The 4.0.4 release resolves a number of issues, and provides minor stability and performance improvements.
Work Order # | Description |
---|---|
NSWA-659 | Addressed a performance issue when using Captive Portal authentication in transparent mode. |
NSWA-630 | Fully qualified domain names (FQDN) are now recorded for all log entries. |
NSWA-628 | Addressed an HTML content handling inconsistency in custom notification page messages. Note that this will limit the use of HTML or scripts to Advanced Notification Page templates. Discovered and reported by Daniel Compton of Info-Assure Ltd. |
NSWA-627 | Fixed directory traversal vulnerability in the Admin UI. Discovered and reported by Daniel Compton of Info-Assure Ltd. |
NSWA-626 | When HTTPS scanning is disabled, the full URL is now re-evaluated for policy reasons before the block page is sent. |
NSWA-625 | Resolved a caching issue that could sometimes prevent downloads from trusted domains. |
NSWA-624 | When using transparent mode with HTTPS scanning enabled, policy decisions are now based on the full URL. |
NSWA-623 | Sites that return invalid characters in HTTP headers now load correctly. |
NSWA-618 | An issue has been resolved that could affect user authentication with certain client applications. |