WinGate 9 release notes
Version 9.4.5 (Build 6015) Released 28 October 2022
1. Fix: IMAP: additional parameter validation for AUTHENTICATE, SELECT, SUBSCRIBE, UNSUBSCRIBE, STATUS, APPEND, EXPUNGE, STORE, UID functions.
2. Fix: IMAP: fixed returned sequence numbers for SEARCH command
3. Fix: IMAP: fixed returned sequence numbers for SORT command
4. Fix: Pattern matching: Fixed locale dependency for case-insensitive string comparisons in pattern matching.
5. Fix: HTTP: fixed write access to Version member in Request object
6. Fix: Policy Map lookup item: fixed crash in map lookup item when clicking sort header
7. Fix: Policy Map lookup item: store edit control value when dialog closed if currently editing. Previously lost edit.
8. New: HTTP: Added UpdateURL function to HTTPRequestMessage object, so you can specify a new destination URL for requests with a single URL string.
9. New: Policy: Added a second logical output to the Map Lookup item, which allows you to define different behaviour for when the searched value isn't found in the map.
10. Fix: SSL Inspection: Fixed an issue with certificate generation for SSL inspection affecting Chrome users.
11. Fix: SSL: deprecated MD5 and SHA1 hash algorithms for use in signatures in certificate generation.
Version 9.4.1 (Build 5998) Released 1 February 2020
1. Fix: HTTP Caching: Fixed creation of temp folders in the case where the parent folder didn't exist.
2. Fix: DNS: fixed crash on creation of over-sized response packets
3. Fix: Flow-chart Policy: Fixed scrolling issue on log entry item log content field.
4. Fix: SSL Inspection: Fixed control updated when enabling / disabling items
5. Fix: Flow-chart policy: Fixed vertical offset issue for output label
6. Fix: SSL: Fixed blocking of SSL client-initiated renegotiation.
7. New: HTTP Divert: added support for temp vs permanent redirect for divert results in HTTP policy events
Version 9.4.0 (Build 5993) Released 21 February 2019
1. Fix: Categories: Optimised saving changes of category definitions
2. Fix: Block pages: changed double click behaviour to edit block page
3. Fix: Active Directory: Fixed group membership enumeration.
4. Fix: Kerberos: Fixed buffer too small issue in kerberos authentication
5. Fix: Web Serving: Fixed Last-Modified header (appended NULL) when WinGate is web server.
6. New: HiDPI support: support for DPI scaling of hi-res monitors
Version 9.3.0 (Build 5981) Released 21 January 2019
1. Fix: Policy: Fixed auto-reported crash on F1 help for event items in policy editor.
2. Fix: Web Proxy: Fixed HTML escaping of event names and error messages when reporting errors in event handlers.
3. Fix: Web Admin: Fixed HTML escaping of event names and error messages when reporting errors in event handlers.
4. Fix: Auth client: Fixed handling of OK button / default action to not close dialog.
5. Fix: IP to country: Fixed access to CountryForIp function via script runtimes.
6. New: Web Proxy: Now supports WebSockets for forward and reverse proxy.
7. New: Web Proxy: Added list to check for sites not to inspect for SSL inspection
8. New: Auth Client: Added 32 bit QbikAuth32.exe for authenticating from 32 bit windows clients.
9. New: Schema: Added SetString call to allow setting values for global data strings
10. New: SSL/TLS: block client-initiated SSL renegotiation to prevent denial of service.
Version 9.2.0 (Build 5975) Released 27 June 2018
1. Fix: Policy: Property dialogs for some types of item would open non-modally
2. Fix: Timeline: Fix divide-by-zero problem if the pane size reduced to 0 width.
3. Fix: Logging: fixed auto-reported crash relating to searching in log files
4. Fix: WinGate Management: Fix auto-reported crash relating to initialisation of User Interface Framework.
5. Fix: Data Lists: Fix auto-reported crash relating to access safety issue around refreshing contents of file-based lists.
6. Fix: User Database: Fixed auto-repoorted crash relating to safety checking of user object handles in WinGate users and groups.
7. Fix: Uninstall: Fixed issue with missing lua script file on uninstall
8. Fix: WinGate NAT: Fix auto-reported crash caused by race-condition on shutdown
9. Fix: Email Panel: Fix auto-reported crash relating to tooltips when attaching users to mailboxes.
10. Fix: Jscript: Fix auto-reported crash with string length attribute when used with string literals.
11. New: Server Core: Now supports Windows Server Core, you must install and run WinGate Management on another computer. WinGate makes the Remote Control Service available from install.
12. New: Firewall: Added default options to port security, so you can specify whether to log, use SYN cookies, or cloak connection failures on a per-table basis.
13. New: DNS client: Published schema member functions for the DNSClient global object: EnableServer, DisableServer, and IsServerEnabled - to allow script to enable or disable DNS servers used by the DNS client
14. New: WWW proxy: Added support to specify the SNI option used by the reverse proxy when connecting to a back end server with https.
15. New: TCP Mapping: Added new event PreConnect to enable policy to dictate the destination of the upstream connection. Enterprise license required.
16. New: Activity: Added option to discard credentials from machine record, to enable changes to credential rules to be more easily applied.
17. New: Schema: Published schema to make several more member values accessible from event handling. ClientSNIValue, ServerName.
18. New: Mail list: Added some additional list-related headers, and now rewrite From: header in order to satisfy DMARC-checking receivers.
19. New: Uninstall: Added uninstall survey.
Version 9.1.5 (Build 5965) Released 30 April 2018
1. Fix: JScript Item: Fix crash if script longer than 2k characters.
2. Fix: JScript Item: Fix problems with String.Tokenize, including destruction of source string, and improper handling of empty first token.
3. Fix: SOCKS: Properly report and display SOCKS4a if that is being used by the client (was reporting as SOCKS4)
4. New: Session Schema: Added Session.LogEvent function to schema so you can log to the session log from script
5. New: SOCKS Schema: Added Session.ServerName to allow policy control on destination of SOCKS connection requests where the proxy is resolving the target. Can be overwritten.
Version 9.1.4 (Build 5962) Released 10 April 2018
1. Fix: Notifications: Fix crash if reporting notifications to a disabled notification plan, introduced in 9.1.3.
2. Fix: Telemetry: Remove upload timeout (was 1min) for uploading telemetry and crash dumps.
Version 9.1.3 (Build 5958) Released 22 March 2018
1. Fix: HTTP Error responses: Fix XML encoding of embedded data in web access control block pages.
2. Fix: HTTP Error responses: Fix XML encoding of embedded data in Web Admin service internal block pages.
3. Fix: SIP Proxy: Fix broken debug logging for some messages.
4. Fix: HTTP Events: Fixed Headers.Clear function for runtimes.
5. Fix: HTTP Cache: Fix automatically reported crash in user interface in some cases directly after login
6. Fix: WinGate Users and Groups: Fix automatically reported crash relating to configuration errors in authentication.
7. New: Block pages: Added {ACCOUNT} to custom responses and block page templates to report logged in user account.
8. New: Web Admin Service: added support for custom response pages similar to the WWW proxy custom responses.
9. New: Telemetry: Added several more attributes to gather information about the types of service being used.
Version 9.1.2 (Build 5956) Released 18 December 2017
1. Fix: HTTP Error responses: Fix XML encoding of embedded data in response pages, prevents XSS attacks via WinGate block pages.
2. Fix: Directory browsing: Fix issues with links to icon files for directory browsing with https
3. Fix: AD Connector: Fix auto-reported crash relating to enumeration of inter-trusted domains missing certain DNS information.
4. Fix: AD Connector: Fix occasional encoding problem for some arguments in LDAP queries.
5. Fix: Help system: Fix auto-reported crash if hhctrl.ocx fails to load
6. Fix: Schema script: Fix auto-reported crash if script does not include enough operands for various operators
7. Fix: HTTP Basic Auth: Added charset auth param to challenge to indicate preference to receive user/pass in UTF-8
8. Fix: Route Table checking: Fix auto-reported crash when route table contains no routes via a gateway.
9. Fix: Service Bindings: Fix race condition causing crash when viewing bindings while they change (auto-reported).
10. Fix: Dashboards: Fix race condition causing crash when a dashboard is deleted and receives an update (auto-reported).
Version 9.1.1 (Build 5951) Released 9 October 2017
1. Fix: WINS: Fixed rare automatically-reported crash on receiving certain WINS broadcast packets
2. Fix: Activity: Copy URL to clipboard was not working for CONNECT server:port requests
3. Fix: WinGate: Fixed rare automatically-reported crash relating to checking interface table for changes
4. Fix: WinGate Management: Fixed rare automatically-reported crash relating to dialog showing progress of synchronising modules
5. Fix: Web Access Rules: Fix context menu for report header
6. Fix: Send/Recv: Report correct error code if pended completion called with error
7. Fix: Shutdown: Fix crash on shutdown relating to Logging updating shared data values
8. Fix: Minidumps: Fix crash in minidump generation in some cases when shutting down
9. New: Web Access Rules: Added ${USER} and ${IP} options to block pages.
Version 9.1.0 (Build 5945) Released 27 September 2017
1. New: Active Directory: Now works with multiple trusted forests / domains (Enterprise only).
2. New: Credential rules: New setting to prevent inheritance of Domain Computer credentials, means no longer need to battle with system services that auth when restricting user access to web sites.
3. New: Reverse Proxy: Can now set whether client cert is required on a per site basis for reverse proxy with SSL/TLS
4. New: User interface: Updated to latest version of Codejock user interface framework.
5. New: WinGate Updates: overhauled user interface.
6. New: Logos: new product icons / logos for WinGate, Kaspersky AV, Lumen, and the SMS connector.
7. Fix: Web Proxy: Fixed automatically-reported crash occuring when using the wrong number of arguments for some functions in script.
8. Fix: Web Activity: Fix logging of web activity items to timeline on first run when it's disabled.
9. Fix: Licensing: Crash in licensing panel if licenses changed while not showing panel.
10. Fix: Services: Automatically-reported crash in call to LookupPrivilege in some cases relating to checking for port conflicts when starting services.
11. Fix: DNS client: Automatically-reported crash in call to GetNetworkParams, now use DnsQueryConfig to enumerate system-known DNS servers.
12. Fix: Localization: Resolve issue localizing modules that are installed in different folders (not child folder of WinGate).
13. Fix: Localization: Resolve issue with writing missing resources to file
Version 9.0.8 (Build 5935) Released 21 August 2017
1. Fix: Various: Fixed several automatically-reported crashes in WinGate Management and WinGate engine.
2. Fix: Flow-chart policy: Fixed problem with list lookup relating to localised interface where the method sort order changes.
3. Fix: Notifications: Fixed automatically-reported crash relating to logging notification reports.
Version 9.0.7 (Build 5933) Released 14 July 2017
1. Fix: AD connector: Crash in SOCKS authentication related to testing for available auth methods.
2. Fix: Various: various localization issues with some strings
Version 9.0.6 (Build 5929) Released 8 June 2017
1. Fix: Services: Fixed problem with high rate of incoming connections.
2. Fix: WinGate Engine: fixed intermittent crash on engine shutdown.
3. Fix: Localization: Made numerous hard-coded strings available for localization.
4. Fix: Email UI: fixed display of email address handler restrictions.
5. Fix: WWW proxy: Fixed issue in web server when serving files with % in filename
6. New: Licenses: Now report notification incident when license count is exceeded
Version 9.0.5 (Build 5926) Released 5 April 2017
1. Fix: Locking: Reverted to FIFO lock acquisition strategy to resolve issues with stablity due to thread starvation on highly contended locks under load.
2. Fix: WWW proxy: Fixed parser problem if response headers contain mixed CR and CRLF line endings.
3. Fix: Credential Rules: fixed lookup failure when multiple IP-matching sub-ranges defined.
4. Fix: Web Access Rules: Fixed display problem in rules if username contained XML special characters (such as ampersand)
5. Fix: Web Access Rules: Fixed a problem if registry merging resulted in multiple conflicting rule entries.
6. Fix: WinGate Engine: Fixed a crash on shutdown whilst deleting services
7. Fix: WinGate Management: Fixed an automatically-reported crash issue when accessing context menus from some panels when the task panel is hidden.
8. Change: String handling: Performance improvements in several places where strings are copied.
9. Change: Web Access: Refactored locking to reduce contention and increase performance.
10. Change: Minidump reporting: collect more data on crashes, submit minidumps zipped.
Version 9.0.4 (Build 5915) Released 13 February 2017
1. Fix: TLS in services: fixed allowed cipher suite issue relating to deprecation of RC4 and 3-DES, causing older clients to fail to connect with TLS.
2. Fix: WinGate Engine: Fixed an automatically reported crash on shut down of WinGate engine
3. Fix: Categories: Fixed an automatically reported crash in the user interface when you add a category and clear the name,
4. Fix: Permissions: Fixed an automatically reported crash in the user interface which occured occasionally when changing selection
5. Fix: WinGate Management: Fixed an automatically reported crash in the user interface relating to requesting credentials from the user.
6. Fix: Telemetry: several fixes relating to missing prefixes.
Version 9.0.3 (Build 5911) Released 25 January 2017
1. Fix: WinGate Management: Fixed display issue with categories containing special characters
2. Fix: DHCP: fix issue where client changing networks requests old IP was given it instead of rejected.
3. Fix: Localization: Fixed a problem on Windows 7 with WinGate localization causing WinGate management to fail to start.
4. Change: TLS client certs: setting to request a client cert now requires it
5. Chenge: Telemetry: Various fixes, and added start timestamp to record duration covered by report
Version 9.0.2 (Build 5909) Released 13 January 2017
This is another maintenance release, fixing bugs reported by the Application Experience feature in WinGate 9.
1. Fix: WinGate Management: Fixed crash when creating a new service if the dialog OK button is clicked prior to the service showing in the dialog
2. Fix: Activation: fix crash where user deactivates a license where the product is not loaded (e.g. old PureSight license)
3. Fix: Installer: check for existence of KB2533623 on Windows 7, this is required for WinGate to load modules (normally installed by Windows update)
4. Fix: WinGate Updates: Fixed notification of new updates, now always notify on new updates.
5. Fix: Minidump generation: Fixed an problem relating to generation of minidumps without exception information.
6. Fix: Application Experience: Fixed an issue where in some cases install instance ID not available
Version 9.0.1 (Build 5906) Released 29 December 2016
This is an early maintenance release, fixing bugs reported by the Application Experience feature in WinGate 9.
1. Fix: WinGate Engine: Fixed engine crash when WinGate Management connects where there are no packages installed (can happen if you delete packages registry key after installing WinGate).
2. Fix: WinGate Management: fix crash where user hits F1 key on login, or language setting dialog box if they had previously connected to WinGate
3. Fix: DNS server: Fix crash on race condition if sessions were set to time out too short. Now timeouts aren't set in the proxy (they are a function of the DNS client).
4. Fix: WinGate Engine: Fixed crash in some cases in checking for changes to the system route table
5. Fix: Updates: Fixed an occasional crash where a status for a product is updated.
Version 9.0.0 (Build 5902) Released 20 December 2016
Platform-related
1. New: moved to native 64 bit only, dropped support for 32 bit windows.
2. New: no longer support XP or 2003 server, minimum recommended OS is Windows 7 x64 / 2008 R2 server.
3. Change: moved build environment to Visual Studio 2015, which requires deployment of VS2015 runtime.
Performance-related
4. Change: HTTP Proxy: streamlined parsing for improved parsing performance and reduced memory heap access
5. Change: HTTP Proxy: increased buffer size to reduce number of system calls
6. Change: HTTP Proxy: streamlined buffer manager to use fewer allocations and reduce contention around buffer pool
7. Change: HTTP Proxy: streamlined code path for serving files to reduce parsing workload.
8. Change: HTTP Cache: various performance improvements
9. Change: Events: various optimizations to event processing, including reduction of lock contention on processing events
10. Change: Network IO: moved to overlapped sending to reduce system calls when sending data
11. Change: Service: use IO completion ports to accept connections
12. Change: Performance: Improved pattern matching algorithm performance, affects data list lookups.
13. Change: Performance: improved performance of unicode <> UTF-8/ANSI conversion which is in widespread use throughout WinGate
14. Change: Locking: improve lock acquisition cost improves performance overall.
15. Change: String formatting: improved string formatting code to reduce memory allocations
16. Change: String encoding: improved speed of various string encoding functions.
17. Change: Performance: Various other changes to reduce memory heap access and copies.
18. Change: Data: reduced contention / locking around counters to improve performance of monitored data.
19. Change: TCP Mapping proxy: increased throughput performance of proxy
20. Change: SMTP delivery: increased send buffer size for improved delivery performance
21. Change: Timeline: various performance improvements to reduce load of large timeline databases.
Web-related
22. New: HTTP Proxy: Now supports SNI on incoming connections. Useful for supporting multiple reverse proxy sites with different certificates.
23. New: HTTP Proxy: Now inspects initial packet checking for TLS record and SNI. This supports SNI for intercepted connections, and also allows https for diverted connections to the proxy (sometimes called SSL peek and bump).
24. New: Cache: Now supports caching partial responses.
<>
25: Change: HTTP Proxy: numerous performance improvements as above
26. Change: HTTP Proxy: Now allow explicit control over whether to allow GET / HEAD requests to contain a message body.
27. Fix: Cache: better error reporting on cache volume problems (part of adding support for Ramdisk cache)
28. Fix: Web Access Rules: fix web access rule creation wizard navigation
Miscellaneous
29. New: SIP Proxy: allows you to track calls in timeline, and block calls made using SIP phones.
30. New: TCP Mapping: Added controls over TCP keepalive settings for client and server-side connections
31. New: WinGate Management: Added filtering of activity view. Can now set lists of IPs to display or hide traffic from.
32. New: Application Experience: Now collects information about usage of WinGate in order to assist us to prioritise features for development.
33. New: Application Experience: Automatically uploads any crash dump / minidump files and information to our servers for analysis and bug-fixing.
34. New: Logging: new log migration wizard allows moving log folders.
35. New: SQL statement: item can now copy database record field data from results into event data for use in event handlers
36. New: SQL statement: item can now be added directly onto event processing
37. New: SQL statement: policy item can now check whether rows were affected in INSERT/UPDATE/DELETE queries
38. New: Policy: Send Email item can now attach a file
39. New: Policy: New Log Entry item, can log to current service log file from within policy or event (pro or enterprise only)
40. New: Scheduler: added option to randomize the minutes value for when the event will next run. Used for update checker, IP to country updates (on new installs). Useful for load spreading of access to remote servers.
41. New: Config Utility: added -nomap option to allow exporting unmapped file paths
42. New: IPtoCountry: added logging and use of notifications to log update issues.
43. New: IPtoCountry: added IpToCountry as a globally accessible object from script, added "CountryForIp" function.
44> New: POP3 Server: Added SessionComplete event to POP3 server. Now can see how many messages remain in a folder and/or were deleted after a POP3 client disconnects
45. Change: WinGate Management: WinGate management connection no longer inherits credentials from any previous-established cached credentials for the IP it connects from.
46. Change: WinGate Management: Additional logging around login / logout and auth failure.
47. Change: WinGate Management: migrated to new version of Codejock user interface library.
48. Change: WinGate Management: User interface tweaks, to make tabs and quick access buttons more visible, and to distinguish it visually from WG8
49. Change: Notifications Panel: Can now close out multiple incidents at once
50. Change: Email: Mail file processing now binary safe. There was a problem with some embedded non-ASCII-based character sets being corrupted.
51. Change: Logging: session creation and termination is now logged at info level instead of debug.
51. Change: Resources Panel: removed the resources panel for various reasons, mainly due to performance cost, and lack of utility. At least we're honest.
53. Change: OpenSSL: updated to version 1.0.2j
54. Change: Scilexer: new scilexer for context-highlighting of code (script) windows.
55. Change: Licensing: Changed the way WinGate notifies the user about accessing license-restricted features in trial mode to reduce confusion about the purpose of the notification.
56. Change: Installer: migrate mail spool, web admin, certs, resources, custom responses folders to ProgramData
57. Fix: Authentication: some cases where auth failed were not being properly reported / auth failed event processed.
58. Fix: IpToCountry: better file validation of downloaded files.
59. Fix: Various: numerous other fixes.
WinGate 8 release notes
Version 8.5.9 (Build 4883) Released 16 May 2016
1. Fix: Socket notifications: performance improvement from fixed callback window creation.
2. Fix: WinGate Engine: Fixed memory leak in thread naming if policy is used to terminate connections from within ClientConnect event
3. Fix: Reverse Proxy: Fixed memory leak relating to extension to EXE mappings when web serving.
4. Fix: Email Panel: Fixed crash relating to tooltip.
5. Fix: JScript Item: Fixed bug relating to strings from schema objects being treated as booleans when compared.
6. Fix: JScript Item: Fixed bug in less than and greater than operators
7. Change: Pattern Matching: Performance improvement in pattern matching, affects data list content checking.
8. Change: WWW Proxy: now recognises the relatively new PATCH command (so doesn't block it by default)
Version 8.5.8 (Build 4881) Released 23 April 2016
1. Fix: Proxy: Serious load problem with many connections to proxy (log entry shows exception in TCPSession::InitInstance) caused by issue in MFC introduced in 8.4.0 (#22).
2. Fix: Web Activity: Parallelized callout to web classifiers (such as manual classifier) which were being serialized, causing performance bottleneck if classification is too expenive (e.g. very large lists of wild-card entries).
3. Fix: Remote Control: Problem with communications from WinGate Management becoming overloaded and unresponsive if too many packets being sent in the other direction. Could cause settings from WinGate Management to not be applied for example when loading large numbers of timeline records.
4. New: Data Lists: Added RemoveAll and ExportToFile functions to List object schema.
Version 8.5.7 (Build 4879) Released 6 April 2016
1. Fix: Installer: Problem with SHA256 signatures on installer prevented signature validation on XP
2. Fix: Installer: Setupfactory extension RegistryEx.lmd not loading on XP due to missing dependency
3. Change: Installer: Now uses dual signatures on installers to support new requirements for SHA256 and retain previous SHA1 support.
Version 8.5.6 (Build 4877) Released 29 March 2016
1. Fix: DNS Client: Memory leak when DNS requests cancelled prior to completion.
2. Fix: FTP Proxy: Problem logging some non-UTF-8 filenames etc in debug logging.
3. Fix: FTP Proxy: Problem with some UTF-8 filenames being corrupted, preventing download or change directory.
4. Fix: FTP Proxy: Fixed logging of multi-line responses such as FEAT responses.
5. Fix: Timeline: not showing name for Web Activity option on settings > general tab
6. Fix: File-based Data lists: file reading issue when final line not new-line terminated
7. Change: HTTPS inspection: Can now inspect on non-standard ports (use policy if you want finer control)
8. Change: Timeline: Manifest no longer dependent on SQLite ODBC driver file (which is no longer installed to packages folder)
9. Change: Installer: Check CRC on existing driver binary and skip driver upgrade if the binary is the same. Saves a reboot and interface cycling.
10. Change: Installer: Now restart WinGate service (if installer stopped it) and Engine Monitor (in all cases) where reboot is not required.
11. Change: Installer: Installer now signed using SHA256 hash algorithm.
Version 8.5.5 (Build 4858) Released 28 January 2016
1. Fix: DNS Client: Fixed case-sensitivity bug in hosts file entries
2. Fix: DNS Client: hosts file now supports multiple names per line, and multiple addresses per name.
3. Fix: Service Editing: Fix ignored ESC key in editing service when description field is selected.
4. New: DNS client: Add support for adding domain suffix to unqualified requests.
5. New: Active Directory: Result filtering can now select Organization Units as well as domains.
6. New: Upstream connections: proxies can now connect upstream using SOCKS4a, thereby avoiding DNS lookups.
Version 8.5.4 (Build 4852) Released 17 November 2015
1. Fix: WWW Proxy: Fixed issue with stripping of empty Basic auth request header.
2. Fix: TLS: Fix issue with superfluous initialisation of TLS algorithms when generating certificates
3. Fix: Events: Fix problem with editing event processors from events panel - was blocking communications with engine.
4. Fix: Schema: Fix schema / script-based access to Session.ServerIp, broken in 8.5.0
5. Fix: Schema: Fix parameter checking in various built-in functions which could crash WinGate if function called incorrectly.
6. Fix: FTP Proxy: Fix broken PORT command parsing, broken in version 8.5.2
8. New: WinGate Users and Groups: can now change own password via Web Admin service.
Version 8.5.3 (Build 4846) Released 13 October 2015
1. Fix: WWW Proxy: Fixed broken (in 8.5.0) authentication for server requests / reverse proxy / intercepted connections where the proxy is doing the authentication.
Version 8.4.1 (Build 4813) Released 21 July 2015
1. Fix: SSL / TLS: Increase timeout for SSL/TLS handshake to cover for slow clients and certificate revokation checks.
2. Fix: Localization: Was not loading localized strings for package modules
3. Fix: Installer: Problem setting permissions on ProgramData\Qbik folder could take too long if the HTTP cache volume was in there. Problem introduced in 8.4
4. Fix: WinGate Updates: crash in WinGateUpdates.exe relating to logging settings in registry
5. Change: Installer: Updated to SetupFactory 9.5
Version 8.3.2 (Build 4773) Released 8 April 2015
1. Fix: Logging: not persisting changes to logged fields in W3C usage logging introduced in 8.3.0
2. Fix: Policy: Bug introduced in 8.3.0: crash in WinGate management when closing the call policy item in a flow-chart policy
3. Fix: Dashboard: Bug introduced in 8.3.0: WinGate Management would become unresponsive if you delete a dashboard item.
4. Fix: HTTP Filters: occasional crash when a filter returns its own content to a request (e.g. block pages etc)
5. Fix: Web Access Control Rules: crash when dragging and dropping rules if you drop one below default rule
6. Fix: Web Access Control Rules: UI glitch when adding category or site to a rule would not show until dialog was reopened.
7. Fix: Web Access Control Rules: no longer do implicit auth (if user unknown and not matching) on re-authentication rules, only explicit (where it matches the Who tab).
8. Fix: Web Access Control Rules: fixed hit count on auth rules.
9. Fix: Schema script: crash when trying to use uninitialised variables as a result in some scripts or policy items.
10. Fix: Email UI: crash in WinGate Management caused by race condition between creation of email panel, and unsolicited queue updates
11. Fix: WinGate users and groups: NTLM 1 byte buffer overrun problem when logging at debug level
12. Change: Web Access Rules: Performance improvements to rule evaluation.
13. Change: Web Access Rules: Added performance tracking (time spent in each rule for hit and miss cases) so cost of a rule becomes visible.
14. Change: WWW Proxy: Diagnostic Logging now logs requests associated with auth handshaking.
15. Change: WWW Proxy: no longer count intermediate auth challenge handshake requests for session request limiting (limiting to 1 would break NTLM).
16. Change: Notifications: Added Last Change column to notifications panel, changed the way UI updates are handled.
Version 8.3.1 (Build 4769) Released 12 March 2015
1. Fix: SSL: Problem with changed start order of modules revealed a problem with initialisation of OpenSSL that could cause mail delivery to fail when using STARTTLS
2. Fix: POP3 Collection: Fixed issue causing problems connecting to pop3s servers on upgrade.
3. Fix: POP3 Collection: Was not honouring setting for SSL/TLS version in the case of STLS-negotiated SSL/TLS layer
4. Fix: SMTP Delivery: Was not honouring setting for SSL/TLS version in the case of STARTTLS-negotiated SSL/TLS layer
5. Fix: Uninstaller: would hang forever waiting for WinGate service to stop on a WinGate Management only installation
6. Change: Certificate Importing: Prevent importing certificates that do not have a private key.
7. Change: SSL/TLS: Added logging for diagnosing issues with SSL/TLS negotiation and certificates
Version 8.3.0 (Build 4764) Released 5 March 2015
1. Fix: DHCP: Fixed issue where permissions were not registered if User Database started late (e.g AD server not available on WinGate start), so DHCP panel not displayed.
2. Fix: User database: Fixed issue where permissions were not registered if User Database started late (e.g AD server not available on WinGate start), so Users and Groups panel not displayed.
3. Fix: Web Proxy: Fixed occasional buffer leak
4. Fix: Logging: Fixed crash in output buffering when writing very large fields
5. Fix: VPN: Fixed crash when using User object in event handler for VPN connection event.
6. Fix: IMAP: Fixed issue when command contains empty string literal.
7. Fix: Config utility: Problem with utility reporting that WinGate was not installed.
8. Fix: VPN: problem exporting and importing VPN config files. Was reported fixed in 8.0.2, but still had an issue on some OSes.
9. Fix: Policy: fixed a parse error in a default (sample) policy
10. Fix: Engine: Fix issue preventing windows from reporting correct windows version on Windows 8.1 and Windows 10
11. Fix: SSL: now loads entire chain of certificates (if included) from certificate PEM files
12. Fix: IP to Country: update to new format and URLs for access to IP assignment record data.
13. Fix: IMAP: Crash if length information in index file different to file length on disk.
14. Fix: File Copying: deprecated OS CopyFile calls as they are not reliable on 2k12. Now copy file by reading and writing file content. Affects mainly mail (local delivery and mailbox moving).
15. Fix: Mailboxes: bug with tooltips when working with more than 1 mail volume would hang WinGate Management.
16. Fix: Mailboxes: fixed issue where merging mailboxes would fail if a source file did not exist (now skips).
17. Fix: Web Admin: Fixed issue preventing Email tab from displaying
18. Fix: HTTP Cache: Couldn't save rule with only "do not cache" option selected
19. Fix: Web Access Control: Checkbox values in "what" tab of rule were not honoured (always checked).
20. Fix: Users and Groups: Allow access in event processing to Full Name, and Account Name of User object, when authenticated user is a domain computer account.
21. Fix: WinGate Update: issues relating to certificate revocation check failing which prevented update checks.
22. Fix: DHCP Panel: fixed occasional crash when updating lease information
23. Fix: Manual Classifier: improved speed of lookups.
24. Fix: POP3 Proxy and SMTP receiver: buffer overwrite problem when receiving large buffers from client.
25. Fix: Timeline: Crash when changing timeline settings if Database failed to initialise
26. Added: SSL/TLS: can now specify allowable SSL/TLS versions for back-end connections in reverse proxy, and/or client connections (mail delivery and POP3 collection).
27. Change: Mailboxes: now show number of folders and messages in mailbox panel
28. Change: SDK: changed interface registration to auto-binding
29. Change: Permissions: Added default administrative group to root object so that by default administrators can see everything regardless of who created it (e.g. policies/dashboards etc).
30. Change: Permissions: Added proper display handling for checking / unchecking full control option.
31. Change: IMAP: performance improvements in mailbox indices particularly for network-based mail volumes. Greatly speeds up expunges (mail filtering).
32. Change: Policy: Expression evaluator item dialog now resizable and uses larger courier font to assist editing script.
Version 8.2.5 (Build 4733) Released 5 September 2014
- Fix: Permissions: Fixed issue which prevented display of permissions panel in WinGate Management, introduced in 8.2.2.
- Fix: User database: memory leak relating to user objects.
- Fix: Settings utility: incorrectly reported that WinGate was not installed
- Fix: SQLite ODBC driver: fixed issue with converting floating point numbers using current locale.
- Change: User database: changed indexing for object handles to make it safe to test for handle validity.
Version 8.2.1 (Build 4711) Released 28 April 2014
1. Fix: Logging: crash when logging some strings containing mixed ANSI and unicode strings, e.g. embedded Japanese.
2. Fix: Logging: fix timer-based flushing of outstanding buffered log data.
3. Fix: FTP proxy: FTP commands are now treated correctly as case-insensitive.
Version 8.2.0 (Build 4707) Released 23 April 2014
1. Fix: WinGate Management: crash when closing WinGate management during failed connection attempt
2. Change: Web Access Rules: can now drag / drop to re-order web access rules
3. Change: Web Access Rules: can now specify a block page per rule
4. Change: Web Access Rules: block pages now stored under AppData folder instead of under Program Files
5. Change: Web Access Rules: now uses combo box to choose between All, All below, or all except below in each of "Who", "where" and "What" tabs
6. Change: Web Access Rules: "where" and "what" can now check against global data lists
7. Change: DNS: new strategy when dealing with SRVFAIL results from DNS servers. Now tries one other server if there is one.
8. Change: Mail delivery: new special case handling for SRVFAIL responses to MX lookups, now fails over to A record processing.
9. Change: Logging: Major performance improvements to logging, including reduction in data conversion, double-buffering, and file IO.
10. Change: Logging: Added feature to allow buffering of log data before writing it to disk to further reduce file IO. Greatly improves performance of logging to a SAN
11. Change: Logging: Added data counters to track lines logged and bytes logged.
12. Change: Module loading: changed package manager logging to log module load failures
13. Change: Module loading: explicitly report version problems with packages in UI
14. Change: Module loading: overhauled synching dialog. Now wraps text, shows errors more clearly.
15. Change: BGP Service: Added BGP server. This should be considered experimental.
16. Change: Framework: updated to Codejock v 16.3.1 UI framework
Version 8.1.0 (Build 4655) Released 28 February 2014
1. Fix: POP3 Server: debug logging of POP3 commands could cause crash if command contained certain characters.
2. Fix: WWW proxy: issue with reverse proxy checking for path exploits effectively blocking access to back-end URLs containing certain character sequences
3. Fix: AD User Database: crash problem when authing to accounts where AD object is missing required fields. Now logs missing fields and fails auth.
4. Fix: Timeline: Deadlock could occur in some cases when multiple WinGate Management accessing Timeline using MDB or Database concurrency set to 1.
5. Fix: Manual classifier: was not honoring permission for modification of manual classifications.
6. Fix: SMTP Delivery: occasional crash due to race condition when timing out SMTP delivery sessions.
7. Fix: Web Admin: occasional crash when accessing email tab when using AD user database
8. Change: Timeline: changed default database to SQLite from MDB. MDB just not up to the task for medium - large sites.
9. Change: Web Activity: rules can now specify which proxies the rule applies to
10. Change: HTTP Cache: rules can now specify which proxies the rule applies to
11. Change: Dashboards: no longer limit number of dashboards by license.
12. Change: import/export utility: can now import configuration from command line.
13. Change: Data lists: selection dialog now shows current selection
14. Change: Code Signing Cert: new (updated) Qbik Code Signing cert used for WinGate modules.
Version 8.0.5 (Build 4634) Released 5 December 2013
1. Fix: HTTP proxy: malformed request reported when POST request challenged for authentication.
2. Fix: DNS client: crash relating to timing out delegated requests
3. Fix: Timeline: was not showing all activity blocks in some cases.
Version 8.0.4 (Build 4629) Released 4 November 2013
1. Fix: HTTP proxy: problem with tunneled requests (https) when processing pended data on closing connection.
2. Fix: Web Activity: fixed crash when trying to log database initialisation failure
3. Fix: Notifications: fixed WinGate Management crash when notifications occur with notifications panel not visible.
4. Fix: Timeline: Fix issue where UI would not update value of "enable activity tracking" properly
5. Change: Data monitoring: Added option to reset derived values
6. New: Configuration utility: Added utility to export / import configuration (handles 32/64 bit issues as well).
Version 8.0.3 (Build 4625) Released 18 October 2013
1. Fix: Mail delivery: problem with retrying if mail rejected temporarily after DATA command
2. Fix: Mail delivery: problem with bounce messages.
3. Fix: POP3 Server: buffer overflow vulnerability fixed.
4. Fix: SMTP Client: Fixed crash which occured if session was timed out whilst negotiating SSL connection with STARTTLS.
5. Fix: HTTP proxy: problem with SSL inspection if connecting through upstream proxy
6. Fix: DNS client: fixed problem for delegate requests to different domains.
7. Fix: Activity Screen: crash when right-clicking user icon on multiple user machine.
8. Change: Licensing: connections to SMTP server no longer consume a license
9. Change: Schema: Added InRange member function to IP Address object
Version 8.0.2 (Build 4614) Released 23 September 2013
1. Fix: WWW proxy: problem with chunked POST requests.
2. Fix: WWW proxy: problem with FTP URLs.
3. Fix: POP3 Proxy: crash problem when using Kaspersky AV for WinGate and client issues STLS command.
4. Fix: Updates Installer: Fixed issue with improper handling of silent installs in some upgrade scenarios
5. Fix: WINS service: crash when parsing NetBIOS broadcast packets containing no IP address records
6. Fix: SMTP Client and POP3 client: issue when talking to older servers that don't support TLS
7. Fix: VPN: problem exporting and importing VPN config files
8. Fix: Notifications: memory leak when closing an incident that wasn't currently open.
9. Fix: Dashboards: dialog resize bug in dialog for choosing data source for dashboard items.
Version 8.0.1 (Build 4608) Released 20 August 2013
1. Fix: HTTPS inspection: Crash when signer certificate created without encrypted private key
2. Fix: HTTPS inspection: Problem selecting correct signing certificate (due to sorting in combo box).
3. Fix: Timeline: Problem initialising timeline for some versions of MySQL ODBC driver
4. Fix: Timeline: Problem saving new config if database not initialised.
5. Fix: Timeline: problem in user interface causing WinGate Management to crash on exit.
6. Fix: FTP Proxy: Debug logging problem with server responses
7. Fix: Updates Installer: Updated to fixed WinGate 8 installer.
Version 8.0.0 (Build 4601) 31 July 2013
Web-related
1. New: HTTPS inspection support added (Enterprise licenses only)
2. New: HTTP cache: now uses in-memory / file-backed indexes - no more SQL. Result is much faster cache.
3. New: Web Access Control: added rule result of "re-authenticate". This can be used to force change of user.
4. New: Web Access control: added option to track different categories for same site separately or not
5. New: can now intercept port 443 to proxy (normal non-https binding). If SSL inspection is enabled, it can be inspected, else it is tunneled.
6. New: now reads mime types for file extensions from OS when serving.
7. Change: buffer handling, removing double-buffering resulting in much improved throughput
8. Change: now maintains connection to upstream proxy for SOCKS as well as Tunneled upstream connections.
9. Change: usage logs time taken now in milliseconds
10. Change: added option to disconnect in reject policy response
11. Fix: fixed issue with occasional site hangs, and broken images
12. Fix: Web serving: fixed problem improperly blocking URLs containing ':' character - affects reverse proxy as well.
13. Fix: Web proxy: X-Forwarded-For was not being added for upstream connections via proxy, even if selected
14. New: Web proxy: Added support for adding X-Forwarded-For for reverse proxy requests
Email services
15. New: Added support for client certificates and SASL EXTERNAL auth mechanism throughout services and clients.
16, New: Added support to check user database for incoming email addresses to see whether to accept mail or not. Allows integration with Active directory email addresses.
17. New: SMTP Delivery: can now override FQDN in known server
18. New: pushes a notification if a mailbox is over quota when delivering or accepting mail.
19. New: can now install multiple SMTP servers.
20. New: SMTP Server: Added option to require authentication.
21. New: SMTP Server: Added option to override default FQDN
22. Change: Now Checks volume access, writability etc etc. Useful for network shared volumes
23. Change: can now create volumes regardless of license. Whether you can use anything other than default volume is a matter of license. This allows you to create a new volume to migrate to without having an enterprise license.
24. Change: now checks storage type of mail volumes disallowing invalid media, such as CDROM or RAMDisk
25. Change: can now create a volume in a non-empty folder (which allows attaching a volume to a previous volume)
26. Change: SMTP Delivery: now supports MX which resolves to multiple A records.
27. Change: SMTP Server: extended schema of SMTP Session to allow setting of FQDN and whether to require auth in policy.
28. Change: SMTP delivery: no longer (invalidly) tries backup MX servers if a recipient is permanently rejected
29. Change: IMAP: now better handles temporarily unavailable mailboxes (e.g. those on network shares)
30. Fix: resolved some issues with migration of ORDB servers from WG6
31. Fix: fixed bug in POP3 Server when client using SSL / STLS in some cases session would hang
32: Fix: fixed bug in IMAP search when no search sequence specified.
33: Fix: Fixed bug saving mailbox settings.
Miscellaneous
34. New: TCP mapping proxy: supports client certificates on incoming and outbound connections
35. New: Certificates: can now import certificates from pfx file.
36. New: Certificates: WinGate-generated self-signed certs now add Basic constraints and subject Key ID, necessary for signing other certs.
37. New: Credential rules, now UI validates entering IP or MAC address - makes entering MAC addresses more lenient.
38. New: Activity: added expand / collapse all
39. New: Activity: pause activity updates now shuts off updates from server, thereby saving bandwidth.
40. New: WinGate NAT: Added Disconnect event
41. New: Notifications: added logging support. Now logs reports and events to file.
42. Change: changed development environment to MS Visual Studio 2010
43. Change: AD Connector: now control cache lifetime of objects retrieved from active directory. Objects will now be re-fetched after 1min, to reflect changes in account settings etc.
44. Change: AD Connector: now displays email address of users and groups.
45. Change: AD Connector: better handling if AD controller is unavailable when WinGate starts (reports errors to UI, retries initialisation).
46. Change: DNS Client: Can now specify order of servers.
47. Change: DNS Client: Changed deprecation strategy when servers unavailable, now just demote the server, rather than ceasing use of it altogether.
48. Change: Credential rules: Now check for conflicts when creating a new rule.
49: Change: SSL Support: updated OpenSSL to latest 0.9.8y version
50. Change: Post-mortem logging now uses DebugHelp.dll to create minidump files, rather than our old custom post mortem log files. These are also now generated always instead of off by default.
51. Change: Logging: changed log level for various informational events from debug to Info (e.g. proxy requests, and traffic). Means you no longer need to log all debug messages to get requests and traffic.
52. Change: Dashboards: now supports undo/redo and Save / Cancel for editing.
53. Change: Data lists: speed improvements to shared data list lookups used by Policy, and Manual classifier.
54. Fix: Credential rules, fixed locking issue on updating credential rules.
55. Fix: Timeline: now warns on MDB over size, and enforces auto-purging.
56. Fix: Timeline: now deals with temporary inaccessibility of database.
57. Fix: Data: fixed several locking issues
58. Fix: Engine startup: problem on some systems with disabled Ras Manager service where WinGate would crash on startup after reboot.
59. Fix: Lua Scripts: fixed issue when calling function with no parameters.
60. Fix: Policy: fixed problem with imported policies relating to 32 bit values imported as signed vs unsigned data.
61. Fix: AD UDB: issue where empty search results would return incorrect error to client code.
62. Fix: Web Activity: deadlock editing web access control rules while under load.
63. Fix: Timeline: fixed deadlock in timeline when using MDB and retrieving large datasets.
64. Fix: Network Driver: fixed deadlock when disabling / enabling USB-based adapters.
Version 7.3.1 (Build 3535) Released 16 May 2013
1. Change: Debugging: now generates minidump files for better analysis of top level exceptions.
2. Change: Updates: added support for hyperlinks to launch browser (e.g. for links to release notes)
3. Change: Installer: Now adds rule to windows firewall for WinGate service.
4. Fix: IMAP: Search without range or UID range specifier would fail
5. Fix: Dialer: Failure to start RasMan service in time could cause WinGate engine to crash on startup.
6. Fix: WWW proxy: problem downloading resources greater than 2GB
7. Fix: Logging: Support for logging 64bit values to usage logs, changed log types for HTTP download size, mail message size etc to 64 bit capable
8. Fix: HTTP Cache: problem relating to parsing of ETag could cause some server responses to not be correctly processed.
9. Fix: WinGate Management: Help panel should no longer require adding site to Internet Explorer trusted sites.
10. Fix: Data global lists: WinGate crash where lists linked to a file couldn't access the file
Version 7.3.0 (Build 3506) Released 7 March 2013
1. New: Reverse proxy: can now specify to make back-end connection with SSL and/or client certificate
2. New: in web serving sites matching host-names can now specify to match on SSL or not.
3. New: Service events: Added Binding object to events for TCP-based services (WWW, FTP, SMTP, POP3, IMAP, Remote Control etc). This allows setting local SSL settings per connection
4. New: server requests, reverse proxy etc can now make SSL connections, with client certificates. These settings can also be changed in policy per request.
5. New: Users and Groups. Now supports filtering by domain.
6. New: TCP mapping proxy, published more members for session object, to specify connection control, (e.g. client cert, use SSL, bypass proxy etc).
7. Change: Policy: policy flow-chart now shows icon of type of item in the worksheet.
8. Change: POP3 collection and SMTP delivery now avoid DNS lookup if connecting through upstream proxy that connects by servername.
9. Change: POP3 collection and SMTP delivery now support use of client certificates when connecting to a server
10. Change: Connections: moved processing of ClientConnect event prior to establishment of SSL, based on binding, so policy can override this (e.g. choose cert per client IP etc)
11. Change: Network connections: Added adapter ID to network adapter dialog in Network connections panel. Also ability to copy data to clipboard. This is useful so you can compare adapter ID with Binding member in policy.
12. Fix: Persistence: Fixed buffer overflow bug in persistence classes.
13. Fix: Notifications: Fixed deadlock in Notification component if logging fails due to access issues to log folder.
14. Fix: Scripting: LuaScript and JScript policy items now verify that the function prototype matches the event data. This was necessary due to addition of Binding object to event data.
15. Fix: fixed problem with reverse proxy for https sites where back-end connection was not SSL.
16. Fix: fixed occasional deadlock when using Kaspersky AntiVirus for WinGate
17. Fix: SSL Support: fixed issue closing SSL sockets.
Version 7.2.10 (Build 3486) Released 5 February 2013
1. Fix: WWW proxy. Now supports HTTP messages with content length > 4GB
2. Fix: WWW proxy. Improved performance of WWW proxy as a web server, no longer sends headers and response line in separate packet to initial payload.
3. Fix: TCP Mapping proxy. Fixed problem introduced in 7.2.9 where intercepted connections matched specific mappings, would cause connection to fail.
4. Fix: HTTP Cache. Fixed problem with improper removal of cache entries when a server re-uses same ETag for multiple resources.
5. Change: Browse for Folder dialog - usability improvements, can now select the folder you're viewing, rather than only sub-folders.
6. Change: Activity: Pausing activity updates now stops updates at source, thereby reducing load and bandwidth requirements.
7. Change: Activity: efficiency improvements when no WinGate Management is connected.
Version 7.2.9 (Build 3480) Released 11 January 2013
1. New: TCP Mapping proxy - now pushes an event on connection failure so you can notify / retry a failover server.
2. Fix: Data Lists - problem inserting new string items would cause WinGate Management crash.
3. Fix: Data items - problem with sample Restricted Sites list prevented editing.
Version 7.2.8 (Build 3467) Released 27 November 2012
1. New: DHCP, added WPAD option, so can do WPAD without enterprise license.
2. New: SOCKS server now supports SOCKS 4a.
3. Fix: POP3 proxy, issue with passwords containing % symbol
4. Fix: WWW Proxy: issue with lost buffered client data when tunneling FTP through WWW proxy.
5. Fix: Categories: issue with categories containing non-text characters (caused problems when trying to create web access rules with PureSight categories such as "Children's").
6. Fix: Schema script runtime, fixed parsing problem with certain script constructs.
7. Fix: WinGate Management, fixed issue relating to trying to update help pane topic when the help pane wasn't created.
8. Fix: Permissions, buffer alignment problem when storing and reading permissions objects to registry
9. Fix: WinGate Management, fixed lockup on services panel when changing service status
Version 6.6.4 Build 1338 (Released 14 October 2009)
- Fixed an issue with the DHCP server where if an old lease referred to a scope that had been deleted, WinGate would not make an offer.
- Signed the Wgengmon and wgvpnmon applications so they can be loaded in 2k8 server without disabling UAC.
- Added full minidump capability for troubleshooting.
- Fixed an issue in the WWW proxy where serving files from disk with a space in the URL.
- Fixed an issue in the WWW proxy where accessing FTP servers which use UTF-8 filenames would cause problems.
- Fixed an issue in the WWW proxy with Basic authentication causing some sessions to hang.
- Fixed an issue in the WWW proxy relating to policy that checked server ip address.
- Fixed an issue in SMTP delivery - no longer try A record when MX record lookup times out.
Version 6.6.0 Build 1277 (Released 27 May 2009)
- New WWW proxy, including changes relating to auth, scanning, caching, pipelining, and HTTP/1.1 support
- Fixed an issue relating to FIN/RST handling and timeout behaviour in Extended networking.
- Resolved dialup issues on 2k3 server.
- Fixed a bug in the IMAP server where it was case-sensitive to certain commands.
- Fixed a problem with ARP cache timeouts and refreshing.
- Reworked the VPN control connection mechanism to harden it against attack.
- Added tunnel keep-alive packets to keep tunnels active through NAT devices.
- Fixed a problem with editing schedule item actions in VPN-only UI.
- Fixed a problem editing access rights on hosted VPNs from a remote GateKeeper in VPN-only UI.
- Deprecated cache freshness overrides (number of days before checking...) in WWW cache.
- Added schedule option to resynch NT user database
WinGate 6.5.0 Build 1197 (Released December 15, 2008)
- Added support for Windows Vista 32 bit
- Added support for Windows XP 64 bit edition
- Added rebuilding of IMAP mailbox index if index file is deleted.
- Added support for using Query String in banlist for HTTP policies
- Added data for policy - connection intercepted: whether or not the connection was intercepted
- Added diagnostic watchdog thread.
- Dropped support for Windows 95, Windows 98, Windows Millenium Edition (ME), and Windows NT 4.
- Removed relays.ordb.org from default configuration for ORDB settings in mail reception.
- Changed type for DHCP time offset option from unsigned to signed integer to allow for negative time offsets.
- Fixed recursion depth issue in DNS resolver which would fail DNS requests returning alias chains longer than 5 levels of indirection (affected download.microsoft.com).
- Fixed issue with NTLM login in various WinGate services due to token length issues, occasionally seen on ADs with Vista and 2003 server.
- Fixed an issue with persistence of website settings in WWW proxy (was not removing deleted host headers).
- Fixed an issue in the DHCP server that was causing lease information to be incorrectly stored. This caused clients to be forced to obtain new IP addresses if the WinGate server was rebooted.
- Fixed issue where a system message on startup could create deadlock when starting up with large NT User database.
- Fixed locking and memory leak issue in RIP manager.
- Fixed stability issue in the WWW proxy related to chunked data transfers
- Fixed protocol error in GateKeeper which could cause GateKeeper to stop displaying updates
- Fixed issue in gateway selection where destination is local. No longer perform gateway selection if destination is local
- Fixed issue in proxies connecting through an HTTP proxy using CONNECT command to non HTTP/1.0 upstream proxy
- Fixed slow memory leak in Nat control which could occur under high load on multi-CPU machines
- Fixed race condition in the ENS driver which could result in empty messages being sent to the Nat control (results in Error log in WinGate NAT log).
WinGate 6.2.2 (Released July 12 2007)
- Fixed critical security vulnerability in the SMTP server, allowing remote attackers to crash the WinGate service. Thanks to Harmony Security for notifying.
- Fixed an issue with directory browsing in the WWW proxy service.
- Fixed an issue with timeouts of large FTP transfers through the FTP proxy.
- Fixed an issue with large FTP transfers through the WWW proxy where data scanning in use.
WinGate 6.2.1 (Released February 7, 2007)
WinGate 6.2 is a sizeable update to version 6.0. It includes several new features, notably an IMAP4 server, enhanced CGI support (it is now possible to run a self-contained webmail system with WinGate), email list server, several enhancements to extended networking, a revised plugin API, as well as a number of bug fixes
- No longer require the firewall to be enabled for ENS relays and Transparent proxy to work.
- Routing now works also between two External interfaces. Previously was only between two Internal interfaces
- Now report packets dropped due to checksum failures to engine (Firewall tab).
- Fixed several problems with CGI support for PHP.
- Fixed several problems with POP3 collection, including hanging on completion.
- Fixed problem with SSL connections losing socket notifications causing sessions to hang/time out. Affected mainly SMTP reception with STARTTLS enabled, POP3 collection with STLS enabled.
- Fixed problem with routing ICMP packets if pinging the WinGate machine itself was disabled.
- Fixed a bug where if no Central Configuration policies have been created or if Central Configuration is not available, the local exclusion list would not have been checked.
- Fixed a problem with Interleaved connections in the RTSP proxy.
- Several obsolete mapping services no longer created by Installer
- Fixed policy issue where selecting the "Everyone" user but not setting "Everyone" as ticked could deny access to services.
- Fixed a problem in the scheduler where some critical events could run repetitively
- Fixed a case where incorrect text would be logged against a quarantine entry if the reason length exceeded 10000 bytes
- Added logging support for plugins. This is supported by version 2 of Kaspersky AntiVirus for WinGate and version 2 of PureSight for WinGate.
- Only show computers in the network pane where these have a NetBIOS SERVER resource
- Fixed an issue in the User database GUI when using the remote database option. There was a functionality issue with the Synchronise userdatabase on engine start option.
- Fixed an issue with the autoupdate event in the WinGate scheduler
- Fixed an issue where deleting certificates from the Server Certificates manager wouldn't work.
- Installation Guide button was broken when installing WinGate. There is now a separate document for WinGate installation guide (WinGateInstall.chm)
- New functionality added to helpfile with updated DHTML features; including in-page image links and easier layouts
- Updated helpfile content improvements, including sections for Active Directory, System Messages, Imap server.
- New WinGate Installation guide, with network scenarios and step by step installation help.
- Several MTU-related driver bug fixes,including fixing Path MTU discovery for tunnel packets, fixing driver-generated ICMP errors for outbound packets over MTU on tunnels.
- Fixed an issue where if the DHCP service was disabled this wasnt reflected in GateKeeper.
- Fixed an issue with manual overrides of network interface MTU. It Now responds to changes (increases and decreases) of device MTU.
- Changed the way the driver analyses MSS and MTU for TCP connections. Simplified handling solves issues where the driver could learn an incorrect device MTU.
- Fixed a problem in license management, where duplicate product entries would result in duplicate licenses being displayed.
- Added an option for overriding interface metric. This allows administrators to prioritise routes in the ENS driver (i.e. to specify that one gateway takes precedence over another for NAT traffic).
- Restructures Plugin API. This means that old plugins will no longer work. New plugins are available.
- Added option in SMTP reception to scan and reject files prior to accepting responsibility for their delivery. This greatly reduces the number of quarantined items and email bounce messages related to email-borne viruses.
- Added IMAP4 server. Supports RFC3501 plus several extensions: UNSELECT, LITERAL+, ID, UIDPLUS, IDLE, STARTTLS, $Forwarded and $MDNSent.
- Email list support. Can now define mailing lists in WinGate email domains
- Added support for SASL LOGIN authentication for POP3 collection and SMTP delivery
WinGate 6.0.4 build 1025 (released March 23 2005)
1. Fixed the WGIC's dialup monitor so that users can now disconnect connect the dialup connection from a client PC running the WGIC.
2. Fixed an issue with SMTP, that could cause the mail being sent to fail if the far end server sent a multi line response.
3. We now show the Remote Control Service in the VPN only GUI.
4. Fixed an issue whereby if a User and Group had the same name policies would fail to work correctly.
5. Fixed a problem with regard to User auditing and a User's account balance.
6. Added a check for sites that use different port numbers in on-page URL's.
7. Fixed an issue with bounce messages and temporary errors.
8. Improved the logic with regard to which panes Gatekeeper shows by default.
9, Fixed a display issue with the right click options ("The time this machine connected at") on the Activity pane in GateKeeper.
10. Improved security in the WinGate firewall by removing UDP ports 1024->4096 on a default installation
11. Improved VPN handling of private IP ranges other the 192.168.xxx.xxx.
12. Standalone WinGate VPN now has available the Extended Network option of black holing IP's.
13. Fixed a problem with SMTP logging of APOP, AUTH etc.
14. Changed VPN Connection method to prevent the broadcast of given messages to given nodes.
15. Resolved an issue in SMTP with NULLs before CRLF.CRLF in end of message
16. Fixed an issue with WinGate VPN which had been limiting the maximum number of RIP routes it could handle,
17. Fixed a BSOD which could occur when WinGate was under high-load.
18. Fixed an issue in the driver which resulted in connections being intercepted when WinGate was acting as a router.
19. Fixed deadlock in the driver.
20. Fixed a memory leak with the WGIC to do with hooking Windows System applications.
21. Tidied up the way GateKeeper behaves when WinGate is unlicenced.
22. Updated the installer to re-include the uninstall survey.
23. Numerous Help file improvements.
24. Fixed an issue with the WinGate Engine Monitor, and VPN Monitor not reflecting the current status of the WinGate service correctly on Terminal
Server.
25. Fixed an issue with POP Collection, which could cause a message to be overlooked for retrieval if the connection to the remote mail server was
unexpectedly terminated.
26. Fixed an issue with upgrading from previous versions of WinGate mail, which could lead to User's being permanently disabled for email access.
27. Resolved an issue with FTP connections and the driver, which could cause large downloads to fail after a random amount of data had been received.
28. Fixed a problem with the driver, whereby upon initial connection of a (WinGate) VPN after a machine reboot, no traffic would move across despite
the connection looking like it had been correctly established.
29. Improved the communications mechanism between the Driver and the Engine.
30. Fixed a display issue which would still show UDP connections below port 1024 even though the option to do this had been de-selected.
31. Fixed an issue with passing 0 length files through to a plugin which could lead to an inability to terminate that session.
WinGate 6.0.3 build 1005 (released 16 September 2004)
1. Fixed a problem with SMTP delivery, where it was possible that some mail received for a domain whilst mail was being delivered to that same domain would not be delivered.
2. Fixed a problem with service bindings, where if one service (even if disabled) was using a port, and had a binding policy, no other services could use that port
3. Fixed an ongoing problem with license use accounting on Multi-use IP configurations where clients are using proxy configuration (specifically where the first session to connect on a machine requires a license, then a license would leak. For WGIC control sessions and DNS requests, no license is required, therefore this problem mainly showed up in proxy configurations).
4. Fixed a bug where VPN control connections would hang if the username was invalid where using the WinGate user database.
5. Fixed a bug related to hash entry timeouts in the ENS introduced in build 1000 related to FIN-ACK attack handling.
WinGate 6.0.2 build 1001 (released 11 September 2004)
1. Fixed a problem in SMTP delivery introduced in build 1000 related to sending mail to servers that do not accept mail containing NULL characters.
2. Fixed a problem with POP3 collection where a session would time out if the terminating CRLF.CRLF which indicates the end of a message was not all received in the same buffer.
3. Fixed a problem on new installation where on first run (not subsequent runs) of the engine, no mail authentication methods are available.
4. Made some modifications to mail installation to avoid conflicts with existing mail servers on the same machine.
5. Changed default setting for gateway monitoring to off.
WinGate 6.0.2 build 1000 (Released 10 September 2004)
1. Fixed a bug whereby the windows services could still be hooked by the WGIC, even when it had been disabled.
2. Fixed a problem with POP3 collection where it would hang parsing files of a specific size (8192 bytes exactly after received stamp).
3. Changed the VPN behaviour so that Joiners details (whose properties are set to only allow tunnels to the Master (hoster)) are not published around the rest of the VPN.
4. Certificates that are generated on the fly while creating a VPN are now available instantly, rather than having to exit the dialog and re-enter.
5. Fixed a problem with GateKeeper crashing if the user edited policies whilst using a version 4 or previous license.
6. Resolved a problem with Assumed users and Authenticated users existing in the same service, which could cause users to be denied access.
7. Licence counts are now adhered to correctly.
8. Fixed a memory leak in the WRP Central Configuration policies.
9. Fixed a problem that would not allow the WGDM to be displayed unless you had an Enterprise license.
10. Fixed an issue with GateKeeper disappearing a few seconds after logging in.
11. Resolved a problem with 'Access Denied (403)' errors for some web-pages (especially with images) when using NTLM authentication.
12. Fixed a bug which could cause holes in the firewall for the VPN to disappear each time the Engine was restarted.
13. Improved history database startup when the file is corrupted.
14. Improved handling of WG Engine Monitor and VPN Monitor when running in a Terminal Server environment.
15. Changed the default behavior of adapter detection, so that now an adapter with a private IP and a default gateway will now show as Internal.
16. Fixed the Right click option in the Network tab, for Local network, so that now the properties menu will display.
17. Fixed problem with Path MTU discovery for connections made by WinGate where using specific gateways.
18. Fixed bluescreen related to UDP broadcast relaying where there were more than 32 current VPN tunnels.
19. Fixed a problem that stopped HTTP caching from working properly if plugins were in use.
WinGate 6.0.1 build 995 (Released 12 August 2004)
1. Fixed a problem activating version 6 keys
2. Fixed a problem with migration of VPN certificates when upgrading from previous versions.
WinGate 6.0.1 build 993 (Released 10 August 2004)
1. Fixed a problem which stopped PureSight for WinGate from running with a licensed key.
2. Fixed a problem with Web caching on sessions with multiple HTTP 1.1 requests
3. Fixed a problem with VPN tunnels where more than one tunnel exists between the same two IP addresses
4. Fixed a problem with WRP and WGIC when running without an Enterprise license.
5. Fixed a problem which caused the WWW Proxy to serve the Java Client when a site was blocked by the ban list.
6. Improved the license manager so it will handle PureSight for WinGate and Kaspersky AntiVirus for WinGate License keys.
7. WGOptions now allows disabling DNS servers from being used, in order to resolve DNS loop issues.
8. Changed order of installation sequence for activation, so this happens prior to removing previous WinGate
version on upgrades (so the firewall is still active for the required internet connection).
WinGate 6.0.0 build 984 (Released 29 July 2004)
1. Fixed a problem with Blackholing IP addresses on some network adapters.
2. Fixed a couple of problems with activation, including license names containing special characters.
3. Fixed a buffer leak problem in the WinGate ENS with gateway pre-selection
|