the PornMasterGeneral. Fixed a mistake in the linux.in file that made the install prefix be ignored for the
weightedphraselist.
Sun 16th June 2002 - version 2.4.4 - pre-stable
Fixed a bug in the code logging the size of a file passing through. Implemented a work around for template file displaying with HTTPS blocked pages. Fixed a minor bug in the HTML template displaying code. Included the very latest phrase lists.
Sun 14th July 2002 - version 2.4.5 - stable
Fixed properly this time the logging bug fixed last time. A bug that might have caused random crashes with some squidGuard lists has been fixed. Problems with the pid missing a newline and having odd permissions have been solved. Stealthmode works again. This has been broken for some time.
Mon 22nd July 2002 - version 2.4.5-1 - stable
Added a hex decoder to prevent users from bypassing URL checking by hex encodint the URL string. Fixed a problem with the template display where it was adding additional newlines within the replaced fields. Included the latest phrase lists from the PMG.
Thu 25th July 2002 - version 2.4.5-2 - stable
Fixed properly this time the pid file bug fixed last time. Added a workaround for buggy browsers causing Malformed URL errors.
Wed 4th September 2002 - version DansGuardian-2.4.5-3 - stable
Fixed bug in URL matching code where it matched on a partial which should have been a complete.
Mon 23rd September 2002 - version DansGuardian-2.4.6-3 - stable
Added x-forwarded-for support for the incomming request. Slighlty improved malform URL checking. Included the latest phrase lists from the PMG. Fixed bug in reg exp code where it did not find all matches. Fixed bug in url reporting code when in transparent mode.
Thu 10th October 2002 - version DansGuardian-2.4.6-4 - stable
Fixed over allowing in exceptionsitelist due to matching just part of url. Fixed bug in socket code which was not initiating a struct properly. Fixed mistake in accept() code using size_t rather than socklen_t.
Wed 16th October 2002 - version DansGuardian-2.4.6-5 - stable
Fixed bug where a parameter being sent to accept() was not being initialised properly after an error condition.
Sat 26th October 2002 - version DansGuardian-2.4.6-6 - stable
Fixed 2 important typos in default configure files and options reading code. (Namely to do with X-Forwarded-For and a phrase list directory).
Sat 30th November 2002 - version DansGuardian-2.4.6-7 - stable
Fixed a bug with trailing '/' being added on some URLs with Mozilla. A fix for when an empty phrase list is used.
Tue 7th January 2003 - version DansGuardian-2.4.6-8 - stable
Added a test to get round a mis-feature of squid where it allows hostnames of the form host.domain..tld which bypassed the URL filtering.
Sun 20th October 2002 - version DansGuardian-2.5.0 - alpha
Added content regular expression replacement. (eg popup removal) Added foreign language support to the messages. (Comes with Spanish, Chinese, Dutch, French, German, Indonesian, Italian, Polish, Portuguese, Turkish and English). Added clean-url caching to dramatically improve performance in a classroom environment. Added support for NetBSD. Added tab delimitation log format. Dramatically improved phrase table generation speed by at least 10 times which will reduce daemon start time by half when coupled with the large URL blacklist. Added 3rd party command-line '-P' plugin option. Added '-' as the entry for a blank username like squid.
Sat 26th October 2002 - DansGuardian-2.5.1 - alpha
Fixed 2 important typos in default configure files and options reading code. (Namely to do with X-Forwarded-For and a phrase list directory). Added an improved logging support patch for logrotate.d by James A. Pattie.
Fri 8th November 2002 - DansGuardian-2.5.2 - alpha
Added Mac OS X support.
Sat 30th November 2002 - DansGuardian-2.5.3 - beta
Fixed a bug with trailing '/' being added on some URLs with Mozilla. Added feature where you can limit the file size that text documents are under before they are content filtered and content replaced. This is most useful for sites that label 640mb iso images as text. Added feature where you can now log in the squid log format for use with your favourite log analysers. Added guessing as to gcc version so should compile easier on gcc 3. Some typographical errors corrected. A fix for when an empty phrase list is used.
Tue 7th January 2003 - version DansGuardian-2.5.3-4 - pre-stable
Problems caused by an obsolete call being used have been fixed. Double free, compile warnings and configure typo fixed. Added a test to get round a mis-feature of squid where it allows hostnames of the form host.domain..tld which bypassed the URL filtering.
Mon 14th April 2003 - DansGuardian 2.6.0 - stable
Fixed URL cache bug that caused it to stop caching when not enough different URLs are used. Fixed dlopen false requirement in configure. Increased logrotate.d sleep to cope with slower machines better. Fixed bug where log ipc socket not closed on error which could cause fd resource problems. Fixed bug in sysv script so stdin is redirected to /dev/null to prevent some shell hanging. Fixed bug where when a list file had been modifed but not the main refering file, the processed file would not get recreated and a file descriptor left hanging. Fixed bug where rlim_cur was set too low causing forking problems in high loads. Fixed bug where the url passed to the cgi reporting script was not encoded enough. Fixed bug where it can check a PICS rating against the wrong service if more than one service rating is contained in the label. Minor HTTP header improvement.
Mon 12th May 2003 - DansGuardian 2.6.1 - stable
Improved file extension list. Removed RLIMIT code that seems to cause problems and is not needed anyway. Added Italian bad words.
Mon 12th May 2003 - DansGuardian 2.6.1-1 - stable
Fixed Ident case sensitivity.
Sun 6th July 2003 - DansGuardian 2.6.1-2 - stable
Fixed bugs with URL cache. Also included new Bulgarian
language files.
Mon 7th July 2003 - DansGuardian 2.6.1-3 - stable
Fixed 2 file descriptor leaks in the logging and url cache code.
Sun 31st August 2003 - DansGuardian 2.6.1-4 - stable
Typo in OBSD Makefile to do with 'install' program fixed. Fixed banned extension not being logged.
Wed 10th September 2003 - DansGuardian 2.6.1-5 - stable
Added check for '//' in URLs thus stopping the URL filter workaround.
Thu 20th November 2003 - DansGuardian 2.6.1-6 - stable
Fixed malformed URL error with a '_' in the hostname.
Wed 3rd December 2003 - DansGuardian 2.6.1-7 - stable
ICRAviolenceobjects was missing and is now added. '//' in URL paths properly checked for now.
Thu 4th December 2003 am - DansGuardian 2.6.1-8 - stable
'//' detection fixed to not give so many false positives.
Thu 4th December 2003 pm - DansGuardian 2.6.1-9 - stable
Fixed a URL filtering bypass which worked by appending a period '.' after the domain.
Thu 11th December 2003 - DansGuardian 2.6.1-10 - stable
Fixed cross site scripting vuln in dansguardian.pl. Fixed '//' detection yet again to use a further different approach due to broken sites.
Wed 24th December 2003 - DansGuardian 2.6.1-11 - stable
Made header request line tolerant to multiple spaces. Fixed broken bannedphraselist file included by default.
Wed 25th February 2004 - DansGuardian 2.6.1-12 - stable
Added check for ..\ and ../ in URLs.
Wed 14th April 2004 - DansGuardian 2.6.1-13 - stable
Fixed content filter bypass which with a specially crafted request could force an unclean page into the clean page cache. Fixed a memory allocation error in the list files which lead to 1 byte of memory potentially being overwritten.
Fri 18th April 2003 - DansGuardian 2.7.0 - alpha
Added option to do raw, smart or both phrase filtering thus optionally reducing cpu usage by half. Added ICRA vk PICS option support. Added improved internationalisation language file support. Removed bodge for UDS truncated file and replaced with a proper fix. Added WebDAV support (for Outlook Express access to Hotmail). Added forkpooling to on average half cpu usage and improve scaleability. (big feature). Descriptors 0-2 are now dup2ed to /dev/null to prevent some shell hanging. Added improved granulinarity to the content filtering limit. Added option to switch off DFA searching so full 16-bit char support is regained. Added more 16-bit char support. Added support for lower-casing accented characters. Added support for unescaping HTML content.
Sun 20th April 2003 - DansGuardian 2.7.0-1 - alpha
Removed some debug code left in by mistake.
Mon 12th May 2003 - DansGuardian 2.7.1 - alpha
Added image replacement code based on ideas from Aécio F. Neto which guesses if a banned file is an image and if so replaces it with a configurable replacement such as a 1x1 gif. Much improved the IF structure in the ConnectionHandler.cpp to make it slightly faster and a LOT more organised. Based on ideas from Aécio F. Neto again. Fixed bug in Makefile where contentregexplist would get deleted by mistake.
Fri 13th June 2003 - DansGuardian 2.7.1-1 - alpha
Fixed Ident.
Sun 6th July 2003 - DansGuardian 2.7.1-2 - alpha
Fixed bugs with URL cache. Fixed exit on HUP. Also included new Bulgarian
language files.
Mon 7th July 2003 - DansGuardian 2.7.1-3 - beta
Fixed 2 file descriptor leaks in the logging and url cache code.
Sat 12th July 2003 - DansGuardian 2.7.1-4 - beta
Fixed typos in several autoconf files. Removed redundant fcntl calls which caused problems in FBSD.
Wed 30th July 2003 - DansGuardian 2.7.2 - alpha
AD image replacing improved with mime checking as well as extension checking.
Added option to dissable pre-emptive banning which provides many benifits
such as not needing to access a clean site first before your unfiltered user
is recognised. Fixed bug where a missing '/' in the .conf caused everything
to be not filtered. Added options to specify log, pid, and uds so that
multiple instances can be run simulaneously. Previously this was only
possible with code editing an recompiling. Added support for HP-UX. Added
support for fully qualified addresses in banned and exception ip lists. Fixed
a memory leak. Added option to disable forking into the background. Added
option to disable logging process. Added option to specify the user that it
runs as to override the compile default. Added option to do a 'safe' restart
where the process leader does not send a kill to every other process. This
makes it possible to run as su safer. Added mxspanish language files.
Sun 31st August 2003 - DansGuardian 2.7.3 - alpha
HTTP port now stored in logs. Exception/banned site lists can now use .tld. Fixed banned extension not being logged. Improved whitelist mode so that domains listed in the bannedsitelist are actually allowed, however they have the normal filtering applied. URL matching fixed so that /blah no longer matches /blahfoo. Fixed broken image replacement due to debug code left in. Included an upgrading guide.
Wed 10th September 2003 - DansGuardian 2.7.3-1 - alpha
Added check for '//' in URLs thus stopping the URL filter workaround.
Sun 16th November 2003 - DansGuardian 2.7.5 - alpha
Improved URL encoding for dansguardian.pl. Added greysitelist and greyurllist to allow sites past the URL filtering but to still have the content filtering applied. Added chineasegb2312. Minor code changes. Fixed underscores in hostnames giving malformed URL. Fixed an image replacement bug. Startup speed improved by using seperate lists per each included file. Fixed '-r' restart problems not killing processes. Fixed race condition causing problems when restarting. Added a '-g' gentle restart that does not kill current connections but filter group config is re-read. Added filter group support so different filtering settings can be used for different groups of users. Added inteligent list managing so that if different filter groups use the same file they will share one copy of it. It also means it does not need to read in two copies. The list managing also caches the lists between restarts thus reducing restart speed dramatically. Added a German pornography phrase category.
Thu 20th November 2003 - DansGuardian 2.7.6 - alpha
Sub list (.Include) support fixed. Added processed file support for grey and exception URL and site lists. Fixed bug where it would not exit when there was a mistake in the f1 conf file on start up. Made non-standard redirector delimiting optional. 'dansguardian -s' now works as non-root. Generally improved errors with the -s -r -g and -q options. Ident now uses X-Forwarded-For when DansGuardian is configured to use it. Bug fixed in exceptionurllist using wrong list file. './configure --logdir' option being ignored by default fixed. OSX compiler warnings solved.
Wed 3rd December 2003 - DansGuardian 2.7.6-1 - alpha
Fixed some compile problems with a missing cerrno. ICRAviolenceobjects was missing and is now added. Exception phrases now take presidence when there is a dup. URL matching has been improved to support non-path elements better. '//' in URL paths properly checked for now. Tidied some code structure. Fixed inability to listen on privelaged ports. Fixed gentle restart segfault when a file is changed twice. Removed lots of commented out code.
Thu 4th December 2003 am - DansGuardian 2.7.6-2 - alpha
'//' detection fixed to not give so many false positives.
Thu 4th December 2003 pm - DansGuardian 2.7.6-3 - alpha
Fixed a URL filtering bypass which worked by appending a period '.' after the domain.
Thu 11th December 2003 - DansGuardian 2.7.6-4 - alpha
Fixed segfault with -N option. Fixed typo in bannedurllist. Fixed cross site scripting vuln in dansguardian.pl. Fixed error in Solaris Makefile. Fixed '//' detection yet again to use a further different approach due to broken sites.
Sun 14th December 2003 - DansGuardian 2.7.6-5 - alpha
Fixed a segfault when using gentle restart in some situations.
Wed 24th December 2003 - DansGuardian 2.7.6-6 - alpha
Made header request line tolerant to multiple spaces. Fixed preemptive banning not deactivating unless proxy auth was also enabled. Fixed broken bannedphraselist file included by default. Fixed segfault on missing config file. Removed arbitary limit on filter groups. Fixed SSL site banning when preemptive banning is switched off.
Sat 3rd January 2004 - DansGuardian 2.7.6-7 - beta
Improved detection of when a sub list file has changed for gentle restart.
Tue 3rd February 2004 - DansGuardian 2.7.7 - beta
Added a temporal denied page bypass facility.
Wed 4th February 2004 - DansGuardian 2.7.7-1 - beta
Fixed minor problem with IE and denied page.
Wed 18th February 2004 - DansGuardian 2.7.7-2 - beta
Added check for /../ in URLs to stop users bypassing part of the filtering.
Thu 19th February 2004 - DansGuardian 2.7.7-3 - beta
Fixed problem with Darwin using non-standard accept()
Wed 25th February 2004 - DansGuardian 2.7.7-4 - beta
Gentle restart now flushes the clean URL cache so changes don't appear to not work. Fixed bug where non-text URLs were getting added to the URL cache. Changed cookie bypass to use the same time code as the URL bypass so that users are not able to effectively double the time period. Fixed mistake in bypass logic which stopped exeptions from working. Changed configure to try to detect the correct path to endian.h. Dissabled bypass when post block. Added check for ..\
Fri 26th March 2004 - DansGuardian 2.7.7-5 - beta
Increased some timeouts to more reasonable values. Client IP now passed to deny script. Added feature where when a user is not found the IP is checked for in the filter group list. Added workaround for OS X bypass feature problem. Slightly improved content replacement so it can handle " characters. Included updated lists for use with urlblacklist.com. Added danish language.
Wed 14th April 2004 - DansGuardian 2.7.7-6 - beta
Fixed content filter bypass which with a specially crafted request could force an unclean page into the clean page cache. Fixed a memory allocation error in the list files which lead to 1 byte of memory potentially
being overwritten. Corrected German messages file. Fixed mistake in the hash parameter sent to the access denied perl script.
Wed 28th April 2004 - DansGuardian 2.7.7-8 - beta
Fixed grey lists not overriding regexpurl lists. Added frenchpornography phrases.
Mon 14th June 2004 - DansGuardian 2.7.7-9 - late beta
Improved sysv file for Linux. Fixed some compile issues on FreeBSD with needing more #includes. Incorporated FreeBSD Makefile changes at request of port maintainer. Fixed checking for auth required so it only matches '407 Proxy Authentication Required'. Disabled log entries for '407 Proxy Authentication Required' to prevent log poisoning (user X attempting to access a bad URL posing as user Y). Fixed issue with very small list files being ignored. Fixed crash on empty phraselists. Reinstated case sensitivity in conf files. Improved socket exception error messages. Fixed 'user@site' URLs not being filtered properly.
Fri 16th July 2004 (4am) - DansGuardian 2.7.7-10 - late beta
Fixed a typo in the FreeBSD Makefile. Added new googlesearches phrase file.
Fixed a terrible DoS bug in the file download buffering so that large binary
files with no length header but are marked as text no longer eat up all the
RAM. gzip or zlib compressed pages are now no longer sent to the client
uncompressed if they are not modified with content replacement. This is
extra good if the clients are remote to the filter as it will save bandwidth. This was a pleasant side effect of fixing the DoS bug. Updated to use zlib
1.2.1 for gzip in-memory decompression but will fail gracefully if an older
version is installed. This change was *required* to fix the DoS bug.
Slightly improved socket handling so it's a tiny bit quicker and takes up
less file descriptors. This was a result of the DoS bug fixing.
Fri 16th July 2004 (pm) - DansGuardian 2.7.7-11 - late beta
Made parameter checking more durable and less messy.
Wed 21st July 2004 - DansGuardian 2.8.0 - stable
Included zlib static building info in INSTALL file.
Wed 28th July 2004 - DansGuardian 2.8.0.1 - stable
Corrected INSTALL file. Corrected some language files. Corrected a locale issue. Corrected issue where banned extensions could be bypassed by hex encoding the file name. Fix to start script to make it more debian compatible. Moved to new numbering scheme and lower case source name as requested by package builders.
Thu 29th July 2004 - DansGuardian 2.8.0.2 - stable
Corrected missing new line in French messages file. Added include in String.cpp for Debian compile problems. Removed eronous openssl part in configure script. More INSTALL file improvements. Added some more domains to default exception lists.
Fri 10th September 2004 - DansGuardian 2.8.0.3 - stable
Corrected log configuration logic for running with a seperate log daemon. Corrected hard-coded /usr/lib which causes problems on 64-bit systems. Corrected mistake introduced by a 3rd party submitted patch which caused the entire set of config files to be loaded and processed even on a soft restart. Corrected potential unsafe permissions on the log dir. Updated Big5 language file.
Sun 20th February 2005 - DansGuardian 2.8.0.4 - stable
Corrections to Brazillian messages in Portuguese. Updates to Lithuanian
messages. Updates to INSTALL file to stop confusing debian users. Fixed libz
problem in Makefile for OSX. Fixed long standing bug where when it sigtermed
with a -q it killed itself rather than exiting gracefully. Fix to long
standing bug in HTTP header handling causing possible problems with
non-browser HTTP clients. Minor improvement to HTTP header sending. Updated
HTTP header to handle RFC compliant but abnormal requests. Fixed long
standing bug where a -r restart would not cause the users groups file to be
re-read correctly so users who were changed group would not always be
detected. This bug could also cause users to appear to be in the wrong group
sometimes.
Tue 9th August 2005 - DansGuardian 2.8.0.5 - stable
Fixed not being able to regexp content replace with a blank. Fixed long standing bug with processed list files which now makes startup several times faster if you are using multiple filter groups. Added a nocache directive to the HTML template display header. Added Slovak language files. Removed german2 language files. Added option so bypass hash could be enabled but no valid hash presented so external auth mechanisms can be used with the bypass feature. Removed deleting of log ipc file on -r restart. Added lots of phraselists thanks to Fernand Jonker. Added fix so it should compile on Fedore Core 4 and other GCC4 distros. Corrected TEMPLATE spelling error. Filter groups now limited to 99 not 9. Updated proxy testing error message.
Sun 14th August 2005 - DansGuardian 2.8.0.6 - stable
More phrase and other list mods. Increased IPC buffers to solve problems with long log lines and URLs.
Wed 19th October 2005 - DansGuardian 2.9.0.1 - alpha and feature incomplete
Designed from scratch easily pluginable download management system which works with the... Designed from scratch content scanner system with a simple plugin system which makes it easy to write new content scanners such as the included AV. It can also chain multiple scanners so you could use more than one AV engine for example. Other nice things include in-memory scanning if the plugin supports it saving writing to disk. Download manager is compatible with WGET and software updates and will switch to a fancier version with percent graph when used with a browser. Download manager is secure as each download is keyed to the original downloader. No dependance on libtool or pkg-config unlike the original 2.9 AV version. Added time/day controls support for lists. Added category support so when it says banned site it says what category. General speed and code improvements. New code style guide produced. Code is now in the new style. Ported to automake and autoconf for a more standard and logical code maintanence. Developer documentation is now provided online to describe the code better. Regular expression content replacement is improved so back references work so browser vulnerabilites can usually be automagically removed. Added URL regular expression replacement so you can force safe search in google or redirect people to a different site. Long log lines are now inteligently truncated. Port < 1024 can be used. Multiple command line options are now possible. The compile options are displayed with a -v. Anonimised logs option for countries with strict privacy laws like Germany. Added a -Q option which allows a restart and a full config change for example. Added regular expression exception URLs. Added the ability to listen on N IPs rather than 1 or all. The latest phrase lists from Fernand (phrase maintainer).
Mon 24th October 2005 - DansGuardian 2.9.1.0 - alpha and feature incomplete
Added Deep URL analysis. Added Advanced advert blocking, including an option not to log advert blocks (DG now includes advert domain/URL lists from squidGuard, with added categorisation, to demonstrate this feature). Added Korean PICS support. Added new phrase filtering mode: looks only at contents of title & meta tags. Added case insensitive detection of headers retrieved from webservers which don't obey standards. PCRE support is now optional at configure time (--with-pcre; disabled by default). dansguardian.org removed from exceptionsitelist, and a rule added to bannedregexpurllist, to prevent accidental access to the DG sample virus repository. Firefox DoS fix in contentregexplist (commented out by default to conserve CPU). Fixed Grey URL list checking scans greyurllist, not bannedurllist. Fixed support for matching multiple URLs which differ only by a suffix. Fixed ClamD/KavD so they now run as both the same user & group as DG an successfully access temp files.
Tue 8th November 2005 - DansGuardian 2.9.2.0 - alpha and feature incomplete
Filter groups now define a "filtering mode": banneduserlist and
exceptionuserlist support have been removed, and replaced with the
concept of a user being a member of a group which is in banned/filtered/unfiltered mode. Added plugin-based authentication system - proxy and identd auth methods are now provided as plugins. Added auth by IP plugin - maps individual IPs, IP ranges & subnets to filter groups. Download managers support optional extension/mimetype inclusion lists, for additional limiting of which requests get handled by a given manager. Fancy download manager supports HTML templates. Added client hostname display for banned pages (new placeholder available for HTML templates; new parameter for CGI). Page weights are now explicitly logged against all filtered requests (not just as part of the "reason" string on weighted phrase banned requests). Now includes a lot of example content and URL regexps. Now includes latest phrase lists. Fixed PICS enable/disable option fixed (PICS now disabled by default). Fixed filter bypass links cannot bypass the blocking of files virus scanned and found to be infected: you can now only download known infected files by being a member of an exception filter group (if contentscanexceptions is disabled), or by being in a group with disablecontentscan set. Fixed improved extension detection for downloads from CGI scripts - fewer downloads can now slip through the net. Fixed exceptionvirusmimetypelist support (i.e. it now works). Fixed improved behaviour of logclienthostnames option Fixed configure script checks that the installed PCRE version is recent enough, if building with PCRE support.
Tue 6th December 2005 - DansGuardian 2.9.3.0 - alpha and approaching feature complete
Added NTLM Auth support. IP Auth plugin now supports X-Forwarded-For
headers. Added Persistent connection support to allow pass through of a
number of protocols like NTLM and others that break without persistent
connections. It also should improve performance. Added better support for
filter/infection bypass mode "-1" setting. Added configurable category list
thresholding where you can configure it to only show the top phrase
categories matched. Performance enhancements to phrase filtering. Added
infection bypass mode (with optionally only allow on scan error). Multiple
auth plugins now allowed. Embedded URL (links, images) extraction &
weighting to allow sites with lots of links to banned domains to be more
likely to be denied. Now marks content & URL modifications in the logs. Added
Hungarian & Portuguese Brazilian language files. Fixed URL regular
expression search & replace. Fixed hexdecodecontent handling of a page's
last few bytes. Fix for empty pages with gzip & zlib encoding. Fixed
content-length header for pages with content modifications.
Fri 16th December 2005 - DansGuardian 2.9.3.1 - alpha
Fixed x-forwarded-for support in Auth by IP plugin. NTLM plugin now compiles on FreeBSD. Can now log in using NTLM when browsing HTTPS sites. Fixed mis-authentication with downstream proxies. Fixed log all usernames, even those not in the filtergroupslist. NTLM plugin handles UTF-16 usernames. Improved child process responsiveness when using tunnels.
Wed 21st December 2005 - DansGuardian 2.9.3.2 - alpha
Adds logging of upstream proxy return code & user's filter group number. Fixes/improvements to configure script (FreeBSD users: try
'--with-libiconv=/usr/local')
Wed 25th January 2006 - DansGuardian 2.9.4.0 - alpha
NTLM and proxy auth plugins renamed to "proxy-ntlm" and "proxy-basic". Fixed child process failure after -g. Changed clamav's memory scanning method (uses more reliable parts of Clam API; both clamav and clamdscan should now detect the same viruses)
- Unfortunately the new method does involve saving to file first;
however, you can use POSIX shared memory on supported platforms, or
specify a ramfs/tmpfs location, with a fallback to using the standard
filecachedir. Also, the temp directory used internally by libclamav can be configured. zlib can optionally be statically linked. Improved handling of HEAD requests and HTTP redirects. Improved error logging in clamav & clamdscan. clamdscan now issues "SCAN" command instead of "CONTSCAN" (stops
scanning after the first error/virus is found). kavdscan can handle archive files containing multiple viruses (patch submitted by littlecahya). More verbose output in debug mode. Improved default & fancy download managers handling of files larger than maxcontentfiltersize (or maxcontentfilecachescansize). Filter groups can be named. Only load filter group 1's settings if no auth plugins are loaded. Changed -FILTERGROUP- placeholder to return group name. Added -RAWFILTERGROUP- placeholder for retrieving group number. Added -SERVERIP- placeholder; returns the IP on which the filter is running (returns correct address if using multiple filterip options; returns 0.0.0.0 if filterip is blank). URL cache now stores the group(s) for which a URL is clean, in addition to URLs themselves (cannot access a page with a score beyond
your naughtiness limit if someone in a group with higher limit/different
phrases has previously accessed it). Fixed child process crashes when using maxips option, and add logging of IP usage statistics (new statlocation option)
Thu 2nd February 2006 - DansGuardian 2.9.5.0 - alpha
Auth by IP plugin works without PCRE. When using auth by IP, credentials are cached for the lifetime of a persistent connection, instead of querying the plugin for every request
(unless usexforwarded for is enabled). Added blanket SSL block (**s) and blanket SSL IP block (*ips). All usernames show up as lowercase in the logs. Auth plugins get reloaded on -g (allows changes to IP plugin's.
ipgroups file to take effect as well as changes to the filtergroupslist). Added allow per-group override of reportinglevel (hence per-group choice
between HTML template & external access denied address). Fixed a few memory leaks & some minor memory corruption.
Mon 20th February 2006 - DansGuardian 2.9.6.0 - alpha
"Ident" auth plugin supports usexforwardedfor when determining client
IPs. Range checking on filtergroup returned from auth plugins (pointed out
by Babin-Ebell), Auth by IP plugin ignores entries in ipgroups which specify an out-of-range filtergroup, and prints warning messages when it encounters
them. Fixed "SafeNetalcoholtobacco" typo in PICS settings file. Changed handling of POST uploads; large files should no longer cause
timeouts. There are now default managed extension/MIME type lists under.
"/etc/dansguardian/lists/downloadmanagers", and the latter is enabled by
default in the fancy download manager's config file. Babin-Ebell.
- Optional blanket download blocking, with new exception MIME and
extension lists for overriding the block (existing banned MIME &
extension lists not used in this mode - everything not excepted is
banned). New "exceptionfilesites" list, for defining domains which are not
subject to filtering by MIME type or extension, i.e. trusted download
sites. Log format changes: IP and hostname are both logged (instead of using
one field for either); group name & number are now separate fields. Connections are correctly closed after being sent a download link from
the fancy download manager.
Fri 3rd March 2006 - DansGuardian 2.9.6.1 - alpha
Improvements/fixes to filter group range checking (auth by IP plugin
usable again - sorry!). URL cache sorting & searching fixed. Workaround for clients that send lowercase "host:" headers. Workaround for certain types of Squid-unfriendly request (allows more
clients to work with DG+Squid used as a transparent proxy). Updated Turkish language files (Ozgur Karatas). Confusing "--with-libiconv=yes" configure option removed; iconv check now looks for library in standard search path automatically if a platform-native iconv function is not found. Iconv library check looks for both "iconv" and "libiconv" functions - should help OS X 10.3 users. Time limits are applied hierarchically to included list files, as has
been the intention for a while now (obviously the feature is not widely
used :P). Case-insensitive handling of HTTP headers (Nerijus Baliunas)
Mon 3rd April 2006 - DansGuardian 2.9.6.2 - alpha
NTLM username strings are correctly terminated after conversion from
UTF-16LE.
Spelling mistake fixed in ukenglish template.html.
Fixed "-c" option (Jason Gauthier).
Slightly tweaked handling of exception CONNECT (HTTPS) requests -
should help those with IE & SSL problems.
Tweaked detection of persistent connections (HTTP 1.1 requests are
assumed persistent unless marked otherwise, as per standards).
Buffered network input in BaseSocket::getLine (fewer system calls
during HTTP header retrieval).
Optional logging of child process handling operations
(logchildprocesshandling).
Conditional installation of contentscanners, lists/contentscanners and
lists/downloadmanagers directories.
Fancy DM has managedextensionlist enabled by default, not
managedmimetypelist.
Mon 8th May 2006 - DansGuardian 2.9.7.0 - alpha
Added -SERVERIP- placeholder in fancy DM template.
icapscan compatibility greatly enhanced (known working with servers from
Symantec, Dr. Web, Trend Micro, AVIRA and Kaspersky ICAP {unreleased}).
ListContainer and HTTPHeader performance enhancements.
"pathprefix" option in clamdscan & kavdscan, for compatibility with
daemons inside chroot jails.
Auth by IP plugin correctly ignores blank lines in the ipgroups file.
"reportinglevel = -1" is now allowed in filter group config files.
Time-limited regular expression lists (not fully hierarchic, just checks
top-level file and file containing the current expression).
Don't log garbage when logclienthostnames is enabled and a client IP has
no DNS record.
Read in maxcontentfilecachescansize option correctly.
Delete temp files after sending when a partially downloaded file becomes
too big to scan (default DM).
Safe handling of files larger than maxcontentfilecachescansize in the
fancy DM (new "maxdownloadsize" option in fancy.conf).
Email notification of blocked pages/viruses (--enable-email compile
option, various new configuration options; patch by J. Gauthier).
Direct tunnelling of traffic from exception sites (that are excepted
from both filtering and virus scanning).
Various other bugfixes & build tweaks.
Includes the latest updated phrase lists.
Thu 8th June 2006 - DansGuardian 2.9.7.1 - alpha
Don't phrase filter non-text content when AV is enabled.
Free up unused memory after loading phrase lists.
Corrections to persistent connection detection.
Moved looking up of client hostnames for logging back into
ConnectionHandler, to remove potential bottleneck introduced in last
version.
Don't convert regular expressions to lowercase when reading in from
list files! (Big difference in meaning between e.g. \W and \w).
Fixed memory leak in ipToHostname.
Fri 28th July 2006 - DansGuardian 2.9.7.2 - alpha
Handle more simultaneous phraselist character encodings (help
alleviate the infamous "more than 60 links from this node" error).
Fixed POST upload problems with NTLM.
Nicer error messages when phrase tree cannot be built (human-readable
version of "more than 60 links from this node").
Correctly parse ICAP URLs without explicit port numbers.
Thu 3rd August 2006 - DansGuardian 2.9.7.3 - alpha
Complete URL unescaping during deep URL analysis.
Fixed more minor memory leaks.
Stricter adherence to target throughput in FDTunnel.
"Graceful" socket closing.
Fixed (some?) IE POST problems (hopefully).
Tue 8th August 2006 - DansGuardian 2.9.7.4 - alpha
Updated Dutch translations.
Tweaks which may or may not fix cpu load issues. (it did)
Added a work around for IE bug randomly dropping file extensions of files that are scanned.
Wed 9th August 2006 - DansGuardian 2.9.7.5 - alpha
Fixes a logic error with persistent authentication, i.e. NTLM
(and ident by IP when not obeying x-forwarded-for headers). POST upload
blocking didn't work because it is skipped for unauthenticated users,
and persistent authentication methods weren't setting the authenticated
flag for every request.
Mon 25th September 2006 - DansGuardian 2.9.8.0 - beta
Command-line content scanner.
"Trickle" download manager.
New "#noconvert" instruction in phraselists to prevent case conversion
(aid support for exotic character encodings).
New valid value for "preservecase" to scan pages once with case
preserved, and once without (aid support for exotic character encodings).
OpenBSD fixes, with thanks to Soner Tari.
Fri 8th December 2006 - DansGuardian 2.9.8.1 - beta
Pre-emptive blocking re-introduced, but for authed users only (don't
retrieve anything, even headers, from banned sites/URLs; helps defeat
trackers).
Build option to record a backtrace on segmentation fault
("--enable-segv-backtrace").
Rudimentary performance testing options (add -D__BENCHMARK to your
CXXFLAGS when compiling to make some extra command-line options
available; content to be tested is read in on standard input).
Syslog logging support.
Performance increase for weightedphrasemode 2.
Reduce some ListContainer code duplication.
FAQ and plugin documents added, see doc subdirectory.
Mon 22nd January 2007 - DansGuardian 2.9.8.2 - beta
"managedmimetypelist" and "managedextensionlist" made into an
either/or match, instead of both.
Handle single dots on the end of domain names (e.g.
"http://www.cnn.com./").
Typo fixes to a few error messages and config files.
Allow WebDAV/OWA to work.
Fix a bug in the phrase filtering that was introduced along with the
enhanced character encoding support.
Add a little more info to error messages generated by failure to
connect to the URL cache, as some people seem to be having trouble with
it.
Tue 27th March 2007 - DansGuardian 2.9.8.5 - beta
Fix behaviour of maxcontent* settings when set to zero ("cascading"
values).
Don't allow daemon to start with maxcontent* settings all zero.
Tweak config. validation to better check for allowed values.
Fix memory corruption/leaks in PICS and ClamAV (not ClamD) code.
Protect against more types of IP obfuscation.
Minor cleanups in string class.
Add contributed Japanese messages & template.html.
Add contributed YaST-specific info to supplied init script.
Compatible with ClamAV 0.90.
Fix pre-emptive blocking for unrecognised users when the auth
plugin(s) in use don't rely on the parent proxy (ident, ip).
Fixed suggested file paths for using squidGuard/URLBlacklist list sets.
Mon 13th August 2007 - DansGuardian 2.9.9.0 - beta
Fix settings validation to allow maxcontentfiltersize to be set to 0.
Tidy up option data types (hexdecodecontent, forcequicksearch and
usecustombannedimage are now "on"/"off" instead of 1/0).
Tweak exception logging (logexceptionhits now has 3 supported values).
Improved pre-emptive blocking for HTTPS requests.
Altered blanket block implementation to also allow blanket exception &
grey domain/URL list matching (eg you can have allow everything).
Added exceptionfileurllist in addition to exceptionfilesitelist.
Added outgoing HTTP header blocking & modification.
Added optional domain and URL lists for categorisation without blocking.
Enabled TCP_NODELAY on all TCP sockets to work around a
performance hit with persistent connections.
Improved phrase loading code to allow null bytes in phrases. Should
allow for support of phrases in encodings such as UTF-16.
Fri 24th August 2007 - DansGuardian 2.9.9.1 - beta
Fix for transparent proxying.
Fixed missing list and language files omitted from previous release.
Thu 13th December 2007 - DansGuardian 2.9.9.2 - beta
Fixed a few memory leaks, including a fairly large one in the String
class.
Attempt to allocate less memory when reading in phrase lists (start
small, and resize the block if needed).
Check for out-of-memory conditions when loading phrase lists, as this
was a common cause of segfaults on soft restart on systems with low free
memory (daemon will still die, but a bit more gracefully).
Re-worked phrase filtering: fix occurrence counting for combination
phrases, and possible performance improvements in weightedphrasemode 2.
Digest auth support (based on contributions by Darryl Sutherland).
uclibc compatibility patch from Gentoo Linux.
Example of headerregexplist usage: force filtering on Windows Live
Search by cookie modification.
Contributed updates to some of the language templates.
Miscellaneous other bug fixes, applications of const correctness, etc.
Web 27th February 2008 - DansGuardian 2.9.9.3 - beta
Large file (2GB+) download & scanning support. Updated German block page
template from Peter Vollmar. Small fix to phrase matching to allow it
to match the full 0-255 range for each byte, improving foreign language filtering.
Fix for incorrect interpretation of URLs containing colons in list
files (long standing but rare bug; could cause memory corruption and
match failures).
More documentation added to the installation (not new content, but
docs that were previously only in the source tarball now get installed).
Tue 29th April 2008 - DansGuardian 2.9.9.4 - beta
Replaced quicksort with std::sort when loading in site & URL lists -
should behave better with pre-sorted input.
Switch back to original compressed data before sending content to
clients, if the decompressed data is found to be zero length (i.e. just
compression headers).
Change file blocking logic; exceptionextensionlist and
exceptionmimetypelist are now always loaded, and can override the banned
lists (much more similar to URL/domain blocking).
ClamAV plugin updated to work with 0.93-style unpacking limits (only;
no support for 0.92.1 or earlier).
Mon 9th June 2008 - DansGuardian 2.9.9.5 - do-we-still-call-it-beta
IP range & subnet support in banned & exception IP lists.
Honour "--with-sysconfsubdir" setting when installing config. files.
Code clean-ups: remove some unused function arguments, and eliminate compiler warnings from checks enabled by default in recent versions of GCC.
New contributed Polish pornography and "good" weighted phrases.
Wed 13th August 2008 - DansGuardian 2.9.9.6 - stable-surely
Build system clean-ups: Use pkg-config to detect PCRE and ClamAV, not pcre-config and
clamav-config. Please note that this means DG now depends on
pkg-config. Remove platform.h.in and use preprocessor symbols from dgconfig.h
directly. Define preprocessor symbols corresponding to directory names using
CXXFLAGS in the makefile, not platform.h, as the latter is no longer
processed by the autotools. Remove checks in configure script for functions not actually called by
the code. Remove a lot of obsolescent tests from the configure script, and get
rid of platform.h completely as a result. Improvements/bugfixes: Fix an off-by-one error in NaughtyFilter which could result in phrase
matching code looking at an uninitialised byte during filtering. Allow regular expression comments with PCRE. Fix a child process handling error which would cause DG to become
unresponsive if restarted then soft-restarted in quick succession.
Mon 18th August 2008 - DansGuardian 2.9.9.7 - stable-surely
Fixed problem with PID file creation when pidfilename is not
explicitly given in the config.
Thu 11th September 2008 - DansGuardian 2.9.9.8
Assume that content with no Content-Type header is HTML, so that it
doesn't bypass the phrase filter.
Fix some incorrect usage of integer types in ListManager and
ListContainer which can lead to crashes in some rare cases.
Escape certain characters in URLs when displaying the HTML template to
prevent XSS.
Don't add responses other than "200 OK" to the clean URL cache.
Wed 8th October 2008 - DansGuardian 2.10 - STABLE!
Fixed handling of content with no MIME type: it will be phrase filtered,
but no Content-Type header will be inserted into the response, so a
browser's own automatic type detection doesn't get interfered with.
Fixed a performance issue with CONNECT requests being incorrectly marked
s persistent, identified by Jason Deasi.
Updated the man page (Jens Wilke) and French messages file (Jeanuel).
Clarifications to some of the included documents (INSTALL, UPGRADING).
Considered stable (future planned changes are fairly wide reaching, so
work will continue in a new series of beta releases).
Tue 21st October 2008 - DansGuardian 2.10.0.1 - stable
Improve malformed URL detection (dc2008.de no longer incorrectly
classed as malformed).
Improve persistent connection detection, correcting some situations in
which DG would return a blank page to browsers.
Updated "proxies" weighted phrase list.
Updated Chinese Big-5 messages file from Vicente Chua.
Wed 26th November 2008 - DansGuardian 2.10.0.2 - stable
Fix persistent connection detection to resolve issues with HTTP 1.1
browsers (Firefox), NTLM authentication and HTTPS websites.
Change supported syntax for blocking HTTPS site access by IP to match
that documented in the default bannedsitelist (use "*ips", as
documented, NOT "**ips").
Wed 21st January 2009 - DansGuardian 2.10.0.3 - stable
uClibc++ compilation patch from Natanael Copa.
Fix crash on exit when running out of memory during phrase tree
preparation, from Victor Stinner.
Clean up destructors for various objects, removing code duplication
with reset() methods.
Compilation fixes from Jeffrey A. Young.
Better handling of whitespace (tab characters) in configuration files.
Fix HTTPS access for unauthenticated users when using basic or NTLM
authentication plugins.
Reload list files on soft restart if cached (".processed") files have
been updated directly, from Harry Mason.
Chop carriage return off useragent strings when "loguseragent" is
enabled.
Don't force contents of dansguardianf*.conf files to lower-case on
loading, so as not to destroy the case of group names.
Make temporary bypass cookies valid for subdomains of the original
bypassed domain, including stripping "www.".
Fri 5th June 2009 - DansGuardian 2.10.1.1 - stable
Add "originalip" option to dansguardian.conf, for determining
the original destination IP in transparent proxy set-ups, and
ensuring that the destination domain of the request resolves to
that IP. This can help to address a particular transparent
proxy security vulnerability (US-CERT VU#435052), but because of
certain limitations - only implemented on Linux/Netfilter;
potential breakage of websites using round-robin DNS - the code
is not enabled by default. Enable by passing "--enable-orig-ip"
to the configure script.
Fix a crash which could occur when dealing with simultaneous
incoming connections in configurations using more than one
listening socket.
Fix a crash when checking time limits on item lists.
Fix potential usage of uninitialised memory during phrase
filtering.
Page last modified: 05 June 2009 12:57:06
| 
© 2001-2010 Daniel Barron
