WebTitan

WebTitan Cloud 4.16 sees the introduction of the concept of devices and device management to WebTitan, allowing you to add devices that can then be remotely managed and configured. A device is an entity that can be configured to send DNS requests to WebTitan Cloud for filtering per your policies, such as an endpoint agent like WebTitan OTG 2 (described below).

The WebTitan OTG agent has been re-architected as a single-threaded application, meaning that our WebTitan OTG 2 agents are more stable and secure and require less CPU overhead from the user machine. The WebTitan OTG 2 agent family offers several other improvements:

Based on the new WebTitan OTG 2, WebTitan OTG for Chromebooks is the first agent from our OTG 2 family, delivering user and device-level web filtering specifically for Chromebooks. Designed for the education sector, it is a fast, affordable security filtering solution for Chromebooks that supports CIPA compliance. See WebTitan OTG 2 for Chromebooks Guide.

WebTitan Cloud can now filter users in Azure Active Directory (AD) using the new version of DNS Proxy and the WebTitan Azure AD Enterprise App. The WebTitan Azure AD Enterprise App is responsible for synchronizing Azure AD users & groups to DNS Proxy and can support filtering using just an on-prem AD, an Azure AD, or a hybrid AD setup. See WebTitan AzureAD Enterprise App Guide.

You can now delete OTG users in the UI from the Users tab. See Editing and Deleting Users.

You can now include a description when adding a Static IP Location using the Rest API. See apidoc.webtitancloud.com for more information.

In keeping with a larger global effort to improve technical vocabulary, the terms blacklist and whitelist have been removed from WebTitan Cloud and replaced with block list and allow list.

WebTitan OTG 1 for Mac has been updated to improve VPN handling and compatibility with Catalina and Big Sur. An issue causing the external IP to not always resolve has also been fixed.

Category incorrectly taking precedence over included default allow list (resolved).

Long URLs could overflow the container in Block Pages (resolved).

Allow and block domains with uppercase characters did not work in the Rest API (resolved).

Reporting Filter editing issue (resolved).

High Cloud Key max use-values issue (resolved).

Scheduled reports not running when quotes appear in the subject or description (resolved).

Rest API accepting far out-of-range timestamps (resolved).

Pagination issue on Reporting History by blocked action (resolved).

Customer time zones affecting the global WebTitan log (resolved).

Issue exporting allow or block domains if there is a quote in the policy name (resolved).

Out of date inline Help (resolved).

Global allow and block list entries not working in the Rest API (resolved).

An issue with the scheduled resolution of Dynamic DNS locations (resolved).

Issue deleting a non-existent user in the Rest API (resolved).

Multi-IP locations - you can now have more than one IP address or CIDR for a static IP location.

Two-Factor Authentication (2FA) is now available, adding a layer of protection by denying access with just a password.

Management of Scheduled Reports has been added to the Rest API. See apidoc.webtitancloud.com for full details.

A new groups filter has been added to reports and is available to any customers that are using groups.

Certificates generated in the UI are now valid for two years.

Location keys change less frequently than before to reduce the possibility of OTG agents getting out of sync.

Dynamic IP locations can no longer take the address from another dynamic IP location using the UI. However, they can continue to do so via RestAPI and IpAgent.

Filtering by internal IP issue in history.

Logo size issues.

Dashboard stats for ‘yesterday’ issue resolved.

Improved the speed of allowed and blocked domains loading as part of a policy.

Logging errors caused by missing partitions.

Resolved the issue where a license can be bypassed.

Pagination issue when filtering by location in history.

OTG and IP Agent issues relating to their use with a dedicated server.

The issue where some cookies were not set as HttpOnly has been resolved.

There is a new API endpoint that allows you to manage the policy setting (allowed/blocked) for a set of categories.

Support has been added to signal to Firefox that DNS filtering is being used. See support.mozilla.org

Usage reports can now be generated by group.

Security patches for packages, including OpenSSL (CVE-2019-1551), PHP and Sudo (CVE-2019-18634).

API no longer reports on bypassed traffic. These are included in the allowed traffic.

The API maximum limit for top stats has increased from 100 to 1000.

API history endpoint now includes location and effective policy details.

There are increased password complexity requirements for new passwords. Passwords must now be 10 characters long and contain a letter, number or symbol.

We have disabled support for SSLv3, TLS1.0 and disabled weak ciphers.

Patches and hotfixes can now be retrieved using HTTPS only.

Internal IP address displaying on the block page.

Resolved issue responding to certain requests when the truncated bit is enabled, by switching to TCP.

A potential vulnerability when restoring a backup file.

The customer timezone not being taken into account in notification emails or scheduled reports.

Additional cookie security attributes are now applied to prevent session stealing.

A potential session fixation security issue has been resolved by removing the FLASH_PHPSESSID setting.

A potential SQL injection vulnerability has been resolved.

Problem filtering history by customer when using an account that was deleted and then re-created.

Issue when attempting to import allow and block list entries before saving a new policy.

Location-based statistics are now available.

An option to cancel in-progress report generation has been added.

Updated packages with vulnerabilities associated with them, including OpenSSL, PHP, Perl and PostgreSQL.

Formatting issue in the page title on a PDF report.

Issue filtering history by location.

Occurrences of an issue when generating reports with a custom date range.

Issues when recreating a previously deleted customer.

Account description displaying instead of an account name on the customer dashboard.

An incorrect virtual hosts (vhosts) definition causing DNSproxy issues.

No longer possible to use a reserved IP as a location address.

Confusing group policy timestamp field name has been changed.

You can now define location-based policies.

A search filter on the history page allows you to search by location name with autocomplete.

Updated packages with vulnerabilities associated with them, including OpenSSL, PHP and PostgreSQL.

Logging into the user interface from an IPv6 address.

OTG user profile may be deleted if the user is also using DNSProxy.

Possible high CPU usage when syncing users from DNSProxy.

The speed of the deletion of customer accounts has been improved.

Using an IPv6 address when using the diagnostic ping tool.

Block page not displaying correctly when a text-area mark up is added.

Edits to cloud key tokens not taking effect.

Configured DNS forwarders are replaced with root name servers if running in DNS Forwarding mode.

Resolved the vulnerability where obsolete shockwave flash (SWF) files were still accessible.

Adding a customer account with a name greater than 255 characters.

Communication between resolver daemon and categorization engine may hang.

Disabled vulnerable SSL protocols.

The logger using an incorrect time zone when creating missing partitions.

A customer can now create additional administrators.

A lost password feature has been added to the login page.

Customer policies can now be set to inherit allow and block list entries from the customer's default policy.

Cloud key cookie lifetime units are now localized.

The potential of cross-site scripting on the block page.

Group names containing a comma were not being handled correctly.

Added support for virtual locations using EDNS.

An issue of high transaction burn rate that affected the retention period on large systems.

Policy engine reloading locations too frequently.

IPv6 is now fully supported.

Added the option for YouTube restricted mode. This feature is automatically enabled if SafeSearch is enabled in a policy.

Customer locations can now be defined as CIDRs.

An issue with logging delays.

A system timezone change may cause logging errors.

An issue where customer timezone changes backward through midnight was causing logging errors.

Performing NTP Sync had issues when more than one time server is defined.

Resolved the total number of locations value returned from API.

XSS vulnerability associated with a web page title (reported by Liam Somerville).

Resolved an issue where urlsvr may unnecessarily try to update the categorization database.

The handling of blocked POST requests to the block page server.

Added IPv6 support, configurable from the backend only. There are no UI additions.

You can now import groups from Active Directory and apply policies to users in these groups.

Allow and block lists have been added as part of user policies.

Added export option in allow and block lists to allow the import to individual user policies when required.

All customer policies are now accessible to the administrator without impersonation.

UI changes to view a user's effective policy.

Added effective policy information to history and reports.

UI changes to order group ranking when users are members of multiple groups.

Replaced the UI Adobe Flash Charting component and with more secure HTML 5 charting.

Removed the 'Enable Microsoft Updates' button and have instead made the relevant domains (.microsoft.com, .msftncsi.com and .windowsupdate.com) editable in the global and customer allow lists.

Double quotes were appearing around group names.

Reliability issues in the URL categorization component.

Issues allowing a block page preview to match the actual block page more closely.

Individual user policies are now available. Policies can now be set for individual users for organizations using DNS Proxy.

The default policy can now be set for new customers.

Performance improvements in the policy engine.

Applied security patch updates to various packages including OpenSSH, OpenSSL, PostgreSQL and PHP.

Safe Search may be incorrectly applied to a user who had the option disabled.

Improved the delete performance of customers with a large number of internal users.

Error generated when attempting to create a duplicate user via the API.

Category IDs have been removed from the user interface.

An issue that may cause delays looking up a domain category.

Allowing an admin to specify a port that is already in use for HTTP/HTTPS.

Removed the option for cloud-based lookups. The option is no longer supported as it can lead to high latency.

The admin-level scheduled reports page was always empty. This will now show all customers scheduled reports.

Misleading save buttons when importing a signed certificate and intermediate certificates have been removed.

Customers can no longer create policies with duplicate names.