diff --git a/ChangeLog b/ChangeLog index 91d07f5..a7139a7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,17 +1,17 @@ -10/01/2021 Oleg Moskalenko Mihály Mészáros -Version 4.5.3 'dan Eider': +13/09/2022 Oleg Moskalenko Mihály Mészáros Gustavo Garcia Pavel Punsky +Version 4.6.0 'Gorst': - merge PR #967 (eakraly) - * fix small issues reported by cppcheck + * fix small issues reported by cppcheck - merge PR #974 (eakraly) - * fix long log line printing + * fix long log line printing - merge PR #973 (eakraly) - * Print turnserver version with --version + * Print turnserver version with --version - merge PR #972 (eakraly) * do not write outside of a buffer in admin interface - merge PR #970 (eakraly) - * fix uclient certificate loading bug + * fix uclient certificate loading bug - merge PR #971 (eakraly) - * fix duplicate TCP flag in run_tests.sh script + * fix duplicate TCP flag in run_tests.sh script - merge PR #962 (huhaipeng) * fix turn session leak - merge PR #963 (eakraly) @@ -25,7 +25,7 @@ Version 4.5.3 'dan Eider': - merge PR #942 (eakraly) * Disable SSL renegotiation - merge PR #792 (yfaker) - * Fix user quota release #786 + * Fix user quota release #786 - merge PR #829 (fancycode) * add more info to redis allocation status - merge PR #938 (eakraly) @@ -47,11 +47,11 @@ Version 4.5.3 'dan Eider': - merge PR #869 (micmac1) * don't link in libintl - merge PR #895 (alexnedo) - * fix access to freed memory + * fix access to freed memory - merge PR #919 (sysvinit) * configurable prom username labels - merge PR #840 (sysvinit) - * configurable prometheus listener port + * configurable prometheus listener port - merge PR #870 (micmac1) * fix build mariadb connector - merge PR #851 (freedomben) @@ -112,7 +112,7 @@ Version 4.5.2 'dan Eider': - merge PR #643 (by tupelo-schneck) * Allow RFC6062 TCP relay data to look like TLS - merge PR #655 (by plinss) - * Add support for proxy protocol V1 + * Add support for proxy protocol V1 - merge PR #618 (by Paul Wayper) * Print full date and time in logs * Add new options: "new-log-timestamp" and "new-log-timestamp-format" @@ -249,25 +249,25 @@ Version 4.5.1.1 'dan Eider': 24/11/2018 Oleg Moskalenko Mihály Mészáros Version 4.5.1.0 'dan Eider': - Consider to change config file after upgrade, because it contains some + Consider to change config file after upgrade, because it contains some not backward compatible breaking changes !! - - Security fixes + - Security fixes Many thanks to Nicolas Edet (Cisco) !! who reported all of the following issues: * DB/SQL injection in stun realm. Fix: add extra string validation. - * DB/SQL injection in web-admin interface lack of admin user validation. + * DB/SQL injection in web-admin interface lack of admin user validation. Fix: add extra string validation. - * Fix for earlier unsafe default settings: + * Fix for earlier unsafe default settings: o HTTPS administrator interface should be disabled by default It could be enbled with "web-admin" option. - o Default configuration allowed earlier forwarding traffic + o Default configuration allowed earlier forwarding traffic from an external interface to loopback interface. Now it has been changed and option name is also changed! !!BREAKING change!! Don't forget to change config!! "no-loopback-peers" replaced by "allow-loopback-peers" - o Unauthenticated telnet admin interface runs on the + o Unauthenticated telnet admin interface runs on the loopback interface, which can be accessed by exploiting the loopback relay that was enabled by default. * Add username string sanity check on web admin interface to @@ -281,7 +281,7 @@ Version 4.5.1.0 'dan Eider': * Add new option "web-admin-ip" to set listener ip. By default (127.0.0.1) * Add new option "web-admin-port" to set webadmin listen port - * Add new option "web-admin-listen-on-workers" to change back to earlier + * Add new option "web-admin-listen-on-workers" to change back to earlier behaviour and listen web admin on all worker processes and ports. - Not allow to start server if "allow-loopback-peers" set without "cli-password" @@ -315,7 +315,7 @@ Version 4.5.0.8 'dan Eider': - Add a Warning if lines in config file ends with semicolon (by heyheyjc) - Fix --prod pointer bug - Fix auth server thread detach race (by weishuyin) - - New Feature: Add -K --keep-address-family + - New Feature: Add -K --keep-address-family Be aware if you enable it, then it breaks rfc6156 section 4.2 (default IPv4 family fallback) - Fix dtls double free crash - Fix compilation errors and warnings (by Oleg) @@ -323,7 +323,7 @@ Version 4.5.0.8 'dan Eider': 12/10/2017 Oleg Moskalenko Version 4.5.0.7 'dan Eider': - Misc security improvements. - + 10/17/2016 Oleg Moskalenko Version 4.5.0.6 'dan Eider': - Typos in the text fixed. @@ -338,7 +338,7 @@ Version 4.5.0.5 'dan Eider': - Typos in the text fixed. - LibreSSL compatibility fixed. - "read_timeout" option support for MySQL. - - new NAT behavior discovery utilty. + - new NAT behavior discovery utilty. - new OAuth access_token encrypt/decrypt utilty. - improved configurability: added parameters for allocate, channel and permission lifetimes (by Richard Garnier). @@ -377,7 +377,7 @@ Version 4.5.0.1 'dan Eider': - SIGHUP handler fixed; - error message logging improved; - mongo test db files fixed. - + 7/18/2015 Oleg Moskalenko Version 4.4.5.4 'Ardee West': - moved to github. @@ -387,7 +387,7 @@ Version 4.4.5.3 'Ardee West': - third-party authorization STUN attributes adjusted according to the values assigned by IANA. - SQL injection security hole fixed. - + 5/29/2015 Oleg Moskalenko Version 4.4.5.2 'Ardee West': - dual allocation adjusted according to the new TURN-bis draft; @@ -397,7 +397,7 @@ Version 4.4.5.2 'Ardee West': - C++ compilation fixes; - cosmetic fixes; - fixed binary package for CentOS 7.1; - - support for older SQLite versions added; + - support for older SQLite versions added; - compilation support for older CentOS release 5.x added; - Issue 11 fixed; - Issue 12 fixed. @@ -405,7 +405,7 @@ Version 4.4.5.2 'Ardee West': 3/31/2015 Oleg Moskalenko Version 4.4.4.2 'Ardee West': - SCTP fixes; - + 3/15/2015 Oleg Moskalenko Version 4.4.4.1 'Ardee West': - 'native' SCTP support (experimental); @@ -419,20 +419,20 @@ Version 4.4.2.3 'Ardee West': for the sake of the bandwidth control; - higher bandwidth limit capacity on 64 bits systems; - redis operations with the realm options fixed; - + 2/18/2015 Oleg Moskalenko Version 4.4.2.2 'Ardee West': - admin_user table schema fixed; - REST API docs fixed; - Amazon AWS uses syslog; - + 2/3/2015 Oleg Moskalenko Version 4.4.2.1 'Ardee West': - (HMAC-)SHA-512 and -384 algorithms added; - TOS (DiffServer) and TTL IP header field handling fixed; - updates according to the new third-party-auth draft (oauth); - peer logging added; - + 2/1/2015 Oleg Moskalenko Version 4.4.1.2 'Ardee West': - SSODA updates according to turnbis specs; @@ -468,17 +468,17 @@ Version 4.3.1.3 'Tolomei': - HTTP/HTTPS echo fixed. - External address mapping fixes for Amazon EC2. - Minor docs improvements. - + 11/23/2014 Oleg Moskalenko Version 4.3.1.2 'Tolomei': - Debian package fixes. - + 11/22/2014 Oleg Moskalenko Version 4.3.1.1 'Tolomei': - SQLite supported as the default user database. - Support of the flat-file user database removed. - TLS connection procedure improved in uclient test program. - + 11/07/2014 Oleg Moskalenko Version 4.2.3.1 'Monza': - Request re-transmission implemented in uclient test program. @@ -512,20 +512,20 @@ Version 4.2.1.2 'Monza': - Bandwidth allocation fixed. - Memory code cleaning. - Logging fixed. - + 08/14/2014 Oleg Moskalenko Version 4.1.2.1 'Vitari': - - The origin attribute is verified in the subsequent + - The origin attribute is verified in the subsequent session messages (server flag --check-origin-consistency). - MySQL SSL connection support. - Crash fixed when the DB connection string is incorrect. - Minor docs fixes. - + 07/29/2014 Oleg Moskalenko Version 4.1.1.1 'Vitari': - Forceful server-side session cancellation implemented (in telnet console). - + 07/22/2014 Oleg Moskalenko Version 4.1.0.2 'Vitari': - SSODA (double allocation) draft support added. @@ -556,7 +556,7 @@ Version 4.0.1.2 'Severard': 05/18/2014 Oleg Moskalenko Version 4.0.0.2 'Threetrees': - Code cleaning. - + 05/07/2014 Oleg Moskalenko Version 4.0.0.1 'Threetrees': - Kernel channel placeholder definitions. @@ -921,7 +921,7 @@ Version 2.6.1.1 'Harding Grim': * Classic STUN attribute ERROR fixed (Issue 49). * Unused RFC 5780 functionality removed from TCP, TLS and DTLS relays. * resources optimization for stun-only: short connection expiration time. - + 07/26/2013 Oleg Moskalenko , Vladimir Tsanev Version 2.5.2.1 'Shivers': @@ -1147,7 +1147,7 @@ Version 1.8.1.3 'Black Dow': - Maintenance (docs, etc). - Added partial support for Cygwin. Only TCP & TLS protocols are support for client-to-server communications (as in RFC 5766 and - RFC 6062). UDP supported only for relay communications. DTLS is not + RFC 6062). UDP supported only for relay communications. DTLS is not supported at all. The problem is in Winsock UDP sockets implementation. 04/11/2013 Oleg Moskalenko @@ -1215,7 +1215,7 @@ Version 1.8.0.1 'Black Dow': Version 1.8.0.0 'Black Dow': - Short-term credentials mechanism implemented. - + 04/2/2013 Oleg Moskalenko Version 1.7.3.1 'Superior Glokta':