1.5 Release Notes
Release: 4.1 Build: 3498
Thursday 8th April, 2013
Issues Addressed
- Adding a user to a group through the admin console no longer forces a
password change for the user. Password changes can now be made after ticking the new 'Reset User Password' checkbox on the users' edit screen. (NA-5791)
- We've fixed an issue where multiple processes could use the same prevayler,
a situation that could lead to the loss of journal data, which might have
resulted in a loss of sync in the Access Control system databases.
(NA-5682, NA-5732)
- We've fixed an issue in the talkback script which could cause inconsistencies in the Access Control database and lead to loss of information such as Users or Teams on the node where it was used, specifically where the 'backup' function is invoked. (NA-5795)
- Additionally, we've fixed an error when running the talkback script on a Windows machine. (NA-5695)
- It's no longer possible to enter a broken regex value (|*./) in team rules. (NA-5659)
- We've fixed an issue where password changes could be initiated without having to confirm the new password. (NA-5130)
- When importing users with the system-wide case insensitive flag set all users will now be converted to lowercase. (NA-5708)
- Sorting users in the 'List Users' screen now behaves as expected (NA-5169)
Release: 4.1 Build: 1847
Thursday 4th October, 2012
Issues Addressed
- We've addressed an issue with LDAP caused by entering invalid bind user
details. (NA-4998)
- A problem with admin login to LDAP has been fixed. The LDAP location of the
admin users group needed to be specified. (NA-4873)
- An issue which caused problems with serf clients being used with Access
Control has been fixed. (NA-4880)
- An issue with importing users from invalid *.csv files has been addressed. A
detailed error message is now displayed. (NA-4927)
- The ability to remove a user via the RESTful API has been added. (NA-5002)
- An issue with importing a 4.0 Access Control (and earlier) backup into 4.1
Access Control that contains more users than the licence key allows has been
fixed. (NA-4865)
- A problem with upgrading Access Control where repositories were not re-added
has been fixed. (NA-4997)
- Users of IE8 would occasionally see errors of the form:
"javascript error message 'Object doesn't support this property or method'".
The error only occurred on certain pages and the page still rendered
correctly. This error has been addressed. (NA-4937)
- A problem with changing LDAP Settings, which changes User Membership but not
Team Membership, causing LDAP Sync to break has been fixed. (NA-5068)
- An issue with the ability to set the Authentication Realm name on a
per-repository basis has been fixed. This was in relation to Jenkins for CI.
(NA-5066)
- A problem with the Cancel button on the Manage LDAP Settings window has been
fixed. (NA-5067)
Release: 4.1 Build: 0984
Monday 20th August, 2012
Issues Addressed
- We've addressed a conflict between our case-insensitive LDAP authentication and
LDAP group management features - duplicated accounts had been created when
usernames provided during login didn't match the case of usernames stored in
LDAP. The case-insensitive LDAP authentication now handles this scenario.
If you don't need to handle both case-sensitive and insensitive usernames then
you can now apply this as a system-wide setting.You can find the option on the
System Settings, under the System tab of the admin console. (NA-4903) (NA-4885)
-
Since Solaris 10 has deprecated init.d, we now provide a service manifest file
"<install_dir>/svn-security/utils/init.d/solaris/solaris-svnsecurityagent.xml"
for starting the Subversion Access Control via the Service Management Facility.
See the accompanying readme file for more details. (NA-4872)
Release: 4.1 Build: 0667
Monday 23 July, 2012
Issues Addressed
-
Fixed a problem where the deletion of folders would fail to replicate if the
folders contained locked files, causing loss of sync between nodes. (NA-4650)
-
Fixed an issue where the 'quorum not available' message was not being returned
to the SVN client, when the replication group was not in quorum.
(NA-4666)
Release: 4.1 Build: 0154
Friday 1st June, 2012
What's New
-
We've added support for case-insensitive usernames when using LDAP
pre-replication authentication - this feature is enabled by ticking the
case-insenstivity check box on the LDAP settings screen. (NA-3857)
Issues Addressed
-
Fixed a problem affecting users of LDAP pre-replication authentication on
Windows. After a htpasswd file change we have added a delayed recheck, in case
the file is currently locked by another Windows process. (NA-4496)
-
We've fixed a problem with password encryption logic which in some situations
would result in passwords being mismatched. As part of this fix we've also
changed the conditions that get an existing Subversion user added to
Access Control's password file; now, doing a checkout is enough to get you
added to the password file. (NA-4620)
Release: 4.1 Build: 9379
Tuesday 20th March, 2012
Issues Addressed
-
Team leaders can now be limited to adding and managing users, without
permission to add or modify Access Control rules. This has been implemented
with the addition of a permission for modifying rules which is enabled for
team leaders by default. (NA-4030)
-
Access Control's permission structure has been changed to allow for the users
to be assigned as team leaders, without being able to change anything: a user
with no explicit user permissions effectively has view-only access. (NA-3927)
-
We've fine-tuned how Access Control manages connections to Apache to ensure
that the available connections are not exhausted which would force Access
Control's proxy to restart. (NA-4409)
Release: 4.1 Build: 9140
Thursday 16th February, 2012
Issues Addressed
- Addressed an issue that affected LDAP authentication on Windows based servers
(NA-4335)
Release: 4.1 Build: 9073
Monday 13th February, 2012
Issues Addressed
-
Fixed an issue where conflicting rules defined for a specific resource could
result in incorrect results being reported from the lookup/search operation
(NA-4253)
Release: 4.1 Build: 9007
Monday 6th February, 2012
What's new
- Release 4.1 is a major update of the Subversion Access Control product,
introducing new functionality and changing its underlying access model.
Users' permissions are no longer based on roles and groups that require
unwieldy access control lists to maintain complex security policies.
Access Control now uses a simplified approach that applies access rules to
heirarchical teams.
-
Delegated administration - Administrators can now create teams and assign a
team leader who can then manage the uses and resources that have been assigned
to the team. These team leaders are unable to access any users or resources
that have not been assigned to their team.
LDAP changes:
- Admin users can now be managed via an LDAP group.
- The functionality of our free LDAP plug-in has been integrated, allowing
Users and Team membership to be synch'ed with LDAP groups. (NA-2784)
- LDAP Authorities assignment screens have been expanded to include
additional functionality. (NA-3853)
- All access control activity is now written to a dedicated log
file in the "path/to/svn-security/logs/ac" directory. (NA-3975)
- An info message is written to the logs when an LDAP group sync changes
membership. (NA-3907)
-
Backup and Restore functionality has been extended. Exporting Settings now
generates a backup directory that includes more system settings, including the
mail server information. (NA-3875)
- Subversion users can now use the admin console's Lookup/Search tool to verify
their access to a specified repository resource. (NA-3926)
Issues Addressed
-
Fixed a problem where a shutdown from the admin console would stop init.d
script start from working. (NA-3364)
-
Improved handling under very high latency situations, which could result in
transactions failing to complete. (NA-3964)
- When using Access Control, client requests that fail because the user is not
defined now return a 401 (not found) instead of 403 (forbidden) error.
(NA-3919)
-
Access Control Rules now applies deny copy rules to both source and
destination, previously, the deny rule was only applied to the copy source,
not the destination. (NA-2836)
Known Issue
-
If a (system) administrator is assigned to a team then a team
leader of that team is able to disable the administrator's account. A team
leader should not have control over admin accounts so this ability will
be removed in the next release. (NA-4201)
Release: 4.0 Build: 7797
October, 03 2011
What's new
- Authentication against multiple LDAP authorities is now supported, modelled
on Apache's LDAP authentication. (NA-3511)
- It's now possible to limit the maximum file size of a commit via a setting
on the Systems Settings page, on the System tab of the Admin Console.
(NA-3516)
Issues Addressed
-
We now fail LDAP pre-replication authentication immediately if the password
is blank, rather than depending on LDAP to reject the attempt.(NA-3456)
-
The Authz file editing logic has been improved to prevent problems
caused by undeletable files in Windows. (NA-3508)
-
Fixed encoding of output text from html to XML as the messaging had
resulted in the failure of users' scripts. (NA-2507)
-
Fixed a problem that resulted in some log messages being sent to the
STDOUT instead of the STDERR. (NA-3305)
-
Fixed null pointer exceptions and spinning read-reactor threads caused by the
use of a web application vulnerability scanner. (NA-3438, NA-3437)
-
Added support for multiple admin email addresses (comma separated within the
email address field) so that a number of administrators can receive alert
emails. (NA-3365)
-
All access to the Access Control admin console now appears in the logs along
with the user's IP address, suitable for auditing access. (NA-3362)
-
It's no longer a requirement to be in the lib directory in order to invoke
java -jar. (NA-3335)
-
Improved handling of log file rotation, existing log files where not
accounted for, so increased with each restart. Appended
naming now works properly so that setup logs are rotated instead of
sticking around forever. (NA-3329)
-
Groups can now be named using multibyte characters, further improving
support for languages such as Russian or Japanese. (NA-3318)
-
The LDAP entry form is now more forgiving of errors and no longer
blanks all entries when a submission fails due to an error. (NA-3298)
-
There's now a 'last accessed' column displayed on the List users screen.
This has been added to help manage users licenses as it
provides an administrator with an immediately guide to which users are no
longer active. (NA-3296)
-
It's now possible to use escape characters to include commas in
usernames. See the clarification on what characters are acceptable for
usernames. (NA-3294)
-
Fixed a problem where Access Control created invalid paths for
repositories with locations that use multiple slashes. (NA-3291)
-
Fixed a problem that stopped group names that included plus symbols
'+' from being editable. (NA-3290)
-
If an Authz file is deleted or corrupted, it's now possible to regenerate it
using the Regenerate Authz file button, on the SVN Settings screen, under the
Proxy tab of the admin console. (NA-3289)
-
Corrected the numbering of ACLs as they appear in the logs. (NA-3288)
-
Fixed a problem that could in rare cases zero the Authz file (NA-3287)
Release: 4.0 Build: 7579
September 09, 2011
Issues Addressed
- We now ensure that LDAP authentication failure generates a 401
(unauthorized) instead of a 403 (forbidden) error, which ensures that
follow-on authentication attempts are not frustrated by client caching.
(NA-3326)
Release: 4.0 Build:5974
April 26, 2011
What's new
- Improved logging for LDAP authentication failure. (NA-2858)
- Improved talkback script no longer prompts the user to enter
information, even though there's no JAVA_HOME variable set (which
automatically causes talkback to fail). (NA-2869)
Release: 4.0 Build:5876
March 24, 2011
Issues Addressed
-
The problem with the keystore being overwritten by the truststore file that
appeared in build 5295 has been fixed. (NA-2661)
-
Error checking is now in place to stop changes to LDAP settings if any
related repository password files are not being managed. (NA-2664)
-
Fixed a problem that caused LDAP authorities to be displayed out of order
in some situations. (NA-2665)
-
Improved help text now added for the LDAP Authorities fields. (NA-2666)
-
Prewrite Access Control Lists can now be unhidden to make it easier
to manage access rules. (NA-2696)
-
All Deletion actions within the admin console now prompt the user for
confirmation. (NA-2832)
-
A warning is now displayed when an impending node IP change will invalidate
the product license. (NA-2500)
-
The text input field for the LDAP URL is now larger, making it easier to use.
(NA-2653)
-
Editing an LDAP authority now correctly reported as "authority edited" instead
of "authority added". (NA-2657)
Release: 4.0 Build:5295
Jan 11, 2011
What's New
- The user creation page password field is no longer mandatory. Forced entry
of a password would be incompatible with the use of LDAP authentication.
(NA-2612)
-
Activity ID and resource URI have been added to the WANdisco log file
(SVNProxyServer-prefs.logs) to allow for easier tracking / matching against
Apache logs. (NA-2406)
-
Added support for multiple admin email addresses (comma separated within the
email address field) so that a number of administrators can receive alert
emails. (NA-2404)
-
A new screen has been added to the admin console that provides licensing
details for the server. To view it, click on the System tab, then the menu
link: "License Info". (NA-2427)
- It is now possible to edit LDAP authority details, instead of deleting and
creating them from scratch. (NA-2611)
Issues Addressed
-
Fixed a problem that made Access Control users and groups impossible to delete
on versions of Windows that use non-Latin character sets. (NA-2635)
- Fixed a problem that resulted in Access Control rules not being followed after a fallback from LDAP to httpasswd. (NA-2615)
Release: 4.0 Build:4851 (Nov 10, 2010)
Issues Addressed
- System disk monitoring can now be controlled from the system tab of the admin
console. (NA-2157)
- Improved proxy log file naming system for greater efficiency. The proxy log
file is now appended with the following dating format:
yyyy-MM-dd.HH:mm:ss (NA-1967)
- Fixed a problem that stopped locked files from being deleted during garbage
collection. (NA-2223)
- It's now possible to limit each log entry to a single line (NA-2108)
Release: 3.7 Build:3926 (July 23, 2010)
Issues Addressed
- When updating a user password, the security menu is no longer displayed. (NA-2210)
- Previous passwords are no longer displayed at the end of a user password change. (NA-2153)
Release: 3.7 Build: 3855 (Jul 08, 2009)
Issues Addressed
- Fixed a problem that stopped locked files from being deleted during garbage collection. (NA-2134)
Release: 3.7 Build: 3660 (Jun 01, 2009)
Issues Addressed
-
Users imported into Access Control who don't have an assigned role are now
given a default role called "legacy". Administrators can then set permissions
for these users individually or in bulk. (NA-1852)
-
Fixed a problem with Access Control that prevented the cleanup of files in
the /tmp directory after checkouts have completed. (NA-1655)
-
Fixed a problem whereby users imported via the LDAP plug-in who were later
removed, were not showing up as being available to import again. (NA-1651)
-
Fixed bug that caused NPE whenever an svn copy was denied by access
control. (NA-1866)
-
Fixed a bug that caused a node to become read-only and crash if settings are
imported without valid repository browsing credentials and with Authz
enabled. (NA-1922)
-
Names of Users and Usergroups must now be unique. Names that differed only
by character case (usergroup,UserGroup etc) are no longer allowed.
(NA-1851)
Release: 3.7 Build: 1951 (Dec 03, 2009)
Issues Addressed
-
Setting Log level to "finer" no longer causes the replicator to crash.
(NA-1608)
-
Fixed problem with not being able to clear email settings. (NA-1585)
-
Email SSL TrustStore file and password entry fields now display properly.
(NA-1569)
-
Now java.net.preferIPv4Stack is set to "true" to ensure no problems occur in
environments using IPv6. (NA-1584)
-
Windows users can now make changes to the Authz file without having to
manually restart the replicator. (NA-1578)
-
Updating groups no longer duplicates custom ACLs.
(NA-1574)
-
Clarified LDAP connection field names. Added a "test connection" button.
(NA-1567)
-
Fixed problem with prefs.xml elements not parsing without elements being
separated by newlines.
(NA-1559)
-
Fix problem with non-WebDAV requests forwarded on to SVN server causing the replicator
to restart. These requests are now logged and rejected. Note that the logged
client IP may not be correct if ProxyPass is in use. (NA-1526)
Release 3.7 Build: 1634 (Nov 12, 2009)
Issues Addressed
- Correctly handle Authz file generation when SVNParentPath is
used. (NA-1515)
-
Fix a NullPointerException in sendErrorAndDisconnect() when a bad
packet is received (e.g. from a port scanner). (NA-1526)
-
Handle MERGE commands properly when apache drops the connection
(NA-1351)
-
Fix a problem with replication of ACLs when the ACL had blank
file/dir patterns or groups. (NA-1443)
-
Do not assert failure and restart when we see different http versions
from the client. Just log a warning. (NA-1320)
-
The Disk Monitoring facility is now more robust and works on Windows.
-
Installer now warns against mod_deflate settings in apache
configuration. (NA-1412)
-
Installer now warns against lack of authentication in apache
configuration. (NA-920)
-
Warn against "http://" in the dav location field (NA-99)
-
SSH based deployer now supports use of private/private key
authentication. (NA-1387)
-
Group names are sorted in case-insensitive order (NA-1486)
Release 3.7 Build: 1464 (Nov 3, 2009)
What's new
- Installer now detects apache settings to help ensure the required
Subversion server settings are configured. (NA-1369)
- WANdisco Access Control now works in conjunction with a mod_authz and
authz file.
Issues Addressed
Known Issues
On Windows platforms, installation directory must remain 'svn-security'
and must not renamed. Also the installation directory may not be in a path
with whitespaces.
Copyright © 2010 WANdisco
All Rights Reserved
This product is protected by copyright and distributed under
licenses restricting copying, distribution and decompilation.