The Inverse team is pleased to announce the immediate availability of PacketFence v15.1. This is a minor release with new features, enhancements and bug fixes. This release is considered ready for production use and upgrading from previous versions is strongly advised.
What is PacketFence? PacketFence is a fully supported, trusted, Free and Open Source Network Access Control (NAC) solution. Boasting an impressive feature set, PacketFence can be used to effectively secure small to very large heterogeneous networks. Among the features provided by PacketFence, there are: * powerful BYOD (Bring Your Own Device) capabilities * multiple enforcement methods including Role-Based Access Control (RBAC) and hotspot-style * built-in network behaviour anomaly detection * state-of-the art devices identification with Fingerbank * compliance checks for endpoints present on your network * integration with various vulnerability scanners, intrusion detection solutions, security agents and firewalls * bandwidth accounting for all devices A complete overview of the solution is available from the official website: https://www.packetfence.com/features/ Changes Since Previous Release New Features Support Intelbras Switch and AP equipment — adds wireless and switch templates (#8836) Additional admin roles — bypass roles and per-node bypass VLANs (#8717) Read-only roles — per-role acls_enabled toggle (#8970) SNMP port enable/disable from the admin UI (#7606) SSO triggered on role change — admin UI toggle, applies on autoreg (#8881) EAP-PEAP authentication via pfconnector to on-premises Active Directory — NTLM Auth API remote (#8700) NetFlow UDP proxy — pfudpproxy forwards NetFlow/sFlow to a fingerbank-collector (#8909) Switch observability — new switch_observability and switch_observability_acls tables (#8952) Kafka cluster support — multi-broker setup script with iptables and keepalived (#8844) sFlow, NetFlow and IPFIX support declarations on switch modules (#9017) Standalone discovery of switches on the network — SNMP scan extracted to standalone module (#8979) Network device discovery — new discover-network-device plugin (#8891) Admin UI and API endpoints for sending password reset emails (#8877) Captive portal local password authentication — unauthenticated password recovery flow (#8872) Fortinet dACL chewer (#8879) Bootable ISO installer for PacketFence — USB ISO builder with system-requirements check (#8818) USB bootable ISO: self-contained PacketFence installer for Debian 12 — Makefile-driven offline installer (#9027) Cloud NAC — git-crypt and git-sync added to pfdebian image for cloud config syncing (#8808) Elasticsearch log integration — live logs viewer in admin UI (#8936) Configurable SMTP sender name via alerting.smtp_name (#8871) Enhancements Upgrade to Caddy 2.11 (with bundled CoreDNS update) (#8961) Tweak API restart timing to wait for the API to be ready (#9053) Rename “Azure Active Directory”/“Azure” to “Microsoft Entra ID”/“Entra ID” in documentation (#9048) Update Go to 1.25.5 (#8856) Migrated Perl report/dynamic_report endpoint to Go — adds endpoint scaffolding and dev docs (#8843) pfdhcp performance optimizations — fixes race conditions, goroutine leaks, missing error checks (#8803) ProxySQL master/slave — multi-backend with read/write hostgroups for failover (#8931) Faster loading of the switch page — role list virtualization and iterative pagination (#9009) Optimize bulk_update for roles by reusing form and config store (#9001) Fingerbank settings: single bulk_update PATCH replaces per-section loop (#9034) Default parent role configurable via advanced.default_role_parent_id (#9011) Add switch_id to locationlog and locationlog_history (#8904) Reduce memory usage on role creation; respawn worker if memory > 1GB (#8947) Reduce time in cache between Fingerbank lookups when API is unavailable (#8829) Better UniFi controller detection using cookie-based reconnect (#8908) Install Inverse GPG key during upgrade script (#8825) Development support for Debian 12 — auto-install Node.js, prerequisite checks, idempotent setup script (#8805) Cloud connector UI — install commands and updated hostname/install script (#9030) Selective test execution in GitLab CI via the TEST_ONLY variable (#8857) Virtualswitch-based Venom acceptance test suites — new venom executors, CI jobs, Ansible scenarios (#8907) Generate switch summary as JSON for new PacketFence site CI flow (#8928) Documentation overhaul — PF-by-Akamai references, app.css for HTML, Instrument Sans for PDF (#8944) Pin clean-css-cli to skip npx confirmation when building documentation styles (#9015) Include Triggers parameters in admin UI (#8885) Use sharedutils.IsEnabled for consistency in Go services (#8892) Test whether a User or Machine AD account is disabled — escape LDAP username, support bitwise filter operators (#8971) Fingerbank data moved into the main PacketFence repo (#7994) Update copyright headers for the new year (#8886) Avoid unnecessary calls to the fingerbank api (#9046) Bug Fixes Fix parent_id semantics across role create, update, and admin UI — distinguish payload-omitted vs explicit-null (#9029) Fix duplicate IP addresses returned from the pfdhcp pool (#9043) Fix CoA timeouts when deauth is tunneled via pfconnector — omit LocalAddr on the connector path so the kernel picks the correct source IP (#9049) EntraID source: fix device group lookup that stopped working since 15.x (#9044, #8812) Reject empty or unparseable CA certificate on save to prevent RADIUS EAP from silently breaking (#9042) Fix SSO portaltoken validation — use HttpdPortal URL and add X-Forwarded-For-PacketFence header (#8962, #8951) Security event purge: batch by 100 nodes and fix SQL syntax (#8740, #7293) Install tcpdump for Go unit tests on EL8 (#8981, #8978) Remove extra ports for management interface in iptables (#8946, #8945) Fix _unitFileExists() for Docker via systemctl show; fix log string interpolation (#8939) Use legacy GPG key for Samba 4.16 deployment in Vagrant (#8926, #8925) Fix NTLM auth API service stop in Venom — use systemctl with graceful monitor shutdown (#8912) Fix ProxySQL crash — calculate endBucket Go-side to avoid unsupported SQL (#8893, #8887) Fix log levels in Go services — configstore, pfacct, pfconnector (#8884) Replace %mgmtip% tag with the management interface IP in the Kafka pfconfig resource (#8882) VLAN filter: return true when there is no condition (#8869, #8842) Use the same method everywhere to find the next certificate serial number, in a transaction (#8868, #8855) Queue ansible configuration generation job to avoid delay (#8866) Move pfconnector installation to its own preseed file (#8865, #8702) More advanced filter to catch the DHCP packet (#8858) Fix pfflow job hanging when Kafka is unresponsive at startup (#8849) Fix portal preview in cloud — env-driven config, drop pf-apache-wrapper (#8838) Only manage systemd units starting with packetfence-xyz.services (#8834) Remove duplicate scroll handler on material page search (#8833, #8832) Retry Kafka connection until Kafka is up and running (#8824) Allow fingerbank-collector port through iptables on RADIUS interfaces (#8820) Fix ISO build — update to latest Debian 12, move PF repo setup to a script (#8819, #8817) Fix table view when reloading in the middle of a page (#8807) Ensure /usr/local/pf/conf/system_init_key is created in package preinst (#8571) Fixes for OpenAPI spec — missing $ref, ConfigInterfaceVlan (#8840) Security Fixes Bump github.com/coredns/coredns from 1.14.1 to 1.14.3 (#8942, #9028) Bump github.com/jackc/pgx/v5 from 5.8.0 to 5.9.2 (#9006, #9018) Bump github.com/smallstep/certificates from 0.26.1 to 0.30.0 (#8848, #8954) Bump google.golang.org/grpc from 1.79.1 to 1.79.3 (#8953) Bump github.com/buger/jsonparser from 1.1.1 to 1.1.2 (#8956) Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 (#8990) Bump github.com/go-jose/go-jose/v3 from 3.0.4 to 3.0.5 (#8989) Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 (#8993) Bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.40.0 to 1.43.0 (#8992) Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.40.0 to 1.43.0 (#8994) Bump go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp from 0.16.0 to 0.19.0 (#8991) Bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 (#8927) See https://github.com/inverse-inc/packetfence/compare/v15.0.0...v15.1.0 for the complete change log. See the Upgrade guide for notes about upgrading: https://packetfence.org/doc/PacketFence_Upgrade_Guide.html Getting PacketFence PacketFence is free software and is distributed under the GNU GPL. As such, you are free to download and try it by either getting the new release or by getting the sources: https://packetfence.com/download/ Documentation about the installation and configuration of PacketFence is also available: https://www.packetfence.com/docs/ How Can I Help? PacketFence is a collaborative effort in order to create the best Free and Open Source NAC solution. There are multiple ways you can contribute to the project: * Documentation reviews, enhancements and translations * Feature requests or by sharing your ideas * Participate in the discussion on mailing lists * Patches for bugs or enhancements * Provide new translations of remediation pages Getting Support Fill our online form (https://www.packetfence.com/contacts/?package=premium-support) and a representative from Inverse will contact you. Inverse offers professional services to organizations willing to secure their wired and wireless networks with the PacketFence solution. The PacketFence Product Team Darren Satkunas Senior II Software Engineer Lead [Akamai]<https://www.akamai.com/> Office: +1.613.670.8391 Akamai Technologies 145 Broadway Cambridge, MA 02142 Connect with Us: [https://www.akamai.com/us/en/multimedia/images/custom/community.jpg] <https://community.akamai.com/> [https://www.akamai.com/us/en/multimedia/images/custom/rss.png] <https://www.akamai.com/blog> [https://www.akamai.com/content/dam/site/en/images/logo/2024/x-logo.png] <https://x.com/akamai> [https://www.akamai.com/us/en/multimedia/images/custom/fb.png] <http://www.facebook.com/AkamaiTechnologies> [https://www.akamai.com/us/en/multimedia/images/custom/in.png] <http://www.linkedin.com/company/akamai-technologies> [https://www.akamai.com/us/en/multimedia/images/custom/youtube.png] <http://www.youtube.com/user/akamaitechnologies?feature=results_main>
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
