ยซ Changelog History


Fail2Ban v0.9.1 Release Notes

Release Date: 2014-10-29 // over 9 years ago

  • ๐Ÿ”จ Refactoring (IMPORTANT -- Please review your setup and configuration)

    • iptables-common.conf replaced iptables-blocktype.conf (iptables-blocktype.local should still be read) and now also provides defaults for the chain, port, protocol and name tags

    ๐Ÿ›  Fixes

    • start of file2ban aborted (on slow hosts, systemd considers the server has been timed out and kills him), see gh-824
    • ๐Ÿ›  UTF-8 fixes in pure-ftp thanks to Johannes Weberhofer. Closes gh-806.
    • systemd backend error on bad utf-8 in python3
    • ๐ŸŒฒ badips.py action error when logging HTTP error raised with badips request
    • fail2ban-regex failed to work in python3 due to space/tab mix
    • ๐ŸŒฒ recidive regex samples incorrect log level
    • journalmatch for recidive incorrect PRIORITY
    • loglevel couldn't be changed in fail2ban.conf
    • ๐Ÿ– Handle case when no sqlite library is available for persistent database
    • Only reban once per IP from database on fail2ban restart
    • ๐Ÿ‘ Nginx filter to support missing server_name. Closes gh-676
    • fail2ban-regex assertion error caused by miscount missed lines with multiline regex
    • ๐Ÿ›  Fix actions failing to execute for Python 3.4.0. Workaround for http://bugs.python.org/issue21207
    • Database now returns persistent bans on restart (bantime < 0)
    • ๐Ÿ›  Recursive action tags now fully processed. Fixes issue with bsd-ipfw action
    • ๐Ÿ›  Fixed TypeError with "ipfailures" and "ipjailfailures" action tags. Thanks Serg G. Brester
    • Correct times for non-timezone date times formats during DST
    • Pass a copy of, not original, aInfo into actions to avoid side-effects
    • ๐ŸŒฒ Per-distribution paths to the exim's main log
    • โช Ignored IPs are no longer banned when being restored from persistent database
    • ๐Ÿšš Manually unbanned IPs are now removed from persistent database, such they wont be banned again when Fail2Ban is restarted
    • 0๏ธโƒฃ Pass "bantime" parameter to the actions in default jail's action definition(s)
    • ๐Ÿ›  filters.d/sieve.conf - fixed typo in _daemon. Thanks Jisoo Park
    • cyrus-imap -- also catch also failed logins via secured (imaps/pop3s). Regression was introduced while strengthening failregex in 0.8.11 (bd175f) Debian bug #755173
    • postfix-sasl - added journalmatch. Thanks Luc Maisonobe
    • postfix* - match with a new daemon string (postfix/submission/smtpd). Closes gh-804 . Thanks Paul Traina
    • ๐Ÿ”ง apache - added filter for AH01630 client denied by server configuration.

    ๐Ÿ†• New Features

    • ๐Ÿ†• New filters:
      • monit Thanks Jason H Martin
      • directadmin Thanks niorg
      • apache-shellshock Thanks Eugene Hopkinson (SlowRiot)
    • ๐Ÿ†• New actions:
      • symbiosis-blacklist-allports for Bytemark symbiosis firewall
      • fail2ban-client can fetch the running server version
      • Added Cloudflare API action

    โœจ Enhancements

    • ๐ŸŽ Start performance of fail2ban-client (and tests) increased, start time and cpu usage rapidly reduced. Introduced a shared storage logic, to bypass reading lots of config files (see gh-824). Thanks to Joost Molenaar for good catch (reported gh-820).
    • ๐Ÿ–จ Fail2ban-regex - add print-all-matched option. Closes gh-652
    • ๐Ÿš‘ Suppress fail2ban-client warnings for non-critical config options
    • Match non "Bye Bye" disconnect messages for sshd locked account regex
    • courier-smtp filter:
      • match lines with user names
      • match lines containing "535 Authentication failed" attempts
    • โž• Add <chain> tag to iptables-ipsets
    • ๐ŸŒฒ Realign fail2ban log output with white space to improve readability. Does not affect SYSLOG output
    • ๐ŸŒฒ Log unhandled exceptions
    • cyrus-imap: catch "user not found" attempts
    • โž• Add support for Portsentry