Viewer

  WebADM Changelog

File: Changelog_webadm.txt
Size: 80 KBytes
MD5: D95A4D211254217F4757E060BA481B90

1.7.6-2
    - Added user source (suser) and bridges client IPs (src) to CEF log entries.
    - Fixed broken OpenOTP Manager method 'register_inventory'.
    - Added a policy option to use non-branded mobile token for specific clients.
    - Upgraded embedded Apache to version 2.4.41.
    - Upgraded OpenSSL to version 1.1.1d (including security fixes).
    - Multiple optimizations to the LDAP/SQL crypto framework.
    - Major watchd enhancements (uses socket poll API and handles DNS timeouts).
    - Fixed offline cloud license cache expiration.
    - Fixed watchd failing to start because redis is not started yet.
    - Fixed upgrade not permited with permanent license before the maintenance
      expiration.

1.7.6
    - Added import date to the Inventory database.
      > Added optional date options to the Manager 'Inventory_Search' method.
    - Upgraded OpenLDAP to version 2.4.28 (stability).
    - Added an inter-process communication susbsystem for applications.
      > This greatly enhances the performances by limiting the number of
        session manager calls while waiting for mobile responses.
    - Added an 'ip_blacklist' setting to webadm.conf for disabling the automatic
      WebApp' IP address blacklisting for 10 seconds after 5 unsucessful logins.
    - Added a credential cache for the Manager API access to improve the Manager
      performances under high load.
    - Changed to the new 'RCDevs Security' logo under the 'About' page.
    - Added latest background job logs the support tocket generation.
    - Added more setting supported scopes for application settings.
    - Added WebApp WAPI functions for activating/de-activating users.
    - Issue SpanKey client certificates even when client certs are not required.
    - Enhancements to the setup script.
    
1.7.5
    - Upgraded OpenSSL library to version 1.1.1c (includes TLS1.3 support).
      > Set SSL_PROTOCOL="TLSv1.2 +TLSv1.1 +SSLv3" in conf/webadm.env if you
        need support for older protocols (TLSv1.1 or SSLv3).
    - Upgraded all ODBC Drivers to the latest versions.
    - Better support of MariaDB with SSL/TLS encryption.
    - Removed support Oracle database.
    - Fixed Web service event log 'Enforcing Client...' with wrong log Id.
    - Added support for SASL methods with LDAP binds.
    - Added support for future licensing options.
    - Rsign PKI requires TLSv1.2 or TLSv1.3.
    
1.7.4
    - Manager methods for reading and writing user attributes can handle
      binary attributes with base64 encoding.
    - Major optimizations to the WebApp language translation engine.
    - AD ObjectGUID and ObjectSID are flagged binary in objects.xml.
    - Fixed SudoCommands parse errors with SpanKey server when fetched from
      a client policy or application config.
    - Fixed license count with metadata licenses (counting activated groups).
    - Fixed SQL errors with MSSQL database and metadata licenses.
    - Added certificate auto-renewal support for SpanKey client certificates.
    - Added HTTPs SSL certificate auto-renew when cert is near expiration.
    - Minor enhancements and optimizations to the background script.
    - Fixed mobile Push not sent when first multiple Tokens are registered
      and the first mobile push fails.
    - Added optional WebADM main configurations in the support tickets.
    - Added direct access to user Records from the user edit view.
    - Fixed cluster nodes not refreshing their config object caches when
      another node updates a configuration object.
    - Fixed update version validation issues with permanent licenses.
    - Added more options for mobile application Branding (OpenOTP Token).
    
1.7.3
    - Fixed license counting issues with per-metadata licenses.
    - Fixed push error when push IOS/Android push identifier changed.
    - Upgraded OpenSSL to version 1.0.2s (including security fixes).
    - Generated QRCodes are now a bit smaller.
    - Fixed issues for Android push IDs.
      > The RCDevs' team apologies for any inconvenience and issue due to
        the move to the Firebase Push notification protocol for Android.
    - Added a new complex config type required for SpanKey Sudo.
    - Removed MaxRequest configuration in all Web Services.
    - Fixed display issues in the edit object page with delegated admins.
    - Increased WebADM worker memory limit to 128M.

1.7.2
    - Fixed LDAP object search over MountPoints through the Manager API.
    - Fixed log file viewer showing a blank log in rare occasions.
    - Fixed WebApp's 'Close' buttons sometimes not closing correctly.
    - Fixed some OCSP response's serial number getting negative values.
    - Unspecified MySQL database version now defaults to the MySQL8 driver.
      > Set database type to 'MySQL5' in 'servers.xml' if you previously had
        set 'MySQL' and encouter any MySQL connection issue after upgrade!
    - Updated MariaDB ODBC driver to the new 3.1 stable branch.
    - Added SSL support with the MariaDB ODBC driver.
    - The OCSP service is now fault-tolerant (does not rely on rsignd).
      > Requires RADIUS Bridge v1.3.8.
    - Fixed OCSP cache not re-populated when cleaning the session caches.
    - Added SQL logs for incoming OCSP requests (in Web Service log).
    - Fixed disconnections with CSRF issues under the RCDevs SAML/OpenID IdP.
    - Added support for licenses with product options (ex. OpenOTP Signing).
    - Secure Email now uses AES-128 encryption by default.
    
1.7.1
    - Fixed issues with group search base and SpanKey NSS groups.
    - Fixed Device container creation with RCDevs Directory server.
    - Fixed user certificate creation issues.
    - Fixed a minor compatibility issue with LDProxy and LDAP MountPoints.
    - Fixed AD group type edition issues.
    - Fixed an issue with Rsignd not clearing zombie processes.
    - Fixed SpanKey client certificates always expiring after 365 days.
    - Enhancements to the Auditd record viewer.
    - Added application methods for retrieving user groups (required for
      an upcoming RCDevs products).
    - Added a Manager method to check if a user is activated.
    - Added Client Id to the SQL records (ie. SpanKey clients).
    - Added client certificate auto-confirm for batch SpanKey client setups.
    - Added the setting 'log_revdns' to reverse-lookup IPs in SQL logs.
    - Several performance enhancements to the core frameworks.
    - Added WAPI functions for cluster-level application caching.
    - Added 'config_container' in 'webadm.conf' to optionally replace and
      simplify all the containers' configuration.
    - Upgraded embedded Apache to version 2.4.39.
    
1.7.0
    - Added WebADM Devices (access points, badgers and geotracking devices).
      > Please contact RCDevs sales for more information.
    - WebADM compiled PHP source code now relies on optimized HHVM bytecode.
      > It is more than 10 times faster and requires half the memory.
      > A single WebADM instance now handles about 1000 login requests/sec.
    - Removed Trust Domain support (deprecated with Web services since a year).
    - Fixed issues with server certificate creation during slave WebADM setup.
    - Fixed Watchd 'resource temporarly unavailable' under very high load.
    - Fixed failed config objects not displayed under the 'Config' menu.
    - Fixed OptionSets not enforced when applied to user's login context.
    - Upgraded embedded Apache to version 2.4.38.
    - Fixed AD user unlock with PwReset.
    - Fixed SQL connection warnings.
    - Added per-year excluded days in the policy configurations.
    - Unique attribute flags in 'objects.xml' is now obsolet.
      > All the 'uid_attrs' in webadm.conf are now checked for unicity.
    - Removed ExcludedHours, ExcludedAddresses and ExcludedLocations from
      the Client Policies (other AllowedXXX are kept).
    - GID numbers are now auto-incremented like UID numbers (see objects.xml).
    - Fixed application messages not always honoring the user language.
    - Added a LDAP prefetch cache to optimize the number of LDAP queries.
      > WebADM uses less LDAP queries for finding users and reading their data.
    - Log Id remains consistent when a service is called by another service.
    - Added direct logfile view from the SQL logs (per user session).
    - Fixed issues with userPassword LDAP encoding with SHA1 and SSHA.
    - Added a record viewer for Auditd logs produced by upcoming SpanKey.
    - New bin/setup script (more similar to the one in the VMWare appliance).
    - Upgraded OpenSSL to version 1.0.2r (including security fixes).
    - WebADM 32 bit version is discontinued in the 1.7 branch.
    
1.6.9
    - Fixed ActiveDirectory object attribute update failing when objectSID
      or objectGUID is displayed.
    - Added encryption frameworks for upcomming RCDevs products.
    - Fixed an error in the CEF logs where the 'CEF|0' should be 'CEF:0'.
      > If you use WebADM with rsyslog and CEF for Splunk for example, please
      be check that the correction does not alter your centralized audit!
    - Added statistic database cleanup in the WebADM background jobs.
    - Added Inventory import from license servers (requires cloud license).
    - Removed RCDevs HSM server support (it will be replaced by PKCS#11).
    - Watchd master processes (main threads) are not renamed anymore.
    - Added manager methods to activate and de-activate users and groups.
    - Fixed MountPoints not beeing displayed with the right vendor icon.
    - Fixed dynamic groups' member listing on LDAP mountpoints.
    - Added options to the support ticket generation.
    - Upgraded OpenSSL to version 1.0.2q (including security fixes).
    - Upgraded embedded Redis server to version 5.0.3.
    - Added different expirations for user, client and server certificates.
    - Fixed password change from the self-service desk with ActiveDirectory.
    - Added WAPI functions for WebApps to be able to use client policies.
      > This is required for the upcoming RCDevs OpenID/SAML version 1.3.
    - Host count is now removed for services with per-user licensing.
    - Removed DES-related ciphers from the embedded Apache TLS configuration.
    - Fixed issues MFA login with combined OTP and FIDO2 authentication challenges.
    - SSLProtocol and SSLCipherSuite can be reconfigured in conf/webadm.env.
      > Apache as well as RSignd PKI inherits the SSLProtocol and SSLCipherSuite.
    - The tools bin/extend, bin/verify and bin/encrypt can work per container.
    - Fixed LDAP sheama objetclass attrobute parsing failures on OpenLDAP.
    - Major Watchd performance enhancements and code rewrite.
    - Added support for LDAP passwords with SHA2 and SHA512.
    - Added a manager method to get detailed license information.
    - Removed manager method 'Count_Remaining_Users' (use Count_Activated_Users).
    - Upgraded embedded PHP runtime to the 7.2 stable branch.
    - Added SpanKey client certitifcate revocation.
      > A revocation is done by disabling a client certitifcate in the certificate
        database table.
      > Unknown certificates are automatically added to the database as active.
    - Enhancements to the licensing subsystem.

1.6.8
    - Performance improvements to the config object caching.
      > WebADM now supports an unlimitted number of domains / client policies.
    - Web services (OpenOTP/SpanKey) deny access for disabled client policies.
    - Fixed email not sent via manager calls (ex. SelfReg requests).
    - Enhancements to the Cloud licensing subsystem.
    - Fixed PwReset and SelfReg requests sent by OpenOTP resulting in expired
      session ID errors when accessing the WebApps.
    - Fixed MFA login in the Admin Portal not displaying the right domain list.
    - Fixed graphical issues with the RADIUS Reply attribute editor.
    - Fixed OptionSet not working on the tree root with RCDevs Directory.
    - Added FIDO2 support for the MFA login in WebADM.
    - Upgraded OpenSSL to version 1.0.2p (including security fixes).
    - Fixed SQL metadata duplicated after rename / move with SQL data_Store.
    - Fixed license error workflows with license servers.
    - Fixed user counting issues introduced in in the 1.7 branch.
    - Fixed client policy per internal network settings not beeing enforced.
    - Display ActiveDirectory object SID and object GUID in the object editor.
    - Fixed issues with ActiveDirectory locked accounts due to password policies.
    - Fixed OCSP responder issues (now work with RadiusBridge EAP-TLS).
    - Upgraded embedded Apache to version 2.4.35 (including security fixes).
    - Web browser's page title is the WebApp description in self-services.
    - Added a 'Password Must Change' option when reseting passwords with AD.
    
1.6.7
    - Added SMS alerts support in webadm.conf (alert_mobile setting).
      > For SMS alerts, a local SMSHub service must be running.
    - Added final support for RCDevs Cloud license servers.
    - Fixed WebADM license already expired when the license is near expiration.
    - Fixed wrong WebApps' URLs when used behind a cascaded HTTP proxy chain.
    - Added a user_warning setting ins webadm.conf to enable user notifications
      when user certificates and AD domain password are near expiration.
    - Added ActiveDirectory account lockout detection.
    - Added a 10 seconds SQL statement execution timeout.
    - Use OpenSSL FIPS module 2.0 (FIPS 140-2 certification).
      > FIPS_mode_set is enabled by default in WebADM 64bit.
    - Improved the SpanKey recorded session viewer.
    - Added support for session data with dual lookup keys (SpanKey requirement).
    - Upgraded embedded Apache to version 2.4.34 (including security fixes).
    - Fixed missing Manager SQL logs.
    - Better support of RedHat 389 Directory.
    - Added object LDAP move operations for Admin and Manager.
    - Added the method name field for Manager SQL logs.
    - Added an error structure to the manager response.
    - Added support for AD nested groups in OpenOTP and SpanKey.
    
1.6.6
    - Added custom CSS option for WebApps.
      > CSS may contain image references within the app 'www' directory.
    - Fixed an Apache issue causing the server to slow down after some time.
      > This issue might end with server becoming unresponsive after a long time.
    - Fixed issues in the WebADM license background counting with the counting
      system introduced in WebADM v1.6.3. For technical reasons we had to revert
      to the previous system counting the WebADM activation class.
      > Please contact RCDevs sales for related licensing issues.
      > Added new licensing options for service providers (pay as you go).
    - WebADM background job sends AD password near expiration warnings via email.
    - WebADM background job sends certificate near expiration warnings via email.
    - Added a MySQL ODBC driver for MySQL8 (use 'MySQL8' database type).
    - Added support for RCDevs LDProxy with LDAP MountPoints.
    - Added the possibility to set HTTPS SSL_PROTOCOL in conf/webadm.env.
      > The default Apache SSLProtocol is "ALL -SSLv2 -SSLv3".
    - Removed Web services' request counting mutex (performance).
    - Fixed Minor MountPoint issues with Lotus Domino and Novell eDirectory.
    - Improved YubiHSM stability in the event a WebADM worker would crash.
    - Fixed SpanKey server host count issues (with WebADM 1.6+).
    - Added the config 'log_mixsql' to SQL event logs in the webadm.log file.
    - SpanKey NSS requests do not alter hosts count in the SpanKey license.
    - Added the possiblity to set a custom NTP server in webadm.conf (ntp_server).
    - Fixed a watchd issue in the hosts count for SpanKey2.
    - Fixed minor visual issues with the Record database viewer.
    - Minor enhancements to the WebADM statistics subsystem.

1.6.5
    - Added WebADM server runtime metrics under the Statistics menu:
      > This includes the number of requests per seconds, page loads, LDAP/SQL
        response times, Mail/SMS counts and more.
      > Added statistics WAPI framework for SMS metrics with SMSHub.
    - Fixed one Watchd log warning occuring on servers with very low activity.
    - Fixed mountpoint display bug with Lotus Domino LDAP server.
    - Minor WAPI group listing function fixes affecting SelfReg group requests.
    - Do not log ignored group (out of domain search base) with too many groups.
    - Use new MaxMind geolocation database format 'mmsdb' (Geolite2).
    - Do not check for new versions for custom applications.
    - Watchd service monitoring optimizations.
    
1.6.4
    - Added a Manager method to bulk-import Inventory items (import_inventory_item).
    - Fixed Manager method 'search_inventory_items' ignoring the 'type' parameter.
    - Fixed a mutex issue in WebADM v1.6.3 producing very slow service requests.
    - Fixed application scripts not able to read/write files out of WebADM root dir.
    - Added Rsignd support for RadiusBridge SSL certificates for Wifi EAP-TTLS.
    - Added support for the new RadiusBridge auto-configuration wizard.
    - Improved YubiHSM performces (near-double AES throughput with 2 HSM devices).
    - Updated JQuery framework to the latest production version.
    - Upgraded OpenSSL to version 1.0.2o (including security fixes).
    - Upgraded embedded Apache to version 2.4.33 (including security fixes).
    
1.6.3
    - Big improvements to the RCDevs license framework.
      > License checks are performed in a background taks (not impacting requests).
      > Updated online licenses are now installed automatically in the background.
    - Freeware edition uses the WebADM Watchd daemon like in Enterprise edition.
    - Remote connector failover improvements (Watchd framework).
    - Fixed timezone issues with coutries having UTC time diffrence not beeing a
      multiple of an hour.
    - Added support for upcoming RCDevs cloud license servers.
    - Added support for MountPoint without an LDAP base.
    - Big improvements to the LDAP MountPoint framework.
    
1.6.2
    - Added UTF-8 support to webadm log file.
    - Added "TXT" option (ACSII) for QRcode generation via the Manager API.
    - Fixed Rsignd creating PID file with wrong process ID number.
    - Fixed the close button not working with AJAX alerts in the Admin portal.
    - Fixed Inventory import with PostgreSQL database.
    - Fixed server hostname validation with FQDN licenses under the license page.
    - Fixed 10 secs mobile Push latencies occuring from time to time.
    - WebADM server certificate generator allows subjectAltNames.
    - Enhancements to the PKI subsystem and client/user certificate generation.
    - Added the bin/dbprune script to purge old SQL log events.
      > The script is intended to be used via a cron scheduled command.
    - Added preliminary Service Provider options (reserved to MSP partners).
    - Added support for push requests when the push Id changed for IOS and Android.
    
1.6.1
    - Upgraded OpenSSL to version 1.0.2n (including security fixes).
    - Fixed wrong estimated max number of Apache HTTP workers.
    - Fixed SQL statement issues with PostgreSQL.
    - Fixed SQL connection issues with MariaDB.
    - Added file integrity for WebADM and applications check at startup.
    - Added CA certificate for RCDevs push and license services.
    - Added a manager API to modify inventory status and active state.
    - Fixed one LDAP paging issue preventing Oracle DSEE to work correctly.
    - Fixed login certificate issues with very long common names.
    - Added optimizations to multi-handle cURL HTTP requests.
    - Updated PostgreSQL ODBC driver.
    
1.6.0
    - Added support for LDAP groups with broken member references.
    - Added the SQL Record table used to store SpanKey session videos.
      > WebADM record viewer supports playing terminal session and IO logs.
      > This feature is used by the upcomming SpanKey v1.1 (Q1 2018).
    - All WebADM SQL database requests now use prepared statements.
    - Added support for per-object password policy in OpenLDAP.
      > You need to replace conf/objects.xml with conf/objects.xml.default.
    - Fixed one SQL warning when deleting users in LDAP.
    - Fixed soap requests with X-Forwarded for headers containing ports.
    - Removed unix UID and userPassword from user creation forms on AD.
      > You need to update conf/objects.xml with conf/objects.xml.default.
    - Upgraded embedded PHP runtime to the latest stable branch (7.1.x).
    - Fixed the bin/restore script not restoring the encrypt_key correctly.
    - Fixed wrong client policies' count displayed on the Admin home page.
    - Fixed issues with Google maps in the log viewer.
    - Rsign server only accepts TLSv1.2 connections.
    - Use Apache worker with multi-threaded workers for better performances.
    - Watchd service enhancements (improved WebADM Enterprise start time).
    - Major code rewite in the SQL framework (performance enhancements)
    - Added a Manager method 'Search_Inventory_Items' to query the inventory.
    - Added additional fault detections and optimizations for YubiHSMs.
    - Added support for OpenOTP/TiQR branded application versions.
    - Added support for client policies' restrictions in WebApps.
    - Updated OpenSSL to version 1.0.2m (including security fixes).
    - Better support of Microsoft Internet Explorer for the Admin Portal.
    - Added an optional 'ldap_treebase' configuration in webadm.conf.
    - Big performance improvements for both WebADM and applications.
    
1.5.13
    - Fixed SMTP issues with old Exchange server versions.
    - Fixed local sendmail command failing with library dependency errors.
    - Added support for web service authentication with client certificates.
    - Added a 'Client IP' database field for Web service SQL logs.
    
1.5.12
    - Added configuration endpoints for the upcomming RCDevs QuickVPN product.
    - Upgraded embedded Apache to version 2.4.27 and PHP to verion 7.0.21.
    - Upgraded embedded Redis server to version 4.0.x.
    - Added a tool to create third-party SSL certificates under the Admin menu.
    - Display applications published on WAProxy under the 'Application' menu.
    - Fixed one certificate signing issue with RSign on Oracle Linux 6.x.
    - Fixed Self Service Token registration with QRCode raising a PHP7 error.
    - Setting waproxy_pubaddr is now required if waproxy_proxies is configured.
    - Updated SSL protocols and cypher suite to the current recommendations.
    - Updated OpenSSL libraries to version 1.0.2l (including security fixes).
    - Added support for client policies in WebApps (reserved for upcoming CP).
    - Several optimizations in the Web services' and WebApps' frameworks.
    - Fixed proxy user creation removing Domain Admin members with AD.
    - Adjusted maximum WebADM HTTP workers to deal with high-volume Push Logins.
    - Fixed denied WAProxy HTTP requests comming from public WAProxy IPs.
    
1.5.11
    - Major memory and performace improvements with the newer PHP engine.
      > Upgraded PHP internal runtime to version 7.0.x (stable).
      > WebADM version >= 1.5.10-1 is not supported on RHEL5 platforms anymore.
      > Replaced the unsupported PHP7 'hidef' extension with RCDevs 'setini' mass
        constant definition PHP extension.
    - Fixed upgrader failing to adjust PKI certs when upgrading from WebADM v1.3.
    - Fixed the 'delete selection' action not working in the SQL log viewer.
    - Fixed wrong timzone for some locations (WebADM relies on the system timezone).
    - Added the setting 'waproxy_pubaddr' to set the public hostname of the WAProxy.
    - Allow hostnames to be used in 'reverse_proxies' and 'waproxy_proxies' settings.
    
1.5.10
    - Added WAPI functions to allow one WebApps to access pages of another WebApp.
      > Required by RCDevs' OpenID/SAML Identity Provider v1.2.2.
    - Application footer displays "Provided by" with the configured 'org_name'.
    - Fixed upgrade of SQL database tables failing with broken SQL query (v1.5.9).
    - Fixed user certificate creation beeing forbidden when no optionset exists.
    - Added multilingual support for all RCDevs WebApp releases after March 24 2017.
    - Many optimizations and enhancements to the localization subsystem.
    - Improved HSM robustness under virtualized environments (ESX).
    - Added an HSM health-check tester under the 'Admin' menu / 'HSM Details'.
    - Enhanced the session replication checks at startup (only slaves make checks).
    - Added HSM keyhandle 'Check ID' under the 'Hardware Modules Details' page for
      checking HSM keyhandles' consistency accross different clusters.
    - Added the endpoint functionality with the '/ws/' namespace for WebApps too.
    - Added HSM retries for locally-connected USB YubiHSMs when the USB devices fail
      to respond in due time.
    
1.5.9
    - Added OTP and U2F login support for the Admin Portal (admin_auth OTP/U2F/MFA).
    - Added optional visibility scopes to the Inventory items (OU-restricted items).
    - Added Inventory item history (user registration, status change, etc...).
    - OptionSet treeview base can now be set out of the admin's login subtree.
    - The setting auth_mode is replaced by admin_auth (auto-modified by upgrader).
    - Added WebADM backup and restore scripts in the /opt/webadm/bin/ directory.
      > The scripts can be used for migrating a WebADM installation to a new server.
    - Added the manager_auth setting to configure the Manager authentication method.
    - Added the manager_clients setting to configure IPs allowed for the Manager API.
    - New database drivers for MySQL, PostgreSQL, Microsoft SQL server and Oracle.
    - Added support for MariaDB databases with native ODBC driver.
    - Added compatibility with RCDevs License Server protocol version 2.
    - Fixed LDIF import/export not working with attributes containing newlines.
    - Fixed "Add Admin Role" action not filling-in the default AdminRole container.
    - Fixed support for configuration passwords containing double-quote characters.
    - Fixed WebADM not willing to start when libudev library is not installed.
    - Added HTTP workers and shared memory scaling according to license information.
    - Added SSL ODBC connection support for MySQL & PostgreSQL databases.
    - Added an OCSP Responder (certificate revocation service) to WebADM PKI.
      > The OCSP service HTTP-GET endpoint available at https://yourserver/ocsp/.
    - Fixed tree base OptionSet permissions not working on RCDevs Directory.
    - Fixed a HSM issue where a process gets blocked waiting for the USB response.
    - Upgraded OpenSSL to version 1.0.2k (security fixes).
    
1.5.8
    - OpenOTP & TiQR public endpoints are now available under the the WebADM HTTPS
      URL and not under the Web service URL anymore. The U2F AppId and Mobile Token
      enpoints are https://yourserver/ws/appid/ and https://yourserver/ws/openotp/.
      > This change is required for the public enpoints to use custom certificates.
      > WAProxy URLs are not impacted but you need WAProxy 1.1.1 with this version.
    - Fixed Alert SQL log not listed under the Database menu in all 1.5 versions.
    - Upgraded Watchd and YubiHSM libraries to the latest versions.
    - Added syslog_format configuration in webadm.conf.
      > log_format now applies to log files only.
      > If you want CEF log events for syslog, then set syslog_format "CEF".
    - Removed log_webapps and log_websrvs settings from webadm.conf.
    - Added enhancements to the PKI login feature (certificate login types).
    - Added Watchd and HSM library version information in the support tickets.
    - Enhanced the license information page when a license server is used.
      > The license server pool is displayed with connected clients' IPs.
    - Added disable/enable inventory items (disabled items cannot be registered).
    - SpanKey freeware (per host product license) is limited to 5 client systems.
    
1.5.7
    - Changed the way WebADM handles its SSL certificates:
      > WebADM and Rsignd now share the same SSL certificate files.
      > You can use a custom SSL certificate (issued by an external CA) by copying
        your custom cert/key files to /opt/webadm/pki/custom.crt and custom.key.
        The custom certificate applies to the Admin portal and WebApps only.
        WebADM services always use the SSL certificate generated by the internal CA.
      > The upgrade procedure handles the necessary certificate changes automatically.
    - Added an NTP clock drift check under the Admin menu.
    - Fixed some license server issues (stability patches).
    - Fixed a minor issue with the password encryption tool (bin/pwcrypt).
    - Fixed Trust WebADM domains not working in all WebADM 1.5.x versions.
    - Fixed the 'extend' tool when using the '-g' option with thousands of accounts.
    - Added an additional WebADM internal security layer with PHP runtime chrooting.
    - Upgraded embedded Apache server to version 2.4.25 (security fixes).
    - Fixed client certificate login through WAProxy reverse-proxies.
      > You need the latest WAProxy v1.1.0 from 12/2016 with this version of WebADM.
    - Use igbinary serializer with Redis data storage for better performances.
      > The session servers' data format changed so you need to update all clustered
        WebADM servers for session replication to work.

1.5.6
    - Added support for WebADM license server (licensing option to be available soon).
      > Please contact RCDevs sales department for license Enterprise server options.
    - Fixed a session server crash issue on 32bit Linux servers.
    - Deny Web service requests for Client policies with an invalid configuration.
    - Added a client policy setting to restrict the usable UID attributes per client.
    - Added password expiration check in the WAPI (used for user self-service desk).
    - Added support for ActiveDirectory nested groups (cascaded group membership).
    - Added optional Redis authentication (requirepass) for the session services.
    - Fixed unaccurate session replication delay under the Cluster admin page.
    - Fixed auto-close the left-pane browser after multi-selections.
    - Dropped the 12 bytes limitation for encrypted passwords in servers.xml.
    - Removed the 'time_zone' configuration in webadm.conf (use system timezone).
    - Added an endpoint in '/cacert/' to retrieve the WebADM CA certificate file.
      > This is used by the auto-configuration scripts in other RCDevs software.
    - Added a setting for configuring the email alert sender address.
    
1.5.5
    - We introduced an issue with the latest watchd from v1.5.4 (released October 10).
      > Please update immediately to 1.5.4-2 if you installed 1.5.4!
    - Fixed the RADIUS reply attributes' editor failing to add a new row.
    - Replaced internal XCache memmory caching module with APC Userland (UPCu).
    - Added log_debug setting to webadm.conf for debugging LDAP and SQL queries.
    - Fixed wrong imported items' count in the Inventory viewer.
    - Added Web service's API version checking support.
    
1.5.4
    - Fixed admin certificate generation not working with LDAP DNs longer than 64
      characters due to an OpenSSL limitation.
    - Improved watchd service reliability by handling more protocol-specific errors.
    - Added missing pending status for watchd all internal commands.
    - Push service account is not required when WebADM has an Enterprise license file.
    - Fixed single object copy displaying an error message in the Admin portal.
    - Watchd now uses LDAP requests and not socket polling for checking LDAP servers.
    - Upgraded OpenSSL library to version 1.0.2j.
    - Boolean application settings always display their default value in the editors.
    - User edit page displays a warning when AD password is near expiration.
    - Fixed the item status update not working in the Inventory database viewer.

1.5.3
    - The internal process execution timeouts are increased to 60 secs in order
      to support the OpenOTP Push login method over SOAP requests (released soon).
    - The cross-app framework inclusion functions provides version checking.
    - Fixed word-wrapping in text settings (ex. OpenID server certificate).
    - Fixed wrong config objects' count in the home page when aliases are used.
    - Fixed an issue with the watchd daemon failing to read WebADM configurations
      when servers.xml contains invisible characters.
    - Upgraded Apache to version 2.4.23.
    - Improved the performance of LDAP caching with clusters.

1.5.2
    - Fixed an issue with data creation when the SQL data store is used.
    - Added support for the upcomming OpenOTP with Push login.
    - SpanKey server is now included in the all-in-one version.
    - Fixed boolean settings configured to 'false' getting lost during app switching
      in the client policy configurations.
    - Upgraded embedded Redis server to verion 3.2.
    - Fixed PKI server not willing to start on 32bits versions.
    - Fixed an issue where WebADM fails to reconnect the watchd service.
    - Fixed an issue generating wrong SSO URLs in the RCDevs' OpenID IdP product.
    - Added WAPI methods required for SpanKeys 1.0.1 with NSS provider.
    
1.5.1
    - Fixed an issue where LDAP tree exports return a maximum of 1000 objects.
    - Fixed PKI server not willing to start after upgrade with some Linux kernels.
    - Added new WAPI extensions for supporting RCDevs SpanKey Server (to be release soon).
    - The user transaction lock mechanism (used for Web services) can spool requests for a
      few seconds instead of immediately refusing the transactions.
    - Fixed admin session iddle timeout not beeing respected.
    - Added a search batch action to modify, remove or update application data.
    - Increased Watchd host address resolution consistency: Watchd passes only host IPs to
      WebADM (in the Enterprise version, WebADM does not need to resolve hostnames anymore).
    - Added support for per client hosts licenses (required for RCDevs SpanKey server).
    - Added the support for RCDevs Push servers in servers.xml.
    - Admin and Service bottom links are hidden when accessing WebApps' portal form WAProxy.
    - Upgraded Apache to version 2.4.20 and OpenSSL to version 1.0.2h.

1.5.0
    - Completed the facelift for the Admin Portal and all Web applications.
    - Added personalization configurations in webadm.conf.
      > You may add your company name, logo and website URL to the WebApp's interfaces.
    - Added an option to import Yubikey files generated by Yubico Personalization Tool.
    - Added more controls for cross-site request forgery protection.
    - Fixed connection drops with HSMHub server.
    - Fixed users not un-linked from Inventory with OpenOTP.Token_Unregister Manager method.
    - Added brute-force attack protection with source IP address blacklisting.
      > The protection works for both the Admin Portal and the WebApps.
    - Inventory link checks now validate the linked object exists in LDAP.
    - Added a data_store settings to webadm.conf allowing to choose between LDAP (default)
      and the SQL database for all user data and settings.
    - Added more branding capabilities.
    
1.4.5
    - Fixed an issue with WAProxy and WebADM error "Client IP address spoofing detected".
    - Enhanced the code used for handling shared memory semphores.
    - Added support for CA Directory LDAP server.
    - Added admin levels to WebADM configuration objects.
    - Fixed Manager methods from installed applications not working with admin roles when
      used with a non-super admin Manager account.
    - Removed helper popup windows (replaced by inline pages).
    - Addded a RADIUS attributes' configuration helper (for OpenOTP v1.2.3).
    - Added an application selector menu in the user setting configuration page.
    - Added application categories under the 'Applications' menu.
    - Added actions to rename configuration objects from the Admin menu.
    - Invalid config objects like Domains or Client Policies now appear under the Admin menu.
    
1.4.4
    - Added a 'user_level' setting for configuring the level of user expertise for managing
      WebADM configurations and applications' features.
      > 3 levels are supported: Beginner, Intermediate and Expert. The default is Expert.
    - Extended WAPI with new features required for TiQR Sign with PGP signatures.
      > TiQR application is now able to produce X.509 certificates signed by WebADM CA.
    - Fixed an unterminated threads issue with Watchd and some MySQL implementations.
    - Fixed one re-connection issue with RCDevs HSMHub server.
    - Fixed Rsignd not starting when PkiServer ca_file setting is set in servers.xml.
    - Changed Rsignd PKI certificate digest algorithm to be SHA256.
    - Updated OpenSSL to version 1.0.2e and Apache to version 2.4.18.
    
1.4.3
    - Added new configurations for reverse proxies and publishing proxies (WAProxy).
      > If you use WebADM Publishing Proxy, then set the 'waproxy_proxies' setting.
      > The 'reverse_proxy' setting is reserved for reverse-proxy which are not WAProxy.
      > The 'waproxy_headers' setting is deprecated and replaced by 'waproxy_proxies'.
    - Added HSM key handle consistency checks for locally-connected YubiHSM devices.
    - Fixed a group search issue over mountpoints occurring in very rare circumstances.
    - Fixed connector status not checked correctly at startup in the non-licensed version.
    - Fixed user/group settings edition not working when no WebApp in installed.
    - Fixed Manager service URL not working without the trailing slash.
    - Fixed RSign not listerning on the right TCP port when 'port' is set in rsign.conf.
    - Fixed direct group membership references not working cross-mountpoint with AD.
    - Fixed Watchd issues with MySQL and MariaDB servers where max_connect_errors had to
      be set to the max value in WebDAM 1.4.x.

1.4.2
    - Fixed WebADM (32 bit version only) not starting on older RHEL 5.x.
    - Fixed HSM key handle consistency checks for all servers in WebADM clusters.
    - Added configurations and localizations for application unlocking messages.
      > The WebApp access unlock subject and message body can be customized in webadm.conf.
      > Multilingual unlock messages can be configured in the localized message editor.
    - Added final features and support for RCDevs HSMHub Server.
    - Major code rewrites for the HSM cryptographic framework.
    - Added RCDevs partner branding capabilities.
    - Fixed Manager's LDAP searches failing when returning usercertificate binary data.
    - WebADM can optionally authenticate any secure connections in servers.xml.
      > The XML attribute 'ca_file' can be added for LDAP, Mail, HSM and Proxy connectors.
    - Alerts are displayed in real-time at the bottom of the screen in the Admin sessions.
    - The most sensitive user data (ex. Token seeds) cannot be accessed anymore in cleartext
      even by super admins. The un-encrypted LDIF export option has been removed too.
    - High availablity and cluster functionalities now require an Enterprise license.
      > All the WebADM features remain enabled in the limit of 40 activated users.
      > Please check the WebADM Release Notes for more information.
    - Minor bug fixes.
    
1.4.1
    - Added support for RCDevs HSMHub Server (network HSM server with YubiHSM).
    - Fixed session server not starting under rare circumstances.
    - Fixed WebADM asking for object settings when creating an object form the create menu.
    - Added support for systemd startup with RedHat and CentOS 7.
    - Empty LDAP tree root (Novell / OpenLDAP) can be selected for domain search bases.
    - The LDAP tree object selector only shows selectable items.
    - Added several YubiHSM performance patches.
    - Fixed MS-SQL Server database not working.

1.4.0
    - Clusters now supports an unlimited number of servers with master-slave replication.
      > Session server now relies on an embedded Redis v3.0 (replaced Memcached).
      > Session data are not dropped anymore after a WebADM server restart.
      > Please read the release notes for adjusting your servers.xml configuration file.
    - Added a Watchd daemon which permanently monitors the connector statuses and Redis.
      > Watchd monitors LDAP, SQL, Session, SMTP, Proxy, PKI services.
      > Watchd severs provides real-time connector failover for the whole WebADM cluster.
      > Watchd is responsible for managing session server replication and master election.
    - Added optional LDAP requests' load-balancing when WebADM is used with many users.
    - Changed PHP runtime to version 5.6 (stable).
    - Added an AdminRoles configuration objects to define allowed features for other admins.
      > By default now, other admins not part of an AdminRole do not have any right.
      > other_admin setting in webadm.conf is now obsolete and replaced by AdminRole members.
    - OptionSets configurations have beed deeply changed and many features have been moved
      the to AdminRole objects. Please check the WebADM Admin documentation for AdminRoles.
    - Added a 'temp' directory for PID file and temporary data.
    - Optimised LDAP back-end replication delays (now handled by WebADM-watchd).
    - httpd.log and soapd.log are replaced by one single log file 'webadm.log'.
    - Fixed license server hostname check failing with IPv6 hosts.
    - Added support for event logs in CEF format for webadm.log file and syslog audit.
    - Force the AD password to be set when creating a new AD user (this is required by AD).
    - Added a manager method to send an email with attachments to a recipient address.
    - Manager API works in UID mode without providing the domain when default domain is set.
    - Fixed geolocation popup windows not hiding on Safari in the log viewer.
    - Fixed segmentation faults with PostgreSQL databases.
    - Better support of UCS LDAP (configuration templates are available in /docs/Univention).
    - Fixed a license import bug displaying "Invalid licence creation date" error.
    - Fixed a problem when multiple LDAP naming contexts are defined in OpenLDAP.
    - Fixed YubiHSM module not working on RHEL7 and variants.
      > The updated YubiHSM module requires libudev to be installed on your system.
    - The setting name 'case_sensitive' in webadm.conf has been replace by 'ldap_uidcase'.
    - Added an online license check and new update mechanism.
      > You need to add the setting "check_licenses Yes' to enable the online license checks.
    - Customizable environment variables SESSION_MEMSIZE and SESSION_NOSYNC are renamed to
      REDIS_MEMSIZE and REDIS_NOSYNC in conf/webadm.env.
    - Customizable environment variables CACHE_THREADS and SESSION_THREAD have been removed.
    - Memory optimisations (working processes consume 1/3 less memory than in WebADM 1.3).
    - Performance optimisations (WebADM 1.4 is about 2 times faster than WebADM 1.3).
    - Fixed inventory import issues with PostgreSQL databases.
    - Added support for HSM locking / unlocking mechanisms with YubiHSM devices.
      > The bin/yubitool command can be used to unlock HSM devices.
    - Windows Server 2003 is not supported anymore by WebADM.

1.3.3
    - Added support for Oracle Directory Server (or SUN Directory).
    - Enhanced the Mountpoint framework to be less sensitive to errors.
    - Added the possibility to update the customer licenses from the Admin Portal.
      > The RCDevs software license can be updated via file upload or license copy/paste.
    - Fixed missing dependencies with RHEL5 on the new multi-architecture builds.
    - Added application actions for LDAP group members (accessible in the group editor).
    - Added support for WebADM Reverse Proxy (WAProxy) when a reverse-proxy is configured.
      > By default no appliaction nor Web service is accessible via reverse-proxies.
      > Proxied applications to be puslished by setting the 'Proxied' setting.
    - Added support for WebADM Domain name aliases (for both LDAP domains and trusts).
    - Added support for WebADM Client Policy name aliases.
    - Updated mod_ssl cipher suite to the current secure recomendation.
    - Disabled SSLv3 to prevent the POODLE vulnerability.
    - Fixed log viewer geolocation maps not displayed on Google Chrome browser.
    - Fixed rsign PKI message structure alignment for 64Bits architecture.
    - Fixed startup crash with rsign PKI server occurring very rarely.
    - Fixed startup error displaying message 'local server is offline'.
    - Enhanced user session encryption (in session server) and cookie management.
    - Removed the Web services' setting 'Enable Request Setting' (now enabled by default).
    - Added support for Univention Corporate Server LDAP.

1.3.2
    - Fixed a compatibility issue with Client Policies and TiQR server v1.1.
    - WebApp unlock system can optionally send user email notifications.
    - Fixed license alerts displaying incorrect remaining license time.
    - WebADM checks the LDAP/SQL/SMTP/PKI user connections at startup.
    - Back and Cancel navigation controls in Admin Portal have been enhanced.
    - Added a new XML setting scope 'client' for OpenOTP Application Passwords.
    - Application-based password changes (ex. PwReset) repect AD password history.
    - Added PKI login features in WebApps without always prompting for user certificates.
    - Big enhancements to the PKI internal frameworks and certificate revocation system.
      > The environment variable USER_CERT in webadm.env is not necessary anymore.
    - Fixed a LDAP user read error occuring under very rare conditions.
    - Fixed 'close' buttons not always working in WebApps.
    - Fixed Self-Services' menu line wrap on mobile devices.
    - Fixed an ODBC varchar issue with PostgreSQL (bug introduced since WebADM v1.3.0-3).
    - Addded a configuration setting 'encrypt_hsm' to enable HSM encrytion in webadm.conf.
      > By setting 'encrypt_hsm' to No, you can migrate the user data back to software
        encryption when hardware encryption was previously used.
    - Minor fixes in the cluster communications API for configuration updates.
    - Added support for displaying the OpenLDAP 'memberOf' operational attribute.
    - The setting 'Check Certificate Revocations' in LDAP OptionSets has been removed.
      > The certificate revocation check is now always enabled and cannot be disabled.

1.3.1
    - OpenOTP/TiQR Freeware license is extended to 40 users (all features included)!
    - Fixed Web Services not accessible over SSL APIs.
    - Added compatibility with older user data encoding for upgrades from WebADM v1.1.
      > If needed change WA_MISSING_ENCRYPT_TYPE to 1 in /opt/webadm/lib/hidef/encrypt.ini.
    - Startup checks validate HSM AES key(s) consistency over a WebADM cluster.
    - Session replication is automatically disabled with more that 2 clustered nodes.
    - Fixed a bug where user data encrypted with old versions of WebADM cannot be read.
    - Added a 'default_domain' setting in webadm.conf when 'auth_mode' is set to UID.
    - Fixed user certificate revocation not working on WebApps with PKI login mode.
    - Fixed user certificate revocation not working for admin accounts in MountPoints.
    - Admin certificate prompt now occurs only when auth_mode is set to PKI.
    - User certificate login support for WebApps is now disabled by default.
      > You can enable full PKI by setting USER_CERT=Optional in conf/webadm.env.
    - Updated OpenSSL library to 1.0.1i with vulnerability fixe CVE-2014-3508.
    - Fixed WebADM not working when LDAP server has several naming contexts defined.
    - Fixed WebADM Domains not working when containing space characters.
    - Addded possibility to do a resursive LDIF export from the tree root.
    - The 'Infos' main menu item in WebADM Admin Portal is renamed to 'Admin'.
      > Added buttons for direct-access to WebADM configuration objects from Admin menu.
    - The tree view now displays a maximum of 1500 childs per container node.
      > This max childs value is configurable in webadm.conf by setting treeview_items.
      > Over this limit, an inline search input appears for displaying filtered results.
    - Optimized YubiHSM encryption by caching opened device handlers (4x faster).
    - Added support for per-group forced settings in Client Policy configurations.
    - Added auto-adjustment of memory and threads depending on the license user count.
    - Fixed database table setup check failing with SQLite databases.

1.3.0
    - HSM support with hardware encryption for sensitive data, settings and inventories.
      > YubiHSM is currently supported for AES encryption and random number generation.
    - Major enhancements to the user data storage encoding.
      > Per-data encoding with support for software / hardware AES and cleartext data.
    - Improved remote service connections' failover mechanisms.
    - Improved Session server communication with compression for large data.
    - Added a Manager method to retrieve server status information.
    - Added transaction unlock delay to deal with LDAP replication time.
    - Fixed broken PDF generation framework.
    - Added support for mail with attachements and HTML contents.
    - Added treeview node expand limitation to deal with large amounts of child nodes.
    - Fixed a login issue where WebADM prompts for admin login twice.
    - Fixed a minor issue with message localizations in multilingual WebApps.
    - Fixed incompatibility with JSON message files contain UTF8 BOM headers.
    - Fixed CSRF session proctection not working when WebADM is used behind a port forward.
    - Added startup checks for cluster consistency (AES keys, versions, configs, license).
    - Added a configuration setting to handle LDAP user IDs in case-sensitive mode.
    - Added the possibility to batch de-activate users with the bin/extend tool.
    - Fixed WebApp session cookies now working across all cluster nodes.
    - Better support for very large scale installations.
    - Updated OpenSSL library to 1.0.1h with fixes CVE-2014-0160, CVE-2014-0224.
    - Added a listener on port 80 (HTTP) with a redirection to HTTPS.
      > The HTTP_PORT variable (if defined in conf/webadm.env) is replaced by HTTP_PORT_SSL.
      > The HTTP_PORT_STD variable has been added for the HTTP redirection listener.
    - Fixed an issue with some user groups sometimes not being resolved correctly in AD.
    - Fixed display issues with failed LDAP MountPoints.
    - Fixed an issue with session closed after redirections in the OpenID/SAML WebApp.
    - Fixed issues with paged LDAP results on ActiveDirectory 2003.
    - Fixed upgrade issues on few distributions which required using the --force parameter.

1.2.7
    - Added support for cumulative application setting values (ex. OpenOTP ReplyData).
    - Added 'Remove' buttons under the Applications menu to un-configure applications.
    - Tabs corresponding to un-configured applications are ignored in self-services.
    - Added support for session manager synchronous replication with WebADM Clusters.
      > Please read HA documentation for clusters as additional TCP ports must be opened.
    - Fixed a minor startup issue with permissions on log files.
    - Aligned Rsignd log time format to the other WebADM log files.
    - Added support for per-application WebApp session timeouts (used in SAML WebApp).
    - Fixed an issue with OpenID/SAML and the CSRF session protection mechanisms.
    - Fixed an issue with OpenID/SAML and HTTP URL redirections.
    - WebADM supports OpenLDAP dynamic schema extension in 'cn=config'.
    - Variable USER_CERT can be define in webadm.env to override Apache SSLVerifyClient.
    - Enhancements to the SQL framework and Oracle databases are now fully supported!
      > Optionally the servers.xml can contain tnsname="<TNS>" with Oracle databases.
        In this case a 'tnsnames.ora' file must exist under conf/ directory.
    - Fixed WebApp inline mode dropped after a WebApp HTTP redirect or error/success page.
    - Admin, Manager and WebApps session timeouts are configurable independently.
      By default the Manager Interface's cookie-based sessions are disabled.
    - Bulk user activation script bin/extend supports user selection based on LDAP groups.
    - Added support for custom WebApps' stylesheets (none of the WebApp is compatible yet).
    - Added support for localized WebApps (none of the WebApp is compatible yet).
    - Added support for 'lang=XX' parameter in WebApps and Web Services' URLs to force a
      language and bypass user's LDAP language attribute(s).
    - WebADM supports to be installed on an ActiveDirectory without the schema extension.
      > Please read the updated WebADM Installation Manual for details.
    - Better support for older Internet Explorer versions (IE7).
    - WebADM uses the PHP 5.5 runtime.
    - Added support for HTML emails.
    - The WebApp logos are used as favicon under the WebApp URLs.
    - Fixed issues with MountPoints and the Manager Interface.
    - Added support for LDAP paged results (required with AD with large amount of users).
    - Minor HTTP caching performance enhancements.

1.2.6
    - Commercial applications (OpenOTP/TiQR) are limited to 35 active users instead of 25!
    - License does not block requests immediately when the user limits are reached.
      > Running services send email alerts and continue working until next restart.
    - Added support for vendor-encrypted inventory files and transparent import decryption.
    - Fixed the Manager function Rename_LDAP_Object not working correctly.
    - Added an optional Client Policy Friendly Name setting.
    - Added password expired detection to the LDAP password checks.
    - More debug messages during the LDAP schema setup with Active Directory.
    - Added conditional application settings (WAPI 18) Unsupported settings are greyed.
    - Fixed unuseful warnings displayed in applications' command-line tools.
    - Added --force flag to the upgrader to force an upgrade process having errors.
    - Daily license alerts when subscription licenses expire in less than one month.
    - Fixed application's admin pages sending mail alerts when logged to the Admin Portal.
    - Added the possibility to specify the syslog facility when syslog is enabled.
    - Fixed a Mail Server connection issue with SMTP authentication.
    - Direct groups (AD groups) located outside LDAP Domain group search base are ignored.
    - The OptionSet quota feature now counts only the number of activated accounts.
    - Better W3C HTML compliance and browser support.
    - Rewritten stylesheets and WebApps' default theme.
    - Added detection and support of mobile devices in WebApps.
    - Many minor changes to the admin interface.
    - Fixed an Admin issue with the creation of users having passwords with ';' character.
    - Fixed proxy user and admin groups creation in the graphical setup wizard.
    - Added support for passwords with up to 256 characters.
    - Added a configuration setting to disable DN and group settings cache when necessary.
    - Big memory usage and performance enhancements.
    - Fixed a bug with multi-selection application settings.
    - Session manager and shared cache memory/threads are configurable in conf/webadm.env.
    - Moved from Apache 2.2 back-end to the Apache 2.4 branch.
    - WebADM internal constants can be modified and are stored in .ini files in lib/hidef.
    - Uniformed the WebApps' authentication framework (SelfDesk uses its own login page).
    - WebApp PKI login mode is replaced by the new 'Require User Certificate' setting.
    - Any WebApp support PKI login mode with WebADM user certificates.
    - New version check tool 'bin/update' is replaced with the 'bin/webadm update' command.
    - Fixed several issues when WebADM is accessed from behind a reverse-proxy.
    - Added per-method helps to the Manager interface methods under the Infos menu.
    - Added support for encrypted CA and Rsignd private keys (with startup password prompt).
    - Major coding enhancements to the Web applications and Web services' frameworks.

1.2.5
    - Added support for network-based Client policies.
      > With Client policies it is now possible to distinguish application settings when the
        users are connecting from the trusted internal networks.
    - Added time-based access policies to the Domain and Client policies.
    - Added a graphical week calendar editor for time-based policies.
    - Fixed an issue with SMTP sender address not working properly with OpenOTP.
    - Added the 'pwcrypt' tool to encrypt sensitive settings of WebADM configuration files.
      > This feature requires a valid (and newer) license file.
    - Major performance enhancements to the crytographic subsystem.
    - New default data encryption method and new setting to configure the encryption mode.
      > Encrypted data will be automatically updated at runtime.
    - Optimized the server IP address checking in the WebADM licensing subsystem.
      > If you have a hostname-based license file, please ensure your DNS is resolving your
        license hostname correctly.
    - Corrected a MountPoint issue introduced in WebADM v1.2.4.
    - Fixed a password change issue with Samba accounts.
    - Fixed an update issue with groups having more than 500 members.

1.2.4
    - Added WebADM Inventory database and WAPI-15 (with Inventory framework).
      > Inventory is used by applications like OpenOTP to store large amounts of Tokens.
        You need to upgrade to OpenOTP v1.1.1 to use the inventory with Hardware Tokens.
    - Added localized messages and inventory items import in the 'Import' menu.
    - Enhancements to the log viewer with large databases.
    - Added a 'select all' checkbox in log, messages and inventory viewers.
    - Optional encrypt_mode level '2' for stronger encryption of LDAP and DB data.
      > Be aware that changing the encryption mode will invalidate any password stored in
        your application settings (ex. SMSC connection passwords).
        You can add "encrypt_mode 2" in webadm.conf to enable level 2 data encryption.
    - Better detection of ActiveDirectory 2003 directories.
    - Hardened authenticated sessions to with protections against XSS and CSRF attacks.
    - Fixed an issue with HTTP output buffering preventing some users to log in WebApps.
    - Fixed an issue where WebADM shows primary connectors (LDAP/SQL/Session) as secondary.
    - Fixed database verification issues with PostgreSQL.
    - Added the /opt/webadm/bin/verify script for batch LDAP object checks.
    - HTTP optimizations with stream compression.
    - Dropped script timeout limit for long LDIF imports.
    - Upgraded to OpenSSL 1.1.0e (security update).
    - Added new XML application configuration features (WAPI 14).
    - Fixed account de-activation in Active Directory.
    - Minor fixes to the user settings' edit pages.
    - Minor fixes for scripts in the applications' bin/ folders.
    - Added the 'reverse_proxies' configuration in webadm.conf to be used when WebADM Web
      Services or WebApps are accessed through a reverse-proxy or load-balancer server.
    
1.2.3
    - Added support for country-based policies in WebADM Domain and Client objects.
      You need to update your Web Service applications to use this feature.
    - Added geolocations and IP-based filtering in the log viewer.
    - Added map view of source IP addresses (per-IP and for the log selection).
    - Enhanced the user data encryption system.
      > WebADM can supports multiple encryption keys for key rollout. The first key is the
        actual key and the other keys (if any) are still supported. WebADM will always
        re-encrypt user data on-the-fly with the actual key.
      > WebADM now checks if the user data were encrypted with the configured encrypt_key.
        It is also able to detect if encrypt_key has changed and cannot decrypt user data.
      > The bin/encrypt script can re-encrypt user data in batch with a new encrypt_key.
    - Added SQLite database support for SQL-based audit tables and localized messages.
      > The WebADM XML specification of an SQLite database (in servers.xml) should contain
        the full path of the sqlite .db file in the "database" XML attribute.
    - Fixed long timeouts occuring with LDAP server failover mechanism.
    - Better logfile logging and log session IDs enhancements.
    - Increased performances of Session Manager encryption.
    - Added an option to force decryption of user data on the user data edititor.
    - Added source IP addresses to the SQL logs (Admin, Manag, WebApp, WebSrv).
    - Added WAPI functions data encryption and IP address geolocalization.
    - Fixed issues with XML log statistics' exports.
    - Fixed a bug with user data corruption when managed by other admins.
    - Added 'smbpasswd' (for Samba passwords) and 'adspasswd' encodings in objects.xml.
      > Please copy objects.xml.new to objects.xml to enable Samba password management.
    - Fixed some AD password change issues with unicode characters.
    - Updated the HTTP, Memcached and PHP components.
    - Fixed admin login with certificates and admin DN containing unicode characters.
    - Fixed error message 'Could not get WebADM user options' at login.
    - Added XML-RPC support for Web services.
    - Added basic support for 389 Directory Server.
    - Fixed LDAP password not working after import/copy.
    - Web Services' WSDL binding address now defaults to the SSL service.
    - Web services' URLs not ending with the traling '/' are now supported.
    - Added an action in the user edit view to deactivate an account.
    - Added a tool to test alert emails under the 'Infos' menu.
    - Application's IP restrictions support IP/netmask format.
    - Enhancements to the WebADM PKI server (client hostnames and command-line options).
    - Added IPv6 support.
    - New RCDevs Logo.

1.2.2
    - Fixed a LDAP failover problem with LDAP-TLS connections.
    - Enhanced the LDAP user data encryption system.
    - Several email addresses can be set for alert_email in webadm.conf.
    - Added a helper tool to manage user data encryption (bin/encrypt).
    - HTTPd log events are now prefixed with the component name and session ID for Admin
      and Manager logs (like for WebApp logs).
    - Added optional misc settings to configure the treeview width and the default portal.
    - Fixed an issue with unicode characters introduced with WebADM v1.2.1-1 and PHP 5.4.
    - Fixed an issue with group settings priority ordering with mulitple groups per-user.
    - The Manager Interface supports batch JSON-RPC requests.
    - Fixed Manager Interface function 'Get_QRCode' not working.
    - Added Manager Interface function 'Get_Random_Bytes' to generate pseudo-random bytes.
    - Added support for PNG and JPEG formats in the QRCode framework.
    - Manager Interface function 'Set_User_Attr' supports ldap_mod_add operations.
    - Added Manager Interface function 'Del_User_Attrs' to delete attributes or values.
    - Added optional syslog reporting.
      > You need to add the configuration directive "log_syslog Yes/No" in webadm.conf.
    - Added PDF generation support.
    - Added XML export format for SQL logs and localized messages.
    - Fixed a log statistics export issue in the log viewer.
    - Added resolution of user groups with memberUID attributes on posixGroups.
    - Fixed issues with the 'Allowed Applications' in OptionSets.
    - Added application configuration details in support tickets.
    - Added group_mode 'Disabled' to disable LDAP groups in WebADM and applications.
    - Performance improvements.
    - Added support for Oracle/Sun Directory.
    - WebADM uses the PHP 5.4 runtime.

1.2.1
    - Added support for upcoming RCDevs permanent licenses.
    - Fixed an issue with mountpoints having spaces in the Mount DN.
    - Fixed Manager Interface responses sometimes returning JSON arrays instead of objects.
    - Added an email alert notification when activated user count is near the license limit.
    - Fixed a bug causing a failure with OpenOTP HOTP Token resync in some situations.
    - Disabled SSLv2 protocol and SSL weak ciphers for PCI compliance.
    - Optionset quotas are handled by the Manager Interface.
    - Enhanced remote services' connection failover system.
    - Much faster QRCode calculations.
    - Added LDAP schema extension support for OpenLDAP versions with dynamic configurations
      and Apple OpenDirectory.
    - Fixed an issue when editing user settings containing double-quote characters.
    - Fixed an issue with mails when the sender address is not a fully-formed address.
    - Fixed some WebApps buttons not working when the default theme is not used.
    
1.2.0
    - WebADM includes a JSON-RPC Manager API for Admin and Application functions.
      The API is accessible through the manag/ URL and requires user authentication.
      Please look at the the 1.2 documentation for details on the Manager interface.
    - Added a SQL table for the Manager logs.
    - All WebApps support the access locking mechanism.
    - Session Manager uses a per-stored-object encryption.
    - Interface enhancements and bug fixes.
    - New WebApp layout and style.
    - Fixed several display problems with some browsers.
    
1.1.5
    - Added an optionset option to allow other admins to access user data unencrypted.
    - License check will not count users for domains where the application is not allowed.
    - Enhanced failure detection of the connected remote services (in servers.xml).
    - Removed internal component versions from HTTP headers.
    - Corrected a bug in the bin/setup script in slave mode.
    - Fixed ODBC database setup issues with newer version of PostgreSQL.
    - Added direct log viewer links on the user edit page for WebADM Accounts.
    - The WebADM setup creates the admin groups and group presence is checked at login.
    - Fixed a database log access issue when an optionset exists and has a Tree Base defined.
    - Fixed a copy/import issue for objects with a password with RCDevs Directory Server.
    - Enhancements in the PKI authentication subsystem.
    - Fixed an issue with PKI login mode when optionset certificate revocations is enabled.
    - Added a menu entry to jump between servers when WebADM is installed in cluster mode.
    - Licenses emergency extension (for Enterprise licenses excluding trials and temporary).
      When a license expires, it will auto-extend for one month and send an alert every day.
      If not renewed within the auto-extension period, the license expires completely.
    - Optimizations in the cluster node's configuration change notification system.
    - Several Admin Portal interface enhancements.
    
1.1.4
    - The 'Extended Logs' application setting is now configured in the webadm.conf file
      with the log_webapps and log_websrvs settings.
    - The 'Enable Alerts' application setting is removed (SQL Alerts are always enabled).
    - An alert cache prevents the same alert email to be sent twice in a 10min interval.
      And a maximum of one alert email is sent per minute.
    - Included the Suhosin hardened PHP patches from http://www.hardened-php.net/suhosin/.
    - Corrected a deadlock problem occuring with some Web services.
    - Added a debugging console for licensed versions.
    - Improved the license caching system.
    - Improved automatic connectors failover for LDAP/SQL/SMTP/PKI/Session servers.
    - Added a graphical editor for the Client objects' Priority Application Settings.
    - Added a button to activate users with WebADM functionalities.
    - Added the Require Client setting for Web services.
    - Added default domain support for all WebApps.

1.1.3
    - Settings super_admins and other_admins can contain a list of LDAP group of users.
    - LDAP MountPoints can be setup with multiple LDAP servers for redundancy.
    - SMTP mail server(s) can now be configured in conf/servers.xml.
      > When no SMTP server is configured, WebADM uses the local mail transfer agent.
    - Fixed a tree browser problem with Internet Explorer.
    - Added SSHA encoding support for LDAP passwords.
    - SQL Database schema has been removed from the conf directory.
    - WebADM displays warnings when licensed products are near expiration.
    - Fixed LDAP connections problems with SSL.
    - Fixed webadmAccount objectclass removal not working with Active Directory.
    - Added a script (in bin/extend) to extend LDAP users with webadmAccount in batch.
    - Added a search result batch action to remove webadmAccount objectclass from users.
    - Fixed a pre-2008 AD Domain detection issue.
    - Fixed pre-2008 AD user counting limitations.
    - Fixed error messages not correctly displayed on license error.
    - Better support for special characters in LDAP objects' DN.
    - Fixed a schema extension issue with mounted LDAP.

1.1.2
    - Added API functionalities required for the TiQR service.
    - Added new admin pages for starting WebApps and Web Services user actions in WebADM.
    - Enhanced certificate management for WebApps.
    - Fixed an OptionSet problem where SQL restrictions were applied to super admins.
    - Fixed a problem preventing LDAP modifications on eDirectory tree roots.
    
1.1.1
    - Fixed an issue with LDAP DN containing special characters.
    - Fixed a display bug in the user application settings editor.
    - Added Alert SQL log.
      > Please update your conf/database.conf file.
    - Removed PHP multibyte functions overloading.
      > Please update all applications to the latest versions.
    - Added support for web services setting scope 'config' required by OpenOTP.
    - Added PHP socket support.
    - WebApp user sessions are now fully encrypted in the session manager.
    - Sensitive configurations are now encrypted in the local shared memory cache.
    - Added status of LDAP configurations in the home page.
    - Corrected few minor problems of the new 1.1.0 release.
    - Added logfile viewer for HTTPd and SOAPd logs (in the Database menu).
    - Added WebADM Client objects support for Trust Domains.
    - Ordered display WebApps and Web Services.

1.1.0
    - Group-based client access control and application policies.
      WebADM includes a new config object type (Client) which allows:
      > Defining client application access rules based on allowed and excluded group
        lists. For example, a VPN client can be restricted to some group of users.
      > Defining client policies with Web Services settings which will always be
        enforced for the client. For example, you want the VPN to authenticate users
        with LDAP+OTP passwords and Token, whatever policy is defined for the user.
    - Extended Domain settings with allowed groups and excluded groups capabilities
      like for WebADM clients.
    - LDAP attribute prefetch mechanism of common attributes for LDAP optimizations.
    - User groups and group settings caching for LDAP optimizations.
    - Added a group_mode settings in the webadm.conf config file to force using only
      direct or indirect LDAP groups.
    - PKI server enhancements.
    - Many minor enhancements and fixes requested by the users.

1.0.10
    - Freeware license is now limited to 25 users instead of 15.
    - Added support for RCDevs Directory Server (OpenLDAP-based LDAP server).
    - Enhanced server automatic failover system.
    - Added setup in slave node mode (for cluster setup).
    - Fixed few minor bugs of 1.0.9.
    - Fixed session corrupted message appearing when blocking timer is pending.
    - Added SSL certificates update scripts in docs/scripts/.
    - Minor display enhancements.
    - Upgraded to PHP 5.3.5.
    - With DN and UID auth_mode, non super-adminsitrators must be registered in the
      other_admins in conf/webadm.conf to be able to enter the Admin Portal.
      With PKI auth_mode, this setting is ignored as as access is granted based on
      the user certificates.
    - Fixed default setting value for user/group settings when the application
      setting does not have a default value.
    - Corrected login pages layout.
    - Caching improvements.
    - Internal security enhancements.
    
1.0.9
    - HTTPD and SOAPD servers are now running under the same Apache instance.
      > Shared cache is now shared between both services.
      > Port configuration is customizable in the bin/webadm script.
      > No more conf/httpd.conf and conf/soapd.conf required.
    - Added LDAP DN cache system.
    - Many code improvements.
    - Fixed LDAP object caching issues in WebApps.
    - Better error handling for WebApps and Web Services.
    - Added WebApp API functions required for OpenID.
    - Cleaned HTTP and SOAP logs.
    - Added GD graphic library support.
    - Fixed an OpenLDAP schema file problem.
    - Fixed OpenLDAP setup problems.
    - Fixed OpenLDAP password encodings.
    - Localized message editor enhancements.
    - Group settings enhancements.
    - User settings default values are now the application values.
    - LDAP framework enhancements.
    - Fixed a bug with RSign when signing certificates.

1.0.8
    - WebApp and WebSrv API updated to version 3.
    - WebApp direct access URL changed.
      > Direct WebApps access is now possible with URL /webapps/mywebapp/
    - WebADM base URL redirects to /webapps/ when Admin is disabled.
    - Javascript corrections.
    - Added new UI framework to support WebApps themes.
      > Add 'webapps_theme "default"' to your webadm.conf to activate default theme.
    - Extended WebSrvs API with request setting handling functions.
    - Mutex enhancements.
    - Added WebApp access locking system.
    - Rsign PKI server is now configured in servers.xml.
    - Rsign PKI client is now implemented in a PHP extension.
    - Updated all libraries to latest versions.
    
1.0.7
    - Added webadmGroup objectclass to the LDAP schema for simpler group settings
      management.
    - Added ActiveDirectory 2003 support (with restrictions).
    - Fixed PostgreSQL database initialization problems.
    - Fixed WSDL download URL from WebADM Application menu.
    - Enhanced setup script.
    - Added web services functions required by OpenSSO.
    - Added other_admins setting in webadm.conf.
    - Added search batch action to add webadmAccount objectclass to users.
    - Fixed webapp header problems.
    
1.0.6
    - Enhanced license caching system.
    - Fixed Web services config cache reload when Web service configurations are
      modified.
    - Added Oracle ODBC driver.
    - Fixed minor display problems.
    - Fixed a bug in the update checker binary 'bin/update'.
    - Session Manager enhancements.
    - WebApp sessions now use Session Manager instead of shared memory.
    - WebApps work behind load-balancers.
    - General code enhancements.
    - Admin portal is now located under '/admin' URL.
    - Updated memcached version.
    - Added Setting to enable mail alerts per applications.
    - Fixed mountpoint problems.
    - Added AllowedClients and AllowedAddresses settings for web services.
    - Added cache_timeout setting in webadm.conf.
    - Remove max cluster requests setting for web services.

1.0.5
    - Added Trust Domain support.
    - Added Session Manager CRC checks.
    - Enhancements in the Web Services requests limit handling.
    - Fixed a problem with the Domain group search base setting.
    - Added RequiredGroup Domain setting.
    - Domains can be hidden from the login portals when using UID login mode.
    - Added a setting in webadm.conf to list or not the domains with UID login mode.
    - Added support for WebApps with Admin pages.
    - Extended WebApp API with SessionManager data storage and message localizations.
    - Added RCDevs commercial software license support.
    - Added email alerts system.
    - Code corrections and optimizations.
    
1.0.4
    - New logo.
    - Languages are now configured in conf/webadm.conf.
      > Update your webadm.conf file.
    - HTTP proxy support (multiple HTTP proxies configurable in conf/servers.xml).
      > You can set a HTTP proxy in the servers.xml file.
    - Added support and maintenance features for RCDevs customers (members):
      > Maintenance Ticket issuing system.
      > SSH remote maintenance system.
    - Fixed a checkbox problem in the localized messages viewer.
    - Fixed a problem with Domain LDAP group search bases.
 
1.0.3
    - Code reorganizations.
    - Web services user locks use the distributed session manager.
    - Webapps use the user locking system for user data and user settings updates.
    - Web services have per-host and per-cluster max concurrent requests settings.
      Cluster means all the servers using the same session manager.
    - Updated backend component versions.
    - Fixed conf/object.xml definitions to allow domain object creation on OpenLDAP.
    - Domains can be disabled.
    - Domain can be restricted to a list of clients (NAS Identifiers).
    - Minor bug fixes.
    
1.0.2
    - WebADM supports application-specific admin pages.
      > The admin pages are available when editing a WebADM user account.
    - User edit page displays the application names in the WebADM data list.
    - Application settings can have a LDAP-only scope that makes them usable
      only on LDAP objects.

1.0.1
    - Home page displays applications status.
    - Minor bug fix in webadmData LDAP updates.
    - Added WebApp PKI API for user user certificates management.
    - Added automatic user certificate provisioning by email.
    - Version checking is configurable in conf/webadm.conf.
    - Added timezone configuration in conf/webadm.conf.

1.0.0
    First official release.