WebTitan

WebTitan Release Notes

The latest version of WebTitan contains new features and enhancements that provide you with even better web security. To keep your WebTitan solution as efficient as possible we recommend you update to the latest version, providing you with the very latest updates and fixes. You can do this for free today.

The release notes below outline the upgrades and improvements in our WebTitan releases.

When you are ready, go to Updates > System to manage updates. See Updating your WebTitan Software for more information.

webtitan-logo-small.jpg

WebTitan 5.18

Released: November 2019

What's New?

  • WebTitan Active Directory Agent (WADA) discovered IP-to-user mappings are now viewable via the UI.

What has been improved?

  • The traffic database is no longer exported as part of the backup.

  • The default block page has been updated.

  • Disabled support for SSLv3 and disabled weak ciphers.

  • Removed support account from UI.

  • All patches and hotfixes are now fetched over HTTPS.

  • Removed obsolete YouTube for schools.

  • Login security upgraded with improved password hashing.

What has been fixed?

  • Handling of group names containing a comma.

  • A potential vulnerability in the backup/restore process that could allow the injection of malicious files onto the filesystem.

  • Formatting issues in PDF reports.

  • A potential vulnerability that may allow an unauthenticated user to access the database via the proxy service.

  • Report generation via the UI is canceled when the reporting database is on a separate appliance.

  • A policy manager is logged out when saving a policy.

  • The retention period was not reducing automatically even though disk space is approaching capacity.

  • Issue performing URL keyword filtering.

  • An XSS vulnerability in the cache manager.

  • A potential SQL injection vulnerability on the History and Reporting pages.

  • Access allowed to a database configuration file through the UI.

  • The categorization engine could incorrectly report a URL as unclassified.

  • Communication issue with the categorization engine causing it to hang.

  • Resolved a potential session fixation vulnerability.

  • Issue selecting the correct policy for users with a large number of groups (greater than 128).

  • WPAD autoconfiguration wizard misconfigures the BYPASS for networks setting.

  • Slow database reporting queries locking up the UI.

  • The saving of an invalid allowed domain appears as successful.

  • An authenticated administrator allowed to view log files which they are not authorized to view.

webtitan-logo-small.jpg

WebTitan 5.17

Released: November 2018

What has been improved?

  • The 'Enable Microsoft Updates' button has been removed and instead the relevant domains (.microsoft.com, .msftncsi.comand .windowsupdate.com) are editable in the UI.

  • The allow listing of a full URL is allowed.

  • IP addresses can be defined as IPv6.

  • Applied security patch updates to various packages including Samba, OpenSSL, PostgreSQL and PHP.

  • Logging performance improvements.

  • The option for YouTube for Schools, which is no longer maintained by YouTube, has been removed.

What has been fixed?

  • A system timezone change may cause logging errors.

  • An issue where customer timezone changes backward through midnight was causing logging errors.

  • Resolved a bug relating to a user's bandwidth.

  • High transaction burn rate that affected the retention period on large volume systems.

  • User identification failing when the LDAP server domain contains an empty string.

  • The invalid safe search site, ask.com, being included on the safe search list.

  • A race condition that could lead to a proxy deadlock situation.

  • Requests from users not already imported from LDAP were not getting logged.

  • Policy engine repeatedly querying the database to retrieve user data.

  • The importing of users from multiple LDAP servers when there are duplicate users.

  • Resolved issue editing comments under SSL inspection.

  • Groups only being imported from LDAP servers if the group import button is unchecked.

  • SSL inspection for 'all except selected domains' inspecting all traffic.

  • Issue filtering history using UTF-8 characters.

  • Issue allowing a report or policy manager to gain admin-level privileges to the UI.

  • Account credentials sent in cleartext even when LDAPS is used for user authentication.

  • A problem in generating a self-signed certificate if the organization label is greater than fifty characters.

  • Issue allowing for potential XSS vulnerability through a block page.

  • Filtering of users under-reporting if the user has a comma in their name.

  • Resolved a path traversal vulnerability.

  • Resolved issue with multi-domain support.

  • Problem adding URLs containing Cyrillic characters to custom categories.

  • Logging issue when 'Log only Group' policy option is selected.

  • NTLM authentication issue for usernames with Cyrillic characters.

webtitan-logo-small.jpg

WebTitan 5.16

Released: November 2017

What's New?

  • There is a new policy engine.

  • A new URL server.

What has been improved?

  • Logger write performance improvements.

  • Refactored URL server fixing reliability issues and improving performance.

  • Samba updated to version 4.6.2.

  • Updated to FreeBSD 11.

  • Updated Squid to 3.5.11.

  • Applied security patch updates to various packages including OpenSSH, OpenSSL, PostgreSQL and PHP.

What has been fixed?

  • The URL database update process is not reliable.

  • Logging errors can occur when there is no group association.

  • Deletion of a policy not causing a group to be reloaded.

  • Multibyte characters in a block page title causing an error.

  • Squid not starting if a hostname and domain are not specified.

  • Test filtering taking a long time.

  • Safe search may not work if patching up from version 5.02.

  • A user is misidentified when using IP authentication.

  • Constraint violations occurring during LDAP sync, resulting in LDAP importing of users and groups failing.

webtitan-logo-small.jpg

WebTitan 5.15

Released: October 2016

What has been improved?

  • Upgraded Squid to version 3.5.20.

  • Stability improvements with a new Titan Library, including better thread handling and memory management.

  • Added disk management functionality for a separate reporting station.

  • Minor user interface improvements.

What has been fixed?

  • Resetting the webserver using the console not disabling a self-signed SSL cert.

  • An issue with WebTitan becoming Network Master Browser.

  • Forwarding SSL to an upstream proxy fails or is logging incorrectly.

  • The wrong list appears after deletion from allow or block list.

  • Resolved a secondary SQL injection vulnerability.

  • Umlauts failing to display correctly in scheduled report emails.

  • CSV reports that are sent by email fail when SMTP authentication is in use.

  • URLs in History and Reporting sometimes reporting as 'null'.

  • Problem with SSL peeking always being on, even if not required.

  • Resolved some upstream proxy bugs related to proxy authentication.

  • Bad urlsvr data crashing the policy engine via a buffer overflow.

  • HTTPS upstream proxy not working with some SSL inspect configurations.

  • NTLM authentication not working when IP sessions are disabled.

  • A failure during an LDAP sync could remove all groups and users.

  • OpenLDAP errors logging during an LDAP sync.

  • An issue allowing partially completed LDAP importing.

  • Resolved issues to improve the performance of LDAP server deletion.

  • Resolved issue to restore some missing logger error reporting and Syslog functionality.

  • Proxy failing during a shutdown.

webtitan-logo-small.jpg

WebTitan 5.14

Released: May 2016

What has been improved?

  • Performance improvements in logging daemon.

  • Applied security patch updates to various packages including OpenSSH, OpenSSL, PostgreSQL and PHP.

What has been fixed?

  • Security issues using Flash for file uploading that may have allowed unauthenticated access to some parts of the UI.

  • An unauthenticated user allowed to run commands as the 'www' user.

  • The UI inaccessible if the UI port is set to a port that is already in use.

  • Resolved issue with inconsistent handling of entries on SSL exclusion lists (in particular sub-domains of existing entries).

  • Issue viewing logs using Internet Explorer.

  • UI showing configuration of LDAP server with multi-domain option as always enabled.

  • The dashboard displaying legacy data for blocked users and domains.

  • Failure when sending email messages not reporting properly.

  • Google SafeSearch not working when visiting a Google site with a country code second-level domain, for example, google.co.uk or google.co.jp.

  • Resolved an issue handling WebSockets.

  • IO errors in the URL categorization engine.

webtitan-logo-small.jpg

WebTitan 5.13

Released: February 2016

What's New?

  • New ability to specify IP session timeout for KeyShield.

  • Communication between WebTitan and KeyShield can now use HTTPS.

What has been fixed?

  • A security vulnerability that would allow UI clickjacking attacks.

  • Page headers could be corrupt on PDF reports.

  • Issue closing the certificate information dialog.

  • Adding static routes having issues when accessing the UI over HTTPS.

  • The incorrect network interface may be selected when the appliance is configured in transparent mode.

  • History table not always displaying.

  • Importing of a backup failing.

  • Possible timeout issues when the categorization database is updating.

  • Resolved potential security vulnerability by disabling weak ciphers as well as SSLv2 and SSLv3 in UI.

  • Improved policy engine performance.

  • SSL inspection and certificate issues.

  • Memory management issues in the proxy.

  • A block page not displaying in certain circumstances if running in transparent mode.

  • Patched OpenSSL library to address security vulnerability CVE-2015-5600.

  • Other bug fixes.

webtitan-logo-small.jpg

WebTitan 5.12

Released: August 2015

What's New?

  • Added and 'enable anonymous access' option to KeyShield authentication.

What has been fixed?

  • All requests status marked as allowed when using KeyShield authentication.

  • SSL inspection and certificate issues.

  • Configuration issues when enabling an upstream proxy.

  • The blocking of executable files not always working.

  • A number of issues with WADA updates.

  • Issue creating weekly and bi-monthly scheduled reports.

  • Skype not working when running in transparent mode.

  • Race conditions associated with the pruning of old traffic records from the database resolved.