*****************************************************************
Air Marshal change history for all versions (Linux Platform)
*****************************************************************
Modified: 8/4/2025

Copyright (c) 2002-2025 IEA Software, Inc. All rights reserved worldwide.

This file contains important, late-breaking information about changes
made within Air Marshal. We recommend that you read this file and keep a
printed copy with your Emerald documentation.

Tip: If necessary, choose Word Wrap from the Notepad Edit menu or Wrap
To Window from the WordPad View/Options menu to wrap the text within the
document window.

----------------------------------------------
CHANGES.TXT CONTENTS
----------------------------------------------
. KNOWN PROBLEMS
. RELEASE CHANGES

----------------------------------------------
KNOWN PROBLEMS
----------------------------------------------
* None at this time

----------------------------------------------
RELEASE CHANGES
----------------------------------------------
2.0.67 - Aug 4 2025
--
* Fixed themes fail to initialize

2.0.66 - July 10 2025
--
* Added upgraded TLS support libraries
* Added monitor for updated TLS certificates and apply new certificates to web server without service interruption
* Added web server status page improved display of TLS configuration related errors and warnings
* Added update web server file extension to mime mappings and support extensionless files presuming text/plain
* Added successful reauthorization should also apply configuration changes to session
* Added Access-Accept containing Termination-Action = RADIUS-Request should trigger reauth rather than disconnect upon receipt of disconnect request
* Fixed some authorization attributes are reset during CoA when not present in change request
* Fixed filter empty hosts from RADIUS authentication, accounting and disconnect server menu

2.0.65 - Jan 20 2025
--
* Added advanced option to configure CORS headers

2.0.64 - Jan 5 2023
--
* Fixed web server workers fail to enter nonblocking operation on Linux platform

2.0.63 - Dec 4 2022
--
* Fixed workaround unreliable condition signaling on Linux platform
* Fixed TLS and network messages related to canceled web sessions should not be logged
* Fixed self-signed certs created via TLS wizard should have matching SAN attribute

2.0.62 - Mar 10 2022
--
* Added per session NAT port allocation setting to network options menu enabling unique per session source port ranges to be assigned for each concurrent session  
* Added default log folder should be applied when path omitted from log file pathname
* Added web server workers switched to nonblocking operation improving response to management signals
* Added web server should periodically enforce reasonable non backlog receive side limits
* Added web server backlog mode improved to consider authentication status, data rate and increase signaling performance
* Added web server should be the passive closer where possible and minimize middlebox allocated port exhaustion
* Added http client should avoid including port number in host header when default ports are used to improve interoperability
* Added simplify web server request scaling and enforce global concurrent buffer pool limits on medium sized or larger requests
* Added include thread identifier in logged messages
* Fixed web server GET requests containing message bodies may not be considered completed request

2.0.61 - Oct 20 2021
--
* Fixed reauthorization via Termination-Action = RADIUS-Request should count Session-Timeout from start of session rather than start of reauthorization

2.0.60 - Mar 29 2021
--
* Added upgraded TLS support libraries

2.0.59 - Nov 10 2020
--
* Added session usage statistics for nftables
* Added improve reliability when insufficient resources available

2.0.58 - Jul 29 2020
--
* Added improve network related error messages logged by web server
* Added http client improve failure responses, add session reset, stream TLS upgrade option, abstract transport interface and switch to common encoding library
* Fixed web listener should transmit failure response for unknown request methods before closing connection and strict parsing of supported methods
* Fixed remaining non-reentrant time formatting functions should be replaced
* Fixed AV possible after increasing size of server request buffer

2.0.57 - Apr 22 2020
--
* Added upgraded TLS support libraries
* Added TLS version selection
* Added disable environment and request variable downscale
* Fixed synchronize socket access while clearing slow connections in backlog mode

2.0.56 - Apr 6 2020
--
* Added modernize default example login interface
* Added TLS v1.3 support for login and admin interfaces
* Added loading svg files now supported from local html folder
* Added improve performance of web server startup and shutdown when a large thread pool is configured
* Fixed concurrent attempts to close the same session should be restricted

2.0.55 - Jan 2 2019
--
* Added when starting new session with initial consumption data above threshold zero initial usage to account for possibility of session management failure
* Added wait for xtable lock when supported by operating system
* Added move backup session closure attempt from close to initial session start

2.0.54 - Dec 20 2018
--
* Added allow global bandwidth allocation to exceed 4 gbit/s
* Added increase NAS-Port pool from 50k to 100k
* Added increase maximum concurrent bandwidth managed sessions from 10k to 65k
* Added remove unused bandwidth pools hourly instead of when no bandwidth allocations remain
* Fixed NAS-Port should not be transmitted when port pool is full

2.0.53 - Jul 10 2018
--
* Fixed continue to send interim accounting updates even when no new usage data is recorded
* Fixed increase maximum number of unique sessions assignable within same second from 2048 to 50000
* Fixed escape username in online session list and reply message response on authentication failure
* Fixed when session is already started subsequent (re)authentication attempts must not alter any session identifying attributes

2.0.52 - Jun 4 2018
--
* Added increase per-process open file limits on Linux platform to at least 4096
* Fixed fair queue fails to be assigned to 2 out of first 5000 concurrent sessions
* Fixed when closing user session user bandwidth rules should be immediately removed to allow future removal of any unused bandwidth groups

2.0.51 - Mar 27 2018
--
* Added upgraded SSL support libraries
* Added improve RADIUS accounting backoff algorithm and apply custom policy for interim accounting
* Added support high numbers of in-flight RADIUS accounting requests to reduce queue delay and increase throughput
* Added include error cause when reporting name resolution failures
* Added reload resolver configuration on name lookup failures on Linux platform limited to once per 10 minutes
* Added increase aggressiveness of queue deflation during controlled shutdown
* Added handle xtable locking failures
* Added logging of problems occurring within shellkey to portal script log file
* Added reduced session lock contention while processing RADIUS dynamic authorization requests
* Added improve service compatibility with Debian based systems
* Added continue to wait for valid responses until timeout period upon receipt of RADIUS responses with invalid authenticators and signatures
* Fixed TLS session preparation should not be performed within web server primary async request handler

2.0.50 - Feb 10 2017
--
* Added upgraded SSL support libraries
* Fixed standard functions not thread safe on Linux platform

2.0.49 - Nov 17 2016
--
* Fixed  prevent restart within admin UI while gateway is not running
* Fixed  AV occurs after shutdown completes

2.0.48 - Oct 22 2016
--
* Added  scalable filtering
* Added  SNI support for html folder proxy client

2.0.47 - Aug 15 2015
--
* Added  unique session identifier formatting improvements
* Added  TLS 1.2 support for web authentication
* Fixed  start records with empty session identifier may be transmitted when reauthenticating active sessions
* Fixed  prevent virtual port assignments still in active use from being reassigned

2.0.46 - May 5 2015
--
* Added  SSL certificate wizard to automate creation of private keys, CSRs and self-signed certificates
* Fixed  authorization attributes for session data usage enforcement did not properly count gigawords when data limits exceed 4GB
* Fixed  SSLPublic and SSLPrivate settings not displayed with configuration debug output
* Fixed  SSL configuration ignored if SSLCert parameter was not configured
* Fixed  RADIUS client should calculate hashes in-place to reduce possibility for error
* Fixed  remove support for SSLv3

2.0.45 - Jul 18 2013
--
* Added  show TLS version negotiated in transport column of /status display
* Added  display failure reason in /status URL if any SSL certificates cannot be loaded
* Added  improve web server listener failure messages
* Added  separate fields for SSL public and private key files
* Added  support for message authenticator (signature) within RADIUS Disconnect and CoA messages
* Fixed  prevent theme from being selected for session upon authentication failure
* Fixed  retry failed iptables operations due to temporary resource unavailability

2.0.44 - Mar 4 2013
--
* Added  support for URLs containing IPv6 literals
* Added  RADIUS improve command code mismatch failure messages
* Fixed  assertion error generating remote server URLs configured from themes
* Fixed  correct error during startup with partial web server bind failure
* Fixed  previous ACL configuration may be reused if closed session is re-authenticated and no subsequent ACLs are provided
* Fixed  ACL clearing missing from failed session start compensation rollback

2.0.43 - Dec 7 2012
--
* Added  upgraded SSL support libraries
* Fixed  extension filtering using substring instead of right match
* Fixed  continue to track MAC address after session has entered closed state until close expiration
* Fixed  MAC address must not be cleared immediately after authentication
* Fixed  check for getnameinfo failure while obtaining numeric address of web client
* Fixed  query strings containing a key field without an equal sign and value are now treated the same as a key field with equal sign and no value
* Fixed  client IPv4 address appears invalid in systems using scope identifiers with IPv4 mapped IPv6 addresses

2.0.41 - Jun 10 2012
--
* Fixed  Acct-Session-ID attribute missing from RADIUS Accounting-On and Accounting-Off reboot messages
* Fixed  changed iptables parameter negation syntax from -parm ! to ! -parm due to incompatible change in later versions of iptables

2.0.40 - Jan 18 2012
--
* Added  variables $inused, $outused and $dataused added to status display reflecting current data usage within users active session
* Added  logfile rollover support for 'YYYY' four digit year substitution
* Fixed  web server /status display can cause AV when viewing transport statistics for active sessions

2.0.39 - Oct 23 2011
--
* Added  NAT optimized for tracking much larger quantities of network sessions
* Added  preauth http listener setting enabling preauth listener to trigger on incoming web requests without an authorization key
* Added  prevent forwarding local traffic within a managed subnet
* Added  increased default value for general settings option server threads to 50
* Added  ipass smart client interface html folder

2.0.38 - Oct 6 2011
--
* Added  RADIUS authentication setting to control User-Name attribute format sent during MAC pre-authentication

2.0.37 - Aug 18 2011
--
* Added  anonymous access options added to configure minimum bandwidth rate guaranteed to each anonymous session
* Added  each user session under bandwidth limit now has an additional queue to minimize network latency as their data transfer rate approaches session bandwidth limit
* Fixed  minimum bandwidth rate automatically calculated for local account does not change the next time the user logs on until user session has been completely expired

2.0.36 - Jun 15 2011
--
* Added  host address in walled garden configuration now accepts addresses in CIDR form
* Added  form variable 'UserName' may now be used in place of 'Login' when processing authentication requests
* Added  $locationid and $locationname variables can be referenced by client interface based on configuration of global and theme specific WISPr Location ID and WISPr Location Name fields

2.0.35 - May 10 2011
--
* Added  enable TCP keepalives while retrieving themes content from external servers
* Added  improved active session tracking to exclude less reliable approaches when multiple overlapping methods are enabled

2.0.34 - Mar 3 2011
--
* Added  reduced initial startup time and virtual memory utilization
* Added  fair acceptance of non-blocking http and https connection requests
* Added  RADIUS accounting menu options controlling NAS-Port-Type and Calling-Station-ID attributes sent during Authentication and Accounting request
* Added  send message authenticator (signature) attribute with RADIUS access-request and validate signature in authentication response

2.0.31 - Jan 10 2011
--
* Added  AM-Disconnect-Access authorization attribute to control ability of a management station to issue Disconnect requests for the session
* Added  allow L3 preauthorization for local accounts
* Fixed  remote requests for content proxied from external servers via SSL to display customer portal interface may cause a memory leak

2.0.30 - Sep 27 2010
--
* Added  when VLANs are used for client interfaces enforce bandwidth on the physical interface rather than vlan level.  VLAN interface label format must be ethx.y
* Fixed  global upload and download data rate setting was reversed
* Added  RADIUS AVP encoder and decoder update to support new data types and packet formats
* Added  support for WISPr-Bandwidth-Min-Up and WISPr-Bandwidth-Min-Down bandwidth prioritization attributes
* Added  global upload and download data rates may now be centrally configured from the network options setting
* Added  AM-Mirroring VSA to control client data mirroring without using filteravp
* Added  RADIUS named bandwidth pools to constrain all sessions having a common pool label to a shared bandwidth allocation

2.0.28 - Sep 1 2010
--
* Added  authorization parameters of active sessions can now be be modified via RADIUS CoA signal (RFC3576)
* Added  indexed RADIUS attribute search

2.0.27 - Jul 10 2010
--
* Added  reduced maximum acceptable web server request size from 20MB to 32k
* Added  client data mirroring has changed from UDP broadcast to local storage of wireshark compatible capture files.  Filter reply attribute to enable mirroring is mirror=local
* Added  MB data rates in online list and status popup now reported as 1000000 bytes for consistancy with Emerald reporting of the same figures
* Fixed  missing configuration read lock when obtaining current local folder name managing themes

2.0.26 - Feb 27 2010
--
* Added  moved change password menu option to general settings menu
* Added  syslog logging supports IPv6 and multiple syslog hosts concurrently when provided DNS name resolves to multiple IP addresses
* Added  theme system for presentation of customized login portals based on client IP address, language and browser or device type
* Added  RADIUS preauth option to select pre-authorization using layer 2 MAC Address or layer 3 IP address
* Added  login portals may now be stored on remote web servers and presented as local content using request proxy
* Added  configuration server (/settings URL) now supports IPv6 for management
* Added  RADIUS VSAs AM-ACK-HTMLFile and AM-NAK-HTMLFile to enable customization of the page presented on login success or failure directly following user login
* Added  Connect-Info RADIUS attribute is now sent during RADIUS Access-Request and has been updated to provide theme name rather than interface labels when themes are used
* Added  RADIUS client support for IPv6
* Added  prevent duplicate content from being added to multi-value list boxes within the configuration server
* Fixed  debug text for accounting messages sent via RADIUS reported wrong unit for response time metrics
* Fixed  replymsg variable displayed in status popup may contain RADIUS client warnings such as receipt of unknown authorization attributes - this information should not be presented via replymsg

2.0.25 - Jan 27 2010
--
* Added  show RADIUS response times for outgoing authentication and accounting requests
* Added  increase maximum web request limit from 255 to 1024 concurrent connections
* Fixed  detailed debug logging options may cause AV

2.0.24 - Jan 7 2010
--
* Added  serialize bulk ARP data loading to improve concurrent session authentication performance
* Added  bind failure messages for web listener have been improved to be more specific
* Added  prevent closure of popup status windows during active sessions by default for 'tos' and 'default' interfaces
* Fixed  web server rx/tx operations must be aware of anti-dos async connection closures to prevent rare probability of interference with unrelated connections in event of rapid socket reuse
* Fixed  improved compatibility with RIM Blackberry devices using OS version 4.6 and earlier
* Fixed  orderly shutdown for restart or service stop request may lead to AV and trigger non-orderly restart if administrative UI is being accessed during restart
* Fixed  entries in walled garden, local account or accounts profile whose keys contain non-alphanumeric characters may not be able to be removed
* Fixed  updated wording of welcome message

2.0.23 - Nov 11 2009
--
* Added  increased default web server thread pool from 10 to 50 to support larger deployments without configuration change
* Added  css file extension support to allow custom interfaces to reference external css files located in the portal html folder

2.0.22 - Sep 10 2009
--
* Added  option for possibility of user initiated reauthorization to refresh any authorization parameters initially sent at start of session
* Added  Reply-Message RADIUS attribute as 'replymsg' variable can now be displayed on successful authentication if presented
* Fixed  make sure Account-Terminate-Cause is not present during interim accounting updates
* Fixed  when idle timeout attribute is sent via Access-Accept status refresh and data usage increments should be the only session maintenance triggers

2.0.21 - Jul 10 2009
--
* Added  send RADIUS attribute Service-Type=Framed-User, NAS-Port-Type and NAS-Port in authentication request
* Fixed  RADIUS POD request validation of Framed-IP-Address attribute if present was incorrectly based on the Session IP even when a different framed-IP-Address is specified in the Access-Accept

2.0.19 - Jun 14 2009
--
* Added  anonymous authentication options to control where and when during the preauth stage it would be allowed to authenticate a session
* Added  if preauth listeners have been enabled and preauth initialization fails try again periodically to initialize listeners

2.0.18 - Apr 2 2009
--
* Fixed  password configuration dialouge should only appear on key not found or empty key error classes
* Fixed  general menu config access IP settings applied to the entire interface rather than remain limited to the configuration server only
* Added  allow Air Marshal to startup without the configuration server if the configuration server should fail to initialize

2.0.17 - Feb 20 2009
--
* Fixed  when similiar bandwidth limits are assigned to multiple users all users would share a common bandwidth pool rather than each having their own
* Fixed  input and output byte counts should always be from the perspective of the access server

2.0.15 - Dec 24 2008
--
* Added  allow subsequent SSL connections to choose different protocol versions and ciphers
* Fixed  interpret Session-Timeout with a value of 0 as no seconds remaining rather than no time limit

2.0.14 - Nov 9 2008
--
* Added  Pulse refresh advanced configuration option to better control usage status polling
* Fixed  average realtime throughput in whos online list is improperly labled as bits per second where data shown is bytes per second

2.0.12 - Aug 29 2008
--
* Added  Framed-IP-Address RADIUS attribute option to enable association of an external IP with users internal IP in NAT routing mode
* Added  transparent http port local account and profile setting enabling transparent proxy server configuration for local accounts
* Added  options restricting configuration interface access to authorized addresses
* Fixed  when running in NAT routing mode established http connections may not be blocked right away when the session terminates
* Fixed  intermittent SSL message authentication check failures can occur with high numbers of concurrent SSL connections

2.0.9 - May 22 2008
--
* Added  'support' debug flag to enable reliable logging of messages
* Added  YYMMDD filename tokens for splitting portal log files on a daily monthly and yearly basis
* Fixed  AV possible when logging messages to the portal log file during periods of high message volume

2.0.8 - Apr 27 2008
--
* Added  mac variable for making client mac address avaliable to client web interface
* Added  allow MAC preauth listeners to immediatly reauthenticate sessions closed with the termination reason of lost service
* Fixed  malformed web server post request may cause AV
* Fixed  open connections to http ports by non http clients may prevent a successful controlled restart

2.0.5 - Feb 15 2008
--
* Added  when the idle timeout attribute is used only the session status popup window is able to keep the users session active in L2 and L3 session modes

2.0.4 - Dec 28 2007
--
* Fixed  upload bandwidth restrictions may not be enforced
* Fixed  POD disconnect listener may not listen for requests after clicking save changes to apply some configuration changes online

2.0.3 - Oct 17 2007
--
* Fixed  when saving active configuration changes the system no longer attempts to reconfigure preauth listener ports if the listeners have already started
* Added  enable automatic reboot should a hardware or driver related system error occur
* Added  connection track modules are now loaded only when the NAT routing mode is enabled
* Added  filter http connection reset errors
* Fixed  custom POD disconnect port setting was ignored with the default POD port of 3799 used unconditionally
* Fixed  assert error displayed when a accounting retry fails due to the selected UDP port not being avaliable after a timeout of the first attempt

2.0.1 - Sep 14 2007
--
* Added  allow transparent http proxy port configuration from anonymous access menu

2.0.0 - Aug 5 2007
--
* Fixed  local session accounting log incorrectly records incoming and outgoing byte counts, term code and session state
* Fixed  debug value set from the command line (-debug) were ignored with the configured debug level used in its place
* Fixed  string AVPs decoded through the Tunnel-Password attribute may sometimes show incorrectly decoded values
* Fixed  javascript error occurs when clicking the end session button in the tos UI status display
* Fixed  increased default session linger period to better support authorization key
* Fixed  Ascend binary data filters were not being properly enforced
* Fixed  per session data usage counters are now able to aggregate byte and packet count usage across many filtering rules
* Fixed  when starting portald from the command line it may on occassion return without starting the server

2.0.0.b.7 (BETA 2) - Aug 2 2007
--
* Added  default interim accounting interval option to RADIUS Accounting menu
* Fixed  RADIUS POD support should be avaliable even while RADIUS authentication is disabled
* Fixed  not all options requiring a restart were tagged with the '**' prefix
* Fixed  sessions authorized anonymously had no username.  Anonymous sessions should have the username of the client MAC
* Fixed  local accounts with a set expiration date must limit their session-timeout so that the client can not maintain an active session after their expiration date has passed
* Fixed  CHAP authentication was not being performed when the CHAP authentication method was chosen
* Fixed  CHAP authentication was not supported for local accounts not authenticated via RADIUS
* Added  while RADIUS authentication is not enabled the use of CHAP for local account authentication is forced
* Fixed  when a commercial interrupt was not cleared before the clients session is closed the interrupted sessions filtering rules remain in effect until Air Marshal is restarted
* Fixed  corrected missing authentication method requirement validation checks
* Added  General settings / server threads no longer concidered an advanced option
* Fixed  a startup configuration error occurs while using the layer 2 bridge network routing mode
* Fixed  allow DHCP/DNS traffic while the bridge network routing mode is enabled
* Added  cause popup blocker warning on default html UI to provide the opportunity for the status popup window to be seen
* Fixed  server hangs when authenticating a local account which already has an established session
* Added  support for external custom signaling via the FILTERAVP:extcmd (Framed-Filter=extcmd=x) RADIUS reply attribute
* Added  support for directing HTTP traffic to tansparent proxies running on the Air Marshal server via the RADIUS reply attribute AM-HTTP-Proxy-Port

2.0.0.b.1 (BETA 1) - July 26 2007
--
* Added  support for server initiated RADIUS disconnect messages (RFC3576)
* Added  preauthorization TCP/UDP listeners to authenticate non-interactive servers and clients such as Nintendo DS
* Added  RADIUS, local account and anonymous preauthorization based on the end users L2 MAC address
* Added  multiple subnets and network interfaces can now be managed from a single Air Marshal installation
* Added  walled garden configuration interface
* Added  unmonitored Layer 3 IP exception listing
* Added  bandwidth management in bps for upload and download traffic via WISPr RADIUS VSAs, local and anonymous accounts
* Added  commercial interrupt timer allows commercial messages to be displayed in the browser and acknowledged at configurable intervals
* Added  WISPr VSA support (Location-Name, Location-ID, Redirect-URL, Bandwidth-Max-Up, Bandwidth-Max-Down, Session-I/O)
* Added  L2 bridging mode allowing Air Marshal to control network access without IP level configuration
* Added  aliasing improvements to enable configuration of DNS named shortcuts to access account status
* Added  anonymous access option with daily time and data usage limits.  Feature can also be used to bypass RADIUS authentication in emergencies
* Added  informational messages can be passed to the Air Marshal local whos online listing by sending whomsg=mymessage in the RADIUS access accept
* Added  expanded online reconfiguration to allow configuration changes to most settings without having to restart
* Added  option to restart Air Marshal from the admin web interface
* Added  improved administrative UI with new layout, menu features and server status information
* Added  local account management allowing administrators the ability to quickly configure local accounts without RADIUS
* Added  support for the Acct-Interim-Interval RADIUS attribute to enable periodic interim accounting updates
* Added  limited ascend data filters are now supported for RADIUS authenticated sessions allowing network access filtering on a per-user basis
* Added  client data mirroring enables all of a clients data traffic to be mirrored to a remote host for diagnostic or intercept for sessions authenticated via RADIUS (mirror=x.x.x.x:port)
* Added  support for the use of Tunnel-Password to send encrpyted AVP commands to Air Marshal
* Added  optional client DNS server settings to further lock down DNS access to specific servers before authentication
* Added  ability to operate without a RADIUS server using anonymous access, local accounts and a local accounting log file
* Added  improved support for large numbers of concurrent clients
* Added  auth keys forcing clients to first view and accept TOS or advertising before they are able to login
* Added  allow up to five concurrent connections without a license key
* Added  alternate client login interfaces
* Added  client login interfaces now support an account status popup box with disconnect option
* Added  var1 and var2 variables for passing data between ptl files
* Added  changed no-cache to no-store to prevent stale data from being displayed in some browsers
* Added  option to disable enforcement of Ascend-Data-Filter VSAs for RADIUS authenticated sessions

1.0.22 - May 22 2006
--
* Added  send accounting interim update on successful re-authorization

1.0.21 - March 14 2006
--
* Added  session re-authorization via Termination-Action RADIUS attribute

1.0.20 - May 12 2005
--
* Added  licensing updates

1.0.19 - Mar 16 2005
--
* Added  additional attributes are now send with RADIUS access requests (Acct-Session-ID,NAS-IP,NAS-ID,NAS-Port,Framed-Address)

1.0.18 - Nov 22 2004
--
* Fixed  RADIUS requests may sometimes wait indefinately for a response
* Fixed  rare 'ses->state...' assert message if a user attempts to concurrently logon and logout
* Fixed  limit concurrent access to Linux session start and stop scripts as workaround to iptables 'resource temporarily unavailable' bug
* Fixed  intermittent RADIUS authentication and accounting request timeouts while using a setting of more than 30 'server threads'

1.0.16 - Oct 12 2004
--
* Added  routed mode session timeouts are now based upon amount of incoming data from clients
* Added  additional connection timeout checking for HTTP(S) requests
* Fixed  AV while processing accounting information
* Added  additional usage info debug messages while using IPTables

1.0.15 - Sep 30 2004
--
* Added  session variables are now accessable from '.ptl' files
* Fixed  cases where the wrong MAC address is displayed in RADIUS accounting and whos online listing
* Added  RADIUS accounting status information to debug messages
* Fixed  DOS handling for HTTP and HTTPS sessions

1.0.11 - Jan 28 2004
--
* Added  support for sending clients MAC as Calling-Station-ID attribute in the RADIUS authentication request

10.0.10 - Nov 22 2003
--
* Added  support for Emerald license keys.  An Emerald license enables a two session concurrent login limit

1.0.9 - Sep 18 2003
--
* Fixed  server won't start if its not configured

1.0.8 - Sep 12 2003
--
* Added  support for RADIUS Accounting-On and Accounting-Off startup/shutdown messages
* Added  support for 'htmlack' filter attribute to specify an alternate html interface after authentication

1.0.7 - Aug 8 2003
--
* Fixed  configuring 'Server URL' should be required
* Fixed  a problem with stuck accounting records on some versions of Linux

1.0.6 - Jul 28 2003
--
* Added  support for IPTables.  Use of IPChains or IPTables is auto-selected

1.0.5 - Jul 7 2003
--
* Added  updated default Linux session script to unload iptables and load the ipchains kernel modules to work around a known problem with some popular linux distributions
* Fixed  a problem that may cause sessions to incorrectly terminate if a user views their account status while the admin interface is in active use

1.0.4 - Mar 24 2003
--
* Fixed  Win32 ARP timeouts would cause end of session with reason 'Port Preempted'

1.0.3 - Mar 7 2003
--
* Added  initial support for the windows platform
* Fixed  admin images would not load if there is a configuration problem

