Netsweeper Inc.

Corporate Headquarters Release Notes 6.2

156 Columbia St. W.
Suite 4
Waterloo, ON, Canada N2L 3L3
CANADA
T: +1 (519) 772-0889
F: +1 (519) 772-0896

© 2019 Netsweeper Inc.

All rights reserved.

Every effort has been made to ensure the accuracy of this document. However, Netsweeper
Inc. makes no warranties with respect to this documentation and disclaims any implied
warranties of merchantability and fitness for a particular purpose. Netsweeper Inc. shall not
be liable for any error or for incidental or consequential damages in connection with the
furnishing, performance, or use of this document or the examples herein. The information in
this documentation is subject to change without notice.

Netsweeper and Netsweeper Inc. are trademarks or registered trademarks of Netsweeper

Incorporated in Canada and/or in other countries. Other product names mentioned in this
document may be trademarks or registered trademarks of their respective companies and are
the sole property of their respective manufacturers.

© 2019, Netsweeper Inc.

Release Notes 6.2 Table of Contents

Contents: Release Notes

6.2.5 Release Notes (May 3, 2019) .............................................................. 1
6.2.4 Release Notes (March 28, 2019) .......................................................... 4
6.2.3 Release Notes (February 20, 2019) ....................................................... 9
6.2.2 Release Notes (January 11, 2019) ...................................................... 13
6.2.1 Release Notes (November 30, 2018) ................................................... 16

Page ii
 6.2.5 Release Notes (May 3, 2019)

6.2.5 Release Notes (May 3, 2019)

The Netsweeper 6.2.5 GA release has arrived and finishes all major features in the 6.2
release series. We have spent the last few weeks with a focus on variance fixes along
with updated default configuration changes for fresh installs of the product. The 6.2.5
release has been marked as Generally Available and it is recommended that all
customers upgrade to this release.
Some of the new features in 6.2.5 include:
• WebDB WebAdmin File Cache support has been added to cache the output of the
WebDB modules, so the same configuration is not generated for all servers
• Default Configuration will fail close when Policy Server is not online
• New Categories: Payment Gateway, Age Verification, Body Modification, PIPCU,
Cleanfeed, and Self Harm. Alternate Lifestyles is renamed to 'Lifestyle Choices'
If you have any questions or concerns about planning an upgrade to this release,
please contact Netsweeper Technical Support [email protected].
Change Log 6.2.5
Ticket Description
19950 UPDATE: The 'auth' type has been assigned to all Authentication
WebAdmin logs.
21264 FEATURE: New Categories have been added: Payment Gateway, Age
Verification, Body Modification, PIPCU, Cleanfeed, and Self Harm.
Alternate Lifestyles has been renamed 'Lifestyle Choices'.
21461 BUG: The password hash feature for the database configuration did not
properly work when the configuration was removed in all cases.
21462 BUG: When a connection was denied we did not drop all packets. This
would allow UDP connections to retransmit and possibly continue to
work. We will now drop packets when we are inline when a flow is
denied, or a flow is waiting for policy processing. Packets with no TCP
or UDP payload are allowed.
21464 UPDATE: The NSProxy default configuration will now fail close when the
Policy Server is not online.
21465 BUG: The NS List Service would not flag or notify the user of invalid
entries or schemes. Now the 'Page Title' displays a warning when the
scheme, list Item type or Keyword is invalid.
21469 BUG: A JavaScript error would occur, if no Category column was
selected for requested fields in the 'Request Log Files'.

Page 1
 6.2.5 Release Notes (May 3, 2019)

Ticket Description
21473 FEATURE: The Route Advertisement Service can now load and process
the CleanFeed List.
21477 BUG: The Request Log Files Archive table did not sort correctly.

21481 FEATURE: The WebAdmin Auth Portal can now 'Mangle Domain to
username@domain format' and 'Override Domain' when using the build
in the portal. In prior releases this was completed by the Policy Server
when using the cookie injection mode only.
21482 FEATURE: DirSync can now lookup a Group based on the Prefix and
create the Group with the Append option. A new Groupname meta
variable has been added to the authdirsyn configuration.
21484 UPDATE: The -d <what-is-my-filtered-ip how> option has been added to
WAgent documentation and help text.
21487 DOCUMENTATION: The WAgent 2 text has been removed from WAgent
documentation and help text.
21490 BUG: The URL lookup export columns were not matching the columns
adjusted by the user.
21494 FEATURE: WebDB WebAdmin File Cache support has been added to
cache the output of the WebDB modules, so the same configuration is
not generated for all servers. Four new settings have been added to the
WebDB Section of WebAdmin Settings: WebDB File Cache Enabled,
WebDB File Cache Retry Count, WebDB File Cache Retry Delay
(seconds), and WebDB File Cache Time to Live (seconds).
21496 BUG: The 'Services' page could not handle long server names. This
could make some expand/collapse to stop functioning.
21503 BUG: The Routes Advertising Service page would show an error popup.

21504 PERFORMANCE: The Request Servers authorization for APIs and for
WebDB database performance has been improved.
21505 BUG: The /config directory was not present during a Cluster upgrade so
files could not be added.
21506 FEATURE: Critical errors were not being displayed by default in the
WebAdmin making it difficult for debugging.
21511 BUG: The list_entry_list API detailed output had the wrong case, part,
and other columns.
21512 BUG: URL List Screenshot, Page Title fields did not populate with List
Service enabled when the URL did not have a valid scheme.

Page 2
 6.2.5 Release Notes (May 3, 2019)

Ticket Description
21514 Bug: Disable Filtering with different timezones would cause unexpected
results.
21521 BUG: The Policy server could restart when processing RDNS entries and
a resolution error would occur for a long hostname.
21529 BUG: Top 10 Search Terms Denied Template is incorrect. Denied Flag
was set as allowed.
21539 FEATURE: The Route Advertisement Service (RAS) will now show the
cleanfeed list when the list file exists.

Page 3
 6.2.4 Release Notes (March 28, 2019)

6.2.4 Release Notes (March 28, 2019)

The Netsweeper 6.2.4 EA release has arrived and finishes all major features in the 6.2
release series. Netsweeper is now focusing on only critical bug fixes and stability
improvements as we focus on getting the 6.2 Generally Available for all
customers. If you have not yet upgraded to the 6.2 release series, we strongly
suggest you start planning your migration now. Some of the new features in 6.2.4
include:
• SAML-based Single Sign On has been added to the WebAdmin and the Profile
Manager
• New and updated Workstation Agent Configuration APIs
• Live Log Viewer can now view any fields available for reporting
• NSProxy
o The NSProxy Root Certificate Authorities bundle is now distributed from
update.netsweeper.com
o Workstation Agent Configuration has expanded settings:
o Only modify Clients with a TTL set or expired, expired only, or the default of
modify any Client
o Exclude network address and valid networks to limit IP ranges can be
designated
o Client OS can now allow only ChromeOS or a specific OS
o Easily implement login/logout
• Import and Export
• Client names can be optionally stripped of all data after the @ on export
• Drill down Reports now display summary and detail output in table format
• Directory Sync Settings now displays the configuration settings in the Search Base
list
• Many Directory Sync bug fixes when adding IIS Auth Portal and Directory Sync
configurations.
If you have any questions or concerns about planning an upgrade to this release,
please contact Netsweeper Technical Support [email protected].
Change Log 6.2.4
Ticket Description
18783 UPDATE: Drill down Reports now display summary and detail output in
table format. We no longer display a pie graph for table output.
19965 BUG: Validation for item of Policy Event Type now occurs before
import.

Page 4
 6.2.4 Release Notes (March 28, 2019)

Ticket Description
20595 FEATURE: SAML-based Single Sign On has been added to the WebAdmin.
There are four new SAML options under 'Single Sign On' in WebAdmin
Settings: Enable SAML-based Single Sign on for WebAdmin, Enable SAML-
based Single Sign on for Auth Portal, Enable SAML-based Email
Verification for Sign Up, and Enable SAML-based Single Sign on for
Profile Manager.
21059 BUG: There were problems with the logging framework that could crash
the Policy Server.
21156 FEATURE: WAgent 'Valid Networks' has been added to the GUID to limit
the IP ranges a WAgent call can be made from.
21183 FEATURE: There are three new agent_config APIs: agent_config_query,
agent_config_modify, and agent_config_delete. New fields have been
added to the agent_config_create API.
21184 BUG: Agent Config "Append Group" and "create group if it does not
exist" should only work for the System Group or the Environment
variable.
21206 UPDATE: The 'Client Default Group' drop-down in the Add/Edit
Configuration page of the In the Agent Config Manager has been
optimized.
21316 FEATURE: The WAgent 3.7 now adds a NS-User-Agent header because
Chrome cannot set the User-Agent. The header is now used if it exists
or else it will fall back to User-Agent 7.
21339 FEATURE: Now the NSProxy keywords scanner allows you to assign a
weight to each keyword and trigger the "keyword is found" event only
when some of the found keywords' weights exceeds a threshold.
21340 FEATURE: Now the NSProxy Keyword scanner is enabled by default and
uses the keyword list distributed from Netsweeper with other Lists.
21347 BUG: On upgrade, the nsportmap service would enable the service if
disabled and could mangle the config file.
21349 BUG: The 6.2 releases could attempt to assign an invalid IP address into
a group and fail without proper error message.
21352 FEATURE: An option, 'Strip Client Names' has been added to the Export
Clients page to strip the @ and all other data in client names when
exporting the Client List from the WebAdmin.
21353 BUG: Importing Clients did not allow for alternate Date formats.

Page 5
 6.2.4 Release Notes (March 28, 2019)

Ticket Description
21354 UPDATE: The output fields have been added to the output fields list
when using the -f in nstail.
21355 UPDATE: The Request Log Files now includes: Event Data, All Category
Numbers, All Categories, Destination IP, Interceptor IP, Logger, HTTP
Method, User Agent, and Referrer, in addition to the fields found in the
previous release.
21356 BUG: The Reporter static filters would change when updating the
Clients.
21357 BUG: The client_modify API did not generate a log message for the
update.
21359 FEATURE: Agent Configuration has a more expanded setting for 'Modify
Other Client Settings' that allows the configuration to only modify
Clients with a TTL set or expired, expired only, or the default which is
to modify any Client.
21360 FEATURE: A new setting, 'Client OS', has been add to the Add/Edit
Agent Configuration window that limits the WAgent configuration to
only allow ChromeOS or a specific operating system.
21362 FEATURE: The NSProxy Root Certificate Authorities bundle is now
distributed from update.netsweeper.com.
21367 UPDATE: The Keywords list has been improved to work with special
characters.
21374 FEATURE: The -L WebAdmin Agent logout GUID has been added to the
Agent Config Manager help text and to documentation.
21375 UPDATE: The default 'Request Log Files' fields are now: Actions,
Timestamp, URL, Client IP, Client Name, Policy Group, Denied Flag, and
Category Names.
21388 FEATURE: In WAgent 3.11, it is now easier to implement a login/logout.
When using a default Agent Config, you can specify -g '' and -L '' without
a proper GUID for easy configuration. It is recommended to specify the
proper GUID for both Login and Logout for all installations.
21391 BUG: The Agent Configuration did not allow the use of the default
group when the system to environment group did not exist.
21396 BUG: A corrupted policy server url http:///www.netsweeper.com could
cause the policy server to restart in rare cases.

Page 6
 6.2.4 Release Notes (March 28, 2019)

Ticket Description
21399 BUG: When running -w HOST -g LOGOUTGUID on a unexpired client with
another group, an message 'ERROR: Could not assign to a group by
configured rule, unexpired client exists' would display.
21402 BUG: If port http://localhost:80 is not open, nswcli will hang forever
when it is run. This has been resolved, we will only attempt to connect
to the WebAdmin URL when needed allowing the user to change the
default URL before we try to connect.
21403 BUG: The WhatsAPP protocol was not enabled in the NSPDE engine.

21404 BUG: The WhatsApp protocol was not always detected in the protocol
engine.
21405 BUG: The Policy Server failed to start when there were multiple .nsz
files for a list to load.
21406 FEATURE: A new setting, 'Excluded Networks' has been added to the
Add/Edit Agent Config window. It allows you to exclude Network
addresses from the WAgent.
21407 BUG: The function to add a Category number did not return a consistent
value.
21418 BUG: List Entry Review with List Merge enabled could cause an SQL
error.
21419 BUG: There were problems deleting Advanced Filters 'Saved Presets'.

21424 FEATURE: The Live Log viewer can now view any fields enabled for
reporting. This allows you to see the Destination IP, Event Type, Event
Data, User-Agent and any additional information.
21431 BUG: ntlmldap users could get an Authentication: read callback popup
on the connection without requests errors. This could cause
authentication popups until the proxy is restarted. Customers using
Authentication services should upgrade to this release.
21434 BUG: On a fresh installation, the custom category version would not be
updated in the current revision for the Category Manager.
21435 BUG: Advanced Filters could sometimes fail to update results when
applying Advanced Filters.
21442 BUG: The nslistservice could fail to process the entire List leaving some
entries with no 'Download Time' and no metadata added to the List.
21445 BUG: Errors were being logged by DirSync when using IIS Auth Portal
without a valid AD server. This has been fixed.

Page 7
 6.2.4 Release Notes (March 28, 2019)

Ticket Description
21447 BUG: Reporter Search terms for 'Contains whole word' was not returning
results as expected.
21451 UPDATE: if you create a search base with an the 'Enable directory sync
service' setting disabled and then modify it, you can now modify
Append Group, Managers, and Append Client settings.
21453 BUG: If the IIS Auth Portal search base was disabled, API calls were still
allowed from the Auth Portal. The ISS Auth Portal to WebAdmin
integration will now check that the IIS Auth Portal is enabled, and if the
search base has been enabled.

Page 8
 6.2.3 Release Notes (February 20, 2019)

6.2.3 Release Notes (February 20, 2019)

Netsweeper is pleased to announce Netsweeper 6.2.3 EA release. This is the third EA
release in the 6.2 release cycle.
Some of the major features in 6.2.3 EA include:
• List Service
o A new List Service has been added that can be enabled per List to process
entries and detect page content changes. This can be useful for reviewing list
entries and determining if an entry needs to be reviewed, changed, or removed
from a List.
o When the List Service is enabled, new columns have been added to List entries
o There is the ability to save and view a screenshot of a website in the URL List
Manager
• Importing/Exporting Lists
o You can now auto enable 'URL Check Rules' when importing a List
o When importing a List, the 'Created by' is now set to the User or one of the
Users he/she manages
o When exporting a List, you can choose which List columns are exported and the
order in which they display in the output of the headings
• Directory Sync intervals can now be run at set times
• APIs
o APIs have been added to manage List Entry metadata
o List Settings APIs have been added
o APIs have been added that calculate the number of results
• New Protocols: WhatsApp (309) and WhatsApp Voice (310)
If you have any questions or concerns about planning an upgrade to this release,
please contact Netsweeper Technical Support [email protected].
Change Log 6.2.3
Ticket Description
20637 FEATURE: There is now the ability to save a screenshot of a website in
the URL List Manager.
20979 UPDATE: The list_entry_list API would fail to list entries with a few
thousand URLs. A new 'Maximum results per page' setting has been
added to the 'General Limits' section of 'WebAdmin Settings' that allows
you to set the maximum number of List Entries that can display for a
List.

Page 9
 6.2.3 Release Notes (February 20, 2019)

Ticket Description
20980 FEATURE: There is a new list_entry_export API that exports entries
from a List is csv format.
20981 UPDATE: New APIs have been added to calculate the number of results.
The new APIs are: account_group_list_count, account_list_count,
categorylist_list_count, client_list_clientname_count, client_list_count,
group_client_list_count, group_list_count, group_manager_list_count,
list_entry_list_count, listmanager_list_count, policy_list_count,
policy_locallist_list_count, quarantine_user_list_count,
report_list_count, report_quick_list_count, requestserver_list_count,
systemstatus_server_list_count, systemstatus_server_query_lists_count,
systemstatus_server_services_list_count, template_category_list_count,
and timesegment_list_count.
21067 FEATURE: You can now apply the Auto Enable URL Check Rule option
when importing List entries. A new option 'Modify Entries with Auto URL
Check Rules' has been added to the List Import page. If this is enabled,
the Auto Replace URL Check Rules are applied if enabled in URL Check
Rules. As an example, if the 'Remove www from the host name' Check
Rule is set to 'Auto', the www will be stripped from the URLs during
import.
21234 FEATURE: APIs have been added to manage List Entry metadata:
list_entries_metadata_field_add, list_entries_metadata_field_list,
list_entries_metadata_field_delete, list_entry_metadata_insert,
list_entry_metadata_delete, and list_entry_metadata_get.
21235 FEATURE: New columns for the List Entries Meta Data have been added
to the URL List Manager: Screenshot, Page Title, Page Title Alert, Page
Changed and Download Time.
21237 SECURITY: When importing a List, the 'Default Created by' now is set to
the User or one of the Users he/she manages.
21245 BUG: The freshnsd service can fail to download lists when there is a
large amount of telemetry data to send to the update service. This
generally will only impact systems with many CPU cores and generally
will always fail from install.
21246 FEATURE: There are three new List Settings APIs: list_settings_get,
list_settings_insert, and list_settings_delete.
21247 FEATURE: List Settings for the List Service have been added to the List
Settings tab. These settings can be used to enable the service, set the
interval or next run time and set the fields displayed in the WebAdmin
for the selected List.

Page 10
 6.2.3 Release Notes (February 20, 2019)

Ticket Description
21248 FEATURE: A new List Service has been added that can be enabled per
List to process entries and detect page content changes. This can be
useful for reviewing list entries and determining if an entry needs to be
reviewed, changed, or removed from a List.
21250 UPDATE: The list_list API now returns more information, including the
list ID.
21254 BUG: The Netsweeper API calls would break JSON output when the
result data had newline characters.
21255 UPDATE: The 'Web Proxy' panel in the List Entry Edit/Review windows
has been removed.
21256 UPDATE: The new list_entries_metadata fields have been added to the
Edit and Review List window. These are not editable in the WebAdmin.
The image type metadata fields are displayed where the old 'Web Proxy'
panel was displayed.
21257 FEATURE: When exporting a List, you can now choose which List
columns are exported and the order in which they display in the output
of the headings. A new 'Adjust Columns to Export' field has been added
to the 'Export URL/Keyword List' window.
21258 BUG: The list_entry_list API did not filter List Entries by Type correctly.

21267 FEATURE: WhatsApp and WhatsAppVoice Protocol added to protocol

engine. Both the old and new engine have the new protocol added.
However, the new engine has a much better performance profile for
detecting.
21281 FEATURE: Directory Sync intervals can now be run at set times. A new
'Sync by Timing' option has been added along with fields that allow you
to set the Day of the Week, Hour and Minute for the Sync timing.
21282 BUG: List Entry History was not be sorted by 'Date' descending order and
the Search was not saved.
21283 BUG: Advanced Filters are now correctly being applied during List
Review.
21284 BUG: Session Store was not loading properly.

21286 FEATURE: New Protocol Categories: WhatsApp (309) and WhatsApp

Voice (310) have been added.
21293 BUG: List Import files could leave '\n' characters in front of the URL.
These are now trimmed when importing.

Page 11
 6.2.3 Release Notes (February 20, 2019)

Ticket Description
21296 FEATURE: The nslistservice has been added to the Services page and is
viewable by default. There is a new 'List Service Settings' Admin
permission.
21297 BUG: The nslistservice will now wait for up to 60 seconds for each page,
or until the network is idle. We will also ignore HTTPS certificate
errors in order to get the screenshot.
21298 FEATURE: The List Service can be configured to process multiple entries
at once to improve performance. The new async setting can be
enabled along with the per_page setting to determine the number of
entries to process in each batch.
21319 BUG: The 'Show groups with no policies' checkbox did not update the
table immediately.
21327 BUG: All packages did not require httpd when using the Apache user or
group.

Page 12
 6.2.2 Release Notes (January 11, 2019)

6.2.2 Release Notes (January 11, 2019)

Netsweeper is pleased to announce Netsweeper 6.2.2 EA release. This is the second
EA release in the 6.2 release cycle.
Some of the major features in 6.2.2 EA include:
• Account Permissions
o Account Permission Templates can now be assigned to an Account and applied
in a priority order. Account Permissions now have three settings: Enabled,
Disabled and Unset. Enabled and Disabled will be applied but Unset will be
ignored.
o The SysOp and Admin Permissions pages have been optimized and improved.
o SysOp Append Organization settings are now permissions.
o The 'Copy from Template' option has been moved from the Accounts page to
the 'Permissions Template' page.
• WAgent 3.3 added a new optional 'system_groupname'. It can look up the Active
Directory group name based on the group name prefix and send this to the
WebAdmin removing the Directory Sync requirement. The WebAdmin has a new
'System Group Name' field added to 'Add Configuration' window of the 'Agent
Config Manager'.
If you have any questions or concerns about planning an upgrade to this release,
please contact Netsweeper Technical Support [email protected].
Change Log 6.2.2
Ticket Description
17146 BUG: Images could not be inserted into a Deny Page from the
Group Manager or Policy Manager as the Admin user.
20738 FEATURE: There is a new SysOp permission, 'Manage All
Organization Accounts' that allows a SysOp to manage all other
SysOps within the same Organization.
21000 FEATURE: WAgent 3.3 added a new optional 'system_groupname'.
It can look up the Active Directory group name based on the
group name prefix and send this to the WebAdmin removing the
Directory Sync requirement. You must be running the
Netsweeper 6.2.2 or above to get the new system group name
Agent Configuration setting in the WebAdmin. Otherwise, this
option cannot be processed by the WebAdmin the Workstation
Agent is connecting to. In Netsweeper 6.2.2 there is a new

Page 13
 6.2.2 Release Notes (January 11, 2019)

Ticket Description
'System Group Name' field added to 'Add Configuration' window of
the 'Agent Config Manager'.
21010 FEATURE: The NSProxy Keyword scanner now saves the page
where a Keyword is found.
21057 BUG: SysOp permission for 'Manage all Groups' did not allow a
SysOp to create a report without an assigned group.
21062 FEATURE: Account Permission Templates can now be assigned to
an Account and applied in a priority order. In addition, Account
Permissions now have three settings: Enabled, Disabled and
Unset. Enabled and Disabled will be applied but Unset will be
ignored. Account Permissions are applied after all Permission
Templates. Permission Templates have 3 states and Account
Permissions have 2 since they are last. You can no longer clone
SysOp Permissions. Permission Templates can now be used.
21089 FEATURE: The Workstation Agent API for What Is My Filtered IP
has been updated to support IPv6 addresses with Workstation
Agent 3.1 or higher.
21102 FEATURE: WAgent 3.3 now sends workstation Name/ID that is
used to ensure the workstation has 1 IP and 1 user.
21139 BUG: NSProxy included the scope of the IPv6 address when
sending to the policy service. We will now strip the scope of
%eth0 or %1 from the IPv6 address prior to sending to the policy
service.
21142 DOCUMENTATION: WAgent usage has been updated in the 'Agent
Config Manager'.
21155 BUG: The 'Client IP Source' in the 'Agent Config Manager' did not
display properly.
21157 BUG: The NSProxy tap service was not saving all requests.

21160 BUG: WAgent API calls would first cleanup expired clients before
adjusting the current API call's requests. On invalid API calls, we
do not cleanup the expired Clients.
21172 UPDATE: The SysOp Append Organization settings are now
permissions. New permissions are: Manage Account Name

Page 14
 6.2.2 Release Notes (January 11, 2019)

Ticket Description
Organization, Manage Policy Name Organization, Manage Group
Name Organization, and Manage Client Name. Organization.
21174 FEATURE: Drag and Drop functionality has been added to the
WAgent 'Add Configuration' and the Account Permission tab.
21176 UPDATE: The 'Manage All Organization Groups' SysOp Permission
has been moved from the 'Append Organization Settings' to the
'Group Management' section.
21179 BUG: Cloning a SysOp permission as a General Admin was not
working properly.
21181 UPDATE: The SysOp permission, 'View All User Accounts' has been
renamed to 'Manage All Accounts'.
21189 UPDATE: SysOp Account based permissions have been renamed:
'Modify Account Groups' (formerly 'Modify Account Group
Memberships'), 'Modify Account Organization' (formerly 'Modify
Organization for Sysop Created Accounts'), 'Modify Account Expiry
Date' (formerly 'Account Expiry Date'), 'Modify Account Theme'
(formerly 'WebAdmin Account Theme'), 'Modify Account
Permission Templates' (formerly 'Assign Permission Templates to
Account').
21192 UPDATE: The SysOp and Admin Permissions pages have been
optimized and improved.
21194 UPDATE: The 'Copy from Template' option has been moved from
the Accounts page to the 'Permissions Template' page.

Page 15
 6.2.1 Release Notes (November 30, 2018)

6.2.1 Release Notes (November 30, 2018)

Netsweeper is pleased to announce Netsweeper 6.2.1 EA release. This is the first EA
release in the 6.2 release cycle.
Some of the major features in 6.2.1 EA include:
• There is a new policy type, 'Keyword' that is used for the keyword / safeguarding /
inline content scanning
• There is support for parsing Radius attributes that are rewritten and logged with
attribute := value
• Groupname lookup module now looks up the default group for a username with the
format of username@context when configured
• CentOS 6.10 complete base upgrade including all security fixes and updates
• NSProxy has a new module that can scan traffic for a set of keywords
If you have any questions or concerns about planning an upgrade to this release,
please contact Netsweeper Technical Support [email protected].
Change Log 6.2.1
Ticket Description

15759 BUG: While an HTTPS request was queued for policy processing, the
workstation could retransmit packets causing a rare fail open edge
case. This case could also occur for denied HTTPS connections and
rarely cause denied connections to be allowed.
20123 BUG: When starting the pdns-recursor, an error message would be
displayed. This has been resolved.
20477 SECURITY: NSS and Perl packages have been updated.

20834 UPDATE: The pdns-recursor has been upgraded to 4.1.4 release from
4.0.8.
20988 BUG: WebAdmin Reports would take a long time to load. Load times
have now been optimized.
20991 BUG: The list_add API would check if the Account name is SysOp instead
of the classification when validating the owner.
20994 BUG: The nsroutes services could stop processing updates in rare edge
cases where an expired DNS resolution would trigger an export while a
WebAdmin change was also detected in a List or the configuration.
21003 SECURITY: The CentOS base packages have been upgraded to kernel-
2.6.32-754.6.3.
21016 BUG: Table settings were not being saved in 'Session Store' for List
Manager List Entry tables.
21018 BUG: The agent_config_create API function did not work because of the
recently added 'clean all expired' option.

Page 16
 6.2.1 Release Notes (November 30, 2018)

Ticket Description

21019 BUG: The API call policy_sharedlist_list did not work for the Host
authorization method.
21022 SECURITY: The Setup Wizard was vulnerable to unauthenticated remote
attacks. Upgrading to the 6.2.1 or above release will remove the setup
wizard from your system for security purposes. All customers should
disable the Setup Wizard in Netsweeper 4.0 and above.
21026 BUG: If a user's Account was not returned by the autocomplete drop
down for a Custom Report, it would automatically be empty which
would result in the report being set to 'Anyone Can View this Report'.
21033 SECURITY: dnsdist has been upgraded from 1.1.0-1 to 1.2.1-2.

21036 BUG: The date selector button was not working in 'Create Report'.

21042 FEATURE: There is a new policy type, 'Keyword' that is used for the
keyword / safeguarding / inline content scanning.
21050 BUG: Request Logs Files 'Advanced Filter' would work incorrectly when
filtering for multiple Policy Groups or Clients.
21053 FEATURE: There is support for parsing Radius attributes that are
rewritten and logged with attribute := value.
21060 FEATURE: The Groupname lookup module now looks up the default
group for a username with the format of username@context when
configured. New settings have been added to usermangle module in
nsd.conf.
21063 SECURITY: The ClamAV Engine has been upgraded to the latest version
0.100.2-1.el6.
21065 FEATURE: All configuration files now can include other files with the
new 'include' statement.
21066 UPDATE: Freshnsd has been removed from the initial download for the
Policy Server in order to speed up the download.
21084 BUG: When a SysOp user would assign or remove shared lists, all lists
they did not have access to would be removed.
21091 BUG: Transparently filtered SSLv3 ClientHello packages, with no
extensions, would not be properly filtered. NSProxy would wait for
more data when no more data would be coming and cause SSLv3
sessions to hang. This impacted legacy applications, and even
Browsers and Outlook 365 when trying to connect to hosts that do not
exist, or do not have a port open. Outlook 365 auto discovery would
break due to this bug.
21106 BUG: On terminate, the environment variable for the timezone was
improperly freed.
21008 FEATURE: Now NSProxy has a new module that can scan traffic for a set
of keywords.

Page 17