-------------------------------------------------------------------------------
                        visonysAirlock Update
-------------------------------------------------------------------------------


This update is applicable to the following versions of visonysAirlock:

        4.1-10.28
        4.1-10.20
        4.1-10.18
        4.1-10.17

UPDATE
------
An update is a cumulative set of all changes (updates and hotfixes) which have
been released up to the current version. An update increases the 
buildcode of a visonysAirlock system.

Urgency Levels
--------------
SECURITY: This update/hotfix addresses security issues.
HIGH:     The installation is recommended to all customers using the affected
          Airlock version.
MEDIUM:   The installation of the update/hotfix is recommended to customers
          doing often config changes in the affected area.
LOW:      The installation is recommended to customers who have problems
          related to the issues fixed in the update/hotfix.

WARNING
-------
Visonys recommends to apply the update using a console (kvm or serial).
In some situations a network connection (as used for SSH) may break the update
process, especially if the connection is routed.

Changes
-------


4.1-10.28 [C] 20070919 urgency: LOW
 - NEW: UD-1751 Allow definition of additional Configuration Center users
                (see http://techzone.visonys.com/admin-users)
 - NEW: UD-1752 Show information about concurrent Configuration Center users 
 - NEW: UD-1753 Added automated update of Certificate Revocation Lists
                (see http://techzone.visonys.com/crl-update)
 - NEW: UD-1757 Added framework for detection and prevention of session
                hijacking
                (see http://techzone.visonys.com/client-fingerprint)
 - NEW: UD-1758 Enhanced syslog transport methods to use UDP, TCP and SSL 
                (see http://techzone.visonys.com/syslog-forwarding)
 - NEW: UD-1760 Added basic support for server authentication via PKCS#11
                using NSS
 - NEW: UD-1780 Added UTC to the supported timezones 
 - NEW: UD-1785 Added error page 502 needed by ICAP
 - NEW: UD-1789 Extended control API to insert customized HTTP headers into
                HTTP requests belonging to a session
 - NEW: UD-1790 Added hyperlinks from log messages to TechZone-Entries
 - CHG: UD-1754 Improved set of predefined Log Viewer filters
 - CHG: UD-1759 Reorganized activation process to reduce memory footprint
 - CHG: UD-1761 Increased ratio of web listener to filter processes
 - CHG: UD-1762 Removed "No, I'll do it later" option during activation
 - CHG: UD-1763 Automatically convert multiline patterns to single line in
                Configuration Center
 - CHG: UD-1768 Restricted logging of configuration details during activation
                to trace mode
 - CHG: UD-1770 Reclassify filter engine log messages
 - CHG: UD-1776 Improved various event descriptions
 - CHG: UD-1778 Updated VpnApplet signature
 - CHG: UD-1783 Unified network configuration files generated by installation
                and re-ip
 - CHG: UD-1788 Updated list of TOR gateways
 - CHG: UD-1791 Removed unnecessary log messages (stopper, su, syslog)
 - FIX: UD-1755 Restrict trace warn message to appear in trace mode only
 - FIX: UD-1756 Fixed failover mechanism when frontend and backend use same NIC
                (CASE-3926)
 - FIX: UD-1764 Fixed notification channels in trace mode
 - FIX: UD-1765 Corrected occasional newline insertion bug in ICAP response
                parser 
 - FIX: UD-1766 Fixed race condition that could lead to deadlock during request
                processing 
 - FIX: UD-1767 Improved automatic filter selection and deselection in Log
                Viewer
 - FIX: UD-1769 Corrected %uXXXX-to-utf8 conversion
 - FIX: UD-1771 Corrected log-space guard and its notification
 - FIX: UD-1772 Imposed a strict limit on the number of mappings visonysAirlock
                can handle. The limit is between 256 and 512 depending on
                HTTP/HTTPS use in virtual hosts. If the number of configured
                mappings exceeds this limit, error message WR-SG-MAPP-401 will
                be generated. (CASE-3739)
 - FIX: UD-1773 Fixed handling of non-standard HTTP response status codes such
                as 449 (MS ActiveSync) (CASE-3785)
 - FIX: UD-1774 Removed basic-auth value from control API error message
 - FIX: UD-1775 Corrected event handling for recurring events
 - FIX: UD-1777 Whitespace around URLs in HTML-links is now ignored by rewrite
                engine
 - FIX: UD-1779 Corrected restart script for guards
 - FIX: UD-1781 Lengthened expiry time of the LogViewer settings to one week 
 - FIX: UD-1782 Fixed rewriting of cookie-domain for pass-through cookies
 - FIX: UD-1784 Improved usability of quick access links in Log Viewer
 - FIX: UD-1792 Corrected syslog messaging for events
 - FIX: UD-1793 Improved handling of defunct event notification processes
 - FIX: UD-1794 Fixed broken "keep config" for direct upgrade from version 3.5
 - FIX: UD-1795 Corrected handling of illegal failover state passive/passive
                (CASE-4025, CASE-4060)
 - FIX: UD-1797 Improved detection of blocking backend requests (CASE-3971)
 - FIX: UD-1799 Corrected error handling in cookie decryption (CASE-3344)

   Known issue:
   If this update is applied to a visonysAirlock 4.1-10.20 (or earlier) that 
   has not been activated so far, then the update installation output 
   will be interrupted after "Stop services...  // start netcfg HALT_EXT_PATH".
   The output will be displayed about two minutes later and the update will be
   installed correctly.

   NOTE: Applying this update will restart some services and terminate all user
   sessions.

4.1-10.20 [B] 20070720 urgency: HIGH
 - FIX: UD-1750 Fixed deadlock in filter process termination
                (CASE-3907, CASE-3886)

4.1-10.18 [A] 20070711 urgency: HIGH
 - FIX: UD-1746 Corrected cookie based session tracking
 - FIX: UD-1747 Apply deny rules to GET forms with enabled form protection
 - FIX: UD-1748 Improved ICAP-REQMOD response headers handling
 - FIX: UD-1749 Improved ICAP-REQMOD response HTTP status codes handling

-------------------------------------------------------------------------------
   IMPORTANT: You MUST manually activate your configuration
              in the Web GUI after installing this update.
-------------------------------------------------------------------------------



How To Install
--------------
1)  Use the configuration application to upload the complete update.zip
    (System admin -> Upload Airlock update file)

2)  Apply the update by logging in as user 'menu' either on console
    or by ssh:

    Example:
    ssh menu@my-airlock.domain.com

    The password for user 'menu' is the same as for the administrator.

3)  Press activate in config GUI for using the changed rules and patterns.


Visonys Contact
---------------
If you have further questions, please contact Visonys technical support:

   Email:    support@visonys.com
   Hotline:  +41 44 366 88 77
   Internet: http://www.visonys.com