only search Wandisco

Release Notes

Release: 4.1 Build: 0154 Friday 1st June, 2012

What's New

• We've added support for case-insensitive usernames when using LDAP pre-replication authentication - this feature is enabled by ticking the case-insenstivity check box on the LDAP settings screen. (NA-3857)

Issues Addressed

• Fixed a problem affecting users of LDAP pre-replication authentication on Windows. After a htpasswd file change we have added a delayed recheck, in case the file is currently locked by another Windows process. (NA-4496)


• We've fixed a problem with password encryption logic which in some situations would result in passwords being mismatched. As part of this fix we've also changed the conditions that get an existing Subversion user added to Access Control's password file; now, doing a checkout is enough to get you added to the password file. (NA-4620)

Release: 4.1 Build: 9379 Tuesday 20th March, 2012

Issues Addressed

• Team leaders can now be limited to adding and managing users, without permission to add or modify Access Control rules. This has been implemented with the addition of a permission for modifying rules which is enabled for team leaders by default. (NA-4030)


• Access Control's permission structure has been changed to allow for the users to be assigned as team leaders, without being able to change anything: a user with no explicit user permissions effectively has view-only access. (NA-3927)


• We've fine-tuned how Access Control manages connections to Apache to ensure that the available connections are not exhausted which would force Access Control's proxy to restart. (NA-4409)

Release: 4.1 Build: 9140

Thursday 16th February, 2012

Issues Addressed

• Addressed an issue that affected LDAP authentication on Windows based servers (NA-4335)

Release: 4.1 Build: 9073 Monday 13th February, 2012

Issues Addressed

• Fixed an issue where conflicting rules defined for a specific resource could result in incorrect results being reported from the lookup/search operation (NA-4253)

Release: 4.1 Build: 9007

Monday 6th February, 2012

What's new

• Release 4.1 is a major update of the Subversion Access Control product, introducing new functionality and changing its underlying access model. Users' permissions are no longer based on roles and groups that require unwieldy access control lists to maintain complex security policies. Access Control now uses a simplified approach that applies access rules to heirarchical teams.


• Delegated administration - Administrators can now create teams and assign a team leader who can then manage the uses and resources that have been assigned to the team. These team leaders are unable to access any users or resources that have not been assigned to their team.



LDAP changes:

• Admin users can now be managed via an LDAP group.


• The functionality of our free LDAP plug-in has been integrated, allowing Users and Team membership to be synch'ed with LDAP groups. (NA-2784)


• LDAP Authorities assignment screens have been expanded to include additional functionality. (NA-3853)


• All access control activity is now written to a dedicated log file in the "path/to/svn-security/logs/ac" directory. (NA-3975)


• An info message is written to the logs when an LDAP group sync changes membership. (NA-3907)


• Backup and Restore functionality has been extended. Exporting Settings now generates a backup directory that includes more system settings, including the mail server information. (NA-3875)


• Subversion users can now use the admin console's Lookup/Search tool to verify their access to a specified repository resource. (NA-3926)

Issues Addressed

• Fixed a problem where a shutdown from the admin console would stop init.d script start from working. (NA-3364)


• Improved handling under very high latency situations, which could result in transactions failing to complete. (NA-3964)


• When using Access Control, client requests that fail because the user is not defined now return a 401 (not found) instead of 403 (forbidden) error. (NA-3919)


• Access Control Rules now applies deny copy rules to both source and destination, previously, the deny rule was only applied to the copy source, not the destination. (NA-2836)

Known Issue

• If a (system) administrator is assigned to a team then a team leader of that team is able to disable the administrator's account. A team leader should not have control over admin accounts so this ability will be removed in the next release. (NA-4201)

Release: 4.0 Build: 7797

October, 03 2011

What's new

• Authentication against multiple LDAP authorities is now supported, modelled on Apache's LDAP authentication. (NA-3511)
• It's now possible to limit the maximum file size of a commit via a setting on the Systems Settings page, on the System tab of the Admin Console. (NA-3516)

Issues Addressed

• We now fail LDAP pre-replication authentication immediately if the password is blank, rather than depending on LDAP to reject the attempt.(NA-3456)
• The Authz file editing logic has been improved to prevent problems caused by undeletable files in Windows. (NA-3508)
• Fixed encoding of output text from html to XML as the messaging had resulted in the failure of users' scripts. (NA-2507)
• Fixed a problem that resulted in some log messages being sent to the STDOUT instead of the STDERR. (NA-3305)
• Fixed null pointer exceptions and spinning read-reactor threads caused by the use of a web application vulnerability scanner. (NA-3438, NA-3437)
• Added support for multiple admin email addresses (comma separated within the email address field) so that a number of administrators can receive alert emails. (NA-3365)
• All access to the Access Control admin console now appears in the logs along with the user's IP address, suitable for auditing access. (NA-3362)
• It's no longer a requirement to be in the lib directory in order to invoke java -jar. (NA-3335)
• Improved handling of log file rotation, existing log files where not accounted for, so increased with each restart. Appended naming now works properly so that setup logs are rotated instead of sticking around forever. (NA-3329)
• Groups can now be named using multibyte characters, further improving support for languages such as Russian or Japanese. (NA-3318)
• The LDAP entry form is now more forgiving of errors and no longer blanks all entries when a submission fails due to an error. (NA-3298)
• There's now a 'last accessed' column displayed on the List users screen. This has been added to help manage users licenses as it provides an administrator with an immediately guide to which users are no longer active. (NA-3296)
• It's now possible to use escape characters to include commas in usernames. See the clarification on what characters are acceptable for usernames. (NA-3294)
• Fixed a problem where Access Control created invalid paths for repositories with locations that use multiple slashes. (NA-3291)
• Fixed a problem that stopped group names that included plus symbols '+' from being editable. (NA-3290)
• If an Authz file is deleted or corrupted, it's now possible to regenerate it using the Regenerate Authz file button, on the SVN Settings screen, under the Proxy tab of the admin console. (NA-3289)
• Corrected the numbering of ACLs as they appear in the logs. (NA-3288)
• Fixed a problem that could in rare cases zero the Authz file (NA-3287)

Release: 4.0 Build: 7579

September 09, 2011

Issues Addressed

• We now ensure that LDAP authentication failure generates a 401 (unauthorized) instead of a 403 (forbidden) error, which ensures that follow-on authentication attempts are not frustrated by client caching. (NA-3326)

Release: 4.0 Build:5974

April 26, 2011

What's new

• Improved logging for LDAP authentication failure. (NA-2858)
• Improved talkback script no longer prompts the user to enter information, even though there's no JAVA_HOME variable set (which automatically causes talkback to fail). (NA-2869)

Release: 4.0 Build:5876

March 24, 2011

Issues Addressed

• The problem with the keystore being overwritten by the truststore file that appeared in build 5295 has been fixed. (NA-2661)
• Error checking is now in place to stop changes to LDAP settings if any related repository password files are not being managed. (NA-2664)
• Fixed a problem that caused LDAP authorities to be displayed out of order in some situations. (NA-2665)
• Improved help text now added for the LDAP Authorities fields. (NA-2666)
• Prewrite Access Control Lists can now be unhidden to make it easier to manage access rules. (NA-2696)
• All Deletion actions within the admin console now prompt the user for confirmation. (NA-2832)
• A warning is now displayed when an impending node IP change will invalidate the product license. (NA-2500)
• The text input field for the LDAP URL is now larger, making it easier to use. (NA-2653)
• Editing an LDAP authority now correctly reported as "authority edited" instead of "authority added". (NA-2657)

Release: 4.0 Build:5295

Jan 11, 2011

What's New

• The user creation page password field is no longer mandatory. Forced entry of a password would be incompatible with the use of LDAP authentication. (NA-2612)
• Activity ID and resource URI have been added to the WANdisco log file (SVNProxyServer-prefs.logs) to allow for easier tracking / matching against Apache logs. (NA-2406)
• Added support for multiple admin email addresses (comma separated within the email address field) so that a number of administrators can receive alert emails. (NA-2404)
• A new screen has been added to the admin console that provides licensing details for the server. To view it, click on the System tab, then the menu link: "License Info". (NA-2427)
• It is now possible to edit LDAP authority details, instead of deleting and creating them from scratch. (NA-2611)

Issues Addressed

• Fixed a problem that made Access Control users and groups impossible to delete on versions of Windows that use non-Latin character sets. (NA-2635)
• Fixed a problem that resulted in Access Control rules not being followed after a fallback from LDAP to httpasswd. (NA-2615)

Release: 4.0 Build:4851 (Nov 10, 2010)

Issues Addressed

• System disk monitoring can now be controlled from the system tab of the admin console. (NA-2157)
• Improved proxy log file naming system for greater efficiency. The proxy log file is now appended with the following dating format:
  yyyy-MM-dd.HH:mm:ss (NA-1967)
• Fixed a problem that stopped locked files from being deleted during garbage collection. (NA-2223)
• It's now possible to limit each log entry to a single line (NA-2108)

Release: 3.7 Build:3926 (July 23, 2010)

Issues Addressed

• When updating a user password, the security menu is no longer displayed. (NA-2210)
• Previous passwords are no longer displayed at the end of a user password change. (NA-2153)

Release: 3.7 Build: 3855 (Jul 08, 2009)

Issues Addressed

• Fixed a problem that stopped locked files from being deleted during garbage collection. (NA-2134)

Release: 3.7 Build: 3660 (Jun 01, 2009)

Issues Addressed

• Users imported into Access Control who don't have an assigned role are now given a default role called "legacy". Administrators can then set permissions for these users individually or in bulk. (NA-1852)
• Fixed a problem with Access Control that prevented the cleanup of files in the /tmp directory after checkouts have completed. (NA-1655)
• Fixed a problem whereby users imported via the LDAP plug-in who were later removed, were not showing up as being available to import again. (NA-1651)
• Fixed bug that caused NPE whenever an svn copy was denied by access control. (NA-1866)
• Fixed a bug that caused a node to become read-only and crash if settings are imported without valid repository browsing credentials and with Authz enabled. (NA-1922)
• Names of Users and Usergroups must now be unique. Names that differed only by character case (usergroup,UserGroup etc) are no longer allowed. (NA-1851)

Release: 3.7 Build: 1951 (Dec 03, 2009)

Issues Addressed

• Setting Log level to "finer" no longer causes the replicator to crash. (NA-1608)
• Fixed problem with not being able to clear email settings. (NA-1585)
• Email SSL TrustStore file and password entry fields now display properly. (NA-1569)
• Now java.net.preferIPv4Stack is set to "true" to ensure no problems occur in environments using IPv6. (NA-1584)
• Windows users can now make changes to the Authz file without having to manually restart the replicator. (NA-1578)
• Updating groups no longer duplicates custom ACLs. (NA-1574)
• Clarified LDAP connection field names. Added a "test connection" button. (NA-1567)
• Fixed problem with prefs.xml elements not parsing without elements being separated by newlines. (NA-1559)
• Fix problem with non-WebDAV requests forwarded on to SVN server causing the replicator to restart. These requests are now logged and rejected. Note that the logged client IP may not be correct if ProxyPass is in use. (NA-1526)

Release 3.7 Build: 1634 (Nov 12, 2009)

Issues Addressed

• Correctly handle Authz file generation when SVNParentPath is used. (NA-1515)
• Fix a NullPointerException in sendErrorAndDisconnect() when a bad packet is received (e.g. from a port scanner). (NA-1526)
• Handle MERGE commands properly when apache drops the connection (NA-1351)
• Fix a problem with replication of ACLs when the ACL had blank file/dir patterns or groups. (NA-1443)
• Do not assert failure and restart when we see different http versions from the client. Just log a warning. (NA-1320)
• The Disk Monitoring facility is now more robust and works on Windows.
• Installer now warns against mod_deflate settings in apache configuration. (NA-1412)
• Installer now warns against lack of authentication in apache configuration. (NA-920)
• Warn against "http://" in the dav location field (NA-99)
• SSH based deployer now supports use of private/private key authentication. (NA-1387)
• Group names are sorted in case-insensitive order (NA-1486)

Release 3.7 Build: 1464 (Nov 3, 2009)

What's new

• Installer now detects apache settings to help ensure the required Subversion server settings are configured. (NA-1369)
• WANdisco Access Control now works in conjunction with a mod_authz and authz file.

Issues Addressed

• Installation on Windows Server 2003 and Windows Server 2008 is now supported.
• Forcing disk I/O all the way through to the storage device via FileChannel.force() is now optional and configurable. You can now control whether the prevayler database and changes to files for storing proposals are fully synced.
  
  By default, full syncing is not enforced, giving best performance. To trade performance for greater accuracy, add the following element to /config/prefs.xml file:

  <ForceSync>
    <Files>true</Files>
    <Prevayler>true</Prevayler>
  </ForceSync>

  Fixed email notification issue that occurred when starting a replicator in Windows if the JAVA_HOME path contained whitespace.
• Assign Users and Remove Users dialogs now list users by user id:, Last Name, First Name and sorted alphabetically on userid with case insensitivity. (NA-927)
• Access Control: Deny ACLs at the same resource level over multiple groups take precedence. (NA-1352)
• User Import: Groups specified in user import via a CSV file must now exist in the replicator. Input lines errors are output to a separate CSV format file for easier re-import. (NA-1227)
• Audit Logging is turned on by default (NA-842). You can disable it by setting the following element in the /config/prefs.xml file:

  <AuditLog>
   <Enabled>false</Enabled>
  </AuditLog> 
  

  Email notifications are now sent N days before a license.key expires. The default value of N is 10 but this can be configured. (NA-1354)
• URLs of the form http://10.1.1.1/svn/proj/!svn are now handled more gracefully. (NA-1350)
• Enhancements to the LDAP import settings have been made to allow for less restrictive queries. (NA-674)

Known Issues

On Windows platforms, installation directory must remain 'svn-security' and must not renamed. Also the installation directory may not be in a path with whitespaces.

Copyright © 2010 WANdisco
All Rights Reserved

This product is protected by copyright and distributed under licenses restricting copying, distribution and decompilation.