Release Notes: This release has been updated to kernel 2.6 and a fresh base system based on Debian 5.0 (codename Lenny). Additional, notable changes and new features are full support for IPv6, policy routing setup via a Web interface with support for multiple default routes in fail-over as well as load-balancing configurations, layer7 match support to mark traffic based on protocols instead of ports, official support for WLAN interfaces, use of overlay filesystems and standard initramfs tools, and that OpenVPN can now be used without client certificates for direct integration with LDAP or Microsoft Active Directory.
Release Notes: Major new features in this release include official support for Snort as an intrusion detection system and full integration of the Puresight Enterprise variant for advanced user-based authorization and reporting. SSL Explorer plugins can now beinstalled. There were substantial improvements in traffic shaping performance, support for transparent virus scanning for HTTP, POP3, and FTP even without a hard disk, and the beginnings of full WLAN access point functionality.
Release Notes: This release introduces major new features: a dynamic content filter for HTTP based on Puresight, SSL-VPN with the SSL Explorer community addition, a captive portal based on Chillispot, an OpenVPN module in the Web administration interface, unified user management based on OpenLDAP and Freeradius that is now integrated with all services and allows optional use of Active Directory, a complete redesign of the traffic shaping module for more flexibility and complex scenarios, and various additions to the integrated Spamassassin.
Release Notes: This release adds three major new features: accounting/monitoring, anonymization, and failover. Many system and network parameters are now collected and stored in round-robin databases for detailed graphical analysis. Strong anonymization is provided by the integration of tor, anon-proxy/JAP, and freenet, to allow users to remain in control of their private connection data. "heartbeat" with improved scripts has been integrated for hot-standby failover. This will allow connections to remain open even during the failover, and is thus completely transparent to clients and servers.
Release Notes: This release significantly improves the speed of the Web interface, and solves a previous issue with license checks in high-bandwidth cases. An important change is the introduction of the TCP window tracking patch to the firewall code, which checks TCP connections much more thoroughly than before. Another change is that FreeS/WAN has been replaced with its successor Openswan, which uses compatible config files, so this replacement should not need any changes in current configurations.
Release Notes: This is a new major release with many changes, focusing on content inspection. HTTP, SMTP, and POP3 traffic can be checked for viruses (clamav and Kaspersky anti-virus) and SPAM, HTTP and POP3 even transparently. User authentication for HTTP has been added, either via user lists or by integrating with MS Active Directory. The base system has been updated, and is now based on a hardened and enhanced 2.4.26 kernel which includes additional firewall match modules (e.g. the P2P traffic match module).
Release Notes: This release enhances the Web interface usability, making it easier to use and in some places speeding up administration tasks.
Release Notes: This release fixes the brk() local root vulnerability by updating to kernel 2.4.23, altough local users are not used by default on Gibraltar. Additionally, the PAX patch has been applied to the kernel, making it a lot less vulnerable to buffer overflow exploits in general.
Release Notes: This is the first combined free and commercial release. A combined release is easier to maintain. For the freeware version, nothing will change; but it is enough to upload a valid license key to transform it to the commercial version with the newly developed Web administration interface. Other changes include the official out-of-the box support for Alcatel USB Speedtouch ADSL modems and IPSec NAT traversal support. IPSec now uses CA-signed X.509 certificates instead of self-signed ones.
Release Notes: The major security fix is for pptpd. It has been upgraded to a new development version that fixes the problem while glibc has been downgraded to the version available for Debian woody, which has the fix applied. If you use the pptpd service, then it is recommended to upgrade as soon as possible, since there already exists exploit code for this vulnerability (even if it doesn't work with current Gibraltar versions).